From owner-freebsd-jail@freebsd.org Mon Oct 31 18:50:41 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EB93FC278C1 for ; Mon, 31 Oct 2016 18:50:41 +0000 (UTC) (envelope-from list+org.freebsd.jail@io7m.com) Received: from mail.io7m.com (io7m.com [159.203.63.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.io7m.com", Issuer "arc7 CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AF9EE1B73 for ; Mon, 31 Oct 2016 18:50:41 +0000 (UTC) (envelope-from list+org.freebsd.jail@io7m.com) Received: from copperhead.int.arc7.info (cust187-dsl61.idnet.net [212.69.61.187]) by mail.io7m.com (Postfix) with ESMTPSA id 4A17718A567 for ; Mon, 31 Oct 2016 18:50:40 +0000 (UTC) Date: Mon, 31 Oct 2016 18:50:38 +0000 From: list+org.freebsd.jail@io7m.com To: freebsd-jail@freebsd.org Subject: Re: Jail fails to unmount a directory Message-ID: <20161031185038.1c5f3a4d@copperhead.int.arc7.info> In-Reply-To: <20161031184531.200cac37@copperhead.int.arc7.info> References: <20161031170602.70b7d325@copperhead.int.arc7.info> <58178854.2030403@gmail.com> <20161031184531.200cac37@copperhead.int.arc7.info> Organization: io7m.com MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/4utMIofxlY+3GUQ3eRE=Vqt"; protocol="application/pgp-signature" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Oct 2016 18:50:42 -0000 --Sig_/4utMIofxlY+3GUQ3eRE=Vqt Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On 2016-10-31T18:45:31 +0000 list+org.freebsd.jail@io7m.com wrote: > On 2016-10-31T14:07:16 -0400 > Ernie Luzar wrote: > >=20 > > The correct way to stop the jail is to issue this command from the host= =20 > > command line > >=20 > > host# jail -v -f com.example.service0.conf -r com_example_service0 =20 >=20 > Hello. >=20 > The problem with this is that jails can end up in this broken, undead > state. It seems rather nasty that the created process could crash, > leaving a nonexistent jail with no processes that nevertheless can't be > restarted without first "destroying" it, even though it appears to have > already gone! How is an administrator even supposed to know that a jail > that doesn't appear in the output of `jls` must be destroyed before it > can be started? >=20 > M >=20 And, in fact, having just tried it, it doesn't work: host# jail -v -f com.example.service0.conf -c com_example_service0 com_example_service0: run command: /sbin/ifconfig em0 inet 127.0.0.2 netmas= k 255.255.255.255 alias com_example_service0: run command: /sbin/mount -t nullfs -o ro,noauto /usr/= jail/base /usr/jail/com.example.service0/base com_example_service0: jail_set(JAIL_CREATE) persist name=3Dcom_example_serv= ice0 host.hostname=3Dcom.example.service0 ip4.addr=3D127.0.0.2 path=3D/usr/= jail/com.example.service0 com_example_service0: created com_example_service0: run command in jail: /bin/sh # exit com_example_service0: jail_set(JAIL_UPDATE) jid=3D14 nopersist host# jail -v -f com.example.service0.conf -r com_example_service0 jail: "com_example_service0" not found host# jail -v -f com.example.service0.conf -c com_example_service0 com_example_service0: run command: /sbin/ifconfig em0 inet 127.0.0.2 netmas= k 255.255.255.255 alias com_example_service0: run command: /sbin/mount -t nullfs -o ro,noauto /usr/= jail/base /usr/jail/com.example.service0/base mount_nullfs: /usr/jail/com.example.service0/base: Resource deadlock avoided jail: com_example_service0: /sbin/mount -t nullfs -o ro,noauto /usr/jail/ba= se /usr/jail/com.example.service0/base: failed com_example_service0: run command: /sbin/ifconfig em0 inet 127.0.0.2 netmas= k 255.255.255.255 -alias host# --Sig_/4utMIofxlY+3GUQ3eRE=Vqt Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIrBAEBCgAVBQJYF5J+DhxtYXJrQGlvN20uY29tAAoJEAKt2nV+RgR4uCQP/RcP uduH8xCZXYbTm9P8LEnjZNcCQaxRDR3TTzvUHS6Y8jGF1HQRWY21Ii3Vd7Q3QZ4y 7DUFYuNwQo2BbgpYz+TTfpfLgReQkmtBp/WKGJIaVUz6rjrCVdvCp9EkC0xmkDYX UDoZBmvJ6gGkf9dcwaUgy7ut3raWq/VwaxgBJfOBDRs5pqFpv7BMwM3/EgbcnMg8 XyyyDK6t/2HeGA0MuRgZ7e9a/w5GNhayP51Xi2u/oiNyPjc9tYUyO042UIAs5OTM AlnEoPeSfiu52Y8q5rdCBrZo+En2NRv7kG9N2hFH1qc1T6FYZvTPsaZCbpN6bNXa Rz+BPIsNGffhcTftl2tpqx6WEAfb6CXGiOmDM1BZKWlUoaXZUVHd/QdBKUbE/o43 sbcMMPJ2zq0vjhTjC16yQ5/esj1rWAxQ27BUrd1Xk2AcfZz0QY93KUHyk9fgsK5N H4OyZMokmHvNWSChwDNfJwmkOAS/4R7C7cRd2HLnAFSpngY9sX2ldS/VNreyGF4B WaMn3mKi+vMpwlIGxHnwR3GXd+ZNOD/OvMaYv9Q02n4o11agU03PXgkYSQuxUvVo z0PHCJO8UCOoI13aSXHRbmx3oEIT2C2UjosxTDhJhDKLDvUEkoiNUUEIDMAmS+Si qCfActnrn8Ifo7/wuTD1zVnmOqq3sUamBs/ze/9M =6mUZ -----END PGP SIGNATURE----- --Sig_/4utMIofxlY+3GUQ3eRE=Vqt--