The port for isc-dhcp3-server has config options for enabling FreeBSD process jails. Basically, through a series of command line arguments that are generated by the isc-dhcpd.sh script, the chroot is auto-generated when you start the service and dhcpd makes the syscall to jail itself. This is actually really nifty and makes the process of running dhcpd in a thin jail brainless. The problem happens when I run "isc-dhcpd.sh stop": dhcpd not running? (check /var/jails/dhcpd/var/run/dhcpd/dhcpd.pid). Well, I know better. dhcpd is clearly running with the pid indicated in the pid file. After investigating /etc/rc.subr, I've determined the cause (where $JID is the jid of the running rc script and $_jid is the jid of the process, determined by ps output): if [ "$JID" -eq "$_jid" ]; This prevents me from using the rc script outside the jail to stop the jail'd dhcpd process. /etc/rc.subr is making a false assumption that people won't want to be controlling jailed services via rc scripts on the host machine. Fix: Override JID in isc-dhcpd.sh: How-To-Repeat: In /etc/rc.conf: dhcpd_enable="YES" dhcpd_flags="-q" dhcpd_conf="/usr/local/etc/dhcpd.conf" dhcpd_includedir="/usr/local/etc/dhcpd.d" dhcpd_withumask="022" dhcpd_chuser_enable="YES" dhcpd_withuser="dhcpd" dhcpd_withgroup="dhcpd" dhcpd_devfs_enable="YES" dhcpd_rootdir="/var/jails/dhcpd" dhcpd_chroot_enable="YES" dhcpd_jail_enable="YES" dhcpd_hostname="dhcp.example.com" dhcpd_ipaddress="10.0.0.10" Start dhcpd: $ sudo /usr/local/etc/rc.d/isc-dhcpd.sh start Starting dhcpd. Try: $ sudo /usr/local/etc/rc.d/isc-dhcpd.sh stop dhcpd not running? (check /var/jails/dhcpd/var/run/dhcpd/dhcpd.pid). But: $ ps auxwww | grep dhcpd dhcpd 11950 0.0 1.4 14940 14140 ?? SsJ 3:58PM 0:00.00 /usr/local/sbin/dhcpd -q -cf /usr/local/etc/dhcpd.conf -lf /var/db/dhcpd/dhcpd.leases -pf /var/run/dhcpd/dhcpd.pid -user dhcpd -group dhcpd -chroot /var/jails/dhcpd -jail dhcp.example.com 10.0.0.10
State Changed From-To: open->feedback Awaiting maintainers feedback
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, sorry for the late response. As i've currently no system running dhcpd inside a jail, i can't check this for myself. Anyway, as the description of the problem is very clear and the proposed solution sounds reasonable to me, i hereby approve the patch. Thanks a lot for your investigation! Kind regards Joerg - -- The beginning is the most important part of the work. -Plato -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFDi2FSPOsGF+KA+MRAl6GAJ9wB3moaWVJU/kYc/YqZ1tccxw9KgCbBWes /h7bmTXyUiRP47R4NqItFbs= =pTRQ -----END PGP SIGNATURE-----
State Changed From-To: feedback->open Maintainer approved.
Responsible Changed From-To: freebsd-ports-bugs->dinoex I will take care of it.
State Changed From-To: open->closed committed, thanks.
dinoex 2006-11-05 11:27:01 UTC FreeBSD ports repository Modified files: net/isc-dhcp3-server/files isc-dhcpd.in Log: - fix isc-dhcpd.sh jail options stop and status commands PR: 103168 Submitted by: Chris Cowart Approved by: Joerg Pulz (maintainer) Revision Changes Path 1.2 +8 -1 ports/net/isc-dhcp3-server/files/isc-dhcpd.in _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"