Application Jail Shutdown Problem

squiggly foo foo.squiggly at yandex.com
Wed May 22 19:48:12 UTC 2019 

So I got around this problem by just not using the jail command to mount.fstab or exec.prestart etc commands.  I am now just using a shell script to mount the jail mount points, then run the jail.  When the jail exits, the rest of the script runs and umounts the jail filesystems.  However I found some interesting points that I just wanted to share:

Scenario 1) If I run "jail -c -f jailfile.txt" and "mount.fstab" & "exec.start = '/bin/csh'" are defined in the jailfile.txt

Then when I exit the csh session in the jail, being that csh is the only process running in the jail, the jail exits and all the jail file systems are still mounted; just as James said.  So mount.fstab is not being reversed.


Scenario 2) If I run "jail -c -f jailfile.txt" and "mount.fstab" & "exec.start = '/bin/csh && KILL -TERM -1'" are defined in the jailfile.txt

Then when I exit csh in the jail, everything IS umounted.  Since the kill command is last, it sends a terminate signal to all remaining jailed processes (which is none).  And jail seems to recognize when the term signal was sent inside the jail and run the exec.poststop and umounts whatever is in the jail fstab file.



Another issue slightly related and slightly not: After "jail -c -f jailfile.txt" is run and "mount.fstab" & "exec.start = '/bin/csh && KILL -TERM -1'" are defined in the jailfile.txt file, I used exec.prestart to do make a directory inside the jail root and then used exec.prestart to run another mount command to that newly created directory.  I need to make that directory and mount to it but mount.fstab is run by the jail first and I can't make a mkdir command inside of the fstab file.  

However when I comes time to exit the csh session in the jail, it correctly runs the KILL command which tells the jail to umount. but it cannot umount because I made a directory and mount inside of the jail tree that the jail.fstab file is not aware of.  There is not "exec.post_before_running_umount" type of command that I can use to do those things.

Again I solved all these problems just by using an external script.  But I was just mentioning that maybe there needs to be a way to run commands before the jail decides to umount automatically.

-foo


02.05.2019, 06:35, "James Gritton" <jamie at freebsd.org>:
> On 2019-05-01 09:22, Michael W. Lucas wrote:
>>  On Wed, May 01, 2019 at 08:53:18AM -0600, James Gritton wrote:
>>>  On 2019-04-30 12:03, squiggly foo wrote:
>>>  > Hi All,
>>>  >
>>>  > I use the mount.fstab parameter to mount a number of file systems
>>>  > before starting a jail which works without any problem. However since
>>>  > it is an application jail, there are no other processes running inside
>>>  > the jail other than the one application. As soon as that application
>>>  > terminates the jail is removed by the host.
>>>  >
>>>  > This is actually my preferred behavior; I want the jail to be removed
>>>  > when the process inside of it terminates. But the problem is that the
>>>  > mount points are not unmounted after the jail is removed that way.
>>>  > The only way I can get the jails to unmount is if I do a "jail -r
>>>  > jailname" which is what I want to avoid as I would not do that while
>>>  > the process inside the jail is still running.
>>>  >
>>>  >
>>>  > Does anyone know of a way for the jails to umount the mount points in
>>>  > its fstab file when the only process inside the jail exits?
>>>
>>>  No easy way. Those filesystems have to be unmounted by somebody; the
>>>  jail can't do it because it doesn't have the permission (because it
>>>  didn't
>>>  mount them). So some process needs to be watching to see when the
>>>  jail
>>>  goes away. That would be some kind of watcher that wakes up
>>>  occasionally
>>>  and sees if the jail is still there. It might be nice to have some
>>>  kqueue
>>>  support for jails.
>>
>>  Maybe I'm not understanding the problem.
>>
>>  Is there a reason why exec.poststop="umount -aF /whatever/jail.fstab"
>>  won't do the trick?
>
> The works when it's jail(8) doing the removing. But when the jail just
> "runs out" on its own, because its last process has exited (and it
> didn't
> have "persist" set), there is no jail(8) to run the stop scripts.
> Normally
> I would recommend setting persist and explicitly destroying the jail
> later,
> but that had already been mentioned as not preferred.
>
> - Jamie

More information about the freebsd-jail mailing list