From owner-svn-src-all@FreeBSD.ORG Tue Oct 15 03:31:24 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 38324A42 for ; Tue, 15 Oct 2013 03:31:24 +0000 (UTC) (envelope-from peter@wemm.org) Received: from mail-pb0-x22e.google.com (mail-pb0-x22e.google.com [IPv6:2607:f8b0:400e:c01::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D9F0F2BD6 for ; Tue, 15 Oct 2013 03:31:23 +0000 (UTC) Received: by mail-pb0-f46.google.com with SMTP id rq2so8125170pbb.5 for ; Mon, 14 Oct 2013 20:31:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wemm.org; s=google; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type; bh=kLTJT/8uMwonJWkAF/oJHvLwmoCiSKm6ANdv0cDDcCw=; b=xLjIBYRELKfBv30MwHHw2/WMqaesTthN2XD7CLe707ndilKrzYs0Ke93XeIi8k0x8d In1hlU/UzOGFIp/rtg5mXQptj8SLOTbldPw69HWmKTChtjp6bQUBWBhV6sv32grtkc93 OtZ2Y1XHCPAcDkrUNcK0fO0jVZbtPQ1HKq1IU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:organization:user-agent :mime-version:to:cc:subject:references:in-reply-to:content-type; bh=kLTJT/8uMwonJWkAF/oJHvLwmoCiSKm6ANdv0cDDcCw=; b=T8efX55YjZ5JbW8woeTPASZj0s8cE9KiSeqsPwusW4YY54Vc9WPDh0pHSNQDiCnMyK aLVVG8yUIu0m/2Cdrq6kSEFM1ilzzP1zc6TbwJtmingmMCMoK8ZKMCqa6EFNn5HRAMMH fyQv+6DmKMid72NUFGiN4gOeLzrTF186163pCjhSbUDDcUVTf5ywWF4hrO/0br3wDFCg TLst/mAHqfVTVgKOuMLZDn6vU2R0KVJqjZC490KIeDF+gE/rkAJtvApgwG6f1XJ0A/MA BS5B8BHk/d9Cg5UPFqExqchPTDPCeyQEeBRz2ZwceNHUF+U9IgSblF61Ja0G9IKz7CDQ 5e9w== X-Gm-Message-State: ALoCoQkt8YmjtQqrUlXNtSXSkNz1+CiihOGa/YNXYE6sLbwZOKQl93eez9RXkaMj0U/f852aRwak X-Received: by 10.68.29.36 with SMTP id g4mr6177627pbh.145.1381807883322; Mon, 14 Oct 2013 20:31:23 -0700 (PDT) Received: from hackintosh.wemm.org ([2601:9:e80:d1:1dd7:6aa:9493:32f2]) by mx.google.com with ESMTPSA id 7sm95202442paf.22.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 14 Oct 2013 20:31:20 -0700 (PDT) Message-ID: <525CB6E8.9080407@wemm.org> Date: Mon, 14 Oct 2013 20:30:48 -0700 From: Peter Wemm Organization: World Domination in progress. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0.1 MIME-Version: 1.0 To: Gavin Atkinson , Hiroki Sato Subject: Re: svn commit: r256256 - in head: . etc etc/defaults etc/rc.d share/man/man5 usr.sbin/jail References: <201310100932.r9A9WS0H013645@svn.freebsd.org> <04E9979E-1D97-4AA2-A7AE-F9D8457B3599@FreeBSD.org> <20131012.015639.236155929172394900.hrs@allbsd.org> In-Reply-To: X-Enigmail-Version: 1.5.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="A5NJVowUaQcq8i7Ga1b12WTCGcMNUO3oO" Cc: svn-src-head@FreeBSD.org, remko@FreeBSD.org, src-committers@FreeBSD.org, svn-src-all@FreeBSD.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Oct 2013 03:31:24 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --A5NJVowUaQcq8i7Ga1b12WTCGcMNUO3oO Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 10/14/13 11:45 AM, Gavin Atkinson wrote: > On Sat, 12 Oct 2013, Hiroki Sato wrote: >> Remko Lodder wrote >> in <04E9979E-1D97-4AA2-A7AE-F9D8457B3599@FreeBSD.org>: >> >> re> Hi Hiroki, >> re> >> re> On Oct 10, 2013, at 11:32 AM, Hiroki Sato wrote:= >> re> >> re> > Author: hrs >> re> > Date: Thu Oct 10 09:32:27 2013 >> re> > New Revision: 256256 >> re> > URL: http://svnweb.freebsd.org/changeset/base/256256 >> re> > >> re> > Log: >> re> > - Update rc.d/jail to use a jail(8) configuration file instead = of >> re> > command line options. The "jail__*" rc.conf(5) variab= les for >> re> > per-jail configuration are automatically converted to >> re> > /var/run/jail..conf before the jail(8) utility is invo= ked. >> re> > This is transparently backward compatible. >> re> > >> re> > - Fix a minor bug in jail(8) which prevented it from returning = false >> re> > when jail -r failed. >> re> > >> re> >> re> Thanks for doing such a massive update. However it seems to break = the >> re> ezjail utility. >> re> My jails didn't restart after I upgraded to the most recent -head >> re> version >=20 > I'm also seeing issues with ezjail - in my case, the jails do start up = > properly, but ezjail doesn't believe that they have. >=20 >> re> FreeBSD nakur.elvandar.org 10.0-ALPHA6 FreeBSD 10.0-ALPHA6 #7 r256= 311: >> re> Fri Oct 11 13:27:54 CEST 2013 >> re> root@nakur.elvandar.org:/usr/obj/usr/src/sys/NAKUR amd64 >> re> >> re> If I replace this with an older version, the utility starts and >> re> complains about certain things not being done properly. The >> re> system does not mount devfs nodes anylonger and thus is basically = out >> re> of function. >> re> >> re> I was not expecting this much fallout from this change, others tha= t >> re> will be upgrading will loose the ability to start their jails unti= l >> re> they can >> re> resolve this by hand. >> >> Can you send me your ezjail configuration and differences of the >> results (error messages, mount handling, etc) between old and new >> rc.d/jail? >=20 > The issue for me is that the /var/run/jail_${jailname}.id files are no = > longer created, which ezzjail uses to keep track of jail state. >=20 > As a temporary workaround, for each jail I have on the host done > echo $jail_id > /var/run/jail_${jailname}.id > and this allows me to manage that jail again from within ezjail. >=20 > Gavin >=20 It's actually far worse than I thought. Given: # grep jail /etc/rc.conf jail_interface=3D"bge0" ezjail_enable=3D"YES" =2E.. export jail_sab_ip=3D"lo1|127.0.1.73,192.203.228.73,2001:470:67:39d::73" we end up with: # ifconfig bge0 | grep 73 inet 127.0.1.73 netmask 0xffffffff broadcast 127.0.1.73 inet 192.203.228.73 netmask 0xffffffff broadcast 192.203.228.73 inet6 2001:470:67:39d::73 prefixlen 64 Note how they're all on bge0 and the lo1|127.x is ignored. There's some other problems I haven't pinned down yet. Something has changed radically with source address selection and some standard setups from 7.x through 10.x (as of a few months ago) don't work anymore. I haven't yet figured out how to do the per-jail lo1|127.x thing in the new= scheme even with an old rc.d/jail - anything attempting to bind to localh= ost gets remapped to the public, fully exposed address. I'm still looking. --=20 Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6F= JV --A5NJVowUaQcq8i7Ga1b12WTCGcMNUO3oO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJctu4ACgkQFRKuUnJ3cX+V1gCeNsVP5oL5P7GvHfY6admCs7mE it4AnimbXbzFIZtXhMvHtKVQqvHaWpiL =Dueo -----END PGP SIGNATURE----- --A5NJVowUaQcq8i7Ga1b12WTCGcMNUO3oO--