Date: Tue, 19 Dec 2006 01:34:01 +0100 From: "Raphael H. Becker" <rabe@p-i-n.com> To: freebsd-stable@freebsd.org Subject: /etc/rc.d/jail: losing IPs if jail_x_interface set and syntax error in jails /etc/rc? Message-ID: <20061219003401.GA23251@p-i-n.com> Resent-Message-ID: <200612191744.kBJHiQeV073899@pinserv2.p-i-n.com>
next in thread | raw e-mail | index | archive | help
Hi *,
I recently triggered an error when setting up a jail-host: I configured
the jail(s) like evry jail I set up in the past:
On the jail-hosts /etc/rc.conf:
# ---- Jail-Globals ----
jail_enable="YES" # Set to NO to disable starting of any jails
jail_list="ftp mx1 relay" # Space separated list of names of jails
jail_set_hostname_allow="NO" # Allow root user in a jail to change its hostname
jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail
jail_sysvipc_allow="NO" # allow SystemV IPC use from within a jail
# ---- Jail-Defaults ----
jail_interface="fxp0"
jail_devfs_enable="YES" # mount devfs in the jail
jail_fdescfs_enable="YES" # mount fdescfs in the jail
jail_procfs_enable="YES" # mount procfs in jail
jail_mount_enable="NO" # mount/umount jail's fs
[...]
# ---- ftp
jail_ftp_rootdir="/data/jails/ftp.XXX.YYY.com"
jail_ftp_ip="62.xxx.yyy.133"
jail_ftp_hostname="ftp.XXX.YYY.com"
This works well on other systems. Starting the ftp-Jail using
/etc/rc.d/jail start ftp the system went "offline", ifconfig showed this:
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 62.xxx.yyy.133 netmask 0xffffffff broadcast 62.xxx.yyy.133
ether 00:06:5b:04:54:69
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
Bad thing. The primary IP of the Host and any other IPs on fxp0 got
lost, just the jails IP/32 (alias) was left.
On normal state ifconfig looks like this with some jails running:
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 62.xxx.yyy.150 netmask 0xffffff00 broadcast 62.xxx.yyy.255
inet 62.xxx.yyy.133 netmask 0xffffffff broadcast 62.xxx.yyy.133
inet 62.xxx.yyy.131 netmask 0xffffffff broadcast 62.xxx.yyy.131
inet 62.xxx.yyy.132 netmask 0xffffffff broadcast 62.xxx.yyy.132
ether 00:06:5b:04:54:69
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
It turned out, that a syntax error in the jails /etc/rc.conf (missing
quote) break the jai-Host?!? Can anyone confirm this?
If a jails rc.conf can break a jail host like this, this might be a
serious problem for systems with "untrusted" ~root in the jails and
should be fixed in 6.2.
Regards
Raphael Becker
PS: System ist 6.2-RC1
# $FreeBSD: src/etc/rc.d/jail,v 1.23.2.7 2006/06/06 15:04:39 flz Exp $
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061219003401.GA23251>