Date: Tue, 29 Jul 2008 14:20:34 -0400 (EDT) From: Randy Schultz <schulra@earlham.edu> To: freebsd-jail@freebsd.org Subject: visudo non-functional in 7.0-RELEASE jail Message-ID: <Pine.BSF.4.64.0807291329250.13422@tdream.lly.earlham.edu>
next in thread | raw e-mail | index | archive | help
Heya,
Been using jails for a while with 6.2 and 6.3. Today I'm working my first lab
box with 7.0-RELEASE. Set everything up with ezjail, e.g. ezjail-admin
create... Everything builds/installs fine, no barks. Sudo installed via make
install in /usr/ports/security/sudo on both parent and jail after a portsnap
update. The version of sudo works fine in the parent. In the jail however I
always get:
zincite# /usr/local/sbin/visudo
visudo: /usr/local/etc/sudoers busy, try again later
Sudoers is not busy. This is on a fresh jail that only I have access to,
doing a visudo right after the make install finishes.
My first thought was the jail dev/fs perms were somehow messed up but I can
write to /usr/local/etc. In fact I can vi /usr/local/etc/sudoers and write it
back out.
I've checked the sysctl flags. They are the same as on a working 6.x
parent(but I've included them here FWIW):
Root Dude ? sysctl -a|egrep jail
security.jail.jailed: 0
security.jail.mount_allowed: 0
security.jail.chflags_allowed: 0
security.jail.allow_raw_sockets: 0
security.jail.enforce_statfs: 2
security.jail.sysvipc_allowed: 0
security.jail.socket_unixiproute_only: 1
security.jail.set_hostname_allowed: 1
Rc.conf has:
ezjail_enable=YES
jail_list="zincite"
jail_zincite_rootdir=/usr/local/jails/zincite
jail_zincite_hostname=zincite.earlham.edu
jail_zincite_ip=159.28.83.137
jail_zincite_interface=bge0
#jail_zincite_fstab="/etc/zincite.fstab"
jail_zincite_mount_enable="YES"
jail_zincite_devfs_enable="YES"
Fstab is pretty standard:
Root Dude ? cat /etc/fstab.zincite
/usr/local/jails/basejail /usr/local/jails/zincite/basejail nullfs ro 0 0
The /usr/local/jails/zincite/etc/devfs.conf is non-tweaked
zincite# ls -l /dev
total 0
dr-xr-xr-x 2 root wheel 512 Jul 29 16:23 fd
lrwxr-xr-x 1 root wheel 14 Jul 29 16:23 log -> ../var/run/log
crw-rw-rw- 1 root wheel 0, 6 Jul 29 17:33 null
crw-rw-rw- 1 root wheel 0, 121 Jul 29 17:26 ptyp0
crw-rw-rw- 1 root wheel 0, 123 Jul 29 17:38 ptyp1
crw-rw-rw- 1 root wheel 0, 10 Jul 29 12:23 random
lrwxr-xr-x 1 root wheel 4 Jul 29 16:23 stderr -> fd/2
lrwxr-xr-x 1 root wheel 4 Jul 29 16:23 stdin -> fd/0
lrwxr-xr-x 1 root wheel 4 Jul 29 16:23 stdout -> fd/1
crw-rw-rw- 1 root wheel 0, 122 Jul 29 17:26 ttyp0
crw--w---- 1 rj tty 0, 124 Jul 29 17:38 ttyp1
lrwxr-xr-x 1 root wheel 6 Jul 29 16:23 urandom -> random
crw-rw-rw- 1 root wheel 0, 7 Jul 29 16:23 zero
and /usr/local/etc/ezjail/zincite contains:
export jail_zincite_hostname="zincite"
export jail_zincite_ip="159.28.83.137"
export jail_zincite_rootdir="/usr/local/jails/zincite"
export jail_zincite_exec="/bin/sh /etc/rc"
export jail_zincite_mount_enable="YES"
export jail_zincite_devfs_enable="YES"
export jail_zincite_devfs_ruleset="devfsrules_jail"
export jail_zincite_procfs_enable="YES"
export jail_zincite_fdescfs_enable="YES"
export jail_zincite_image=""
export jail_zincite_imagetype=""
export jail_zincite_attachparams=""
export jail_zincite_attachblocking=""
export jail_zincite_forceblocking=""
I tried tracing visudo but that didn't give me much:
...
1293: open("/usr/local/etc/sudoers",O_RDWR|O_CREAT,0440) = 3 (0x3)
1293: fcntl(3,F_SETLK,0x7fffffffe390) ERR#22 'Invalid argument'
visudo: 1293: write(2,"visudo: ",8) = 8 (0x8)
/usr/local/etc/sudoers busy, try again later 1293:
write(2,"/usr/local/etc/sudoers busy, try"...,44) = 44 (0x2c)
1293: write(2,"\n",1) = 1 (0x1)
1293: process exit, rval = 1
I noted the invalid argument, thought busted port, but same thing works great
on the parent.
I'm running out of places to poke.
--
Randy (schulra@earlham.edu) 765.983.1283 <*>
Love with your heart, think with your head; not the other way around.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.64.0807291329250.13422>