From nobody Fri Jul 12 06:58:11 2024 X-Original-To: freebsd-pkgbase@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WL2WH36MSz5PhyR; Fri, 12 Jul 2024 06:58:51 +0000 (UTC) (envelope-from reshadpatuck1@gmail.com) Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [IPv6:2a00:1450:4864:20::335]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WL2WG06Gkz4F2V; Fri, 12 Jul 2024 06:58:50 +0000 (UTC) (envelope-from reshadpatuck1@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=D1YNgBW4; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of reshadpatuck1@gmail.com designates 2a00:1450:4864:20::335 as permitted sender) smtp.mailfrom=reshadpatuck1@gmail.com Received: by mail-wm1-x335.google.com with SMTP id 5b1f17b1804b1-4265b7514fcso16082345e9.1; Thu, 11 Jul 2024 23:58:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1720767528; x=1721372328; darn=freebsd.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=dZ7lTW3XEyPA1cNYdXWk1gpk6+vRcZPPatYu28WwFKk=; b=D1YNgBW4ofj+Qny4C+RgqWgQrBfZpUBDMb1yXZ3U44yaqDDxAsnaM0Egp/fY8rUGfP 7sUrrVUXpsmXjLOb+0wZwS494nnC2zjRjrzCNSRJnWfd/dxpCKtY53FiC3vwfjNKIxjb dWuW4sdg3AL4vVEKtSjnBRnmQKWudzu7w/9k+90ojv1ajznU7KXdHmp7w/Nb7g35a0zz ZhxO0KCjEODZyhyRuV5nAUkG6iT9dulvgDjP35ieL68MX0+/Dkh3V1J0vo83qRxFjSnZ gOfxvo6zJR8ALiRK/zJ4PVOqgoxghfoF0DiVdPVxOkYfM+ZZLEOJeZ/QhCIHReYrlkCw tTyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720767528; x=1721372328; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=dZ7lTW3XEyPA1cNYdXWk1gpk6+vRcZPPatYu28WwFKk=; b=lZNBfTTzBf0a41CiioDjVZp1k75UseJNBYn7ObjThVBtHi7i5MKfYlsMDZcWnhUppF ZuQcczb4Xc0aSyk4G3h8MfF3FwR9gnN/QciMmz6+mjLMtPOqaff+fhDzQ8tQz47F9Vf1 dmCNp9sOTD3cnhBeG934k8pUH5OHnIanTZDd3uTI703FTSj9Rs8nM95IiMuIyzTvtQuU 04NGkE/jt3Ps88JDGwdDoamIVlAy16HNYjy4ic7z7X7teT+iHDRH9pcfx+NnedkzIoGT 7rj9/a6HNEcwOkPNsiptMcJDlbM7RQwak5BPfBMk86LoC625iwQbG5rMj1ew60nHXk3P W7ww== X-Forwarded-Encrypted: i=1; AJvYcCX15RGIbZKcOH7XhLbJJfeCPxosho+CArAOR3RRu9oTDjRJmQfw1bmtpS0kW+I4SEx4qFjgkiSJxN9f7TBOkw4OetnoDrWHOEqbeIE= X-Gm-Message-State: AOJu0YwXO4p3060JXluaU7hPSufHs7osdO0hVb/LuNgbsRF++Mzrao/t 1ImVPxWkYLg9ed2j2sqYZyC+mvzUsnKNXGO/kMxGHVSJjR6f0H6dDhz1oTono9Tn5GUcU0kPc4r +C0Y2d7rtZyyvqhXzUalcnHzg6r8/lQkQBpU= X-Google-Smtp-Source: AGHT+IEFqUu7ennqJSgNDb5pZktHdRVEqxldRYwhLCHIYYbtUcGL1I2eLzoWtWzsnShTBpnZRplg/AToQZ7Y4To52Rg= X-Received: by 2002:a05:600c:4ca7:b0:424:8836:310c with SMTP id 5b1f17b1804b1-4279da0238amr15168215e9.5.1720767528198; Thu, 11 Jul 2024 23:58:48 -0700 (PDT) List-Id: Packaging the FreeBSD base system List-Archive: https://lists.freebsd.org/archives/freebsd-pkgbase List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkgbase@FreeBSD.org MIME-Version: 1.0 References: In-Reply-To: From: Reshad Patuck Date: Fri, 12 Jul 2024 12:28:11 +0530 Message-ID: Subject: Re: SemLock as user permission denied after update to 14.1 To: freebsd-questions@freebsd.org, freebsd-pkgbase@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.98 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.98)[-0.980]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_ONE(0.00)[1]; MISSING_XM_UA(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; TO_DN_NONE(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org,freebsd-pkgbase@freebsd.org]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::335:from]; DKIM_TRACE(0.00)[gmail.com:+] X-Rspamd-Queue-Id: 4WL2WG06Gkz4F2V Half answering my own question - it seems like for some reason the permissions on /tmp have changed after the upgrade. Running truss on the minimal python command `truss python3.11 -c "import multiprocessing; multiprocessing.Queue()"` let me to the error `open("/tmp/SEMDmp-g_lyusv5",O_RDWR|O_EXLOCK|O_CREAT|O_EXCL|O_CLOEXEC,0600) ERR#13 'Permission denied'` The permissions for 14.0 seem to allow group and other write (and append) access to /tmp but write (and append) access is denied for these two on 14.1. Running `chmod o+w /tmp` fixes the issue for me, but it would be nice to know why this happened to begin with. Any insight as to why this would have changed when updating the system would be really helpful. I've been stuck on this for a day, looks like posting a question to the mailing list is a catalyst for figuring things out myself :) Hope this is at least helpful for someone else who gets stuck with something similar. ##### Output from FreeBSD 14.1 ##### # uname -iKmoprU FreeBSD 14.1-RELEASE-p2 amd64 amd64 GENERIC 1401000 1401000 # getfacl /tmp/ # file: /tmp/ # owner: root # group: wheel owner@:rwxp--aARWcCos:-------:allow group@:r-x---a-R-c--s:-------:allow everyone@:r-x---a-R-c--s:-------:allow # ls -al /tmp/ total 48 drwxr-xr-x 7 root wheel 15 Jul 12 03:01 . drwxr-xr-x 21 root wheel 30 Jul 11 05:14 .. ##### Output from FreeBSD 14.0 ##### # uname -iKmoprU FreeBSD 14.0-RELEASE-p5 amd64 amd64 GENERIC 1400097 1400097 # getfacl /tmp/ # file: /tmp/ # owner: root # group: wheel owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:rwxp--a-R-c--s:-------:allow # ls -al /tmp/ total 92 drwxrwxrwt 7 root wheel 16 Jul 12 03:01 . drwxr-xr-x 21 root wheel 30 Jul 9 11:53 .. On Fri, 12 Jul 2024 at 11:00, Reshad Patuck wrote: > > Hi, > > I have just updated one of my systems from FreeBSD 14.0 to 14.1 (using > pkg-base). > One of my python programs that runs as a non-root user fails to get a > SemLock when running as a non-root user. > This works fine on my other FreeBSD 14.0 systems. > Is there anything I am missing here or during my update? > Any steps to find out what permissions are missing/what has changed > will be really helpful. > > pkg base has been complied from git hash - > 1eba659e2f689d4014136048a8e470e852bdc69b > ports have been compiled via poudriere from git hash - > 1d024a4a0a853573d8586dc097ee9762b41c671b > > ##### Output from FreeBSD 14.1 running as the admin user ##### > $ id > uid=2000(admin) gid=2000(admin) groups=2000(admin),0(wheel) > $ uname -iKmoprUv > FreeBSD 14.1-RELEASE-p2 FreeBSD 14.1-RELEASE-p2 #0 1eba659e2-dirty: > Thu Jul 4 14:46:15 UTC 2024 > root@freebsd-zfs:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 amd64 > GENERIC 1401000 1401000 > $ python3.11 > Python 3.11.9 (main, Jul 4 2024, 09:04:54) [Clang 16.0.6 > (https://github.com/llvm/llvm-project.git llvmorg-16.0.6-0-g7cbf1a on > freebsd14 > Type "help", "copyright", "credits" or "license" for more information. > >>> import multiprocessing > >>> multiprocessing.Queue() > Traceback (most recent call last): > File "", line 1, in > File "/usr/local/lib/python3.11/multiprocessing/context.py", line > 103, in Queue > return Queue(maxsize, ctx=self.get_context()) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > File "/usr/local/lib/python3.11/multiprocessing/queues.py", line 43, > in __init__ > self._rlock = ctx.Lock() > ^^^^^^^^^^ > File "/usr/local/lib/python3.11/multiprocessing/context.py", line 68, in Lock > return Lock(ctx=self.get_context()) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > File "/usr/local/lib/python3.11/multiprocessing/synchronize.py", > line 169, in __init__ > SemLock.__init__(self, SEMAPHORE, 1, 1, ctx=ctx) > File "/usr/local/lib/python3.11/multiprocessing/synchronize.py", > line 57, in __init__ > sl = self._semlock = _multiprocessing.SemLock( > ^^^^^^^^^^^^^^^^^^^^^^^^^ > PermissionError: [Errno 13] Permission denied > >>> > > ##### Output from FreeBSD 14.1 running as the root user ##### > # id > uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) > # uname -iKmoprUv > FreeBSD 14.1-RELEASE-p2 FreeBSD 14.1-RELEASE-p2 #0 1eba659e2-dirty: > Thu Jul 4 14:46:15 UTC 2024 > root@freebsd-zfs:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 amd64 > GENERIC 1401000 1401000 > # python3.11 > Python 3.11.9 (main, Jul 4 2024, 09:04:54) [Clang 16.0.6 > (https://github.com/llvm/llvm-project.git llvmorg-16.0.6-0-g7cbf1a on > freebsd14 > Type "help", "copyright", "credits" or "license" for more information. > >>> import multiprocessing > >>> multiprocessing.Queue() > > >>> > > ##### Output from FreeBSD 14.0 running as the admin user ##### > $ id > uid=2000(admin) gid=2000(admin) groups=2000(admin),0(wheel) > $ uname -iKmoprUv > FreeBSD 14.0-RELEASE-p8 FreeBSD 14.0-RELEASE-p8 #0 5e2380679-dirty: > Thu Jul 4 08:31:06 UTC 2024 > root@freebsd-zfs:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 amd64 > GENERIC 1400097 1400097 > $ python3.11 > Python 3.11.9 (main, Jul 4 2024, 09:04:54) [Clang 16.0.6 > (https://github.com/llvm/llvm-project.git llvmorg-16.0.6-0-g7cbf1a on > freebsd14 > Type "help", "copyright", "credits" or "license" for more information. > >>> import multiprocessing > >>> multiprocessing.Queue() > > >>> > > Best, > Reshad