Date: Wed, 28 Apr 2021 18:19:09 +0300 From: =?UTF-8?Q?Ionu=C8=9B_Mihalache?= <ionut.mihalache1506@gmail.com> To: Mark Johnston <markj@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: cap_sysctlbyname for hw.vmm.destroy Message-ID: <CAOxbktazHmPtHjkkD6Hh7=1O5KW5N%2Bcu-5=WfC6GmKPut4K7yQ@mail.gmail.com> In-Reply-To: <YIl0L5Wrm8YwpXWr@nuc> References: <CAOxbktY6GZY2rfyYMoTquyn04rM2GB5S2opAF1gDxh2177frLg@mail.gmail.com> <YIb66AlmFG0DPn%2BG@nuc> <CAOxbktbsOGAEHZHEuHNrzP9ToyJVN0MvhqfRX_M-kxNOChD2Gw@mail.gmail.com> <YIlot3y9aJ5cSB9H@nuc> <CAOxbktYCDEotQE%2BE3SHAkw_FCBui80xoAoWBbau9APb1M5=d6w@mail.gmail.com> <YIl0L5Wrm8YwpXWr@nuc>
next in thread | previous in thread | raw e-mail | index | archive | help
Even with the fixes cap_sysctl still returns EPERM for that simple example. =C3=8En mie., 28 apr. 2021 la 17:41, Mark Johnston <markj@freebsd.org> a sc= ris: > There are two bugs in the example, also present in your WIP. I fixed > them here: > > https://cgit.freebsd.org/src/commit/?id=3D44bbda649dc6c1cdc5a99641e14c771= 57967e140 > > On Wed, Apr 28, 2021 at 05:22:22PM +0300, Ionu=C8=9B Mihalache wrote: > > I update the code now [1] but still the same error. Even without any > limits > > the cap_sysctlbyname fails after using cap_enter. > > > > [1] - > > > https://github.com/FreeBSD-UPB/freebsd-src/blob/c54dce7590b065a757dff0f68= fd921aca380670f/usr.sbin/bhyve/bhyverun.c#L1567 > > > > =C3=8En mie., 28 apr. 2021 la 16:52, Mark Johnston <markj@freebsd.org> = a > scris: > > > > > On Wed, Apr 28, 2021 at 02:30:26PM +0300, Ionu=C8=9B Mihalache wrote: > > > > I tried to test the example from the documentation between here [1] > and > > > > here [2]. The code stops here [3]. > > > > > > I think you're referencing an old version of the cap_sysctl man page? > > > See the example from the copy in your repo: > > > > > > > https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f= 1dc42b066428807/lib/libcasper/services/cap_sysctl/cap_sysctl.3#L122 > > > In particular, when setting limits consumers should not be building > > > nvlists directly. > > > > > > > [1] - > > > > > > > > https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f= 1dc42b066428807/usr.sbin/bhyve/bhyverun.c#L1538 > > > > [2] - > > > > > > > > https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f= 1dc42b066428807/usr.sbin/bhyve/bhyverun.c#L1585 > > > > [3] - > > > > > > > > https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f= 1dc42b066428807/usr.sbin/bhyve/bhyverun.c#L1581 > > > > > > > > =C3=8En lun., 26 apr. 2021 la 20:40, Mark Johnston <markj@freebsd.o= rg> a > > > scris: > > > > > > > > > On Mon, Apr 26, 2021 at 05:16:14PM +0300, Ionu=C8=9B Mihalache wr= ote: > > > > > > Hello, > > > > > > > > > > > > I am working on adding capsicum support for the bhyve snapshot > > > feature. > > > > > At > > > > > > the end of the suspend process, the guest should be destroyed > and the > > > > > code > > > > > > handles this part with a sysctlbyname call which is not working > in > > > > > > capability mode. I don't know what is the problem but even when > using > > > > > > cap_sysctlbyname I still get the same error code (EPERM). I > tried the > > > > > > example from the documentation aswell [1] and still the same > error > > > code. > > > > > > What could be the problem? I have a FreeBSD13 host and a > FreeBSD13 > > > guest. > > > > > > > > > > I'm not sure why it would happen unless the casper process is > somehow > > > > > running as a non-root user. Can you share the code you're testin= g > > > > > somewhere? > > > > > > > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOxbktazHmPtHjkkD6Hh7=1O5KW5N%2Bcu-5=WfC6GmKPut4K7yQ>