git: 4deff63c5d78 - stable/13 - gssd: Improve failure message when running in a jail
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 11 Jun 2023 20:09:03 UTC
The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=4deff63c5d7837d74ea2cafc0f0373b11daf143e commit 4deff63c5d7837d74ea2cafc0f0373b11daf143e Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2023-05-28 18:06:27 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2023-06-11 20:07:55 +0000 gssd: Improve failure message when running in a jail If a jail is not correctly configured to run nfsd(8) in the jail, gssd(8) cannot run. This patch improves the failure message for this case. (cherry picked from commit 697727110b68e483c320d834bcbcdf01c01142a1) --- usr.sbin/gssd/gssd.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/usr.sbin/gssd/gssd.c b/usr.sbin/gssd/gssd.c index 5589da37c195..92ecd8faaddb 100644 --- a/usr.sbin/gssd/gssd.c +++ b/usr.sbin/gssd/gssd.c @@ -35,6 +35,7 @@ __FBSDID("$FreeBSD$"); #include <sys/linker.h> #include <sys/module.h> #include <sys/queue.h> +#include <sys/sysctl.h> #include <sys/syslog.h> #include <ctype.h> #include <dirent.h> @@ -112,8 +113,9 @@ main(int argc, char **argv) * directly to us. */ struct sockaddr_un sun; - int fd, oldmask, ch, debug; + int fd, oldmask, ch, debug, jailed; SVCXPRT *xprt; + size_t jailed_size; /* * Initialize the credential cache file name substring and the @@ -243,7 +245,27 @@ main(int argc, char **argv) gss_next_id = 1; gss_start_time = time(0); - gssd_syscall(_PATH_GSSDSOCK); + if (gssd_syscall(_PATH_GSSDSOCK) < 0) { + jailed = 0; + if (errno == EPERM) { + jailed_size = sizeof(jailed); + sysctlbyname("security.jail.jailed", &jailed, + &jailed_size, NULL, 0); + } + if (debug_level == 0) { + if (jailed != 0) + syslog(LOG_ERR, "Cannot start gssd." + " allow.nfsd must be configured"); + else + syslog(LOG_ERR, "Cannot start gssd"); + exit(1); + } + if (jailed != 0) + err(1, "Cannot start gssd." + " allow.nfsd must be configured"); + else + err(1, "Cannot start gssd"); + } svc_run(); gssd_syscall("");