bin/165515: [jail][patch] "jail: unknown parameter: allow.nomount" when starting jail

Glen Barber gjb at FreeBSD.org
Wed Feb 29 00:28:44 UTC 2012 

Hi Jamie,

This patch fixes the problem for me.

Thank you!

Glen

On Tue, Feb 28, 2012 at 03:36:20PM -0700, Jamie Gritton wrote:
> The allow.mount parameter recently changed in a subtle way - it's now
> a node (to e.g. allow.mount.devfs) as well as a parameter in its own
> right. This confused libjail which knows how to handle such parameters
> as long as they're not boolean.
> 
> I'm including my proposed fix to libjail. This this fix, allow.nomount
> should once again work, as should allow.mount and other things such as
> allow.quotas/allow.noquotas should work as they did before.
> 
> - Jamie
> 
> 
> On 02/27/12 18:21, Glen Barber wrote:
> >
> >> Number:         165515
> >> Category:       bin
> >> Synopsis:       [jail][patch] "jail: unknown parameter: allow.nomount" when starting jail
> >> Confidential:   no
> >> Severity:       non-critical
> >> Priority:       low
> >> Responsible:    freebsd-bugs
> >> State:          open
> >> Quarter:
> >> Keywords:
> >> Date-Required:
> >> Class:          sw-bug
> >> Submitter-Id:   current-users
> >> Arrival-Date:   Tue Feb 28 01:30:07 UTC 2012
> >> Closed-Date:
> >> Last-Modified:
> >> Originator:     Glen Barber
> >> Release:        10.0-CURRENT r232116M
> >> Organization:
> >> Environment:
> > FreeBSD nucleus 10.0-CURRENT FreeBSD 10.0-CURRENT #7 r232116M: Sun Feb 26 14:12:14 EST 2012     root at nucleus:/usr/obj/usr/src/sys/NUCLEUS  amd64
> >> Description:
> > On a recent -CURRENT, the jail(8) rc script fails to start jails.  This seems to be caused by looking up a sysctl that does not exist.
> >> How-To-Repeat:
> > Create a minimalistic jail setup as follows:
> >
> >   nucleus# cat /etc/rc.conf.local
> >   #
> >   jail_enable="YES"
> >   jail_parallel_start="YES"
> >   jail_list="cfm"
> >   jail_cfm_hostname="cfm"
> >   jail_cfm_rootdir="/jails/cfm"
> >   jail_cfm_ip="172.16.1.2"
> >
> > Start the jail with the rc(8) script:
> >
> >   nucleus# sh -x /etc/rc.d/jail start cfm
> >   + . /etc/rc.subr
> >   [...]
> >   + eval '_x="$jail_cfm_ip_multi0"'
> >   + _x=''
> >   + break
> >   + echo ' cannot start jail "cfm": '
> >    cannot start jail "cfm":
> >   + tail +2 /tmp/jail.bJIDqW5x/jail.52395
> >   jail: unknown parameter: allow.nomount
> >
> >> Fix:
> > The attached patch fixes it for me.
> >
> >
> > Patch attached with submission follows:
> >
> > Index: usr.sbin/jail/jail.c
> > ===================================================================
> > --- usr.sbin/jail/jail.c	(revision 232116)
> > +++ usr.sbin/jail/jail.c	(working copy)
> > @@ -84,7 +84,7 @@
> >   	{ "security.jail.chflags_allowed",
> >   	  "allow.nochflags", "allow.chflags" },
> >   	{ "security.jail.mount_allowed",
> > -	  "allow.nomount", "allow.mount" },
> > +	  "allow.mount", "allow.nomount" },
> >   	{ "security.jail.socket_unixiproute_only",
> >   	  "allow.socket_af", "allow.nosocket_af" },
> >   };
> >
> >
> >> Release-Note:
> >> Audit-Trail:
> >> Unformatted:
> > _______________________________________________
> > freebsd-bugs at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
> > To unsubscribe, send any mail to "freebsd-bugs-unsubscribe at freebsd.org"

> Index: lib/libjail/jail.c
> ===================================================================
> --- lib/libjail/jail.c	(revision 232240)
> +++ lib/libjail/jail.c	(working copy)
> @@ -885,36 +885,20 @@
>  		 * the "no" counterpart to a boolean.
>  		 */
>  		nname = nononame(jp->jp_name);
> -		if (nname != NULL) {
> -			snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname);
> -			free(nname);
> -			miblen = sizeof(mib) - 2 * sizeof(int);
> -			if (sysctl(mib, 2, mib + 2, &miblen, desc.s,
> -			    strlen(desc.s)) >= 0) {
> -				mib[1] = 4;
> -				desclen = sizeof(desc);
> -				if (sysctl(mib, (miblen / sizeof(int)) + 2,
> -				    &desc, &desclen, NULL, 0) < 0) {
> -					snprintf(jail_errmsg,
> -					    JAIL_ERRMSGLEN,
> -					    "sysctl(0.4.%s): %s", desc.s,
> -					    strerror(errno));
> -					return (-1);
> -				}
> -				if ((desc.i & CTLTYPE) == CTLTYPE_INT &&
> -				    desc.s[0] == 'B') {
> -					jp->jp_ctltype = desc.i;
> -					jp->jp_flags |= JP_NOBOOL;
> -					jp->jp_valuelen = sizeof(int);
> -					return (0);
> -				}
> -			}
> +		if (nname == NULL) {
> +		unknown_parameter:
> +			snprintf(jail_errmsg, JAIL_ERRMSGLEN,
> +			    "unknown parameter: %s", jp->jp_name);
> +			errno = ENOENT;
> +			return (-1);
>  		}
> -	unknown_parameter:
> -		snprintf(jail_errmsg, JAIL_ERRMSGLEN,
> -		    "unknown parameter: %s", jp->jp_name);
> -		errno = ENOENT;
> -		return (-1);
> +		snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname);
> +		free(nname);
> +		miblen = sizeof(mib) - 2 * sizeof(int);
> +		if (sysctl(mib, 2, mib + 2, &miblen, desc.s,
> +		    strlen(desc.s)) < 0)
> +			goto unknown_parameter;
> +		jp->jp_flags |= JP_NOBOOL;
>  	}
>   mib_desc:
>  	mib[1] = 4;
> @@ -925,6 +909,16 @@
>  		    "sysctl(0.4.%s): %s", jp->jp_name, strerror(errno));
>  		return (-1);
>  	}
> +	jp->jp_ctltype = desc.i;
> +	/* If this came from removing a "no", it better be a boolean. */
> +	if (jp->jp_flags & JP_NOBOOL) {
> +		if ((desc.i & CTLTYPE) == CTLTYPE_INT && desc.s[0] == 'B') {
> +			jp->jp_valuelen = sizeof(int);
> +			return (0);
> +		}
> +		else if ((desc.i & CTLTYPE) != CTLTYPE_NODE)
> +			goto unknown_parameter;
> +	}
>  	/* See if this is an array type. */
>  	p = strchr(desc.s, '\0');
>  	isarray  = 0;
> @@ -935,7 +929,6 @@
>  		p[-2] = 0;
>  	}
>  	/* Look for types we understand. */
> -	jp->jp_ctltype = desc.i;
>  	switch (desc.i & CTLTYPE) {
>  	case CTLTYPE_INT:
>  		if (desc.s[0] == 'B')

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20120229/05cb6f40/attachment.pgp

More information about the freebsd-jail mailing list