[Bug 195838] New: ezjail generates wrong /var/run/jail.<name>.conf

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Dec 10 00:10:30 UTC 2014 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195838

            Bug ID: 195838
           Summary: ezjail generates wrong /var/run/jail.<name>.conf
           Product: Ports Tree
           Version: Latest
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: pasko.boris at gmail.com

ezjail generates multiple "allow.raw_sockets" entries in the
/var/run/jail.<name>.conf which resutls in non-working ping inside jail.

Specifics:

1) I have a jail named AProxy. Here is it's ezjail config:
$  cat  /usr/local/etc/ezjail/AProxy 
# create a Jail dependency tree. See rcorder(8) for more details.
#
# PROVIDE: standard_ezjail
# REQUIRE: 
# BEFORE: 
#

export jail_AProxy_hostname="AProxy.serv6.home"
export jail_AProxy_parameters="allow.raw_sockets=1"
export jail_AProxy_ip="192.168.98.3"
export jail_AProxy_rootdir="/usr/jails/AProxy"
export jail_AProxy_exec_start="/bin/sh /etc/rc"
export jail_AProxy_exec_stop=""
export jail_AProxy_mount_enable="YES"
export jail_AProxy_devfs_enable="YES"
export jail_AProxy_devfs_ruleset="devfsrules_jail"
export jail_AProxy_procfs_enable="YES"
export jail_AProxy_fdescfs_enable="YES"
export jail_AProxy_image=""
export jail_AProxy_imagetype="zfs"
export jail_AProxy_attachparams=""
export jail_AProxy_attachblocking=""
export jail_AProxy_forceblocking=""
export jail_AProxy_zfs_datasets=""
export jail_AProxy_cpuset=""
export jail_AProxy_fib="1"


2) I don't have any /etc/jail.conf (Tried to create empty /etc/jail.conf, tried
to add AProxy-specific or global settings to it: nothing changes the behavior
described below).

3) ezjail generates following runtime config for my jail:
$ cat /var/run/jail.AProxy.conf 
# Generated by rc.d/jail at 2014-12-09 19:08:21
AProxy {
    host.hostname = "AProxy.serv6.home";
    path = "/usr/jails/AProxy";
    ip4.addr += "192.168.98.3/32";
    exec.fib = "1";
    allow.raw_sockets = 0;
    exec.clean;
    exec.system_user = "root";
    exec.jail_user = "root";
    exec.start += "/bin/sh /etc/rc";
    exec.stop = "";
    exec.consolelog = "/var/log/jail_AProxy_console.log";
    mount.fstab = "/etc/fstab.AProxy";
    mount.devfs;
    mount.fdescfs;
    mount +=  "procfs /usr/jails/AProxy/proc procfs rw 0 0";
    allow.mount;
    allow.set_hostname = 0;
    allow.sysvipc = 0;
    allow.raw_sockets=1;
}

Note that there are two conflicting entries:
allow.raw_sockets = 0;
allow.raw_sockets=1;

4) freebsd version and such:
$ uname -a
FreeBSD serv6.home 10.1-RELEASE FreeBSD 10.1-RELEASE #6: Sun Dec  7 15:09:33
EST 2014     root at serv6.home:/usr/obj/usr/src/sys/SERV6.10.1  amd64

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list