man 4 capsicum but you'd have to design your entire application around that model, so I'm not sure it is that portable, it is quite challenging to write capsicum software (compared to pledge & unveil from OpenBSD)

Thanks, gonna check it out. I think the portble part is a bit messy. Basically developers will run stuff without sandboxing on other OS's , and forking the simulation processes from the manager, but for deployment the simulation processes should de-privilegie themselves as much as possible (hence my #ifdef comment.. the deployed version can behave

differently on the deployed server whilst there isn't as much need on dev-machines).

o0x1eef: Thank you! Loving the "default-deny-everything" thinking so it feels like a good option, capsicum does impose some constraints but simulation code was designed to be contained (Wasm sandboxes within the host has been on the table) so adapting by adding a "capsicum mode" with subprocesses should be doable without too much headache compared

to other drawbacks for the other options.

why dsbmc show no partitions?

Was gdb removed from the kernel for remote debugging?

I really want to figure out how to build custom kernel packages properly but it is still eluding me hmm

and I seriously do not want to buildworld for this

Folks, pkgbase jails are amazing

You basically copy the pkg keys to the right place and run pkg -r /jail/path install FreeBSD-set-minimal... and that's very nearly it. Slightly less hassle than digging out a base.tgz

zip: I used bsdinstall to create a template in a zfs dataset then just `zfs send` that template for new jails

it's a lot more convenient than manually dealing with distribution sets

`bsdinstall jail /dest/jail/dir`

cool. i yanked the old pool out and have to relabel the zfs partitions.. wish me luck lol

Macer: good luck.

Remilia: oh neat!

It seems to be working.

I tested it on 2 drives and reboot to make sure the labels stick in the pool.

Worst case is it would revert to the daX devices (I think).

I’ve done 7 of 14 and wrote this up because there doesn’t seem to be definitive documentation on how to do this. crazy.macer.life/swap-gpt-labels-for-zfs

Macer: Let me guess? zfs got confused and mounted a swap partition as part of a zpool? I had that happen. Now it's labels, not /dev/ada0p1 (for example)

I just learned "gpart restore -F da5 da6 da7 da8 da9" <--- multiple drives. good.

I also didn't know about `zpool set path` - thanks Macer

no. i'm just moving them around and have them labeled so i know where they are

but zfs shouldn't mount a swap partition if it's not a zfs partition or part of the pool

afaik zfs tags what is part of a pool

Macer: I did have a zpool mucked up after moving drives around, the zpool definition was not using labels.

that's odd. like i said it shouldn't matter what /dev/daX it uses

zfs tags them so if they move around that doesn't happen

just for that reason

I'm rebooting now and crossing my fingers. Hopefully it all worked out. I just renamed 16 labels (x2 for swap partitions i never even use)

best thing i ever did was set up ipmi sol lol

SUCCESS!

now i have 20 empty bays to expand with :)

onto the next thing. seeing if i can manage to install the old disks in another server and use ipmi to turn it on... zfs send backups... then turn it off :)

Macer: Yes, it should not matter. I'm talking about swap, not ZFS. which uses entries in /etc/fstab ....

Macer: Entries without labels.... like /dev/ada0p1

hmm how do I slim down a jail after pkgbasify

because it just... adds 2 GB to each jail

Remilia: just a guess, pkg delete

Remilia: Guessing, did it go into /var/cache/pkg ?

rtprio: The following package(s) are locked or vital and may not be removed:

dvl: no it installs kernels/src/tests in my jails

I do not think I need /usr/src in jails

Remilia: even.. bluetooth. clang? *lib32* ?

no I am fine with clang

and lib32 is not there thankfully

Remilia: FreeBSD-tests* ?

rtprio: that too

I think I will just have to re-do my jails

and what you need to do

rtprio: creating a brand new jail dataset with minimal-jail set in it and installing the same software gives me 269 MB used

i didn't `minimal-jail` set was a thing

it seems to lack jail-related stuff

and only has 60 FreeBSD- packages

the pkgbasify jails have 216

i need to redo my VMs too

rtprio: btw I stand corrected, I forgot to include -jail for radio and the difference is a further 18 packages

minimal-jail is: The following 42 package(s) will be affected (of 0 checked):

just 42

but that stuff is *extremely* minimal huh, not even a shell

wait I am an idiot, no csh, sh is there

oh good, just the way i like it

yeaahhh

136 MB for minimal-jail

(with nothing else)

now I need to migrate data and configration of 19 jails to new ones :|

cya

I get a kick out of how some of this Linux distros manage to fuck up the hosts line in their /etc/nsswitch.conf.

hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns

3

wow

this using pkg to upgrade freebsd...

i'm at a loss here just reading how to do it from the handbook :)

probably need an easier command like pkg upgrade-os

either way. i was considering reinstalling anyways and just keeping it with freebsd-update. i'll cross the pkg bridge when i get to it.

make installkernel KERNCONF=mine

then make installworld

enough

well. i just use freebsd-update fetch then install for minor updates.. seems to do the trick quite well... i'm looking at the pkgbase instructions like ... wth?

hopefully this isn't something that's going to be done in the near future because i'm scratching my head thinking it still has some ways to go

use git and compile using /etc/make.conf optim

i'm not too fond of "the gentoo way" lol

i'd rather use bins

using fast yum (fast startup) in FreeBSD-CURRENT

i was just playing with that server anyways. i'm going to just re-install using 15-RELEASE.. it's running stable .. at the time i figured it was going to be the new thing so i decided to choose it but now i'm sort of regretting it because the instructions are confusing.

that's going to take some muscle memory and abandoned blogs for me to sort out

I used to run -stable but converted to RELEASE later

i am probably going to go crazy but will ask anyway.. I am looking at vmstat and systat to see why i am using 32 gigs of swap and only 2.3gig out of 64 gig of ram. Would anyone know of a good tutorial/space that would help me understand it?

what i am reading and what is being shown.. says this is "normal" but i am just lost.. especially when btop is only showing 2.3 gig out of 64 gig of RAM. One would expect the RAM to be much higher THEN a swap of 32 gig out of 32 gig... neo4j is peaking a CPU which i think is the swap issue

When updating from 14.3 to 15.0 my machine is in the .so twilight zone as I rebuild packages on poudriere.

also ipfw reports ipfw_ctl3 invalid option. Result: no network until I disabled ipfw

hm. that's kind of odd. i can ping locally but can't seem to get out the network

I think the varnish7 port could use a dep on FreeBSD-clibs-dev hmm

(and clang if that is not implied)

oh .. guess a reboot fixed that. weird. i guess swapping off the interface and turning it into a lagg maybe

mariuss: that is exactly why I run poudriere in a VM on my home PC rather than on the server that uses its packages

can build everything beforehand

Remilia: The machine running poudriere has first to be updated. You can't run poudriere for a newer OS than what that machine itself is running.

mariuss: that's the point of running it in a VM on a system that does not depend on it?

or just on a completely separate machine

I don't understand your point

my poudriere Hyper-V VM does not need itself to be updated, it uses poudriere-devel from FreeBSD-ports

I don't have a machine with the same type of hardware to run a VM. Other than my FreeBSD servers everything else is Apple hardware.

No worries, poudriere is grinding away. Once it's done everything should resolve itself.

this time it's my server (not daily drivers) and with a major release (15) things are looking better using packeges and the installer (from scratch, 8TB drive), but I STILL do not like chasing moving targets on packages. I want source and ports to be as close as possible t what is installed. "old school" I guess...

thinking of VM's - I am using VirtualBox ut with a physical hard drive. This is the 2nd time I've rebuilt my server in a VM like this. I did run into problems with rsync, the VB NAT interface sometimes causes rsync to suddenly drop out and klikk a transfer. Grok suggested using bridged mode for the interface, not NAT - this resolved it. Not sure if that helps eith Poudriere in a VM ut if there are file transfer

issues maybe...?

[old eyes cannot see while typing... stupid keyboard]

I imagined you installing your first kernel by flipping bits on the front panel

shbrngdo: For me, pkg, poudriere, and zfs have done volumes to improve my sysadmin tasks.

Remilia: i don't even know why i did it. i know 15 wasn't out yet. i was just tinkering. i re-installed RELEASE on it

i also learned that if a slog disappears on a pool then it won't import lol

i just put the platters in and tried to import it. didn't work because slog drives were out

i figured if the slog wound up missing after export/import then it would just drop them off and still import or at least give the option