From owner-freebsd-current@FreeBSD.ORG Fri Jul 29 20:53:22 2011 Return-Path: Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35286106564A; Fri, 29 Jul 2011 20:53:22 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from mail.vx.sk (mail.vx.sk [IPv6:2a01:4f8:100:1043::3]) by mx1.freebsd.org (Postfix) with ESMTP id 5FA0B8FC14; Fri, 29 Jul 2011 20:53:21 +0000 (UTC) Received: from core.vx.sk (localhost [127.0.0.1]) by mail.vx.sk (Postfix) with ESMTP id A9F2115CF76; Fri, 29 Jul 2011 22:53:20 +0200 (CEST) X-Virus-Scanned: amavisd-new at mail.vx.sk Received: from mail.vx.sk ([127.0.0.1]) by core.vx.sk (mail.vx.sk [127.0.0.1]) (amavisd-new, port 10024) with LMTP id sdDmL4i3Ws4A; Fri, 29 Jul 2011 22:53:18 +0200 (CEST) Received: from [10.9.8.3] (chello085216231078.chello.sk [85.216.231.78]) by mail.vx.sk (Postfix) with ESMTPSA id CB70015CF68; Fri, 29 Jul 2011 22:53:17 +0200 (CEST) Message-ID: <4E331DC1.5000108@FreeBSD.org> Date: Fri, 29 Jul 2011 22:53:21 +0200 From: Martin Matuska User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0 MIME-Version: 1.0 To: Jamie Gritton References: <4E316E19.9040309@FreeBSD.org> <4E318D75.608@FreeBSD.org> <4E31A3CD.60500@FreeBSD.org> <4E31AEC6.8080106@FreeBSD.org> In-Reply-To: <4E31AEC6.8080106@FreeBSD.org> X-Enigmail-Version: 1.2 Content-Type: multipart/mixed; boundary="------------090000000605080708000202" Cc: FreeBSD Current Subject: Re: [PATCH] updated /etc/rc.d/jail and added ZFS support X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jul 2011 20:53:22 -0000 This is a multi-part message in MIME format. --------------090000000605080708000202 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit So what do you think about this updated patch (attached)? Here we leave everything possible for jail_example_params. Btw. you can also set jid=xxx in params to have a "static" jail id for this jail. Also stopping a persistent jail doesn't delete it (but you cannot start it again). Dňa 28. 7. 2011 20:47, Jamie Gritton wrote / napísal(a): > Yes, it was intentional to move away from the global sysctls and to > the per-jail parameters instead. It makes more sense once config > files come into play, which can do a better job of providing global > defaults as well as per-jail parameters. > > The connection between ZFS and persist makes sense. So for ZFS-based > jail you'd want to set (and then reset) persist. For others, this > could be