Date: Sun, 17 Dec 2017 11:27:08 -0500 From: Dan Langille <dan@langille.org> To: Scott Long <scottl@samsco.org> Cc: freebsd-scsi@freebsd.org Subject: Re: ch(4) FreeBSD 11.1 jails Message-ID: <746B096B-A682-4EA7-AA25-718F687E3B13@langille.org> In-Reply-To: <2E65031F-E39F-43FD-9D7C-25890A5ED641@samsco.org> References: <19FE523D-3A29-4EC1-BD11-71F2A9A84456@langille.org> <2E65031F-E39F-43FD-9D7C-25890A5ED641@samsco.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>> On Dec 16, 2017, at 3:05 PM, Dan Langille <dan@langille.org> wrote: >>=20 >> I'm trying to access a tape library from within a FreeBSD 11 jail. >>=20 >> I've added this to the host system: >>=20 >> [devfsrules_jail_unhide_tapes=3D5] >> add path sa0 unhide >> add path pass0 unhide >> add path pass7 unhide mode 0600 >> add path ch0 unhide >> add path nsa0 unhide >>=20 >> add path sa1 unhide >> add path pass8 unhide >> add path pass9 unhide mode 0600 >> add path ch1 unhide >> add path nsa1 unhide >>=20 >>=20 >> [devfsrules_jail_bacula=3D6] >> add include $devfsrules_hide_all >> add include $devfsrules_unhide_basic >> add include $devfsrules_unhide_login >> add path zfs unhide >> add include $devfsrules_jail_unhide_tapes >>=20 >>=20 >>=20 >> The jail can see the devices, and query the tape drive, but not the = changer: >>=20 >> $ sudo mtx -f /dev/pass7 status >> cannot open SCSI device '/dev/pass7' - Operation not permitted >>=20 >> The same command in the jail host succeeds. >>=20 >> Is there something more special I'm missing about FreeBSD 11.1? This = worked for me under 10.3. >>=20 >> Thank you. >>=20 >>=20 >> --=20 >> Dan Langille - BSDCan / PGCon >> dan@langille.org >>=20 >>=20 >> _______________________________________________ >> freebsd-scsi@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-scsi >> To unsubscribe, send any mail to = "freebsd-scsi-unsubscribe@freebsd.org" >=20 > On Dec 16, 2017, at 5:53 PM, Scott Long <scottl@samsco.org> wrote: >=20 > Hi Dan, >=20 > Try unhiding and giving permissions to /dev/xpt0. Not sure if = something changed there between 10.x and 11.x, but I suspect that it = would be necessary regardless. A truss/ktrace output will be necessary = if that doesn=E2=80=99t work. >=20 > Scott >=20 > Sent from my iPhone >=20 Background: the host devices from the tape library: <IBM ULT3580-HH4 C7Q1> at scbus1 target 4 lun 0 (pass1,sa0) <IBM 3573-TL B.60> at scbus1 target 4 lun 1 (pass7,ch0) <IBM ULT3580-HH4 C7Q1> at scbus1 target 5 lun 0 (pass8,sa1) <IBM 3573-TL B.60> at scbus1 target 5 lun 1 (pass9,ch1) The devices the jail can see: [dan@bacula-sd-02:~] $ ls -l /dev total 1 crw------- 1 root operator 0x6b Dec 16 21:52 ch0 crw------- 1 root operator 0x6c Dec 16 21:52 ch1 dr-xr-xr-x 2 root wheel 512 Dec 16 21:52 fd lrwxr-xr-x 1 root wheel 14 Dec 16 22:02 log -> ../var/run/log crw-rw---- 1 root operator 0x65 Dec 16 21:52 nsa0 crw-rw---- 1 root operator 0x69 Dec 16 21:52 nsa1 crw-rw-rw- 1 root wheel 0x1b Dec 17 16:16 null crw------- 1 root operator 0x6d Dec 16 21:52 pass0 crw------- 1 root operator 0x74 Dec 16 21:52 pass7 crw------- 1 root operator 0x75 Dec 16 21:52 pass8 crw------- 1 root operator 0x76 Dec 16 21:52 pass9 dr-xr-xr-x 2 root wheel 512 Dec 17 16:16 pts crw-r--r-- 1 root wheel 0x7 Dec 16 21:52 random crw-rw---- 1 root operator 0x64 Dec 16 21:52 sa0 crw-rw---- 1 root operator 0x68 Dec 16 21:52 sa1 