From owner-freebsd-jail@FreeBSD.ORG Wed Feb 29 00:30:17 2012 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7F67D106564A for ; Wed, 29 Feb 2012 00:30:17 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6D9088FC17 for ; Wed, 29 Feb 2012 00:30:17 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q1T0UHsi018230 for ; Wed, 29 Feb 2012 00:30:17 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q1T0UHbB018229; Wed, 29 Feb 2012 00:30:17 GMT (envelope-from gnats) Date: Wed, 29 Feb 2012 00:30:17 GMT Message-Id: <201202290030.q1T0UHbB018229@freefall.freebsd.org> To: freebsd-jail@FreeBSD.org From: Glen Barber Cc: Subject: Re: bin/165515: [jail][patch] "jail: unknown parameter: allow.nomount" when starting jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Glen Barber List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Feb 2012 00:30:17 -0000 The following reply was made to PR bin/165515; it has been noted by GNATS. From: Glen Barber To: Jamie Gritton Cc: freebsd-gnats-submit@FreeBSD.org, freebsd-jail@FreeBSD.org, Martin Matuska Subject: Re: bin/165515: [jail][patch] "jail: unknown parameter: allow.nomount" when starting jail Date: Tue, 28 Feb 2012 19:02:00 -0500 --IiVenqGWf+H9Y6IX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Jamie, This patch fixes the problem for me. Thank you! Glen On Tue, Feb 28, 2012 at 03:36:20PM -0700, Jamie Gritton wrote: > The allow.mount parameter recently changed in a subtle way - it's now > a node (to e.g. allow.mount.devfs) as well as a parameter in its own > right. This confused libjail which knows how to handle such parameters > as long as they're not boolean. >=20 > I'm including my proposed fix to libjail. This this fix, allow.nomount > should once again work, as should allow.mount and other things such as > allow.quotas/allow.noquotas should work as they did before. >=20 > - Jamie >=20 >=20 > On 02/27/12 18:21, Glen Barber wrote: > > > >> Number: 165515 > >> Category: bin > >> Synopsis: [jail][patch] "jail: unknown parameter: allow.nomount"= when starting jail > >> Confidential: no > >> Severity: non-critical > >> Priority: low > >> Responsible: freebsd-bugs > >> State: open > >> Quarter: > >> Keywords: > >> Date-Required: > >> Class: sw-bug > >> Submitter-Id: current-users > >> Arrival-Date: Tue Feb 28 01:30:07 UTC 2012 > >> Closed-Date: > >> Last-Modified: > >> Originator: Glen Barber > >> Release: 10.0-CURRENT r232116M > >> Organization: > >> Environment: > > FreeBSD nucleus 10.0-CURRENT FreeBSD 10.0-CURRENT #7 r232116M: Sun Feb = 26 14:12:14 EST 2012 root@nucleus:/usr/obj/usr/src/sys/NUCLEUS amd64 > >> Description: > > On a recent -CURRENT, the jail(8) rc script fails to start jails. This= seems to be caused by looking up a sysctl that does not exist. > >> How-To-Repeat: > > Create a minimalistic jail setup as follows: > > > > nucleus# cat /etc/rc.conf.local > > # > > jail_enable=3D"YES" > > jail_parallel_start=3D"YES" > > jail_list=3D"cfm" > > jail_cfm_hostname=3D"cfm" > > jail_cfm_rootdir=3D"/jails/cfm" > > jail_cfm_ip=3D"172.16.1.2" > > > > Start the jail with the rc(8) script: > > > > nucleus# sh -x /etc/rc.d/jail start cfm > > + . /etc/rc.subr > > [...] > > + eval '_x=3D"$jail_cfm_ip_multi0"' > > + _x=3D'' > > + break > > + echo ' cannot start jail "cfm": ' > > cannot start jail "cfm": > > + tail +2 /tmp/jail.bJIDqW5x/jail.52395 > > jail: unknown parameter: allow.nomount > > > >> Fix: > > The attached patch fixes it for me. > > > > > > Patch attached with submission follows: > > > > Index: usr.sbin/jail/jail.c > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > --- usr.sbin/jail/jail.c (revision 232116) > > +++ usr.sbin/jail/jail.c (working copy) > > @@ -84,7 +84,7 @@ > > { "security.jail.chflags_allowed", > > "allow.nochflags", "allow.chflags" }, > > { "security.jail.mount_allowed", > > - "allow.nomount", "allow.mount" }, > > + "allow.mount", "allow.nomount" }, > > { "security.jail.socket_unixiproute_only", > > "allow.socket_af", "allow.nosocket_af" }, > > }; > > > > > >> Release-Note: > >> Audit-Trail: > >> Unformatted: > > _______________________________________________ > > freebsd-bugs@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-bugs > > To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org" > Index: lib/libjail/jail.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- lib/libjail/jail.c (revision 232240) > +++ lib/libjail/jail.c (working copy) > @@ -885,36 +885,20 @@ > * the "no" counterpart to a boolean. > */ > nname =3D nononame(jp->jp_name); > - if (nname !=3D NULL) { > - snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname); > - free(nname); > - miblen =3D sizeof(mib) - 2 * sizeof(int); > - if (sysctl(mib, 2, mib + 2, &miblen, desc.s, > - strlen(desc.s)) >=3D 0) { > - mib[1] =3D 4; > - desclen =3D sizeof(desc); > - if (sysctl(mib, (miblen / sizeof(int)) + 2, > - &desc, &desclen, NULL, 0) < 0) { > - snprintf(jail_errmsg, > - JAIL_ERRMSGLEN, > - "sysctl(0.4.%s): %s", desc.s, > - strerror(errno)); > - return (-1); > - } > - if ((desc.i & CTLTYPE) =3D=3D CTLTYPE_INT && > - desc.s[0] =3D=3D 'B') { > - jp->jp_ctltype =3D desc.i; > - jp->jp_flags |=3D JP_NOBOOL; > - jp->jp_valuelen =3D sizeof(int); > - return (0); > - } > - } > + if (nname =3D=3D NULL) { > + unknown_parameter: > + snprintf(jail_errmsg, JAIL_ERRMSGLEN, > + "unknown parameter: %s", jp->jp_name); > + errno =3D ENOENT; > + return (-1); > } > - unknown_parameter: > - snprintf(jail_errmsg, JAIL_ERRMSGLEN, > - "unknown parameter: %s", jp->jp_name); > - errno =3D ENOENT; > - return (-1); > + snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname); > + free(nname); > + miblen =3D sizeof(mib) - 2 * sizeof(int); > + if (sysctl(mib, 2, mib + 2, &miblen, desc.s, > + strlen(desc.s)) < 0) > + goto unknown_parameter; > + jp->jp_flags |=3D JP_NOBOOL; > } > mib_desc: > mib[1] =3D 4; > @@ -925,6 +909,16 @@ > "sysctl(0.4.%s): %s", jp->jp_name, strerror(errno)); > return (-1); > } > + jp->jp_ctltype =3D desc.i; > + /* If this came from removing a "no", it better be a boolean. */ > + if (jp->jp_flags & JP_NOBOOL) { > + if ((desc.i & CTLTYPE) =3D=3D CTLTYPE_INT && desc.s[0] =3D=3D 'B') { > + jp->jp_valuelen =3D sizeof(int); > + return (0); > + } > + else if ((desc.i & CTLTYPE) !=3D CTLTYPE_NODE) > + goto unknown_parameter; > + } > /* See if this is an array type. */ > p =3D strchr(desc.s, '\0'); > isarray =3D 0; > @@ -935,7 +929,6 @@ > p[-2] =3D 0; > } > /* Look for types we understand. */ > - jp->jp_ctltype =3D desc.i; > switch (desc.i & CTLTYPE) { > case CTLTYPE_INT: > if (desc.s[0] =3D=3D 'B') --IiVenqGWf+H9Y6IX Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEbBAEBCAAGBQJPTWr4AAoJEFJPDDeguUajSWMH+JsG24+/5+lbw1oxGb3q+u88 0CZrNSb5vazYquo0BprTyKn7CvkOpK8DiAtShF3tt+bnoZdbeGdxlr1Juyh8xX1q BhXsWZ/4/fEjSvEXwrYCiKh9xGyQUcF9baoEBfmkTa+zVptYEMZR7Rwuza821Kp9 b4LakIqpOVJUmC5f3xSBi+owxyPyPAP8BwaIV0uJv8tXzBxODDpw4ZAJtkS4O+uq K10Oue9oLQxFQZEAUiX9rMxVltvcUZdwMRNVcsv2dOl0Q24kWaHzlM8YhXQmWBp0 Y+JJV2550QkYMRWiL/bgdTdpmr68+Tw5J9epz/HndAxnSaG57KMsxLAsRF1O6A== =840n -----END PGP SIGNATURE----- --IiVenqGWf+H9Y6IX--