HardenedBSD Survey About secadm
13 views
Skip to first unread message
Shawn Webb
Jan 27, 2026, 1:47:19 PM (6 days ago) Jan 27
to HardenedBSD Users
Hey HardenedBSD Users,
FreeBSD had recently made changes to the MAC subsystem to explicitly
support jails. Way back in HardenedBSD's early days, we added a little
MAC framework hook for jail destruction so that secadm could free up
the resources it (secadm) might have created for that jail.
This new work by FreeBSD will eventually support hooking jail
destruction (this specific hook was not implemented when FreeBSD
landed a more generic jail MAC implementation).
I'm wondering if anyone still uses our secadm tool. If no one uses the
tool, there isn't much any reason to adjust secadm to the new MAC jail
framework. So please let me know if you use secadm, and please include
a list of secadm's features you use. If you use secadm because
hbsdcontrol does not work in your environment (perhaps using a
filesystem that does not support extended attributes), please include
that detail as well.
Effectively: the more info I get, the better decision I can make about
how I spend my spare time.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Signal Username: shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
FreeBSD had recently made changes to the MAC subsystem to explicitly
support jails. Way back in HardenedBSD's early days, we added a little
MAC framework hook for jail destruction so that secadm could free up
the resources it (secadm) might have created for that jail.
This new work by FreeBSD will eventually support hooking jail
destruction (this specific hook was not implemented when FreeBSD
landed a more generic jail MAC implementation).
I'm wondering if anyone still uses our secadm tool. If no one uses the
tool, there isn't much any reason to adjust secadm to the new MAC jail
framework. So please let me know if you use secadm, and please include
a list of secadm's features you use. If you use secadm because
hbsdcontrol does not work in your environment (perhaps using a
filesystem that does not support extended attributes), please include
that detail as well.
Effectively: the more info I get, the better decision I can make about
how I spend my spare time.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Signal Username: shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Reply all
Reply to author
Forward
0 new messages