Bug 205873
| Summary: | pfctl -sr from a jail with vnet trigger Fatal trap 12 during pfioctl | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | Stéphane Rochoy <stephane.rochoy> | ||||
| Component: | bin | Assignee: | freebsd-bugs (Nobody) <bugs> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | amd64, kp | ||||
| Priority: | --- | ||||||
| Version: | CURRENT | ||||||
| Hardware: | amd64 | ||||||
| OS: | Any | ||||||
| See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194515 | ||||||
| Attachments: |
|
||||||
I forgot to show the prestart script:
$ cat /jail/etc/prestart
#!/bin/sh
set -eux
jname="$1"
cd /jail
for e in $(cd /jail/root; find . -maxdepth 1 -type d ! -name '.' ! -name 'dev' | sed 's_^./__1'); do
mount -t unionfs -o below "/jail/root/$e" "$jname/$e"
done
The intent is to use a template to populate the jail but excluding the dev/ directory.
Maybe related to bug #194515. vnet is supported in 12, and pf works both on host and in jails there. |
Created attachment 165051 [details] Backtrace of the fatal trap triggered by the jailed pfctl -sr Running "pfctl -sr" from within a jail having its own vnet trigger a "Fatal trap 12: page fault while in kernel mode" (backtrace in the screenshot attached). Surprisingly, the "dump" command successfully generate a core dump that can be read with kgdb but "bt" don't show any thread containing the pfioctl call. Anyway, the jail is configured as follow: $ head -n 17 /etc/jail.conf allow.mount; allow.mount.devfs; allow.sysvipc; devfs_ruleset = 5; exec.clean; exec.poststop = "/jail/etc/poststop $name"; exec.prestart = "/jail/etc/prestart $name"; exec.start = "sh /etc/rc"; host.hostname = "$name.fb11.lab.local"; mount.devfs; path = /jail/$name; persist; left { vnet = new; vnet.interface = epair0a; } [...] $ grep -e pf -e jail /etc/rc.conf jail_enable="NO" # Set the jail list to "" to create all the jails found in jail.conf(5) jail_list="" pf_enable="YES" pf_log="YES" $ cat /etc/pf.conf pass from any to any $ pfctl -sr pass all flags S/SA keep state $ cat /etc/devfs.rules [ruleset=5] add include $devfsrules_jail add path 'pf' unhide $ ll -i /dev/pf 88 crw------- 1 root wheel 0x58 Jan 4 14:30 /dev/pf $ sudo jexec left ls -li /dev/pf 88 crw------- 1 root wheel 0x58 Jan 4 13:30 /dev/pf $