From owner-freebsd-bugs@FreeBSD.ORG Sun Feb 1 08:42:45 2015 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A14609BC for ; Sun, 1 Feb 2015 08:42:45 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 821578CF for ; Sun, 1 Feb 2015 08:42:45 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t118gj2o022910 for ; Sun, 1 Feb 2015 08:42:45 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 197237] Jail mount ordering in FreeBSD 10 break ezjail image/crypto jails Date: Sun, 01 Feb 2015 08:42:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: freebsd-bugs@joe.mulloy.me X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Feb 2015 08:42:45 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197237 Bug ID: 197237 Summary: Jail mount ordering in FreeBSD 10 break ezjail image/crypto jails Product: Base System Version: 10.1-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: freebsd-bugs@joe.mulloy.me The changes to jail and the jail rc script between 9 and 10 break ezjail image jails. Ezjail specifies the jailroot in an fstab file under /etc/fstab.jailname. The issue is that when the rc script autocreates /var/run/jail.jailname.conf it adds an entry to the mount parameter for procfs. The order that the jail command processes mounts is to mount things in the mounts config parameter first and them mount from fstab. When the root is in fstab this causes jail to try to mount proc before the root has been mounted, so mount returns an error because the directory ${jailroot}/proc does not exist. ezjail should probably be updated to create jail config files on 10+, however there is still an ordering issue if a user puts a mount in the config that is under a directory that is mounted in fstab. The ordering issue occurs in /usr/src/usr.sbin/jail/jail.c. The issue is that IP_MOUNT comes before IP__MOUNT_FROM_FSTAB. Of course reordering this would just break things in the opposite direction, so there would be an issue if a mount in fstab was under a mount that is in the config. # /usr/src/usr.sbin/jail/jail.c static const enum intparam startcommands[] = { IP__NULL, #ifdef INET IP__IP4_IFADDR, #endif #ifdef INET6 IP__IP6_IFADDR, #endif IP_MOUNT, IP__MOUNT_FROM_FSTAB, IP_MOUNT_DEVFS, IP_MOUNT_FDESCFS, IP_EXEC_PRESTART, IP__OP, IP_VNET_INTERFACE, IP_EXEC_START, IP_COMMAND, IP_EXEC_POSTSTART, IP__NULL }; # cat /var/run/jail.test3.conf # Generated by rc.d/jail at 2015-02-01 08:14:07 test3 { host.hostname = "test3"; path = "/usr/jails/test3"; ip4.addr += "10.2.1.152/32"; allow.raw_sockets = 0; exec.clean; exec.system_user = "root"; exec.jail_user = "root"; exec.start += "/bin/sh /etc/rc"; exec.stop = ""; exec.consolelog = "/var/log/jail_test3_console.log"; mount.fstab = "/etc/fstab.test3"; mount.devfs; mount.fdescfs; mount += "procfs /usr/jails/test3/proc procfs rw 0 0"; allow.mount; allow.set_hostname = 0; allow.sysvipc = 0; } # cat /etc/fstab.test3 /usr/jails/test3.device /usr/jails/test3 ufs rw 0 0 /usr/jails/basejail /usr/jails/test3/basejail nullfs ro 0 0 -- You are receiving this mail because: You are the assignee for the bug.