The allow.mount parameter recently changed in a subtle way - it's now
a node (to e.g. allow.mount.devfs) as well as a parameter in its own
right. This confused libjail which knows how to handle such parameters
as long as they're not boolean.
I'm including my proposed fix to libjail. This this fix, allow.nomount
should once again work, as should allow.mount and other things such as
allow.quotas/allow.noquotas should work as they did before.
- Jamie
On 02/27/12 18:21, Glen Barber wrote:
Number: 165515
Category: bin
Synopsis: [jail][patch] "jail: unknown parameter: allow.nomount" when
starting jail
Confidential: no
Severity: non-critical
Priority: low
Responsible: freebsd-bugs
State: open
Quarter:
Keywords:
Date-Required:
Class: sw-bug
Submitter-Id: current-users
Arrival-Date: Tue Feb 28 01:30:07 UTC 2012
Closed-Date:
Last-Modified:
Originator: Glen Barber
Release: 10.0-CURRENT r232116M
Organization:
Environment:
FreeBSD nucleus 10.0-CURRENT FreeBSD 10.0-CURRENT #7 r232116M: Sun Feb 26
14:12:14 EST 2012 root@nucleus:/usr/obj/usr/src/sys/NUCLEUS amd64
Description:
On a recent -CURRENT, the jail(8) rc script fails to start jails. This seems
to be caused by looking up a sysctl that does not exist.
How-To-Repeat:
Create a minimalistic jail setup as follows:
nucleus# cat /etc/rc.conf.local
#
jail_enable="YES"
jail_parallel_start="YES"
jail_list="cfm"
jail_cfm_hostname="cfm"
jail_cfm_rootdir="/jails/cfm"
jail_cfm_ip="172.16.1.2"
Start the jail with the rc(8) script:
nucleus# sh -x /etc/rc.d/jail start cfm
+ . /etc/rc.subr
[...]
+ eval '_x="$jail_cfm_ip_multi0"'
+ _x=''
+ break
+ echo ' cannot start jail "cfm": '
cannot start jail "cfm":
+ tail +2 /tmp/jail.bJIDqW5x/jail.52395
jail: unknown parameter: allow.nomount
Fix:
The attached patch fixes it for me.
Patch attached with submission follows:
Index: usr.sbin/jail/jail.c
===================================================================
--- usr.sbin/jail/jail.c (revision 232116)
+++ usr.sbin/jail/jail.c (working copy)
@@ -84,7 +84,7 @@
{ "security.jail.chflags_allowed",
"allow.nochflags", "allow.chflags" },
{ "security.jail.mount_allowed",
- "allow.nomount", "allow.mount" },
+ "allow.mount", "allow.nomount" },
{ "security.jail.socket_unixiproute_only",
"allow.socket_af", "allow.nosocket_af" },
};
Release-Note:
Audit-Trail:
Unformatted:
_______________________________________________
freebsd-b...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
Index: lib/libjail/jail.c
===================================================================
--- lib/libjail/jail.c (revision 232240)
+++ lib/libjail/jail.c (working copy)
@@ -885,36 +885,20 @@
* the "no" counterpart to a boolean.
*/
nname = nononame(jp->jp_name);
- if (nname != NULL) {
- snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname);
- free(nname);
- miblen = sizeof(mib) - 2 * sizeof(int);
- if (sysctl(mib, 2, mib + 2, &miblen, desc.s,
- strlen(desc.s)) >= 0) {
- mib[1] = 4;
- desclen = sizeof(desc);
- if (sysctl(mib, (miblen / sizeof(int)) + 2,
- &desc, &desclen, NULL, 0) < 0) {
- snprintf(jail_errmsg,
- JAIL_ERRMSGLEN,
- "sysctl(0.4.%s): %s", desc.s,
- strerror(errno));
- return (-1);
- }
- if ((desc.i & CTLTYPE) == CTLTYPE_INT &&
- desc.s[0] == 'B') {
- jp->jp_ctltype = desc.i;
- jp->jp_flags |= JP_NOBOOL;
- jp->jp_valuelen = sizeof(int);
- return (0);
- }
- }
+ if (nname == NULL) {
+ unknown_parameter:
+ snprintf(jail_errmsg, JAIL_ERRMSGLEN,
+ "unknown parameter: %s", jp->jp_name);
+ errno = ENOENT;
+ return (-1);
}
- unknown_parameter:
- snprintf(jail_errmsg, JAIL_ERRMSGLEN,
- "unknown parameter: %s", jp->jp_name);
- errno = ENOENT;
- return (-1);
+ snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname);
+ free(nname);
+ miblen = sizeof(mib) - 2 * sizeof(int);
+ if (sysctl(mib, 2, mib + 2, &miblen, desc.s,
+ strlen(desc.s)) < 0)
+ goto unknown_parameter;
+ jp->jp_flags |= JP_NOBOOL;
}
mib_desc:
mib[1] = 4;
@@ -925,6 +909,16 @@
"sysctl(0.4.%s): %s", jp->jp_name, strerror(errno));
return (-1);
}
+ jp->jp_ctltype = desc.i;
+ /* If this came from removing a "no", it better be a boolean. */
+ if (jp->jp_flags & JP_NOBOOL) {
+ if ((desc.i & CTLTYPE) == CTLTYPE_INT && desc.s[0] == 'B') {
+ jp->jp_valuelen = sizeof(int);
+ return (0);
+ }
+ else if ((desc.i & CTLTYPE) != CTLTYPE_NODE)
+ goto unknown_parameter;
+ }
/* See if this is an array type. */
p = strchr(desc.s, '\0');
isarray = 0;
@@ -935,7 +929,6 @@
p[-2] = 0;
}
/* Look for types we understand. */
- jp->jp_ctltype = desc.i;
switch (desc.i & CTLTYPE) {
case CTLTYPE_INT:
if (desc.s[0] == 'B')
_______________________________________________
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
