From owner-freebsd-jail@freebsd.org Mon Oct 9 07:31:28 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ECD8AE281C4 for ; Mon, 9 Oct 2017 07:31:28 +0000 (UTC) (envelope-from meka@tilda.center) Received: from mail.tilda.center (tilda.center [45.77.138.211]) by mx1.freebsd.org (Postfix) with ESMTP id 70F0470185 for ; Mon, 9 Oct 2017 07:31:27 +0000 (UTC) (envelope-from meka@tilda.center) Received: from hal9000.meka.no-ip.org (unknown [87.116.178.47]) by mail.tilda.center (Postfix) with ESMTPSA id DA14D7465 for ; Mon, 9 Oct 2017 09:25:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=tilda.center; s=mail; t=1507533949; bh=R9OUSdxWDo9rQ4XxWzQk2LD23WkfiuZsGztiP7I+9uQ=; h=Date:From:To:Subject; b=Pb1FUa1ovKP9d8fX7vVQbaW7qgzx5F6MH4mdTQJJvAdH5gAnLLd708g9D5B/a4iMt vpMh3PaELXHm/u/t1BsyoPLa8Qtg7Hs3CjlMJvVh23tCQUpWRxZ1zKmrFzo2qeSJS+ WFqsdt5yoTvsrPJ1zdrqgE+ZVZ1fYAU8+EXw+sS0= Date: Mon, 9 Oct 2017 09:25:47 +0200 From: Goran =?utf-8?B?TWVracSH?= To: freebsd-jail@freebsd.org Subject: VNET jail and dhclient Message-ID: <20171009072547.jauim6tlfennydf5@hal9000.meka.no-ip.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="pqwgfraquzjyon6l" Content-Disposition: inline User-Agent: NeoMutt/20170912 (1.9.0) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Oct 2017 07:31:29 -0000 --pqwgfraquzjyon6l Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Hello, TLDR: I can setup static IP or use dhcpcd to get address, but not dhclient. Let me elaborate. I run 12-CURRENT on my laptop and use CBSD as jail manager (I don't think it matters). # dhclient eth0 chroot exiting. This is what I found with truss: https://gist.github.com/anonymous/36a4e2bf1760198971934ff609a7d0de#file-gistfile1-txt-L227-L228. Selected lines are what I think is the problem. Offending line in the code is probably https://svnweb.freebsd.org/base/head/sbin/dhclient/dhclient.c?revision=317915&view=markup#l507. With that asumption, Oleg, CBSD author, noticed that the following "patch" works: diff -ruN dhclient.c-o dhclient.c --- dhclient.c-o 2017-10-08 13:06:59.134921000 +0300 +++ dhclient.c 2017-10-08 13:07:48.047004000 +0300 -504,8 +504,8 if (cap_rights_limit(routefd, &rights) < 0 && errno != ENOSYS) error("can't limit route socket: %m"); - if (chroot(_PATH_VAREMPTY) == -1) - error("chroot"); +// if (chroot(_PATH_VEREMPTY) == -1) +// error("chroot"); if (chdir("/") == -1) error("chdir(\"/\")"); I just assume that commenting out capsicum part of code would do the same (didn't try it) as I can create files under /var/empty and perms look normal. Does anyone have a fairly recent 12-CURRENT VNET jail running with dhclient? If yes, what jail manager, if any? Also, could you recommend the way continue from this point given I never worked with capsicum? Thank you! Regards, meka --pqwgfraquzjyon6l Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE1WIFkXy2ZeMKjjKEWj1TknovrLYFAlnbJHgACgkQWj1Tknov rLakyw//ZASGJkwh6HyTQRTY5/hSsA8s45P5WQpbxCQA7AuAPNoirz7dsK81cxvO E8IZH8xkAxGuNdwg5A8k5ImsfxPLvk0jPu1HJwbLa/DY6LOvcw3pJycDLujANjT0 /3B53wFOAR5HXHPO2dSbdd2qXbuPVYqk/0sFMXFhTvHVd/g+JznXk4kqKb9QVxzQ rwgH/7Ao4xJEhAvsVMaZ1hptGzLTdjPeRRuRm+jrA47zVxrzbBoC4oIXJRsT/oPs YHBjLSFy+mOfXPoYRtg/B/6cuUBgg2zj0D1B0qVzlVv4Z71LNhAO3n/q5cun9rAl 1gsIGEM6PMfz4hq0J09duqKRmtYSIQmh8CKRbTC0PATGwcCdqg6KiN5ZlNpVf5Qj IT1axn2dUCzIcu3SDOQjIHaimHt3yRCdgxOBzsE8GO04eSj0BHn9AfofarqiFYxU je+DWnbtxCLYS1AK01ZvUM9LX0Fv0lmU7kDyS7m5E0zVt6H/aYLkPfB3B8mJZ/Q5 JuXPcLN/VCzjOtP9gno9hR9tEPh95Bna96HJxqyB1IKdu8jNndsu/PKiqbYVKl3T SXoicf0Aw5s4TmYFGBdHu7Ry8qHFnmf6o5APY5yQ1XHv+rKUpnq9apIp7SVhBlpo s4iJmcgsw5D5ccDLCgoEPcr/KqJXvFBCjX1p0M6jTq89ypNe3lg= =pWAT -----END PGP SIGNATURE----- --pqwgfraquzjyon6l-- From owner-freebsd-jail@freebsd.org Tue Oct 10 09:37:19 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ECB66E2AB45 for ; Tue, 10 Oct 2017 09:37:19 +0000 (UTC) (envelope-from olevole@olevole.ru) Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8396574663 for ; Tue, 10 Oct 2017 09:37:19 +0000 (UTC) (envelope-from olevole@olevole.ru) Received: by mail-lf0-x235.google.com with SMTP id r129so11215365lff.8 for ; Tue, 10 Oct 2017 02:37:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=olevole-ru.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=Ce0VHD3Mz7e9IKK2GnmHaXrujpjV6FLmvDtlrRZ0ApQ=; b=Wp0BUMchvhrUWLF3xbw0QX4W/YGMdXAtQiimqNnxBu+V8lY+ltQgNO2T5yFF05Y2ve EcxtYRJK9gBaxypA7NC5tDDLHpQZ8zShi4rt2ZbimLguwwtH7Wt6S+puZxAMjZOQ+HJO Wzjgu3RuzJcR/oLmXjZPs63lHLe2f3mDL6Ve4hBBeJDhGlIoRvqNxCG5aEDDCjwOaPTD i5FNTQ39EMgNJG0ZuP2yW5vXM0oWsX5BHmWtCajpqeJZNolbo2U56TDAOHGyKTzkimXa I6wO49T7fBdcAA843lmBDieW9bhcoljwD/k8FuWZ1Nv6e9gn6kxLUV25FU7Fr2F78N2E JTIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Ce0VHD3Mz7e9IKK2GnmHaXrujpjV6FLmvDtlrRZ0ApQ=; b=BCNdEv19XbrHHRaLxy2FFUzzYzhvdz6d3rLGWL5XDQhD3TUtebwjPB5Fboi/ULhnje 9SlFhgNYKRp5ZMWN9IIO2oJw96izc13/OZKjvio+2/W4epO+LyP4876WtikZBeYNbxTP 5eLovTwOl2eGe1X8/4D3iWtmV2P1KmXREYPQAFsoI4mQIEbUiJOxq75OBG1CUIs+Pw2J xkM6t/pVR9dlPlDnw3pU6BLRGPfM9zB3kt3JmuAzxc9f12VXu7Cf+hIlZUmZAgY7ypCa O1frU3LcujmnFxcVZENpjhJrKDO6gas9+Q723iiQYKM0rjuYGjAbBh1rGGaThnm6p1+/ 9T6Q== X-Gm-Message-State: AMCzsaWWcrDuHm87LF77V3LC8dAMmrwTh9aSlgkSM7c/oXTnhrvdrLxN +eFMxyO49e70axIpkAK1E31bLuAUOiVSOEg7Djyl7Lhp X-Google-Smtp-Source: AOwi7QBJxAdxAvBNevzApfjGEhb7lnP49GMHURlw0gPL9kZSJff8czRj3+FkYqGWfsBkXu9e8IQPID8vfb3DJBFfv3o= X-Received: by 10.46.43.78 with SMTP id q75mr310913lje.25.1507628237431; Tue, 10 Oct 2017 02:37:17 -0700 (PDT) MIME-Version: 1.0 Received: by 10.25.148.213 with HTTP; Tue, 10 Oct 2017 02:37:16 -0700 (PDT) X-Originating-IP: [80.70.233.97] From: Oleg Ginzburg Date: Tue, 10 Oct 2017 12:37:16 +0300 Message-ID: Subject: Re: VNET jail and dhclient To: freebsd-jail@freebsd.org, =?UTF-8?B?R29yYW4gTWVracSH?= , FreeBSD Current Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2017 09:37:20 -0000 in reply to https://lists.freebsd.org/pipermail/freebsd-jail/2017-October/003444.html comment: it looks like it's a regression in FreeBSD 12/Current, because in FreeBSD 11 dhclient works fine: -- jail1:/root@[15:16] # dhclient eth0 DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 DHCPOFFER from 192.168.10.1 DHCPREQUEST on eth0 to 255.255.255.255 port 67 DHCPACK from 192.168.10.1 bound to 192.168.8.8 -- renewal in 900 seconds. jail1:/root@[15:16] # uname -a FreeBSD jail1.my.domain 11.0-RELEASE-p12 FreeBSD 11.0-RELEASE-p12 #0 r324489: Tue Oct 10 14:57:58 MSK 2017 root@f10.my.domain:/usr/obj/usr/jails/src/src_11.0/src/sys/VIMAGE amd64 -- From owner-freebsd-jail@freebsd.org Tue Oct 10 20:25:04 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF252E3C0C6 for ; Tue, 10 Oct 2017 20:25:04 +0000 (UTC) (envelope-from srs0=q5lg=bj=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 744736B6EE for ; Tue, 10 Oct 2017 20:25:04 +0000 (UTC) (envelope-from srs0=q5lg=bj=sigsegv.be=kristof@codepro.be) Received: from [192.168.228.1] (ptr-8ripyygwistxihisxdg.18120a2.ip6.access.telenet.be [IPv6:2a02:1811:2419:4e02:a4bd:5d27:6ea9:2df4]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 472D6795D; Tue, 10 Oct 2017 22:25:01 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1507667101; bh=4tNK1UmNAoMp8J6HWlzNJm+bCXAA7OZeNAX7irRfxug=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=EFXuqc3a7gSXIDgfnB9qLWbrGJHzjUbZWBEaE+voSE5UYft8YtQ1x78ODYVYMbSWr fgFIZMmOon1IHcGBPkZvwF5JRFQva0GOgTXIHmOFEtK75VrFlu2gfoG2VJIwdt4zjZ +ANCl5EV+EBP7rTLQEJ8QjdQkpFf+8Y2+IQCMrN0= From: "Kristof Provost" To: "Goran =?utf-8?q?Meki=C4=87?=" Cc: freebsd-jail@freebsd.org Subject: Re: VNET jail and dhclient Date: Tue, 10 Oct 2017 22:24:59 +0200 Message-ID: <6D37D4AC-9DF4-4D55-8614-43CFC6BDD45E@sigsegv.be> In-Reply-To: <20171009072547.jauim6tlfennydf5@hal9000.meka.no-ip.org> References: <20171009072547.jauim6tlfennydf5@hal9000.meka.no-ip.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_MailMate_964E1972-21E6-42BF-A30E-F8611AF959C5_="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Mailer: MailMate (2.0BETAr6092) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2017 20:25:04 -0000 This is an OpenPGP/MIME signed message (RFC 3156 and 4880). --=_MailMate_964E1972-21E6-42BF-A30E-F8611AF959C5_= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 9 Oct 2017, at 9:25, Goran Meki=C4=87 wrote: > Hello, > > TLDR: I can