Monday Mar 12, 2007

OGP election

About a week ago I accepted my nomination for the OGB after being nominated by Garrett D'Amore medio february.

Why do I nominate myself?

I've always felt a strong sense of community with all folks involved with Unix, SunOS and later Solaris. Having earned the dubious distinction of running one of the few Solaris 2.1 sites in production and sharing my experiences of that time with the world, I can truly say that I have been part of the Solaris community pretty much from the day it was born.

I joined Sun some years later, in 1995, and continued to be outward facing and involved with the community, regardless of whatever folly reigned at Sun at the time such as the time the edict came that all outside communication needed to be approved by a PR person. Surely they wouldn't have found the time to approve my 1000s of posts, even if they had found the will.

As the most prolific Sun employee/poster in OpenSolaris I believe I have firmly established my role as a community player; leading the laptop community and sharing some of the stuff I made through the OpenSolaris website.

I also think the OGB needs a person who is well-versed in Solaris "ON" development; someone who knows an ARC from a C-team and who has more than passing knowledge of our development process.

As an OGB member, I think I foremost want to focus on getting the open development process moving ahead more smoothly; and this does mean direct commit access. The current system is too much of a bottleneck for external development. As a Sun employee, I can look at both sides of the fence which can help resolve issues between Sun and the community.

But I also believe in quality all the time; it is what makes Solaris fairly stable to use, even using the more or less experimental releases.

I've written a bunch of code and have literally build 100s of kernels; some of which blew up spectacularly but others of which code found its way back into (Open)Solaris such as Solaris privileges, getpeerucred() I've distributed experimental code (acpidrv, powernow) and even experimented with the X server. As a security person, I have needed to touch larger parts of the system than many of my peers; security bugs know no boundaries.

I make a point of always running the latest release of Solaris Nevada on most of my systems, that is, unless there's fatal brakage. So my little home server, my laptop and my desktops all run Snv_59 today.

Once we have established all our procedures, I see the OGB pretty much as a hands-off body. We are there to quell conflicts but I don't think we should be pussyfooting around the mailing lists; a spade is a spade so let's not call it by another name. Arguments are healthy and should not be supressed unless they become destructive. I like to think that developers like it that way: just enjoy doing there thing with as little as possible outside interference.

Yes, I'm late in posting this; let me just say that life was pretty full the last few weeks. Both workwise (moving office and some urgent matters which required me to skip some vacation) and personal (buying a new house). Lame excuses, I know.

Let your vote be counted!

Thursday Oct 19, 2006

NLOSUG: 26/10/2006 Dutch OpenSolaris User Group First Meeting

The Dutch OpenSolaris User Group will have a meeting at the Sun offices in Amersfoort at Oktober 26, 2006. For program and registration see the website.

Monday Jan 16, 2006

Updated drivers: but only at

I've updated the powernow driver because of a serious incompatibility with the upcoming SOlaris build 32.
I've also updated acpidrv and also moved it to the opensolaris laptop community.

Start with downloading the frkit script and running it.

Tuesday Oct 25, 2005

Small acpidrv update

I've created a small update to acpidrv which lets you specify automatic shutdown parameters when your battery runs low.

As usual, it can be found here.

Monday Oct 10, 2005

OpenSolaris User Group Meeting, Amsterdam, October 18th

I've arranged for an OpenSolaris User Group BOF at Euro OSCon in Amsterdam. While the primary focus would be to get a Dutch/Benelux OpenSolaris User Group in the air.

7.30pm (19:30 for those of you who can tell time properly :-) in the Krasnapolsky Hotel in Amsterdam

I have a suitcase full of SWAG so come and get some.

Information over the BOFs and the conference can be found here

Laptop community live!

As promised, the OpenSolaris laptop community went live somewhere in the last few days.

The first wireless driver is available (Supporting some Atheros MiniPCI and cardbus cards; but Cardbus support will have to wait until the Solaris cardbus driver is released)

Watch that space for further announcement of exciting drivers which will make your laptop much more usable.

