Date: Sat, 21 Jan 2012 23:43:06 +0100 From: "Simon L. B. Nielsen" <simon@FreeBSD.org> To: Brooks Davis <brooks@freebsd.org> Cc: freebsd-rc@freebsd.org Subject: Re: Bumping a pet bug Message-ID: <cf3505af4577b689ea951e21ef51bcb5@nitro.dk> In-Reply-To: <20120120230300.GE87357@lor.one-eyed-alien.net> References: <4F14F4FF.902@erdgeist.org> <20120120230300.GE87357@lor.one-eyed-alien.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 20 Jan 2012 17:03:00 -0600, Brooks Davis wrote: > On Tue, Jan 17, 2012 at 05:11:43AM +0100, Dirk Engling wrote: >> Dear rc team, >> >> I know your time is precious, but there is an annoying bug in >> rc.d/jail >> that keeps littering my (and my user's) servers with stray soft >> links >> whenever we start jails. >> >> I've described the bug two years ago here >> >> http://www.FreeBSD.org/cgi/query-pr.cgi?pr=conf/143084 >> >> and even conveniently applied a simple and effective patch. >> >> tl;dr: If rc.d/jail can not access $_devdir, a soft link is created >> in >> ./log => ../var/run/log no matter where I was. >> >> Unfortunally I am still busy answering emails from users of ezjail >> who >> first look for the problem with themselves, then blame it on ezjail >> and >> finally complain about FreeBSD. Also I have to clean up my systems >> from >> all the littering links called "log" pointing nowhere. >> >> If please a committer could take the five minutes to look into the >> bug >> and fix the problem, he could save me and my users a lot of trouble >> and >> time. > > I've committed a similar fixed to head after talking it over a bit > with > Simon. We probably would be checking for success on mounting devfs > and > failed the jail entirely if it doesn't happen, but that's a bigger > step > and from your description it appears to me that might cause problems > in > some scenarios. I think in most cases if devfs mount fails you will likely not end up with a jail where you can do much... rather many things expect /dev/null etc. It is possible to just disable the devfs mount completely for a jail if you want the jail to start up anyway without devfs so I think it would be OK to simply skip the jail if we cannot mount devfs - and complain loudly. Anybody have any cases where this would be a problem? > P.S. rc.d/jail fixes are the sort of thing that will often need > active > followup when assigned to freebsd-rc. There's a note at the top that > most of us take to mean "don't touch this file without so approval" > which is a moderate psychological barrier to handling these PRs. Yes, that is unfortunate but it's easy to introduce serious security issues if people are not aware of the quirks related to handling untrusted file system data, so I still think the warning should be there... -- Simon L. B. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cf3505af4577b689ea951e21ef51bcb5>