Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 27 Jul 2007 17:12:34 +1000
From:      Joel Hatton <freebsd-stable@auscert.org.au>
To:        freebsd-stable@freebsd.org
Cc:        freebsd-security@freebsd.org, Mark Andrews <Mark_Andrews@isc.org>, Philipp Wuensche <cryx-freebsd@h3q.com>
Subject:   Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail 
Message-ID:  <200707270712.l6R7CYs4064783@app.auscert.org.au>
In-Reply-To: Message from Philipp Wuensche <cryx-freebsd@h3q.com>  of "Fri, 12 Jan 2007 04:40:59 %2B0100." <45A7034B.3070002@h3q.com> 

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

I'm dredging up an old issue here, but it appears to be unresolved in
RELENG_5_5 at this time. After upgrading to 5.5-RELEASE-p14, I found that
my jails wouldn't start anymore, and it comes down to this bit again. By
way of explanation, I'll include the patch for what I changed.

--- /tmp/jail   Wed Feb 14 15:16:30 2007
+++ /etc/rc.d/jail      Fri Jul 27 13:46:51 2007
@@ -218,7 +218,7 @@
 {
        local _device _mountpt _rest
 
-       while read _device _mountpt _rest; do
+       cat ${jail_fstab} | while read _device _mountpt _rest; do
                case ":${_device}" in
                :#* | :)
                        continue

In short, the jail_mount_fstab function is not given the fstab file on
which the local variables depend. My patch may not be the most robust but
for me today it is expedient.

Sorry if this has been discussed already, but I was surprised that this
hadn't been fixed yet. It certainly would have caused some anxious moments
if I'd upgraded a prod server with multiple jails before I realised!

cheers,
joel

On Fri, 12 Jan 2007 04:40:59 +0100, Philipp Wuensche wrote:
>Mark Andrews wrote:
>>> I'm not sure I understand that quite correct, where is this problem
>>> appearing?
>>>
>>> Other things:
>>>
>>> tail is used in line 230: tail -r ${_fstab} | while read _device
>>> _mountpt _rest; do
>>>
>>> If the per-jail fstab is larger than 10 lines, which is the default of
>>> tail to show, the remaining mountpoints will not be unmounted?
>> 
>> 	The default for the -r option is to display all of the input.
>
>Ah, didn't know that. Thanks for correcting me there.
>
>greetings,
>philipp



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707270712.l6R7CYs4064783>