Bug 256544 - jail crashes on config parsing
Summary: jail crashes on config parsing
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: Unspecified
Hardware: amd64 Any
: --- Affects Only Me
Assignee: freebsd-jail (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-11 03:46 UTC by crypt47
Modified: 2021-06-12 05:46 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description crypt47 2021-06-11 03:46:01 UTC
With the following config the jail binary crashes. Please, note $vnet in the last config line. It's not defined and it's the reason.

# for real network
vnet;

mount.devfs;

path = "/censored/$name";

mount.devfs;
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";

# for tcpdump
devfs_ruleset = 5;

allow.raw_sockets = true;
persist = true;

allow.set_hostname = true ;
allow.chflags = true ;
allow.sysvipc = true ;
allow.mount = true ;
allow.mount.devfs = true;
allow.mount.fdescfs = true ;
allow.mount.nullfs = true ;
allow.mount.procfs = true ;
allow.sysvipc = true;
#allow.mount.linprocfs = true ;
#allow.mount.linsysfs = true ;
allow.mount.tmpfs = true ;
allow.socket_af = true ;
allow.raw_sockets = true ;


1194 {

    exec.poststop = "$vnet ${jid} del";
}

(gdb) run -c 1194
Starting program: /usr/sbin/jail -c 1194

Program received signal SIGSEGV, Segmentation fault.
load_config () at /usr/src/usr.sbin/jail/config.c:229
229	in /usr/src/usr.sbin/jail/config.c

# uname -a
FreeBSD bewitched 12.2-RELEASE-p7 FreeBSD 12.2-RELEASE-p7 GENERIC  amd64
Comment 1 joeb1 2021-06-12 01:33:58 UTC
 See 
https://forums.freebsd.org/threads/vnet-jail-with-public-internet-access-using-the-bridge-epair-method.76071/
for the correct way to set up a vnet jail. Give attention to size of addresses to assign to each vnet jail. And besides you have ever option when it not necessary. What your doing with options just makes any jail insecure. That may be ok for test but not acceptable for production.
Comment 2 crypt47 2021-06-12 05:46:54 UTC
joeb1@a1poweruser.com, thanks, I can take care of my jails just fine. It's not the point of this bug report.