bin/165515: [jail][patch] "jail: unknown parameter: allow.nomount" when starting jail

Glen Barber gjb at FreeBSD.org
Wed Feb 29 00:30:17 UTC 2012 

The following reply was made to PR bin/165515; it has been noted by GNATS.

From: Glen Barber <gjb at FreeBSD.org>
To: Jamie Gritton <jamie at FreeBSD.org>
Cc: freebsd-gnats-submit at FreeBSD.org, freebsd-jail at FreeBSD.org,
	Martin Matuska <mm at FreeBSD.org>
Subject: Re: bin/165515: [jail][patch] "jail: unknown parameter:
 allow.nomount" when starting jail
Date: Tue, 28 Feb 2012 19:02:00 -0500

 --IiVenqGWf+H9Y6IX
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 Hi Jamie,
 
 This patch fixes the problem for me.
 
 Thank you!
 
 Glen
 
 On Tue, Feb 28, 2012 at 03:36:20PM -0700, Jamie Gritton wrote:
 > The allow.mount parameter recently changed in a subtle way - it's now
 > a node (to e.g. allow.mount.devfs) as well as a parameter in its own
 > right. This confused libjail which knows how to handle such parameters
 > as long as they're not boolean.
 >=20
 > I'm including my proposed fix to libjail. This this fix, allow.nomount
 > should once again work, as should allow.mount and other things such as
 > allow.quotas/allow.noquotas should work as they did before.
 >=20
 > - Jamie
 >=20
 >=20
 > On 02/27/12 18:21, Glen Barber wrote:
 > >
 > >> Number:         165515
 > >> Category:       bin
 > >> Synopsis:       [jail][patch] "jail: unknown parameter: allow.nomount"=
  when starting jail
 > >> Confidential:   no
 > >> Severity:       non-critical
 > >> Priority:       low
 > >> Responsible:    freebsd-bugs
 > >> State:          open
 > >> Quarter:
 > >> Keywords:
 > >> Date-Required:
 > >> Class:          sw-bug
 > >> Submitter-Id:   current-users
 > >> Arrival-Date:   Tue Feb 28 01:30:07 UTC 2012
 > >> Closed-Date:
 > >> Last-Modified:
 > >> Originator:     Glen Barber
 > >> Release:        10.0-CURRENT r232116M
 > >> Organization:
 > >> Environment:
 > > FreeBSD nucleus 10.0-CURRENT FreeBSD 10.0-CURRENT #7 r232116M: Sun Feb =
 26 14:12:14 EST 2012     root at nucleus:/usr/obj/usr/src/sys/NUCLEUS  amd64
 > >> Description:
 > > On a recent -CURRENT, the jail(8) rc script fails to start jails.  This=
  seems to be caused by looking up a sysctl that does not exist.
 > >> How-To-Repeat:
 > > Create a minimalistic jail setup as follows:
 > >
 > >   nucleus# cat /etc/rc.conf.local
 > >   #
 > >   jail_enable=3D"YES"
 > >   jail_parallel_start=3D"YES"
 > >   jail_list=3D"cfm"
 > >   jail_cfm_hostname=3D"cfm"
 > >   jail_cfm_rootdir=3D"/jails/cfm"
 > >   jail_cfm_ip=3D"172.16.1.2"
 > >
 > > Start the jail with the rc(8) script:
 > >
 > >   nucleus# sh -x /etc/rc.d/jail start cfm
 > >   + . /etc/rc.subr
 > >   [...]
 > >   + eval '_x=3D"$jail_cfm_ip_multi0"'
 > >   + _x=3D''
 > >   + break
 > >   + echo ' cannot start jail "cfm": '
 > >    cannot start jail "cfm":
 > >   + tail +2 /tmp/jail.bJIDqW5x/jail.52395
 > >   jail: unknown parameter: allow.nomount
 > >
 > >> Fix:
 > > The attached patch fixes it for me.
 > >
 > >
 > > Patch attached with submission follows:
 > >
 > > Index: usr.sbin/jail/jail.c
 > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 > > --- usr.sbin/jail/jail.c	(revision 232116)
 > > +++ usr.sbin/jail/jail.c	(working copy)
 > > @@ -84,7 +84,7 @@
 > >   	{ "security.jail.chflags_allowed",
 > >   	  "allow.nochflags", "allow.chflags" },
 > >   	{ "security.jail.mount_allowed",
 > > -	  "allow.nomount", "allow.mount" },
 > > +	  "allow.mount", "allow.nomount" },
 > >   	{ "security.jail.socket_unixiproute_only",
 > >   	  "allow.socket_af", "allow.nosocket_af" },
 > >   };
 > >
 > >
 > >> Release-Note:
 > >> Audit-Trail:
 > >> Unformatted:
 > > _______________________________________________
 > > freebsd-bugs at freebsd.org mailing list
 > > http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
 > > To unsubscribe, send any mail to "freebsd-bugs-unsubscribe at freebsd.org"
 
