Re: A TrustedBSD "voluntary sandbox" policy.
On Wed, Nov 07, 2007 at 10:20:28PM -0500, [EMAIL PROTECTED] wrote: > I'm considering developing a policy/module for TrustedBSD loosely based > on the systrace concept - A process loads a policy and then executes > another program in a sandbox with fine grained control over what that > program can do. ... > Please note that the 'policy' given on the command line is purely for > the sake of example, no syntax or semantics have been decided upon. Can't comment on the implementation or wider issues, but if you pursue this, please have a look at how MacOS Leopard does it (Seatbelt). Would be nice to converge on both syntax (a Schema dialect) and tools names / command line args--or if converging is not possible, at least know where and why and make a conscious decision. Bye, Andrea -- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: SSH From within a Jail
On Sat, Nov 12, 2005 at 05:30:58AM -0800, d c wrote: > Just the jails on the host giving me probs. > > I also tried recreating the /etc/ssh/ssh_hostkey but > that didn;t help As a quick test, try moving aside (renaming) the .ssh directory in the home directory of the jail user you're trying this from. If it fixes your issue, then it's a simple matter of wrong host keys and/or client configuration. If not, you may be seeing corruption somewhere. Either way, you definitely want to use the -v option with ssh and look carefully for hints. Bye, Andrea -- Press every key to continue. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: "Smart" Hubs
On Fri, Sep 09, 2005 at 08:39:30AM -0600, Ryan P. Sommers wrote: > Hub in question is a linksys NH1005 v2. > > PS If anyone knows of a hub that's "easy" to find and still is an actuall > good 'ol hub, let me know. Linksys is sort of well known for playing this trick: they call entry level switches "hub" and reserve "switch" for higher-level equipment. Which is fine for people who just have to check email and play Quake, but screws you to no end when you actually need a hub :-/ Google will tell you more about this, as well as suggesting real hubs. I'd recommend to go with Netgear. Bye, Andrea -- Press every key to continue. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sed not working
On Sun, Sep 04, 2005 at 10:51:26AM +0200, Jeremie Le Hen wrote: > > Oh, and by the way: this has nothing to do with hackers@, you should > > have tried questions@ first. > > I agree this has initially a little to do with -hackers@ but the > appearance this thread took in the last messages makes me think > the opposite : I think LANG=C should be hard-coded in the buildworld > process. Well, it was just a "by the way", but I still stand by my opinion. If this is a real bug, it should be brought up on current@, where most developers hang. hackers@ is by now mostly deserted by people in the know, or at best quickly scanned from time to time for subjects that hint at a thread with some value. The signal-to-noise ratio on this list is tragically low these days... Actually, the best way forward would probably be to mail Ruslan directly. Bye, Andrea -- Press every key to continue. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sed not working
On Sat, Sep 03, 2005 at 02:04:52PM +0300, Rein Kadastik wrote: > Well I have one guess here. In estonian alphabet, the z comes > immediately after s and before t. So as the regex orders [a-z] the > characters t, u, v, w, x, y are left out That's expected, and it's well known. You should either force LANG=C or (MUCH better) use [[:alpha:]]. See man re_format(7) for more info. Oh, and by the way: this has nothing to do with hackers@, you should have tried questions@ first. Bye, Andrea -- Press every key to continue. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: IPv4 Link Local support in FreeBSD
On Fri, Jul 22, 2005 at 09:11:01AM +0200, Jeremie Le Hen wrote: > Hi Arul, > > >Does FreeBSD support IPv4 Link Local addresses as per RFC 3927 ? > > I think it's being worked on. IIRC, this is called zeroconf. You can > check the archive for this word if you want to know more. Better yet, check freebsd-net's archives, as that is where networking discussions happen... You can also search for howl, as that's the name of the package that is being used to provide that functionality. That said, I worked on getting the drive behave better; I offered to work with people to integrate the functionality in the rcNG framework, and to work with upstream maintainers to integrate any patches back into howl's distribution. Nobody showed any interest whatsoever in seeing this happen, so I had to quit working on this. Bye, Andrea -- Press every key to continue. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sudden Reboots
On Sun, Oct 03, 2004 at 11:21:14AM -0700, Bruce R. Montague wrote: > > Actually, all Power and PowerPC chips have this... > > Thanks for pointing that out. I believe the entire > line of IBM virtual memory hardware that supports > IBM's form of "inverted page tables" is all directly > related, if not the same, and descends from the > never-completed 1970s-era IBM "Future System" (FS) > project. Or perhaps it was a version redone for the > System/38 that used lessons learned from the FS? Is > this right? The AS/400 has successfully used this > architecture for a long time. Most of the other Don't know. I'm old enough to have worked on those beasts (started out on S/32 and S/36 actually), but I didn't really know them under the hoods. > seem to have never quite caught on. Is this VM unit > and the Power/PowerPC's the same? They "cheat" a bit > with a hash table to keep the cost of the associative > memory down; perhaps increasing its size is the > natural evolution of this VM architecture? Are there > any "true" single-level store OSes running on this > inverted PT hardware? (That is, where RAM is literally This is what I have, and indeed they use hashing: "The RS/6000 uses two types of virtual address. There is a single, flat, system virtual address space with 52-bit addresses. [...] Each process uses 32-bit addresses, and the per-process address space maps into parts of the system address space, [...] The 32-bit process virtual address is divided into 3 parts--a 4-bit segment ID, a 16-bit page index, and a 12-bit offset in the page. Thus the address space comprises 16 segments, and each segment is 256 megabytes in size. [[Incidentally, this is quite a big tradeoff, since it means you only have about 10 segments available, which translates in mmap and shared memory are, ahem, interesting to use on AIX.]] The RS/6000 has 16 segment registers, which are loaded with segment descriptors of the current process. [...] [...] The segment ID identifies the segment register, which is 32 bits in size. It contains a 24-bit segment index, which forms the 24 high-order bits of the system virtual address. This is combined with the 16-bit virtual page index from the process virtual address to form the virtual page number in the system address space. This must be further translated to obtain the physical page number. [...] it maintains an inverted page table called the page frame table (PFT), with one entry for each physical page. The system uses a hashing technique to transalate virtual addresss [...] A data structure called the hash anchor table (HAT) contains information used to convert a system virtual page number to a hash value, which points to a linked list of PFT entries." Source: Uresh Vahalia, Unix Internals: The New Frontier (which by the way I highly recommend regardless of the amount of Unix knowledge). However, as the book points out, the process is slow, so the chip relies on two optimizations: "[...] The RS/6000 maintains two separate TLBs--a 32-entry instruction TLB and a 128-entry data TLB. [[In case of a TLB miss]] the RS/6000 has separate data and instructions caches. The data cache is 32 or 64 kilobytes in size, and the instruction cache is 8 or 32 kilobyes [...] These caches are virtually addressed; therefor, address translation is not required when there is a cache hit." Note that all sizes are severely outdated, and given that the reference Vahalia gives is dated 1994, I suspect they are based on the original POWER CPU. I know for sure recent POWER4 and high-end PowerPC chips (such as the one Apple calls G5) have a lot more. > OS/400 is, but maybe an expert knows for sure? OS/400 > runs on modern AS/400's which use the PowerPC, unless > I'm mistaken... Sorry to have so many questions and > no answers, hopefully the coffee will kick in soon. You are right, AS/400 have been running on POWER or PowerPC for a while now. One of the main advantages to having a HAL that presents a virtual architecture to the OS. Bye, Andrea -- Reboot America. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sudden Reboots
On Fri, Oct 01, 2004 at 08:34:37PM -0700, Bruce R. Montague wrote: > proposed. Instead of having a page table entry for > each page of virtual address space, these systems > have the equivalent of a page table entry for each > page of _physical_ memory. All addresses are effectively [...] > disk-block. This requires more expensive hardware > then a simple addition, but such systems only require > a page table entry for every page of physical memory. > These systems have been built from early days, but > are typically not competitive with VM systems that > require simple addition. (I think the IBM AS/400 is > the only widely-used commercial hardware using this > approach) At some point address space growth, cheap > associative lookup memories, and required page table > size may make this approach competitive. Actually, all Power and PowerPC chips have this... It's one of the reasons why IBM servers based on these chips can boast very low overheads in several areas. Bye, Andrea -- The best things in life are free, but the expensive ones are still worth a look. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ZFS
On Wed, Sep 15, 2004 at 10:59:36AM -0500, Sam wrote: > Call me crazy, but does anyone else see this as hooey? 2^64 512B > sectors is 8192 zettabytes (zetta, exa, peta, tera, ...). [...] > Crappy marketing articles. This one's good though. fortune(6) worthy, I mean: Populating 128-bit file systems would exceed the quantum limits of earth-based storage. You couldn't fill a 128-bit storage pool without boiling the oceans. Bye, Andrea -- Press every key to continue. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: qmail remote patch
On Mon, Jan 19, 2004 at 11:49:35PM +0200, Anton Alin-Adrian wrote: > This patch attempts to implement rfc821 a bit. Also it defines the pos > var as unsigned. Working till now.. Guys? This is *way* off topic for this list. Could you please either discuss this with djb, or just post your patches to ports@, or whatever - as long as you move off this list? Thanks a lot. Bye, Andrea -- Where do you think you're going today? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