Oh, I've finally refreshed the powernow driver to be a bit more lenient with broken BIOSes and initial CPU configs which are a bit off.

Tuesday Jun 28, 2005

First Installment (of frkit)

I've teased people before about the nifty hacks I've been doing for my Ferrari 3400 laptop.

The hacks I did and the tool I wrote to make the distribution easier were so well liked that there was this "meme" propagating that whenever we got even cooler laptops, I should get the first one. And so it happened, I literally got the first Ferrari 4000 shipped to Sun.

Now, this is a whole different beast than the Ferrari 3400 and I haven't yet gotten quite to the same comfort level yet.

I've long promised to make all of the neat stuff available, but legalities are the difficult part of such a venture. But now with OpenSolaris and a supported license scheme (plus management buy-in), I now feel comfortable to release the stuff which I wrote or was derived from source now available under the CDDL)

The first installment includes my single CPU "PowerNow!(tm)" driver and my battery driver and utility.

What the heck, let's throw in the mdb scripts which enable the additional keys on the Acer keyboards (mail, www, P1, P2, audio control). Some of these appear standard controls and may work for internet keyboards as well.

The tar.gz files all come with an install script which will take care of all the details of the installation; the battery driver requires ACPICA; that is only included in Solaris Nevada (11) build 14 and later.

I'll see what I can do about the GNOME battery utility we've done as well; oh, sorry for the somewhat lacking documentation.

Update: I've added acpipowertool, a small graphic battery meter by Matt Simmons, and fixed some installation issues for root user's without "nm" in $PATH.

Update2: (2005/7/31) Ive upgraded powernow so it works for more systems and to better integrate powernowadm with SMF; apcidrv is also updated to do a little bit more of thermal zone handling.

acpidrv only works for Solaris express build 14 and later; powernow should work with Solaris 10 GA also.

Update3: frkit is for some time now available as runnable script at in the

Permanent link to this entry | Comments [19] | Comments have been disabled.

Tuesday Jun 14, 2005

User Credentials and all that

Peter Harvey's story reminds me of the unforeseen consequences of creating the ucred in Solaris 10. The ucred was motivated by two factors: the introduction of privileges and a way to propagate information about process credentials through the system in userland.

Before Solaris 10, we had several mechanisms, some internal, some public, all propagating a subset of that information.

in sys/door.h:

 \* Structure used to return info from door_cred
typedef struct door_cred {
        uid_t   dc_euid;        /\* Effective uid of client \*/
        gid_t   dc_egid;        /\* Effective gid of client \*/
        uid_t   dc_ruid;        /\* Real uid of client \*/
        gid_t   dc_rgid;        /\* Real gid of client \*/
        pid_t   dc_pid;         /\* pid of client \*/
        int     dc_resv[4];     /\* Future use \*/
} door_cred_t;

in sys/tl.h:

#define TL_OPT_PEER_CRED 10
typedef struct tl_credopt {
        uid_t   tc_uid;         /\* Effective user id \*/
        gid_t   tc_gid;         /\* Effective group id \*/
        uid_t   tc_ruid;        /\* Real user id \*/
        gid_t   tc_rgid;        /\* Real group id \*/
        uid_t   tc_suid;        /\* Saved user id (from exec) \*/
        gid_t   tc_sgid;        /\* Saved group id (from exec) \*/
        uint_t  tc_ngroups;     /\* number of supplementary groups \*/
} tl_credopt_t;

in rpc/svc.h:

 \* Obtaining local credentials.
typedef struct __svc_local_cred_t {
        uid_t   euid;   /\* effective uid \*/
        gid_t   egid;   /\* effective gid \*/
        uid_t   ruid;   /\* real uid \*/
        gid_t   rgid;   /\* real gid \*/
        pid_t   pid;    /\* caller's pid, or -1 if not available \*/
} svc_local_cred_t;

and in the project I missed this one in sys/stropts.h:

struct k_strrecvfd {    /\* SVR4 expanded syscall interface structure \*/
        struct file \*fp;
        uid_t uid;
        gid_t gid;
        char fill[8];

There was also the need to be able to enquire about other processes and perhaps network connections and packets; a getpeereid interface was requested.

Now, what information should such an interface return? Network interfaces often only allow you to shape requests as a blob of bytes. And that blob needs to have a predictable maximum size too. As you can see from the above examples, even declaring a number of filler elements is not sufficient; none of the above structures which include a filler have space for the full complement of 16 groups, let alone Pete's proposed 65536 maximum number of groups.

The most natural way of implementing a blob which such restrictions is using an opaque data structure with accessor functions (in <ucred.h>):

extern ucred_t \*ucred_get(pid_t pid);

extern void ucred_free(ucred_t \*);

extern uid_t ucred_geteuid(const ucred_t \*);
extern uid_t ucred_getruid(const ucred_t \*);
extern uid_t ucred_getsuid(const ucred_t \*);
extern gid_t ucred_getegid(const ucred_t \*);
extern gid_t ucred_getrgid(const ucred_t \*);
extern gid_t ucred_getsgid(const ucred_t \*);
extern int   ucred_getgroups(const ucred_t \*, const gid_t \*\*);

extern const priv_set_t \*ucred_getprivset(const ucred_t \*, priv_ptype_t);
extern uint_t ucred_getpflags(const ucred_t \*, uint_t);

extern pid_t ucred_getpid(const ucred_t \*); /\* for door_cred compatibility \*/

extern size_t ucred_size(void);

extern int getpeerucred(int, ucred_t \*\*);

extern zoneid_t ucred_getzoneid(const ucred_t \*);

extern projid_t ucred_getprojid(const ucred_t \*);

The ucred_t itself is defined in sys/ucred.h, a header which isn't installed on the system because programs are not supposed to use it; it is a private interface between the kernel and the library.
One function of note is perhaps ucred_size() which returns the maximum size of a credential on the system; it can be used to size credentials allocated on the stack or embedded in structures.
In many cases, the system will just allocate one for you and return the allocated one, but the interfaces have been structured so you can reuse ones returned earlier or ones you allocated yourself.

By now you may be asking yourself where you get creds; well, here are some examples in the OpenSolaris source code: nscd getting a door cred, rpcbind getting an rpc caller credential and the use of the TL option by RPC.

And your typical use of the function in an inetd started daemon:

#include <ucred.h>

main(int argc, char \*\*argv)
	ucred_t \*uc = NULL;

	if (getpeerucred(0, &uc) == 0) {
		/\* we know something about the caller \*/

        return (0);

And a slightly bigger example where we use XPG4 recvmsg to receive a UCRED control messages:

 \* Send a 1 byte UDP packet; print the response packet if one is
 \* received.

#include <sys/socket.h>
#include <sys/uio.h>
#include <sys/signal.h>
#include <netinet/in.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <netdb.h>
#include <stdlib.h>
#include <arpa/inet.h>

main(int argc, char \*\*argv)
        struct sockaddr_storage stor;
        struct sockaddr_in \*sin = (struct sockaddr_in \*)&stor;
        struct sockaddr_in6 \*sin6 = (struct sockaddr_in6 \*)&stor;
        ssize_t bytes;
        union {
                struct cmsghdr hdr;
                unsigned char buf[2048];
                double align;
        } cbuf;
        unsigned char buf[2048];
        struct msghdr msg;
        struct cmsghdr \*cmsg;
        struct iovec iov;
        int one = 1;

        msg.msg_name = &stor;
        msg.msg_iov = &iov;
        msg.msg_iovlen = 1;

        iov.iov_base = buf;

        setsockopt(0, IPPROTO_IP, IP_RECVDSTADDR, &one, sizeof (one));
        setsockopt(0, IPPROTO_IPV6, IPV6_RECVPKTINFO, &one, sizeof (one));
        setsockopt(0, SOL_SOCKET, SO_RECVUCRED, &one, sizeof (one));

        while (1) {
                char abuf[256];
                msg.msg_control = &cbuf;
                msg.msg_controllen = sizeof (cbuf);
                msg.msg_namelen = sizeof (stor);
                iov.iov_len = sizeof (buf);

