Date: Wed, 20 Jan 2016 12:23:13 +0000 From: Matthew Seaman <matthew@freebsd.org> To: freebsd-questions@freebsd.org Subject: Re: resolver not working in a chroot Message-ID: <569F7C31.7010209@freebsd.org> In-Reply-To: <569f6a72.IDjZt6e6TrIMfmrk%perryh@pluto.rain.com> References: <569e05b6.2RStkLc7SZIg/dVM%perryh@pluto.rain.com> <569E12B2.5090302@freebsd.org> <569eeb77.GFz8dwXgj3CL44SN%perryh@pluto.rain.com> <569F44DB.4080406@FreeBSD.org> <569f6a72.IDjZt6e6TrIMfmrk%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --vuq8QMKRM3dOqMkxh0hX2gcKwfXxScaW2 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 01/20/16 11:07, Perry Hutchison wrote: > Matthew Seaman <matthew@freebsd.org> wrote: >> On 20/01/2016 02:05, Perry Hutchison wrote: >>> There must be some difference in the lookup mechanisms between >>> the resolver and host(1), since host(1) works in the chroot. >> >> Yes. host(1) uses only the DNS, whereas the general resolver function= s >> can use all sorts of resolution mechanisms -- see nsswitch.conf(5). >> >> In order to track down exactly what the problem is I'd be running that= >> ping command under truss(1) to try and spot what the failure is. That= 's >> not guaranteed to work, nor is it generally completely obvious from th= e >> truss output what the trouble may be. My guess though is that somethi= ng >> is read-only which the system expects to be read-write. >=20 > That produced some interesting results, the first being that > truss(1) apparently does not like to run in a chroot: >=20 > # chroot -u 0 -g 0 -G 105,0,5,20,25 /mnt truss -o \ > /var/tmp/ping-in-chroot ping -c 1 pkg.FreeBSD.org >=20 > produced 313 lines of >=20 > -- CANNOT READ REGISTERS -- >=20 > followed by process exit. >=20 > Having truss run the chroot showed that the resolver is correctly > deciding to consult the DNS after failing to find the hostname in > /etc/hosts -- /etc/nsswitch.conf specified "hosts: files dns" -- > then falling over when it tries to open a socket for the purpose: >=20 > open("/etc/hosts",0x100000,0666) =3D 4 (0x4) > fstat(4,{ mode=3D-rw-r--r-- ,inode=3D12102,size=3D1090,blksize=3D8192= }) =3D 0 (0x0) > read(4,"# $FreeBSD: releng/10.2/etc/host"...,8192) =3D 1090 (0x442) > read(4,0x28820000,8192) =3D 0 (0x0) > close(4) =3D 0 (0x0) > gettimeofday({1453281421.449818 },0x0) =3D 0 (0x0) > kqueue(0x0,0xbfbecccc,0x8,0x7273752f,0x62696c2f,0x28060aae) =3D 4 (0x= 4) > socket(PF_INET,0x10000002,0) ERR#43 'Protocol not suppo= rted' > socket(PF_INET,0x10000002,0) ERR#43 'Protocol not suppo= rted' > socket(PF_INET,0x10000002,0) ERR#43 'Protocol not suppo= rted' > socket(PF_INET,0x10000002,0) ERR#43 'Protocol not suppo= rted' > socket(PF_INET,0x10000002,0) ERR#43 'Protocol not suppo= rted' > socket(PF_INET,0x10000002,0) ERR#43 'Protocol not suppo= rted' > close(4) =3D 0 (0x0) > madvise(0x28829000,0x10000,0x5,0x281eb468,0xbfbee138,0x28132e50) =3D = 0 (0x0) > madvise(0x28820000,0x2000,0x5,0x281eb468,0xbfbee138,0x28132e50) =3D 0= (0x0) > madvise(0x28825000,0x1000,0x5,0x281eb468,0xbfbee138,0x28132e50) =3D 