Jail fails to unmount a directory
James Gritton
jamie at freebsd.org
Tue Nov 1 13:23:09 UTC 2016
On 2016-10-31 11:06, io7m+org.freebsd.jail at io7m.com wrote:
> Hello.
>
> I have an incredibly trivial jail setup:
>
> /usr/jail/com.example.service0 is the root of the jail.
> /usr/jail/com.example.service0/base is an empty directory.
> /usr/jail/base is a directory containing binaries.
>
> I use the following jail configuration:
>
> com_example_service0
> {
> exec.start = "/bin/sh";
> host.hostname = com.example.service0;
> interface = em0;
> ip4.addr = 127.0.0.2;
> mount.fstab = /usr/jail/com.example.service0.fstab;
> path = /usr/jail/com.example.service0;
> }
>
> The /usr/jail/com.example.service0.fstab contains a single line:
>
> /usr/jail/base /usr/jail/com.example.service0/base nullfs ro,noauto 0 0
>
> I start the jail:
>
> host# jail -v -f com.example.service0.conf -c com_example_service0
> com_example_service0: run command: /sbin/ifconfig em0 inet 127.0.0.2
> netmask 255.255.255.255 alias
> com_example_service0: run command: /sbin/mount -t nullfs -o ro,noauto
> /usr/jail/base /usr/jail/com.example.service0/base
> com_example_service0: jail_set(JAIL_CREATE) persist
> name=com_example_service0 host.hostname=com.example.service0
> ip4.addr=127.0.0.2 path=/usr/jail/com.example.service0
> com_example_service0: created
> com_example_service0: run command in jail: /bin/sh
> # exit
> com_example_service0: jail_set(JAIL_UPDATE) jid=13 nopersist
> host#
>
> The jail is gone:
>
> host# jls
> JID IP Address Hostname Path
>
> However:
>
> host# df -h | grep service0
> # df -h
> Filesystem Size Used Avail Capacity
> Mounted on
> zroot/ROOT/default 13G 475M 13G 4% /
> devfs 1.0K 1.0K 0B 100% /dev
> zroot/tmp 13G 108K 13G 0% /tmp
> zroot/usr/home 13G 136K 13G 0%
> /usr/home
> zroot/usr/ports 13G 96K 13G 0%
> /usr/ports
> zroot/usr/src 13G 96K 13G 0%
> /usr/src
> zroot/var/audit 13G 96K 13G 0%
> /var/audit
> zroot/var/crash 13G 96K 13G 0%
> /var/crash
> zroot/var/log 13G 148K 13G 0%
> /var/log
> zroot/var/mail 13G 96K 13G 0%
> /var/mail
> zroot/var/tmp 13G 96K 13G 0%
> /var/tmp
> zroot 13G 96K 13G 0%
> /zroot
> zroot/jail 13G 249M 13G 2%
> /usr/jail
> zroot/jail/com.example.service0 13G 4.0M 13G 0%
> /usr/jail/com.example.service0
> /usr/jail/base 13G 249M 13G 2%
> /usr/jail/com.example.service0/base
>
> .. the /usr/jail/com.example.service0/base directory was not unmounted.
>
> What do I need to do to get the directory to be correctly unmounted
> when the jail ceases to exist?
There are two different conditions for a jail ceasing to exist. When
the jail is removed, i.e. with "jail -r", it will unmount directories
and clear IP address etc. But if the jail just goes away on its own,
jail(8) won't (often can't) do any of those things.
Your case is an example of a jail just "going away". A jail exists as
long as there's a process (or occasionally something else) attached to
it, or if it's marked "persist". Generally, your exec.start script is
expected to run some background server or other; perhaps a single
service process, or often a regular rc setup with at least syslogd and
cron running. But at least in this test setup you gave here, the
exec.start is just a single shell that then ends with nothing left
behind. Then when jail(8) takes off the temporary persist flag (which
was there so all its programs could run), there's nothing left to keep
the jail alive, and it silently goes away.
If your jail is truly meant to exist without attached processes, you'll
want to add the "persist" parameter to is definition.
- Jamie
More information about the freebsd-jail
mailing list