From nobody@FreeBSD.org  Sat Oct 27 22:17:34 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 87B4D16A46B
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 27 Oct 2007 22:17:34 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 7551F13C4C3
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 27 Oct 2007 22:17:34 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l9RMH0lu050199
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 27 Oct 2007 22:17:00 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.1/8.14.1/Submit) id l9RMH0Te050198;
	Sat, 27 Oct 2007 22:17:00 GMT
	(envelope-from nobody)
Message-Id: <200710272217.l9RMH0Te050198@www.freebsd.org>
Date: Sat, 27 Oct 2007 22:17:00 GMT
From: Johan Granath <nollan@phreaker.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: rc.d/jail doesn't resolve symlinks
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         117577
>Category:       conf
>Synopsis:       rc.d/jail doesn't resolve symlinks
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 27 22:20:04 UTC 2007
>Closed-Date:    Fri Nov 16 11:02:12 UTC 2007
>Last-Modified:  Fri Nov 16 11:02:12 UTC 2007
>Originator:     Johan Granath
>Release:        FreeBSD 6.2R | FreeBSD 6.2S
>Organization:
>Environment:
FreeBSD gandalf 6.2-RELEASE FreeBSD 6.2-RELEASE #3: Mon Sep 10 02:06:37 CEST 2007     root@gandalf:/usr/obj/usr/src/sys/GANDALF  i386

>Description:
When setting the jail_jailname_rootdir to a path that contains symlinks, the rc.d/jail script has problems mounting mount_devfs on that path, obviously. To solve the issue you have to put the absolute path to that rcvar.

In my opinion th rc.d/jail script should handle this, so I made a patch.

gandalf# /etc/rc.d/jail start ftpjail
Configuring jails:.
Starting jails:/etc/rc.d/jail: WARNING: /home/ftpjail/dev has symlink as parent - not starting jail ftpjail
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:

From: "Simon L. Nielsen" <simon@FreeBSD.org>
To: Johan Granath <nollan@phreaker.net>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: conf/117577: rc.d/jail doesn't resolve symlinks
Date: Sun, 28 Oct 2007 17:32:58 +0100

 On 2007.10.27 22:17:00 +0000, Johan Granath wrote:
 
 > When setting the jail_jailname_rootdir to a path that contains
 > symlinks, the rc.d/jail script has problems mounting mount_devfs on
 > that path, obviously. To solve the issue you have to put the
 > absolute path to that rcvar.
 
 This is a known limitation.  It sucks but so far nobody has been able
 to / cared enough to come up with a patch which handles the symlinks
 in a secure manner.  See
 http://security.freebsd.org/advisories/FreeBSD-SA-07:01.jail.asc for
 details.
 
 > In my opinion th rc.d/jail script should handle this, so I made a patch.
 
 There wasn't a patch attached to the PR?
 
 -- 
 Simon L. Nielsen
State-Changed-From-To: open->closed 
State-Changed-By: remko 
State-Changed-When: Fri Nov 16 11:02:11 UTC 2007 
State-Changed-Why:  
feedback timeout 

http://www.freebsd.org/cgi/query-pr.cgi?pr=117577 
>Unformatted:
