Date: Sun, 01 Feb 2015 08:42:45 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 197237] Jail mount ordering in FreeBSD 10 break ezjail image/crypto jails Message-ID: <bug-197237-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197237 Bug ID: 197237 Summary: Jail mount ordering in FreeBSD 10 break ezjail image/crypto jails Product: Base System Version: 10.1-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: freebsd-bugs@joe.mulloy.me The changes to jail and the jail rc script between 9 and 10 break ezjail image jails. Ezjail specifies the jailroot in an fstab file under /etc/fstab.jailname. The issue is that when the rc script autocreates /var/run/jail.jailname.conf it adds an entry to the mount parameter for procfs. The order that the jail command processes mounts is to mount things in the mounts config parameter first and them mount from fstab. When the root is in fstab this causes jail to try to mount proc before the root has been mounted, so mount returns an error because the directory ${jailroot}/proc does not exist. ezjail should probably be updated to create jail config files on 10+, however there is still an ordering issue if a user puts a mount in the config that is under a directory that is mounted in fstab. The ordering issue occurs in /usr/src/usr.sbin/jail/jail.c. The issue is that IP_MOUNT comes before IP__MOUNT_FROM_FSTAB. Of course reordering this would just break things in the opposite direction, so there would be an issue if a mount in fstab was under a mount that is in the config. # /usr/src/usr.sbin/jail/jail.c static const enum intparam startcommands[] = { IP__NULL, #ifdef INET IP__IP4_IFADDR, #endif #ifdef INET6 IP__IP6_IFADDR, #endif IP_MOUNT, IP__MOUNT_FROM_FSTAB, IP_MOUNT_DEVFS, IP_MOUNT_FDESCFS, IP_EXEC_PRESTART, IP__OP, IP_VNET_INTERFACE, IP_EXEC_START, IP_COMMAND, IP_EXEC_POSTSTART, IP__NULL }; # cat /var/run/jail.test3.conf # Generated by rc.d/jail at 2015-02-01 08:14:07 test3 { host.hostname = "test3"; path = "/usr/jails/test3"; ip4.addr += "10.2.1.152/32"; allow.raw_sockets = 0; exec.clean; exec.system_user = "root"; exec.jail_user = "root"; exec.start += "/bin/sh /etc/rc"; exec.stop = ""; exec.consolelog = "/var/log/jail_test3_console.log"; mount.fstab = "/etc/fstab.test3"; mount.devfs; mount.fdescfs; mount += "procfs /usr/jails/test3/proc procfs rw 0 0"; allow.mount; allow.set_hostname = 0; allow.sysvipc = 0; } # cat /etc/fstab.test3 /usr/jails/test3.device /usr/jails/test3 ufs rw 0 0 /usr/jails/basejail /usr/jails/test3/basejail nullfs ro 0 0 -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-197237-8>