From owner-freebsd-jail@FreeBSD.ORG Mon Feb 11 11:06:46 2013 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 92D2C285 for ; Mon, 11 Feb 2013 11:06:46 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 852511BCC for ; Mon, 11 Feb 2013 11:06:46 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r1BB6khR081306 for ; Mon, 11 Feb 2013 11:06:46 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r1BB6kN1081300 for freebsd-jail@FreeBSD.org; Mon, 11 Feb 2013 11:06:46 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 11 Feb 2013 11:06:46 GMT Message-Id: <201302111106.r1BB6kN1081300@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Feb 2013 11:06:46 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/174902 jail [jail] jail should provide validator for jail names o kern/174436 jail [jail] Jails with numbers as names don't work o bin/173469 jail [jail] regression: security.jail.sysvipc_allowed=1 no o kern/169751 jail [jail] reading routing information does not work in ja o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k o kern/159918 jail [jail] inter-jail communication failure o kern/156111 jail [jail] procstat -b not supported in jail o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin o conf/149050 jail [jail] rcorder ``nojail'' too coarse for Jail+VNET s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid 15 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Feb 12 14:47:30 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id C996690B; Tue, 12 Feb 2013 14:47:30 +0000 (UTC) (envelope-from h.schmalzbauer@omnilan.de) Received: from host.omnilan.net (s1.omnilan.net [62.245.232.135]) by mx1.freebsd.org (Postfix) with ESMTP id 61FDC8E7; Tue, 12 Feb 2013 14:47:29 +0000 (UTC) Received: from titan.inop.wdn.omnilan.net (titan.inop.wdn.omnilan.net [172.21.3.1]) (authenticated bits=0) by host.omnilan.net (8.13.8/8.13.8) with ESMTP id r1CEqVMe088323 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 12 Feb 2013 15:52:32 +0100 (CET) (envelope-from h.schmalzbauer@omnilan.de) Message-ID: <511A55F9.4080205@omnilan.de> Date: Tue, 12 Feb 2013 15:47:21 +0100 From: Harald Schmalzbauer Organization: OmniLAN User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-DE; rv:1.9.2.8) Gecko/20100906 Lightning/1.0b2 Thunderbird/3.1.2 MIME-Version: 1.0 To: freebsd-stable@freebsd.org, freebsd-jail@freebsd.org Subject: problem stoping jails with jail(8), jail.conf and mount.fstab X-Enigmail-Version: 1.1.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigE4115EB90526EFB833D1814D" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Feb 2013 14:47:30 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigE4115EB90526EFB833D1814D Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Hello, on 9.1-R, I highly appreciate the new jail(8) and jail.conf capabilities. Thanks for that extension! But I have one problem: If I want to stop a jail with 'jaill -r jailname', I get "umount: unmount of /.jail.jailname failed: Device busy"= It seems to me that the order of fstab.jailname entries are not reverted by jail(8) when shutting down/umounting. My C skills don't allow me to verify/fix that in usr.sbin/jail/command.c Can anybody help please? Thanks, -Harry (not subscribed to jail@) --------------enigE4115EB90526EFB833D1814D Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAlEaVfkACgkQLDqVQ9VXb8i7qQCdEXO2f61R585GKuJwhZj26wA9 E3EAnRNeOdgmMmOwgdg7p6TSJBNQmBow =GRuO -----END PGP SIGNATURE----- --------------enigE4115EB90526EFB833D1814D-- From owner-freebsd-jail@FreeBSD.ORG Tue Feb 12 14:58:50 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id E477CD58; Tue, 12 Feb 2013 14:58:50 +0000 (UTC) (envelope-from h.schmalzbauer@omnilan.de) Received: from host.omnilan.net (s1.omnilan.net [62.245.232.135]) by mx1.freebsd.org (Postfix) with ESMTP id 6D7E29A3; Tue, 12 Feb 2013 14:58:49 +0000 (UTC) Received: from titan.inop.wdn.omnilan.net (titan.inop.wdn.omnilan.net [172.21.3.1]) (authenticated bits=0) by host.omnilan.net (8.13.8/8.13.8) with ESMTP id r1CF3x77088542 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 12 Feb 2013 16:03:59 +0100 (CET) (envelope-from h.schmalzbauer@omnilan.de) Message-ID: <511A58A8.50703@omnilan.de> Date: Tue, 12 Feb 2013 15:58:48 +0100 From: Harald Schmalzbauer Organization: OmniLAN User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-DE; rv:1.9.2.8) Gecko/20100906 Lightning/1.0b2 Thunderbird/3.1.2 MIME-Version: 1.0 To: freebsd-stable@freebsd.org, freebsd-jail@freebsd.org Subject: Re: problem stoping jails with jail(8), jail.conf and mount.fstab References: <511A55F9.4080205@omnilan.de> In-Reply-To: <511A55F9.4080205@omnilan.de> X-Enigmail-Version: 1.1.