conf/189354: major logic error in /etc/rc.d/jail script for release 10.0
Joe Barbish
joeb1 at a1poweruser.com
Sun May 4 12:30:00 UTC 2014
>Number: 189354
>Category: conf
>Synopsis: major logic error in /etc/rc.d/jail script for release 10.0
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun May 04 12:30:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: Joe Barbish
>Release: 10.0-RELEASE i386
>Organization:
none
>Environment:
>Description:
In freebsd-10.0 the /etc/rc.d/jail script has been changed to convert jails defined in /etc/rc.conf to the jail(8) format and then start a jail using those jail(8) definitions. The /etc/rc.d/jail script logic is incomplete and inaccurate in what and how the on the fly conversion is done. The show-stopper problem is the fstab statement in the /etc/rc.conf file is not being converted to the jail.conf format. On inspection of the /etc/rc.d/jail script shows there is no logic to convert the fstab statement at all. Only the 3 most basic jail definition statements are converted and a bunch of other un-necessary statements are inserted into the jail(8) format file which is written in /var/run/jailname instead of /etc/jail.conf like the man page states is the correct location. In addition the /var/run/jailname jail(8) format file contains these un-necessary statements.
exec.clean;
exec.system_user = "root";
exec.jail_user = "root";
allow.set_hostname = 0;
allow.sysvipc = 0;
In effect this show-stopper forces the 10.0 user to immediately manually convert to jail.conf method or restore the 10.0 system back to a previous release of his system thus negating the intended purpose and results of the auto conversion. I am sure this is NOT the original intended purpose.
>How-To-Repeat:
>Fix:
Logic has to be added to the /etc/rc.d/jail script to convert all possible rc.conf jail statements as shown in /etc/default/rc.conf to the jail(8) format and remove the un-necessary statements it now inserts. An alterative would be to restore the 9.2 /etc/rc.d/jail script to 10.0 thus allowing both rc.conf and jail.conf jails to function.
>Release-Note:
>Audit-Trail:
>Unformatted:
>cat /etc/rc.conf
jail_enable="YES" # legacy rc.d method
jail_list="legacy_rc_dir0"
jail_legacy_rc_dir0_hostname="legacy_rc_dir0"
jail_legacy_rc_dir0_rootdir="/usr/jail/legacy_rc_dir0"
jail_legacy_rc_dir0_fstab="/usr/local/etc/jail.rcconf.fstab/legacy_rc_dir0"
jail_legacy_rc_dir0_ip="10.10.0.50"
jail_legacy_rc_dir0_interface="xl0"
jail_legacy_rc_dir0_flags="-n legacy_rc_dir0 -l -U root"
jail_legacy_rc_dir0_mount_enable="YES"
jail_legacy_rc_dir0_devfs_enable="YES"
jail_legacy_rc_dir0_exec_start="/bin/sh /etc/rc"
jail_legacy_rc_dir0_exec_stop="/bin/sh /etc/rc.shutdown"
/var/run >ls
jail.legacy_rc_dir0.conf
/var/run >cat jail.legacy_rc_dir0.conf
# Generated by rc.d/jail at 2014-05-03 16:59:32
legacy_rc_dir0 {
host.hostname = "legacy_rc_dir0";
path = "/usr/jail/legacy_rc_dir0";
interface = "xl0";
ip4.addr += "xl0|10.10.0.50/32";
exec.clean;
exec.system_user = "root";
exec.jail_user = "root";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_legacy_rc_dir0_console.log";
mount.devfs;
allow.mount;
allow.set_hostname = 0;
allow.sysvipc = 0;
}
More information about the freebsd-bugs
mailing list