Site Navigation

Date:      Tue, 28 Feb 2012 19:02:00 -0500
From:      Glen Barber <gjb@FreeBSD.org>
To:        Jamie Gritton <jamie@FreeBSD.org>
Cc:        freebsd-jail@FreeBSD.org, freebsd-gnats-submit@FreeBSD.org, Martin Matuska <mm@FreeBSD.org>
Subject:   Re: bin/165515: [jail][patch] "jail: unknown parameter: allow.nomount" when starting jail
Message-ID:  <20120229000200.GB2326@glenbarber.us>
In-Reply-To: <4F4D56E4.3090109@FreeBSD.org>
References:  <201202280121.q1S1L6Sr047797@red.freebsd.org> <4F4D56E4.3090109@FreeBSD.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--IiVenqGWf+H9Y6IX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Jamie,

This patch fixes the problem for me.

Thank you!

Glen

On Tue, Feb 28, 2012 at 03:36:20PM -0700, Jamie Gritton wrote:
> The allow.mount parameter recently changed in a subtle way - it's now
> a node (to e.g. allow.mount.devfs) as well as a parameter in its own
> right. This confused libjail which knows how to handle such parameters
> as long as they're not boolean.
>=20
> I'm including my proposed fix to libjail. This this fix, allow.nomount
> should once again work, as should allow.mount and other things such as
> allow.quotas/allow.noquotas should work as they did before.
>=20
> - Jamie
>=20
>=20
> On 02/27/12 18:21, Glen Barber wrote:
> >
> >> Number:         165515
> >> Category:       bin
> >> Synopsis:       [jail][patch] "jail: unknown parameter: allow.nomount"=
 when starting jail
> >> Confidential:   no
> >> Severity:       non-critical
> >> Priority:       low
> >> Responsible:    freebsd-bugs
> >> State:          open
> >> Quarter:
> >> Keywords:
> >> Date-Required:
> >> Class:          sw-bug
> >> Submitter-Id:   current-users
> >> Arrival-Date:   Tue Feb 28 01:30:07 UTC 2012
> >> Closed-Date:
> >> Last-Modified:
> >> Originator:     Glen Barber
> >> Release:        10.0-CURRENT r232116M
> >> Organization:
> >> Environment:
> > FreeBSD nucleus 10.0-CURRENT FreeBSD 10.0-CURRENT #7 r232116M: Sun Feb =
26 14:12:14 EST 2012     root@nucleus:/usr/obj/usr/src/sys/NUCLEUS  amd64
> >> Description:
> > On a recent -CURRENT, the jail(8) rc script fails to start jails.  This=
 seems to be caused by looking up a sysctl that does not exist.
> >> How-To-Repeat:
> > Create a minimalistic jail setup as follows:
> >
> >   nucleus# cat /etc/rc.conf.local
> >   #
> >   jail_enable=3D"YES"
> >   jail_parallel_start=3D"YES"
> >   jail_list=3D"cfm"
> >   jail_cfm_hostname=3D"cfm"
> >   jail_cfm_rootdir=3D"/jails/cfm"
> >   jail_cfm_ip=3D"172.16.1.2"
> >
> > Start the jail with the rc(8) script:
> >
> >   nucleus# sh -x /etc/rc.d/jail start cfm
> >   + . /etc/rc.subr
> >   [...]
> >   + eval '_x=3D"$jail_cfm_ip_multi0"'
> >   + _x=3D''
> >   + break
> >   + echo ' cannot start jail "cfm": '
> >    cannot start jail "cfm":
> >   + tail +2 /tmp/jail.bJIDqW5x/jail.52395
> >   jail: unknown parameter: allow.nomount
> >
> >> Fix:
> > The attached patch fixes it for me.
> >
> >
> > Patch attached with submission follows:
> >
> > Index: usr.sbin/jail/jail.c
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> > --- usr.sbin/jail/jail.c	(revision 232116)
> > +++ usr.sbin/jail/jail.c	(working copy)
> > @@ -84,7 +84,7 @@
> >   	{ "security.jail.chflags_allowed",
> >   	  "allow.nochflags", "allow.chflags" },
> >   	{ "security.jail.mount_allowed",
> > -	  "allow.nomount", "allow.mount" },
> > +	  "allow.mount", "allow.nomount" },
> >   	{ "security.jail.socket_unixiproute_only",
> >   	  "allow.socket_af", "allow.nosocket_af" },
> >   };
> >
> >
> >> Release-Note:
> >> Audit-Trail:
> >> Unformatted:
> > _______________________________________________
> > freebsd-bugs@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
> > To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org"

