SOLVED Can I use serial interface (RS-232) into a Jail

[thibodude]

Hi, I'm using TrueNAS-12.0-U6.1

I'm trying to use the COM1 serial RS-232 (0x3f8) @ 19200 from a Node-Red plugin (Jail).
From Truenas Core >_ Shell (GUI)
ls -ls /dev/cuau* shows /dev/cuau0 and /dev/cuau2 available

BUT from jail's >Shell I see a short list without /dev/cuau...

My question is:
Is it possible that a jail like Node-Red plugin cannot use a serial interface ?
Is there a workaround, like esxi hardware passthrough ?

Any help is appreciated !

Thanks in advance

 

[Samuel Tai]

Yes, but you need to set mount properties in the jail and security tunables outside the jail. Basically, you need to have the host export the device special files in /dev to the jail, so the jail sees them in the jail's /dev directory.

First, on the host, go to System->Tunables, and set the following sysctl tunables:

Variable	Value
security.jail.enforce_statfs	0
security.jail.mount_allowed	1
security.jail.mount_devfs_allowed	1
security.jail.mount_procfs_allowed	1

Next, in the jail settings, set the following

Property	Value
devfs_ruleset	0
securelevel	0
allow_mount	checked
allow_mount_*	allow_mount_devfs, allow_mount_procfs

 

[thibodude]

Thanks for the quick response !

Question: Type: Loader, rc.conf or sysctl ?

 

[Samuel Tai]

sysctl

 

[thibodude]

Sorry I should have seen before, you wrote it down the first time !
I did that and rebooted TrueNAS... I can now see /dev/cuau0 and /dev/cuau2 under Node-Red Jail >_ ls -la /dev/cua*
But it doesn't seem to work... My serial Insteon PLM is not responding under Node-Red, neither under /dev/cuau0 noe /dev/cuau2... Always shows disconnected. Any clue ?

 

[Samuel Tai]

Are you running as root? Typically, devices in /dev are only accessible to processes running as root.

 

[thibodude]

yes I am using root account

 

[Samuel Tai]

No, I mean the Node-RED software. What account is it running as? Looking at the permissions for the /dev/cuau* devices on my system, they're readable and writeable for the uucp account and the dialer group. If Node-RED uses its own account other than group, you may need to add that account as a member of the dialer group in /etc/group by adding that account to the line for the dialer group:

dialer:*:68:<add Node-RED account here>

 

[thibodude]

I see... Node-Red uses it's own user ie. nodered I guess but not sure...
Here:

Code:

root@truenas[/mnt/TNPool/iocage/jails/NodeRed]# ls -al
total 52
drwxr-xr-x   4 root  wheel     7 Nov 23 16:05 .
drwxr-xr-x   5 root  wheel     5 Nov 23 16:22 ..
-rw-r--r--   1 root  wheel   629 Nov 23 16:05 config.json
-rw-r--r--   1 root  wheel  1641 Nov 19 09:12 fstab
-rw-r--r--   1 root  wheel   667 Nov 19 09:12 node-red.json
drwxr-xr-x   5 root  wheel     8 Nov 19 10:00 plugin
drwxr-xr-x  18 root  wheel    22 Nov 19 09:12 root
root@truenas[/mnt/TNPool/iocage/jails/NodeRed]#

Question: How do I add it to the dialer group ?

Code:

root@truenas[~]# cat /etc/group
wheel:*:0:
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:uucp
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
ftp:*:14:
staff:*:20:
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:
bind:*:53:
proxy:*:62:
authpf:*:63:
_pflogd:*:64:
_dhcp:*:65:
uucp:*:66:
dialer:*:68:
network:*:69:
audit:*:77:
ladvd:*:78:
www:*:80:
ntpd:*:123:
avahi:*:200:
messagebus:*:201:
nslcd:*:389:
consul:*:469:
nomad:*:472:
minio:*:473:
builtin_administrators:*:544:
builtin_users:*:545:admin,rsync
builtin_guests:*:546:
webdav:*:666:
hast:*:845:
michel:*:1000:
mthibode:*:1001:
rsync:*:1002:
nogroup:*:65533:
nobody:*:65534:
media:*:8675309:
root@truenas[~]#

 

[Samuel Tai]

Inside the jail, what's the contents of /etc/passwd and /etc/group? You provided the host's /etc/group.

 

[thibodude]

Sorry !

Code:

root@truenas[.../TNPool/iocage/jails/NodeRed/root/etc]# cat group
# $FreeBSD: releng/12.2/etc/group 359447 2020-03-30 17:07:05Z brooks $
#
wheel:*:0:root
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:root
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
ftp:*:14:
staff:*:20:
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:
video:*:44:
bind:*:53:
unbound:*:59:
proxy:*:62:
authpf:*:63:
_pflogd:*:64:
_dhcp:*:65:
uucp:*:66:
dialer:*:68:
network:*:69:
audit:*:77:
www:*:80:
ntpd:*:123:
_ypldap:*:160:
hast:*:845:
tests:*:977:
nogroup:*:65533:
nobody:*:65534:
nodered:*:1880:
root@truenas[.../TNPool/iocage/jails/NodeRed/root/etc]# cat passwd
# $FreeBSD: releng/12.2/etc/master.passwd 359447 2020-03-30 17:07:05Z brooks $
#
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
unbound:*:59:59:Unbound DNS Resolver:/var/unbound:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
auditdistd:*:78:77:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
ntpd:*:123:123:NTP Daemon:/var/db/ntp:/usr/sbin/nologin
_ypldap:*:160:160:YP LDAP unprivileged user:/var/empty:/usr/sbin/nologin
hast:*:845:845:HAST unprivileged user:/var/empty:/usr/sbin/nologin
tests:*:977:977:Unprivileged user for tests:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
nodered:*:1880:1880:User &:/var/db/nodered:/usr/local/bin/bash
root@truenas[.../TNPool/iocage/jails/NodeRed/root/etc]#

 

[Samuel Tai]

OK, as I thought, there's a nodered user that needs to be added to the dialer group. Within the jail, try pw usermod nodered -G dialer. Afterwards, check the /etc/group via grep dialer /etc/group, and you should see nodered appended as a member after the last colon.

Note, you'll need to run this inside the jail shell.

 

[thibodude]

Yeah I did restarted nodered after and now it works !
Thank you very much for your help Samuel I appreciated your easy to follow directives !

Michel