00:17:18 <crest> is it possible to allow non-root users limited access to dtrace?
00:17:42 <crest> i only want the userspace static trace points of the traced process
00:18:41 <crest> but dtrace -s test.d -c "/path/to/my/tool" doesn't work without root
00:19:20 <crest> and i can't even drop privs with sudo because in that case dtrace doesn't know about the static trace points in the executable and instead tries to look for probes in sudo
00:20:28 <crest> is there a workaround short of adding proper privilege dropping code to a tool that shouldn't have to deal with that?
00:37:22 <crest> btw i do know that dtrace's main purpose is to leak kernel state in a structured easy to consume way and as such can't be trusted to unpriviledged users
06:33:50 <nimaje> hm, the only idea I have is doing   cmd & dtrace -p $! …  which has the problem that cmd already runs before dtrace starts, crest
07:14:16 * auwooo hi all
09:11:00 <eoli3n> Hi
09:11:05 <eoli3n> I struggle on something really strange
09:11:12 <eoli3n> i'm moving my homeserver config to a vps
09:11:35 <eoli3n> i use bastille to generate my thin jails
09:11:40 <eoli3n> nsd, and nginx
09:11:48 <eoli3n> i use acme-tiny to validate my ssl cert
09:11:58 <eoli3n> this is not workng
09:12:19 <eoli3n> because from the nginx jails, i can't reach my nginx thourgh the outside
09:12:36 <eoli3n> nc -vz 194.163.181.239 80
09:13:06 <eoli3n> from the outside, it works, you can run it at home
09:13:07 <eoli3n> if i open a console with bastille in the nginx jails
09:13:07 <eoli3n> i get connexion refused
09:13:10 <eoli3n> i was firstly thinking about a routing problem
09:13:12 <eoli3n> but
09:13:44 <eoli3n> if i try to send a udp packet to the same ip on port 53, from the jail, it works !
09:13:49 <eoli3n> lets show you
09:15:43 <eoli3n> https://0x0.st/o3JN.txt
09:16:03 <eoli3n> my nginx config is really basic, and i can't see anything in error.log
09:16:24 <eoli3n> from the vps, i can reach the 80 port, on the jail ip
09:16:52 <eoli3n> so the problem is only when redirecting from inside the jail -> internet -> vps -> jail
09:17:09 <eoli3n> desktop -> vps -> jail, with dynamic rdr, is working
09:18:36 <eoli3n> i tried to watch pflog, but i can't see any blocked packet
09:19:03 <eoli3n> on my homeserver, everything is working well
10:01:20 <michelem> Hello folks. Given the current cyber warfare context we are moving more stuff to jail-ification. I was surprised to find so little documentation about "micro-jails" – most material makes you create full system images, which is heavier and less secure
10:03:22 <michelem> I was wondering if anyone is using microjails here (one jail for one specific service – with only the files required by the service itself available)? If so, how do you manage those? Do you use an md(4) image, or create the jail on-the-fly before each start?
10:03:36 <michelem> In the former case, where do you store the md jail images?
10:34:11 <debdrup> eoli3n: sounds like a problem with hairpinning at your provider
10:49:20 <eoli3n> debdrup i don't think so, because i would not be able to reach others ports
10:49:25 <eoli3n> check my paste
10:49:34 <eoli3n> port 2222 and port 53 works from the jail
10:49:39 <eoli3n> that's not a routing or nat problem
10:49:56 <eoli3n> https://0x0.st/o3JN.txt
10:50:15 <debdrup> true
10:50:37 <eoli3n> and, from the VPS itself it works
10:50:55 <eoli3n> another strange thing
10:51:16 <eoli3n> during my test, i failed removing "u" option from vz, and see that i can reach port 80 on udp
10:51:18 <eoli3n> but not tcp
10:51:30 <eoli3n> https://0x0.st/o3yV.txt
10:51:38 <eoli3n> the first command is udp test on port 80
10:51:44 <eoli3n> second one is tcp on port 80
10:55:17 <eoli3n> any idea is welcome, i'm totally lost here
11:06:29 <nimaje> do I understand setting up wine with my own pkg repo correct, I have to build wine and mesa-dri for i386 too, so I have to create a i386 poudriere jail and use ABI in the repo conf?
11:52:56 <sams> how do i start 'glances -w' on boot?
11:55:47 <trench> sams for the user?
11:57:26 <sams> root is fine
11:57:51 <trench> where do you want to start it? in the desktop?
11:58:07 <sams> i need it to execeute that command?
11:58:22 <sams> execute.
11:58:31 <trench> you want to start it after you login to your desktop?=
11:58:43 <sams> no, its a headless device
11:58:49 <sams> shell is fine
11:59:10 <nimaje> seems to be some webserver, so a rc script would be a good idea for that port
11:59:50 <nimaje> see, man rc.subr and man rc
12:00:15 <trench> https://medium.com/nfv-express/installing-glance-on-freebsd-eb03793f18c7
12:00:17 <VimDiesel`> Title: Installing Glance on FreeBSD. In this post I will cover the process… | by Alexander Nusov | NFV Express | Medium
12:01:13 <sams> thanks
12:02:26 <trench> that was something else I think: check here: https://glances.readthedocs.io/en/latest/
12:02:27 <VimDiesel`> Title: Glances — Glances 3.3.0.1 documentation
12:11:40 <sams> i dont need the docs for glances though and there is nothing there to howto on boot
12:12:00 <sams> used to using /etc/rc.local in linux though
13:29:43 <CrtxReavr> FreeBSD supports rc.local, but. . . instances where it's wise to use are rare.