> Index: lib/libjail/jail.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> --- lib/libjail/jail.c	(revision 232240)
> +++ lib/libjail/jail.c	(working copy)
> @@ -885,36 +885,20 @@
>  		 * the "no" counterpart to a boolean.
>  		 */
>  		nname =3D nononame(jp->jp_name);
> -		if (nname !=3D NULL) {
> -			snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname);
> -			free(nname);
> -			miblen =3D sizeof(mib) - 2 * sizeof(int);
> -			if (sysctl(mib, 2, mib + 2, &miblen, desc.s,
> -			    strlen(desc.s)) >=3D 0) {
> -				mib[1] =3D 4;
> -				desclen =3D sizeof(desc);
> -				if (sysctl(mib, (miblen / sizeof(int)) + 2,
> -				    &desc, &desclen, NULL, 0) < 0) {
> -					snprintf(jail_errmsg,
> -					    JAIL_ERRMSGLEN,
> -					    "sysctl(0.4.%s): %s", desc.s,
> -					    strerror(errno));
> -					return (-1);
> -				}
> -				if ((desc.i & CTLTYPE) =3D=3D CTLTYPE_INT &&
> -				    desc.s[0] =3D=3D 'B') {
> -					jp->jp_ctltype =3D desc.i;
> -					jp->jp_flags |=3D JP_NOBOOL;
> -					jp->jp_valuelen =3D sizeof(int);
> -					return (0);
> -				}
> -			}
> +		if (nname =3D=3D NULL) {
> +		unknown_parameter:
> +			snprintf(jail_errmsg, JAIL_ERRMSGLEN,
> +			    "unknown parameter: %s", jp->jp_name);
> +			errno =3D ENOENT;
> +			return (-1);
>  		}
> -	unknown_parameter:
> -		snprintf(jail_errmsg, JAIL_ERRMSGLEN,
> -		    "unknown parameter: %s", jp->jp_name);
> -		errno =3D ENOENT;
> -		return (-1);
> +		snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname);
> +		free(nname);
> +		miblen =3D sizeof(mib) - 2 * sizeof(int);
> +		if (sysctl(mib, 2, mib + 2, &miblen, desc.s,
> +		    strlen(desc.s)) < 0)
> +			goto unknown_parameter;
> +		jp->jp_flags |=3D JP_NOBOOL;
>  	}
>   mib_desc:
>  	mib[1] =3D 4;
> @@ -925,6 +909,16 @@
>  		    "sysctl(0.4.%s): %s", jp->jp_name, strerror(errno));
>  		return (-1);
>  	}
> +	jp->jp_ctltype =3D desc.i;
> +	/* If this came from removing a "no", it better be a boolean. */
> +	if (jp->jp_flags & JP_NOBOOL) {
> +		if ((desc.i & CTLTYPE) =3D=3D CTLTYPE_INT && desc.s[0] =3D=3D 'B') {
> +			jp->jp_valuelen =3D sizeof(int);
> +			return (0);
> +		}
> +		else if ((desc.i & CTLTYPE) !=3D CTLTYPE_NODE)
> +			goto unknown_parameter;
> +	}
>  	/* See if this is an array type. */
>  	p =3D strchr(desc.s, '\0');
>  	isarray  =3D 0;
> @@ -935,7 +929,6 @@
>  		p[-2] =3D 0;
>  	}
>  	/* Look for types we understand. */
> -	jp->jp_ctltype =3D desc.i;
>  	switch (desc.i & CTLTYPE) {
>  	case CTLTYPE_INT:
>  		if (desc.s[0] =3D=3D 'B')


--IiVenqGWf+H9Y6IX
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)

iQEbBAEBCAAGBQJPTWr4AAoJEFJPDDeguUajSWMH+JsG24+/5+lbw1oxGb3q+u88
0CZrNSb5vazYquo0BprTyKn7CvkOpK8DiAtShF3tt+bnoZdbeGdxlr1Juyh8xX1q
BhXsWZ/4/fEjSvEXwrYCiKh9xGyQUcF9baoEBfmkTa+zVptYEMZR7Rwuza821Kp9
b4LakIqpOVJUmC5f3xSBi+owxyPyPAP8BwaIV0uJv8tXzBxODDpw4ZAJtkS4O+uq
K10Oue9oLQxFQZEAUiX9rMxVltvcUZdwMRNVcsv2dOl0Q24kWaHzlM8YhXQmWBp0
Y+JJV2550QkYMRWiL/bgdTdpmr68+Tw5J9epz/HndAxnSaG57KMsxLAsRF1O6A==
=840n
-----END PGP SIGNATURE-----

--IiVenqGWf+H9Y6IX--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120229000200.GB2326>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact