Date: Tue, 19 Aug 2008 16:14:40 -0700 From: "Jerry Toung" <jrytoung@gmail.com> To: "Robert Watson" <rwatson@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: pkg_add on 64bits kernel w/ options MAC Message-ID: <86068e730808191614m66b72cb1y8786b8a7b6510df2@mail.gmail.com> In-Reply-To: <alpine.BSF.1.10.0808192125020.62454@fledge.watson.org> References: <86068e730808191315k2997c99bvbbc586e1173858f6@mail.gmail.com> <alpine.BSF.1.10.0808192125020.62454@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 19, 2008 at 1:26 PM, Robert Watson <rwatson@freebsd.org> wrote: > > > Sounds like a bug of some sort. Could you send the output of "sysctl > security.mac"? Also, if you could use ktrace to confirm which system calls > are returning EACCES/EPERM leading to the warnings, that would also be > helpful. > > I will file a PR later on. In the mean time here are the outputs you were looking for: security.mac.max_slots: 4 security.mac.enforce_network: 1 security.mac.enforce_pipe: 1 security.mac.enforce_posix_sem: 1 security.mac.enforce_suid: 1 security.mac.mmap_revocation_via_cow: 0 security.mac.mmap_revocation: 1 security.mac.enforce_vm: 1 security.mac.enforce_process: 1 security.mac.enforce_socket: 1 security.mac.enforce_system: 1 security.mac.enforce_kld: 1 security.mac.enforce_sysv_msg: 1 security.mac.enforce_sysv_sem: 1 security.mac.enforce_sysv_shm: 1 security.mac.enforce_fs: 1 bsd64-21# kdump -f ktrace.out 1045 ktrace RET ktrace 0 1045 ktrace CALL execve(0x7fffffffe720,0x7fffffffec80,0x7fffffffec98) 1045 ktrace RET execve -1 errno 2 No such file or directory 1045 ktrace CALL execve(0x7fffffffe720,0x7fffffffec80,0x7fffffffec98) 1045 ktrace RET execve -1 errno 2 No such file or directory 1045 ktrace CALL execve(0x7fffffffe720,0x7fffffffec80,0x7fffffffec98) 1045 pkg_add RET execve 0 1045 pkg_add CALL mmap(0,0x1e40,0x3,0x1000,0xffffffff,0,0) 1045 pkg_add RET mmap 5443584/0x800531000 1045 pkg_add CALL munmap(0x800531000,0x1e40) 1045 pkg_add RET munmap 0 1045 pkg_add CALL __sysctl(0x7fffffffe930,0x2,0x800639180,0x7fffffffe928,0,0) 1045 pkg_add RET __sysctl 0 1045 pkg_add CALL mmap(0,0x8000,0x3,0x1002,0xffffffff,0,0) 1045 pkg_add RET mmap 5443584/0x800531000 1045 pkg_add CALL issetugid 1045 pkg_add RET issetugid 0 1045 pkg_add CALL open(0x80052eff0,0,0x1b6) 1045 pkg_add RET open -1 errno 2 No such file or directory 1045 pkg_add CALL open(0x80052e1a8,0,0) 1045 pkg_add RET open 3 1045 pkg_add CALL read(0x3,0x7fffffffe8d0,0x80) 1045 pkg_add RET read 128/0x80 1045 pkg_add CALL lseek(0x3,0,0x80,0) 1045 pkg_add RET lseek 128/0x80 1045 pkg_add CALL read(0x3,0x800535000,0x3c) 1045 pkg_add RET read 60/0x3c 1045 pkg_add CALL close(0x3) 1045 pkg_add RET close 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access -1 errno 2 No such file or directory 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL open(0x8005320c0,0,0x800639060) 1045 pkg_add RET open 3 1045 pkg_add CALL fstat(0x3,0x7fffffffe8e0) 1045 pkg_add RET fstat 0 1045 pkg_add CALL read(0x3,0x800638040,0x1000) 1045 pkg_add RET read 4096/0x1000 1045 pkg_add CALL mmap(0,0x10e000,0x5,0x20002,0x3,0,0) 1045 pkg_add RET mmap 6541312/0x80063d000 1045 pkg_add CALL mprotect(0x800648000,0x1000,0x7) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mprotect(0x800648000,0x1000,0x5) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mmap(0x800749000,0x2000,0x3,0x12,0x3,0,0xc000) 1045 pkg_add RET mmap 7639040/0x800749000 1045 pkg_add CALL close(0x3) 1045 pkg_add RET close 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL open(0x800532120,0,0x6c) 1045 pkg_add RET open 3 1045 pkg_add CALL fstat(0x3,0x7fffffffe8e0) 1045 pkg_add RET fstat 0 1045 pkg_add CALL read(0x3,0x800638040,0x1000) 1045 pkg_add RET read 4096/0x1000 1045 pkg_add CALL mmap(0,0x10c000,0x5,0x20002,0x3,0,0) 1045 pkg_add RET mmap 7647232/0x80074b000 1045 pkg_add CALL mprotect(0x800755000,0x1000,0x7) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mprotect(0x800755000,0x1000,0x5) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mmap(0x800856000,0x1000,0x3,0x12,0x3,0,0xb000) 1045 pkg_add RET mmap 8740864/0x800856000 1045 pkg_add CALL close(0x3) 1045 pkg_add RET close 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access -1 errno 2 No such file or directory 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL open(0x800532140,0,0x75) 1045 pkg_add RET open 3 1045 pkg_add CALL fstat(0x3,0x7fffffffe8e0) 1045 pkg_add RET fstat 0 1045 pkg_add CALL read(0x3,0x800638040,0x1000) 1045 pkg_add RET read 4096/0x1000 1045 pkg_add CALL mmap(0,0x138000,0x5,0x20002,0x3,0,0) 1045 pkg_add RET mmap 8744960/0x800857000 1045 pkg_add CALL mprotect(0x800886000,0x1000,0x7) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mprotect(0x800886000,0x1000,0x5) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mmap(0x800987000,0x8000,0x3,0x12,0x3,0,0x30000) 1045 pkg_add RET mmap 9990144/0x800987000 1045 pkg_add CALL close(0x3) 1045 pkg_add RET close 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL open(0x800532180,0,0x6c) 1045 pkg_add RET open 3 1045 pkg_add CALL fstat(0x3,0x7fffffffe8e0) 1045 pkg_add RET fstat 0 1045 pkg_add CALL read(0x3,0x800638040,0x1000) 1045 pkg_add RET read 4096/0x1000 1045 pkg_add CALL mmap(0,0x247000,0x5,0x20002,0x3,0,0) 1045 pkg_add RET mmap 10022912/0x80098f000 1045 pkg_add CALL mprotect(0x800a9b000,0x1000,0x7) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mprotect(0x800a9b000,0x1000,0x5) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mmap(0x800b9c000,0x37000,0x3,0x12,0x3,0,0x10d000) 1045 pkg_add RET mmap 12173312/0x800b9c000 1045 pkg_add CALL mmap(0x800bd3000,0x3000,0x3,0x1012,0xffffffff,0,0) 1045 pkg_add RET mmap 12398592/0x800bd3000 1045 pkg_add CALL close(0x3) 1045 pkg_add RET close 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL open(0x8005321a0,0,0x2e) 1045 pkg_add RET open 3 1045 pkg_add CALL fstat(0x3,0x7fffffffe8e0) 1045 pkg_add RET fstat 0 1045 pkg_add CALL read(0x3,0x800638040,0x1000) 1045 pkg_add RET read 4096/0x1000 1045 pkg_add CALL mmap(0,0x20f000,0x5,0x20002,0x3,0,0) 1045 pkg_add RET mmap 12410880/0x800bd6000 1045 pkg_add CALL mprotect(0x800cb1000,0x1000,0x7) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mprotect(0x800cb1000,0x1000,0x5) 1045 pkg_add RET mprotect 0 1045 pkg_add CALL mmap(0x800db1000,0x1b000,0x3,0x12,0x3,0,0xdb000) 1045 pkg_add RET mmap 14356480/0x800db1000 1045 pkg_add CALL mmap(0x800dcc000,0x19000,0x3,0x1012,0xffffffff,0,0) 1045 pkg_add RET mmap 14467072/0x800dcc000 1045 pkg_add CALL close(0x3) 1045 pkg_add RET close 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access -1 errno 2 No such file or directory 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL access(0x800536000,0) 1045 pkg_add RET access 0 1045 pkg_add CALL sysarch(0x81,0x7fffffffe9a0) 1045 pkg_add RET sysarch 0 1045 pkg_add CALL mmap(0,0x890,0x3,0x1000,0xffffffff,0,0) 1045 pkg_add RET mmap 5476352/0x800539000 1045 pkg_add CALL munmap(0x800539000,0x890) 1045 pkg_add RET munmap 0 1045 pkg_add CALL mmap(0,0xae0,0x3,0x1000,0xffffffff,0,0) 1045 pkg_add RET mmap 5476352/0x800539000 1045 pkg_add CALL munmap(0x800539000,0xae0) 1045 pkg_add RET munmap 0 1045 pkg_add CALL mmap(0,0x650,0x3,0x1000,0xffffffff,0x800000000,0) 1045 pkg_add RET mmap 5476352/0x800539000 1045 pkg_add CALL munmap(0x800539000,0x650) 1045 pkg_add RET munmap 0 1045 pkg_add CALL mmap(0,0x22e0,0x3,0x1000,0xffffffff,0x800000000,0) 1045 pkg_add RET mmap 5476352/0x800539000 1045 pkg_add CALL munmap(0x800539000,0x22e0) 1045 pkg_add RET munmap 0 1045 pkg_add CALL mmap(0,0xad70,0x3,0x1000,0xffffffff,0x800000000,0) 1045 pkg_add RET mmap 5476352/0x800539000 1045 pkg_add CALL munmap(0x800539000,0xad70) 1045 pkg_add RET munmap 0 1045 pkg_add CALL mmap(0,0xb180,0x3,0x1000,0xffffffff,0x800000000,0) 1045 pkg_add RET mmap 5476352/0x800539000 1045 pkg_add CALL munmap(0x800539000,0xb180) 1045 pkg_add RET munmap 0 1045 pkg_add CALL sigprocmask(0x1,0x800637f40,0x7fffffffe960) 1045 pkg_add RET sigprocmask 0 1045 pkg_add CALL sigprocmask(0x3,0x800637f50,0) 1045 pkg_add RET sigprocmask 0 1045 pkg_add CALL open(0x40b965,0,0x1b6) 1045 pkg_add RET open -1 errno 2 No such file or directory 1045 pkg_add CALL lstat(0x7fffffffee40,0x7fffffffe250) 1045 pkg_add RET lstat 0 1045 pkg_add CALL __getcwd(0x510f00,0x400) 1045 pkg_add RET __getcwd 0 1045 pkg_add CALL lstat(0x510f00,0x7fffffffe220) 1045 pkg_add RET lstat 0 1045 pkg_add CALL umask(0x12) 1045 pkg_add RET umask 18/0x12 1045 pkg_add CALL sigaction(0x2,0x7fffffffe280,0x7fffffffe260) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigaction(0x1,0x7fffffffe280,0x7fffffffe260) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL stat(0x7fffffffde80,0x7fffffffd600) 1045 pkg_add RET stat 0 1045 pkg_add CALL stat(0x40bb0c,0x7fffffffbd10) 1045 pkg_add RET stat 0 1045 pkg_add CALL statfs(0x40bb0c,0x7fffffffbb20) 1045 pkg_add RET statfs 0 1045 pkg_add CALL gettimeofday(0x7fffffffbb70,0) 1045 pkg_add RET gettimeofday 0 1045 pkg_add CALL getpid 1045 pkg_add RET getpid 1045/0x415 1045 pkg_add CALL open(0x800cb135f,0,0) 1045 pkg_add RET open 3 1045 pkg_add CALL read(0x3,0x7fffffffbb84,0x6c) 1045 pkg_add RET read 108/0x6c 1045 pkg_add CALL close(0x3) 1045 pkg_add RET close 0 1045 pkg_add CALL stat(0x7fffffffda80,0x7fffffffbc40) 1045 pkg_add RET stat 0 1045 pkg_add CALL mkdir(0x7fffffffda80,0x1c0) 1045 pkg_add RET mkdir 0 1045 pkg_add CALL chmod(0x7fffffffda80,0x1c0) 1045 pkg_add RET chmod 0 1045 pkg_add CALL statfs(0x7fffffffda80,0x7fffffffbb20) 1045 pkg_add RET statfs 0 1045 pkg_add CALL __getcwd(0x510220,0x400) 1045 pkg_add RET __getcwd 0 1045 pkg_add CALL chdir(0x7fffffffda80) 1045 pkg_add RET chdir 0 1045 pkg_add CALL readlink(0x800caa841,0x7fffffffbcf0,0x3f) 1045 pkg_add RET readlink -1 errno 2 No such file or directory 1045 pkg_add CALL issetugid 1045 pkg_add RET issetugid 0 1045 pkg_add CALL mmap(0,0x1000,0x3,0x1002,0xffffffff,0x800000000,0) 1045 pkg_add RET mmap 5476352/0x800539000 1045 pkg_add CALL break(0x545000) 1045 pkg_add RET break 0 1045 pkg_add CALL break(0x546000) 1045 pkg_add RET break 0 1045 pkg_add CALL break(0x547000) 1045 pkg_add RET break 0 1045 pkg_add CALL break(0x548000) 1045 pkg_add RET break 0 1045 pkg_add CALL __sysctl(0x7fffffffbc08,0x2,0x7fffffffbbfc,0x7fffffffbc00,0,0) 1045 pkg_add RET __sysctl 0 1045 pkg_add CALL break(0x588000) 1045 pkg_add RET break 0 1045 pkg_add CALL sigaction(0x2,0x7fffffffbbe0,0x7fffffffbbc0) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigaction(0x3,0x7fffffffbbe0,0x7fffffffbba0) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigprocmask(0x1,0x7fffffffbb90,0x7fffffffbb80) 1045 pkg_add RET sigprocmask 0 1045 pkg_add CALL fork 1045 pkg_add RET fork 1046/0x416 1045 pkg_add CALL wait4(0x416,0x7fffffffbb7c,0,0) 1045 pkg_add RET wait4 1046/0x416 1045 pkg_add CALL sigaction(0x2,0x7fffffffbbc0,0) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigaction(0x3,0x7fffffffbba0,0) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigprocmask(0x3,0x7fffffffbb80,0) 1045 pkg_add RET sigprocmask 0 1045 pkg_add CALL break(0x558000) 1045 pkg_add RET break 0 1045 pkg_add CALL write(0x2,0x7fffffffb4a0,0x9) 1045 pkg_add RET write 9 1045 pkg_add CALL write(0x2,0x7fffffffb580,0x25) 1045 pkg_add RET write 37/0x25 1045 pkg_add CALL write(0x2,0x800db7e87,0x1) 1045 pkg_add RET write 1 1045 pkg_add CALL write(0x2,0x7fffffffb520,0x9) 1045 pkg_add RET write 9 1045 pkg_add CALL write(0x2,0x7fffffffb600,0x4f) 1045 pkg_add RET write 79/0x4f 1045 pkg_add CALL write(0x2,0x800db7e87,0x1) 1045 pkg_add RET write 1 1045 pkg_add CALL sigaction(0x2,0x7fffffffbd70,0x7fffffffbd50) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL chdir(0x510220) 1045 pkg_add RET chdir 0 1045 pkg_add CALL __sysctl(0x7fffffffbc78,0x2,0x7fffffffbc6c,0x7fffffffbc70,0,0) 1045 pkg_add RET __sysctl 0 1045 pkg_add CALL break(0x598000) 1045 pkg_add RET break 0 1045 pkg_add CALL sigaction(0x2,0x7fffffffbc50,0x7fffffffbc30) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigaction(0x3,0x7fffffffbc50,0x7fffffffbc10) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigprocmask(0x1,0x7fffffffbc00,0x7fffffffbbf0) 1045 pkg_add RET sigprocmask 0 1045 pkg_add CALL fork 1045 pkg_add RET fork 1048/0x418 1045 pkg_add CALL wait4(0x418,0x7fffffffbbec,0,0) 1045 pkg_add RET wait4 1048/0x418 1045 pkg_add CALL sigaction(0x2,0x7fffffffbc30,0) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigaction(0x3,0x7fffffffbc10,0) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL sigprocmask(0x3,0x7fffffffbbf0,0) 1045 pkg_add RET sigprocmask 0 1045 pkg_add CALL break(0x558000) 1045 pkg_add RET break 0 1045 pkg_add CALL sigaction(0x2,0x7fffffffbd80,0x7fffffffbd60) 1045 pkg_add RET sigaction 0 1045 pkg_add CALL exit(0x1) bsd64-21#
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86068e730808191614m66b72cb1y8786b8a7b6510df2>