From owner-freebsd-jail@freebsd.org Tue Apr 30 18:04:02 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 367A6159976A for ; Tue, 30 Apr 2019 18:04:02 +0000 (UTC) (envelope-from foo.squiggly@yandex.com) Received: from forward102p.mail.yandex.net (forward102p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3C934862AC for ; Tue, 30 Apr 2019 18:03:59 +0000 (UTC) (envelope-from foo.squiggly@yandex.com) Received: from mxback15j.mail.yandex.net (mxback15j.mail.yandex.net [IPv6:2a02:6b8:0:1619::91]) by forward102p.mail.yandex.net (Yandex) with ESMTP id 6C62C1D40708 for ; Tue, 30 Apr 2019 21:03:56 +0300 (MSK) Received: from localhost (localhost [::1]) by mxback15j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id WXr0JEYhEl-3tBK3mLM; Tue, 30 Apr 2019 21:03:55 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1556647435; bh=H/t8kclIgT6wuCzBA57VcygEa8Sv1M00QAYsQDI5W0k=; h=Message-Id:Date:Subject:To:From; b=X6Jcqs8iYM6T4mtTGzzz0kgrFADpfpMcwomQgnMAXyRwLGilv2EWtJ1UibxGbEz3+ SP3kR3TNu0z7JlfSg+t3hrnyek5Saa/MnXoYcNPzytvtudvf3n3KTqPJ+jpyIKjVNx hkixNiNwQcq7zJ2pRQ3eE0Uas8PW9HHwdY/1OSQQ= Received: by iva8-3b901672a9c5.qloud-c.yandex.net with HTTP; Tue, 30 Apr 2019 21:03:55 +0300 From: squiggly foo Envelope-From: foo-squiggly@yandex.com To: freebsd-jail@freebsd.org Subject: Application Jail Shutdown Problem MIME-Version: 1.0 X-Mailer: Yamail [ http://yandex.ru ] 5.0 Date: Wed, 01 May 2019 03:03:55 +0900 Message-Id: <22066461556647435@iva8-3b901672a9c5.qloud-c.yandex.net> Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Rspamd-Queue-Id: 3C934862AC X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.com header.s=mail header.b=X6Jcqs8i; dmarc=pass (policy=none) header.from=yandex.com; spf=pass (mx1.freebsd.org: domain of foo.squiggly@yandex.com designates 2a02:6b8:0:1472:2741:0:8b7:102 as permitted sender) smtp.mailfrom=foo.squiggly@yandex.com X-Spamd-Result: default: False [-7.76 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.com:s=mail]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0:1000::/52]; FREEMAIL_FROM(0.00)[yandex.com]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[yandex.com:+]; MX_GOOD(-0.01)[mx.yandex.ru,mx.yandex.ru,mx.yandex.ru,mx.yandex.ru,mx.yandex.ru]; DMARC_POLICY_ALLOW(-0.50)[yandex.com,none]; NEURAL_HAM_SHORT(-0.96)[-0.965,0]; IP_SCORE(-3.68)[ip: (-9.78), ipnet: 2a02:6b8::/32(-4.80), asn: 13238(-3.84), country: RU(0.00)]; RCVD_IN_DNSWL_LOW(-0.10)[2.0.1.0.7.b.8.0.0.0.0.0.1.4.7.2.2.7.4.1.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_ENVFROM(0.00)[yandex.com]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU]; MIME_TRACE(0.00)[0:+] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Apr 2019 18:04:02 -0000 Hi All, I use the mount.fstab parameter to mount a number of file systems before starting a jail which works without any problem. However since it is an application jail, there are no other processes running inside the jail other than the one application. As soon as that application terminates the jail is removed by the host. This is actually my preferred behavior; I want the jail to be removed when the process inside of it terminates. But the problem is that the mount points are not unmounted after the jail is removed that way. The only way I can get the jails to unmount is if I do a "jail -r jailname" which is what I want to avoid as I would not do that while the process inside the jail is still running. Does anyone know of a way for the jails to umount the mount points in its fstab file when the only process inside the jail exits? Thanks! foo From owner-freebsd-jail@freebsd.org Wed May 1 15:18:23 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D8DB159974B for ; Wed, 1 May 2019 15:18:23 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [199.192.165.