From owner-freebsd-jail@FreeBSD.ORG Mon Sep 10 11:09:49 2012 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3FEB71065680 for ; Mon, 10 Sep 2012 11:09:49 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2A18F8FC1B for ; Mon, 10 Sep 2012 11:09:49 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q8AB9n9t067799 for ; Mon, 10 Sep 2012 11:09:49 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q8AB9l9Z067418 for freebsd-jail@FreeBSD.org; Mon, 10 Sep 2012 11:09:47 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 10 Sep 2012 11:09:47 GMT Message-Id: <201209101109.q8AB9l9Z067418@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Sep 2012 11:09:49 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/169751 jail [jail] reading routing information does not work in ja o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k o kern/159918 jail [jail] inter-jail communication failure o docs/156853 jail [patch] Update docs: jail(8) security issues with worl o kern/156111 jail [jail] procstat -b not supported in jail o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin o conf/149050 jail [jail] rcorder ``nojail'' too coarse for Jail+VNET s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 14 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Sep 11 00:01:15 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B65F8106566B for ; Tue, 11 Sep 2012 00:01:15 +0000 (UTC) (envelope-from bryan@shatow.net) Received: from secure.xzibition.com (secure.xzibition.com [173.160.118.92]) by mx1.freebsd.org (Postfix) with ESMTP id 5D7EB8FC08 for ; Tue, 11 Sep 2012 00:01:15 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; c=nofws; d=shatow.net; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s=sweb; b=T8FKhY FYHTqANoHn7U+jLxZg45Yvhs5FntDKAfABCnRYVOeU1MFlD/sXhYP3g44szE4bLm 2dv9BL6a0TXRZq3ywov12yh/oE13xLu8dsYpWvNlNf4PMpyAzcgGn0vOwHP2sUv8 u2q6kswSdQRP/Ow+m5s/5Djp0sB3EHgrKW114= DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=shatow.net; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; s=sweb; bh=Tyc4VAkf4XOf 4o27rR5lq0tMUHg4Pt+b8akyUhQHzDw=; b=sUFDFccwT9zph1eCrG9KMdf4Nqq1 VaSHqmkE4Ue+AhWe3K+iTfA+JQU0r0gd0LI/v9/3rm2c9/J23HaAWfwDrhv6SqLN F/J0/+l4aSZ3whQtRIZ1IvPODfp5MGjGfekhjNxtsGqh/mGbgyMCrFqpGQd/yswm 0qyu/6d52QS5+EY= Received: (qmail 41941 invoked from network); 10 Sep 2012 19:01:07 -0500 Received: from unknown (HELO ?10.10.0.115?) (bryan@shatow.net@10.10.0.115) by sweb.xzibition.com with ESMTPA; 10 Sep 2012 19:01:07 -0500 Message-ID: <504E7F42.3080506@shatow.net> Date: Mon, 10 Sep 2012 19:01:06 -0500 From: Bryan Drewery User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120824 Thunderbird/15.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org References: <504594DF.4000105@shatow.net> <504595C6.9060807@shatow.net> <5045969A.3020201@shatow.net> In-Reply-To: <5045969A.3020201@shatow.net> X-Enigmail-Version: 1.4.4 OpenPGP: id=3C9B0CF9; url=http://www.shatow.net/bryan/bryan.asc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: 9.1-PRERELEASE - allow.mount - allow.mount.zfs - do not get passed to child X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 00:01:15 -0000 On 9/4/2012 12:50 AM, Bryan Drewery wrote: > On 9/4/2012 12:46 AM, Bryan Drewery wrote: >> On 9/4/2012 12:42 AM, Bryan Drewery wrote: >>> I am unable to get these to pass into jails via /etc/rc.d/jail + ezjail. >>> >>> I set them in the host: >>> >>> security.jail.mount_allowed=1 >>> security.jail.mount_zfs_allowed=1 >>> >>> What is the proper way to get these set? >>> >>> >> >> I used `jail -m` to set these, but they don't seem to work: >> >> In host: >> >> # jail -m jid=3 allow.mount allow.mount.zfs >> # sysctl vfs.usermount=1 >> >> In jail: >> >> # sysctl -a|grep mount >> vfs.usermount: 1 >> ... >> security.jail.mount_zfs_allowed: 1 >> security.jail.mount_allowed: 1 >> >> # zfs mount -a >> cannot mount 'backup': Insufficient privileges >> >> This dataset is properly jailed=on and 'zfs jail' ran on it as well. > > Sorry for the noise.. > > # jail -m jid=3 enforce_statfs=1 > > Now it works. > > Yes, I read the jail(8) and zfs(8) manpages. My biggest problem was the > params not being passed in at startup. > > Bryan > Anyone else who runs into this, r239382 allows this to work using /etc/rc.d/jail with deprecated rc.conf/ezjail setups. You can specify jail_NAME_parameters=... with that patch. -- Regards, Bryan Drewery bdrewery@freenode/EFNet From owner-freebsd-jail@FreeBSD.ORG Tue Sep 11 22:14:38 2012 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A8D2D106567D for ; Tue, 11 Sep 2012 22:14:38 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) by mx1.freebsd.org (Postfix) with ESMTP id 750438FC25 for ; Tue, 11 Sep 2012 22:14:37 +0000 (UTC) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id q8BMEUTc042428; Tue, 11 Sep 2012 16:14:31 -0600 (MDT) (envelope-from jamie@FreeBSD.org) Message-ID: <504FB7C1.9010103@FreeBSD.org> Date: Tue, 11 Sep 2012 16:14:25 -0600 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0) Gecko/20120126 Thunderbird/9.0 MIME-Version: 1.0 To: Jack Stone References: <504B8B31.6030202@sage-american.com> In-Reply-To: <504B8B31.6030202@sage-american.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org Subject: Re: Upgrading FBSD-7.0 --> 7.4 and Jail won't start X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2012 22:14:38 -0000 On 09/08/12 12:15, Jack Stone wrote: > uname -a > FreeBSD mail.sagedata.net 7.0-RELEASE-p9 FreeBSD 7.0-RELEASE-p9 #2: Sun > Jan 18 19:59:27 CST 2009 root@mail.sagedata.net:/usr/obj/usr/src/sys/SMP > i386 > > Have been running and upgrading host+jail for years and through several > versions of FreeBSD. However, I got behind on updates and now playing > catchup on an important production server. > > Tried to upgrade fbsd-7.0 --> 7.4 followed by upgarde of a jail as in > past. However, on reboot, the host booted up OK, but the jail would not > work. On re-trying to start the jail, only got a crytic error about > missing syscalls. I've never seen this before and don't have a clue what > needs fixing. > > My setups for starting jails are in the /etc/rc.conf file and such still > works here in Texas on local servers when upgraded. However, the > production server is in Los Angeles and cannot react to any serious boot > problems without sending the ISP owner downtown to switch my HD back to > a bootable clone before the upgrade attempts. I cannot afford to have > the jail offline as it contains my SSL stuff vital to the business. > > I manage the jails using the tools that came with Jail(8). > > Can anyone point me in the right direction on this issue? Do I now need > stuff in sysctl.conf for the jail? Or.....???? > > Thanks for any help!! Your mention of sysctl.conf makes me wonder: missing syscalls, or missing sysctls? There was a change between 7.0 and 7.4 where some jail-related sysctls were added. There was also a change to the jail(2) system call, with a new version of struct jail - but the old version continues to work. I don't think there were and new syscalls at that point - perhaps other new sysctls? Is the problem in actually creating the jail, or in processes that run inside the jail? If the latter, there's really a lot of things that could be the problem, if you're running an un-updated user space. Not that they *should* happen, mind you, but still a lot more room for something to go wrong. - Jamie From owner-freebsd-jail@FreeBSD.ORG Wed Sep 12 15:39:07 2012 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 95E52106564A; Wed, 12 Sep 2012 15:39:07 +0000 (UTC) (envelope-from jacks@sage-american.com) Received: from mail.sagedata.net (mail.sagedata.net [38.106.15.121]) by mx1.freebsd.org (Postfix) with ESMTP id 6FE338FC12; Wed, 12 Sep 2012 15:39:07 +0000 (UTC) Received: from [192.168.1.67] (99-111-143-21.lightspeed.crchtx.sbcglobal.net [99.111.143.21]) by mail.sagedata.net (8.14.5/8.14.5) with ESMTP id q8CFd1pw031095; Wed, 12 Sep 2012 10:39:01 -0500 (CDT) (envelope-from jacks@sage-american.com) X-Authentication-Warning: mail.sagedata.net: Host 99-111-143-21.lightspeed.crchtx.sbcglobal.net [99.111.143.21] claimed to be [192.168.1.67] Message-ID: <5050ACA5.5030209@sage-american.com> Date: Wed, 12 Sep 2012 10:39:17 -0500 From: Jack Stone User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120907 Thunderbird/15.0.1 MIME-Version: 1.0 To: Jamie Gritton References: <504B8B31.6030202@sage-american.com> <504FB7C1.9010103@FreeBSD.org> In-Reply-To: <504FB7C1.9010103@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: milter-spamc/1.15.388 (mail.sagedata.net [38.106.15.121]); Wed, 12 Sep 2012 10:39:01 -0500 X-Spam-Status: NO, hits=-10.00 required=4.50 X-Spam-Report: Content analysis details: (-10.0 points, 4.5 required) | | pts rule name description | ---- ---------------------- -------------------------------------------------- | -0.0 SHORTCIRCUIT Not all rules were run, due to a shortcircuited rule | -10 ALL_TRUSTED Passed through trusted hosts only via SMTP | Cc: freebsd-jail@FreeBSD.org Subject: Re: Upgrading FBSD-7.0 --> 7.4 and Jail won't start X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 15:39:07 -0000 On 9/11/2012 5:14 PM, Jamie Gritton wrote: > On 09/08/12 12:15, Jack Stone wrote: >> uname -a >> FreeBSD mail.sagedata.net 7.0-RELEASE-p9 FreeBSD 7.0-RELEASE-p9 #2: >> Sun >> Jan 18 19:59:27 CST 2009 >> root@mail.sagedata.net:/usr/obj/usr/src/sys/SMP >> i386 >> >> Have been running and upgrading host+jail for years and through >> several >> versions of FreeBSD. However, I got behind on updates and now playing >> catchup on an important production server. >> >> Tried to upgrade fbsd-7.0 --> 7.4 followed by upgarde of a jail as in >> past. However, on reboot, the host booted up OK, but the jail would >> not >> work. On re-trying to start the jail, only got a crytic error about >> missing syscalls. I've never seen this before and don't have a clue >> what >> needs fixing. >> >> My setups for starting jails are in the /etc/rc.conf file and such >> still >> works here in Texas on local servers when upgraded. However, the >> production server is in Los Angeles and cannot react to any serious >> boot >> problems without sending the ISP owner downtown to switch my HD >> back to >> a bootable clone before the upgrade attempts. I cannot afford to have >> the jail offline as it contains my SSL stuff vital to the business. >> >> I manage the jails using the tools that came with Jail(8). >> >> Can anyone point me in the right direction on this issue? Do I now >> need >> stuff in sysctl.conf for the jail? Or.....???? >> >> Thanks for any help!! > > Your mention of sysctl.conf makes me wonder: missing syscalls, or > missing sysctls? There was a change between 7.0 and 7.4 where some > jail-related sysctls were added. > > There was also a change to the jail(2) system call, with a new version > of struct jail - but the old version continues to work. I don't think > there were and new syscalls at that point - perhaps other new sysctls? > > Is the problem in actually creating the jail, or in processes that run > inside the jail? If the latter, there's really a lot of things that > could be the problem, if you're running an un-updated user space. Not > that they *should* happen, mind you, but still a lot more room for > something to go wrong. > > - Jamie > > Thanks, for the response, Jamie! I have things working okay again on the host and jail and now upgraded to fbsd-7.4. I had gotten behind on updates and thought I had missed some important changes. I think when running the final mergemaster -viF I ignored an option regarding the symlink to the host kernel. It was really the only thing I did differently. It booted up beautifully this time!! -- -- All the best, Jack