From owner-freebsd-scsi@freebsd.org Sun Dec 17 17:03:44 2017 Return-Path: Delivered-To: freebsd-scsi@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2E150E8EEF3 for ; Sun, 17 Dec 2017 17:03:44 +0000 (UTC) (envelope-from scottl@samsco.org) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EE8E176E72 for ; Sun, 17 Dec 2017 17:03:43 +0000 (UTC) (envelope-from scottl@samsco.org) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 7B57A206E0; Sun, 17 Dec 2017 12:03:42 -0500 (EST) Received: from frontend2 ([10.202.2.161]) by compute6.internal (MEProxy); Sun, 17 Dec 2017 12:03:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsco.org; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=3Vq36w5oxbEYxgJCqnUTusJSpnLr7 8l/A+e/DjxPvkk=; b=LqmRKywB4lktPWx8rm4b4LhzPyUmJyU4W9TCl66Dh3Ahv A3A+Z8hJuzsx74+ykVXtIKK1/iFzrCg5WsHJ4Eyas/ygh/j/BCHCTPDOws9BAQWS qqE44uHBi4dpKlOzmUnNlpYhr6ZvqXYBkhJMajkHkWkR2VFhKb5TukVX2uUUAIPo aAX6V4zsGYti5HBEVWaOH79rNwHSL2273LwJWKs7R+jnFS9uQuAEPRRb7N90GObk c1S7nuTsEa6Tp2NoX98DnYgjLeB8+i2nkPpDHJHUb3urWlV9Cuzhz2+iRZNo0HB1 8kUMGnzjCuD1rx8pUqKcOd1+8LRK5dponDURCh+ew== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=3Vq36w 5oxbEYxgJCqnUTusJSpnLr78l/A+e/DjxPvkk=; b=lfUS8D4yPmBNJsfP4aTIGx b/L916AB6eyCuJtv9LcPb4tdiFvdP7lKa3WVUT/gpAhYEBqxsitZkhTZjXRNQxHb GuK1SbHMSNTEFirO0n3x2yQwHiBRkYoZdnucNp0AAsEd0GyV4q3ZsjlVtjHtOkM3 XDOvw7He9ofYUs0msXFRx5Asexon/PTvXzJCxw70K/3v3FBpt6KLSafUHvezbgvY WDNWLhs0OXMhdBWMxRfhOJ9boqF2ofyPPlxYaE3I/NnWjbUCy6cVPs8nfiiRoX5k SNuUtGQMcqe69ez1sk2Ye7rgGqus76oR2xEXK0LtcHHx1TOkkZKhwXgGI3xbPllw == X-ME-Sender: Received: from [192.168.0.106] (unknown [161.97.249.191]) by mail.messagingengine.com (Postfix) with ESMTPA id DABCB24512; Sun, 17 Dec 2017 12:03:41 -0500 (EST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\)) Subject: Re: ch(4) FreeBSD 11.1 jails From: Scott Long In-Reply-To: <27C03467-BEB4-4257-BBA1-974F21D136C2@langille.org> Date: Sun, 17 Dec 2017 10:03:39 -0700 Cc: freebsd-scsi@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <5F8857E2-C953-4F12-B833-435145B1EE52@samsco.org> References: <19FE523D-3A29-4EC1-BD11-71F2A9A84456@langille.org> <2E65031F-E39F-43FD-9D7C-25890A5ED641@samsco.org> <746B096B-A682-4EA7-AA25-718F687E3B13@langille.org> <1C62DD70-910B-427B-BF90-BF02A622ABFD@samsco.org> <27C03467-BEB4-4257-BBA1-974F21D136C2@langille.org> To: Dan Langille X-Mailer: Apple Mail (2.3445.4.7) X-BeenThere: freebsd-scsi@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SCSI subsystem List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Dec 2017 17:03:44 -0000 Hi Dan, I noticed this in the openat(2) man page: In capsicum(4) capability mode, open() is not permitted. The path argument to openat() must be strictly relative to a file descriptor = fd, as defined in sys/kern/vfs_lookup.c. path must not be an absolute = path and must not contain ".." components. Additionally, no symbolic = link in path may contain ".." components either. fd must not be AT_FDCWD. Truss shows that your app is