left to the user. The changes to jail(8) for config files > also sets persist when creating jails, and then clears it at a later > stage unless the user specifies to keep it set. It looks like I might > want to add some ZFS support to the new jail(8). > > I would prefer to keep things simpler regarding create/start and > remove/stop, and keep them tied together. > > - Jamie > > > On 07/28/11 12:00, Martin Matuska wrote: >> If you start jail(8) witth "-c" (the new "param" way,) the values of the >> actual security.jail. variables are not initialized inside the jail, >> default values are used instead. I don't know if this is intentional, >> but probably yes. Default enforce_statfs=2, allow.mount=0. >> As of me we can leave everything for ${_params}, but then ${_zfs} makes >> sense only if enforce_statfs<2 and allow.mount=1. >> >> Regarding zfs, if you want to operate zfs from the very start of a jail >> (and e.g. make use of /etc/rc.d/zfs which has jail support), you have to >> pair datasets with an existing jail. In simple words, you have to create >> a process-less jail (persist=1), attach zfs datasets and then run the >> command. The persist option can be made optional - but we always start >> with persist=1, then we can set (or not) persist=0 depending on user >> setting. >> >> The question that opens, should we remove a persisting jail on "stop"? >> Or should we support new commands "create" and "remove" in addition to >> "start" and "stop"? Create would just make a processless jail, remove >> would wipe out a jail and start/stop would just deal with the processes >> (if persist=0 the old way, of course)? >> >> Cheers, >> mm >> >> Dňa 28. 7. 2011 18:25, Jamie Gritton wrote / napísal(a): >>> Since I missed the 9.0 boat with jail config file capability, something >>> like this seems necessary; rc.d/jail has long been unable to handle the >>> full scale of what jail(8) can do. >>> >>> I gather that setting persist is necessary for the ZFS operation. As >>> long as we're making the parameter setting more generic from rc, we >>> should handle the case where persist is specified in ${_params}, and >>> not >>> always set/reset it around the jail creation unless ZFS is used. >>> >>> Also, why the specific inclusion of the security-related parameters? >>> They could just be folded into ${_params}, and if left unspecified then >>> jail(8) should by default do the right thing. >>> >>> - Jamie >>> >>> >>> On 07/28/11 08:11, Martin Matuska wrote: >>>> The attached patch allows better fine-tuning of jails started via >>>> /etc/rc.d, uses the new jail(8) flags (-c -m), the persist >>>> parameter and >>>> adds ZFS support. >>>> Patch is fully backward compatible. >>>> >>>> Please review, comment and/or test my attached patch. >>>> >>>> Cheers, >>>> mm -- Martin Matuska FreeBSD committer http://blog.vx.sk --------------090000000605080708000202 Content-Type: text/plain; name="etc_jail.2.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="etc_jail.2.patch" SW5kZXg6IGV0Yy9yYy5kL2phaWwKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gZXRjL3JjLmQvamFpbAko cmV2aXNpb24gMjI0NDk0KQorKysgZXRjL3JjLmQvamFpbAkod29ya2luZyBjb3B5KQpAQCAt NDMsNiArNDMsOSBAQAogCWV2YWwgX2lwPVwiXCRqYWlsXyR7X2p9X2lwXCIKIAlldmFsIF9p bnRlcmZhY2U9XCJcJHtqYWlsXyR7X2p9X2ludGVyZmFjZTotJHtqYWlsX2ludGVyZmFjZX19 XCIKIAlldmFsIF9leGVjPVwiXCRqYWlsXyR7X2p9X2V4ZWNcIgorCWV2YWwgX3BhcmFtcz1c IlwkamFpbF8ke19qfV9wYXJhbXNcIgorCWV2YWwgX3BlcnNpc3Q9XCJcJGphaWxfJHtfan1f cGVyc2lzdFwiCisJZXZhbCBfemZzPVwiXCR7amFpbF8ke19qfV96ZnM6LX1cIgogCiAJaT0w CiAJd2hpbGUgOiA7IGRvCkBAIC05OCw2ICsxMDEsOSBAQAogCWZpCiAKIAkjIFRoZSBkZWZh dWx0IGphaWwgcnVsZXNldCB3aWxsIGJlIHVzZWQgYnkgcmMuc3ViciBpZiBub25lIGlzIHNw ZWNpZmllZC4KKwlpZiBbIC1uICJqYWlsX2RldmZzX3J1bGVzZXQiIC1hIC1uICJfemZzIiBd OyB0aGVuCisJCWphaWxfZGV2ZnNfcnVsZXNldD0iZGV2ZnNydWxlc19qYWlsX3pmcyIKKwlm aQogCWV2YWwgX3J1bGVzZXQ9XCJcJHtqYWlsXyR7X2p9X2RldmZzX3J1bGVzZXQ6LSR7amFp bF9kZXZmc19ydWxlc2V0fX1cIgogCWV2YWwgX2RldmZzPVwiXCR7amFpbF8ke19qfV9kZXZm c19lbmFibGU6LSR7amFpbF9kZXZmc19lbmFibGV9fVwiCiAJWyAteiAiJHtfZGV2ZnN9IiBd ICYmIF9kZXZmcz0iTk8iCkBAIC0zNDUsNiArMzUxLDM2IEBACiAJbW91bnQgLWEgLUYgIiR7 X2ZzdGFifSIKIH0KIAorIyBqYWlsX3pmc19qYWlsaW4KKyMJTWFrZSB6ZnMgZGF0YXNldHMg bWFuYWdlYWJsZSBmcm9tIGluc2lkZSBhIGphaWwKKyMJdGhlICJqYWlsZWQiIGRhdGFzZXQg cHJvcGVydHkgbXVzdCBiZSBzZXQgdG8gIm9uIgoramFpbF96ZnNfamFpbGluKCkKK3sKKwlp ZiBbIC1uICIke196ZnN9IiBdOyB0aGVuCisJCWZvciBfZHMgaW4gJHtfemZzfTsgZG8KKwkJ CV9qYWlsZWQ9YHpmcyBnZXQgLUggamFpbGVkICR7X2RzfSAyPi9kZXYvbnVsbCB8IGF3ayAn eyBwcmludCAkMyB9J2AKKwkJCWlmIFsgIiRfamFpbGVkIiA9ICJvbiIgXTsgdGhlbgorCQkJ CXpmcyBqYWlsICIke19qYWlsX2lkfSIgJHtfZHN9IDI+L2Rldi9udWxsCisJCQlmaQorCQlk b25lCisJZmkKK30KKworIyBqYWlsX3pmc19qYWlsb3V0CisjCVVuamFpbCB6ZnMgZGF0YXNl dHMKKyMJdGhlICJqYWlsZWQiIGRhdGFzZXQgcHJvcGVydHkgbXVzdCBiZSBzZXQgdG8gIm9u IgoramFpbF96ZnNfamFpbG91dCgpCit7CisJaWYgWyAtbiAiJHtfemZzfSIgXTsgdGhlbgor