From owner-freebsd-jail@freebsd.org Wed Apr 3 21:29:25 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1CB0F1553F0B for ; Wed, 3 Apr 2019 21:29:25 +0000 (UTC) (envelope-from freebsd-en@lists.vlassakakis.de) Received: from dd14614.kasserver.com (dd14614.kasserver.com [85.13.136.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6C1796E775 for ; Wed, 3 Apr 2019 21:29:24 +0000 (UTC) (envelope-from freebsd-en@lists.vlassakakis.de) Received: from dd14614.kasserver.com (dd0802.kasserver.com [85.13.143.1]) by dd14614.kasserver.com (Postfix) with ESMTPSA id 0121443C26B5 for ; Wed, 3 Apr 2019 23:22:25 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-SenderIP: 80.146.120.79 User-Agent: ALL-INKL Webmail 2.11 Subject: exec.clean not working correctly on FreeBSD 12.0-RELEASE-p3? From: freebsd-en@lists.vlassakakis.de To: freebsd-jail@freebsd.org Message-Id: <20190403212225.0121443C26B5@dd14614.kasserver.com> Date: Wed, 3 Apr 2019 23:22:25 +0200 (CEST) X-Rspamd-Queue-Id: 6C1796E775 X-Spamd-Bar: +++ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [3.42 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; IP_SCORE(0.27)[ip: (0.45), ipnet: 85.13.136.0/24(0.23), asn: 34788(0.67), country: DE(-0.01)]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_SPAM_MEDIUM(0.86)[0.859,0]; DMARC_NA(0.00)[vlassakakis.de]; MX_GOOD(-0.01)[cached: lists.vlassakakis.de]; NEURAL_SPAM_LONG(0.78)[0.785,0]; FROM_NO_DN(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[14.136.13.85.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; NEURAL_HAM_SHORT(-0.38)[-0.382,0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:34788, ipnet:85.13.136.0/24, country:DE]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Apr 2019 21:29:25 -0000 Hi, I noticed that exec.clean does not work correctly on FreeBSD 12.0-RELEASE-p3. Can anyone confirm this? root@server1:~ # freebsd-version -kru 12.0-RELEASE-p3 12.0-RELEASE-p3 12.0-RELEASE-p3 /etc/jail.conf: [...] Some VNET-Stuff and other options [...] exec.clean; testjail { host.hostname = "testjail.XXX.XXX.XXX"; path = "/jails/0536b986-5643-11e9-81db-4ccc6a0aa478/base/"; $epair = "epair0"; } If i use "exec.clean" inside my Jail-Definition, it doesn't work either. /etc/jail.conf: [...] Some VNET-Stuff and other options [...] testjail { host.hostname = "testjail.XXX.XXX.XXX"; path = "/jails/0536b986-5643-11e9-81db-4ccc6a0aa478/base/"; $epair = "epair0"; exec.clean; } root@server1:~ # jexec testjail root@testjail:/ # printenv USER=root LOGNAME=root HOME=/root MAIL=/var/mail/root PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin TERM=xterm-256color BLOCKSIZE=K SHELL=/bin/csh SSH_CLIENT=80.XXX.XXX.XXX 62416 40443 SSH_CONNECTION=80.XXX.XXX.XXX 62416 194.XXX.XXX.XXX 40443 SSH_TTY=/dev/pts/0 HOSTTYPE=FreeBSD VENDOR=amd OSTYPE=FreeBSD MACHTYPE=x86_64 SHLVL=2 PWD=/ GROUP=wheel HOST=testjail.XXX.XXX.XXX REMOTEHOST=XXXXXXXXX EDITOR=vim PAGER=less ----------------- If i use "jexec -l", it works fine. root@server1:~ # jexec -l testjail root@testjail:~ # printenv SHELL=/bin/csh HOME=/root USER=root BLOCKSIZE=K MAIL=/var/mail/root PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin TERM=xterm-256color HOSTTYPE=FreeBSD VENDOR=amd OSTYPE=FreeBSD MACHTYPE=x86_64 SHLVL=1 PWD=/root LOGNAME=root GROUP=wheel HOST=testjail.XXX.XXX.XXX EDITOR=vim PAGER=less Any suggestions? Regards Philipp From owner-freebsd-jail@freebsd.org Thu Apr 4 16:17:42 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ABCE21575C8D for ; Thu, 4 Apr 2019 16:17:42 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [199.192.165.