From owner-freebsd-current@freebsd.org Sun Dec 17 20:49:43 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D6691E957D6 for ; Sun, 17 Dec 2017 20:49:43 +0000 (UTC) (envelope-from dan@langille.org) Received: from clavin1.langille.org (clavin.langille.org [162.208.116.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "clavin.langille.org", Issuer "BSD Cabal Headquarters" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B58527DE10 for ; Sun, 17 Dec 2017 20:49:43 +0000 (UTC) (envelope-from dan@langille.org) Received: from (clavin1.int.langille.org (clavin1.int.unixathome.org [10.4.7.7]) (Authenticated sender: hidden) with ESMTPSA id 6E48231BF ; Sun, 17 Dec 2017 20:49:42 +0000 (UTC) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: cannot access pass device from within jail From: Dan Langille In-Reply-To: <20171217203734.GA2272@kib.kiev.ua> Date: Sun, 17 Dec 2017 15:49:15 -0500 Cc: freebsd-current@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20171217203734.GA2272@kib.kiev.ua> To: Kostik Belousov X-Mailer: Apple Mail (2.3445.5.20) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Dec 2017 20:49:43 -0000 > On Dec 17, 2017, at 3:37 PM, Konstantin Belousov = wrote: >=20 > On Sun, Dec 17, 2017 at 02:52:12PM -0500, Dan Langille wrote: >> Hello, >>=20 >> What suggestions do you have for where I should look next? I'm happy = to start installing various builds of FreeBSD in order to track down = which commit caused this. >>=20 >> I'm trying to access a tape library from within a jail running on a = FreeBSD 11.1 host. sa(4) devices are working (e.g. I can rewind nsa0). >>=20 >> pass(4) devices (i.e. the tape changer ch0) are not working. This = morning I posted to -scsi@: = https://lists.freebsd.org/pipermail/freebsd-scsi/2017-December/007608.html= >>=20 >> The device appears in the jail and has appropriate permissions. This = access was granted >> via /etc/devfs.rules using the same approach I used for FreeBSD 10.3 >>=20 >> The permissions in the jail: >>=20 >> [root@bacula-sd-02 ~]# ls -l /dev/pass7 >> crw------- 1 root operator 0x74 Dec 16 21:52 /dev/pass7 >>=20 >> The command in the jail: >>=20 >> [root@bacula-sd-02 ~]# mtx -f /dev/pass7 status=20 >> cannot open SCSI device '/dev/pass7' - Operation not permitted >>=20 >> Here is the truss output of the command in question: = https://gist.github.com/dlangille/b80ee804b8080e1cbf5b5ab67f0bdabe >=20 > Does it work to access the pass device from host using host' /dev ? Yes, it does. see "This command on the host" at = https://lists.freebsd.org/pipermail/freebsd-scsi/2017-December/007610.html= > Same question for the host access using the nodes of the jailed devfs = mount. I didn't try that, but I will soon. To be clear, does this command on = the host look like what you have in mind? mtx -f /usr/jails/bacula-sd-02/dev/pass7 status=20 --=20 Dan Langille - BSDCan / PGCon dan@langille.org