Advantages of kdbus with enhanced capabilities feature
pavan teja
bharghav2947 at gmail.com
Fri Mar 11 13:18:50 UTC 2016
Hello everyone,
After getting a good understanding about capabilities and kdbus I
find kdbus very much useful in the following situations:
1. Since kdbus is connection based and not port based .kdbus being a zero
copy is highly useful as it reduces the in-between time for capabilities
passing.
2.By using capabilities as the primary tokens for connecting to the kdbus
the policy rules are no longer used for access restriction which are
considered a threat allowing all processes with same uid to allow
connecting and sending messages. We can merely use capabilties as the means
to communicate with other processes.
3.If forking a parent process would lead to inheriting file descriptors
,when we want to compartmentalize our child process n restrict them to
communicate, capabilities can be easily passed down to our child processes
n this would be a great thing in terms of security.
So entire security issues are handled by capabilities in a IPC
mechanism so it's more secure.
So adding kdbus into freebsd which uses capabilities over a wide
range kdbus provides almost zero copying or one copying and further
communication barrier can also be set by disallowing processes to connect a
bus just by checking process capabilities not by merely DAC which looks for
process uid.
What do you think about my view please let me know .
On 11-Mar-2016 5:30 PM, <freebsd-hackers-request at freebsd.org> wrote:
> Send freebsd-hackers mailing list submissions to
> freebsd-hackers at freebsd.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> or, via email, send a message with subject or body 'help' to
> freebsd-hackers-request at freebsd.org
>
> You can reach the person managing the list at
> freebsd-hackers-owner at freebsd.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of freebsd-hackers digest..."
>
> Today's Topics:
>
> 1. Re: Converting DAC or policy Rules into Capsicum capabilities
> (Mark Saad)
> 2. Re: EFI zfs loader and beadm? (Andrey Fesenko)
> 3. Re: EFI zfs loader and beadm? (krad)
> 4. Re: EFI zfs loader and beadm? (krad)
> 5. Re: EFI zfs loader and beadm? (krad)
> 6. Re: EFI zfs loader and beadm? (Andrey Fesenko)
> 7. Re: EFI zfs loader and beadm? (Trond Endrest?l)
> 8. Re: FreeBSD sh on Linux? (Jilles Tjoelker)
> 9. View about passing IPC pointer to the child process from a
> prent process. (pavan teja)
> 10. Re: EFI zfs loader and beadm? (Andrey Fesenko)
> 11. Re: FreeBSD sh on Linux? (Adam Wilson)
>
>
> ---------- Forwarded message ----------
> From: Mark Saad <nonesuch at longcount.org>
> To: pavan teja <bharghav2947 at gmail.com>
> Cc: freebsd-hackers at freebsd.org
> Date: Thu, 10 Mar 2016 07:04:32 -0500
> Subject: Re: Converting DAC or policy Rules into Capsicum capabilities
> Pavan
> What is the use of kdbus ? It's been abandoned,
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806558;msg=5 could the
> Mach ipc module from nextbsd be used ?
>
>
> ---
> Mark Saad | nonesuch at longcount.org
>
> > On Mar 10, 2016, at 3:50 AM, pavan teja <bharghav2947 at gmail.com> wrote:
> >
> > Hello everyone,
> > I'm right now working on Implementing KDBus project
> into
> > FreeBSD project .In the KDBus we have a set of policy rules by which we
> can
> > control the bus connectivity by other processes . If viewing from the
> other
> > side policy rules appeared to me similar to DAC the security mechanism
> used
> > in Linux . Can anyone suggest me a good way to convert these DAC rules
> into
> > capabilities .I want to replace these policy rules in KDBus in my design
> > and replace them with some capabilities . *Example for some policy rules
> > are:*
> >
> > KDBUS_ITEM_NAME: str='org.foo.bar'
> > KDBUS_ITEM_POLICY_ACCESS: type=USER, access=OWN, id=1000
> > KDBUS_ITEM_POLICY_ACCESS: type=USER, access=TALK, id=1001
> > KDBUS_ITEM_POLICY_ACCESS: type=WORLD, access=SEE
> >
> > Please help me out by stating an example as how i can convert policy
> > rules as these into some form of capabilities given to each process
> > .This would be very helpful for my design.
> > _______________________________________________
> > freebsd-hackers at freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> > To unsubscribe, send any mail to "
> freebsd-hackers-unsubscribe at freebsd.org"
>
>
>
> ---------- Forwarded message ----------
> From: Andrey Fesenko <f0andrey at gmail.com>
> To: krad <kraduk at gmail.com>
> Cc: Eric van Gyzen <eric at vangyzen.net>, "freebsd-hackers at freebsd.org" <
> freebsd-hackers at freebsd.org>, freebsd-current <freebsd-current at freebsd.org
> >
> Date: Thu, 10 Mar 2016 15:11:02 +0300
> Subject: Re: EFI zfs loader and beadm?
> On Thu, Mar 10, 2016 at 2:55 PM, krad <kraduk at gmail.com> wrote:
> > presumably it boots now?
