[Bug 181794] jexec(8) runs commands in Jails without taking into account of the Jail's FIB
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Dec 3 09:23:17 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=181794
--- Comment #3 from Mark G. <mvg_freebsdbugs at giovannetti.ca> ---
It looks something like this:
...
BUGS
If the jail is not identified by jid there is a possible race in between
the lookup of the jail and executing the command inside the jail. Giving
a jid has a similar race as another process can stop the jail and start
another one after the user looked up the jid.
If a forwarding information base (FIB, routing table) has been set within
a jail using the exec.fib parameter, the jexec utility does not honour
it, and command will be executed using the default fib (usually fib 0).
This can confuse users of jails when trying to troubleshoot jail packet
flows. To properly execute a command in a fib-configured jail using the
jexec utility, it must be prefixed with the setfib(1) utility as follows.
setfib -F 1 jexec testjail netstat -rn
or
setfib 1 jexec testjail netstat -rn
where testjail has been assigned fib 1 in jail.conf(5) as follows:
testjail {
path = /tmp/jail/testjail;
mount.devfs;
host.hostname = testhostname;
ip4.addr = 192.0.2.100;
exec.fib = 1;
interface = ed0;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
}
FreeBSD 11.1-RELEASE-p1 April 24, 2016 FreeBSD 11.1-RELEASE-p1
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-jail
mailing list