Subject: bin/23472: systrace doesn't seem to work on sparc64-current
To: None <>
From: Phil Jensen <>
List: netbsd-bugs
Date: 11/18/2003 17:03:06
>Number:         23472
>Category:       bin
>Synopsis:       systrace doesn't seem to work on sparc64-current
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Nov 18 04:14:00 UTC 2003
>Originator:     Phil Jensen
>Release:        NetBSD 1.6ZD  (20031017)
System: NetBSD pihanga 1.6ZD NetBSD 1.6ZD (GENERIC) #0: Sat Oct 18 15:36:21 UTC 2003 sparc64
Architecture: sparc64
Machine: sparc64
After following the instructions in the 'How-To-Repeat (below)' /bin/systrace does not function.


Use `systrace -At` to create a policy
After logging in as a normal and running `systrace -A` to generate a policy no policy was created.

$ systrace -At /bin/cat /etc/myname
$ ls -l .systrace

NB No policay is created.

Use a pre-defined policy
I downloaded a policy from the Hairy Eyeball project for bin_cat, and copied this to my ~/.systrace directory.  I edited the file to deny everything (see below).  But the cat still worked.

$ cat .systrace/bin_cat
Policy: /bin/cat, Emulation: native
        native-break: deny
	native-close: deny
	native-exit: deny
	native-fsread: true then deny
	native-fstat: deny
	native-issetugid: deny
	native-mmap: deny
	native-read: deny
	native-write: deny
	native-munmap: deny
										$ systrace -At /bin/cat /etc/myname

Everything seems to be allowed.