is it possible to allow non-root users limited access to dtrace?

i only want the userspace static trace points of the traced process

but dtrace -s test.d -c "/path/to/my/tool" doesn't work without root

and i can't even drop privs with sudo because in that case dtrace doesn't know about the static trace points in the executable and instead tries to look for probes in sudo

is there a workaround short of adding proper privilege dropping code to a tool that shouldn't have to deal with that?

btw i do know that dtrace's main purpose is to leak kernel state in a structured easy to consume way and as such can't be trusted to unpriviledged users

hm, the only idea I have is doing cmd & dtrace -p $! … which has the problem that cmd already runs before dtrace starts, crest

Hi

I struggle on something really strange

i'm moving my homeserver config to a vps

i use bastille to generate my thin jails

nsd, and nginx

i use acme-tiny to validate my ssl cert

this is not workng

because from the nginx jails, i can't reach my nginx thourgh the outside

nc -vz 194.163.181.239 80

from the outside, it works, you can run it at home

if i open a console with bastille in the nginx jails

i get connexion refused

i was firstly thinking about a routing problem

but

if i try to send a udp packet to the same ip on port 53, from the jail, it works !

lets show you

my nginx config is really basic, and i can't see anything in error.log

from the vps, i can reach the 80 port, on the jail ip

so the problem is only when redirecting from inside the jail -> internet -> vps -> jail

desktop -> vps -> jail, with dynamic rdr, is working

i tried to watch pflog, but i can't see any blocked packet

on my homeserver, everything is working well

Hello folks. Given the current cyber warfare context we are moving more stuff to jail-ification. I was surprised to find so little documentation about "micro-jails" – most material makes you create full system images, which is heavier and less secure

I was wondering if anyone is using microjails here (one jail for one specific service – with only the files required by the service itself available)? If so, how do you manage those? Do you use an md(4) image, or create the jail on-the-fly before each start?

In the former case, where do you store the md jail images?

eoli3n: sounds like a problem with hairpinning at your provider

debdrup i don't think so, because i would not be able to reach others ports

check my paste

port 2222 and port 53 works from the jail

that's not a routing or nat problem

true

and, from the VPS itself it works

another strange thing

during my test, i failed removing "u" option from vz, and see that i can reach port 80 on udp

but not tcp

the first command is udp test on port 80

second one is tcp on port 80

any idea is welcome, i'm totally lost here

do I understand setting up wine with my own pkg repo correct, I have to build wine and mesa-dri for i386 too, so I have to create a i386 poudriere jail and use ABI in the repo conf?

how do i start 'glances -w' on boot?

sams for the user?

root is fine

where do you want to start it? in the desktop?

i need it to execeute that command?

execute.

you want to start it after you login to your desktop?=

no, its a headless device

shell is fine

seems to be some webserver, so a rc script would be a good idea for that port

see, man rc.subr and man rc

Title: Installing Glance on FreeBSD. In this post I will cover the process… | by Alexander Nusov | NFV Express | Medium

thanks

that was something else I think: check here: glances.readthedocs.io/en/latest

Title: Glances — Glances 3.3.0.1 documentation

i dont need the docs for glances though and there is nothing there to howto on boot

used to using /etc/rc.local in linux though

FreeBSD supports rc.local, but. . . instances where it's wise to use are rare.

That goes for any OS, really.

just use rc correctly, then that can added to the port too and more people can profit from it

Title: Practical rc.d scripting in BSD | FreeBSD Documentation Portal

First time in a while.

for what purpose?

la_mettrie, building a natd box.

i don't recall that being necessary for nat, unless you're doing it for fun

Well. . . as it happens, I've used natd for a lot of years. . . more than 20, in fact.

Used it in a lot of different environments.

If you look at natd(8), it tells you you need to roll a kernel with IPFIREWALL & IPDIVERT support added.

I actually wrote a guide on natd that got a lot of downloads, when the bulk of FreeBSD's IRC support was on EFnet.

Has anyone connected 2-3 multi-bay disk enclosures to use all the bays as one entity connected to a computer? ZFS RAIDZ[23] [cw]ould be made on the disks, either contained within the disks of one enclosure of over multiple ones.

Correction in the last sentence: either contained within the disks of one enclosure *or* over multiple ones.

An example of the enclosure hardware: SuperChassis 826BE1C-R609JBOD, supermicro.com/en/products/chassis/2u/826/sc826be1c-r609jbod

Title: SC826BE1C-R609JBOD | 2U | Chassis | Products | Supermicro

Anyone able to run FreeBSD on a librebooted T400?

I am having a weird glitch where the install medium is only like using 5% of my screen and dublicated 10 times or something

Anyone seen this before? "bhyve: vm_setup_pptdev_msix: No space left on device" Got it while trying to pass 4 pcie Intel ice network adapters through to a bhyve VM. (Passthrough of 3 NICs works fine, but 4 or more fails.)

CrtxReavr: ipfw can do nat natively? :)

i guess is stopped using natd/ipfw since pf landed

How important is to have same RAM speed? Need total of 64 GB ECC unbuffered DIMM DDR4 2933 MHz for SuperMicro X12SCA-F motherboard; found Micron one 32 GB 2-rank stick but at 3200 MHz

parv: not problem, the ram downclocking at same minor speed

Yukiteru, That was also my understanding; thanks for the confirmation. My supervisor has been hesistan to buy because Micron web pages "not compatible" with the motherboard (does not list the reason): crucial.com/memory/server-ddr4/mta18asf4g72az-3g2r

Title: Micron 32GB DDR4-3200 ECC UDIMM 2Rx8 CL22 | MTA18ASF4G72AZ-3G2R | Crucial.com

s/pages/page says/

morn

s/hesistan/hesitant/ # ugh

The Micron stick is 2 rank; I could not find "rank" in manual/doc of the motherboard. Does rank affect compatibility in that case?

parv: en.wikipedia.org/wiki/Memory_rank

Title: Memory rank - Wikipedia

I'd guess that dual rank works fine. IIRC too many ranks per channel will cause a lower clock speed to be negotiated.

I suppose then Micron web page spits out compatibility notice by strictly comparing the specification

Thank you all. Now supervisor could buy any one of non-ECC RAM (~US$ 240), ECC RAM "not compatible" (~US$ 220), or the strictly matching the specification at $500+ 🤷‍♂️

parv: Check the spec sheets for your CPU if you're curious about how many ranks it supports. I think the memory controller on the CPU decides how many ranks per channel is supported. Not the motherboard.

NerdyMcNerdface, Ah, ok. Checking ...

example: intel.com/content/dam/www/public/us…/xeon-e3-1200v5-vol-1-datasheet.pdf

NerdyMcNerdface, Found the one for Xeon W1250-P : intel.com/content/www/us/en/content…essors-datasheet-volume-1-of-2.html