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 56B8181E48 for ; Wed, 1 May 2019 15:18:22 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org ([127.0.0.131]) by gritton.org (8.15.2/8.15.2) with ESMTP id x41ErI5h061977; Wed, 1 May 2019 08:53:18 -0600 (MDT) (envelope-from jamie@freebsd.org) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 01 May 2019 08:53:18 -0600 From: James Gritton To: freebsd-jail@freebsd.org Cc: squiggly foo Subject: Re: Application Jail Shutdown Problem In-Reply-To: <22066461556647435@iva8-3b901672a9c5.qloud-c.yandex.net> References: <22066461556647435@iva8-3b901672a9c5.qloud-c.yandex.net> Message-ID: <9f04fc825b4a931e51c4d7fd5d7ed7e0@freebsd.org> X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.3.8 X-Greylist: inspected by milter-greylist-4.6.2 (gritton.org [127.0.0.131]); Wed, 01 May 2019 08:53:19 -0600 (MDT) for IP:'127.0.0.131' DOMAIN:'[127.0.0.131]' HELO:'gritton.org' FROM:'jamie@freebsd.org' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (gritton.org [127.0.0.131]); Wed, 01 May 2019 08:53:19 -0600 (MDT) X-Rspamd-Queue-Id: 56B8181E48 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.98)[-0.978,0]; ASN(0.00)[asn:30247, ipnet:199.192.164.0/22, country:US] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 May 2019 15:18:23 -0000 On 2019-04-30 12:03, squiggly foo wrote: > Hi All, > > I use the mount.fstab parameter to mount a number of file systems > before starting a jail which works without any problem. However since > it is an application jail, there are no other processes running inside > the jail other than the one application. As soon as that application > terminates the jail is removed by the host. > > This is actually my preferred behavior; I want the jail to be removed > when the process inside of it terminates. But the problem is that the > mount points are not unmounted after the jail is removed that way. > The only way I can get the jails to unmount is if I do a "jail -r > jailname" which is what I want to avoid as I would not do that while > the process inside the jail is still running. > > > Does anyone know of a way for the jails to umount the mount points in > its fstab file when the only process inside the jail exits? No easy way. Those filesystems have to be unmounted by somebody; the jail can't do it because it doesn't have the permission (because it didn't mount them). So some process needs to be watching to see when the jail goes away. That would be some kind of watcher that wakes up occasionally and sees if the jail is still there. It might be nice to have some kqueue support for jails. - Jamie From owner-freebsd-jail@freebsd.org Wed May 1 15:22:10 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 61C7F1599982 for ; Wed, 1 May 2019 15:22:10 +0000 (UTC) (envelope-from mwlucas@mail.mwl.io) Received: from mail.mwl.io (unknown [IPv6:2001:19f0:5401:1eb3:5400:1ff:fef9:2ab9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D48D1821B9; Wed, 1 May 2019 15:22:09 +0000 (UTC) (envelope-from mwlucas@mail.mwl.io) Received: from mail.mwl.io (localhost [127.0.0.1]) by mail.mwl.io (8.15.2/8.15.2) with ESMTP id x41FM7p8038910; Wed, 1 May 2019 11:22:08 -0400 (EDT) (envelope-from mwlucas@mail.mwl.io) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=michaelwlucas.com; s=mwl; t=1556724128; bh=sgGiwnfiWW81Xi3WvEbDOfAsENXFX41oobxygUsBfxg=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=KNBU3TuO6pEGhE3TFRbIeXD23f+kOOw/9XenWk6B9p68HUHxFbIB/6pZBXPp9uj3k SabSRksC7YJRogRevdzwAJUbRcMQLBDvNuG/dFguHOh5O9dAH+mZw3v1tORozFaR3f pv9ZsYrH6JRdo1zJkTP/R7PRVEtlAISEYawTQQ+agsM3cE+5eWnrKSficzQ0RHtV1n vzcgvqSadJLfZAXLvciWhAUdvmq8Bv17vXJsyeIk8MWxgFefk2gEHjHa538aAuyxGC 43+zmrBP0UJNIuvbCHtFjcyQlZeJTxnV78P8qjWkFPjKr0/mKUu66QJjNmIunpnGh8 9sXab2dirBpDA== Received: (from mwlucas@localhost) by mail.mwl.io (8.15.2/8.15.2/Submit) id x41FM7BC038746; Wed, 1 May 2019 11:22:07 -0400 (EDT) (envelope-from mwlucas) Date: Wed, 1 May 2019 11:22:07 -0400 From: "Michael W. Lucas" To: James Gritton Cc: freebsd-jail@freebsd.org, squiggly