src
bastille
Our great sponsors
src | bastille | |
---|---|---|
745 | 26 | |
3,036 | 756 | |
1.4% | 1.6% | |
10.0 | 7.7 | |
2 days ago | about 1 month ago | |
C | Shell | |
- | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
src
-
OpenBSD Upgrade 7.3 to 7.4
The OpenBSD project released 7.4 of their OS on 16 Oct 2023 as their 55th release đź’«
-
OpenBSD System-Call Pinning
Well since https://www.openbsd.org/ still says
> Only two remote holes in the default install, in a heck of a long time!
I'm assuming not, but I could always be mistaken.
- Project Bluefin: an immutable, developer-focused, Cloud-native Linux
-
From Nand to Tetris: Building a Modern Computer from First Principles
> building a cat from scratch
> That would be an interesting project.
Here is the source code of the OpenBSD implementation of cat:
> https://github.com/openbsd/src/blob/master/bin/cat/cat.c
and here of the GNU coreutils implementation:
> https://github.com/coreutils/coreutils/blob/master/src/cat.c
Thus: I don't think building a cat from scratch or creating a tutorial about that topic is particularly hard (even though the HN audience would likely be interested in it). :-)
-
OpenBSD – pinning all system calls
> I don't know how they define `MAX`, but I'm guessing it's a typical "a>b?a:b"
Indeed: https://github.com/openbsd/src/blob/master/sys/sys/param.h#L...
> Then `SYS_kbind` seems to be a signed int.
It's an untyped #define: https://github.com/openbsd/src/blob/master/sys/sys/syscall.h...
I believe your whole analysis is correct, that running an elf file with an openbsd.syscalls entry with .sysno > INT_MAX will allow an out-of-bounds write.
- Une nouvelle mise à jour de Systemd permettra à Linux de bénéficier de l'infâme "écran bleu de la mort" de Windows, mais la fonctionnalité a reçu un accueil très mitigé
-
tmux causing ANSI color-response garbage on attaching?
I can reproduce it. And this is the commit that causes the issue: https://github.com/openbsd/src/commit/d21788ce70be80e9c4ed0c52c149e01147c4a823
-
Sudo-rs' first security audit
This doesn’t really change your conclusion, but I think that’s the wrong file. This is the real doas afaict: https://github.com/openbsd/src/blob/master/usr.bin/doas/doas...
Still just a tidy 1072 lines in that folder though.
I spent 5 minutes staring at your file trying to understand how on earth it does the things in the man page, but of course it doesn’t.
-
OpenBSD: Removing syscall(2) from libc and kernel
OpenBSD developers are making serious effort to kill off indirect syscalls, the base system is completely clean, take a look at the work Andrew Fresh did to adapt Perl. He write a complete syscall "dispatcher" or emulator for the Perl syscall function so that it calls the libc stubs.
https://github.com/openbsd/src/commit/312e26c80be876012ae979...
The ports tree is also being cleansed of syscall(2) usage, until they're all gone.
msyscall, pinsyscall, recent mandatory IBT/BTI, xonly. OpenBSD is making waves, but people aren't really seeing them yet.
-
"<ESC>[31M"? ANSI Terminal security in 2023 and finding 10 CVEs
Actually, I got it wrong, too many vulnerabilities in flight. They did fix it: https://github.com/openbsd/src/commit/375ccafb2eb77de6cf240e...
bastille
-
3 Advantages to Running FreeBSD as Your Server Operating System
> FreeBSD jails don't have a one-command way to install a preconfigured jail for a specific service
FreeBSD does have that tool, its BastilleBSD: https://bastillebsd.org/
For example, this is the Bastillefile for running consul: https://gitlab.com/bastillebsd-templates/consul/-/blob/maste...
-
FreeBSD Jails Containers
A couple of tools which are both working on jail management & packaging
- bastille https://bastillebsd.org
- BastilleBSD
-
Jails on FreeBSD
https://github.com/BastilleBSD/bastille
Bastille also has a sister project 'rocinante' which allows you to use Bastille templates on
- Bastille – System for automating deployment and management of FreeBSD containers
- Bastille – Open-source system for automating management of containers on FreeBSD
-
Are there some sort of "jails images" one can pull to quickly setup popular software stacks?
Not exactly what you’re looking for, but https://bastillebsd.org is maybe a step towards it?
-
pf/opn sense best LINUX alternative
Obviously, not as popular - but having used both - I much prefer jails myself. It seems that they can run on opnsense too: https://eerielinux.wordpress.com/2017/07/15/building-a-bsd-home-router-pt-8-zfs-and-jails/ - though instead of iocage referenced here - I'd suggest using: https://bastillebsd.org/
-
Using Bastille for managing FreeBSD Jails
Want to get deeper into Jails using Bastille enhancement? You can follow this latest Udemy learning platform course: FreeBSD 13.x — Mastering JAILS. You are welcome to take this adventure.
-
Just brings a smile
Take a look at Bastille, it’s a nice way to package/deploy jails somewhat like docker and I’m migrating my older iocage jails to this setup
What are some alternatives?
cosmopolitan - build-once run-anywhere c library
iocage - A FreeBSD jail manager written in Python 3
buttersink - Buttersink is like rsync for btrfs snapshots
ipfw-rules - Ruleset for protecting a single FreeBSD host using IPFW
PHPT - The PHP Interpreter
dashy - 🚀 A self-hostable personal dashboard built for you. Includes status-checking, widgets, themes, icon packs, a UI editor and tons more!
Joomla! - Home of the Joomla! Content Management System
AppJail - Simple and easy-to-use tool for creating portable jails.
ctl - The C Template Library
runj - runj is an experimental, proof-of-concept OCI-compatible runtime for FreeBSD jails.
frr - The FRRouting Protocol Suite
zfsbootmenu - ZFS Bootloader for root-on-ZFS systems with support for snapshots and native full disk encryption