> >
> > On 10 March 2016 at 11:01, Andrey Fesenko <f0andrey at gmail.com> wrote:
> >>
> >> On Thu, Mar 10, 2016 at 1:49 PM, krad <kraduk at gmail.com> wrote:
> >> > Make sure you are running the latest snapshot of current or 10.3 as
> >> > well, as
> >> > the MFC commits were in early February for 10-stable
> >> >
> >> >>
> >> >> If remove efiwpool/ROOT/init/boot and copy his content on
> >> >> efiwpool/ROOT/init my scheme work fine too.
> >> >> /usr /var /home and other included in BE for consistent boot system
> >> >> (CURRENT world may not boot with kernel other rev), and old home
> >> >> snapshot sometimes useful for backup/restore
> >> >> _______________________________________________
> >>
> >> % uname -a
> >> FreeBSD x220.efi.local 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r296548:
> >> Wed Mar 9 01:16:17 MSK 2016
> >> root at des.local:/usr/obj/usr/src/sys/X220 amd64
> >
> >
>
> My current working config
> % mount
> efiwpool/ROOT/init0 on / (zfs, local, noatime, nfsv4acls)
> devfs on /dev (devfs, local, multilabel)
> efiwpool/ROOT/init0/tmp on /tmp (zfs, local, noatime, nosuid, nfsv4acls)
> efiwpool/ROOT/init0/usr on /usr (zfs, local, noatime, nfsv4acls)
> efiwpool/ROOT/init0/usr/home on /usr/home (zfs, local, noatime, nfsv4acls)
> efiwpool/ROOT/init0/var on /var (zfs, local, noatime, nfsv4acls)
> efiwpool/ROOT/init0/var/crash on /var/crash (zfs, local, noatime,
> noexec, nosuid, nfsv4acls)
> efiwpool/ROOT/init0/var/db on /var/db (zfs, local, noatime, noexec,
> nosuid, nfsv4acls)
> efiwpool/ROOT/init0/var/db/pkg on /var/db/pkg (zfs, local, noatime,
> nosuid, nfsv4acls)
> efiwpool/ROOT/init0/var/db/tlpkg on /var/db/tlpkg (zfs, local,
> noatime, nosuid, nfsv4acls)
> efiwpool/ROOT/init0/var/empty on /var/empty (zfs, local, noatime,
> noexec, nosuid, read-only, nfsv4acls)
> efiwpool/ROOT/init0/var/log on /var/log (zfs, local, noatime, noexec,
> nosuid, nfsv4acls)
> efiwpool/ROOT/init0/var/mail on /var/mail (zfs, local, noatime,
> noexec, nosuid, nfsv4acls)
> efiwpool/ROOT/init0/var/run on /var/run (zfs, local, noatime, noexec,
> nosuid, nfsv4acls)
> efiwpool/ROOT/init0/var/tmp on /var/tmp (zfs, local, noatime, nosuid,
> nfsv4acls)
>
> => 40 234441568 ada1 GPT (112G)
> 40 1600 1 efi (800K)
> 1640 234439960 2 freebsd-zfs (112G)
> 234441600 8 - free - (4.0K)
>
> % zfs get -r mountpoint efiwpool
> NAME PROPERTY
> VALUE SOURCE
> efiwpool mountpoint none
> local
> efiwpool/ROOT mountpoint none
> inherited from efiwpool
> efiwpool/ROOT/init mountpoint
> legacy local
> efiwpool/ROOT/init/tmp mountpoint /tmp
> local
> ....
>
> This work fine, booted, beadm create new env, activate them, see boot
> menu and select BE.
>
> % beadm list
> BE Active Mountpoint Space Created
> init - - 420.7M 2016-03-09 02:57
> init0 NR / 35.9G 2016-03-10 05:00
>
> If i'm add separate dataset for /boot (efiwpool/ROOT/init0/boot)
> system not booted, efi loader (first stage) see only my pool, not
> found /boot/loader.efi
>
>
>
> ---------- Forwarded message ----------
> From: krad <kraduk at gmail.com>
> To: Andrey Fesenko <f0andrey at gmail.com>
> Cc: Eric van Gyzen <eric at vangyzen.net>, "freebsd-hackers at freebsd.org" <
> freebsd-hackers at freebsd.org>, freebsd-current <freebsd-current at freebsd.org
> >
> Date: Thu, 10 Mar 2016 10:49:36 +0000
> Subject: Re: EFI zfs loader and beadm?
> Make sure you are running the latest snapshot of current or 10.3 as well,
> as the MFC commits were in early February for 10-stable
>
> On 9 March 2016 at 16:01, Andrey Fesenko <f0andrey at gmail.com> wrote:
>
> > On Wed, Mar 9, 2016 at 6:48 PM, Eric van Gyzen <eric at vangyzen.net>
> wrote:
> > > On 03/09/2016 09:40, Andrey Fesenko wrote:
> > >> Hello,
> > >> I'm test EFI boot ZFSroot with BE, this not support now?
