From owner-freebsd-hackers@FreeBSD.ORG Tue Aug 19 23:14:42 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D206106566C for ; Tue, 19 Aug 2008 23:14:42 +0000 (UTC) (envelope-from jrytoung@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.224]) by mx1.freebsd.org (Postfix) with ESMTP id 166908FC21 for ; Tue, 19 Aug 2008 23:14:41 +0000 (UTC) (envelope-from jrytoung@gmail.com) Received: by wr-out-0506.google.com with SMTP id c8so100347wra.27 for ; Tue, 19 Aug 2008 16:14:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=8rnwob1e3JgWPG25tKEvoaRJ7Ro3j9AH/gmH9ePGoFI=; b=mzBHDcvi8sE5RCwyinLf2S4S0cJ0l0kIRrUWw55gx1Ex9f9DrXkXxqDokMktkbj4cj sxOYv0WkOpfygZzmHWxQ+m88t/2QefF5JCxAEG8n9wnYKsEQ7e8sNNYfpAaS0eU19nTV eJpeG9j4XRdtREMOQD7WXQ9bEZ7iyNMiU3w0M= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=o76TUg19V8JV3LbjErYnu9x+NkzJpnysFJKzR+UESFdiVjGV+L0BXZfJpS2zaneXYk Wn2/1TG9prAFeCyso5JnewCmVl1YFcGU+gGNmJBzDXXVunUH8iNF+bReXPNcJ/xhj018 ZvYZZgq4DsZBhOarXn4yTb7jiEvBn+c9MVEDg= Received: by 10.90.113.17 with SMTP id l17mr10353779agc.20.1219187681012; Tue, 19 Aug 2008 16:14:41 -0700 (PDT) Received: by 10.90.86.20 with HTTP; Tue, 19 Aug 2008 16:14:40 -0700 (PDT) Message-ID: <86068e730808191614m66b72cb1y8786b8a7b6510df2@mail.gmail.com> Date: Tue, 19 Aug 2008 16:14:40 -0700 From: "Jerry Toung" To: "Robert Watson" In-Reply-To: MIME-Version: 1.0 References: <86068e730808191315k2997c99bvbbc586e1173858f6@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-hackers@freebsd.org Subject: Re: pkg_add on 64bits kernel w/ options MAC X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Aug 2008 23:14:42 -0000 On Tue, Aug 19, 2008 at 1:26 PM, Robert Watson wrote: > > > Sounds like a bug of some sort. Could you send the output of "sysctl > security.mac"? Also, if you could use ktrace to confirm which system calls > are returning EACCES/EPERM leading to the warnings, that would also be > helpful. > > I will file a PR later on. In the mean time here are the outputs you were looking for: security.mac.max_slots: 4 security.mac.enforce_network: 1 security.mac.enforce_pipe: 1 security.mac.enforce_posix_sem: 1 security.mac.enforce_suid: 1 security.mac.mmap_revocation_via_cow: 0 security.mac.mmap_revocation: 1 security.mac.enforce_vm: 1 security.mac.enforce_process: 1 security.mac.enforce_socket: 1 security.mac.enforce_system: 1 security.mac.enforce_kld: 1 security.mac.enforce_sysv_msg: 1 security.mac.enforce_sysv_sem: 1 security.mac.enforce_sysv_shm: 1 security.mac.enforce_fs: 1 bsd64-21# kdump -f ktrace.out 1045 ktrace RET ktrace 0 1045 ktrace CALL execve(0x7fffffffe720,0x7fffffffec80,0x7fffffffec98) 1045 ktrace RET execve -1 errno 2 No such file or directory 1045 ktrace CALL execve(0x7fffffffe720,0x7fffffffec80,0x7fffffffec98) 1045 ktrace RET execve -1 errno 2 No such file or directory 1045 ktrace CALL execve(0x7fffffffe720,0x7fffffffec80,0x7fffffffec98) 1045 pkg_add RET execve 0 1045 pkg_add CALL mmap(0,0x1e40,0x3,0x1000,0xffffffff,0,0) 1045 pkg_add RET mmap 5443584/0x800531000 1045 pkg_add CALL munmap(0x800531000,0x1e40) 1045 pkg_add RET munmap 0 1045 pkg_add CALL __sysctl(0x7fffffffe930,0x2,0x800639180,0x7fffffffe928,0,0) 1045 pkg_add RET __sysctl 0 1045 pkg_add CALL mmap(0,0x8000,0x3,0x1002,0xffffffff,0,0) 1045 pkg_add RET mmap 5443584/0x800531000 1045 pkg_add CALL issetugid 1045 pkg_add RET issetugid 0 1045 pkg_add CALL open(0x80052eff0,0,0x1b6) 1045 pkg_add RET open -1 errno 2 No such file