CQlmb3IgX2RzIGluICR7X3pmc307IGRvCisJCQlfamFpbGVkPWB6ZnMgZ2V0IC1IIGphaWxl ZCAke19kc30gMj4vZGV2L251bGwgfCBhd2sgJ3sgcHJpbnQgJDMgfSdgCisJCQlpZiBbICIk X2phaWxlZCIgPSAib24iIF07IHRoZW4KKwkJCQl6ZnMgdW5qYWlsICIke19qYWlsX2lkfSIg JHtfZHN9IDI+L2Rldi9udWxsCisJCQlmaQorCQlkb25lCisJZmkKK30KKwogIyBqYWlsX3No b3dfYWRkcmVzc2VzIGphaWwKICMJRGVidWcgcHJpbnQgdGhlIGlucHV0IGZvciB0aGUgZ2l2 ZW4gX211bHRpIGFsaWFzZXMKICMJZm9yIGEgamFpbCBmb3IgaW5pdF92YXJpYWJsZXMoKS4K QEAgLTQ4MywxMCArNTE5LDI3IEBACiAJCSopCTs7CiAJCWVzYWMKIAotCQkjIEFwcGVuZCBh ZGRyZXNzIHRvIGxpc3Qgb2YgYWRkcmVzc2VzIGZvciB0aGUgamFpbCBjb21tYW5kLgotCQlj YXNlICIke19hZGRybH0iIGluCi0JCSIiKQlfYWRkcmw9IiR7X2FkZHJ9IiA7OwotCQkqKQlf YWRkcmw9IiR7X2FkZHJsfSwke19hZGRyfSIgOzsKKwkJY2FzZSAiJHtfdHlwZX0iIGluCisJ CWluZXQpCisJCQkjIEFwcGVuZCBhZGRyZXNzIHRvIGxpc3Qgb2YgaXB2NCBhZGRyZXNzZXMg Zm9yIHRoZQorCQkJIyBqYWlsIGNvbW1hbmQuCisJCQljYXNlICIke19hZGRybH0iIGluCisJ CQkiIikJX2FkZHJsPSIke19hZGRyfSIgOzsKKwkJCSopCV9hZGRybD0iJHtfYWRkcmx9LCR7 X2FkZHJ9IiA7OworCQkJZXNhYworCQkJOzsKKwkJaW5ldDYpCisJCQkjIEFwcGVuZCBhZGRy ZXNzIHRvIGxpc3Qgb2YgaXB2NiBhZGRyZXNzZXMgZm9yIHRoZQorCQkJIyBqYWlsIGNvbW1h bmQuCisJCQljYXNlICIke19hZGRybDZ9IiBpbgorCQkJIiIpCV9hZGRybDY9IiR7X2FkZHJ9 IiA7OworCQkJKikJX2FkZHJsNj0iJHtfYWRkcmw2fSwke19hZGRyfSIgOzsKKwkJCWVzYWMK KwkJCTs7CisJCSopCXdhcm4gIkNvdWxkIG5vdCBkZXRlcm1pbmUgYWRkcmVzcyBmYW1pbHku ICBOb3QgZ29pbmciIFwKKwkJCSAgICAidG8gc2V0IGFkZHJlc3MgJyR7X2FkZHJ9JyBmb3Ig JHtfamFpbH0uIgorCQkJY29udGludWUKKwkJCTs7CiAJCWVzYWMKIAogCQkjIENvbmZpZ3Vy ZSBpbnRlcmZhY2UgYWxpYXMgaWYgcmVxdWVzdGVkIGJ5IGEgZ2l2ZW4gaW50ZXJmYWNlCkBA IC00OTQsMTQgKzU0Nyw3IEBACiAJCWNhc2UgIiR7X2lmYWNlfSIgaW4KIAkJIiIpCWNvbnRp bnVlIDs7CiAJCWVzYWMKLQkJY2FzZSAiJHtfdHlwZX0iIGluCi0JCWluZXQpCTs7Ci0JCWlu ZXQ2KQk7OwotCQkqKQl3YXJuICJDb3VsZCBub3QgZGV0ZXJtaW5lIGFkZHJlc3MgZmFtaWx5 LiAgTm90IGdvaW5nIiBcCi0JCQkgICAgInRvICR7X2FjdGlvbn0gYWRkcmVzcyAnJHtfYWRk cn0nIGZvciAke19qYWlsfS4iCi0JCQljb250aW51ZQotCQkJOzsKLQkJZXNhYworCiAJCWNh c2UgIiR7X2FjdGlvbn0iIGluCiAJCWFkZCkJaWZjb25maWcgJHtfaWZhY2V9ICR7X3R5cGV9 ICR7X2FkZHJ9JHtfbWFza30gYWxpYXMKIAkJCTs7CkBAIC01NzYsNiArNjIyLDcgQEAKIAkJ CWNvbnRpbnVlOwogCQlmaQogCQlfYWRkcmw9IiIKKwkJX2FkZHJsNj0iIgogCQlqYWlsX2lw cyAiYWRkIgogCQlpZiBbIC1uICIke19maWJ9IiBdOyB0aGVuCiAJCQlfc2V0ZmliPSJzZXRm aWIgLUYgJyR7X2ZpYn0nIgpAQCAtNjQ0LDQyICs2OTEsNTYgQEAKIAkJCWk9JCgoaSArIDEp KQogCQlkb25lCiAKLQkJZXZhbCAke19zZXRmaWJ9IGphaWwgJHtfZmxhZ3N9IC1pICR7X3Jv b3RkaXJ9ICR7X2hvc3RuYW1lfSBcCi0JCQlcIiR7X2FkZHJsfVwiICR7X2V4ZWNfc3RhcnR9 