> > >> svn 2965489
> > >>
> > >> If i build simplest system
> > >>
> >
> http://blog.multiplay.co.uk/2015/12/freebsd-10-2-release-efi-zfs-root-boot/
> > >>
> > >> # zfs get -r mountpoint efifpool
> > >> NAME PROPERTY VALUE SOURCE
> > >> efifpool mountpoint /mnt/efifpool default
> > >>
> > >> => 40 30712240 da0 GPT (15G)
> > >> 40 1600 1 efi (800K)
> > >> 1640 30710632 2 freebsd-zfs (15G)
> > >> 30712272 8 - free - (4.0K)
> > >>
> > >> system boot nice
> > >>
> > >> If make BE env
> > >>
> > >> # zfs get -r mountpoint efiwpool
> > >> NAME PROPERTY VALUE
> SOURCE
> > >> efiwpool mountpoint none local
> > >> efiwpool/ROOT mountpoint none
> > >> inherited from efiwpool
> > >> efiwpool/ROOT/init mountpoint legacy local
> > >> efiwpool/ROOT/init at init mountpoint - -
> > >> efiwpool/ROOT/init/boot mountpoint /media/boot local
> > >> efiwpool/ROOT/init/tmp mountpoint /media/tmp local
> > >> efiwpool/ROOT/init/usr mountpoint /media/usr local
> > >> efiwpool/ROOT/init/usr at init mountpoint - -
> > >> efiwpool/ROOT/init/usr/home mountpoint /media/usr/home
> > >> inherited from efiwpool/ROOT/init/usr
> > >> efiwpool/ROOT/init/usr/home at init mountpoint - -
> > >> efiwpool/ROOT/init/var mountpoint /media/var local
> > >> efiwpool/ROOT/init/var at init mountpoint - -
> > >> efiwpool/ROOT/init/var/crash mountpoint /media/var/crash
> > >> inherited from efiwpool/ROOT/init/var
> > >> efiwpool/ROOT/init/var/db mountpoint /media/var/db
> > >> inherited from efiwpool/ROOT/init/var
> > >> efiwpool/ROOT/init/var/db/pkg mountpoint /media/var/db/pkg
> > >> inherited from efiwpool/ROOT/init/var
> > >> efiwpool/ROOT/init/var/empty mountpoint /media/var/empty
> > >> inherited from efiwpool/ROOT/init/var
> > >> efiwpool/ROOT/init/var/log mountpoint /media/var/log
> > >> inherited from efiwpool/ROOT/init/var
> > >> efiwpool/ROOT/init/var/mail mountpoint /media/var/mail
> > >> inherited from efiwpool/ROOT/init/var
> > >> efiwpool/ROOT/init/var/run mountpoint /media/var/run
> > >> inherited from efiwpool/ROOT/init/var
> > >> efiwpool/ROOT/init/var/tmp mountpoint /media/var/tmp
> > >> inherited from efiwpool/ROOT/init/var
> > >>
> > >> system not boot.
> > >>
> > >> Not found /boot/loader.efi (in BE system real path
> > >> efiwpool/ROOT/init/boot/loader.efi) if copy this efiwpool/ROOT/init
> > >> (blank in BE system) loader found this (but not found /boot/kernel) I
> > >> can copy this and get a similar system
> > >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192184#c15 (with
> out
> > >> msdos kernel part), but this ruin BE update mechanism
> > >
> > > Your dataset hierarchy is not what beadm expects. Specifically, you
> > > have /boot separate from /, which I imagine is causing your problem.
> > > /boot should be part of /. Also, you have several file systems in the
> > > BE that are usually not in it; I doubt this is part of your boot
> > > failure, though.
> > >
> > > For reference, here is my layout, which is mostly the same as the
> > > default installation:
> > >
> > > NAME USED AVAIL REFER MOUNTPOINT
> > > zroot 117G 108G 96K none
> > > zroot/ROOT 14.8G 108G 96K none
> > > zroot/ROOT/10.2 444K 108G 6.35G /
> > > zroot/ROOT/103beta 14.8G 108G 8.75G /
> > > zroot/ROOT/103beta1 8K 108G 8.17G /
> > > zroot/ROOT/103beta3 8K 108G 8.75G /
> > > zroot/home 97.8G 108G 94.9G /home
> > > zroot/usr 3.36G 108G 96K /usr
> > > zroot/usr/ports 985M 108G 736M /usr/ports
> > > zroot/usr/src 2.40G 108G 2.19G /usr/src
> > > zroot/var 2.19M 108G 96K /var
> > > zroot/var/audit 96K 108G 96K /var/audit
> > > zroot/var/crash 96K 108G 96K /var/crash
> > > zroot/var/log 1.15M 108G 420K /var/log
> > > zroot/var/mail 360K 108G 120K /var/mail
> > > zroot/var/tmp 416K 108G 144K /var/tmp
> > >
> > > Eric
> >
> > If remove efiwpool/ROOT/init/boot and copy his content on
> > efiwpool/ROOT/init my scheme work fine too.
> > /usr /var /home and other included in BE for consistent boot system
> > (CURRENT world may not boot with kernel other rev), and old home
> > snapshot sometimes useful for backup/restore
> > _______________________________________________
> > freebsd-hackers at freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> > To unsubscribe, send any mail to "
> freebsd-hackers-unsubscribe at freebsd.org"
> >
>
>
>
> ---------- Forwarded message ----------
> From: krad <kraduk at gmail.com>
> To: Andrey Fesenko <f0andrey at gmail.com>
> Cc: Eric van Gyzen <eric at vangyzen.net>, "freebsd-hackers at freebsd.org" <
> freebsd-hackers at freebsd.org>, freebsd-current <freebsd-current at freebsd.org
> >
> Date: Thu, 10 Mar 2016 11:55:33 +0000
> Subject: Re: EFI zfs loader and beadm?
> presumably it boots now?
>
> On 10 March 2016 at 11:01, Andrey Fesenko <f0andrey at gmail.com> wrote:
>
> > On Thu, Mar 10, 2016 at 1:49 PM, krad <kraduk at gmail.com> wrote:
> > > Make sure you are running the latest snapshot of current or 10.3 as
> > well, as
> > > the MFC commits were in early February for 10-stable
> > >
> > >>
> > >> If remove efiwpool/ROOT/init/boot and copy his content on
> > >> efiwpool/ROOT/init my scheme work fine too.
> > >> /usr /var /home and other included in BE for consistent boot system
> > >> (CURRENT world may not boot with kernel other rev), and old home
> > >> snapshot sometimes useful for backup/restore
> > >> _______________________________________________
> >
> > % uname -a
> > FreeBSD x220.efi.local 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r296548:
> > Wed Mar 9 01:16:17 MSK 2016
> > root at des.local:/usr/obj/usr/src/sys/X220 amd64
> >
>
>
>
> ---------- Forwarded message ----------
> From: krad <kraduk at gmail.com>
> To: Andrey Fesenko <f0andrey at gmail.com>
> Cc: Eric van Gyzen <eric at vangyzen.net>, "freebsd-hackers at freebsd.org" <
> freebsd-hackers at freebsd.org>, freebsd-current <freebsd-current at freebsd.org
> >
> Date: Thu, 10 Mar 2016 15:11:09 +0000
> Subject: Re: EFI zfs loader and beadm?
> As Eric said you cant have /boot on a separate dataset as the whole loader
> bootstrap isnt designed too look for it on the dataset defined by bootfs.
> Remember no other datasets are mounted at that stage of the bootstrap.
>
> You could maybe bodge something by manually playing around with the bootfs
> property, symlinks and rootfs variables in the loader.conf. But why would
> you want to do this? It's more work and non standard, and will break a lot?
>
>
>
> On 10 March 2016 at 12:11, Andrey Fesenko <f0andrey at gmail.com> wrote:
>
> > On Thu, Mar 10, 2016 at 2:55 PM, krad <kraduk at gmail.com> wrote:
> > > presumably it boots now?
> > >
> > > On 10 March 2016 at 11:01, Andrey Fesenko <f0andrey at gmail.com> wrote:
> > >>
> > >> On Thu, Mar 10, 2016 at 1:49 PM, krad <kraduk at gmail.com> wrote:
> > >> > Make sure you are running the latest snapshot of current or 10.3 as
> > >> > well, as
> > >> > the MFC commits were in early February for 10-stable
> > >> >
> > >> >>
> > >> >> If remove efiwpool/ROOT/init/boot and copy his content on
> > >> >> efiwpool/ROOT/init my scheme work fine too.
> > >> >> /usr /var /home and other included in BE for consistent boot system
> > >> >> (CURRENT world may not boot with kernel other rev), and old home
> > >> >> snapshot sometimes useful for backup/restore
> > >> >> _______________________________________________
> > >>
> > >> % uname -a
> > >> FreeBSD x220.efi.local 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r296548:
> > >> Wed Mar 9 01:16:17 MSK 2016
> > >> root at des.local:/usr/obj/usr/src/sys/X220 amd64
> > >
> > >
> >
> > My current working config
> > % mount
> > efiwpool/ROOT/init0 on / (zfs, local, noatime, nfsv4acls)
> > devfs on /dev (devfs, local, multilabel)
> > efiwpool/ROOT/init0/tmp on /tmp (zfs, local, noatime, nosuid, nfsv4acls)
> > efiwpool/ROOT/init0/usr on /usr (zfs, local, noatime, nfsv4acls)
> > efiwpool/ROOT/init0/usr/home on /usr/home (zfs, local, noatime,
> nfsv4acls)
> > efiwpool/ROOT/init0/var on /var (zfs, local, noatime, nfsv4acls)
> > efiwpool/ROOT/init0/var/crash on /var/crash (zfs, local, noatime,
> > noexec, nosuid, nfsv4acls)
> > efiwpool/ROOT/init0/var/db on /var/db (zfs, local, noatime, noexec,
> > nosuid, nfsv4acls)
> > efiwpool/ROOT/init0/var/db/pkg on /var/db/pkg (zfs, local, noatime,
> > nosuid, nfsv4acls)
> > efiwpool/ROOT/init0/var/db/tlpkg on /var/db/tlpkg (zfs, local,
> > noatime, nosuid, nfsv4acls)
> > efiwpool/ROOT/init0/var/empty on /var/empty (zfs, local, noatime,
> > noexec, nosuid, read-only, nfsv4acls)
> > efiwpool/ROOT/init0/var/log on /var/log (zfs, local, noatime, noexec,
> > nosuid, nfsv4acls)
> > efiwpool/ROOT/init0/var/mail on /var/mail (zfs, local, noatime,
> > noexec, nosuid, nfsv4acls)
> > efiwpool/ROOT/init0/var/run on /var/run (zfs, local, noatime, noexec,
> > nosuid, nfsv4acls)
> > efiwpool/ROOT/init0/var/tmp on /var/tmp (zfs, local, noatime, nosuid,
> > nfsv4acls)
> >
> > => 40 234441568 ada1 GPT (112G)
> > 40 1600 1 efi (800K)
> > 1640 234439960 2 freebsd-zfs (112G)
> > 234441600 8 - free - (4.0K)
> >
> > % zfs get -r mountpoint efiwpool
> > NAME PROPERTY
> > VALUE SOURCE
> > efiwpool mountpoint none
> > local
> > efiwpool/ROOT mountpoint none
> > inherited from efiwpool
> > efiwpool/ROOT/init mountpoint
> > legacy local
> > efiwpool/ROOT/init/tmp mountpoint /tmp
> > local
> > ....
> >
> > This work fine, booted, beadm create new env, activate them, see boot
> > menu and select BE.
> >
> > % beadm list
> > BE Active Mountpoint Space Created
> > init - - 420.7M 2016-03-09 02:57
> > init0 NR / 35.9G 2016-03-10 05:00
> >
> > If i'm add separate dataset for /boot (efiwpool/ROOT/init0/boot)
> > system not booted, efi loader (first stage) see only my pool, not
> > found /boot/loader.efi
> >
>
>
>
> ---------- Forwarded message ----------
> From: Andrey Fesenko <f0andrey at gmail.com>
> To: krad <kraduk at gmail.com>
> Cc: Eric van Gyzen <eric at vangyzen.net>, "freebsd-hackers at freebsd.org" <
> freebsd-hackers at freebsd.org>, freebsd-current <freebsd-current at freebsd.org
> >
> Date: Thu, 10 Mar 2016 18:38:53 +0300
> Subject: Re: EFI zfs loader and beadm?
> On Thu, Mar 10, 2016 at 6:11 PM, krad <kraduk at gmail.com> wrote:
> > As Eric said you cant have /boot on a separate dataset as the whole
> loader
> > bootstrap isnt designed too look for it on the dataset defined by bootfs.
> > Remember no other datasets are mounted at that stage of the bootstrap.
> >
> > You could maybe bodge something by manually playing around with the
> bootfs
> > property, symlinks and rootfs variables in the loader.conf. But why
> would
> > you want to do this? It's more work and non standard, and will break a
> lot?
> >
> >
> >
> > On 10 March 2016 at 12:11, Andrey Fesenko <f0andrey at gmail.com> wrote:
> >>
> >> On Thu, Mar 10, 2016 at 2:55 PM, krad <kraduk at gmail.com> wrote:
> >> > presumably it boots now?
> >> >
> >> > On 10 March 2016 at 11:01, Andrey Fesenko <f0andrey at gmail.com> wrote:
> >> >>
> >> >> On Thu, Mar 10, 2016 at 1:49 PM, krad <kraduk at gmail.com> wrote:
> >> >> > Make sure you are running the latest snapshot of current or 10.3 as
> >> >> > well, as
> >> >> > the MFC commits were in early February for 10-stable
> >> >> >
> >> >> >>
> >> >> >> If remove efiwpool/ROOT/init/boot and copy his content on
> >> >> >> efiwpool/ROOT/init my scheme work fine too.
> >> >> >> /usr /var /home and other included in BE for consistent boot
> system
> >> >> >> (CURRENT world may not boot with kernel other rev), and old home
> >> >> >> snapshot sometimes useful for backup/restore
> >> >> >> _______________________________________________
> >> >>
> >> >> % uname -a
> >> >> FreeBSD x220.efi.local 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r296548:
> >> >> Wed Mar 9 01:16:17 MSK 2016
> >> >> root at des.local:/usr/obj/usr/src/sys/X220 amd64
> >> >
> >> >
> >>
> >> My current working config
> >> % mount
> >> ....
> >>
> >> This work fine, booted, beadm create new env, activate them, see boot
> >> menu and select BE.
> >>
> >> % beadm list
> >> BE Active Mountpoint Space Created
> >> init - - 420.7M 2016-03-09 02:57
> >> init0 NR / 35.9G 2016-03-10 05:00
> >>
> >> If i'm add separate dataset for /boot (efiwpool/ROOT/init0/boot)
> >> system not booted, efi loader (first stage) see only my pool, not
> >> found /boot/loader.efi
> >
> >
>
> It probably does not matter, as bootfs have snapshots (BE), just
> wanted to make it more clear (having taken significant mountpoint
> /boot, /usr, /var... in zfs dataset) and was surprised why the system
> does not boot
>
> It is clear that as long as the functionality is experimental and
> under development, but would like to see where the full instructions
> on its implementation / restrictions, at least as early as has been
> described https://wiki.freebsd.org/RootOnZFS
>
>
>
> ---------- Forwarded message ----------
> From: "Trond Endrestøl" <Trond.Endrestol at fagskolen.gjovik.no>
> To: Andrey Fesenko <f0andrey at gmail.com>
> Cc: "freebsd-hackers at freebsd.org" <freebsd-hackers at freebsd.org>,
> freebsd-current <freebsd-current at freebsd.org>
> Date: Thu, 10 Mar 2016 20:23:51 +0100 (CET)
> Subject: Re: EFI zfs loader and beadm?
