Date: Wed, 28 Apr 2021 17:22:22 +0300 From: =?UTF-8?Q?Ionu=C8=9B_Mihalache?= <ionut.mihalache1506@gmail.com> To: Mark Johnston <markj@freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: cap_sysctlbyname for hw.vmm.destroy Message-ID: <CAOxbktYCDEotQE%2BE3SHAkw_FCBui80xoAoWBbau9APb1M5=d6w@mail.gmail.com> In-Reply-To: <YIlot3y9aJ5cSB9H@nuc> References: <CAOxbktY6GZY2rfyYMoTquyn04rM2GB5S2opAF1gDxh2177frLg@mail.gmail.com> <YIb66AlmFG0DPn%2BG@nuc> <CAOxbktbsOGAEHZHEuHNrzP9ToyJVN0MvhqfRX_M-kxNOChD2Gw@mail.gmail.com> <YIlot3y9aJ5cSB9H@nuc>
next in thread | previous in thread | raw e-mail | index | archive | help
I update the code now [1] but still the same error. Even without any limits the cap_sysctlbyname fails after using cap_enter. [1] - https://github.com/FreeBSD-UPB/freebsd-src/blob/c54dce7590b065a757dff0f68fd= 921aca380670f/usr.sbin/bhyve/bhyverun.c#L1567 =C3=8En mie., 28 apr. 2021 la 16:52, Mark Johnston <markj@freebsd.org> a sc= ris: > On Wed, Apr 28, 2021 at 02:30:26PM +0300, Ionu=C8=9B Mihalache wrote: > > I tried to test the example from the documentation between here [1] and > > here [2]. The code stops here [3]. > > I think you're referencing an old version of the cap_sysctl man page? > See the example from the copy in your repo: > > https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f= 1dc42b066428807/lib/libcasper/services/cap_sysctl/cap_sysctl.3#L122 > In particular, when setting limits consumers should not be building > nvlists directly. > > > [1] - > > > https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f= 1dc42b066428807/usr.sbin/bhyve/bhyverun.c#L1538 > > [2] - > > > https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f= 1dc42b066428807/usr.sbin/bhyve/bhyverun.c#L1585 > > [3] - > > > https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f= 1dc42b066428807/usr.sbin/bhyve/bhyverun.c#L1581 > > > > =C3=8En lun., 26 apr. 2021 la 20:40, Mark Johnston <markj@freebsd.org> = a > scris: > > > > > On Mon, Apr 26, 2021 at 05:16:14PM +0300, Ionu=C8=9B Mihalache wrote: > > > > Hello, > > > > > > > > I am working on adding capsicum support for the bhyve snapshot > feature. > > > At > > > > the end of the suspend process, the guest should be destroyed and t= he > > > code > > > > handles this part with a sysctlbyname call which is not working in > > > > capability mode. I don't know what is the problem but even when usi= ng > > > > cap_sysctlbyname I still get the same error code (EPERM). I tried t= he > > > > example from the documentation aswell [1] and still the same error > code. > > > > What could be the problem? I have a FreeBSD13 host and a FreeBSD13 > guest. > > > > > > I'm not sure why it would happen unless the casper process is somehow > > > running as a non-root user. Can you share the code you're testing > > > somewhere? > > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOxbktYCDEotQE%2BE3SHAkw_FCBui80xoAoWBbau9APb1M5=d6w>