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigDBA6D07CE516CA02A636B3B1" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Feb 2013 14:58:51 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigDBA6D07CE516CA02A636B3B1 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable schrieb Harald Schmalzbauer am 12.02.2013 15:47 (localtime): > Hello, > > on 9.1-R, I highly appreciate the new jail(8) and jail.conf > capabilities. Thanks for that extension! > > But I have one problem: If I want to stop a jail with 'jaill -r > jailname', I get "umount: unmount of /.jail.jailname failed: Device bus= y" > > It seems to me that the order of fstab.jailname entries are not reverte= d > by jail(8) when shutting down/umounting. > My C skills don't allow me to verify/fix that in usr.sbin/jail/command.= c Btw, experimental falsifying isn't the problem: fstab.jail1: /dev/gpt/jail1ROOT /.jail.jail1 ufs ro 0 0 /dev/gpt/jail1VAR /.jail.jail1/var ufs rw,noatime 0 0 Starting jail with 'jail -c jail1': everything fine. Stoping jail with 'jail -r jail1': error when fstab.jail1 is like above, but error vanishes if I revert the two lines above before stoping! So the root cause seems to be obvious. But like mentioned, I can't fix that myself :-( Thanks, -Harry --------------enigDBA6D07CE516CA02A636B3B1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAlEaWKkACgkQLDqVQ9VXb8gXqQCfao/pVXU0L61n3gh2nNr+Sx+h aG8Anjzj3xaXJz/hSmbOZZHXu0agge+e =q8WV -----END PGP SIGNATURE----- --------------enigDBA6D07CE516CA02A636B3B1-- From owner-freebsd-jail@FreeBSD.ORG Wed Feb 13 05:09:06 2013 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id B192D89F; Wed, 13 Feb 2013 05:09:06 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) by mx1.freebsd.org (Postfix) with ESMTP id 8882EAB1; Wed, 13 Feb 2013 05:09:03 +0000 (UTC) Received: from glorfindel.gritton.org (c-174-52-130-157.hsd1.ut.comcast.net [174.52.130.157]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id r1D591ok070158; Tue, 12 Feb 2013 22:09:02 -0700 (MST) (envelope-from jamie@FreeBSD.org) Message-ID: <511B1FED.7000500@FreeBSD.org> Date: Tue, 12 Feb 2013 22:09:01 -0700 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.24) Gecko/20120129 Thunderbird/3.1.16 MIME-Version: 1.0 To: freebsd-jail@FreeBSD.org Subject: Re: problem stoping jails with jail(8), jail.conf and mount.fstab References: <511A55F9.4080205@omnilan.de> In-Reply-To: <511A55F9.4080205@omnilan.de> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-stable@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Feb 2013 05:09:06 -0000 On 02/12/13 07:47, Harald Schmalzbauer wrote: > Hello, > > on 9.1-R, I highly appreciate the new jail(8) and jail.conf > capabilities. Thanks for that extension! > > But I have one problem: If I want to stop a jail with 'jaill -r > jailname', I get "umount: unmount of /.jail.jailname failed: Device busy" > > It seems to me that the order of fstab.jailname entries are not reverted > by jail(8) when shutting down/umounting. > My C skills don't allow me to verify/fix that in usr.sbin/jail/command.c > > Can anybody help please? > > Thanks, > > -Harry Yes, that's a serious drawback. I'll work something up for that. - Jamie From owner-freebsd-jail@FreeBSD.ORG Wed Feb 13 15:59:40 2013 Return-Path: Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 5D196D88; Wed, 13 Feb 2013 15:59:40 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 35125BF0; Wed, 13 Feb 2013 15:59:40 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r1DFxe6V084140; Wed, 13 Feb 2013 15:59:40 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r1DFxeI9084136; Wed, 13 Feb 2013 15:59:40 GMT (envelope-from linimon) Date: Wed, 13 Feb 2013 15:59:40 GMT Message-Id: <201302131559.r1DFxeI9084136@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org From: linimon@FreeBSD.org Subject: Re: kern/176112: [jail] [panic] kernel panic when starting jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Feb 2013 15:59:40 -0000 Old Synopsis: New Synopsis: [jail] [panic] kernel panic when starting jails Responsible-Changed-From-To: freebsd-bugs->freebsd-jail Responsible-Changed-By: linimon Responsible-Changed-When: Wed Feb 13 15:58:50 UTC 2013 Responsible-Changed-Why: Fix synopsis and assign. http://www.freebsd.org/cgi/query-pr.cgi?pr=176112 From owner-freebsd-jail@FreeBSD.ORG Wed Feb 13 16:11:16 2013 Return-Path: Delivered-To: freebsd-jail@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id C7C6376D; Wed, 13 Feb 2013 16:11:16 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 98ECED58; Wed, 13 Feb 2013 16:11:16 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r1DGBG7R087757; Wed, 13 Feb 2013 16:11:16 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r1DGBGj7087753; Wed, 13 Feb 2013 16:11:16 GMT (envelope-from linimon) Date: Wed, 13 Feb 2013 16:11:16 GMT Message-Id: <201302131611.r1DGBGj7087753@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org From: linimon@FreeBSD.org Subject: Re: kern/176092: [jail] [panic] Starting a jail on my releng/9.1 kernel with pf and VIMAGE enabled crashes the kernel X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Feb 2013 16:11:16 -0000 Old Synopsis: Starting a jail on my releng/9.1 kernel with pf and VIMAGE enabled crashes the kernel New Synopsis: [jail] [panic] Starting a jail on my releng/9.1 kernel with pf and VIMAGE enabled crashes the kernel Responsible-Changed-From-To: freebsd-bugs->freebsd-jail Responsible-Changed-By: linimon Responsible-Changed-When: Wed Feb 13 16:10:59 UTC 2013 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=176092 From owner-freebsd-jail@FreeBSD.ORG Thu Feb 14 14:41:10 2013 Return-Path: Delivered-To: jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id D2E0414A; Thu, 14 Feb 2013 14:41:10 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) by mx1.freebsd.org (Postfix) with ESMTP id B8F348BC; Thu, 14 Feb 2013 14:41:07 +0000 (UTC) Received: from glorfindel.gritton.org (c-174-52-130-157.hsd1.ut.comcast.net [174.52.130.157]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id r1EEf0EO094215; Thu, 14 Feb 2013 07:41:00 -0700 (MST) (envelope-from jamie@FreeBSD.org) Message-ID: <511CF77A.2080005@FreeBSD.org> Date: Thu, 14 Feb 2013 07:40:58 -0700 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.24) Gecko/20120129 Thunderbird/3.1.16 MIME-Version: 1.0 To: Baptiste Daroussin Subject: Re: Marking some FS as jailable References: <20130212194047.GE12760@ithaqua.etoilebsd.net> <511B1F55.3080500@FreeBSD.org> <20130214132715.GG44004@ithaqua.etoilebsd.net> In-Reply-To: <20130214132715.GG44004@ithaqua.etoilebsd.net> Content-Type: multipart/mixed; boundary="------------040604050308040604010805" Cc: jail@FreeBSD.org, fs@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Feb 2013 14:41:10 -0000 This is a multi-part message in MIME format. --------------040604050308040604010805 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 02/14/13 06:27, Baptiste Daroussin wrote: > On Tue, Feb 12, 2013 at 10:06:29PM -0700, Jamie Gritton wrote: >> On 02/12/13 12:40, Baptiste Daroussin wrote: >>> >>> I would like to mark some filesystem as jailable, here is the one I need: >>> linprocfs, tmpfs and fdescfs, I was planning to do it with adding a >>> allow.mount.${fs} for each one. >>> >>> Anyone has an objection? >> >> Would it make sense for linprocfs to use the existing allow.mount.procfs >> flag? > > Here is a patch that uses allow.mount.procfs for linsysfs and linprocfs. > > It also addd a new allow.mount.tmpfs to allow tmpfs. > > It seems to work here, can anyone confirm this is the right way to do it? > > I'll commit in 2 parts: first lin*fs, second tmpfs related things > > http://people.freebsd.org/~bapt/jail-fs.diff There are some problems. The usage on the mount side of things looks correct, but it needs more on the jail side. I'm including a patch just of that part, with a correction in jail.h and further changes in kern_jail.c - Jamie --------------040604050308040604010805 Content-Type: text/plain; name="jail-fs.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="jail-fs.diff" Index: sys/jail.h =================================================================== --- sys/jail.h (revision 246791) +++ sys/jail.h (working copy) @@ -227,7 +227,8 @@ #define PR_ALLOW_MOUNT_NULLFS 0x0100 #define PR_ALLOW_MOUNT_ZFS 0x0200 #define PR_ALLOW_MOUNT_PROCFS 0x0400 -#define PR_ALLOW_ALL 0x07ff +#define PR_ALLOW_MOUNT_TMPFS 0x0800 +#define PR_ALLOW_ALL 0x0fff /* * OSD methods Index: kern/kern_jail.c =================================================================== --- kern/kern_jail.c (revision 246791) +++ kern/kern_jail.c (working copy) @@ -206,6 +206,7 @@ "allow.mount.nullfs", "allow.mount.zfs", "allow.mount.procfs", + "allow.mount.tmpfs", }; const size_t pr_allow_names_size = sizeof(pr_allow_names); @@ -221,6 +222,7 @@ "allow.mount.nonullfs", "allow.mount.nozfs", "allow.mount.noprocfs", + "allow.mount.notmpfs", }; const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames); @@ -4208,6 +4210,10 @@ CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_PROCFS, sysctl_jail_default_allow, "I", "Processes in jail can mount the procfs file system"); +SYSCTL_PROC(_security_jail, OID_AUTO, mount_tmpfs_allowed, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, + NULL, PR_ALLOW_MOUNT_TMPFS, sysctl_jail_default_allow, "I", + "Processes in jail can mount the tmpfs file system"); SYSCTL_PROC(_security_jail, OID_AUTO, mount_zfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_ZFS, sysctl_jail_default_allow, "I", @@ -4360,6 +4366,8 @@ "B", "Jail may mount the nullfs file system"); SYSCTL_JAIL_PARAM(_allow_mount, procfs, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount the procfs file system"); +SYSCTL_JAIL_PARAM(_allow_mount, tmpfs, CTLTYPE_INT | CTLFLAG_RW, + "B", "Jail may mount the tmpfs file system"); SYSCTL_JAIL_PARAM(_allow_mount, zfs, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount the zfs file system"); --------------040604050308040604010805-- From owner-freebsd-jail@FreeBSD.ORG Thu Feb 14 14:56:11 2013 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id DA7DE799; Thu, 14 Feb 2013 14:56:11 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) by mx1.freebsd.org (Postfix) with ESMTP id 2AD6996E; Thu, 14 Feb 2013 14:56:11 +0000 (UTC) Received: by mail-wg0-f42.google.com with SMTP id 12so62027wgh.5 for ; Thu, 14 Feb 2013 06:56:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:sender:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=bfOdk5tXPIQBtQYGdv37IgMx4yh86gt2HwAC9Lgv9dQ=; b=nrEOAJg63xVH79KQkSMNHq2TqSCvjK6r6fa/q3Yk0UDMboSr4BS7l85VisERrWWv17 chwQprm7jbD31PrxGWYYGfgsa8zGgZjzHrcbOgFN6jnhhAGKGllzHDLtiAyoo+eBJRGV WTh9pYxLepmu8Js5HMm8GNhhRcU/kuG1ZYiK1EQcawCR5fg4fRPrWXHx3Q17UmI9bSsq nJha9DVKbOnS3azcOBxKG0/P2H4Xv6hhS5kiOw4OzIN4Bdfp54CzcrSaLwNjXczn4pwH RJ/qmGgV+S0hE8redQt3qI/LZR0NxnfKejtrwKT4Dnp+G9U3UE4BYnuMEMmjCkMwqVxP 9/7w== X-Received: by 10.180.105.195 with SMTP id go3mr17593518wib.13.1360853764297; Thu, 14 Feb 2013 06:56:04 -0800 (PST) Received: from ithaqua.etoilebsd.net (ithaqua.etoilebsd.net. [37.59.37.188]) by mx.google.com with ESMTPS id hb9sm48701439wib.3.2013.02.14.06.56.02 (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 14 Feb 2013 06:56:03 -0800 (PST) Sender: Baptiste Daroussin Date: Thu, 14 Feb 2013 15:56:00 +0100 From: Baptiste Daroussin To: Jamie Gritton Subject: Re: Marking some FS as jailable Message-ID: <20130214145600.GI44004@ithaqua.etoilebsd.net> References: <20130212194047.GE12760@ithaqua.etoilebsd.net> <511B1F55.3080500@FreeBSD.org> <20130214132715.GG44004@ithaqua.etoilebsd.net> <511CF77A.2080005@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="svExV93C05KqedWb" Content-Disposition: inline In-Reply-To: <511CF77A.2080005@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: jail@FreeBSD.org, fs@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Feb 2013 14:56:11 -0000 --svExV93C05KqedWb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 14, 2013 at 07:40:58AM -0700, Jamie Gritton wrote: > On 02/14/13 06:27, Baptiste Daroussin wrote: > > On Tue, Feb 12, 2013 at 10:06:29PM -0700, Jamie Gritton wrote: > >> On 02/12/13 12:40, Baptiste Daroussin wrote: > >>> > >>> I would like to mark some filesystem as jailable, here is the one I n= eed: > >>> linprocfs, tmpfs and fdescfs, I was planning to do it with adding a > >>> allow.mount.${fs} for each one. > >>> > >>> Anyone has an objection? > >> > >> Would it make sense for linprocfs to use the existing allow.mount.proc= fs > >> flag? > > > > Here is a patch that uses allow.mount.procfs for linsysfs and linprocfs. > > > > It also addd a new allow.mount.tmpfs to allow tmpfs. > > > > It seems to work here, can anyone confirm this is the right way to do i= t? > > > > I'll commit in 2 parts: first lin*fs, second tmpfs related things > > > > http://people.freebsd.org/~bapt/jail-fs.diff >=20 > There are some problems. The usage on the mount side of things looks > correct, but it needs more on the jail side. I'm including a patch just > of that part, with a correction in jail.h and further changes in kern_jai= l.c >=20 > - Jamie Thank you the patch has been updated with your fixes. regards Bapt --svExV93C05KqedWb Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlEc+wAACgkQ8kTtMUmk6EyHigCff8gnZ9sdNZA9E0h5Cv1pJG6P 5FIAn2vpcpfWQKhQppv4HF9CjuTyJ6S8 =KvSM -----END PGP SIGNATURE----- --svExV93C05KqedWb-- From owner-freebsd-jail@FreeBSD.ORG Thu Feb 14 14:58:54 2013 Return-Path: Delivered-To: jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 261EB856; Thu, 14 Feb 2013 14:58:54 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) by mx1.freebsd.org (Postfix) with ESMTP id ED98698D; Thu, 14 Feb 2013 14:58:53 +0000 (UTC) Received: from glorfindel.gritton.org (c-174-52-130-157.hsd1.ut.comcast.net [174.52.130.157]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id r1EEwqeL094374; Thu, 14 Feb 2013 07:58:53 -0700 (MST) (envelope-from jamie@FreeBSD.org) Message-ID: <511CFBAC.3000803@FreeBSD.org> Date: Thu, 14 Feb 2013 07:58:52 -0700 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.24) Gecko/20120129 Thunderbird/3.1.16 MIME-Version: 1.0 To: Baptiste Daroussin Subject: Re: Marking some FS as jailable References: <20130212194047.GE12760@ithaqua.etoilebsd.net> <511B1F55.3080500@FreeBSD.org> <20130214132715.GG44004@ithaqua.etoilebsd.net> <511CF77A.2080005@FreeBSD.org> <20130214145600.GI44004@ithaqua.etoilebsd.net> In-Reply-To: <20130214145600.GI44004@ithaqua.etoilebsd.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: jail@FreeBSD.org, fs@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Feb 2013 14:58:54 -0000 On 02/14/13 07:56, Baptiste Daroussin wrote: > On Thu, Feb 14, 2013 at 07:40:58AM -0700, Jamie Gritton wrote: >> On 02/14/13 06:27, Baptiste Daroussin wrote: >>> On Tue, Feb 12, 2013 at 10:06:29PM -0700, Jamie Gritton wrote: >>>> On 02/12/13 12:40, Baptiste Daroussin wrote: >>>>> >>>>> I would like to mark some filesystem as jailable, here is the one I need: >>>>> linprocfs, tmpfs and fdescfs, I was planning to do it with adding a >>>>> allow.mount.${fs} for each one. >>>>> >>>>> Anyone has an objection? >>>> >>>> Would it make sense for linprocfs to use the existing allow.mount.procfs >>>> flag? >>> >>> Here is a patch that uses allow.mount.procfs for linsysfs and linprocfs. >>> >>> It also addd a new allow.mount.tmpfs to allow tmpfs. >>> >>> It seems to work here, can anyone confirm this is the right way to do it? >>> >>> I'll commit in 2 parts: first lin*fs, second tmpfs related things >>> >>> http://people.freebsd.org/~bapt/jail-fs.diff >> >> There are some problems. The usage on the mount side of things looks >> correct, but it needs more on the jail side. I'm including a patch just >> of that part, with a correction in jail.h and further changes in kern_jail.c > > Thank you the patch has been updated with your fixes. One more bit (literally): PR_ALLOW_ALL in sys/jail.h needs updating. - Jamie From owner-freebsd-jail@FreeBSD.ORG Thu Feb 14 15:09:11 2013 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id A263CBDA; Thu, 14 Feb 2013 15:09:11 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: from mail-wi0-f174.google.com (mail-wi0-f174.google.com [209.85.212.174]) by mx1.freebsd.org (Postfix) with ESMTP id DF8B7A09; Thu, 14 Feb 2013 15:09:10 +0000 (UTC) Received: by mail-wi0-f174.google.com with SMTP id hi8so7172391wib.13 for ; Thu, 14 Feb 2013 07:09:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:sender:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=EjYSivbjrOmN3F8+oUHPeRwNXWDtz77hoMamqLXRNhU=; b=nmXfpI4+Pmu7+MSdGWFA2di1A0P3K9crcn0U3euBoX9zj3Ltif0bAKTNI6CiXXzrtS U143lLvceeBy0j3utaFq/5L+98U+UdB6sSsWPQrFK6Rid5ho98SBn7lH0ryfV2vfeL8d J6BR+TWgwaMMi8bsZ2hWWCm+To2L+ou0K8Wtz/5Ftt2A7MFHg+UPHY+Q8Ft1FdpoJg7g pvfvRk4lvMUXF8gAC4NsA042ai7FBym08ZCKE9DVbMrlnNHwnoBFbh2mVDLllcuJUaaC TAfI5BG3XLNj+sBiZAx3ymUGv1m425XY0CkQ5IvBhglWj6g0tj9EgWxIR0qomopGw47I 6HyQ== X-Received: by 10.180.8.4 with SMTP id n4mr17681326wia.13.1360854541067; Thu, 14 Feb 2013 07:09:01 -0800 (PST) Received: from ithaqua.etoilebsd.net (ithaqua.etoilebsd.net. [37.59.37.188]) by mx.google.com with ESMTPS id fg6sm33086802wib.10.2013.02.14.07.08.59 (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 14 Feb 2013 07:08:59 -0800 (PST) Sender: Baptiste Daroussin Date: Thu, 14 Feb 2013 16:08:57 +0100 From: Baptiste Daroussin To: Jamie Gritton Subject: Re: Marking some FS as jailable Message-ID: <20130214150857.GK44004@ithaqua.etoilebsd.net> References: <20130212194047.GE12760@ithaqua.etoilebsd.net> <511B1F55.3080500@FreeBSD.org> <20130214132715.GG44004@ithaqua.etoilebsd.net> <511CF77A.2080005@FreeBSD.org> <20130214145600.GI44004@ithaqua.etoilebsd.net> <511CFBAC.3000803@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2feizKym29CxAecD" Content-Disposition: inline In-Reply-To: <511CFBAC.3000803@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: jail@FreeBSD.org, fs@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Feb 2013 15:09:11 -0000 --2feizKym29CxAecD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 14, 2013 at 07:58:52AM -0700, Jamie Gritton wrote: > On 02/14/13 07:56, Baptiste Daroussin wrote: > > On Thu, Feb 14, 2013 at 07:40:58AM -0700, Jamie Gritton wrote: > >> On 02/14/13 06:27, Baptiste Daroussin wrote: > >>> On Tue, Feb 12, 2013 at 10:06:29PM -0700, Jamie Gritton wrote: > >>>> On 02/12/13 12:40, Baptiste Daroussin wrote: > >>>>> > >>>>> I would like to mark some filesystem as jailable, here is the one I= need: > >>>>> linprocfs, tmpfs and fdescfs, I was planning to do it with adding a > >>>>> allow.mount.${fs} for each one. > >>>>> > >>>>> Anyone has an objection? > >>>> > >>>> Would it make sense for linprocfs to use the existing allow.mount.pr= ocfs > >>>> flag? > >>> > >>> Here is a patch that uses allow.mount.procfs for linsysfs and linproc= fs. > >>> > >>> It also addd a new allow.mount.tmpfs to allow tmpfs. > >>> > >>> It seems to work here, can anyone confirm this is the right way to do= it? > >>> > >>> I'll commit in 2 parts: first lin*fs, second tmpfs related things > >>> > >>> http://people.freebsd.org/~bapt/jail-fs.diff > >> > >> There are some problems. The usage on the mount side of things looks > >> correct, but it needs more on the jail side. I'm including a patch just > >> of that part, with a correction in jail.h and further changes in kern_= jail.c > > > > Thank you the patch has been updated with your fixes. >=20 > One more bit (literally): PR_ALLOW_ALL in sys/jail.h needs updating. >=20 > - Jamie Fixed thanks Bapt --2feizKym29CxAecD Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlEc/gkACgkQ8kTtMUmk6Ez32ACgn5dhl2qu4auCzE22o/4ojZ/K zlAAoLAlABbev6X7zOadrZCO+DJiusDU =PN4l -----END PGP SIGNATURE----- --2feizKym29CxAecD-- From owner-freebsd-jail@FreeBSD.ORG Thu Feb 14 20:38:50 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 32796125 for ; Thu, 14 Feb 2013 20:38:50 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1-6.sentex.ca [IPv6:2607:f3e0:0:1::12]) by mx1.freebsd.org (Postfix) with ESMTP id DF5B2C1E for ; Thu, 14 Feb 2013 20:38:49 +0000 (UTC) Received: from [192.168.43.26] (pyroxene.sentex.ca [199.212.134.18]) by smarthost1.sentex.ca (8.14.5/8.14.5) with ESMTP id r1EKcmAo038857 for ; Thu, 14 Feb 2013 15:38:48 -0500 (EST) (envelope-from mike@sentex.net) Message-ID: <511D4B64.3090204@sentex.net> Date: Thu, 14 Feb 2013 15:39:00 -0500 From: Mike Tancsa Organization: Sentex Communications User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: bsnmp-jails broken ? X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.72 on 64.7.153.18 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Feb 2013 20:38:50 -0000 I wanted to add monitoring of traffic to individual jails, but this module does not seem to work for me. The module seems to work for some OIDs, but not for traffic stats. This is on RELENG_9. Does anyone have this working ? eg % snmpwalk -v2c -c xxxx thehost.sentex.ca .1.3.6.1.4.1.12325.1.1111 SNMPv2-SMI::enterprises.12325.1.1111.1.0 = INTEGER: 2 SNMPv2-SMI::enterprises.12325.1.1111.2.1.0.1 = INTEGER: 1 SNMPv2-SMI::enterprises.12325.1.1111.2.1.0.2 = INTEGER: 2 SNMPv2-SMI::enterprises.12325.1.1111.2.1.1.1 = STRING: "j1.com" SNMPv2-SMI::enterprises.12325.1.1111.2.1.1.2 = STRING: "6j2.sentex.ca" SNMPv2-SMI::enterprises.12325.1.1111.2.1.10.1 = Counter64: 0 SNMPv2-SMI::enterprises.12325.1.1111.2.1.10.2 = Counter64: 0 SNMPv2-SMI::enterprises.12325.1.1111.2.1.11.1 = Counter64: 0 SNMPv2-SMI::enterprises.12325.1.1111.2.1.11.2 = Counter64: 0 SNMPv2-SMI::enterprises.12325.1.1111.2.1.12.1 = Counter64: 0 SNMPv2-SMI::enterprises.12325.1.1111.2.1.12.2 = Counter64: 0 SNMPv2-SMI::enterprises.12325.1.1111.2.1.13.1 = Counter64: 0 SNMPv2-SMI::enterprises.12325.1.1111.2.1.13.2 = Counter64: 0 SNMPv2-SMI::enterprises.12325.1.1111.2.1.20.1 = INTEGER: 60 SNMPv2-SMI::enterprises.12325.1.1111.2.1.20.2 = INTEGER: 25 SNMPv2-SMI::enterprises.12325.1.1111.2.1.21.1 = INTEGER: 69 SNMPv2-SMI::enterprises.12325.1.1111.2.1.21.2 = INTEGER: 144 SNMPv2-SMI::enterprises.12325.1.1111.2.1.25.1 = Timeticks: (3067079) 8:31:10.79 SNMPv2-SMI::enterprises.12325.1.1111.2.1.25.2 = Timeticks: (8626) 0:01:26.26 SNMPv2-SMI::enterprises.12325.1.1111.2.1.30.1 = Counter64: 6535995904 SNMPv2-SMI::enterprises.12325.1.1111.2.1.30.2 = Counter64: 2159424000 SNMPv2-SMI::enterprises.12325.1.1111.2.1.31.1 = Counter64: 159831 SNMPv2-SMI::enterprises.12325.1.1111.2.1.31.2 = Counter64: 246899 SNMPv2-SMI::enterprises.12325.1.1111.100.0 = STRING: "not net xx.yy.zz.16/28" SNMPv2-SMI::enterprises.12325.1.1111.101.0 = Timeticks: (300) 0:00:03.00 SNMPv2-SMI::enterprises.12325.1.1111.102.0 = Timeticks: (3600) 0:00:36.00 -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ From owner-freebsd-jail@FreeBSD.ORG Fri Feb 15 16:27:50 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id B86CB288; Fri, 15 Feb 2013 16:27:50 +0000 (UTC) (envelope-from h.schmalzbauer@omnilan.de) Received: from host.omnilan.net (s1.omnilan.net [62.245.232.135]) by mx1.freebsd.org (Postfix) with ESMTP id 451F27AA; Fri, 15 Feb 2013 16:27:49 +0000 (UTC) Received: from titan.inop.wdn.omnilan.net (titan.inop.wdn.omnilan.net [172.21.3.1]) (authenticated bits=0) by host.omnilan.net (8.13.8/8.13.8) with ESMTP id r1FGWsWx091143 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 15 Feb 2013 17:32:55 +0100 (CET) (envelope-from h.schmalzbauer@omnilan.de) Message-ID: <511E61F5.1000805@omnilan.de> Date: Fri, 15 Feb 2013 17:27:33 +0100 From: Harald Schmalzbauer Organization: OmniLAN User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-DE; rv:1.9.2.8) Gecko/20100906 Lightning/1.0b2 Thunderbird/3.1.2 MIME-Version: 1.0 To: freebsd-stable@freebsd.org, freebsd-jail@freebsd.org Subject: new jail(8) ignoring devfs_ruleset? X-Enigmail-Version: 1.1.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigA0A96BBCFE6E7906134D658A" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Feb 2013 16:27:50 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigA0A96BBCFE6E7906134D658A Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Hello, like already posted, on 9.1-R, I highly appreciate the new jail(8) and jail.conf capabilities. Thanks for that extension! Accidentally I saw that "devfs_ruleset" seems to be ignored. If I list /dev/ I see all the hosts disk devices etc. I set "devfs_ruleset =3D 4;" and "enforce_statfs =3D 1;" in jail.conf. Inside the jail, sysctl security.jail.devfs_ruleset returnes "1". But like mentioned, I can access all devices... Thanks for any help, -Harry (not subscribed to freebsd-jail@) --------------enigA0A96BBCFE6E7906134D658A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAlEeYf0ACgkQLDqVQ9VXb8hE4wCgvsxHV/2So2JRMsbARy8wp6M5 FMQAoMVB6EtJo/1rHTZryPN4as3LPObG =7PSm -----END PGP SIGNATURE----- --------------enigA0A96BBCFE6E7906134D658A-- From owner-freebsd-jail@FreeBSD.ORG Fri Feb 15 17:07:32 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id D072CE95; Fri, 15 Feb 2013 17:07:32 +0000 (UTC) (envelope-from h.schmalzbauer@omnilan.de) Received: from host.omnilan.net (s1.omnilan.net [62.245.232.135]) by mx1.freebsd.org (Postfix) with ESMTP id 5D599967; Fri, 15 Feb 2013 17:07:31 +0000 (UTC) Received: from titan.inop.wdn.omnilan.net (titan.inop.wdn.omnilan.net [172.21.3.1]) (authenticated bits=0) by host.omnilan.net (8.13.8/8.13.8) with ESMTP id r1FHCh2s095918 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 15 Feb 2013 18:12:43 +0100 (CET) (envelope-from h.schmalzbauer@omnilan.de) Message-ID: <511E6B52.4020203@omnilan.de> Date: Fri, 15 Feb 2013 18:07:30 +0100 From: Harald Schmalzbauer Organization: OmniLAN User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-DE; rv:1.9.2.8) Gecko/20100906 Lightning/1.0b2 Thunderbird/3.1.2 MIME-Version: 1.0 To: Mateusz Guzik , freebsd-jail@freebsd.org Subject: Re: mount lag, umounting returns wrong "Device busy" References: <511E65A4.1050304@omnilan.de> <20130215165052.GA11727@dft-labs.eu> In-Reply-To: <20130215165052.GA11727@dft-labs.eu> X-Enigmail-Version: 1.1.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig438B4AF40B8778F9AB84DB45" Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Feb 2013 17:07:32 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig438B4AF40B8778F9AB84DB45 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable schrieb Mateusz Guzik am 15.02.2013 17:50 (localtime): > On Fri, Feb 15, 2013 at 05:43:16PM +0100, Harald Schmalzbauer wrote: >> Hello, >> >> while playing with new jail features, I recognized that manually >> umounting doesn't work as I'd expect. >> After jail has been destroyed, the following mountpoint is active: >> /dev/gpt/jailname1ROOT on /.jail.jailname1 (ufs, local, read-only)= >> >> There was var mounted to /.jail.jailname1/var but that sucessfully umo= unted. >> 'fstat' also shows no open files in /.jail.jailname1 >> >> But when I do 'umount /.jail.jailname' I get "Device busy" returned. >> Some minutes later umounting works. >> But I always have to wait some time, although nothing is open and >> nothing is mounted above. >> >> Does anybody have an idea what could cause that false "Device busy"? >> > My guess is that the jail was not dead yet and it held a reference for > /.jail.jailname1's vnode. > > jls -v should show the jail. > > I don't know if this can happen, but my guess is that not-yet-expired > network connections hold reference to a jail preventing it from being > destroyed. So I would definitely checkout netstat output. There may be > other posibilities, but nothing obvious comes to my mind at the moment.