bin/119331: [patch] sysinstall can not use network in jailed
environment
Alexander Chernikov
admin at su29.net
Fri Jan 4 02:40:01 PST 2008
>Number: 119331
>Category: bin
>Synopsis: [patch] sysinstall can not use network in jailed environment
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 04 10:40:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Alexander Chernikov
>Release: 8.0-CURRENT
>Organization:
>Environment:
FreeBSD ws.su29.net 8.0-CURRENT FreeBSD 8.0-CURRENT #: Wed Dec 12 18:40:32 MSK 2007 melifaro at ws.su29.net:/usr/obj/usr/src/sys/CURR i386
>Description:
sysinstall detects networking interfaces by enumerating them and skipping non- AF_LINK ones. Enumerating in jail cause kernel sending only AF_INET ones, so sysinstall is not able to find any network device. Patch checks if we're running in jail and skips some unnecessary checks.
Testcase:
HOST machine:
HOST:
20:56 [3] m at ws /usr/jj/root/ifcheck
Probing devices, please wait (this can take a while)...
ifcheck: name = nve0 sa_family = 0x12 [AF_LINK]
ifcheck: name = nve0 sa_family = 0x1C [AF_INET6]
ifcheck: name = nve0 sa_family = 0x2 [AF_INET]
ifcheck: name = nve0 sa_family = 0x2 [AF_INET]
ifcheck: name = lo0 sa_family = 0x12 [AF_LINK]
ifcheck: name = lo0 sa_family = 0x1C [AF_INET6]
ifcheck: name = lo0 sa_family = 0x1C [AF_INET6]
ifcheck: name = lo0 sa_family = 0x2 [AF_INET]
20:56 [3] m at ws ifconfig
nve0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:01:6c:ce:7e:91
inet6 fe80::201:6cff:fece:7e91%nve0 prefixlen 64 scopeid 0x1
inet 10.0.0.5 netmask 0xffffff00 broadcast 10.0.0.255
inet 1.2.3.44 netmask 0xffffffff broadcast 1.2.3.44
media: Ethernet autoselect (100baseTX <full-duplex,flag0,flag1>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
-------
JAIL:
mykewljail# ./ifcheck
Probing devices, please wait (this can take a while)...
ifcheck name = nve0 sa_family = 0x2 [AF_INET]
ifcheck name = lo0 sa_family = 0x0
ifcheck name = sa_family = 0x0
mykewljail# ifconfig
nve0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:01:6c:ce:7e:91
inet 1.2.3.44 netmask 0xffffffff broadcast 1.2.3.44
media: Ethernet autoselect (100baseTX <full-duplex,flag0,flag1>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>How-To-Repeat:
>Fix:
Patch http://stats.dalnet.ru/sysinstall_jail.diff fixes the problem.
Tested on 8.0-CURRENT/i386 and 6.2-RELEASE-p1/amd64
Patch attached with submission follows:
--- /usr/src/usr.sbin/sysinstall/devices.c 2007-03-27 06:31:34.000000000 +0400
+++ /usr/src/usr.sbin/sysinstall/devices.c.new 2008-01-03 22:41:32.000000000 +0300
@@ -41,6 +41,7 @@
#include <sys/ioctl.h>
#include <sys/errno.h>
#include <sys/time.h>
+#include <sys/sysctl.h>
#include <net/if.h>
#include <net/if_var.h>
#include <net/if_dl.h>
@@ -271,7 +262,8 @@
void
deviceGetAll(void)
{
- int i, j, fd, s;
+ int i, j, fd, s, jailed;
+ size_t sz = sizeof(jailed);
struct ifconf ifc;
struct ifreq *ifptr, *end;
int ifflags;
@@ -290,6 +282,9 @@
if (ioctl(s, SIOCGIFCONF, (char *) &ifc) < 0)
goto skipif; /* Jump over network iface probing */
+ if (sysctlbyname("security.jail.jailed", &jailed, &sz, NULL, 0) < 0)
+ jailed = 0; /* Assume host env */
+
close(s);
ifflags = ifc.ifc_req->ifr_flags;
end = (struct ifreq *) (ifc.ifc_buf + ifc.ifc_len);
@@ -297,11 +292,12 @@
char *descr;
/* If it's not a link entry, forget it */
- if (ifptr->ifr_ifru.ifru_addr.sa_family != AF_LINK)
+ if (((ifptr->ifr_ifru.ifru_addr.sa_family != AF_LINK) && (jailed == 0)) ||
+ (ifptr->ifr_ifru.ifru_addr.sa_family == AF_INET) || ifptr->ifr_ifru.ifru_addr.sa_family == AF_INET6)
goto loopend;
/* Eliminate network devices that don't make sense */
- if (!strncmp(ifptr->ifr_name, "lo", 2))
+ if ((!strncmp(ifptr->ifr_name, "lo", 2)) && (jailed == 0))
goto loopend;
/* If we have a slip device, don't register it */
@@ -309,7 +305,7 @@
goto loopend;
}
/* And the same for ppp */
- if (!strncmp(ifptr->ifr_name, "tun", 3) || !strncmp(ifptr->ifr_name, "ppp", 3)) {
+ if ((!strncmp(ifptr->ifr_name, "tun", 3) || !strncmp(ifptr->ifr_name, "ppp", 3)) && (jailed == 0)) {
goto loopend;
}
/* Try and find its description */
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list