bin/165515: [jail][patch] "jail: unknown parameter:
allow.nomount" when starting jail
Glen Barber
gjb at FreeBSD.org
Wed Feb 29 00:28:44 UTC 2012
Hi Jamie,
This patch fixes the problem for me.
Thank you!
Glen
On Tue, Feb 28, 2012 at 03:36:20PM -0700, Jamie Gritton wrote:
> The allow.mount parameter recently changed in a subtle way - it's now
> a node (to e.g. allow.mount.devfs) as well as a parameter in its own
> right. This confused libjail which knows how to handle such parameters
> as long as they're not boolean.
>
> I'm including my proposed fix to libjail. This this fix, allow.nomount
> should once again work, as should allow.mount and other things such as
> allow.quotas/allow.noquotas should work as they did before.
>
> - Jamie
>
>
> On 02/27/12 18:21, Glen Barber wrote:
> >
> >> Number: 165515
> >> Category: bin
> >> Synopsis: [jail][patch] "jail: unknown parameter: allow.nomount" when starting jail
> >> Confidential: no
> >> Severity: non-critical
> >> Priority: low
> >> Responsible: freebsd-bugs
> >> State: open
> >> Quarter:
> >> Keywords:
> >> Date-Required:
> >> Class: sw-bug
> >> Submitter-Id: current-users
> >> Arrival-Date: Tue Feb 28 01:30:07 UTC 2012
> >> Closed-Date:
> >> Last-Modified:
> >> Originator: Glen Barber
> >> Release: 10.0-CURRENT r232116M
> >> Organization:
> >> Environment:
> > FreeBSD nucleus 10.0-CURRENT FreeBSD 10.0-CURRENT #7 r232116M: Sun Feb 26 14:12:14 EST 2012 root at nucleus:/usr/obj/usr/src/sys/NUCLEUS amd64
> >> Description:
> > On a recent -CURRENT, the jail(8) rc script fails to start jails. This seems to be caused by looking up a sysctl that does not exist.
> >> How-To-Repeat:
> > Create a minimalistic jail setup as follows:
> >
> > nucleus# cat /etc/rc.conf.local
> > #
> > jail_enable="YES"
> > jail_parallel_start="YES"
> > jail_list="cfm"
> > jail_cfm_hostname="cfm"
> > jail_cfm_rootdir="/jails/cfm"
> > jail_cfm_ip="172.16.1.2"
> >
> > Start the jail with the rc(8) script:
> >
> > nucleus# sh -x /etc/rc.d/jail start cfm
> > + . /etc/rc.subr
> > [...]
> > + eval '_x="$jail_cfm_ip_multi0"'
> > + _x=''
> > + break
> > + echo ' cannot start jail "cfm": '
> > cannot start jail "cfm":
> > + tail +2 /tmp/jail.bJIDqW5x/jail.52395
> > jail: unknown parameter: allow.nomount
> >
> >> Fix:
> > The attached patch fixes it for me.
> >
> >
> > Patch attached with submission follows:
> >
> > Index: usr.sbin/jail/jail.c
> > ===================================================================
> > --- usr.sbin/jail/jail.c (revision 232116)
> > +++ usr.sbin/jail/jail.c (working copy)
> > @@ -84,7 +84,7 @@
> > { "security.jail.chflags_allowed",
> > "allow.nochflags", "allow.chflags" },
> > { "security.jail.mount_allowed",
> > - "allow.nomount", "allow.mount" },
> > + "allow.mount", "allow.nomount" },
> > { "security.jail.socket_unixiproute_only",
> > "allow.socket_af", "allow.nosocket_af" },
> > };
> >
> >
> >> Release-Note:
> >> Audit-Trail:
> >> Unformatted:
> > _______________________________________________
> > freebsd-bugs at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
> > To unsubscribe, send any mail to "freebsd-bugs-unsubscribe at freebsd.org"
> Index: lib/libjail/jail.c
> ===================================================================
> --- lib/libjail/jail.c (revision 232240)
> +++ lib/libjail/jail.c (working copy)
> @@ -885,36 +885,20 @@
> * the "no" counterpart to a boolean.
> */
> nname = nononame(jp->jp_name);
> - if (nname != NULL) {
> - snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname);
> - free(nname);
> - miblen = sizeof(mib) - 2 * sizeof(int);
> - if (sysctl(mib, 2, mib + 2, &miblen, desc.s,
> - strlen(desc.s)) >= 0) {
> - mib[1] = 4;
> - desclen = sizeof(desc);
> - if (sysctl(mib, (miblen / sizeof(int)) + 2,
> - &desc, &desclen, NULL, 0) < 0) {
> - snprintf(jail_errmsg,
> - JAIL_ERRMSGLEN,
> - "sysctl(0.4.%s): %s", desc.s,
> - strerror(errno));
> - return (-1);
> - }
> - if ((desc.i & CTLTYPE) == CTLTYPE_INT &&
> - desc.s[0] == 'B') {
> - jp->jp_ctltype = desc.i;
> - jp->jp_flags |= JP_NOBOOL;
> - jp->jp_valuelen = sizeof(int);
> - return (0);
> - }
> - }
> + if (nname == NULL) {
> + unknown_parameter:
> + snprintf(jail_errmsg, JAIL_ERRMSGLEN,
> + "unknown parameter: %s", jp->jp_name);
> + errno = ENOENT;
> + return (-1);
> }
> - unknown_parameter:
> - snprintf(jail_errmsg, JAIL_ERRMSGLEN,
> - "unknown parameter: %s", jp->jp_name);
> - errno = ENOENT;
> - return (-1);
> + snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname);
> + free(nname);
> + miblen = sizeof(mib) - 2 * sizeof(int);
> + if (sysctl(mib, 2, mib + 2, &miblen, desc.s,
> + strlen(desc.s)) < 0)
> + goto unknown_parameter;
> + jp->jp_flags |= JP_NOBOOL;
> }
> mib_desc:
> mib[1] = 4;
> @@ -925,6 +909,16 @@
> "sysctl(0.4.%s): %s", jp->jp_name, strerror(errno));
> return (-1);
> }
> + jp->jp_ctltype = desc.i;
> + /* If this came from removing a "no", it better be a boolean. */
> + if (jp->jp_flags & JP_NOBOOL) {
> + if ((desc.i & CTLTYPE) == CTLTYPE_INT && desc.s[0] == 'B') {
> + jp->jp_valuelen = sizeof(int);
> + return (0);
> + }
> + else if ((desc.i & CTLTYPE) != CTLTYPE_NODE)
> + goto unknown_parameter;
> + }
> /* See if this is an array type. */
> p = strchr(desc.s, '\0');
> isarray = 0;
> @@ -935,7 +929,6 @@
> p[-2] = 0;
> }
> /* Look for types we understand. */
> - jp->jp_ctltype = desc.i;
> switch (desc.i & CTLTYPE) {
> case CTLTYPE_INT:
> if (desc.s[0] == 'B')
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20120229/05cb6f40/attachment.pgp
More information about the freebsd-jail
mailing list