Hi!, I have PostgreSql running on a jail (port 5432), then from another jail I cannot connect, not even telnet ip_of_postgresql_jail 5432.

both are on the same network and postgresql allows connections from *

From the jail I can ping the postgresql IP (the same as the host)

both have allow.raw_sockets and allow.sysvipc=1

i got a rc.d script that uses daemon to keep a bin running. 'service mybin start' works, 'service mybin status' identifies the daemon pid. 'service mybin stop' works. but if i make mybin's config file have an error and it crashes on start, 'service mybin stop' doesn't work.

it keeps waiting on daemon's pid and hangs. meanwhile in mybin's log file i can see it keeps being started (by daemon) and erroring out. any way to improve this? why doesn't daemon see that it's had 'service mybin stop' called and not try to restart mybin?

Hmm, ok. So I "seem" to have gotten mozjemalloc compiling on FreeBSD. At the very least, I have mozjemalloc.o. Trying to figure out how best to proceed from here.

Doing this because I like Firefox, but my biggest gripe with it is the amount of memory it chews up. Saw in the port message that it doesn't use mozjemalloc, which is supposed to use less memory.

What is mozjemalloc?

So I did `make extract patch`, copied out WRKSRC, and started looking through the source.

I have it compiling successfully now. Wondering how best to build firefox with it. I guess I could just create the appropriate files/patch-* files for it and build the port, but wondering if anyone else here has any experience or input on the subject.

JustBleedFan: Custom memory allocator by Mozilla that is based on jemalloc.

You would think that because it's based on jemalloc that it should compile easily on FreeBSD, though a lot of the failures were due to the build system (I think).

I never heard of it. I do love Firefox though. I'm new to BSD anyway. Never compiled anything in my life.

I have about 90 tabs open in Firefox constantly so my computer uses a lot of memory all the time.

Firefox on FreeBSD is terrible about memory usage when compared to the Windows build.

Auto Tab Discard is a good extension to help mitigate that, but I'd like to see if mozjemalloc makes a big difference.

My experience is Linux mostly after years of Windows use. It's definitely better on Linux than it was on Windows.

firefox/chrome in 4GB ram vm, chrome is the pig

but yeah jemalloc.net you would think on fbsd

Title: jemalloc

imgur.com/QPd1N8e pigs one and all

i've been having an issue with mozjemalloc

too

but with a fork of firefox

i don't think mozjemalloc is anything special but an old version of jemalloc included in firefox source

it's mainly used because gnumalloc is slow

It's supposed to be more secure. There's a long discussion about it.

however, i can't compile it on freebsd yet because apparently the source code implements it's own malloc shim for the purposes of telemtry

it does this by overriding c++ std:: which breaks a lot of things

_xor, where?

I have to find the link, I'm pretty sure I saved it somewhere.

Title: [tor-dev] TBB Memory Allocator choice fingerprint implications

heh LD_PRELOAD

heh torproject had wayland binding when mozilla firefox didnt, had to ld_preload those abort ()

mozilla firefox no wayland, torproject same mozilla but with wayland foo..this was like 2 years ago i want to say.

termbin.com/n163 has to do that for like 2years

just for tor

old xorg well tough, tor browser basically

onion router to nsa exit nodes..thats tor/torbrowser. haha

torbrowser had wayland bindings before mozilla firefox did, for some reason..guess they are cutting edge.

i've had exit nodes try to force down to http on the first request

yeah same..

tor-new-circuit try again

i got firefox and chrome proxy thru tor if i want

also torbrowser..but meh

just keep in mind that a browser with javascript or cookies enabled completely defeats the purpose of tor, as you'll be very easily tracked

(same goes for normal VPNs, they don't magically "make your data secure")

nah, first launch each time

like user just installed it

screen size, fonts, ram, os ..fingerprinting

immutable ram-os is nice rm -rf stuff..means nothing to me

when i launch firefox/chrome/torbrowser, its first time each time..no saved anything...

i dont have bookmarks.html with timestamps

my vmware vm's same deal rm -rf them..just barebones stupid foo...steal my laptop evil maid

.ca stole my laptop in like 2008 at border crossing..never returned it... encrypted drives

truecrypt/veracrypt been audited twice now

oh canada!

seperate the os from the data

Is there way to view per interface routing tables or do whatever is the equivalent on freebsd of `ip route get someup dev somedev`? or is that not a thing on bsd?

pie_: like netstat -r you mean?

Title: Chapter 34. Advanced Networking | FreeBSD Documentation Portal

_xor: you think that's bad? my firefox just immediately crashes when I open it

I've lost my profiles as well, switch to chrome, but unfortunately it can't import from the profile itself

pie_: route(8) has "get" command

Hello. I'm currently trying to resurrect supertux's build on freebsd. Unfortunately, we're currently having issues during the linker stage. It can't find -lSDL2_image and -lSDL2. However, we install both packages using `pkg install`. Any idea?

Tobbi: pkg search supertux turns up 2 builds already. perhaps you can look at the ports tree to see what it does?

Oh sure. Any build logs?

Tobbi: ¯\_(ツ)_/¯, you could try to clone the ports tree and build it yourself to see what it does

Ah, I found an online git repo.

I may need to provide the library path on the cmake lists command line

Anyway, the thing is, dstolfa that apparently, freebsd uses a custom makefile which somehow calls cmake.

And IDK how it works.

It has like USES_SDL=<list of libraries>

download.freebsd.org directs me to ftp0.sjb.freebsd.org and it's very slow

any way for a bin in a jail to bind to a low port (80) without being superuser?

trying to use the portacl-rc pkg but it's not working

i have mac_portacl kernel mod loaded in jail host

polyex: have you tried forwarding that traffic using 'pf' from the lower port to a higher port that the bin can bind to without superuser access?

no i don't wanna do it like that

why not?

pf isn't as difficult to configure as it might seem on first glance

I find it a lot easier than Linux firewalls (iptables / nftables)

that's a workaround for letting a user bind a bin to a lower port. that's what mac_portacl stuff is for

there is a sysctl setting to allow lower port binding by non-root users (net.inet.ip.portrange.reservedhigh), but it affects the entire jail and could lead to security issues later on if not monitored or changed back when not needed

ya i don't wanna use that either. i wanna use mac_portacl. for that exact reason

have you loaded the mac_portacl module, including loader.conf, and added the necessary format in sysctl using the "idtype:id:protocol:port" format?

i did everything in github.com/Freaky/portacl-rc README

but portacl-rc still can't start in the jail

is the 'uid' correct for the jailed user?

ok got to bottom of it. sadly mac_portacl isn't virtualized per-jail. it can only be set in the jail host and it applies to all jails. really sucks

can't imagine mac_portacl not being per-vimage jail

polyex: I could have sworn I documented that, but maybe it was just in www/caddy

mind putting it on the README somewhere that it's not for jails or smth?

and bigger issue, when and how can we get mac_portacl support per-vimage jail? that would be killer for sec

btw no "jail" in man page too fwiw

the sysctl is virtualized if you use vnet iirc

what?

wiki.freebsd.org/ThomasHurst/Caddy ah there

Title: ThomasHurst/Caddy - FreeBSD Wiki

that's convoluted. is that saying to put the mac_portacl rule for the jail, in the host?

how it should work is jail host makes sure mac_portacl is loaded, then in jail set up everything else including running the portacl-rc stuff, so jails have their own security.mac.portacl.*

so they can set and have their own security.mac.portacl.rules

any way we can make that happen Freaky?

polyex: this code is not vnet aware

but instead you can use firewall in the jail

it should be vnet aware tho is what i'm saying

is it like super hard or ?

if you want mac_portacl to become vnet aware, then it needs patch

if i have several packages that are currently installed, but lost the .pkg file (and it's no longer in ports), is it possible to ... rebuild the .pkg from my installation?

(sadly it's not in /var/cache/pkg either)

i suppose a hacky way might just be to tar up the output of pkg info -l..

mzar know how hard it might be?

wcarson: pkg help create

oh neat

oh man, that's so simple!

polyex: I have no great insight, but I wouldn't have thought it would be that difficult, mostly just changing the globals/sysctl defs to their VNET equivalents

Not sure where/how to submit this, but I have a 14 host running a behyve 15 that runs poudriere. The 14 runs poudriere for everything <= 14, and the 15 runs poudriere for 15 (obvs).

the vm mounts /usr/local/poudriere and friends from the host. This is so the output of poudriere for 15 is put together with 14.

During this, after only a few hours, I get a lock order reversal of nfs vs. bufwait followed immediately by nfsupg and bufwait

... then I get a pile of "fieid changed" errors from the vm.

... and then I need to reboot the VM to keep running poudriere.

bug?

IIRC, any lock order reversal is a bug. Dunno about the rest.

well... there are LORs to ignore. This one is a tripple, tho.

which component is supposed to create /dev/bluetooth/<devicename> device nodes?

i must be going crazy, once a person does zfs set quota=1024G <zfs dataset> how do you remove that quota? the zfs-set and zfs man pages only give examples of enabling but i do not see how to unenable this quota

voy4g3r2: can you just set it to 'none'? Thats the default I think.