Application Jail Shutdown Problem

James Gritton jamie at freebsd.org
Wed May 1 21:33:47 UTC 2019


On 2019-05-01 09:22, Michael W. Lucas wrote:
> On Wed, May 01, 2019 at 08:53:18AM -0600, James Gritton wrote:
>> On 2019-04-30 12:03, squiggly foo wrote:
>> > Hi All,
>> >
>> > I use the mount.fstab parameter to mount a number of file systems
>> > before starting a jail which works without any problem.  However since
>> > it is an application jail, there are no other processes running inside
>> > the jail other than the one application.  As soon as that application
>> > terminates the jail is removed by the host.
>> >
>> > This is actually my preferred behavior; I want the jail to be removed
>> > when the process inside of it terminates.  But the problem is that the
>> > mount points are not unmounted after the jail is removed that way.
>> > The only way I can get the jails to unmount is if I do a "jail -r
>> > jailname" which is what I want to avoid as I would not do that while
>> > the process inside the jail is still running.
>> >
>> >
>> > Does anyone know of a way for the jails to umount the mount points in
>> > its fstab file when the only process inside the jail exits?
>> 
>> No easy way.  Those filesystems have to be unmounted by somebody; the
>> jail can't do it because it doesn't have the permission (because it
>> didn't
>> mount them).  So some process needs to be watching to see when the 
>> jail
>> goes away.  That would be some kind of watcher that wakes up
>> occasionally
>> and sees if the jail is still there.  It might be nice to have some
>> kqueue
>> support for jails.
> 
> 
> Maybe I'm not understanding the problem.
> 
> Is there a reason why exec.poststop="umount -aF /whatever/jail.fstab"
> won't do the trick?

The works when it's jail(8) doing the removing.  But when the jail just
"runs out" on its own, because its last process has exited (and it 
didn't
have "persist" set), there is no jail(8) to run the stop scripts.  
Normally
I would recommend setting persist and explicitly destroying the jail 
later,
but that had already been mentioned as not preferred.

- Jamie


More information about the freebsd-jail mailing list