1. Forum
  2. Usenet
  3. COMP.UNIX.BSD.FREEBSD.ANN

  • FreeBSD Status Report - Fourth Quater 2023 (1/2)

    From Lorenzo Salvadore@21:1/5 to All on Fri Feb 16 21:00:07 2024
    FreeBSD Status Report Fourth Quarter 2023

    Here is the fourth 2023 status report, with 18 entries.

    This is the last 2023 quarter. As you have probably noticed, this status report comes later than usual and with fewer reports than the preceding quarter. Indeed, please keep in mind that the last quarter of every year is for many members of our community the quarter of the celebrations for Christmas and for the New Year, which implies that those members will spend more time with their families and will have less time for their favorite voluntary software projects. Thus there is less to report and reports tend to arrive later. But finally, here they are.

    Have a nice read.

    Lorenzo Salvadore, on behalf of the Status Team.

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    A rendered version of this report is available here: https://www.freebsd.org/status/report-2023-10-2023-12/

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
    Table of Contents

    • FreeBSD Team Reports
    □ FreeBSD Core Team
    □ FreeBSD Foundation
    □ FreeBSD Release Engineering Team
    □ Cluster Administration Team
    □ Continuous Integration
    □ Ports Collection
    □ Bugmeister Team and Bugzilla
    • Userland
    □ Service jails — Automatic jailing of rc.d services
    • Kernel
    □ Packrat - NFS client caching on non-volatile storage
    • Architectures
    □ armv7 Ports Quality Assurance
    □ SIMD enhancements for amd64
    • Cloud
    □ OpenStack on FreeBSD
    □ FreeBSD on Microsoft HyperV and Azure
    □ FreeBSD on EC2
    • Documentation
    □ Documentation Engineering Team
    □ FreeBSD Online Editor and Man Page Editor
    □ FreeBSD Wiki
    • Ports
    □ KDE on FreeBSD
    □ State of GNOME 44
    □ GCC on FreeBSD
    • Third Party Projects
    □ Containers and FreeBSD: Pot, Potluck and Potman

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    FreeBSD Team Reports

    Entries from the various official and semi-official teams, as found in the Administration Page.

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    FreeBSD Core Team

    Contact: FreeBSD Core Team <core@FreeBSD.org>

    The FreeBSD Core Team is the governing body of FreeBSD.

    Along the release engineering team, the project dedicates the 14.0-RELEASE to the memory of Hans Petter Selasky.

    14.0-RELEASE

    FreeBSD 14.0 was released at the end of 2023Q4.

    The release notes can be found at

    https://www.freebsd.org/releases/14.0R/relnotes/

    New Release Engineering Team

    After years of serving as the release engineer gjb@ stepped down.

    cperciva@ took over as the new release engineer. karels@ is serving as the new deputy release engineer.

    Core would like to thank gjb@ for his long tenure and the many timely releases he created.

    FreeBSD 2024 Community Survey

    In the end of 2023, Core Team works with the Foundation to do the 2024 community survey.

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    FreeBSD Foundation

    Links:
    FreeBSD Foundation URL: https://freebsdfoundation.org/
    Technology Roadmap URL: https://freebsdfoundation.org/blog/technology-roadmap/ Donate URL: https://freebsdfoundation.org/donate/
    Foundation Partnership Program URL: https://freebsdfoundation.org/our-donors/ freebsd-foundation-partnership-program/
    FreeBSD Journal URL: https://freebsdfoundation.org/journal/
    Foundation Events URL: https://freebsdfoundation.org/our-work/events/

    Contact: Deb Goodkin <deb@FreeBSDFoundation.org>

    The FreeBSD Foundation is a 501(c)(3) non-profit organization dedicated to supporting and promoting the FreeBSD Project and worldwide community, and helping to advance the state of FreeBSD. We do this in both technical and non-technical ways. We are 100% supported by donations from individuals and corporations and those investments help us fund the:

    • Software development projects to implement features and functionality in
    FreeBSD

    • Sponsor and organize conferences and developer summits to provide
    collaborative opportunities and promote FreeBSD

    • Purchase and support of hardware to improve and maintain FreeBSD
    infrastructure,

    • Resources to improve security, quality assurance, and continuous
    integration efforts.

