The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=697727110b68e483c320d834bcbcdf01c01142a1
commit 697727110b68e483c320d834bcbcdf01c01142a1 Author: Rick Macklem <[email protected]> AuthorDate: 2023-05-28 18:06:27 +0000 Commit: Rick Macklem <[email protected]> CommitDate: 2023-05-28 18:08:38 +0000 gssd: Improve failure message when running in a jail If a jail is not correctly configured to run nfsd(8) in the jail, gssd(8) cannot run. This patch improves the failure message for this case. MFC after: 2 weeks --- usr.sbin/gssd/gssd.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/usr.sbin/gssd/gssd.c b/usr.sbin/gssd/gssd.c index d1722851e4e1..2bc839b7a2ea 100644 --- a/usr.sbin/gssd/gssd.c +++ b/usr.sbin/gssd/gssd.c @@ -35,6 +35,7 @@ __FBSDID("$FreeBSD$"); #include <sys/linker.h> #include <sys/module.h> #include <sys/queue.h> +#include <sys/sysctl.h> #include <sys/syslog.h> #include <ctype.h> #include <dirent.h> @@ -112,8 +113,9 @@ main(int argc, char **argv) * directly to us. */ struct sockaddr_un sun; - int fd, oldmask, ch, debug; + int fd, oldmask, ch, debug, jailed; SVCXPRT *xprt; + size_t jailed_size; /* * Initialize the credential cache file name substring and the @@ -243,7 +245,27 @@ main(int argc, char **argv) gss_next_id = 1; gss_start_time = time(0); - gssd_syscall(_PATH_GSSDSOCK); + if (gssd_syscall(_PATH_GSSDSOCK) < 0) { + jailed = 0; + if (errno == EPERM) { + jailed_size = sizeof(jailed); + sysctlbyname("security.jail.jailed", &jailed, + &jailed_size, NULL, 0); + } + if (debug_level == 0) { + if (jailed != 0) + syslog(LOG_ERR, "Cannot start gssd." + " allow.nfsd must be configured"); + else + syslog(LOG_ERR, "Cannot start gssd"); + exit(1); + } + if (jailed != 0) + err(1, "Cannot start gssd." + " allow.nfsd must be configured"); + else + err(1, "Cannot start gssd"); + } svc_run(); gssd_syscall("");
