From owner-freebsd-hackers@FreeBSD.ORG Sun Nov 29 10:14:48 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0CFD4106566B for ; Sun, 29 Nov 2009 10:14:48 +0000 (UTC) (envelope-from ap00@mail.ru) Received: from mx75.mail.ru (mx75.mail.ru [94.100.176.90]) by mx1.freebsd.org (Postfix) with ESMTP id BDBA68FC0A for ; Sun, 29 Nov 2009 10:14:47 +0000 (UTC) Received: from [91.190.115.253] (port=61291 helo=pstation) by mx75.mail.ru with asmtp id 1NEgnl-0009R2-00; Sun, 29 Nov 2009 13:14:46 +0300 Date: Sun, 29 Nov 2009 13:19:02 +0300 From: Anthony Pankov X-Mailer: The Bat! (v1.51) Personal X-Priority: 3 (Normal) Message-ID: <5870478546.20091129131902@mail.ru> To: Clifton Royston In-Reply-To: <20091128182803.GA13793@lava.net> References: <20091128120018.16D2C10656C7@hub.freebsd.org> <20091128182803.GA13793@lava.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam: Not detected X-Mras: Ok Cc: freebsd-hackers@freebsd.org Subject: Re[2]: ucred when euid/egid X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Anthony Pankov List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2009 10:14:48 -0000 Thank you for reply. So, seteuid/gid isn't enough to gain group access as for real uid. But how i can achieve this? What functions should i call from 'theprog' to gain access for the groups euid user belongs to? May be i solve the problem in wrong way? The full problem is: There is a file owned by group filegroup: rw-rw---- someone:filegroup thefile There is a programs data owned by group proggroup: rw-rw---- someone2:proggroup progdata I need a program (theprog) that can access 'thefile' and 'progdata' simultaneously. Program can be executed by anyone. My idea was to seteuid theprog to user who is memeber of one group (filegroup) and setegid theprog to another group (proggroup). In that way i was going to give theprog rights to work with both files. P.S. I don't want to use file ACLs. Saturday, November 28, 2009, 9:28:03 PM, you wrote: >> >> Hello, >> >> I face some misunderstood situation related to the access permissions. >> >> >> There is a program(script) with the suid/sgid (mode 6555): >> >> r-sr-sr-x fuser:proggroup theprog >> >> There is a file: >> rw-rw---- someone:filegroup thefile >> >> >> User 'fuser' (==program euid) have primary group 'filegroup'(==group, >> who can read/write thefile). >> >> Program try to read(write) thefile and fail with permissions. >> >> I don't fully understand why. CR> There is no bug; when you use the suid/sgid facility, the program CR> gains the effective user ID and/or the effective GID of the executable. CR> It does *not* gain any gids which the effective user is added to at CR> login. CR> man seteuid for more info. CR> In what you have shown, theprog has neither the same user (fuser vs. CR> someone) nor the same group (proggroup vs. filegroup) as the file you CR> want it to modify. CR> For what you want to do to work correctly, you would need to either CR> make theprog's ownership be: CR> anyuser:filegroup CR> or CR> fuser:proggroup CR> -- Clifton -- Best regards, Anthony mailto:ap00@mail.ru From owner-freebsd-hackers@FreeBSD.ORG Sun Nov 29 16:05:52 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E0911065670; Sun, 29 Nov 2009 16:05:52 +0000 (UTC) (envelope-from merijn@inconsistent.nl) Received: from mail.inconsistent.nl (unknown [IPv6:2001:888:1744::3]) by mx1.freebsd.org (Postfix) with ESMTP id D341F8FC1B; Sun, 29 Nov 2009 16:05:51 +0000 (UTC) Received: from localhost (unknown [192.168.2.10]) (Authenticated sender: merijn@inconsistent.nl) by mail.inconsistent.nl (Postfix) with ESMTPSA id 6BFB520EB; Sun, 29 Nov 2009 17:05:10 +0100 (CET) Content-Type: multipart/mixed; boundary=----------Tq9rcKATAuiMEk3Wt5nWRG To: freebsd-hackers@freebsd.org, freebsd-rc@freebsd.org Date: Sun, 29 Nov 2009 17:05:03 +0100 MIME-Version: 1.0 From: "Merijn Verstraaten" Message-ID: User-Agent: Opera Mail/10.01 (MacIntel) X-Mailman-Approved-At: Sun, 29 Nov 2009 16:16:28 +0000 Cc: Subject: [patch] Improved jail fstab functionality inside rc.d (needs testers and review) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2009 16:05:52 -0000 ------------Tq9rcKATAuiMEk3Wt5nWRG Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit My apologies if these are the wrong lists for this sort of thing but it was unclear to me where else to go with additions like this. I just finished hacking /etc/rc.d/jail to fix my two pet peeves, currently the rc framework only accepts a single fstab file per jail and (worse!) there is no way to specify the mountpoints in these fstab files relative to the jails root. This makes sharing of mounts (for example all my jails nullfs mounting the same ports tree) very cumbersome. This patch should allow you to specify multiple fstab files in the jail_fstab and jail__fstab variables and mount these in order. In addition the patch mangles the fstab files in such a way that any mountpoint in the fstab files starting with the text "ROOT" will have "ROOT" replaced with the jails rootdir. For example the following situation: rc.conf: jail_test_rootdir="/usr/jails/test" jail_test_fstab="/usr/jails/fstab /usr/jails/fstab.test" /usr/jails/fstab: /usr/ports ROOT/usr/ports nullfs ro 0 0 /usr/jails/fstab.test /path/to/some/folder ROOT/folder nullfs rw 0 0 This should result in /path/to/some/folder being mounted into /usr/jails/test/folder and /usr/ports into /usr/jails/test/usr/ports. Normal mountpoints (i.e. not prefixed with ROOT) should still be mounted as normal. Todo: The code probably needs cleaning up, it tried to confirm to the style of the surrounding code, but I didn't know how to handle stuff which resulted in either lines longer then 80 chars or very ugly line wrapping. Someone more at home in the rc.d framework should probably clean the patch up a little to conform to the style. In addition the "ROOT" prefix is now hardcoded, perhaps this should be a configurable option (jail_prefix) or something instead. If people have the time to review and/or test this patch I'd be grateful any comments/critiques are welcome. Please CC me when replying to this e-mail as I'm not currently subscribed to hackers@ or rc@. Kind regards, Merijn Verstraaten ------------Tq9rcKATAuiMEk3Wt5nWRG Content-Disposition: attachment; filename=jail.diff Content-Type: application/octet-stream; name=jail.diff Content-Transfer-Encoding: Base64 LS0tIC9ldGMvcmMuZC9qYWlsCTIwMDktMTEtMjkgMTQ6NTc6NTEuOTAzODQwNDg4 ICswMTAwCisrKyBqYWlsCTIwMDktMTEtMjkgMTY6Mjg6NTAuNDcxMzU0MjM2ICsw MTAwCkBAIC0zMDIsMTQgKzMwMiwxNyBAQAogCQlmaQogCWZpCiAJaWYgY2hlY2t5 ZXNubyBfbW91bnQ7IHRoZW4KLQkJWyAtZiAiJHtfZnN0YWJ9IiBdIHx8IHdhcm4g IiR7X2ZzdGFifSBkb2VzIG5vdCBleGlzdCIKLQkJdGFpbCAtciAke19mc3RhYn0g fCB3aGlsZSByZWFkIF9kZXZpY2UgX21vdW50cHQgX3Jlc3Q7IGRvCi0JCQljYXNl ICI6JHtfZGV2aWNlfSIgaW4KLQkJCTojKiB8IDopCi0JCQkJY29udGludWUKLQkJ CQk7OwotCQkJZXNhYwotCQkJc2VjdXJlX3Vtb3VudCAke19tb3VudHB0fQorCQlm b3IgX2ZzdGFiX2ZpbGUgaW4gJHtfZnN0YWJ9OyBkbworCQkJWyAtZiAiJHtfZnN0 YWJfZmlsZX0iIF0gfHwgd2FybiAiJHtfZnN0YWJfZmlsZX0gZG9lcyBub3QgZXhp c3QiCisJCQlzZWQgInMjUk9PVCMke19yb290ZGlyfSMiICR7X2ZzdGFiX2ZpbGV9 IHwKKwkJCSAgICB0YWlsIC1yIHwgd2hpbGUgcmVhZCBfZGV2aWNlIF9tb3VudHB0 IF9yZXN0OyBkbworCQkJCWNhc2UgIjoke19kZXZpY2V9IiBpbgorCQkJCTojKiB8 IDopCisJCQkJCWNvbnRpbnVlCisJCQkJCTs7CisJCQkJZXNhYworCQkJCXNlY3Vy ZV91bW91bnQgJHtfbW91bnRwdH0KKwkJCWRvbmUKIAkJZG9uZQogCWZpCiB9CkBA IC0zMjcsNyArMzMwLDggQEAKICMKIGphaWxfbW91bnRfZnN0YWIoKQogewotCWxv Y2FsIF9kZXZpY2UgX21vdW50cHQgX3Jlc3QKKwlsb2NhbCBfZnN0YWJfZmlsZSBf ZGV2aWNlIF9tb3VudHB0IF9yZXN0CisJX2ZzdGFiX2ZpbGU9IiQqIgogCiAJd2hp bGUgcmVhZCBfZGV2aWNlIF9tb3VudHB0IF9yZXN0OyBkbwogCQljYXNlICI6JHtf ZGV2aWNlfSIgaW4KQEAgLTMzNSwxMiArMzM5LDE3IEBACiAJCQljb250aW51ZQog CQkJOzsKIAkJZXNhYwotCQlpZiBpc19zeW1saW5rZWRfbW91bnRwb2ludCAke19t b3VudHB0fTsgdGhlbgotCQkJd2FybiAiJHtfbW91bnRwdH0gaGFzIHN5bWxpbmsg YXMgcGFyZW50IC0gbm90IG1vdW50aW5nIGZyb20gJHtfZnN0YWJ9IgorCQlpZiBb ICR7X21vdW50cHQlJS8qfSA9ICJST09UIiBdOyB0aGVuCisJCQlpZiBpc19zeW1s aW5rZWRfbW91bnRwb2ludCAiJHtfcm9vdGRpcn0vJHtfbW91bnRwdCMqL30iOyB0 aGVuCisJCQkJd2FybiAiJHtfcm9vdGRpcn0vJHtfbW91bnRwdCMqL30gaGFzIHN5 bWxpbmsgYXMgcGFyZW50IC0gbm90IG1vdW50aW5nIGZyb20gJHtfZnN0YWJfZmls ZX0iCisJCQkJcmV0dXJuCisJCQlmaQorCQllbGlmIGlzX3N5bWxpbmtlZF9tb3Vu dHBvaW50ICR7X21vdW50cHR9OyB0aGVuCisJCQl3YXJuICIke19tb3VudHB0fSBo YXMgc3ltbGluayBhcyBwYXJlbnQgLSBub3QgbW91bnRpbmcgZnJvbSAke19mc3Rh Yl9maWxlfSIKIAkJCXJldHVybgogCQlmaQotCWRvbmUgPCR7X2ZzdGFifQotCW1v dW50IC1hIC1GICIke19mc3RhYn0iCisJZG9uZSA8JHtfZnN0YWJfZmlsZX0KKwlz ZWQgInMjUk9PVCMke19yb290ZGlyfSMiICR7X2ZzdGFiX2ZpbGV9IHwgbW91bnQg LWEgLUYgL2Rldi9zdGRpbgogfQogCiAjIGphaWxfc2hvd19hZGRyZXNzZXMgamFp bApAQCAtNTc1LDEwICs1ODQsMTIgQEAKIAkJZmkKIAkJaWYgY2hlY2t5ZXNubyBf bW91bnQ7IHRoZW4KIAkJCWluZm8gIk1vdW50aW5nIGZzdGFiIGZvciBqYWlsICR7 X2phaWx9ICgke19mc3RhYn0pIgotCQkJaWYgWyAhIC1mICIke19mc3RhYn0iIF07 IHRoZW4KLQkJCQllcnIgMyAiJG5hbWU6ICR7X2ZzdGFifSBkb2VzIG5vdCBleGlz dCIKLQkJCWZpCi0JCQlqYWlsX21vdW50X2ZzdGFiCisJCQlmb3IgX2ZzdGFiX2Zp bGUgaW4gJHtfZnN0YWJ9OyBkbworCQkJCWlmIFsgISAtZiAiJHtfZnN0YWJfZmls ZX0iIF07IHRoZW4KKwkJCQkJZXJyIDMgIiRuYW1lOiAke19mc3RhYl9maWxlfSBk b2VzIG5vdCBleGlzdCIKKwkJCQlmaQorCQkJCWphaWxfbW91bnRfZnN0YWIgJHtf ZnN0YWJfZmlsZX0KKwkJCWRvbmUKIAkJZmkKIAkJaWYgY2hlY2t5ZXNubyBfZGV2 ZnM7IHRoZW4KIAkJCSMgSWYgZGV2ZnMgaXMgYWxyZWFkeSBtb3VudGVkIGhlcmUs IHNraXAgaXQuCg== ------------Tq9rcKATAuiMEk3Wt5nWRG-- From owner-freebsd-hackers@FreeBSD.ORG Sun Nov 29 17:06:12 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 23407106566B; Sun, 29 Nov 2009 17:06:12 +0000 (UTC) (envelope-from uqs@spoerlein.net) Received: from acme.spoerlein.net (cl-43.dus-01.de.sixxs.net [IPv6:2a01:198:200:2a::2]) by mx1.freebsd.org (Postfix) with ESMTP id A78738FC16; Sun, 29 Nov 2009 17:06:11 +0000 (UTC) Received: from acme.spoerlein.net (localhost.spoerlein.net [IPv6:::1]) by acme.spoerlein.net (8.14.3/8.14.3) with ESMTP id nATH6957003917 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 29 Nov 2009 18:06:10 +0100 (CET) (envelope-from uqs@spoerlein.net) Received: (from uqs@localhost) by acme.spoerlein.net (8.14.3/8.14.3/Submit) id nATH68lr003915; Sun, 29 Nov 2009 18:06:08 +0100 (CET) (envelope-from uqs@spoerlein.net) Date: Sun, 29 Nov 2009 18:06:08 +0100 From: Ulrich =?utf-8?B?U3DDtnJsZWlu?= To: Maxim Sobolev Message-ID: <20091129170608.GN3406@acme.spoerlein.net> Mail-Followup-To: Maxim Sobolev , Jason Evans , FreeBSD Hackers References: <4B1041EB.9020109@sippysoft.com> <4B1059CA.6040605@FreeBSD.org> <4B10687D.3050209@sippysoft.com> <4B107D29.5030307@FreeBSD.org> <4B10896E.3080201@sippysoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4B10896E.3080201@sippysoft.com> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: FreeBSD Hackers , Jason Evans Subject: Re: heap limits: mmap(2) vs. break(2) on i386 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2009 17:06:12 -0000 On Fri, 27.11.2009 at 18:22:38 -0800, Maxim Sobolev wrote: > Crazy idea, perhaps, but has anyone considered wrapping up sbrk(2) into > mmap(2), so that there is only one memory pool to draw from? Switch to > 64-bit certainly helps, however there are lot of 32-bit machines hanging > around and we will see them for a while in the embedded space. Certainly > current situation with two separate sources of heap memory is not normal. Alternative and very low tech test: - Remove sbrk() from libc and /usr/include - Run port test build - ??? - PROFIT! It shall be interesting to see which ports blow up thanks to sbrk() missing. Regards, Uli From owner-freebsd-hackers@FreeBSD.ORG Sun Nov 29 17:50:08 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9209410656B0; Sun, 29 Nov 2009 17:50:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id 25F008FC1E; Sun, 29 Nov 2009 17:50:08 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 8BDCD41C6A1; Sun, 29 Nov 2009 18:50:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id 3k6bHzodyrpc; Sun, 29 Nov 2009 18:50:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id D031E41C6BB; Sun, 29 Nov 2009 18:50:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 4732544496D; Sun, 29 Nov 2009 17:45:18 +0000 (UTC) Date: Sun, 29 Nov 2009 17:45:18 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Merijn Verstraaten In-Reply-To: Message-ID: <20091129174407.Q37440@maildrop.int.zabbadoz.net> References: X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-hackers@freebsd.org, freebsd-jail@freebsd.org, freebsd-rc@freebsd.org, "Simon L. Nielsen" Subject: Re: [patch] Improved jail fstab functionality inside rc.d (needs testers and review) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2009 17:50:08 -0000 On Sun, 29 Nov 2009, Merijn Verstraaten wrote: > My apologies if these are the wrong lists for this sort of thing but it was > unclear to me where else to go with additions like this. You may try freebsd-jail@ Make sure to get a review from simon@ for this. /bz -- Bjoern A. Zeeb It will not break if you know what you are doing. From owner-freebsd-hackers@FreeBSD.ORG Sun Nov 29 19:03:29 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1E7B610656CD for ; Sun, 29 Nov 2009 19:03:29 +0000 (UTC) (envelope-from xorquewasp@googlemail.com) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.27]) by mx1.freebsd.org (Postfix) with ESMTP id 9857F8FC17 for ; Sun, 29 Nov 2009 19:03:28 +0000 (UTC) Received: by ey-out-2122.google.com with SMTP id 22so875665eye.9 for ; Sun, 29 Nov 2009 11:03:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:received:received :x-authentication-warning:date:from:to:subject:message-id :mime-version:content-type:content-disposition; bh=aAd58l+PyiyzH2eNF+tCT7vSXTN17gqDGONRoo3n1y8=; b=mjk1vTHhvo6lcsFYZS9MEm6vPqapOgIajWFubOXHcqjqr6rpO6O0eOcBu+lWyLKIOg YWe4WMwSjwJjZVYq+49e9H92z6SnspoQPX0Gf/PAbRHdFIDUzlUQ1Kzrfh0PdEc+JynT nObqUXU3vPEQ6fEXCLDC7cNIs2XZOdYac0udk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=x-authentication-warning:date:from:to:subject:message-id :mime-version:content-type:content-disposition; b=xehPveZ+jhF/Dv2YN6fEhUqa33nH1SIXHrgDLdA9VUElrSParNKfQzroeLR+8WbDSP x9Trn0IL69Z+6o1noDSC10O2JraJkjy9HIV4SAHDMLrzb/GO2in9YN02zkm/5gwp3Igf 2b1w0/Ybb200XsFNj69UBKptawtuEsvx4ylP0= Received: by 10.216.90.11 with SMTP id d11mr1113375wef.187.1259521407386; Sun, 29 Nov 2009 11:03:27 -0800 (PST) Received: from viper.internal.network (dsl78-143-202-207.in-addr.fast.co.uk [78.143.202.207]) by mx.google.com with ESMTPS id t2sm8325006gve.24.2009.11.29.11.03.26 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 29 Nov 2009 11:03:26 -0800 (PST) Received: from viper.internal.network (localhost [127.0.0.1]) by viper.internal.network (Postfix) with ESMTP id 4F4EB4AC25 for ; Sun, 29 Nov 2009 19:03:24 +0000 (UTC) Received: (from m0@localhost) by viper.internal.network (8.14.3/8.14.3/Submit) id nATJ3Nf7097052 for freebsd-hackers@freebsd.org; Sun, 29 Nov 2009 19:03:23 GMT (envelope-from xorquewasp@googlemail.com) X-Authentication-Warning: viper.internal.network: m0 set sender to xorquewasp@googlemail.com using -f Date: Sun, 29 Nov 2009 19:03:23 +0000 From: xorquewasp@googlemail.com To: freebsd-hackers@freebsd.org Message-ID: <20091129190323.GA90778@logik.internal.network> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: definitive way to set uname in jail? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2009 19:03:29 -0000 It seems that the only way to set the output of uname in a jail is to define environment variables. Unfortunately, there doesn't seem to be a reliable way to unconditionally set them (a process might do the equivalent of 'env -i /bin/sh' and unset them, etc). Apart from just patching the uname utility before I copy it into a jail, is there really a good way to do this? I would love to just be able to set a sysctl and have this work. $ jls | grep i386 29 127.1.0.13 7.2-i386-gnat_build /usr/jails/7.2-i386-gnat_build $ sudo jexec 29 csh FreeBSD 7.2-i386-gnat_build 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 Regards, xw From owner-freebsd-hackers@FreeBSD.ORG Sun Nov 29 20:13:43 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 300C71065679 for ; Sun, 29 Nov 2009 20:13:43 +0000 (UTC) (envelope-from cliftonr@lava.net) Received: from outgoing03.lava.net (outgoing03.lava.net [IPv6:2001:1888:0:1:202:b3ff:fe1d:6b98]) by mx1.freebsd.org (Postfix) with ESMTP id CD3038FC15 for ; Sun, 29 Nov 2009 20:13:42 +0000 (UTC) Received: from malasada.lava.net (malasada.lava.net [64.65.64.17]) by outgoing03.lava.net (Postfix) with ESMTP id 1DE40101A2; Sun, 29 Nov 2009 10:13:41 -1000 (HST) Received: by malasada.lava.net (Postfix, from userid 102) id F2B74153882; Sun, 29 Nov 2009 10:13:40 -1000 (HST) Date: Sun, 29 Nov 2009 10:13:40 -1000 From: Clifton Royston To: Anthony Pankov Message-ID: <20091129201340.GA7066@lava.net> Mail-Followup-To: Anthony Pankov , freebsd-hackers@freebsd.org References: <20091128120018.16D2C10656C7@hub.freebsd.org> <20091128182803.GA13793@lava.net> <5870478546.20091129131902@mail.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5870478546.20091129131902@mail.ru> User-Agent: Mutt/1.4.2.2i Cc: freebsd-hackers@freebsd.org Subject: Re: ucred when euid/egid X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2009 20:13:43 -0000 On Sun, Nov 29, 2009 at 01:19:02PM +0300, Anthony Pankov wrote: > > Thank you for reply. > > So, seteuid/gid isn't enough to gain group access as for real uid. > But how i can achieve this? What functions should i call from > 'theprog' to gain access for the groups euid user belongs to? > > May be i solve the problem in wrong way? > > The full problem is: > > There is a file owned by group filegroup: > rw-rw---- someone:filegroup thefile > > There is a programs data owned by group proggroup: > > rw-rw---- someone2:proggroup progdata > > I need a program (theprog) that can access 'thefile' and > 'progdata' simultaneously. Program can be executed by anyone. This is a clearer statement of the problem, in terms of what you're trying to accomplish. If you can make the program data owned by a special program user, and require the users of the program to make their files group-accessible by this special filegroup, then you can do it fairly simply, like this: Make each users' "thefile" be owned by group filegroup, for example: rw-rw---- someone:filegroup ~someone/thefile rw-rw---- someone2:filegroup ~someone2/thefile rw-rw---- someone3:filegroup ~someone3/thefile ... Make the program's data file owned by *user* proguser: rw-rw---- proguser:proggroup progdata Now you can make the program setuid proguser/setgid filegroup: r-sr-sr-x proguser:filegroup theprog This lets it be executed by any user and access its own data (via the suid) and the files the users have put into filegroup (via the sgid). Note that the users should not themselves be members of filegroup unless it's OK for them to read/write each others' data. You may need either to provide an sgid utility which can be used to create or chown that file to filegroup, or require them to be put in a shared directory with filegroup gid and the directory sticky bit set. Alteratively you could drop the sgid and simply require the file be group readable/writable by the user's own group. In that case you have r-sr-xr-x proguser:bin theprog and rw-rw---- someone:somegroup ~someone/thefile > My idea was to seteuid theprog to user who is memeber of one group > (filegroup) and setegid theprog to another group (proggroup). In that > way i was going to give theprog rights to work with both files. > > P.S. I don't want to use file ACLs. The standard Unix permissions aren't really extensible in that way. You can do it as I've outlined above; that's getting close to the limits of what you can readily do with the standard permissions. If it gets more complicated, you will need to either do ACLs or something still more creative. sudo, for instance, does allow you to set a vector of groups to match the user you're executing as. It may be possible to leverage the sudo command into doing something more elaborate if you need to, with a suitably crafted sudoers config file; you could also look into the code that sudo uses to set the group vector, but that will require you to write a suid root utility which adds a lot of security risks. Hope this helps, -- Clifton -- Clifton Royston -- cliftonr@iandicomputing.com / cliftonr@lava.net President - I and I Computing * http://www.iandicomputing.com/ Custom programming, network design, systems and network consulting services From owner-freebsd-hackers@FreeBSD.ORG Sun Nov 29 21:54:58 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 349221065670 for ; Sun, 29 Nov 2009 21:54:58 +0000 (UTC) (envelope-from nate@thatsmathematics.com) Received: from euclid.ucsd.edu (euclid.ucsd.edu [132.239.145.52]) by mx1.freebsd.org (Postfix) with ESMTP id F03608FC16 for ; Sun, 29 Nov 2009 21:54:57 +0000 (UTC) Received: from zeno.ucsd.edu (zeno.ucsd.edu [132.239.145.22]) by euclid.ucsd.edu (8.11.7p3+Sun/8.11.7) with ESMTP id nATLsvo23784; Sun, 29 Nov 2009 13:54:57 -0800 (PST) Received: from localhost (neldredg@localhost) by zeno.ucsd.edu (8.11.7p3+Sun/8.11.7) with ESMTP id nATLsu617574; Sun, 29 Nov 2009 13:54:56 -0800 (PST) X-Authentication-Warning: zeno.ucsd.edu: neldredg owned process doing -bs Date: Sun, 29 Nov 2009 13:54:55 -0800 (PST) From: Nate Eldredge X-X-Sender: neldredg@zeno.ucsd.edu To: Clifton Royston In-Reply-To: <20091129201340.GA7066@lava.net> Message-ID: References: <20091128120018.16D2C10656C7@hub.freebsd.org> <20091128182803.GA13793@lava.net> <5870478546.20091129131902@mail.ru> <20091129201340.GA7066@lava.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-hackers@freebsd.org, Anthony Pankov Subject: Re: ucred when euid/egid X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2009 21:54:58 -0000 On Sun, 29 Nov 2009, Clifton Royston wrote: > On Sun, Nov 29, 2009 at 01:19:02PM +0300, Anthony Pankov wrote: >> >> Thank you for reply. >> >> So, seteuid/gid isn't enough to gain group access as for real uid. >> But how i can achieve this? What functions should i call from >> 'theprog' to gain access for the groups euid user belongs to? >> >> May be i solve the problem in wrong way? >> >> The full problem is: >> >> There is a file owned by group filegroup: >> rw-rw---- someone:filegroup thefile >> >> There is a programs data owned by group proggroup: >> >> rw-rw---- someone2:proggroup progdata >> >> I need a program (theprog) that can access 'thefile' and >> 'progdata' simultaneously. Program can be executed by anyone. > > This is a clearer statement of the problem, in terms of what you're > trying to accomplish. > > If you can make the program data owned by a special program user, and > require the users of the program to make their files group-accessible > by this special filegroup, then you can do it fairly simply, like this: > > Make each users' "thefile" be owned by group filegroup, for example: > rw-rw---- someone:filegroup ~someone/thefile > rw-rw---- someone2:filegroup ~someone2/thefile > rw-rw---- someone3:filegroup ~someone3/thefile > ... > > Make the program's data file owned by *user* proguser: > rw-rw---- proguser:proggroup progdata > > Now you can make the program setuid proguser/setgid filegroup: > r-sr-sr-x proguser:filegroup theprog > > This lets it be executed by any user and access its own data (via the > suid) and the files the users have put into filegroup (via the sgid). If you can't make progdata owned by proguser, or if more groups are needed, you might be able to abuse newgrp(1), which will let you run a program with your real and effective gids set to any specified group of which your real uid is a member. This would require, though, that you break the code that requires access to those files into separate programs. (Though maybe they are as simple as cat'ing a file into a pipe or something.) Example: setuid(proguser); FILE *data = popen("echo \"cat progdata\" | newgrp proggroup", "r"); /* read data */ etc. If your program needs to do something really elaborate with the files that can't be factored out into a separate program, you could use newgrp to run a program that opens the file and passes its fd over a unix socket. But then it's really becoming a hack. :) Caution: I haven't tested any of this. -- Nate Eldredge nate@thatsmathematics.com From owner-freebsd-hackers@FreeBSD.ORG Mon Nov 30 11:51:47 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2BE831065676 for ; Mon, 30 Nov 2009 11:51:47 +0000 (UTC) (envelope-from freebsd-hackers@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id DB74C8FC1C for ; Mon, 30 Nov 2009 11:51:46 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.50) id 1NF4nB-0007oA-K2 for freebsd-hackers@freebsd.org; Mon, 30 Nov 2009 12:51:45 +0100 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 30 Nov 2009 12:51:45 +0100 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 30 Nov 2009 12:51:45 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-hackers@freebsd.org From: Ivan Voras Date: Mon, 30 Nov 2009 12:51:31 +0100 Lines: 22 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Thunderbird 2.0.0.23 (X11/20090928) In-Reply-To: Sender: news Subject: Re: [patch] Improved jail fstab functionality inside rc.d (needs testers and review) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2009 11:51:47 -0000 Merijn Verstraaten wrote: > My apologies if these are the wrong lists for this sort of thing but it > was unclear to me where else to go with additions like this. > > I just finished hacking /etc/rc.d/jail to fix my two pet peeves, > currently the rc framework only accepts a single fstab file per jail and > (worse!) there is no way to specify the mountpoints in these fstab files > relative to the jails root. This makes sharing of mounts (for example > all my jails nullfs mounting the same ports tree) very cumbersome. > > This patch should allow you to specify multiple fstab files in the > jail_fstab and jail__fstab variables and mount these in order. In > addition the patch mangles the fstab files in such a way that any > mountpoint in the fstab files starting with the text "ROOT" will have > "ROOT" replaced with the jails rootdir. For example the following > situation: > rc.conf: > jail_test_rootdir="/usr/jails/test" > jail_test_fstab="/usr/jails/fstab /usr/jails/fstab.test" Ah, so you want a single fstab file to be usable for multiple jails, which have identical fs structures. Nice idea. From owner-freebsd-hackers@FreeBSD.ORG Mon Nov 30 14:29:57 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DD0C8106566C for ; Mon, 30 Nov 2009 14:29:56 +0000 (UTC) (envelope-from xorquewasp@googlemail.com) Received: from mail-ew0-f226.google.com (mail-ew0-f226.google.com [209.85.219.226]) by mx1.freebsd.org (Postfix) with ESMTP id 6814C8FC1F for ; Mon, 30 Nov 2009 14:29:56 +0000 (UTC) Received: by ewy26 with SMTP id 26so4147995ewy.3 for ; Mon, 30 Nov 2009 06:29:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:received:received :x-authentication-warning:date:from:to:subject:message-id :mime-version:content-type:content-disposition; bh=xJdHvqWBsr+W7r9ojt2SlJZnSrL/X1N9Kqxg2V19qIQ=; b=MMWd74S7BlHxxNl2Y6GB59JG9J9Hf3TlGDtH62gqT8fEeLdsH9En4tU8zrIZM96JaT /KNH/c1DaMuWd+n6NItRhRZ6/QVEsWMnreMCvDRzrsf6cko3arub9cgjSOWS0oxxk3Bv lW9TE9R6C9wxMIA1QAJr5wfF3bpz0NjWuyT3U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=x-authentication-warning:date:from:to:subject:message-id :mime-version:content-type:content-disposition; b=QFKpT4PBPSsS8BnSUxthvubBg8UkmTwEUenSEZzweTCPksHgSt3FbBQ/nETVC54ZBX IIl7xn2mXhPgjZq+eKn5G5PxrnW3bheIudWOZ4S0R/TNuTKjfls6ZBpN/ZqcJAk+SCmm aAL1em+jMtOZ/OtqkWcjLMj4KWBHrtc3Af1rk= Received: by 10.216.88.85 with SMTP id z63mr1509023wee.129.1259591394707; Mon, 30 Nov 2009 06:29:54 -0800 (PST) Received: from viper.internal.network (dsl78-143-202-207.in-addr.fast.co.uk [78.143.202.207]) by mx.google.com with ESMTPS id g9sm10401301gvc.25.2009.11.30.06.29.53 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 30 Nov 2009 06:29:54 -0800 (PST) Received: from viper.internal.network (localhost [127.0.0.1]) by viper.internal.network (Postfix) with ESMTP id 899774AC25 for ; Mon, 30 Nov 2009 14:29:51 +0000 (UTC) Received: (from m0@localhost) by viper.internal.network (8.14.3/8.14.3/Submit) id nAUETpYt088225 for freebsd-hackers@freebsd.org; Mon, 30 Nov 2009 14:29:51 GMT (envelope-from xorquewasp@googlemail.com) X-Authentication-Warning: viper.internal.network: m0 set sender to xorquewasp@googlemail.com using -f Date: Mon, 30 Nov 2009 14:29:50 +0000 From: xorquewasp@googlemail.com To: freebsd-hackers@freebsd.org Message-ID: <20091130142950.GA86528@logik.internal.network> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: UNIX domain sockets on nullfs still broken? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2009 14:29:57 -0000 jackd (audio/jack) creates a directory in /tmp with a UNIX domain socket in it. Clients connect to this socket to communicate with the server. $ jackd -d oss -r 44100 -p 128 $ ls -alF /tmp/jack-11001/default total 4 drwx------ 2 xw wheel 512 30 Nov 14:19 ./ drwx------ 3 xw wheel 512 30 Nov 14:19 ../ prw-r--r-- 1 xw wheel 0 30 Nov 14:19 jack-ack-fifo-54211-0| prw-r--r-- 1 xw wheel 0 30 Nov 14:19 jack-ack-fifo-54211-1| prw-r--r-- 1 xw wheel 0 30 Nov 14:19 jack-ack-fifo-54211-2| srwxr-xr-x 1 xw wheel 0 30 Nov 14:19 jack_0= srwxr-xr-x 1 xw wheel 0 30 Nov 14:19 jack_ack_0= $ sudo mount_nullfs /tmp/ /jail/k4m/tmp In the jail: k4m$ ls -alF /tmp/jack-11001/default drwx------ 2 xw wheel 512 30 Nov 14:19 ./ drwx------ 3 xw wheel 512 30 Nov 14:19 ../ prw-r--r-- 1 xw wheel 0 30 Nov 14:19 jack-ack-fifo-54211-0| prw-r--r-- 1 xw wheel 0 30 Nov 14:19 jack-ack-fifo-54211-1| prw-r--r-- 1 xw wheel 0 30 Nov 14:19 jack-ack-fifo-54211-2| srwxr-xr-x 1 xw wheel 0 30 Nov 14:19 jack_0= srwxr-xr-x 1 xw wheel 0 30 Nov 14:19 jack_ack_0= k4m$ ktrace jack_showtime jack server not running? k4m$ kdump | grep '/tmp/jack-11001' 76030 initial thread STRU struct sockaddr { AF_LOCAL, /tmp/jack-11001/default/jack_0 } 76030 initial thread NAMI "/tmp/jack-11001/default/jack_0" 76030 initial thread RET connect -1 errno 61 Connection refused $ uname -a FreeBSD viper.internal.network 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 xw From owner-freebsd-hackers@FreeBSD.ORG Mon Nov 30 14:43:19 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BF39106566B for ; Mon, 30 Nov 2009 14:43:19 +0000 (UTC) (envelope-from freebsd-hackers@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id EF27F8FC13 for ; Mon, 30 Nov 2009 14:43:18 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.50) id 1NF7TB-0006aE-CJ for freebsd-hackers@freebsd.org; Mon, 30 Nov 2009 15:43:17 +0100 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 30 Nov 2009 15:43:17 +0100 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 30 Nov 2009 15:43:17 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-hackers@freebsd.org From: Ivan Voras Date: Mon, 30 Nov 2009 15:43:01 +0100 Lines: 39 Message-ID: References: <20091130142950.GA86528@logik.internal.network> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Thunderbird 2.0.0.23 (X11/20090928) In-Reply-To: <20091130142950.GA86528@logik.internal.network> Sender: news Subject: Re: UNIX domain sockets on nullfs still broken? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2009 14:43:19 -0000 xorquewasp@googlemail.com wrote: > jackd (audio/jack) creates a directory in /tmp with a UNIX domain socket > in it. Clients connect to this socket to communicate with the server. > > $ jackd -d oss -r 44100 -p 128 > $ ls -alF /tmp/jack-11001/default > total 4 > drwx------ 2 xw wheel 512 30 Nov 14:19 ./ > drwx------ 3 xw wheel 512 30 Nov 14:19 ../ > prw-r--r-- 1 xw wheel 0 30 Nov 14:19 jack-ack-fifo-54211-0| > prw-r--r-- 1 xw wheel 0 30 Nov 14:19 jack-ack-fifo-54211-1| > prw-r--r-- 1 xw wheel 0 30 Nov 14:19 jack-ack-fifo-54211-2| > srwxr-xr-x 1 xw wheel 0 30 Nov 14:19 jack_0= > srwxr-xr-x 1 xw wheel 0 30 Nov 14:19 jack_ack_0= > > $ sudo mount_nullfs /tmp/ /jail/k4m/tmp > > In the jail: > > k4m$ ls -alF /tmp/jack-11001/default > drwx------ 2 xw wheel 512 30 Nov 14:19 ./ > drwx------ 3 xw wheel 512 30 Nov 14:19 ../ > prw-r--r-- 1 xw wheel 0 30 Nov 14:19 jack-ack-fifo-54211-0| > prw-r--r-- 1 xw wheel 0 30 Nov 14:19 jack-ack-fifo-54211-1| > prw-r--r-- 1 xw wheel 0 30 Nov 14:19 jack-ack-fifo-54211-2| > srwxr-xr-x 1 xw wheel 0 30 Nov 14:19 jack_0= > srwxr-xr-x 1 xw wheel 0 30 Nov 14:19 jack_ack_0= > > k4m$ ktrace jack_showtime > jack server not running? > > k4m$ kdump | grep '/tmp/jack-11001' > 76030 initial thread STRU struct sockaddr { AF_LOCAL, /tmp/jack-11001/default/jack_0 } > 76030 initial thread NAMI "/tmp/jack-11001/default/jack_0" > 76030 initial thread RET connect -1 errno 61 Connection refused I would expect to see this result from the jail since it's obviously a Bad Idea, but does it work from the same (host) machine without the jail in between (i.e. just the nullfs, no jails)? From owner-freebsd-hackers@FreeBSD.ORG Mon Nov 30 14:59:37 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B41D1065670 for ; Mon, 30 Nov 2009 14:59:37 +0000 (UTC) (envelope-from ap00@mail.ru) Received: from mx74.mail.ru (mx74.mail.ru [94.100.176.89]) by mx1.freebsd.org (Postfix) with ESMTP id D7BC38FC18 for ; Mon, 30 Nov 2009 14:59:36 +0000 (UTC) Received: from [91.190.115.253] (port=59456 helo=pstation) by mx74.mail.ru with asmtp id 1NF7ix-0002Bq-00; Mon, 30 Nov 2009 17:59:35 +0300 Date: Mon, 30 Nov 2009 18:03:53 +0300 From: Anthony Pankov X-Mailer: The Bat! (v1.51) Personal X-Priority: 3 (Normal) Message-ID: <3024979203.20091130180353@mail.ru> To: Clifton Royston , Mike Meyer , Nate Eldredge In-Reply-To: <20091129201340.GA7066@lava.net> References: <20091128120018.16D2C10656C7@hub.freebsd.org> <20091128182803.GA13793@lava.net> <5870478546.20091129131902@mail.ru> <20091129201340.GA7066@lava.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam: Not detected X-Mras: Ok Cc: freebsd-hackers@freebsd.org Subject: Re[2]: ucred when euid/egid X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Anthony Pankov List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2009 14:59:37 -0000 Thanks all for comment. As i can understand all suggest to change primordial situation to suit direct use of seteuid/gid. I thought there is a cheat|hack|fix less expensive then redesign current permissions model in my project. So, if there is no way for seteuided program to gain access in accordance to euid group membership and it is not a bug, i'll give up. P.S. In terms of home directories it looked like this: rw-rw---- someone:filegroup ~someone/thefile rw-rw---- someone:proggroup ~someone/progdata rw-rw---- someone2:filegroup ~someone2/thefile rw-rw---- someone2:proggroup ~someone2/progdata rw-rw---- someone3:filegroup ~someone3/thefile rw-rw---- someone3:proggroup ~someone3/progdata ... Sunday, November 29, 2009, 11:13:40 PM, you wrote: CR> On Sun, Nov 29, 2009 at 01:19:02PM +0300, Anthony Pankov wrote: >> >> Thank you for reply. >> >> So, seteuid/gid isn't enough to gain group access as for real uid. >> But how i can achieve this? What functions should i call from >> 'theprog' to gain access for the groups euid user belongs to? >> >> May be i solve the problem in wrong way? >> >> The full problem is: >> >> There is a file owned by group filegroup: >> rw-rw---- someone:filegroup thefile >> >> There is a programs data owned by group proggroup: >> >> rw-rw---- someone2:proggroup progdata >> >> I need a program (theprog) that can access 'thefile' and >> 'progdata' simultaneously. Program can be executed by anyone. CR> This is a clearer statement of the problem, in terms of what you're CR> trying to accomplish. CR> If you can make the program data owned by a special program user, and CR> require the users of the program to make their files group-accessible CR> by this special filegroup, then you can do it fairly simply, like this: CR> Make each users' "thefile" be owned by group filegroup, for example: CR> rw-rw---- someone:filegroup ~someone/thefile CR> rw-rw---- someone2:filegroup ~someone2/thefile CR> rw-rw---- someone3:filegroup ~someone3/thefile CR> ... CR> Make the program's data file owned by *user* proguser: CR> rw-rw---- proguser:proggroup progdata CR> Now you can make the program setuid proguser/setgid filegroup: CR> r-sr-sr-x proguser:filegroup theprog CR> This lets it be executed by any user and access its own data (via the CR> suid) and the files the users have put into filegroup (via the sgid). CR> Note that the users should not themselves be members of filegroup CR> unless it's OK for them to read/write each others' data. You may need CR> either to provide an sgid utility which can be used to create or chown CR> that file to filegroup, or require them to be put in a shared directory CR> with filegroup gid and the directory sticky bit set. CR> Alteratively you could drop the sgid and simply require the file be group CR> readable/writable by the user's own group. In that case you have CR> r-sr-xr-x proguser:bin theprog CR> and CR> rw-rw---- someone:somegroup ~someone/thefile >> My idea was to seteuid theprog to user who is memeber of one group >> (filegroup) and setegid theprog to another group (proggroup). In that >> way i was going to give theprog rights to work with both files. >> >> P.S. I don't want to use file ACLs. CR> The standard Unix permissions aren't really extensible in that way. CR> You can do it as I've outlined above; that's getting close to the CR> limits of what you can readily do with the standard permissions. If it CR> gets more complicated, you will need to either do ACLs or something CR> still more creative. CR> sudo, for instance, does allow you to set a vector of groups to match CR> the user you're executing as. It may be possible to leverage the sudo CR> command into doing something more elaborate if you need to, with a CR> suitably crafted sudoers config file; you could also look into the code CR> that sudo uses to set the group vector, but that will require you to CR> write a suid root utility which adds a lot of security risks. CR> Hope this helps, CR> -- Clifton -- Best regards, Anthony mailto:ap00@mail.ru From owner-freebsd-hackers@FreeBSD.ORG Mon Nov 30 15:01:32 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F2478106566B for ; Mon, 30 Nov 2009 15:01:32 +0000 (UTC) (envelope-from xorquewasp@googlemail.com) Received: from mail-fx0-f218.google.com (mail-fx0-f218.google.com [209.85.220.218]) by mx1.freebsd.org (Postfix) with ESMTP id 557CF8FC13 for ; Mon, 30 Nov 2009 15:01:32 +0000 (UTC) Received: by fxm10 with SMTP id 10so3092051fxm.14 for ; Mon, 30 Nov 2009 07:01:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:received:received :x-authentication-warning:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to; bh=6nQvliBVFHPKuRCLs8MBJKH606jMHgYdRTB744PbSK8=; b=t7XS0X7+Q1zf9UTbM1bhLZxsJqn3UBxdUh+ZeN7Z1YIoaABDWEcZhfknP9XxDt/z4C POrp3gGuQjiGmlMoq3rzIwPWHk6dJKY54bN9TfSCFxaWKRQ6w9OXQ6jwgE06a1DPkQZb T+SqiYwaLIoJmpkeOZj8Jfee5BEHGNLklJdpM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=x-authentication-warning:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to; b=VwJv8eXToPIcykyIyN7OX8zYKcBy4txg5fhXTa2ty/Le4vxk17p/0gVUwQCvT6GT4e 1/nqRT5S9ZKTDOdWbouaGvIUz0sYLXzbbbgEw6XwGmZgrygiQJMkaf4cTeIFyscxyzD1 d2LdRq5lTg0YEMW+c3Ac9nGoxOrUYpXH9yseQ= Received: by 10.216.85.17 with SMTP id t17mr1473568wee.178.1259593291087; Mon, 30 Nov 2009 07:01:31 -0800 (PST) Received: from viper.internal.network (dsl78-143-202-207.in-addr.fast.co.uk [78.143.202.207]) by mx.google.com with ESMTPS id t2sm10460219gve.9.2009.11.30.07.01.29 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 30 Nov 2009 07:01:29 -0800 (PST) Received: from viper.internal.network (localhost [127.0.0.1]) by viper.internal.network (Postfix) with ESMTP id 88EE24AC25; Mon, 30 Nov 2009 15:01:27 +0000 (UTC) Received: (from m0@localhost) by viper.internal.network (8.14.3/8.14.3/Submit) id nAUF1RtK040701; Mon, 30 Nov 2009 15:01:27 GMT (envelope-from xorquewasp@googlemail.com) X-Authentication-Warning: viper.internal.network: m0 set sender to xorquewasp@googlemail.com using -f Date: Mon, 30 Nov 2009 15:01:27 +0000 From: xorquewasp@googlemail.com To: Ivan Voras Message-ID: <20091130150127.GA82188@logik.internal.network> References: <20091130142950.GA86528@logik.internal.network> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Cc: freebsd-hackers@freebsd.org Subject: Re: UNIX domain sockets on nullfs still broken? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2009 15:01:33 -0000 On 2009-11-30 15:43:01, Ivan Voras wrote: > xorquewasp@googlemail.com wrote: > > 76030 initial thread STRU struct sockaddr { AF_LOCAL, /tmp/jack-11001/default/jack_0 } > > 76030 initial thread NAMI "/tmp/jack-11001/default/jack_0" > > 76030 initial thread RET connect -1 errno 61 Connection refused > > I would expect to see this result from the jail since it's obviously a > Bad Idea, but does it work from the same (host) machine without the jail > in between (i.e. just the nullfs, no jails)? Hm, yes, you're right. It does work without a jail involved. What's the sane solution, then, when the only method of communication is unix domain sockets? xw From owner-freebsd-hackers@FreeBSD.ORG Mon Nov 30 15:14:59 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F645106566B for ; Mon, 30 Nov 2009 15:14:59 +0000 (UTC) (envelope-from freebsd-hackers@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id ED11E8FC08 for ; Mon, 30 Nov 2009 15:14:58 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.50) id 1NF7xo-00033R-T3 for freebsd-hackers@freebsd.org; Mon, 30 Nov 2009 16:14:56 +0100 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 30 Nov 2009 16:14:56 +0100 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 30 Nov 2009 16:14:56 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-hackers@freebsd.org From: Ivan Voras Date: Mon, 30 Nov 2009 16:14:40 +0100 Lines: 19 Message-ID: References: <20091130142950.GA86528@logik.internal.network> <20091130150127.GA82188@logik.internal.network> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Thunderbird 2.0.0.23 (X11/20090928) In-Reply-To: <20091130150127.GA82188@logik.internal.network> Sender: news Subject: Re: UNIX domain sockets on nullfs still broken? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2009 15:14:59 -0000 xorquewasp@googlemail.com wrote: > On 2009-11-30 15:43:01, Ivan Voras wrote: >> xorquewasp@googlemail.com wrote: >>> 76030 initial thread STRU struct sockaddr { AF_LOCAL, /tmp/jack-11001/default/jack_0 } >>> 76030 initial thread NAMI "/tmp/jack-11001/default/jack_0" >>> 76030 initial thread RET connect -1 errno 61 Connection refused >> I would expect to see this result from the jail since it's obviously a >> Bad Idea, but does it work from the same (host) machine without the jail >> in between (i.e. just the nullfs, no jails)? > > Hm, yes, you're right. It does work without a jail involved. > > What's the sane solution, then, when the only method of communication > is unix domain sockets? It is a security problem. I think the long-term solution would be to add a sysctl analogous to security.jail.param.securelevel to handle this. I don't think there is a workaround right now. From owner-freebsd-hackers@FreeBSD.ORG Mon Nov 30 15:21:25 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 12804106566C for ; Mon, 30 Nov 2009 15:21:25 +0000 (UTC) (envelope-from dudu@dudu.ro) Received: from mail-fx0-f218.google.com (mail-fx0-f218.google.com [209.85.220.218]) by mx1.freebsd.org (Postfix) with ESMTP id 80D5E8FC0C for ; Mon, 30 Nov 2009 15:21:24 +0000 (UTC) Received: by fxm10 with SMTP id 10so3114365fxm.14 for ; Mon, 30 Nov 2009 07:21:23 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.143.73 with SMTP id t9mr642528fau.89.1259594483212; Mon, 30 Nov 2009 07:21:23 -0800 (PST) In-Reply-To: <20091130150127.GA82188@logik.internal.network> References: <20091130142950.GA86528@logik.internal.network> <20091130150127.GA82188@logik.internal.network> From: Vlad Galu Date: Mon, 30 Nov 2009 17:21:03 +0200 Message-ID: To: xorquewasp@googlemail.com Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-hackers@freebsd.org, Ivan Voras Subject: Re: UNIX domain sockets on nullfs still broken? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2009 15:21:25 -0000 On Mon, Nov 30, 2009 at 5:01 PM, wrote: > On 2009-11-30 15:43:01, Ivan Voras wrote: >> xorquewasp@googlemail.com wrote: >> > =A076030 initial thread STRU =A0struct sockaddr { AF_LOCAL, /tmp/jack-= 11001/default/jack_0 } >> > =A076030 initial thread NAMI =A0"/tmp/jack-11001/default/jack_0" >> > =A076030 initial thread RET =A0 connect -1 errno 61 Connection refused >> >> I would expect to see this result from the jail since it's obviously a >> Bad Idea, but does it work from the same (host) machine without the jail >> in between (i.e. just the nullfs, no jails)? > > Hm, yes, you're right. It does work without a jail involved. > > What's the sane solution, then, when the only method of communication > is unix domain sockets? For redirecting a connection to a UNIX socket to a remote host:port, there's net/unix2tcp. Perhaps you can patch it to go the other way around as well? > > xw > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org= " > From owner-freebsd-hackers@FreeBSD.ORG Tue Dec 1 08:33:12 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C34B7106566B; Tue, 1 Dec 2009 08:33:12 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 4B5588FC18; Tue, 1 Dec 2009 08:33:12 +0000 (UTC) Received: from outgoing.leidinger.net (pD9E2F5A8.dip.t-dialin.net [217.226.245.168]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id C695E84450D; Tue, 1 Dec 2009 09:33:03 +0100 (CET) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id DA21F90BCE; Tue, 1 Dec 2009 09:32:57 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1259656378; bh=MexrQNQkN0sFjwat7S0OEn4bzeLaS7eUEahiq82waxE=; h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=EeIDKwA/xVI2IlCS98KeOXAe6iGgkWRpp+Bsny36tQLl6FCOlIxrSC2mjsZNaPMwd Ptn8dlNfdPfwM/N8RNQoTPGki/ZjGkZ6x8HJEb2/oIMKfANrNC9MVS3GsnZYcUKbC3 wCFJU5LgoYsh6Zjp/IxM9QPWATlBalobyEqWy65LGQLoy976rf1kPIqx1GwMbAyTXw 4FYbhJTk5YbXSWGkiMCI2N70bz45Ija4rP3hH2fdptCFEvgixMuMpWh9EZlmLAUJvA jFHX4Qw6g7mjx44X18d0g5U/Ck7Qkj8I3VFKiNqApfPglPmoEQh4ajSWQjzEZjteVf YhFXT1UCMkRrA== Received: (from www@localhost) by webmail.leidinger.net (8.14.3/8.13.8/Submit) id nB18WvcO067858; Tue, 1 Dec 2009 09:32:57 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Tue, 01 Dec 2009 09:32:56 +0100 Message-ID: <20091201093256.16273npemcgx2aww@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Tue, 01 Dec 2009 09:32:56 +0100 From: Alexander Leidinger To: Ivan Voras References: <20091130142950.GA86528@logik.internal.network> <20091130150127.GA82188@logik.internal.network> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.5) / FreeBSD-8.0 X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: C695E84450D.DCD7A X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=0.56, required 6, autolearn=disabled, ALL_TRUSTED -1.44, BR_SPAMMER_URI 2.00, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1260261185.98299@A2M/t0182a1+CuqQZI22EA X-EBL-Spam-Status: No X-Mailman-Approved-At: Tue, 01 Dec 2009 12:39:13 +0000 Cc: freebsd-hackers@freebsd.org Subject: Re: UNIX domain sockets on nullfs still broken? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 08:33:12 -0000 Quoting Ivan Voras (from Mon, 30 Nov 2009 16:14:40 +0100): > xorquewasp@googlemail.com wrote: >> On 2009-11-30 15:43:01, Ivan Voras wrote: >>> xorquewasp@googlemail.com wrote: >>>> 76030 initial thread STRU struct sockaddr { AF_LOCAL, >>>> /tmp/jack-11001/default/jack_0 } >>>> 76030 initial thread NAMI "/tmp/jack-11001/default/jack_0" >>>> 76030 initial thread RET connect -1 errno 61 Connection refused >>> I would expect to see this result from the jail since it's >>> obviously a Bad Idea, but does it work from the same (host) machine It is not a bad idea, at least not if we talk about mounting something from JailA to JailB. Think about the MySQL socket. I have a jail with MySQL, and I have a jail which wants to connect to it. I do not want to allow network connections between those jails (be it for performance reasons, or that I do not want to involve a network connection, or that I do not want to give the MySQL jail an IP at all or whatever). Solution: give access to the socket via the FS. Ideally by putting the socket in its own directory and mounting this directory over to the jail. A workaround for this scenario is below. >>> without the jail in between (i.e. just the nullfs, no jails)? >> >> Hm, yes, you're right. It does work without a jail involved. >> >> What's the sane solution, then, when the only method of communication >> is unix domain sockets? > > It is a security problem. I think the long-term solution would be to It is a risk-management problem, and as such not the responsability of FreeBSD to enforce it. If the sysadmin wants to shoot in his foot, it is his decision. > add a sysctl analogous to security.jail.param.securelevel to handle this. Do you know the code which is responsible for the reject of access to the socket? If yes I can provide a patch regarding jail.param.something. > I don't think there is a workaround right now. My workaround with MySQL is to have the jail and the socket in the same FS (I would prefer to have them on separate FS). Then you can do a hardlink of the socket into the jail (obviously after each restart of the software, but this can be scripted). This works for me. Bye, Alexander. -- You are capable of planning your future. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From owner-freebsd-hackers@FreeBSD.ORG Tue Dec 1 13:22:28 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 24129106566B for ; Tue, 1 Dec 2009 13:22:28 +0000 (UTC) (envelope-from a_best01@uni-muenster.de) Received: from zivm-exrelay3.uni-muenster.de (ZIVM-EXRELAY3.UNI-MUENSTER.DE [128.176.192.20]) by mx1.freebsd.org (Postfix) with ESMTP id AE1938FC14 for ; Tue, 1 Dec 2009 13:22:27 +0000 (UTC) X-IronPort-AV: E=Sophos;i="4.47,321,1257116400"; d="scan'208";a="19996118" Received: from zivmaildisp1.uni-muenster.de (HELO ZIVMAILUSER05.UNI-MUENSTER.DE) ([128.176.188.85]) by zivm-relay3.uni-muenster.de with ESMTP; 01 Dec 2009 14:22:24 +0100 Received: by ZIVMAILUSER05.UNI-MUENSTER.DE (Postfix, from userid 149459) id 98C5F1B07E7; Tue, 1 Dec 2009 14:22:24 +0100 (CET) Date: Tue, 01 Dec 2009 14:22:23 +0100 (CET) From: Alexander Best Sender: Organization: Westfaelische Wilhelms-Universitaet Muenster To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: Subject: i386_set_ioperm(2)/i386_get_ioperm(2) replacement after switch from x86 to amd64 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 13:22:28 -0000 hi there, i recently switch from x86 to amd64. right now i'm looking for a way to replace i386_set_ioperm(2) and i386_get_ioperm(2) (which are x86 specific). any suggestions? * full /dev/io access is rather nasty * the app i'm developing is using inb/outb opcodes through inline assembly in order to access the parallel port. i tried using ppi(4), but that slows down things dramatically (see: http://lists.freebsd.org/pipermail/freebsd-hackers/2009-July/029188.html) cheers. alex From owner-freebsd-hackers@FreeBSD.ORG Tue Dec 1 14:13:10 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2BA5B1065670 for ; Tue, 1 Dec 2009 14:13:10 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mail.zoral.com.ua (skuns.zoral.com.ua [91.193.166.194]) by mx1.freebsd.org (Postfix) with ESMTP id 8F6378FC0C for ; Tue, 1 Dec 2009 14:13:09 +0000 (UTC) Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua [10.1.1.148]) by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id nB1ED544072384 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 1 Dec 2009 16:13:05 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.3/8.14.3) with ESMTP id nB1ED5g4080601; Tue, 1 Dec 2009 16:13:05 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.3/8.14.3/Submit) id nB1ED5Lk080600; Tue, 1 Dec 2009 16:13:05 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Tue, 1 Dec 2009 16:13:05 +0200 From: Kostik Belousov To: Alexander Best Message-ID: <20091201141305.GZ2368@deviant.kiev.zoral.com.ua> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dwN3S3mscniL3FCL" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on skuns.kiev.zoral.com.ua Cc: freebsd-hackers@freebsd.org Subject: Re: i386_set_ioperm(2)/i386_get_ioperm(2) replacement after switch from x86 to amd64 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 14:13:10 -0000 --dwN3S3mscniL3FCL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Dec 01, 2009 at 02:22:23PM +0100, Alexander Best wrote: > hi there, >=20 > i recently switch from x86 to amd64. right now i'm looking for a way to > replace i386_set_ioperm(2) and i386_get_ioperm(2) (which are x86 specific= ). > any suggestions? >=20 > * full /dev/io access is rather nasty > * the app i'm developing is using inb/outb opcodes through inline assembl= y in > order to access the parallel port. i tried using ppi(4), but that slows d= own > things dramatically (see: > http://lists.freebsd.org/pipermail/freebsd-hackers/2009-July/029188.html) FreeBSD 8.0 supports these syscalls on amd64. --dwN3S3mscniL3FCL Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAksVJHAACgkQC3+MBN1Mb4ilsQCggdsHwU253GWeJolwbhwpxBr4 7FUAn3mMKBXE+93gv/FM1eafLNLceaBY =e4n8 -----END PGP SIGNATURE----- --dwN3S3mscniL3FCL-- From owner-freebsd-hackers@FreeBSD.ORG Tue Dec 1 14:17:40 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4B30B106566B; Tue, 1 Dec 2009 14:17:40 +0000 (UTC) (envelope-from xorquewasp@googlemail.com) Received: from mail-ew0-f226.google.com (mail-ew0-f226.google.com [209.85.219.226]) by mx1.freebsd.org (Postfix) with ESMTP id A17D38FC08; Tue, 1 Dec 2009 14:17:39 +0000 (UTC) Received: by ewy26 with SMTP id 26so5323552ewy.3 for ; Tue, 01 Dec 2009 06:17:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:received:received :x-authentication-warning:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to; bh=tC3reZrhXtSNgneZr+3kOTYksWy6c9IfyRi4q747yQk=; b=k2tU3BOBVi0W0W1traRFhsPLQx5eEwHHfTiVejbPAsPz52nV+0FwDQhlsN1UGWBSte GxHKa1fEsd3rhkPZvWVaJ3wRYw3rHc2Yjec1DUQsbH8/d7vrOseXKrrPg1wVGli0HC7c gu/SZks8IPZFskb6WBp/bhoHRc2qd+yxFUf6M= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=x-authentication-warning:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to; b=HPINnyP/a41+MMHK9AbOJMkH8TZlyDerqLa6hRh4yWDqQAs1yOxqdnVvZNhxdBDMXJ /mZamWjFulP9i8V2SSdp6WPayKHN3BHK5cv6F8tTMqW3Nu2RvISO3lPOWqyluV7OTexV GEs1sMHMTBqatkRkjUXeqFC5byKzYueDvjH54= Received: by 10.216.86.72 with SMTP id v50mr1950055wee.184.1259677058525; Tue, 01 Dec 2009 06:17:38 -0800 (PST) Received: from viper.internal.network (dsl78-143-202-207.in-addr.fast.co.uk [78.143.202.207]) by mx.google.com with ESMTPS id u14sm322930gvf.4.2009.12.01.06.17.37 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 01 Dec 2009 06:17:37 -0800 (PST) Received: from viper.internal.network (localhost [127.0.0.1]) by viper.internal.network (Postfix) with ESMTP id E0ED44AC01; Tue, 1 Dec 2009 14:17:35 +0000 (UTC) Received: (from m0@localhost) by viper.internal.network (8.14.3/8.14.3/Submit) id nB1EHZ8u036799; Tue, 1 Dec 2009 14:17:35 GMT (envelope-from xorquewasp@googlemail.com) X-Authentication-Warning: viper.internal.network: m0 set sender to xorquewasp@googlemail.com using -f Date: Tue, 1 Dec 2009 14:17:35 +0000 From: xorquewasp@googlemail.com To: Alexander Leidinger Message-ID: <20091201141734.GB87939@logik.internal.network> References: <20091130142950.GA86528@logik.internal.network> <20091130150127.GA82188@logik.internal.network> <20091201093256.16273npemcgx2aww@webmail.leidinger.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20091201093256.16273npemcgx2aww@webmail.leidinger.net> Cc: freebsd-hackers@freebsd.org, Ivan Voras Subject: Re: UNIX domain sockets on nullfs still broken? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 14:17:40 -0000 On 2009-12-01 09:32:56, Alexander Leidinger wrote: > > My workaround with MySQL is to have the jail and the socket in the > same FS (I would prefer to have them on separate FS). Then you can do > a hardlink of the socket into the jail (obviously after each restart > of the software, but this can be scripted). This works for me. > Interesting. I'll try it. Thanks. Regards, xw From owner-freebsd-hackers@FreeBSD.ORG Tue Dec 1 15:21:46 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9ECA9106568B for ; Tue, 1 Dec 2009 15:21:46 +0000 (UTC) (envelope-from a_best01@uni-muenster.de) Received: from zivm-exrelay2.uni-muenster.de (ZIVM-EXRELAY2.UNI-MUENSTER.DE [128.176.192.15]) by mx1.freebsd.org (Postfix) with ESMTP id 32AD98FC1B for ; Tue, 1 Dec 2009 15:21:45 +0000 (UTC) X-IronPort-AV: E=Sophos;i="4.47,321,1257116400"; d="scan'208";a="230522651" Received: from zivmaildisp1.uni-muenster.de (HELO ZIVMAILUSER03.UNI-MUENSTER.DE) ([128.176.188.85]) by zivm-relay2.uni-muenster.de with ESMTP; 01 Dec 2009 16:21:40 +0100 Received: by ZIVMAILUSER03.UNI-MUENSTER.DE (Postfix, from userid 149459) id 461DA1B074F; Tue, 1 Dec 2009 16:21:40 +0100 (CET) Date: Tue, 01 Dec 2009 16:21:39 +0100 (CET) From: Alexander Best Sender: Organization: Westfaelische Wilhelms-Universitaet Muenster To: Kostik Belousov Message-ID: In-Reply-To: <20091201141305.GZ2368@deviant.kiev.zoral.com.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org Subject: Re: i386_set_ioperm(2)/i386_get_ioperm(2) replacement after switch from x86 to amd64 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 15:21:46 -0000 i'm getting this during compilation/linking: undefined reference to `i386_set_ioperm' do i need to link against some x86 compat lib? alex ps: also the ioperm manuals are not getting installed on amd64 it seems. Kostik Belousov schrieb am 2009-12-01: > On Tue, Dec 01, 2009 at 02:22:23PM +0100, Alexander Best wrote: > > hi there, > > i recently switch from x86 to amd64. right now i'm looking for a > > way to > > replace i386_set_ioperm(2) and i386_get_ioperm(2) (which are x86 > > specific). > > any suggestions? > > * full /dev/io access is rather nasty > > * the app i'm developing is using inb/outb opcodes through inline > > assembly in > > order to access the parallel port. i tried using ppi(4), but that > > slows down > > things dramatically (see: > > http://lists.freebsd.org/pipermail/freebsd-hackers/2009-July/029188.html) > FreeBSD 8.0 supports these syscalls on amd64. From owner-freebsd-hackers@FreeBSD.ORG Tue Dec 1 15:22:04 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A564106568D; Tue, 1 Dec 2009 15:22:04 +0000 (UTC) (envelope-from linda.messerschmidt@gmail.com) Received: from mail-fx0-f218.google.com (mail-fx0-f218.google.com [209.85.220.218]) by mx1.freebsd.org (Postfix) with ESMTP id C00AC8FC12; Tue, 1 Dec 2009 15:22:03 +0000 (UTC) Received: by fxm10 with SMTP id 10so4175004fxm.14 for ; Tue, 01 Dec 2009 07:22:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=ZlVk5vPIJIJFUjWA3kWoSdVA2QEK26kSQvE3bRa12+g=; b=AtAC1YQghR9a4cseMOKDVpwYftBc7a/SUf+MQ42mnZgfpZFSQNrszw9xdmWAIXh6ud 5bcVV6t6qyirSQSs87UqwwlPJtvIZDM6bhren9ja89uQDSaGw24rAuMSUyJ+G+baLIfA v9PajZf9RIJ3LaNx4g1fAtWjt79xe4gLny97M= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=aov8cfHlx733EMnevnHQ0qnhfnLuDwwcizM8CD5T7/J6TUxgqdF88+LE6QOS82A42Z hREZZz1Im1e8/alVgEdLsVNWJQO1citPQNahY5ypCim6SfB8XMWW+ROefPx9MDpvxeV4 GO2uVyj+E3aV0YXQzTPxf+EJRF8m8XMf2CA8U= MIME-Version: 1.0 Received: by 10.216.89.6 with SMTP id b6mr2097949wef.100.1259680922851; Tue, 01 Dec 2009 07:22:02 -0800 (PST) In-Reply-To: References: <20091130142950.GA86528@logik.internal.network> <20091130150127.GA82188@logik.internal.network> Date: Tue, 1 Dec 2009 10:22:02 -0500 Message-ID: <237c27100912010722g2f6c4647ga82370284bc26e20@mail.gmail.com> From: Linda Messerschmidt To: Ivan Voras Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-hackers@freebsd.org Subject: Re: UNIX domain sockets on nullfs still broken? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 15:22:04 -0000 On Mon, Nov 30, 2009 at 10:14 AM, Ivan Voras wrote: >> What's the sane solution, then, when the only method of communication >> is unix domain sockets? > > It is a security problem. I think the long-term solution would be to add a > sysctl analogous to security.jail.param.securelevel to handle this. Out of curiosity, why is allowing accessing to a Unix domain socket in a filesystem to which a jail has explicitly been allowed access more or less secure than allowing access to a file or a devfs node in a filesystem to which a jail has explicitly been allowed access? From owner-freebsd-hackers@FreeBSD.ORG Tue Dec 1 15:51:13 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9FEDF106568B for ; Tue, 1 Dec 2009 15:51:13 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mail.zoral.com.ua (skuns.zoral.com.ua [91.193.166.194]) by mx1.freebsd.org (Postfix) with ESMTP id EA55A8FC0C for ; Tue, 1 Dec 2009 15:51:12 +0000 (UTC) Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua [10.1.1.148]) by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id nB1FoeTm079986 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 1 Dec 2009 17:50:40 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.3/8.14.3) with ESMTP id nB1Fod3L081021; Tue, 1 Dec 2009 17:50:39 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.3/8.14.3/Submit) id nB1Fodbr081020; Tue, 1 Dec 2009 17:50:39 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Tue, 1 Dec 2009 17:50:39 +0200 From: Kostik Belousov To: Alexander Best Message-ID: <20091201155039.GA2368@deviant.kiev.zoral.com.ua> References: <20091201141305.GZ2368@deviant.kiev.zoral.com.ua> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/T5g/TLNXpBPJeG6" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on skuns.kiev.zoral.com.ua Cc: freebsd-hackers@freebsd.org Subject: Re: i386_set_ioperm(2)/i386_get_ioperm(2) replacement after switch from x86 to amd64 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 15:51:13 -0000 --/T5g/TLNXpBPJeG6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Dec 01, 2009 at 04:21:39PM +0100, Alexander Best wrote: > i'm getting this during compilation/linking: >=20 > undefined reference to `i386_set_ioperm' Libc wrappers for these syscalls are not provided by amd64 libc. Use sysarch(2) to execute them. >=20 > do i need to link against some x86 compat lib? You cannot link 32bit library to amd64 binary. >=20 > alex >=20 > ps: also the ioperm manuals are not getting installed on amd64 it seems. >=20 > Kostik Belousov schrieb am 2009-12-01: > > On Tue, Dec 01, 2009 at 02:22:23PM +0100, Alexander Best wrote: > > > hi there, >=20 > > > i recently switch from x86 to amd64. right now i'm looking for a > > > way to > > > replace i386_set_ioperm(2) and i386_get_ioperm(2) (which are x86 > > > specific). > > > any suggestions? >=20 > > > * full /dev/io access is rather nasty > > > * the app i'm developing is using inb/outb opcodes through inline > > > assembly in > > > order to access the parallel port. i tried using ppi(4), but that > > > slows down > > > things dramatically (see: > > > http://lists.freebsd.org/pipermail/freebsd-hackers/2009-July/029188.h= tml) >=20 > > FreeBSD 8.0 supports these syscalls on amd64. --/T5g/TLNXpBPJeG6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAksVO08ACgkQC3+MBN1Mb4in/ACdHYR0aI+F1NFb8hI/0dX79JT4 NDoAoPC0YXHP/W2BZNVYGPoQ11PizM82 =kjC8 -----END PGP SIGNATURE----- --/T5g/TLNXpBPJeG6-- From owner-freebsd-hackers@FreeBSD.ORG Tue Dec 1 22:21:45 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2254C106566C; Tue, 1 Dec 2009 22:21:45 +0000 (UTC) (envelope-from toksravi@gmail.com) Received: from mail-px0-f200.google.com (mail-px0-f200.google.com [209.85.216.200]) by mx1.freebsd.org (Postfix) with ESMTP id E05EE8FC14; Tue, 1 Dec 2009 22:21:44 +0000 (UTC) Received: by pxi38 with SMTP id 38so212348pxi.28 for ; Tue, 01 Dec 2009 14:21:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:cc:content-type; bh=rRur2puWWyKT05Vkmo/m/lhMqYhre+5KROXc1ApOUUA=; b=YFag+A0bNE4bs6S6eIPlQHcTiKywrTjYcL2dDNEEfbe3IiVm28wson9HPEg7nhd2kc U9Mt/0AH45A8NOws4qEf2NBflewjqmSRDGg1BzaSlojaj0eovfpaBKIjYAODy89XzwQ8 VsiWU2tL7rYD1jGIR7m9P7/H5TdkpgcblwJ7k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:cc:content-type; b=sYT0aXbFsulkm6Zq1mZ5t8724C5ENcZ68/vLaQRCD4H8utS0HRQrc12xXcTyK/ow91 fEkmvb2T6JNV6JL2KrKnRynLmR8WWI4j8VNhvzxj6/zZ9npQIuQeuDbxco5Wb2tpvkF5 WLWGh2IPN77R8hNYtgJm6tfhe30qOp3KjSrYk= MIME-Version: 1.0 Received: by 10.142.60.3 with SMTP id i3mr705192wfa.147.1259704806828; Tue, 01 Dec 2009 14:00:06 -0800 (PST) Date: Tue, 1 Dec 2009 14:00:06 -0800 Message-ID: From: Ravi Shankar To: freebsd-smp@freebsd.org X-Mailman-Approved-At: Tue, 01 Dec 2009 22:28:22 +0000 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-hackers@freebsd.org, freebsd-drivers@freebsd.org Subject: Regarding enabling IOAPIC on Intel Dual core processor based boards having Broadcom controller X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 22:21:45 -0000 Hi, We are using Freebsd6.2 bases OS on our LV 5200 Series Intel Dual Core Xeo= n bases processor(Wolfdale-DP-ULV). In the carrier board hosting the processo= r we have BCM5703 controller. Currently we are using only one core in 32 bit mode and planning to use dua= l core where we need to enable IOAPIC. When IOAPIC is not enabled I see the bcm/bge driver is attached to IRQ10 and everything works fine, but when I enable IOAPIC I still see the boot msgs show that bge is attached to irq10 but the Broadcom controller does not come up. I found interrupt storm on irq17 ( remember without IOAPIC enable there are not IRQ assignments beyond IRQ16),looks like the controller is interrupting on 17 while driver waits o= n 10. When I stop and loader and assign it manually using config command "set hw.pci8.9.INTA.irq=3D=9417=94" , everything works fine. Would be great if s= ome one can throw some light on this IRQ mapping when IOAPIC is enabled and possibl= e fix ( Software or BIOS?) Thanks, Ravi --=20 Thanks, Ravi "The most influential person who will talk to you all day is you, so you should be very careful about what you say to you!" From owner-freebsd-hackers@FreeBSD.ORG Tue Dec 1 23:38:36 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E6D1E1065672 for ; Tue, 1 Dec 2009 23:38:36 +0000 (UTC) (envelope-from ksravi76@yahoo.com) Received: from web33202.mail.mud.yahoo.com (web33202.mail.mud.yahoo.com [209.191.69.150]) by mx1.freebsd.org (Postfix) with SMTP id A6A6D8FC0A for ; Tue, 1 Dec 2009 23:38:36 +0000 (UTC) Received: (qmail 43283 invoked by uid 60001); 1 Dec 2009 23:11:55 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1259709115; bh=VzNKunt8PgwB8eAtjZk8XRp7JLYODXX57Qm4+26todE=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=je7NmZOBh87mRARz/LAWtDph9wSz/9JoqnHjHRv3I2CXgofZ1BjOHMM8WEGUzS2VnvYsiwDQSXJ/WI3eVAs4fIrjhQVL19Cw7g40ll3QlJxsElHdi2YwHsrjkwc64Xln4HUhSLbTtLpzqKPtVvOVzE2N5KLQ196PklwLpCIvSFM= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=RRkUYtr7oU9XMHOV8BdgBNPHSBsg50SCpE0rgjX4PriqzWX+ko4WgaG7hnMPpSG0nOEtsdcjTl2uHmvSp+XcLAstR/WW6uMqQTivKCc7Eras5ALIi8wLfKgU2vlD5IIXxwxkITEr69wMvmElfpEm7ZakvykWLAcnHfI99kUgu7g=; Message-ID: <734342.41538.qm@web33202.mail.mud.yahoo.com> X-YMail-OSG: rbybuhwVM1kA8ws01dilYAV82IIA_QouAKEwTlA41ZxC.LqOkZ6m2VNdKOhvCirnjbpBxN5.Phkijj6GERqH0yJo.mXmVtamOWkqvywgzbBXtCuWpEydNoZbxO.PhoCj8WnUFY8FkunGHREGLQElB5vHpXM6C3d5Ke.9lTQyUJJhRREWmyCweVGK_vgWeMiAAYBneVx.dVqRuwGLJEBI7UNlApNnZZnYVfxtjFzsGEY3FzKhbhrJzJETq6OXnLV58EHNE8waxCjvMfp3QoBIKnl25arPztw8YLvVddA4g0uxc5MjLsSM1dgSgKY4Cgn17wyMIk7IuqiZRZJzKrAEmg-- Received: from [66.129.224.36] by web33202.mail.mud.yahoo.com via HTTP; Tue, 01 Dec 2009 15:11:55 PST X-Mailer: YahooMailClassic/8.1.6 YahooMailWebService/0.8.100.260964 Date: Tue, 1 Dec 2009 15:11:55 -0800 (PST) From: Ravi Shankar To: freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Regarding enabling IOAPIC on Intel Dual core processor based boards having Broadcom controller X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2009 23:38:37 -0000 Hi, We are using Freebsd6.2 bases OS on our LV 5200 Series Intel Dual Core Xeo= n bases processor(Wolfdale-DP-ULV). In the carrier board hosting the proces= sor we have BCM5703 controller. Currently we are using only one core in 32 bit mode and planning to use dua= l core where we need to enable IOAPIC. When IOAPIC is not enabled I see the= bcm/bge driver is attached to IRQ10 and everything works fine, but when I = enable IOAPIC I still see the boot msgs show that bge is attached to irq10 = but the Broadcom controller does not come up. I found interrupt storm on ir= q17 ( remember without IOAPIC enable there are not IRQ assignments beyond I= RQ16),looks like the controller is interrupting on 17 while driver waits on= 10. When I stop and loader and assign it manually using config command "set h= w.pci8.9.INTA.irq=3D=E2=80=9D17=E2=80=9D" , everything works fine. Would be= great if some one can throw some light on this IRQ mapping when IOAPIC is = enabled and possible fix ( Software or BIOS?) NOTE: Other devices ( Intel controller (em driver)) are working fine only t= his BCM5703 is having issues with IOAPIC Thanks, Ravi=0A=0A=0A From owner-freebsd-hackers@FreeBSD.ORG Wed Dec 2 09:59:52 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 44909106568D; Wed, 2 Dec 2009 09:59:52 +0000 (UTC) (envelope-from avg@freebsd.org) Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140]) by mx1.freebsd.org (Postfix) with ESMTP id 508BF8FC19; Wed, 2 Dec 2009 09:59:51 +0000 (UTC) Received: from odyssey.starpoint.kiev.ua (alpha-e.starpoint.kiev.ua [212.40.38.101]) by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id LAA24554; Wed, 02 Dec 2009 11:59:49 +0200 (EET) (envelope-from avg@freebsd.org) Message-ID: <4B163A94.6040806@freebsd.org> Date: Wed, 02 Dec 2009 11:59:48 +0200 From: Andriy Gapon User-Agent: Thunderbird 2.0.0.23 (X11/20090825) MIME-Version: 1.0 To: freebsd-hackers@freebsd.org, freebsd-usb@freebsd.org References: <4911BA93.9030006@icyb.net.ua> <491ABFCD.3060309@icyb.net.ua> <491AC502.9000507@icyb.net.ua> <20081112121410.GA24629@icarus.home.lan> <491ACA19.2040008@icyb.net.ua> <20081112123315.GA24907@icarus.home.lan> <491AD0CB.8050309@icyb.net.ua> <20081112132124.GA25637@icarus.home.lan> <491ADB3B.2090000@icyb.net.ua> <492E952A.80104@icyb.net.ua> <492E9F45.2090404@icyb.net.ua> <492FEE43.5060703@icyb.net.ua> In-Reply-To: <492FEE43.5060703@icyb.net.ua> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: ukbd attachment and root mount X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 09:59:52 -0000 on 28/11/2008 15:12 Andriy Gapon said the following: > on 27/11/2008 15:23 Andriy Gapon said the following: >> I increased debug level in uhub and also switched mouse and keyboard >> ports hoping that order might matter. It didn't. >> >> Here's fresh usbdevs output snippet: >> Controller /dev/usb2: >> addr 1: full speed, self powered, config 1, UHCI root hub(0x0000), >> Intel(0x0000), rev 1.00 >> uhub2 >> port 1 addr 3: low speed, power 100 mA, config 1, USB Keyboard(0x0101), >> CHESEN(0x0a81), rev 1.10 >> ukbd0 >> uhid0 >> port 2 addr 2: low speed, power 98 mA, config 1, USB-PS/2 Optical >> Mouse(0xc040), Logitech(0x046d), rev 24.30 >> ums0 >> >> And here's a new snippet from cold explore dmesg: >> uhub2: uhub_explore: port 1 status 0x0100 0x0001 >> + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> + So, hm, it looks like a change in connection status is reported but >> current status is reported as not connected. >> + I wonder why? Just wanted to followup on this and let you know that the issue seems to be resolved in stable/8, I think that early usb takeover change might have fixed it. The change is not in 8.0. > For now I am blaming this on the keyboard. My wild un-educated guess is > that it takes it too long to come back after controller reset. I don't > have any other explanation at the moment. > > I'll try to get another keyboard (from different vendor) and play with it. -- Andriy Gapon From owner-freebsd-hackers@FreeBSD.ORG Wed Dec 2 06:42:36 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ABC7F106566B for ; Wed, 2 Dec 2009 06:42:36 +0000 (UTC) (envelope-from lujiandong1001@yahoo.com.cn) Received: from web15703.mail.cnb.yahoo.com (web15703.mail.cnb.yahoo.com [202.165.102.70]) by mx1.freebsd.org (Postfix) with SMTP id 1E9C28FC0A for ; Wed, 2 Dec 2009 06:42:35 +0000 (UTC) Received: (qmail 54568 invoked by uid 60001); 2 Dec 2009 06:42:34 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.cn; s=s1024; t=1259736154; bh=R3f9HRtKvpSBM49qG53kpXw9FC8dF2tPK5i36CWKsf0=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=I8JUGjzh6ZZu9fku8PahJzjfXGEk+1zFmtG93M3sREIs3VXftW8vc5+nnDJBu06Nzg6B1DQlaD8mpFgQ7teFwoRgUXGVlVoBRERNCAzItDHi4gRK1sfaA6adhi96PRsPYUnrABbij30korogHwp1eCFl3KiXgiIr68r1MYF26eM= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.cn; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=dAXxSCuCy5NLNrOHCCdrn32otr0ZF1Yw8rrISgj3oVk3/inWXoqPAlTAJHEYJV+2ZagOoTgV25p6FVuvJKYk4g4QgUdBtyQ2srqj/x2wl13ZWVoDFkQ8wUvDTgc4IHcgORxTLmmHIXwVyZoJeAGlR6AoeUJPeRMRR54sFUVdP5k=; Message-ID: <169495.53734.qm@web15703.mail.cnb.yahoo.com> X-YMail-OSG: AFIBPOkVM1kstH2Rp6cZWIfmcbYrog5IXlDz5vRh9WsoTNTgxfqTTJnXIT1ZqjxVT7rO3ky4uUOnt1kj3XwXCpKjvSYvKRq3pPzPnrYtMVlZ7Tu05qRI3Z0PXnLT7y1PWlrNgGQiEeGUdzMZjzaYMVzFbR3Vs_sTuN8PiS0Fa4hP3KeLC7qvhs934dlVarlFsUbcN3fYZ_5Sp2lwDz7Hc.SiY8zBDzyy3WYRoW5OLY_nm5ugBFgExkCdByHd23E- Received: from [218.241.83.19] by web15703.mail.cnb.yahoo.com via HTTP; Wed, 02 Dec 2009 14:42:34 CST X-Mailer: YahooMailRC/211.6 YahooMailWebService/0.8.100.260964 Date: Wed, 2 Dec 2009 14:42:34 +0800 (CST) From: Jiandong Lu To: freebsd-hackers@freebsd.org MIME-Version: 1.0 X-Mailman-Approved-At: Wed, 02 Dec 2009 12:37:02 +0000 Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: about zlib on FreeBSD X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 06:42:36 -0000 zlib package of ms windows could handle .zip archives,it compiles minizip i= nto the zip library.=0Athe library libz on FreeBSD does not compiles minizi= p. Should we merge minizip into libz ? =0AMinizip's licence is the same to = zlib,so there is no licence barrie.=0Aminizip has only three samll *.c fil= es.If we merge minizip into libz, libz's size would not be larger too much= .=0A=0Abtw,I maintain some servers both on windpws and FreeBSD now.They use= zlib on windows,and I have compiled minizip on FreeBSD for my projects.I h= ope that minizip =0Awill be merged into libz on FreeBSD.