 > Index: lib/libjail/jail.c
 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 > --- lib/libjail/jail.c	(revision 232240)
 > +++ lib/libjail/jail.c	(working copy)
 > @@ -885,36 +885,20 @@
 >  		 * the "no" counterpart to a boolean.
 >  		 */
 >  		nname =3D nononame(jp->jp_name);
 > -		if (nname !=3D NULL) {
 > -			snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname);
 > -			free(nname);
 > -			miblen =3D sizeof(mib) - 2 * sizeof(int);
 > -			if (sysctl(mib, 2, mib + 2, &miblen, desc.s,
 > -			    strlen(desc.s)) >=3D 0) {
 > -				mib[1] =3D 4;
 > -				desclen =3D sizeof(desc);
 > -				if (sysctl(mib, (miblen / sizeof(int)) + 2,
 > -				    &desc, &desclen, NULL, 0) < 0) {
 > -					snprintf(jail_errmsg,
 > -					    JAIL_ERRMSGLEN,
 > -					    "sysctl(0.4.%s): %s", desc.s,
 > -					    strerror(errno));
 > -					return (-1);
 > -				}
 > -				if ((desc.i & CTLTYPE) =3D=3D CTLTYPE_INT &&
 > -				    desc.s[0] =3D=3D 'B') {
 > -					jp->jp_ctltype =3D desc.i;
 > -					jp->jp_flags |=3D JP_NOBOOL;
 > -					jp->jp_valuelen =3D sizeof(int);
 > -					return (0);
 > -				}
 > -			}
 > +		if (nname =3D=3D NULL) {
 > +		unknown_parameter:
 > +			snprintf(jail_errmsg, JAIL_ERRMSGLEN,
 > +			    "unknown parameter: %s", jp->jp_name);
 > +			errno =3D ENOENT;
 > +			return (-1);
 >  		}
 > -	unknown_parameter:
 > -		snprintf(jail_errmsg, JAIL_ERRMSGLEN,
 > -		    "unknown parameter: %s", jp->jp_name);
 > -		errno =3D ENOENT;
 > -		return (-1);
 > +		snprintf(desc.s, sizeof(desc.s), SJPARAM ".%s", nname);
 > +		free(nname);
 > +		miblen =3D sizeof(mib) - 2 * sizeof(int);
 > +		if (sysctl(mib, 2, mib + 2, &miblen, desc.s,
 > +		    strlen(desc.s)) < 0)
 > +			goto unknown_parameter;
 > +		jp->jp_flags |=3D JP_NOBOOL;
 >  	}
 >   mib_desc:
 >  	mib[1] =3D 4;
 > @@ -925,6 +909,16 @@
 >  		    "sysctl(0.4.%s): %s", jp->jp_name, strerror(errno));
 >  		return (-1);
 >  	}
 > +	jp->jp_ctltype =3D desc.i;
 > +	/* If this came from removing a "no", it better be a boolean. */
 > +	if (jp->jp_flags & JP_NOBOOL) {
 > +		if ((desc.i & CTLTYPE) =3D=3D CTLTYPE_INT && desc.s[0] =3D=3D 'B') {
 > +			jp->jp_valuelen =3D sizeof(int);
 > +			return (0);
 > +		}
 > +		else if ((desc.i & CTLTYPE) !=3D CTLTYPE_NODE)
 > +			goto unknown_parameter;
 > +	}
 >  	/* See if this is an array type. */
 >  	p =3D strchr(desc.s, '\0');
 >  	isarray  =3D 0;
 > @@ -935,7 +929,6 @@
 >  		p[-2] =3D 0;
 >  	}
 >  	/* Look for types we understand. */
 > -	jp->jp_ctltype =3D desc.i;
 >  	switch (desc.i & CTLTYPE) {
 >  	case CTLTYPE_INT:
 >  		if (desc.s[0] =3D=3D 'B')
 
 
 --IiVenqGWf+H9Y6IX
 Content-Type: application/pgp-signature
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (FreeBSD)
 
 iQEbBAEBCAAGBQJPTWr4AAoJEFJPDDeguUajSWMH+JsG24+/5+lbw1oxGb3q+u88
 0CZrNSb5vazYquo0BprTyKn7CvkOpK8DiAtShF3tt+bnoZdbeGdxlr1Juyh8xX1q
 BhXsWZ/4/fEjSvEXwrYCiKh9xGyQUcF9baoEBfmkTa+zVptYEMZR7Rwuza821Kp9
 b4LakIqpOVJUmC5f3xSBi+owxyPyPAP8BwaIV0uJv8tXzBxODDpw4ZAJtkS4O+uq
 K10Oue9oLQxFQZEAUiX9rMxVltvcUZdwMRNVcsv2dOl0Q24kWaHzlM8YhXQmWBp0
 Y+JJV2550QkYMRWiL/bgdTdpmr68+Tw5J9epz/HndAxnSaG57KMsxLAsRF1O6A==
 =840n
 -----END PGP SIGNATURE-----
 
 --IiVenqGWf+H9Y6IX--

More information about the freebsd-jail mailing list