Date: Sun, 17 Dec 2017 11:27:08 -0500 From: Dan Langille <dan@langille.org> To: Scott Long <scottl@samsco.org> Cc: freebsd-scsi@freebsd.org Subject: Re: ch(4) FreeBSD 11.1 jails Message-ID: <746B096B-A682-4EA7-AA25-718F687E3B13@langille.org> In-Reply-To: <2E65031F-E39F-43FD-9D7C-25890A5ED641@samsco.org> References: <19FE523D-3A29-4EC1-BD11-71F2A9A84456@langille.org> <2E65031F-E39F-43FD-9D7C-25890A5ED641@samsco.org>
index | next in thread | previous in thread | raw e-mail
>> On Dec 16, 2017, at 3:05 PM, Dan Langille <dan@langille.org> wrote: >> >> I'm trying to access a tape library from within a FreeBSD 11 jail. >> >> I've added this to the host system: >> >> [devfsrules_jail_unhide_tapes=5] >> add path sa0 unhide >> add path pass0 unhide >> add path pass7 unhide mode 0600 >> add path ch0 unhide >> add path nsa0 unhide >> >> add path sa1 unhide >> add path pass8 unhide >> add path pass9 unhide mode 0600 >> add path ch1 unhide >> add path nsa1 unhide >> >> >> [devfsrules_jail_bacula=6] >> add include $devfsrules_hide_all >> add include $devfsrules_unhide_basic >> add include $devfsrules_unhide_login >> add path zfs unhide >> add include $devfsrules_jail_unhide_tapes >> >> >> >> The jail can see the devices, and query the tape drive, but not the changer: >> >> $ sudo mtx -f /dev/pass7 status >> cannot open SCSI device '/dev/pass7' - Operation not permitted >> >> The same command in the jail host succeeds. >> >> Is there something more special I'm missing about FreeBSD 11.1? This worked for me under 10.3. >> >> Thank you. >> >> >> -- >> Dan Langille - BSDCan / PGCon >> dan@langille.org >> >> >> _______________________________________________ >> freebsd-scsi@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-scsi >> To unsubscribe, send any mail to "freebsd-scsi-unsubscribe@freebsd.org" > > On Dec 16, 2017, at 5:53 PM, Scott Long <scottl@samsco.org> wrote: > > Hi Dan, > > Try unhiding and giving permissions to /dev/xpt0. Not sure if something changed there between 10.x and 11.x, but I suspect that it would be necessary regardless. A truss/ktrace output will be necessary if that doesn’t work. > > Scott > > Sent from my iPhone > Background: the host devices from the tape library: <IBM ULT3580-HH4 C7Q1> at scbus1 target 4 lun 0 (pass1,sa0) <IBM 3573-TL B.60> at scbus1 target 4 lun 1 (pass7,ch0) <IBM ULT3580-HH4 C7Q1> at scbus1 target 5 lun 0 (pass8,sa1) <IBM 3573-TL B.60> at scbus1 target 5 lun 1 (pass9,ch1) The devices the jail can see: [dan@bacula-sd-02:~] $ ls -l /dev total 1 crw------- 1 root operator 0x6b Dec 16 21:52 ch0 crw------- 1 root operator 0x6c Dec 16 21:52 ch1 dr-xr-xr-x 2 root wheel 512 Dec 16 21:52 fd lrwxr-xr-x 1 root wheel 14 Dec 16 22:02 log -> ../var/run/log crw-rw---- 1 root operator 0x65 Dec 16 21:52 nsa0 crw-rw---- 1 root operator 0x69 Dec 16 21:52 nsa1 crw-rw-rw- 1 root wheel 0x1b Dec 17 16:16 null crw------- 1 root operator 0x6d Dec 16 21:52 pass0 crw------- 1 root operator 0x74 Dec 16 21:52 pass7 crw------- 1 root operator 0x75 Dec 16 21:52 pass8 crw------- 1 root operator 0x76 Dec 16 21:52 pass9 dr-xr-xr-x 2 root wheel 512 Dec 17 16:16 pts crw-r--r-- 1 root wheel 0x7 Dec 16 21:52 random crw-rw---- 1 root operator 0x64 Dec 16 21:52 sa0 crw-rw---- 1 root operator 0x68 Dec 16 21:52 sa1 lrwxr-xr-x 1 root wheel 4 Dec 16 22:02 stderr -> fd/2 lrwxr-xr-x 1 root wheel 4 Dec 16 22:02 stdin -> fd/0 lrwxr-xr-x 1 root wheel 4 Dec 16 22:02 stdout -> fd/1 lrwxr-xr-x 1 root wheel 6 Dec 16 22:02 urandom -> random crw-rw-rw- 1 root wheel 0x1c Dec 16 21:52 zero crw-rw-rw- 1 root operator 0x48 Dec 16 21:52 zfs [dan@bacula-sd-02:~] $ This command on the host: [root@r710-01:~] # mtx -f /dev/pass7 status | head Storage Changer /dev/pass7:2 Drives, 47 Slots ( 0 Import/Export ) Data Transfer Element 0:Full (Storage Element 1 Loaded):VolumeTag = 000001L4 Data Transfer Element 1:Empty Storage Element 1:Empty Storage Element 2:Empty Storage Element 3:Empty Storage Element 4:Empty Storage Element 5:Empty Storage Element 6:Empty Storage Element 7:Empty Same command in the jail: [root@bacula-sd-02 ~]# mtx -f /dev/pass7 status cannot open SCSI device '/dev/pass7' - Operation not permitted Same command with truss: [root@bacula-sd-02 ~]# truss mtx -f /dev/pass7 status mmap(0x0,32768,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366197760 (0x800629000) issetugid() = 0 (0x0) lstat("/etc",{ mode=drwxr-xr-x ,inode=19,size=117,blksize=7680 }) = 0 (0x0) lstat("/etc/libmap.conf",{ mode=-rw-r--r-- ,inode=13724,size=109,blksize=4096 }) = 0 (0x0) openat(AT_FDCWD,"/etc/libmap.conf",O_RDONLY|O_CLOEXEC,00) = 3 (0x3) fstat(3,{ mode=-rw-r--r-- ,inode=13724,size=109,blksize=4096 }) = 0 (0x0) mmap(0x0,109,PROT_READ,MAP_PRIVATE,3,0x0) = 34366230528 (0x800631000) close(3) = 0 (0x0) lstat("/usr",{ mode=drwxr-xr-x ,inode=23,size=15,blksize=4096 }) = 0 (0x0) lstat("/usr/local",{ mode=drwxr-xr-x ,inode=214,size=14,blksize=4096 }) = 0 (0x0) lstat("/usr/local/etc",{ mode=drwxr-xr-x ,inode=32826,size=29,blksize=4096 }) = 0 (0x0) lstat("/usr/local/etc/libmap.d",0x7fffffffc548) ERR#2 'No such file or directory' munmap(0x800631000,109) = 0 (0x0) openat(AT_FDCWD,"/var/run/ld-elf.so.hints",O_RDONLY|O_CLOEXEC,00) = 3 (0x3) read(3,"Ehnt\^A\0\0\0\M^@\0\0\0f\0\0\0\0"...,128) = 128 (0x80) fstat(3,{ mode=-r--r--r-- ,inode=66965,size=230,blksize=4096 }) = 0 (0x0) lseek(3,0x80,SEEK_SET) = 128 (0x80) read(3,"/lib:/usr/lib:/usr/lib/compat:/u"...,102) = 102 (0x66) close(3) = 0 (0x0) access("/lib/libcam.so.7",F_OK) = 0 (0x0) openat(AT_FDCWD,"/lib/libcam.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) fstat(3,{ mode=-r--r--r-- ,inode=141,size=201240,blksize=131072 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366230528 (0x800631000) mmap(0x0,2297856,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34368299008 (0x80082a000) mmap(0x80082a000,176128,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34368299008 (0x80082a000) mmap(0x800a54000,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x2a000) = 34370568192 (0x800a54000) munmap(0x800631000,4096) = 0 (0x0) close(3) = 0 (0x0) access("/lib/libc.so.7",F_OK) = 0 (0x0) openat(AT_FDCWD,"/lib/libc.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) fstat(3,{ mode=-r--r--r-- ,inode=168,size=1761320,blksize=131072 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366230528 (0x800631000) mmap(0x0,3899392,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34370596864 (0x800a5b000) mmap(0x800a5b000,1646592,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34370596864 (0x800a5b000) mmap(0x800ded000,49152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x192000) = 34374340608 (0x800ded000) mmap(0x800df9000,106496,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34374389760 (0x800df9000) munmap(0x800631000,4096) = 0 (0x0) close(3) = 0 (0x0) access("/lib/libsbuf.so.6",F_OK) = 0 (0x0) openat(AT_FDCWD,"/lib/libsbuf.so.6",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3) fstat(3,{ mode=-r--r--r-- ,inode=137,size=11312,blksize=11776 }) = 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366230528 (0x800631000) mmap(0x0,2109440,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34374496256 (0x800e13000) mmap(0x800e13000,12288,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34374496256 (0x800e13000) mmap(0x801015000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x2000) = 34376601600 (0x801015000) munmap(0x800631000,4096) = 0 (0x0) close(3) = 0 (0x0) mmap(0x0,40960,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366230528 (0x800631000) munmap(0x800634000,28672) = 0 (0x0) mmap(0x0,102400,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366242816 (0x800634000) sysarch(AMD64_SET_FSBASE,0x7fffffffdf08) = 0 (0x0) sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0) readlink("/etc/malloc.conf",0x7fffffffd600,1024) ERR#2 'No such file or directory' issetugid() = 0 (0x0) __sysctl(0x7fffffffd4a0,0x2,0x7fffffffd4f0,0x7fffffffd4e8,0x800bbcc93,0xd) = 0 (0x0) __sysctl(0x7fffffffd4f0,0x2,0x7fffffffd5b4,0x7fffffffd5a8,0x0,0x0) = 0 (0x0) mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34376605696 (0x801016000) munmap(0x801016000,2097152) = 0 (0x0) mmap(0x0,4190208,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34376605696 (0x801016000) munmap(0x801016000,2007040) = 0 (0x0) munmap(0x801400000,86016) = 0 (0x0) sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0) mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34380709888 (0x801400000) openat(AT_FDCWD,"/dev/pass7",O_RDWR|O_EXCL,00) ERR#1 'Operation not permitted' stat("/usr/share/nls/C/libc.cat",0x7fffffffdea8) ERR#2 'No such file or directory' stat("/usr/share/nls/libc/C",0x7fffffffdea8) ERR#2 'No such file or directory' stat("/usr/local/share/nls/C/libc.cat",0x7fffffffdea8) ERR#2 'No such file or directory' stat("/usr/local/share/nls/libc/C",0x7fffffffdea8) ERR#2 'No such file or directory' cannot open SCSI device '/dev/pass7' - Operation not permitted write(2,"cannot open SCSI device '/dev/pa"...,63) = 63 (0x3f) sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0) sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0) exit(0x1) process exit, rval = 1 [root@bacula-sd-02 ~]# -- Dan Langille - BSDCan / PGCon dan@langille.orghelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?746B096B-A682-4EA7-AA25-718F687E3B13>