Date: Wed, 20 Jan 2016 12:23:13 +0000 From: Matthew Seaman <matthew@freebsd.org> To: freebsd-questions@freebsd.org Subject: Re: resolver not working in a chroot Message-ID: <569F7C31.7010209@freebsd.org> In-Reply-To: <569f6a72.IDjZt6e6TrIMfmrk%perryh@pluto.rain.com> References: <569e05b6.2RStkLc7SZIg/dVM%perryh@pluto.rain.com> <569E12B2.5090302@freebsd.org> <569eeb77.GFz8dwXgj3CL44SN%perryh@pluto.rain.com> <569F44DB.4080406@FreeBSD.org> <569f6a72.IDjZt6e6TrIMfmrk%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--vuq8QMKRM3dOqMkxh0hX2gcKwfXxScaW2
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
On 01/20/16 11:07, Perry Hutchison wrote:
> Matthew Seaman <matthew@freebsd.org> wrote:
>> On 20/01/2016 02:05, Perry Hutchison wrote:
>>> There must be some difference in the lookup mechanisms between
>>> the resolver and host(1), since host(1) works in the chroot.
>>
>> Yes. host(1) uses only the DNS, whereas the general resolver function=
s
>> can use all sorts of resolution mechanisms -- see nsswitch.conf(5).
>>
>> In order to track down exactly what the problem is I'd be running that=
>> ping command under truss(1) to try and spot what the failure is. That=
's
>> not guaranteed to work, nor is it generally completely obvious from th=
e
>> truss output what the trouble may be. My guess though is that somethi=
ng
>> is read-only which the system expects to be read-write.
>=20
> That produced some interesting results, the first being that
> truss(1) apparently does not like to run in a chroot:
>=20
> # chroot -u 0 -g 0 -G 105,0,5,20,25 /mnt truss -o \
> /var/tmp/ping-in-chroot ping -c 1 pkg.FreeBSD.org
>=20
> produced 313 lines of
>=20
> -- CANNOT READ REGISTERS --
>=20
> followed by process exit.
>=20
> Having truss run the chroot showed that the resolver is correctly
> deciding to consult the DNS after failing to find the hostname in
> /etc/hosts -- /etc/nsswitch.conf specified "hosts: files dns" --
> then falling over when it tries to open a socket for the purpose:
>=20
> open("/etc/hosts",0x100000,0666) =3D 4 (0x4)
> fstat(4,{ mode=3D-rw-r--r-- ,inode=3D12102,size=3D1090,blksize=3D8192=
}) =3D 0 (0x0)
> read(4,"# $FreeBSD: releng/10.2/etc/host"...,8192) =3D 1090 (0x442)
> read(4,0x28820000,8192) =3D 0 (0x0)
> close(4) =3D 0 (0x0)
> gettimeofday({1453281421.449818 },0x0) =3D 0 (0x0)
> kqueue(0x0,0xbfbecccc,0x8,0x7273752f,0x62696c2f,0x28060aae) =3D 4 (0x=
4)
> socket(PF_INET,0x10000002,0) ERR#43 'Protocol not suppo=
rted'
> socket(PF_INET,0x10000002,0) ERR#43 'Protocol not suppo=
rted'
> socket(PF_INET,0x10000002,0) ERR#43 'Protocol not suppo=
rted'
> socket(PF_INET,0x10000002,0) ERR#43 'Protocol not suppo=
rted'
> socket(PF_INET,0x10000002,0) ERR#43 'Protocol not suppo=
rted'
> socket(PF_INET,0x10000002,0) ERR#43 'Protocol not suppo=
rted'
> close(4) =3D 0 (0x0)
> madvise(0x28829000,0x10000,0x5,0x281eb468,0xbfbee138,0x28132e50) =3D =
0 (0x0)
> madvise(0x28820000,0x2000,0x5,0x281eb468,0xbfbee138,0x28132e50) =3D 0=
(0x0)
> madvise(0x28825000,0x1000,0x5,0x281eb468,0xbfbee138,0x28132e50) =3D 0=
