diff options
| author | Alex Wilson <alex.wilson@joyent.com> | 2016-07-08 15:11:18 -0700 |
|---|---|---|
| committer | Alex Wilson <alex.wilson@joyent.com> | 2016-07-16 00:07:22 +0000 |
| commit | 862fc303a41b09aea047548a1d6e4482d294982e (patch) | |
| tree | 97e36901baa45caff1761e1fdb35e400f4f92007 | |
| parent | 8bac7aa9ec0b55ac4edf509a5300d3161f8b774d (diff) | |
| download | illumos-joyent-862fc303a41b09aea047548a1d6e4482d294982e.tar.gz | |
OS-5440 pfexec and the case of the missing error message
Reviewed by: Joshua M. Clulow <jmc@joyent.com>
Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>
| -rw-r--r-- | usr/src/man/man1/pfexec.1 | 7 | ||||
| -rw-r--r-- | usr/src/uts/common/os/klpd.c | 12 |
2 files changed, 17 insertions, 2 deletions
diff --git a/usr/src/man/man1/pfexec.1 b/usr/src/man/man1/pfexec.1 index 07b89eefa2..230b24bb7d 100644 --- a/usr/src/man/man1/pfexec.1 +++ b/usr/src/man/man1/pfexec.1 @@ -53,6 +53,11 @@ The privileges specification on the commands line is parsed using union of the privileges specified using the "\fBprivs\fR" keyword in \fBprof_attr\fR(4) for all the user's profiles and added to the inheritable set before executing the command. +.sp +.LP +For \fBpfexec\fR to function correctly, the \fBpfexecd\fR daemon must be running +in the current zone. This is normally managed by the +"\fBsvc:/system/pfexec:default\fR" SMF service (see \fBsmf\fR(5)). .SH USAGE .sp .LP @@ -104,4 +109,4 @@ An error occurred. .sp .LP \fBcsh\fR(1), \fBksh\fR(1), \fBprofiles\fR(1), \fBsh\fR(1), \fBexec_attr\fR(4), -\fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5) +\fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5), \fBsmf\fR(5) diff --git a/usr/src/uts/common/os/klpd.c b/usr/src/uts/common/os/klpd.c index 55734ae757..8592b47021 100644 --- a/usr/src/uts/common/os/klpd.c +++ b/usr/src/uts/common/os/klpd.c @@ -39,6 +39,8 @@ #include <sys/pathname.h> #include <sys/varargs.h> #include <sys/zone.h> +#include <sys/cmn_err.h> +#include <sys/sdt.h> #include <netinet/in.h> #define ROUNDUP(a, n) (((a) + ((n) - 1)) & ~((n) - 1)) @@ -860,8 +862,13 @@ pfexec_call(const cred_t *cr, struct pathname *rpnp, cred_t **pfcr, klpd_hold(pfd); mutex_exit(&myzone->zone_lock); - if (pfd == NULL) + if (pfd == NULL) { + DTRACE_PROBE2(pfexecd__not__running, + zone_t *, myzone, char *, rpnp->pn_path); + uprintf("pfexecd not running; pid %d privileges not " + "elevated\n", curproc->p_pid); return (0); + } if (pfd->klpd_door_pid == curproc->p_pid) { klpd_rele(pfd); @@ -896,6 +903,9 @@ pfexec_call(const cred_t *cr, struct pathname *rpnp, cred_t **pfcr, case EINTR: /* FALLTHROUGH */ default: + DTRACE_PROBE4(pfexecd__failure, + int, dres, zone_t *, myzone, + char *, rpnp->pn_path, klpd_reg_t *, pfd); goto out; } } |