Date: Mon, 11 Sep 2006 23:08:38 GMT From: Chris Cowart <ccowart@rescomp.berkeley.edu> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/103168: isc-dhcpd.sh jail options break stop and status commands Message-ID: <200609112308.k8BN8cxW011597@www.freebsd.org> Resent-Message-ID: <200609112310.k8BNAK0c040658@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 103168 >Category: ports >Synopsis: isc-dhcpd.sh jail options break stop and status commands >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Sep 11 23:10:20 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Chris Cowart >Release: 6_1_REL >Organization: Residential Computing, UC Berkeley >Environment: FreeBSD new-jayna.rescomp.berkeley.edu 6.1-RELEASE-p3 FreeBSD 6.1-RELEASE-p3 #0: Tue Aug 8 14:40:51 PDT 2006 root@new-jayna.rescomp.berkeley.edu:/usr/obj/usr/src/sys/RCBSD_1 i386 >Description: The port for isc-dhcp3-server has config options for enabling FreeBSD process jails. Basically, through a series of command line arguments that are generated by the isc-dhcpd.sh script, the chroot is auto-generated when you start the service and dhcpd makes the syscall to jail itself. This is actually really nifty and makes the process of running dhcpd in a thin jail brainless. The problem happens when I run "isc-dhcpd.sh stop": dhcpd not running? (check /var/jails/dhcpd/var/run/dhcpd/dhcpd.pid). Well, I know better. dhcpd is clearly running with the pid indicated in the pid file. After investigating /etc/rc.subr, I've determined the cause (where $JID is the jid of the running rc script and $_jid is the jid of the process, determined by ps output): if [ "$JID" -eq "$_jid" ]; This prevents me from using the rc script outside the jail to stop the jail'd dhcpd process. /etc/rc.subr is making a false assumption that people won't want to be controlling jailed services via rc scripts on the host machine. >How-To-Repeat: In /etc/rc.conf: dhcpd_enable="YES" dhcpd_flags="-q" dhcpd_conf="/usr/local/etc/dhcpd.conf" dhcpd_includedir="/usr/local/etc/dhcpd.d" dhcpd_withumask="022" dhcpd_chuser_enable="YES" dhcpd_withuser="dhcpd" dhcpd_withgroup="dhcpd" dhcpd_devfs_enable="YES" dhcpd_rootdir="/var/jails/dhcpd" dhcpd_chroot_enable="YES" dhcpd_jail_enable="YES" dhcpd_hostname="dhcp.example.com" dhcpd_ipaddress="10.0.0.10" Start dhcpd: $ sudo /usr/local/etc/rc.d/isc-dhcpd.sh start Starting dhcpd. Try: $ sudo /usr/local/etc/rc.d/isc-dhcpd.sh stop dhcpd not running? (check /var/jails/dhcpd/var/run/dhcpd/dhcpd.pid). But: $ ps auxwww | grep dhcpd dhcpd 11950 0.0 1.4 14940 14140 ?? SsJ 3:58PM 0:00.00 /usr/local/sbin/dhcpd -q -cf /usr/local/etc/dhcpd.conf -lf /var/db/dhcpd/dhcpd.leases -pf /var/run/dhcpd/dhcpd.pid -user dhcpd -group dhcpd -chroot /var/jails/dhcpd -jail dhcp.example.com 10.0.0.10 >Fix: Override JID in isc-dhcpd.sh: diff -rub isc-dhcp3-server.orig/files/isc-dhcpd.sh.sample isc-dhcp3-server/files/isc-dhcpd.sh.sample --- isc-dhcp3-server.orig/files/isc-dhcpd.sh.sample Mon Sep 11 15:50:16 2006 +++ isc-dhcp3-server/files/isc-dhcpd.sh.sample Mon Sep 11 15:51:37 2006 @@ -719,4 +719,11 @@ uninstall_cmd=dhcpd_uninstall extra_commands="install uninstall" +# Override /etc/rc.subr JID determiniation, because it doesn't +# work when we launch dhcpd in a jail. +if checkyesno dhcpd_jail_enable ; then + read pid junk < $pidfile 2>/dev/null + [ -n "$pid" ] && JID=`ps -o jid= -p $pid` +fi + run_rc_command "$1" >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609112308.k8BN8cxW011597>