i make /etc/devfs.conf why does sudo pw groupadd -n network -m logg error that m is illegal option? man page shows it

it's just how to add a user to a group

oh -m is just for groupmod

why isn't my devfs.conf for /dev/bpf* working pls? termbin.com/swpp the groups should be network but they're wheel?

I don't think you can glob match in devfs.conf?

frfr?

If you want to use glob match you need devfs.rules

can i use that in a jail?

jail host devfs.rules has add path 'bpf*' unhide, so what would the jail devfs.rules have to apply those same rules?

mode ... user ... group ... ?

ok then set in rc.conf with devfs_system_ruleset="localrules" man page says ty i'll try it!

ok i think i'm doing it right but why are the perms of /dev/bpf* still root:wheel? termbin.com/pxua

should be root:network

anyone know?

oh this is in a jail?

Just do it on the host

i need the jail to be completly independent from jail host

i don't wanna mix configs

How are you starting the jail?

from the jail host

You have a devfs_ruleset in your jail.conf for the jail?

jail_name { devfs_ruleset=<number> ... } ?

I guess 10 in this case?

does that show the info you want?

No idea. I've only done devfs where the config is on the host and in ezjail.

there has to be a way

so then in a jail, what's the right way to allow a regular user access to /dev/bpf so it can run tcpdump?

skered cgit.freebsd.org/ports/tree/net/wireshark/pkg-message seems you /can/ use bpf* in devfs.conf?

Title: pkg-message « wireshark « net - ports - FreeBSD ports tree

network general packet sniffer.. the sniffer

en.wikipedia.org/wiki/Sniffer_(protocol_analyzer) why a jail?

Title: Sniffer (protocol analyzer) - Wikipedia

why what?

why you putting the tcpdump/sniffer/wireshark foo in a jail?

polyex: yes, devfs.conf is processed in /etc/rc.d/devfs; the device field is generally open to whatever shell globbing you can come up with

kevans i can't get it to work either by modifying the jail's devfs.conf OR devfs.rules. termbin.com/hl75, termbin.com/0x75

what's the right way to allow an unprivileged user in a jail access to bpf so it can run tcpdump?

it's a vnet jail fwiw

so they can sniff their chroot jail..swell

devfs_system_ruleset isn't used in a jail

so what's the solution?

my end goal is to put pf block/allow loggings into syslog. this is the only way i've found

i can get it working if it's running as jail's root but i'd rather it not use the root

tcpdump -> logger

it wouldn't be unreasonable to throw it in the host's devfs.rules

hmm

maybe the group doesn't exist

i'd prefer to keep jail's self-contained as much as possible

network?

pw group show network shows it

also shows my logg user in it

oh, no idea- I closed those tabs eons ago now :-)

I'd probably just shove it in /etc/rc.local, then

shove what?

I can't think of a clean solution here

vnet network traffic within the jail is isolated from the host system and other jails..so your jail needs this ?

ownership change

am i the only person that wants a jail to be able to run tcpdump?

nah, it's a reasonable task

what's the normal clean way?

normally you'd do it in devfs.rules, but that rc script is tagged nojail entirely

so i'd definitely NOT do it in devfs.conf?

yeah

I wonder how much of an ideot would it be to set up a directory which symlinks everything in $PATH to it and runs on a cron job

idea*

polyex: and devfs.rules are provided by the jail's parent and immutable to the jail, so that's out

kevans so you're saying the cleanest solution is put chgrp and other things into rc.local. ill try that now

that generally leaves you with... something that runs at startup, e.g., rc.local

yeah

well, I wouldn't claim 'cleanest', no

It's the cleanest that I can see at the moment, and generally easy to do

ok so i added the cgit.freebsd.org/ports/tree/net/wireshark/pkg-message chgrp chmod chmod to rc.local. i start the jail back up and /dev/bpf* perms are...

Title: pkg-message « wireshark « net - ports - FreeBSD ports tree

for /dev/bpf it's crw-rw---- root:network, /dev/bpf0 -> bpf is lrwxr-xr-x root:wheel

is that good?

umask 0660 foo...you put in earlier...

what?

exactly

perm bpf* 0660

a umask

do that in rc.local or?

Title: umask - Wikipedia

cgit.freebsd.org/ports/tree/net/wireshark/pkg-message that link you posted

Title: pkg-message « wireshark « net - ports - FreeBSD ports tree

ok seems to be working

yes it's working!! tyvm kevans you are my hero

i want to hold your hand and look into your eyes and thank you

if you go to bsdcan you can send a beer in my direction =-)

what kinda beer you like best?

ipa or dark ale or?

the drinkable kind, in general

i like experimenting

we could do all kinds of experimenting together

so bpf in a jail can sniff the jail host and other jails traffic? i thought vnet gave each jail a separate network stack

cut copy pastw computing, doesnt really work well in the end

cut copy paste computing, doesnt really work well in the end

bridge epair perhaps

plent of bind/sendmail cut/copy/paste computing...using a computer and not understanding anything

dangerous computing, risk digest

Title: Jails - FreeBSD Wiki

Title: MasonLoringBliss/JailsEpair - FreeBSD Wiki

Hi folks. I run FreeBSD 13.2 as a guest of Linux KVM and found the virtio pci devices not use MSI but legacy pin based irq, is this expected? Thanks.

Hello guys, off top, anyone else experience issues with ddg search ?

here is the error: "We're currently experiencing an issue with DuckDuckGo Search. Thanks for your patience while we get our ducks in a row.

In the meantime, you can use other search engines right here by using "bangs":"

ddg backend to bing and that is suffering some issues apparently: theregister.com/2024/05/23/bing_and_copilot_fall_from

Title: Bing and Copilot fall from the clouds • The Register

yeah, noticed it today. moved to startpage for now

:(

From that article "Bing's downtime meant that DuckDuckGo, which uses Bing as a search results source, was also down"

never used startpage

what about privacy things on startpage?

dunno, didn't look too far into it. it seemed mostly acceptable when it comes to the stuff it was showing me, so i'll just stick with it until bing is operational again

thank you guys for quick replies

so, if i want to launch a single process from the CLI, but i want to make sure it can't use networking, is that possible? i don't want to setup a jail.

Demosthenex: In my case, I have a dedicated user for that, with a pf rule to block all network activity from that user

ooo. tsocks!

it literally takes just a single line in pf.conf:

block all user disconnected_guy

(of course, using your username of choice)

yeah, but $$ tsocks myapp is much easier

and i want x11

hm, casper seems like what you want, but I have no idea where you can find it bsdcan.org/2016/schedule/events/661.en.html

Title: BSDCan2016: Capsicum and Casper

nimaje: a ldpreload like tsocks was enough for me ;]

lithio

hi all

If I observe a bug / incorrect behavior in a program, would it be rude to email the maintainer and offer to help?

I see that there is a FreeBSD bugzilla, but other than just report the bug, I'd want to offer to research / proopse a fix

And lastly, if someone is listed as the "Maintained by:" field on ports.freebsd.org, would the "artifacts" they maintain also correlate to the binary package of the same name?

Steeve: You can do that in bugzilla. If you label the PR properly, the maintainer will be notified. Then, you can propose fixes, provide patches, make suggestions, etc... all in bugzilla as well. It's meant to be used as a collaboration tool.

For the last bit, yes. The packages are also maintained (not built/provided by) the port maintainer.

Great, thank you

You're welcome.

Hello here

FreeBSD is fully working on rpi3 ?

i can't see linux and systemd anymore :)

Wifi is not working on rpi3

arg

well i'm waiting more :)

learning linux :p

I think the rpi wifi support is heavily dependent on the firmware, right? It won't happen until the firmware supports FreeBSD.

i thought there was pi info on the wiki

trying to make a rc.d service but even tho it runs it doesn't return when i type service logg start. just sits there Starting logg... forever termbin.com/k4y9 but i'm using daemon to run it so what i'm doing wrong?

cmd piped into itself? reading on mobile is tough, but that looks weird/recursive

i'm trying to just make sure it's always running

it's how i'm piping pf log events into syslog

if i'm doing it wrong how should i do it?

ah that's a new line

my fault

know why it doesn't return?

perhaps running with -x will point to the issue. verbose of course

where scoobybejesus?

In the rc script put in "set -x" and then run it and see where it is hanging.

The -x will emit tracing print to stderr an echo print for every command executed.

hm well i ran that and a bunch of stuff outputted but duno

i feel like there's gotta be an easier way to make it return