misc/181794: jexec runs commands in Jails without taking into account of the Jail's FIB

Karl Pielorz kpielorz at tdx.co.uk
Wed Sep 4 06:10:01 UTC 2013


>Number:         181794
>Category:       misc
>Synopsis:       jexec runs commands in Jails without taking into account of the Jail's FIB
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 04 06:10:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Karl Pielorz
>Release:        9.2-BETA2 amd64
>Organization:
>Environment:
FreeBSD somehost.somedomain.com 9.2-BETA2 FreeBSD 9.2-BETA2 #0 r253951M: Mon Aug 12 09:39:57 BST 2013     kpielorz at somedomain.com:/sys/amd64/compile/GENERIC  amd64
>Description:
When using jails, if you specify a FIB to be used in the jail (so it can have it's own copy of the routing table) - running commands with 'jexec' ignores this FIB - and launches the command specified using the system default FIB (i.e. FIB 0).

This makes troubleshooting FIB issues very tricky unless you're aware of this issue (think lots of lost hours! :)
>How-To-Repeat:
Setup the system to support FIBs (multiple routing tables) - and configure a jail to use a specific FIB, i.e. using '/etc/jail.conf' - e.g.

jail {
  [blah]
  exec.fib = 1;
}

When you launch the jail with 'jail -c jail' it will be created, and it will use the FIB specified.

If you then attach to the jail, e.g. using 'jexec 1 tcsh' - that process will be launched with the default FIB (i.e. FIB 0) - and not the one that the jail is using.
>Fix:
Either jexec documentation needs a warning that it will launch the process with the default FIB - not the one for the jail, and that you should use 'setfib jail-fib jexec 1 tcsh'.

Or, have jexec actually honour the FIB set in /etc/jail.conf - so that 'jexec 1 tcsh' will set the correct FIB before launching the tcsh in jail #1.

>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list