conf/189354: major logic error in /etc/rc.d/jail script for release 10.0

Joe Barbish joeb1 at
Sun May 4 12:30:00 UTC 2014

>Number:         189354
>Category:       conf
>Synopsis:       major logic error in /etc/rc.d/jail script for release 10.0
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun May 04 12:30:00 UTC 2014
>Originator:     Joe Barbish
>Release:        10.0-RELEASE i386
In freebsd-10.0 the /etc/rc.d/jail script has been changed to convert jail’s defined in /etc/rc.conf to the jail(8) format and then start a jail using those jail(8) definitions. The /etc/rc.d/jail script logic is incomplete and inaccurate in what and how the on the fly conversion is done. The show-stopper problem is the fstab statement in the /etc/rc.conf file is not being converted to the jail.conf format. On inspection of the /etc/rc.d/jail script shows there is no logic to convert the fstab statement at all. Only the 3 most basic jail definition statements are converted and a bunch of other un-necessary statements are inserted into the jail(8) format file which is written in /var/run/jailname instead of /etc/jail.conf like the man page states is the correct location. In addition the /var/run/jailname jail(8) format file contains these un-necessary statements.
    exec.system_user = "root"; 
    exec.jail_user = "root";
    allow.set_hostname = 0; 
    allow.sysvipc = 0;

In effect this show-stopper forces the 10.0 user to immediately manually convert to jail.conf method or restore the 10.0 system back to a previous release of his system thus negating the intended purpose and results of the auto conversion. I am sure this is NOT the original intended purpose.


Logic has to be added to the /etc/rc.d/jail script to convert all possible rc.conf jail statements as shown in /etc/default/rc.conf to the jail(8) format and remove the un-necessary statements it now inserts. An alterative would be to restore the 9.2 /etc/rc.d/jail script to 10.0 thus allowing both rc.conf and jail.conf jails to function.

 >cat /etc/rc.conf
 jail_enable="YES"        # legacy rc.d method
 jail_legacy_rc_dir0_flags="-n legacy_rc_dir0 -l -U root"
 jail_legacy_rc_dir0_exec_start="/bin/sh /etc/rc"
 jail_legacy_rc_dir0_exec_stop="/bin/sh /etc/rc.shutdown"
 /var/run >ls
 /var/run >cat jail.legacy_rc_dir0.conf
 # Generated by rc.d/jail at 2014-05-03 16:59:32
 legacy_rc_dir0 {
     host.hostname = "legacy_rc_dir0";
     path = "/usr/jail/legacy_rc_dir0";
     interface = "xl0";
     ip4.addr += "xl0|";
     exec.system_user = "root";
     exec.jail_user = "root";
     exec.start += "/bin/sh /etc/rc";
     exec.stop = "/bin/sh /etc/rc.shutdown";
     exec.consolelog = "/var/log/jail_legacy_rc_dir0_console.log";
     allow.set_hostname = 0;
     allow.sysvipc = 0;

More information about the freebsd-bugs mailing list