[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Re: Image and Crypto Jails are broken on FreeBSD 10



Here's a patch that actually works

--- /usr/local/bin/ezjail-admin 2015-02-02 06:40:14.517684529 +0000
+++ ezjail-admin        2015-02-02 07:00:12.201600759 +0000
@@ -763,6 +763,14 @@
   echo -n > /etc/fstab.${ezjail_safename}
   if [ "${ezjail_imagetype}" -a "${ezjail_imagetype}" != "zfs" ] ; then
     echo ${ezjail_devicelink} ${ezjail_rootdir} ufs rw 0 0 >> "/etc/fstab.${ezjail_safename}"
+    # Workaround for broken enable_procfs in FreeBSD >=10
+    if [ "`uname -r | sed 's/\..*//'`" -ge "10" ] ; then
+        . /etc/rc.subr
+        if checkyesno ezjail_procfs_enable ; then
+            echo "procfs ${ezjail_rootdir}/proc procfs rw 0 0" >> "/etc/fstab.${ezjail_safename}"
+            ezjail_procfs_enable="NO"
+        fi
+    fi
   fi
   echo ${ezjail_jailbase} ${ezjail_rootdir}/basejail nullfs ro 0 0 >> "/etc/fstab.${ezjail_safename}"

On Monday, February 02, 2015 01:41:45 AM Joseph Mulloy wrote:
> Here's a quick patch to workaround the issue.
> 
> -- /usr/local/bin/ezjail-admin 2015-02-02 06:40:14.517684529 +0000
> +++ ezjail-admin        2015-02-02 06:39:07.012692125 +0000
> @@ -763,6 +763,14 @@
>    echo -n > /etc/fstab.${ezjail_safename}
>    if [ "${ezjail_imagetype}" -a "${ezjail_imagetype}" != "zfs" ] ; then
>      echo ${ezjail_devicelink} ${ezjail_rootdir} ufs rw 0 0 >>
> "/etc/fstab.${ezjail_safename}" +    # Workaround for broken enable_procfs
> in FreeBSD >=10
> +    if [ "`uname -r | sed 's/\..*//'`" -ge "10" ] ; then
> +        . /etc/rc.subr
> +        if checkyesno ezjail_procfs_enable ; then
> +            echo "procfs /usr/jails/puppet/proc procfs rw 0 0" >>
> "/etc/fstab.${ezjail_safename}" +            ezjail_procfs_enable="NO"
> +        fi
> +    fi
>    fi
>    echo ${ezjail_jailbase} ${ezjail_rootdir}/basejail nullfs ro 0 0 >>
> "/etc/fstab.${ezjail_safename}"
> On Monday, February 02, 2015 12:34:41 AM Joseph Mulloy wrote:
> > Due to changes to the /etc/rc.d /jail script in FreeBSD 10 ezjail image
> > based jails no longer work because jail tries to mount ${jail_root}/proc
> > before ${jail_root} is mounted. The issue is that the new rc script system
> > prefers per jail conf files, which for backwards compatibility it
> > auto-generates if they don't exist. To mount the proc file system the
> > auto-generated config file has an fstab line for mounting proc, but it's
> > processed by the /usr/sbin/jail command before the /etc/fstab.${jail_name}
> > file, so you get an error because the directory ${jail_root}/proc doesn't
> > exist because ${Jail_root} hasn't been mounted.
> > 
> > Long term ezjail should probably move towards generating the new style
> > jail
> > config files. For now it should do the following for image based jails on
> > FreeBSD > 10.
> > 
> > 1. Disable the procfs_enable flag
> > 2. Add the procfs line to /etc/fstab.${jail_name}
> > 
> > I've filed bug 197237 against Jail for this issue.
> > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197237