From nobody Thu Oct 10 13:51:58 2024
X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XPWQQ43nZz5Z4G2
	for <dev-commits-doc-all@mlmmj.nyi.freebsd.org>; Thu, 10 Oct 2024 13:51:58 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XPWQQ3YcNz4bqq;
	Thu, 10 Oct 2024 13:51:58 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1728568318;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=mXyM617OYLTZbCgN1/fYzvtERupfIg67/2YfJdnSxPM=;
	b=d4VD43Cn/uCtE80H3en5cH05E1pakPZZRP2iAkJnyM1aLjzhFtU38O26r1pe4sjyL5zGoL
	VHz2ws3cpmU/p42iEglJLUvPQs7a7ByKZXA7BYqU+TmX+g45NxXeBDRnzdCLzgL6NKk2RQ
	LH67QgAF+7CphoPL1u/DPLn+T7TZKmiXOXTkJkjhau3O1iN54yAb+QUEFeWg1IOz6k9fs+
	yI0wGZGPPqWbFDwWZAykv824CMNinglJmCrHE4ZdCObax37rKjST0o8iOLTQ0q/Xtl4dwv
	tnfPdpZOfVGHOv1v1C3rpJ3ED7D4RMBkIfm4yD2Ws8ELIT3LzkkO+cHVgMRSdA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1728568318;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=mXyM617OYLTZbCgN1/fYzvtERupfIg67/2YfJdnSxPM=;
	b=sV77fbsQZtYNieDc4UKepqNDDGW02m0XoQJ+Iwhj/ooJEpHnBsF+P7N2NBYyeA8H5RUi0U
	vUQHF7erdVbco6h/4jTsB+04fgIdl7yaRu+VZ3ABnLx5k672i3Np3VUabYS1NVAVmOtsCB
	jhi+vb6FuaVlKdBKQxHjKY3OIXZ+0X/juKU7bPnAJRebBnwHsTmO4coDOT/BveaLuFcM8g
	2EqJg2V1hrUf6pxUA7VnNuhI75r5ICRq0MHPOjFe2mZ7JK1LCp8cT8Rb8Pwy0vBzpihdDr
	sTWLj+X3qScgPA54Ys/LFDTUd1XrvsAfGMi8v5wDiqLVyYYVB2/tENQZZD7zYg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1728568318; a=rsa-sha256; cv=none;
	b=e2J0yVhdXAGgngFY2zQstnbBjnFLxSx+DfDw0zFsgKoJi7FtNmz4Ea4MUOVKQ5JpcBCU1f
	QQCSva5Dyq0xCcY5zCJc9ArYs1hwdIMUKBJeTzIDVQ7ci/4aBBmRLncTpCCU+ck95kFScu
	KuWm2m1wCE51TgqXzUjgrbMlfwsqXRigZpspwBpOu0MBn3nQ6pQj12MMn8S95rej2xyGNn
	gao5wq63OWC0CQBtkojeGJjNRXZaz6+sa0C6cXkDZ516e0tF39/kCoGAZ/3Abtly14cE3E
	oh5ME0izGlcDJW/t3554fC9FyCRo86R+6OiJbGYHzl1zks+U3NQhsWC5VVtF9A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XPWQQ3953z11Gj;
	Thu, 10 Oct 2024 13:51:58 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 49ADpwPm038037;
	Thu, 10 Oct 2024 13:51:58 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 49ADpwix038034;
	Thu, 10 Oct 2024 13:51:58 GMT
	(envelope-from git)
Date: Thu, 10 Oct 2024 13:51:58 GMT
Message-Id: <202410101351.49ADpwix038034@gitrepo.freebsd.org>
To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org
From: Lorenzo Salvadore <salvadore@FreeBSD.org>
Subject: git: 2f4538bc20 - main - Status/2024Q3/service-jails.adoc:
  Add report
List-Id: Commit messages for all branches of the doc repository <dev-commits-doc-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all
List-Help: <mailto:dev-commits-doc-all+help@freebsd.org>
List-Post: <mailto:dev-commits-doc-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-doc-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-doc-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-doc-all@freebsd.org
Sender: owner-dev-commits-doc-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: salvadore
X-Git-Repository: doc
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 2f4538bc20ff736aeb17c592d3836a03ae83c96b
Auto-Submitted: auto-generated

The branch main has been updated by salvadore:

URL: https://cgit.FreeBSD.org/doc/commit/?id=2f4538bc20ff736aeb17c592d3836a03ae83c96b

commit 2f4538bc20ff736aeb17c592d3836a03ae83c96b
Author:     Alexander Leidinger <netchild@FreeBSD.org>
AuthorDate: 2024-10-10 13:38:50 +0000
Commit:     Lorenzo Salvadore <salvadore@FreeBSD.org>
CommitDate: 2024-10-10 13:38:50 +0000

    Status/2024Q3/service-jails.adoc: Add report
    
    Reviewed by:    status (Pau Amma <pauamma@gundo.com>
---
 .../status/report-2024-07-2024-09/service-jails.adoc  | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/website/content/en/status/report-2024-07-2024-09/service-jails.adoc b/website/content/en/status/report-2024-07-2024-09/service-jails.adoc
new file mode 100644
index 0000000000..ef1f6dbe85
--- /dev/null
+++ b/website/content/en/status/report-2024-07-2024-09/service-jails.adoc
@@ -0,0 +1,19 @@
+=== Service jails -- Automatic jailing of rc.d services
+
+Links: +
+link:https://docs.freebsd.org/en/articles/rc-scripting/#rcng-service-jails[rc-article part for Service Jails] URL: link:https://docs.freebsd.org/en/articles/rc-scripting/#rcng-service-jails[] +
+link:https://bugs.freebsd.org/bugzilla/buglist.cgi?quicksearch=service+jail+aware[service jail patches for ports in our bugtracker] URL: link:https://bugs.freebsd.org/bugzilla/buglist.cgi?quicksearch=service+jail+aware[]
+
+Contact: Alexander Leidinger <netchild@FreeBSD.org>
+
+Service jails extend the man:rc[8] system to allow automatic jailing of rc.d services.
+A service jail inherits the filesystem of the parent host or jail, but uses all other limits of the jail (process visibility, restricted network access, filesystem mounting permissions, sysvipc, ...) by default.
+Additional configuration allows inheritance of the IPs of the parent, sysvipc, memory page locking, and use of the bhyve virtual machine monitor (man:vmm[4]).
+
+Since the last report several ports have been modified to come with a service jail config.
+Out of about 1460 start scripts in the ports collection, about 80 start scripts are changed.
+Prominent examples out of those are postgresql, DNS servers, FTP servers, PHP, dovecot, postfix, rspamd, amavisd-new and clamav.
+Some more changes are waiting for a treatment by the corresponding port maintainers.
+
+Any help in changing more start scripts (most of the time just one line to add) is welcome.
+If you want to help, you can check the bugtracker link above for changes which are already under review.