On Fri, Nov 27, 2015 at 08:58:33AM +0100, Rolf Sommerhalder wrote:
> The current snapshot fails to install from .iso at the very last step
> at writing the boot info to disk on VirtualBox.
> http://mirror.switch.ch/ftp/pub/OpenBSD/snapshots/i386/BUILDINFO > Build date: 1448569476 - Thu Nov 26 20:24:36 UTC 2015
> Using "the same procedure", install from an older i386 snapshot from 5
> Nov 2015, followed by an update to the current snapshot using bsd.rd,
> works as usual.
Yeah, that's because of pledge(2):
installboot(19095): syscall 54 "ioctl"
On Fri, Nov 27, 2015 at 09:12:11AM +0100, Rolf Sommerhalder wrote:
> On Fri, Nov 27, 2015 at 9:01 AM, Antoine Jacoutot <[hidden email]> wrote:
> > Yeah, that's because of pledge(2):
> > installboot(19095): syscall 54 "ioctl"
> Thank for your confirmation. I did not spot the error message above,
> but saw a commit from Theo last night related to installboot. So I
> thought this might be connected, and maybe relevant feedback.
To be able to pledge installboot as it currently stands, two ioctl's
would need to be whitelisted in pledge "disklabel". I don't know if
this would be an acceptable policy, though. Tested on amd64, FWIW:
$ /usr/bin/doas installboot -v sd1
Using / as root
installing bootstrap on /dev/rsd1c
using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
sd1: softraid volume with 1 disk(s)
sd1: installing boot loader on softraid volume
/usr/mdec/boot is 5 blocks x 16384 bytes
sd0a: installing boot blocks on /dev/rsd0c, part offset 144
master boot record (MBR) at sector 0
partition 3: type 0xA6 offset 64 size 625137281
/usr/mdec/biosboot will be written at sector 64
RCS file: /var/cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.124
diff -u -p -r1.124 kern_pledge.c
--- sys/kern/kern_pledge.c 25 Nov 2015 15:53:01 -0000 1.124
+++ sys/kern/kern_pledge.c 27 Nov 2015 09:21:08 -0000
@@ -1178,7 +1178,9 @@ pledge_ioctl(struct proc *p, long com, s
+ case BIOCDISK:
+ case BIOCINSTALLBOOT:
if (fp->f_type == DTYPE_VNODE &&
((vp->v_type == VCHR &&