ID4gJHtfdG1wX2phaWx9IDI+JjEgXAotCQkJPC9kZXYvbnVsbAorCQlfamFpbF9pZD1gJHtf c2V0ZmlifSBqYWlsIC1pICR7X2ZsYWdzfSAtYyBcCisJCQlwYXRoPSIke19yb290ZGlyfSIg XAorCQkJaG9zdC5ob3N0bmFtZT0iJHtfaG9zdG5hbWV9IiBcCisJCQlpcDQuYWRkcj0iJHtf YWRkcmx9IiBcCisJCQlpcDYuYWRkcj0iJHtfYWRkcmw2fSIgXAorCQkJJHtfcGFyYW1zfSBc CisJCQlwZXJzaXN0PTFgCiAKLQkJaWYgWyAiJD8iIC1lcSAwIF0gOyB0aGVuCi0JCQlfamFp bF9pZD0kKGhlYWQgLTEgJHtfdG1wX2phaWx9KQotCQkJaT0xCi0JCQl3aGlsZSA6IDsgZG8K LQkJCQlldmFsIG91dD1cIlwke19leGVjX2FmdGVyc3RhcnQke2l9Oi0nJ31cIgotCi0JCQkJ aWYgWyAteiAiJG91dCIgXTsgdGhlbgotCQkJCQlicmVhazsKKwkJaWYgWyAtbiAiJF9qYWls X2lkIiBdOyB0aGVuCisJCQlqYWlsX3pmc19qYWlsaW4KKwkJCWV2YWwgamFpbCAke19mbGFn c30gLW0gamlkPSIke19qYWlsX2lkfSIgXAorCQkJICAgIGNvbW1hbmQ9IiR7X2V4ZWNfc3Rh cnR9IiA+ICR7X3RtcF9qYWlsfSAyPiYxIFwKKwkJCSAgICA8L2Rldi9udWxsCisJCQlpZiBb ICIkPyIgLWVxIDAgXSA7IHRoZW4KKwkJCQlpZiBbICIke19wZXJzaXN0fSIgIT0gIjEiIF07 IHRoZW4KKwkJCQkJamFpbCAtbSBqaWQ9IiR7X2phaWxfaWR9IiBwZXJzaXN0PTAKIAkJCQlm aQorCQkJCWk9MQorCQkJCXdoaWxlIDogOyBkbworCQkJCQlldmFsIG91dD1cIlwke19leGVj X2FmdGVyc3RhcnQke2l9Oi0nJ31cIgogCi0JCQkJamV4ZWMgIiR7X2phaWxfaWR9IiAke291 dH0KLQkJCQlpPSQoKGkgKyAxKSkKLQkJCWRvbmUKKwkJCQkJaWYgWyAteiAiJG91dCIgXTsg dGhlbgorCQkJCQkJYnJlYWs7CisJCQkJCWZpCiAKLQkJCWVjaG8gLW4gIiAkX2hvc3RuYW1l IgotCQkJdGFpbCArMiAke190bXBfamFpbH0gPiR7X2NvbnNvbGVsb2d9Ci0JCQllY2hvICR7 X2phaWxfaWR9ID4gL3Zhci9ydW4vamFpbF8ke19qYWlsfS5pZAorCQkJCQlqZXhlYyAiJHtf amFpbF9pZH0iICR7b3V0fQorCQkJCQlpPSQoKGkgKyAxKSkKKwkJCQlkb25lCiAKLQkJCWk9 MAotCQkJd2hpbGUgOiA7IGRvCi0JCQkJZXZhbCBvdXQ9XCJcJHtfZXhlY19wb3N0c3RhcnQk e2l9Oi0nJ31cIgotCQkJCVsgLXogIiRvdXQiIF0gJiYgYnJlYWsKLQkJCQkke291dH0KLQkJ CQlpPSQoKGkgKyAxKSkKLQkJCWRvbmUKLQkJZWxzZQotCQkJamFpbF91bW91bnRfZnMKLQkJ CWphaWxfaXBzICJkZWwiCi0JCQllY2hvICIgY2Fubm90IHN0YXJ0IGphaWwgXCIke19qYWls fVwiOiAiCi0JCQl0YWlsICsyICR7X3RtcF9qYWlsfQorCQkJCWVjaG8gLW4gIiAkX2hvc3Ru YW1lIgorCQkJCXRhaWwgKzIgJHtfdG1wX2phaWx9ID4ke19jb25zb2xlbG9nfQorCQkJCWVj aG8gJHtfamFpbF9pZH0gPiAvdmFyL3J1bi9qYWlsXyR7X2phaWx9LmlkCisKKwkJCQlpPTAK KwkJCQl3aGlsZSA6IDsgZG8KKwkJCQkJZXZhbCBvdXQ9XCJcJHtfZXhlY19wb3N0c3RhcnQk e2l9Oi0nJ31cIgorCQkJCQlbIC16ICIkb3V0IiBdICYmIGJyZWFrCisJCQkJCSR7b3V0fQor CQkJCQlpPSQoKGkgKyAxKSkKKwkJCQlkb25lCisJCQllbHNlCisJCQkJamFpbF96ZnNfamFp bG91dAorCQkJCWphaWwgLW0gamlkPSIke19qYWlsX2lkfSIgcGVyc2lzdD0wCisJCQkJamFp bF91bW91bnRfZnMKKwkJCQlqYWlsX2lwcyAiZGVsIgorCQkJCWVjaG8gIiBjYW5ub3Qgc3Rh cnQgamFpbCBcIiR7X2phaWx9XCI6ICIKKwkJCQl0YWlsICsyICR7X3RtcF9qYWlsfQorCQkJ ZmkKKwkJCXJtIC1mICR7X3RtcF9qYWlsfQogCQlmaQotCQlybSAtZiAke190bXBfamFpbH0K IAlkb25lCiAJcm1kaXIgJHtfdG1wX2Rpcn0KIAllY2hvICcuJwpAQCAtNzA3LDYgKzc2OCw3 IEBACiAJCQkJCWV2YWwgZW52IC1pIC91c3Ivc2Jpbi9qZXhlYyAke19qYWlsX2lkfSAke19l eGVjX3N0b3B9IFwKIAkJCQkJCT4+ICR7X2NvbnNvbGVsb2d9IDI+JjEKIAkJCQlmaQorCQkJ CWphaWxfemZzX2phaWxvdXQKIAkJCQlraWxsYWxsIC1qICR7X2phaWxfaWR9IC1URVJNID4g L2Rldi9udWxsIDI+JjEKIAkJCQlzbGVlcCAxCiAJCQkJa2lsbGFsbCAtaiAke19qYWlsX2lk fSAtS0lMTCA+IC9kZXYvbnVsbCAyPiYxCkluZGV4OiBldGMvZGVmYXVsdHMvZGV2ZnMucnVs ZXMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PQotLS0gZXRjL2RlZmF1bHRzL2RldmZzLnJ1bGVzCShyZXZpc2lv biAyMjQ0NzEpCisrKyBldGMvZGVmYXVsdHMvZGV2ZnMucnVsZXMJKHdvcmtpbmcgY29weSkK QEAgLTgzLDMgKzgzLDkgQEAKIGFkZCBpbmNsdWRlICRkZXZmc3J1bGVzX2hpZGVfYWxsCiBh ZGQgaW5jbHVkZSAkZGV2ZnNydWxlc191bmhpZGVfYmFzaWMKIGFkZCBpbmNsdWRlICRkZXZm c3J1bGVzX3VuaGlkZV9sb2dpbgorCisjIEphaWwgd2l0aCB6ZnMgc3VwcG9ydAorIworW2Rl dmZzcnVsZXNfamFpbF96ZnM9NV0KK2FkZCBpbmNsdWRlICRkZXZmc3J1bGVzX2phaWwKK2Fk ZCBwYXRoIHpmcyB1bmhpZGUKSW5kZXg6IGV0Yy9kZWZhdWx0cy9yYy5jb25mCj09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT0KLS0tIGV0Yy9kZWZhdWx0cy9yYy5jb25mCShyZXZpc2lvbiAyMjQ0NzEpCisrKyBl dGMvZGVmYXVsdHMvcmMuY29uZgkod29ya2luZyBjb3B5KQpAQCAtNjk1LDYgKzY5NSwxNSBA QAogI2phaWxfZXhhbXBsZV9tb3VudF9lbmFibGU9Ik5PIgkJCSMgbW91bnQvdW1vdW50IGph aWwncyBmcwogI2phaWxfZXhhbXBsZV9mc3RhYj0iIgkJCQkjIGZzdGFiKDUpIGZvciBtb3Vu dC91bW91bnQKICNqYWlsX2V4YW1wbGVfZmxhZ3M9Ii1sIC1VIHJvb3QiCQkjIGZsYWdzIGZv ciBqYWlsKDgpCisjamFpbF9leGFtcGxlX3BlcnNpc3Q9IiIJCQkjIFNldCB0byAxIHRvIGNy ZWF0ZSBhIHBlcnNpc3RlbnQgamFpbAorI2phaWxfZXhhbXBsZV9wYXJhbXM9IiIJCQkJIyBT cGFjZS1zZXBhcmF0ZWQgbGlzdCBvZiBhZGRpdGlvbmFsCisJCQkJCQkjIHVzZXItc3VwcGxp ZWQgcGFyYW1ldGVycyBmb3IgamFpbCg4KQorI2phaWxfZXhhbXBsZV96ZnM9IiIJCQkJIyBT cGFjZS1zZXBhcmF0ZWQgbGlzdCBvZiBaRlMgZGF0YXNldHMgdG8gYmUKKwkJCQkJCSMgbWFu YWdlZCBmcm9tIHRoaXMgamFpbC4gRm9yIHByb3BlciBvcGVyYXRpb24sCisJCQkJCQkjIGFs bG93Lm1vdW50PTEgYW5kIGVuZm9yY2Vfc3RhdGZzPTEgKG9yIDApCisJCQkJCQkjIG11c3Qg YmUgYWRkZWQgdG8gamFpbF9leGFtcGxlX3BhcmFtcy4KKwkJCQkJCSMgVGhlICJqYWlsZWQi IHByb3BlcnR5IG11c3QgYmUgc2V0IHRvICJvbiIKKwkJCQkJCSMgb24gZGVzaXJlZCBkYXRh c2V0cyBiZWZvcmUgc3RhcnRpbmcgdGhlIGphaWwuCiAKICMjIyMjIyMjIyMjIyMjIyMjIyMj IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiAjIyMgRGVmaW5l IHNvdXJjZV9yY19jb25mcywgdGhlIG1lY2hhbmlzbSB1c2VkIGJ5IC9ldGMvcmMuKiAjIwo= --------------090000000605080708000202--