From owner-freebsd-bugs@FreeBSD.ORG Wed Sep 4 06:10:01 2013 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 66A14BD8 for ; Wed, 4 Sep 2013 06:10:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 45EF223BB for ; Wed, 4 Sep 2013 06:10:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r846A1Gu071532 for ; Wed, 4 Sep 2013 06:10:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r846A0xm071531; Wed, 4 Sep 2013 06:10:00 GMT (envelope-from gnats) Resent-Date: Wed, 4 Sep 2013 06:10:00 GMT Resent-Message-Id: <201309040610.r846A0xm071531@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Karl Pielorz Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id C5D5FBCF for ; Wed, 4 Sep 2013 06:09:54 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B426F23B6 for ; Wed, 4 Sep 2013 06:09:54 +0000 (UTC) Received: from oldred.freebsd.org ([127.0.1.6]) by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r8469slQ022899 for ; Wed, 4 Sep 2013 06:09:54 GMT (envelope-from nobody@oldred.freebsd.org) Received: (from nobody@localhost) by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r8469sbV022892; Wed, 4 Sep 2013 06:09:54 GMT (envelope-from nobody) Message-Id: <201309040609.r8469sbV022892@oldred.freebsd.org> Date: Wed, 4 Sep 2013 06:09:54 GMT From: Karl Pielorz To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: misc/181794: jexec runs commands in Jails without taking into account of the Jail's FIB X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Sep 2013 06:10:01 -0000 >Number: 181794 >Category: misc >Synopsis: jexec runs commands in Jails without taking into account of the Jail's FIB >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Sep 04 06:10:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Karl Pielorz >Release: 9.2-BETA2 amd64 >Organization: >Environment: FreeBSD somehost.somedomain.com 9.2-BETA2 FreeBSD 9.2-BETA2 #0 r253951M: Mon Aug 12 09:39:57 BST 2013 kpielorz@somedomain.com:/sys/amd64/compile/GENERIC amd64 >Description: When using jails, if you specify a FIB to be used in the jail (so it can have it's own copy of the routing table) - running commands with 'jexec' ignores this FIB - and launches the command specified using the system default FIB (i.e. FIB 0). This makes troubleshooting FIB issues very tricky unless you're aware of this issue (think lots of lost hours! :) >How-To-Repeat: Setup the system to support FIBs (multiple routing tables) - and configure a jail to use a specific FIB, i.e. using '/etc/jail.conf' - e.g. jail { [blah] exec.fib = 1; } When you launch the jail with 'jail -c jail' it will be created, and it will use the FIB specified. If you then attach to the jail, e.g. using 'jexec 1 tcsh' - that process will be launched with the default FIB (i.e. FIB 0) - and not the one that the jail is using. >Fix: Either jexec documentation needs a warning that it will launch the process with the default FIB - not the one for the jail, and that you should use 'setfib jail-fib jexec 1 tcsh'. Or, have jexec actually honour the FIB set in /etc/jail.conf - so that 'jexec 1 tcsh' will set the correct FIB before launching the tcsh in jail #1. >Release-Note: >Audit-Trail: >Unformatted: