cannot access pass device from within jail

Warner Losh imp at
Sun Dec 17 21:04:20 UTC 2017

What's the permissions of /dev/xpt0 in the jail? If it's not there I know
at least camcontrol won't work. I've not used mtx, so I can't say if it's
affected too or not.

However, looking at the truss output:

openat(AT_FDCWD,"/dev/pass7",O_RDWR|O_EXCL,00) ERR#1 'Operation not
suggests something other than the canonical xpt0 issue else is going on. If
we look at passopen in cam, I can see two exit paths:

        error = securelevel_gt(td->td_ucred, 1); if (error != 0) {...
return error; }
securelevel_gt is just "return (cr->cr_prison->pr_securelevel > level ?
EPERM : 0);" which might be possible. What's the securelevel of the jail?
Maybe this is going on somehow?

The second is basically
        if (((flags & FWRITE) == 0) || ((flags & FREAD) == 0)) {... return
which isn't happening because of the O_RDWR in the truss output.

The other possibility is that something above the pass driver is doing the
check. I've not looked at that code path yet, buy you can see if it's
making it to passopen() with dtrace and checking its return value. I don't
see anything in how we register the device, though, that would suggest
filtering it in jails.


On Sun, Dec 17, 2017 at 12:52 PM, Dan Langille <dan at> wrote:

> Hello,
> What suggestions do you have for where I should look next? I'm happy to
> start installing various builds of FreeBSD in order to track down which
> commit caused this.
> I'm trying to access a tape library from within a jail running on a
> FreeBSD 11.1 host.  sa(4) devices are working (e.g. I can rewind nsa0).
> pass(4) devices (i.e. the tape changer ch0) are not working.  This morning
> I posted to -scsi@:
> December/007608.html
> The device appears in the jail and has appropriate permissions.  This
> access was granted
> via /etc/devfs.rules using the same approach I used for FreeBSD 10.3
> The permissions in the jail:
> [root at bacula-sd-02 ~]# ls -l /dev/pass7
> crw-------  1 root  operator  0x74 Dec 16 21:52 /dev/pass7
> The command in the jail:
> [root at bacula-sd-02 ~]# mtx -f /dev/pass7 status
> cannot open SCSI device '/dev/pass7' - Operation not permitted
> Here is the truss output of the command in question:
> Thank you.
> --
> Dan Langille - BSDCan / PGCon
> dan at
> _______________________________________________
> freebsd-current at mailing list
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at"

More information about the freebsd-current mailing list