From owner-freebsd-bugs@FreeBSD.ORG  Sun Feb 17 13:20:02 2008
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ACBC116A420
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 17 Feb 2008 13:20:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 8E54E13C46E
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 17 Feb 2008 13:20:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m1HDK2Hu023464
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 17 Feb 2008 13:20:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m1HDK2EN023463;
	Sun, 17 Feb 2008 13:20:02 GMT (envelope-from gnats)
Resent-Date: Sun, 17 Feb 2008 13:20:02 GMT
Resent-Message-Id: <200802171320.m1HDK2EN023463@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Piotr Koper <piotr.koper@gmail.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 15C1616A41A
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sun, 17 Feb 2008 13:11:40 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 0697913C45E
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sun, 17 Feb 2008 13:11:40 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m1HD9Egx008652
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 17 Feb 2008 13:09:14 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m1HD9EXK008651;
	Sun, 17 Feb 2008 13:09:14 GMT (envelope-from nobody)
Message-Id: <200802171309.m1HD9EXK008651@www.freebsd.org>
Date: Sun, 17 Feb 2008 13:09:14 GMT
From: Piotr Koper <piotr.koper@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: kern/120753: Zombie jails (jailed child process exits while
	non-jailed parent is alive)
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Feb 2008 13:20:02 -0000


>Number:         120753
>Category:       kern
>Synopsis:       Zombie jails (jailed child process exits while non-jailed parent is alive)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 17 13:20:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Piotr Koper
>Release:        6.2-RELEASE, 6.3-RELEASE
>Organization:
>Environment:
FreeBSD node01 6.3-RELEASE FreeBSD 6.3-RELEASE #7: Sun Feb  3 03:56:47 CET 2008     root@node01:/usr/obj/usr/src/sys/NODE  i386

>Description:
1. fork ()
2. child: jail (...)
3. child: execv (...)
4. parent: sleep (...)

So, when parent sleeps, child has already died, but:

$ ps auxw | grep J
root          21566  0.0  0.0     0     0  p2  ZJ    1:53PM   0:00.00 <defunct>
$ jls
   JID  IP Address      Hostname                      Path
     7  127.0.0.1       jail-fork                     /
$

When the parent exits, the jail disappears.

$ jls
$

But when you double fork the jail disappears as soon as the child process dies:
1. fork ()
2. child: fork ()
3. child: parent: exit ()
4. child: child: jail (...)
5. child: child: execv (...)
6. parent: sleep (10)

$ jls
$

See "How to repeat".
>How-To-Repeat:
Compile the code bellow and try two scenario:

1. $ ./jail-fork & sleep 1 ; jls ; ps auxw | grep J
2. $ ./jail-fork double-fork & sleep 1 ; jls ; ps auxw | grep J

For 1: you sees:
root          24113  0.0  0.0     0     0  p2  ZJ    2:06PM   0:00.00 <defunct>

For 2: everything is ok - no zombie process

<!-- file:jail-fork.c --!>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/jail.h>
#include <unistd.h>

int
main (int argc, char *argv[])
{
        struct in_addr in;
        struct jail j;
        char *j_argv[] = { "/bin/ls", "/COPYRIGHT" };

        j.version = 0;
        j.path = "/";
        j.hostname = "jail-fork";

        if (inet_aton ("127.0.0.1", &in) == 0)
                perror ("inet_addr");

        j.ip_number = ntohl (in.s_addr);

        /* Just fork, we'd like to create a background jailed process. */
        if (fork () == 0)
        {
                /* Fork again if additional arguments supplied */
                if (argc > 1 && fork () > 0)
                                exit (0);

                if (jail (&j) < 0)
                        perror ("jail");

                execv (j_argv[0], j_argv);
                perror ("execv");
        }

        sleep (3);

        return 0;
}

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted: