Jails that keep hanging around
Maxim Konovalov
maxim at macomnet.ru
Sun Feb 15 08:37:44 PST 2004
Hello,
On Sun, 15 Feb 2004, 17:14+0100, Melvyn Sopacua wrote:
> Hi,
>
> I have yet to figure out what triggers the bug, but I end up with 'running'
> jails, without any processes. So I thought I'd create 'jld' to remove a jail.
> However - prison_find isn't exported to userland. Probably for good reason.
>
> Should I worry about these jails or is it harmless:
[...]
Yes, it is a known bug, see kern/54163 for example. It seems we are
leaking ucred reference somewhere. TIME_WAIT handling is involved
too. You can reproduce it easily:
1/ Start a jail:
# jail / j 127.0.0.1 /usr/local/bin/nc -p 1973 -l 127.0.0.1
2/ Telnet to it:
# telnet 127.0.0.1 1973
3/ Kill the jail:
# killall nc
4/ Watch a leak:
# jls
...
or
# sysctl -o security.jail.list
...
I were trying to fix this for a long time but no success.
--
Maxim Konovalov
More information about the freebsd-current
mailing list