From owner-freebsd-stable@FreeBSD.ORG Fri Jul 27 07:28:54 2007 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FAC916A420; Fri, 27 Jul 2007 07:28:54 +0000 (UTC) (envelope-from freebsd-stable@auscert.org.au) Received: from titania.auscert.org.au (gw.auscert.org.au [203.5.112.28]) by mx1.freebsd.org (Postfix) with ESMTP id CD05F13C47E; Fri, 27 Jul 2007 07:28:53 +0000 (UTC) (envelope-from freebsd-stable@auscert.org.au) Received: from app.auscert.org.au (app [10.0.1.192]) by titania.auscert.org.au (8.12.10/8.12.10) with ESMTP id l6R7Cg3Y095839; Fri, 27 Jul 2007 17:12:42 +1000 (EST) Received: from app.auscert.org.au (localhost.auscert.org.au [127.0.0.1]) by app.auscert.org.au (8.13.6/8.13.6) with ESMTP id l6R7CYs4064783; Fri, 27 Jul 2007 17:12:34 +1000 (EST) (envelope-from freebsd-stable@auscert.org.au) Message-Id: <200707270712.l6R7CYs4064783@app.auscert.org.au> To: freebsd-stable@freebsd.org from: Joel Hatton In-Reply-To: Message from Philipp Wuensche of "Fri, 12 Jan 2007 04:40:59 +0100." <45A7034B.3070002@h3q.com> Date: Fri, 27 Jul 2007 17:12:34 +1000 Cc: freebsd-security@freebsd.org, Mark Andrews , Philipp Wuensche Subject: Re: HEADS UP: Re: FreeBSD Security Advisory FreeBSD-SA-07:01.jail X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2007 07:28:54 -0000 Hi, I'm dredging up an old issue here, but it appears to be unresolved in RELENG_5_5 at this time. After upgrading to 5.5-RELEASE-p14, I found that my jails wouldn't start anymore, and it comes down to this bit again. By way of explanation, I'll include the patch for what I changed. --- /tmp/jail Wed Feb 14 15:16:30 2007 +++ /etc/rc.d/jail Fri Jul 27 13:46:51 2007 @@ -218,7 +218,7 @@ { local _device _mountpt _rest - while read _device _mountpt _rest; do + cat ${jail_fstab} | while read _device _mountpt _rest; do case ":${_device}" in :#* | :) continue In short, the jail_mount_fstab function is not given the fstab file on which the local variables depend. My patch may not be the most robust but for me today it is expedient. Sorry if this has been discussed already, but I was surprised that this hadn't been fixed yet. It certainly would have caused some anxious moments if I'd upgraded a prod server with multiple jails before I realised! cheers, joel On Fri, 12 Jan 2007 04:40:59 +0100, Philipp Wuensche wrote: >Mark Andrews wrote: >>> I'm not sure I understand that quite correct, where is this problem >>> appearing? >>> >>> Other things: >>> >>> tail is used in line 230: tail -r ${_fstab} | while read _device >>> _mountpt _rest; do >>> >>> If the per-jail fstab is larger than 10 lines, which is the default of >>> tail to show, the remaining mountpoints will not be unmounted? >> >> The default for the -r option is to display all of the input. > >Ah, didn't know that. Thanks for correcting me there. > >greetings, >philipp