08:12:47 hm, gssd : 3031: open("/dev/urandom", O_WRONLY) Err#13 EACCES [sys_devices] 08:13:11 I'd think that random data should be needed for gssd:) 08:37:19 Write only? 09:03:24 Yes you're not allowed to write seed data into the random device from zones 09:03:34 It is prohibited by policy 09:34:22 So one can't count to isolate securely PCI-Express graphics cart/other PCI-Express card via passthrough to KVM or Bhyve VM.. (Were before Xen availabel and some VirtualBox) Security wise. 09:44:19 Oh, I did not look on open mode:) seems like seeding, yep. should probably check the source, however, and *maybe* we should this activity from local zone. 09:44:33 should avoid* 14:13:22 might be krb5_c_random_seed() 14:13:42 though if it is, it shouldn't care if it fails 14:20:09 it looks like at some point way in the past it was using it's own prng prior to /dev/[u]random being a thing 14:22:25 jbk: correct. 15:08:09 tsoome: is it failing, or did you just notice that failure? 15:49:49 [illumos-gate] 16495 ptree -g should be more willing to use UTF-8 box characters -- Bill Sommerfeld 16:14:22 (jbk: kerberos had to build a lot of its own infrastructure in the beginning - cprng, crypto libraries, etc.,) 16:52:31 it'd be nice to update the client bits, but i wonder with all the customizations that were done, how much of a pain that'd be 16:52:37 (krb client bits) 16:56:12 yeah, I was once very familiar with the MIT kerberos codebase and .. it is almost unrecognizeable in illumos-gate 17:05:54 i've not compared, just noticed things that strongly hinted at customization, so not sure how many of those things would still be needed.. 17:08:13 jbk gssd? I just noticed the failure, it appears to function as expected 17:27:40 [illumos-gate] 15022 rpcsec_gss always calls global-zone GSSD for gss_accept_sec_context -- Matt Barden 17:48:21 sommerfeld: (catching up) it's tricky, yeah. What I was hoping to get out of it is basically `git clean` of the specified patterns 17:48:46 which will leave controlled files alone, and also say what it cleaned up which a clobber didn't (though as you said, that will get noisy with certain changes, so informative, not an error) 17:49:27 definitely _not_ silently and magically deleting `lib*.so*` 18:35:23 richlowe: perhaps run a "git clean -n" with some sort of exception list and add a mail_msg entry if anything appears. 18:40:55 ssss 18:41:08 oops, sorry, ignore that 18:46:42 listening to snake jazz? :) 18:50:51 nah, alan doesn't think they should let me on planes 19:07:40 you are clearly a national security threat 19:09:38 I on the other hand just switched to the wrong window while having some keyboard input lag issues and sent key events to a window I didn't intend 19:42:44 heh.. 19:43:37 people still use SNMP for monitoring stuff apparently 19:58:51 a lot, I guess... 20:05:06 just had a situation where I wish I still had the copy of the additional MIBs I had proposed way back in the day 20:05:34 but got shot down because they'd use kstats to obtain a number of pieces of info 20:05:46 'and that's a private interface!' 20:06:24 which sort of missed the point 20:09:23 (this was back in the opensolaris days where basically any sun employee could effectively veto any idea from the community) 20:14:14 so it got lost in the shuffle between desktops 20:21:10 some of the folks complaining about private interface use were no doubt scarred by contact with irate customers complaining about changes like the ones in https://xkcd.com/1172/ 20:21:18 :-) 21:14:02 I believe there was never a way to get a contract on an interface without being at Sun 21:14:16 which if your contact at sun didn't want to put the work in, basically killed you 21:43:46 [illumos-gate] 16454 want IP_MINTTL socket option -- Robert Mustacchi 22:14:52 [illumos-gate] 15023 __rpc_gss_seccreate() doesn't set options_ret->major/minor_status on failure -- Matt Barden