=0AThanks=0A=0A=0A= =0A ___________________________________________________________ =0A = =BA=C3=CD=E6=BA=D8=BF=A8=B5=C8=C4=E3=B7=A2=A3=AC=D3=CA=CF=E4=BA=D8=BF=A8=C8= =AB=D0=C2=C9=CF=CF=DF=A3=A1 =0Ahttp://card.mail.cn.yahoo.com/ From owner-freebsd-hackers@FreeBSD.ORG Wed Dec 2 10:16:16 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B825106566B; Wed, 2 Dec 2009 10:16:16 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id B6F268FC17; Wed, 2 Dec 2009 10:16:15 +0000 (UTC) Received: from outgoing.leidinger.net (pD9E2FBC5.dip.t-dialin.net [217.226.251.197]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id F1C3B84402B; Wed, 2 Dec 2009 11:16:07 +0100 (CET) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id 009F511ABE4; Wed, 2 Dec 2009 11:16:02 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1259748963; bh=fO4qMdDcRjlFaewBC5qr5Bxf75XuivVYGdwkjCaimFc=; h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=v5fGcEpDvgnazgbiiZCHSL8W2GLiZlTQzGC8bkUZ56n/Dvo00alPFPpPo8a9jtuBt DCs7WdgKNxuY//SQ3ya1pWF6B9N6mIL+x9eOD/LrZaBAn6XSX6Gx5HmhehJlzW/vIU ZSpgVT2mMx4R8Tx2kAdFbsrizwDXMlf25aXljW1HoQUx9zj99AMqoKFF8xt57OFtHP p4iD0yvLYMyk2Ke1ftJBm0U3HJ6MAnR81R23iTY+oO6luAxPC0cf1KyTRnuDG1P/lU JgkXqow3+cHHXS9pkPyhNpd4rYlclxAOlEPVgr7QcEGaSbiwLSZSNzM3Lvj5cQnx0G NUWYhFMz3iQbQ== Received: (from www@localhost) by webmail.leidinger.net (8.14.3/8.13.8/Submit) id nB2AG1kE059266; Wed, 2 Dec 2009 11:16:01 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Wed, 02 Dec 2009 11:16:00 +0100 Message-ID: <20091202111600.12126yini7bmy4o4@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Wed, 02 Dec 2009 11:16:00 +0100 From: Alexander Leidinger To: Linda Messerschmidt References: <20091130142950.GA86528@logik.internal.network> <20091130150127.GA82188@logik.internal.network> <237c27100912010722g2f6c4647ga82370284bc26e20@mail.gmail.com> In-Reply-To: <237c27100912010722g2f6c4647ga82370284bc26e20@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.5) / FreeBSD-8.0 X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: F1C3B84402B.A6847 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-1.363, required 6, autolearn=disabled, ALL_TRUSTED -1.44, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, TW_EV 0.08) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1260353769.46737@Om5UE66HZhgxyyirppr5EQ X-EBL-Spam-Status: No X-Mailman-Approved-At: Wed, 02 Dec 2009 12:37:16 +0000 Cc: freebsd-hackers@freebsd.org, Ivan Voras Subject: Re: UNIX domain sockets on nullfs still broken? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 10:16:16 -0000 Quoting Linda Messerschmidt (from Tue, 1 Dec 2009 10:22:02 -0500): > On Mon, Nov 30, 2009 at 10:14 AM, Ivan Voras wrote: >>> What's the sane solution, then, when the only method of communication >>> is unix domain sockets? >> >> It is a security problem. I think the long-term solution would be to add a >> sysctl analogous to security.jail.param.securelevel to handle this. > > Out of curiosity, why is allowing accessing to a Unix domain socket in > a filesystem to which a jail has explicitly been allowed access more > or less secure than allowing access to a file or a devfs node in a > filesystem to which a jail has explicitly been allowed access? Answer A: There is no difference. Answer B: You open up a direct communication channel between two systems, which may not have been able to communicate before (firewall rules, ...). With files you can do something similar too, but having a socket there makes it more easy and you do not need to write extra code. It is similar to enabling SHM access in jails (currently all jails share the same SHM area). And depending on the application with the socket, you may be able to change files on the other side, to which you do not have access to otherwise (think about a daemon which changes passwords...). Answer A is good if you control what is run where and how, and if you use jails for easy data migration and program separation (lightweight virtualization). Answer B is valid if you are an ISP which rents jails (in this case you do not share a FS read-write anyway (at leat you shouldn't) and the point does not really matter). Pick the answer depending on your viewpoint / security requirements and the software you are using. As both points are valid, we should provide the possibility to have both situations working. Bye, Alexander. -- Is death legally binding? http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From owner-freebsd-hackers@FreeBSD.ORG Wed Dec 2 12:50:00 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 28B6D1065672 for ; Wed, 2 Dec 2009 12:50:00 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id E16D98FC13 for ; Wed, 2 Dec 2009 12:49:59 +0000 (UTC) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id 2F2D66D41B; Wed, 2 Dec 2009 12:49:59 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 0B605844E8; Wed, 2 Dec 2009 13:49:59 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Jiandong Lu References: <169495.53734.qm@web15703.mail.cnb.yahoo.com> Date: Wed, 02 Dec 2009 13:49:58 +0100 In-Reply-To: <169495.53734.qm@web15703.mail.cnb.yahoo.com> (Jiandong Lu's message of "Wed, 2 Dec 2009 14:42:34 +0800 (CST)") Message-ID: <867ht5o809.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.95 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-hackers@freebsd.org Subject: Re: about zlib on FreeBSD X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 12:50:00 -0000 Jiandong Lu writes: > zlib package of ms windows could handle .zip archives, it compiles > minizip into the zip library. Firstly, zlib is one thing and one thing only, namely the reference implementation of Jean-Loup Gailly's gzip (aka. deflate) compression algorithm. See zlib.net. Secondly, Microsoft don't maintain official packages of third-party software, so there is no such thing as "zlib package of ms windows". Various projects (Cygwin, MSYS, MinGW, GNUWin32) ship pre-compiled zlib binaries for Windows, but none of the four I mentioned include zip support in their version of zlib. > Should we merge minizip into libz ?=20 No. Why should we? If you want to create or unpack .zip files on FreeBSD, use tar(1). DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-hackers@FreeBSD.ORG Wed Dec 2 13:01:43 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DDB971065670 for ; Wed, 2 Dec 2009 13:01:43 +0000 (UTC) (envelope-from vince@unsane.co.uk) Received: from ostracod.unsane.co.uk (unsane-pt.tunnel.tserv5.lon1.ipv6.he.net [IPv6:2001:470:1f08:110::2]) by mx1.freebsd.org (Postfix) with ESMTP id 688448FC2F for ; Wed, 2 Dec 2009 13:01:43 +0000 (UTC) Received: from vhoffman.lon.namesco.net (53.78-246-213.ippool.namesco.net [213.246.78.53]) (authenticated bits=0) by ostracod.unsane.co.uk (8.14.3/8.14.3) with ESMTP id nB2D285D009412 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 2 Dec 2009 13:02:09 GMT (envelope-from vince@unsane.co.uk) Message-ID: <4B166532.3040108@unsane.co.uk> Date: Wed, 02 Dec 2009 13:01:38 +0000 From: Vincent Hoffman User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= References: <169495.53734.qm@web15703.mail.cnb.yahoo.com> <867ht5o809.fsf@ds4.des.no> In-Reply-To: <867ht5o809.fsf@ds4.des.no> X-Enigmail-Version: 0.96.0 X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Jiandong Lu , freebsd-hackers@freebsd.org Subject: Re: about zlib on FreeBSD X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 13:01:43 -0000 Dag-Erling Smørgrav wrote: > Jiandong Lu writes: > >> zlib package of ms windows could handle .zip archives, it compiles >> minizip into the zip library. >> > > Firstly, zlib is one thing and one thing only, namely the reference > implementation of Jean-Loup Gailly's gzip (aka. deflate) compression > algorithm. See zlib.net. > > Secondly, Microsoft don't maintain official packages of third-party > software, so there is no such thing as "zlib package of ms windows". > Various projects (Cygwin, MSYS, MinGW, GNUWin32) ship pre-compiled zlib > binaries for Windows, but none of the four I mentioned include zip > support in their version of zlib. > > >> Should we merge minizip into libz ? >> > > No. Why should we? > > If you want to create or unpack .zip files on FreeBSD, use tar(1). > > DES > To be fair, bsdtar(1) on my 8-STABLE box says it can read but not that it can create zipfiles. It it can create them that would be handy. Vince From owner-freebsd-hackers@FreeBSD.ORG Wed Dec 2 13:12:38 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7945F106566B for ; Wed, 2 Dec 2009 13:12:38 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id 3BED98FC13 for ; Wed, 2 Dec 2009 13:12:38 +0000 (UTC) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id CF2816D41B; Wed, 2 Dec 2009 13:12:36 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id A3CF7844E9; Wed, 2 Dec 2009 14:12:36 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Vincent Hoffman References: <169495.53734.qm@web15703.mail.cnb.yahoo.com> <867ht5o809.fsf@ds4.des.no> <4B166532.3040108@unsane.co.uk> Date: Wed, 02 Dec 2009 14:12:36 +0100 In-Reply-To: <4B166532.3040108@unsane.co.uk> (Vincent Hoffman's message of "Wed, 02 Dec 2009 13:01:38 +0000") Message-ID: <863a3to6yj.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.95 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: Jiandong Lu , freebsd-hackers@freebsd.org Subject: Re: about zlib on FreeBSD X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 13:12:38 -0000 Vincent Hoffman writes: > To be fair, bsdtar(1) on my 8-STABLE box says it can read but not that > it can create zipfiles. Huh, I thought Tim had fixed that long ago. Well, there's always /usr/ports/archivers/zip, or you can send patches to kientzle@ :) DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-hackers@FreeBSD.ORG Wed Dec 2 14:29:50 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B9FA106566C for ; Wed, 2 Dec 2009 14:29:50 +0000 (UTC) (envelope-from joerg@britannica.bec.de) Received: from www.sonnenberger.org (www.sonnenberger.org [92.79.50.50]) by mx1.freebsd.org (Postfix) with ESMTP id D13648FC29 for ; Wed, 2 Dec 2009 14:29:49 +0000 (UTC) Received: from britannica.bec.de (www.sonnenberger.org [192.168.1.10]) by www.sonnenberger.org (Postfix) with ESMTP id 6B3C966740 for ; Wed, 2 Dec 2009 15:12:12 +0100 (CET) Received: by britannica.bec.de (Postfix, from userid 1000) id 7AC6315C53; Wed, 2 Dec 2009 15:12:10 +0100 (CET) Date: Wed, 2 Dec 2009 15:12:10 +0100 From: Joerg Sonnenberger To: freebsd-hackers@freebsd.org Message-ID: <20091202141210.GB5425@britannica.bec.de> Mail-Followup-To: freebsd-hackers@freebsd.org References: <169495.53734.qm@web15703.mail.cnb.yahoo.com> <867ht5o809.fsf@ds4.des.no> <4B166532.3040108@unsane.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4B166532.3040108@unsane.co.uk> User-Agent: Mutt/1.5.20 (2009-06-14) Subject: Re: about zlib on FreeBSD X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 14:29:50 -0000 On Wed, Dec 02, 2009 at 01:01:38PM +0000, Vincent Hoffman wrote: > To be fair, bsdtar(1) on my 8-STABLE box says it can read but not that > it can create zipfiles. > It it can create them that would be handy. The support for zip creation hasn't been merged yet. Joerg From owner-freebsd-hackers@FreeBSD.ORG Wed Dec 2 17:43:22 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 481B31065693 for ; Wed, 2 Dec 2009 17:43:22 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outK.internet-mail-service.net (outk.internet-mail-service.net [216.240.47.234]) by mx1.freebsd.org (Postfix) with ESMTP id 2745B8FC1F for ; Wed, 2 Dec 2009 17:43:21 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id D5FD6AE06B; Wed, 2 Dec 2009 09:43:21 -0800 (PST) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id 8AE5B2D6018; Wed, 2 Dec 2009 09:43:20 -0800 (PST) Message-ID: <4B16A73D.4040503@elischer.org> Date: Wed, 02 Dec 2009 09:43:25 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Alexander Leidinger References: <20091130142950.GA86528@logik.internal.network> <20091130150127.GA82188@logik.internal.network> <237c27100912010722g2f6c4647ga82370284bc26e20@mail.gmail.com> <20091202111600.12126yini7bmy4o4@webmail.leidinger.net> In-Reply-To: <20091202111600.12126yini7bmy4o4@webmail.leidinger.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org, Linda Messerschmidt , Ivan Voras Subject: Re: UNIX domain sockets on nullfs still broken? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 17:43:22 -0000 Alexander Leidinger wrote: > Quoting Linda Messerschmidt (from Tue, 1 > Dec 2009 10:22:02 -0500): > >> On Mon, Nov 30, 2009 at 10:14 AM, Ivan Voras wrote: >>>> What's the sane solution, then, when the only method of communication >>>> is unix domain sockets? >>> >>> It is a security problem. I think the long-term solution would be to >>> add a >>> sysctl analogous to security.jail.param.securelevel to handle this. >> >> Out of curiosity, why is allowing accessing to a Unix domain socket in >> a filesystem to which a jail has explicitly been allowed access more >> or less secure than allowing access to a file or a devfs node in a >> filesystem to which a jail has explicitly been allowed access? > > Answer A: There is no difference. > > Answer B: You open up a direct communication channel between two > systems, which may not have been able to communicate before (firewall > rules, ...). With files you can do something similar too, but having a > socket there makes it more easy and you do not need to write extra code. > It is similar to enabling SHM access in jails (currently all jails share > the same SHM area). And depending on the application with the socket, > you may be able to change files on the other side, to which you do not > have access to otherwise (think about a daemon which changes passwords...). I have used chroots and jails in a way that relies on the ability of a shared unix domain pipe being usable to communicate between them, and I also see why it may not be good. I suggest that the ability to do so might be somehow controllable by the jail creator in some way. > > Answer A is good if you control what is run where and how, and if you > use jails for easy data migration and program separation (lightweight > virtualization). > > Answer B is valid if you are an ISP which rents jails (in this case you > do not share a FS read-write anyway (at leat you shouldn't) and the > point does not really matter). > > Pick the answer depending on your viewpoint / security requirements and > the software you are using. > > As both points are valid, we should provide the possibility to have both > situations working. yes please. A sysctl would do at a pinch, but maybe a per-jail setting might be possible too. > > Bye, > Alexander. > From owner-freebsd-hackers@FreeBSD.ORG Wed Dec 2 18:27:26 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7E14106566B for ; Wed, 2 Dec 2009 18:27:26 +0000 (UTC) (envelope-from lgj@usenix.org) Received: from lonestar.usenix.org (lonestar.usenix.org [131.106.3.102]) by mx1.freebsd.org (Postfix) with ESMTP id 768FE8FC13 for ; Wed, 2 Dec 2009 18:27:26 +0000 (UTC) Received: from vesper.usenix.org (vesper.usenix.org [131.106.3.142]) by lonestar.usenix.org (8.14.2/8.14.2) with ESMTP id nB2IOtpX026822 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Wed, 2 Dec 2009 10:27:26 -0800 (PST) Message-Id: From: Lionel Garth Jones To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Date: Wed, 2 Dec 2009 10:27:26 -0800 X-Mailer: Apple Mail (2.930.3) X-DCC-Usenix-Metrics: lonestar; whitelist X-Spam-Status: No, score=-1.4 required=6.0 tests=ALL_TRUSTED autolearn=failed version=3.2.4 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on lonestar X-Mailman-Approved-At: Wed, 02 Dec 2009 19:41:57 +0000 Subject: USENIX TaPP '10 Submissions Deadline Approaching X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 18:27:26 -0000 We're writing to remind you that the submissions deadline for the 2nd USENIX Workshop on the Theory and Practice of Provenance (TaPP '10) is approaching. Please submit all work by December 14, 2009, 11:59 p.m. PST. More information and submission guidelines are available at http://www.usenix.org/tapp10/cfpb TaPP '10 will bring together researchers and practitioners doing innovative work in the area of provenance. Provenance, or meta-information about computations, computer systems, database queries, scientific workflows, and so on, is emerging as a central issue in a number of disciplines. The TaPP workshop series builds upon a set of Workshops on Principles of Provenance organized in 2007-2009, which helped raise the profile of this area within diverse research communities, such as databases, security, and programming languages. We hope to attract serious cross-disciplinary, foundational, and highly speculative research and to facilitate needed interaction with the broader systems community and with industry. The Program Committee invites you to submit either full papers describing relatively mature work or short papers on ongoing work. We welcome submissions addressing research problems involving provenance in any area of computer science, including but not limited to: - Databases - Programming languages and software engineering - Systems and security - Workflows/scientific computation We look forward to receiving your submissions! Sincerely, Margo Seltzer, Harvard School of Engineering and Applied Sciences Wang-Chiew Tan, University of California, Santa Cruz TaPP '10 Program Chairs tapp10chairs@usenix.org ------------------------------------------------------------------ TaPP '10 Call for Papers 2nd USENIX Workshop on the Theory and Practice of Provenance (TaPP '10) February 22, 2010, San Jose, CA http://www.usenix.org/tapp10/cfpb Submissions deadline: December 14, 2009 Sponsored by USENIX in cooperation with ACM SIGOPS and ACM SIGPLAN ------------------------------------------------------------------ From owner-freebsd-hackers@FreeBSD.ORG Wed Dec 2 21:19:11 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4B2E5106566B for ; Wed, 2 Dec 2009 21:19:11 +0000 (UTC) (envelope-from a_best01@uni-muenster.de) Received: from zivm-exrelay2.uni-muenster.de (ZIVM-EXRELAY2.UNI-MUENSTER.DE [128.176.192.15]) by mx1.freebsd.org (Postfix) with ESMTP id D2B7C8FC17 for ; Wed, 2 Dec 2009 21:19:10 +0000 (UTC) X-IronPort-AV: E=Sophos;i="4.47,330,1257116400"; d="scan'208";a="230648302" Received: from zivmaildisp1.uni-muenster.de (HELO ZIVMAILUSER05.UNI-MUENSTER.DE) ([128.176.188.85]) by zivm-relay2.uni-muenster.de with ESMTP; 02 Dec 2009 22:19:09 +0100 Received: by ZIVMAILUSER05.UNI-MUENSTER.DE (Postfix, from userid 149459) id 1305E1B07E7; Wed, 2 Dec 2009 22:19:09 +0100 (CET) Date: Wed, 02 Dec 2009 22:19:08 +0100 (CET) From: Alexander Best Sender: Organization: Westfaelische Wilhelms-Universitaet Muenster To: Kostik Belousov Message-ID: In-Reply-To: <20091201155039.GA2368@deviant.kiev.zoral.com.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org Subject: Re: i386_set_ioperm(2)/i386_get_ioperm(2) replacement after switch from x86 to amd64 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 21:19:11 -0000 ahh. thanks for the hint. wasn't aware of sysarch(2). cheers. alex Kostik Belousov schrieb am 2009-12-01: > On Tue, Dec 01, 2009 at 04:21:39PM +0100, Alexander Best wrote: > > i'm getting this during compilation/linking: > > undefined reference to `i386_set_ioperm' > Libc wrappers for these syscalls are not provided by amd64 libc. > Use sysarch(2) to execute them. > > do i need to link against some x86 compat lib? > You cannot link 32bit library to amd64 binary. > > alex > > ps: also the ioperm manuals are not getting installed on amd64 it > > seems. > > Kostik Belousov schrieb am 2009-12-01: > > > On Tue, Dec 01, 2009 at 02:22:23PM +0100, Alexander Best wrote: > > > > hi there, > > > > i recently switch from x86 to amd64. right now i'm looking for > > > > a > > > > way to > > > > replace i386_set_ioperm(2) and i386_get_ioperm(2) (which are > > > > x86 > > > > specific). > > > > any suggestions? > > > > * full /dev/io access is rather nasty > > > > * the app i'm developing is using inb/outb opcodes through > > > > inline > > > > assembly in > > > > order to access the parallel port. i tried using ppi(4), but > > > > that > > > > slows down > > > > things dramatically (see: > > > > http://lists.freebsd.org/pipermail/freebsd-hackers/2009-July/029188.html) > > > FreeBSD 8.0 supports these syscalls on amd64. From owner-freebsd-hackers@FreeBSD.ORG Thu Dec 3 07:56:06 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 98C79106566B; Thu, 3 Dec 2009 07:56:06 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 32D448FC15; Thu, 3 Dec 2009 07:56:06 +0000 (UTC) Received: from outgoing.leidinger.net (pD954EF6C.dip.t-dialin.net [217.84.239.108]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id 225C0844D54; Thu, 3 Dec 2009 08:55:58 +0100 (CET) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id C1D1F926AF; Thu, 3 Dec 2009 08:55:52 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1259826952; bh=KG0QrBmoM4FesWiji+2qvy3wtF6n4TeBrJPyXMMmzbs=; h=Message-ID:Date:From:To:Cc:Subject:References:In-Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=mGF5/Rt1dNdlMRrMfLTMfVT6FG51N3ceHhvzhU8UXD5bng80vquee8z4uzjr4ZPLW azaLMOPJ9HJ138FRBrc7vXkNRuQhpX0dIeh8bSn3kLiHT/N4TUrFvCbK4nM2+3gQGS pjXADFu7gfck27MTxKt4NAfpCUGxBQXOLys5xa8zHltj9nKb7bpqe7bo2UbIAcI0dP UpVLYJe90AyzC95FHTTGbatTD34nijd4qmUxpePzV3jy2KcKvgVOh8+YpccUlaYiMs 8lNbMMwnIjhDTGCb3mZ7jlppGPUSeqPLfqQMaSneDwgv/f09UtUlTFOq5u0N/48eDi r6rbVr9QreINA== Received: (from www@localhost) by webmail.leidinger.net (8.14.3/8.13.8/Submit) id nB37tpEK009894; Thu, 3 Dec 2009 08:55:51 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Thu, 03 Dec 2009 08:55:51 +0100 Message-ID: <20091203085551.14402tdw5nwmmm0w@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Thu, 03 Dec 2009 08:55:51 +0100 From: Alexander Leidinger To: Julian Elischer References: <20091130142950.GA86528@logik.internal.network> <20091130150127.GA82188@logik.internal.network> <237c27100912010722g2f6c4647ga82370284bc26e20@mail.gmail.com> <20091202111600.12126yini7bmy4o4@webmail.leidinger.net> <4B16A73D.4040503@elischer.org> In-Reply-To: <4B16A73D.4040503@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.5) / FreeBSD-8.0 X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: 225C0844D54.7C001 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-1.363, required 6, autolearn=disabled, ALL_TRUSTED -1.44, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, TW_EV 0.08) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1260431760.2244@kSvSGtzwb1u+AVb8QA3C4A X-EBL-Spam-Status: No X-Mailman-Approved-At: Thu, 03 Dec 2009 12:31:24 +0000 Cc: freebsd-hackers@freebsd.org, Linda Messerschmidt , Ivan Voras Subject: Re: UNIX domain sockets on nullfs still broken? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2009 07:56:06 -0000 Quoting Julian Elischer (from Wed, 02 Dec 2009 09:43:25 -0800): > Alexander Leidinger wrote: >> Quoting Linda Messerschmidt (from >> Tue, 1 Dec 2009 10:22:02 -0500): >> >>> On Mon, Nov 30, 2009 at 10:14 AM, Ivan Voras wrote: >>>>> What's the sane solution, then, when the only method of communication >>>>> is unix domain sockets? >>>> >>>> It is a security problem. I think the long-term solution would be to add a >>>> sysctl analogous to security.jail.param.securelevel to handle this. >>> >>> Out of curiosity, why is allowing accessing to a Unix domain socket in >>> a filesystem to which a jail has explicitly been allowed access more >>> or less secure than allowing access to a file or a devfs node in a >>> filesystem to which a jail has explicitly been allowed access? >> >> Answer A: There is no difference. >> >> Answer B: You open up a direct communication channel between two >> systems, which may not have been able to communicate before >> (firewall rules, ...). With files you can do something similar too, >> but having a socket there makes it more easy and you do not need to >> write extra code. It is similar to enabling SHM access in jails >> (currently all jails share the same SHM area). And depending on the >> application with the socket, you may be able to change files on the >> other side, to which you do not have access to otherwise (think >> about a daemon which changes passwords...). > > I have used chroots and jails in a way that relies on the ability of a > shared unix domain pipe being usable to communicate between them, and > I also see why it may not be good. What worries me is, that it seems from comments in this thread, that nullfs is having a tighter security regarding jails than UFS/ZFS. I think all should work consistently in this regard (which would mean there will be a regression for some people if we switch UFS/ZFS to work in the same way). > I suggest that the ability to do so might be somehow controllable by > the jail creator in some way. > >> >> Answer A is good if you control what is run where and how, and if >> you use jails for easy data migration and program separation >> (lightweight virtualization). >> >> Answer B is valid if you are an ISP which rents jails (in this case >> you do not share a FS read-write anyway (at leat you shouldn't) and >> the point does not really matter). >> >> Pick the answer depending on your viewpoint / security requirements >> and the software you are using. >> >> As both points are valid, we should provide the possibility to have >> both situations working. > > yes please. > A sysctl would do at a pinch, but maybe a per-jail setting might be > possible too. Per-Jail is not a problem, I just need to know where the priv check is which is causing this behavior (so far I thought it is some limitation of nullfs and not a priv check). So far I hadn't the time to search for it, I want to finish the import of v4l in the linuxulator first. Bye, Alexander. -- BOFH excuse #102: Power company testing new voltage spike (creation) equipment http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 From owner-freebsd-hackers@FreeBSD.ORG Fri Dec 4 14:52:51 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6DACF106566B for ; Fri, 4 Dec 2009 14:52:51 +0000 (UTC) (envelope-from freebsd-hackers@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id 2BD2B8FC0A for ; Fri, 4 Dec 2009 14:52:51 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.50) id 1NGZWb-0004JT-Ld for freebsd-hackers@freebsd.org; Fri, 04 Dec 2009 15:52:49 +0100 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 04 Dec 2009 15:52:49 +0100 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 04 Dec 2009 15:52:49 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-hackers@freebsd.org From: Ivan Voras Date: Fri, 04 Dec 2009 15:52:39 +0100 Lines: 30 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Thunderbird 2.0.0.23 (X11/20090928) Sender: news Subject: Request for information - timers, hz, interrupts X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2009 14:52:51 -0000 For a long time, at least in the 6-stable timeframe, I was used to seeing timer interrupts going at the frequency of 2*HZ, e.g. this is from 6.4-RELEASE: kern.clockrate: { hz = 250, tick = 4000, profhz = 166, stathz = 33 } debug.psm.hz: 20 cpu0: timer 6789885563 499 cpu2: timer 6789885538 499 cpu1: timer 6789885538 499 cpu3: timer 6789885537 499 Then sometime in 7.x this changed to 4*HZ, which continues in 8.x, e.g. from 7.2-RELEASE: kern.clockrate: { hz = 250, tick = 4000, profhz = 1000, stathz = 142 } kern.hz: 250 cpu0: timer 1368329715 988 cpu1: timer 1368324640 988 cpu2: timer 1367642854 988 cpu3: timer 1367642874 988 I'm not very worried about it (though maybe laptop users might be because of potential power drainage) but would like to know the explanation behind it. Presumably it has something to do with profhz but what and why? There isn't an obvious correlation between profhz frequency in 6.x and HZ and in 7.x. and HZ. From owner-freebsd-hackers@FreeBSD.ORG Fri Dec 4 16:16:05 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9267A1065676; Fri, 4 Dec 2009 16:16:05 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 650358FC08; Fri, 4 Dec 2009 16:16:05 +0000 (UTC) Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net [66.111.2.69]) by cyrus.watson.org (Postfix) with ESMTPSA id 121D646B2A; Fri, 4 Dec 2009 11:16:05 -0500 (EST) Received: from jhbbsd.localnet (unknown [209.249.190.9]) by bigwig.baldwin.cx (Postfix) with ESMTPA id 2197C8A01F; Fri, 4 Dec 2009 11:16:04 -0500 (EST) From: John Baldwin To: freebsd-hackers@freebsd.org Date: Fri, 4 Dec 2009 10:47:08 -0500 User-Agent: KMail/1.12.1 (FreeBSD/7.2-CBSD-20091103; KDE/4.3.1; amd64; ; ) References: In-Reply-To: MIME-Version: 1.0 Message-Id: <200912041047.08253.jhb@freebsd.org> Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (bigwig.baldwin.cx); Fri, 04 Dec 2009 11:16:04 -0500 (EST) X-Virus-Scanned: clamav-milter 0.95.1 at bigwig.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-2.5 required=4.2 tests=AWL,BAYES_00,RDNS_NONE autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on bigwig.baldwin.cx Cc: Ivan Voras Subject: Re: Request for information - timers, hz, interrupts X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2009 16:16:05 -0000 On Friday 04 December 2009 9:52:39 am Ivan Voras wrote: > For a long time, at least in the 6-stable timeframe, I was used to > seeing timer interrupts going at the frequency of 2*HZ, e.g. this is > from 6.4-RELEASE: > > kern.clockrate: { hz = 250, tick = 4000, profhz = 166, stathz = 33 } > debug.psm.hz: 20 > > cpu0: timer 6789885563 499 > cpu2: timer 6789885538 499 > cpu1: timer 6789885538 499 > cpu3: timer 6789885537 499 > > Then sometime in 7.x this changed to 4*HZ, which continues in 8.x, e.g. > from 7.2-RELEASE: > > kern.clockrate: { hz = 250, tick = 4000, profhz = 1000, stathz = 142 } > kern.hz: 250 > > cpu0: timer 1368329715 988 > cpu1: timer 1368324640 988 > cpu2: timer 1367642854 988 > cpu3: timer 1367642874 988 > > I'm not very worried about it (though maybe laptop users might be > because of potential power drainage) but would like to know the > explanation behind it. > > Presumably it has something to do with profhz but what and why? There > isn't an obvious correlation between profhz frequency in 6.x and HZ and > in 7.x. and HZ. It actually was changed to provide saner behavior when you use low hz values like 'hz=100'. Note that your stathz is now 142 instead of 33. The scheduler is likely far happier with that stathz. There is more detail in the commit log I believe (just look at the logs for local_apic.c in either svn or cvsweb). -- John Baldwin From owner-freebsd-hackers@FreeBSD.ORG Fri Dec 4 17:14:04 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5941C1065670 for ; Fri, 4 Dec 2009 17:14:04 +0000 (UTC) (envelope-from fsb@thefsb.org) Received: from smtp195.iad.emailsrvr.com (smtp195.iad.emailsrvr.com [207.97.245.195]) by mx1.freebsd.org (Postfix) with ESMTP id 335428FC22 for ; Fri, 4 Dec 2009 17:14:04 +0000 (UTC) Received: from relay19.relay.iad.mlsrvr.com (localhost [127.0.0.1]) by relay19.relay.iad.mlsrvr.com (SMTP Server) with ESMTP id 04B4B1B5432 for ; Fri, 4 Dec 2009 11:58:10 -0500 (EST) Received: by relay19.relay.iad.mlsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id E15301B40D5 for ; Fri, 4 Dec 2009 11:58:09 -0500 (EST) User-Agent: Microsoft-Entourage/12.10.0.080409 Date: Fri, 04 Dec 2009 11:58:04 -0500 From: Tom Worster To: Message-ID: Thread-Topic: won't boot after 8.0-RELEASE upgrade Thread-Index: Acp1AvHDo7w6hsFhI0mIodZPMDtNUg== Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Subject: won't boot after 8.0-RELEASE upgrade X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2009 17:14:04 -0000 i sent the following to -questions yesterday morning but had no luck. can anyone where give me tips or pointers? tia tom after running freebsd-update -r 8.0-RELEASE upgrade my system won't boot. it gets stuck on mountroot and i can't find the magic word it wants. the system used to have two sata drives /dev/ad4 and ad6. they were partitioned and sliced using the deafaults that sysinstall suggested. at the boot prompt, lsdev says: disk devices disk0: BIOS drive C: disk0s1a: FFS disk0s1b: swap disk0s1d: FFS disk0s1e: FFS disk0s1f: FFS disk1: BIOS drive D: disk1s1a: FFS disk1s1b: swap disk1s1d: FFS disk1s1e: FFS disk1s1f: FFS which looks right, although i'm not familiar with the "disk" nomenclature. entering ? at mountroot mentions ad4 and ad6. geom_mirror was being used. i've tried saying "load geom_mirror" and/or "enable-module geom_mirror" at the boot prompt. neither made any difference. nothing i've said to mountroot works: ufs:/dev/ad4s1a ufs:/dev/ad6s1a ufs:/dev/mirror/gm0s1a ufs:/dev/disk0s1a ufs:/dev/disk1s1a does anyone know the magic word? i'd be very grateful. tom From owner-freebsd-hackers@FreeBSD.ORG Fri Dec 4 19:40:43 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 99FE61065670 for ; Fri, 4 Dec 2009 19:40:43 +0000 (UTC) (envelope-from beckman@angryox.com) Received: from nog.angryox.com (nog.angryox.com [70.164.19.87]) by mx1.freebsd.org (Postfix) with ESMTP id 652298FC15 for ; Fri, 4 Dec 2009 19:40:43 +0000 (UTC) Received: from nog.angryox.com (localhost [127.0.0.1]) by nog.angryox.com (Postfix) with ESMTP id 4C6BC2C3D12; Fri, 4 Dec 2009 19:40:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=angryox.com; h=date:from :to:cc:subject:in-reply-to:message-id:references:mime-version :content-type; s=powerfulgood; bh=ybQEfgbmnOx/S3zt9/xDMfhmVdk=; b= kt38/tGEpNoaaZ4OQbDgJY8aPbJEEprcZLe7l34UtcWhbxTPeF46MoEVu4huNfcN bFLCjD5XWxlgCTiP9ehRrw1eV4FHbsjWTthqZLLu2RlnNuLD9Oh/Y8WVV4S2doVP FkSUIFTdaUBbOydOHAEUZqJAI6YcMyXoUfDCtdmkxbM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=angryox.com; h=date:from:to :cc:subject:in-reply-to:message-id:references:mime-version :content-type; q=dns; s=powerfulgood; b=MZhTNN4NtekzxEaHe7B+Bb8C MXe/aX0Nb4zNA/tDPx54SpKF/Jek6Cx8ZqOXyrQVgnoyHUSKunKOccTAm1+yDYHO 3P1C/rLIRhjDiJSc5kav6Yuv9kx1lTMfnYj8q2U+9nor77WRg9LCk93ZUhuk3eq2 Hy2liEEheO4UfoagZvQ= Received: by nog.angryox.com (Postfix, from userid 1001) id 238FC2C3D21; Fri, 4 Dec 2009 19:40:42 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by nog.angryox.com (Postfix) with ESMTP id 1BF212C3D1F; Fri, 4 Dec 2009 14:40:42 -0500 (EST) Date: Fri, 4 Dec 2009 14:40:42 -0500 From: Peter Beckman To: Tom Worster In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII Cc: freebsd-hackers@freebsd.org Subject: Re: won't boot after 8.0-RELEASE upgrade X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2009 19:40:43 -0000 On Fri, 4 Dec 2009, Tom Worster wrote: > i sent the following to -questions yesterday morning but had no luck. can > anyone where give me tips or pointers? I had this problem with a Dell M600 blade. I was able to install from a 6.4 ISO, then binary update to 7.0, but when I tried to get to 8.0 I couldn't boot either. I gave up trying to fix the issue and installed VMWare ESXi on the blade and installed FreeBSD 8 on top of that. Not ideal, but I had to get it working. Here's what I posted: http://lists.freebsd.org/pipermail/freebsd-hackers/2009-November/030013.html http://lists.freebsd.org/pipermail/freebsd-hackers/2009-November/030022.html On http://drop.io/rk0eoap there is a video of the boot process and where it died for me: It hung just after isab0, isa0 and atrtc0 loaded. The last line: atrtc0: registered as a time-of-day clock (resolution 1000000us) Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ --------------------------------------------------------------------------- From owner-freebsd-hackers@FreeBSD.ORG Fri Dec 4 21:10:21 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D02BC1065679; Fri, 4 Dec 2009 21:10:21 +0000 (UTC) (envelope-from ivoras@gmail.com) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.25]) by mx1.freebsd.org (Postfix) with ESMTP id 31B3B8FC12; Fri, 4 Dec 2009 21:10:20 +0000 (UTC) Received: by ey-out-2122.google.com with SMTP id 22so682263eye.9 for ; Fri, 04 Dec 2009 13:10:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:from:date:x-google-sender-auth:message-id:subject:to:cc :content-type:content-transfer-encoding; bh=qpYxy5QgU3o/HV7IpByDQVwxIWysZ0hcvAx4pctkBvM=; b=Jr6ZCb+Zj4xs/4lpNj1xs6stgA0bYAZNoHRk0mebBLLaJyuq2Jb5NKWvG0kcQuL3By alh2vcaLpjmUsXuBi5z5LWXC0HuiTGcNt9apKPFf5B939UvbdWIeg4zYE1ohTV+OH82p h3dwgQXrHFPAlYB+cLZ602h4rkbllZngdi0S8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; b=LOJzStNEw0H8GarCvWFAWyllzte47YXnjy87UgN+B0DDwjLifKX+QQYB6sP4WJwL3R 2SziX1am1Gi96MuFfoS9o87op9upVDd7Mp7iP/dR0AvSTOuEMvilF186JwEg33uSss95 rHF9Zpay0qUxWLAP7qtEMw2YidB3BDOm6am9A= MIME-Version: 1.0 Sender: ivoras@gmail.com Received: by 10.216.88.71 with SMTP id z49mr1178585wee.90.1259961019218; Fri, 04 Dec 2009 13:10:19 -0800 (PST) In-Reply-To: <200912041047.08253.jhb@freebsd.org> References: <200912041047.08253.jhb@freebsd.org> From: Ivan Voras Date: Fri, 4 Dec 2009 22:09:59 +0100 X-Google-Sender-Auth: 3cde40eb5885c374 Message-ID: <9bbcef730912041309m51ce4858q42937e0f76f94cda@mail.gmail.com> To: John Baldwin Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-hackers@freebsd.org Subject: Re: Request for information - timers, hz, interrupts X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2009 21:10:21 -0000 2009/12/4 John Baldwin : > On Friday 04 December 2009 9:52:39 am Ivan Voras wrote: >> For a long time, at least in the 6-stable timeframe, I was used to >> seeing timer interrupts going at the frequency of 2*HZ, e.g. this is >> from 6.4-RELEASE: >> >> kern.clockrate: { hz =3D 250, tick =3D 4000, profhz =3D 1000, stathz =3D= 142 } >> kern.hz: 250 > It actually was changed to provide saner behavior when you use low hz val= ues > like 'hz=3D100'. =C2=A0Note that your stathz is now 142 instead of 33. = =C2=A0The scheduler > is likely far happier with that stathz. =C2=A0There is more detail in the= commit > log I believe (just look at the logs for local_apic.c in either svn or > cvsweb). Ok. Some more questions: What does "ticks" do in the above sysctl output? So 4000 interrupts/s per CPU in the default configuration isn't considered excessive? :) I see stathz isn't a divisor of any number in kern.clockrate, which probably means it's not triggered from one of them firing; can't it be a separately configurable value? From owner-freebsd-hackers@FreeBSD.ORG Fri Dec 4 22:34:25 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF3181065672; Fri, 4 Dec 2009 22:34:25 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 9FF5E8FC15; Fri, 4 Dec 2009 22:34:25 +0000 (UTC) Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net [66.111.2.69]) by cyrus.watson.org (Postfix) with ESMTPSA id 391FA46B38; Fri, 4 Dec 2009 17:34:25 -0500 (EST) Received: from jhbbsd.localnet (unknown [209.249.190.9]) by bigwig.baldwin.cx (Postfix) with ESMTPA id 7956A8A01F; Fri, 4 Dec 2009 17:34:24 -0500 (EST) From: John Baldwin To: Ivan Voras Date: Fri, 4 Dec 2009 17:32:49 -0500 User-Agent: KMail/1.12.1 (FreeBSD/7.2-CBSD-20091103; KDE/4.3.1; amd64; ; ) References: <200912041047.08253.jhb@freebsd.org> <9bbcef730912041309m51ce4858q42937e0f76f94cda@mail.gmail.com> In-Reply-To: <9bbcef730912041309m51ce4858q42937e0f76f94cda@mail.gmail.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <200912041732.50026.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (bigwig.baldwin.cx); Fri, 04 Dec 2009 17:34:24 -0500 (EST) X-Virus-Scanned: clamav-milter 0.95.1 at bigwig.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-2.5 required=4.2 tests=AWL,BAYES_00,RDNS_NONE autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on bigwig.baldwin.cx Cc: freebsd-hackers@freebsd.org Subject: Re: Request for information - timers, hz, interrupts X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2009 22:34:25 -0000 On Friday 04 December 2009 4:09:59 pm Ivan Voras wrote: > 2009/12/4 John Baldwin : > > On Friday 04 December 2009 9:52:39 am Ivan Voras wrote: > >> For a long time, at least in the 6-stable timeframe, I was used to > >> seeing timer interrupts going at the frequency of 2*HZ, e.g. this is > >> from 6.4-RELEASE: > >> > >> kern.clockrate: { hz = 250, tick = 4000, profhz = 1000, stathz = 142 } > >> kern.hz: 250 > > > It actually was changed to provide saner behavior when you use low hz values > > like 'hz=100'. Note that your stathz is now 142 instead of 33. The scheduler > > is likely far happier with that stathz. There is more detail in the commit > > log I believe (just look at the logs for local_apic.c in either svn or > > cvsweb). > > Ok. Some more questions: > > What does "ticks" do in the above sysctl output? 'tick' is the number of microseconds per clock tick. Since you run hz at 250, that gives you 4ms = 4000us per clock tick. > So 4000 interrupts/s per CPU in the default configuration isn't > considered excessive? :) The default configuration is hz = 1000 which gives you an interrupt rate of 2000 interrupts/s per CPU and a stathz of 133. With your setting of hz=250, you have an interrupt rate of 1000 interrupts/s per CPU. > I see stathz isn't a divisor of any number in kern.clockrate, which > probably means it's not triggered from one of them firing; can't it be > a separately configurable value? No, it is driven by the tick timer. It ends up running at something more like 142.8571428571 when you have hz = 250. (So some seconds it will fire 143 times rather than 142.) The kernel tries to run stathz as close to 128 as possible, but ~142 is what it comes up with. It should probably try the next divisor "up" and take the resulting stathz that is the closest to 128. That would let stathz run at 125 on your machine instead of ~142. -- John Baldwin From owner-freebsd-hackers@FreeBSD.ORG Fri Dec 4 22:54:00 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35F2D1065696 for ; Fri, 4 Dec 2009 22:54:00 +0000 (UTC) (envelope-from fsb@thefsb.org) Received: from smtp235.iad.emailsrvr.com (smtp235.iad.emailsrvr.com [207.97.245.235]) by mx1.freebsd.org (Postfix) with ESMTP id E769A8FC08 for ; Fri, 4 Dec 2009 22:53:59 +0000 (UTC) Received: from relay13.relay.iad.mlsrvr.com (localhost [127.0.0.1]) by relay13.relay.iad.mlsrvr.com (SMTP Server) with ESMTP id 5AFF41CCDC5 for ; Fri, 4 Dec 2009 17:53:59 -0500 (EST) Received: by relay13.relay.iad.mlsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 44E321CC3C7 for ; Fri, 4 Dec 2009 17:53:59 -0500 (EST) User-Agent: Microsoft-Entourage/12.10.0.080409 Date: Fri, 04 Dec 2009 17:53:53 -0500 From: Tom Worster To: Message-ID: Thread-Topic: won't boot after 8.0-RELEASE upgrade Thread-Index: Acp1AvHDo7w6hsFhI0mIodZPMDtNUgAMbT9q In-Reply-To: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Subject: Re: won't boot after 8.0-RELEASE upgrade X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Dec 2009 22:54:00 -0000 i finally got a 7.1 livefs fixit shell to work and i was able to mount ad4s1a. i fscb'ed all the slices on ad4 and they look ok. i changed fstab to refer to /dev/ad4* instead of /dev/ mirror/gm0* and got rid of geom_mirror_load="YES" from /boot/loader.conf. and i ran gmirror clear. none of this did any good. 8.0 just won't mount root from the disk. any final suggestions before i try dumping the data out on another system and use the old windows technique (reformat and reinstall the os)? On 12/4/09 11:58 AM, "Tom Worster" wrote: > i sent the following to -questions yesterday morning but had no luck. can > anyone where give me tips or pointers? > > tia > tom > > > after running freebsd-update -r 8.0-RELEASE upgrade my system won't boot. it > gets stuck on mountroot and i can't find the magic word it wants. > > the system used to have two sata drives /dev/ad4 and ad6. they were > partitioned and sliced using the deafaults that sysinstall suggested. > > at the boot prompt, lsdev says: > > disk devices > disk0: BIOS drive C: > disk0s1a: FFS > disk0s1b: swap > disk0s1d: FFS > disk0s1e: FFS > disk0s1f: FFS > disk1: BIOS drive D: > disk1s1a: FFS > disk1s1b: swap > disk1s1d: FFS > disk1s1e: FFS > disk1s1f: FFS > > which looks right, although i'm not familiar with the "disk" nomenclature. > > entering ? at mountroot mentions ad4 and ad6. > > geom_mirror was being used. > > i've tried saying "load geom_mirror" and/or "enable-module geom_mirror" at > the boot prompt. neither made any difference. > > nothing i've said to mountroot works: > > ufs:/dev/ad4s1a > ufs:/dev/ad6s1a > ufs:/dev/mirror/gm0s1a > ufs:/dev/disk0s1a > ufs:/dev/disk1s1a > > does anyone know the magic word? i'd be very grateful. > > tom > > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"