(0x0)
> write(2,"ping: ",6) =3D 6 (0x6)
> write(2,"cannot resolve pkg.FreeBSD.org: "...,56) =3D 56 (0x38)
>=20
> In contrast, host(1) has no problem when run in the same way:
>=20
> socket(PF_INET,SOCK_DGRAM,17) =3D 3 (0x3)
> sendto(3,"\M^R>\^A\0\0\^A\0\0\0\0\0\0\^Cpk"...,33,0x0,{ AF_INET 192.1=
68.0.1:53 },0x10) =3D 33 (0x21)
> select(4,{3},0x0,0x0,{5.000000 }) =3D 1 (0x1)
> fcntl(3,F_GETFL,) =3D 2 (0x2)
> fcntl(3,F_SETFL,O_NONBLOCK|0x2) =3D 0 (0x0)
> recvfrom(3,"\M^R>\M^A\M^@\0\^A\0\^A\0\0\0\0"...,65535,0x0,NULL,0x0) =3D=
49 (0x31)
> madvise(0x28813000,0x10000,0x5,0x28399468,0xbfbfe3c0,0x282e0e50) =3D =
0 (0x0)
> close(3) =3D 0 (0x0)
> madvise(0x28810000,0x2000,0x5,0x28399468,0xbfbfe8c0,0x282e0e50) =3D 0=
(0x0)
> gettimeofday({1453283485.628061 },0x0) =3D 0 (0x0)
> madvise(0x28808000,0x1000,0x5,0x28399468,0xbfbfe948,0x282e0e50) =3D 0=
(0x0)
> madvise(0x28808000,0x10000,0x5,0x28399468,0xbfbfe5d0,0x282e0e50) =3D =
0 (0x0)
> fstat(1,{ mode=3Dcrw--w---- ,inode=3D192,size=3D0,blksize=3D4096 }) =3D=
0 (0x0)
> ioctl(1,TIOCGETA,0xbfbfe768) =3D 0 (0x0)
> madvise(0x28809000,0x10000,0x5,0x28399468,0xbfbfe5d0,0x282e0e50) =3D =
0 (0x0)
> write(1,"pkg.FreeBSD.org has address 96.4"...,40) =3D 40 (0x28)
>=20
> The most glaring difference is that 0x10000002 second parameter
> that the resolver passes to socket(2): it should be SOCK_DGRAM (or,
> conceivably, SOCK_STREAM -- if the resolver is using TCP instead of
> UDP for its DNS queries).
Looks like ping(8) is OR-ing SOCK_CLOEXEC into the 2nd argument to
socket(2). That's perfectly fine according to the manual. The
'Protocol not supported' error you're seeing is not because of that.
Hmmm....
You've mounted a 10.2-RELEASE memstick image onto /mnt, but what OS
version is the parent host running? If you're trying to run a more
recent version of the OS in the chroot than in the host system, that
could well explain your experiences. The FreeBSD kernel is not
guaranteed to be forward compatible to software compiled on a more
recent version of the OS, although the reverse -- newer kernel and older
software -- will work.
Cheers,
Matthew
--vuq8QMKRM3dOqMkxh0hX2gcKwfXxScaW2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJWn3wxAAoJEABRPxDgqeTnOwYP+QFQpnoe9QAy0NLYoxFzSISd
LU38LEIrmkXm5IZ0B2Ecq8nv3J/0IlVZlQezss1GCzeomzQwQtzbeFYYpRP/qqAZ
wYiqRxSj9Tso1xBj4i8td83YpBNaZuxudJL2pzDAjYFvtq8TccIh6barIGZWO9fB
GK0WCS4XqYongEi5K6KKggMi0zU75CUt3DsL6TnvTKwI1aY4acFHOVv5Ow82gGg9
QkeDrlLbRkZIktzeXJK1rL3mEzzG7zKzRN+oWuv5mj1yNZ8C16q0mtd5FJrI+q8H
SQZCJI9IIT+l8WlXdRtC0hYolexYe1/msPheYo+gFGWhrZaosnb4okxa2WOh8zCg
nDhlVmXg8R0NRLYLxCnuak5tnlPPHmkA94VPDtK+Kx9D+cFxMShtb9ldGpnoRdgG
Ty37qgTTF9Hf3TO57UxMUbQEM5y56umFdMmsusA2rxquJwYuvcbWxV3mhoZvUgu9
SDZNMhluk0Br7RLKBJa4C4xZ0QqGwoNgMpuK2T7ARQMScsaEHJ+P6H7vRhGQQtSj
XtDzFAkCq7aytmoQa8oCxQ0KDm1yv1GYkv8aS/LnzI+Chj790VigoGc/FF0S26Bd
/sDSNPkogQRo7Bac6OawzttToWbQseFefXv0PYXGM6IXwLh7dm9E4nqZWl6e6pwV
yFadDxag9SOsymL0Z4f0
=t5Sz
-----END PGP SIGNATURE-----
--vuq8QMKRM3dOqMkxh0hX2gcKwfXxScaW2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?569F7C31.7010209>