Date: Sun, 07 Oct 2001 23:50:28 +0200 From: "Georg-W. Koltermann" <gwk@sgi.com> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: current@FreeBSD.ORG Subject: Re: VMWare2 permission problems on -current as of Sep 26 Message-ID: <lth8zenktln.wl@hunter.munich.sgi.com> In-Reply-To: <Pine.NEB.3.96L.1011002202533.7220B-100000@fledge.watson.org> References: <lth669ypi5b.wl@hunter.munich.sgi.com> <Pine.NEB.3.96L.1011002202533.7220B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Robert, it doesn't seem to be securelevel-related. sysctl(8) says: hunter[5]$ sysctl kern.securelevel kern.securelevel: -1 I also hacked the securelevel_g[et] routines to immediately return 0 as you suggested, and it doesn't make a difference. Besides, securelevel_g[et] doesn't seem to be used much. I think I found only one reference when doing a find/grep in /usr/src/sys. And there are just a few hard-coded tests of securelevel > 0 as well. I ran the vmware command through ktrace(1) (had to do that as root since it won't trace a SUID program for a normal user), and it does get an error return from an access(2) on .Xauthority: 1207 vmware CALL access(0xbfbff759,0x4) 1207 vmware NAMI "/compat/linux/home/hunter/gwk/.Xauthority" 1207 vmware NAMI "/home/hunter/gwk/.Xauthority" 1207 vmware RET access -1 errno -13 Unknown error: -13 It seems I am going to debug the access() call next. -- Regards, Georg. At Tue, 2 Oct 2001 20:28:16 -0400 (EDT), Robert Watson wrote: > > > There have been a number of permission-related changes in the tree of > late, in particular relating to securelevel support. I haven't > experienced any local problems running the new code, but there is always > the potential for such a problem, especially in areas of the code I'm not > actively using. In particular, I haven't used vmware2 on my test boxes in > quite a while, since the KSE changes certainly at least. A first question > for you would be: are you using a securelevel other than -1? As a quick > hack, try the following: edit securelevel_ge() and securelevel_gt() in > kern_prot.c to always return 0. See if the problem goes away. It's > possible I botched a securelevel check in the device code, or > mis-transcribed a securelevel value. Depending on how into kernel > debugging you are, you could also try setting breakpoints in the > securelevel code and see what's getting spat out. > > Robert N M Watson FreeBSD Core Team, TrustedBSD Project > robert@fledge.watson.org NAI Labs, Safeport Network Services > > On Tue, 2 Oct 2001, Georg-W. Koltermann wrote: > > > Hi, > > > > I have applied the KSE patches to vmware2 that were posted on > > http://www.ripe.net/home/mark/files/vmware2_kse.patch.tgz. I can now > > build vmware2, but run into a number of permission problems running > > it: > > > > 1. Xlib: connection to ":0.0" refused by server > > Xlib: Client is not authorized to connect to Server > > Error: Can't open display: :0 > > > > Can be worked around by "chmod 644 ~/.Xauthority". > > > > 2. Cannot open /dev/tty0: permission denied (in a GUI message box). > > > > Linux /dev/tty0 seems to refer to FreeBSD /dev/ttyv0, > > using a chain of two symlinks. "chown $USER /dev/ttyv0" doesn't > > seem to be effective, but "chmod 666 /dev/ttyv0" makes the message > > go away. > > > > 3. Active virtual terminal (/dev/tty9) is not valid. Permission > > denied. (in a GUI message box). > > > > Seems to be like the above, Linux tty9 is really FreeBSD ttyv8, > > and a chown is ineffective but a chmod 666 solves it. > > > > 4. Warning: Tried to connect to session manager, Authentication > > Rejected, reason : None of the authentication protocols specified > > are supported and host-based authentication failed > > > > on stderr. Don't know if this is a problem or just a warning. > > > > 5. Permission error creating lockfiles (vmware-lock.whoever) > > > > The directory is owned by me. > > > > In summary, it seems as though the vmware binary (which is SUID root) > > is unable to access any files that are only accessible to the invoking > > user (like .Xauthority), and also unable to access any files > > accessible by root (like the /dev nodes). > > > > Is there a kind of changed permission policy in the new linuxulator > > that could cause this? By any chance, would I need to recompile the > > linux_base port? > > > > Is anyone using VMWare2 successfully on a recent -current? > > > > -- > > Regards, > > Georg. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-current" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lth8zenktln.wl>