From owner-freebsd-current@freebsd.org Tue Oct 10 21:10:42 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 35734E3D120 for ; Tue, 10 Oct 2017 21:10:42 +0000 (UTC) (envelope-from olevole@olevole.ru) Received: from mail-lf0-x242.google.com (mail-lf0-x242.google.com [IPv6:2a00:1450:4010:c07::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9FB9C6CFE5 for ; Tue, 10 Oct 2017 21:10:41 +0000 (UTC) (envelope-from olevole@olevole.ru) Received: by mail-lf0-x242.google.com with SMTP id j73so11622741lfg.0 for ; Tue, 10 Oct 2017 14:10:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=olevole-ru.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=mTb5Xy8RRveVW9z5Ldgi86T7SfMv+MAHTANmSAvKm54=; b=1ksSl7CQ6ZxdV+pRBkBt/yV+qS5aKORHrSA148iDdQkv9/ZmTkEvi0vE8Os/zukN0d LWMKj5KGaOnB9hMY5jJiBqx+OiN/p+evvF8I5I0TyJc7tdfWuyDcyZclR1HvY9Z4YUa3 9dN2mhUfUOtCR0KIvNATWYQiC1ofMvTy+2377kri6csfxb3oPnr2hHvASuyY7zTvtPIB xZi1vVAgNbqXNpTnJoefTlLBgKQLbr/L4ZfPuwGwhtZ0K4xX/A7qPLwB/L/jWKCjTpc7 sdVSoFjkieOC80rkP2/pJ+stR4PdYvXWCV7eZhxaGJ0gefELesOT85nzO1ezvdqZwmJY SzDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=mTb5Xy8RRveVW9z5Ldgi86T7SfMv+MAHTANmSAvKm54=; b=eCd8BLL2KLkPsezsKgv+Ra0wxUww7yfn8wKxZnHV7qjvMXTWW/g28zExXX7oYKnFwU kew/c4m3liVtx7o+S42AHkvb8rjiR7zvTO7tbrqC9gFOYThc70t4U8Bcrwo9wpEn5K7f EC4bFew6lwozwubqACYZwDXZ6veBO+h8S+HDBYJuNIK7Tst4Svo9Nh2XPJCQ9G84q3Gm mapX7C4hqbAnrSpYi64uqhWjqp/jlQ8iz3nzy5P0xWnaz2HNp3cX4AXh9PXiWbQJ+x6e X2F5Lz2pMt8/VgFYdNtT03kDERP+vEQQ24g1SBlA6MecK1f6JpN1tKL1PcqWYGd4QcxG L4aw== X-Gm-Message-State: AMCzsaVCAAulCZWcK8lhMoZhHZFGrv2UNvSq39790CO217ZZ0jPWneza 2bqHqoCWkenJ6wXF/LSxj1t36xt3FxDUx8bJk2ltSfmgDcE= X-Google-Smtp-Source: AOwi7QBKD1gj8SQM+1Ib56jtY9dsJPap6GCoRG0FSy4trTxL1AwXWFKSPZaeYwsEtmIyOhmqxZAkrhV/xVN9xTzcRxE= X-Received: by 10.46.43.78 with SMTP id q75mr1181119lje.25.1507669838717; Tue, 10 Oct 2017 14:10:38 -0700 (PDT) MIME-Version: 1.0 Received: by 10.25.148.213 with HTTP; Tue, 10 Oct 2017 14:10:37 -0700 (PDT) X-Originating-IP: [83.102.217.196] In-Reply-To: <6D37D4AC-9DF4-4D55-8614-43CFC6BDD45E@sigsegv.be> References: <20171009072547.jauim6tlfennydf5@hal9000.meka.no-ip.org> <6D37D4AC-9DF4-4D55-8614-43CFC6BDD45E@sigsegv.be> From: Oleg Ginzburg Date: Tue, 10 Oct 2017 21:10:37 +0000 Message-ID: Subject: Re: VNET jail and dhclient To: Kristof Provost , FreeBSD Current Cc: =?UTF-8?B?R29yYW4gTWVracSH?= , freebsd-jail@freebsd.org X-Mailman-Approved-At: Tue, 10 Oct 2017 22:02:20 +0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Oct 2017 21:10:42 -0000 Hello! On Tue, Oct 10, 2017 at 8:24 PM, Kristof Provost wrote= : > On 9 Oct 2017, at 9:25, Goran Meki=C4=87 wrote: > > Hello, > > > > TLDR: I can setup static IP or use dhcpcd to get address, but not > dhclient. > > > > Let me elaborate. I run 12-CURRENT on my laptop and use CBSD as jail > manager (I don't think it matters). > > > What version of CURRENT are you using? > > > # dhclient eth0 > > chroot > > exiting. > > > > This is what I found with truss: https://gist.github.com/anonymous/ > 36a4e2bf1760198971934ff609a7d0de#file-gistfile1-txt-L227-L228. Selected > lines are what I think is the problem. Offending line in the code is > probably https://svnweb.freebsd.org/base/head/sbin/dhclient/ > dhclient.c?revision=3D317915&view=3Dmarkup#l507. With that asumption, Ole= g, > CBSD author, noticed that the following "patch" works: > > > Is there any chance you don=E2=80=99t have /var/empty in your jail? > > I do this to create a simple vnet jail: > sudo jail -c name=3Dalcatraz persist vnet vnet.interface=3Depair0b > (in the jail) dhclient epair0b > > And see: > =E2=80=A6 > fsync(0x9) =3D 0 (0x0) > close(8) =3D 0 (0x0) > socket(PF_ROUTE,SOCK_RAW,0) =3D 8 (0x8) > shutdown(8,SHUT_WR) =3D 0 (0x0) > cap_rights_limit(8,{ CAP_READ,CAP_EVENT }) =3D 0 (0x0) > chroot("/var/empty") =3D 0 (0x0) > chdir("/") =3D 0 (0x0) > setgroups(0x1,0x800e2c1e4) =3D 0 (0x0) > =E2=80=A6 > > I also see the DCHP request packets on the other end of the epair > interface. > > Regards, > Kristof > What is your FreeBSD version? This problem reproduced on FreeBSD 12 only. /var/empty is exist and trivial test: #include #include int main() { printf("%d\n",chroot("/var/empty"); } works successfully. I think I found something, but I do not understand why this is only observed in jail and with commit change this. The problem about which the Goran wrote can be fixed with: # diff -ruN dhclient.c-orig dhclient.c --- dhclient.c-orig 2017-10-10 23:51:52.451361000 +0000 +++ dhclient.c 2017-10-10 23:54:55.803404000 +0000 @@ -479,6 +479,7 @@ fork_privchld(pipe_fd[0], pipe_fd[1]); + pidfile_close(pidfile); close(ifi->ufdesc); ifi->ufdesc =3D -1; close(ifi->wfdesc); >From pidfile(3) man page: The pidfile_close() function closes a pidfile. It should be used after daemon fork()s to start a child process. chroot(2) in dhclient return NOPERM (via global errno). it seems to be related to open descriptor outside the chroot. I'm not sure if this fd leak (due to pidfile_remove at the end of dhclient), nevertheless closing pid fd in my jail/FreeBSD12 before chroot solve dhclient issue.