From owner-freebsd-stable@FreeBSD.ORG Tue Dec 19 19:41:16 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6833816A412 for ; Tue, 19 Dec 2006 19:41:16 +0000 (UTC) (envelope-from rabe@p-i-n.com) Received: from dns.p-i-n.com (atropos.p-i-n.com [145.253.185.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id A52D643CA6 for ; Tue, 19 Dec 2006 19:41:15 +0000 (GMT) (envelope-from rabe@p-i-n.com) Received: from p-i-n.com (pinserv2.p-i-n.com [10.101.240.52]) by dns.p-i-n.com (8.12.9p2/8.12.9) with ESMTP id kBJ0Y1tp024145 for ; Tue, 19 Dec 2006 01:34:01 +0100 (CET) (envelope-from rabe@p-i-n.com) Received: from pinserv2.p-i-n.com (localhost.p-i-n.com [127.0.0.1]) by p-i-n.com (8.13.6/8.13.6) with ESMTP id kBJ0Y1db024714 for ; Tue, 19 Dec 2006 01:34:01 +0100 (CET) (envelope-from rabe@pinserv2.p-i-n.com) Received: (from rabe@localhost) by pinserv2.p-i-n.com (8.13.6/8.13.6/Submit) id kBJ0Y11X024713 for freebsd-stable@freebsd.org; Tue, 19 Dec 2006 01:34:01 +0100 (CET) (envelope-from rabe) Date: Tue, 19 Dec 2006 01:34:01 +0100 From: "Raphael H. Becker" To: freebsd-stable@freebsd.org Message-ID: <20061219003401.GA23251@p-i-n.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.2i Organization: PHOENIX Pharmahandel AG & Co KG, Mannheim, Deutschland Subject: /etc/rc.d/jail: losing IPs if jail_x_interface set and syntax error in jails /etc/rc? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Dec 2006 19:41:16 -0000 Hi *, I recently triggered an error when setting up a jail-host: I configured the jail(s) like evry jail I set up in the past: On the jail-hosts /etc/rc.conf: # ---- Jail-Globals ---- jail_enable="YES" # Set to NO to disable starting of any jails jail_list="ftp mx1 relay" # Space separated list of names of jails jail_set_hostname_allow="NO" # Allow root user in a jail to change its hostname jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail jail_sysvipc_allow="NO" # allow SystemV IPC use from within a jail # ---- Jail-Defaults ---- jail_interface="fxp0" jail_devfs_enable="YES" # mount devfs in the jail jail_fdescfs_enable="YES" # mount fdescfs in the jail jail_procfs_enable="YES" # mount procfs in jail jail_mount_enable="NO" # mount/umount jail's fs [...] # ---- ftp jail_ftp_rootdir="/data/jails/ftp.XXX.YYY.com" jail_ftp_ip="62.xxx.yyy.133" jail_ftp_hostname="ftp.XXX.YYY.com" This works well on other systems. Starting the ftp-Jail using /etc/rc.d/jail start ftp the system went "offline", ifconfig showed this: fxp0: flags=8843 mtu 1500 options=8 inet 62.xxx.yyy.133 netmask 0xffffffff broadcast 62.xxx.yyy.133 ether 00:06:5b:04:54:69 media: Ethernet autoselect (100baseTX ) status: active Bad thing. The primary IP of the Host and any other IPs on fxp0 got lost, just the jails IP/32 (alias) was left. On normal state ifconfig looks like this with some jails running: fxp0: flags=8843 mtu 1500 options=8 inet 62.xxx.yyy.150 netmask 0xffffff00 broadcast 62.xxx.yyy.255 inet 62.xxx.yyy.133 netmask 0xffffffff broadcast 62.xxx.yyy.133 inet 62.xxx.yyy.131 netmask 0xffffffff broadcast 62.xxx.yyy.131 inet 62.xxx.yyy.132 netmask 0xffffffff broadcast 62.xxx.yyy.132 ether 00:06:5b:04:54:69 media: Ethernet autoselect (100baseTX ) status: active It turned out, that a syntax error in the jails /etc/rc.conf (missing quote) break the jai-Host?!? Can anyone confirm this? If a jails rc.conf can break a jail host like this, this might be a serious problem for systems with "untrusted" ~root in the jails and should be fixed in 6.2. Regards Raphael Becker PS: System ist 6.2-RC1 # $FreeBSD: src/etc/rc.d/jail,v 1.23.2.7 2006/06/06 15:04:39 flz Exp $