Date: Tue, 7 Dec 2004 13:05:02 -0800 (PST) From: zenin@rhps.org To: FreeBSD-gnats-submit@FreeBSD.org Cc: zenin@rhps.org Subject: conf/74820: /etc/rc deletes /var/run/log by mistake, problem for syslogd running outside of chroot jails Message-ID: <200412072105.iB7L52FN023718@rhps.org> Resent-Message-ID: <200412072110.iB7LANgU007921@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 74820
>Category: conf
>Synopsis: /etc/rc deletes /var/run/log by mistake, problem for syslogd running outside of chroot jails
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Dec 07 21:10:23 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Zenin
>Release: FreeBSD 4.10-STABLE i386
>Organization:
RHPS.ORG
>Environment:
System: FreeBSD mail.rhps.org 4.10-STABLE FreeBSD 4.10-STABLE #1: Wed Nov 24 15:40:27 PST 2004 root@rhps.org:/usr/src/sys/compile/RHPS i386
>Description:
While special care was taken in the syslogd initialization section of
/etc/rc to refrain from deleting the log socket /var/run/log unless
"syslogd_enable" was set to YES, this effort is for not as /etc/rc then goes
on to run "clean_var" which deletes everything without consideration
including this log socket.
In a standard configuration this doesn't really matter, however when /etc/rc
is started as a jailed virtual system it can be a problem. The FreeBSD
syslogd has a -l option to create additional log socket files explicitly so
they may be placed inside of chroot jail environments. When one attempts to
use this feature of syslogd this minor bug then becomes critical.
Attached is a patch of the changes I made to /etc/rc. It's an ugly kludge,
but it does go the extra mile to do the right thing. Namely it modifies the
"pergedir" function to handle /var/run/log as a special case, IFF two other
conditions are met: syslogd_enable is not YES and we are inside a jailed
environment.
I'm possitive a better solution could be found, but it would likely involve
far more structural changes to /etc/rc. Consider this patch an example; a
cleaner solution should probably be sought for general consumption.
>How-To-Repeat:
Create a standard full jail environment following the directions
outlined in jail(8). Configure the jail's /etc/rc.conf so that
syslogd_enable is set to NO.
Restart the host syslogd with the additional option:
-l /path_to_my_jail/var/run/log
Confirm /path_to_my_jail/var/run/log has been created.
Start the jail as jail(8) describes, eg:
jail /path_to_my_jail/var/run/log testhostname 192.168.11.100 /bin/sh /etc/rc
Note that /path_to_my_jail/var/run/log has been deleted.
>Fix:
--- rc.diff begins here ---
*** /etc/rc Wed Nov 20 03:58:28 2002
--- etc/rc Mon Dec 6 17:05:00 2004
***************
*** 242,248 ****
if [ -d "$file" -a ! -L "$file" ]; then
purgedir "$file"
else
! rm -f -- "$file"
fi
done
)
--- 242,263 ----
if [ -d "$file" -a ! -L "$file" ]; then
purgedir "$file"
else
! # Ugly Kludge to protect /var/run/log when it's created outside (in a jail)
! if [ "$dir" = "/var/run" -a "$file" = "log" ]; then
! # Are we in a jail? -Ed: There must be an easier way to tell?
! if ps -p $$ -o stat | tail -1 | grep 'J'>/dev/null; then
! # If the jail has its own syslogd then ignore all this hubbub
! case ${syslogd_enable} in
! [Yy][Ee][Ss])
! # do *NOT* delete /var/run/log unless *this*
! # jail is going to be running syslog.
! rm -f -- "$file"
! ;;
! esac
! fi
! else
! rm -f -- "$file"
! fi
fi
done
)
--- rc.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412072105.iB7L52FN023718>