[Bug 197237] Jail mount ordering in FreeBSD 10 break ezjail image/crypto jails
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Feb 1 08:42:45 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197237
Bug ID: 197237
Summary: Jail mount ordering in FreeBSD 10 break ezjail
image/crypto jails
Product: Base System
Version: 10.1-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: freebsd-bugs at joe.mulloy.me
The changes to jail and the jail rc script between 9 and 10 break ezjail image
jails. Ezjail specifies the jailroot in an fstab file under
/etc/fstab.jailname. The issue is that when the rc script autocreates
/var/run/jail.jailname.conf it adds an entry to the mount parameter for procfs.
The order that the jail command processes mounts is to mount things in the
mounts config parameter first and them mount from fstab. When the root is in
fstab this causes jail to try to mount proc before the root has been mounted,
so mount returns an error because the directory ${jailroot}/proc does not
exist.
ezjail should probably be updated to create jail config files on 10+, however
there is still an ordering issue if a user puts a mount in the config that is
under a directory that is mounted in fstab.
The ordering issue occurs in /usr/src/usr.sbin/jail/jail.c. The issue is that
IP_MOUNT comes before IP__MOUNT_FROM_FSTAB. Of course reordering this would
just break things in the opposite direction, so there would be an issue if a
mount in fstab was under a mount that is in the config.
# /usr/src/usr.sbin/jail/jail.c
static const enum intparam startcommands[] = {
IP__NULL,
#ifdef INET
IP__IP4_IFADDR,
#endif
#ifdef INET6
IP__IP6_IFADDR,
#endif
IP_MOUNT,
IP__MOUNT_FROM_FSTAB,
IP_MOUNT_DEVFS,
IP_MOUNT_FDESCFS,
IP_EXEC_PRESTART,
IP__OP,
IP_VNET_INTERFACE,
IP_EXEC_START,
IP_COMMAND,
IP_EXEC_POSTSTART,
IP__NULL
};
# cat /var/run/jail.test3.conf
# Generated by rc.d/jail at 2015-02-01 08:14:07
test3 {
host.hostname = "test3";
path = "/usr/jails/test3";
ip4.addr += "10.2.1.152/32";
allow.raw_sockets = 0;
exec.clean;
exec.system_user = "root";
exec.jail_user = "root";
exec.start += "/bin/sh /etc/rc";
exec.stop = "";
exec.consolelog = "/var/log/jail_test3_console.log";
mount.fstab = "/etc/fstab.test3";
mount.devfs;
mount.fdescfs;
mount += "procfs /usr/jails/test3/proc procfs rw 0 0";
allow.mount;
allow.set_hostname = 0;
allow.sysvipc = 0;
}
# cat /etc/fstab.test3
/usr/jails/test3.device /usr/jails/test3 ufs rw 0 0
/usr/jails/basejail /usr/jails/test3/basejail nullfs ro 0 0
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list