# mdb /path/to/bin > main:b > ::run > ::print -at rx_call ...It sets a breakpoint at main(), then executes it but it stops when calling main(), at this stage CTF data is already loaded by linker.
Friday, June 08, 2018
Utilizing CTF in MDB from a binary
Having CTF compiled into binaries is very useful for debugging.
Recently I wanted to print some structures by utilizing mdb and ctf from a binary which is not running and I didn't have a core file either.
Helpful folks from Oracle suggested the below nice workaround:
Support for CTF in Userland in DTrace
I wish Solaris 11 supported CTF in DTrace in user-land in a similar manner as Illumos does.
Tuesday, April 17, 2018
11.3.SRU31 - updated pam_list
The just released Solaris 11.3 SRU31 has an updated pam_list module which adds support for '*' and comments.
The '*' wildcard is really useful, as it allows common PAM configuration where access to a server can be managed only by an allow file.
For example, in /etc/pam.d/XXX you can now have:
To achieve the '*' before one had to modify the PAM configuration or use a different module (for example compile pam_access from Linux).
This is a good example of one of the small but very useful changes.
account sufficient pam_list.so.1 allow=/etc/security/access.confIf the access.conf file has only '*' which means all users have access, or you can just list users, netgroups or unixgroups.
To achieve the '*' before one had to modify the PAM configuration or use a different module (for example compile pam_access from Linux).
This is a good example of one of the small but very useful changes.
Tuesday, April 03, 2018
GCC 7 on Solaris 11.4
How to get gcc-7 on Solaris 11.4?
root@solaris:~# pkg install gcc-7
Packages to install: 14
Mediators to change: 1
Services to change: 1
Create boot environment: No
Create backup boot environment: No
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 14/14 1822/1822 332.0/332.0 423k/s
PHASE ITEMS
Installing new actions 2253/2253
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1
root@solaris:~#
root@solaris:~# gcc --version
gcc (GCC) 7.3.0
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
root@solaris:~#
Older versions are available as well.
Friday, March 30, 2018
Golang on Solaris
So what do you do if you want to program in golang on Solaris 11.4?
You just type: pkg install golang
Thursday, March 22, 2018
ZFS: Device Removal
As finally publicly presented at Solaris Tech Day in Vienna couple of weeks ago, ZFS in Solaris 11.4 will have the long awaited on-line device removal feature. This is top-level vdev removal only, but still very useful in some scenarios.
Here is an example on how it works.
First, let's create a test pool whish is a mirror of two disks:
Here is an example on how it works.
First, let's create a test pool whish is a mirror of two disks:
root@solaris:~# zpool create test mirror c1t1d0 c1t3d0
root@solaris:~# zpool status test
pool: test
state: ONLINE
scan: none requested
config:
NAME STATE READ WRITE CKSUM
test ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
c1t1d0 ONLINE 0 0 0
c1t3d0 ONLINE 0 0 0
errors: No known data errors
Now, let's "accidently" add a single disk to stripe with the mirror and copy some data into the pool:
root@solaris:~# zpool add -f test c1t4d0
root@solaris:~# zpool status test
pool: test
state: ONLINE
scan: none requested
config:
NAME STATE READ WRITE CKSUM
test ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
c1t1d0 ONLINE 0 0 0
c1t3d0 ONLINE 0 0 0
c1t4d0 ONLINE 0 0 0
errors: No known data errors
root@solaris:~# cp -rp /usr/share/doc /test/
^C
root@solaris:~# gdf -h /test
Filesystem Size Used Avail Use% Mounted on
test 2.0G 375M 1.6G 19% /test
root@solaris:~# zpool iostat -v test
capacity operations bandwidth
pool alloc free read write read write
---------- ----- ----- ----- ----- ----- -----
test 375M 1.60G 0 181 4.12K 5.04M
mirror-0 242M 766M 0 173 203 3.23M
c1t1d0 - - 0 16 7.73K 3.28M
c1t3d0 - - 0 16 7.53K 3.28M
c1t4d0 132M 876M 0 9 4.91K 2.26M
---------- ----- ----- ----- ----- ----- -----
Now, if we want to remove the accidently added disk drive it is trivial to do so:
root@solaris:~# zpool remove test c1t4d0And let's check pool status after the device was removed:
root@solaris:~# zpool status test
pool: test
state: ONLINE
scan: resilvered 132M in 1s with 0 errors on Fri Mar 30 01:53:17 2018
config:
NAME STATE READ WRITE CKSUM
test ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
c1t1d0 ONLINE 0 0 0
c1t3d0 ONLINE 0 0 0
errors: No known data errors
root@solaris:~# zpool iostat -v test
capacity operations bandwidth
pool alloc free read write read write
------------------------ ----- ----- ----- ----- ----- -----
test 378M 630M 2 105 8.66K 1.63M
mirror-0 378M 630M 2 80 5.14K 1.21M
c1t1d0 - - 0 8 5.09K 1.22M
c1t3d0 - - 1 7 5.58K 1.22M
------------------------ ----- ----- ----- ----- ----- -----
Friday, February 23, 2018
Monday, February 05, 2018
Solaris 12 Public Beta
Ok, the title should really be Solaris 11.4 Public Beta. However Solaris 11.4 is essentially what Solaris 12 was supposed to be.
See the announcement and What's New document.
Alan Coopersmith created an excellent page with all different blogs about new features in 11.4 beta.
Also, see some blogs about sepecific features.
reflink(3c) What is it? Why do I care? And how can I use it?
Application Sandboxing in Oracle Solaris 11.4
Protecting Sensitive Data in Oracle Solaris 11.4
Immutable Zones: SMF changes & Trusted Path services
Solaris Analytics
Getting Data Out of StatsStore
Where Did The 32-Bit Linkers Go?
Weak Filters: Dealing With libc Refactoring Over The Years
Goodbye (And Good Riddance) to -mt -and -D_REENTRANT
New CRT Objects. (Or: What Are CRT objects?)
Regular Expression and Glob Matching for Mapfiles
ld -ztype, and Kernel Modules That Know What They Are
ELF Section Compression
ELF Program Header Names
Core File Enhancements for elfdump
kldd: ldd Style Analysis For Solaris Kernel Modules
Default Memory Allocator Security Protections using Silicon Secured Memory (SSM ADI)
More adventures in Software FMA
Live Zone Reconfiguration for Dataset Resources
Migrating from IPF to Packet Filter in Solaris 11.4
What's in a uname ?
Alan Coopersmith created an excellent page with all different blogs about new features in 11.4 beta.
Also, see some blogs about sepecific features.
reflink(3c) What is it? Why do I care? And how can I use it?
Application Sandboxing in Oracle Solaris 11.4
Protecting Sensitive Data in Oracle Solaris 11.4
Immutable Zones: SMF changes & Trusted Path services
Solaris Analytics
Getting Data Out of StatsStore
Where Did The 32-Bit Linkers Go?
Weak Filters: Dealing With libc Refactoring Over The Years
Goodbye (And Good Riddance) to -mt -and -D_REENTRANT
New CRT Objects. (Or: What Are CRT objects?)
Regular Expression and Glob Matching for Mapfiles
ld -ztype, and Kernel Modules That Know What They Are
ELF Section Compression
ELF Program Header Names
Core File Enhancements for elfdump
kldd: ldd Style Analysis For Solaris Kernel Modules
Default Memory Allocator Security Protections using Silicon Secured Memory (SSM ADI)
More adventures in Software FMA
Live Zone Reconfiguration for Dataset Resources
Migrating from IPF to Packet Filter in Solaris 11.4
What's in a uname ?
Monday, November 20, 2017
Thursday, November 02, 2017
OpenZFS ZIL Internals
Very interesting presentation on how ZIL works and on latest improvements in OpenZFS, presented during OpenZFS Developer Summit 2017.
Tuesday, September 12, 2017
General Purpose Server OS
Is general purpos server OS dead in the next few years?
It definitely seems that way.
Tuesday, July 04, 2017
Sudo and Solaris Privileges
Sudo on Solaris 10 and Solaris 11 allow to specify a privilege set a command will run with. This is very powerful if you want to be more specific in granting only required privileges for a given command, instead of allowing a command to run as root. Although Solaris has additional/different means to achieve the same, which in some cases is better than sudo, but the latter is what most users are familiar with.
For example, the 'fmadm faulty' command requires sys_admin privilege to run.
and the command will now work, but it won't run as root - it will execute as user milek with privileges set to basic,sys_admin, which is more secure than allowing the command to run as root.
For example, the 'fmadm faulty' command requires sys_admin privilege to run.
milek ALL=()PRIVS="basic,sys_admin" NOPASSWD:/usr/sbin/fmadm faultyThis means that user milek can now run: sudo fmadm faulty
and the command will now work, but it won't run as root - it will execute as user milek with privileges set to basic,sys_admin, which is more secure than allowing the command to run as root.
Tuesday, May 16, 2017
Solaris Open Source bits move to GitHub
Alan Coopersmith blogged about migration of Open Source content available in Solaris from java.net to GitHub. This is definitely an improvement.
The new repositories on GitHub are:
The new repositories on GitHub are:
Friday, April 21, 2017
Ebbisland and Extremeparr
Although The Register and others were suggesting Solaris 11 might be affected, it seems not to be the case - according to Oracle Solaris 11 has never been affected be either of them.The Register clarified it as well.
Also if you have a support contract you should have been told this much quicker.
ps. if you have CDE installed on Solaris 10 then there is an IDR available for extremeparr local exploit (again, Solaris 11 is not affected)
Also if you have a support contract you should have been told this much quicker.
ps. if you have CDE installed on Solaris 10 then there is an IDR available for extremeparr local exploit (again, Solaris 11 is not affected)
Saturday, February 25, 2017
Solaris is a dinosaur!
A friend of mine blogged about Eoraptor, Unaysaurus and T-Rex. A fun read about FreeBSD, Solaris, Linux and others.
Subscribe to:
Posts (Atom)