From owner-freebsd-bugs@FreeBSD.ORG  Fri Jan  4 10:40:01 2008
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6C41E16A41B
	for <freebsd-bugs@hub.freebsd.org>;
	Fri,  4 Jan 2008 10:40:01 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 4968813C46E
	for <freebsd-bugs@hub.freebsd.org>;
	Fri,  4 Jan 2008 10:40:01 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m04Ae1Qw092292
	for <freebsd-bugs@freefall.freebsd.org>; Fri, 4 Jan 2008 10:40:01 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m04Ae1vk092285;
	Fri, 4 Jan 2008 10:40:01 GMT (envelope-from gnats)
Resent-Date: Fri, 4 Jan 2008 10:40:01 GMT
Resent-Message-Id: <200801041040.m04Ae1vk092285@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Alexander Chernikov <admin@su29.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9774516A515
	for <freebsd-gnats-submit@FreeBSD.org>;
	Fri,  4 Jan 2008 10:33:30 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 86ADD13C448
	for <freebsd-gnats-submit@FreeBSD.org>;
	Fri,  4 Jan 2008 10:33:30 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m04AWas4047106
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 4 Jan 2008 10:32:36 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m04AWaLp047103;
	Fri, 4 Jan 2008 10:32:36 GMT (envelope-from nobody)
Message-Id: <200801041032.m04AWaLp047103@www.freebsd.org>
Date: Fri, 4 Jan 2008 10:32:36 GMT
From: Alexander Chernikov <admin@su29.net>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: bin/119331: [patch] sysinstall can not use network in jailed
	environment
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jan 2008 10:40:01 -0000


>Number:         119331
>Category:       bin
>Synopsis:       [patch] sysinstall can not use network in jailed environment
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 04 10:40:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Alexander Chernikov
>Release:        8.0-CURRENT
>Organization:
>Environment:
FreeBSD ws.su29.net 8.0-CURRENT FreeBSD 8.0-CURRENT #: Wed Dec 12 18:40:32 MSK 2007     melifaro@ws.su29.net:/usr/obj/usr/src/sys/CURR  i386

>Description:
sysinstall detects networking interfaces by enumerating them and skipping non- AF_LINK ones. Enumerating in jail cause kernel sending only AF_INET ones, so sysinstall is not able to find any network device. Patch checks if we're running in jail and skips some unnecessary checks.


Testcase:
HOST machine:
HOST:
20:56 [3] m@ws /usr/jj/root/ifcheck
Probing devices, please wait (this can take a while)...
ifcheck: name = nve0 sa_family = 0x12 [AF_LINK]
ifcheck: name = nve0 sa_family = 0x1C [AF_INET6]
ifcheck: name = nve0 sa_family = 0x2  [AF_INET]
ifcheck: name = nve0 sa_family = 0x2  [AF_INET]
ifcheck: name = lo0 sa_family = 0x12 [AF_LINK]
ifcheck: name = lo0 sa_family = 0x1C [AF_INET6]
ifcheck: name = lo0 sa_family = 0x1C [AF_INET6]
ifcheck: name = lo0 sa_family = 0x2  [AF_INET]

20:56 [3] m@ws ifconfig
nve0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:01:6c:ce:7e:91
        inet6 fe80::201:6cff:fece:7e91%nve0 prefixlen 64 scopeid 0x1
        inet 10.0.0.5 netmask 0xffffff00 broadcast 10.0.0.255
        inet 1.2.3.44 netmask 0xffffffff broadcast 1.2.3.44
        media: Ethernet autoselect (100baseTX <full-duplex,flag0,flag1>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000

-------
JAIL:
mykewljail# ./ifcheck
Probing devices, please wait (this can take a while)...
ifcheck name = nve0 sa_family = 0x2 [AF_INET]
ifcheck name = lo0 sa_family = 0x0
ifcheck name =  sa_family = 0x0

mykewljail# ifconfig
nve0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:01:6c:ce:7e:91
        inet 1.2.3.44 netmask 0xffffffff broadcast 1.2.3.44
        media: Ethernet autoselect (100baseTX <full-duplex,flag0,flag1>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384

>How-To-Repeat:

>Fix:
Patch http://stats.dalnet.ru/sysinstall_jail.diff fixes the problem.
Tested on 8.0-CURRENT/i386 and 6.2-RELEASE-p1/amd64

Patch attached with submission follows:

--- /usr/src/usr.sbin/sysinstall/devices.c	2007-03-27 06:31:34.000000000 +0400
+++ /usr/src/usr.sbin/sysinstall/devices.c.new	2008-01-03 22:41:32.000000000 +0300
@@ -41,6 +41,7 @@
 #include <sys/ioctl.h>
 #include <sys/errno.h>
 #include <sys/time.h>
+#include <sys/sysctl.h>
 #include <net/if.h>
 #include <net/if_var.h>
 #include <net/if_dl.h>
@@ -271,7 +262,8 @@
 void
 deviceGetAll(void)
 {
-    int i, j, fd, s;
+    int i, j, fd, s, jailed;
+    size_t sz = sizeof(jailed);
     struct ifconf ifc;
     struct ifreq *ifptr, *end;
     int ifflags;
@@ -290,6 +282,9 @@
     if (ioctl(s, SIOCGIFCONF, (char *) &ifc) < 0)
 	goto skipif;	/* Jump over network iface probing */
 
+    if (sysctlbyname("security.jail.jailed", &jailed, &sz, NULL, 0) < 0)
+	  jailed = 0; /* Assume host env */
+
     close(s);
     ifflags = ifc.ifc_req->ifr_flags;
     end = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len);
@@ -297,11 +292,12 @@
 	char *descr;
 
 	/* If it's not a link entry, forget it */
-	if (ifptr->ifr_ifru.ifru_addr.sa_family != AF_LINK)
+	if (((ifptr->ifr_ifru.ifru_addr.sa_family != AF_LINK) && (jailed == 0)) || 
+		(ifptr->ifr_ifru.ifru_addr.sa_family == AF_INET) || ifptr->ifr_ifru.ifru_addr.sa_family == AF_INET6)
 	    goto loopend;
 
 	/* Eliminate network devices that don't make sense */
-	if (!strncmp(ifptr->ifr_name, "lo", 2))
+	if ((!strncmp(ifptr->ifr_name, "lo", 2)) && (jailed == 0))
 	    goto loopend;
 
 	/* If we have a slip device, don't register it */
@@ -309,7 +305,7 @@
 	    goto loopend;
 	}
 	/* And the same for ppp */
-	if (!strncmp(ifptr->ifr_name, "tun", 3) || !strncmp(ifptr->ifr_name, "ppp", 3)) {
+	if ((!strncmp(ifptr->ifr_name, "tun", 3) || !strncmp(ifptr->ifr_name, "ppp", 3)) && (jailed == 0)) {
 	    goto loopend;
 	}
 	/* Try and find its description */


>Release-Note:
>Audit-Trail:
>Unformatted: