From gaijin@pucebaboon.com  Mon Sep  6 05:13:18 2004
Return-Path: <gaijin@pucebaboon.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5B7EF16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  6 Sep 2004 05:13:18 +0000 (GMT)
Received: from pucegate.pucebaboon.com (YahooBB219186110019.bbtec.net [219.186.110.19])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AF96243D55
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  6 Sep 2004 05:13:17 +0000 (GMT)
	(envelope-from gaijin@pucebaboon.com)
Received: from localhost (localhost.pucebaboon.com [127.0.0.1])
	by pucegate.pucebaboon.com (Postfix) with ESMTP
	id 1735726BD4; Mon,  6 Sep 2004 14:13:16 +0900 (JST)
Received: from pucegate.pucebaboon.com ([127.0.0.1])
 by localhost (alnwick.pucebaboon.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 20446-01; Mon,  6 Sep 2004 14:13:12 +0900 (JST)
Received: from alwin.pucebaboon.com (alwin.pucebaboon.com [192.168.172.70])
	by pucegate.pucebaboon.com (Postfix) with ESMTP
	id AEC9C26BD3; Mon,  6 Sep 2004 14:13:12 +0900 (JST)
Message-Id: <Pine.LNX.4.44.0409061408400.2547-100000@alwin.pucebaboon.com>
Date: Mon, 6 Sep 2004 14:13:10 +0900 (JST)
From: John Little <gaijin@pucebaboon.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc: gaijin@pucebaboon.com
Subject: [PATCH] /etc/rc.subr - devfs ruleset parsing in devfs_set_ruleset()

>Number:         71415
>Category:       conf
>Synopsis:       [PATCH] /etc/rc.subr - devfs ruleset parsing in devfs_set_ruleset()
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    cperciva
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 06 05:20:23 GMT 2004
>Closed-Date:    Fri Jun 17 13:05:25 GMT 2005
>Last-Modified:  Fri Jun 17 13:05:25 GMT 2005
>Originator:     John Little
>Release:        FreeBSD 5.2.1-RELEASE i386
>Organization:
PuceBaboon Y.K., Japan.
>Environment:

System: FreeBSD middledean.pucebaboon.com 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386

   This is non-processor specific.  The same problem still exists in
   releases up to and including 5.3-BETA-3.

>Description:

   Setting up a Jail environment as per the rc.conf man page (specifically,
   using devfs rulesets to limit access within the jail) and using the
   /etc/defaults/devfs.rules, always results in a failure of 
   /etc/rc.d/jail, with this message:-

Starting Jails:/etc/rc.d/jail: WARNING: devfs_set_ruleset: you must specify a ruleset number

   The cause is a faulty eval statement in /etc/rc.subr, where 
   devfs_set_ruleset() checks the arguments passed ($1).

   This is a devfs problem which is not jail specific (it just happens to
   cause jail starts to fail and so be most noticeable at that time).


>How-To-Repeat:

   - Add to rc.conf:-

##
## Jail config follows.
##
sendmail_enable="NO"
inetd_flags="-wW -a 192.168.1.6"
rpcbind_enable="NO"
devfs_rulesets="/etc/defaults/devfs.rules"
jail_enable="YES"
jail_list="mydemojail"
jail_set_hostname_allow="NO"
jail_socket_unixiproute_only="NO"
jail_sysvipc_allow="NO"
##
## First Jail (mydemojail.pucebaboon.com).
##
jail_mydemojail_rootdir="/usr/jail/mydemojail"
jail_mydemojail_hostname="mydemojail.houserock.com"
jail_mydemojail_ip="192.168.1.3"
jail_mydemojail_devfs_ruleset="4"
jail_mydemojail_devfs_enable="YES"
jail_mydemojail_fdescfs_enable="NO"
jail_mydemojail_procfs_enable="YES"

   - Run "sh -x /etc/rc.d/jail start >& /tmp/jail.log"

   The ruleset exists in /etc/defaults/devfs.rules and the verbose output
   will indicate that the rulesets are read from the file.  However, the
   call to devfs_set_ruleset() in /etc/rc.subr fails to eval $1 correctly
   and causes the whole jail start sequence to abort.

>Fix:

   Delete the escaped-dollar ("\$") in the eval statement in 
   devfs_set_ruleset() to leave a plain variable:-



*** /etc/rc.subr	Mon Sep  6 13:52:06 2004
--- /tmp/rc.subr	Mon Sep  6 13:51:00 2004
***************
*** 1165,1171 ****
  devfs_set_ruleset()
  {
  	local devdir rs _me
! 	[ -n "$1" ] && eval rs=\$$1 || rs=
  	[ -n "$2" ] && devdir="-m "$2"" || devdir=
  	_me="devfs_set_ruleset"
  
--- 1165,1171 ----
  devfs_set_ruleset()
  {
  	local devdir rs _me
! 	[ -n "$1" ] && eval rs=$1 || rs=
  	[ -n "$2" ] && devdir="-m "$2"" || devdir=
  	_me="devfs_set_ruleset"
  


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->cperciva 
Responsible-Changed-By: den 
Responsible-Changed-When: Fri Jun 17 10:36:41 GMT 2005 
Responsible-Changed-Why:  


http://www.freebsd.org/cgi/query-pr.cgi?pr=71415 
State-Changed-From-To: open->closed 
State-Changed-By: cperciva 
State-Changed-When: Fri Jun 17 13:00:47 GMT 2005 
State-Changed-Why:  
This behaviour is as intended, and as documented in rc.subr immediately 
prior to the devfs_set_ruleset() subroutine: 

# devfs_set_ruleset ruleset [dir] 
#       Sets the default ruleset of dir to ruleset. The ruleset arguement 
#       must be a ruleset name as specified in devfs.rules(5) file. 
^^^^^^^^^^^^^^ 
#       Returns non-zero if it could not set it successfully. 

Also in /etc/defaults/rc.conf: 

#jail_example_devfs_ruleset="ruleset_name"      # devfs ruleset to apply to jail 
^^^^^^^^^^^^ 

Since "4" is not a ruleset name (but is instead a ruleset _number_), the 
error produced is entirely appropriate. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=71415 
>Unformatted:
