From nobody@FreeBSD.org Sat Oct 27 22:17:34 2007 Return-Path: Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 87B4D16A46B for ; Sat, 27 Oct 2007 22:17:34 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 7551F13C4C3 for ; Sat, 27 Oct 2007 22:17:34 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l9RMH0lu050199 for ; Sat, 27 Oct 2007 22:17:00 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.1/8.14.1/Submit) id l9RMH0Te050198; Sat, 27 Oct 2007 22:17:00 GMT (envelope-from nobody) Message-Id: <200710272217.l9RMH0Te050198@www.freebsd.org> Date: Sat, 27 Oct 2007 22:17:00 GMT From: Johan Granath To: freebsd-gnats-submit@FreeBSD.org Subject: rc.d/jail doesn't resolve symlinks X-Send-Pr-Version: www-3.1 X-GNATS-Notify: >Number: 117577 >Category: conf >Synopsis: rc.d/jail doesn't resolve symlinks >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Oct 27 22:20:04 UTC 2007 >Closed-Date: Fri Nov 16 11:02:12 UTC 2007 >Last-Modified: Fri Nov 16 11:02:12 UTC 2007 >Originator: Johan Granath >Release: FreeBSD 6.2R | FreeBSD 6.2S >Organization: >Environment: FreeBSD gandalf 6.2-RELEASE FreeBSD 6.2-RELEASE #3: Mon Sep 10 02:06:37 CEST 2007 root@gandalf:/usr/obj/usr/src/sys/GANDALF i386 >Description: When setting the jail_jailname_rootdir to a path that contains symlinks, the rc.d/jail script has problems mounting mount_devfs on that path, obviously. To solve the issue you have to put the absolute path to that rcvar. In my opinion th rc.d/jail script should handle this, so I made a patch. gandalf# /etc/rc.d/jail start ftpjail Configuring jails:. Starting jails:/etc/rc.d/jail: WARNING: /home/ftpjail/dev has symlink as parent - not starting jail ftpjail >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: From: "Simon L. Nielsen" To: Johan Granath Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: conf/117577: rc.d/jail doesn't resolve symlinks Date: Sun, 28 Oct 2007 17:32:58 +0100 On 2007.10.27 22:17:00 +0000, Johan Granath wrote: > When setting the jail_jailname_rootdir to a path that contains > symlinks, the rc.d/jail script has problems mounting mount_devfs on > that path, obviously. To solve the issue you have to put the > absolute path to that rcvar. This is a known limitation. It sucks but so far nobody has been able to / cared enough to come up with a patch which handles the symlinks in a secure manner. See http://security.freebsd.org/advisories/FreeBSD-SA-07:01.jail.asc for details. > In my opinion th rc.d/jail script should handle this, so I made a patch. There wasn't a patch attached to the PR? -- Simon L. Nielsen State-Changed-From-To: open->closed State-Changed-By: remko State-Changed-When: Fri Nov 16 11:02:11 UTC 2007 State-Changed-Why: feedback timeout http://www.freebsd.org/cgi/query-pr.cgi?pr=117577 >Unformatted: