conf/71415: [PATCH] /etc/rc.subr - devfs ruleset parsing in
devfs_set_ruleset()
John Little
gaijin at pucebaboon.com
Sun Sep 5 22:20:23 PDT 2004
>Number: 71415
>Category: conf
>Synopsis: [PATCH] /etc/rc.subr - devfs ruleset parsing in devfs_set_ruleset()
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Sep 06 05:20:23 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: John Little
>Release: FreeBSD 5.2.1-RELEASE i386
>Organization:
PuceBaboon Y.K., Japan.
>Environment:
System: FreeBSD middledean.pucebaboon.com 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 root at wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386
This is non-processor specific. The same problem still exists in
releases up to and including 5.3-BETA-3.
>Description:
Setting up a Jail environment as per the rc.conf man page (specifically,
using devfs rulesets to limit access within the jail) and using the
/etc/defaults/devfs.rules, always results in a failure of
/etc/rc.d/jail, with this message:-
Starting Jails:/etc/rc.d/jail: WARNING: devfs_set_ruleset: you must specify a ruleset number
The cause is a faulty eval statement in /etc/rc.subr, where
devfs_set_ruleset() checks the arguments passed ($1).
This is a devfs problem which is not jail specific (it just happens to
cause jail starts to fail and so be most noticeable at that time).
>How-To-Repeat:
- Add to rc.conf:-
##
## Jail config follows.
##
sendmail_enable="NO"
inetd_flags="-wW -a 192.168.1.6"
rpcbind_enable="NO"
devfs_rulesets="/etc/defaults/devfs.rules"
jail_enable="YES"
jail_list="mydemojail"
jail_set_hostname_allow="NO"
jail_socket_unixiproute_only="NO"
jail_sysvipc_allow="NO"
##
## First Jail (mydemojail.pucebaboon.com).
##
jail_mydemojail_rootdir="/usr/jail/mydemojail"
jail_mydemojail_hostname="mydemojail.houserock.com"
jail_mydemojail_ip="192.168.1.3"
jail_mydemojail_devfs_ruleset="4"
jail_mydemojail_devfs_enable="YES"
jail_mydemojail_fdescfs_enable="NO"
jail_mydemojail_procfs_enable="YES"
- Run "sh -x /etc/rc.d/jail start >& /tmp/jail.log"
The ruleset exists in /etc/defaults/devfs.rules and the verbose output
will indicate that the rulesets are read from the file. However, the
call to devfs_set_ruleset() in /etc/rc.subr fails to eval $1 correctly
and causes the whole jail start sequence to abort.
>Fix:
Delete the escaped-dollar ("\$") in the eval statement in
devfs_set_ruleset() to leave a plain variable:-
*** /etc/rc.subr Mon Sep 6 13:52:06 2004
--- /tmp/rc.subr Mon Sep 6 13:51:00 2004
***************
*** 1165,1171 ****
devfs_set_ruleset()
{
local devdir rs _me
! [ -n "$1" ] && eval rs=\$$1 || rs=
[ -n "$2" ] && devdir="-m "$2"" || devdir=
_me="devfs_set_ruleset"
--- 1165,1171 ----
devfs_set_ruleset()
{
local devdir rs _me
! [ -n "$1" ] && eval rs=$1 || rs=
[ -n "$2" ] && devdir="-m "$2"" || devdir=
_me="devfs_set_ruleset"
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list