cap_sysctlbyname for hw.vmm.destroy
Ionuț Mihalache
ionut.mihalache1506 at gmail.com
Wed Apr 28 15:19:24 UTC 2021
Even with the fixes cap_sysctl still returns EPERM for that simple example.
În mie., 28 apr. 2021 la 17:41, Mark Johnston <markj at freebsd.org> a scris:
> There are two bugs in the example, also present in your WIP. I fixed
> them here:
>
> https://cgit.freebsd.org/src/commit/?id=44bbda649dc6c1cdc5a99641e14c77157967e140
>
> On Wed, Apr 28, 2021 at 05:22:22PM +0300, Ionuț Mihalache wrote:
> > I update the code now [1] but still the same error. Even without any
> limits
> > the cap_sysctlbyname fails after using cap_enter.
> >
> > [1] -
> >
> https://github.com/FreeBSD-UPB/freebsd-src/blob/c54dce7590b065a757dff0f68fd921aca380670f/usr.sbin/bhyve/bhyverun.c#L1567
> >
> > În mie., 28 apr. 2021 la 16:52, Mark Johnston <markj at freebsd.org> a
> scris:
> >
> > > On Wed, Apr 28, 2021 at 02:30:26PM +0300, Ionuț Mihalache wrote:
> > > > I tried to test the example from the documentation between here [1]
> and
> > > > here [2]. The code stops here [3].
> > >
> > > I think you're referencing an old version of the cap_sysctl man page?
> > > See the example from the copy in your repo:
> > >
> > >
> https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f1dc42b066428807/lib/libcasper/services/cap_sysctl/cap_sysctl.3#L122
> > > In particular, when setting limits consumers should not be building
> > > nvlists directly.
> > >
> > > > [1] -
> > > >
> > >
> https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f1dc42b066428807/usr.sbin/bhyve/bhyverun.c#L1538
> > > > [2] -
> > > >
> > >
> https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f1dc42b066428807/usr.sbin/bhyve/bhyverun.c#L1585
> > > > [3] -
> > > >
> > >
> https://github.com/FreeBSD-UPB/freebsd-src/blob/3a08ffe4839de9b8396b1760f1dc42b066428807/usr.sbin/bhyve/bhyverun.c#L1581
> > > >
> > > > În lun., 26 apr. 2021 la 20:40, Mark Johnston <markj at freebsd.org> a
> > > scris:
> > > >
> > > > > On Mon, Apr 26, 2021 at 05:16:14PM +0300, Ionuț Mihalache wrote:
> > > > > > Hello,
> > > > > >
> > > > > > I am working on adding capsicum support for the bhyve snapshot
> > > feature.
> > > > > At
> > > > > > the end of the suspend process, the guest should be destroyed
> and the
> > > > > code
> > > > > > handles this part with a sysctlbyname call which is not working
> in
> > > > > > capability mode. I don't know what is the problem but even when
> using
> > > > > > cap_sysctlbyname I still get the same error code (EPERM). I
> tried the
> > > > > > example from the documentation aswell [1] and still the same
> error
> > > code.
> > > > > > What could be the problem? I have a FreeBSD13 host and a
> FreeBSD13
> > > guest.
> > > > >
> > > > > I'm not sure why it would happen unless the casper process is
> somehow
> > > > > running as a non-root user. Can you share the code you're testing
> > > > > somewhere?
> > > > >
> > >
>
More information about the freebsd-hackers
mailing list