[Bug 223327] dhclient: close the pidfile before calling chroot(2)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Oct 30 18:38:15 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223327
Bug ID: 223327
Summary: dhclient: close the pidfile before calling chroot(2)
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: olevole at olevole.ru
Created attachment 187588
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=187588&action=edit
forces the dhclient to work in the vnet-jail again on FreeBSD-CURRENT
At the moment dhclient(8) does not work in vnet jail under FreeBSD 12-CURRENT.
If you try to execute dhclient in jail, it will return with the following
error:
--
chroot
exiting.
--
and NOPERM in errno.
This behavior occurs when you try to execute a chroot with an open to the
outside environment descriptor
kern.chroot_allow_open_directories can affect this behavior, but apparently in
dhclient it is not necessary to keep fd open, because all operations on it
occur before chroot.
This patch forces the dhclient to work in the jail again.
How to reproduce problem (have fresh FreeBSD 12-CURRENT, e.g. 325104+):
--
1) prepare base for chroot
% mkdir /tmp/base
% cd /tmp/base
% wget http://ftp.freebsd.org/pub/FreeBSD/snapshots/amd64/12.0-CURRENT/base.txz
% tar xfz base.txz
% ifconfig epair0 create
2) Wrote /tmp/jail.conf:
jail1 {
path = /tmp/base;
devfs_ruleset="99";
allow.mount;
vnet = new;
vnet.interface = epair0a;
mount.devfs;
interface = vlan1;
allow.raw_sockets;
allow.sysvipc;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
}
3) Create jail:
jail -c -f /jail1.conf
4) Try to dhclient where 4 is jail ID:
jexec 4 dhclient epair0a
--
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list