From nobody Fri Sep 27 12:01:07 2024 X-Original-To: freebsd-jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XFTZf4fHbz5XvfJ for ; Fri, 27 Sep 2024 12:01:14 +0000 (UTC) (envelope-from quentin.thebault@defenso.fr) Received: from PR0P264CU014.outbound.protection.outlook.com (mail-francecentralazon11022094.outbound.protection.outlook.com [40.107.161.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XFTZd1sHMz4kCr for ; Fri, 27 Sep 2024 12:01:12 +0000 (UTC) (envelope-from quentin.thebault@defenso.fr) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=defenso.fr header.s=selector1 header.b=qL5U1FbJ; spf=pass (mx1.freebsd.org: domain of quentin.thebault@defenso.fr designates 40.107.161.94 as permitted sender) smtp.mailfrom=quentin.thebault@defenso.fr; dmarc=pass (policy=reject) header.from=defenso.fr; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=c5CIdvA54xZt/OaqEihl+yoMqgbA1ZvK60wRUcF8zuLABxkmD/oCCmEtWk/F0kHIXRMsyVCEN0v8lqR19wrNQJLy+CnnXPLXZHoMd6ohu51vvs4Vf5PGAkqLYznFQLhVHpn2qUKzopwduFnWSw/2vuVse2hc9BvTmrxrNGeWZPw8XccVGbHR27TWu/uNQUlIPvT181eIyxtkLQQSzhT9G0oLXGS3+CnIeZfP5muGcy0xIehSplDmPeGTk+9GhazvPGOae/tJO53mum9VjWEhrFgZVnMxDRhcnZy5Cy33DRMNLuPg6qYhKDY8qE/YbSClYbvsFYcCbdNdDdXtMCGLFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sf26xW9Z6d4GJEe5iFgceE4Dj5cd770P7aZtRXrqgig=; b=aTDmLzDL5Gby/o/EbfeItyRj8ogNS2MZHtzWgX9GbUUh6Um1dpal6ixdMJQlTngAy8G1bsHASkXBZs6ecXZNLEuFgOSFh8g/epFkoAbdrSC3tl5V2wOLKSX3U6o+qCNliQ39nSaNFrOu2yQIfri2hXNPVZtkkCvAJz8eKhgzaBWIWf/+JBPu27q5HSDjq0uJpC7WElKB6qhwrOhTzaZ8mHSlNP/oz07IBQlarzT2eeDz+GzUrysRqZX6TA9L4hebJjZsZUizrzZNS/gx6RaObNK8ZzdoorqvJKPGJ6oYvjd9APDfpMEYn7yNUJXIaL0X8nxV21TegFc3OazPx/tT4w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=defenso.fr; dmarc=pass action=none header.from=defenso.fr; dkim=pass header.d=defenso.fr; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=defenso.fr; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sf26xW9Z6d4GJEe5iFgceE4Dj5cd770P7aZtRXrqgig=; b=qL5U1FbJ7DNZpM7yQvLH6bZI17OPLpiidnScAhu2GLYi2FTqPhHxNkuv8UhIPGfKxpHzSdtenQsq9zyO/xnv8xb8veCTd6CuU8Ock8WW4X86N6hQG1EEht5EsqXiDmdJwGjIiDgrpP6hnp6mr4LUwMYsTQCsta+3Cr9ewHvenFkVDfCJKghPk3n3rH7Kn7Cu9fkfGNwc6/96qJR1TbcU04xbXpcblycjh60bRGEEo9Y/pRDM7nk9vwxAX7r6xEyQvuvbWnTaoudEzqPRHVRaKJeNOF2OYyJdZF60BzInWb7sycVFL9XdFZpEgWXM6Y0VnRCt5RnZrn4pWe3n0y8Odw== Received: from PR1P264MB2279.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:1b4::22) by PAZP264MB2877.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:1f4::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8005.23; Fri, 27 Sep 2024 12:01:08 +0000 Received: from PR1P264MB2279.FRAP264.PROD.OUTLOOK.COM ([fe80::59d1:ca05:105e:e0ab]) by PR1P264MB2279.FRAP264.PROD.OUTLOOK.COM ([fe80::59d1:ca05:105e:e0ab%6]) with mapi id 15.20.8005.020; Fri, 27 Sep 2024 12:01:07 +0000 From: =?iso-8859-1?Q?Quentin_Th=E9bault?= To: "freebsd-jail@freebsd.org" Subject: Devfs error with hierarchical jails Thread-Topic: Devfs error with hierarchical jails Thread-Index: AQHbENIVeXGn6hvSOEu41OwT94XIXQ== Date: Fri, 27 Sep 2024 12:01:07 +0000 Message-ID: Accept-Language: fr-FR, en-US Content-Language: fr-FR X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PR1P264MB2279:EE_|PAZP264MB2877:EE_ x-ms-office365-filtering-correlation-id: 9a9231fb-181f-461c-a195-08dcdeec11f1 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|376014|1800799024|366016|38070700018; x-microsoft-antispam-message-info: =?iso-8859-1?Q?Ycb4YxMnoax1Aewjy5dFXmB4L5F5QBCAETtgoUcYlzylS9i56sv9XC5lbc?= =?iso-8859-1?Q?vZ4XQkC9m0pVuGfoFTKnFrlb7Her0ntp2uAYZffmbiNppvmOvKwpofHl19?= =?iso-8859-1?Q?YUXyzQprgz0CVgsC5fw9V37+VNfCT3BVLz1TNAOsXpVWoCVABhq1drhOKr?= =?iso-8859-1?Q?6vV6mU9ks9mt09ywqqFZQrmu/6Hl5OnhDFsRHuvfBOSwgrOtM2Zets+xmr?= =?iso-8859-1?Q?Me0Nada41pfTmLlb+McU9C5yz3THzJx7/8EFEjzOz8vVKMX5w8ZjIwsJdY?= =?iso-8859-1?Q?byjoY68QBT4r8/YajYkV+OiqnXLme0ZVYFvBFxJQVzVd8oJutdQ7gM8J/7?= =?iso-8859-1?Q?dY9Iwfr91noBv8N/j2xsZ5f11RY34bARs1k24az+WELjnUB3I+5lm5cg6G?= =?iso-8859-1?Q?zE+Mv7K5w8U8wN4GedVCEn6ZI4ihIaMrfB5/swTyMC538oXkKsULC3kkbe?= =?iso-8859-1?Q?9oUGL6Lx5dPylpfKHeSqsWr4fm9rODfsdPDl+i4RIJgcHTehPhm/KAW1nL?= =?iso-8859-1?Q?zT6mzxYuoZw8eU5CYGulkoySSbJkNu4syLSVmAsXP4EOwrNadyfpvTrQDI?= =?iso-8859-1?Q?gTCouf+IEag47b59RJtFEehyvF22QvzoljgeboFMEJCwmI7ZlyDhC7yxdz?= =?iso-8859-1?Q?micZdZiE1Vs4yLsJP/X/EQNfTbCNHMTnUnyQS5IAzStiae+dvs4VUKkJMV?= =?iso-8859-1?Q?A1nQe2cnOt73B03lOrfvQOryChdd5dZwD1W2AG74xw/jlborz44TDOEYSd?= =?iso-8859-1?Q?wFPvv2h/jPJsTHvPqwE1YQIwc4uVqFkR8uM9xiWdc7F8Em9B91MXB1fjRi?= =?iso-8859-1?Q?pJU0DBqptyUoCa4Ibakz4JDSr/1s5JciiuhWBl1qDDPTJWWRhQ9ccFptcV?= =?iso-8859-1?Q?GZGu0rD4ie5EUuJwQaOoVTKpCpwZg0Gd6mnbfOxmXBrVlhEZ2SViRj1bR+?= =?iso-8859-1?Q?4wCBub0Qcm9wp33CG5lYP7lNF8yo80T/wZEol8ebqIYT2z3XlcIHYSfsub?= =?iso-8859-1?Q?4rqQCUOzv0ZWdSA5ZbxkrN54fruXI0CYfr+kb+r3d0iWcPgAOdflsmt7Qg?= =?iso-8859-1?Q?qz8PvpHfHHNtP+HdOSPS8Ie9MD3dy0zzt2FmMfybkiu1o0S4B4mLZEN307?= =?iso-8859-1?Q?CwlFJJCBLxUztq+zzyYhK7GQaGKE2FuTVE0uTZ4AoJ83thgGEuLGIlwTYA?= =?iso-8859-1?Q?Wudl/p/YQxY6UNVkU06GtaVndl+1Wc77LUalI+aXj6EqsOM3oZGnl3TSAw?= =?iso-8859-1?Q?v8iIPdh/LCDbN99MaYUIshv7kWfBlkjUYIuKqb3to9P14wDoBe+K00LMW6?= =?iso-8859-1?Q?Dq5UzpMqDrMDX4+TE83r+GBEhr7BaijXukKj7hV3alK7+jXERWzovMshL4?= =?iso-8859-1?Q?+86CluHJtSelLZYeBLIbDEURTUQ5O4GnK+ybGYQJ1U3bGLhyW5zLeXmGjW?= =?iso-8859-1?Q?TH1dMYHll/ldB5P/ajfrlxB+veZ9dOAvTWrCRg=3D=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PR1P264MB2279.FRAP264.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?rCH7xneXWhoCKnjcRFhoBPDWCgrEw8AVgkwSa+S2ViXemvOqjYfboAIWHK?= =?iso-8859-1?Q?7zjwFdk8ch4GWwt2adSIKrN5y8ehQfzyQPodW/3GT8Unxe9I3l2guUkbo3?= =?iso-8859-1?Q?DeYKdTKLnVFqk4v/xfhzYlNi4RWxnqYvBexU+PZ+pf/ZX/TVQ/NgggH70+?= =?iso-8859-1?Q?EGBN1EzUHHYrd5gwrsrhVanzeGixllBaK9WZ/Bs93jsX207xMOHbfo8iTQ?= =?iso-8859-1?Q?7S9bbUynMXJqJg3QkWMa91+33lTW4lUAIwuhQaXagJj1vIBU9DAZcaVjS0?= =?iso-8859-1?Q?oW0hIrhJLYrEr+p0db/SFXX7zPMT9czNZEITEHAFxobmqgCpGwWb20nLWN?= =?iso-8859-1?Q?BdOTJhFlgX0UPWdepediMkr3U0mUOWm6G6+AKK0vPuJIDaZ7uhwJXugXrD?= =?iso-8859-1?Q?r/kY1uBAxEaaiWuio7PROL2ouo4IfrnfAEsHknEeCnf8BeJc4pHF9I7+ZX?= =?iso-8859-1?Q?gpYJvCQm+kwNHwDPHmbSE3sk2ELs+NMAu2yqOx4i542kBNpbnnd0UwLVe6?= =?iso-8859-1?Q?df6PFeluSbJi2augBcOYGUGNpiiH6DwTTJcD01y8lT1U1cBrqKudtaWTSM?= =?iso-8859-1?Q?u3PwQoqzw5BdN2zFzd+Pf2aePiBvyz95BCkJZz+P1z8GP0vZSXsxWQr7kR?= =?iso-8859-1?Q?NBDxijZk43lxx84lqGLVEPTxa/E9MObMHV9KLfLrvRJNh0Ug3WQ/+fjUtE?= =?iso-8859-1?Q?HnvREvaJhMC2MaTX3If2btFxWh3UUKOD5RBWO23s7Smfk77qzjqMRnXaa1?= =?iso-8859-1?Q?7mOna1Y48yOQ0feGdarM3J72njC7utlJIyoCSP6djgn01UrWA21j9MM8Lc?= =?iso-8859-1?Q?DUSRnOl2a3HAFr1R+IShC5gkPvKY39PMJm1YIAqmYPufC30bA69MLeaDba?= =?iso-8859-1?Q?1jJCnGL0UwPBD4kxdXvlfefBHe7W5ahg86v4xgIuNKRF3gRX+ZMR+Vk4dK?= =?iso-8859-1?Q?O/OFsbCE1D9LWacswfK66JqtRk6GppPjimfGIIHHNK5ptg5wu5B6FhQnMa?= =?iso-8859-1?Q?zyRF8in/1JTd5RE6lIqDGwcvbf111E7wOzwBelTD9Evi0QjA7c/wDnGGbN?= =?iso-8859-1?Q?LE+NNyE9lvYvfoG/AU6J0JobxJ8PkvAXMcXYKLx9zU337dhDRiwR6WrBxs?= =?iso-8859-1?Q?w8eTnJOFJSxzF9zMLZ9Y2b/NZR3pqAAHgAOTg1cmlOheMZ3Qt/LzuMcozl?= =?iso-8859-1?Q?je9VeSwHp0iqD3N6nxqzfYWVPvhqy3ItrPlPFqD8UcQsg5A2sPcH/rmM5u?= =?iso-8859-1?Q?sw8vtlSwYQIyaoHSLLc3zmrQUdzGZxtTrdjDWp3l6iNLIfUKs+qPnC8b+n?= =?iso-8859-1?Q?2uqxvEYttEMSbDkMTvzHCyJZzreLJVDgBHz4BTvPSlZuJaJSETeKfYnICQ?= =?iso-8859-1?Q?jDFtJkj6vjshiTHPmgwZXYwkoJuM8ZcgMV3u6FJQtUMPezC2PBgmSQ+r+Y?= =?iso-8859-1?Q?by6cPLQ4nPPSPVhEh2G8WVKW1N0T0w+5QMfBPJxnbQoIY6y8wIacnG1SbF?= =?iso-8859-1?Q?iK8URHI7To2vpvbsSAsni9T9kmv/EjgB8HcSrsRzM4WDvIMbM41mFm5DtS?= =?iso-8859-1?Q?8MjO12MIoRpyR/cp5dydbLO0dxKo/IuJX/HoZoQpmsntByFXDJMt79QPZe?= =?iso-8859-1?Q?KpN8mx+esv/4HTvy63HA1FyPWpuykfFICz?= Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@FreeBSD.org MIME-Version: 1.0 X-OriginatorOrg: defenso.fr X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PR1P264MB2279.FRAP264.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 9a9231fb-181f-461c-a195-08dcdeec11f1 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Sep 2024 12:01:07.4166 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 79487698-007c-4d2f-a091-9871a87877d6 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: XQdgvtgQXXWyVorpAbnlrGa+ePLklvoveFNBfwV673Z/UjkIYPJzo4MGnHRAHF7+KK0O9XGU0sG2tpsgmzw2zUkFlsKCbW4YAkhTqiMVDM8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAZP264MB2877 X-Spamd-Result: default: False [-4.37 / 15.00]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector10001:i=1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; R_MIXED_CHARSET(0.63)[subject]; DMARC_POLICY_ALLOW(-0.50)[defenso.fr,reject]; R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16]; R_DKIM_ALLOW(-0.20)[defenso.fr:s=selector1]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_ONE(0.00)[1]; MISSING_XM_UA(0.00)[]; ASN(0.00)[asn:8075, ipnet:40.104.0.0/14, country:US]; MIME_TRACE(0.00)[0:+]; RWL_MAILSPIKE_POSSIBLE(0.00)[40.107.161.94:from]; MLMMJ_DEST(0.00)[freebsd-jail@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; TO_DN_EQ_ADDR_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DKIM_TRACE(0.00)[defenso.fr:+] X-Rspamd-Queue-Id: 4XFTZd1sHMz4kCr X-Spamd-Bar: ---- Hi,=0A= =0A= I am trying to make iocage usable in hierarchical jail scenarios.=0A= I think I solved most issues in the code, but devfs is giving me a hard tim= e. =0A= =0A= I put the following configuration both at the level1 and level2 jail:=0A= - allow_mount=3D1=0A= - allow_mount_devfs=3D1=0A= - enforce_statfs=3D1 (tried with 0 too but no change)=0A= - devfs_ruleset=3D0=0A= I also set children_max to 10 for the level1 jail.=0A= =0A= All the DEVFSIO_RADD errors I had went away when I added the ruleset=0A= setting, but I am still getting DEVFSIO_SGETNEXT and DEVFSIO_RGETNEXT=0A= related errors when I try to start the jail:=0A= =0A= > root@jaildev:~/iocage # iocage start thick=0A= > * Starting thick=0A= > devfs rule: ioctl DEVFSIO_SGETNEXT: Operation not permitted=0A= > devfs rule: ioctl DEVFSIO_RGETNEXT: Operation not permitted=0A= > + Start FAILED=0A= > mount: .: Operation not permitted=0A= > jail: ioc-thick: /sbin/mount -t devfs -oruleset=3D1000 . /iocage/jails/th= ick/root/dev: failed=0A= =0A= Any idea what's going on and how to fix this? Did I miss something?=0A= I tried to look for these DEVFSIO constants but even looking at the source= =0A= I don't really find any indication on what's wrong. =0A= =0A= Kind regards,=0A= --=0A= Quentin TH=C9BAULT=0A= =0A=