ch(4) FreeBSD 11.1 jails
Dan Langille
dan at langille.org
Sun Dec 17 16:27:54 UTC 2017
>> On Dec 16, 2017, at 3:05 PM, Dan Langille <dan at langille.org> wrote:
>>
>> I'm trying to access a tape library from within a FreeBSD 11 jail.
>>
>> I've added this to the host system:
>>
>> [devfsrules_jail_unhide_tapes=5]
>> add path sa0 unhide
>> add path pass0 unhide
>> add path pass7 unhide mode 0600
>> add path ch0 unhide
>> add path nsa0 unhide
>>
>> add path sa1 unhide
>> add path pass8 unhide
>> add path pass9 unhide mode 0600
>> add path ch1 unhide
>> add path nsa1 unhide
>>
>>
>> [devfsrules_jail_bacula=6]
>> add include $devfsrules_hide_all
>> add include $devfsrules_unhide_basic
>> add include $devfsrules_unhide_login
>> add path zfs unhide
>> add include $devfsrules_jail_unhide_tapes
>>
>>
>>
>> The jail can see the devices, and query the tape drive, but not the changer:
>>
>> $ sudo mtx -f /dev/pass7 status
>> cannot open SCSI device '/dev/pass7' - Operation not permitted
>>
>> The same command in the jail host succeeds.
>>
>> Is there something more special I'm missing about FreeBSD 11.1? This worked for me under 10.3.
>>
>> Thank you.
>>
>>
>> --
>> Dan Langille - BSDCan / PGCon
>> dan at langille.org
>>
>>
>> _______________________________________________
>> freebsd-scsi at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-scsi
>> To unsubscribe, send any mail to "freebsd-scsi-unsubscribe at freebsd.org"
>
> On Dec 16, 2017, at 5:53 PM, Scott Long <scottl at samsco.org> wrote:
>
> Hi Dan,
>
> Try unhiding and giving permissions to /dev/xpt0. Not sure if something changed there between 10.x and 11.x, but I suspect that it would be necessary regardless. A truss/ktrace output will be necessary if that doesn’t work.
>
> Scott
>
> Sent from my iPhone
>
Background: the host devices from the tape library:
<IBM ULT3580-HH4 C7Q1> at scbus1 target 4 lun 0 (pass1,sa0)
<IBM 3573-TL B.60> at scbus1 target 4 lun 1 (pass7,ch0)
<IBM ULT3580-HH4 C7Q1> at scbus1 target 5 lun 0 (pass8,sa1)
<IBM 3573-TL B.60> at scbus1 target 5 lun 1 (pass9,ch1)
The devices the jail can see:
[dan at bacula-sd-02:~] $ ls -l /dev
total 1
crw------- 1 root operator 0x6b Dec 16 21:52 ch0
crw------- 1 root operator 0x6c Dec 16 21:52 ch1
dr-xr-xr-x 2 root wheel 512 Dec 16 21:52 fd
lrwxr-xr-x 1 root wheel 14 Dec 16 22:02 log -> ../var/run/log
crw-rw---- 1 root operator 0x65 Dec 16 21:52 nsa0
crw-rw---- 1 root operator 0x69 Dec 16 21:52 nsa1
crw-rw-rw- 1 root wheel 0x1b Dec 17 16:16 null
crw------- 1 root operator 0x6d Dec 16 21:52 pass0
crw------- 1 root operator 0x74 Dec 16 21:52 pass7
crw------- 1 root operator 0x75 Dec 16 21:52 pass8
crw------- 1 root operator 0x76 Dec 16 21:52 pass9
dr-xr-xr-x 2 root wheel 512 Dec 17 16:16 pts
crw-r--r-- 1 root wheel 0x7 Dec 16 21:52 random
crw-rw---- 1 root operator 0x64 Dec 16 21:52 sa0
crw-rw---- 1 root operator 0x68 Dec 16 21:52 sa1
lrwxr-xr-x 1 root wheel 4 Dec 16 22:02 stderr -> fd/2
lrwxr-xr-x 1 root wheel 4 Dec 16 22:02 stdin -> fd/0
lrwxr-xr-x 1 root wheel 4 Dec 16 22:02 stdout -> fd/1
lrwxr-xr-x 1 root wheel 6 Dec 16 22:02 urandom -> random
crw-rw-rw- 1 root wheel 0x1c Dec 16 21:52 zero
crw-rw-rw- 1 root operator 0x48 Dec 16 21:52 zfs
[dan at bacula-sd-02:~] $
This command on the host:
[root at r710-01:~] # mtx -f /dev/pass7 status | head
Storage Changer /dev/pass7:2 Drives, 47 Slots ( 0 Import/Export )
Data Transfer Element 0:Full (Storage Element 1 Loaded):VolumeTag = 000001L4
Data Transfer Element 1:Empty
Storage Element 1:Empty
Storage Element 2:Empty
Storage Element 3:Empty
Storage Element 4:Empty
Storage Element 5:Empty
Storage Element 6:Empty
Storage Element 7:Empty
Same command in the jail:
[root at bacula-sd-02 ~]# mtx -f /dev/pass7 status
cannot open SCSI device '/dev/pass7' - Operation not permitted
Same command with truss:
[root at bacula-sd-02 ~]# truss mtx -f /dev/pass7 status
mmap(0x0,32768,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366197760 (0x800629000)
issetugid() = 0 (0x0)
lstat("/etc",{ mode=drwxr-xr-x ,inode=19,size=117,blksize=7680 }) = 0 (0x0)
lstat("/etc/libmap.conf",{ mode=-rw-r--r-- ,inode=13724,size=109,blksize=4096 }) = 0 (0x0)
openat(AT_FDCWD,"/etc/libmap.conf",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
fstat(3,{ mode=-rw-r--r-- ,inode=13724,size=109,blksize=4096 }) = 0 (0x0)
mmap(0x0,109,PROT_READ,MAP_PRIVATE,3,0x0) = 34366230528 (0x800631000)
close(3) = 0 (0x0)
lstat("/usr",{ mode=drwxr-xr-x ,inode=23,size=15,blksize=4096 }) = 0 (0x0)
lstat("/usr/local",{ mode=drwxr-xr-x ,inode=214,size=14,blksize=4096 }) = 0 (0x0)
lstat("/usr/local/etc",{ mode=drwxr-xr-x ,inode=32826,size=29,blksize=4096 }) = 0 (0x0)
lstat("/usr/local/etc/libmap.d",0x7fffffffc548) ERR#2 'No such file or directory'
munmap(0x800631000,109) = 0 (0x0)
openat(AT_FDCWD,"/var/run/ld-elf.so.hints",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
read(3,"Ehnt\^A\0\0\0\M^@\0\0\0f\0\0\0\0"...,128) = 128 (0x80)
fstat(3,{ mode=-r--r--r-- ,inode=66965,size=230,blksize=4096 }) = 0 (0x0)
lseek(3,0x80,SEEK_SET) = 128 (0x80)
read(3,"/lib:/usr/lib:/usr/lib/compat:/u"...,102) = 102 (0x66)
close(3) = 0 (0x0)
access("/lib/libcam.so.7",F_OK) = 0 (0x0)
openat(AT_FDCWD,"/lib/libcam.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=141,size=201240,blksize=131072 }) = 0 (0x0)
mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366230528 (0x800631000)
mmap(0x0,2297856,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34368299008 (0x80082a000)
mmap(0x80082a000,176128,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34368299008 (0x80082a000)
mmap(0x800a54000,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x2a000) = 34370568192 (0x800a54000)
munmap(0x800631000,4096) = 0 (0x0)
close(3) = 0 (0x0)
access("/lib/libc.so.7",F_OK) = 0 (0x0)
openat(AT_FDCWD,"/lib/libc.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=168,size=1761320,blksize=131072 }) = 0 (0x0)
mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366230528 (0x800631000)
mmap(0x0,3899392,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34370596864 (0x800a5b000)
mmap(0x800a5b000,1646592,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34370596864 (0x800a5b000)
mmap(0x800ded000,49152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x192000) = 34374340608 (0x800ded000)
mmap(0x800df9000,106496,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34374389760 (0x800df9000)
munmap(0x800631000,4096) = 0 (0x0)
close(3) = 0 (0x0)
access("/lib/libsbuf.so.6",F_OK) = 0 (0x0)
openat(AT_FDCWD,"/lib/libsbuf.so.6",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=137,size=11312,blksize=11776 }) = 0 (0x0)
mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34366230528 (0x800631000)
mmap(0x0,2109440,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34374496256 (0x800e13000)
mmap(0x800e13000,12288,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34374496256 (0x800e13000)
mmap(0x801015000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x2000) = 34376601600 (0x801015000)
munmap(0x800631000,4096) = 0 (0x0)
close(3) = 0 (0x0)
mmap(0x0,40960,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366230528 (0x800631000)
munmap(0x800634000,28672) = 0 (0x0)
mmap(0x0,102400,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34366242816 (0x800634000)
sysarch(AMD64_SET_FSBASE,0x7fffffffdf08) = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0)
readlink("/etc/malloc.conf",0x7fffffffd600,1024) ERR#2 'No such file or directory'
issetugid() = 0 (0x0)
__sysctl(0x7fffffffd4a0,0x2,0x7fffffffd4f0,0x7fffffffd4e8,0x800bbcc93,0xd) = 0 (0x0)
__sysctl(0x7fffffffd4f0,0x2,0x7fffffffd5b4,0x7fffffffd5a8,0x0,0x0) = 0 (0x0)
mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34376605696 (0x801016000)
munmap(0x801016000,2097152) = 0 (0x0)
mmap(0x0,4190208,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34376605696 (0x801016000)
munmap(0x801016000,2007040) = 0 (0x0)
munmap(0x801400000,86016) = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0)
mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34380709888 (0x801400000)
openat(AT_FDCWD,"/dev/pass7",O_RDWR|O_EXCL,00) ERR#1 'Operation not permitted'
stat("/usr/share/nls/C/libc.cat",0x7fffffffdea8) ERR#2 'No such file or directory'
stat("/usr/share/nls/libc/C",0x7fffffffdea8) ERR#2 'No such file or directory'
stat("/usr/local/share/nls/C/libc.cat",0x7fffffffdea8) ERR#2 'No such file or directory'
stat("/usr/local/share/nls/libc/C",0x7fffffffdea8) ERR#2 'No such file or directory'
cannot open SCSI device '/dev/pass7' - Operation not permitted
write(2,"cannot open SCSI device '/dev/pa"...,63) = 63 (0x3f)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0)
sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
sigprocmask(SIG_SETMASK,{ },0x0) = 0 (0x0)
exit(0x1)
process exit, rval = 1
[root at bacula-sd-02 ~]#
--
Dan Langille - BSDCan / PGCon
dan at langille.org
More information about the freebsd-scsi
mailing list