> On Thu, 10 Mar 2016 18:38+0300, Andrey Fesenko wrote:
>
> > On Thu, Mar 10, 2016 at 6:11 PM, krad <kraduk at gmail.com> wrote:
> > > As Eric said you cant have /boot on a separate dataset as the whole
> loader
> > > bootstrap isnt designed too look for it on the dataset defined by
> bootfs.
> > > Remember no other datasets are mounted at that stage of the bootstrap.
> > >
> > > You could maybe bodge something by manually playing around with the
> bootfs
> > > property, symlinks and rootfs variables in the loader.conf. But why
> would
> > > you want to do this? It's more work and non standard, and will break a
> lot?
> > >
> > >
> > >
> > > On 10 March 2016 at 12:11, Andrey Fesenko <f0andrey at gmail.com> wrote:
> > >>
> > >> On Thu, Mar 10, 2016 at 2:55 PM, krad <kraduk at gmail.com> wrote:
> > >> > presumably it boots now?
> > >> >
> > >> > On 10 March 2016 at 11:01, Andrey Fesenko <f0andrey at gmail.com>
> wrote:
> > >> >>
> > >> >> On Thu, Mar 10, 2016 at 1:49 PM, krad <kraduk at gmail.com> wrote:
> > >> >> > Make sure you are running the latest snapshot of current or 10.3
> as
> > >> >> > well, as
> > >> >> > the MFC commits were in early February for 10-stable
> > >> >> >
> > >> >> >>
> > >> >> >> If remove efiwpool/ROOT/init/boot and copy his content on
> > >> >> >> efiwpool/ROOT/init my scheme work fine too.
> > >> >> >> /usr /var /home and other included in BE for consistent boot
> system
> > >> >> >> (CURRENT world may not boot with kernel other rev), and old
> home
> > >> >> >> snapshot sometimes useful for backup/restore
> > >> >> >> _______________________________________________
> > >> >>
> > >> >> % uname -a
> > >> >> FreeBSD x220.efi.local 11.0-CURRENT FreeBSD 11.0-CURRENT #0
> r296548:
> > >> >> Wed Mar 9 01:16:17 MSK 2016
> > >> >> root at des.local:/usr/obj/usr/src/sys/X220 amd64
> > >> >
> > >> >
> > >>
> > >> My current working config
> > >> % mount
> > >> ....
> > >>
> > >> This work fine, booted, beadm create new env, activate them, see boot
> > >> menu and select BE.
> > >>
> > >> % beadm list
> > >> BE Active Mountpoint Space Created
> > >> init - - 420.7M 2016-03-09 02:57
> > >> init0 NR / 35.9G 2016-03-10 05:00
> > >>
> > >> If i'm add separate dataset for /boot (efiwpool/ROOT/init0/boot)
> > >> system not booted, efi loader (first stage) see only my pool, not
> > >> found /boot/loader.efi
> > >
> > >
> >
> > It probably does not matter, as bootfs have snapshots (BE), just
> > wanted to make it more clear (having taken significant mountpoint
> > /boot, /usr, /var... in zfs dataset) and was surprised why the system
> > does not boot
> >
> > It is clear that as long as the functionality is experimental and
> > under development, but would like to see where the full instructions
> > on its implementation / restrictions, at least as early as has been
> > described https://wiki.freebsd.org/RootOnZFS
>
> If you keep /boot as a separate dataset/filesystem, with
> efiwpool/ROOT/init0/boot as the given bootfs, then boot1.efi will not
> see a /boot directory inside that dataset. The files and directories
> from /boot will be presented as living in /, the local root directory
> of that dataset.
>
> You could create a /boot/boot symlink pointing to . (dot), but it's
> better to let /boot be part of the regular boot environment, pretty
> similar to what you would find on a UFS system using a separate root
> filesystem.
>
> --
> +-------------------------------+------------------------------------+
> | Vennlig hilsen, | Best regards, |
> | Trond Endrestøl, | Trond Endrestøl, |
> | IT-ansvarlig, | System administrator, |
> | Fagskolen Innlandet, | Gjøvik Technical College, Norway, |
> | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, |
> | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. |
> +-------------------------------+------------------------------------+
>
>
> ---------- Forwarded message ----------
> From: Jilles Tjoelker <jilles at stack.nl>
> To: "C Bergström" <cbergstrom at pathscale.com>
> Cc: Jason Hellenthal <jhellenthal at dataix.net>, "
> freebsd-hackers at freebsd.org" <freebsd-hackers at freebsd.org>, Brendan
> Sechter <sgeos at hotmail.com>
> Date: Thu, 10 Mar 2016 21:18:19 +0100
> Subject: Re: FreeBSD sh on Linux?
> On Wed, Mar 09, 2016 at 08:27:05PM +0700, C Bergström wrote:
> > On Wed, Mar 9, 2016 at 8:13 PM, Jason Hellenthal
> > <jhellenthal at dataix.net> wrote:
>
> > > On Mar 9, 2016, at 02:06, Brendan Sechter <sgeos at hotmail.com> wrote:
>
> > > > Is there any reason why FreeBSD sh can't be used on Linux? dash
> > > > is not a suitable login shell and bash is GNU.
>
> You'd need to do some work to make it compile. There is a package called
> libbsd which should be helpful.
>
> The filename completion in FreeBSD sh also uses a FreeBSD-local patch to
> libedit. This will be problematic if you want to maintain a package in a
> distribution.
>
> > > It's just the ash(1) shell with a few modifications that's a little
> > > more standard than most. Shouldn't be any reason why it can't
>
> There are quite a few bugfixes, features and performance improvements
> that are in FreeBSD sh and not in most other ash variants, such as UTF-8
> support, $'...' to embed control characters and Unicode more easily,
> simple command substitutions without fork() and vfork() use. Therefore,
> I think the original question is reasonable, if the request is for a
> scripting shell (including for system() and make).
>
> > /* not meaning to be a troll */
>
> > If you're going down this route - there's also ksh93 from solaris,
> > which may be easy to extract (or maybe has done so already.. not sure)
> > in my experience it's that nice balance between bare minimum sh and
> > bash.
>
> ksh93 is in ports.
>
> I think it is more rather than less featureful than bash, though. It has
> programming features such as lexically-scoped variables and user-defined
> data types. Interactive features are a bit more limited. It is quite
> fast as well.
>
> Downsides are that it can be buggy, development has slowed down,
> commonly available versions are quite incompatible with other shells and
> the programming features are still not nearly as good as more modern
> non-shell programming languages such as Python.
>
> > There's also fish and zsh if you want tons of features..
>
> I think those are better choices for interactive use.
>
> There is also mksh which is in between FreeBSD sh and bash in features.
> I don't like it for interactive use because it does not support editing
> a very long logical line such as a for loop on multiple physical lines,
> but you may not mind that.
>
> --
> Jilles Tjoelker
>
>
>
> ---------- Forwarded message ----------
> From: pavan teja <bharghav2947 at gmail.com>
> To: freebsd-hackers at freebsd.org
> Cc:
> Date: Fri, 11 Mar 2016 15:07:33 +0530
> Subject: View about passing IPC pointer to the child process from a prent
> process.
> Hello everyone,
> I'm right now designing my project idea now I'm
> confused with a major idea which was implemented differently in different
> IPC meachanisms.
> Should a child process be allowed to share a IPC
> file descriptor from a parent process.Obviously it would be shared since
> file descriptores passed down.But what if the IPC mechanism puts a
> restriction on it .That even though it acquired the file descriptor it
> cannot participate with the file descriptor created by parent rather it
> shuld make its own connection to the IPC module . Please lemme the pros and
> cons of the above mechanism.
> Thank You.
>
>
>
> ---------- Forwarded message ----------
> From: Andrey Fesenko <f0andrey at gmail.com>
> To: krad <kraduk at gmail.com>
> Cc: "Trond Endrestøl" <Trond.Endrestol at fagskolen.gjovik.no>, "
> freebsd-hackers at freebsd.org" <freebsd-hackers at freebsd.org>,
> freebsd-current <freebsd-current at freebsd.org>
> Date: Fri, 11 Mar 2016 13:00:32 +0300
> Subject: Re: EFI zfs loader and beadm?
> On Fri, Mar 11, 2016 at 10:52 AM, krad <kraduk at gmail.com> wrote:
> > Its also worth pointing that if you decouple the userland from the kernel
> > files you no longer have a boot environment, as all the basic stuff to
> boot
> > the os isn't contained within the bootfs. I'm still struggling to see why
> > /boot needs to be on a different dataset, its just a bit of a linuxism.
> >
> > On 10 March 2016 at 19:23, Trond Endrestøl
> > <Trond.Endrestol at fagskolen.gjovik.no> wrote:
> >>
> >> On Thu, 10 Mar 2016 18:38+0300, Andrey Fesenko wrote:
> >>
> >> > On Thu, Mar 10, 2016 at 6:11 PM, krad <kraduk at gmail.com> wrote:
> >> > > As Eric said you cant have /boot on a separate dataset as the whole
> >> > > loader
> >> > > bootstrap isnt designed too look for it on the dataset defined by
> >> > > bootfs.
> >> > > Remember no other datasets are mounted at that stage of the
> bootstrap.
> >> > >
> >> > > You could maybe bodge something by manually playing around with the
> >> > > bootfs
> >> > > property, symlinks and rootfs variables in the loader.conf. But why
> >> > > would
> >> > > you want to do this? It's more work and non standard, and will
> break a
> >> > > lot?
> >> > >
> >> > >
> >> > >
> >> > > On 10 March 2016 at 12:11, Andrey Fesenko <f0andrey at gmail.com>
> wrote:
> >> > >>
> >> > >> On Thu, Mar 10, 2016 at 2:55 PM, krad <kraduk at gmail.com> wrote:
> >> > >> > presumably it boots now?
> >> > >> >
> >> > >> > On 10 March 2016 at 11:01, Andrey Fesenko <f0andrey at gmail.com>
> >> > >> > wrote:
> >> > >> >>
> >> > >> >> On Thu, Mar 10, 2016 at 1:49 PM, krad <kraduk at gmail.com> wrote:
> >> > >> >> > Make sure you are running the latest snapshot of current or
> 10.3
> >> > >> >> > as
> >> > >> >> > well, as
> >> > >> >> > the MFC commits were in early February for 10-stable
> >> > >> >> >
> >> > >> >> >>
> >> > >> >> >> If remove efiwpool/ROOT/init/boot and copy his content on
> >> > >> >> >> efiwpool/ROOT/init my scheme work fine too.
> >> > >> >> >> /usr /var /home and other included in BE for consistent boot
> >> > >> >> >> system
> >> > >> >> >> (CURRENT world may not boot with kernel other rev), and old
> >> > >> >> >> home
> >> > >> >> >> snapshot sometimes useful for backup/restore
> >> > >> >> >> _______________________________________________
> >> > >> >>
> >> > >> >> % uname -a
> >> > >> >> FreeBSD x220.efi.local 11.0-CURRENT FreeBSD 11.0-CURRENT #0
> >> > >> >> r296548:
> >> > >> >> Wed Mar 9 01:16:17 MSK 2016
> >> > >> >> root at des.local:/usr/obj/usr/src/sys/X220 amd64
> >> > >> >
> >> > >> >
> >> > >>
> >> > >> My current working config
> >> > >> % mount
> >> > >> ....
> >> > >>
> >> > >> This work fine, booted, beadm create new env, activate them, see
> boot
> >> > >> menu and select BE.
> >> > >>
> >> > >> % beadm list
> >> > >> BE Active Mountpoint Space Created
> >> > >> init - - 420.7M 2016-03-09 02:57
> >> > >> init0 NR / 35.9G 2016-03-10 05:00
> >> > >>
> >> > >> If i'm add separate dataset for /boot (efiwpool/ROOT/init0/boot)
> >> > >> system not booted, efi loader (first stage) see only my pool, not
> >> > >> found /boot/loader.efi
> >> > >
> >> > >
> >> >
> >> > It probably does not matter, as bootfs have snapshots (BE), just
> >> > wanted to make it more clear (having taken significant mountpoint
> >> > /boot, /usr, /var... in zfs dataset) and was surprised why the system
> >> > does not boot
> >> >
> >> > It is clear that as long as the functionality is experimental and
> >> > under development, but would like to see where the full instructions
> >> > on its implementation / restrictions, at least as early as has been
> >> > described https://wiki.freebsd.org/RootOnZFS
> >>
> >> If you keep /boot as a separate dataset/filesystem, with
> >> efiwpool/ROOT/init0/boot as the given bootfs, then boot1.efi will not
> >> see a /boot directory inside that dataset. The files and directories
> >> from /boot will be presented as living in /, the local root directory
> >> of that dataset.
> >>
> >> You could create a /boot/boot symlink pointing to . (dot), but it's
> >> better to let /boot be part of the regular boot environment, pretty
> >> similar to what you would find on a UFS system using a separate root
> >> filesystem.
> >>
>
> why?
> On the contrary, my scheme involves the entire system as a single BE
> (including home)
>
> > linuxism
> Is unlikely, to rather an attempt to use all the features ZFS. ZFS
> also many possible settings for each dataset/FS (compression, atime,
> exec......) Probably for /boot many of them unnecessary, but such
> separate extra snapshots, can would not be harmful
>
>
>
> ---------- Forwarded message ----------
> From: Adam Wilson <moxalt at riseup.net>
> To: freebsd-hackers at freebsd.org
> Cc:
> Date: Fri, 11 Mar 2016 13:50:14 +0300
> Subject: Re: FreeBSD sh on Linux?
> On Thu, 10 Mar 2016 21:18:19 +0100 Jilles Tjoelker <jilles at stack.nl>
> wrote:
>
> > On Wed, Mar 09, 2016 at 08:27:05PM +0700, C Bergström wrote:
> > > On Wed, Mar 9, 2016 at 8:13 PM, Jason Hellenthal
> > > <jhellenthal at dataix.net> wrote:
> >
> > > > On Mar 9, 2016, at 02:06, Brendan Sechter <sgeos at hotmail.com>
> > > > wrote:
> >
> > > > > Is there any reason why FreeBSD sh can't be used on Linux? dash
> > > > > is not a suitable login shell and bash is GNU.
> >
> > You'd need to do some work to make it compile. There is a package
> > called libbsd which should be helpful.
> >
> > The filename completion in FreeBSD sh also uses a FreeBSD-local patch
> > to libedit. This will be problematic if you want to maintain a
> > package in a distribution.
> >
> > > > It's just the ash(1) shell with a few modifications that's a
> > > > little more standard than most. Shouldn't be any reason why it
> > > > can't
> >
> > There are quite a few bugfixes, features and performance improvements
> > that are in FreeBSD sh and not in most other ash variants, such as
> > UTF-8 support, $'...' to embed control characters and Unicode more
> > easily, simple command substitutions without fork() and vfork() use.
> > Therefore, I think the original question is reasonable, if the
> > request is for a scripting shell (including for system() and make).
> >
> > > /* not meaning to be a troll */
> >
> > > If you're going down this route - there's also ksh93 from solaris,
> > > which may be easy to extract (or maybe has done so already.. not
> > > sure) in my experience it's that nice balance between bare minimum
> > > sh and bash.
> >
> > ksh93 is in ports.
>
> Debian includes the 1993 version of ksh in stable. Not sure if that's
> the same thing- the package name is ksh, but it conforms to the
> specification from 1993 as opposed to the 1988 version.
>
>
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
More information about the freebsd-hackers
mailing list