From owner-freebsd-jail@FreeBSD.ORG Mon Sep 17 11:07:09 2012 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0E3131065687 for ; Mon, 17 Sep 2012 11:07:09 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id ECAE18FC1B for ; Mon, 17 Sep 2012 11:07:08 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q8HB78AQ004484 for ; Mon, 17 Sep 2012 11:07:08 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q8HB78LU004482 for freebsd-jail@FreeBSD.org; Mon, 17 Sep 2012 11:07:08 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 17 Sep 2012 11:07:08 GMT Message-Id: <201209171107.q8HB78LU004482@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Sep 2012 11:07:09 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/169751 jail [jail] reading routing information does not work in ja o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k o kern/159918 jail [jail] inter-jail communication failure o docs/156853 jail [patch] Update docs: jail(8) security issues with worl o kern/156111 jail [jail] procstat -b not supported in jail o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin o conf/149050 jail [jail] rcorder ``nojail'' too coarse for Jail+VNET s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 14 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Sep 18 22:30:12 2012 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AEB90106564A for ; Tue, 18 Sep 2012 22:30:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 7FD0C8FC0C for ; Tue, 18 Sep 2012 22:30:12 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q8IMUCte091663 for ; Tue, 18 Sep 2012 22:30:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q8IMUCWO091660; Tue, 18 Sep 2012 22:30:12 GMT (envelope-from gnats) Date: Tue, 18 Sep 2012 22:30:12 GMT Message-Id: <201209182230.q8IMUCWO091660@freefall.freebsd.org> To: freebsd-jail@FreeBSD.org From: "Totz, Johannes" Cc: Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Totz, Johannes" List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Sep 2012 22:30:12 -0000 The following reply was made to PR conf/142972; it has been noted by GNATS. From: "Totz, Johannes" To: "bug-followup@FreeBSD.org" , "david@nfrance.com" Cc: Subject: Re: conf/142972: [jail] [patch] Support JAILv2 and vnet in rc.d/jail Date: Tue, 18 Sep 2012 22:23:17 +0000 --_002_1049F4FB37CFFD43AF91A7451ED70A6B1335DDB8icexchm2icacuk_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable How about something really simple like this. Works for me on 9-stable (to some extent). --_002_1049F4FB37CFFD43AF91A7451ED70A6B1335DDB8icexchm2icacuk_ Content-Type: application/octet-stream; name="jail.diff" Content-Description: jail.diff Content-Disposition: attachment; filename="jail.diff"; size=1145; creation-date="Tue, 18 Sep 2012 22:20:29 GMT"; modification-date="Tue, 18 Sep 2012 22:20:29 GMT" Content-Transfer-Encoding: base64 LS0tIGEvZXRjL3JjLmQvamFpbCAgICAgVGh1IEF1ZyAzMCAyMDo0NDoyMyAyMDEyICswMTAwDQor KysgYi9ldGMvcmMuZC9qYWlsICAgICBUdWUgU2VwIDE4IDIzOjE2OjMyIDIwMTIgKzAxMDANCkBA IC02NDEsOSArNjQxLDE3IEBADQogICAgICAgICAgICAgICAgICAgICAgICBpPSQoKGkgKyAxKSkN CiAgICAgICAgICAgICAgICBkb25lDQoNCi0gICAgICAgICAgICAgICBldmFsICR7X3NldGZpYn0g amFpbCAtbiAke19qYWlsfSAke19mbGFnc30gLWkgJHtfcm9vdGRpcn0gJHtfaG9zdG5hbWV9IFwN Ci0gICAgICAgICAgICAgICAgICAgICAgIFwiJHtfYWRkcmx9XCIgJHtfZXhlY19zdGFydH0gPiAk e190bXBfamFpbH0gMj4mMSBcDQotICAgICAgICAgICAgICAgICAgICAgICA8L2Rldi9udWxsDQor