doing this: openat(AT_FDCWD,"/dev/pass7",O_RDWR|O_EXCL,00) ERR#1 'Operation not = permitted=E2=80=99 I don=E2=80=99t know a whole lot about capsicum, but maybe this is = related? Scott > On Dec 17, 2017, at 9:49 AM, Dan Langille wrote: >=20 > Scott, >=20 >=20 > On the host:=20 >=20 > [dan@r710-01:~] $ sysctl kern.securelevel > kern.securelevel: -1 >=20 >=20 > On the jail: >=20 > [dan@bacula-sd-01:~] $ sysctl kern.securelevel > kern.securelevel: -1 >=20 >=20 > If it's something else, who should I consult? >=20 > --=20 > Dan Langille - BSDCan / PGCon > dan@langille.org >=20 >=20 >> On Dec 17, 2017, at 11:39 AM, Scott Long wrote: >>=20 >> Hi Dan, >>=20 >> I agree with you, truss definitely shows that it=E2=80=99s failing = with the open(=E2=80=9Cpass7=E2=80=9D) >> call. Nothing in the src/sys/cam/scsi/scsi_pass.c code that has = changed >> regarding =E2=80=98open=E2=80=99 semantics since FreeBSD 9 in 2012. = There is a check in >> the code against the securelevel of the system. That code was added = a=20 >> LONG time ago, but maybe something has changed with securelevel. I >> guess it=E2=80=99s worth a look on your system to look at the = kern.securelevel >> sysctl both inside and outside of the jail. If it=E2=80=99s not that = then something >> outside of CAM, either in devfs or in the syscall layer, has changed. >>=20 >> Scott >>=20 >>=20 >>> On Dec 17, 2017, at 9:32 AM, Dan Langille wrote: >>>=20 >>>=20 >>>=20 >>>=20 >>>> On Dec 17, 2017, at 11:27 AM, Dan Langille = wrote: >>>>=20 >>>>>> On Dec 16, 2017, at 3:05 PM, Dan Langille = wrote: >>>>>>=20 >>>>>> I'm trying to access a tape library from within a FreeBSD 11 = jail. >>>>>>=20 >>>>>> I've added this to the host system: >>>>>>=20 >>>>>> [devfsrules_jail_unhide_tapes=3D5] >>>>>> add path sa0 unhide >>>>>> add path pass0 unhide >>>>>> add path pass7 unhide mode 0600 >>>>>> add path ch0 unhide >>>>>> add path nsa0 unhide >>>>>>=20 >>>>>> add path sa1 unhide >>>>>> add path pass8 unhide >>>>>> add path pass9 unhide mode 0600 >>>>>> add path ch1 unhide >>>>>> add path nsa1 unhide >>>>>>=20 >>>>>>=20 >>>>>> [devfsrules_jail_bacula=3D6] >>>>>> add include $devfsrules_hide_all >>>>>> add include $devfsrules_unhide_basic >>>>>> add include $devfsrules_unhide_login >>>>>> add path zfs unhide >>>>>> add include $devfsrules_jail_unhide_tapes >>>>>>=20 >>>>>>=20 >>>>>>=20 >>>>>> The jail can see the devices, and query the tape drive, but not = the changer: >>>>>>=20 >>>>>> $ sudo mtx -f /dev/pass7 status >>>>>> cannot open SCSI device '/dev/pass7' - Operation not permitted >>>>>>=20 >>>>>> The same command in the jail host succeeds. >>>>>>=20 >>>>>> Is there something more special I'm missing about FreeBSD 11.1? = This worked for me under 10.3. >>>>>>=20 >>>>>> Thank you. >>>>>>=20 >>>>>>=20 >>>>>> --=20 >>>>>> Dan Langille - BSDCan / PGCon >>>>>> dan@langille.org >>>>>>=20 >>>>>>=20 >>>>>> _______________________________________________ >>>>>> freebsd-scsi@freebsd.org mailing list >>>>>> https://lists.freebsd.org/mailman/listinfo/freebsd-scsi >>>>>> To unsubscribe, send any mail to = "freebsd-scsi-unsubscribe@freebsd.org" >>>>>=20 >>>>=20 >>>>> On Dec 16, 2017, at 5:53 PM, Scott Long wrote: >>>>>=20 >>>>> Hi Dan, >>>>>=20 >>>>> Try unhiding and giving permissions to /dev/xpt0. Not sure if = something changed there between 10.x and 11.x, but I suspect that it = would be necessary regardless. A truss/ktrace output will be necessary = if that doesn=E2=80=99t work. >>>>>=20 >>>>> Scott >>>>>=20 >>>>> Sent from my iPhone >>>>>=20 >>>>=20 >>>> Background: the host devices from the tape library: >>>>=20 >>>> at scbus1 target 4 lun 0 = (pass1,sa0) >>>> at scbus1 target 4 lun 1 = (pass7,ch0) >>>> at scbus1 target 5 lun 0 = (pass8,sa1) >>>> at scbus1 target 5 lun 1 = (pass9,ch1) >>>>=20 >>>>=20 >>>> The devices the jail can see: >>>>=20 >>>> [dan@bacula-sd-02:~] $ ls -l /dev >>>> total 1 >>>> crw------- 1 root operator 0x6b Dec 16 21:52 ch0 >>>> crw------- 1 root operator 0x6c Dec 16 21:52 ch1 >>>> dr-xr-xr-x 2 root wheel 512 Dec 16 21:52 fd >>>> lrwxr-xr-x 1 root wheel 14 Dec 16 22:02 log -> = ../var/run/log >>>> crw-rw---- 1 root operator 0x65 Dec 16 21:52 nsa0 >>>> crw-rw---- 1 root operator 0x69 Dec 16 21:52 nsa1 >>>> crw-rw-rw- 1 root wheel 0x1b Dec 17 16:16 null >>>> crw------- 1 root operator 0x6d Dec 16 21:52 pass0 >>>> crw------- 1 root operator 0x74 Dec 16 21:52 pass7 >>>> crw------- 1 root operator 0x75 Dec 16 21:52 pass8 >>>> crw------- 1 root operator 0x76 Dec 16 21:52 pass9 >>>> dr-xr-xr-x 2 root wheel 512 Dec 17 16:16 pts >>>> crw-r--r-- 1 root wheel 0x7 Dec 16 21:52 random >>>> crw-rw---- 1 root operator 0x64 Dec 16 21:52 sa0 >>>> crw-rw---- 1 root operator 0x68 Dec 16 21:52 sa1 >>>> lrwxr-xr-x 1 root wheel 4 Dec 16 22:02 stderr -> fd/2 >>>> lrwxr-xr-x 1 root wheel 4 Dec 16 22:02 stdin -> fd/0 >>>> lrwxr-xr-x 1 root wheel 4 Dec 16 22:02 stdout -> fd/1 >>>> lrwxr-xr-x 1 root wheel 6 Dec 16 22:02 urandom -> random >>>> crw-rw-rw- 1 root wheel 0x1c Dec 16 21:52 zero >>>> crw-rw-rw- 1 root operator 0x48 Dec 16 21:52 zfs >>>> [dan@bacula-sd-02:~] $=20 >>>>=20 >>>> This command on the host: >>>>=20 >>>> [root@r710-01:~] # mtx -f /dev/pass7 status | head >>>> Storage Changer /dev/pass7:2 Drives, 47 Slots ( 0 Import/Export ) >>>> Data Transfer Element 0:Full (Storage Element 1 Loaded):VolumeTag =3D= 000001L4 =20 >>>> Data Transfer Element 1:Empty >>>> Storage Element 1:Empty >>>> Storage Element 2:Empty >>>> Storage Element 3:Empty >>>> Storage Element 4:Empty >>>> Storage Element 5:Empty >>>> Storage Element 6:Empty >>>> Storage Element 7:Empty >>>>=20 >>>>=20 >>>> Same command in the jail: >>>>=20 >>>> [root@bacula-sd-02 ~]# mtx -f /dev/pass7 status >>>> cannot open SCSI device '/dev/pass7' - Operation not permitted >>>>=20 >>>> Same command with truss: >>>>=20 >>>> [root@bacula-sd-02 ~]# truss mtx -f /dev/pass7 status=20 >>>> mmap(0x0,32768,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D = 34366197760 (0x800629000) >>>> issetugid() =3D 0 (0x0) >>>> lstat("/etc",{ mode=3Ddrwxr-xr-x ,inode=3D19,size=3D117,blksize=3D768= 0 }) =3D 0 (0x0) >>>> lstat("/etc/libmap.conf",{ mode=3D-rw-r--r-- = ,inode=3D13724,size=3D109,blksize=3D4096 }) =3D 0 (0x0) >>>> openat(AT_FDCWD,"/etc/libmap.conf",O_RDONLY|O_CLOEXEC,00) =3D 3 = (0x3) >>>> fstat(3,{ mode=3D-rw-r--r-- ,inode=3D13724,size=3D109,blksize=3D4096 = }) =3D 0 (0x0) >>>> mmap(0x0,109,PROT_READ,MAP_PRIVATE,3,0x0) =3D 34366230528 = (0x800631000) >>>> close(3) =3D 0 (0x0) >>>> lstat("/usr",{ mode=3Ddrwxr-xr-x ,inode=3D23,size=3D15,blksize=3D4096= }) =3D 0 (0x0) >>>> lstat("/usr/local",{ mode=3Ddrwxr-xr-x = ,inode=3D214,size=3D14,blksize=3D4096 }) =3D 0 (0x0) >>>> lstat("/usr/local/etc",{ mode=3Ddrwxr-xr-x = ,inode=3D32826,size=3D29,blksize=3D4096 }) =3D 0 (0x0) >>>> lstat("/usr/local/etc/libmap.d",0x7fffffffc548) ERR#2 'No such = file or directory' >>>> munmap(0x800631000,109) =3D 0 (0x0) >>>> openat(AT_FDCWD,"/var/run/ld-elf.so.hints",O_RDONLY|O_CLOEXEC,00) =3D= 3 (0x3) >>>> read(3,"Ehnt\^A\0\0\0\M^@\0\0\0f\0\0\0\0"...,128) =3D 128 (0x80) >>>> fstat(3,{ mode=3D-r--r--r-- ,inode=3D66965,size=3D230,blksize=3D4096 = }) =3D 0 (0x0) >>>> lseek(3,0x80,SEEK_SET) =3D 128 (0x80) >>>> read(3,"/lib:/usr/lib:/usr/lib/compat:/u"...,102) =3D 102 (0x66) >>>> close(3) =3D 0 (0x0) >>>> access("/lib/libcam.so.7",F_OK) =3D 0 (0x0) >>>> openat(AT_FDCWD,"/lib/libcam.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = =3D 3 (0x3) >>>> fstat(3,{ mode=3D-r--r--r-- ,inode=3D141,size=3D201240,blksize=3D1310= 72 }) =3D 0 (0x0) >>>> mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D = 34366230528 (0x800631000) >>>> mmap(0x0,2297856,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = =3D 34368299008 (0x80082a000) >>>> = mmap(0x80082a000,176128,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCO= RE|MAP_PREFAULT_READ,3,0x0) =3D 34368299008 (0x80082a000) >>>> = mmap(0x800a54000,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREF= AULT_READ,3,0x2a000) =3D 34370568192 (0x800a54000) >>>> munmap(0x800631000,4096) =3D 0 (0x0) >>>> close(3) =3D 0 (0x0) >>>> access("/lib/libc.so.7",F_OK) =3D 0 (0x0) >>>> openat(AT_FDCWD,"/lib/libc.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) =3D = 3 (0x3) >>>> fstat(3,{ mode=3D-r--r--r-- ,inode=3D168,size=3D1761320,blksize=3D131= 072 }) =3D 0 (0x0) >>>> mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D = 34366230528 (0x800631000) >>>> mmap(0x0,3899392,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = =3D 34370596864 (0x800a5b000) >>>> = mmap(0x800a5b000,1646592,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOC= ORE|MAP_PREFAULT_READ,3,0x0) =3D 34370596864 (0x800a5b000) >>>> = mmap(0x800ded000,49152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREF= AULT_READ,3,0x192000) =3D 34374340608 (0x800ded000) >>>> = mmap(0x800df9000,106496,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANO= N,-1,0x0) =3D 34374389760 (0x800df9000) >>>> munmap(0x800631000,4096) =3D 0 (0x0) >>>> close(3) =3D 0 (0x0) >>>> access("/lib/libsbuf.so.6",F_OK) =3D 0 (0x0) >>>> openat(AT_FDCWD,"/lib/libsbuf.so.6",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = =3D 3 (0x3) >>>> fstat(3,{ mode=3D-r--r--r-- ,inode=3D137,size=3D11312,blksize=3D11776= }) =3D 0 (0x0) >>>> mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D = 34366230528 (0x800631000) >>>> mmap(0x0,2109440,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = =3D 34374496256 (0x800e13000) >>>> = mmap(0x800e13000,12288,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCOR= E|MAP_PREFAULT_READ,3,0x0) =3D 34374496256 (0x800e13000) >>>> = mmap(0x801015000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFA= ULT_READ,3,0x2000) =3D 34376601600 (0x801015000) >>>> munmap(0x800631000,4096) =3D 0 (0x0) >>>> close(3) =3D 0 (0x0) >>>> mmap(0x0,40960,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D = 34366230528 (0x800631000) >>>> munmap(0x800634000,28672) =3D 0 (0x0) >>>> mmap(0x0,102400,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D= 34366242816 (0x800634000) >>>> sysarch(AMD64_SET_FSBASE,0x7fffffffdf08) =3D 0 (0x0) >>>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>>> readlink("/etc/malloc.conf",0x7fffffffd600,1024) ERR#2 'No such = file or directory' >>>> issetugid() =3D 0 (0x0) >>>> = __sysctl(0x7fffffffd4a0,0x2,0x7fffffffd4f0,0x7fffffffd4e8,0x800bbcc93,0xd)= =3D 0 (0x0) >>>> __sysctl(0x7fffffffd4f0,0x2,0x7fffffffd5b4,0x7fffffffd5a8,0x0,0x0) = =3D 0 (0x0) >>>> mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = =3D 34376605696 (0x801016000) >>>> munmap(0x801016000,2097152) =3D 0 (0x0) >>>> mmap(0x0,4190208,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = =3D 34376605696 (0x801016000) >>>> munmap(0x801016000,2007040) =3D 0 (0x0) >>>> munmap(0x801400000,86016) =3D 0 (0x0) >>>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>>> mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = =3D 34380709888 (0x801400000) >>>> openat(AT_FDCWD,"/dev/pass7",O_RDWR|O_EXCL,00) ERR#1 = 'Operation not permitted' >>>> stat("/usr/share/nls/C/libc.cat",0x7fffffffdea8) ERR#2 'No such = file or directory' >>>> stat("/usr/share/nls/libc/C",0x7fffffffdea8) ERR#2 'No such = file or directory' >>>> stat("/usr/local/share/nls/C/libc.cat",0x7fffffffdea8) ERR#2 'No = such file or directory' >>>> stat("/usr/local/share/nls/libc/C",0x7fffffffdea8) ERR#2 'No such = file or directory' >>>> cannot open SCSI device '/dev/pass7' - Operation not permitted >>>> write(2,"cannot open SCSI device '/dev/pa"...,63) =3D 63 (0x3f) >>>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>>> exit(0x1) =09 >>>> process exit, rval =3D 1 >>>> [root@bacula-sd-02 ~]#=20 >>>>=20 >>>>=20 >>> I forgot to do xpt0... here it is: >>>=20 >>> ALSO: Diff between the two is here: = https://gist.github.com/dlangille/b80ee804b8080e1cbf5b5ab67f0bdabe/revisio= ns >>>=20 >>> =46rom the jail: >>>=20 >>> [dan@bacula-sd-02:~] $ ls -l /dev/xpt0=20 >>> crw------- 1 root operator 0x4c Dec 16 21:52 /dev/xpt0 >>> [dan@bacula-sd-02:~] $=20 >>>=20 >>>=20 >>> [dan@bacula-sd-02:~] $ truss mtx -f /dev/pass7 status >>> mmap(0x0,32768,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D = 34366197760 (0x800629000) >>> issetugid() =3D 0 (0x0) >>> lstat("/etc",{ mode=3Ddrwxr-xr-x ,inode=3D19,size=3D117,blksize=3D7680= }) =3D 0 (0x0) >>> lstat("/etc/libmap.conf",{ mode=3D-rw-r--r-- = ,inode=3D13724,size=3D109,blksize=3D4096 }) =3D 0 (0x0) >>> openat(AT_FDCWD,"/etc/libmap.conf",O_RDONLY|O_CLOEXEC,00) =3D 3 = (0x3) >>> fstat(3,{ mode=3D-rw-r--r-- ,inode=3D13724,size=3D109,blksize=3D4096 = }) =3D 0 (0x0) >>> mmap(0x0,109,PROT_READ,MAP_PRIVATE,3,0x0) =3D 34366230528 = (0x800631000) >>> close(3) =3D 0 (0x0) >>> lstat("/usr",{ mode=3Ddrwxr-xr-x ,inode=3D23,size=3D15,blksize=3D4096 = }) =3D 0 (0x0) >>> lstat("/usr/local",{ mode=3Ddrwxr-xr-x = ,inode=3D214,size=3D14,blksize=3D4096 }) =3D 0 (0x0) >>> lstat("/usr/local/etc",{ mode=3Ddrwxr-xr-x = ,inode=3D32826,size=3D29,blksize=3D4096 }) =3D 0 (0x0) >>> lstat("/usr/local/etc/libmap.d",0x7fffffffc608) ERR#2 'No such = file or directory' >>> munmap(0x800631000,109) =3D 0 (0x0) >>> openat(AT_FDCWD,"/var/run/ld-elf.so.hints",O_RDONLY|O_CLOEXEC,00) =3D = 3 (0x3) >>> read(3,"Ehnt\^A\0\0\0\M^@\0\0\0f\0\0\0\0"...,128) =3D 128 (0x80) >>> fstat(3,{ mode=3D-r--r--r-- ,inode=3D72757,size=3D230,blksize=3D4096 = }) =3D 0 (0x0) >>> lseek(3,0x80,SEEK_SET) =3D 128 (0x80) >>> read(3,"/lib:/usr/lib:/usr/lib/compat:/u"...,102) =3D 102 (0x66) >>> close(3) =3D 0 (0x0) >>> access("/lib/libcam.so.7",F_OK) =3D 0 (0x0) >>> openat(AT_FDCWD,"/lib/libcam.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) =3D= 3 (0x3) >>> fstat(3,{ mode=3D-r--r--r-- ,inode=3D141,size=3D201240,blksize=3D13107= 2 }) =3D 0 (0x0) >>> mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D = 34366230528 (0x800631000) >>> mmap(0x0,2297856,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) =3D= 34368299008 (0x80082a000) >>> = mmap(0x80082a000,176128,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCO= RE|MAP_PREFAULT_READ,3,0x0) =3D 34368299008 (0x80082a000) >>> = mmap(0x800a54000,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREF= AULT_READ,3,0x2a000) =3D 34370568192 (0x800a54000) >>> munmap(0x800631000,4096) =3D 0 (0x0) >>> close(3) =3D 0 (0x0) >>> access("/lib/libc.so.7",F_OK) =3D 0 (0x0) >>> openat(AT_FDCWD,"/lib/libc.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) =3D = 3 (0x3) >>> fstat(3,{ mode=3D-r--r--r-- ,inode=3D168,size=3D1761320,blksize=3D1310= 72 }) =3D 0 (0x0) >>> mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D = 34366230528 (0x800631000) >>> mmap(0x0,3899392,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) =3D= 34370596864 (0x800a5b000) >>> = mmap(0x800a5b000,1646592,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOC= ORE|MAP_PREFAULT_READ,3,0x0) =3D 34370596864 (0x800a5b000) >>> = mmap(0x800ded000,49152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREF= AULT_READ,3,0x192000) =3D 