13:29:49 <CrtxReavr> That goes for any OS, really.
13:54:29 <nimaje> just use rc correctly, then that can added to the port too and more people can profit from it
14:34:27 <debdrup> https://docs.freebsd.org/en/articles/rc-scripting/
14:34:29 <VimDiesel`> Title: Practical rc.d scripting in BSD | FreeBSD Documentation Portal
16:24:47 * CrtxReavr builds a custom kernel.
16:24:50 <CrtxReavr> First time in a while.
16:32:22 <la_mettrie> for what purpose?
17:56:28 <CrtxReavr> la_mettrie, building a natd box.
18:03:56 <rtprio> i don't recall that being necessary for nat, unless you're doing it for fun
18:06:59 <CrtxReavr> Well. . . as it happens, I've used natd for a lot of years. . . more than 20, in fact.
18:07:21 <CrtxReavr> Used it in a lot of different environments.
18:08:21 <CrtxReavr> If you look at natd(8), it tells you you need to roll a kernel with IPFIREWALL & IPDIVERT support added.
18:09:03 <CrtxReavr> I actually wrote a guide on natd that got a lot of downloads, when the bulk of FreeBSD's IRC support was on EFnet.
18:10:10 <CrtxReavr> https://trioptimum.com/~crtxreavr/quickanddirtynatd.txt
19:04:59 <parv> Has anyone connected 2-3 multi-bay disk enclosures to use all the bays as one entity connected to a computer? ZFS RAIDZ[23] [cw]ould be made on the disks, either contained within the disks of one enclosure of over multiple ones.
19:06:19 <parv> Correction in the last sentence: either contained within the disks of one enclosure *or*  over multiple ones.
19:08:49 <parv> An example of the enclosure hardware: SuperChassis 826BE1C-R609JBOD, https://www.supermicro.com/en/products/chassis/2u/826/sc826be1c-r609jbod
19:08:51 <VimDiesel`> Title: SC826BE1C-R609JBOD | 2U | Chassis | Products | Supermicro
19:32:49 <Enlil> Anyone able to run FreeBSD on a librebooted T400?
19:33:31 <Enlil> I am having a weird glitch where the install medium is only like using 5% of my screen and dublicated 10 times or something
20:04:48 <NerdyMcNerdface> Anyone seen this before? "bhyve: vm_setup_pptdev_msix: No space left on device" Got it while trying to pass 4 pcie Intel ice network adapters through to a bhyve VM. (Passthrough of 3 NICs works fine, but 4 or more fails.)
20:36:45 <debdrup> CrtxReavr: ipfw can do nat natively? :)
20:40:12 <rtprio> i guess is stopped using natd/ipfw since pf landed
22:21:15 <parv> How important is to have same RAM speed? Need total of 64 GB ECC unbuffered DIMM DDR4 2933 MHz for SuperMicro X12SCA-F motherboard; found Micron one 32 GB 2-rank stick but at 3200 MHz
22:36:59 <Yukiteru> parv: not problem, the ram downclocking at same minor speed
22:40:58 <parv> Yukiteru, That was also my understanding; thanks for the confirmation. My supervisor has been hesistan to buy because Micron web pages "not compatible" with the motherboard (does not list the reason): https://www.crucial.com/memory/server-ddr4/mta18asf4g72az-3g2r
22:40:59 <VimDiesel`> Title: Micron 32GB DDR4-3200 ECC UDIMM 2Rx8 CL22 | MTA18ASF4G72AZ-3G2R | Crucial.com
22:41:51 <parv> s/pages/page says/
22:45:25 <koobs> morn
22:46:17 <parv> s/hesistan/hesitant/ # ugh
22:49:16 <parv> The Micron stick is 2 rank; I could not find "rank" in manual/doc of the motherboard. Does rank affect compatibility in that case?
22:57:17 <NerdyMcNerdface> parv: https://en.wikipedia.org/wiki/Memory_rank
22:57:18 <VimDiesel`> Title: Memory rank - Wikipedia
22:59:13 <NerdyMcNerdface> I'd guess that dual rank works fine. IIRC too many ranks per channel will cause a lower clock speed to be negotiated.
23:01:05 <parv> I suppose then Micron web page spits out compatibility notice by strictly comparing the specification
23:06:35 <parv> Thank you all. Now supervisor could buy any one of non-ECC RAM (~US$ 240), ECC RAM "not compatible" (~US$ 220), or the strictly matching the specification at $500+ 🤷‍♂️
23:11:18 <NerdyMcNerdface> parv: Check the spec sheets for your CPU if you're curious about how many ranks it supports. I think the memory controller on the CPU decides how many ranks per channel is supported. Not the motherboard.
23:12:06 <parv> NerdyMcNerdface, Ah, ok. Checking ...
23:12:12 <NerdyMcNerdface> example: https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/xeon-e3-1200v5-vol-1-datasheet.pdf
23:35:56 <parv> NerdyMcNerdface, Found the one for Xeon W1250-P : https://www.intel.com/content/www/us/en/content-details/615211/10th-generation-intel-core-processors-datasheet-volume-1-of-2.html