Date: Sun, 17 Dec 2017 15:45:45 -0500 From: Dan Langille <dan@langille.org> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-current@freebsd.org Subject: Re: cannot access pass device from within jail Message-ID: <A587A926-7DD7-4BB6-A02A-BD7542F7C2E3@langille.org> In-Reply-To: <CA8846F6-23AA-448F-B35C-A7FE1D5A0C53@lists.zabbadoz.net> References: <E1314554-C8D0-4E8F-B8DB-E0B4D9DE325F@langille.org> <CA8846F6-23AA-448F-B35C-A7FE1D5A0C53@lists.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Dec 17, 2017, at 3:37 PM, Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net> wrote: > > On 17 Dec 2017, at 19:52, Dan Langille wrote: > >> Hello, >> >> What suggestions do you have for where I should look next? I'm happy to start installing various builds of FreeBSD in order to track down which commit caused this. >> >> I'm trying to access a tape library from within a jail running on a FreeBSD 11.1 host. sa(4) devices are working (e.g. I can rewind nsa0). >> >> pass(4) devices (i.e. the tape changer ch0) are not working. This morning I posted to -scsi@: https://lists.freebsd.org/pipermail/freebsd-scsi/2017-December/007608.html >> >> The device appears in the jail and has appropriate permissions. This access was granted >> via /etc/devfs.rules using the same approach I used for FreeBSD 10.3 >> >> The permissions in the jail: >> >> [root@bacula-sd-02 ~]# ls -l /dev/pass7 >> crw------- 1 root operator 0x74 Dec 16 21:52 /dev/pass7 >> >> The command in the jail: >> >> [root@bacula-sd-02 ~]# mtx -f /dev/pass7 status >> cannot open SCSI device '/dev/pass7' - Operation not permitted >> >> Here is the truss output of the command in question: https://gist.github.com/dlangille/b80ee804b8080e1cbf5b5ab67f0bdabe > > > You don’t by any chance have a securelevel > 1 set for that jail? On the host: $ sysctl kern.securelevel kern.securelevel: -1 On the jail: $ sysctl kern.securelevel kern.securelevel: -1 Thank you -- Dan Langille - BSDCan / PGCon dan@langille.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A587A926-7DD7-4BB6-A02A-BD7542F7C2E3>