From owner-freebsd-current Tue Oct 2 17:28:55 2001 Delivered-To: freebsd-current@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 3CE1937B405 for ; Tue, 2 Oct 2001 17:28:50 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.5) with SMTP id f930SGB08134; Tue, 2 Oct 2001 20:28:16 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 2 Oct 2001 20:28:16 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Georg-W. Koltermann" Cc: current@freebsd.org Subject: Re: VMWare2 permission problems on -current as of Sep 26 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG There have been a number of permission-related changes in the tree of late, in particular relating to securelevel support. I haven't experienced any local problems running the new code, but there is always the potential for such a problem, especially in areas of the code I'm not actively using. In particular, I haven't used vmware2 on my test boxes in quite a while, since the KSE changes certainly at least. A first question for you would be: are you using a securelevel other than -1? As a quick hack, try the following: edit securelevel_ge() and securelevel_gt() in kern_prot.c to always return 0. See if the problem goes away. It's possible I botched a securelevel check in the device code, or mis-transcribed a securelevel value. Depending on how into kernel debugging you are, you could also try setting breakpoints in the securelevel code and see what's getting spat out. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Tue, 2 Oct 2001, Georg-W. Koltermann wrote: > Hi, > > I have applied the KSE patches to vmware2 that were posted on > http://www.ripe.net/home/mark/files/vmware2_kse.patch.tgz. I can now > build vmware2, but run into a number of permission problems running > it: > > 1. Xlib: connection to ":0.0" refused by server > Xlib: Client is not authorized to connect to Server > Error: Can't open display: :0 > > Can be worked around by "chmod 644 ~/.Xauthority". > > 2. Cannot open /dev/tty0: permission denied (in a GUI message box). > > Linux /dev/tty0 seems to refer to FreeBSD /dev/ttyv0, > using a chain of two symlinks. "chown $USER /dev/ttyv0" doesn't > seem to be effective, but "chmod 666 /dev/ttyv0" makes the message > go away. > > 3. Active virtual terminal (/dev/tty9) is not valid. Permission > denied. (in a GUI message box). > > Seems to be like the above, Linux tty9 is really FreeBSD ttyv8, > and a chown is ineffective but a chmod 666 solves it. > > 4. Warning: Tried to connect to session manager, Authentication > Rejected, reason : None of the authentication protocols specified > are supported and host-based authentication failed > > on stderr. Don't know if this is a problem or just a warning. > > 5. Permission error creating lockfiles (vmware-lock.whoever) > > The directory is owned by me. > > In summary, it seems as though the vmware binary (which is SUID root) > is unable to access any files that are only accessible to the invoking > user (like .Xauthority), and also unable to access any files > accessible by root (like the /dev nodes). > > Is there a kind of changed permission policy in the new linuxulator > that could cause this? By any chance, would I need to recompile the > linux_base port? > > Is anyone using VMWare2 successfully on a recent -current? > > -- > Regards, > Georg. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message