From owner-freebsd-bugs@FreeBSD.ORG Wed Dec 16 12:40:01 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 25DD7106566C for ; Wed, 16 Dec 2009 12:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id DC75C8FC22 for ; Wed, 16 Dec 2009 12:40:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nBGCe0V0076168 for ; Wed, 16 Dec 2009 12:40:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nBGCe0o8076167; Wed, 16 Dec 2009 12:40:00 GMT (envelope-from gnats) Resent-Date: Wed, 16 Dec 2009 12:40:00 GMT Resent-Message-Id: <200912161240.nBGCe0o8076167@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Markiyan Kushnir Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5279C106568F for ; Wed, 16 Dec 2009 12:36:47 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 3FFBA8FC0A for ; Wed, 16 Dec 2009 12:36:47 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id nBGCal69079626 for ; Wed, 16 Dec 2009 12:36:47 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id nBGCalSx079625; Wed, 16 Dec 2009 12:36:47 GMT (envelope-from nobody) Message-Id: <200912161236.nBGCalSx079625@www.freebsd.org> Date: Wed, 16 Dec 2009 12:36:47 GMT From: Markiyan Kushnir To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: conf/141678: A minor enhancement to how /etc/rc.d/jail determines mount points used in jails X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2009 12:40:01 -0000 >Number: 141678 >Category: conf >Synopsis: A minor enhancement to how /etc/rc.d/jail determines mount points used in jails >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Dec 16 12:40:00 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Markiyan Kushnir >Release: 8.0-STABLE >Organization: Lohika Systems >Environment: FreeBSD localhost 8.0-STABLE FreeBSD 8.0-STABLE #2: Fri Dec 11 00:54:35 EET 2009 root@localhost:/usr/obj/usr/src/sys/MAREK i386 >Description: As a part of jail cleanup the /etc/rc.d/jail script performs un-mount of the configured mount points, such as dev, fdesc, proc, as well as those in the jail's fstab file. To safely umount the mount point, it first checks if it is really a mount point, calling is_current_mountpoint(). This function performs rather naive path normalization, which fails if there are "/./" present in the mount point path. It can occur if, for example, the fstab file if automatically generated. Such paths are, however, perfectly valid input to the mount(8). Please consider a little bit advanced version of the path normalization, which I propose to put in the rc.subr. >How-To-Repeat: One might have the following fstab: /data/test-release/R/stage/trees/base/bin /usr/jails/M/./bin nullfs ro 0 0 /data/test-release/R/stage/trees/base/boot /usr/jails/M/./boot nullfs ro 0 0 >Fix: Please see the patch attached. Patch attached with submission follows: --- etc/rc.subr 2009-12-16 12:46:34.000000000 +0200 +++ etc/rc.subr.mkushnir 2009-12-16 14:18:16.000000000 +0200 @@ -1,5 +1,5 @@ # $NetBSD: rc.subr,v 1.67 2006/10/07 11:25:15 elad Exp $ -# $FreeBSD: src/etc/rc.subr,v 1.88.2.7 2009/12/15 23:05:16 dougb Exp $ +# $FreeBSD$ # # Copyright (c) 1997-2004 The NetBSD Foundation, Inc. # All rights reserved. @@ -738,7 +738,7 @@ if [ -n "$_nice" ]; then if [ -z "$_user" ]; then _doit="sh -c \"$_doit\"" - fi + fi _doit="nice -n $_nice $_doit" fi fi @@ -1063,7 +1063,7 @@ esac done } - + # # load_rc_config_var name var # Read the rc.conf(5) var for name and set in the @@ -1702,6 +1702,48 @@ return 0 } +# normalize_path() +# Removes excess components from the file path: +# - single dots, double dots, multiple consecutive slashes +# are correctly collapsed +# Correctly handles spaces in the path components. +# +normalize_path() +{ + echo ${1} | awk '{ + res = ""; + split($0, pieces, "/"); + ii = 0; + len = length(pieces); + for (i = 1; i <= len; i++) { + if (pieces[i] == "") { + if (i == 1) { + # absolute path + res = "/"; + } + } else if (pieces[i] == ".") { + # ignoring dot + } else if (pieces[i] == "..") { + # unwind the path one step + if (ii > 0) { + delete tmp[ii-1]; + ii--; + } + } else { + tmp[ii] = pieces[i]; + ii++; + } + } + for (i = 0; i < length(tmp); i++) res = res tmp[i] "/"; + # remove trailing slash from the result + if (length(res) != 1) { + sub("/$", "", res); + } + print res; +}' +} + fi + _rc_subr_loaded=: --- etc/rc.d/jail 2009-12-16 13:34:53.000000000 +0200 +++ etc/rc.d/jail.mkushnir 2009-12-16 13:35:18.000000000 +0200 @@ -1,6 +1,6 @@ #!/bin/sh # -# $FreeBSD: src/etc/rc.d/jail,v 1.44 2009/11/02 09:56:46 remko Exp $ +# $FreeBSD$ # # PROVIDE: jail @@ -237,7 +237,7 @@ _dir=$1 - _dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'` + _dir="`normalize_path \"${_dir}\"`" [ ! -d "${_dir}" ] && return 1 _dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'` [ "${_dir}" = "${_dir2}" ] >Release-Note: >Audit-Trail: >Unformatted: