From owner-freebsd-bugs@FreeBSD.ORG Tue Dec 7 21:10:23 2004 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A292416A4CF for ; Tue, 7 Dec 2004 21:10:23 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75E8743D55 for ; Tue, 7 Dec 2004 21:10:23 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id iB7LANOO007922 for ; Tue, 7 Dec 2004 21:10:23 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id iB7LANgU007921; Tue, 7 Dec 2004 21:10:23 GMT (envelope-from gnats) Resent-Date: Tue, 7 Dec 2004 21:10:23 GMT Resent-Message-Id: <200412072110.iB7LANgU007921@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, zenin@rhps.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80BCF16A4CE for ; Tue, 7 Dec 2004 21:06:37 +0000 (GMT) Received: from mail.rhps.org (www.rhps.org [66.250.128.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 405F943D1F for ; Tue, 7 Dec 2004 21:06:35 +0000 (GMT) (envelope-from byron@rhps.org) Received: from rhps.org (localhost [127.0.0.120]) by mail.rhps.org (8.13.1/8.13.1) with ESMTP id iB7L52bw023719; Tue, 7 Dec 2004 13:05:02 -0800 (PST) (envelope-from byron@rhps.org) Received: (from root@localhost) by rhps.org (8.13.1/8.13.1/Submit) id iB7L52FN023718; Tue, 7 Dec 2004 13:05:02 -0800 (PST) (envelope-from byron) Message-Id: <200412072105.iB7L52FN023718@rhps.org> Date: Tue, 7 Dec 2004 13:05:02 -0800 (PST) From: zenin@rhps.org To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: zenin@rhps.org Subject: conf/74820: /etc/rc deletes /var/run/log by mistake, problem for syslogd running outside of chroot jails X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: zenin@rhps.org List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Dec 2004 21:10:23 -0000 >Number: 74820 >Category: conf >Synopsis: /etc/rc deletes /var/run/log by mistake, problem for syslogd running outside of chroot jails >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Dec 07 21:10:23 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Zenin >Release: FreeBSD 4.10-STABLE i386 >Organization: RHPS.ORG >Environment: System: FreeBSD mail.rhps.org 4.10-STABLE FreeBSD 4.10-STABLE #1: Wed Nov 24 15:40:27 PST 2004 root@rhps.org:/usr/src/sys/compile/RHPS i386 >Description: While special care was taken in the syslogd initialization section of /etc/rc to refrain from deleting the log socket /var/run/log unless "syslogd_enable" was set to YES, this effort is for not as /etc/rc then goes on to run "clean_var" which deletes everything without consideration including this log socket. In a standard configuration this doesn't really matter, however when /etc/rc is started as a jailed virtual system it can be a problem. The FreeBSD syslogd has a -l option to create additional log socket files explicitly so they may be placed inside of chroot jail environments. When one attempts to use this feature of syslogd this minor bug then becomes critical. Attached is a patch of the changes I made to /etc/rc. It's an ugly kludge, but it does go the extra mile to do the right thing. Namely it modifies the "pergedir" function to handle /var/run/log as a special case, IFF two other conditions are met: syslogd_enable is not YES and we are inside a jailed environment. I'm possitive a better solution could be found, but it would likely involve far more structural changes to /etc/rc. Consider this patch an example; a cleaner solution should probably be sought for general consumption. >How-To-Repeat: Create a standard full jail environment following the directions outlined in jail(8). Configure the jail's /etc/rc.conf so that syslogd_enable is set to NO. Restart the host syslogd with the additional option: -l /path_to_my_jail/var/run/log Confirm /path_to_my_jail/var/run/log has been created. Start the jail as jail(8) describes, eg: jail /path_to_my_jail/var/run/log testhostname 192.168.11.100 /bin/sh /etc/rc Note that /path_to_my_jail/var/run/log has been deleted. >Fix: --- rc.diff begins here --- *** /etc/rc Wed Nov 20 03:58:28 2002 --- etc/rc Mon Dec 6 17:05:00 2004 *************** *** 242,248 **** if [ -d "$file" -a ! -L "$file" ]; then purgedir "$file" else ! rm -f -- "$file" fi done ) --- 242,263 ---- if [ -d "$file" -a ! -L "$file" ]; then purgedir "$file" else ! # Ugly Kludge to protect /var/run/log when it's created outside (in a jail) ! if [ "$dir" = "/var/run" -a "$file" = "log" ]; then ! # Are we in a jail? -Ed: There must be an easier way to tell? ! if ps -p $$ -o stat | tail -1 | grep 'J'>/dev/null; then ! # If the jail has its own syslogd then ignore all this hubbub ! case ${syslogd_enable} in ! [Yy][Ee][Ss]) ! # do *NOT* delete /var/run/log unless *this* ! # jail is going to be running syslog. ! rm -f -- "$file" ! ;; ! esac ! fi ! else ! rm -f -- "$file" ! fi fi done ) --- rc.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: