there anything wrong with running sshd in a jail and having ppl ssh right into jails then into the host system then jexec on the jail?

nothing wrong with sshd on the jail

allowing access to the host and letting people jexec is probably the worst method of access

ya thought so

i guess an sshd for each jail isn't too hard on ram?

no

anyone make a loop() {} script to make nested jails with basic usability like you can ssh into it and see how deep you can recurse?

like imagine 1000 jails each within the jail before it

and at the top there's just 1 root jail

A worm-hole, man!

The universe as we know it would be fundamentally altered by such setups.

then what if you backed a virtual FS built on a tree of jails each dedicated to an API service for 1 dir or file

might be a good acid test for the jail feature

YOu mean a test while on acid?

prolly

why

can I have some help. My laptop with FreeBSD 14 only suspends if you close the lid and open it again, instead of lid close

if you just close the lid the laptop stays on

Levovo Thinkpad T430

Is that the same as/similar to the T430s? If so, see "Tweaks" in wiki.freebsd.org/Laptops/Thinkpad_T430s.

no the s is a different laptop

Then I don't know.

alepzi: in case you were still on the fence about it, attaching to a jail is a privileged operation

you would want to wrap jexec into something palatable for sudo/doas grant

I think there's a setuid jexec program in ports too.

Yeah, jailme. Updated 10 years ago.

i'll just put sshd in each jail

ty!!

I had to set mpv.conf's vo=xv because it's default (GPU) while it would work it would take over the whole screen including my window manager and the keyboard would not work until the video stopped playing. even trying to switch VTs would not work.

mpv complains that the xv vo is slow, buggy, and blurry. It's true the overlay is blurry with xv

and that i should use something else

is there a better solution?

i tried using vo=vaapi but that doesn't seem to work at all

[vo/xv] Warning: this legacy VO has bad quality and performance, and will in particular result in blurry OSD and subtitles. You should fix your graphics drivers, or not force the xv VO.

skered: ideally one would write a MAC module instead, but configuration is hard

actually with jailfd coming down the pipe you could conceivably do it all in userspace depending on how they are designed

yeah, looks like jaildescs maintain the creds of the thread that created them

so you could conceivably write a jaild that can hand out jail descriptors that allow some privileged operations

what's the minimum system requirements for building freebsd?

(aka: RAM. how much RAM.)

iirc you need at least 1 or 2 GB or so to get past the googletest build

very template much fuckery

you almost certainly want more memory than that so you can use make -j though, otherwise the build will be very slow. higher -j = higher memory requirement

This host I just logged into has a motd file wider than 80 columns.

What kind of sociopath does that?

CrtxReavr: there are even people posting to freebsd.org mailing lists nowadays with lines longer than 72 columns

what happened to etiquette?!

When I write code, I always limit it 79 columns.

I often get asked why and I tell them it's cause I've had to hack code on a server console in a freezing datacenter too many times not to.

CrtxReavr: 132 column terminals exist if i remember correctly...

funnily enough, i found that on a modern 27" display, in an IDE, 80 columns is about the right width to display two editor views on the same monitor

lw: at 200% scaling?

flatrute: 4K, 150%

flatrute, sure. . . but so many things default to 80 columns.

lw: wayland?

flatrute: Windows. i don't use an IDE on Unix

Under normal circumstances, the only thing you use a server console for is getting it on the network, so spending time to get it to 132 columns is silly.

I dont' care how big you make your terminal.

But sysadmin's shoulds always assume 80 has a default for things to be readable.

CrtxReavr: i code in ada

You're a dentist?

CrtxReavr: nah just a student working too much with VHDL

and i used to code in pascal for years

When I took CS-105 at wsu.edu in summer '91, it was "Intro to Pascal."

They very next term it switche to "Into to C."

(Which would have actually been useful.)

CrtxReavr: standard pascal does not have an equivalent to `#include' or any sort of external libraries (they are all extensions from compiler vendors like borland)

pascal was made as a teaching tool, modula was made as the real programming language

Modula's based on Pascal?

yes

I was un-aware.

wirth has made 3 languages, pascal, modula and oberon

'Course. . . to me, Modula is just a dependancy for other things.

everything else, he refers to as a dialect

amazingly enough, oberon is the only one he implemented an entire OS in

its not like modula is in use, I know the folks in #modula were reimplementing modula2 for gcc but I don't think they got very far

nmz: i mean ada exists...

flatrute: ?

nmz: nevermind

hehe

oh, btw, I tried installing alire and couldn't

when I wanted to learn ada.

nmz: you built devel/alire manually or something?

nope, couldn't. I'll try again

is it possible to have zpool show me the size in integer instead of 17.9G or 1.2T?

meena: zpool list -p?

nice, thank you

anyone know if you set up a jail with no /etc/localtime, does it default to UTC or the jail host's tz? and is that tested on freebsd 13 or 14?

i would expect it would be utc, but i haven't tested it

should be utc

alepzi, If there is no /etc/localtime then it defaults to UTC. Which you can verify yourself with a very easy experiment. Test that time is in local tz "date -R". Then move /etc/localtime out of the way. Test again "date -R" and verify that time is in UTC.

afaik the kernel hasn't really tracked timezone information in years, so there's not actually a notion of 'host timezone' and it's all in userland

how do i set up a jail in a scripted bsdinstall? so installerconfig is running then i get to the point i want to run service jail start testjail, but it can't because the jail config doesn't expect the /mnt/* on paths during bsdinstall

Zoneminder wants BSD twitter.com/zoneminder/status/17785…89493?t=Pd5hm57lVojyGeXIW2awiQ&s=08

very cool

bsd physical sec appliance hype

The only sane time for the kernel is UTC. But /etc/localtime is for userland such as "date". Because we live on a rotating ball with moving daylight.

ya

how does pkg install work in installerconfig of a scripted bsdinstall if /mnt/ is needed for every path?

alepzi, Remind me again why you must do a scripted bsdinstall rather than simply untar a template image? It's really much simpler to just untar an image than to run through the installer each and every time.

the manpage explains this

scripted bsdinstall to set up a machine, and the machine in this case has some jails. so i need to do stuff like installing packages into the jail, can't just make that all file based

"optional second part is a shell script run under chroot(8) in the newly installed system before bsdinstall exits."

have to do some interactivity

i.e. shouldn't need /mnt, no

to run service jail start testjail?

Re: "can't just make that all file based"... Hmm... Why not? I can only think... Works for me. (shrug)

you do pkg install to a file path then copy all those files into an install?

Yes.

In the end at boot time everything is just files on disk.

The strongest argument against doing the template thing is that it's a snapshop. Not live. Not live means that it needs its own process for being updated. Or the image after booting needs to be upgraded. I chose to upgrade immediately after the first boot.

Whereas the install image is always alive and always gets the latest.

kevans: don't need /mnt for what, starting the jail? the jail's config has a path= in it that doesn't include the /mnt part needed during scripted install

alepzi: why do you think you need /mnt

the excerpt I quoted says it's all run in a chroot

kevans: because in installerconfig when i go to start the jail with service jail start testjail it fails /usr/local/jail/testjail/dev no such file or dir. but after installer exits and it reboots then that works

there's a zfs altroot during the setup script

"/mnt"

alepzi: I don't see how unless you've somehow written your script wrong, we would need to see that

looking at the source, it's clearly executed inside of the chroot

so you're saying zpool get altroot in an installerconfig shouldn't have a "/mnt" value?

zpool get probably shouldn't work if you've written your script right

why not?

because I don't see anywhere we mount /dev inside

what's that mean?

zpool and zfs both need /dev/zfs

in any event, I'll be over here doing something unless you're willing to post at least a redacted version of your script

is there anything i can run in the setup part of installerconfig to gather some useful info for us figuring out what's goin on?

kevans: termbin.com/y275

script seems fine, interesting

a-ha

oh nope, that would have been fine

cgit.freebsd.org/src/tree/usr.sbin/bsdinstall/scripts/script#n166 is specifically where your script runs

Title: script « scripts « bsdinstall « usr.sbin - src - FreeBSD source tree

so is BSDINSTALL_CHROOT shit, or?

the above awk to physically split it looks fine to me

alepzi: maybe do an ls -l $TMPDIR/bsdinstall-install* and maybe cat same, see what falls out?