On Fri, Nov 27, 2015 at 09:12:11AM +0100, Rolf Sommerhalder wrote:
> On Fri, Nov 27, 2015 at 9:01 AM, Antoine Jacoutot <ajacou...@bsdfrog.org>
> wrote:
> > Yeah, that's because of pledge(2):
> > installboot(19095): syscall 54 "ioctl"
>
> Thank for your confirmation. I did not spot the error message above,
> but saw a commit from Theo last night related to installboot. So I
> thought this might be connected, and maybe relevant feedback.
>
To be able to pledge installboot as it currently stands, two ioctl's
would need to be whitelisted in pledge "disklabel". I don't know if
this would be an acceptable policy, though. Tested on amd64, FWIW:
$ /usr/bin/doas installboot -v sd1
Password:
Using / as root
installing bootstrap on /dev/rsd1c
using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
sd1: softraid volume with 1 disk(s)
sd1: installing boot loader on softraid volume
/usr/mdec/boot is 5 blocks x 16384 bytes
sd0a: installing boot blocks on /dev/rsd0c, part offset 144
master boot record (MBR) at sector 0
partition 3: type 0xA6 offset 64 size 625137281
/usr/mdec/biosboot will be written at sector 64
$
Index: sys/kern/kern_pledge.c
===================================================================
RCS file: /var/cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.124
diff -u -p -r1.124 kern_pledge.c
--- sys/kern/kern_pledge.c 25 Nov 2015 15:53:01 -0000 1.124
+++ sys/kern/kern_pledge.c 27 Nov 2015 09:21:08 -0000
@@ -1178,7 +1178,9 @@ pledge_ioctl(struct proc *p, long com, s
case DIOCGPDINFO:
case DIOCRLDINFO:
case DIOCWDINFO:
+ case BIOCDISK:
case BIOCINQ:
+ case BIOCINSTALLBOOT:
case BIOCVOL:
if (fp->f_type == DTYPE_VNODE &&
((vp->v_type == VCHR &&
