From nobody Tue Jun 22 00:51:32 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 89BF711D89BD for ; Tue, 22 Jun 2021 00:51:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4G87BX3RD1z3QQM for ; Tue, 22 Jun 2021 00:51:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5E3D72748C for ; Tue, 22 Jun 2021 00:51:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 15M0pWio090002 for ; Tue, 22 Jun 2021 00:51:32 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 15M0pWMG090001 for jail@FreeBSD.org; Tue, 22 Jun 2021 00:51:32 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 245236] [suggestion] change the default shell for jexec Date: Tue, 22 Jun 2021 00:51:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: Unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D245236 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |jail@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Jun 22 01:13:44 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7BA7911DDEDD for ; Tue, 22 Jun 2021 01:13:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4G87hB31D1z3pYg for ; Tue, 22 Jun 2021 01:13:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5099627A44 for ; Tue, 22 Jun 2021 01:13:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 15M1DkNM098965 for ; Tue, 22 Jun 2021 01:13:46 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 15M1DkHN098964 for jail@FreeBSD.org; Tue, 22 Jun 2021 01:13:46 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 233310] jails: Modularize configuration system (conf.d) Date: Tue, 22 Jun 2021 01:13:44 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: feature, needs-patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: mfc-stable13? mfc-stable12? X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233310 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |jail@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Jun 22 01:33:55 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 9D9965D4010 for ; Tue, 22 Jun 2021 01:33:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4G887R41r7z4Rmc for ; Tue, 22 Jun 2021 01:33:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 733E827E9E for ; Tue, 22 Jun 2021 01:33:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 15M1XtV7010172 for ; Tue, 22 Jun 2021 01:33:55 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 15M1Xt4c010171 for jail@FreeBSD.org; Tue, 22 Jun 2021 01:33:55 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 245236] [suggestion] change the default shell for jexec Date: Tue, 22 Jun 2021 01:33:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: Unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: dvl@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D245236 Dan Langille changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dvl@FreeBSD.org --- Comment #1 from Dan Langille --- Perhaps you are getting the bash shell: $ sudo jexec 28 /usr/local/bin/bash [root@test-nginx01:/] # echo $SHELL /bin/csh That is my bash prompt for the given shell. Same jail: $ bash [dan@test-nginx01:~] $ echo $SHELL /bin/sh I get similar results on other jails & hosts: [dan@slocum:~] $ echo $SHELL /bin/sh --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Jun 22 01:45:21 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 10EF35D4C39 for ; Tue, 22 Jun 2021 01:45:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4G88Nc6yGlz4Sl1 for ; Tue, 22 Jun 2021 01:45:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D7AE91A0 for ; Tue, 22 Jun 2021 01:45:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 15M1jKU2014622 for ; Tue, 22 Jun 2021 01:45:20 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 15M1jKgl014621 for jail@FreeBSD.org; Tue, 22 Jun 2021 01:45:20 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 245236] [suggestion] change the default shell for jexec Date: Tue, 22 Jun 2021 01:45:21 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: Unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: dewayne@heuristicsystems.com.au X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D245236 --- Comment #2 from dewayne@heuristicsystems.com.au --- (In reply to Please from comment #0) Perhaps changing the shell in /etc/master.passwd will solve the problem? Running as root using csh. When I define two users bob uses /bin/sh, alice = uses /bin/tcsh using vipw. # jexec -U bob testjail $ echo $SHELL /bin/sh # jexec -U alice testjail > echo $SHELL /bin/tcsh # jexec -U bob testjail /bin/sh -c 'echo $SHELL' /bin/sh # jexec -U alice testjail /bin/sh -c 'echo $SHELL' /bin/tcsh which works nicely.=20 However with # jexec -U bob testjail echo $SHELL /bin/csh The SHELL variable has been evaluated before entering the jail, while # jexec -U alice testjail sysctl kern.hostname kern.hostname: testjail With your example #jexec 1 /usr/local/bin/bash #echo $SHELL /bin/csh You're invoking the bash shell, which you are working in, within the jail, = but examining the jailed user's SHELL variable, defined in passwd (or some dot file) I hope this is helpful and I suspect does what is expected. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Jun 22 02:11:56 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C2BDA5D69C8 for ; Tue, 22 Jun 2021 02:11:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4G88zJ55F9z4WBY for ; Tue, 22 Jun 2021 02:11:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 981D378C for ; Tue, 22 Jun 2021 02:11:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 15M2BuGq031722 for ; Tue, 22 Jun 2021 02:11:56 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 15M2BuA3031721 for jail@FreeBSD.org; Tue, 22 Jun 2021 02:11:56 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 233310] jails: Modularize configuration system (conf.d) Date: Tue, 22 Jun 2021 02:11:56 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: feature, needs-patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: joeb1@a1poweruser.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: mfc-stable13? mfc-stable12? X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233310 joeb1@a1poweruser.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |joeb1@a1poweruser.com --- Comment #9 from joeb1@a1poweruser.com --- The function your talking about adding is all ready there in jail. There is= no restriction in having more that a single jail.conf formatted file as in one= for each jail on the host. All that is needed is a jail start command line to target each individual jail on the host. The jail command allows you to poi= nt to any file no matter its name as long as its formatted with jail statement= s. The qjail utility uses this concept as the standard way of defining and run= ning all it's non-vnet and vnet jails. Would like to see qjail become part of the base system. Comment 3 and comment 4 are also already handled in qjail. And one thing no one has brought up before is that the jail parameters defi= ned in the rc.conf file are depreciated and were scheduled to be removed in rel= ease 11 but are still being carried along forgotten. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Tue Jun 22 06:00:48 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B876E11CC968 for ; Tue, 22 Jun 2021 06:00:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4G8G3N3PB4z4n9l for ; Tue, 22 Jun 2021 06:00:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5CE5B3BB3 for ; Tue, 22 Jun 2021 06:00:48 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 15M60mV4047374 for ; Tue, 22 Jun 2021 06:00:48 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 15M60mQ3047373 for jail@FreeBSD.org; Tue, 22 Jun 2021 06:00:48 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 245236] jexec: Ability to change the default shell Date: Tue, 22 Jun 2021 06:00:48 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: Unspecified X-Bugzilla-Keywords: feature, needs-patch, needs-qa X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: koobs@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status short_desc keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D245236 Kubilay Kocak changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open Summary|[suggestion] change the |jexec: Ability to change |default shell for jexec |the default shell Keywords| |feature, needs-patch, | |needs-qa --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Wed Jun 23 14:34:22 2021 X-Original-To: freebsd-jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 95A1011E5B25 for ; Wed, 23 Jun 2021 14:34:56 +0000 (UTC) (envelope-from david@schlachter.ca) Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4G95Q7546kz4mRv for ; Wed, 23 Jun 2021 14:34:55 +0000 (UTC) (envelope-from david@schlachter.ca) Received: by mail-qt1-x834.google.com with SMTP id e3so2256739qte.0 for ; Wed, 23 Jun 2021 07:34:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=schlachter-ca.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=G4MvUIBZSaRQJRLLDMp7PcgCeLQBKjx5ZR/css4rXt8=; b=Az/v6RkxZ5n7asQmMs+yQ+AHRKQxZ12IOoi9Fkd++4iFAL58uMXmXn7KAL3I2x7u5L 1As1QUwiRxTz30Yg6V81ZG1T3JbWdPIIcCzgrNXN6aQFviuTkOnKVftIL0pXXEgf/uRT +F0KUdJBe16NW2XKlaHDO97K77/PIACdjgDvZOtPuLnVa/a1d8c8ixP1Mg7GN8YIoP8N 8dN5DNf1PLya/84VUKYKZ9OMQgI2Mj+eU2/1NwE1tEWyiMhBqKsHt808SfzCsk7VStk8 472cdo+TxKC7bwdKWmTIymUBGo7XCZm590YLMUrBTEPj+IKt9iZGiILQByr6cBsj7PJw 6VBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=G4MvUIBZSaRQJRLLDMp7PcgCeLQBKjx5ZR/css4rXt8=; b=oAJ4C0TyvixAkljfpAyzVZFCBgtzf7e1mUIacV1vlyTPg+bG9ZXV0wPpHsu55VGpLz Ty8pG77d0bvSaX2jsuRj6a1HZ6NC2t82Yyg0hzxuZ9d2hn5iiu9hCaAileyCTOwdniOF /52aUSNp7iJwoY6nwYLzvFZP8AAeWQQSi7oun5Ugt+gW0zglp/y2YetF13kT7/EsGlyr 2/D6q4wfgYJFe5fLX8KQpYOkN49xJvSMinlEpqOxn1Lhu2LjaAZLJsZSgdQ4kLylOaKs Z9v2SETrr5Jundt7VUa44uP+vMMnqM73kuo6LJ7evzPkP0DfuyfdZAq6DqA+xaCwDCVr Kp8g== X-Gm-Message-State: AOAM530MtN4vOMYWsSqgi7nAvg2c8OFh7R25pG3Ntoesdi2py4r5ZCnT ckMN9BMlGoPRgEE/qrPWt/XLazcyPLJorAOqDUvf56xPhX+Ma+tL X-Google-Smtp-Source: ABdhPJw2hUohU9C9cIWeeyDVOdjH9bxliDdbXCvhyDT+VE9LXcTyAm8ruxxXAAK5t9F+D8YxF6clAn10TBkiV4wTNos= X-Received: by 2002:ac8:5cd6:: with SMTP id s22mr203231qta.15.1624458894290; Wed, 23 Jun 2021 07:34:54 -0700 (PDT) List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 References: <5277b3d5-dd8a-bb45-5dbd-aa9c66d9ce72@rlwinm.de> In-Reply-To: From: David Schlachter Date: Wed, 23 Jun 2021 10:34:22 -0400 Message-ID: Subject: Re: Only root can access a fusefs mount in a jail? To: freebsd-jail@freebsd.org Content-Type: multipart/alternative; boundary="00000000000058cc7105c56fcf5e" X-Rspamd-Queue-Id: 4G95Q7546kz4mRv X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=schlachter-ca.20150623.gappssmtp.com header.s=20150623 header.b=Az/v6Rkx; dmarc=none; spf=pass (mx1.freebsd.org: domain of david@schlachter.ca designates 2607:f8b0:4864:20::834 as permitted sender) smtp.mailfrom=david@schlachter.ca X-Spamd-Result: default: False [-2.50 / 15.00]; RCVD_TLS_ALL(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::834:from]; R_DKIM_ALLOW(-0.20)[schlachter-ca.20150623.gappssmtp.com:s=20150623]; FREEFALL_USER(0.00)[david]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::834:from:127.0.2.255]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[schlachter-ca.20150623.gappssmtp.com:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::834:from]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; DMARC_NA(0.00)[schlachter.ca]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-jail] X-ThisMailContainsUnwantedMimeParts: Y --00000000000058cc7105c56fcf5e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Found the solution =E2=80=94 it wasn't a jail-specific issue. Fusefs mounts= are restricted to the user who mounted them, unless the 'allow_other' flag is set on the mount. So, for another user to access root's fusefs mount, it can be mounted as follows: # sshfs -o uid=3D1001,gid=3D1001,allow_other user@server.tld: /mnt David Le ven. 18 juin 2021, =C3=A0 09 h 00, David Schlachter a =C3=A9crit : > Thanks for your reply! In my jail, root is able to mount a fuse device. I= f > the permissions on the mounted device (and its contents) are 0777, I expe= ct > that all other users in the jail should be able to view the contents of t= he > mount (e.g. cd in to the mount, ls the files, etc). However, even though > the device is mounted and the permissions should allow all other users to > access the mount, only root can actually access it. I want root to be abl= e > to mount the device, and all other users to access it. > --00000000000058cc7105c56fcf5e-- From nobody Thu Jun 24 14:14:25 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 6D0F411CF119 for ; Thu, 24 Jun 2021 14:14:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4G9hw22clyz4Zws for ; Thu, 24 Jun 2021 14:14:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 427601951F for ; Thu, 24 Jun 2021 14:14:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 15OEEQ27015281 for ; Thu, 24 Jun 2021 14:14:26 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 15OEEQdd015280 for jail@FreeBSD.org; Thu, 24 Jun 2021 14:14:26 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 252334] Regression for running jails with fibs Date: Thu, 24 Jun 2021 14:14:25 