I vastly under appreciated that folks rely upon the ng_eiface not moving with the struct ifnet. Probably because I've been using them in jails for over a decade and only recently noticed myself.

Feb 27 2025, 8:34 PM · Jails, network

glebius added a comment to D49158: ng_eiface(4) and ng_iface(4) should play better with vnet(9).

In D49158#1121374, @zec wrote:

Your obsession with getting rid of the "flawed" if_vmove() is noted, but for the sake of other people who may have a different view, and who have applications relying on this very concept for 20+ years, please do not take that route.

Feb 27 2025, 7:38 PM · Jails, network

zec added a comment to D49158: ng_eiface(4) and ng_iface(4) should play better with vnet(9).

In D49158#1121338, @glebius wrote:

I do not like the plan. The picture drawn shows that a netgraph node in one vnet is connected to a node in a different vnet. This is basically a violation of the idea of vnet. Virtualized stacks should communicate with each other via network protocols, not kernel pointers. The only legal exclusion is epair(4).

Feb 27 2025, 7:13 PM · Jails, network

dave_freedave.net abandoned D49158: ng_eiface(4) and ng_iface(4) should play better with vnet(9).

I think I'll just accept my understanding is flawed now to save time and withdraw this. Thank you.

Feb 27 2025, 6:32 PM · Jails, network

glebius requested changes to D49158: ng_eiface(4) and ng_iface(4) should play better with vnet(9).

I do not like the plan. The picture drawn shows that a netgraph node in one vnet is connected to a node in a different vnet. This is basically a violation of the idea of vnet. Virtualized stacks should communicate with each other via network protocols, not kernel pointers. The only legal exclusion is epair(4). You may create a new netgraph node for your purpose - a node that is present in two vnets, that would be a second legal exclusion to the virtualization rule.

Feb 27 2025, 6:22 PM · Jails, network

zec added a comment to D49158: ng_eiface(4) and ng_iface(4) should play better with vnet(9).

By design, moving an eiface ifnet from one vnet to another always implied that its netgraph node will remain attached in the parent vnet. This is not an omission or a mistake, but a well established mode of operation on which certain applications heavily depend on, and which this patch proposes to change, for reasons not clearly stated.

Feb 27 2025, 6:14 PM · Jails, network

dave_freedave.net updated the test plan for D49158: ng_eiface(4) and ng_iface(4) should play better with vnet(9).

Feb 27 2025, 5:25 PM · Jails, network

dave_freedave.net requested review of D49158: ng_eiface(4) and ng_iface(4) should play better with vnet(9).

Feb 27 2025, 4:56 PM · Jails, network

Nov 19 2024

markj closed D47651: jail: Let a couple of parameter types be specified as lists.

Nov 19 2024, 9:19 PM · manpages, Jails

Nov 18 2024

jamie accepted D47651: jail: Let a couple of parameter types be specified as lists.

Not really part of this specific problem, but jail(8) should auto-recognize list parameters because their SYSCTL_JAIL specification has a type with ",a" appended. Ideally, it would build a list of such parameters it sees like that. For non-kernel parameters like vnet.interface and zfs.dataset, putting them in the array is probably as good as its going to get.

Nov 18 2024, 9:29 PM · manpages, Jails

zlei accepted D47651: jail: Let a couple of parameter types be specified as lists.

Looks good to me.

Nov 18 2024, 4:55 PM · manpages, Jails

zlei added a comment to D47651: jail: Let a couple of parameter types be specified as lists.

The tests looks good. I need some time to read the code carefully ...

Nov 18 2024, 3:19 AM · manpages, Jails

ziaee added projects to D47651: jail: Let a couple of parameter types be specified as lists: Jails, manpages.

Manpage LGTM

Nov 18 2024, 12:57 AM · manpages, Jails

Oct 29 2024

igoro added a member for Jails: igoro.

Oct 29 2024, 6:07 PM

Oct 16 2024

jamie added a comment to D46284: Add the ability have executable jail.conf.

It would make sense for the exec.clean parameter to apply to the config execution. Bit of a chicken and egg problem there, but there's still the "-l" flag.

Oct 16 2024, 2:56 AM · Jails

Aug 14 2024

crest_freebsd_rlwinm.de updated the diff for D46284: Add the ability have executable jail.conf.

Address style feedback.

Aug 14 2024, 1:29 PM · Jails

crest_freebsd_rlwinm.de added inline comments to D46284: Add the ability have executable jail.conf.

Aug 14 2024, 1:23 PM · Jails

Aug 13 2024

crest_freebsd_rlwinm.de added a comment to D46284: Add the ability have executable jail.conf.

Using this /etc/jail.conf:

.include "/usr/local/etc/jail[.]conf";
.include "/etc/jail.d/*.conf";
.include "/usr/local/etc/jail.d/*.conf";

Aug 13 2024, 9:18 PM · Jails

kevans added a comment to D46284: Add the ability have executable jail.conf.

I'm a little torn on the idea itself, but here's some review

Aug 13 2024, 7:54 PM · Jails

crest_freebsd_rlwinm.de requested review of D46284: Add the ability have executable jail.conf.

Aug 13 2024, 7:34 PM · Jails

Jun 24 2024

jamie closed D45647: Document and subtlely change the zfs.mount_snapshot jail parameter.

Jun 24 2024, 8:03 PM · Jails, ZFS

Jun 21 2024

jamie added a comment to D45647: Document and subtlely change the zfs.mount_snapshot jail parameter.

In D45647#1041512, @zlei wrote:

I guess the change for sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vfsops.c go to upstream first. Will it ?

Jun 21 2024, 5:05 PM · Jails, ZFS

Jun 20 2024

zlei added a comment to D45647: Document and subtlely change the zfs.mount_snapshot jail parameter.

I guess the change for sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vfsops.c go to upstream first. Will it ?

Jun 20 2024, 9:31 AM · Jails, ZFS

avg accepted D45647: Document and subtlely change the zfs.mount_snapshot jail parameter.

I would subtly change the title :-)
Otherwise, looks good to me.

Jun 20 2024, 4:57 AM · Jails, ZFS

Jun 19 2024

jamie requested review of D45647: Document and subtlely change the zfs.mount_snapshot jail parameter.

Jun 19 2024, 8:04 PM · Jails, ZFS

May 22 2024

yan.jurak_gmail.com removed a watcher for Jails: yan.jurak_gmail.com.

May 22 2024, 9:10 PM

netchild closed D40371: automatic service jails: some setup for full functionality of the services in automatic service jails.

May 22 2024, 1:42 PM · rc, Jails

netchild closed D40370: Infrastructure for automatic jailing of rc.d-services.

May 22 2024, 1:42 PM · rc, Jails

May 20 2024

yan.jurak_gmail.com added a watcher for Jails: yan.jurak_gmail.com.

May 20 2024, 10:14 PM

Jan 11 2024

bcr accepted D40370: Infrastructure for automatic jailing of rc.d-services.

OK for the man page change. Make sure to bump the .Dd when you commit it for this content change.
Thanks for working on this, it's appreciated!

Jan 11 2024, 1:20 PM · rc, Jails

netchild updated the diff for D40371: automatic service jails: some setup for full functionality of the services in automatic service jails.

make some scripts compatible with svcj (convert parts of the precmd into another way of settings variables), precmd is not run inside the same shell/jail = make it work with svcj
add some support for nfs in svcj, not yet finished (precmd is not comaptible)
exclude some scripts from svcj due to an incompatible precmd (not run in same shell/jail)

Jan 11 2024, 11:15 AM · rc, Jails

netchild updated the diff for D40370: Infrastructure for automatic jailing of rc.d-services.

Make jls quiet.

Jan 11 2024, 11:11 AM · rc, Jails