From owner-freebsd-hackers@freebsd.org  Wed Sep  4 18:55:48 2019
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C150ECA212
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Wed,  4 Sep 2019 18:55:48 +0000 (UTC)
 (envelope-from zbeeble@gmail.com)
Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com
 [IPv6:2607:f8b0:4864:20::d2d])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 46NtLq6rsDz3GBW
 for <freebsd-hackers@freebsd.org>; Wed,  4 Sep 2019 18:55:47 +0000 (UTC)
 (envelope-from zbeeble@gmail.com)
Received: by mail-io1-xd2d.google.com with SMTP id m11so14639996ioo.0
 for <freebsd-hackers@freebsd.org>; Wed, 04 Sep 2019 11:55:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=ZBL6t7XytcPNaK2hGN+LXnCW6Vb4Z+PM+2rMHyya/Gg=;
 b=nIqofBlNxlgkkC93Jgi6iIDeZJuWgWOE/Phm5IyksxSDJwAhS4DX+P0Ua9GggMNeEq
 bospWa2U8+bcQ7BXVhOc95STIWePvx69zDb/PfjnHSpif0UC/z7C8uMV/t7nquD/7upj
 zFe3rrvno22dQtZdh7OW/5FMBbyHGGXz818Vt8V25id6aRpupeRTmCakLTidwl1Rf4HY
 nojaFaZczijK/JkFRhtOEn7dHjtjbg0W5Ascbbjq7abLk5TElwvPB02/kD6NN7qKnU67
 M71JIZPN2qgUl5DkRH5qJMaj66kwTeaUWw0eaEZiNpWXBnIbGHkii90VfSlNlnxWJTDP
 VNYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=ZBL6t7XytcPNaK2hGN+LXnCW6Vb4Z+PM+2rMHyya/Gg=;
 b=dqYDE+uzVjjZS3cSAgtazAPQY0VI8bd290rUnJj7EtWHl/Pf90Ir1zYC0Xg/DESKCy
 4QCMeCFv6FY1bfW0rdN3TQUJIvjFPmDTqIN6g4UTzj29rnqmMit/LMtwVSGy6EuC9Dk6
 vtkHIM7KabMpFNDyz3n07rXhLfU7tp0HES5IiaoMoOdaHtHIOPLOlQq4Euy8EWiK0eiW
 4wqfP3GY5mpcw0acBZ3HXylODztvmhyTog7gtRBxbt4VgN5VqWI0TFyhd5wO+n834CdP
 hie3me1kIkOfG7PuLp0tTxDXEBAS9No+zJDYkEzYJK4Ur7MpbMwvqXc51zQXRvJ7lYlz
 q4fA==
X-Gm-Message-State: APjAAAXd485eQlir5y6pNJzlP+mGfQdImHS3qaFvdeuxCPl2XQoFRapW
 PmYnv+8NecZU+hJQvpvVyUSEAsb7K036ggTNrdBL4sc=
X-Google-Smtp-Source: APXvYqxw7XYF+8xmL/MEgAvNzeShVG8EM5WlTZrTpfJUJF+BUcvSo8Ovu/oCbqH26WlRzRGwS7nNZmUiFR3aQO1ndoA=
X-Received: by 2002:a6b:c903:: with SMTP id z3mr38504574iof.204.1567623346598; 
 Wed, 04 Sep 2019 11:55:46 -0700 (PDT)
MIME-Version: 1.0
From: Zaphod Beeblebrox <zbeeble@gmail.com>
Date: Wed, 4 Sep 2019 14:55:34 -0400
Message-ID: <CACpH0Md72MVA6v5eify=FQxbQK-b79De8DRWJ0d_oCHxQ+CAjA@mail.gmail.com>
Subject: A jail notion.
To: FreeBSD Hackers <freebsd-hackers@freebsd.org>
X-Rspamd-Queue-Id: 46NtLq6rsDz3GBW
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=nIqofBlN;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of zbeeble@gmail.com designates
 2607:f8b0:4864:20::d2d as permitted sender) smtp.mailfrom=zbeeble@gmail.com
X-Spamd-Result: default: False [-4.00 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[];
 RCPT_COUNT_ONE(0.00)[1];
 IP_SCORE(0.00)[ip: (-5.92), ipnet: 2607:f8b0::/32(-2.76), asn: 15169(-2.28),
 country: US(-0.05)]; TO_DN_ALL(0.00)[];
 DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 RCVD_IN_DNSWL_NONE(0.00)[d.2.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; NEURAL_HAM_SHORT(-1.00)[-0.998,0];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2019 18:55:48 -0000

So... in general, I put jails in /jail.  I could, for instance, aggregate
all unique userids and groupids into /etc/master.password and /etc/group by
scanning /jail/*/etc/master.passwd, but then again, I could also run kerb.
This could be further generalized by following the jail root configured in
/etc/jail.conf.

Now... I admit the fact that not all jails will have a password or group
file, but looking at the fairly vast number of jails that I deploy, at
least for me, they almost all have password and group files.

What am I getting at?  Running top on the host ... many of the jail users
end up as numbers.  It would be supremely helpful if top was jail-enabled
in this manner.  In fact, although I routinely consider kerberos ... I
don't think it would solve this problem.  What does the userid of a process
look like under kerb?

Anyways... food for thought.