lrwxr-xr-x 1 root wheel 4 Dec 16 22:02 stderr -> fd/2 lrwxr-xr-x 1 root wheel 4 Dec 16 22:02 stdin -> fd/0 lrwxr-xr-x 1 root wheel 4 Dec 16 22:02 stdout -> fd/1 lrwxr-xr-x 1 root wheel 6 Dec 16 22:02 urandom -> random crw-rw-rw- 1 root wheel 0x1c Dec 16 21:52 zero crw-rw-rw- 1 root operator 0x48 Dec 16 21:52 zfs [dan@bacula-sd-02:~] $=20 This command on the host: [root@r710-01:~] # mtx -f /dev/pass7 status | head Storage Changer /dev/pass7:2 Drives, 47 Slots ( 0 Import/Export ) Data Transfer Element 0:Full (Storage Element 1 Loaded):VolumeTag =3D = 000001L4 =20 Data Transfer Element 1:Empty Storage Element 1:Empty Storage Element 2:Empty Storage Element 3:Empty Storage Element 4:Empty Storage Element 5:Empty Storage Element 6:Empty Storage Element 7:Empty Same command in the jail: [root@bacula-sd-02 ~]# mtx -f /dev/pass7 status cannot open SCSI device '/dev/pass7' - Operation not permitted Same command with truss: [root@bacula-sd-02 ~]# truss mtx -f /dev/pass7 status=20 mmap(0x0,32768,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D = 34366197760 (0x800629000) issetugid() =3D 0 (0x0) lstat("/etc",{ mode=3Ddrwxr-xr-x ,inode=3D19,size=3D117,blksize=3D7680 = }) =3D 0 (0x0) lstat("/etc/libmap.conf",{ mode=3D-rw-r--r-- = ,inode=3D13724,size=3D109,blksize=3D4096 }) =3D 0 (0x0) openat(AT_FDCWD,"/etc/libmap.conf",O_RDONLY|O_CLOEXEC,00) =3D 3 (0x3) fstat(3,{ mode=3D-rw-r--r-- ,inode=3D13724,size=3D109,blksize=3D4096 }) = =3D 0 (0x0) mmap(0x0,109,PROT_READ,MAP_PRIVATE,3,0x0) =3D 34366230528 = (0x800631000) close(3) =3D 0 (0x0) lstat("/usr",{ mode=3Ddrwxr-xr-x ,inode=3D23,size=3D15,blksize=3D4096 }) = =3D 0 (0x0) lstat("/usr/local",{ mode=3Ddrwxr-xr-x ,inode=3D214,size=3D14,blksize=3D40= 96 }) =3D 0 (0x0) lstat("/usr/local/etc",{ mode=3Ddrwxr-xr-x = ,inode=3D32826,size=3D29,blksize=3D4096 }) =3D 0 (0x0) lstat("/usr/local/etc/libmap.d",0x7fffffffc548) ERR#2 'No such file or = directory' munmap(0x800631000,109) =3D 0 (0x0) openat(AT_FDCWD,"/var/run/ld-elf.so.hints",O_RDONLY|O_CLOEXEC,00) =3D 3 = (0x3) read(3,"Ehnt\^A\0\0\0\M^@\0\0\0f\0\0\0\0"...,128) =3D 128 (0x80) fstat(3,{ mode=3D-r--r--r-- ,inode=3D66965,size=3D230,blksize=3D4096 }) = =3D 0 (0x0) lseek(3,0x80,SEEK_SET) =3D 128 (0x80) read(3,"/lib:/usr/lib:/usr/lib/compat:/u"...,102) =3D 102 (0x66) close(3) =3D 0 (0x0) access("/lib/libcam.so.7",F_OK) =3D 0 (0x0) openat(AT_FDCWD,"/lib/libcam.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) =3D 3 = (0x3) fstat(3,{ mode=3D-r--r--r-- ,inode=3D141,size=3D201240,blksize=3D131072 = }) =3D 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D = 34366230528 (0x800631000) mmap(0x0,2297856,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) =3D = 34368299008 (0x80082a000) = mmap(0x80082a000,176128,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCO= RE|MAP_PREFAULT_READ,3,0x0) =3D 34368299008 (0x80082a000) = mmap(0x800a54000,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREF= AULT_READ,3,0x2a000) =3D 34370568192 (0x800a54000) munmap(0x800631000,4096) =3D 0 (0x0) close(3) =3D 0 (0x0) access("/lib/libc.so.7",F_OK) =3D 0 (0x0) openat(AT_FDCWD,"/lib/libc.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) =3D 3 = (0x3) fstat(3,{ mode=3D-r--r--r-- ,inode=3D168,size=3D1761320,blksize=3D131072 = }) =3D 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D = 34366230528 (0x800631000) mmap(0x0,3899392,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) =3D = 34370596864 (0x800a5b000) = mmap(0x800a5b000,1646592,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOC= ORE|MAP_PREFAULT_READ,3,0x0) =3D 34370596864 (0x800a5b000) = mmap(0x800ded000,49152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREF= AULT_READ,3,0x192000) =3D 34374340608 (0x800ded000) = mmap(0x800df9000,106496,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANO= N,-1,0x0) =3D 34374389760 (0x800df9000) munmap(0x800631000,4096) =3D 0 (0x0) close(3) =3D 0 (0x0) access("/lib/libsbuf.so.6",F_OK) =3D 0 (0x0) openat(AT_FDCWD,"/lib/libsbuf.so.6",O_RDONLY|O_CLOEXEC|O_VERIFY,00) =3D = 3 (0x3) fstat(3,{ mode=3D-r--r--r-- ,inode=3D137,size=3D11312,blksize=3D11776 }) = =3D 0 (0x0) mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) =3D = 34366230528 (0x800631000) mmap(0x0,2109440,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) =3D = 34374496256 (0x800e13000) = mmap(0x800e13000,12288,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCOR= E|MAP_PREFAULT_READ,3,0x0) =3D 34374496256 (0x800e13000) = mmap(0x801015000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFA= ULT_READ,3,0x2000) =3D 34376601600 (0x801015000) munmap(0x800631000,4096) =3D 0 (0x0) close(3) =3D 0 (0x0) mmap(0x0,40960,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D = 34366230528 (0x800631000) munmap(0x800634000,28672) =3D 0 (0x0) mmap(0x0,102400,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D = 34366242816 (0x800634000) sysarch(AMD64_SET_FSBASE,0x7fffffffdf08) =3D 0 (0x0) sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) readlink("/etc/malloc.conf",0x7fffffffd600,1024) ERR#2 'No such file or = directory' issetugid() =3D 0 (0x0) = __sysctl(0x7fffffffd4a0,0x2,0x7fffffffd4f0,0x7fffffffd4e8,0x800bbcc93,0xd)= =3D 0 (0x0) __sysctl(0x7fffffffd4f0,0x2,0x7fffffffd5b4,0x7fffffffd5a8,0x0,0x0) =3D 0 = (0x0) mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D = 34376605696 (0x801016000) munmap(0x801016000,2097152) =3D 0 (0x0) mmap(0x0,4190208,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D = 34376605696 (0x801016000) munmap(0x801016000,2007040) =3D 0 (0x0) munmap(0x801400000,86016) =3D 0 (0x0) sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D = 34380709888 (0x801400000) openat(AT_FDCWD,"/dev/pass7",O_RDWR|O_EXCL,00) ERR#1 'Operation not = permitted' stat("/usr/share/nls/C/libc.cat",0x7fffffffdea8) ERR#2 'No such file or = directory' stat("/usr/share/nls/libc/C",0x7fffffffdea8) ERR#2 'No such file or = directory' stat("/usr/local/share/nls/C/libc.cat",0x7fffffffdea8) ERR#2 'No such = file or directory' stat("/usr/local/share/nls/libc/C",0x7fffffffdea8) ERR#2 'No such file = or directory' cannot open SCSI device '/dev/pass7' - Operation not permitted write(2,"cannot open SCSI device '/dev/pa"...,63) =3D 63 (0x3f) sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) sigprocmask(SIG_BLOCK,{ = SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTS= TP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF= |SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) =3D 0 (0x0) sigprocmask(SIG_SETMASK,{ },0x0) =3D 0 (0x0) exit(0x1) =09 process exit, rval =3D 1 [root@bacula-sd-02 ~]#=20 --=20 Dan Langille - BSDCan / PGCon dan@langille.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?746B096B-A682-4EA7-AA25-718F687E3B13>