= Good hint, I found out that returning the NIC (using jail with vnet) takes some time and as soon as the NIC shows up back in the host, I also can umount the jail's root mount point. I have no idea about the internals of moving NICs. Is it "normal" that it takes some time to return the NIC? Almost every time I remove the jail (jail -r), I have to issue the command twice. First, I see services getting stoped, but then the line: jail: kevent: No such process 'jail -r' cancels at that point (jls shows it active) After the second 'jail -r' I get the following lines: =2E Terminated gentlemail: removed umount: unmount of /.jail.jailname1 failed: Device busy Then 'jls' doesn't list the jail anymore, but the NIC still doesn't show up in the hosts network stack. And that's the cause for keeping the root mountpoint busy... Could that be related to the wrong umount-order with 'jail -r'? Thanks, -Harry --------------enig438B4AF40B8778F9AB84DB45 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAlEea1IACgkQLDqVQ9VXb8hQeQCZAaGLpTShJ23DaP4r/O19eNqv FTsAoLqq0uyH6g1fL2GfuTRMzsBxzDA3 =caNc -----END PGP SIGNATURE----- --------------enig438B4AF40B8778F9AB84DB45-- From owner-freebsd-jail@FreeBSD.ORG Fri Feb 15 23:40:22 2013 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 20E1A211; Fri, 15 Feb 2013 23:40:22 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) by mx1.freebsd.org (Postfix) with ESMTP id EB610DEC; Fri, 15 Feb 2013 23:40:21 +0000 (UTC) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id r1FNeEpo043095; Fri, 15 Feb 2013 16:40:15 -0700 (MST) (envelope-from jamie@FreeBSD.org) Message-ID: <511EC759.4060704@FreeBSD.org> Date: Fri, 15 Feb 2013 16:40:09 -0700 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0) Gecko/20120126 Thunderbird/9.0 MIME-Version: 1.0 To: Harald Schmalzbauer Subject: Re: new jail(8) ignoring devfs_ruleset? References: <511E61F5.1000805@omnilan.de> In-Reply-To: <511E61F5.1000805@omnilan.de> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org, freebsd-stable@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Feb 2013 23:40:22 -0000 On 02/15/13 09:27, Harald Schmalzbauer wrote: > Hello, > > like already posted, on 9.1-R, I highly appreciate the new jail(8) and > jail.conf capabilities. Thanks for that extension! > > Accidentally I saw that "devfs_ruleset" seems to be ignored. > If I list /dev/ I see all the hosts disk devices etc. > I set "devfs_ruleset = 4;" and "enforce_statfs = 1;" in jail.conf. > Inside the jail, > sysctl security.jail.devfs_ruleset returnes "1". > But like mentioned, I can access all devices... > > Thanks for any help, > > -Harry devfs_ruleset is only used along with mount.devfs - do you also have that set in jail.conf? - Jamie From owner-freebsd-jail@FreeBSD.ORG Sat Feb 16 19:20:31 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 541BEFAF for ; Sat, 16 Feb 2013 19:20:31 +0000 (UTC) (envelope-from zaphod@berentweb.com) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) by mx1.freebsd.org (Postfix) with ESMTP id 27924979 for ; Sat, 16 Feb 2013 19:20:30 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1U6nJ9-0001p6-Ir for freebsd-jail@freebsd.org; Sat, 16 Feb 2013 11:20:23 -0800 Date: Sat, 16 Feb 2013 11:20:23 -0800 (PST) From: Beeblebrox To: freebsd-jail@freebsd.org Message-ID: <1361042423579-5787659.post@n5.nabble.com> In-Reply-To: <1359748645583-5783036.post@n5.nabble.com> References: <1359748645583-5783036.post@n5.nabble.com> Subject: Re: "No bpf devices" problem in jail MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Feb 2013 19:20:31 -0000 [solved] Thank you, Jamie Gritton devfs needs to be mounted - check for that. Although I had it in fstab.jailname, it was not mounting. /etc/jail.conf entries changed & corrected as below. When /dev is mounted in the jail, devfs.rules also gets invoked. mount.devfs; # Above line is THE key exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; pxe { name = pxe; host.hostname = radulf.org; interface = re0; ip4.addr = 192.168.2.1/24; #setting subnet to /32 breaks tftp path = /data/amd64; allow.raw_sockets = 1; enforce_statfs = 2; # detail level file sys info - 2 is least. mount.fstab = /etc/fstab.pxe; devfs_ruleset = 11; } -- View this message in context: http://freebsd.1045724.n5.nabble.com/No-bpf-devices-problem-in-jail-tp5783036p5787659.html Sent from the freebsd-jail mailing list archive at Nabble.com.