Date: Mon, 14 Oct 2013 20:30:48 -0700 From: Peter Wemm <peter@wemm.org> To: Gavin Atkinson <gavin@FreeBSD.org>, Hiroki Sato <hrs@FreeBSD.org> Cc: svn-src-head@FreeBSD.org, remko@FreeBSD.org, src-committers@FreeBSD.org, svn-src-all@FreeBSD.org Subject: Re: svn commit: r256256 - in head: . etc etc/defaults etc/rc.d share/man/man5 usr.sbin/jail Message-ID: <525CB6E8.9080407@wemm.org> In-Reply-To: <alpine.BSF.2.00.1310141941570.79845@thunderhorn.york.ac.uk> References: <201310100932.r9A9WS0H013645@svn.freebsd.org> <04E9979E-1D97-4AA2-A7AE-F9D8457B3599@FreeBSD.org> <20131012.015639.236155929172394900.hrs@allbsd.org> <alpine.BSF.2.00.1310141941570.79845@thunderhorn.york.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --A5NJVowUaQcq8i7Ga1b12WTCGcMNUO3oO Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 10/14/13 11:45 AM, Gavin Atkinson wrote: > On Sat, 12 Oct 2013, Hiroki Sato wrote: >> Remko Lodder <remko@FreeBSD.org> wrote >> in <04E9979E-1D97-4AA2-A7AE-F9D8457B3599@FreeBSD.org>: >> >> re> Hi Hiroki, >> re> >> re> On Oct 10, 2013, at 11:32 AM, Hiroki Sato <hrs@FreeBSD.org> wrote:= >> re> >> re> > Author: hrs >> re> > Date: Thu Oct 10 09:32:27 2013 >> re> > New Revision: 256256 >> re> > URL: http://svnweb.freebsd.org/changeset/base/256256 >> re> > >> re> > Log: >> re> > - Update rc.d/jail to use a jail(8) configuration file instead = of >> re> > command line options. The "jail_<jname>_*" rc.conf(5) variab= les for >> re> > per-jail configuration are automatically converted to >> re> > /var/run/jail.<jname>.conf before the jail(8) utility is invo= ked. >> re> > This is transparently backward compatible. >> re> > >> re> > - Fix a minor bug in jail(8) which prevented it from returning = false >> re> > when jail -r failed. >> re> > >> re> >> re> Thanks for doing such a massive update. However it seems to break = the >> re> ezjail utility. >> re> My jails didn't restart after I upgraded to the most recent -head >> re> version >=20 > I'm also seeing issues with ezjail - in my case, the jails do start up = > properly, but ezjail doesn't believe that they have. >=20 >> re> FreeBSD nakur.elvandar.org 10.0-ALPHA6 FreeBSD 10.0-ALPHA6 #7 r256= 311: >> re> Fri Oct 11 13:27:54 CEST 2013 >> re> root@nakur.elvandar.org:/usr/obj/usr/src/sys/NAKUR amd64 >> re> >> re> If I replace this with an older version, the utility starts and >> re> complains about certain things not being done properly. The >> re> system does not mount devfs nodes anylonger and thus is basically = out >> re> of function. >> re> >> re> I was not expecting this much fallout from this change, others tha= t >> re> will be upgrading will loose the ability to start their jails unti= l >> re> they can >> re> resolve this by hand. >> >> Can you send me your ezjail configuration and differences of the >> results (error messages, mount handling, etc) between old and new >> rc.d/jail? >=20 > The issue for me is that the /var/run/jail_${jailname}.id files are no = > longer created, which ezzjail uses to keep track of jail state. >=20 > As a temporary workaround, for each jail I have on the host done > echo $jail_id > /var/run/jail_${jailname}.id > and this allows me to manage that jail again from within ezjail. >=20 > Gavin >=20 It's actually far worse than I thought. Given: # grep jail /etc/rc.conf jail_interface=3D"bge0" ezjail_enable=3D"YES" =2E.. export jail_sab_ip=3D"lo1|127.0.1.73,192.203.228.73,2001:470:67:39d::73" we end up with: # ifconfig bge0 | grep 73 inet 127.0.1.73 netmask 0xffffffff broadcast 127.0.1.73 inet 192.203.228.73 netmask 0xffffffff broadcast 192.203.228.73 inet6 2001:470:67:39d::73 prefixlen 64 Note how they're all on bge0 and the lo1|127.x is ignored. There's some other problems I haven't pinned down yet. Something has changed radically with source address selection and some standard setups from 7.x through 10.x (as of a few months ago) don't work anymore. I haven't yet figured out how to do the per-jail lo1|127.x thing in the new= scheme even with an old rc.d/jail - anything attempting to bind to localh= ost gets remapped to the public, fully exposed address. I'm still looking. --=20 Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6F= JV --A5NJVowUaQcq8i7Ga1b12WTCGcMNUO3oO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJctu4ACgkQFRKuUnJ3cX+V1gCeNsVP5oL5P7GvHfY6admCs7mE it4AnimbXbzFIZtXhMvHtKVQqvHaWpiL =Dueo -----END PGP SIGNATURE----- --A5NJVowUaQcq8i7Ga1b12WTCGcMNUO3oO--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?525CB6E8.9080407>