From owner-freebsd-bugs@freebsd.org Mon Oct 30 18:38:15 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1CE57E63916 for ; Mon, 30 Oct 2017 18:38:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0B2506DAA5 for ; Mon, 30 Oct 2017 18:38:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v9UIcEtK043735 for ; Mon, 30 Oct 2017 18:38:14 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 223327] dhclient: close the pidfile before calling chroot(2) Date: Mon, 30 Oct 2017 18:38:14 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: olevole@olevole.ru X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Oct 2017 18:38:15 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223327 Bug ID: 223327 Summary: dhclient: close the pidfile before calling chroot(2) Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: olevole@olevole.ru Created attachment 187588 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D187588&action= =3Dedit forces the dhclient to work in the vnet-jail again on FreeBSD-CURRENT At the moment dhclient(8) does not work in vnet jail under FreeBSD 12-CURRE= NT.=20 If you try to execute dhclient in jail, it will return with the following error: -- chroot exiting. -- and NOPERM in errno. This behavior occurs when you try to execute a chroot with an open to the outside environment descriptor kern.chroot_allow_open_directories can affect this behavior, but apparently= in dhclient it is not necessary to keep fd open, because all operations on it occur before chroot. This patch forces the dhclient to work in the jail again. How to reproduce problem (have fresh FreeBSD 12-CURRENT, e.g. 325104+): -- 1) prepare base for chroot % mkdir /tmp/base % cd /tmp/base % wget http://ftp.freebsd.org/pub/FreeBSD/snapshots/amd64/12.0-CURRENT/base= .txz % tar xfz base.txz % ifconfig epair0 create 2) Wrote /tmp/jail.conf: jail1 { path =3D /tmp/base; devfs_ruleset=3D"99"; allow.mount; vnet =3D new; vnet.interface =3D epair0a; mount.devfs; interface =3D vlan1; allow.raw_sockets; allow.sysvipc; exec.start =3D "/bin/sh /etc/rc"; exec.stop =3D "/bin/sh /etc/rc.shutdown"; } 3) Create jail: jail -c -f /jail1.conf 4) Try to dhclient where 4 is jail ID: jexec 4 dhclient epair0a -- --=20 You are receiving this mail because: You are the assignee for the bug.=