Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 30 Oct 2017 18:38:14 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 223327] dhclient: close the pidfile before calling chroot(2)
Message-ID:  <bug-223327-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223327

            Bug ID: 223327
           Summary: dhclient: close the pidfile before calling chroot(2)
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: olevole@olevole.ru

Created attachment 187588
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D187588&action=
=3Dedit
forces the dhclient to work in the vnet-jail again on FreeBSD-CURRENT

At the moment dhclient(8) does not work in vnet jail under FreeBSD 12-CURRE=
NT.=20
If you try to execute dhclient in jail, it will return with the following
error:
--
chroot
exiting.
--
and NOPERM in errno.

This behavior occurs when you try to execute a chroot with an open to the
outside environment descriptor

kern.chroot_allow_open_directories can affect this behavior, but apparently=
 in
dhclient it is not necessary to keep fd open, because all operations on it
occur before chroot.

This patch forces the dhclient to work in the jail again.

How to reproduce problem (have fresh FreeBSD 12-CURRENT, e.g. 325104+):
--
1) prepare base for chroot
% mkdir /tmp/base
% cd /tmp/base
% wget http://ftp.freebsd.org/pub/FreeBSD/snapshots/amd64/12.0-CURRENT/base=
.txz
% tar xfz base.txz
% ifconfig epair0 create


2) Wrote /tmp/jail.conf:

jail1 {
    path =3D /tmp/base;
    devfs_ruleset=3D"99";
    allow.mount;
    vnet =3D new;
    vnet.interface =3D epair0a;
    mount.devfs;
    interface =3D vlan1;
    allow.raw_sockets;
    allow.sysvipc;
    exec.start =3D "/bin/sh /etc/rc";
    exec.stop =3D "/bin/sh /etc/rc.shutdown";
}

3) Create jail:
jail -c -f /jail1.conf

4) Try to dhclient where 4 is jail ID:
jexec 4 dhclient epair0a
--

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-223327-8>