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: arne@Steinkamm.COM X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D252334 Arne Steinkamm changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |arne@Steinkamm.COM --- Comment #3 from Arne Steinkamm --- Same here with 13.0-RELEASE-p2 FreeBSD --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Jun 25 14:41:00 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 09FA811DD7CE for ; Fri, 25 Jun 2021 14:41:49 +0000 (UTC) (envelope-from freebsd@grem.de) Received: from mail.evolve.de (mail.evolve.de [213.239.217.29]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail.evolve.de", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GBKT71zRxz4dBS for ; Fri, 25 Jun 2021 14:41:43 +0000 (UTC) (envelope-from freebsd@grem.de) Received: by mail.evolve.de (OpenSMTPD) with ESMTP id 9a9862ac for ; Fri, 25 Jun 2021 14:41:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=grem.de; h=date:from:to :subject:message-id:mime-version:content-type :content-transfer-encoding; s=20180501; bh=En2jqGtB7BXVAJl0n1wNA //QPhE=; b=eDBMsDNdq2gEpH8Kgq16gRAiHEDNPErhPIaijROPXraCrrWtgn1Y5 SxmEBUPtRzGfzlwF2HQqvnoCi4rDHiU222r+7QQKsAQBMT28X6zoj3u2oFulrMLo tXcTNK2OGF44z2q8++YyPIHVuUZz4zCKjJKADAQV2ppR7UnJhwUr2CrOZYty8Fxb v7J03PldhWaWm/kD+HZz/ugm/QP6m2nxfQ0Jsvl1w6O1WKfCMaAne4IZSYlJ04Yz 3quWeQxQ80EvGtOesHjnjYPMJ0anfJ+LvxdiR6R0wKmxOWp0AL9iGlpoFM6RTf3I B/XUJOlJ1igJVeu77rCa0j3F/WVf/tR7Q== DomainKey-Signature: a=rsa-sha1; c=nofws; d=grem.de; h=date:from:to :subject:message-id:mime-version:content-type :content-transfer-encoding; q=dns; s=20180501; b=VQb3ZQGm2JtKoRK guBRJMp8uGubAp4kfkxpSKfb4lFTAcP1LlRUoVN8PvXtoIVBxFYXw1GWoqrSxXUs vxmWJ9NwEaMi3HUW5z5F/Elm2bNoR6XoSRMH5obqwRc13eHQsadIpC98s6bZ3F9M Ia82lyeWhsZUrBiT0/7SoBUQovgkOHMzEYSkNztjhaaYv0UZ9JAuplZjd7thH7h+ tLkB7y94RCsR2HR8rqaLrNkgM6wo+daMdzcor7/BCPauBEyr2JbxpwI4VWHroNBt uib237HRNNurIDfv01y0JHP92MLMZqmnZJLB4GloUejZh9+c6wPlHyBlIs9+2m3j AgMTZGg== Received: by mail.evolve.de (OpenSMTPD) with ESMTPSA id 524518e7 (TLSv1.3:AEAD-CHACHA20-POLY1305-SHA256:256:NO) for ; Fri, 25 Jun 2021 14:41:32 +0000 (UTC) Date: Fri, 25 Jun 2021 16:41:00 +0200 From: Michael Gmelin To: jail@freebsd.org Subject: POSIX shared memory and dying jails Message-ID: <20210625164100.73c71055@bsd64.grem.de> X-Face: $wrgCtfdVw_H9WAY?S&9+/F"!41z'L$uo*WzT8miX?kZ~W~Lr5W7v?j0Sde\mwB&/ypo^}> +a'4xMc^^KroE~+v^&^#[B">soBo1y6(TW6#UZiC]o>C6`ej+i Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWJBwe5BQDl LASZU0/LTEWEfHbyj0Txi32+sKrp1Mv944X8/fm1rS+cAAAACXBIWXMAAAsTAAAL EwEAmpwYAAAAB3RJTUUH3wESCxwC7OBhbgAAACFpVFh0Q29tbWVudAAAAAAAQ3Jl YXRlZCB3aXRoIFRoZSBHSU1QbbCXAAAAAghJREFUOMu11DFvEzEUAGCfEhBVFzuq AKkLd0O6VrIQsLXVSZXoWE5N1K3DobBBA9fQpRWc8OkWouaIjedWKiyREOKs+3PY fvalCNjgLVHeF7/3bMtBzV8C/VsQ8tecEgCcDgrzjekwKZ7TwsJZd/ywEKwwP+ZM 8P3drTsAwWn2mpWuDDuYiK1bFs6De0KUUFw0tWxm+D4AIhuuvZqtyWYeO7jQ4Aea 7jUqI+ixhQoHex4WshEvSXdood7stlv4oSuFOC4tqGcr0NjEqXgV4mMJO38nld4+ xKNxRDon7khyKVqY7YR4d+Cg0OMrkWXZOM7YDkEfKiilCn1qYv4mighZiynuHHOA Wq9QJq+BIES7lMFUtcikMnkDGHUoncA+uHgrP0ctIEqfwLHzeSo+eUA66AqzwN6n 2ZHJhw6Qh/PoyC/QENyEyC/AyNjq74Bs+3UH0xYwzDUC4B97HgLocg1QLYgDDO1v f3UX9Y307Ew4AHh67YAFFsxEpkXwpXY3eIgMhAAE3R19L919nNnuD2wlPcDE3UeT L2ytEICQib9BXgS2fU8PrD82ToYO1OEmMSnYTjSqSv9wdC0tPYC+rQRQD9ESnldF CyqfmiYW+tlALt8gH2xrMdC/youbjzPXEun+/ReXsMCDyve3dZc09fn2Oas8oXGc Jj6/fOeK5UmSMPmf/jL+GD8BEj0k/Fn6IO4AAAAASUVORK5CYII= List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4GBKT71zRxz4dBS X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=grem.de header.s=20180501 header.b=eDBMsDNd; dmarc=none; spf=pass (mx1.freebsd.org: domain of freebsd@grem.de designates 213.239.217.29 as permitted sender) smtp.mailfrom=freebsd@grem.de X-Spamd-Result: default: False [-3.50 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[grem.de:s=20180501]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:213.239.217.29/32]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[jail@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[213.239.217.29:from:127.0.2.255]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[grem.de]; DKIM_TRACE(0.00)[grem.de:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[213.239.217.29:from]; ASN(0.00)[asn:24940, ipnet:213.239.192.0/18, country:DE]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[jail] X-ThisMailContainsUnwantedMimeParts: N Hi, It seems like non-anonymous POSIX shared memory is not freed automatically when a jail is removed and keeps it in a dying state, until the shared memory segment is deleted manually. See below for the most basic example: [root@jailhost ~]# jail -c path=/ command=/bin/sh # posixshmcontrol create /removeme # exit [root@jailhost ~]# jls -dv -j shmtest dying true So at this point, the jail is stuck in a dying state. Checking POSIX shared memory segments shows the shared memory segment which is stopping the jail from crossing the Styx: [root@jailhost ~]# posixshmcontrol list MODE OWNER GROUP SIZE PATH rw------- root wheel 0 /removeme After removing the shared memory segment manually... [root@jailhost ~]# posixshmcontrol rm /removeme the jail passes away peacefully: [root@jailhost ~]# jls -dv -j shmtest dying jls: jail "shmtest" not found I wonder if it wouldn't make sense to always remove POSIX shared memory created by a jail automatically when it's removed. Best, Michael -- Michael Gmelin From nobody Fri Jun 25 16:19:05 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 65D6A11E2449 for ; Fri, 25 Jun 2021 16:19:12 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [199.192.165.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4GBMdX1SYHz4kfP for ; Fri, 25 Jun 2021 16:19:12 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org ([127.0.0.131]) (authenticated bits=0) by gritton.org (8.15.2/8.15.2) with ESMTPA id 15PGJ5k4054667; Fri, 25 Jun 2021 09:19:05 -0700 (PDT) (envelope-from jamie@freebsd.org) List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Fri, 25 Jun 2021 09:19:05 -0700 From: James Gritton To: jail@freebsd.org Cc: Michael Gmelin Subject: Re: POSIX shared memory and dying jails In-Reply-To: <20210625164100.73c71055@bsd64.grem.de> References: <20210625164100.73c71055@bsd64.grem.de> User-Agent: Roundcube Webmail/1.4.1 Message-ID: <03809b2655a40134dd802386afa6be7d@freebsd.org> X-Sender: jamie@freebsd.org X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (gritton.org [127.0.0.131]); Fri, 25 Jun 2021 09:19:05 -0700 (PDT) X-Rspamd-Queue-Id: 4GBMdX1SYHz4kfP X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On 2021-06-25 07:41, Michael Gmelin wrote: > It seems like non-anonymous POSIX shared memory is not freed > automatically when a jail is removed and keeps it in a dying state, > until the shared memory segment is deleted manually. > > See below for the most basic example: > > [root@jailhost ~]# jail -c path=/ command=/bin/sh > # posixshmcontrol create /removeme > # exit > [root@jailhost ~]# jls -dv -j shmtest dying > true > > So at this point, the jail is stuck in a dying state. > > Checking POSIX shared memory segments shows the shared memory segment > which is stopping the jail from crossing the Styx: > > [root@jailhost ~]# posixshmcontrol list > MODE OWNER GROUP SIZE PATH > rw------- root wheel 0 /removeme > > After removing the shared memory segment manually... > > [root@jailhost ~]# posixshmcontrol rm /removeme > > the jail passes away peacefully: > > [root@jailhost ~]# jls -dv -j shmtest dying > jls: jail "shmtest" not found > > I wonder if it wouldn't make sense to always remove POSIX shared memory > created by a jail automatically when it's removed. That does seem reasonable, though it would take some bookkeeping to do right. There is currently no concrete idea of a jail's ownership of a POSIX shm object, as it uses only uid and gid for access permissions, same as files. The tie to the jail is in the underlying vm_object, which holds a cred that references the jail - that seems to be what's keeping the jail from going away. Like files, POSIX shared memory is one way a jail may communicate with the rest of the system. So it's theoretically conceivable that shared memory created by a defunct jail my still be in use by a parent jail, in the same way that shared memory created by a defunct process is still visible to other processes, but that may be a rare enough case to disregard. - Jamie From nobody Fri Jun 25 16:58:59 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7F51C11E4754 for ; Fri, 25 Jun 2021 16:59:42 +0000 (UTC) (envelope-from freebsd@grem.de) Received: from mail.evolve.de (mail.evolve.de [213.239.217.29]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail.evolve.de", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GBNXG0q23z4nc2; Fri, 25 Jun 2021 16:59:41 +0000 (UTC) (envelope-from freebsd@grem.de) Received: by mail.evolve.de (OpenSMTPD) with ESMTP id 1d4592f7; Fri, 25 Jun 2021 16:59:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=grem.de; h=date:from:to:cc :subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=20180501; bh=t5DAusLi RoRmETuW4pFyBSnQAiw=; b=W0Qz6TO2NRi3AEnMep7vW/sIaN7PrVmsOzOg3CvT sTcPWgcJc+cvVNollS5DdlzxHMmQ2TTeeT+bY10Gx1vJL6mZN3McOPE9Bzt/pdZ9 3V6V9Pl3Uzr4362xro4yBjjFmRrDc8DE7lntXeSEsb5WecbG6WT66uZkIlmKSRJ0 2bUlZjoYI5xvvepNg54rejvzTAJ8zMCQZgc2vabgGPFJH+OJIk/99ug3JDtHsg/p Y8WuU7SUE4uWu0aQyNbLMKQl0v6QCpo9fGCtJp8oYlcunWVHLlAymxtT3HIJtNcx qirGmL1j9/LM+loHJn47QtFDG6Ylgm7X7IANbNq95wLPZQ== DomainKey-Signature: a=rsa-sha1; c=nofws; d=grem.de; h=date:from:to:cc :subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; q=dns; s=20180501; b=kf cShyqCc3P9djhYfU+JzgQ81fmOstMiSE+Xe083BHF6qM8mTsJRRUl3nX3C83vVGM wO/I8NZ13Vz8gn37GMPEc+j4nppdXWWRSEdSi5a9dz0L0H4Xc5OmeGJtXmZLuJ/D uPwRsUWjtEIwk/WZqMJPPvuaty5qQqPPHYgXq4FZUUKgxuwinKcslZYyj3xZNwrY Qu14aPGe0SRAweQ/SsrVwBwAxf/j20pvkokEGnfHm+gFbA0oY0iPOviJ9DIVcTUj wznJJnHkmxrTYXMZHdfLF+S+/ZGMzoHzuQr6Q0t7V2baylU81vIap9YC1k0CP0iG 2JaaHWna4V/xtBvBWolw== Received: by mail.evolve.de (OpenSMTPD) with ESMTPSA id 8f57da67 (TLSv1.3:AEAD-CHACHA20-POLY1305-SHA256:256:NO); Fri, 25 Jun 2021 16:59:32 +0000 (UTC) Date: Fri, 25 Jun 2021 18:58:59 +0200 From: Michael Gmelin To: James Gritton Cc: jail@freebsd.org, Michael Gmelin Subject: Re: POSIX shared memory and dying jails Message-ID: <20210625185859.40fead46@bsd64.grem.de> In-Reply-To: <03809b2655a40134dd802386afa6be7d@freebsd.org> References: <20210625164100.73c71055@bsd64.grem.de> <03809b2655a40134dd802386afa6be7d@freebsd.org> X-Face: $wrgCtfdVw_H9WAY?S&9+/F"!41z'L$uo*WzT8miX?kZ~W~Lr5W7v?j0Sde\mwB&/ypo^}> +a'4xMc^^KroE~+v^&^#[B">soBo1y6(TW6#UZiC]o>C6`ej+i Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWJBwe5BQDl LASZU0/LTEWEfHbyj0Txi32+sKrp1Mv944X8/fm1rS+cAAAACXBIWXMAAAsTAAAL EwEAmpwYAAAAB3RJTUUH3wESCxwC7OBhbgAAACFpVFh0Q29tbWVudAAAAAAAQ3Jl YXRlZCB3aXRoIFRoZSBHSU1QbbCXAAAAAghJREFUOMu11DFvEzEUAGCfEhBVFzuq AKkLd0O6VrIQsLXVSZXoWE5N1K3DobBBA9fQpRWc8OkWouaIjedWKiyREOKs+3PY fvalCNjgLVHeF7/3bMtBzV8C/VsQ8tecEgCcDgrzjekwKZ7TwsJZd/ywEKwwP+ZM 8P3drTsAwWn2mpWuDDuYiK1bFs6De0KUUFw0tWxm+D4AIhuuvZqtyWYeO7jQ4Aea 7jUqI+ixhQoHex4WshEvSXdood7stlv4oSuFOC4tqGcr0NjEqXgV4mMJO38nld4+ xKNxRDon7khyKVqY7YR4d+Cg0OMrkWXZOM7YDkEfKiilCn1qYv4mighZiynuHHOA Wq9QJq+BIES7lMFUtcikMnkDGHUoncA+uHgrP0ctIEqfwLHzeSo+eUA66AqzwN6n 2ZHJhw6Qh/PoyC/QENyEyC/AyNjq74Bs+3UH0xYwzDUC4B97HgLocg1QLYgDDO1v f3UX9Y307Ew4AHh67YAFFsxEpkXwpXY3eIgMhAAE3R19L919nNnuD2wlPcDE3UeT L2ytEICQib9BXgS2fU8PrD82ToYO1OEmMSnYTjSqSv9wdC0tPYC+rQRQD9ESnldF CyqfmiYW+tlALt8gH2xrMdC/youbjzPXEun+/ReXsMCDyve3dZc09fn2Oas8oXGc Jj6/fOeK5UmSMPmf/jL+GD8BEj0k/Fn6IO4AAAAASUVORK5CYII= List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4GBNXG0q23z4nc2 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On Fri, 25 Jun 2021 09:19:05 -0700 James Gritton wrote: > On 2021-06-25 07:41, Michael Gmelin wrote: > > It seems like non-anonymous POSIX shared memory is not freed > > automatically when a jail is removed and keeps it in a dying state, > > until the shared memory segment is deleted manually. > > > > See below for the most basic example: > > > > [root@jailhost ~]# jail -c path=/ command=/bin/sh > > # posixshmcontrol create /removeme > > # exit > > [root@jailhost ~]# jls -dv -j shmtest dying > > true > > > > So at this point, the jail is stuck in a dying state. > > > > Checking POSIX shared memory segments shows the shared memory > > segment which is stopping the jail from crossing the Styx: > > > > [root@jailhost ~]# posixshmcontrol list > > MODE OWNER GROUP SIZE PATH > > rw------- root wheel 0 /removeme > > > > After removing the shared memory segment manually... > > > > [root@jailhost ~]# posixshmcontrol rm /removeme > > > > the jail passes away peacefully: > > > > [root@jailhost ~]# jls -dv -j shmtest dying > > jls: jail "shmtest" not found > > > > I wonder if it wouldn't make sense to always remove POSIX shared > > memory created by a jail automatically when it's removed. > > That does seem reasonable, though it would take some bookkeeping to do > right. There is currently no concrete idea of a jail's ownership of a > POSIX shm object, as it uses only uid and gid for access permissions, > same as files. The tie to the jail is in the underlying vm_object, > which holds a cred that references the jail - that seems