Bug 230487 - jail -m works incorrectly in some cases
Summary: jail -m works incorrectly in some cases
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 11.2-RELEASE
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Jamie Gritton
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2018-08-09 19:56 UTC by Jason Mader
Modified: 2018-08-20 05:34 UTC (History)
1 user (show)

See Also:

Attachments
Fix to not clobber parameter values when testing for init-only (1.07 KB, patch)
2018-08-15 19:26 UTC, Jamie Gritton 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Mader 2018-08-09 19:56:27 UTC 
It looks like a `jail -m` is not correctly handling jail.conf and then sets incorrect values to a running jail. Example, here the `php` jail is getting the wrong hostname, ip6 address, and devfs ruleset.

root# jls -a
   JID  IP Address      Hostname                      Path
     1                  localhost                     /zroot/webserver/jails/mysql
     8  129.174.130.141 www.ccsa.gmu.edu              /zroot/webserver/jails/php

root# jail -mv
mysql: jail_set(JAIL_UPDATE) jid=1 name=mysql securelevel=2 host.hostname=localhost devfs_ruleset=5
mysql: updated
php: jail_set(JAIL_UPDATE) jid=8 name=php securelevel=2 host.hostname="" ip4.addr=129.174.130.141 ip6.addr="" devfs_ruleset=0
php: updated

root# jls -a
   JID  IP Address      Hostname                      Path
     1                  localhost                     /zroot/webserver/jails/mysql
     8  129.174.130.141                               /zroot/webserver/jails/php


/etc/jail.conf:
mysql {
        securelevel=2;
        host.hostname="localhost";
        ip4 = disable;
        ip6 = disable;
        path = "/var/jails/mysql";
        devfs_ruleset=5;
        mount.devfs;
        exec.start = "/usr/sbin/daemon -c -f /usr/local/bin/mysqld_safe --user=mysql --datadir=/var/db --pid-file=/var/run/mysql.pid --explicit_defaults_for_timestamp=true";
        exec.stop = "/bin/pkill -TERM -F /var/run/mysql.pid";
}
php {
        securelevel=2;
        host.hostname="www.ccsa.gmu.edu";
        ip4.addr=129.174.130.141;
        ip6.addr=2620:10e:6024:f004::141;
        path = "/var/jails/php";
        devfs_ruleset=5;
        mount.devfs;
        mount.fstab = "/var/jails/php/etc/fstab";
        exec.start = "/usr/sbin/php-fpm";
        exec.stop = "/bin/pkill -QUIT -F /var/run/php-fpm.pid";
}
Comment 1 Jamie Gritton freebsd_committer freebsd_triage 2018-08-15 19:26:49 UTC 
Created attachment 196228 [details]
Fix to not clobber parameter values when testing for init-only

I wasn't quite able to reproduce your symptoms, but I got close enough I think the same solution applies.  Can you see if this patch fixes things for you?
Comment 2 Jason Mader 2018-08-15 19:58:56 UTC 
This worked for me. I don’t see any unexpected changes after running `jail -m`

php: jail_set(JAIL_UPDATE) jid=10 name=php securelevel=2 host.hostname=www.ccsa.gmu.edu ip4.addr=129.174.130.141 ip6.addr=2620:10e:6024:f004::141 devfs_ruleset=5
php: updated
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-08-15 20:23:27 UTC 
A commit references this bug:

Author: jamie
Date: Wed Aug 15 20:23:17 UTC 2018
New revision: 337867
URL: https://svnweb.freebsd.org/changeset/base/337867

Log:
  Don't let clobber jailparam values when checking for modification of
  init-only parameters.

  Compare string parameter values with strncmp, not memcmp.

  PR:		230487
  Reported by:	Jason Mader
  MFC after:	3 days

Changes:
  head/usr.sbin/jail/jail.c
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-08-20 05:33:00 UTC 
A commit references this bug:

Author: jamie
Date: Mon Aug 20 05:32:41 UTC 2018
New revision: 338090
URL: https://svnweb.freebsd.org/changeset/base/338090

Log:
  MFC r337867:

    Don't let clobber jailparam values when checking for modification of
    init-only parameters.

  PR:		230487
  Submitted by:	Jason Mader

Changes:
_U  stable/11/
  stable/11/usr.sbin/jail/jail.c
Comment 5 commit-hook freebsd_committer freebsd_triage 2018-08-20 05:33:02 UTC 
A commit references this bug:

Author: jamie
Date: Mon Aug 20 05:32:42 UTC 2018
New revision: 338091
URL: https://svnweb.freebsd.org/changeset/base/338091

Log:
  MFC r337867:

    Don't let clobber jailparam values when checking for modification of
    init-only parameters.

  PR:		230487
  Submitted by:	Jason Mader

Changes:
_U  stable/10/
  stable/10/usr.sbin/jail/jail.c