Date: Sun, 17 Dec 2017 14:04:19 -0700 From: Warner Losh <imp@bsdimp.com> To: Dan Langille <dan@langille.org> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: cannot access pass device from within jail Message-ID: <CANCZdfqWF1ckY58yp6sDGkJHxnwoyQB=nz1mnRKZe_mOM3H-gQ@mail.gmail.com> In-Reply-To: <E1314554-C8D0-4E8F-B8DB-E0B4D9DE325F@langille.org> References: <E1314554-C8D0-4E8F-B8DB-E0B4D9DE325F@langille.org>
next in thread | previous in thread | raw e-mail | index | archive | help
What's the permissions of /dev/xpt0 in the jail? If it's not there I know at least camcontrol won't work. I've not used mtx, so I can't say if it's affected too or not. However, looking at the truss output: openat(AT_FDCWD,"/dev/pass7",O_RDWR|O_EXCL,00) ERR#1 'Operation not permitted' suggests something other than the canonical xpt0 issue else is going on. If we look at passopen in cam, I can see two exit paths: error = securelevel_gt(td->td_ucred, 1); if (error != 0) {... return error; } securelevel_gt is just "return (cr->cr_prison->pr_securelevel > level ? EPERM : 0);" which might be possible. What's the securelevel of the jail? Maybe this is going on somehow? The second is basically if (((flags & FWRITE) == 0) || ((flags & FREAD) == 0)) {... return EPERM; } which isn't happening because of the O_RDWR in the truss output. The other possibility is that something above the pass driver is doing the check. I've not looked at that code path yet, buy you can see if it's making it to passopen() with dtrace and checking its return value. I don't see anything in how we register the device, though, that would suggest filtering it in jails. Warner On Sun, Dec 17, 2017 at 12:52 PM, Dan Langille <dan@langille.org> wrote: > Hello, > > What suggestions do you have for where I should look next? I'm happy to > start installing various builds of FreeBSD in order to track down which > commit caused this. > > I'm trying to access a tape library from within a jail running on a > FreeBSD 11.1 host. sa(4) devices are working (e.g. I can rewind nsa0). > > pass(4) devices (i.e. the tape changer ch0) are not working. This morning > I posted to -scsi@: https://lists.freebsd.org/pipermail/freebsd-scsi/2017- > December/007608.html > > The device appears in the jail and has appropriate permissions. This > access was granted > via /etc/devfs.rules using the same approach I used for FreeBSD 10.3 > > The permissions in the jail: > > [root@bacula-sd-02 ~]# ls -l /dev/pass7 > crw------- 1 root operator 0x74 Dec 16 21:52 /dev/pass7 > > The command in the jail: > > [root@bacula-sd-02 ~]# mtx -f /dev/pass7 status > cannot open SCSI device '/dev/pass7' - Operation not permitted > > Here is the truss output of the command in question: > https://gist.github.com/dlangille/b80ee804b8080e1cbf5b5ab67f0bdabe > > Thank you. > > -- > Dan Langille - BSDCan / PGCon > dan@langille.org > > > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfqWF1ckY58yp6sDGkJHxnwoyQB=nz1mnRKZe_mOM3H-gQ>