VNET jail and dhclient
Goran Mekić
meka at tilda.center
Wed Oct 11 19:48:45 UTC 2017
On Tue, Oct 10, 2017 at 09:10:37PM +0000, Oleg Ginzburg wrote:
> I think I found something, but I do not understand why this is only
> observed in jail and with commit change this.
> The problem about which the Goran wrote can be fixed with:
>
> # diff -ruN dhclient.c-orig dhclient.c
> --- dhclient.c-orig 2017-10-10 23:51:52.451361000 +0000
> +++ dhclient.c 2017-10-10 23:54:55.803404000 +0000
> @@ -479,6 +479,7 @@
>
> fork_privchld(pipe_fd[0], pipe_fd[1]);
>
> + pidfile_close(pidfile);
> close(ifi->ufdesc);
> ifi->ufdesc = -1;
> close(ifi->wfdesc);
>
>
>
>
> From pidfile(3) man page:
>
> The pidfile_close() function closes a pidfile. It should be used after
> daemon fork()s to start a child process.
>
>
> chroot(2) in dhclient return NOPERM (via global errno). it seems to be
> related to open descriptor outside the chroot.
>
> I'm not sure if this fd leak (due to pidfile_remove at the end of
> dhclient), nevertheless closing pid fd in my jail/FreeBSD12 before chroot
> solve dhclient issue.
I can confirm Oleg's patch works for me. Weird one, for sure!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20171011/32e6b929/attachment.sig>
More information about the freebsd-current
mailing list