conf/141678: A minor enhancement to how /etc/rc.d/jail determines mount points used in jails

Wed Dec 16 04:40:01 PST 2009

>Number:         141678
>Category:       conf
>Synopsis:       A minor enhancement to how /etc/rc.d/jail determines mount points used in jails
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Dec 16 12:40:00 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Markiyan Kushnir
>Release:        8.0-STABLE
>Organization:
Lohika Systems
>Environment:
FreeBSD localhost 8.0-STABLE FreeBSD 8.0-STABLE #2: Fri Dec 11 00:54:35 EET 2009     root at localhost:/usr/obj/usr/src/sys/MAREK  i386

>Description:
As a part of jail cleanup the /etc/rc.d/jail script performs un-mount of the configured mount points, such as dev, fdesc, proc, as well as those in the jail's fstab file. To safely umount the mount point, it first checks if it is really a mount point, calling is_current_mountpoint(). This function performs rather naive path normalization, which fails if there are "/./" present in the mount point path. It can occur if, for example, the fstab file if automatically generated. Such paths are, however, perfectly valid input to the mount(8).

Please consider a little bit advanced version of the path normalization, which I propose to put in the rc.subr.
>How-To-Repeat:
One might have the following fstab:

/data/test-release/R/stage/trees/base/bin  /usr/jails/M/./bin  nullfs ro 0 0
/data/test-release/R/stage/trees/base/boot /usr/jails/M/./boot nullfs ro 0 0

>Fix:
Please see the patch attached.

Patch attached with submission follows:

--- etc/rc.subr	2009-12-16 12:46:34.000000000 +0200
+++ etc/rc.subr.mkushnir	2009-12-16 14:18:16.000000000 +0200
@@ -1,5 +1,5 @@
 # $NetBSD: rc.subr,v 1.67 2006/10/07 11:25:15 elad Exp $
-# $FreeBSD: src/etc/rc.subr,v 1.88.2.7 2009/12/15 23:05:16 dougb Exp $
+# $FreeBSD$
 #
 # Copyright (c) 1997-2004 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -738,7 +738,7 @@
 				if [ -n "$_nice" ]; then
 					if [ -z "$_user" ]; then
 						_doit="sh -c \"$_doit\""
-					fi
+					fi
 					_doit="nice -n $_nice $_doit"
 				fi
 			fi
@@ -1063,7 +1063,7 @@
 		esac
 	done
 }
-
+
 #
 # load_rc_config_var name var
 #	Read the rc.conf(5) var for name and set in the
@@ -1702,6 +1702,48 @@
 	return 0
 }

+#	normalize_path()
+#	Removes excess components from the file path:
+#	 - single dots, double dots, multiple consecutive slashes
+#			are correctly collapsed
+#	Correctly handles spaces in the path components.
+#
+normalize_path()
+{
+	echo ${1} | awk '{
+	res = "";
+	split($0, pieces, "/");
+	ii = 0;
+	len = length(pieces);
+	for (i = 1; i <= len; i++) {
+		if (pieces[i] == "") {
+			if (i == 1) {
+				# absolute path
+				res = "/";
+			}
+		} else if (pieces[i] == ".") {
+			# ignoring dot
+		} else if (pieces[i] == "..") {
+			# unwind the path one step
+			if (ii > 0) {
+				delete tmp[ii-1];
+				ii--;
+			}
+		} else {
+			tmp[ii] = pieces[i];
+			ii++;
+		}
+	}
+	for (i = 0; i < length(tmp); i++) res = res tmp[i] "/";
+	# remove trailing slash from the result
+	if (length(res) != 1) {
+	sub("/$", "", res);
+	}
+	print res;
+}'
+}
+
 fi

+
 _rc_subr_loaded=:
--- etc/rc.d/jail	2009-12-16 13:34:53.000000000 +0200
+++ etc/rc.d/jail.mkushnir	2009-12-16 13:35:18.000000000 +0200
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $FreeBSD: src/etc/rc.d/jail,v 1.44 2009/11/02 09:56:46 remko Exp $
+# $FreeBSD$
 #

 # PROVIDE: jail
@@ -237,7 +237,7 @@

 	_dir=$1

-	_dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
+	_dir="`normalize_path \"${_dir}\"`"
 	[ ! -d "${_dir}" ] && return 1
 	_dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
 	[ "${_dir}" = "${_dir2}" ]


>Release-Note:
>Audit-Trail:
>Unformatted:
