Date: Fri, 22 Sep 2023 13:44:33 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: FreeBSD Jail ML <freebsd-jail@freebsd.org> Subject: Opening of /dev/pts/3 fails in jail (no such file), but it is visible in ls Message-ID: <1c9037e072f646e02082e143e42c70e0@Leidinger.net>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--=_6624c69a29a91047f14f228d9c8d2f02
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
format=flowed
Hi,
I'm trying to debug an issue with pinentry-tty. The reason is that I
want to export a gpg secret key, but it fails when the gpg-agent tries
to ask for the PW. An alternative way to export the key works, but the
main way should work too. So I took the time now to dig deeper. This is
inside a jail, I haven't tried if it is the same effect outside a jail.
With the gpg developer Werner Koch I tried to debug this, and we went
down to do a pinentry-wrapper which calls pinentry within ktrace.
The important part is this:
---snip---
79943 pinentry-tty RET write 1
79943 pinentry-tty CALL read(0x3,0x464697e00158,0x3ea)
79943 pinentry-tty GIO fd 3 read 7 bytes
"GETPIN
"
79943 pinentry-tty RET read 7
79943 pinentry-tty CALL sigaction(SIGALRM,0x3fee6ca161d0,0)
79943 pinentry-tty RET sigaction 0
79943 pinentry-tty CALL sigaction(SIGINT,0x3fee6ca161d0,0)
79943 pinentry-tty RET sigaction 0
79943 pinentry-tty CALL
setitimer(ITIMER_REAL,0x3fee6ca16160,0x3fee6ca16140)
79943 pinentry-tty STRU itimerval { .interval = {0, 0}, .value = {60,
0} }
79943 pinentry-tty STRU itimerval { .interval = {0, 0}, .value = {0,
0} }
79943 pinentry-tty RET setitimer 0
79943 pinentry-tty CALL open(0x46469782c020,0<O_RDONLY>)
79943 pinentry-tty NAMI "/dev/pts/3"
79943 pinentry-tty RET open -1 errno 2 No such file or directory
79943 pinentry-tty CALL write(0x4,0x3fee6ca16420,0x36)
79943 pinentry-tty GIO fd 4 wrote 54 bytes
"ERR 83886179 Verarbeitung wurde abgebrochen <Pinentry>"
79943 pinentry-tty RET write 54/0x36
79943 pinentry-tty CALL write(0x4,0x3fee6dd96326,0x1)
79943 pinentry-tty GIO fd 4 wrote 1 byte
---snip---
The file exists and I see it inside the jail:
---snip---
% ll /dev/pts/3
crw--w---- 1 netchild tty 0x180 22 Sep. 12:44 /dev/pts/3
---snip---
The corresponding code is here:
https://github.com/gpg/pinentry/blob/master/tty/pinentry-tty.c#L547
The ttyname comes from the env (set via "export GPG_TTY=$(tty)") set in
my .zshenv when logging in (ssh to host, jexec into jail, "su -
netchild" -> .zshenv -> GPG_TTY is set).
If I do the same via ssh to this account, a new PTS is allocated and
this works.
So clearly, the jail is restricting the access to the pts which was
allocated on the host side instead of the jail side.
On one hand this is understandable, as it was not created inside the
jail. On the other hand the expectation is if I see the pts inside the
jail, I should be able to access it. I can see it with ls, but I can not
open it with open(). There is a mismatch.
The first question which comes to my mind now is, what the bug is... is
it a bug that it is visible in ls, or is it a bug that I can not open
it? What is the reason for the unexpected behavior I see?
Bye,
Alexander.
--
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF
--=_6624c69a29a91047f14f228d9c8d2f02
Content-Type: application/pgp-signature;
name=signature.asc
Content-Disposition: attachment;
filename=signature.asc;
size=833
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmUNfjEACgkQEg2wmwP4
2Ia6pA/+LMNGkz6ifGuSZMtFOmpR2aRYL6bHFu1kqP2wR4UZ9tNHoTbnWB7SajGA
nhP1py0O1rfO1bpC62wxYGhqHSQxk6IsFHMcpjTZCjWPdXY01TwCSoZoG5RvbFv7
SCmRn5ZBdVLrBZOK3hApX572Iork79Q6UOEqAIwGGQNEwxPi5EUVOlJy4Cn92Jul
Lg9khhNVo7spn6+g78rMOzQDMNLNT2XfVIoZJFv83RIVxezCzEfAh+BZrL9bs4Uf
Yh/EpKFQddL2U/K5DxFrLICh9HcaR41KtVvCSFQkjodlaAYYFjDDoTWBTC3oOuRg
g8ovvtBgLbUyajedJnXFD8zdiMCh23RusuQlOWeFcr2aMMS1qJmpROAsjcdPupaE
Dal16yfRH+8NWjpWg1VTyhQRelNnNwtRT0DV5VKsewVlAetX9qZXhsytVfeQyDmL
V0UYbhU4SLvY/aURwj1H4MvaBZCYU7H529iauNo4JlXsCbaHd0aAzI1514+PuI37
iuUtEP7zS9D75hXEfth5W+Q/LqOj+94VkuQl8/6dpX+mijk4IRRiZewMJ1w2ui3L
P+ZsogxwYK6zAM2bjE0u3CAn1JHW1VflxARCVVoc4qE+wpXgGHi/cgiqP3Jd2+0d
v8mKDQn4ZeqNrbix3E9A+Uo3Q6eqaN/7wkbSBxsJ/2wMQsqv7MA=
=bhtx
-----END PGP SIGNATURE-----
--=_6624c69a29a91047f14f228d9c8d2f02--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1c9037e072f646e02082e143e42c70e0>