setup static IP or use dhcpcd to get address, but not dhcli= ent. > > Let me elaborate. I run 12-CURRENT on my laptop and use CBSD as jail ma= nager (I don't think it matters). > What version of CURRENT are you using? > # dhclient eth0 > chroot > exiting. > > This is what I found with truss: https://gist.github.com/anonymous/36a4= e2bf1760198971934ff609a7d0de#file-gistfile1-txt-L227-L228. Selected lines= are what I think is the problem. Offending line in the code is probably = https://svnweb.freebsd.org/base/head/sbin/dhclient/dhclient.c?revision=3D= 317915&view=3Dmarkup#l507. With that asumption, Oleg, CBSD author, notice= d that the following "patch" works: > Is there any chance you don=E2=80=99t have /var/empty in your jail? I do this to create a simple vnet jail: sudo jail -c name=3Dalcatraz persist vnet vnet.interface=3Depair0b (in the jail) dhclient epair0b And see: =E2=80=A6 fsync(0x9) =3D 0 (0x0) close(8) =3D 0 (0x0) socket(PF_ROUTE,SOCK_RAW,0) =3D 8 (0x8) shutdown(8,SHUT_WR) =3D 0 (0x0) cap_rights_limit(8,{ CAP_READ,CAP_EVENT }) =3D 0 (0x0) chroot("/var/empty") =3D 0 (0x0) chdir("/") =3D 0 (0x0) setgroups(0x1,0x800e2c1e4) =3D 0 (0x0) =E2=80=A6 I also see the DCHP request packets on the other end of the epair interfa= ce. Regards, Kristof --=_MailMate_964E1972-21E6-42BF-A30E-F8611AF959C5_= Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQJHBAEBCAAxFiEE4RTZ6pCe1GmPVxelfRWRxp768oYFAlndLJsTHGtyaXN0b2ZA c2lnc2Vndi5iZQAKCRB9FZHGnvryhlhhD/0QkBZGKUTgZtCgpnWTVD4A+p5mNEJP ctC11BminKUlw7AVggi5EoyAy/xCTyEyrJKXX3nsCzvsCf7rfc9XVhUK1dR0thrV FMj+L7kqZS8MdVJXhxaVgt4f3KQp7VduGS5BdI8M09RZ1RoV8PxvNSfQYPpvQYVW RyvHbDkMBC8Dewf7wmUPN2lr2T4h6aeeAR2aaHi0UaY8LRcgVVVLSBkh49z7jXqt Ve5Bs/bsyqxoSqutsB/xMOtoSnPYAVQWyHIkGPiaRl1JuujwwXXT1M1wExD9v68w 4DnxV17PTmwPpyIwpuzSDCmDSnu0tLPY8FVYJlPbBVZ91qmcoT/vhWeHk4VzDd5D et1IImObVVksYXBhQJBphUrz7seYzGXKlVQU8AKqoleh8J9LmLj5NmAJrPFWWPNK MSKUf8ADEAg6toxGrwc9Qq1QaKHx+hgF+LkAZI7AbhOkZt7W9c3Wl1JaOonP3Fy4 sBQ1VejHwcaFClKdDQn/vlwh1s8t5T4fYYW5Hirvl+W6q8sGvLWZTVo81Gdh3P+U T1A7XSiw+NC4A5yTqobHE5o8bhokgtDYrEuQ6mmXSw7o+2Q5XOW80gyQEyhdcU8l XQ/04H38i6zTf73lEyQ4bwNzBxR57qLSMtG+/0c7vfycO6ggZrnDTFzty3jOvdl2 JQ0vEDQLly0ubA== =XrZS -----END PGP SIGNATURE----- --=_MailMate_964E1972-21E6-42BF-A30E-F8611AF959C5_=-- From owner-freebsd-jail@freebsd.org Tue Oct 10 21:10:41 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0D2BCE3D11C for ; Tue, 10 Oct 2017 21:10:41 +0000 (UTC) (envelope-from olevole@olevole.ru) Received: from mail-lf0-x243.google.com (mail-lf0-x243.google.com [IPv6:2a00:1450:4010:c07::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 77DF86CEF2 for ; Tue, 10 Oct 2017 21:10:40 +0000 (UTC) (envelope-from olevole@olevole.ru) Received: by mail-lf0-x243.google.com with SMTP id g70so1937061lfl.3 for ; Tue, 10 Oct 2017 14:10:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=olevole-ru.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=mTb5Xy8RRveVW9z5Ldgi86T7SfMv+MAHTANmSAvKm54=; b=1ksSl7CQ6ZxdV+pRBkBt/yV+qS5aKORHrSA148iDdQkv9/ZmTkEvi0vE8Os/zukN0d LWMKj5KGaOnB9hMY5jJiBqx+OiN/p+evvF8I5I0TyJc7tdfWuyDcyZclR1HvY9Z4YUa3 9dN2mhUfUOtCR0KIvNATWYQiC1ofMvTy+2377kri6csfxb3oPnr2hHvASuyY7zTvtPIB xZi1vVAgNbqXNpTnJoefTlLBgKQLbr/L4ZfPuwGwhtZ0K4xX/A7qPLwB/L/jWKCjTpc7 sdVSoFjkieOC80rkP2/pJ+stR4PdYvXWCV7eZhxaGJ0gefELesOT85nzO1ezvdqZwmJY SzDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=mTb5Xy8RRveVW9z5Ldgi86T7SfMv+MAHTANmSAvKm54=; b=NWz5Q4hC3nVvAwgLLgpSJcCSFnPEE/0I4LJJRzdfV1LedKba+bs1D+pgZHj9QXzm8+ PxiOBPL0PBNZ8Tjw3zGRba3GWSeBCAn50SVGLZmDsT57v2XQ2smmTASOKdV82aJCnh24 xkAFNZYzAaBDTns1XJNAn3ApHvApw8jkDc1okrAxSluZ70DaukAe1+C//dL2RlnwSGiv zGayWDQTEsxDmSB+DQSkRwS7Ze03xDs4BdZZlCWzWsiKZgCUbnpZ70bKVuTsEG2pmw+3 dxC3umlwaTwT02uSHN6iAUbTLN7g83xL2nc0D9cmK/hfF7bdx81GM5OnydRNuKMG5itL 71VA== X-Gm-Message-State: AMCzsaWEmcfyzfsAV8Y75GJc+pHgFcvn24P1sGpA/zAmE34vguSqE7mW jLjFlSo+Dtiu6TV8HinNh66fy9LwKrdKOWcZSMaIyw== X-Google-Smtp-Source: AOwi7QBKD1gj8SQM+1Ib56jtY9dsJPap6GCoRG0FSy4trTxL1AwXWFKSPZaeYwsEtmIyOhmqxZAkrhV/xVN9xTzcRxE= X-Received: by 10.46.43.78 with SMTP id q75mr1181119lje.25.1507669838717; Tue, 10 Oct 2017 14:10:38 -0700 (PDT) MIME-Version: 1.0 Received: by 10.25.148.213 with HTTP; Tue, 10 Oct 2017 14:10:37 -0700 (PDT) X-Originating-IP: [83.102.217.196] In-Reply-To: <6D37D4AC-9DF4-4D55-8614-43CFC6BDD45E@sigsegv.be> References: <20171009072547.jauim6tlfennydf5@hal9000.meka.no-ip.org> <6D37D4AC-9DF4-4D55-8614-43CFC6BDD45E@sigsegv.be> From: Oleg Ginzburg Date: Tue, 10 Oct 2017 21:10:37 +0000 Message-ID: Subject: Re: VNET jail and dhclient To: Kristof Provost , FreeBSD Current Cc: =?UTF-8?B?R29yYW4gTWVracSH?= , freebsd-jail@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2017 21:10:41 -0000 Hello! On Tue, Oct 10, 2017 at 8:24 PM, Kristof Provost wrote= : > On 9 Oct 2017, at 9:25, Goran Meki=C4=87 wrote: > > Hello, > > > > TLDR: I can setup static IP or use dhcpcd to get address, but not > dhclient. > > > > Let me elaborate. I run 12-CURRENT on my laptop and use CBSD as jail > manager (I don't think it matters). > > > What version of CURRENT are you using? > > > # dhclient eth0 > > chroot > > exiting. > > > > This is what I found with truss: https://gist.github.com/anonymous/ > 36a4e2bf1760198971934ff609a7d0de#file-gistfile1-txt-L227-L228. Selected > lines are what I think is the problem. Offending line in the code is > probably https://svnweb.freebsd.org/base/head/sbin/dhclient/ > dhclient.c?revision=3D317915&view=3Dmarkup#l507. With that asumption, Ole= g, > CBSD author, noticed that the following "patch" works: > > > Is there any chance you don=E2=80=99t have /var/empty in your jail? > > I do this to create a simple vnet jail: > sudo jail -c name=3Dalcatraz persist vnet vnet.interface=3Depair0b > (in the jail) dhclient epair0b > > And see: > =E2=80=A6 > fsync(0x9) =3D 0 (0x0) > close(8) =3D 0 (0x0) > socket(PF_ROUTE,SOCK_RAW,0) =3D 8 (0x8) > shutdown(8,SHUT_WR) =3D 0 (0x0) > cap_rights_limit(8,{ CAP_READ,CAP_EVENT }) =3D 0 (0x0) > chroot("/var/empty") =3D 0 (0x0) > chdir("/") =3D 0 (0x0) > setgroups(0x1,0x800e2c1e4) =3D 0 (0x0) > =E2=80=A6 > > I also see the DCHP request packets on the other end of the epair > interface. > > Regards, > Kristof > What is your FreeBSD version? This problem reproduced on FreeBSD 12 only. /var/empty is exist and trivial test: #include #include int main() { printf("%d\n",chroot("/var/empty"); } works successfully. I think I found something, but I do not understand why this is only observed in jail and with commit change this. The problem about which the Goran wrote can be fixed with: # diff -ruN dhclient.c-orig dhclient.c --- dhclient.c-orig 2017-10-10 23:51:52.451361000 +0000 +++ dhclient.c 2017-10-10 23:54:55.803404000 +0000 @@ -479,6 +479,7 @@ fork_privchld(pipe_fd[0], pipe_fd[1]); + pidfile_close(pidfile); close(ifi->ufdesc); ifi->ufdesc =3D -1; close(ifi->wfdesc); >From pidfile(3) man page: The pidfile_close() function closes a pidfile. It should be used after daemon fork()s to start a child process. chroot(2) in dhclient return NOPERM (via global errno). it seems to be related to open descriptor outside the chroot. I'm not sure if this fd leak (due to pidfile_remove at the end of dhclient), nevertheless closing pid fd in my jail/FreeBSD12 before chroot solve dhclient issue. From owner-freebsd-jail@freebsd.org Tue Oct 10 21:25:20 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74376E3D7D9; Tue, 10 Oct 2017 21:25:20 +0000 (UTC) (envelope-from srs0=q5lg=bj=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 38FD56DB06; Tue, 10 Oct 2017 21:25:20 +0000 (UTC) (envelope-from srs0=q5lg=bj=sigsegv.be=kristof@codepro.be) Received: from [192.168.228.1] (ptr-8ripyygwistxihisxdg.18120a2.ip6.access.telenet.be [IPv6:2a02:1811:2419:4e02:a4bd:5d27:6ea9:2df4]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 93EA07A35; Tue, 10 Oct 2017 23:25:15 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1507670715; bh=s6t0zCQ4cDYoZotkS4LZ+XZH6PgpMTUT7NCxQ60+KQU=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=TA9/kB25FTIGX9jrsnuc8jwFyyVtbEmn17OtYEp0UuTiE40gXmCc8vu+j7ZGJC1Rm Vee2HozHAOxo6aTPSo0cF+FN9On4Xq9tLiBgDMTVRosmvmxR6ye4ydzJSi1xeUBe58 kAuK5BGFPMxmODsncu0RkRufwf4Ynn/0ozSPbKZo= From: "Kristof Provost" To: "Oleg Ginzburg" Cc: "FreeBSD Current" , "Goran =?utf-8?q?Meki=C4=87?=" , freebsd-jail@freebsd.org Subject: Re: VNET jail and dhclient Date: Tue, 10 Oct 2017 23:25:14 +0200 Message-ID: <6BA6DE01-9D89-4790-99CD-73485722BF14@sigsegv.be> In-Reply-To: References: <20171009072547.jauim6tlfennydf5@hal9000.meka.no-ip.org> <6D37D4AC-9DF4-4D55-8614-43CFC6BDD45E@sigsegv.be> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Mailer: MailMate (2.0BETAr6092) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2017 21:25:20 -0000 On 10 Oct 2017, at 23:10, Oleg Ginzburg wrote: > What is your FreeBSD version? This problem reproduced on FreeBSD 12 > only. > /var/empty is exist and trivial test: > I’m running r324317 on CURRENT, yes. What arguments are you calling dhclient with? Clearly there’s a difference between what you’re doing and what I’m doing. > I'm not sure if this fd leak (due to pidfile_remove at the end of > dhclient), nevertheless closing pid fd in my jail/FreeBSD12 before > chroot > solve dhclient issue. I would not expect an open file descriptor to be a problem, unless perhaps you’ve got an open directory and kern.chroot_allow_open_directories is unset. Regards, Kristof From owner-freebsd-jail@freebsd.org Wed Oct 11 19:48:45 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 941B5E35420; Wed, 11 Oct 2017 19:48:45 +0000 (UTC) (envelope-from meka@tilda.center) Received: from mail.tilda.center (tilda.center [45.77.138.211]) by mx1.freebsd.org (Postfix) with ESMTP id 5EF8174BD6; Wed, 11 Oct 2017 19:48:45 +0000 (UTC) (envelope-from meka@tilda.center) Received: from thinker.meka.no-ip.org (unknown [87.116.178.97]) by mail.tilda.center (Postfix) with ESMTPSA id 8D4698278; Wed, 11 Oct 2017 21:48:35 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=tilda.center; s=mail; t=1507751315; bh=ZSGRcIEri/HaxUrrCWYwHkGj57P6cXUe/YnhgzfXKSM=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=J+srtxdbC1CQf/9gdgGEnIYrAE4RGR5thjsAHU2uqHhhbEkn6doPNT0Y17K+tANpV vOEM1/7ea1sTQuXW/fxoCk3Ke/aLqpj1oFre4+WS2AKFqNRNPyMZxEScyl4mYHzrTa OWN8xPeMmE0l7921auKuxjGk9Yv2VqotTW353Q0k= Date: Wed, 11 Oct 2017 21:48:34 +0200 From: Goran =?utf-8?B?TWVracSH?= To: Oleg Ginzburg Cc: Kristof Provost , FreeBSD Current , freebsd-jail@freebsd.org Subject: Re: VNET jail and dhclient Message-ID: <20171011192826.xkscmrovch3g7gni@thinker.meka.no-ip.org> References: <20171009072547.jauim6tlfennydf5@hal9000.meka.no-ip.org> <6D37D4AC-9DF4-4D55-8614-43CFC6BDD45E@sigsegv.be> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="uvz5qil4be2a3igp" Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170912 (1.9.0) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Oct 2017 19:48:45 -0000 --uvz5qil4be2a3igp Content-Type: text/plain; charset=utf-8 Content-Disposition: inline On Tue, Oct 10, 2017 at 09:10:37PM +0000, Oleg Ginzburg wrote: > I think I found something, but I do not understand why this is only > observed in jail and with commit change this. > The problem about which the Goran wrote can be fixed with: > > # diff -ruN dhclient.c-orig dhclient.c > --- dhclient.c-orig 2017-10-10 23:51:52.451361000 +0000 > +++ dhclient.c 2017-10-10 23:54:55.803404000 +0000 > @@ -479,6 +479,7 @@ > > fork_privchld(pipe_fd[0], pipe_fd[1]); > > + pidfile_close(pidfile); > close(ifi->ufdesc); > ifi->ufdesc = -1; > close(ifi->wfdesc); > > > > > From pidfile(3) man page: > > The pidfile_close() function closes a pidfile. It should be used after > daemon fork()s to start a child process. > > > chroot(2) in dhclient return NOPERM (via global errno). it seems to be > related to open descriptor outside the chroot. > > I'm not sure if this fd leak (due to pidfile_remove at the end of > dhclient), nevertheless closing pid fd in my jail/FreeBSD12 before chroot > solve dhclient issue. I can confirm Oleg's patch works for me. Weird one, for sure! --uvz5qil4be2a3igp Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE1WIFkXy2ZeMKjjKEWj1TknovrLYFAlnedY0ACgkQWj1Tknov rLYz0g/+Na9YvY8R5p8BCyeI2HrBQ20+jFcCoMCyfw3hB95t9LIkyey4Gn3em6BG 6CcTmYiJt9W+Qql16M24r6Dg3jvCKzLqRATkPTI905MN9dkjlCBEZP/BFOf1pXYn SzGCp/fnv2VTY3tikwYSQKSBuk7Mq4qx9JTvg7fEvgwBRAMPHX2TCdtAhHTqPnQm Ocx3TNLo6CBnCOhg0rZFXLdWpwsE3lihQNhnqYlIEr9RJoAzBdEqgrMGbJsleLnv D8TTdowKGv1WkQA3KEnkEyKTqeI4VXXrTUr5e8oNj2tNy/tahDlbokOlvqR1F4Og ZFqy3i3VZvduzCFPdyC7bQVX0eDhYA0vaCPGEPKKvHG5v3q4LBa8kASGLhHfU/QW fzY/JCDdrJEXXVISMXlV8biBgl31IoN/q6wex39o7kHtx9lTmXGhmsORD6+mZMUU DgbglrCkYpzf+CsHPA5zSROGSDWDIiJJPusID9xK1+3DEZqHURHq+Y0qTuUImX3D sg8E8rXLORw5h6gEPttYLxCIwRyJN7yZBOoYiLBOLppFu2HI90v+CAdJ25NxtbAU c+D9Dx9Zi1j5bhVpCQ/4Uc0wBveBaYuX0iDB6WvrHgpo3OoZ+E+GVJS2+IM15E5r 33nY2fdTwlh9dYwNqAqd/5Zs2GN6TxCWCagaOOcS/mIZY0z3ZkY= =DImW -----END PGP SIGNATURE----- --uvz5qil4be2a3igp-- From owner-freebsd-jail@freebsd.org Sat Oct 14 01:01:47 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D1C7AE31DD0 for ; Sat, 14 Oct 2017 01:01:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BFBA57FB4D for ; Sat, 14 Oct 2017 01:01:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v9E11lEQ023250 for ; Sat, 14 Oct 2017 01:01:47 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 222951] Re-starting a jail with mount.devfs mounts devfs multiple times Date: Sat, 14 Oct 2017 01:01:47 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Oct 2017 01:01:47 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222951 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|freebsd-bugs@FreeBSD.org |freebsd-jail@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.=