Should killed process deref a jail?
Kyle Evans
kevans at freebsd.org
Wed May 6 19:04:35 UTC 2020
On Wed, May 6, 2020 at 1:55 PM Kyle Evans <kevans at freebsd.org> wrote:
>
> On Wed, May 6, 2020 at 1:49 PM Kurt Jaeger <pi at freebsd.org> wrote:
> >
> > Hi!
> >
> > > In doing some testing of qemu-user-static recently, I noticed that
> > > killing the last process in a non-persist jail doesn't kill off the
> > > jail:
> > >
> > > root at viper:/usr/src# jail -c path=/ command=yes
> > > ## ^C out
> > >
> > > root at viper:/usr/src# jls
> > > JID IP Address Hostname Path
> > > 181 /
> > >
> > > root at viper:/usr/src# ps fxJ 181
> > > PID TT STAT TIME COMMAND
> > >
> > > As a result, I ended up with 82 jails pointed at my armv7 sysroot and
> > > much surprise when I checked out `jls`. This vaguely smells like a
> > > bug, is this something that should be fixed?
> >
> > Depends. If the last process held some socket and the socket
> > is still in the state LINGER.
> >
> > See
> >
> > https://deepix.github.io/2016/10/21/tcprst.html
> >
> > for more details, after the heading 'What is SO_LINGER?'
> >
> > You can probably see those sockets with
> >
>
> That'd make sense, but in this case it's actually reproducible with
> yes(1), which doesn't open up any sockets or actually use any external
> resources other than write()ing to stdout.
This turns out to be PEBCAK, as jail(8) will always set persist if
there's a command to be run. Sorry for the noise...
More information about the freebsd-jail
mailing list