34374340608 (0x800ded000) >>> = mmap(0x800df9000,106496,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANO= N,-1,0x0) =3D 34374389760 (0x800df9000) >>> munmap(0x800631000,4096) =3D 0 (0x0) >>> close(3) =3D 0 (0x0) >>> access("/lib/libsbuf.so.6",F_OK) =3D 0 (0x0) >>> openat(AT_FDCWD,"/lib/libsbuf.so.6",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = =3D 3 (0x3) >>> fstat(3,{ mode=3D-r--r--r-- ,inode=3D137,size=3D11312,blksize=3D11776 = }) =3D 0 (0x0) >>> mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D = 34366230528 (0x800631000) >>> mmap(0x0,2109440,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) =3D= 34374496256 (0x800e13000) >>> = mmap(0x800e13000,12288,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCOR= E|MAP_PREFAULT_READ,3,0x0) =3D 34374496256 (0x800e13000) >>> = mmap(0x801015000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFA= ULT_READ,3,0x2000) =3D 34376601600 (0x801015000) >>> munmap(0x800631000,4096) =3D 0 (0x0) >>> close(3) =3D 0 (0x0) >>> mmap(0x0,40960,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D = 34366230528 (0x800631000) >>> munmap(0x800634000,28672) =3D 0 (0x0) >>> mmap(0x0,102400,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D = 34366242816 (0x800634000) >>> sysarch(AMD64_SET_FSBASE,0x7fffffffdfc8) =3D 0 (0x0) >>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>> readlink("/etc/malloc.conf",0x7fffffffd6c0,1024) ERR#2 'No such file = or directory' >>> issetugid() =3D 0 (0x0) >>> = __sysctl(0x7fffffffd560,0x2,0x7fffffffd5b0,0x7fffffffd5a8,0x800bbcc93,0xd)= =3D 0 (0x0) >>> __sysctl(0x7fffffffd5b0,0x2,0x7fffffffd674,0x7fffffffd668,0x0,0x0) =3D= 0 (0x0) >>> mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D= 34376605696 (0x801016000) >>> munmap(0x801016000,2097152) =3D 0 (0x0) >>> mmap(0x0,4190208,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D= 34376605696 (0x801016000) >>> munmap(0x801016000,2007040) =3D 0 (0x0) >>> munmap(0x801400000,86016) =3D 0 (0x0) >>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>> mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D= 34380709888 (0x801400000) >>> openat(AT_FDCWD,"/dev/pass7",O_RDWR|O_EXCL,00) ERR#13 = 'Permission denied' >>> stat("/usr/share/nls/C/libc.cat",0x7fffffffdf68) ERR#2 'No such file = or directory' >>> stat("/usr/share/nls/libc/C",0x7fffffffdf68) ERR#2 'No such = file or directory' >>> stat("/usr/local/share/nls/C/libc.cat",0x7fffffffdf68) ERR#2 'No = such file or directory' >>> stat("/usr/local/share/nls/libc/C",0x7fffffffdf68) ERR#2 'No such = file or directory' >>> cannot open SCSI device '/dev/pass7' - Permission denied >>> write(2,"cannot open SCSI device '/dev/pa"...,57) =3D 57 (0x39) >>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>> sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) >>> sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) >>> exit(0x1) =09 >>> process exit, rval =3D 1 >>>=20 >>> --=20 >>> Dan Langille - BSDCan / PGCon >>> dan@langille.org >>=20 >=20