PAM/setloginclass link error in jail
ben at wanderview.com
Mon Sep 5 23:47:01 UTC 2011
I upgraded my server today to a recent HEAD from its old sources from about October 2010. After the upgrade I ran into an unusual problem. I've worked around the issue for now, but I was wondering if anyone could help me solve it correctly.
The problem is that all PAM related operations fail inside jails. Initially I was getting this error in /var/log/messages:
passwd: in openpam_load_module(): no pam_unix.so found
That file was clearly there, however, so I dug into PAM and enabled some debug in pam_dynamic.c. This got me the following message:
openpam_dynamic(): /usr/lib/pam_unix.so: /lib/libutil.so.9: Undefined symbol "setloginclass"
This is a syscall added to the system in March, 2011. The link process works fine normally, but fails in any jail. I went as far as turning on rtld debug to verify it was giving up on libutil about half way through when it could not resolve the symbol. I verified that libc.so.7 was the same both inside and outside the jail. The setloginclass symbol was defined as a WEAK reference.
Looking through past e-mail I noticed trasz@ said he was going to explicitly put in code to support setloginclass from root in a jail. I think I see this code in the prison privilege checking as well. Its just not clear to me why its not linking.
To work around the issue I hacked setloginclass out of libutil for now. This is clearly not ideal as I'm not sure when and where that will blow up on me. It did let me log back into my e-mail, however.
FreeBSD ianto.in.wanderview.com 9.0-BETA2 FreeBSD 9.0-BETA2 #1 r278M: Mon Sep 5 18:54:58 UTC 2011 root at ianto.in.wanderview.com:/usr/obj/usr/src/sys/SERVER i386
The system is using zfs, nullfs, and ezjail to manage the jails. I did upgrade my zfs pools to the latest version at this same time, but so far I can't tie that to this problem.
Does anyone know why a jail would prevent rtld from linking in a particular syscall? Any help or advice is greatly appreciated.
More information about the freebsd-current