Date: Sat, 7 Feb 2009 16:37:02 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r188293 - head/etc/rc.d Message-ID: <200902071637.n17Gb25u098377@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bz Date: Sat Feb 7 16:37:02 2009 New Revision: 188293 URL: http://svn.freebsd.org/changeset/base/188293 Log: Named normally cannot be started chrooted inside a jail. Thus treat the jail case specifically. In case we find a proper pre-seeded devfs in the chroot path (mounted from the base system) permit starting chrooted else give proper warn/error messages. PR: conf/103489 Reviewed by: dougb MFC after: 5 days Modified: head/etc/rc.d/named Modified: head/etc/rc.d/named ============================================================================== --- head/etc/rc.d/named Sat Feb 7 15:51:32 2009 (r188292) +++ head/etc/rc.d/named Sat Feb 7 16:37:02 2009 (r188293) @@ -61,10 +61,23 @@ chroot_autoupdate() # Mount a devfs in the chroot directory if needed # - umount ${named_chrootdir}/dev 2>/dev/null - devfs_domount ${named_chrootdir}/dev devfsrules_hide_all - devfs -m ${named_chrootdir}/dev rule apply path null unhide - devfs -m ${named_chrootdir}/dev rule apply path random unhide + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null + devfs_domount ${named_chrootdir}/dev devfsrules_hide_all + devfs -m ${named_chrootdir}/dev rule apply path null unhide + devfs -m ${named_chrootdir}/dev rule apply path random unhide + else + if [ -c ${named_chrootdir}/dev/null -a \ + -c ${named_chrootdir}/dev/random ]; then + info "named chroot: using pre-mounted devfs." + else + err 1 "named chroot: devfs cannot be mounted from" \ + "within a jail. Thus a chrooted named cannot" \ + "be run from within a jail." \ + "To run named without chrooting it, set" \ + "named_chrootdir=\"\" in /etc/rc.conf." + fi + fi # Copy and/or update key files to the chroot /etc # @@ -113,7 +126,12 @@ named_stop() named_poststop() { if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null || true + else + warn "named chroot:" \ + "cannot unmount devfs from inside jail!" + fi fi }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902071637.n17Gb25u098377>