On Sat, Nov 07, 2015 at 02:46:32PM +0100, Theo Buehler wrote:
> [...]
> checking quotas: done.
> kvm_mkdb: can't chown /var/db/kvm_bsd.tmp: Operation not permitted
> kvm_mkdb: will try again using /bsd instead
> kvm_mkdb: can't chown /var/db/kvm_bsd.tmp: Operation not permitted
> clearing /tmp
> [...]
> The problem is that the kernel does not allow changing the gid of an fd
> or file after pledge was called, so we can't pledge before calling
> kvm_mkdb() the first time.
> [...]
Whoops, you're almost right here. You get EPERM on chown after pledge if
you try to change the group ID of a file to the ID of a group the
current process is not a member of.
kvm_mkdb tries to change the group ID of the name database to kmem, but
at the point where kvm_mkdb is called in /etc/rc, the only currently
active group is `wheel`, without any auxiliary (is that the right word?)
group IDs set.
I'm working on a fix.
--
Gregor
