Is it a chroot issue? Interestingly, OpenBSD services seem to be moving away from chroot now that it has unveil. (Not that that would help you here and now.)
Yes. In my particular case I was setting up a server for some non-technical users to share files with me via FileZilla. So I use ChrootDirectory %h to restrict users to their home directory. Even if it wouldn't be a security issue to omit this, my users would be confused by seeing the whole /usr, /bin, /var etc. directory hierarchy show up in FileZilla. And even if they could learn their way around it, I don't want them to see the whole directory hierarchy. I just want them to see their own files.
Granted, this could be solved by symlinks if SFTP provided a way other than chroot to change the user-perceived home directory. But the fact that mount --bind works across filesystem namespace changes makes it more robust and useful in my book.
https://unix.stackexchange.com/questions/198590/what-is-a-bi...
There is something here that might solve your problem: nullfs. Check the stack exchange link.
I don't use bsd, so this is just me sharing what I found out.
I think there are a fair few BSD users here, and there are also a lot of us who wonder whether we should be using it for its boringness.
I think Marinelli's blog post was discussed on HN earlier: https://news.ycombinator.com/item?id=41732415
Yes.
Pizazz is interesting when hyping the new new things; boring is interesting when hosting the world.
I'd guess it's not that you're not getting any attention, I'd guess the handful of global infra builders don't stand out in your stats.
I am a humble reporter. I don't have access to most of the Reg's internal stats about who is viewing a page, from where, etc.
I'm just going by the fact that most of my HN submissions got no upvotes and no comments.
One commenter in another discussion said my subs were getting [flagged] and/or [dead] as spam. I only see one sub ever as being flagged. I think it was this one:
https://news.ycombinator.com/item?id=38445020
... Which as it happens did get lots of engagement, then AFAICS due to a misunderstanding of the title got edited, then it got flagged. But I do not know the details.
Saying that, I suppose it's possible that normally this is invisible to me somehow, or that others see stuff as dead that I can't? I don't know.
But CBSD is making trend.
https://www.bsdstore.ru/en/about.html - WebUI with the migration features and the likes.
As well as bhyve control panel (BVCP): https://bhyve.npulse.net/
bHyve is also supported libvirt so you should be able to use virt-manager with bhyve.
FreeBSD is my daily driver as well as OS fot colocation servers. I've have zero issues with bHyve running Linux and Windows virtual machines.
I was surprised by the fact no one actually exploited it (though maybe they copied everything and didn’t tell me) because network traffic, running binaries were all normal.
- BIND
- an MTA/MSA (probably the riskiest thing)
- MySQL (local only)
- PHP + Apache2
- SSH
So the attack surface was larger than you’d think. I only had hundreds of blog visitors to be honest.
But the world has changed over the years. Even the existence of things like residential proxies makes fail2ban pointless nowadays. You have to be better. I was young and foolish and lucky.