conf/71415: [PATCH] /etc/rc.subr - devfs ruleset parsing in devfs_set_ruleset()

John Little gaijin at pucebaboon.com
Sun Sep 5 22:20:23 PDT 2004 

>Number:         71415
>Category:       conf
>Synopsis:       [PATCH] /etc/rc.subr - devfs ruleset parsing in devfs_set_ruleset()
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 06 05:20:23 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     John Little
>Release:        FreeBSD 5.2.1-RELEASE i386
>Organization:
PuceBaboon Y.K., Japan.
>Environment:

System: FreeBSD middledean.pucebaboon.com 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 root at wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386

   This is non-processor specific.  The same problem still exists in
   releases up to and including 5.3-BETA-3.

>Description:

   Setting up a Jail environment as per the rc.conf man page (specifically,
   using devfs rulesets to limit access within the jail) and using the
   /etc/defaults/devfs.rules, always results in a failure of 
   /etc/rc.d/jail, with this message:-

Starting Jails:/etc/rc.d/jail: WARNING: devfs_set_ruleset: you must specify a ruleset number

   The cause is a faulty eval statement in /etc/rc.subr, where 
   devfs_set_ruleset() checks the arguments passed ($1).

   This is a devfs problem which is not jail specific (it just happens to
   cause jail starts to fail and so be most noticeable at that time).


>How-To-Repeat:

   - Add to rc.conf:-

##
## Jail config follows.
##
sendmail_enable="NO"
inetd_flags="-wW -a 192.168.1.6"
rpcbind_enable="NO"
devfs_rulesets="/etc/defaults/devfs.rules"
jail_enable="YES"
jail_list="mydemojail"
jail_set_hostname_allow="NO"
jail_socket_unixiproute_only="NO"
jail_sysvipc_allow="NO"
##
## First Jail (mydemojail.pucebaboon.com).
##
jail_mydemojail_rootdir="/usr/jail/mydemojail"
jail_mydemojail_hostname="mydemojail.houserock.com"
jail_mydemojail_ip="192.168.1.3"
jail_mydemojail_devfs_ruleset="4"
jail_mydemojail_devfs_enable="YES"
jail_mydemojail_fdescfs_enable="NO"
jail_mydemojail_procfs_enable="YES"

   - Run "sh -x /etc/rc.d/jail start >& /tmp/jail.log"

   The ruleset exists in /etc/defaults/devfs.rules and the verbose output
   will indicate that the rulesets are read from the file.  However, the
   call to devfs_set_ruleset() in /etc/rc.subr fails to eval $1 correctly
   and causes the whole jail start sequence to abort.

>Fix:

   Delete the escaped-dollar ("\$") in the eval statement in 
   devfs_set_ruleset() to leave a plain variable:-



*** /etc/rc.subr	Mon Sep  6 13:52:06 2004
--- /tmp/rc.subr	Mon Sep  6 13:51:00 2004
***************
*** 1165,1171 ****
  devfs_set_ruleset()
  {
  	local devdir rs _me
! 	[ -n "$1" ] && eval rs=\$$1 || rs=
  	[ -n "$2" ] && devdir="-m "$2"" || devdir=
  	_me="devfs_set_ruleset"
  
--- 1165,1171 ----
  devfs_set_ruleset()
  {
  	local devdir rs _me
! 	[ -n "$1" ] && eval rs=$1 || rs=
  	[ -n "$2" ] && devdir="-m "$2"" || devdir=
  	_me="devfs_set_ruleset"
  


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list