From owner-freebsd-jail@FreeBSD.ORG Mon Aug 30 11:06:59 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9A0C3106566B for ; Mon, 30 Aug 2010 11:06:59 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 886F28FC25 for ; Mon, 30 Aug 2010 11:06:59 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o7UB6xx7087472 for ; Mon, 30 Aug 2010 11:06:59 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o7UB6wwC087468 for freebsd-jail@FreeBSD.org; Mon, 30 Aug 2010 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 30 Aug 2010 11:06:58 GMT Message-Id: <201008301106.o7UB6wwC087468@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Aug 2010 11:06:59 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/149050 jail [jail] rcorder ``nojail'' too coarse for Jail+VNET o kern/147162 jail [jail] [panic] Page Fault / Kernel panic when jail sta s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 8 problems total. From owner-freebsd-jail@FreeBSD.ORG Wed Sep 1 08:10:07 2010 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 27026106564A for ; Wed, 1 Sep 2010 08:10:07 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 15DE98FC12 for ; Wed, 1 Sep 2010 08:10:07 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o818A5hn006694 for ; Wed, 1 Sep 2010 08:10:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o818A54M006693; Wed, 1 Sep 2010 08:10:05 GMT (envelope-from gnats) Date: Wed, 1 Sep 2010 08:10:05 GMT Message-Id: <201009010810.o818A54M006693@freefall.freebsd.org> To: freebsd-jail@FreeBSD.org From: pred@telenet.be Cc: Subject: Re: kern/147162: [jail] [panic] Page Fault / Kernel panic when jail starts on boot X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: pred@telenet.be List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Sep 2010 08:10:07 -0000 The following reply was made to PR kern/147162; it has been noted by GNATS. From: pred@telenet.be To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/147162: [jail] [panic] Page Fault / Kernel panic when jail starts on boot Date: Wed, 1 Sep 2010 09:55:47 +0200 (CEST) ------=_Part_235589_241905550.1283327747791 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Just a quick note that I've upgraded this server to 8.1-RELEASE and re-enab= led the PF routing rule that was causing the kernel panic.=20 The server did a clean reboot so it seems this problem is no longer present= in 8.1-RELEASE, which is ofcourse=C2=A0good news.=20 ------=_Part_235589_241905550.1283327747791 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit

Just a quick note that I've upgraded this server to 8.1-RELEASE and re-enabled the PF routing rule that was causing the kernel panic.

The server did a clean reboot so it seems this problem is no longer present in 8.1-RELEASE, which is ofcourse good news.

 

