[Bug 277210] jail(8): exec.clean retrieves PWD from user info (can cause services to crash on jail start-up)
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277210] jail(8): exec.clean retrieves PWD from user info (can cause services to crash on jail start-up)"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277210] jail(8): exec.clean retrieves PWD from user info (can cause services to crash on jail start-up)"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277210] jail(8): exec.clean retrieves PWD from user info (can cause services to crash on jail start-up)"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277210] jail(8): exec.clean retrieves PWD from user info (can cause services to crash on jail start-up)"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277210] jail(8): exec.clean retrieves PWD from user info (can cause services to crash on jail start-up)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 21 Feb 2024 11:55:25 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277210
Bug ID: 277210
Summary: jail(8): exec.clean retrieves PWD from user info (can
cause services to crash on jail start-up)
Product: Base System
Version: Unspecified
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: bugs@FreeBSD.org
Reporter: johannes.kunde@gmail.com
I recently ran into a problem where one of my services, configured via rc(8),
failed to start, but only if the corresponding jail was (re)started as a whole.
The same service (re)started without problems when running 'service foo start'.
Digging into the problem, I found out that in case 'exec.clean' has been set in
jail.conf(5), PWD is set to '/root' (only root:wheel can read here) when
(re)starting the jail,
but is set to '/' when running 'service foo start' from within the running
jail.
I think this behavior is caused by the following lines:
https://github.com/freebsd/freebsd-src/blob/main/usr.sbin/jail/command.c#L727-L797.
It is also not documented in the manpage that a chdir(2) happens with
'exec.clean'.
So far, I've found two ways to overcome this behavior. One is to omit
'exec.clean' in
jail.conf(5), the other is to set '${name}_chdir="/"' in the corresponding
rc(8) script.
However, I wanted to file this bug and discuss the problem, as I'm uncertain if
this behavior
is intended. When running the very same service on a FreeBSD host system (not
in a jail)
it starts up normally, because PWD will be "/" in any case. It's also quite
hard to trace
that issue down to the above lines, as there is no obvious error message other
than what
is printed out by the affected service itself.
The problem can be easily reproduced with the below C program and rc(8) script:
Compile the program with 'cc -o getcwd getcwd.c' and copy it to
'/usr/local/sbin'.
#include <unistd.h>
#include <limits.h>
#include <syslog.h>
int main() {
char cwd[PATH_MAX];
if (getcwd(cwd, sizeof(cwd)) != NULL) {
syslog(LOG_DEBUG, "Current working dir: %s\n", cwd);
} else {
syslog(LOG_DEBUG, "getcwd() error");
return 1;
}
return 0;
}
Copy the following script to '/usr/local/etc/rc.d/getcwd' and run 'chmod +x
/usr/local/etc/rc.d/getcwd'.
#!/bin/sh
#
# PROVIDE: getcwd
. /etc/rc.subr
name="getcwd"
rcvar="getcwd_enable"
command="/usr/local/sbin/${name}"
load_rc_config $name
: ${getcwd_enable:=NO}
run_rc_command "$1"
Run 'sysrc getcwd_enable="YES"'
Now do the following:
1. Restart the jail
2. Run 'service getcwd start'
3. Take a look at '/var/log/debug.log'
NOTE: This behavior is not bound to or related to any specific Jail-Manager.
--
You are receiving this mail because:
You are the assignee for the bug.