FreeBSD Bugzilla – Attachment 244684 Details for
Bug 273557
Regression preventing bhyve from running inside a jail without IP after f74147e26999, breaks support for jailing bhyve with IPv4 and IPv6 disabled
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Use VMIO_SIOCSIFFLAGS instead of SIOCGIFFLAGS on FreeBSD 14-stable as well
0001-Use-VMIO_SIOCSIFFLAGS-instead-of-SIOCGIFFLAGS.patch (text/plain), 2.15 KB, created by
crest
on 2023-09-06 19:14:00 UTC
(
hide
)
Description:
Use VMIO_SIOCSIFFLAGS instead of SIOCGIFFLAGS on FreeBSD 14-stable as well
Filename:
MIME Type:
Creator:
crest
Created:
2023-09-06 19:14:00 UTC
Size:
2.15 KB
patch
obsolete
>From 270ab641c5db40223607fa6930b1b4de08370a9c Mon Sep 17 00:00:00 2001 >From: Jan Bramkamp <crest+freebsd@rlwinm.de> >Date: Wed, 6 Sep 2023 21:11:05 +0200 >Subject: [PATCH 1/1] Use VMIO_SIOCSIFFLAGS instead of SIOCGIFFLAGS > >Creating an IP socket to invoke the SIOCGIFFLAGS ioctl on is the >only thing preventing bhyve from working (again) inside a bhyve >jail with IPv4 and IPv6 disabled restricting the jailed bhyve >process to only access the host network via a tap/vmnet device node. >--- > usr.sbin/bhyve/net_backends.c | 37 +++-------------------------------- > 1 file changed, 3 insertions(+), 34 deletions(-) > >diff --git a/usr.sbin/bhyve/net_backends.c b/usr.sbin/bhyve/net_backends.c >index fa7cd9c81f46..1adb77cd47b0 100644 >--- a/usr.sbin/bhyve/net_backends.c >+++ b/usr.sbin/bhyve/net_backends.c >@@ -223,10 +223,6 @@ tap_init(struct net_backend *be, const char *devname, > struct tap_priv *priv = NET_BE_PRIV(be); > char tbuf[80]; > int opt = 1; >-#if defined(INET6) || defined(INET) >- struct ifreq ifrq; >- int s; >-#endif > #ifndef WITHOUT_CAPSICUM > cap_rights_t rights; > #endif >@@ -254,39 +250,12 @@ tap_init(struct net_backend *be, const char *devname, > goto error; > } > >-#if defined(INET6) || defined(INET) >- /* >- * Try to UP the interface rather than relying on >- * net.link.tap.up_on_open. >- */ >- bzero(&ifrq, sizeof(ifrq)); >- if (ioctl(be->fd, TAPGIFNAME, &ifrq) < 0) { >- WPRINTF(("Could not get interface name")); >- goto error; >- } >- >- s = -1; >- for (size_t i = 0; s == -1 && i < nitems(pf_list); i++) >- s = socket(pf_list[i], SOCK_DGRAM, 0); >- if (s == -1) { >- WPRINTF(("Could open socket")); >+ int up = IFF_UP; >+ if (ioctl(be->fd, VMIO_SIOCSIFFLAGS, &up)) { >+ WPRINTF(("tap device link up failed")); > goto error; > } > >- if (ioctl(s, SIOCGIFFLAGS, &ifrq) < 0) { >- (void)close(s); >- WPRINTF(("Could not get interface flags")); >- goto error; >- } >- ifrq.ifr_flags |= IFF_UP; >- if (ioctl(s, SIOCSIFFLAGS, &ifrq) < 0) { >- (void)close(s); >- WPRINTF(("Could not set interface flags")); >- goto error; >- } >- (void)close(s); >-#endif >- > #ifndef WITHOUT_CAPSICUM > cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE); > if (caph_rights_limit(be->fd, &rights) == -1) >-- >2.41.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=244684">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 273557
:
244627
| 244684