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 103AF80C51 for ; Thu, 4 Apr 2019 16:17:41 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org ([127.0.0.131]) by gritton.org (8.15.2/8.15.2) with ESMTP id x34FqJph051326 for ; Thu, 4 Apr 2019 09:52:20 -0600 (MDT) (envelope-from jamie@freebsd.org) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 04 Apr 2019 09:52:19 -0600 From: James Gritton To: freebsd-jail@freebsd.org Subject: Re: exec.clean not working correctly on FreeBSD 12.0-RELEASE-p3? In-Reply-To: <20190403212225.0121443C26B5@dd14614.kasserver.com> References: <20190403212225.0121443C26B5@dd14614.kasserver.com> Message-ID: X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.3.8 X-Greylist: inspected by milter-greylist-4.6.2 (gritton.org [127.0.0.131]); Thu, 04 Apr 2019 09:52:20 -0600 (MDT) for IP:'127.0.0.131' DOMAIN:'[127.0.0.131]' HELO:'gritton.org' FROM:'jamie@freebsd.org' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (gritton.org [127.0.0.131]); Thu, 04 Apr 2019 09:52:20 -0600 (MDT) X-Rspamd-Queue-Id: 103AF80C51 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.95 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.95)[-0.952,0]; ASN(0.00)[asn:30247, ipnet:199.192.164.0/22, country:US] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Apr 2019 16:17:42 -0000 On 2019-04-03 15:22, freebsd-en@lists.vlassakakis.de wrote: > Hi, > > I noticed that exec.clean does not work correctly on FreeBSD > 12.0-RELEASE-p3. > Can anyone confirm this? > > root@server1:~ # freebsd-version -kru > 12.0-RELEASE-p3 > 12.0-RELEASE-p3 > 12.0-RELEASE-p3 > > > /etc/jail.conf: > [...] > Some VNET-Stuff and other options > [...] > exec.clean; > > testjail { > host.hostname = "testjail.XXX.XXX.XXX"; > path = > "/jails/0536b986-5643-11e9-81db-4ccc6a0aa478/base/"; > $epair = "epair0"; > } > > > If i use "exec.clean" inside my Jail-Definition, it doesn't work > either. > > /etc/jail.conf: > [...] > Some VNET-Stuff and other options > [...] > > testjail { > host.hostname = "testjail.XXX.XXX.XXX"; > path = > "/jails/0536b986-5643-11e9-81db-4ccc6a0aa478/base/"; > $epair = "epair0"; > exec.clean; > } > > root@server1:~ # jexec testjail > root@testjail:/ # printenv > USER=root > LOGNAME=root > HOME=/root > MAIL=/var/mail/root > PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin > TERM=xterm-256color > BLOCKSIZE=K > SHELL=/bin/csh > SSH_CLIENT=80.XXX.XXX.XXX 62416 40443 > SSH_CONNECTION=80.XXX.XXX.XXX 62416 194.XXX.XXX.XXX 40443 > SSH_TTY=/dev/pts/0 > HOSTTYPE=FreeBSD > VENDOR=amd > OSTYPE=FreeBSD > MACHTYPE=x86_64 > SHLVL=2 > PWD=/ > GROUP=wheel > HOST=testjail.XXX.XXX.XXX > REMOTEHOST=XXXXXXXXX > EDITOR=vim > PAGER=less > > > ----------------- > > If i use "jexec -l", it works fine. > > root@server1:~ # jexec -l testjail > root@testjail:~ # printenv > SHELL=/bin/csh > HOME=/root > USER=root > BLOCKSIZE=K > MAIL=/var/mail/root > PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin > TERM=xterm-256color > HOSTTYPE=FreeBSD > VENDOR=amd > OSTYPE=FreeBSD > MACHTYPE=x86_64 > SHLVL=1 > PWD=/root > LOGNAME=root > GROUP=wheel > HOST=testjail.XXX.XXX.XXX > EDITOR=vim > PAGER=less > > > Any suggestions? This isn't a problem in exec.clean per se, but in jexec(8). Nothing in the jail.conf file is even peeked at by jexec, which communicates only with the kernel. So the "-l" is necessary to get the same effect that exec.clean gives on jail creation. - Jamie