DQorICAgICAgICAgICAgICAgaWYgWyAtbiAiJHtfYWRkcmx9IiBdDQorICAgICAgICAgICAgICAg dGhlbg0KKyAgICAgICAgICAgICAgICAgICAgICAgZXZhbCAke19zZXRmaWJ9IGphaWwgLWkgLWNt ICR7X2ZsYWdzfSBwYXRoPVwiJHtfcm9vdGRpcn1cIiBob3N0Lmhvc3RuYW1lPVwiJHtfaG9zdG5h bWV9XCIgbmFtZT1cIiR7X2phaWx9XCIgXA0KKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBpcDQuYWRkcj1cIiR7X2FkZHJsfVwiIGNvbW1hbmQ9JHtfZXhlY19zdGFydH0gPiAke190bXBf amFpbH0gMj4mMSBcDQorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvZGV2L251bGwN CisgICAgICAgICAgICAgICBlbHNlDQorICAgICAgICAgICAgICAgICAgICAgICBldmFsICR7X3Nl dGZpYn0gamFpbCAtaSAtY20gJHtfZmxhZ3N9IHBhdGg9XCIke19yb290ZGlyfVwiIGhvc3QuaG9z dG5hbWU9XCIke19ob3N0bmFtZX1cIiBuYW1lPVwiJHtfamFpbH1cIiBcDQorICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICBjb21tYW5kPSR7X2V4ZWNfc3RhcnR9ID4gJHtfdG1wX2phaWx9 IDI+JjEgXA0KKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9kZXYvbnVsbA0KKyAg ICAgICAgICAgICAgIGZpDQoNCiAgICAgICAgICAgICAgICBpZiBbICIkPyIgLWVxIDAgXSA7IHRo ZW4NCiAgICAgICAgICAgICAgICAgICAgICAgIF9qYWlsX2lkPSQoaGVhZCAtMSAke190bXBfamFp bH0pDQo= --_002_1049F4FB37CFFD43AF91A7451ED70A6B1335DDB8icexchm2icacuk_-- From owner-freebsd-jail@FreeBSD.ORG Fri Sep 21 07:11:52 2012 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 40536106566C for ; Fri, 21 Sep 2012 07:11:52 +0000 (UTC) (envelope-from mattblists@icritical.com) Received: from mail3.icritical.com (mail3.icritical.com [212.57.248.143]) by mx1.freebsd.org (Postfix) with SMTP id 85C778FC14 for ; Fri, 21 Sep 2012 07:11:50 +0000 (UTC) Received: (qmail 17544 invoked from network); 21 Sep 2012 07:11:41 -0000 Received: from localhost (127.0.0.1) by mail3.icritical.com with SMTP; 21 Sep 2012 07:11:41 -0000 Received: (qmail 17535 invoked by uid 599); 21 Sep 2012 07:11:41 -0000 Received: from unknown (HELO PDC002.icritical.int) (212.57.254.146) by mail3.icritical.com (qpsmtpd/0.28) with ESMTP; Fri, 21 Sep 2012 08:11:41 +0100 Message-ID: <505C132B.9060000@icritical.com> Date: Fri, 21 Sep 2012 08:11:39 +0100 From: Matt Burke User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:15.0) Gecko/20120906 Thunderbird/15.0 MIME-Version: 1.0 To: Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit X-TLS-Incoming: YES X-Virus-Scanned: by iCritical at mail3.icritical.com Cc: Subject: Boot-time jails (new jail) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Sep 2012 07:11:52 -0000 Am I missing something, or if you follow the jail(8) man page (this is 9.1 r239869 btw), do you end up with jails you can only start at boot time via a 'jail -c' hack in /etc/rc.local? The man page only has this to say: > It is possible to have jails started at boot time. Please refer to the > ``jail_*'' variables in rc.conf(5) for more information. Yet the rc.conf(5) man page makes no mention of /etc/jail.conf. In fact it seems the rc.d/jail script hasn't been touched since the new jail MFC and is incompatible with the new conf file mechanism... The last entry regarding jails in UPDATING is 20090527. -- The information contained in this message is confidential and intended for the addressee only. If you have received this message in error, or there are any problems with its content, please contact the sender. iCritical is a trading name of Critical Software Ltd. Registered in England: 04909220. Registered Office: IC2, Keele Science Park, Keele, Staffordshire, ST5 5NH. This message has been scanned for security threats by iCritical. www.icritical.com From owner-freebsd-jail@FreeBSD.ORG Fri Sep 21 16:18:16 2012 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 805301065672 for ; Fri, 21 Sep 2012 16:18:16 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from m2.gritton.org (gritton.org [199.192.164.235]) by mx1.freebsd.org (Postfix) with ESMTP id 4E4C98FC08 for ; Fri, 21 Sep 2012 16:18:15 +0000 (UTC) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by m2.gritton.org (8.14.5/8.14.5) with ESMTP id q8LGDmfZ071484; Fri, 21 Sep 2012 10:13:48 -0600 (MDT) (envelope-from jamie@FreeBSD.org) Message-ID: <505C9236.5030601@FreeBSD.org> Date: Fri, 21 Sep 2012 10:13:42 -0600 From: Jamie Gritton User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0) Gecko/20120126 Thunderbird/9.0 MIME-Version: 1.0 To: Matt Burke References: <505C132B.9060000@icritical.com> In-Reply-To: <505C132B.9060000@icritical.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org Subject: Re: Boot-time jails (new jail) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Sep 2012 16:18:16 -0000 When it says rc.conf(5) it means the file and not the man page. And "the file" is /etc/defaults/rc.conf and not /etc/rc.conf. So it should just say "Please refer to the ``jail_*'' variables in /etc/defaults/rc.conf." - Jamie On 09/21/12 01:11, Matt Burke wrote: > Am I missing something, or if you follow the jail(8) man page (this is 9.1 > r239869 btw), do you end up with jails you can only start at boot time via > a 'jail -c' hack in /etc/rc.local? > > The man page only has this to say: > >> It is possible to have jails started at boot time. Please refer to the >> ``jail_*'' variables in rc.conf(5) for more information. > > Yet the rc.conf(5) man page makes no mention of /etc/jail.conf. In fact it > seems the rc.d/jail script hasn't been touched since the new jail MFC and > is incompatible with the new conf file mechanism... > > The last entry regarding jails in UPDATING is 20090527. > > > From owner-freebsd-jail@FreeBSD.ORG Sat Sep 22 11:14:45 2012 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0296B1065672; Sat, 22 Sep 2012 11:14:45 +0000 (UTC) (envelope-from bcr@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C9EDF8FC19; Sat, 22 Sep 2012 11:14:44 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q8MBEihF018687; Sat, 22 Sep 2012 11:14:44 GMT (envelope-from bcr@freefall.freebsd.org) Received: (from bcr@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q8MBEiI7018683; Sat, 22 Sep 2012 11:14:44 GMT (envelope-from bcr) Date: Sat, 22 Sep 2012 11:14:44 GMT Message-Id: <201209221114.q8MBEiI7018683@freefall.freebsd.org> To: utisoft@gmail.com, bcr@FreeBSD.org, freebsd-jail@FreeBSD.org From: bcr@FreeBSD.org Cc: Subject: Re: docs/156853: [patch] Update docs: jail(8) security issues with world-readable jail root X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Sep 2012 11:14:45 -0000 Synopsis: [patch] Update docs: jail(8) security issues with world-readable jail root State-Changed-From-To: open->closed State-Changed-By: bcr State-Changed-When: Sat Sep 22 11:11:12 UTC 2012 State-Changed-Why: Closed by submitters request. The change r39566 of books/handbook/jails/chapter.sgml provided sufficient warning to solve the issue. http://www.freebsd.org/cgi/query-pr.cgi?pr=156853