https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295107
Bug ID: 295107
Summary: Concurrent jail starts fail when invoked via rc.d
Product: Base System
Version: 15.0-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: [email protected]
Reporter: [email protected]
/etc/rc.d/jail incorrectly uses the process name 'jail' to see if the jail it
is attempting to start is already running. 'jail' is a short-lived CLI tool,
so if you run two jail starts (for instance) at the same time, the helpers in
rc.subr spuriously conclude that the jail has been started.
I have scripts that reproduce the issue + test the fix, but they are
AI-generated. I'll include them if requested. (I'm not sure how far the AI
contribution policy extends.)
I ran them against 15.0-RELEASE, and don't see any recent changes to
/etc/rc.d/jail or any relevant-looking changes to rc.subr
The tests just start two different jails concurrently, each with a "sleep 1" in
an exec.prestart. One of the two always fails with an 'already running' error.
I did not notice any obvious problems when two jails are allowed to start at
the same time. (The underlying tools and kernel mechanisms seem to do the
right thing.)
The fix is one line. Add this comment + line to /etc/rc.d/jail above
'jail_svcj="NO"', and below 'load_rc_config $name':
# Choose a non-matching string for procname to prevent rc.subr from defaulting
# to "jail". Without this, operations against unrelated jails conflict if they
# both (or a user) are running the 'jail' cli tool concurrently.
procname=:
--
You are receiving this mail because:
You are the assignee for the bug.
