[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Image and Crypto Jails are broken on FreeBSD 10



Here's a quick patch to workaround the issue.

-- /usr/local/bin/ezjail-admin 2015-02-02 06:40:14.517684529 +0000
+++ ezjail-admin        2015-02-02 06:39:07.012692125 +0000
@@ -763,6 +763,14 @@
   echo -n > /etc/fstab.${ezjail_safename}
   if [ "${ezjail_imagetype}" -a "${ezjail_imagetype}" != "zfs" ] ; then
     echo ${ezjail_devicelink} ${ezjail_rootdir} ufs rw 0 0 >> "/etc/fstab.${ezjail_safename}"
+    # Workaround for broken enable_procfs in FreeBSD >=10
+    if [ "`uname -r | sed 's/\..*//'`" -ge "10" ] ; then
+        . /etc/rc.subr
+        if checkyesno ezjail_procfs_enable ; then
+            echo "procfs /usr/jails/puppet/proc procfs rw 0 0" >> "/etc/fstab.${ezjail_safename}"
+            ezjail_procfs_enable="NO"
+        fi
+    fi
   fi
   echo ${ezjail_jailbase} ${ezjail_rootdir}/basejail nullfs ro 0 0 >> "/etc/fstab.${ezjail_safename}"

On Monday, February 02, 2015 12:34:41 AM Joseph Mulloy wrote:
> Due to changes to the /etc/rc.d /jail script in FreeBSD 10 ezjail image
> based jails no longer work because jail tries to mount ${jail_root}/proc
> before ${jail_root} is mounted. The issue is that the new rc script system
> prefers per jail conf files, which for backwards compatibility it
> auto-generates if they don't exist. To mount the proc file system the
> auto-generated config file has an fstab line for mounting proc, but it's
> processed by the /usr/sbin/jail command before the /etc/fstab.${jail_name}
> file, so you get an error because the directory ${jail_root}/proc doesn't
> exist because ${Jail_root} hasn't been mounted.
> 
> Long term ezjail should probably move towards generating the new style jail
> config files. For now it should do the following for image based jails on
> FreeBSD > 10.
> 
> 1. Disable the procfs_enable flag
> 2. Add the procfs line to /etc/fstab.${jail_name}
> 
> I've filed bug 197237 against Jail for this issue.
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197237