0= (0x0) > write(2,"ping: ",6) =3D 6 (0x6) > write(2,"cannot resolve pkg.FreeBSD.org: "...,56) =3D 56 (0x38) >=20 > In contrast, host(1) has no problem when run in the same way: >=20 > socket(PF_INET,SOCK_DGRAM,17) =3D 3 (0x3) > sendto(3,"\M^R>\^A\0\0\^A\0\0\0\0\0\0\^Cpk"...,33,0x0,{ AF_INET 192.1= 68.0.1:53 },0x10) =3D 33 (0x21) > select(4,{3},0x0,0x0,{5.000000 }) =3D 1 (0x1) > fcntl(3,F_GETFL,) =3D 2 (0x2) > fcntl(3,F_SETFL,O_NONBLOCK|0x2) =3D 0 (0x0) > recvfrom(3,"\M^R>\M^A\M^@\0\^A\0\^A\0\0\0\0"...,65535,0x0,NULL,0x0) =3D= 49 (0x31) > madvise(0x28813000,0x10000,0x5,0x28399468,0xbfbfe3c0,0x282e0e50) =3D = 0 (0x0) > close(3) =3D 0 (0x0) > madvise(0x28810000,0x2000,0x5,0x28399468,0xbfbfe8c0,0x282e0e50) =3D 0= (0x0) > gettimeofday({1453283485.628061 },0x0) =3D 0 (0x0) > madvise(0x28808000,0x1000,0x5,0x28399468,0xbfbfe948,0x282e0e50) =3D 0= (0x0) > madvise(0x28808000,0x10000,0x5,0x28399468,0xbfbfe5d0,0x282e0e50) =3D = 0 (0x0) > fstat(1,{ mode=3Dcrw--w---- ,inode=3D192,size=3D0,blksize=3D4096 }) =3D= 0 (0x0) > ioctl(1,TIOCGETA,0xbfbfe768) =3D 0 (0x0) > madvise(0x28809000,0x10000,0x5,0x28399468,0xbfbfe5d0,0x282e0e50) =3D = 0 (0x0) > write(1,"pkg.FreeBSD.org has address 96.4"...,40) =3D 40 (0x28) >=20 > The most glaring difference is that 0x10000002 second parameter > that the resolver passes to socket(2): it should be SOCK_DGRAM (or, > conceivably, SOCK_STREAM -- if the resolver is using TCP instead of > UDP for its DNS queries). Looks like ping(8) is OR-ing SOCK_CLOEXEC into the 2nd argument to socket(2). That's perfectly fine according to the manual. The 'Protocol not supported' error you're seeing is not because of that. Hmmm.... You've mounted a 10.2-RELEASE memstick image onto /mnt, but what OS version is the parent host running? If you're trying to run a more recent version of the OS in the chroot than in the host system, that could well explain your experiences. The FreeBSD kernel is not guaranteed to be forward compatible to software compiled on a more recent version of the OS, although the reverse -- newer kernel and older software -- will work. Cheers, Matthew --vuq8QMKRM3dOqMkxh0hX2gcKwfXxScaW2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWn3wxAAoJEABRPxDgqeTnOwYP+QFQpnoe9QAy0NLYoxFzSISd LU38LEIrmkXm5IZ0B2Ecq8nv3J/0IlVZlQezss1GCzeomzQwQtzbeFYYpRP/qqAZ wYiqRxSj9Tso1xBj4i8td83YpBNaZuxudJL2pzDAjYFvtq8TccIh6barIGZWO9fB GK0WCS4XqYongEi5K6KKggMi0zU75CUt3DsL6TnvTKwI1aY4acFHOVv5Ow82gGg9 QkeDrlLbRkZIktzeXJK1rL3mEzzG7zKzRN+oWuv5mj1yNZ8C16q0mtd5FJrI+q8H SQZCJI9IIT+l8WlXdRtC0hYolexYe1/msPheYo+gFGWhrZaosnb4okxa2WOh8zCg nDhlVmXg8R0NRLYLxCnuak5tnlPPHmkA94VPDtK+Kx9D+cFxMShtb9ldGpnoRdgG Ty37qgTTF9Hf3TO57UxMUbQEM5y56umFdMmsusA2rxquJwYuvcbWxV3mhoZvUgu9 SDZNMhluk0Br7RLKBJa4C4xZ0QqGwoNgMpuK2T7ARQMScsaEHJ+P6H7vRhGQQtSj XtDzFAkCq7aytmoQa8oCxQ0KDm1yv1GYkv8aS/LnzI+Chj790VigoGc/FF0S26Bd /sDSNPkogQRo7Bac6OawzttToWbQseFefXv0PYXGM6IXwLh7dm9E4nqZWl6e6pwV yFadDxag9SOsymL0Z4f0 =t5Sz -----END PGP SIGNATURE----- --vuq8QMKRM3dOqMkxh0hX2gcKwfXxScaW2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?569F7C31.7010209>