From owner-freebsd-hackers@FreeBSD.ORG Mon Sep 11 20:05:14 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B684816A494 for ; Mon, 11 Sep 2006 20:05:14 +0000 (UTC) (envelope-from ccowart@hal.rescomp.berkeley.edu) Received: from rescomp.berkeley.edu (keyserver.Rescomp.Berkeley.EDU [169.229.70.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE4B743D73 for ; Mon, 11 Sep 2006 20:05:09 +0000 (GMT) (envelope-from ccowart@hal.rescomp.berkeley.edu) Received: by rescomp.berkeley.edu (Postfix, from userid 1225) id CEB285B772; Mon, 11 Sep 2006 13:05:09 -0700 (PDT) Date: Mon, 11 Sep 2006 13:05:09 -0700 From: Christopher Cowart To: freebsd-hackers@freebsd.org Message-ID: <20060911200509.GA19465@rescomp.berkeley.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="opJtzjQTFsWo+cga" Content-Disposition: inline User-Agent: Mutt/1.5.9i Subject: Problems with isc-dhcpd.sh rc script and jails X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Sep 2006 20:05:14 -0000 --opJtzjQTFsWo+cga Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, I posted to questions last week, but have not received any responses.=20 =09 The port for isc-dhcp3-server has config options for enabling FreeBSD process jails. Basically, through a series of command line arguments that are generated by the isc-dhcpd.sh script, the chroot is auto-generated when you start the service and dhcpd makes the syscall to jail itself. This is actually really nifty and makes the process of running dhcpd in a thin jail brainless. The problem happens when I run "isc-dhcpd.sh stop":=20 dhcpd not running? (check /var/jails/dhcpd/var/run/dhcpd/dhcpd.pid). Well, I know better. dhcpd is clearly running with the pid indicated in the pid file. After investigating /etc/rc.subr, I've determined the cause (where $JID is the jid of the running rc script and $_jid is the jid of the process, determined by ps output): if [ "$JID" -eq "$_jid" ]; This prevents me from using the rc script outside the jail to stop the jail'd dhcpd process. /etc/rc.subr is making a false assumption that people won't want to be controlling jailed services via rc scripts on the host machine. My question is how do I get around this? I'd prefer not to hack rc.subr unless it's a community-useable patch that can be incorporated back into the official sources. One option would be to allow rc scripts to set some sort of "CHECK_JAILS" variable and to implement the necessary logic to handle it in rc.subr. Is there a better solution? --=20 Chris Cowart Unix Systems Administrator Residential Computing, UC Berkeley "May all your pushes be popped" --opJtzjQTFsWo+cga Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFFBcF1V3SOqjnqPh0RAiL5AJ4hYveezS6vModuRp/b7SPJrP4NgwCfZ6rK YsJtdKxqKcxBcadbB5ClOXU= =utgz -----END PGP SIGNATURE----- --opJtzjQTFsWo+cga--