Subject: Weird systrace failures
To: None <current-users@NetBSD.org>
From: Christian Biere <christianbiere@gmx.de>
List: current-users
Date: 10/29/2003 23:15:41
--Signature=_Wed__29_Oct_2003_23_15_41_+0100_R/C9MC2tcuN8FYsD
Content-Type: multipart/mixed;
boundary="Multipart=_Wed__29_Oct_2003_23_15_41_+0100_uS7s23KphSa4gzC6"
--Multipart=_Wed__29_Oct_2003_23_15_41_+0100_uS7s23KphSa4gzC6
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Hi,
[Hopefully, this isn't a double post. At first, I accidently send it to
current-netbsd-owners.]
I use systrace to "sandbox" some of my applications like mozilla, wget,
BitchX, mplayer etc. Unfortunately, on NetBSD 1.6ZD (i386), systrace
behaves somewhat weird. If the system becomes rather busy due to
compiling or a "find /" mplayer will quit because systrace refuses
several (maybe all) syscalls. If I then restart mplayer, systrace
will complain "getcwd: permission denied". Huh? A "cd ." ``fixes''
the problem and I can use mplayer again. Interestingly, mplayer
quits only when it wants to load the next file, it won't stop
playing the current file.
This happens on a single-cpu system. Has anyone else experienced
problems like this as well? I've attached the files with rules
I use for mplayer. I guess, I should PR this. However, this looks
a little fishy and I'd like to know whether anyone can reproduce
this problem.
--
Christian
--Multipart=_Wed__29_Oct_2003_23_15_41_+0100_uS7s23KphSa4gzC6
Content-Type: text/plain;
name="usr_pkg_bin_mplayer"
Content-Disposition: attachment;
filename="usr_pkg_bin_mplayer"
Content-Transfer-Encoding: 7bit
Policy: /usr/pkg/bin/mplayer, Emulation: netbsd
netbsd-break: permit
netbsd-ioctl: permit
netbsd-write: permit
netbsd-mmap: permit
netbsd-__fstat13: permit
netbsd-close: permit
netbsd-munmap: permit
netbsd-__sysctl: permit
netbsd-__sigprocmask14: permit
netbsd-timer_create: permit
netbsd-sysarch: permit
netbsd-rasctl: permit
netbsd-fsread: filename match "/<non-existent filename>:*" then deny[enoent]
netbsd-fsread: permit
netbsd-mprotect: permit
netbsd-gettimeofday: permit
netbsd-issetugid: permit
netbsd-lseek: permit
netbsd-read: permit
netbsd-getuid: permit
netbsd-geteuid: permit
netbsd-getgid: permit
netbsd-getegid: permit
netbsd-fcntl: permit
netbsd-pread: permit
netbsd-pipe: permit
netbsd-__sigaction_sigtramp: permit
netbsd-socket: sockdom eq "AF_UNIX" and socktype eq "SOCK_STREAM" then permit
netbsd-connect: sockaddr eq "/tmp/.X11-unix/X0" then permit
netbsd-writev: permit
netbsd-poll: permit
netbsd-readv: permit
netbsd-fswrite: filename eq "/dev/audio0" then permit
netbsd-fswrite: filename eq "/dev/sound0" then permit
netbsd-fswrite: filename eq "/dev/zero" then permit
netbsd-fswrite: filename match "$HOME/.mplayer" then permit
netbsd-fswrite: filename match "$HOME/.mplayer/*" then permit
netbsd-getpid: permit
netbsd-shmget: permit
netbsd-shmat: permit
netbsd-__shmctl13: permit
netbsd-select: permit
netbsd-nanosleep: permit
netbsd-shmdt: permit
netbsd-shutdown: permit
netbsd-exit: permit
--Multipart=_Wed__29_Oct_2003_23_15_41_+0100_uS7s23KphSa4gzC6--
--Signature=_Wed__29_Oct_2003_23_15_41_+0100_R/C9MC2tcuN8FYsD
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
iD4DBQE/oDwX0KQix3oyIMcRAqdaAKC9suOjy3GtGKPOll8S60MsKUDjOACWJy/c
KEZUcoQ9fb43MiHNpzijiw==
=hc4C
-----END PGP SIGNATURE-----
--Signature=_Wed__29_Oct_2003_23_15_41_+0100_R/C9MC2tcuN8FYsD--