foo Subject: Re: Application Jail Shutdown Problem Message-ID: <20190501152207.GA35338@mail.mwl.io> References: <22066461556647435@iva8-3b901672a9c5.qloud-c.yandex.net> <9f04fc825b4a931e51c4d7fd5d7ed7e0@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9f04fc825b4a931e51c4d7fd5d7ed7e0@freebsd.org> User-Agent: Mutt/1.11.4 (2019-03-13) X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.2 (mail.mwl.io [127.0.0.1]); Wed, 01 May 2019 11:22:08 -0400 (EDT) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 May 2019 15:22:10 -0000 On Wed, May 01, 2019 at 08:53:18AM -0600, James Gritton wrote: > On 2019-04-30 12:03, squiggly foo wrote: > > Hi All, > > > > I use the mount.fstab parameter to mount a number of file systems > > before starting a jail which works without any problem. However since > > it is an application jail, there are no other processes running inside > > the jail other than the one application. As soon as that application > > terminates the jail is removed by the host. > > > > This is actually my preferred behavior; I want the jail to be removed > > when the process inside of it terminates. But the problem is that the > > mount points are not unmounted after the jail is removed that way. > > The only way I can get the jails to unmount is if I do a "jail -r > > jailname" which is what I want to avoid as I would not do that while > > the process inside the jail is still running. > > > > > > Does anyone know of a way for the jails to umount the mount points in > > its fstab file when the only process inside the jail exits? > > No easy way. Those filesystems have to be unmounted by somebody; the > jail can't do it because it doesn't have the permission (because it > didn't > mount them). So some process needs to be watching to see when the jail > goes away. That would be some kind of watcher that wakes up > occasionally > and sees if the jail is still there. It might be nice to have some > kqueue > support for jails. Maybe I'm not understanding the problem. Is there a reason why exec.poststop="umount -aF /whatever/jail.fstab" won't do the trick? ==ml -- Michael W. Lucas https://mwl.io/ author of: Absolute OpenBSD, SSH Mastery, git commit murder, Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc... From owner-freebsd-jail@freebsd.org Wed May 1 21:33:47 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E78F115A14B1 for ; Wed, 1 May 2019 21:33:46 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [199.192.165.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7B6C98E7CC for ; Wed, 1 May 2019 21:33:46 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org ([127.0.0.131]) by gritton.org (8.15.2/8.15.2) with ESMTP id x41LXhBf073551; Wed, 1 May 2019 15:33:43 -0600 (MDT) (envelope-from jamie@freebsd.org) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 01 May 2019 15:33:43 -0600 From: James Gritton To: freebsd-jail@freebsd.org Cc: "Michael W. Lucas" , squiggly foo Subject: Re: Application Jail Shutdown Problem In-Reply-To: <20190501152207.GA35338@mail.mwl.io> References: <22066461556647435@iva8-3b901672a9c5.qloud-c.yandex.net> <9f04fc825b4a931e51c4d7fd5d7ed7e0@freebsd.org> <20190501152207.GA35338@mail.mwl.io> Message-ID: X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.3.8 X-Greylist: inspected by milter-greylist-4.6.2 (gritton.org [127.0.0.131]); Wed, 01 May 2019 15:33:44 -0600 (MDT) for IP:'127.0.0.131' DOMAIN:'[127.0.0.131]' HELO:'gritton.org' FROM:'jamie@freebsd.org' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (gritton.org [127.0.0.131]); Wed, 01 May 2019 15:33:44 -0600 (MDT) X-Rspamd-Queue-Id: 7B6C98E7CC X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.96 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.96)[-0.957,0] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 May 2019 21:33:47 -0000 On 2019-05-01 09:22, Michael W. Lucas wrote: > On Wed, May 01, 2019 at 08:53:18AM -0600, James Gritton wrote: >> On 2019-04-30 12:03, squiggly foo wrote: >> > Hi All, >> > >> > I use the mount.fstab parameter to mount a number of file systems >> > before starting a jail which works without any problem. However since >> > it is an application jail, there are no other processes running inside >> > the jail other than the one application. As soon as that application >> > terminates the jail is removed by the host. >> > >> > This is actually my preferred behavior; I want the jail to be removed >> > when the process inside of it terminates. But the problem is that the >> > mount points are not unmounted after the jail is removed that way. >> > The only way I can get the jails to unmount is if I do a "jail -r >> > jailname" which is what I want to avoid as I would not do that while >> > the process inside the jail is still running. >> > >> > >> > Does anyone know of a way for the jails to umount the mount points in >> > its fstab file when the only process inside the jail exits? >> >> No easy way. Those filesystems have to be unmounted by somebody; the >> jail can't do it because it doesn't have the permission (because it >> didn't >> mount them). So some process needs to be watching to see when the >> jail >> goes away. That would be some kind of watcher that wakes up >> occasionally >> and sees if the jail is still there. It might be nice to have some >> kqueue >> support for jails. > > > Maybe I'm not understanding the problem. > > Is there a reason why exec.poststop="umount -aF /whatever/jail.fstab" > won't do the trick? The works when it's jail(8) doing the removing. But when the jail just "runs out" on its own, because its last process has exited (and it didn't have "persist" set), there is no jail(8) to run the stop scripts. Normally I would recommend setting persist and explicitly destroying the jail later, but that had already been mentioned as not preferred. - Jamie From owner-freebsd-jail@freebsd.org Thu May 2 01:23:49 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 46D811584760 for ; Thu, 2 May 2019 01:23:49 +0000 (UTC) (envelope-from ike@blackskyresearch.net) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0A8E66F653; Thu, 2 May 2019 01:23:46 +0000 (UTC) (envelope-from ike@blackskyresearch.net) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 4989E23401; Wed, 1 May 2019 21:23:40 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Wed, 01 May 2019 21:23:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= blackskyresearch.net; h=content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id :references:to; s=mesmtp; bh=tGRRnIViN0w7ObibBvikoI33Y00huq/1aIP tWn+nd7U=; b=O2cwiuCNGaD+Uncml0OYqKM/NGIa6FHLcp6z8NgJsTZJjyK8seZ U7exDyix7HbwQk06J4hTDcTrcvpu8T4WEXFTzkkAxEW6whJnnrxyrBRHgFkb4BjY UWgvtanP/Fr2cDR18BY7xCQUbL8WEAFuEbNAHU8/WIOWbe8C/3JKkdKY= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=tGRRnIViN0w7ObibBvikoI33Y00huq/1aIPtWn+nd 7U=; b=8hreUSRzG6cURiQVtBASCwHHjZflAuiGPSyGRlc7W0Q7SNS/3xelpHlh6 XSUgHyAboyTO0PqtFk+jWtZPWJpfq9ryl7xMS5IRIMqBVp3qmT3W/smuU1EOHzge Yf2I04mIBPZ5fNT/jcp1gyOF6lP+CslveMaF0HtCOfGKOQbGdKB4Zx6p394jT8Ww z4lHyFOchfyB2uXbUrgZ9aNMTbAQWleAilkZtccs6NVp9NENrW33VldPPbdmLQSe +ssZnlnV6QTokv8YRApFH9GcYMGmN49t3NRNnmoOYCBhQHRTEURTjjLbQ8/NWP7a yT5qneW2W1+apEoeFX+4TGbKnwFjQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrieekgdefiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpegtggfuhffojgffgffkfhfvsehtqhhmtdhhtddvnecuhfhrohhmpedfkfhsrggr tgculddrihhkvgdmucfnvghvhidfuceoihhkvgessghlrggtkhhskhihrhgvshgvrghrtg hhrdhnvghtqeenucffohhmrghinhepfhhrvggvsghsugdrohhrghenucfkphepudejgedr vddtvddrgedrjeenucfrrghrrghmpehmrghilhhfrhhomhepihhkvgessghlrggtkhhskh ihrhgvshgvrghrtghhrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from [100.81.81.66] (7.sub-174-202-4.myvzw.com [174.202.4.7]) by mail.messagingengine.com (Postfix) with ESMTPA id 7F3CA103D1; Wed, 1 May 2019 21:23:39 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: Application Jail Shutdown Problem From: "Isaac (.ike) Levy" X-Mailer: iPhone Mail (16E227) In-Reply-To: Date: Wed, 1 May 2019 21:23:38 -0400 Cc: freebsd-jail@freebsd.org, squiggly foo Content-Transfer-Encoding: quoted-printable Message-Id: References: <22066461556647435@iva8-3b901672a9c5.qloud-c.yandex.net> <9f04fc825b4a931e51c4d7fd5d7ed7e0@freebsd.org> <20190501152207.GA35338@mail.mwl.io> To: James Gritton X-Rspamd-Queue-Id: 0A8E66F653 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=blackskyresearch.net header.s=mesmtp header.b=O2cwiuCN; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=8hreUSRz X-Spamd-Result: default: False [-6.33 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[blackskyresearch.net:s=mesmtp,messagingengine.com:s=fm2]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; MV_CASE(0.50)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[blackskyresearch.net]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[blackskyresearch.net:+,messagingengine.com:+]; MX_GOOD(-0.01)[in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com]; NEURAL_HAM_SHORT(-0.93)[-0.932,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-3.49)[ip: (-9.58), ipnet: 66.111.4.0/24(-4.53), asn: 11403(-3.27), country: US(-0.06)]; RCVD_IN_DNSWL_LOW(-0.10)[28.4.111.66.list.dnswl.org : 127.0.5.1] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 May 2019 01:23:49 -0000 Hi Jamie, all, >> On May 1, 2019, at 5:33 PM, James Gritton wrote: >>=20 >>> On 2019-05-01 09:22, Michael W. Lucas wrote: >>> On Wed, May 01, 2019 at 08:53:18AM -0600, James Gritton wrote: >>>> On 2019-04-30 12:03, squiggly foo wrote: >>>> Hi All, >>>>=20 >>>> I use the mount.fstab parameter to mount a number of file systems >>>> before starting a jail which works without any problem. However since >>>> it is an application jail, there are no other processes running inside >>>> the jail other than the one application. As soon as that application >>>> terminates the jail is removed by the host. Cool/interesting use case for jail. I am wondering how you start the jails? Is there some way to simply trap the jailed process when you start it, to ca= ll the unmount routine? (e.g. trap the jail call itself from userland on 0 a= nd other nonzero exits?) Best, .ike >>>>=20 >>>> This is actually my preferred behavior; I want the jail to be removed >>>> when the process inside of it terminates. But the problem is that the >>>> mount points are not unmounted after the jail is removed that way. >>>> The only way I can get the jails to unmount is if I do a "jail -r >>>> jailname" which is what I want to avoid as I would not do that while >>>> the process inside the jail is still running. >>>>=20 >>>>=20 >>>> Does anyone know of a way for the jails to umount the mount points in >>>> its fstab file when the only process inside the jail exits? >>> No easy way. Those filesystems have to be unmounted by somebody; the >>> jail can't do it because it doesn't have the permission (because it >>> didn't >>> mount them). So some process needs to be watching to see when the jail >>> goes away. That would be some kind of watcher that wakes up >>> occasionally >>> and sees if the jail is still there. It might be nice to have some >>> kqueue >>> support for jails. >> Maybe I'm not understanding the problem. >> Is there a reason why exec.poststop=3D"umount -aF /whatever/jail.fstab" >> won't do the trick? >=20 > The works when it's jail(8) doing the removing. But when the jail just > "runs out" on its own, because its last process has exited (and it didn't > have "persist" set), there is no jail(8) to run the stop scripts. Normall= y > I would recommend setting persist and explicitly destroying the jail later= , > but that had already been mentioned as not preferred. >=20 > - Jamie > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"