info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
devd in jail
94 views
Skip to first unread message
Giulio Ferro
Aug 9, 2017, 2:47:26 PM8/9/17
to
Hello all,
Setup : 11.1-STABLE FreeBSD 11.1-STABLE #0 r321925M amd64
I'm trying to create a fully virtualized desktop enviroment in a jail by
means of installing there
a xrdp-devel server + Xorg installation (xorg + xorgrdp).
Everything seems to work until the moment when the X server actually
tries to come up (after I choose session=xorg, username + password)
In the X logs in the jail, in fact, I have this error:
...
[ 9768.824] (EE) config/devd: fail to connect to devd
[ 9768.824] [config] failed to initialise devd
I've checked on the host machine, and I don't have that error as
everything works fine there...
In my jail, I've setup the devfs like this (/etc/jail.conf in the host):
---
exec.start="/bin/sh /etc/rc";
exec.stop="/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
devfs_ruleset=1;
path="/usr/home/jail/$name";
myjail {
host.hostname="myjail.me.com";
vnet;
vnet.interface = epair0b, epair1b;
persist;
}
---
and in the /etc/devfs.conf everythink is commented out.
In the /dev directory in the jail, I get both the devctl and devctl2
devices.
As the devd demon is not running in the jail, I've tried adding
devd_enable="YES"
in the rc.conf (jail), but when I try to start it, I get:
# /etc/rc.d/devd start
Starting devd.
devd: Can't open devctl device /dev/devctl: Device busy
/etc/rc.d/devd: WARNING: failed to start devd
Do you know if I'm doing something wrong, or there's a proper way to
have devd running in the jail?
I've thought that maybe I should use the devtcl2 device, as the devctl
is used by the host,
but I don't know how to specify that to devd...
Thanks in advance for your help.
Giulio
_______________________________________________
freebsd...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hacke...@freebsd.org"
Setup : 11.1-STABLE FreeBSD 11.1-STABLE #0 r321925M amd64
I'm trying to create a fully virtualized desktop enviroment in a jail by
means of installing there
a xrdp-devel server + Xorg installation (xorg + xorgrdp).
Everything seems to work until the moment when the X server actually
tries to come up (after I choose session=xorg, username + password)
In the X logs in the jail, in fact, I have this error:
...
[ 9768.824] (EE) config/devd: fail to connect to devd
[ 9768.824] [config] failed to initialise devd
I've checked on the host machine, and I don't have that error as
everything works fine there...
In my jail, I've setup the devfs like this (/etc/jail.conf in the host):
---
exec.start="/bin/sh /etc/rc";
exec.stop="/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
devfs_ruleset=1;
path="/usr/home/jail/$name";
myjail {
host.hostname="myjail.me.com";
vnet;
vnet.interface = epair0b, epair1b;
persist;
}
---
and in the /etc/devfs.conf everythink is commented out.
In the /dev directory in the jail, I get both the devctl and devctl2
devices.
As the devd demon is not running in the jail, I've tried adding
devd_enable="YES"
in the rc.conf (jail), but when I try to start it, I get:
# /etc/rc.d/devd start
Starting devd.
devd: Can't open devctl device /dev/devctl: Device busy
/etc/rc.d/devd: WARNING: failed to start devd
Do you know if I'm doing something wrong, or there's a proper way to
have devd running in the jail?
I've thought that maybe I should use the devtcl2 device, as the devctl
is used by the host,
but I don't know how to specify that to devd...
Thanks in advance for your help.
Giulio
_______________________________________________
freebsd...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hacke...@freebsd.org"
Alan Somers
Aug 9, 2017, 3:14:49 PM8/9/17
to
/dev/devctl can be opened by only one reader at a time, and that
reader is always devd(8). /dev/devctl2 is actually a completely
different device with a totally different interface. Apologies for
the confusing names. But you may not need to run a totally separate
instance of devd. The X server is probably trying to open either
/var/run/devd.pipe or /var/run/devd.seqpacket.pipe. ktrace would tell
you which. If you can bridge those sockets into the jail, then X
would probably run.
-Alan
Alexander Leidinger
Aug 10, 2017, 5:22:54 PM8/10/17
to
Quoting Alan Somers <aso...@freebsd.org> (from Wed, 9 Aug 2017
13:14:20 -0600):
if this is a X server connecting to a graphics card (instead of just a
remote accessible framebuffer), the X-in-a-jail patches are needed, as
the X server needs access to /dev/(k)mem and /dev/io (and /dev/drm).
ATTENTION: doing this compromises the complete security of the entire
machine. The jail with the X-server can then access the entire memory
of the machine, this means circumventing any kernel-level security
protection / jail restrictions.
Using the PR_ALLOW_* flags from current in 11.1 is ok (sys/sys/jail.h):
---snip---
/* Flags for pr_allow */
#define PR_ALLOW_SET_HOSTNAME 0x00000001
#define PR_ALLOW_SYSVIPC 0x00000002
#define PR_ALLOW_RAW_SOCKETS 0x00000004
#define PR_ALLOW_CHFLAGS 0x00000008
#define PR_ALLOW_MOUNT 0x00000010
#define PR_ALLOW_QUOTAS 0x00000020
#define PR_ALLOW_SOCKET_AF 0x00000040
#define PR_ALLOW_MOUNT_DEVFS 0x00000080
#define PR_ALLOW_MOUNT_NULLFS 0x00000100
#define PR_ALLOW_MOUNT_ZFS 0x00000200
#define PR_ALLOW_MOUNT_PROCFS 0x00000400
#define PR_ALLOW_MOUNT_TMPFS 0x00000800
#define PR_ALLOW_MOUNT_FDESCFS 0x00001000
#define PR_ALLOW_MOUNT_LINPROCFS 0x00002000
#define PR_ALLOW_MOUNT_LINSYSFS 0x00004000
#define PR_ALLOW_RESERVED_PORTS 0x00008000
#define PR_ALLOW_KMEM_ACCESS 0x00010000 /* reserved,
not used yet */
#define PR_ALLOW_ALL 0x0001ffff
---snip---
Then kern_jail.c needs a little patch:
---snip---
Index: sys/kern/kern_jail.c
===================================================================
--- sys/kern/kern_jail.c (revision 321365)
+++ sys/kern/kern_jail.c (working copy)
@@ -200,6 +200,7 @@
"allow.mount.linprocfs",
"allow.mount.linsysfs",
"allow.reserved_ports",
+ "allow.kmem_access",
};
const size_t pr_allow_names_size = sizeof(pr_allow_names);
@@ -220,6 +221,7 @@
"allow.mount.nolinprocfs",
"allow.mount.nolinsysfs",
"allow.noreserved_ports",
+ "allow.nokmem_access",
};
const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames);
@@ -3344,6 +3346,27 @@
return (0);
/*
+ * Allow access to /dev/io in a jail if the non-jailed admin
+ * requests this and if /dev/io exists in the jail. This
+ * allows Xorg to probe a card.
+ */
+ case PRIV_IO:
+ if (cred->cr_prison->pr_allow & PR_ALLOW_KMEM_ACCESS)
+ return (0);
+ else
+ return (EPERM);
+
+ /*
+ * Allow low level access to KMEM-like devices (e.g. to
+ * allow Xorg to use DRI).
+ */
+ case PRIV_KMEM_WRITE:
+ if (cred->cr_prison->pr_allow & PR_ALLOW_KMEM_ACCESS)
+ return (0);
+ else
+ return (EPERM);
+
+ /*
* Allow jailed root to set loginclass.
*/
case PRIV_PROC_SETLOGINCLASS:
---snip---
For 11.1 one little change is needed to get DRM access... see
https://svnweb.freebsd.org/changeset/base/320827
The jail then needs to be started with "allow.kmem_access" and
appropriate devfs rules (the jail needs rule 15 or 18, you may want to
give more or less access, depending on your needs, review with care):
---snip---
[devfsrules_unhide_audio=5]
add path 'audio*' unhide
add path 'dsp*' unhide
add path midistat unhide
add path 'mixer*' unhide
add path 'music*' unhide
add path 'sequencer*' unhide
add path sndstat unhide
add path speaker unhide
[devfsrules_unhide_input=7]
add path 'atkbd*' unhide
add path 'kbd*' unhide
add path 'joy*' unhide
add path 'psm*' unhide
add path sysmouse unhide
add path 'ukbd*' unhide
add path 'ums*' unhide
[devfsrules_unhide_xorg=8]
add path agpgart unhide
#add path console unhide
add path dri unhide
add path 'dri/card*' unhide
add path nvidiactl unhide
add path 'nvidia*' unhide
add path io unhide
add path mem unhide
add path pci unhide
add path tty unhide
add path ttyv0 unhide
add path ttyv1 unhide
add path ttyv8 unhide
[devfsrules_unhide_kmem=11]
add path kmem unhide
[devfsrules_unhide_zfs=12]
add path zfs unhide
#
# This allows to run a desktop system in a jail. Think about what you want to
# achieve before you use this, it opens up the entire machine to access from
# this jail to any sophisticated program.
#
[devfsrules_jail_desktop=15]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add include $devfsrules_unhide_audio
add include $devfsrules_unhide_input
add include $devfsrules_unhide_xorg
add include $devfsrules_unhide_kmem
[devfsrules_jail_desktop_withzfs=18]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add include $devfsrules_unhide_audio
add include $devfsrules_unhide_input
add include $devfsrules_unhide_xorg
add include $devfsrules_unhide_kmem
add include $devfsrules_unhide_zfs
---snip---
Bye,
Alexander.
--
http://www.Leidinger.net Alex...@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netc...@FreeBSD.org : PGP 0x8F31830F9F2772BF
Giulio Ferro
Sep 4, 2017, 2:51:35 AM9/4/17
to
as I said, I don't actually need to connect to any device, as this Xorg
server in the jail only uses xrdp as backend.
> ATTENTION: doing this compromises the complete security of the entire
> machine. The jail with the X-server can then access the entire memory
> of the machine, this means circumventing any kernel-level security
> protection / jail restrictions.
Xorg in a jail in a 11.1 stable system?
Giulio
Giulio Ferro
Sep 4, 2017, 2:54:57 AM9/4/17
to
sorry for the late feedback and thanks for your advice.
Unfortunately I haven't found a way to bridge (as you say) the relevant
pipe files to the jail.
I've tried to mount_nullfs the host /var/run to the jail /var/run, but
with tragic results, as the jail deletes
the /var/run content when it starts up.
Do you have some better way to do that? I ask because this may be more
convenient venue compared to apply the patches,
and more portable in case of updates, etc...
Thanks
Giulio
Giulio Ferro
Sep 5, 2017, 8:33:24 AM9/5/17
to
Hi Alexander,
This set of patches doesn't seem to apply to 11.1 stable, am I right?
This set of patches doesn't seem to apply to 11.1 stable, am I right?
Alexander Leidinger
Sep 5, 2017, 9:52:17 AM9/5/17
to
Quoting Giulio Ferro <au...@zirakzigil.org> (from Mon, 4 Sep 2017
08:51:10 +0200):
> On 10/08/2017 22:54, Alexander Leidinger wrote:
>>
>> Quoting Alan Somers <aso...@freebsd.org> (from Wed, 9 Aug 2017
>>> Unfortunately, you're not going to be able to run devd(8) in the jail.
>>> /dev/devctl can be opened by only one reader at a time, and that
>>> reader is always devd(8). /dev/devctl2 is actually a completely
>>> different device with a totally different interface. Apologies for
>>> the confusing names. But you may not need to run a totally separate
>>> instance of devd. The X server is probably trying to open either
>>> /var/run/devd.pipe or /var/run/devd.seqpacket.pipe. ktrace would tell
>>> you which. If you can bridge those sockets into the jail, then X
>>> would probably run.
>>
>> Apart from using an explicit config of devices instead of HAL /
>> devd, if this is a X server connecting to a graphics card (instead
>> of just a remote accessible framebuffer), the X-in-a-jail patches
>> are needed, as the X server needs access to /dev/(k)mem and /dev/io
>> (and /dev/drm).
>>
>
> Hi Alexander,
>
> as I said, I don't actually need to connect to any device, as this
> Xorg server in the jail only uses xrdp as backend.
In this case you don't need my patches at all... I hope (my
>>> /dev/devctl can be opened by only one reader at a time, and that
>>> reader is always devd(8). /dev/devctl2 is actually a completely
>>> different device with a totally different interface. Apologies for
>>> the confusing names. But you may not need to run a totally separate
>>> instance of devd. The X server is probably trying to open either
>>> /var/run/devd.pipe or /var/run/devd.seqpacket.pipe. ktrace would tell
>>> you which. If you can bridge those sockets into the jail, then X
>>> would probably run.
>>
>> Apart from using an explicit config of devices instead of HAL /
>> devd, if this is a X server connecting to a graphics card (instead
>> of just a remote accessible framebuffer), the X-in-a-jail patches
>> are needed, as the X server needs access to /dev/(k)mem and /dev/io
>> (and /dev/drm).
>>
>
> Hi Alexander,
>
> as I said, I don't actually need to connect to any device, as this
> Xorg server in the jail only uses xrdp as backend.
understanding is that the X server needs this kind of access to access
hardware). And to answer your question in another mail, yes, the diff
is for current, not for 11.x.
It's been a while since I looked last at the devd/hald <-> X11
interaction, but back then it was only needed to auto-detect
mouse/keyboard/..., so I wonder why xrdp needs it. Anyway, have a look
to configure the config with static devices instead of devd/hald (see
https://forums.freebsd.org/threads/7956/).
Giulio Ferro
Sep 5, 2017, 2:26:19 PM9/5/17
to
Actually I tried to apply the changes to xorg.conf, and now it doesn't
try to access devd anymore.
But it core-dumps for no apparent reason...
Here is my /etc/X11/xrdp/xorg.conf. It is the one generated by xrdp plus
the changes to the "ServerFlags" section
specified in your link:
-----------------------------------------------------------------------------------------------------------------------------------
Section "ServerLayout"
Identifier "X11 Server"
Screen "Screen (xrdpdev)"
InputDevice "xrdpMouse" "CorePointer"
InputDevice "xrdpKeyboard" "CoreKeyboard"
EndSection
Section "ServerFlags"
Option "DontVTSwitch" "on"
Option "DontZap" "off"
Option "AllowEmptyInput" "off"
Option "AutoAddDevices" "off"
EndSection
Section "Module"
Load "dbe"
Load "ddc"
Load "extmod"
Load "glx"
Load "int10"
Load "record"
Load "vbe"
Load "xorgxrdp"
Load "fb"
EndSection
Section "InputDevice"
Identifier "xrdpKeyboard"
Driver "xrdpkeyb"
EndSection
Section "InputDevice"
Identifier "xrdpMouse"
Driver "xrdpmouse"
EndSection
Section "Monitor"
Identifier "Monitor"
Option "DPMS"
HorizSync 30-80
VertRefresh 60-75
ModeLine "1920x1080" 138.500 1920 1968 2000 2080 1080 1083 1088
1111 +hsync -vsync
ModeLine "1280x720" 74.25 1280 1720 1760 1980 720 725 730 750
+HSync +VSync
Modeline "1368x768" 72.25 1368 1416 1448 1528 768 771 781 790
+hsync -vsync
Modeline "1600x900" 119.00 1600 1696 1864 2128 900 901 904 932
-hsync +vsync
EndSection
Section "Device"
Identifier "Video Card (xrdpdev)"
Driver "xrdpdev"
EndSection
Section "Screen"
Identifier "Screen (xrdpdev)"
Device "Video Card (xrdpdev)"
Monitor "Monitor"
DefaultDepth 24
SubSection "Display"
Depth 24
Modes "640x480" "800x600" "1024x768" "1280x720" "1280x1024"
"1600x900" "1920x1080"
EndSubSection
EndSection
-----------------------------------------------------------------------------------------------------------------------------------
And here is my Xorg.log file:
-----------------------------------------------------------------------------------------------------------------------------------
[ 796.772]
X.Org X Server 1.18.4
Release Date: 2016-07-19
[ 796.772] X Protocol Version 11, Revision 0
[ 796.772] Build Operating System: FreeBSD 11.0-RELEASE-p12 amd64
[ 796.772] Current Operating System: FreeBSD xx.xx.xx 11.1-STABLE
FreeBSD 11.1-STABLE #0: Thu Aug 31 11:52:30 UTC 2017
ro...@xx.xx.xx/usr/obj/usr/src/sys/MYKERN amd64
[ 796.772] Build Date: 29 August 2017 01:51:45AM
[ 796.772]
[ 796.772] Current version of pixman: 0.34.0
[ 796.772] Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[ 796.772] Markers: (--) probed, (**) from config file, (==) default
setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[ 796.772] (==) Log file: "/var/log/Xorg.11.log", Time: Tue Sep 5
14:17:24 2017
[ 796.775] (++) Using config file: "/etc/X11/xrdp/xorg.conf"
[ 796.775] (==) ServerLayout "X11 Server"
[ 796.775] (**) |-->Screen "Screen (xrdpdev)" (0)
[ 796.775] (**) | |-->Monitor "Monitor"
[ 796.777] (**) | |-->Device "Video Card (xrdpdev)"
[ 796.777] (**) |-->Input Device "xrdpMouse"
[ 796.777] (**) |-->Input Device "xrdpKeyboard"
[ 796.777] (**) Option "DontVTSwitch" "on"
[ 796.777] (**) Option "DontZap" "off"
[ 796.777] (**) Option "AutoAddDevices" "off"
[ 796.777] (**) Not automatically adding devices
[ 796.777] (==) Automatically enabling devices
[ 796.777] (==) Not automatically adding GPU devices
[ 796.777] (==) Max clients allowed: 256, resource mask: 0x1fffff
[ 796.787] (==) FontPath set to:
/usr/local/share/fonts/misc/,
/usr/local/share/fonts/TTF/,
/usr/local/share/fonts/OTF/,
/usr/local/share/fonts/Type1/,
/usr/local/share/fonts/100dpi/,
/usr/local/share/fonts/75dpi/
[ 796.787] (==) ModulePath set to "/usr/local/lib/xorg/modules"
[ 796.789] (II) Loader magic: 0x813b70
[ 796.789] (II) Module ABI versions:
[ 796.789] X.Org ANSI C Emulation: 0.4
[ 796.789] X.Org Video Driver: 20.0
[ 796.789] X.Org XInput driver : 22.1
[ 796.789] X.Org Server Extension : 9.0
[ 796.789] (WW) checkDevMem: failed to open /dev/mem (Operation not
permitted)
[ 796.789] (--) PCI:*(0:0:2:0) 1013:00b8:5853:0001 rev 0, Mem @
0xf0000000/33554432, 0xf3000000/4096, BIOS @ 0x????????/65536
[ 796.789] (II) "glx" will be loaded. This was enabled by default and
also specified in the config file.
[ 796.789] (II) LoadModule: "dbe"
[ 796.789] (II) Module "dbe" already built-in
[ 796.789] (II) LoadModule: "ddc"
[ 796.789] (II) Module "ddc" already built-in
[ 796.789] (II) LoadModule: "extmod"
[ 796.789] (II) Module "extmod" already built-in
[ 796.789] (II) LoadModule: "glx"
[ 796.792] (II) Loading /usr/local/lib/xorg/modules/extensions/libglx.so
[ 796.821] (II) Module glx: vendor="X.Org Foundation"
[ 796.821] compiled for 1.18.4, module version = 1.0.0
[ 796.821] ABI class: X.Org Server Extension, version 9.0
[ 796.821] (==) AIGLX enabled
[ 796.822] (II) LoadModule: "int10"
[ 796.823] (II) Loading /usr/local/lib/xorg/modules/libint10.so
[ 796.825] (II) Module int10: vendor="X.Org Foundation"
[ 796.825] compiled for 1.18.4, module version = 1.0.0
[ 796.825] ABI class: X.Org Video Driver, version 20.0
[ 796.825] (II) LoadModule: "record"
[ 796.825] (II) Module "record" already built-in
[ 796.825] (II) LoadModule: "vbe"
[ 796.826] (II) Loading /usr/local/lib/xorg/modules/libvbe.so
[ 796.827] (II) Module vbe: vendor="X.Org Foundation"
[ 796.827] compiled for 1.18.4, module version = 1.1.0
[ 796.827] ABI class: X.Org Video Driver, version 20.0
[ 796.827] (II) LoadModule: "xorgxrdp"
[ 796.828] (II) Loading /usr/local/lib/xorg/modules/libxorgxrdp.so
[ 796.832] (II) Module XORGXRDP: vendor="X.Org Foundation"
[ 796.832] compiled for 1.18.4, module version = 1.0.0
[ 796.832] ABI class: X.Org Video Driver, version 20.0
[ 796.832] xorgxrdpSetup:
[ 796.832] (II) LoadModule: "fb"
[ 796.832] (II) Loading /usr/local/lib/xorg/modules/libfb.so
[ 796.835] (II) Module fb: vendor="X.Org Foundation"
[ 796.835] compiled for 1.18.4, module version = 1.0.0
[ 796.835] ABI class: X.Org ANSI C Emulation, version 0.4
[ 796.835] (II) LoadModule: "xrdpdev"
[ 796.835] (II) Loading /usr/local/lib/xorg/modules/drivers/xrdpdev_drv.so
[ 796.837] (II) Module XRDPDEV: vendor="X.Org Foundation"
[ 796.837] compiled for 1.18.4, module version = 1.0.0
[ 796.837] ABI class: X.Org Video Driver, version 20.0
[ 796.837] xrdpdevSetup:
[ 796.837] (II) LoadModule: "xrdpmouse"
[ 796.837] (II) Loading /usr/local/lib/xorg/modules/input/xrdpmouse_drv.so
[ 796.838] (II) Module XRDPMOUSE: vendor="X.Org Foundation"
[ 796.838] compiled for 1.18.4, module version = 1.0.0
[ 796.838] Module class: X.Org XInput Driver
[ 796.838] ABI class: X.Org XInput driver, version 22.1
[ 796.838] rdpmousePlug:
[ 796.838] (II) LoadModule: "xrdpkeyb"
[ 796.838] (II) Loading /usr/local/lib/xorg/modules/input/xrdpkeyb_drv.so
[ 796.839] (II) Module XRDPKEYB: vendor="X.Org Foundation"
[ 796.839] compiled for 1.18.4, module version = 1.0.0
[ 796.839] Module class: X.Org XInput Driver
[ 796.839] ABI class: X.Org XInput driver, version 22.1
[ 796.839] rdpkeybPlug:
[ 796.839] rdpIdentify:
[ 796.839] (II) XRDPDEV: driver for xrdp: XRDPDEV
[ 796.839] rdpDriverFunc: op 10
[ 796.839] (WW) Falling back to old probe method for XRDPDEV
[ 796.839] rdpProbe:
[ 796.839] (II) Loading sub module "fb"
[ 796.839] (II) LoadModule: "fb"
[ 796.839] (II) Loading /usr/local/lib/xorg/modules/libfb.so
[ 796.839] (II) Module fb: vendor="X.Org Foundation"
[ 796.839] compiled for 1.18.4, module version = 1.0.0
[ 796.839] ABI class: X.Org ANSI C Emulation, version 0.4
[ 796.839] (II) XRDPDEV(0): using default device
[ 796.839] (WW) VGA arbiter: cannot open kernel arbiter, no multi-card
support
[ 796.839] rdpPreInit:
[ 796.839] (**) XRDPDEV(0): Depth 24, (--) framebuffer bpp 32
[ 796.839] (==) XRDPDEV(0): RGB weight 888
[ 796.839] (==) XRDPDEV(0): Using gamma correction (1.0, 1.0, 1.0)
[ 796.839] (==) XRDPDEV(0): Default visual is TrueColor
[ 796.839] (==) XRDPDEV(0): DPI set to (96, 96)
[ 796.839] (II) XRDPDEV(0): mode "640x480" ok
[ 796.839] (II) XRDPDEV(0): mode "800x600" ok
[ 796.839] (--) XRDPDEV(0): Virtual size is 800x600 (pitch 800)
[ 796.839] (**) XRDPDEV(0): Default mode "800x600": 36.0 MHz (scaled
from 0.0 MHz), 35.2 kHz, 56.2 Hz
[ 796.839] (II) XRDPDEV(0): Modeline "800x600"x0.0 36.00 800 824
896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
[ 796.839] (==) Depth 24 pixmap format is 32 bpp
[ 796.841] rdpScreenInit: virtualX 800 virtualY 600 rgbBits 8 depth 24
[ 796.841] rdpScreenInit: pfbMemory bytes 1920000
[ 796.841] rdpScreenInit: pfbMemory 0x807200000
[ 796.843] rdpSimdInit: assigning yuv functions
[ 796.843] rdpSimdInit: cpuid ax 1 cx 0 return ax 0x000306f2 bx
0x00020800 cx 0xfffa3203 dx 0x178bfbff
[ 796.843] rdpSimdInit: sse2 amd64 yuv functions assigned
[ 796.843] rdpXvInit: depth 24
[ 796.845] (==) XRDPDEV(0): Backing store enabled
[ 796.845] rdpClientConInit: kill disconnected [0] timeout [0] sec
[ 796.845]
[ 796.845] rdpScreenInit: out
[ 796.846] (==) RandR enabled
[ 796.846] MIT-SHM extension disabled due to lack of kernel support
[ 796.852] (II) AIGLX: Screen 0 is not DRI2 capable
[ 796.852] (EE) AIGLX: reverting to software rendering
[ 797.431] (II) AIGLX: enabled GLX_MESA_copy_sub_buffer
[ 797.431] (II) AIGLX: Loaded and initialized swrast
[ 797.431] (II) GLX: Initialized DRISWRAST GL provider for screen 0
[ 797.545] (II) Using input driver 'XRDPMOUSE' for 'xrdpMouse'
[ 797.545] (**) Option "CorePointer"
[ 797.545] (**) xrdpMouse: always reports core events
[ 797.545] rdpmousePreInit: drv 0x803c15240 info 0x80ce72e20, flags 0x0
[ 797.545] (II) XINPUT: Adding extended input device "xrdpMouse"
(type: Mouse, id 6)
[ 797.545] rdpmouseControl: what 0
[ 797.545] rdpmouseDeviceInit:
[ 797.545] rdpmouseCtrl:
[ 797.545] rdpRegisterInputCallback: type 1 proc 0x806da1d20
[ 797.545] (**) xrdpMouse: (accel) keeping acceleration scheme 1
[ 797.545] (**) xrdpMouse: (accel) acceleration profile 0
[ 797.545] (**) xrdpMouse: (accel) acceleration factor: 2.000
[ 797.545] (**) xrdpMouse: (accel) acceleration threshold: 4
[ 797.545] rdpmouseControl: what 1
[ 797.545] rdpmouseDeviceOn:
[ 797.545] (II) Using input driver 'XRDPKEYB' for 'xrdpKeyboard'
[ 797.545] (**) Option "CoreKeyboard"
[ 797.545] (**) xrdpKeyboard: always reports core events
[ 797.545] rdpkeybPreInit: drv 0x803c152c0 info 0x80ce72f60, flags 0x0
[ 797.545] (II) XINPUT: Adding extended input device "xrdpKeyboard"
(type: Keyboard, id 7)
[ 797.545] rdpkeybControl: what 0
[ 797.545] rdpkeybDeviceInit:
[ 797.568] rdpkeybChangeKeyboardControl:
[ 797.568] rdpkeybChangeKeyboardControl: autoRepeat on
[ 797.568] rdpRegisterInputCallback: type 0 proc 0x806fa41b0
[ 797.568] rdpkeybControl: what 1
[ 797.568] rdpkeybDeviceOn:
[ 797.568] (II) config/devd: probing input devices...
[ 797.568] (II) config/devd: adding input device (null) (/dev/kbdmux)
[ 797.568] (II) AutoAddDevices is off - not adding device.
[ 797.568] (II) config/devd: kbdmux is enabled, ignoring device atkbd0
[ 797.568] (II) config/devd: adding input device (null) (/dev/sysmouse)
[ 797.568] (II) AutoAddDevices is off - not adding device.
[ 797.601] (II) config/devd: adding input device Mouse (/dev/psm0)
[ 797.601] (II) AutoAddDevices is off - not adding device.
[ 797.601] (EE) config/devd: fail to connect to devd
[ 797.601] [config] failed to initialise devd
[ 797.602] rdpSaveScreen:
[ 797.602] rdpClientConGotConnection:
[ 797.602] rdpClientConGotConnection: g_sck_accept ok new_sck 5
[ 797.602] rdpClientConGotConnection: adding only clientCon
[ 797.602] rdpDeferredRandR:
[ 797.602] rdpResizeSession: width 1024 height 768
[ 797.602] calling RRScreenSizeSet
[ 797.602] rdpRRScreenSetSize: width 1024 height 768 mmWidth 271
mmHeight 203
[ 797.602] rdpRRGetInfo:
[ 797.602] screen resized to 1024x768
[ 797.604] RRScreenSizeSet ok 1
[ 797.604] rdpResizeSession: width 1244 height 509
[ 797.604] calling RRScreenSizeSet
[ 797.604] rdpRRScreenSetSize: width 1244 height 509 mmWidth 329
mmHeight 135
[ 797.604] rdpRRGetInfo:
[ 797.604] screen resized to 1244x509
[ 797.605] RRScreenSizeSet ok 1
[ 797.605] rdpClientConProcessMsgVersion: version 0 0 0 1
[ 797.605] rdpClientConProcessScreenSizeMsg: set width 1244 height 509
bpp 16
[ 797.605] rdpClientConProcessScreenSizeMsg: shmemid -1 shmemptr
0xffffffffffffffff
[ 797.605] rdpClientConProcessMsgClientInput: invalidate x 0 y 0 cx
1244 cy 509
[ 797.668] rdpInDeferredUpdateCallback:
[ 797.668] rdpkeybChangeKeyboardControl:
[ 797.668] rdpkeybChangeKeyboardControl: autoRepeat off
[ 813.899] rdpClientConProcessMsgClientInfo:
[ 813.899] got client info bytes 5744
[ 813.899] jpeg support 0
[ 813.899] offscreen support 0
[ 813.899] offscreen size 0
[ 813.899] offscreen entries 0
[ 813.899] client supports glyph cache but server disabled
[ 813.899] client can not do offscreen to offscreen blits
[ 813.899] client can do new(color) cursor
[ 813.899] client can not do multimon
[ 813.899] rdpRRSetRdpOutputs: numCrtcs 0 monitorCount 0
[ 813.899] rdpRRSetRdpOutputs: add output 0 left 0 top 0 width 1244
height 509
[ 813.900] rdpLoadLayout: keylayout 0x00000409 variant display 11
[ 813.900] rdpkeybChangeKeyboardControl:
[ 813.900] rdpkeybChangeKeyboardControl: autoRepeat on
[ 813.900] rdpkeybChangeKeyboardControl:
[ 813.900] rdpkeybChangeKeyboardControl: autoRepeat on
[ 813.910] (EE)
[ 813.910] (EE) Backtrace:
[ 813.912] (EE) 0: /usr/local/bin/Xorg (OsInit+0x38a) [0x5abfba]
[ 813.914] (EE) 1: /lib/libthr.so.3 (_pthread_sigmask+0x544) [0x8025cbd94]
[ 813.915] (EE) 2: /lib/libthr.so.3 (_pthread_getspecific+0xe5f)
[0x8025cbbef]
[ 813.916] (EE) 3: ? (?+0xe5f) [0x7ffffffffe62]
[ 813.918] (EE) 4: /usr/local/lib/xorg/modules/libxorgxrdp.so
(rdpCapture+0xf60) [0x806771aa0]
[ 813.919] (EE) 5: /usr/local/lib/xorg/modules/libxorgxrdp.so
(rdpClientConAddAllBox+0x408) [0x80676fbf8]
[ 813.920] (EE) 6: /usr/local/lib/xorg/modules/libxorgxrdp.so
(rdpClientConAddDirtyScreenReg+0x3c3) [0x80676ef13]
[ 813.921] (EE) 7: /usr/local/bin/Xorg (WaitForSomething+0x103e)
[0x5a47ce]
[ 813.922] (EE) 8: /usr/local/bin/Xorg (UpdateCurrentTimeIf+0x121)
[0x431621]
[ 813.923] (EE) 9: /usr/local/bin/Xorg (remove_fs_handlers+0x597)
[0x43b697]
[ 813.924] (EE) 10: /usr/local/bin/Xorg (_start+0x17f) [0x42506f]
[ 813.925] (EE) 11: ? (?+0x17f) [0x80083617f]
[ 813.925] (EE)
[ 813.925] (EE) Segmentation fault at address 0xffffffffffffffff
[ 813.925] (EE)
Fatal server error:
[ 813.925] (EE) Caught signal 11 (Segmentation fault). Server aborting
[ 813.925] (EE)
[ 813.925] (EE)
Please consult the The X.Org Foundation support
at http://wiki.x.org
for help.
[ 813.925] (EE) Please also check the log file at
"/var/log/Xorg.11.log" for additional information.
[ 813.925] (EE)
[ 813.925] rdpmouseControl: what 4
[ 813.925] rdpkeybControl: what 4
[ 813.925] rdpLeaveVT:
[ 813.925] (EE) Server terminated with error (1). Closing log file.
-----------------------------------------------------------------------------------------------------------------------------------
I have a custom kernel which include GENERIC and only the VIMAGE +
bridge support is added.
Can you make something of it? Or do you have any suggestions about what
I could try?
Thanks in advance!
Mark Millard
Sep 5, 2017, 2:36:07 PM9/5/17
to
[I've no particular expertise but I noticed in what you
reported . . .]
On 2017-Sep-5, at 11:25 AM, Giulio Ferro <auryn at zirakzigil.org> wrote:
> . . .
I expect that the "(EE)" indicates an error is being reported
and so it is intended as more than an informational notice.
===
Mark Millard
markmi at dsl-only.net
reported . . .]
On 2017-Sep-5, at 11:25 AM, Giulio Ferro <auryn at zirakzigil.org> wrote:
> . . .
>
> Actually I tried to apply the changes to xorg.conf, and now it doesn't try to access devd anymore.
>
> . . .
> Actually I tried to apply the changes to xorg.conf, and now it doesn't try to access devd anymore.
>
> [ 797.601] (EE) config/devd: fail to connect to devd
> . . .
I expect that the "(EE)" indicates an error is being reported
and so it is intended as more than an informational notice.
===
Mark Millard
markmi at dsl-only.net
Giulio Ferro
Sep 5, 2017, 2:42:38 PM9/5/17
to
On 05/09/2017 20:35, Mark Millard wrote:
> [I've no particular expertise but I noticed in what you
> reported . . .]
>
> On 2017-Sep-5, at 11:25 AM, Giulio Ferro <auryn at zirakzigil.org> wrote:
>
>> . . .
>>
>> Actually I tried to apply the changes to xorg.conf, and now it doesn't try to access devd anymore.
>>
>> . . .
>> [ 797.601] (EE) config/devd: fail to connect to devd
>> . . .
> I expect that the "(EE)" indicates an error is being reported
> and so it is intended as more than an informational notice.
>
Hi Mark,
> [I've no particular expertise but I noticed in what you
> reported . . .]
>
> On 2017-Sep-5, at 11:25 AM, Giulio Ferro <auryn at zirakzigil.org> wrote:
>
>> . . .
>>
>> Actually I tried to apply the changes to xorg.conf, and now it doesn't try to access devd anymore.
>>
>> . . .
>> [ 797.601] (EE) config/devd: fail to connect to devd
>> . . .
> I expect that the "(EE)" indicates an error is being reported
> and so it is intended as more than an informational notice.
>
yes, I missed that! Thanks for raising.
Then I guess it's the same error as occurred before.
It seems that xorg can't help trying to access devd and so it fails in
jail...
Giulio
Alexander Leidinger
Sep 6, 2017, 6:41:55 AM9/6/17
to
Quoting Giulio Ferro <au...@zirakzigil.org> (from Tue, 5 Sep 2017
20:41:41 +0200):
> On 05/09/2017 20:35, Mark Millard wrote:
>> [I've no particular expertise but I noticed in what you
>> reported . . .]
>>
>> On 2017-Sep-5, at 11:25 AM, Giulio Ferro <auryn at zirakzigil.org> wrote:
>>
>>> . . .
>>>
>>> Actually I tried to apply the changes to xorg.conf, and now it
>>> doesn't try to access devd anymore.
>>>
>>> . . .
>>> [ 797.601] (EE) config/devd: fail to connect to devd
>>> . . .
>> I expect that the "(EE)" indicates an error is being reported
>> and so it is intended as more than an informational notice.
>>
>
>
> Hi Mark,
>
> yes, I missed that! Thanks for raising.
>
> Then I guess it's the same error as occurred before.
>
> It seems that xorg can't help trying to access devd and so it fails
> in jail...
There are several EE entries in the log.
[ 796.846] MIT-SHM extension disabled due to lack of kernel support
[ 796.852] (II) AIGLX: Screen 0 is not DRI2 capable
[ 796.852] (EE) AIGLX: reverting to software rendering
[ 797.431] (II) AIGLX: enabled GLX_MESA_copy_sub_buffer
I don't expect this to be critical.
Not sure about the devd one.
The segmentation fault is for sure an issue which prevents it from
working, but I don't know if this is related to one of the EE above or
not. You would have to check in the X.org / xrdp area for help (or if
you have updated some pieces like OS/jail/kernel/ports since you have
installed xrdp, you could try a fresh install of everything to
rule-out some inconsistencies which could show up in some edge-cases).
20:41:41 +0200):
> On 05/09/2017 20:35, Mark Millard wrote:
>> [I've no particular expertise but I noticed in what you
>> reported . . .]
>>
>> On 2017-Sep-5, at 11:25 AM, Giulio Ferro <auryn at zirakzigil.org> wrote:
>>
>>> . . .
>>>
>>> Actually I tried to apply the changes to xorg.conf, and now it
>>> doesn't try to access devd anymore.
>>>
>>> . . .
>>> [ 797.601] (EE) config/devd: fail to connect to devd
>>> . . .
>> I expect that the "(EE)" indicates an error is being reported
>> and so it is intended as more than an informational notice.
>>
>
>
> Hi Mark,
>
> yes, I missed that! Thanks for raising.
>
> Then I guess it's the same error as occurred before.
>
> It seems that xorg can't help trying to access devd and so it fails
> in jail...
[ 796.846] MIT-SHM extension disabled due to lack of kernel support
[ 796.852] (II) AIGLX: Screen 0 is not DRI2 capable
[ 796.852] (EE) AIGLX: reverting to software rendering
[ 797.431] (II) AIGLX: enabled GLX_MESA_copy_sub_buffer
Not sure about the devd one.
The segmentation fault is for sure an issue which prevents it from
working, but I don't know if this is related to one of the EE above or
not. You would have to check in the X.org / xrdp area for help (or if
you have updated some pieces like OS/jail/kernel/ports since you have
installed xrdp, you could try a fresh install of everything to
rule-out some inconsistencies which could show up in some edge-cases).
Giulio Ferro
Sep 6, 2017, 8:14:57 AM9/6/17
to
Hi Alexander,
I've installed everything after my custom kernel was installed. And as I said, it differs from GENERIC only for the addition of VIMAGE and bridge.
What I can try to do is installing your patches so to remove the devd issue, and see if it starts like this.
Can you point me to patches for 11.1 stable?
Thanks
Giulio
I've installed everything after my custom kernel was installed. And as I said, it differs from GENERIC only for the addition of VIMAGE and bridge.
What I can try to do is installing your patches so to remove the devd issue, and see if it starts like this.
Can you point me to patches for 11.1 stable?
Thanks
Giulio
Alexander Leidinger
Sep 6, 2017, 5:45:13 PM9/6/17
to
Quoting Giulio Ferro <au...@zirakzigil.org> (from Wed, 6 Sep 2017
14:13:52 +0200):
> Hi Alexander,
>
> I've installed everything after my custom kernel was installed. And
> as I said, it differs from GENERIC only for the addition of VIMAGE
> and bridge.
>
> What I can try to do is installing your patches so to remove the
> devd issue, and see if it starts like this.
>
> Can you point me to patches for 11.1 stable?
compile-tested. And you need the modifications described in a previous
mail for /etc/devfs.rules.
Giulio Ferro
Sep 7, 2017, 3:39:15 AM9/7/17
to
Hi Alexander,
I've installed everything after my custom kernel was installed. And as I said, it differs from GENERIC only for the addition of VIMAGE and bridge.
What I can try to do is installing your patches so to remove the devd issue, and see if it starts like this.
Can you point me to patches for 11.1 stable?
I've installed everything after my custom kernel was installed. And as I said, it differs from GENERIC only for the addition of VIMAGE and bridge.
What I can try to do is installing your patches so to remove the devd issue, and see if it starts like this.
Can you point me to patches for 11.1 stable?
Thanks
Giulio
> Il giorno 06 set 2017, alle ore 12:25, Alexander Leidinger <Alex...@leidinger.net> ha scritto:
>
Giulio
> Il giorno 06 set 2017, alle ore 12:25, Alexander Leidinger <Alex...@leidinger.net> ha scritto:
>
au...@zirakzigil.org
Sep 7, 2017, 3:46:59 AM9/7/17
to
On 06/09/2017 22:19, Alexander Leidinger wrote:
>
> Quoting Giulio Ferro <au...@zirakzigil.org> (from Wed, 6 Sep 2017
> 14:13:52 +0200):
>
>> Hi Alexander,
>>
>> I've installed everything after my custom kernel was installed. And as
>> I said, it differs from GENERIC only for the addition of VIMAGE and
>> bridge.
>>
>> What I can try to do is installing your patches so to remove the devd
>> issue, and see if it starts like this.
>>
>> Can you point me to patches for 11.1 stable?
>
> Attached, patch against releng-11.1. Beware, this is not even
> compile-tested. And you need the modifications described in a previous
> mail for /etc/devfs.rules.
>
> Bye,
> Alexander.
>
Hi Alexander,
>
> Quoting Giulio Ferro <au...@zirakzigil.org> (from Wed, 6 Sep 2017
> 14:13:52 +0200):
>
>> Hi Alexander,
>>
>> I've installed everything after my custom kernel was installed. And as
>> I said, it differs from GENERIC only for the addition of VIMAGE and
>> bridge.
>>
>> What I can try to do is installing your patches so to remove the devd
>> issue, and see if it starts like this.
>>
>> Can you point me to patches for 11.1 stable?
>
> Attached, patch against releng-11.1. Beware, this is not even
> compile-tested. And you need the modifications described in a previous
> mail for /etc/devfs.rules.
>
> Bye,
> Alexander.
>
I've applied the patch, compiled and install the new kernel.
Here's my jail.conf
------------------------------------------------------------
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
devfs_ruleset=1;
allow.kmem_access;
path = "/usr/home/jails/$name";
xx {
host.hostname = "xx.xx.xx";
vnet;
vnet.interface = epair0b, epair1b;
persist;
}
------------------------------------------------------------
vnet.interface = epair0b, epair1b;
persist;
}
But the problem now is that the jail doesn't start, if fact it seems it
doesn't recognise the parameter:
# /etc/rc.d/jail start
Starting jails:jail: wsj: unknown parameter: allow.kmem_access
I've tried both putting it in the general section and in the xx jail
section, but same result.
Should I put it somewhere else?
Giulio Ferro
Sep 7, 2017, 3:53:19 AM9/7/17
to
On 06/09/2017 22:19, Alexander Leidinger wrote:
>
>
> Quoting Giulio Ferro <au...@zirakzigil.org> (from Wed, 6 Sep 2017
> 14:13:52 +0200):
>
>> Hi Alexander,
>>
>> I've installed everything after my custom kernel was installed. And
>> as I said, it differs from GENERIC only for the addition of VIMAGE
>> and bridge.
>>
>> What I can try to do is installing your patches so to remove the devd
>> issue, and see if it starts like this.
>>
>> Can you point me to patches for 11.1 stable?
>
> Attached, patch against releng-11.1. Beware, this is not even
> compile-tested. And you need the modifications described in a previous
> mail for /etc/devfs.rules.
>
> Bye,
> Alexander.
>
> 14:13:52 +0200):
>
>> Hi Alexander,
>>
>> I've installed everything after my custom kernel was installed. And
>> as I said, it differs from GENERIC only for the addition of VIMAGE
>> and bridge.
>>
>> What I can try to do is installing your patches so to remove the devd
>> issue, and see if it starts like this.
>>
>> Can you point me to patches for 11.1 stable?
>
> Attached, patch against releng-11.1. Beware, this is not even
> compile-tested. And you need the modifications described in a previous
> mail for /etc/devfs.rules.
>
> Bye,
> Alexander.
>
Hi Alexander,
I've applied the patch, compiled and install the new kernel.
Here's my jail.conf
------------------------------------------------------------
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
I've applied the patch, compiled and install the new kernel.
Here's my jail.conf
------------------------------------------------------------
exec.start = "/bin/sh /etc/rc";
exec.clean;
mount.devfs;
devfs_ruleset=1;
allow.kmem_access;
path = "/usr/home/jails/$name";
xx {
host.hostname = "xx.xx.xx";
path = "/usr/home/jails/$name";
xx {
host.hostname = "xx.xx.xx";
vnet;
vnet.interface = epair0b, epair1b;
persist;
}
vnet.interface = epair0b, epair1b;
persist;
}
------------------------------------------------------------
But the problem now is that the jail doesn't start, if fact it seems it
doesn't recognise the parameter:
# /etc/rc.d/jail start
Starting jails:jail: wsj: unknown parameter: allow.kmem_access
I've tried both putting it in the general section and in the xx jail
section, but same result.
Should I put it somewhere else?
But the problem now is that the jail doesn't start, if fact it seems it
doesn't recognise the parameter:
# /etc/rc.d/jail start
Starting jails:jail: wsj: unknown parameter: allow.kmem_access
I've tried both putting it in the general section and in the xx jail
section, but same result.
Should I put it somewhere else?
Alexander Leidinger
Sep 9, 2017, 10:57:24 AM9/9/17
to
Quoting Giulio Ferro <au...@zirakzigil.org> (from Thu, 7 Sep 2017
08:54:45 +0200):
> I've applied the patch, compiled and install the new kernel.
>
>
> Here's my jail.conf
[jail.conf]
> But the problem now is that the jail doesn't start, if fact it seems
> it doesn't recognise the parameter:
>
>
> # /etc/rc.d/jail start
> Starting jails:jail: wsj: unknown parameter: allow.kmem_access
>
>
> I've tried both putting it in the general section and in the xx jail
> section, but same result.
>
>
> Should I put it somewhere else?
I don't use jail.conf, I use ezjail or iocage. From my reading of the
jail-command source code, it looks like it should work there if it is
OK in the kernel (no modification to the source of the jail-command
necessary). This suggests it is not really OK in the kernel.
Please run this:
strings /boot/kernel/kernel| grep allow.kmem
If it doesn't print out "allow.kmem_access", then your kernel doesn't
contain the patch.
08:54:45 +0200):
> I've applied the patch, compiled and install the new kernel.
>
>
> Here's my jail.conf
> But the problem now is that the jail doesn't start, if fact it seems
> it doesn't recognise the parameter:
>
>
> # /etc/rc.d/jail start
> Starting jails:jail: wsj: unknown parameter: allow.kmem_access
>
>
> I've tried both putting it in the general section and in the xx jail
> section, but same result.
>
>
> Should I put it somewhere else?
jail-command source code, it looks like it should work there if it is
OK in the kernel (no modification to the source of the jail-command
necessary). This suggests it is not really OK in the kernel.
Please run this:
strings /boot/kernel/kernel| grep allow.kmem
If it doesn't print out "allow.kmem_access", then your kernel doesn't
contain the patch.
Giulio Ferro
Sep 11, 2017, 10:46:52 AM9/11/17
to
On 09/09/2017 15:03, Alexander Leidinger wrote:
> Please run this:
> strings /boot/kernel/kernel| grep allow.kmem
>
> If it doesn't print out "allow.kmem_access", then your kernel doesn't
> contain the patch.
>
> Bye,
> Alexander.
>
# strings /boot/kernel/kernel | grep allow.kmem
> Please run this:
> strings /boot/kernel/kernel| grep allow.kmem
>
> If it doesn't print out "allow.kmem_access", then your kernel doesn't
> contain the patch.
>
> Bye,
> Alexander.
>
allow.kmem_access
So it seems the kernel is ok...
Maybe I can set this value at boot in /boot/loader.conf?
Alexander Leidinger
Sep 11, 2017, 12:02:52 PM9/11/17
to
Quoting Giulio Ferro <au...@zirakzigil.org> (from Mon, 11 Sep 2017
06:42:01 +0200):
> On 09/09/2017 15:03, Alexander Leidinger wrote:
>> Please run this:
>> strings /boot/kernel/kernel| grep allow.kmem
>>
>> If it doesn't print out "allow.kmem_access", then your kernel
>> doesn't contain the patch.
>>
>> Bye,
>> Alexander.
>>
>
> # strings /boot/kernel/kernel | grep allow.kmem
> allow.kmem_access
>
> So it seems the kernel is ok...
>
>
> Maybe I can set this value at boot in /boot/loader.conf?
No, this is not a loader.conf setting.
Can you try to use "old style" jail config = settings in rc.conf
instead of using jail.conf on a test system? It may be that you need
to move away the jail.conf temporary, I haven't checked what takes
precedence when both (rc.conf and jail.conf) settings are there.
06:42:01 +0200):
> On 09/09/2017 15:03, Alexander Leidinger wrote:
>> Please run this:
>> strings /boot/kernel/kernel| grep allow.kmem
>>
>> If it doesn't print out "allow.kmem_access", then your kernel
>> doesn't contain the patch.
>>
>> Bye,
>> Alexander.
>>
>
> # strings /boot/kernel/kernel | grep allow.kmem
> allow.kmem_access
>
> So it seems the kernel is ok...
>
>
> Maybe I can set this value at boot in /boot/loader.conf?
Can you try to use "old style" jail config = settings in rc.conf
instead of using jail.conf on a test system? It may be that you need
to move away the jail.conf temporary, I haven't checked what takes
precedence when both (rc.conf and jail.conf) settings are there.
Giulio Ferro
Sep 12, 2017, 3:51:28 AM9/12/17
to
Hi Alexander,
I don't know how to set your parameter in old style jails in rc.conf
In there, new parameters are mapped to old style jail_xxx entries, but there are none for your parameter unless I'm mistaken.
Can you please tell me exactly what I should put in rc.conf? I've already moved the jail.conf file
Thanks.
Giulio
I don't know how to set your parameter in old style jails in rc.conf
In there, new parameters are mapped to old style jail_xxx entries, but there are none for your parameter unless I'm mistaken.
Can you please tell me exactly what I should put in rc.conf? I've already moved the jail.conf file
Thanks.
Giulio
Giulio Ferro
Sep 14, 2017, 3:24:10 AM9/14/17
to
Hi Alexander and all,
Do you have any idea why putting the new patches parameter in jail.conf fails and how it can be solved? I can do test on this machine as you wish.
Thanks
Giulio
Do you have any idea why putting the new patches parameter in jail.conf fails and how it can be solved? I can do test on this machine as you wish.
Thanks
Giulio
Giulio Ferro
Sep 18, 2017, 2:50:08 AM9/18/17
to
On 17/09/2017 21:07, Alexander Leidinger wrote:
> Quoting Giulio Ferro <au...@zirakzigil.org> (from Thu, 14 Sep 2017
> 09:23:31 +0200):
>
> The old way of doing it via rc.conf is:
> jail_JAILNAME_parameters="allow.kmem_access"
>
> Bye,
> Alexander.
>
Hi Alexander,
nope, even the old way I get:
jail: xxx: unknown parameter: allow.kmem_access
Has anyone else tried this in 11.1 stable?
> Quoting Giulio Ferro <au...@zirakzigil.org> (from Thu, 14 Sep 2017
> 09:23:31 +0200):
>
>> Hi Alexander and all,
>>
>> Do you have any idea why putting the new patches parameter in
>> jail.conf fails and how it can be solved? I can do test on this
>> machine as you wish.
>
> I have no idea why it fails.
>> Hi Alexander and all,
>>
>> Do you have any idea why putting the new patches parameter in
>> jail.conf fails and how it can be solved? I can do test on this
>> machine as you wish.
>
>
> The old way of doing it via rc.conf is:
> jail_JAILNAME_parameters="allow.kmem_access"
>
> Bye,
> Alexander.
>
Hi Alexander,
nope, even the old way I get:
jail: xxx: unknown parameter: allow.kmem_access
Has anyone else tried this in 11.1 stable?
Giulio Ferro
Sep 20, 2017, 12:29:33 AM9/20/17
to
Ok, I'm progressing :)
I've patched, built and installed the new kernel. Now I can start the
jail with the new parameter.
Unfortunately Xorg still fails to start... :(
Here's my setup:
/etc/rc.conf.local
-----------------------------------------------------------------------
...
jail_enable="YES"
...
-----------------------------------------------------------------------
/etc/jail.conf
-----------------------------------------------------------------------
xxx {
host.hostname = "xxx.xxx.xxx";
persist;
}
-----------------------------------------------------------------------
/etc/devfs.rules
-----------------------------------------------------------------------
[devfsrules_jail=1]
add path pf unhide
add path kmem unhide
Now I can start the jail with /etc/rc.d/jail start
The jail seems ok. Here's its /dev directory:
-----------------------------------------------------------------------
# ls -l
total 3
crw-r--r-- 1 root wheel 0x27 Sep 20 04:05 acpi
crw-r----- 1 root operator 0x3e Sep 20 04:05 ada0
crw-r----- 1 root operator 0x3f Sep 20 04:05 ada0p1
crw-r----- 1 root operator 0x40 Sep 20 04:05 ada0p2
crw-rw-r-- 1 root operator 0x29 Sep 20 04:05 apm
crw-rw---- 1 root operator 0x28 Sep 20 04:05 apmctl
crw------- 1 root wheel 0x2b Sep 20 04:05 atkbd0
crw------- 1 root kmem 0x1c Sep 20 04:05 audit
crw------- 1 root wheel 0x1b Sep 20 04:05 auditpipe
crw------- 1 root wheel 0xd Sep 20 04:08 bpf
lrwxr-xr-x 1 root wheel 3 Sep 20 04:09 bpf0 -> bpf
crw-rw-rw- 1 root wheel 0x2e Sep 20 04:05 bpsm0
crw------- 1 root wheel 0xa Sep 20 04:16 console
crw------- 1 root wheel 0xf Sep 20 04:05 consolectl
crw-rw-rw- 1 root wheel 0xc Sep 20 04:05 ctty
crw-rw---- 1 uucp dialer 0x32 Sep 20 04:05 cuau0
crw-rw---- 1 uucp dialer 0x33 Sep 20 04:05 cuau0.init
crw-rw---- 1 uucp dialer 0x34 Sep 20 04:05 cuau0.lock
crw------- 1 root wheel 0x4 Sep 20 04:05 devctl
crw------- 1 root wheel 0x5 Sep 20 04:05 devctl2
cr--r--r-- 1 root wheel 0x3d Sep 20 04:05 devstat
dr-xr-xr-x 2 root wheel 512 Sep 20 04:09 fd
crw------- 1 root wheel 0x11 Sep 20 04:05 fido
crw-rw-rw- 1 root wheel 0x18 Sep 20 04:05 full
crw-r----- 1 root operator 0x6 Sep 20 04:05 geom.ctl
dr-xr-xr-x 2 root wheel 512 Sep 20 04:09 gpt
dr-xr-xr-x 2 root wheel 512 Sep 20 04:09 gptid
crw-r--r-- 1 root wheel 0x2a Sep 20 04:05 hpet0
crw------- 1 root wheel 0x24 Sep 20 04:05 io
lrwxr-xr-x 1 root wheel 6 Sep 20 04:09 kbd0 -> atkbd0
lrwxr-xr-x 1 root wheel 7 Sep 20 04:09 kbd1 -> kbdmux0
crw------- 1 root wheel 0x12 Sep 20 04:05 kbdmux0
crw------- 1 root wheel 0x25 Sep 20 04:05 klog
crw-r----- 1 root kmem 0x15 Sep 20 04:05 kmem
crw------- 1 root wheel 0xb Sep 20 04:05 mdctl
crw-r----- 1 root kmem 0x14 Sep 20 04:05 mem
crw-rw-rw- 1 root wheel 0x26 Sep 20 04:05 midistat
crw------- 1 root wheel 0x17 Sep 20 04:05 netmap
crw------- 1 root kmem 0x16 Sep 20 04:05 nfslock
crw-rw-rw- 1 root wheel 0x19 Sep 20 04:17 null
crw-r--r-- 1 root wheel 0x23 Sep 20 04:05 pci
crw------- 1 root wheel 0x45 Sep 20 04:09 pf
crw-rw-rw- 1 root wheel 0x2d Sep 20 04:05 psm0
dr-xr-xr-x 2 root wheel 512 Sep 20 04:10 pts
crw-r--r-- 1 root wheel 0x8 Sep 20 04:05 random
dr-xr-xr-x 2 root wheel 512 Sep 20 04:09 reroot
crw-r--r-- 1 root wheel 0x7 Sep 20 04:05 sndstat
lrwxr-xr-x 1 root wheel 4 Sep 20 04:09 stderr -> fd/2
lrwxr-xr-x 1 root wheel 4 Sep 20 04:09 stdin -> fd/0
lrwxr-xr-x 1 root wheel 4 Sep 20 04:09 stdout -> fd/1
crw------- 1 root wheel 0x10 Sep 20 04:05 sysmouse
crw------- 1 root wheel 0x44 Sep 20 04:05 tap0
crw------- 1 root wheel 0x2f Sep 20 04:11 ttyu0
crw------- 1 root wheel 0x30 Sep 20 04:05 ttyu0.init
crw------- 1 root wheel 0x31 Sep 20 04:05 ttyu0.lock
crw------- 1 root wheel 0x47 Sep 20 04:11 ttyv0
crw------- 1 root wheel 0x48 Sep 20 04:11 ttyv1
crw------- 1 root wheel 0x49 Sep 20 04:11 ttyv2
crw------- 1 root wheel 0x4a Sep 20 04:11 ttyv3
crw------- 1 root wheel 0x4b Sep 20 04:11 ttyv4
crw------- 1 root wheel 0x4c Sep 20 04:11 ttyv5
crw------- 1 root wheel 0x4d Sep 20 04:11 ttyv6
crw------- 1 root wheel 0x4e Sep 20 04:11 ttyv7
crw------- 1 root wheel 0x4f Sep 20 04:05 ttyv8
crw------- 1 root wheel 0x50 Sep 20 04:05 ttyv9
crw------- 1 root wheel 0x51 Sep 20 04:05 ttyva
crw------- 1 root wheel 0x52 Sep 20 04:05 ttyvb
crw------- 1 root wheel 0x37 Sep 20 04:05 ufssuspend
lrwxr-xr-x 1 root wheel 6 Sep 20 04:09 urandom -> random
crw-r--r-- 1 root operator 0x3a Sep 20 04:05 usbctl
dr-xr-xr-x 2 root wheel 512 Sep 20 04:09 xen
crw------- 1 root operator 0x3b Sep 20 04:05 xpt0
crw-rw-rw- 1 root wheel 0x1a Sep 20 04:05 zero
-----------------------------------------------------------------------
Here's the xorg.conf (automatically created by xrdp)
-----------------------------------------------------------------------
# cat xorg.conf
Section "ServerLayout"
Identifier "X11 Server"
Screen "Screen (xrdpdev)"
InputDevice "xrdpMouse" "CorePointer"
InputDevice "xrdpKeyboard" "CoreKeyboard"
EndSection
Section "ServerFlags"
Option "DontVTSwitch" "on"
I can start xrdp with its sesman. But when xorg is launched, I still
have errors...
Here the X log:
-----------------------------------------------------------------------
# cat Xorg.13.log
[ 5629.107]
[ 5629.107] Build Operating System: FreeBSD 11.0-RELEASE-p12 amd64
[ 5629.107] Current Operating System: FreeBSD xxx.xxx.xxx 11.1-STABLE
FreeBSD 11.1-STABLE #2 r323738M: Tue Sep 19 08:47:53 UTC 2017
ro...@xxxhost.xxx.xxx:/usr/obj/usr/src/sys/XXXSRV amd64
[ 5629.107] Build Date: 12 September 2017 08:39:56AM
[ 5629.107]
[ 5629.107] Current version of pixman: 0.34.0
[ 5629.107] Before reporting problems, check http://wiki.x.org
11:31:20 2017
[ 5629.108] (++) Using config file: "/etc/X11/xrdp/xorg.conf"
[ 5629.108] (==) ServerLayout "X11 Server"
[ 5629.108] (**) |-->Screen "Screen (xrdpdev)" (0)
[ 5629.108] (**) | |-->Monitor "Monitor"
[ 5629.108] (**) | |-->Device "Video Card (xrdpdev)"
[ 5629.108] (**) |-->Input Device "xrdpMouse"
[ 5629.108] (**) |-->Input Device "xrdpKeyboard"
[ 5629.108] (**) Option "DontVTSwitch" "on"
[ 5629.108] (**) Option "AutoAddDevices" "off"
[ 5629.108] (**) Not automatically adding devices
[ 5629.108] (==) Automatically enabling devices
[ 5629.108] (==) Not automatically adding GPU devices
[ 5629.108] (==) Max clients allowed: 256, resource mask: 0x1fffff
[ 5629.108] (WW) The directory "/usr/local/share/fonts/misc/" does not
exist.
[ 5629.108] Entry deleted from font path.
[ 5629.108] (WW) The directory "/usr/local/share/fonts/TTF/" does not
exist.
[ 5629.108] Entry deleted from font path.
[ 5629.108] (WW) The directory "/usr/local/share/fonts/OTF/" does not
exist.
[ 5629.108] Entry deleted from font path.
[ 5629.108] (WW) The directory "/usr/local/share/fonts/Type1/" does not
exist.
[ 5629.108] Entry deleted from font path.
[ 5629.108] (WW) The directory "/usr/local/share/fonts/100dpi/" does
not exist.
[ 5629.108] Entry deleted from font path.
[ 5629.108] (WW) The directory "/usr/local/share/fonts/75dpi/" does not
exist.
[ 5629.108] Entry deleted from font path.
[ 5629.108] (==) FontPath set to:
[ 5629.108] (==) ModulePath set to "/usr/local/lib/xorg/modules"
[ 5629.108] (II) Loader magic: 0x813b70
[ 5629.108] (II) Module ABI versions:
[ 5629.108] X.Org ANSI C Emulation: 0.4
[ 5629.108] X.Org Video Driver: 20.0
[ 5629.108] X.Org XInput driver : 22.1
[ 5629.108] X.Org Server Extension : 9.0
[ 5629.108] (WW) checkDevMem: failed to open /dev/mem (Operation not
permitted)
[ 5629.108] (--) PCI:*(0:0:2:0) 1013:00b8:5853:0001 rev 0, Mem @
[ 5629.108] (II) Module "dbe" already built-in
[ 5629.108] (II) LoadModule: "ddc"
[ 5629.108] (II) Module "ddc" already built-in
[ 5629.108] (II) LoadModule: "extmod"
[ 5629.108] (II) Module "extmod" already built-in
[ 5629.108] (II) LoadModule: "glx"
[ 5629.108] (II) Loading /usr/local/lib/xorg/modules/extensions/libglx.so
[ 5629.109] (II) Module glx: vendor="X.Org Foundation"
[ 5629.109] compiled for 1.18.4, module version = 1.0.0
[ 5629.109] ABI class: X.Org Server Extension, version 9.0
[ 5629.109] (==) AIGLX enabled
[ 5629.109] (II) LoadModule: "int10"
[ 5629.109] (II) Loading /usr/local/lib/xorg/modules/libint10.so
[ 5629.109] (II) Module int10: vendor="X.Org Foundation"
[ 5629.109] compiled for 1.18.4, module version = 1.0.0
[ 5629.109] ABI class: X.Org Video Driver, version 20.0
[ 5629.109] (II) LoadModule: "record"
[ 5629.109] (II) Module "record" already built-in
[ 5629.109] (II) LoadModule: "vbe"
[ 5629.109] (II) Loading /usr/local/lib/xorg/modules/libvbe.so
[ 5629.110] (II) Module vbe: vendor="X.Org Foundation"
[ 5629.110] compiled for 1.18.4, module version = 1.1.0
[ 5629.110] ABI class: X.Org Video Driver, version 20.0
[ 5629.110] (II) LoadModule: "xorgxrdp"
[ 5629.110] (II) Loading /usr/local/lib/xorg/modules/libxorgxrdp.so
[ 5629.110] (II) Module XORGXRDP: vendor="X.Org Foundation"
[ 5629.110] compiled for 1.18.4, module version = 1.0.0
[ 5629.110] ABI class: X.Org Video Driver, version 20.0
[ 5629.110] xorgxrdpSetup:
[ 5629.110] (II) LoadModule: "fb"
[ 5629.110] (II) Loading /usr/local/lib/xorg/modules/libfb.so
[ 5629.110] (II) Module fb: vendor="X.Org Foundation"
[ 5629.110] compiled for 1.18.4, module version = 1.0.0
[ 5629.110] ABI class: X.Org ANSI C Emulation, version 0.4
[ 5629.110] (II) LoadModule: "xrdpdev"
[ 5629.110] (II) Loading /usr/local/lib/xorg/modules/drivers/xrdpdev_drv.so
[ 5629.110] (II) Module XRDPDEV: vendor="X.Org Foundation"
[ 5629.110] compiled for 1.18.4, module version = 1.0.0
[ 5629.110] ABI class: X.Org Video Driver, version 20.0
[ 5629.110] xrdpdevSetup:
[ 5629.110] (II) LoadModule: "xrdpmouse"
[ 5629.110] (II) Loading /usr/local/lib/xorg/modules/input/xrdpmouse_drv.so
[ 5629.110] (II) Module XRDPMOUSE: vendor="X.Org Foundation"
[ 5629.110] compiled for 1.18.4, module version = 1.0.0
[ 5629.110] Module class: X.Org XInput Driver
[ 5629.110] ABI class: X.Org XInput driver, version 22.1
[ 5629.110] rdpmousePlug:
[ 5629.110] (II) LoadModule: "xrdpkeyb"
[ 5629.110] (II) Loading /usr/local/lib/xorg/modules/input/xrdpkeyb_drv.so
[ 5629.110] (II) Module XRDPKEYB: vendor="X.Org Foundation"
[ 5629.110] compiled for 1.18.4, module version = 1.0.0
[ 5629.110] Module class: X.Org XInput Driver
[ 5629.110] ABI class: X.Org XInput driver, version 22.1
[ 5629.110] rdpkeybPlug:
[ 5629.111] rdpIdentify:
[ 5629.111] (II) XRDPDEV: driver for xrdp: XRDPDEV
[ 5629.111] rdpDriverFunc: op 10
[ 5629.111] (WW) Falling back to old probe method for XRDPDEV
[ 5629.111] rdpProbe:
[ 5629.111] (II) Loading sub module "fb"
[ 5629.111] (II) LoadModule: "fb"
[ 5629.111] (II) Loading /usr/local/lib/xorg/modules/libfb.so
[ 5629.111] (II) Module fb: vendor="X.Org Foundation"
[ 5629.111] compiled for 1.18.4, module version = 1.0.0
[ 5629.111] ABI class: X.Org ANSI C Emulation, version 0.4
[ 5629.111] (II) XRDPDEV(0): using default device
[ 5629.111] (WW) VGA arbiter: cannot open kernel arbiter, no multi-card
support
[ 5629.111] rdpPreInit:
[ 5629.111] (**) XRDPDEV(0): Depth 24, (--) framebuffer bpp 32
[ 5629.111] (==) XRDPDEV(0): RGB weight 888
[ 5629.111] (==) XRDPDEV(0): Using gamma correction (1.0, 1.0, 1.0)
[ 5629.111] (==) XRDPDEV(0): Default visual is TrueColor
[ 5629.111] (==) XRDPDEV(0): DPI set to (96, 96)
[ 5629.111] (II) XRDPDEV(0): mode "640x480" ok
[ 5629.111] (II) XRDPDEV(0): mode "800x600" ok
[ 5629.111] (--) XRDPDEV(0): Virtual size is 800x600 (pitch 800)
[ 5629.111] (**) XRDPDEV(0): Default mode "800x600": 36.0 MHz (scaled
[ 5629.111] rdpScreenInit: virtualX 800 virtualY 600 rgbBits 8 depth 24
[ 5629.111] rdpScreenInit: pfbMemory bytes 1920000
[ 5629.111] rdpScreenInit: pfbMemory 0x807200000
[ 5629.111] rdpSimdInit: assigning yuv functions
[ 5629.111] rdpSimdInit: cpuid ax 1 cx 0 return ax 0x000306f2 bx
[ 5629.111] rdpXvInit: depth 24
[ 5629.111] (==) XRDPDEV(0): Backing store enabled
[ 5629.111] rdpClientConInit: kill disconnected [0] timeout [0] sec
[ 5629.111]
[ 5629.111] rdpScreenInit: out
[ 5629.111] (==) RandR enabled
[ 5629.111] MIT-SHM extension disabled due to lack of kernel support
[ 5629.111] (II) AIGLX: Screen 0 is not DRI2 capable
[ 5629.111] (EE) AIGLX: reverting to software rendering
[ 5629.140] (II) AIGLX: enabled GLX_MESA_copy_sub_buffer
[ 5629.141] (II) AIGLX: Loaded and initialized swrast
[ 5629.141] (II) GLX: Initialized DRISWRAST GL provider for screen 0
[ 5629.170] (II) Using input driver 'XRDPMOUSE' for 'xrdpMouse'
[ 5629.170] (**) Option "CorePointer"
[ 5629.170] (**) xrdpMouse: always reports core events
[ 5629.170] rdpmousePreInit: drv 0x803c15240 info 0x803c37d20, flags 0x0
[ 5629.170] (II) XINPUT: Adding extended input device "xrdpMouse"
(type: Mouse, id 6)
[ 5629.170] rdpmouseControl: what 0
[ 5629.170] rdpmouseDeviceInit:
[ 5629.170] rdpmouseCtrl:
[ 5629.170] rdpRegisterInputCallback: type 1 proc 0x806da1d20
[ 5629.170] (**) xrdpMouse: (accel) keeping acceleration scheme 1
[ 5629.170] (**) xrdpMouse: (accel) acceleration profile 0
[ 5629.170] (**) xrdpMouse: (accel) acceleration factor: 2.000
[ 5629.170] (**) xrdpMouse: (accel) acceleration threshold: 4
[ 5629.170] rdpmouseControl: what 1
[ 5629.170] rdpmouseDeviceOn:
[ 5629.170] (II) Using input driver 'XRDPKEYB' for 'xrdpKeyboard'
[ 5629.170] (**) Option "CoreKeyboard"
[ 5629.170] (**) xrdpKeyboard: always reports core events
[ 5629.170] rdpkeybPreInit: drv 0x803c152c0 info 0x803c37e60, flags 0x0
[ 5629.170] (II) XINPUT: Adding extended input device "xrdpKeyboard"
(type: Keyboard, id 7)
[ 5629.170] rdpkeybControl: what 0
[ 5629.170] rdpkeybDeviceInit:
[ 5629.193] rdpkeybChangeKeyboardControl:
[ 5629.193] rdpkeybChangeKeyboardControl: autoRepeat on
[ 5629.193] rdpRegisterInputCallback: type 0 proc 0x806fa41b0
[ 5629.193] rdpkeybControl: what 1
[ 5629.193] rdpkeybDeviceOn:
[ 5629.193] (II) config/devd: probing input devices...
[ 5629.194] (II) config/devd: adding input device (null) (/dev/kbdmux)
[ 5629.194] (II) AutoAddDevices is off - not adding device.
[ 5629.194] (II) config/devd: kbdmux is enabled, ignoring device atkbd0
[ 5629.194] (II) config/devd: adding input device (null) (/dev/sysmouse)
[ 5629.194] (II) AutoAddDevices is off - not adding device.
[ 5629.227] (II) config/devd: adding input device Mouse (/dev/psm0)
[ 5629.227] (II) AutoAddDevices is off - not adding device.
[ 5629.228] (EE) config/devd: fail to connect to devd
[ 5629.228] [config] failed to initialise devd
[ 5629.228] rdpSaveScreen:
[ 5629.228] rdpDeferredRandR:
[ 5629.228] rdpResizeSession: width 1024 height 768
[ 5629.228] calling RRScreenSizeSet
[ 5629.228] rdpRRScreenSetSize: width 1024 height 768 mmWidth 271
mmHeight 203
[ 5629.228] rdpRRGetInfo:
[ 5629.228] screen resized to 1024x768
[ 5629.229] RRScreenSizeSet ok 1
[ 5629.229] rdpResizeSession: width 1304 height 603
[ 5629.229] calling RRScreenSizeSet
[ 5629.229] rdpRRScreenSetSize: width 1304 height 603 mmWidth 345
mmHeight 160
[ 5629.229] rdpRRGetInfo:
[ 5629.229] screen resized to 1304x603
[ 5629.231] RRScreenSizeSet ok 1
[ 5629.297] rdpInDeferredUpdateCallback:
[ 5629.297] rdpkeybChangeKeyboardControl:
[ 5629.297] rdpkeybChangeKeyboardControl: autoRepeat off
[ 5629.716] rdpClientConGotConnection:
[ 5629.716] rdpClientConGotConnection: g_sck_accept ok new_sck 6
[ 5629.716] rdpClientConGotConnection: adding only clientCon
[ 5629.720] rdpClientConProcessMsgVersion: version 0 0 0 1
[ 5629.720] rdpClientConProcessScreenSizeMsg: set width 1304 height 603
bpp 16
[ 5629.720] rdpClientConProcessScreenSizeMsg: shmemid -1 shmemptr
0xffffffffffffffff
[ 5629.720] rdpClientConProcessMsgClientInput: invalidate x 0 y 0 cx
1304 cy 603
[ 5646.293] rdpClientConProcessMsgClientInfo:
[ 5646.293] got client info bytes 5744
[ 5646.293] jpeg support 0
[ 5646.293] offscreen support 0
[ 5646.293] offscreen size 0
[ 5646.293] offscreen entries 0
[ 5646.293] client supports glyph cache but server disabled
[ 5646.293] client can not do offscreen to offscreen blits
[ 5646.293] client can do new(color) cursor
[ 5646.293] client can not do multimon
[ 5646.293] rdpRRSetRdpOutputs: numCrtcs 0 monitorCount 0
[ 5646.293] rdpRRSetRdpOutputs: add output 0 left 0 top 0 width 1304
height 603
[ 5646.293] rdpLoadLayout: keylayout 0x00000409 variant display 13
[ 5646.294] rdpkeybChangeKeyboardControl:
[ 5646.294] rdpkeybChangeKeyboardControl: autoRepeat on
[ 5646.294] rdpkeybChangeKeyboardControl:
[ 5646.294] rdpkeybChangeKeyboardControl: autoRepeat on
[ 5646.320] (EE)
[ 5646.321] (EE) Backtrace:
[ 5646.322] (EE) 0: /usr/local/bin/Xorg (OsInit+0x38a) [0x5abfba]
[ 5646.324] (EE) 1: /lib/libthr.so.3 (_pthread_sigmask+0x544) [0x8025cbd94]
[ 5646.326] (EE) 2: /lib/libthr.so.3 (_pthread_getspecific+0xe5f)
[0x8025cbbef]
[ 5646.327] (EE) 3: ? (?+0xe5f) [0x7ffffffffff2]
[ 5646.329] (EE) 4: /usr/local/lib/xorg/modules/libxorgxrdp.so
(rdpCapture+0xf60) [0x806771aa0]
[ 5646.331] (EE) 5: /usr/local/lib/xorg/modules/libxorgxrdp.so
(rdpClientConAddAllBox+0x408) [0x80676fbf8]
[ 5646.332] (EE) 6: /usr/local/lib/xorg/modules/libxorgxrdp.so
(rdpClientConAddDirtyScreenReg+0x3c3) [0x80676ef13]
[ 5646.334] (EE) 7: /usr/local/bin/Xorg (WaitForSomething+0x103e)
[0x5a47ce]
[ 5646.335] (EE) 8: /usr/local/bin/Xorg (UpdateCurrentTimeIf+0x121)
[0x431621]
[ 5646.337] (EE) 9: /usr/local/bin/Xorg (remove_fs_handlers+0x597)
[0x43b697]
[ 5646.338] (EE) 10: /usr/local/bin/Xorg (_start+0x17f) [0x42506f]
[ 5646.340] (EE) 11: ? (?+0x17f) [0x80083617f]
[ 5646.340] (EE)
[ 5646.340] (EE) Segmentation fault at address 0xffffffffffffffff
[ 5646.340] (EE)
Fatal server error:
[ 5646.340] (EE) Caught signal 11 (Segmentation fault). Server aborting
[ 5646.340] (EE)
[ 5646.340] (EE)
[ 5646.340] (EE) Please also check the log file at
"/var/log/Xorg.13.log" for additional information.
[ 5646.340] (EE)
[ 5646.340] rdpmouseControl: what 4
[ 5646.340] rdpkeybControl: what 4
[ 5646.340] rdpLeaveVT:
[ 5646.340] (EE) Server terminated with error (1). Closing log file.
-----------------------------------------------------------------------
I guess that the root of the issue may be here:
Thanks again
Giulio
> Il giorno 18 set 2017, alle ore 15:32, Alexander Leidinger <Alex...@leidinger.net> ha scritto:
>
> Here an updated change (thanks to jamie@ for the cluebat). It's a full patch vs 11.1.
> http://www.Leidinger.net/FreeBSD/current-patches/x11_in_jail_releng_11_1.diff
>
> The difference of what you have already are two lines:
> ---snip---
> Index: sys/kern/kern_jail.c
> ===================================================================
> --- sys/kern/kern_jail.c (revision 323230)
> +++ sys/kern/kern_jail.c (working copy)
> @@ -3788,6 +3806,8 @@
> "B", "Jail may set file quotas");
> SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW,
> "B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route");
> +SYSCTL_JAIL_PARAM(_allow, kmem_access, CTLTYPE_INT | CTLFLAG_RW,
> + "B", "Jail may access kmem-like devices (io, dri) if they exist");
>
> SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags");
> SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW,
> ---snip---
>
> I have validated this in -current, this is the missing piece. When this is in the kernel, you should see kmem_access in the output of
> sysctl security.jail.param.allow
>
> This should then work with the jail.conf (and rc.conf) way of configuring a jail.
I've patched, built and installed the new kernel. Now I can start the
jail with the new parameter.
Unfortunately Xorg still fails to start... :(
Here's my setup:
/etc/rc.conf.local
-----------------------------------------------------------------------
...
jail_enable="YES"
...
-----------------------------------------------------------------------
/etc/jail.conf
-----------------------------------------------------------------------
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
devfs_ruleset=1;
path = "/usr/home/jails/$name";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
devfs_ruleset=1;
xxx {
host.hostname = "xxx.xxx.xxx";
vnet;
vnet.interface = epair0b, epair1b;
allow.kmem_access = "true";
vnet.interface = epair0b, epair1b;
persist;
}
-----------------------------------------------------------------------
/etc/devfs.rules
-----------------------------------------------------------------------
[devfsrules_jail=1]
add path pf unhide
add path kmem unhide
add path io unhide
add path mem unhide
add path pci unhide
add path tty unhide
add path ttyv0 unhide
add path ttyv1 unhide
add path ttyv8 unhide
-----------------------------------------------------------------------
add path mem unhide
add path pci unhide
add path tty unhide
add path ttyv0 unhide
add path ttyv1 unhide
add path ttyv8 unhide
Now I can start the jail with /etc/rc.d/jail start
The jail seems ok. Here's its /dev directory:
-----------------------------------------------------------------------
# ls -l
total 3
crw-r--r-- 1 root wheel 0x27 Sep 20 04:05 acpi
crw-r----- 1 root operator 0x3e Sep 20 04:05 ada0
crw-r----- 1 root operator 0x3f Sep 20 04:05 ada0p1
crw-r----- 1 root operator 0x40 Sep 20 04:05 ada0p2
crw-rw-r-- 1 root operator 0x29 Sep 20 04:05 apm
crw-rw---- 1 root operator 0x28 Sep 20 04:05 apmctl
crw------- 1 root wheel 0x2b Sep 20 04:05 atkbd0
crw------- 1 root kmem 0x1c Sep 20 04:05 audit
crw------- 1 root wheel 0x1b Sep 20 04:05 auditpipe
crw------- 1 root wheel 0xd Sep 20 04:08 bpf
lrwxr-xr-x 1 root wheel 3 Sep 20 04:09 bpf0 -> bpf
crw-rw-rw- 1 root wheel 0x2e Sep 20 04:05 bpsm0
crw------- 1 root wheel 0xa Sep 20 04:16 console
crw------- 1 root wheel 0xf Sep 20 04:05 consolectl
crw-rw-rw- 1 root wheel 0xc Sep 20 04:05 ctty
crw-rw---- 1 uucp dialer 0x32 Sep 20 04:05 cuau0
crw-rw---- 1 uucp dialer 0x33 Sep 20 04:05 cuau0.init
crw-rw---- 1 uucp dialer 0x34 Sep 20 04:05 cuau0.lock
crw------- 1 root wheel 0x4 Sep 20 04:05 devctl
crw------- 1 root wheel 0x5 Sep 20 04:05 devctl2
cr--r--r-- 1 root wheel 0x3d Sep 20 04:05 devstat
dr-xr-xr-x 2 root wheel 512 Sep 20 04:09 fd
crw------- 1 root wheel 0x11 Sep 20 04:05 fido
crw-rw-rw- 1 root wheel 0x18 Sep 20 04:05 full
crw-r----- 1 root operator 0x6 Sep 20 04:05 geom.ctl
dr-xr-xr-x 2 root wheel 512 Sep 20 04:09 gpt
dr-xr-xr-x 2 root wheel 512 Sep 20 04:09 gptid
crw-r--r-- 1 root wheel 0x2a Sep 20 04:05 hpet0
crw------- 1 root wheel 0x24 Sep 20 04:05 io
lrwxr-xr-x 1 root wheel 6 Sep 20 04:09 kbd0 -> atkbd0
lrwxr-xr-x 1 root wheel 7 Sep 20 04:09 kbd1 -> kbdmux0
crw------- 1 root wheel 0x12 Sep 20 04:05 kbdmux0
crw------- 1 root wheel 0x25 Sep 20 04:05 klog
crw-r----- 1 root kmem 0x15 Sep 20 04:05 kmem
crw------- 1 root wheel 0xb Sep 20 04:05 mdctl
crw-r----- 1 root kmem 0x14 Sep 20 04:05 mem
crw-rw-rw- 1 root wheel 0x26 Sep 20 04:05 midistat
crw------- 1 root wheel 0x17 Sep 20 04:05 netmap
crw------- 1 root kmem 0x16 Sep 20 04:05 nfslock
crw-rw-rw- 1 root wheel 0x19 Sep 20 04:17 null
crw-r--r-- 1 root wheel 0x23 Sep 20 04:05 pci
crw------- 1 root wheel 0x45 Sep 20 04:09 pf
crw-rw-rw- 1 root wheel 0x2d Sep 20 04:05 psm0
dr-xr-xr-x 2 root wheel 512 Sep 20 04:10 pts
crw-r--r-- 1 root wheel 0x8 Sep 20 04:05 random
dr-xr-xr-x 2 root wheel 512 Sep 20 04:09 reroot
crw-r--r-- 1 root wheel 0x7 Sep 20 04:05 sndstat
lrwxr-xr-x 1 root wheel 4 Sep 20 04:09 stderr -> fd/2
lrwxr-xr-x 1 root wheel 4 Sep 20 04:09 stdin -> fd/0
lrwxr-xr-x 1 root wheel 4 Sep 20 04:09 stdout -> fd/1
crw------- 1 root wheel 0x10 Sep 20 04:05 sysmouse
crw------- 1 root wheel 0x44 Sep 20 04:05 tap0
crw------- 1 root wheel 0x2f Sep 20 04:11 ttyu0
crw------- 1 root wheel 0x30 Sep 20 04:05 ttyu0.init
crw------- 1 root wheel 0x31 Sep 20 04:05 ttyu0.lock
crw------- 1 root wheel 0x47 Sep 20 04:11 ttyv0
crw------- 1 root wheel 0x48 Sep 20 04:11 ttyv1
crw------- 1 root wheel 0x49 Sep 20 04:11 ttyv2
crw------- 1 root wheel 0x4a Sep 20 04:11 ttyv3
crw------- 1 root wheel 0x4b Sep 20 04:11 ttyv4
crw------- 1 root wheel 0x4c Sep 20 04:11 ttyv5
crw------- 1 root wheel 0x4d Sep 20 04:11 ttyv6
crw------- 1 root wheel 0x4e Sep 20 04:11 ttyv7
crw------- 1 root wheel 0x4f Sep 20 04:05 ttyv8
crw------- 1 root wheel 0x50 Sep 20 04:05 ttyv9
crw------- 1 root wheel 0x51 Sep 20 04:05 ttyva
crw------- 1 root wheel 0x52 Sep 20 04:05 ttyvb
crw------- 1 root wheel 0x37 Sep 20 04:05 ufssuspend
lrwxr-xr-x 1 root wheel 6 Sep 20 04:09 urandom -> random
crw-r--r-- 1 root operator 0x3a Sep 20 04:05 usbctl
dr-xr-xr-x 2 root wheel 512 Sep 20 04:09 xen
crw------- 1 root operator 0x3b Sep 20 04:05 xpt0
crw-rw-rw- 1 root wheel 0x1a Sep 20 04:05 zero
-----------------------------------------------------------------------
Here's the xorg.conf (automatically created by xrdp)
-----------------------------------------------------------------------
# cat xorg.conf
Section "ServerLayout"
Identifier "X11 Server"
Screen "Screen (xrdpdev)"
InputDevice "xrdpMouse" "CorePointer"
InputDevice "xrdpKeyboard" "CoreKeyboard"
EndSection
Section "ServerFlags"
Option "DontVTSwitch" "on"
have errors...
Here the X log:
-----------------------------------------------------------------------
# cat Xorg.13.log
[ 5629.107]
X.Org X Server 1.18.4
Release Date: 2016-07-19
[ 5629.107] X Protocol Version 11, Revision 0
Release Date: 2016-07-19
[ 5629.107] Build Operating System: FreeBSD 11.0-RELEASE-p12 amd64
[ 5629.107] Current Operating System: FreeBSD xxx.xxx.xxx 11.1-STABLE
FreeBSD 11.1-STABLE #2 r323738M: Tue Sep 19 08:47:53 UTC 2017
ro...@xxxhost.xxx.xxx:/usr/obj/usr/src/sys/XXXSRV amd64
[ 5629.107] Build Date: 12 September 2017 08:39:56AM
[ 5629.107]
[ 5629.107] Current version of pixman: 0.34.0
[ 5629.107] Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[ 5629.107] Markers: (--) probed, (**) from config file, (==) default
setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[ 5629.107] (==) Log file: "/var/log/Xorg.13.log", Time: Tue Sep 19
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
11:31:20 2017
[ 5629.108] (++) Using config file: "/etc/X11/xrdp/xorg.conf"
[ 5629.108] (==) ServerLayout "X11 Server"
[ 5629.108] (**) |-->Screen "Screen (xrdpdev)" (0)
[ 5629.108] (**) | |-->Monitor "Monitor"
[ 5629.108] (**) | |-->Device "Video Card (xrdpdev)"
[ 5629.108] (**) |-->Input Device "xrdpMouse"
[ 5629.108] (**) |-->Input Device "xrdpKeyboard"
[ 5629.108] (**) Option "DontVTSwitch" "on"
[ 5629.108] (**) Option "AutoAddDevices" "off"
[ 5629.108] (**) Not automatically adding devices
[ 5629.108] (==) Automatically enabling devices
[ 5629.108] (==) Not automatically adding GPU devices
[ 5629.108] (==) Max clients allowed: 256, resource mask: 0x1fffff
[ 5629.108] (WW) The directory "/usr/local/share/fonts/misc/" does not
exist.
[ 5629.108] Entry deleted from font path.
[ 5629.108] (WW) The directory "/usr/local/share/fonts/TTF/" does not
exist.
[ 5629.108] Entry deleted from font path.
[ 5629.108] (WW) The directory "/usr/local/share/fonts/OTF/" does not
exist.
[ 5629.108] Entry deleted from font path.
[ 5629.108] (WW) The directory "/usr/local/share/fonts/Type1/" does not
exist.
[ 5629.108] Entry deleted from font path.
[ 5629.108] (WW) The directory "/usr/local/share/fonts/100dpi/" does
not exist.
[ 5629.108] Entry deleted from font path.
[ 5629.108] (WW) The directory "/usr/local/share/fonts/75dpi/" does not
exist.
[ 5629.108] Entry deleted from font path.
[ 5629.108] (==) FontPath set to:
[ 5629.108] (==) ModulePath set to "/usr/local/lib/xorg/modules"
[ 5629.108] (II) Loader magic: 0x813b70
[ 5629.108] (II) Module ABI versions:
[ 5629.108] X.Org ANSI C Emulation: 0.4
[ 5629.108] X.Org Video Driver: 20.0
[ 5629.108] X.Org XInput driver : 22.1
[ 5629.108] X.Org Server Extension : 9.0
[ 5629.108] (WW) checkDevMem: failed to open /dev/mem (Operation not
permitted)
[ 5629.108] (--) PCI:*(0:0:2:0) 1013:00b8:5853:0001 rev 0, Mem @
0xf0000000/33554432, 0xf3000000/4096, BIOS @ 0x????????/65536
[ 5629.108] (II) "glx" will be loaded. This was enabled by default and
also specified in the config file.
[ 5629.108] (II) LoadModule: "dbe"
[ 5629.108] (II) Module "dbe" already built-in
[ 5629.108] (II) LoadModule: "ddc"
[ 5629.108] (II) Module "ddc" already built-in
[ 5629.108] (II) LoadModule: "extmod"
[ 5629.108] (II) Module "extmod" already built-in
[ 5629.108] (II) LoadModule: "glx"
[ 5629.108] (II) Loading /usr/local/lib/xorg/modules/extensions/libglx.so
[ 5629.109] (II) Module glx: vendor="X.Org Foundation"
[ 5629.109] compiled for 1.18.4, module version = 1.0.0
[ 5629.109] ABI class: X.Org Server Extension, version 9.0
[ 5629.109] (==) AIGLX enabled
[ 5629.109] (II) LoadModule: "int10"
[ 5629.109] (II) Loading /usr/local/lib/xorg/modules/libint10.so
[ 5629.109] (II) Module int10: vendor="X.Org Foundation"
[ 5629.109] compiled for 1.18.4, module version = 1.0.0
[ 5629.109] ABI class: X.Org Video Driver, version 20.0
[ 5629.109] (II) LoadModule: "record"
[ 5629.109] (II) Module "record" already built-in
[ 5629.109] (II) LoadModule: "vbe"
[ 5629.109] (II) Loading /usr/local/lib/xorg/modules/libvbe.so
[ 5629.110] (II) Module vbe: vendor="X.Org Foundation"
[ 5629.110] compiled for 1.18.4, module version = 1.1.0
[ 5629.110] ABI class: X.Org Video Driver, version 20.0
[ 5629.110] (II) LoadModule: "xorgxrdp"
[ 5629.110] (II) Loading /usr/local/lib/xorg/modules/libxorgxrdp.so
[ 5629.110] (II) Module XORGXRDP: vendor="X.Org Foundation"
[ 5629.110] compiled for 1.18.4, module version = 1.0.0
[ 5629.110] ABI class: X.Org Video Driver, version 20.0
[ 5629.110] xorgxrdpSetup:
[ 5629.110] (II) LoadModule: "fb"
[ 5629.110] (II) Loading /usr/local/lib/xorg/modules/libfb.so
[ 5629.110] (II) Module fb: vendor="X.Org Foundation"
[ 5629.110] compiled for 1.18.4, module version = 1.0.0
[ 5629.110] ABI class: X.Org ANSI C Emulation, version 0.4
[ 5629.110] (II) LoadModule: "xrdpdev"
[ 5629.110] (II) Loading /usr/local/lib/xorg/modules/drivers/xrdpdev_drv.so
[ 5629.110] (II) Module XRDPDEV: vendor="X.Org Foundation"
[ 5629.110] compiled for 1.18.4, module version = 1.0.0
[ 5629.110] ABI class: X.Org Video Driver, version 20.0
[ 5629.110] xrdpdevSetup:
[ 5629.110] (II) LoadModule: "xrdpmouse"
[ 5629.110] (II) Loading /usr/local/lib/xorg/modules/input/xrdpmouse_drv.so
[ 5629.110] (II) Module XRDPMOUSE: vendor="X.Org Foundation"
[ 5629.110] compiled for 1.18.4, module version = 1.0.0
[ 5629.110] Module class: X.Org XInput Driver
[ 5629.110] ABI class: X.Org XInput driver, version 22.1
[ 5629.110] rdpmousePlug:
[ 5629.110] (II) LoadModule: "xrdpkeyb"
[ 5629.110] (II) Loading /usr/local/lib/xorg/modules/input/xrdpkeyb_drv.so
[ 5629.110] (II) Module XRDPKEYB: vendor="X.Org Foundation"
[ 5629.110] compiled for 1.18.4, module version = 1.0.0
[ 5629.110] Module class: X.Org XInput Driver
[ 5629.110] ABI class: X.Org XInput driver, version 22.1
[ 5629.110] rdpkeybPlug:
[ 5629.111] rdpIdentify:
[ 5629.111] (II) XRDPDEV: driver for xrdp: XRDPDEV
[ 5629.111] rdpDriverFunc: op 10
[ 5629.111] (WW) Falling back to old probe method for XRDPDEV
[ 5629.111] rdpProbe:
[ 5629.111] (II) Loading sub module "fb"
[ 5629.111] (II) LoadModule: "fb"
[ 5629.111] (II) Loading /usr/local/lib/xorg/modules/libfb.so
[ 5629.111] (II) Module fb: vendor="X.Org Foundation"
[ 5629.111] compiled for 1.18.4, module version = 1.0.0
[ 5629.111] ABI class: X.Org ANSI C Emulation, version 0.4
[ 5629.111] (II) XRDPDEV(0): using default device
[ 5629.111] (WW) VGA arbiter: cannot open kernel arbiter, no multi-card
support
[ 5629.111] rdpPreInit:
[ 5629.111] (**) XRDPDEV(0): Depth 24, (--) framebuffer bpp 32
[ 5629.111] (==) XRDPDEV(0): RGB weight 888
[ 5629.111] (==) XRDPDEV(0): Using gamma correction (1.0, 1.0, 1.0)
[ 5629.111] (==) XRDPDEV(0): Default visual is TrueColor
[ 5629.111] (==) XRDPDEV(0): DPI set to (96, 96)
[ 5629.111] (II) XRDPDEV(0): mode "640x480" ok
[ 5629.111] (II) XRDPDEV(0): mode "800x600" ok
[ 5629.111] (--) XRDPDEV(0): Virtual size is 800x600 (pitch 800)
[ 5629.111] (**) XRDPDEV(0): Default mode "800x600": 36.0 MHz (scaled
from 0.0 MHz), 35.2 kHz, 56.2 Hz
[ 5629.111] (II) XRDPDEV(0): Modeline "800x600"x0.0 36.00 800 824
896 1024 600 601 603 625 +hsync +vsync (35.2 kHz d)
[ 5629.111] (==) Depth 24 pixmap format is 32 bpp
[ 5629.111] rdpScreenInit: virtualX 800 virtualY 600 rgbBits 8 depth 24
[ 5629.111] rdpScreenInit: pfbMemory bytes 1920000
[ 5629.111] rdpScreenInit: pfbMemory 0x807200000
[ 5629.111] rdpSimdInit: assigning yuv functions
[ 5629.111] rdpSimdInit: cpuid ax 1 cx 0 return ax 0x000306f2 bx
0x00020800 cx 0xfffa3203 dx 0x178bfbff
[ 5629.111] rdpSimdInit: sse2 amd64 yuv functions assigned
[ 5629.111] rdpXvInit: depth 24
[ 5629.111] (==) XRDPDEV(0): Backing store enabled
[ 5629.111] rdpClientConInit: kill disconnected [0] timeout [0] sec
[ 5629.111]
[ 5629.111] rdpScreenInit: out
[ 5629.111] (==) RandR enabled
[ 5629.111] MIT-SHM extension disabled due to lack of kernel support
[ 5629.111] (II) AIGLX: Screen 0 is not DRI2 capable
[ 5629.111] (EE) AIGLX: reverting to software rendering
[ 5629.140] (II) AIGLX: enabled GLX_MESA_copy_sub_buffer
[ 5629.141] (II) AIGLX: Loaded and initialized swrast
[ 5629.141] (II) GLX: Initialized DRISWRAST GL provider for screen 0
[ 5629.170] (II) Using input driver 'XRDPMOUSE' for 'xrdpMouse'
[ 5629.170] (**) Option "CorePointer"
[ 5629.170] (**) xrdpMouse: always reports core events
[ 5629.170] rdpmousePreInit: drv 0x803c15240 info 0x803c37d20, flags 0x0
[ 5629.170] (II) XINPUT: Adding extended input device "xrdpMouse"
(type: Mouse, id 6)
[ 5629.170] rdpmouseControl: what 0
[ 5629.170] rdpmouseDeviceInit:
[ 5629.170] rdpmouseCtrl:
[ 5629.170] rdpRegisterInputCallback: type 1 proc 0x806da1d20
[ 5629.170] (**) xrdpMouse: (accel) keeping acceleration scheme 1
[ 5629.170] (**) xrdpMouse: (accel) acceleration profile 0
[ 5629.170] (**) xrdpMouse: (accel) acceleration factor: 2.000
[ 5629.170] (**) xrdpMouse: (accel) acceleration threshold: 4
[ 5629.170] rdpmouseControl: what 1
[ 5629.170] rdpmouseDeviceOn:
[ 5629.170] (II) Using input driver 'XRDPKEYB' for 'xrdpKeyboard'
[ 5629.170] (**) Option "CoreKeyboard"
[ 5629.170] (**) xrdpKeyboard: always reports core events
[ 5629.170] rdpkeybPreInit: drv 0x803c152c0 info 0x803c37e60, flags 0x0
[ 5629.170] (II) XINPUT: Adding extended input device "xrdpKeyboard"
(type: Keyboard, id 7)
[ 5629.170] rdpkeybControl: what 0
[ 5629.170] rdpkeybDeviceInit:
[ 5629.193] rdpkeybChangeKeyboardControl:
[ 5629.193] rdpkeybChangeKeyboardControl: autoRepeat on
[ 5629.193] rdpRegisterInputCallback: type 0 proc 0x806fa41b0
[ 5629.193] rdpkeybControl: what 1
[ 5629.193] rdpkeybDeviceOn:
[ 5629.193] (II) config/devd: probing input devices...
[ 5629.194] (II) config/devd: adding input device (null) (/dev/kbdmux)
[ 5629.194] (II) AutoAddDevices is off - not adding device.
[ 5629.194] (II) config/devd: kbdmux is enabled, ignoring device atkbd0
[ 5629.194] (II) config/devd: adding input device (null) (/dev/sysmouse)
[ 5629.194] (II) AutoAddDevices is off - not adding device.
[ 5629.227] (II) config/devd: adding input device Mouse (/dev/psm0)
[ 5629.227] (II) AutoAddDevices is off - not adding device.
[ 5629.228] (EE) config/devd: fail to connect to devd
[ 5629.228] [config] failed to initialise devd
[ 5629.228] rdpSaveScreen:
[ 5629.228] rdpDeferredRandR:
[ 5629.228] rdpResizeSession: width 1024 height 768
[ 5629.228] calling RRScreenSizeSet
[ 5629.228] rdpRRScreenSetSize: width 1024 height 768 mmWidth 271
mmHeight 203
[ 5629.228] rdpRRGetInfo:
[ 5629.228] screen resized to 1024x768
[ 5629.229] RRScreenSizeSet ok 1
[ 5629.229] rdpResizeSession: width 1304 height 603
[ 5629.229] calling RRScreenSizeSet
[ 5629.229] rdpRRScreenSetSize: width 1304 height 603 mmWidth 345
mmHeight 160
[ 5629.229] rdpRRGetInfo:
[ 5629.229] screen resized to 1304x603
[ 5629.231] RRScreenSizeSet ok 1
[ 5629.297] rdpInDeferredUpdateCallback:
[ 5629.297] rdpkeybChangeKeyboardControl:
[ 5629.297] rdpkeybChangeKeyboardControl: autoRepeat off
[ 5629.716] rdpClientConGotConnection:
[ 5629.716] rdpClientConGotConnection: g_sck_accept ok new_sck 6
[ 5629.716] rdpClientConGotConnection: adding only clientCon
[ 5629.720] rdpClientConProcessMsgVersion: version 0 0 0 1
[ 5629.720] rdpClientConProcessScreenSizeMsg: set width 1304 height 603
bpp 16
[ 5629.720] rdpClientConProcessScreenSizeMsg: shmemid -1 shmemptr
0xffffffffffffffff
[ 5629.720] rdpClientConProcessMsgClientInput: invalidate x 0 y 0 cx
1304 cy 603
[ 5646.293] rdpClientConProcessMsgClientInfo:
[ 5646.293] got client info bytes 5744
[ 5646.293] jpeg support 0
[ 5646.293] offscreen support 0
[ 5646.293] offscreen size 0
[ 5646.293] offscreen entries 0
[ 5646.293] client supports glyph cache but server disabled
[ 5646.293] client can not do offscreen to offscreen blits
[ 5646.293] client can do new(color) cursor
[ 5646.293] client can not do multimon
[ 5646.293] rdpRRSetRdpOutputs: numCrtcs 0 monitorCount 0
[ 5646.293] rdpRRSetRdpOutputs: add output 0 left 0 top 0 width 1304
height 603
[ 5646.293] rdpLoadLayout: keylayout 0x00000409 variant display 13
[ 5646.294] rdpkeybChangeKeyboardControl:
[ 5646.294] rdpkeybChangeKeyboardControl: autoRepeat on
[ 5646.294] rdpkeybChangeKeyboardControl:
[ 5646.294] rdpkeybChangeKeyboardControl: autoRepeat on
[ 5646.320] (EE)
[ 5646.321] (EE) Backtrace:
[ 5646.322] (EE) 0: /usr/local/bin/Xorg (OsInit+0x38a) [0x5abfba]
[ 5646.324] (EE) 1: /lib/libthr.so.3 (_pthread_sigmask+0x544) [0x8025cbd94]
[ 5646.326] (EE) 2: /lib/libthr.so.3 (_pthread_getspecific+0xe5f)
[0x8025cbbef]
[ 5646.327] (EE) 3: ? (?+0xe5f) [0x7ffffffffff2]
[ 5646.329] (EE) 4: /usr/local/lib/xorg/modules/libxorgxrdp.so
(rdpCapture+0xf60) [0x806771aa0]
[ 5646.331] (EE) 5: /usr/local/lib/xorg/modules/libxorgxrdp.so
(rdpClientConAddAllBox+0x408) [0x80676fbf8]
[ 5646.332] (EE) 6: /usr/local/lib/xorg/modules/libxorgxrdp.so
(rdpClientConAddDirtyScreenReg+0x3c3) [0x80676ef13]
[ 5646.334] (EE) 7: /usr/local/bin/Xorg (WaitForSomething+0x103e)
[0x5a47ce]
[ 5646.335] (EE) 8: /usr/local/bin/Xorg (UpdateCurrentTimeIf+0x121)
[0x431621]
[ 5646.337] (EE) 9: /usr/local/bin/Xorg (remove_fs_handlers+0x597)
[0x43b697]
[ 5646.338] (EE) 10: /usr/local/bin/Xorg (_start+0x17f) [0x42506f]
[ 5646.340] (EE) 11: ? (?+0x17f) [0x80083617f]
[ 5646.340] (EE)
[ 5646.340] (EE) Segmentation fault at address 0xffffffffffffffff
[ 5646.340] (EE)
Fatal server error:
[ 5646.340] (EE) Caught signal 11 (Segmentation fault). Server aborting
[ 5646.340] (EE)
[ 5646.340] (EE)
[ 5646.340] (EE) Please also check the log file at
"/var/log/Xorg.13.log" for additional information.
[ 5646.340] (EE)
[ 5646.340] rdpmouseControl: what 4
[ 5646.340] rdpkeybControl: what 4
[ 5646.340] rdpLeaveVT:
[ 5646.340] (EE) Server terminated with error (1). Closing log file.
-----------------------------------------------------------------------
I guess that the root of the issue may be here:
(WW) checkDevMem: failed to open /dev/mem (Operation not permitted)
Did I miss something in the configuration?
Thanks again
Giulio
> Il giorno 18 set 2017, alle ore 15:32, Alexander Leidinger <Alex...@leidinger.net> ha scritto:
>
> Quoting Giulio Ferro <au...@zirakzigil.org> (from Mon, 18 Sep 2017 08:49:32 +0200):
>
>> nope, even the old way I get:
>>
>> jail: xxx: unknown parameter: allow.kmem_access
>>
>>
>> Has anyone else tried this in 11.1 stable?
>
> As I'm creating the diff vs. 11.1 just for you: no.
> Quoting Giulio Ferro <au...@zirakzigil.org> (from Mon, 18 Sep 2017 08:49:32 +0200):
>
>> nope, even the old way I get:
>>
>> jail: xxx: unknown parameter: allow.kmem_access
>>
>>
>> Has anyone else tried this in 11.1 stable?
>
>
> Here an updated change (thanks to jamie@ for the cluebat). It's a full patch vs 11.1.
> http://www.Leidinger.net/FreeBSD/current-patches/x11_in_jail_releng_11_1.diff
>
> The difference of what you have already are two lines:
> ---snip---
> Index: sys/kern/kern_jail.c
> ===================================================================
> --- sys/kern/kern_jail.c (revision 323230)
> +++ sys/kern/kern_jail.c (working copy)
> @@ -3788,6 +3806,8 @@
> "B", "Jail may set file quotas");
> SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW,
> "B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route");
> +SYSCTL_JAIL_PARAM(_allow, kmem_access, CTLTYPE_INT | CTLFLAG_RW,
> + "B", "Jail may access kmem-like devices (io, dri) if they exist");
>
> SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags");
> SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW,
> ---snip---
>
> I have validated this in -current, this is the missing piece. When this is in the kernel, you should see kmem_access in the output of
> sysctl security.jail.param.allow
>
> This should then work with the jail.conf (and rc.conf) way of configuring a jail.
>
> Bye,
> Alexander.
>
> --
> http://www.Leidinger.net Alex...@Leidinger.net: PGP 0x8F31830F9F2772BF
> http://www.FreeBSD.org netc...@FreeBSD.org : PGP 0x8F31830F9F2772BF
> Bye,
> Alexander.
>
> --
> http://www.Leidinger.net Alex...@Leidinger.net: PGP 0x8F31830F9F2772BF
> http://www.FreeBSD.org netc...@FreeBSD.org : PGP 0x8F31830F9F2772BF
0 new messages