New jail_interface broken in 6.1-RELEASE

Florent Thoumie flz at xbsd.org
Thu May 11 11:46:48 PDT 2006 

On Thu, 2006-05-11 at 19:36 +0200, Dirk Engling wrote:

> Dear rc-team,

Really, there's no -rc team. The might be 3 or 4 committers committing
in the rc area on a regular basis.

> as you seem to already have noticed by revision 1.32 there were several
> embarrassing mistakes introduced in /etc/rc.d/jail via
> http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/jail?rev=1.27&content-type=text/x-cvsweb-markup
> 
> to implement a questionable feature[2]... merged from current just days
> before releasing FreeBSD-6.1.

Here's my mistake, I wasn't eager to commit things during the slush, I
shouldn't have done it. It's easier to complain than to live with it.

> These have effectively killed my project[1], since jail_fstab is not
> being modified after the first jail started up, leading to missing base
> systems in all subsequent jails.

Really, I would have preferred you bug me about finding a solution to
your problem rather than sending such a mail.

> I hardly can express in words how this smashed my view of FreeBSD as a
> mature reliable operating system. I will have to wait 6 months until
> RELEASE users have a working project again or introduce some rather
> unsexy workaround. (_if_ RELEASE users should update their ports...)

I felt bad when I received your email until some nice committer told me
I tried to make FreeBSD better and just have been over-enthusiast about
this. I understand this affects you because it affects your pet project.
Please have a look at the list of past ERRATAs. I'm not trying to be
rude nor trying to minimize my fault but software have bugs, get used to
it.

> Yet, you have up to now not even managed to mention these mistakes in
> errata.

I understand you're angry, but please don't use such a tone in your
mail, it won't end anywhere but to an impass. I committed a fix to those
problems today. The re@ team is well aware of the problem. Once the fix
has been proved to be good enough, it will be committed to RELENG_6_1
and the ERRATA will be published.

> However, your fixes in 1.32 work so far and I'd love to see them in
> RELENG_6 to get at least MY servers running in a know working setup.

Ditto.

> Seriously distressed

I can understand (or at least read) this.

> [1] http://erdgeist.org/arts/softare/ezjail/
> [2] I think, I laid out my discomfort with this feature in a private
> mail to flz, but there will be serious problems when using it.

Oh yes you did.

> a) What, if I want to run several jails on one IP address? Stopping the
> first jail on that IP would remove the alias from my interface
> subsequently taking it away from the second jail.
> b) What, if I'd chose to run a jail on host systems IP? Stop it, BAMM -
> goes my host system.

Does it even work? Or you mean a configuration error?

> c) Why do you assume /32 to be the correct netmask for any given jail?
> What, if I want to put my jails in a different sub net? They are never
> going to see their gateway or other hosts in the subnet.

d) What if I don't like default behavior?

Then just don't use jail_interface. Jail_interface is OFF (well, empty)
by default.

> I think, this feature is not thought through, badly implemented, merged
> too early and a shame for FreeBSD. If it wouldn't be too late I'd vote
> for removing it completely until more use cases are checked and more
> testing has been done.

The feature itself is ok, mistakes around the feature are mine, and I
already apologized at least ten times in the past few days. I can do it
again, I'm *really* sorry. Please take this as a beginner's mistake. If
you don't want to use FreeBSD anymore because I made a mistake, then
don't, it's up to you.

Note: freebsd-update users and people tracking RELENG_6_1 should get the
fix as soon as it's committed. And for people not using either of them?
Well, which is worse: having a broken script or a flawed system?
Note2: Fortunately it was rc.d/jail and not rc.subr, I would have
received hundreds of angry mails.

PS: Thanks for having tried the latest revision, I'll commit it as soon
as I get some other successful reports.

-- 
Florent Thoumie
flz at FreeBSD.org
FreeBSD Committer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-rc/attachments/20060511/3cc71110/attachment.pgp

More information about the freebsd-rc mailing list