From Newsgroup: muc.lists.freebsd.stable
--Apple-Mail=_D4CD6D1A-3787-4AC5-B060-FC06E27FCEFB
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
24 sep. 2025 kl. 11:49 skrev Kristof Provost <kp@freebsd.org>:
=20
On 23 Sep 2025, at 9:30, Peter Libassi wrote:
I've pkg upgraded 14.3 to 15.0-ALPHA3 and noticed a difference in =
pfctl.
=20
peter@smaug:~/pf $ uname -aUK
FreeBSD smaug 15.0-ALPHA3 FreeBSD 15.0-ALPHA3 = stable/15-n280233-26988773d1da GENERIC amd64 1500064 1500064
=20
peter@smaug:~/pf $ pfctl -nvf pf.conf
pfctl: Failed to open netlink: Bad file descriptor
=20
peter@smaug:~/pf $ id
uid=3D1001(peter) gid=3D1001(peter) groups=3D0(wheel),1001(peter)
=20
peter@smaug:~/pf $ doas pfctl -nvf pf.conf
(works)
=20
Is this (new) expected behavior, incomplete upgrade or a bug?
=20
It=E2=80=99s not quite new default behaviour, in the sense that =
/dev/pf defaults to 600, so by default you do need to be root even on =
14.3. Presumably you have a devfs rule to change that.
=20
The netlink calls all require PRIV_NET_PF now.
We could not require that for read calls, but that=E2=80=99d be a =
default change too.
=20
As far as I know there=E2=80=99s no good way to get the equivalent of =
chmod xyz /dev/pf with netlink.
I posted about this issue on freebsd-arch: =
https://lists.freebsd.org/archives/freebsd-arch/2025-September/001042.html=
but haven=E2=80=99t had any suggestions yet.
=20
=E2=80=94
Kristof
Thanks Kristof!
I added below line to /etc/devfs.conf on my 15.0-ALPHA3 and restarted =
devfs:
perm pf 0660
Now pfctl works with a group member of =E2=80=99wheel=E2=80=99
However none of my production 14.3-RELEASE-p2 has any modifications to = /etc/devfs.conf or /etc/devfs.rules and has 600 on /dev/pf=E2=80=99, and = still pfctl works with a ordinary user. So I guess something broken just =
got fixed in 15.0-ALPHA3 ;-)
/Peter
--Apple-Mail=_D4CD6D1A-3787-4AC5-B060-FC06E27FCEFB
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv=3D"content-type" content=3D"text/html; = charset=3Dutf-8"></head><body style=3D"overflow-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;"><br = id=3D"lineBreakAtBeginningOfMessage"><div><br><blockquote = type=3D"cite"><div>24 sep. 2025 kl. 11:49 skrev Kristof Provost = <
kp@freebsd.org>:</div><br = class=3D"Apple-interchange-newline"><div><meta charset=3D"UTF-8"><span = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
12px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none; float: none; =
display: inline !important;">On 23 Sep 2025, at 9:30, Peter Libassi = wrote:</span><br style=3D"caret-color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none;"><blockquote type=3D"cite" style=3D"font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: 400; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none;">I've pkg upgraded 14.3 to 15.0-ALPHA3 and =
noticed a difference in pfctl.<br><br>peter@smaug:~/pf $ uname = -aUK<br>FreeBSD smaug 15.0-ALPHA3 FreeBSD 15.0-ALPHA3 = stable/15-n280233-26988773d1da GENERIC amd64 1500064 = 1500064<br><br>peter@smaug:~/pf $ pfctl -nvf pf.conf<br>pfctl: Failed to =
open netlink: Bad file descriptor<br><br>peter@smaug:~/pf $ = id<br>uid=3D1001(peter) gid=3D1001(peter) = groups=3D0(wheel),1001(peter)<br><br>peter@smaug:~/pf $ doas pfctl -nvf = pf.conf<br>(works)<br><br>Is this (new) expected behavior, incomplete =
upgrade or a bug?<br><br></blockquote><span style=3D"caret-color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none; float: none; display: inline !important;">It=E2=80=99=
s not quite new default behaviour, in the sense that /dev/pf defaults to =
600, so by default you do need to be root even on 14.3. Presumably you =
have a devfs rule to change that.</span><br style=3D"caret-color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none;"><br style=3D"caret-color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none;"><span style=3D"caret-color: rgb(0, 0, 0); = font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none; float: none; display: inline !important;">The =
netlink calls all require PRIV_NET_PF now.</span><br style=3D"caret-color:=
rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: =
normal; font-variant-caps: normal; font-weight: 400; letter-spacing: =
normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none;"><span style=3D"caret-color: rgb(0, 0, 0); = font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none; float: none; display: inline !important;">We =
could not require that for read calls, but that=E2=80=99d be a default =
change too.</span><br style=3D"caret-color: rgb(0, 0, 0); font-family: = Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none;"><br style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; = font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: 400; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none;"><span style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; = font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: 400; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: =
none; float: none; display: inline !important;">As far as I know = there=E2=80=99s no good way to get the equivalent of chmod xyz /dev/pf =
with netlink.</span><br style=3D"caret-color: rgb(0, 0, 0); font-family: = Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none;"><span style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; = font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: 400; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: =
none; float: none; display: inline !important;">I posted about this =
issue on freebsd-arch:<span = class=3D"Apple-converted-space"> </span></span><a = href=3D"
https://lists.freebsd.org/archives/freebsd-arch/2025-September/001= 042.html" style=3D"font-family: Helvetica; font-size: 12px; font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: =
normal; orphans: auto; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; widows: auto; word-spacing: =
0px; -webkit-text-stroke-width: = 0px;">
https://lists.freebsd.org/archives/freebsd-arch/2025-September/00104= 2.html</a><span style=3D"caret-color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: =
none; float: none; display: inline !important;"><span = class=3D"Apple-converted-space"> </span>but haven=E2=80=99t had any = suggestions yet.</span><br style=3D"caret-color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none;"><br style=3D"caret-color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none;"><span style=3D"caret-color: rgb(0, 0, 0); = font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none; float: none; display: inline = !important;">=E2=80=94</span><br style=3D"caret-color: rgb(0, 0, 0); = font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none;"><span style=3D"caret-color: rgb(0, 0, 0); = font-family: Helvetica; font-size: 12px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none; float: none; display: inline = !important;">Kristof</span></div></blockquote></div><br><div>Thanks = Kristof!</div><div><br></div><div>I added below line to /etc/devfs.conf =
on my 15.0-ALPHA3 and restarted devfs:</div><div>perm pf =
0660</div><div><br></div><div>Now pfctl works with a = group member of =E2=80=99wheel=E2=80=99</div><div><br></div><div>However =
none of my production 14.3-RELEASE-p2 has any modifications to = /etc/devfs.conf or /etc/devfs.rules and has 600 on /dev/pf=E2=80=99, and = still pfctl works with a ordinary user. So I guess something broken just =
got fixed in <span style=3D"caret-color: rgb(0, 0, 0); color: =
rgb(0, 0, = 0);">15.0-ALPHA3</span> ;-)</div><div><br></div><div>/Peter</div><div= ><br></div></body></html>=
--Apple-Mail=_D4CD6D1A-3787-4AC5-B060-FC06E27FCEFB--
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to
news-admin@muc.de
--- Synchronet 3.21a-Linux NewsLink 1.2