[Freeswitch-users] Compiling under SmartOS

Stanislav Sinyagin ssinyagin at gmail.com
Thu Sep 10 08:47:03 MSD 2015 

I saw the profiles binding to TCP 5080 and 5060 (UDP too).
On Sep 10, 2015 1:15 AM, "Support" <support at directvoip.co.uk> wrote:

> Stanislav,
>
> Great progress you have made there, I returned to Debian myself but I
> believe quite a few smartos guys are running older versions.
>
> I'll spin up a smartos box and see if master resolves the issue that was
> the killer for me: https://freeswitch.org/jira/browse/FS-7991
>
> Sip handsets had no problem with TCP but it just wouldn't send through a
> gateway using TCP.
>
> Thanks for everything so far.
>
> Regards
> Darren
>
> ------------------------------
> *From:* Stanislav Sinyagin [mailto:ssinyagin at gmail.com]
> *To:* FreeSWITCH Users Help [mailto:freeswitch-users at lists.freeswitch.org]
> *Sent:* Wed, 09 Sep 2015 23:57:00 +0000
> *Subject:* Re: [Freeswitch-users] Compiling under SmartOS
>
> My patches are now in master, so FreeSWITCH can be compiled under any
> of Solaris derivatives.
>
> The -u option will not work in current FreeSWITCH on any of Solaris
> derivatives, regardless if it's in a zone or not: the -u option causes
> it to execute setuid() to switch to the unprivileged user. But the
> problem is, that setuid() sets the effective set of privileges to
> "basic", and "proc_clock_highres" is not included, even that it is
> allowed for the process.
>
> This piece illustrates this behavior:
>
> [root at fs01 ~]# perl -e 'use POSIX; setuid(1000); system("ppriv \$\$")'
> 4079: ppriv 4079
> flags = <none>
> E: basic
> I: basic
> P: basic
> L:
> basic,contract_event,contract_identity,contract_observer,dtrace_proc,dtrace_user,file_chown,file_chown_self,file_dac_execute,file_dac_read,file_dac_search,file_dac_write,file_owner,file_setid,ipc_dac_read,ipc_dac_write,ipc_owner,net_bindmlp,net_icmpaccess,net_mac_aware,net_observability,net_privaddr,net_rawaccess,proc_audit,proc_chroot,proc_clock_highres,proc_lock_memory,proc_owner,proc_prioup,proc_setid,proc_taskid,sys_acct,sys_admin,sys_audit,sys_fs_import,sys_ip_config,sys_iptun_config,sys_mount,sys_nfs,sys_ppp_config,sys_resource
>
>
> So, switch_core.c needs to be modified to utilize setpflags() and
> setppriv() if we are under Solaris, and assign "proc_clock_highres" to
> the process before the timer is initialized. I will propose the patch
> within a month or so.
>
> FreeSWITCH runs fine as root.
>
>
>
>
>
> On Tue, Sep 8, 2015 at 11:54 PM, Stanislav Sinyagin <ssinyagin at gmail.com>
> wrote:
> > Darren,
> >
> > if the zone has the proc_clock_highres privilege, you can assign it to
> > the freeswitch user:
> > usermod -K defaultpriv=basic,proc_clock_highres frsw
> >
> > after that, under "su - frsw", FreeSWITCH can start.
> >
> > But launching it as root with "-u frsw -g frsw" causes the same
> > coredump, as timerfd is unavailable for some reason. This needs
> > further investigation.
> >
> > Also inside a zone, -rp does not have any effect on the process
> > priority, because this needs another privilege: PRIV_PROC_PRIOUP or
> > PRIV_PROC_PRIOCNTL (see privileges(5)).
> >
> > So, there are still obstacles, but we're getting there slowly. But it
> > looks like you anyway have to have administrative access to the global
> > zone in order to run FreeSWITCH in a SmartOS zone. So, hosting it at
> > Joyent doesn't look realistic. Still, it's a very attractive platform
> > because of its lightweight zones and nice network performance and
> > built-in ZFS. Soon I will have a test physical server with SmartOS in
> > my lab, and I can let the interested people access it and test or play
> > around.
> >
> > cheers,
> > stanislav
> >
> >
> >
> >
> >
> > On Tue, Sep 8, 2015 at 6:59 PM, Support <support at directvoip.co.uk>
> wrote:
> >> Stanislav,
> >>
> >> Yes I did use that to get it going but then found that only worked as
> root.
> >>
> >> Also, I know for myself, who was in control of the global zone, that
> this
> >> was a workaround but it was quickly pointed out to me by community
> members
> >> that this is just a workaround as those just using for example Joyent
> cloud
> >> or any zone other than on their own server would probably never be given
> >> access to the high res clock.
> >>
> >> Regards
> >> Darren
> >>
> >> ________________________________
> >> From: Stanislav Sinyagin [mailto:ssinyagin at gmail.com]
> >> To: FreeSWITCH Users Help [mailto:freeswitch-users at lists.freeswitch.org
> ]
> >> Sent: Tue, 08 Sep 2015 16:49:01 +0000
> >>
> >> Subject: Re: [Freeswitch-users] Compiling under SmartOS
> >>
> >> phew, it started finally.
> >>
> >> The correct string is "limit_priv": "default,proc_clock_highres"
> >>
> >> After vmadm update, you need to reboot the zone, in order for new
> >> permissions to propagate to its processes.
> >>
> >>
> >>
> >>
> >> On Tue, Sep 8, 2015 at 5:38 PM, Stanislav Sinyagin <ssinyagin at gmail.com
> >
> >> wrote:
> >>> no, my bad, it's still failing on the timer. I'll spend some time on
> >>> it. Feel free to contact me directly on skype or google hangouts or
> >>> telegram
> >>>
> >>> On Tue, Sep 8, 2015 at 5:27 PM, Stanislav Sinyagin <
> ssinyagin at gmail.com>
> >>> wrote:
> >>>> actually the answer about the timer was given in that same chat where
> >>>> you took part:
> >>>> http://echelog.com/logs/browse/smartos/1438293600
> >>>>
> >>>> I added the following line to the VM manifest json, and then did
> "vmadm
> >>>> update":
> >>>>
> >>>> "limit_priv": "default,-proc_clock_highres"
> >>>>
> >>>> Now it doesn't complain about the timer. But the master branch still
> >>>> coredumps for some other reason :)
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> On Tue, Sep 8, 2015 at 3:42 PM, Support <support at directvoip.co.uk>
> wrote:
> >>>>> Stanislav,
> >>>>>
> >>>>> I cannot help with this, my skills don't reach that far but I can
> point
> >>>>> you
> >>>>> in the right direction.
> >>>>>
> >>>>> I had the same problem and it seems to be related to something called
> >>>>> timerfd. Using the ppriv command you can see freeswitch is wanting
> >>>>> access to
> >>>>> the high res clock, something not available to smartos zones with the
> >>>>> default privileges.
> >>>>>
> >>>>> I did manage to mess with the smartos privileges and get it to run at
> >>>>> one
> >>>>> time but it was only when running as root.
> >>>>>
> >>>>> If you actually used an older version of smartos, I think the one I
> used
> >>>>> is
> >>>>> dated around january this year, then it will compile fine and use
> some
> >>>>> sort
> >>>>> of other timing method.
> >>>>>
> >>>>> This timerfd thing, thing relates to freeswitch finding a file called
> >>>>> timerfd.h that didn't appear in smartos zones until about march this
> >>>>> year,
> >>>>> something to do with lx brand I think.
> >>>>>
> >>>>> I have just looked and the smartos version that will compile is
> >>>>> 20150108T111855Z, obviously it would be better on the newer.
> >>>>>
> >>>>> Compiling on the above smartos version and then running it on newer
> is
> >>>>> no
> >>>>> problem which is what I ended up doing.
> >>>>>
> >>>>> Hope this helps
> >>>>>
> >>>>> Regards
> >>>>> Darren
> >>>>>
> >>>>> ________________________________
> >>>>> From: Stanislav Sinyagin [mailto:ssinyagin at gmail.com]
> >>>>> To: FreeSWITCH Users Help [mailto:
> freeswitch-users at lists.freeswitch.org]
> >>>>> Sent: Tue, 08 Sep 2015 07:55:37 +0000
> >>>>> Subject: Re: [Freeswitch-users] Compiling under SmartOS
> >>>>>
> >>>>>
> >>>>> See the update at https://freeswitch.org/jira/browse/FS-7967
> >>>>>
> >>>>> I fixed the compilation problems, and now there's a runtime issue.
> >>>>>
> >>>>> On Mon, Aug 17, 2015 at 10:40 AM, Stanislav Sinyagin
> >>>>> <ssinyagin at gmail.com> wrote:
> >>>>>> I see there are some people on the list, working with SmartOS.
> >>>>>>
> >>>>>> The current master fails to compile:
> >>>>>> https://freeswitch.org/jira/browse/FS-7967
> >>>>>>
> >>>>>> Your input will be appreciated.
> >>>>>>
> >>>>>> I just started looking around and getting the feeling what SmartOS
> is.
> >>>>>> I worked with Solaris quite a lot, but that was almost 10 years ago.
> >>>>>
> >>>>>
> >>>>>
> _________________________________________________________________________
> >>>>> Professional FreeSWITCH Consulting Services:
> >>>>> consulting at freeswitch.org
> >>>>> http://www.freeswitchsolutions.com
> >>>>>
> >>>>> Official FreeSWITCH Sites
> >>>>> http://www.freeswitch.org
> >>>>> http://confluence.freeswitch.org
> >>>>> http://www.cluecon.com
> >>>>>
> >>>>> FreeSWITCH-users mailing list
> >>>>> FreeSWITCH-users at lists.freeswitch.org
> >>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>>>> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>>>> http://www.freeswitch.org
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> _________________________________________________________________________
> >>>>> Professional FreeSWITCH Consulting Services:
> >>>>> consulting at freeswitch.org
> >>>>> http://www.freeswitchsolutions.com
> >>>>>
> >>>>> Official FreeSWITCH Sites
> >>>>> http://www.freeswitch.org
> >>>>> http://confluence.freeswitch.org
> >>>>> http://www.cluecon.com
> >>>>>
> >>>>> FreeSWITCH-users mailing list
> >>>>> FreeSWITCH-users at lists.freeswitch.org
> >>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>>>> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>>>> http://www.freeswitch.org
> >>
> >>
> _________________________________________________________________________
> >> Professional FreeSWITCH Consulting Services:
> >> consulting at freeswitch.org
> >> http://www.freeswitchsolutions.com
> >>
> >> Official FreeSWITCH Sites
> >> http://www.freeswitch.org
> >> http://confluence.freeswitch.org
> >> http://www.cluecon.com
> >>
> >> FreeSWITCH-users mailing list
> >> FreeSWITCH-users at lists.freeswitch.org
> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> http://www.freeswitch.org
> >>
> >>
> >>
> _________________________________________________________________________
> >> Professional FreeSWITCH Consulting Services:
> >> consulting at freeswitch.org
> >> http://www.freeswitchsolutions.com
> >>
> >> Official FreeSWITCH Sites
> >> http://www.freeswitch.org
> >> http://confluence.freeswitch.org
> >> http://www.cluecon.com
> >>
> >> FreeSWITCH-users mailing list
> >> FreeSWITCH-users at lists.freeswitch.org
> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> http://www.freeswitch.org
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150910/7d55a990/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list