                bytes = recvmsg(0, &msg, 0);

                if (bytes >= 0) {

                        if (msg.msg_namelen != 0 &&
                            connect(0, (struct sockaddr \*)&stor,
                            msg.msg_namelen) != 0)
                        printf("you connected from %s with the credential\\n",
                                    stor.ss_family == AF_INET ?
                                        (void \*)&sin->sin_addr :
                                        (void \*)&sin6->sin6_addr,
                                        abuf, sizeof(abuf)));
                        for (cmsg = CMSG_FIRSTHDR(&msg); cmsg;
                            cmsg = CMSG_NXTHDR(&msg, cmsg)) {
                                if (cmsg->cmsg_level == SOL_SOCKET &&
                                    cmsg->cmsg_type == SCM_UCRED) {
                                        ucred_t \*uc = (ucred_t \*)

                                        /\* We have a ucred here !! \*/

                        if (msg.msg_namelen != 0)
                                (void) connect(0, NULL, 0);
                } else {

But thinking back of Pete's problem, we see a problem when increasing max groups, even worse, this libnsl private datastructure is abused and multiple copies exist which need to be kept in sync (so parts of the system broke when I changed it in this one place). The bug is an illustration why cut & paste programming doesn't work and why even when you share a private defintion, you must use a proper header file. I filed the bug as soon as I did the quick fix for the Solaris Express respin, the bug is 4994017.

Technorati Tag:
Technorati Tag:

Saturday May 07, 2005

Open Solaris Release Date Set

Well, the Open Solaris "vaporware" release date is now set; and as the end of Q2 draws near this should be no surprise. It's only a few days after my dad's 73rd birthday, so I have two things to celebrate that week.

Tuesday Apr 26, 2005

Netherlands/Benelux OpenSolaris/Solaris Usergroup

A few of our customers approached me to start a Solaris user group in the Netherlands (or perhaps a somewhat larger area)

Any takers? Perhaps offers of venues, talks wanted?

For those who don't know, I am based in the Netherlands.

Saturday Apr 09, 2005

Open Solaris CAB

It has been a busy week flying to SFO and having our first CAB meeting. The first good thing that happened was that KLM had finally changed the aging and horrible MD11 for shiny new Boeing 777s with personal video. I have a bit of a problem with the new immigration procedures, and I like the Brazilian's government stand on this.
I had met Rich Teer fleetingly before in the hallways of the Menlo Park Campus so he recognized me when we checked in at the same time; we probably were on the same BART train from the airport. But I had never met the others. I feel we have a great team with very many different competences, from Roy Fielding's experience with Apache's governance model, Simon Phipps' tireless evangelism. And Al Hopper with his tireless Solaris on x86 enthusiasm. Rich Teer, a SPARC fan, and accomplished author and myself as Solaris engineering representative, being the more technical side of things.
Are we just marketing as the Register would have it? No, we're very serious about it. Is the CAB just a bunch of YES-men? Can we get the respect of our community if we are?
Sun takes both Open Solaris and the independence from Sun serious; Jonathan Schwartz came to meet us but none of the other executives was allowed at our meeting. He talked to us at length and was very serious about clearing up the roadblocks that we had already determined to be on the path to OpenSolaris. It is clear that they want us to succeed and want us to independent. Jonathan even stayed for lunch. CAB with Jonathan
The Sun press conference we took part in was a first for me. The press was not hostile and mostly asked questions which were to the point; some more than others.
We have a lot of work to do and will do most of it in email on a publicly readable mailing list.
The second day we listened to Jonathan's keynote at the OSBC conference and spend the afternoon doing interviews with the press followed by a press reception and Sun engineering diner/Open Solaris launch party at Lulu's. And guess what, we were able to make the Americans walk all over town, the itenary was all "5 min cab ride" and some such nonsense.
On the final day I took Ben Rockwood's advice and tried out "Clam chowder in sourdough" after taking the cable car to lombard street and walking down to the harbor. The weather was gorgeous, the same cannot be said of the weather in Amsterdam which is now unseasonably cold.



« July 2016