ports/103168: isc-dhcpd.sh jail options break stop and status commands
Chris Cowart
ccowart at rescomp.berkeley.edu
Mon Sep 11 23:10:22 UTC 2006
>Number: 103168
>Category: ports
>Synopsis: isc-dhcpd.sh jail options break stop and status commands
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Sep 11 23:10:20 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Chris Cowart
>Release: 6_1_REL
>Organization:
Residential Computing, UC Berkeley
>Environment:
FreeBSD new-jayna.rescomp.berkeley.edu 6.1-RELEASE-p3 FreeBSD 6.1-RELEASE-p3 #0: Tue Aug 8 14:40:51 PDT 2006 root at new-jayna.rescomp.berkeley.edu:/usr/obj/usr/src/sys/RCBSD_1 i386
>Description:
The port for isc-dhcp3-server has config options for enabling FreeBSD
process jails. Basically, through a series of command line arguments
that are generated by the isc-dhcpd.sh script, the chroot is
auto-generated when you start the service and dhcpd makes the syscall to
jail itself. This is actually really nifty and makes the process of
running dhcpd in a thin jail brainless.
The problem happens when I run "isc-dhcpd.sh stop":
dhcpd not running? (check /var/jails/dhcpd/var/run/dhcpd/dhcpd.pid).
Well, I know better. dhcpd is clearly running with the pid indicated in
the pid file. After investigating /etc/rc.subr, I've determined the
cause (where $JID is the jid of the running rc script and $_jid is the
jid of the process, determined by ps output):
if [ "$JID" -eq "$_jid" ];
This prevents me from using the rc script outside the jail to stop the
jail'd dhcpd process. /etc/rc.subr is making a false assumption that
people won't want to be controlling jailed services via rc scripts on
the host machine.
>How-To-Repeat:
In /etc/rc.conf:
dhcpd_enable="YES"
dhcpd_flags="-q"
dhcpd_conf="/usr/local/etc/dhcpd.conf"
dhcpd_includedir="/usr/local/etc/dhcpd.d"
dhcpd_withumask="022"
dhcpd_chuser_enable="YES"
dhcpd_withuser="dhcpd"
dhcpd_withgroup="dhcpd"
dhcpd_devfs_enable="YES"
dhcpd_rootdir="/var/jails/dhcpd"
dhcpd_chroot_enable="YES"
dhcpd_jail_enable="YES"
dhcpd_hostname="dhcp.example.com"
dhcpd_ipaddress="10.0.0.10"
Start dhcpd:
$ sudo /usr/local/etc/rc.d/isc-dhcpd.sh start
Starting dhcpd.
Try:
$ sudo /usr/local/etc/rc.d/isc-dhcpd.sh stop
dhcpd not running? (check /var/jails/dhcpd/var/run/dhcpd/dhcpd.pid).
But:
$ ps auxwww | grep dhcpd
dhcpd 11950 0.0 1.4 14940 14140 ?? SsJ 3:58PM 0:00.00 /usr/local/sbin/dhcpd -q -cf /usr/local/etc/dhcpd.conf -lf /var/db/dhcpd/dhcpd.leases -pf /var/run/dhcpd/dhcpd.pid -user dhcpd -group dhcpd -chroot /var/jails/dhcpd -jail dhcp.example.com 10.0.0.10
>Fix:
Override JID in isc-dhcpd.sh:
diff -rub isc-dhcp3-server.orig/files/isc-dhcpd.sh.sample isc-dhcp3-server/files/isc-dhcpd.sh.sample
--- isc-dhcp3-server.orig/files/isc-dhcpd.sh.sample Mon Sep 11 15:50:16 2006
+++ isc-dhcp3-server/files/isc-dhcpd.sh.sample Mon Sep 11 15:51:37 2006
@@ -719,4 +719,11 @@
uninstall_cmd=dhcpd_uninstall
extra_commands="install uninstall"
+# Override /etc/rc.subr JID determiniation, because it doesn't
+# work when we launch dhcpd in a jail.
+if checkyesno dhcpd_jail_enable ; then
+ read pid junk < $pidfile 2>/dev/null
+ [ -n "$pid" ] && JID=`ps -o jid= -p $pid`
+fi
+
run_rc_command "$1"
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list