Hi all,
Reverting to 15.05 release fails to resolve the issue on x86_64 so I
suspect jails are simply broken on x86_64 due not following symlinks.
For some reason ar71xx does follow the symlinks and does not experience
this issue with the same commit.
Regards,
Daniel
On 2015-10-08 2:45 AM, Daniel Dickinson wrote:
Ok, I thought I had found the root cause but all I'm left with is that
symlinks aren't followed.
That is when procd-jail is installed and using procd_add_jail (or
manually executing ujail) on x86_64 using squashfs, on (for example)
/usr/sbin/ntpd (which is a symlink to /bin/busybox), then in syslog you
get (assuming you have correctly included all config/pid files that ntpd
depends on):
Thu Oct 8 06:33:12 2015 user.err syslog: jail: failed to spawn child
/usr/sbin/ntpd: No such file or directory
Using strace I see that the mounts are occuring correctly and the
necessary files are found, but execve of /usr/sbin/ntpd returns ENOENT.
I took a closer look and realized that e.g. /bin/busybox and the actual
libraries that are the target of the so versions listed by ldd (i.e. the
so versions points to a symlink which points to the actual fully
verisoned so, such as the uClibc dependencies of busybox) were not being
mounted.
I added the targets of the symlinks to procd_add_jail_mount and lo and
behold the jailed daemon started correctly.
In short, at least on x86_64 with squashfs rootfs the symlinks are not
being followed.
The behaviour was correct on previous version of Chaos Calmer (release
commit) on ar71xx and it was not necessary to add the symlink targets to
procd_jail_mount in that case.
Regards,
Daniel
On 2015-10-08 2:18 AM, John Crispin wrote:
On 08/10/2015 06:01, Daniel Dickinson wrote:
Hi again,
It turns out the problem isn't Etienne's code, it is the fstools update
in revision 47083.
This causes symlinks to not be followed which breaks procd-jail even
though the real issue is that procd-jail was in fact only working due to
broken behaviour.
Regards,
Daniel
On 2015-10-07 11:16 PM, Daniel Dickinson wrote:
Hi all,
In Chaos Calmer revision 46996 which bumps procd to latest git breaks
jails because Etienne's code fails to follow symlinks.
This is a major problem because especially for libraries symlinks are
what is reported int the ELF header (and for busybox 'binaries', or
other multicall binaries failure to follow symlinks also fails).
This results in jails failing with ENOENT due to inability to find the
needed binaries.
Regards,
Daniel
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
wanna be a bit more specific ?
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
