ports/103168: isc-dhcpd.sh jail options break stop and status commands

Chris Cowart ccowart at rescomp.berkeley.edu
Mon Sep 11 23:10:22 UTC 2006


>Number:         103168
>Category:       ports
>Synopsis:       isc-dhcpd.sh jail options break stop and status commands
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 11 23:10:20 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Chris Cowart
>Release:        6_1_REL
>Organization:
Residential Computing, UC Berkeley
>Environment:
FreeBSD new-jayna.rescomp.berkeley.edu 6.1-RELEASE-p3 FreeBSD 6.1-RELEASE-p3 #0: Tue Aug  8 14:40:51 PDT 2006     root at new-jayna.rescomp.berkeley.edu:/usr/obj/usr/src/sys/RCBSD_1  i386
>Description:
The port for isc-dhcp3-server has config options for enabling FreeBSD
process jails. Basically, through a series of command line arguments
that are generated by the isc-dhcpd.sh script, the chroot is
auto-generated when you start the service and dhcpd makes the syscall to
jail itself. This is actually really nifty and makes the process of
running dhcpd in a thin jail brainless.

The problem happens when I run "isc-dhcpd.sh stop": 
dhcpd not running? (check /var/jails/dhcpd/var/run/dhcpd/dhcpd.pid).

Well, I know better. dhcpd is clearly running with the pid indicated in
the pid file. After investigating /etc/rc.subr, I've determined the
cause (where $JID is the jid of the running rc script and $_jid is the
jid of the process, determined by ps output):
  if [ "$JID" -eq "$_jid" ];

This prevents me from using the rc script outside the jail to stop the
jail'd dhcpd process. /etc/rc.subr is making a false assumption that
people won't want to be controlling jailed services via rc scripts on
the host machine.

>How-To-Repeat:
In /etc/rc.conf:
dhcpd_enable="YES"
dhcpd_flags="-q"
dhcpd_conf="/usr/local/etc/dhcpd.conf"
dhcpd_includedir="/usr/local/etc/dhcpd.d"
dhcpd_withumask="022"
dhcpd_chuser_enable="YES"
dhcpd_withuser="dhcpd"
dhcpd_withgroup="dhcpd"
dhcpd_devfs_enable="YES"
dhcpd_rootdir="/var/jails/dhcpd"
dhcpd_chroot_enable="YES"
dhcpd_jail_enable="YES"
dhcpd_hostname="dhcp.example.com"
dhcpd_ipaddress="10.0.0.10"

Start dhcpd:
$ sudo /usr/local/etc/rc.d/isc-dhcpd.sh start
Starting dhcpd.

Try:
$ sudo /usr/local/etc/rc.d/isc-dhcpd.sh stop
dhcpd not running? (check /var/jails/dhcpd/var/run/dhcpd/dhcpd.pid).

But:
$ ps auxwww | grep dhcpd
dhcpd   11950  0.0  1.4 14940 14140  ??  SsJ   3:58PM   0:00.00 /usr/local/sbin/dhcpd -q -cf /usr/local/etc/dhcpd.conf -lf /var/db/dhcpd/dhcpd.leases -pf /var/run/dhcpd/dhcpd.pid -user dhcpd -group dhcpd -chroot /var/jails/dhcpd -jail dhcp.example.com 10.0.0.10


>Fix:
Override JID in isc-dhcpd.sh:
diff -rub isc-dhcp3-server.orig/files/isc-dhcpd.sh.sample isc-dhcp3-server/files/isc-dhcpd.sh.sample
--- isc-dhcp3-server.orig/files/isc-dhcpd.sh.sample	Mon Sep 11 15:50:16 2006
+++ isc-dhcp3-server/files/isc-dhcpd.sh.sample	Mon Sep 11 15:51:37 2006
@@ -719,4 +719,11 @@
 uninstall_cmd=dhcpd_uninstall
 extra_commands="install uninstall"
 
+# Override /etc/rc.subr JID determiniation, because it doesn't
+# work when we launch dhcpd in a jail.
+if checkyesno dhcpd_jail_enable ; then
+	read pid junk < $pidfile 2>/dev/null
+	[ -n "$pid" ] && JID=`ps -o jid= -p $pid`
+fi
+
 run_rc_command "$1"


>Release-Note:
>Audit-Trail:
>Unformatted:



More information about the freebsd-ports-bugs mailing list