07:33:39 <nimaje> hm, as I understand it, fork()/exec()/… are allowed after cap_enter(), is there some way to yield the permission to use those? I'm writing some program that reads a file and writes some stuff to stdout/stderr, it shouldn't be allowed to use fork() or exec()
09:22:43 <mane> Abstract 213 https://wskyx.github.io/2024/08/24/abstract213.html
09:30:18 <petrify> To me as a first-time-reader, the man page of cap_enter() seems a bit ambiguous: "processes may only issue system calls operating on file descriptors or reading limited global system state". If "reading limited global system state" suffices to call fork(), it might be allowed. The following sentence "Future process descendants created with fork(2) [...]" suggests that fork() is allowed, too.
10:01:00 <nimaje> yeah, fork is allowed, but I would like to give up any right to call fork in my process, but I don't see a way for that
10:01:51 <nimaje> mane: was that meant for -social ?
10:02:14 <mane> ah i forgot there is -social channel
10:02:44 <zwr> I guess you can kludge it with a pthread_atfork that calls abort()
10:03:36 <zwr> I'm not very experienced with FreeBSD but I don't know of a POSIX or FreeBSD function that drops the privilege to fork()
10:10:46 <nimaje> I want to use a capability system and give up any capabilities I don't need, even if I had handles for them, not build hacky workarounds, which wouldn't work anyway as not using fork in the code is simple static analysis, so it would be about bugs, where someone does rce and could just use _Fork() instead of fork() and my process could still do stuff I don't need (enumerating badness doesn't
10:10:48 <nimaje> scale)
12:28:17 <jmnbtslsQE> nimaje: a workaround might be to try something like: rctl -a process:$PID:maxproc:deny=0
12:28:48 <jmnbtslsQE> not really what you're looking for though
12:49:56 <vkarlsen> Dear zfs experts, are there any default values I should change when creating a pool and datasets for a puter with a Ryzen 5 5600g in it?
13:02:24 <voy4g3r2> vkarlsen: maybe i could ask the question differently: What type hard storage setup do you have? and what are you trying to achieve? The CPU (especially that size) has little impact on what storage needs you may or may not require.
13:53:12 <last1> so with kern.securelevel=2 you can't even boot ?
13:53:20 <last1> it must be manually adjusted post-boot ?
13:58:07 <yuripv> last1: why do you think so?
14:02:32 <last1> because I tried it
14:02:39 <last1> it fails to boot and drops to single user mode
14:02:47 <last1> says it can't mount the root device
14:31:48 <yuripv> last1: where are you setting securelevel?  proper way is using rc.conf, kern_securelevel/kern_securelevel_enable
14:48:52 <bleb> I see there is a port of signal-cli
14:49:49 <bleb> can anyone testify that it actually works on freebsd, and that it lets you register and use signal without linking an ios/android device?
14:59:53 <last1> I was doing it in /etc/sysctl.conf
15:00:01 <last1> maybe that's why. oops
15:09:39 <yuripv> last1: sysctl.conf is still way after mounting root, are you sure you don't have it set in loader.conf?
15:20:07 <last1> yuri: absolutely
15:20:09 <last1> you can test if you want
15:26:05 <yuripv> I believe you, probably remounting root rw
15:33:54 <vkarlsen> voy4g3r2: I'm wondering if there are any algorithms for checksumming or compression that that cpu is particularly good or bad at
15:34:26 <dvl> Every wondered how old the package repos are? https://dev.freshports.org/--/package-imports.php?sort=name ... or https://dev.freshports.org/--/package-imports.php?sort=date - coming soon to prod.
15:45:33 <last1> yuri: I can confirm that with the setting in rc.conf it boots fine
16:23:54 <voy4g3r2> vkarlsen: as in compression algorithms? like lz4 vs gzip?
16:24:16 <voy4g3r2> unless you are having a large user base.. i think it would be a small impact.. i think the bigger impact (potential is deduping)
16:25:04 <voy4g3r2> i have personally have been setting lz4 compression on my datasets but my volume is only 2-3TB of data.. and it is just me streaming music and backing up various machines at my house.. enterprise level, iw ould default to better experts than me.. my experience and judgement is ancedotal.. with a small user base
16:25:22 <voy4g3r2> and my server is just an i3 with 32 gig of ram
16:26:05 <nimaje> afaik anything you would use for checksumming should be faster than IO at most cpus, so it is basically free
16:26:28 <voy4g3r2> that is also how i see it
16:26:58 <voy4g3r2> it would be more.. what are the speed of the drives and channels.. old school spin drivee (5400, 7200, 10k) ssd, blah blah
17:03:52 <debdrup> vkarlsen: does it have SHA512 via aesni(4)?
17:05:03 <debdrup> I can't remember which CPUs do, but if it does, you could test sha512 checksumming offloaded via aesni(4).
17:05:58 <debdrup> Sorry, technically speaking, it's SHA512/256.
19:33:21 <vkarlsen> debdrup: I'm trying to find out
19:33:38 <debdrup> vkarlsen: /var/run/dmesg.boot should tell you
19:34:02 <vkarlsen> debdrup: I don't have it yet, it's in the mail :)
19:34:21 <vkarlsen> https://www.techpowerup.com/cpu-specs/ryzen-5-5600g.c2471 says it has "features: SHA and AES"
19:34:22 <debdrup> vkarlsen: that does make it a little difficult to get a dmesg from it, admittedly.
19:36:35 <debdrup> vkarlsen: a Ryzen 9 doesn't appear to have it according to https://dmesgd.nycbug.org/index.cgi?do=view&id=7839 - so I'm guessing not.
19:38:06 <vkarlsen> Another machine here has the following in dmesg.boot: aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS,SHA1,SHA256>. It has a different cpu, but I take it this is what I should look for?
19:38:08 <nimaje> don't forget to submit to dmesgd https://dmesgd.nycbug.org/index.cgi
19:40:02 <vkarlsen> nimaje: Oh, that's neat
19:49:39 <SNAX_74> Anyone successful in using a USB BLUETOOTH DEVICE ON FREEBSD ?
20:05:37 <vkarlsen> I found a few 5600x (should be close enough) on dmesgd, and they have aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS,SHA1,SHA256>
20:07:24 <vkarlsen> I'll submit some of my dmesg.boots later