bin/119331: [patch] sysinstall can not use network in jailed environment

Alexander Chernikov admin at su29.net
Fri Jan 4 02:40:01 PST 2008 

>Number:         119331
>Category:       bin
>Synopsis:       [patch] sysinstall can not use network in jailed environment
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 04 10:40:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Alexander Chernikov
>Release:        8.0-CURRENT
>Organization:
>Environment:
FreeBSD ws.su29.net 8.0-CURRENT FreeBSD 8.0-CURRENT #: Wed Dec 12 18:40:32 MSK 2007     melifaro at ws.su29.net:/usr/obj/usr/src/sys/CURR  i386

>Description:
sysinstall detects networking interfaces by enumerating them and skipping non- AF_LINK ones. Enumerating in jail cause kernel sending only AF_INET ones, so sysinstall is not able to find any network device. Patch checks if we're running in jail and skips some unnecessary checks.


Testcase:
HOST machine:
HOST:
20:56 [3] m at ws /usr/jj/root/ifcheck
Probing devices, please wait (this can take a while)...
ifcheck: name = nve0 sa_family = 0x12 [AF_LINK]
ifcheck: name = nve0 sa_family = 0x1C [AF_INET6]
ifcheck: name = nve0 sa_family = 0x2  [AF_INET]
ifcheck: name = nve0 sa_family = 0x2  [AF_INET]
ifcheck: name = lo0 sa_family = 0x12 [AF_LINK]
ifcheck: name = lo0 sa_family = 0x1C [AF_INET6]
ifcheck: name = lo0 sa_family = 0x1C [AF_INET6]
ifcheck: name = lo0 sa_family = 0x2  [AF_INET]

20:56 [3] m at ws ifconfig
nve0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:01:6c:ce:7e:91
        inet6 fe80::201:6cff:fece:7e91%nve0 prefixlen 64 scopeid 0x1
        inet 10.0.0.5 netmask 0xffffff00 broadcast 10.0.0.255
        inet 1.2.3.44 netmask 0xffffffff broadcast 1.2.3.44
        media: Ethernet autoselect (100baseTX <full-duplex,flag0,flag1>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000

-------
JAIL:
mykewljail# ./ifcheck
Probing devices, please wait (this can take a while)...
ifcheck name = nve0 sa_family = 0x2 [AF_INET]
ifcheck name = lo0 sa_family = 0x0
ifcheck name =  sa_family = 0x0

mykewljail# ifconfig
nve0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:01:6c:ce:7e:91
        inet 1.2.3.44 netmask 0xffffffff broadcast 1.2.3.44
        media: Ethernet autoselect (100baseTX <full-duplex,flag0,flag1>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384

>How-To-Repeat:

>Fix:
Patch http://stats.dalnet.ru/sysinstall_jail.diff fixes the problem.
Tested on 8.0-CURRENT/i386 and 6.2-RELEASE-p1/amd64

Patch attached with submission follows:

--- /usr/src/usr.sbin/sysinstall/devices.c	2007-03-27 06:31:34.000000000 +0400
+++ /usr/src/usr.sbin/sysinstall/devices.c.new	2008-01-03 22:41:32.000000000 +0300
@@ -41,6 +41,7 @@
 #include <sys/ioctl.h>
 #include <sys/errno.h>
 #include <sys/time.h>
+#include <sys/sysctl.h>
 #include <net/if.h>
 #include <net/if_var.h>
 #include <net/if_dl.h>
@@ -271,7 +262,8 @@
 void
 deviceGetAll(void)
 {
-    int i, j, fd, s;
+    int i, j, fd, s, jailed;
+    size_t sz = sizeof(jailed);
     struct ifconf ifc;
     struct ifreq *ifptr, *end;
     int ifflags;
@@ -290,6 +282,9 @@
     if (ioctl(s, SIOCGIFCONF, (char *) &ifc) < 0)
 	goto skipif;	/* Jump over network iface probing */
 
+    if (sysctlbyname("security.jail.jailed", &jailed, &sz, NULL, 0) < 0)
+	  jailed = 0; /* Assume host env */
+
     close(s);
     ifflags = ifc.ifc_req->ifr_flags;
     end = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len);
@@ -297,11 +292,12 @@
 	char *descr;
 
 	/* If it's not a link entry, forget it */
-	if (ifptr->ifr_ifru.ifru_addr.sa_family != AF_LINK)
+	if (((ifptr->ifr_ifru.ifru_addr.sa_family != AF_LINK) && (jailed == 0)) || 
+		(ifptr->ifr_ifru.ifru_addr.sa_family == AF_INET) || ifptr->ifr_ifru.ifru_addr.sa_family == AF_INET6)
 	    goto loopend;
 
 	/* Eliminate network devices that don't make sense */
-	if (!strncmp(ifptr->ifr_name, "lo", 2))
+	if ((!strncmp(ifptr->ifr_name, "lo", 2)) && (jailed == 0))
 	    goto loopend;
 
 	/* If we have a slip device, don't register it */
@@ -309,7 +305,7 @@
 	    goto loopend;
 	}
 	/* And the same for ppp */
-	if (!strncmp(ifptr->ifr_name, "tun", 3) || !strncmp(ifptr->ifr_name, "ppp", 3)) {
+	if ((!strncmp(ifptr->ifr_name, "tun", 3) || !strncmp(ifptr->ifr_name, "ppp", 3)) && (jailed == 0)) {
 	    goto loopend;
 	}
 	/* Try and find its description */


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list