From owner-freebsd-bugs@FreeBSD.ORG  Mon Sep  6 05:20:23 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 90A0116A4CE
	for <freebsd-bugs@hub.freebsd.org>;
	Mon,  6 Sep 2004 05:20:23 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7075543D2D
	for <freebsd-bugs@hub.freebsd.org>;
	Mon,  6 Sep 2004 05:20:23 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i865KNki033951
	for <freebsd-bugs@freefall.freebsd.org>; Mon, 6 Sep 2004 05:20:23 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i865KNpH033950;
	Mon, 6 Sep 2004 05:20:23 GMT
	(envelope-from gnats)
Resent-Date: Mon, 6 Sep 2004 05:20:23 GMT
Resent-Message-Id: <200409060520.i865KNpH033950@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	John Little <gaijin@pucebaboon.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5B7EF16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon,  6 Sep 2004 05:13:18 +0000 (GMT)
Received: from pucegate.pucebaboon.com (YahooBB219186110019.bbtec.net
	[219.186.110.19])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AF96243D55
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon,  6 Sep 2004 05:13:17 +0000 (GMT)
	(envelope-from gaijin@pucebaboon.com)
Received: from localhost (localhost.pucebaboon.com [127.0.0.1])
	by pucegate.pucebaboon.com (Postfix) with ESMTP
	id 1735726BD4; Mon,  6 Sep 2004 14:13:16 +0900 (JST)
Received: from pucegate.pucebaboon.com ([127.0.0.1])
 by localhost (alnwick.pucebaboon.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 20446-01; Mon,  6 Sep 2004 14:13:12 +0900 (JST)
Received: from alwin.pucebaboon.com (alwin.pucebaboon.com [192.168.172.70])
	by pucegate.pucebaboon.com (Postfix) with ESMTP
	id AEC9C26BD3; Mon,  6 Sep 2004 14:13:12 +0900 (JST)
Message-Id: <Pine.LNX.4.44.0409061408400.2547-100000@alwin.pucebaboon.com>
Date: Mon, 6 Sep 2004 14:13:10 +0900 (JST)
From: John Little <gaijin@pucebaboon.com>
To: FreeBSD-gnats-submit@FreeBSD.org
cc: gaijin@pucebaboon.com
Subject: conf/71415: [PATCH] /etc/rc.subr - devfs ruleset parsing in
	devfs_set_ruleset()
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Sep 2004 05:20:23 -0000


>Number:         71415
>Category:       conf
>Synopsis:       [PATCH] /etc/rc.subr - devfs ruleset parsing in devfs_set_ruleset()
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 06 05:20:23 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     John Little
>Release:        FreeBSD 5.2.1-RELEASE i386
>Organization:
PuceBaboon Y.K., Japan.
>Environment:

System: FreeBSD middledean.pucebaboon.com 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386

   This is non-processor specific.  The same problem still exists in
   releases up to and including 5.3-BETA-3.

>Description:

   Setting up a Jail environment as per the rc.conf man page (specifically,
   using devfs rulesets to limit access within the jail) and using the
   /etc/defaults/devfs.rules, always results in a failure of 
   /etc/rc.d/jail, with this message:-

Starting Jails:/etc/rc.d/jail: WARNING: devfs_set_ruleset: you must specify a ruleset number

   The cause is a faulty eval statement in /etc/rc.subr, where 
   devfs_set_ruleset() checks the arguments passed ($1).

   This is a devfs problem which is not jail specific (it just happens to
   cause jail starts to fail and so be most noticeable at that time).


>How-To-Repeat:

   - Add to rc.conf:-

##
## Jail config follows.
##
sendmail_enable="NO"
inetd_flags="-wW -a 192.168.1.6"
rpcbind_enable="NO"
devfs_rulesets="/etc/defaults/devfs.rules"
jail_enable="YES"
jail_list="mydemojail"
jail_set_hostname_allow="NO"
jail_socket_unixiproute_only="NO"
jail_sysvipc_allow="NO"
##
## First Jail (mydemojail.pucebaboon.com).
##
jail_mydemojail_rootdir="/usr/jail/mydemojail"
jail_mydemojail_hostname="mydemojail.houserock.com"
jail_mydemojail_ip="192.168.1.3"
jail_mydemojail_devfs_ruleset="4"
jail_mydemojail_devfs_enable="YES"
jail_mydemojail_fdescfs_enable="NO"
jail_mydemojail_procfs_enable="YES"

   - Run "sh -x /etc/rc.d/jail start >& /tmp/jail.log"

   The ruleset exists in /etc/defaults/devfs.rules and the verbose output
   will indicate that the rulesets are read from the file.  However, the
   call to devfs_set_ruleset() in /etc/rc.subr fails to eval $1 correctly
   and causes the whole jail start sequence to abort.

>Fix:

   Delete the escaped-dollar ("\$") in the eval statement in 
   devfs_set_ruleset() to leave a plain variable:-



*** /etc/rc.subr	Mon Sep  6 13:52:06 2004
--- /tmp/rc.subr	Mon Sep  6 13:51:00 2004
***************
*** 1165,1171 ****
  devfs_set_ruleset()
  {
  	local devdir rs _me
! 	[ -n "$1" ] && eval rs=\$$1 || rs=
  	[ -n "$2" ] && devdir="-m "$2"" || devdir=
  	_me="devfs_set_ruleset"
  
--- 1165,1171 ----
  devfs_set_ruleset()
  {
  	local devdir rs _me
! 	[ -n "$1" ] && eval rs=$1 || rs=
  	[ -n "$2" ] && devdir="-m "$2"" || devdir=
  	_me="devfs_set_ruleset"
  


>Release-Note:
>Audit-Trail:
>Unformatted: