DNS using Name Service Switch module and Casper
Mark Johnston
markj at freebsd.org
Sat Jan 9 16:46:02 UTC 2021
On Sat, Jan 09, 2021 at 04:16:49PM +0300, Vasily Postnicov wrote:
> Turns out, if you do not specify either -4 or -6 to ping, unsandboxed
> getaddrinfo() will be called in /usr/src/sbin/ping/main.c, line 139.
> (what's the point in sandboxing then, lol?) This somehow affects
> sandboxing.
Indeed, that seems to be an issue with the recent merge of ping and
ping6.
I guess the initial call to getaddrinfo() causes nsswitch.conf to be
parsed and your module is loaded before we fork(). The module is linked
with libthr but obviously ping itself is not. I'm sure this kind of
configuration worked at some point, there might have been a regression.
If you can provide a stub NSS module that links libthr and demonstrates
the issue, it would be useful.
> Look at the screenshot, it explains where fork() gets stuck.
> https://photos.app.goo.gl/T1B3Fo1hg6z7r3vZ6
And there are no other threads in the process?
More information about the freebsd-net
mailing list