to be what's > keeping the jail from going away. Interesting - I was wondering how that worked, thanks. Would there by a way to cut that tie somehow (for use cases that deliberately want to leave the shared memory segment behind)? > > Like files, POSIX shared memory is one way a jail may communicate with > the rest of the system. So it's theoretically conceivable that shared > memory created by a defunct jail my still be in use by a parent jail, > in the same way that shared memory created by a defunct process is > still visible to other processes, but that may be a rare enough case > to disregard. This could theoretically be controlled by a parameter set on the jail (something like "noposixshmcleanup"), the default being to remove the segments on jail removal. Another problem caused by the lack of jail ownership is that access semantics are a bit strange. E.g., a jail based on / can easily list (and remove) all memory allocations in the system, while for other jails it depends. They can stat their own allocations like in: # posixshmcontrol stat /xyz output as expected... But not list them: # posixshmcontrol ls posixshmcontrol: cannot get kern.ipc.posix_shm_list length: Operation not permitted Probably related to matching the path of the allocation, I didn't look into the code. For practical purposes, we implemented a primitive workaround in the scriptwork stopping jails that simply lists all allocations matching a jail's path and removes them: # Garbage collect POSIX shared memory if command -v posixshmcontrol >/dev/null; then _shm_paths=$( posixshmcontrol ls | cut -f 5 | grep "^$_pdir/" ) for _shm_path in $_shm_paths ; do posixshmcontrol rm "$_shm_path" done fi but having something automatic in the OS would be nice. Or being able to run `posixshmcontrol -j shmtest ls`. Seems like this would be quite some effort though to get it right - also in terms of who can access what - right now, it's simply based on the path, which also gives a lot of flexibility. By the way, this was all triggered by running postgresql in a jail - depending on how it was started (non-persistent/exec.start vs persistent/jexec) it would not clean up after itself when the jail was removed, leading to jails and POSIX shared memory leaking on each jail restart[0]. Probably something about signal handling, but that's material for a different thread :). Best, Michael [0]https://github.com/pizzamig/pot/issues/150 -- Michael Gmelin From nobody Sat Jun 26 03:08:31 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 406FE11E3659 for ; Sat, 26 Jun 2021 03:08:34 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [199.192.165.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4GBf2p0fnVz4jV1 for ; Sat, 26 Jun 2021 03:08:33 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org ([127.0.0.131]) (authenticated bits=0) by gritton.org (8.15.2/8.15.2) with ESMTPA id 15Q38V5E030807; Fri, 25 Jun 2021 20:08:31 -0700 (PDT) (envelope-from jamie@freebsd.org) List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Fri, 25 Jun 2021 20:08:31 -0700 From: James Gritton To: jail@freebsd.org Cc: Michael Gmelin Subject: Re: POSIX shared memory and dying jails In-Reply-To: <20210625185859.40fead46@bsd64.grem.de> References: <20210625164100.73c71055@bsd64.grem.de> <03809b2655a40134dd802386afa6be7d@freebsd.org> <20210625185859.40fead46@bsd64.grem.de> User-Agent: Roundcube Webmail/1.4.1 Message-ID: <75475234c76c97c67a8bd2525669c650@freebsd.org> X-Sender: jamie@freebsd.org X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (gritton.org [127.0.0.131]); Fri, 25 Jun 2021 20:08:31 -0700 (PDT) X-Rspamd-Queue-Id: 4GBf2p0fnVz4jV1 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On 2021-06-25 09:58, Michael Gmelin wrote: > On Fri, 25 Jun 2021 09:19:05 -0700 > James Gritton wrote: > >> On 2021-06-25 07:41, Michael Gmelin wrote: >> > It seems like non-anonymous POSIX shared memory is not freed >> > automatically when a jail is removed and keeps it in a dying state, >> > until the shared memory segment is deleted manually. >> > >> > See below for the most basic example: >> > >> > [root@jailhost ~]# jail -c path=/ command=/bin/sh >> > # posixshmcontrol create /removeme >> > # exit >> > [root@jailhost ~]# jls -dv -j shmtest dying >> > true >> > >> > So at this point, the jail is stuck in a dying state. >> > >> > Checking POSIX shared memory segments shows the shared memory >> > segment which is stopping the jail from crossing the Styx: >> > >> > [root@jailhost ~]# posixshmcontrol list >> > MODE OWNER GROUP SIZE PATH >> > rw------- root wheel 0 /removeme >> > >> > After removing the shared memory segment manually... >> > >> > [root@jailhost ~]# posixshmcontrol rm /removeme >> > >> > the jail passes away peacefully: >> > >> > [root@jailhost ~]# jls -dv -j shmtest dying >> > jls: jail "shmtest" not found >> > >> > I wonder if it wouldn't make sense to always remove POSIX shared >> > memory created by a jail automatically when it's removed. >> >> That does seem reasonable, though it would take some bookkeeping to do >> right. There is currently no concrete idea of a jail's ownership of a >> POSIX shm object, as it uses only uid and gid for access permissions, >> same as files. The tie to the jail is in the underlying vm_object, >> which holds a cred that references the jail - that seems to be what's >> keeping the jail from going away. > > Interesting - I was wondering how that worked, thanks. Would there by a > way to cut that tie somehow (for use cases that deliberately want to > leave the shared memory segment behind)? It might be possible to change vm_object's cred to one that has the same uid/gid but is outside of the jail. The big argument against that is that I don't know enough about the VM subsystem to go poking about there lightly. From the user perspective, you can keep such objects with a little planning ahead: always create them outside of the jail, though using the jail's path in the name (which is how a non-jailed process would refer to it anyway). Then jailed processes can access the shared memory, but won't own it. - Jamie From nobody Sat Jun 26 03:18:39 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0F6B311E3EDF for ; Sat, 26 Jun 2021 03:18:41 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [199.192.165.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4GBfGS6K56z4kQP for ; Sat, 26 Jun 2021 03:18:40 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org ([127.0.0.131]) (authenticated bits=0) by gritton.org (8.15.2/8.15.2) with ESMTPA id 15Q3Id0n031562; Fri, 25 Jun 2021 20:18:39 -0700 (PDT) (envelope-from jamie@freebsd.org) List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Fri, 25 Jun 2021 20:18:39 -0700 From: James Gritton To: jail@freebsd.org Cc: Michael Gmelin Subject: Re: POSIX shared memory and dying jails In-Reply-To: <20210625185859.40fead46@bsd64.grem.de> References: <20210625164100.73c71055@bsd64.grem.de> <03809b2655a40134dd802386afa6be7d@freebsd.org> <20210625185859.40fead46@bsd64.grem.de> User-Agent: Roundcube Webmail/1.4.1 Message-ID: <8d9eb169d7b0072cd6f7ff00f5757842@freebsd.org> X-Sender: jamie@freebsd.org X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (gritton.org [127.0.0.131]); Fri, 25 Jun 2021 20:18:39 -0700 (PDT) X-Rspamd-Queue-Id: 4GBfGS6K56z4kQP X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On 2021-06-25 09:58, Michael Gmelin wrote: > Another problem caused by the lack of jail ownership is that access > semantics are a bit strange. E.g., a jail based on / can easily list > (and remove) all memory allocations in the system, while for other > jails > it depends. They can stat their own allocations like in: > > # posixshmcontrol stat /xyz > output as expected... > > But not list them: > > # posixshmcontrol ls > posixshmcontrol: cannot get kern.ipc.posix_shm_list length: > Operation not permitted > > Probably related to matching the path of the allocation, I didn't look > into the code. That's just a case of the sysctl not being marked as jail-safe. Looking at the code, it's clear that it needs to be altered when called from within a jail, but preventing it is definitely not the right thing. > but having something automatic in the OS would be nice. Or being > able to run `posixshmcontrol -j shmtest ls`. Seems like this would be > quite some effort though to get it right - also in terms of who can > access what - right now, it's simply based on the path, which also > gives > a lot of flexibility. Since access to the shared memory segments themselves is only on file permissions and pathnames, just making a "posixshmcontrol -j" also rely on pathnames actually makes sense. Put this into a bug report, and I'll take a closer look. Probably two different bugs for different issues (listing and automatic removal). - Jamie From nobody Sat Jun 26 08:16:41 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 5F60511CDD61 for ; Sat, 26 Jun 2021 08:16:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GBmtK2Bp4z3p6n for ; Sat, 26 Jun 2021 08:16:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3463B1B650 for ; Sat, 26 Jun 2021 08:16:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 15Q8GfVP097182 for ; Sat, 26 Jun 2021 08:16:41 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 15Q8GfPe097181 for jail@FreeBSD.org; Sat, 26 Jun 2021 08:16:41 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 252334] Regression for running jails with fibs Date: Sat, 26 Jun 2021 08:16:41 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: arne@Steinkamm.COM X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D252334 --- Comment #4 from Arne Steinkamm --- The problem is that you now have to set net.fibs inside the (vnet) jail to = at least the number of the fib the jail is using. Without doing this all network commands working on the on the host side configured fib for the jail will fail because there is only one fib (0) vis= ible inside the jail. I'm not too happy that this has to be configured now inside the jail and th= at the number of fibs is now known inside the jail from a security point of vi= ew. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sat Jun 26 15:13:05 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C181911D769C for ; Sat, 26 Jun 2021 15:13:06 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GBy6p4v1tz4rQs; Sat, 26 Jun 2021 15:13:06 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-qt1-x82e.google.com with SMTP id w26so9813306qto.13; Sat, 26 Jun 2021 08:13:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=Lp8KDz5LmTTACFh0hrQcBFRtelpEXld1W2cI0r0ZBG0=; b=ChHYu7+UYL3bTbOTVHIUqj8Y6GDAfv9mdJ4PQZPLkUZvjNrvcX35LpAI/apSTtPf0D dZ0LNUo5j7cbExjJlg+yX15rMdKjJ0mrGxLuT9EHa2UjZjIoj8AcVsYhUhEnJhbXF45+ rAid1+z2diifQ8u+/mfhB8JWbZnEV7K+s3I1pDYGPxNY5W4d/7sh170HvgSbYzhaHsJC q+lNkIiFL87vm/nni3+w+yFxoQrElmkOgUeMHkI9zWGHujQ8crTzj+lB/nCuJZE6zFUT 8BXO0I4+ZHytWsQhoOb+M/vbVvPl2DAmWGmoAuTYtxS8j1QRWf22oA+AlVOsERfetb3M GwUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to; bh=Lp8KDz5LmTTACFh0hrQcBFRtelpEXld1W2cI0r0ZBG0=; b=UcSajB269fQRpw4Np5j5o8rOhciaZsA0oD6eZn2OPe9dX2R3uJ7MoY/TG8m6OhXQ9L gfYHx+8fxBaxod5TgEdOCNqadnZquvk9L9Ui6tRVynnZ/iJeP3/Vegu3x7BV+oKTckQ+ OI5IBork3yD1c1BLGxcvGMoYPvvvk8zjPBjiYysWV4wkORJg8vQd1tnmluT3tCwroibv LKt/bsIfGlraqLEIgKbtlt0852OXsOZj4wofzsdVHym/Yld3BsRUZUAp7mf3PY3dfWwV OJAm/Jo039VorFV0wMDdwB6kedy9PDUWKugcSWsX+qyly1SzgtdJoJ8FgmYPArES9weF a7FQ== X-Gm-Message-State: AOAM531idyRt8H+o5gOqhJdAihz7id2HyWLr9hOPDhmL2odrf45ON3iF nmoPvPyzrsCOv1gu+lPLEz6SHgM9acUCug== X-Google-Smtp-Source: ABdhPJycRkhcYrDy61peW8dK7BZoHX8FyybrJfRyG4Zhk9wOd4f/ihnlcC6dIiGJYfdVSuD01PlqKg== X-Received: by 2002:ac8:5c48:: with SMTP id j8mr14239896qtj.154.1624720385238; Sat, 26 Jun 2021 08:13:05 -0700 (PDT) Received: from nuc (bras-base-toroon0560w-grc-73-184-146-17-79.dsl.bell.ca. [184.146.17.79]) by smtp.gmail.com with ESMTPSA id e6sm2629909qkg.12.2021.06.26.08.13.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 26 Jun 2021 08:13:04 -0700 (PDT) Date: Sat, 26 Jun 2021 11:13:05 -0400 From: Mark Johnston To: James Gritton Cc: jail@freebsd.org, Michael Gmelin , cyril@freebsdfoundation.org Subject: Re: POSIX shared memory and dying jails Message-ID: References: <20210625164100.73c71055@bsd64.grem.de> <03809b2655a40134dd802386afa6be7d@freebsd.org> <20210625185859.40fead46@bsd64.grem.de> <75475234c76c97c67a8bd2525669c650@freebsd.org> List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <75475234c76c97c67a8bd2525669c650@freebsd.org> X-Rspamd-Queue-Id: 4GBy6p4v1tz4rQs X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On Fri, Jun 25, 2021 at 08:08:31PM -0700, James Gritton wrote: > On 2021-06-25 09:58, Michael Gmelin wrote: > > On Fri, 25 Jun 2021 09:19:05 -0700 > > James Gritton wrote: > > > >> On 2021-06-25 07:41, Michael Gmelin wrote: > >> > It seems like non-anonymous POSIX shared memory is not freed > >> > automatically when a jail is removed and keeps it in a dying state, > >> > until the shared memory segment is deleted manually. > >> > > >> > See below for the most basic example: > >> > > >> > [root@jailhost ~]# jail -c path=/ command=/bin/sh > >> > # posixshmcontrol create /removeme > >> > # exit > >> > [root@jailhost ~]# jls -dv -j shmtest dying > >> > true > >> > > >> > So at this point, the jail is stuck in a dying state. > >> > > >> > Checking POSIX shared memory segments shows the shared memory > >> > segment which is stopping the jail from crossing the Styx: > >> > > >> > [root@jailhost ~]# posixshmcontrol list > >> > MODE OWNER GROUP SIZE PATH > >> > rw------- root wheel 0 /removeme > >> > > >> > After removing the shared memory segment manually... > >> > > >> > [root@jailhost ~]# posixshmcontrol rm /removeme > >> > > >> > the jail passes away peacefully: > >> > > >> > [root@jailhost ~]# jls -dv -j shmtest dying > >> > jls: jail "shmtest" not found > >> > > >> > I wonder if it wouldn't make sense to always remove POSIX shared > >> > memory created by a jail automatically when it's removed. Cyril ran into exactly this problem when adding racct support for POSIX shared memory. In particular, we'd like to be able to limit the number and total size of POSIX shared memory objects belonging to a given jail. Aside from the problem of the leaked credential, the current behaviour of not destroying objects created in a jail makes accounting more complicated. One possibility is to somehow re-home any shm objects that exist when the jail is destroyed, and transfer the accounting as well. > >> > >> That does seem reasonable, though it would take some bookkeeping to do > >> right. There is currently no concrete idea of a jail's ownership of a > >> POSIX shm object, as it uses only uid and gid for access permissions, > >> same as files. The tie to the jail is in the underlying vm_object, > >> which holds a cred that references the jail - that seems to be what's > >> keeping the jail from going away. > > > > Interesting - I was wondering how that worked, thanks. Would there by a > > way to cut that tie somehow (for use cases that deliberately want to > > leave the shared memory segment behind)? > > It might be possible to change vm_object's cred to one that has the > same uid/gid but is outside of the jail. The big argument against > that is that I don't know enough about the VM subsystem to go poking > about there lightly. When we looked at this problem, it seemed the intent was for POSIX shared memory objects to behave like filesystem objects: jailed processes can create shm objects in the jail's filesystem namespace, and such objects are not removed when the jail goes away. Moreover, jails sharing a filesystem root also share a POSIX shm namespace. I think the semantic of tying shm objects to the lifetime of the creator's jail is more natural, even though it diverges from the treatment of filesystem objects. It also avoids the problem of having to figure out whether it's ok to switch the object's credential. > From the user perspective, you can keep such objects with a little > planning ahead: always create them outside of the jail, though using > the jail's path in the name (which is how a non-jailed process would > refer to it anyway). Then jailed processes can access the shared > memory, but won't own it. If a process in the host holds a jailed object open, and the jail is destroyed (unlinking the object from the jail's namespace), would the process' reference still cause the jail to linger in the dying state? From nobody Sat Jun 26 17:11:08 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 948D511DD6C0 for ; Sat, 26 Jun 2021 17:11:16 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [199.192.165.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4GC0l82wMfz3FpB; Sat, 26 Jun 2021 17:11:16 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org ([127.0.0.131]) (authenticated bits=0) by gritton.org (8.15.2/8.15.2) with ESMTPA id 15QHB8BO006770; Sat, 26 Jun 2021 10:11:08 -0700 (PDT) (envelope-from jamie@freebsd.org) List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Sat, 26 Jun 2021 10:11:08 -0700 From: James Gritton To: jail@freebsd.org Cc: Mark Johnston , Michael Gmelin , cyril@freebsdfoundation.org Subject: Re: POSIX shared memory and dying jails In-Reply-To: References: <20210625164100.73c71055@bsd64.grem.de> <03809b2655a40134dd802386afa6be7d@freebsd.org> <20210625185859.40fead46@bsd64.grem.de> <75475234c76c97c67a8bd2525669c650@freebsd.org> User-Agent: Roundcube Webmail/1.4.1 Message-ID: <0589a80532968d0f6fe12f2501308b77@freebsd.org> X-Sender: jamie@freebsd.org X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (gritton.org [127.0.0.131]); Sat, 26 Jun 2021 10:11:09 -0700 (PDT) X-Rspamd-Queue-Id: 4GC0l82wMfz3FpB X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N On 2021-06-26 08:13, Mark Johnston wrote: > On Fri, Jun 25, 2021 at 08:08:31PM -0700, James Gritton wrote: >> On 2021-06-25 09:58, Michael Gmelin wrote: >> > On Fri, 25 Jun 2021 09:19:05 -0700 >> > James Gritton wrote: >> > >> >> On 2021-06-25 07:41, Michael Gmelin wrote: >> >> > It seems like non-anonymous POSIX shared memory is not freed >> >> > automatically when a jail is removed and keeps it in a dying state, >> >> > until the shared memory segment is deleted manually. >> >> > >> >> > See below for the most basic example: >> >> > >> >> > [root@jailhost ~]# jail -c path=/ command=/bin/sh >> >> > # posixshmcontrol create /removeme >> >> > # exit >> >> > [root@jailhost ~]# jls -dv -j shmtest dying >> >> > true >> >> > >> >> > So at this point, the jail is stuck in a dying state. >> >> > >> >> > Checking POSIX shared memory segments shows the shared memory >> >> > segment which is stopping the jail from crossing the Styx: >> >> > >> >> > [root@jailhost ~]# posixshmcontrol list >> >> > MODE OWNER GROUP SIZE PATH >> >> > rw------- root wheel 0 /removeme >> >> > >> >> > After removing the shared memory segment manually... >> >> > >> >> > [root@jailhost ~]# posixshmcontrol rm /removeme >> >> > >> >> > the jail passes away peacefully: >> >> > >> >> > [root@jailhost ~]# jls -dv -j shmtest dying >> >> > jls: jail "shmtest" not found >> >> > >> >> > I wonder if it wouldn't make sense to always remove POSIX shared >> >> > memory created by a jail automatically when it's removed. > > Cyril ran into exactly this problem when adding racct support for POSIX > shared memory. In particular, we'd like to be able to limit the number > and total size of POSIX shared memory objects belonging to a given > jail. > > Aside from the problem of the leaked credential, the current behaviour > of not destroying objects created in a jail makes accounting more > complicated. One possibility is to somehow re-home any shm objects > that > exist when the jail is destroyed, and transfer the accounting as well. > >> >> >> >> That does seem