On Fri, 20 Jan 2012 17:03:00 -0600, Brooks Davis wrote:
On Tue, Jan 17, 2012 at 05:11:43AM +0100, Dirk Engling wrote:
Dear rc team,
I know your time is precious, but there is an annoying bug in
rc.d/jail
that keeps littering my (and my user's) servers with stray soft
links
whenever we start jails.
I've described the bug two years ago here
http://www.FreeBSD.org/cgi/query-pr.cgi?pr=conf/143084
and even conveniently applied a simple and effective patch.
tl;dr: If rc.d/jail can not access $_devdir, a soft link is created
in
./log => ../var/run/log no matter where I was.
Unfortunally I am still busy answering emails from users of ezjail
who
first look for the problem with themselves, then blame it on ezjail
and
finally complain about FreeBSD. Also I have to clean up my systems
from
all the littering links called "log" pointing nowhere.
If please a committer could take the five minutes to look into the
bug
and fix the problem, he could save me and my users a lot of trouble
and
time.
I've committed a similar fixed to head after talking it over a bit
with
Simon. We probably would be checking for success on mounting devfs
and
failed the jail entirely if it doesn't happen, but that's a bigger
step
and from your description it appears to me that might cause problems
in
some scenarios.
I think in most cases if devfs mount fails you will likely not end up
with a jail where you can do much... rather many things expect /dev/null
etc.
It is possible to just disable the devfs mount completely for a jail if
you want the jail to start up anyway without devfs so I think it would
be OK to simply skip the jail if we cannot mount devfs - and complain
loudly.
Anybody have any cases where this would be a problem?
P.S. rc.d/jail fixes are the sort of thing that will often need
active
followup when assigned to freebsd-rc. There's a note at the top that
most of us take to mean "don't touch this file without so approval"
which is a moderate psychological barrier to handling these PRs.
Yes, that is unfortunate but it's easy to introduce serious security
issues if people are not aware of the quirks related to handling
untrusted file system data, so I still think the warning should be
there...
--
Simon L. B. Nielsen
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-rc
To unsubscribe, send any mail to "[email protected]"
