Date: Sun, 07 Oct 2001 23:50:28 +0200 From: "Georg-W. Koltermann" <gwk@sgi.com> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: current@FreeBSD.ORG Subject: Re: VMWare2 permission problems on -current as of Sep 26 Message-ID: <lth8zenktln.wl@hunter.munich.sgi.com> In-Reply-To: <Pine.NEB.3.96L.1011002202533.7220B-100000@fledge.watson.org> References: <lth669ypi5b.wl@hunter.munich.sgi.com> <Pine.NEB.3.96L.1011002202533.7220B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Robert,
it doesn't seem to be securelevel-related. sysctl(8) says:
hunter[5]$ sysctl kern.securelevel
kern.securelevel: -1
I also hacked the securelevel_g[et] routines to immediately return 0
as you suggested, and it doesn't make a difference.
Besides, securelevel_g[et] doesn't seem to be used much. I think I
found only one reference when doing a find/grep in /usr/src/sys. And
there are just a few hard-coded tests of securelevel > 0 as well.
I ran the vmware command through ktrace(1) (had to do that as root
since it won't trace a SUID program for a normal user), and it does
get an error return from an access(2) on .Xauthority:
1207 vmware CALL access(0xbfbff759,0x4)
1207 vmware NAMI "/compat/linux/home/hunter/gwk/.Xauthority"
1207 vmware NAMI "/home/hunter/gwk/.Xauthority"
1207 vmware RET access -1 errno -13 Unknown error: -13
It seems I am going to debug the access() call next.
--
Regards,
Georg.
At Tue, 2 Oct 2001 20:28:16 -0400 (EDT),
Robert Watson wrote:
>
>
> There have been a number of permission-related changes in the tree of
> late, in particular relating to securelevel support. I haven't
> experienced any local problems running the new code, but there is always
> the potential for such a problem, especially in areas of the code I'm not
> actively using. In particular, I haven't used vmware2 on my test boxes in
> quite a while, since the KSE changes certainly at least. A first question
> for you would be: are you using a securelevel other than -1? As a quick
> hack, try the following: edit securelevel_ge() and securelevel_gt() in
> kern_prot.c to always return 0. See if the problem goes away. It's
> possible I botched a securelevel check in the device code, or
> mis-transcribed a securelevel value. Depending on how into kernel
> debugging you are, you could also try setting breakpoints in the
> securelevel code and see what's getting spat out.
>
> Robert N M Watson FreeBSD Core Team, TrustedBSD Project
> robert@fledge.watson.org NAI Labs, Safeport Network Services
>
> On Tue, 2 Oct 2001, Georg-W. Koltermann wrote:
>
> > Hi,
> >
> > I have applied the KSE patches to vmware2 that were posted on
> > http://www.ripe.net/home/mark/files/vmware2_kse.patch.tgz. I can now
> > build vmware2, but run into a number of permission problems running
> > it:
> >
> > 1. Xlib: connection to ":0.0" refused by server
> > Xlib: Client is not authorized to connect to Server
> > Error: Can't open display: :0
> >
> > Can be worked around by "chmod 644 ~/.Xauthority".
> >
> > 2. Cannot open /dev/tty0: permission denied (in a GUI message box).
> >
> > Linux /dev/tty0 seems to refer to FreeBSD /dev/ttyv0,
> > using a chain of two symlinks. "chown $USER /dev/ttyv0" doesn't
> > seem to be effective, but "chmod 666 /dev/ttyv0" makes the message
> > go away.
> >
> > 3. Active virtual terminal (/dev/tty9) is not valid. Permission
> > denied. (in a GUI message box).
> >
> > Seems to be like the above, Linux tty9 is really FreeBSD ttyv8,
> > and a chown is ineffective but a chmod 666 solves it.
> >
> > 4. Warning: Tried to connect to session manager, Authentication
> > Rejected, reason : None of the authentication protocols specified
> > are supported and host-based authentication failed
> >
> > on stderr. Don't know if this is a problem or just a warning.
> >
> > 5. Permission error creating lockfiles (vmware-lock.whoever)
> >
> > The directory is owned by me.
> >
> > In summary, it seems as though the vmware binary (which is SUID root)
> > is unable to access any files that are only accessible to the invoking
> > user (like .Xauthority), and also unable to access any files
> > accessible by root (like the /dev nodes).
> >
> > Is there a kind of changed permission policy in the new linuxulator
> > that could cause this? By any chance, would I need to recompile the
> > linux_base port?
> >
> > Is anyone using VMWare2 successfully on a recent -current?
> >
> > --
> > Regards,
> > Georg.
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-current" in the body of the message
> >
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lth8zenktln.wl>