From nobody@FreeBSD.org  Wed Sep  4 06:09:54 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTP id C5D5FBCF
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  4 Sep 2013 06:09:54 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id B426F23B6
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  4 Sep 2013 06:09:54 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id r8469slQ022899
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 4 Sep 2013 06:09:54 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id r8469sbV022892;
	Wed, 4 Sep 2013 06:09:54 GMT
	(envelope-from nobody)
Message-Id: <201309040609.r8469sbV022892@oldred.freebsd.org>
Date: Wed, 4 Sep 2013 06:09:54 GMT
From: Karl Pielorz <kpielorz@tdx.co.uk>
To: freebsd-gnats-submit@FreeBSD.org
Subject: jexec runs commands in Jails without taking into account of the Jail's FIB
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         181794
>Category:       bin
>Synopsis:       jexec(8) runs commands in Jails without taking into account of the Jail's FIB
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-jail
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 04 06:10:00 UTC 2013
>Closed-Date:    
>Last-Modified:  Sun May 04 05:30:06 UTC 2014
>Originator:     Karl Pielorz
>Release:        9.2-BETA2 amd64
>Organization:
>Environment:
FreeBSD somehost.somedomain.com 9.2-BETA2 FreeBSD 9.2-BETA2 #0 r253951M: Mon Aug 12 09:39:57 BST 2013     kpielorz@somedomain.com:/sys/amd64/compile/GENERIC  amd64
>Description:
When using jails, if you specify a FIB to be used in the jail (so it can have it's own copy of the routing table) - running commands with 'jexec' ignores this FIB - and launches the command specified using the system default FIB (i.e. FIB 0).

This makes troubleshooting FIB issues very tricky unless you're aware of this issue (think lots of lost hours! :)
>How-To-Repeat:
Setup the system to support FIBs (multiple routing tables) - and configure a jail to use a specific FIB, i.e. using '/etc/jail.conf' - e.g.

jail {
  [blah]
  exec.fib = 1;
}

When you launch the jail with 'jail -c jail' it will be created, and it will use the FIB specified.

If you then attach to the jail, e.g. using 'jexec 1 tcsh' - that process will be launched with the default FIB (i.e. FIB 0) - and not the one that the jail is using.
>Fix:
Either jexec documentation needs a warning that it will launch the process with the default FIB - not the one for the jail, and that you should use 'setfib jail-fib jexec 1 tcsh'.

Or, have jexec actually honour the FIB set in /etc/jail.conf - so that 'jexec 1 tcsh' will set the correct FIB before launching the tcsh in jail #1.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-jail 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun May 4 05:29:38 UTC 2014 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=181794 
>Unformatted:
