Bug 230487 - jail -m works incorrectly in some cases
Summary: jail -m works incorrectly in some cases
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 11.2-RELEASE
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Jamie Gritton
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2018-08-09 19:56 UTC by Jason Mader
Modified: 2018-08-20 05:34 UTC (History)
1 user (show)

See Also:


Attachments
Fix to not clobber parameter values when testing for init-only (1.07 KB, patch)
2018-08-15 19:26 UTC, Jamie Gritton
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Mader 2018-08-09 19:56:27 UTC
It looks like a `jail -m` is not correctly handling jail.conf and then sets incorrect values to a running jail. Example, here the `php` jail is getting the wrong hostname, ip6 address, and devfs ruleset.

root# jls -a
   JID  IP Address      Hostname                      Path
     1                  localhost                     /zroot/webserver/jails/mysql
     8  129.174.130.141 www.ccsa.gmu.edu              /zroot/webserver/jails/php

root# jail -mv
mysql: jail_set(JAIL_UPDATE) jid=1 name=mysql securelevel=2 host.hostname=localhost devfs_ruleset=5
mysql: updated
php: jail_set(JAIL_UPDATE) jid=8 name=php securelevel=2 host.hostname="" ip4.addr=129.174.130.141 ip6.addr="" devfs_ruleset=0
php: updated

root# jls -a
   JID  IP Address      Hostname                      Path
     1                  localhost                     /zroot/webserver/jails/mysql
     8  129.174.130.141                               /zroot/webserver/jails/php


/etc/jail.conf:
mysql {
        securelevel=2;
        host.hostname="localhost";
        ip4 = disable;
        ip6 = disable;
        path = "/var/jails/mysql";
        devfs_ruleset=5;
        mount.devfs;
        exec.start = "/usr/sbin/daemon -c -f /usr/local/bin/mysqld_safe --user=mysql --datadir=/var/db --pid-file=/var/run/mysql.pid --explicit_defaults_for_timestamp=true";
        exec.stop = "/bin/pkill -TERM -F /var/run/mysql.pid";
}
php {
        securelevel=2;
        host.hostname="www.ccsa.gmu.edu";
        ip4.addr=129.174.130.141;
        ip6.addr=2620:10e:6024:f004::141;
        path = "/var/jails/php";
        devfs_ruleset=5;
        mount.devfs;
        mount.fstab = "/var/jails/php/etc/fstab";
        exec.start = "/usr/sbin/php-fpm";
        exec.stop = "/bin/pkill -QUIT -F /var/run/php-fpm.pid";
}
Comment 1 Jamie Gritton freebsd_committer 2018-08-15 19:26:49 UTC
Created attachment 196228 [details]
Fix to not clobber parameter values when testing for init-only

I wasn't quite able to reproduce your symptoms, but I got close enough I think the same solution applies.  Can you see if this patch fixes things for you?
Comment 2 Jason Mader 2018-08-15 19:58:56 UTC
This worked for me. I don’t see any unexpected changes after running `jail -m`

php: jail_set(JAIL_UPDATE) jid=10 name=php securelevel=2 host.hostname=www.ccsa.gmu.edu ip4.addr=129.174.130.141 ip6.addr=2620:10e:6024:f004::141 devfs_ruleset=5
php: updated
Comment 3 commit-hook freebsd_committer 2018-08-15 20:23:27 UTC
A commit references this bug:

Author: jamie
Date: Wed Aug 15 20:23:17 UTC 2018
New revision: 337867
URL: https://svnweb.freebsd.org/changeset/base/337867

Log:
  Don't let clobber jailparam values when checking for modification of
  init-only parameters.

  Compare string parameter values with strncmp, not memcmp.

  PR:		230487
  Reported by:	Jason Mader
  MFC after:	3 days

Changes:
  head/usr.sbin/jail/jail.c
Comment 4 commit-hook freebsd_committer 2018-08-20 05:33:00 UTC
A commit references this bug:

Author: jamie
Date: Mon Aug 20 05:32:41 UTC 2018
New revision: 338090
URL: https://svnweb.freebsd.org/changeset/base/338090

Log:
  MFC r337867:

    Don't let clobber jailparam values when checking for modification of
    init-only parameters.

  PR:		230487
  Submitted by:	Jason Mader

Changes:
_U  stable/11/
  stable/11/usr.sbin/jail/jail.c
Comment 5 commit-hook freebsd_committer 2018-08-20 05:33:02 UTC
A commit references this bug:

Author: jamie
Date: Mon Aug 20 05:32:42 UTC 2018
New revision: 338091
URL: https://svnweb.freebsd.org/changeset/base/338091

Log:
  MFC r337867:

    Don't let clobber jailparam values when checking for modification of
    init-only parameters.

  PR:		230487
  Submitted by:	Jason Mader

Changes:
_U  stable/10/
  stable/10/usr.sbin/jail/jail.c