Date: Tue, 28 Feb 2012 23:00:28 GMT From: Jamie Gritton <jamie@FreeBSD.org> To: jail@FreeBSD.org Subject: Re: bin/165515: [jail][patch] "jail: unknown parameter: allow.nomount" when starting jail Message-ID: <201202282300.q1SN0SGU031817@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/165515; it has been noted by GNATS.
From: Jamie Gritton <jamie@FreeBSD.org>
To: Glen Barber <gjb@FreeBSD.org>
Cc: freebsd-gnats-submit@FreeBSD.org, freebsd-jail@FreeBSD.org,
Martin Matuska <mm@FreeBSD.org>
Subject: Re: bin/165515: [jail][patch] "jail: unknown parameter: allow.nomount"
when starting jail
Date: Tue, 28 Feb 2012 15:36:20 -0700
This is a multi-part message in MIME format.
--------------090403000502010508070509
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
The allow.mount parameter recently changed in a subtle way - it's now
a node (to e.g. allow.mount.devfs) as well as a parameter in its own
right. This confused libjail which knows how to handle such parameters
as long as they're not boolean.
I'm including my proposed fix to libjail. This this fix, allow.nomount
should once again work, as should allow.mount and other things such as
allow.quotas/allow.noquotas should work as they did before.
- Jamie
On 02/27/12 18:21, Glen Barber wrote:
>
>> Number: 165515
>> Category: bin
>> Synopsis: [jail][patch] "jail: unknown parameter: allow.nomount" when starting jail
>> Confidential: no
>> Severity: non-critical
>> Priority: low
>> Responsible: freebsd-bugs
>> State: open
>> Quarter:
>> Keywords:
>> Date-Required:
>> Class: sw-bug
>> Submitter-Id: current-users
>> Arrival-Date: Tue Feb 28 01:30:07 UTC 2012
>> Closed-Date:
>> Last-Modified:
>> Originator: Glen Barber
>> Release: 10.0-CURRENT r232116M
>> Organization:
>> Environment:
> FreeBSD nucleus 10.0-CURRENT FreeBSD 10.0-CURRENT #7 r232116M: Sun Feb 26 14:12:14 EST 2012 root@nucleus:/usr/obj/usr/src/sys/NUCLEUS amd64
>> Description:
> On a recent -CURRENT, the jail(8) rc script fails to start jails. This seems to be caused by looking up a sysctl that does not exist.
>> How-To-Repeat:
> Create a minimalistic jail setup as follows:
>
> nucleus# cat /etc/rc.conf.local
> #
> jail_enable="YES"
> jail_parallel_start="YES"
> jail_list="cfm"
> jail_cfm_hostname="cfm"
> jail_cfm_rootdir="/jails/cfm"
> jail_cfm_ip="172.16.1.2"
>
> Start the jail with the rc(8) script:
>
> nucleus# sh -x /etc/rc.d/jail start cfm
> + . /etc/rc.subr
> [...]
> + eval '_x="$jail_cfm_ip_multi0"'
> + _x=''
> + break
> + echo ' cannot start jail "cfm": '
> cannot start jail "cfm":
> + tail +2 /tmp/jail.bJIDqW5x/jail.52395
> jail: unknown parameter: allow.nomount
>
>> Fix:
> The attached patch fixes it for me.
>
>
> Patch attached with submission follows:
>
> Index: usr.sbin/jail/jail.c
> ===================================================================
> --- usr.sbin/jail/jail.c (revision 232116)
> +++ usr.sbin/jail/jail.c (working copy)
> @@ -84,7 +84,7 @@
> { "security.jail.chflags_allowed",
> "allow.nochflags", "allow.chflags" },
> { "security.jail.mount_allowed",
> - "allow.nomount", "allow.mount" },
> + "allow.mount", "allow.nomount" },
> { "security.jail.socket_unixiproute_only",
> "allow.socket_af", "allow.nosocket_af" },
> };
>
>
>> Release-Note:
>> Audit-Trail:
>> Unformatted:
> _______________________________________________
> freebsd-bugs@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
> To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org"
--------------090403000502010508070509
Content-Type: text/plain;
name="libjail.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="libjail.diff"
Index: lib/libjail/jail.c
===================================================================
--- lib/libjail/jail.c (revision 232240)
+++ lib/libjail/jail.c (working copy)
@@ -885,36 +885,20 @@
* the "no" counterpart to a boolean.
*/
nname = nononame(jp->jp_name);
- if (nname != NULL) {
- snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname);
- free(nname);
- miblen = sizeof(mib) - 2 * sizeof(int);
- if (sysctl(mib, 2, mib + 2, &miblen, desc.s,
- strlen(desc.s)) >= 0) {
- mib[1] = 4;
- desclen = sizeof(desc);
- if (sysctl(mib, (miblen / sizeof(int)) + 2,
- &desc, &desclen, NULL, 0) < 0) {
- snprintf(jail_errmsg,
- JAIL_ERRMSGLEN,
- "sysctl(0.4.%s): %s", desc.s,
- strerror(errno));
- return (-1);
- }
- if ((desc.i & CTLTYPE) == CTLTYPE_INT &&
- desc.s[0] == 'B') {
- jp->jp_ctltype = desc.i;
- jp->jp_flags |= JP_NOBOOL;
- jp->jp_valuelen = sizeof(int);
- return (0);
- }
- }
+ if (nname == NULL) {
+ unknown_parameter:
+ snprintf(jail_errmsg, JAIL_ERRMSGLEN,
+ "unknown parameter: %s", jp->jp_name);
+ errno = ENOENT;
+ return (-1);
}
- unknown_parameter:
- snprintf(jail_errmsg, JAIL_ERRMSGLEN,
- "unknown parameter: %s", jp->jp_name);
- errno = ENOENT;
- return (-1);
+ snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname);
+ free(nname);
+ miblen = sizeof(mib) - 2 * sizeof(int);
+ if (sysctl(mib, 2, mib + 2, &miblen, desc.s,
+ strlen(desc.s)) < 0)
+ goto unknown_parameter;
+ jp->jp_flags |= JP_NOBOOL;
}
mib_desc:
mib[1] = 4;
@@ -925,6 +909,16 @@
"sysctl(0.4.%s): %s", jp->jp_name, strerror(errno));
return (-1);
}
+ jp->jp_ctltype = desc.i;
+ /* If this came from removing a "no", it better be a boolean. */
+ if (jp->jp_flags & JP_NOBOOL) {
+ if ((desc.i & CTLTYPE) == CTLTYPE_INT && desc.s[0] == 'B') {
+ jp->jp_valuelen = sizeof(int);
+ return (0);
+ }
+ else if ((desc.i & CTLTYPE) != CTLTYPE_NODE)
+ goto unknown_parameter;
+ }
/* See if this is an array type. */
p = strchr(desc.s, '\0');
isarray = 0;
@@ -935,7 +929,6 @@
p[-2] = 0;
}
/* Look for types we understand. */
- jp->jp_ctltype = desc.i;
switch (desc.i & CTLTYPE) {
case CTLTYPE_INT:
if (desc.s[0] == 'B')
--------------090403000502010508070509--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202282300.q1SN0SGU031817>