Bug 246005 - Jail(1) -r <JID> does not run configured exec.poststop scripts as jail(1) -r <jail-name>
Summary: Jail(1) -r <JID> does not run configured exec.poststop scripts as jail(1) -r ...
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 12.1-RELEASE
Hardware: amd64 Any
: --- Affects Some People
Assignee: freebsd-jail (Nobody)
Depends on:
Reported: 2020-04-28 18:12 UTC by Kristen Nielsen
Modified: 2020-08-29 04:34 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Kristen Nielsen 2020-04-28 18:12:44 UTC
Hi FreeBSD bugfixers. 

I have noticed that jail -r <jail-name> runs the prober (expected) shut down and exec.poststop scripts, while the jail -r <jid> just stops the jail. (as in jail -R)

The setup i am using has jails that uses vlan interfaces created by exec.prestart and destroyed with exec.poststop scripts in the /etc/jail.conf file. The example below shows that jail -r <jid> actually runs as jail -R <jid>.

from jail(8) manpage:
-r   Remove the jail specified by jid or name.  All jailed processes
     are killed, and all jails that are children of this jail are also

-R   A variation of the -r option that removes an existing jail
     without using the configuration file.  No removal-related
     parameters for this jail will be used -- the jail will simply be

My system version is: (output from uname -a)
FreeBSD mplsnat1 12.1-RELEASE FreeBSD 12.1-RELEASE r354233 GENERIC  amd64
(Genereic kernel with recent patches) 

Below my coments are shown in [ ] 

[jail config from /etc/jail.conf file]
vrf01804 {
    host.hostname ="vrf01804";
    path = "/jails/serverroots/vrf01804";
    children.max = 0;
    mount.fstab = "/jails/jail-configs/fstab/fstab.vrf01804";
    devfs_ruleset = 5;
    vnet = "new";
    vnet.interface = vlan14;
    exec.start = "/bin/sh /etc/rc";
    exec.prestart = "/bin/sh /jails/jail-configs/prestart/prestart.vrf01804";
    exec.stop = "/bin/sh /etc/rc.shutdown";
    exec.poststop = "/bin/sh /jails/jail-configs/poststop/poststop.vrf01804";

[Two (identical) jails exists.]

# jls
   JID  IP Address      Hostname   Path
     3                  vrf01802   /jails/serverroots/vrf01802 (vlan12)
     5                  vrf01804   /jails/serverroots/vrf01804 (vlan14)

[Removing jail with -r <jail-name>]

# jail -r vrf01802
Stopping inetd.
Waiting for PIDS: 2430.
Stopping sshd.
Waiting for PIDS: 2409, 2409.
vrf01802: removed
Runing poststop for vrf01802. [Echoed from the poststop script]

[Everything seems working fine]

root@mplsnat1:/jails/jail-configs # jls
   JID  IP Address      Hostname   Path
     5                  vrf01804   /jails/serverroots/vrf01804

[removing jail with -r <jid> argumemnt]
# jail -r 5
5: removed

[no echo from poststop script that destroy vlan14 device]
# ifconfig
vlan14: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 98:4b:e1:66:8e:06
        vlan: 14 vlanpcp: 0 parent interface: bce1
        media: Ethernet autoselect (1000baseT <full-duplex,master>)
        status: active

[vlan14 is not removed]
Comment 1 Jamie Gritton freebsd_committer 2020-04-29 17:49:42 UTC
As backward compatibility feature, "-r" will remove jails specified by JID that are not found in the configuration file.

I guess the problem lies in what is meant by "found in the configuration file."  When you run "jail -r 5" it will look for a jail called "5" in the configuration file.  When that's not found, it goes into back-compat mode and just kills the jail.

It would make sense though, to look at the jail #5's name, and take a second look in the config file.
Comment 2 Jamie Gritton freebsd_committer 2020-08-29 04:11:57 UTC
Turns out this very issue was already committed in CURRENT last year!  Just gotta MFC...
Comment 3 Jamie Gritton freebsd_committer 2020-08-29 04:34:49 UTC
OK, I'm *really* not paying attention.  Actually it was already MFC'd as well.  It'll work as expected in 12.2.