On Wed, Sep 04, 2013 at 12:14:03AM +0300, Konstantin Belousov wrote:
> On Tue, Sep 03, 2013 at 08:25:29PM +0300, Vitalij Satanivskij wrote:
> > KB>
> > KB> Your installed libraries do not have proper debugging symbols.
> > KB> Since the issue seems to be in the compat32 layer, you may try to start
> > KB> with taking the ktrace of the failing program and see what syscall
> > failed,
> > KB> if any.
> > For me problem gone after disabling
> > options CAPABILITY_MODE # Capsicum capability mode
> > options CAPABILITIES # Capsicum capabilities
> > in kernel conf
> > I'm found it when roll backing system to previos revisions.
> > On r254268 uniq inside i386 jail say that = "unable to limit rights for "
> > So I decide to check without Capsicum features...
> Then the ktrace output would be esp. useful. Anyway, this is probably
> cap_rights_limit(2) compat32 issue. Pawel may know more.
cap_rights_limit(2) should have been fixed in r254491, so options
CAPABILITIES should be OK (I have not tested such a kernel though).
However, capability mode does not work with compat32. There is no
sys/compat32/capabilities.conf (also, such a file would be poorly
maintainable), and therefore capability mode does not permit any
compat32 system calls. As a result, a compat32 capability mode process
crashes after failing to invoke sys_exit.
The below patch ('make sysent' should be run in sys/compat/freebsd32
after patching) makes the kernel admit that it does not support
capability mode for compat32. This does not help if a 64-bit binary
enters capability mode and then executes a 32-bit binary using
fexecve(2) but otherwise it helps. It makes compat32 dhclient and uniq
work again, albeit without Capsicum security enhancements.
Making capability mode work for compat32 binaries would be better but if
it is not possible for 10.0 then something like this patch should be
committed.
Index: sys/compat/freebsd32/freebsd32_capability.c
===================================================================
--- sys/compat/freebsd32/freebsd32_capability.c (revision 255093)
+++ sys/compat/freebsd32/freebsd32_capability.c (working copy)
@@ -50,6 +50,18 @@
MALLOC_DECLARE(M_FILECAPS);
int
+freebsd32_cap_enter(struct thread *td,
+ struct freebsd32_cap_enter_args *uap)
+{
+
+ /*
+ * We do not have an equivalent of capabilities.conf for freebsd32
+ * compatibility, so do not allow capability mode for now.
+ */
+ return (ENOSYS);
+}
+
+int
freebsd32_cap_rights_limit(struct thread *td,
struct freebsd32_cap_rights_limit_args *uap)
{
@@ -148,6 +160,14 @@
#else /* !CAPABILITIES */
int
+freebsd32_cap_enter(struct thread *td,
+ struct freebsd32_cap_enter_args *uap)
+{
+
+ return (ENOSYS);
+}
+
+int
freebsd32_cap_rights_limit(struct thread *td,
struct freebsd32_cap_rights_limit_args *uap)
{
Index: sys/compat/freebsd32/syscalls.master
===================================================================
--- sys/compat/freebsd32/syscalls.master (revision 255093)
+++ sys/compat/freebsd32/syscalls.master (working copy)
@@ -973,7 +973,7 @@
514 AUE_CAP_NEW NOPROTO { int cap_new(int fd, uint64_t rights); }
515 AUE_CAP_RIGHTS_GET NOPROTO { int cap_rights_get(int fd, \
uint64_t *rightsp); }
-516 AUE_CAP_ENTER NOPROTO { int cap_enter(void); }
+516 AUE_CAP_ENTER STD { int freebsd32_cap_enter(void); }
517 AUE_CAP_GETMODE NOPROTO { int cap_getmode(u_int *modep); }
518 AUE_PDFORK NOPROTO { int pdfork(int *fdp, int flags); }
519 AUE_PDKILL NOPROTO { int pdkill(int fd, int signum); }
--
Jilles Tjoelker
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