reasonable, though it would take some bookkeeping to do >> >> right. There is currently no concrete idea of a jail's ownership of a >> >> POSIX shm object, as it uses only uid and gid for access permissions, >> >> same as files. The tie to the jail is in the underlying vm_object, >> >> which holds a cred that references the jail - that seems to be what's >> >> keeping the jail from going away. >> > >> > Interesting - I was wondering how that worked, thanks. Would there by a >> > way to cut that tie somehow (for use cases that deliberately want to >> > leave the shared memory segment behind)? >> >> It might be possible to change vm_object's cred to one that has the >> same uid/gid but is outside of the jail. The big argument against >> that is that I don't know enough about the VM subsystem to go poking >> about there lightly. > > When we looked at this problem, it seemed the intent was for POSIX > shared memory objects to behave like filesystem objects: jailed > processes can create shm objects in the jail's filesystem namespace, > and > such objects are not removed when the jail goes away. Moreover, jails > sharing a filesystem root also share a POSIX shm namespace. > > I think the semantic of tying shm objects to the lifetime of the > creator's jail is more natural, even though it diverges from the > treatment of filesystem objects. It also avoids the problem of having > to figure out whether it's ok to switch the object's credential. I prefer that one too. It's cleaner in execution, and fits with the idea of jails being vm-lite - when the jail goes away, so do the ephemeral things it owns. >> From the user perspective, you can keep such objects with a little >> planning ahead: always create them outside of the jail, though using >> the jail's path in the name (which is how a non-jailed process would >> refer to it anyway). Then jailed processes can access the shared >> memory, but won't own it. > > If a process in the host holds a jailed object open, and the jail is > destroyed (unlinking the object from the jail's namespace), would the > process' reference still cause the jail to linger in the dying state? Yes, it would remain dying until all references to the object are gone. But I'm fine with that situation. Even if it's for an arbitrarily long time, it's not bad behavior unless dying jails are just stuck with no reasonable chance of going away. - Jamie From nobody Sun Jun 27 15:16:50 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id F330111D688F for ; Sun, 27 Jun 2021 15:16:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GCZ8g6VSWz4Y8r for ; Sun, 27 Jun 2021 15:16:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C7AEA14982 for ; Sun, 27 Jun 2021 15:16:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 15RFGpjW061528 for ; Sun, 27 Jun 2021 15:16:51 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 15RFGpcw061526 for jail@FreeBSD.org; Sun, 27 Jun 2021 15:16:51 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 233310] jails: Modularize configuration system (conf.d) Date: Sun, 27 Jun 2021 15:16:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: feature, needs-patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: dvl@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: mfc-stable13? mfc-stable12? X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233310 Dan Langille changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dvl@FreeBSD.org --- Comment #10 from Dan Langille --- (In reply to Daniel Morante from comment #7) > I would look to an official tool/process to appear in base. The purpose of this PR is to create such a tool for base. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sun Jun 27 15:19:56 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id D0CE411D6A7A for ; Sun, 27 Jun 2021 15:19:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GCZDD3XTtz4YPf for ; Sun, 27 Jun 2021 15:19:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5DB1214474 for ; Sun, 27 Jun 2021 15:19:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 15RFJuWn062091 for ; Sun, 27 Jun 2021 15:19:56 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 15RFJurk062090 for jail@FreeBSD.org; Sun, 27 Jun 2021 15:19:56 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 233310] jails: Modularize configuration system (conf.d) Date: Sun, 27 Jun 2021 15:19:56 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: feature, needs-patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: dvl@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: mfc-stable13? mfc-stable12? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233310 --- Comment #11 from Dan Langille --- (In reply to joeb1 from comment #9) > The function your talking about adding is all ready there in jail. We disagree. Having a jail.d directory is quite different from what you described, from = what I understand of it. Can you give an example of what you mean by "All that is needed is a jail s= tart command line to target each individual jail on the host." please? > And one thing no one has brought up before is that the jail parameters de= fined in the rc.conf file are depreciated and were scheduled to be removed = in release 11 but are still being carried along forgotten. Sounds like a separate PR entirely. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Sun Jun 27 15:21:11 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id AF3FD11D6DFB for ; Sun, 27 Jun 2021 15:21:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GCZGG4Vyvz4YjT for ; Sun, 27 Jun 2021 15:21:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 83860145B2 for ; Sun, 27 Jun 2021 15:21:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 15RFLg6w064241 for ; Sun, 27 Jun 2021 15:21:42 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 15RFLgU3064240 for jail@FreeBSD.org; Sun, 27 Jun 2021 15:21:42 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 233310] jails: Modularize configuration system (conf.d) Date: Sun, 27 Jun 2021 15:21:11 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: feature, needs-patch X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: me@igalic.co X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: mfc-stable13? mfc-stable12? X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233310 Mina Gali=C4=87 changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |me@igalic.co --- Comment #12 from Mina Gali=C4=87 --- there's a proposed change: https://reviews.freebsd.org/D24570 it's stuck somewhat --=20 You are receiving this mail because: You are the assignee for the bug.=