Skip to content

[hbsd14] fix(resolv): nameserver in jails #110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ELDiablO59152 wants to merge 4 commits into
base: dev
Choose a base branch
from
Open

[hbsd14] fix(resolv): nameserver in jails #110

ELDiablO59152 wants to merge 4 commits into from

Conversation

@ELDiablO59152
Copy link
Member

@ELDiablO59152 ELDiablO59152 commented Oct 30, 2025

Changed

  • [SYSCTL] Comment each setting and improve compatibility with hbsd14

Fixed

  • [RESOLV] Nameserver in jails

@ELDiablO59152 ELDiablO59152 self-assigned this Oct 30, 2025
@ELDiablO59152 ELDiablO59152 added the enhancement New feature or request label Oct 30, 2025
ELDiablO59152
ELDiablO59152 commented Oct 30, 2025
View reviewed changes
etc/sysctl.conf
Comment on lines +1 to +2
# http://netlab.dhis.org/download/software/os_cfg/FBSD/13/base/etc/sysctl.conf
# http://netlab.dhis.org/download/software/os_cfg/FBSD/14/base/etc/sysctl.conf
Copy link
Member Author

@ELDiablO59152 ELDiablO59152 Oct 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can delete my sources if needed.

ELDiablO59152
ELDiablO59152 commented Oct 30, 2025
View reviewed changes
etc/sysctl.conf
security.bsd.unprivileged_proc_debug=0 # Disallow ptrace/debug on other users’ processes
security.bsd.unprivileged_read_msgbuf=0 # Prevent non-root users from reading kernel message buffer

vfs.zfs.bclone_enabled=1 # Allows shallow copies of data blocks (introduced in OpenZFS 2.2).
Copy link
Member Author

@ELDiablO59152 ELDiablO59152 Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Take a moment to identify the need of this setting please.

Copy link
Member

@frikilax frikilax Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I prefer not enabling this for now, as it could cause unexpected problems

Suggested change
vfs.zfs.bclone_enabled=1 # Allows shallow copies of data blocks (introduced in OpenZFS 2.2).
vfs.zfs.bclone_enabled=0 # Allows shallow copies of data blocks (introduced in OpenZFS 2.2).

ELDiablO59152
ELDiablO59152 commented Oct 30, 2025
View reviewed changes
frikilax
frikilax reviewed Oct 30, 2025
View reviewed changes
frikilax
frikilax reviewed Oct 30, 2025
View reviewed changes
frikilax
frikilax reviewed Dec 31, 2025
View reviewed changes
etc/sysctl.conf
security.bsd.unprivileged_proc_debug=0 # Disallow ptrace/debug on other users’ processes
security.bsd.unprivileged_read_msgbuf=0 # Prevent non-root users from reading kernel message buffer

vfs.zfs.bclone_enabled=1 # Allows shallow copies of data blocks (introduced in OpenZFS 2.2).
Copy link
Member

@frikilax frikilax Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I prefer not enabling this for now, as it could cause unexpected problems

Suggested change
vfs.zfs.bclone_enabled=1 # Allows shallow copies of data blocks (introduced in OpenZFS 2.2).
vfs.zfs.bclone_enabled=0 # Allows shallow copies of data blocks (introduced in OpenZFS 2.2).

home/vlt-adm/system/register_vulture_repos.sh
Comment on lines +4 to +10
OS_RELEASE=`/usr/bin/grep 'branch="' $1/etc/hbsd-update.conf | /usr/bin/sed 's/branch="\(.*\)"/\1/'`
OS_BRANCH_VERSION=`/usr/bin/grep 'os_version="' $1/etc/hbsd-update.conf | /usr/bin/sed 's/os_version="\(.*\)"/\1/'`
pkg_url="http://pkg.vultureproject.org/"
vulture_conf="Vulture.conf"
pkg_ca="pkg.vultureproject.org"
update_url="http://updates.vultureproject.org/"
vulture_update_conf="hbsd-update.conf"
update_url="http://hbsd.vultureproject.org/"
vulture_update_conf="hbsd-update-${OS_RELEASE}-${OS_BRANCH_VERSION}.conf"
Copy link
Member

@frikilax frikilax Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

move the dynamic fields in the update_repositories() and control their value and set to default if necessary

frikilax
frikilax reviewed Dec 31, 2025
View reviewed changes
home/vlt-adm/system/register_vulture_repos.sh
Comment on lines +50 to +51
# /bin/mkdir -p "${prefix_dir}/usr/local/etc/pkg/repos"
# /usr/bin/printf "# HardenedBSD are now disabled by default on Vulture\n# Vulture repositories should be enough to go by, but you can delete this file if you want to enable default HBSD repos again\nHardenedBSD: { enabled: no }\n" > ${prefix_dir}/usr/local/etc/pkg/repos/HardenedBSD.disabled.conf
Copy link
Member

@frikilax frikilax Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

delete if unused

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@frikilax frikilax frikilax left review comments

Assignees

@ELDiablO59152 ELDiablO59152

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ELDiablO59152 @frikilax