or directory 1045 pkg_add CALL open(0x80052e1a8,0,0) 1045 pkg_add RET open 3 1045 pkg_add CALL read(0x3,0x7fffffffe8d0,0x80) 1045 pkg_add RET read 128/0x80 1045 pkg_add CALL lseek(0x3,0,0x80,0) 1045 pkg_add RET lseek 128/0x80 1045 pkg_add CALL read(0x3,0x800535000,0x3c) 1045 pkg_add RET read 60/0x3c 1045 pkg_add CALL close(0x3) 1045 pkg_add RET close 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access -1 errno 2 No such file or directory 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL open(0x8005320c0,0,0x800639060) 1045 pkg_add RET open 3 1045 pkg_add CALL fstat(0x3,0x7fffffffe8e0) 1045 pkg_add RET fstat 0 1045 pkg_add CALL read(0x3,0x800638040,0x1000) 1045 pkg_add RET read 4096/0x1000 1045 pkg_add CALL mmap(0,0x10e000,0x5,0x20002,0x3,0,0) 1045 pkg_add RET mmap 6541312/0x80063d000 1045 pkg_add CALL mprotect(0x800648000,0x1000,0x7) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mprotect(0x800648000,0x1000,0x5) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mmap(0x800749000,0x2000,0x3,0x12,0x3,0,0xc000) 1045 pkg_add RET mmap 7639040/0x800749000 1045 pkg_add CALL close(0x3) 1045 pkg_add RET close 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL open(0x800532120,0,0x6c) 1045 pkg_add RET open 3 1045 pkg_add CALL fstat(0x3,0x7fffffffe8e0) 1045 pkg_add RET fstat 0 1045 pkg_add CALL read(0x3,0x800638040,0x1000) 1045 pkg_add RET read 4096/0x1000 1045 pkg_add CALL mmap(0,0x10c000,0x5,0x20002,0x3,0,0) 1045 pkg_add RET mmap 7647232/0x80074b000 1045 pkg_add CALL mprotect(0x800755000,0x1000,0x7) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mprotect(0x800755000,0x1000,0x5) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mmap(0x800856000,0x1000,0x3,0x12,0x3,0,0xb000) 1045 pkg_add RET mmap 8740864/0x800856000 1045 pkg_add CALL close(0x3) 1045 pkg_add RET close 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access -1 errno 2 No such file or directory 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL open(0x800532140,0,0x75) 1045 pkg_add RET open 3 1045 pkg_add CALL fstat(0x3,0x7fffffffe8e0) 1045 pkg_add RET fstat 0 1045 pkg_add CALL read(0x3,0x800638040,0x1000) 1045 pkg_add RET read 4096/0x1000 1045 pkg_add CALL mmap(0,0x138000,0x5,0x20002,0x3,0,0) 1045 pkg_add RET mmap 8744960/0x800857000 1045 pkg_add CALL mprotect(0x800886000,0x1000,0x7) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mprotect(0x800886000,0x1000,0x5) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mmap(0x800987000,0x8000,0x3,0x12,0x3,0,0x30000) 1045 pkg_add RET mmap 9990144/0x800987000 1045 pkg_add CALL close(0x3) 1045 pkg_add RET close 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL open(0x800532180,0,0x6c) 1045 pkg_add RET open 3 1045 pkg_add CALL fstat(0x3,0x7fffffffe8e0) 1045 pkg_add RET fstat 0 1045 pkg_add CALL read(0x3,0x800638040,0x1000) 1045 pkg_add RET read 4096/0x1000 1045 pkg_add CALL mmap(0,0x247000,0x5,0x20002,0x3,0,0) 1045 pkg_add RET mmap 10022912/0x80098f000 1045 pkg_add CALL mprotect(0x800a9b000,0x1000,0x7) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mprotect(0x800a9b000,0x1000,0x5) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mmap(0x800b9c000,0x37000,0x3,0x12,0x3,0,0x10d000) 1045 pkg_add RET mmap 12173312/0x800b9c000 1045 pkg_add CALL mmap(0x800bd3000,0x3000,0x3,0x1012,0xffffffff,0,0) 1045 pkg_add RET mmap 12398592/0x800bd3000 1045 pkg_add CALL close(0x3) 1045 pkg_add RET close 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL open(0x8005321a0,0,0x2e) 1045 pkg_add RET open 3 1045 pkg_add CALL fstat(0x3,0x7fffffffe8e0) 1045 pkg_add RET fstat 0 1045 pkg_add CALL read(0x3,0x800638040,0x1000) 1045 pkg_add RET read 4096/0x1000 1045 pkg_add CALL mmap(0,0x20f000,0x5,0x20002,0x3,0,0) 1045 pkg_add RET mmap 12410880/0x800bd6000 1045 pkg_add CALL mprotect(0x800cb1000,0x1000,0x7) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mprotect(0x800cb1000,0x1000,0x5) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mmap(0x800db1000,0x1b000,0x3,0x12,0x3,0,0xdb000) 1045 pkg_add RET mmap 14356480/0x800db1000 1045 pkg_add CALL mmap(0x800dcc000,0x19000,0x3,0x1012,0xffffffff,0,0) 1045 pkg_add RET mmap 14467072/0x800dcc000 1045 pkg_add CALL close(0x3) 1045 pkg_add RET close 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access -1 errno 2 No such file or directory 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL sysarch(0x81,0x7fffffffe9a0) 1045 pkg_add RET sysarch 0 1045 pkg_add CALL mmap(0,0x890,0x3,0x1000,0xffffffff,0,0) 1045 pkg_add RET mmap 5476352/0x800539000 1045 pkg_add CALL munmap(0x800539000,0x890) 1045 pkg_add RET munmap 0 1045 pkg_add CALL mmap(0,0xae0,0x3,0x1000,0xffffffff,0,0) 1045 pkg_add RET mmap 5476352/0x800539000 1045 pkg_add CALL munmap(0x800539000,0xae0) 1045 pkg_add RET munmap 0 1045 pkg_add CALL mmap(0,0x650,0x3,0x1000,0xffffffff,0x800000000,0) 1045 pkg_add RET mmap 5476352/0x800539000 1045 pkg_add CALL munmap(0x800539000,0x650) 1045 pkg_add RET munmap 0 1045 pkg_add CALL mmap(0,0x22e0,0x3,0x1000,0xffffffff,0x800000000,0) 1045 pkg_add RET mmap 5476352/0x800539000 1045 pkg_add CALL munmap(0x800539000,0x22e0) 1045 pkg_add RET munmap 0 1045 pkg_add CALL mmap(0,0xad70,0x3,0x1000,0xffffffff,0x800000000,0) 1045 pkg_add RET mmap 5476352/0x800539000 1045 pkg_add CALL munmap(0x800539000,0xad70) 1045 pkg_add RET munmap 0 1045 pkg_add CALL mmap(0,0xb180,0x3,0x1000,0xffffffff,0x800000000,0) 1045 pkg_add RET mmap 5476352/0x800539000 1045 pkg_add CALL munmap(0x800539000,0xb180) 1045 pkg_add RET munmap 0 1045 pkg_add CALL sigprocmask(0x1,0x800637f40,0x7fffffffe960) 1045 pkg_add RET sigprocmask 0 1045 pkg_add CALL sigprocmask(0x3,0x800637f50,0) 1045 pkg_add RET sigprocmask 0 1045 pkg_add CALL open(0x40b965,0,0x1b6) 1045 pkg_add RET open -1 errno 2 No such file or directory 1045 pkg_add CALL lstat(0x7fffffffee40,0x7fffffffe250) 1045 pkg_add RET lstat 0 1045 pkg_add CALL __getcwd(0x510f00,0x400) 1045 pkg_add RET __getcwd 0 1045 pkg_add CALL lstat(0x510f00,0x7fffffffe220) 1045 pkg_add RET lstat 0 1045 pkg_add CALL umask(0x12) 1045 pkg_add RET umask 18/0x12 1045 pkg_add CALL sigaction(0x2,0x7fffffffe280,0x7fffffffe260) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigaction(0x1,0x7fffffffe280,0x7fffffffe260) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL stat(0x7fffffffde80,0x7fffffffd600) 1045 pkg_add RET stat 0 1045 pkg_add CALL stat(0x40bb0c,0x7fffffffbd10) 1045 pkg_add RET stat 0 1045 pkg_add CALL statfs(0x40bb0c,0x7fffffffbb20) 1045 pkg_add RET statfs 0 1045 pkg_add CALL gettimeofday(0x7fffffffbb70,0) 1045 pkg_add RET gettimeofday 0 1045 pkg_add CALL getpid 1045 pkg_add RET getpid 1045/0x415 1045 pkg_add CALL open(0x800cb135f,0,0) 1045 pkg_add RET open 3 1045 pkg_add CALL read(0x3,0x7fffffffbb84,0x6c) 1045 pkg_add RET read 108/0x6c 1045 pkg_add CALL close(0x3) 1045 pkg_add RET close 0 1045 pkg_add CALL stat(0x7fffffffda80,0x7fffffffbc40) 1045 pkg_add RET stat 0 1045 pkg_add CALL mkdir(0x7fffffffda80,0x1c0) 1045 pkg_add RET mkdir 0 1045 pkg_add CALL chmod(0x7fffffffda80,0x1c0) 1045 pkg_add RET chmod 0 1045 pkg_add CALL statfs(0x7fffffffda80,0x7fffffffbb20) 1045 pkg_add RET statfs 0 1045 pkg_add CALL __getcwd(0x510220,0x400) 1045 pkg_add RET __getcwd 0 1045 pkg_add CALL chdir(0x7fffffffda80) 1045 pkg_add RET chdir 0 1045 pkg_add CALL readlink(0x800caa841,0x7fffffffbcf0,0x3f) 1045 pkg_add RET readlink -1 errno 2 No such file or directory 1045 pkg_add CALL issetugid 1045 pkg_add RET issetugid 0 1045 pkg_add CALL mmap(0,0x1000,0x3,0x1002,0xffffffff,0x800000000,0) 1045 pkg_add RET mmap 5476352/0x800539000 1045 pkg_add CALL break(0x545000) 1045 pkg_add RET break 0 1045 pkg_add CALL break(0x546000) 1045 pkg_add RET break 0 1045 pkg_add CALL break(0x547000) 1045 pkg_add RET break 0 1045 pkg_add CALL break(0x548000) 1045 pkg_add RET break 0 1045 pkg_add CALL __sysctl(0x7fffffffbc08,0x2,0x7fffffffbbfc,0x7fffffffbc00,0,0) 1045 pkg_add RET __sysctl 0 1045 pkg_add CALL break(0x588000) 1045 pkg_add RET break 0 1045 pkg_add CALL sigaction(0x2,0x7fffffffbbe0,0x7fffffffbbc0) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigaction(0x3,0x7fffffffbbe0,0x7fffffffbba0) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigprocmask(0x1,0x7fffffffbb90,0x7fffffffbb80) 1045 pkg_add RET sigprocmask 0 1045 pkg_add CALL fork 1045 pkg_add RET fork 1046/0x416 1045 pkg_add CALL wait4(0x416,0x7fffffffbb7c,0,0) 1045 pkg_add RET wait4 1046/0x416 1045 pkg_add CALL sigaction(0x2,0x7fffffffbbc0,0) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigaction(0x3,0x7fffffffbba0,0) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigprocmask(0x3,0x7fffffffbb80,0) 1045 pkg_add RET sigprocmask 0 1045 pkg_add CALL break(0x558000) 1045 pkg_add RET break 0 1045 pkg_add CALL write(0x2,0x7fffffffb4a0,0x9) 1045 pkg_add RET write 9 1045 pkg_add CALL write(0x2,0x7fffffffb580,0x25) 1045 pkg_add RET write 37/0x25 1045 pkg_add CALL write(0x2,0x800db7e87,0x1) 1045 pkg_add RET write 1 1045 pkg_add CALL write(0x2,0x7fffffffb520,0x9) 1045 pkg_add RET write 9 1045 pkg_add CALL write(0x2,0x7fffffffb600,0x4f) 1045 pkg_add RET write 79/0x4f 1045 pkg_add CALL write(0x2,0x800db7e87,0x1) 1045 pkg_add RET write 1 1045 pkg_add CALL sigaction(0x2,0x7fffffffbd70,0x7fffffffbd50) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL chdir(0x510220) 1045 pkg_add RET chdir 0 1045 pkg_add CALL __sysctl(0x7fffffffbc78,0x2,0x7fffffffbc6c,0x7fffffffbc70,0,0) 1045 pkg_add RET __sysctl 0 1045 pkg_add CALL break(0x598000) 1045 pkg_add RET break 0 1045 pkg_add CALL sigaction(0x2,0x7fffffffbc50,0x7fffffffbc30) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigaction(0x3,0x7fffffffbc50,0x7fffffffbc10) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigprocmask(0x1,0x7fffffffbc00,0x7fffffffbbf0) 1045 pkg_add RET sigprocmask 0 1045 pkg_add CALL fork 1045 pkg_add RET fork 1048/0x418 1045 pkg_add CALL wait4(0x418,0x7fffffffbbec,0,0) 1045 pkg_add RET wait4 1048/0x418 1045 pkg_add CALL sigaction(0x2,0x7fffffffbc30,0) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigaction(0x3,0x7fffffffbc10,0) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigprocmask(0x3,0x7fffffffbbf0,0) 1045 pkg_add RET sigprocmask 0 1045 pkg_add CALL break(0x558000) 1045 pkg_add RET break 0 1045 pkg_add CALL sigaction(0x2,0x7fffffffbd80,0x7fffffffbd60) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL exit(0x1) bsd64-21#