Install from snapshot unable boot

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Install from snapshot unable boot

Rolf Sommerhalder
The current snapshot fails to install from .iso at the very last step
at writing the boot info to disk on VirtualBox.

http://mirror.switch.ch/ftp/pub/OpenBSD/snapshots/i386/BUILDINFO
Build date: 1448569476 - Thu Nov 26 20:24:36 UTC 2015

Using "the same procedure", install from an older i386 snapshot from 5
Nov 2015, followed by an update to the current snapshot using bsd.rd,
works as usual.

Reply | Threaded
Open this post in threaded view
|

Re: Install from snapshot unable boot

Antoine Jacoutot-7
On Fri, Nov 27, 2015 at 08:58:33AM +0100, Rolf Sommerhalder wrote:
> The current snapshot fails to install from .iso at the very last step
> at writing the boot info to disk on VirtualBox.
>
> http://mirror.switch.ch/ftp/pub/OpenBSD/snapshots/i386/BUILDINFO
> Build date: 1448569476 - Thu Nov 26 20:24:36 UTC 2015
>
> Using "the same procedure", install from an older i386 snapshot from 5
> Nov 2015, followed by an update to the current snapshot using bsd.rd,
> works as usual.

Yeah, that's because of pledge(2):
installboot(19095): syscall 54 "ioctl"

--
Antoine

Reply | Threaded
Open this post in threaded view
|

Re: Install from snapshot unable boot

Rolf Sommerhalder
On Fri, Nov 27, 2015 at 9:01 AM, Antoine Jacoutot <[hidden email]> wrote:
> Yeah, that's because of pledge(2):
> installboot(19095): syscall 54 "ioctl"

Thank for your confirmation. I did not spot the error message above,
but saw a commit from Theo last night related to installboot. So I
thought this might be connected, and maybe relevant feedback.

Reply | Threaded
Open this post in threaded view
|

Re: Install from snapshot unable boot

Theo Buehler
On Fri, Nov 27, 2015 at 09:12:11AM +0100, Rolf Sommerhalder wrote:
> On Fri, Nov 27, 2015 at 9:01 AM, Antoine Jacoutot <[hidden email]> wrote:
> > Yeah, that's because of pledge(2):
> > installboot(19095): syscall 54 "ioctl"
>
> Thank for your confirmation. I did not spot the error message above,
> but saw a commit from Theo last night related to installboot. So I
> thought this might be connected, and maybe relevant feedback.
>

To be able to pledge installboot as it currently stands, two ioctl's
would need to be whitelisted in pledge "disklabel".  I don't know if
this would be an acceptable policy, though.  Tested on amd64, FWIW:

$ /usr/bin/doas installboot -v sd1
Password:
Using / as root
installing bootstrap on /dev/rsd1c
using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
sd1: softraid volume with 1 disk(s)
sd1: installing boot loader on softraid volume
/usr/mdec/boot is 5 blocks x 16384 bytes
sd0a: installing boot blocks on /dev/rsd0c, part offset 144
master boot record (MBR) at sector 0
        partition 3: type 0xA6 offset 64 size 625137281
/usr/mdec/biosboot will be written at sector 64
$

Index: sys/kern/kern_pledge.c
===================================================================
RCS file: /var/cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.124
diff -u -p -r1.124 kern_pledge.c
--- sys/kern/kern_pledge.c 25 Nov 2015 15:53:01 -0000 1.124
+++ sys/kern/kern_pledge.c 27 Nov 2015 09:21:08 -0000
@@ -1178,7 +1178,9 @@ pledge_ioctl(struct proc *p, long com, s
  case DIOCGPDINFO:
  case DIOCRLDINFO:
  case DIOCWDINFO:
+ case BIOCDISK:
  case BIOCINQ:
+ case BIOCINSTALLBOOT:
  case BIOCVOL:
  if (fp->f_type == DTYPE_VNODE &&
     ((vp->v_type == VCHR &&