Re: attaching new nvme* (AWS EBS)
g...@duzan.org wrote: > > How do I get the new nvme to be discovered without > > rebooting? > >Just a guess, but perhaps "drvctl -r {device}" on the parent pci bus? No luck. -Jan
Re: attaching new nvme* (AWS EBS)
> How do I get the new nvme to be discovered without > rebooting? Just a guess, but perhaps "drvctl -r {device}" on the parent pci bus? Gary Duzan
attaching new nvme* (AWS EBS)
Hello, When using AWS EC2, I can attach a new EBS volume to an instance at runtime. EBS volumes use nvme(4), but I can't seem to get a NetBSD instance (9.x or 10.99.2) to discover the new disk without rebooting. # pcictl pci0 list 000:00:0: Intel 82441FX (PMC) PCI and Memory Controller (host bridge) 000:01:0: Intel 82371SB (PIIX3) PCI-ISA Bridge (ISA bridge) 000:01:3: Intel 82371AB (PIIX4) Power Management Controller (miscellaneous prehistoric, revision 0x08) 000:03:0: Amazon.com, Inc. product (VGA display) 000:04:0: Amazon.com, Inc. NVMe SSD (Flash mass storage, NVMe I/O) 000:05:0: Amazon.com, Inc. Elastic Network Adapter (ethernet network) 000:31:0: Amazon.com, Inc. NVMe SSD (Flash mass storage, NVMe I/O) The first NVMe shown here is the root disk, the second one is the volume I attached after the system booted up. # nvmectl identify nvme0 provides me with the correct information, but # nvmectl identify nvme1 nvmectl: could not open /dev/nvme1: Device not configured How do I get the new nvme to be discovered without rebooting? Thanks in advance! -Jan
Re: Reverse of promoting to root: downgrade root to unprivileged
At Sat, 27 Jan 2024 20:00:24 +0100, tlaro...@kergis.com wrote: Subject: Reverse of promoting to root: downgrade root to unprivileged > > Starting some operation as common user (for example compiling/building) > before promoting to privileged (generally root) by su'ing or sudo'ing > (for example to install) is common. > > But does somebody know of an established program or library that allows > to start a process as root and to automatically downgrade rights for > tasks (I mean identified chunks of whatever code) that do not require > privileges? Lots of programs that are run as root do this by design, e.g. login(1) as well as daemons like cron(8), sshd(8), etc. There are also other system programs that start as setuid-root (or some other special-purpose user) in order to do some privileged operation, such as opening a protected socket or file, and then return to running as the invoking user or some other (possibly less privileged) UID. This is exactly what su(1) does in fact. (There are also a number of programs following a largely mistaken and dangerous idea that they should swap back and forth between running in privileged mode and running as the user, some to an absurd extreme, like lpr(1). This is obviously not safe and is a pure idiotic fallacy. The kernel _should_ force a processes that drop privileges to permanently do so and to never try to regain them except through execve(2), as indeed earlier real Unix(TM) kernels always did, as does my NetBSD variant.) -- Greg A. Woods Kelowna, BC +1 250 762-7675 RoboHack Planix, Inc. Avoncote Farms pgpdoSaFqm2dD.pgp Description: OpenPGP Digital Signature
Re: Reverse of promoting to root: downgrade root to unprivileged
On Mon, Jan 29, 2024 at 06:26:53AM -0800, Alistair Crooks wrote: > As RVP mentioned, this is a SMOP, but if you're looking for an out of the > box utility, checkout djb's setuidgid (available in > pkgsrc/sysutils/daemontools) https://cr.yp.to/daemontools/setuidgid.html Thanks. I will take a look. > > On Mon, 29 Jan 2024 at 04:10, RVP wrote: > > > On Sat, 27 Jan 2024, tlaro...@kergis.com wrote: > > > > > But does somebody know of an established program or library that allows > > > to start a process as root and to automatically downgrade rights for > > > tasks (I mean identified chunks of whatever code) that do not require > > > privileges? > > > > > > > You mean toggling between various EUIDs and the saved-SUID? That's > > pretty standard stuff, but, I don't know if it's been encapsulated > > in any kind of utility. > > > > -RVP > > > > -- Thierry Laronde http://www.kergis.com/ http://kertex.kergis.com/ Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
Re: Reverse of promoting to root: downgrade root to unprivileged
As RVP mentioned, this is a SMOP, but if you're looking for an out of the box utility, checkout djb's setuidgid (available in pkgsrc/sysutils/daemontools) https://cr.yp.to/daemontools/setuidgid.html On Mon, 29 Jan 2024 at 04:10, RVP wrote: > On Sat, 27 Jan 2024, tlaro...@kergis.com wrote: > > > But does somebody know of an established program or library that allows > > to start a process as root and to automatically downgrade rights for > > tasks (I mean identified chunks of whatever code) that do not require > > privileges? > > > > You mean toggling between various EUIDs and the saved-SUID? That's > pretty standard stuff, but, I don't know if it's been encapsulated > in any kind of utility. > > -RVP > >
Re: Reverse of promoting to root: downgrade root to unprivileged
On Mon, Jan 29, 2024 at 12:10:07PM +, RVP wrote: > On Sat, 27 Jan 2024, tlaro...@kergis.com wrote: > > > But does somebody know of an established program or library that allows > > to start a process as root and to automatically downgrade rights for > > tasks (I mean identified chunks of whatever code) that do not require > > privileges? > > > > You mean toggling between various EUIDs and the saved-SUID? That's > pretty standard stuff, but, I don't know if it's been encapsulated > in any kind of utility. > An example would have made my mean clearer. The question is not if it is possible to program this---it is, of course. The question was if there was something established that would do in some sense the reverse of sudo(1): one starts an utility with root rights, but the program is "downgraded" to a (defined) lambda user and when rights are needed or a failure about rights encountered (we will call it an exception), if the task belongs to a certain list (defined), the root rights are restored to achieve the task. The typical example is say, with pkgsrc (or any kind of packages system). One wants to build unprivileged, but installation may be privileged. So instead of running as non root and having to enter the password each time the installation of a dependency requires it, one starts as root, but the privileged rights are only used when needed. (I know that one can build in a chroot unprivileged and so. The curiosity is to know if another way to achieve things has been attempted.) Hoping the example clarifies the question (the question being not, of course not, if it is possible to achieve this with the existing system calls, but: does someone know if it has been made already somewhere as a general utility). All in all this is what the system makes: the utility runs in user space but hitting an exception, it accesses privileged (kernel) resources if the user has the rights to do so. The (main) difference being that a user could have a range of rights, the task being always attempted with the minimum rights before promoting in the limit of the maximum user rights. (This can also of course be partially achieved with groups and sticky rights.) -- Thierry Laronde http://www.kergis.com/ http://kertex.kergis.com/ Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
Re: Reverse of promoting to root: downgrade root to unprivileged
On Sat, 27 Jan 2024, tlaro...@kergis.com wrote: But does somebody know of an established program or library that allows to start a process as root and to automatically downgrade rights for tasks (I mean identified chunks of whatever code) that do not require privileges? You mean toggling between various EUIDs and the saved-SUID? That's pretty standard stuff, but, I don't know if it's been encapsulated in any kind of utility. -RVP