git: 2f4538bc20 - main - Status/2024Q3/service-jails.adoc: Add report

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Lorenzo Salvadore <salvadore_at_FreeBSD.org>
Date: Thu, 10 Oct 2024 13:51:58 UTC
The branch main has been updated by salvadore:

URL: https://cgit.FreeBSD.org/doc/commit/?id=2f4538bc20ff736aeb17c592d3836a03ae83c96b

commit 2f4538bc20ff736aeb17c592d3836a03ae83c96b
Author:     Alexander Leidinger <netchild@FreeBSD.org>
AuthorDate: 2024-10-10 13:38:50 +0000
Commit:     Lorenzo Salvadore <salvadore@FreeBSD.org>
CommitDate: 2024-10-10 13:38:50 +0000

    Status/2024Q3/service-jails.adoc: Add report
    
    Reviewed by:    status (Pau Amma <pauamma@gundo.com>
---
 .../status/report-2024-07-2024-09/service-jails.adoc  | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/website/content/en/status/report-2024-07-2024-09/service-jails.adoc b/website/content/en/status/report-2024-07-2024-09/service-jails.adoc
new file mode 100644
index 0000000000..ef1f6dbe85
--- /dev/null
+++ b/website/content/en/status/report-2024-07-2024-09/service-jails.adoc
@@ -0,0 +1,19 @@
+=== Service jails -- Automatic jailing of rc.d services
+
+Links: +
+link:https://docs.freebsd.org/en/articles/rc-scripting/#rcng-service-jails[rc-article part for Service Jails] URL: link:https://docs.freebsd.org/en/articles/rc-scripting/#rcng-service-jails[] +
+link:https://bugs.freebsd.org/bugzilla/buglist.cgi?quicksearch=service+jail+aware[service jail patches for ports in our bugtracker] URL: link:https://bugs.freebsd.org/bugzilla/buglist.cgi?quicksearch=service+jail+aware[]
+
+Contact: Alexander Leidinger <netchild@FreeBSD.org>
+
+Service jails extend the man:rc[8] system to allow automatic jailing of rc.d services.
+A service jail inherits the filesystem of the parent host or jail, but uses all other limits of the jail (process visibility, restricted network access, filesystem mounting permissions, sysvipc, ...) by default.
+Additional configuration allows inheritance of the IPs of the parent, sysvipc, memory page locking, and use of the bhyve virtual machine monitor (man:vmm[4]).
+
+Since the last report several ports have been modified to come with a service jail config.
+Out of about 1460 start scripts in the ports collection, about 80 start scripts are changed.
+Prominent examples out of those are postgresql, DNS servers, FTP servers, PHP, dovecot, postfix, rspamd, amavisd-new and clamav.
+Some more changes are waiting for a treatment by the corresponding port maintainers.
+
+Any help in changing more start scripts (most of the time just one line to add) is welcome.
+If you want to help, you can check the bugtracker link above for changes which are already under review.