From owner-freebsd-jail@freebsd.org Tue Nov 1 13:23:09 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B1729C27608 for ; Tue, 1 Nov 2016 13:23:09 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [199.192.165.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.gritton.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8F5211F48 for ; Tue, 1 Nov 2016 13:23:08 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [199.192.165.131]) by gritton.org (8.15.2/8.15.2) with ESMTPS id uA1DN243086183 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 1 Nov 2016 07:23:02 -0600 (MDT) (envelope-from jamie@freebsd.org) Received: (from www@localhost) by gritton.org (8.15.2/8.15.2/Submit) id uA1DN2bj086182; Tue, 1 Nov 2016 07:23:02 -0600 (MDT) (envelope-from jamie@freebsd.org) X-Authentication-Warning: gritton.org: www set sender to jamie@freebsd.org using -f To: freebsd-jail@freebsd.org Subject: Re: Jail fails to unmount a directory X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Tue, 01 Nov 2016 07:23:02 -0600 From: James Gritton Cc: io7m+org.freebsd.jail@io7m.com In-Reply-To: <20161031170602.70b7d325@copperhead.int.arc7.info> References: <20161031170602.70b7d325@copperhead.int.arc7.info> Message-ID: <38220456b858bee467021d495d4ec49b@gritton.org> X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.2.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Nov 2016 13:23:09 -0000 On 2016-10-31 11:06, io7m+org.freebsd.jail@io7m.com wrote: > Hello. > > I have an incredibly trivial jail setup: > > /usr/jail/com.example.service0 is the root of the jail. > /usr/jail/com.example.service0/base is an empty directory. > /usr/jail/base is a directory containing binaries. > > I use the following jail configuration: > > com_example_service0 > { > exec.start = "/bin/sh"; > host.hostname = com.example.service0; > interface = em0; > ip4.addr = 127.0.0.2; > mount.fstab = /usr/jail/com.example.service0.fstab; > path = /usr/jail/com.example.service0; > } > > The /usr/jail/com.example.service0.fstab contains a single line: > > /usr/jail/base /usr/jail/com.example.service0/base nullfs ro,noauto 0 0 > > I start the jail: > > host# jail -v -f com.example.service0.conf -c com_example_service0 > com_example_service0: run command: /sbin/ifconfig em0 inet 127.0.0.2 > netmask 255.255.255.255 alias > com_example_service0: run command: /sbin/mount -t nullfs -o ro,noauto > /usr/jail/base /usr/jail/com.example.service0/base > com_example_service0: jail_set(JAIL_CREATE) persist > name=com_example_service0 host.hostname=com.example.service0 > ip4.addr=127.0.0.2 path=/usr/jail/com.example.service0 > com_example_service0: created > com_example_service0: run command in jail: /bin/sh > # exit > com_example_service0: jail_set(JAIL_UPDATE) jid=13 nopersist > host# > > The jail is gone: > > host# jls > JID IP Address Hostname Path > > However: > > host# df -h | grep service0 > # df -h > Filesystem Size Used Avail Capacity > Mounted on > zroot/ROOT/default 13G 475M 13G 4% / > devfs 1.0K 1.0K 0B 100% /dev > zroot/tmp 13G 108K 13G 0% /tmp > zroot/usr/home 13G 136K 13G 0% > /usr/home > zroot/usr/ports 13G 96K 13G 0% > /usr/ports > zroot/usr/src 13G 96K 13G 0% > /usr/src > zroot/var/audit 13G 96K 13G 0% > /var/audit > zroot/var/crash 13G 96K 13G 0% > /var/crash > zroot/var/log 13G 148K 13G 0% > /var/log > zroot/var/mail 13G 96K 13G 0% > /var/mail > zroot/var/tmp 13G 96K 13G 0% > /var/tmp > zroot 13G 96K 13G 0% > /zroot > zroot/jail 13G 249M 13G 2% > /usr/jail > zroot/jail/com.example.service0 13G 4.0M 13G 0% > /usr/jail/com.example.service0 > /usr/jail/base 13G 249M 13G 2% > /usr/jail/com.example.service0/base > > .. the /usr/jail/com.example.service0/base directory was not unmounted. > > What do I need to do to get the directory to be correctly unmounted > when the jail ceases to exist? There are two different conditions for a jail ceasing to exist. When the jail is removed, i.e. with "jail -r", it will unmount directories and clear IP address etc. But if the jail just goes away on its own, jail(8) won't (often can't) do any of those things. Your case is an example of a jail just "going away". A jail exists as long as there's a process (or occasionally something else) attached to it, or if it's marked "persist". Generally, your exec.start script is expected to run some background server or other; perhaps a single service process, or often a regular rc setup with at least syslogd and cron running. But at least in this test setup you gave here, the exec.start is just a single shell that then ends with nothing left behind. Then when jail(8) takes off the temporary persist flag (which was there so all its programs could run), there's nothing left to keep the jail alive, and it silently goes away. If your jail is truly meant to exist without attached processes, you'll want to add the "persist" parameter to is definition. - Jamie