    • Materials and staff needed to promote, educate, and advocate for FreeBSD,

    • Collaboration between commercial vendors and FreeBSD developers,

    • Representation of the FreeBSD Project in executing contracts, license
    agreements, and other legal arrangements that require a recognized legal
    entity.

    We supported FreeBSD in the following ways during the last quarter of 2023:

    OS Improvements

    During the fourth quarter of 2023, 236 src, 47 ports, and 33 doc tree commits identified The FreeBSD Foundation as a sponsor. Some of this Foundation-sponsored work is described in separate report entries:

    • OpenStack on FreeBSD

    • SIMD enhancements for amd64.

    Three new contractors started. Cheng Cui began working full-time on wireless networking. A main goal for Cheng’s project is to assist Bjoern Zeeb with 802.11ac support in iwlwifi. Tom Jones began work to port the Vector Packet Processor (VPP) to FreeBSD. VPP is an open-source, high-performance user space networking stack that provides fast packet processing suitable for software-defined networking and network function virtualization applications. Olivier Certner joined the FreeBSD Foundation as a general FreeBSD developer. Some of Olivier’s contributions so far include:

    • reviewing, fixing, and hardening several security policies aimed at
    limiting process visibility, policies that are based on user identity,
    group membership, or sub-jail membership

    • committing fixes in the login class code, including one that allowed
    unprivileged users to bypass resource limits

    • implementing a secure hardware fix for the Zenbleed issue affecting AMD
    Zen2 processors.

    Here is a sampling of other Foundation-sponsored work completed over the last quarter of 2023:

    • arm64: Add Armv8 rndr random number provider

    • net80211, LinuxKPI, and iwlwifi fixes and improvements

    • OpenSSL: updates to 3.0.11 and 3.0.12

    • Various freebsd-update fixes in preparation for 14.0

    • ssh: Update to OpenSSH 9.5p1

    • Various iommu fixes

    • Various makefs/zfs fixes

    Learn more about our software development work for all of 2023 at https://freebsdfoundation.org/blog/2023-in-review-software-development/.

    FreeBSD Infrastructure

    We approved over $100,000 for a cluster refresh that began in late 2023 and will carry over into the new year by purchasing and shipping 15 new servers to 4 racks generously donated by NYI in their new Chicago facility. The systems specifications were determined by the Cluster Administration team and consist of:

    • 5 package builders

    • 3 web servers

    • 2 package mirrors

    • 2 CI servers

    • 2 firewall/router

    • 1 admin bastion

    More on our 2023 infrastructure support can be found at: https://freebsdfoundation.org/blog/2023-in-review-infrastructure/.

    Continuous Integration and Workflow Improvement

    As part of our continued support of the FreeBSD Project, the Foundation supports a full-time staff member dedicated to improving the Project’s continuous integration system and the test infrastructure. The full update can be found within the quarterly status report.

    Partnerships and Research

    In Q4 I connected with the following people, companies, and organizations: Phil Shafer, who works at Juniper Networks, and I met at All Things Open. He told me about the libxo library and his continuing work on related issues, like rewriting and filtering output to allow richer options that regular expressions provide. Sticking with Juniper, I also met Simon Gerraty at the Vendor Summit and heard his talk on SecureBoot. In alphabetical order, I also met with AMD, Ampere, Center for Internet Security (CIS), Innovate UK, Michael Dexter, Metify, Microsoft, several people at NetApp when I attended their annual conference (Thank you for the invitation!!), NetScaler, NIST, Nozomi Networks, NVIDIA, members of the Open Container Initiative community, OpenSSF, RG Nets, Doug Rabson.

    I greatly appreciated the opportunity to attend NetApp’s annual conference in October. I heard from and connected with experts at NetApp and their partners and customers on topics such as AI and seamless AI data pipelines, hybrid cloud, and green computing. I took the opportunity to hand out some FreeBSD lapel pins 🙂 and I connected with a FreeBSD user and member of the Enterprise
    WG whose company is a NetApp Customer.

    In Q4 we announced the new FreeBSD SSDF Attestation program to help commercial users of FreeBSD comply with new US Government procurement regulations. This program was informed by valuable feedback from NetApp, Metify, and NIST, and the genesis of the idea came thanks to my involvement with open source policy experts, in particular via the OSI’s Open Policy Alliance.

    The Open Container Initiative Technical Oversight Board voted in December to approve Doug Rabson’s proposal to create a Working Group to extend the OCI runtime specification to support FreeBSD. Huge thanks to all involved! An OCI runtime extension for FreeBSD is one of the most frequently requested capabilities and I was happy to play a small role in helping to coordinate this effort so far.

    The Vendor Summit in November was a great event. Huge props to John Baldwin and Anne Dickison for all the work to organize and orchestrate. I got a lot out of the event. Personal highlights were conversations with a diversity of users, the CHERI talk, the end user panel, and Allan’s talk on being an upstream first
    company. For a full recap on our efforts to strengthen partnerships and increase funding in 2023, check out: https://freebsdfoundation.org/blog/2023-in-review-partnerships-and-research/.

    Advocacy

    From organizing and attending events, to creating technical content that educates, and expanding the coverage of FreeBSD in the media, here is a sample of what we did last quarter to support FreeBSD.

    • Helped organize and sponsor the November 2023 Vendor Summit held at NetApp
    in San Jose. Many consider this one of the best summits to date. Be sure to
    check out the videos.

    • Introduced FreeBSD to new and returning folks at All Things Open in North
    Carolina.

    • Provided an overview of FreeBSD 14: Security, Performance, and
    Interoperability; Introducing FreeBSD 14

    • In collaboration with the Core team, released the 2024 FreeBSD Community
    Survey

    • Participated in an interview about FreeBSD: What the Dev Podcast: The
    Evolution of the FreeBSD Project

    • Release the September/October 2023 issue of the FreeBSD Journal now with
    HTML versions of the articles.

    For a full recap of what we did to advocate for FreeBSD in 2023, please check out the Advocacy Year in Review: https://freebsdfoundation.org/blog/2023-in-review-advocacy/
    or the monthly newsletters: https://freebsdfoundation.org/our-work/latest-updates/?filter=newsletter.

    Fundraising

    Thank you to everyone who gave us a financial contribution last quarter to help fund our work to support the Project. You brought us even closer to our goal and we are grateful for your investment in FreeBSD! We are still receiving donations in the mail and will post the final number in mid-February.

    Please consider supporting our efforts in 2024 by making a donation here: https://freebsdfoundation.org/donate/.

    Or, check out our Partnership opportunities here: https://freebsdfoundation.org/our-donors/freebsd-foundation-partnership-program/.

    Legal/FreeBSD IP

    The Foundation owns the FreeBSD trademarks, and it is our responsibility to protect them. We also provide legal support for the core team to investigate questions that arise.

    Go to https://freebsdfoundation.org to find more about how we support FreeBSD and how we can help you!

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    FreeBSD Release Engineering Team

    Links:
    FreeBSD 13.3-RELEASE schedule URL: https://www.freebsd.org/releases/13.3R/schedule/
    FreeBSD releases URL: https://download.freebsd.org/releases/ISO-IMAGES/
    FreeBSD development snapshots URL: https://download.freebsd.org/snapshots/ISO-IMAGES/

    Contact: FreeBSD Release Engineering Team, <re@FreeBSD.org>

    The FreeBSD Release Engineering Team is responsible for setting and publishing release schedules for official project releases of FreeBSD, announcing code freezes and maintaining the respective branches, among other things.

    During the fourth quarter of the year, the Team continued work on 14.0-RELEASE, leading to the final RELEASE build and announcement in November. Planning has started for the upcoming 13.3-RELEASE and 14.1-RELEASE cycles.

    The Release Engineering Team continued providing weekly development snapshot builds for the main and stable/13 branches, and (after 14.0-RELEASE) started weekly builds for stable/14.

    After over a decade as Release Engineering Lead, Glen Barber has retired from the role; his Deputy, Colin Percival, has moved into the Lead role, while Mike Karels has assumed the position of Deputy Release Engineer.

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    Cluster Administration Team

    Links:
    Cluster Administration Team members URL: https://www.freebsd.org/administration/#t-clusteradm

    Contact: Cluster Administration Team <clusteradm@FreeBSD.org>

    FreeBSD Cluster Administration Team members are responsible for managing the machines the Project relies on to synchronize its distributed work and communications.

    In this quarter, the team has worked on the following:

    • Regular support for FreeBSD.org user accounts.

    • Regular disk and parts support (and replacement) for all physical hosts and
    mirrors.

    • Enable mirroring of https://www.FreeBSD.org and https://docs.FreeBSD.org in
    the FreeBSD project-managed mirrors.

    • Cluster refresh, upgrading all hosts and jails to the most recent versions
    of 15-CURRENT, 14-STABLE, 13-STABLE, and 12-STABLE.

    • Begin sunsetting 12-STABLE infrastructure as the branch approaches its end
    of life.

    In addition to these projects, with Modirum generously sponsoring Philip’s time
    for most of October, we were able to bring pkgbase into "preview" production in time for 14.0-RELEASE in November.

    We also installed a new European mirror site in Sjöbo, Sweden, sponsored by Teleservice Skåne AB. Traffic in Europe is now directed roughly equally between
    our existing mirror in Frankfurt (sponsored by Equinix) and the new mirror in Sweden. After well over ten years in service, we plan to decommission our mirror site in the UK during first quarter of 2024. We would like to thank Bytemark Hosting for supporting this mirror for all this time.

    Next quarter, supported by the FreeBSD Foundation, we plan to bring up a new primary cluster site in Chicago.

    FreeBSD Official Mirrors Overview

    Current locations are Australia, Brazil, Germany, Japan (two full mirror sites), Malaysia, South Africa, Sweden, Taiwan, United Kingdom (full mirror site), United States of America — California, New Jersey (primary site), and
    Washington.

    The hardware and network connection have been generously provided by:

    • Bytemark Hosting (decommissioned during 2024Q1)

    • Cloud and SDN Laboratory at BroadBand Tower, Inc

    • Department of Computer Science, National Yang Ming Chiao Tung University

    • Equinix

    • Internet Association of Australia

    • Internet Systems Consortium

    • INX-ZA

    • KDDI Web Communications Inc

    • Malaysian Research & Education Network

    • Metapeer

    • NIC.br

    • Your.Org

    • 365 Data Centers

    • Teleservice Skåne AB (new since 2023Q4)

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    Continuous Integration

    Links:
    FreeBSD Jenkins Instance URL: https://ci.FreeBSD.org
    FreeBSD CI Tinderbox view URL: https://https://tinderbox.freebsd.org
    FreeBSD CI artifact archive URL: https://artifact.ci.FreeBSD.org
    Hosted CI wiki URL: https://wiki.FreeBSD.org/HostedCI
    3rd Party Software CI URL: https://wiki.FreeBSD.org/3rdPartySoftwareCI
    Tickets related to freebsd-testing@ URL: https://bugs.freebsd.org/bugzilla/buglist.cgi?bug_status=open&email1=testing%40FreeBSD.org&emailassigned_to1=1&emailcc1=1&emailtype1=equals
    FreeBSD CI Repository URL: https://github.com/freebsd/freebsd-ci
    dev-ci Mailing List URL: https://lists.FreeBSD.org/subscription/dev-ci

    Contact: Jenkins Admin <jenkins-admin@FreeBSD.org>
    Contact: Li-Wen Hsu <lwhsu@FreeBSD.org>
    Contact: freebsd-testing Mailing List
    Contact: IRC #freebsd-ci channel on EFNet

    In the fourth quarter of 2023, we worked with the project contributors and developers to address their testing requirements. Concurrently, we collaborated with external projects and companies to enhance their products by testing more on FreeBSD.

    Important completed tasks:

    • Adding job to build amd64 architecture with GCC 13. (Thanks jhb@)

    • Adding powerpc64le jobs config for stable-14 (Thanks alfredo@)

    • Updating the build env of jobs of main and stable/14 branches to
    14.0-RELEASE

    Work in progress tasks:

    • Designing and implementing pre-commit CI building and testing and pull/
    merged-request based system (to support the workflow working group)

    • Proof of concept system is in progress.

    • Designing and implementing use of CI cluster to build release artifacts as
    release engineering does, starting with snapshot builds

    • Simplifying CI/test environment setting up for contributors and developers

    • Setting up the CI stage environment and putting the experimental jobs on it

    • Redesigning the hardware test lab and adding more hardware for testing

    • Merge https://reviews.freebsd.org/D38815

    • Merge https://reviews.freebsd.org/D36257

    Open or queued tasks:

    • Collecting and sorting CI tasks and ideas

    • Setting up public network access for the VM guest running tests

    • Implementing use of bare-metal hardware to run test suites

    • Adding drm ports building tests against -CURRENT

    • Planning to run ztest tests

    • Helping more software get FreeBSD support in its CI pipeline (Wiki pages:
    3rdPartySoftwareCI, HostedCI)

    • Working with hosted CI providers to have better FreeBSD support

    Please see freebsd-testing@ related tickets for more WIP information, and do not hesitate to join the effort!

    Sponsor: The FreeBSD Foundation

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    Ports Collection

    Links:
    About FreeBSD Ports URL: https://www.FreeBSD.org/ports/
    Contributing to Ports URL: https://docs.freebsd.org/en/articles/contributing/#ports-contributing

    + Ports Management Team URL: https://www.freebsd.org/portmgr/
    Ports Tarball URL: http://ftp.freebsd.org/pub/FreeBSD/ports/ports/

    Contact: Tobias C. Berner <portmgr-secretary@FreeBSD.org>
    Contact: FreeBSD Ports Management Team <portmgr@FreeBSD.org>

    The Ports Management Team is responsible for overseeing the overall direction of the Ports Tree, building packages, and personnel matters. Below is what happened in the last quarter.

    • According to INDEX, there are currently 31,942 ports in the Ports
    Collection. There are currently ~3,100 open ports PRs. The last quarter saw
    9,424 commits by 157 committers on the main branch and 781 commits by 71
    committers on the 2023Q4 branch. Compared to last quarter, this means a
    hefty decrease in the number of commits on the main branch (down from
    11,454) and slightly fewer backports to the quarterly branch (down from
    828). The number of ports also fell a bit (down from 34,600).

    In Q4 there were around 9424 commits to main. The most active committers where: sunpoet 2946 yuri 861 bofh 793 jbeich 419 fuz 324 eduardo 168 fernape 160 jhale 153 thierry 146 diizzy 123

    During Q4 we welcomed Michael Osipov (michaelo) and Timothy Beyer (beyert) as new committers, but sadly also had to say goodbye to bland, sbruno, hselasky and gjb.

    We invited arrowd, flo and riggs to be part of portmgr-lurkers for the next months.

    Support for FreeBSD 12.x was removed at the end of the quarter.

    The end of Q4 also saw the introduction of subpackages to the ports tree. Similar to when flavors were introduced, new subpackages will require an approval by portmgr before being pushed to the tree. With subpackages it is possible to create multiple packages from a single build of a port.

    The following happened on the infrastructure side: * Packages for 14.0-RELEASE were built * Poudriere was updated to release-3.4

    • Support for FreeBSD 12.x was removed.

    • The no-longer maintained www/qt5-webkit was removed.

    • postgresql11, php80, mysql57, percona57, ghostscript9 were removed.

    • The following default versions changed:

    • perl to 5.36

    • ghostcript to 10

    • corosync to 3

    • Updates to major ports that happened were:

    • ports-mgmt/pkg to 1.20.9

    • ports-mgmt/poudriere to 3.4.0 (subpackage support)

    • KDE-bits to plasma-5.27.10, frameworks-5.112, gear-23.08.4, and beta-2

    • www/chromium to 120.0.6099.129

    • www/firefox to 121.0 (rc1)

    • lang/rust to 1.74.1

    • …​ and many more …​

    During the last quarter, pkgmgr@ ran 26 exp-runs to test various ports upgrades, updates to default versions of ports, subpackage support and base system changes.

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    Bugmeister Team and Bugzilla

    Links:
    Bugmeister team URL: https://www.freebsd.org/administration/#t-bugmeister FreeBSD Bugzilla URL: https://bugs.freebsd.org/bugzilla/

    Contact: Bugmeister <bugmeister@FreeBSD.org>

    Some recent maintenance has been done on our Bugzilla instance:

    • the weekly reminder emails now include the correct values for mfc-* Flags
    queries;

    • the Dashboard page has had an obsolete query removed. (We no longer use the
    'patch-ready' Keyword; it was too much paperwork. Thus, the query on that
    field was useless.);

    • the limit that capped the maximum number of reported PRs at 10000 has been
    raised to 12500.

    In addition, the Wiki documentation on our Bugzilla has been updated:

    • the page https://wiki.freebsd.org/Bugzilla/SearchQueries has been
    substantially reworked:

    □ In particular, documentation about how to search on Flag values has
    been added. (This may not have been done before.) Example: search for
    PRs with Flag 'mfc-stable14' set;

    □ This page may be of interest to all committers and contributors;

    • the page https://wiki.freebsd.org/Bugmeister/BugmeisterQA has also been
    updated; While similar to the above, it is of more specific interest to
    bugmeister and triagers.

    As well, PRs that are specific to FreeBSD 12 are being culled, as 12 has gone out of support as of 20231231.

    A further effort is being made to document our setup of Bugzilla itself, especially with respect to our customizations. This is needed to bring our own repository up to date with what is running on production.

    The number of PRs over the past quarter (and year) has remained consistent. However, we do seem to be closing incoming PRs more quickly these days. For reference: https://bugs.freebsd.org/bugzilla/page.cgi?id=dashboard.html&days=90 .

    The overall number of PRs remains around 11,400.

    Bugmeister is also working towards restarting the Bugathons. See the updated page https://wiki.freebsd.org/Bugathons.

    Bugmeister would like to thank a number of people who have assisted with bugbusting, including Mina Galić, Graham Perrin, Lorenzo Salvadore, and Fernando Apesteguìa, among others.

    In addition, bugmeister would like to thank all the FreeBSD committers who help process the PRs as they come in. Over the last few months we seem to be much closer to steady-state.

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    Userland

    Changes affecting the base system and programs in it.

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    Service jails — Automatic jailing of rc.d services

    Links:
    D40370: Infrastructure for automatic jailing of rc.d-services URL: https://reviews.freebsd.org/D40370
    D40371: automatic service jails: some setup for full functionality of the services in automatic service jails URL:
    https://reviews.freebsd.org/D40371
    D42779: Handbook / rc-article update for Service Jails URL: https://reviews.freebsd.org/D42779

    Contact: Alexander Leidinger <netchild@FreeBSD.org>

    Service jails extend the rc(8) system to allow automatic jailing of rc.d services. A service jail inherits the filesystem of the parent host or jail, but uses all other limits of the jail (process visibility, restricted network access, filesystem mounting permissions, sysvipc, …​) by default. Additional
    configuration allows inheritance of the IPs of the parent, sysvipc, memory page locking, and use of the bhyve virtual machine monitor (vmm(4)).

    If you want to put e.g. local_unbound into a service jail and allow IPv4 and IPv6 access, simply change rc.conf(5) to have:

    local_unbound_svcj_options=net_basic
    local_unbound_svcj=YES

    Note: all base system services are covered in the patches with either name_svcj_options or a hard-coded disabling of the service jails feature where it does not make sense (e.g. pure services which change the runtime configuration but do not start daemons, or where things are run which can not be run in a sensible way inside a jail). As such the local_unbound_svcj_options line above is superfluous and serves just as an example about the amount of configuration needed in total.

    While this does not have the same security benefits as a manual jail setup with a separate filesystem and IP/VNET, it is much easier to set up, while providing some of the security benefits of a jail like hiding other processes of the same user.

    Since the previous service jails status report, the following were added:

    • support for NFS inside jails in the service jails framework (untested),

    • the possibility of jailing other service commands than start and stop,

    • service jails options / config for all base system services in the patch in
    D40371,

    • a first step at documenting the service jails in the Handbook.

    Not all services are tested, but all services are covered with a config.

    Any testing and feedback (even as simple as "service X works in a service jail") is welcome.

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    Kernel

    Updates to kernel subsystems/features, driver support, filesystems, and more.

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    Packrat - NFS client caching on non-volatile storage

    Contact: Rick Macklem <rmacklem@FreeBSD.org>

    NFSv4.1/4.2 provides support for a feature called delegations. When a NFSv4.1/ 4.2 client holds a delegation, the client has certain rights to a file, including a guarantee that no other client will make changes to the file unless the delegation is recalled. As such, when a client holds a delegation for a file, it can aggressively cache the file’s data, knowing that it will not be modified by other clients until it returns the delegation.

    This project is intended to allow the NFSv4.1/4.2 client to aggressively cache file data on client local non-volatile storage, when the client holds a delegation for the file. I created a patch long ago to try and do this for NFSv4.0, but it was never at a stage where it was worth using. This project is a complete rewrite of the patch, done in part because NFSv4.1/4.2 plus other recent NFSv4-related changes make doing this more feasible.

    I now have code running fairly well and hope to have a patch ready for others to test this winter. Early testing shows promise. For a test run of "make buildkernel", the test with and without packrat enabled performed as follows:

    Table 1. NFS operation counts
    NFS operation counts Getattr Lookup Read Write Total RPCs
    with packrats 433506 99254 0 0 371736

    without packrats 2359913 97954 10748 0 2318810

    Table 2. Elapsed Run Time
    Elapsed Run Time (sec) with packrat without packrat
    5561 6203

    As you can see, the packrat case ran a little faster and with fewer RPCs. Although this test was run on my little LAN, it is hoped that a NFSv4.1/4.2 mount over a WAN would show a larger difference in performance. I will note that the packrat cache was primed by unrolling a tarball of FreeBSD’s /usr/src
    into the NFSv4.1/4.2 mount.

    This will be very much an experimental feature, but it is hoped it will allow NFS mounts to be used more effectively, particularly in WAN situations, such as a mobile laptop.

    There is still work to be done, particularly with respect to recovery of delegations after a NFSv4.1/4.2 client restart. Hopefully, the next status report will include a URL that allows downloading of a patch for user testing.

    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    Architectures

    Updating platform-specific features and bringing in support for new hardware platforms.


    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)