Just for the archives, this turned out to be a problem with updating the ezjail basejail directory. I had run ezjail-admin update -i, but for some reason it did not install the new libc.so.7 while it did install pretty much everything else. Moving the old basejail out of the way and installing a new basejail from scratch solved the problem. Its not clear why ezjail's cpio command failed to update the libc.so.7 file in the first place.
Sorry for the noise. - Ben On Sep 5, 2011, at 7:17 PM, Ben Kelly wrote: > Hello all, > > I upgraded my server today to a recent HEAD from its old sources from about > October 2010. After the upgrade I ran into an unusual problem. I've worked > around the issue for now, but I was wondering if anyone could help me solve > it correctly. > > The problem is that all PAM related operations fail inside jails. Initially > I was getting this error in /var/log/messages: > > passwd: in openpam_load_module(): no pam_unix.so found > > That file was clearly there, however, so I dug into PAM and enabled some > debug in pam_dynamic.c. This got me the following message: > > openpam_dynamic(): /usr/lib/pam_unix.so: /lib/libutil.so.9: Undefined symbol > "setloginclass" > > This is a syscall added to the system in March, 2011. The link process works > fine normally, but fails in any jail. I went as far as turning on rtld debug > to verify it was giving up on libutil about half way through when it could > not resolve the symbol. I verified that libc.so.7 was the same both inside > and outside the jail. The setloginclass symbol was defined as a WEAK > reference. > > Looking through past e-mail I noticed trasz@ said he was going to explicitly > put in code to support setloginclass from root in a jail. I think I see this > code in the prison privilege checking as well. Its just not clear to me why > its not linking. > > To work around the issue I hacked setloginclass out of libutil for now. This > is clearly not ideal as I'm not sure when and where that will blow up on me. > It did let me log back into my e-mail, however. > > For reference: > > FreeBSD ianto.in.wanderview.com 9.0-BETA2 FreeBSD 9.0-BETA2 #1 r278M: Mon Sep > 5 18:54:58 UTC 2011 > r...@ianto.in.wanderview.com:/usr/obj/usr/src/sys/SERVER i386 > > The system is using zfs, nullfs, and ezjail to manage the jails. I did > upgrade my zfs pools to the latest version at this same time, but so far I > can't tie that to this problem. > > Does anyone know why a jail would prevent rtld from linking in a particular > syscall? Any help or advice is greatly appreciated. > > Thank you. > > Ben _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
