From owner-freebsd-jail@FreeBSD.ORG Fri May 8 21:07:32 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6401D106564A for ; Fri, 8 May 2009 21:07:32 +0000 (UTC) (envelope-from seklecki@noc.cfi.pgh.pa.us) Received: from drpmx.lab02.pitbpa0.pub.collaborativefusion.com (drpmx.lab02.pitbpa0.pub.collaborativefusion.com [206.210.89.232]) by mx1.freebsd.org (Postfix) with ESMTP id 26D128FC1B for ; Fri, 8 May 2009 21:07:32 +0000 (UTC) (envelope-from seklecki@noc.cfi.pgh.pa.us) DomainKey-Signature: a=rsa-sha1; c=nofws; d=noc.cfi.pgh.pa.us; h=subject:from:to:date:message-id:mime-version:content-type:content-transfer-encoding; q=dns; s=dk_selector; b=aPNeWJ0tg1aV9omAaBJlxox/cdfDPw9G43CNMJ6+qGdNft4I2nJhU9H8EDt1p0tEUgw3yxcHNX//9X9HIL9twK4foObPltSbuTHbDasgyRrqQ4HVQWytJFusaifXcmnm DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=noc.cfi.pgh.pa.us; h=subject:from:to:date:message-id:mime-version:content-type:content-transfer-encoding; s=dkim_selector; bh=dl9sPkPwEiyaaCh65Dgs+oHW9Ic=; b=O6xbjFZzlIAUsndXJRuT01txHE2ToEPOheWWiBzJhsSa9KyqkaqgR2nyTbvgqR8CPu7hjZ352GZaY78H2Q6GwN07YC1Ih/jqHfLgb++DSdWKp86dUVgr4UNOT21ifHEm Received: from [192.168.2.161] (soundwave.ws.pitbpa0.priv.collaborativefusion.com [::ffff:192.168.2.161]) (AUTH: LOGIN seklecki, TLS: TLSv1/SSLv3,256bits,CAMELLIA256-SHA) by wingspan with esmtp; Fri, 08 May 2009 17:02:30 -0400 id 0018CC0D.000000004A049DE6.000008E1 From: "Brian A. Seklecki" To: freebsd-jail Date: Fri, 08 May 2009 17:02:22 -0400 Message-Id: <1241816542.2053.217.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Mailer: Evolution 2.24.5 (2.24.5-1.fc10) Cc: Subject: bind()/sendto() behavior in RELENG_7 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 May 2009 21:07:32 -0000 All: Did the behavior of bind()/sendto() functions WRT jails change in proximity to the RELENG_7_2 branch? I just spent 1.5 days chasing, what I thought was a bug in Courier-MTA's IPv6 socket selection code within Jails, to realize a paradox of a configuration scenario: My ESTMP client libraries in Courier were programed to explicitly bind() to a specific source address. The system in question was RELENG_7 from last month; but was upgraded to 7.2-R last week, when this problem was observed. After which, I began to receive: "Can't assign requested address", as expected. Unfortunately, we also enabled IPv6 on the system at the same time, complicating troubleshooting. The configuration for Courier in the jail is being rsync(1)'d every hour from a production environment (where explicit binding for System-Service abstraction is a security policy requirement) to a DRP system within a Jail. So as far as I know, the explicit bind was always present in the DRP jail and in theory, should never have worked. I hypothesize that after 7.2-R was installed, the correct behavior of bind() began to occur, and that prior to that, it was gracefully allowing Courier to bind() to an IP that wasn't present in the jail. Unfortunately, I don't have any records of what the RELENG_7 build date was of the original jail environment to test this hypothesis. ~BAS