From owner-freebsd-hackers@freebsd.org Wed Apr 28 15:19:23 2021 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EAEE65F76D2 for ; Wed, 28 Apr 2021 15:19:23 +0000 (UTC) (envelope-from ionut.mihalache1506@gmail.com) Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FVj3H0D6Pz4myv; Wed, 28 Apr 2021 15:19:22 +0000 (UTC) (envelope-from ionut.mihalache1506@gmail.com) Received: by mail-wm1-x334.google.com with SMTP id a22-20020a05600c2256b0290142870824e9so2787606wmm.0; Wed, 28 Apr 2021 08:19:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3OQa+icQWX3tRdHbgh9uNZOhtd7SFrXDC8tYEycqWLY=; b=I9gWRQoYUHc3ZyjBU9YLKYQwjoq02M/twHbCnvmgn3EN/Nt14/S95gjDfZBJH5tmbf OQR8kGE/0U3Y02q8ESZ40sX/ad0dEfi3R01bNcPQx88I8sO1kbmIy8+uAX/AJP4ACd7z CpMNBg+59ZUpxXi7cSVUbzGPPr7520qPkuvvx5fwRJZlgLI895Vl+5+e+lYy5jRP1lUR ny+GK09H1YjOefTuQkJUqPPZQzNHxd+fM6dqV7H0jh4BtNRNE0mOjsE1gf7s1fAjishF b9Qn+BosYRiW7PhWO0xQKqtiREi9b/Pb4WQpvDq2Wt4YbGAnI0EPHVBlGOjq6RwgDcbS 4C2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3OQa+icQWX3tRdHbgh9uNZOhtd7SFrXDC8tYEycqWLY=; b=obOjen016fkLppPPJoKYCMDCRV/SGeX05P7UEQsHgHcL/hsxhzX+HrgvrmcxzH+rM5 lkSvVNva6HzsW2L3eNVLzXvt7aqsS6jZ3wzvx0Ak7p0Qf23sAuJoOiel9mTTVMHBOTAg t4N6vSa0yBxnfLfEkg/wBV8aBaB1y3x5cS33AXq7jJOueeFePcxPIdB2fk6aw3exyiYb f1s7NQ75EB4wtPxyZWROlatiKCosvWnH3Hp795TrOwjXTEBmuoEejBSFqPMfnW9fyNEo z9j3XdjLrX65m2LDDe9GQvuuWtV25bALXHFHRhbPOC1eUNfQoLprp+VXAvo9+z+ktddX wKFg== X-Gm-Message-State: AOAM533Ne9HvZCv/tczscm1bhzybcwzENTHLnbXsTsbyC4qbo746XgIt +mDm8ly4LEygCPDOMlasCVgVbKwsVDsbvvFeGroJ50mz X-Google-Smtp-Source: ABdhPJzKNr6BRDZ2rbbDkzh8U8nK0u11mSgVwlEaFu7JVdnoY04v88otWxmRYga9sbudUariPh5wVTpdELJMQigq1Ek= X-Received: by 2002:a05:600c:40c4:: with SMTP id m4mr5139242wmh.25.1619623160835; Wed, 28 Apr 2021 08:19:20 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: =?UTF-8?Q?Ionu=C8=9B_Mihalache?= Date: Wed, 28 Apr 2021 18:19:09 +0300 Message-ID: Subject: Re: cap_sysctlbyname for hw.vmm.destroy To: Mark Johnston Cc: freebsd-hackers@freebsd.org X-Rspamd-Queue-Id: 4FVj3H0D6Pz4myv X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=I9gWRQoY; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of ionutmihalache1506@gmail.com designates 2a00:1450:4864:20::334 as permitted sender) smtp.mailfrom=ionutmihalache1506@gmail.com X-Spamd-Result: default: False [-3.38 / 15.00]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; R_MIXED_CHARSET(0.62)[subject]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[2a00:1450:4864:20::334:from]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; SPAMHAUS_ZRD(0.00)[2a00:1450:4864:20::334:from:127.0.2.255]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::334:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-hackers] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Technical discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Apr 2021 15:19:24 -0000 Even with the fixes cap_sysctl still returns EPERM for that simple example. =C3=8En mie., 28 apr. 2021 la 17:41, Mark Johnston a sc= ris: > There are two bugs in the example, also present in your WIP. I fixed > them here: > > https://cgit.freebsd.org/src/commit/?id=3D44bbda649dc6c1cdc5a99641e14c771= 57967e140 > > On Wed, Apr 28, 2021 at 05:22:22PM +0300, Ionu=C8=9B Mihalache wrote: > > I update the code now [1] but still the same error. Even without any > limits > > the cap_sysctlbyname fails after using cap_enter. > > > > [1] - > > > https://github.com/FreeBSD-UPB/freebsd-src/blob/c54dce7590b065a757dff0f68= fd921aca380670f/usr.sbin/bhyve/bhyverun.c#L1567 > > > > =C3=8En mie., 28 apr. 2021 la 16:52, Mark Johnston = a > scris: > > > > > On Wed, Apr 28, 2021 at 02:30:26PM +0300, Ionu=C8=9B Mihalache wrote: > > > > I tried to test the example from the documentation between here [1] > and > > > > here [2]. The code stops here [3]. > > > > > > I think you're referencing an old version of the cap_sysctl man page? > > > See the example from the copy in your repo: > > > > > > > https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f= 1dc42b066428807/lib/libcasper/services/cap_sysctl/cap_sysctl.3#L122 > > > In particular, when setting limits consumers should not be building > > > nvlists directly. > > > > > > > [1] - > > > > > > > > https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f= 1dc42b066428807/usr.sbin/bhyve/bhyverun.c#L1538 > > > > [2] - > > > > > > > > https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f= 1dc42b066428807/usr.sbin/bhyve/bhyverun.c#L1585 > > > > [3] - > > > > > > > > https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f= 1dc42b066428807/usr.sbin/bhyve/bhyverun.c#L1581 > > > > > > > > =C3=8En lun., 26 apr. 2021 la 20:40, Mark Johnston a > > > scris: > > > > > > > > > On Mon, Apr 26, 2021 at 05:16:14PM +0300, Ionu=C8=9B Mihalache wr= ote: > > > > > > Hello, > > > > > > > > > > > > I am working on adding capsicum support for the bhyve snapshot > > > feature. > > > > > At > > > > > > the end of the suspend process, the guest should be destroyed > and the > > > > > code > > > > > > handles this part with a sysctlbyname call which is not working > in > > > > > > capability mode. I don't know what is the problem but even when > using > > > > > > cap_sysctlbyname I still get the same error code (EPERM). I > tried the > > > > > > example from the documentation aswell [1] and still the same > error > > > code. > > > > > > What could be the problem? I have a FreeBSD13 host and a > FreeBSD13 > > > guest. > > > > > > > > > > I'm not sure why it would happen unless the casper process is > somehow > > > > > running as a non-root user. Can you share the code you're testin= g > > > > > somewhere? > > > > > > > > >