------=_Part_235589_241905550.1283327747791-- From owner-freebsd-jail@FreeBSD.ORG Thu Sep 2 23:13:05 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E1A01065771; Thu, 2 Sep 2010 23:13:05 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from gritton.org (gritton.org [208.92.232.93]) by mx1.freebsd.org (Postfix) with ESMTP id D8DC08FC12; Thu, 2 Sep 2010 23:13:04 +0000 (UTC) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by gritton.org (8.14.3/8.14.3) with ESMTP id o82MgPh9019979; Thu, 2 Sep 2010 16:42:25 -0600 (MDT) (envelope-from jamie@FreeBSD.org) Message-ID: <4C802828.8030404@FreeBSD.org> Date: Thu, 02 Sep 2010 16:41:44 -0600 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.5) Gecko/20100103 Thunderbird/3.0 MIME-Version: 1.0 To: freebsd-jail@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Alexander Leidinger , "Bjoern A. Zeeb" , "Simon L. Nielsen" Subject: First stab at a new jail(8) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2010 23:13:05 -0000 I've got code for a config-based jail(8) at http://people.freebsd.org/~jamie/jail.tbz . It drops in under /usr/src/usr.sbin, but is a big enough change from the current sources that I didn't bother with a diff. I haven't yet updated the man page for it, so I'll give a quick overview here... Its syntax is an extension of the current jail(8), which is itself an extension of the previous jail(8). In addition to starting a single jail with "-c name=value ... command=do something here" or modifying one with "-m name=value ...", you can just specify a single jail name on the command line and it will operate on that jail from the config file. So "jail -c foo" will start up the jail "foo" from /etc/jail.conf (or whatever file you specify with "-f"). Just saying "jail -c" will start up all jails in the config file if they aren't already running. More generally, when running from the config file you can do the following: jail -c [jailname] Start the specified jail, or all jails. Note that is a single argument. You can't start multiple jails at once this way (e.g. jail -c firstjail secondjail), because if you put two arguments, jail(8) will think you're specifying a jail on the command line with parameters like "firstjail" and "secondjail". You can start multiple jails with simple wildcards: specifying "foo.*" will start jails that start with "foo.". This isn't a regular expression or globbing, but wildcarding entire name components. jail -m [jailname]. Modify parameters of the specified jail, or all jails. It will set the jail to whatever the current parameters in the config file are. Some parameters, like "path", can only be set on jail startup. If these are the same in the config file and the currently running jail, it will silently skip them. If they're different, it will report and error and not update the jail. jail -r In this case, the jail name isn't optional, because I thought it would be too easy to accidentally remove everything. If you want to remove all jails, you can say "jail-r '*'". If you specify a wildcard, it will apply only to jails in the config file. But unlike -c and -m, if you specify a single jail, it will first look it up in the config file but then back up to looking at currently running jails. Thus "jail -r 47" will remove the jail with jid 47 just like it currently does, unless you have a jail called "47" in the config file. jail -R Similar to jail -r, but this doesn't use the config file at all. The jailname must be the name or jid of a running jail, or a wildcard. In this case, the wildcards also apply to running jails, so "jail -R '*'" will remove all current jails. Since the config file isn't used, no shutdown scripts will be run and every jail will be removed "hard". jail -cm [jailname] Like the "-cm" flags of the current version, this will create a jail if it doesn't exist, or update it if it does exist. This will make sure every jail in the config file is up and running. jail -rc [jailname] This combination of -r and -c restarts jails - first the entire remove procedure then the entire create procedure. jail -mr [jailname] jail -cmr [jailname] These variations on -m and -cm will restart a jail if necessary - instead of exiting on an error when attempting to change a create-only parameter, it will restart the jail. The -cmr option, which can also create new jails, can make sure every jail is in exactly the same state as specified in the config file. I've described the format of the config while a while back, and I'm including a small sample config file in the tarball. Right now it handles all the regular jail parameters, as well as some internal pseudo-parameters mostly taken from the current rc.d/jail: allow-dying Same as the -d flag, allow modifying a dying jail. depend Make a jail's startup depend on another jail. The jail won't be started until every jail it depends on is successfully started first. If you specify starting a single jail on the command line and it has dependencies, its dependencies are implicitly included. If you modify a jail with dependencies, it will make any changes in dependency order, but will not actually modify jails that aren't specified. The dependencies apply in reverse order for removing jails. ip_hostname Same as the -h flag, implicitly set the jails' ip4.addr and ip6.addr parameters based on a DNS lookup of the host.hostname parameter. exec.prestart exec.start command exec.afterstart exec.poststart The same as used in rc.d/jail, except that there's also a "command" parameter as in the current jail(8). The specified programs are executed in the order given, and each parameter can specify multiple programs (using the "+=" specifier in the config file). The jail is created after exec.prestart is run. The exec.start, command, and exec.afterstart programs are run inside the jail; the exec.prestart and exec.poststart programs are run in the host system. For backward compatibility and convenience, "command" stops the parsing of parameters on the command line, and gives all remaining arguments to the program. exec.prestop exec.stop exec.poststop The same as used in rc.d/jail. The jail is removed after exec.stop completes (and after sending all jailed processes SIGTERM and waiting for them to die). The exec.stop program is run inside the jail; the exec.prestop and exec.poststop programs are from in the host system. exec.clean exec.jail_user exec.system_jail_user exec.system_user Similar to the -l, -u, and -U options. exec.clean is the same as -l, except that it doesn't require -[uU] to be set as well, but instead uses the current user (passwd lookup by uid) if no user is specified. If people aren't using fancy permission models or making jail(8) setuid, this user will be root. exec.jail_user is the same as the -U option, and specifies a user to look up in the jail's passwd file when running a program inside the jail. exec.system_jail_user is a boolean that says to look up exec.jail_user in the host system's passwd file instead; specifying both exec.jail_user and exec.system_jail_user is the equivalent of the -u option. exec.system_user specified a user for programs that run outside the jail, e.g. from exec.prestart. It has no analog in the current jail(8). I haven't yet handled the other rc.d/jail parameters. Those are the next thing for me to work on, but I think the current version is at least useful enough to start looking at. Most of the things the rc.d/jail does can be handled to at least some degree by specifying exec.prestart and exec.afterstop programs. - Jamie