It looks like a `jail -m` is not correctly handling jail.conf and then sets incorrect values to a running jail. Example, here the `php` jail is getting the wrong hostname, ip6 address, and devfs ruleset. root# jls -a JID IP Address Hostname Path 1 localhost /zroot/webserver/jails/mysql 8 129.174.130.141 www.ccsa.gmu.edu /zroot/webserver/jails/php root# jail -mv mysql: jail_set(JAIL_UPDATE) jid=1 name=mysql securelevel=2 host.hostname=localhost devfs_ruleset=5 mysql: updated php: jail_set(JAIL_UPDATE) jid=8 name=php securelevel=2 host.hostname="" ip4.addr=129.174.130.141 ip6.addr="" devfs_ruleset=0 php: updated root# jls -a JID IP Address Hostname Path 1 localhost /zroot/webserver/jails/mysql 8 129.174.130.141 /zroot/webserver/jails/php /etc/jail.conf: mysql { securelevel=2; host.hostname="localhost"; ip4 = disable; ip6 = disable; path = "/var/jails/mysql"; devfs_ruleset=5; mount.devfs; exec.start = "/usr/sbin/daemon -c -f /usr/local/bin/mysqld_safe --user=mysql --datadir=/var/db --pid-file=/var/run/mysql.pid --explicit_defaults_for_timestamp=true"; exec.stop = "/bin/pkill -TERM -F /var/run/mysql.pid"; } php { securelevel=2; host.hostname="www.ccsa.gmu.edu"; ip4.addr=129.174.130.141; ip6.addr=2620:10e:6024:f004::141; path = "/var/jails/php"; devfs_ruleset=5; mount.devfs; mount.fstab = "/var/jails/php/etc/fstab"; exec.start = "/usr/sbin/php-fpm"; exec.stop = "/bin/pkill -QUIT -F /var/run/php-fpm.pid"; }
Created attachment 196228 [details] Fix to not clobber parameter values when testing for init-only I wasn't quite able to reproduce your symptoms, but I got close enough I think the same solution applies. Can you see if this patch fixes things for you?
This worked for me. I don’t see any unexpected changes after running `jail -m` php: jail_set(JAIL_UPDATE) jid=10 name=php securelevel=2 host.hostname=www.ccsa.gmu.edu ip4.addr=129.174.130.141 ip6.addr=2620:10e:6024:f004::141 devfs_ruleset=5 php: updated
A commit references this bug: Author: jamie Date: Wed Aug 15 20:23:17 UTC 2018 New revision: 337867 URL: https://svnweb.freebsd.org/changeset/base/337867 Log: Don't let clobber jailparam values when checking for modification of init-only parameters. Compare string parameter values with strncmp, not memcmp. PR: 230487 Reported by: Jason Mader MFC after: 3 days Changes: head/usr.sbin/jail/jail.c
A commit references this bug: Author: jamie Date: Mon Aug 20 05:32:41 UTC 2018 New revision: 338090 URL: https://svnweb.freebsd.org/changeset/base/338090 Log: MFC r337867: Don't let clobber jailparam values when checking for modification of init-only parameters. PR: 230487 Submitted by: Jason Mader Changes: _U stable/11/ stable/11/usr.sbin/jail/jail.c
A commit references this bug: Author: jamie Date: Mon Aug 20 05:32:42 UTC 2018 New revision: 338091 URL: https://svnweb.freebsd.org/changeset/base/338091 Log: MFC r337867: Don't let clobber jailparam values when checking for modification of init-only parameters. PR: 230487 Submitted by: Jason Mader Changes: _U stable/10/ stable/10/usr.sbin/jail/jail.c