From owner-freebsd-current Sun Oct 7 15:42:24 2001 Delivered-To: freebsd-current@freebsd.org Received: from rj.sgi.com (rj.SGI.COM [204.94.215.100]) by hub.freebsd.org (Postfix) with ESMTP id 3191E37B405; Sun, 7 Oct 2001 15:42:15 -0700 (PDT) Received: from yog-sothoth.sgi.com (eugate.neu.sgi.com [144.253.131.5]) by rj.sgi.com (8.11.4/8.11.4/linux-outbound_gateway-1.0) with ESMTP id f97MgDL10492; Sun, 7 Oct 2001 15:42:13 -0700 Received: from sgiger.munich.sgi.com (sgiger.munich.sgi.com [144.253.192.2]) by yog-sothoth.sgi.com (980305.SGI.8.8.8-aspam-6.2/980304.SGI-aspam-europe) via SMTP id XAA2564152; Sun, 7 Oct 2001 23:51:07 +0200 (CEST) mail_from (gwk@sgi.com) Received: from cuckoo.munich.sgi.com (cuckoo.munich.sgi.com [144.253.192.109]) by sgiger.munich.sgi.com (950413.SGI.8.6.12/950213.SGI.AUTOCF) via ESMTP id XAA07048; Sun, 7 Oct 2001 23:51:26 +0200 Received: from hunter.munich.sgi.com ([192.26.53.52]) by cuckoo.munich.sgi.com (SGI-8.9.3/8.9.3) with ESMTP id XAA76615; Sun, 7 Oct 2001 23:51:08 +0200 (CEST) Received: from hunter.munich.sgi.com (localhost.munich.sgi.com [127.0.0.1]) by hunter.munich.sgi.com (8.11.6/8.11.6) with ESMTP id f97LoSe01213; Sun, 7 Oct 2001 23:50:39 +0200 (CEST) (envelope-from gwk@sgi.com) Date: Sun, 07 Oct 2001 23:50:28 +0200 Message-ID: From: "Georg-W. Koltermann" To: Robert Watson Cc: current@FreeBSD.ORG Subject: Re: VMWare2 permission problems on -current as of Sep 26 In-Reply-To: References: User-Agent: Wanderlust/2.4.1 (Stand By Me) SEMI/1.13.7 (Awazu) FLIM/1.13.2 (Kasanui) Emacs/20.7 (i386--freebsd) MULE/4.0 (HANANOEN) Organization: SGI X-Attribution: gwk MIME-Version: 1.0 (generated by SEMI 1.13.7 - "Awazu") Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi Robert, it doesn't seem to be securelevel-related. sysctl(8) says: hunter[5]$ sysctl kern.securelevel kern.securelevel: -1 I also hacked the securelevel_g[et] routines to immediately return 0 as you suggested, and it doesn't make a difference. Besides, securelevel_g[et] doesn't seem to be used much. I think I found only one reference when doing a find/grep in /usr/src/sys. And there are just a few hard-coded tests of securelevel > 0 as well. I ran the vmware command through ktrace(1) (had to do that as root since it won't trace a SUID program for a normal user), and it does get an error return from an access(2) on .Xauthority: 1207 vmware CALL access(0xbfbff759,0x4) 1207 vmware NAMI "/compat/linux/home/hunter/gwk/.Xauthority" 1207 vmware NAMI "/home/hunter/gwk/.Xauthority" 1207 vmware RET access -1 errno -13 Unknown error: -13 It seems I am going to debug the access() call next. -- Regards, Georg. At Tue, 2 Oct 2001 20:28:16 -0400 (EDT), Robert Watson wrote: > > > There have been a number of permission-related changes in the tree of > late, in particular relating to securelevel support. I haven't > experienced any local problems running the new code, but there is always > the potential for such a problem, especially in areas of the code I'm not > actively using. In particular, I haven't used vmware2 on my test boxes in > quite a while, since the KSE changes certainly at least. A first question > for you would be: are you using a securelevel other than -1? As a quick > hack, try the following: edit securelevel_ge() and securelevel_gt() in > kern_prot.c to always return 0. See if the problem goes away. It's > possible I botched a securelevel check in the device code, or > mis-transcribed a securelevel value. Depending on how into kernel > debugging you are, you could also try setting breakpoints in the > securelevel code and see what's getting spat out. > > Robert N M Watson FreeBSD Core Team, TrustedBSD Project > robert@fledge.watson.org NAI Labs, Safeport Network Services > > On Tue, 2 Oct 2001, Georg-W. Koltermann wrote: > > > Hi, > > > > I have applied the KSE patches to vmware2 that were posted on > > http://www.ripe.net/home/mark/files/vmware2_kse.patch.tgz. I can now > > build vmware2, but run into a number of permission problems running > > it: > > > > 1. Xlib: connection to ":0.0" refused by server > > Xlib: Client is not authorized to connect to Server > > Error: Can't open display: :0 > > > > Can be worked around by "chmod 644 ~/.Xauthority". > > > > 2. Cannot open /dev/tty0: permission denied (in a GUI message box). > > > > Linux /dev/tty0 seems to refer to FreeBSD /dev/ttyv0, > > using a chain of two symlinks. "chown $USER /dev/ttyv0" doesn't > > seem to be effective, but "chmod 666 /dev/ttyv0" makes the message > > go away. > > > > 3. Active virtual terminal (/dev/tty9) is not valid. Permission > > denied. (in a GUI message box). > > > > Seems to be like the above, Linux tty9 is really FreeBSD ttyv8, > > and a chown is ineffective but a chmod 666 solves it. > > > > 4. Warning: Tried to connect to session manager, Authentication > > Rejected, reason : None of the authentication protocols specified > > are supported and host-based authentication failed > > > > on stderr. Don't know if this is a problem or just a warning. > > > > 5. Permission error creating lockfiles (vmware-lock.whoever) > > > > The directory is owned by me. > > > > In summary, it seems as though the vmware binary (which is SUID root) > > is unable to access any files that are only accessible to the invoking > > user (like .Xauthority), and also unable to access any files > > accessible by root (like the /dev nodes). > > > > Is there a kind of changed permission policy in the new linuxulator > > that could cause this? By any chance, would I need to recompile the > > linux_base port? > > > > Is anyone using VMWare2 successfully on a recent -current? > > > > -- > > Regards, > > Georg. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-current" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message