On 2007.07.27 17:12:34 +1000, Joel Hatton wrote: > I'm dredging up an old issue here, but it appears to be unresolved in > RELENG_5_5 at this time. After upgrading to 5.5-RELEASE-p14, I found that > my jails wouldn't start anymore, and it comes down to this bit again. By > way of explanation, I'll include the patch for what I changed. > > --- /tmp/jail Wed Feb 14 15:16:30 2007 > +++ /etc/rc.d/jail Fri Jul 27 13:46:51 2007 > @@ -218,7 +218,7 @@ > { > local _device _mountpt _rest > > - while read _device _mountpt _rest; do > + cat ${jail_fstab} | while read _device _mountpt _rest; do > case ":${_device}" in > :#* | :) > continue > > In short, the jail_mount_fstab function is not given the fstab file on > which the local variables depend. My patch may not be the most robust but > for me today it is expedient.
Hey, Yes, looking at the code now it is clearly wrong. Guess I/we (secteam) stared too much at the code so we missed this issue :-/. Your patch is very close to the "correct"/cleaner patch which is attached. How exactly does it fail without your patch? Does it say "cannot open : No such file or directory" and then no jails start when booting (that would be my guess from a quick check of the bug)? Would it be possible for you to test the attached patch and see if it fixes the issue for you? > Sorry if this has been discussed already, but I was surprised that this > hadn't been fixed yet. It certainly would have caused some anxious moments > if I'd upgraded a prod server with multiple jails before I realised! I haven't heard of this issue before, so not many people are using 5.5 with jails. The bug was certainly introduced as a merge error in the with the patch for FreeBSD-SA-07:01.jail. As this is clearly a bug in a Security Advisory patch and RELENG_5 / RELENG_5_5 are still supported I expect that an updated advisory will be released to fix this bug shortly. Thanks for reporting the issue, and sorry about the bad patch :-(. -- Simon L. Nielsen Hat: FreeBSD Security Team and pointyhat
Index: jail =================================================================== RCS file: /home/ncvs/src/etc/rc.d/jail,v retrieving revision 1.15.2.5.2.1 diff -u -d -r1.15.2.5.2.1 jail --- jail 11 Jan 2007 18:19:33 -0000 1.15.2.5.2.1 +++ jail 27 Jul 2007 08:49:37 -0000 @@ -228,7 +228,7 @@ warn "${_mountpt} has symlink as parent - not mounting from ${jail_fstab}" return fi - done <${_fstab} + done <${jail_fstab} mount -a -F "${jail_fstab}" }
pgpfkwZGUCy2V.pgp
Description: PGP signature