From byron@rhps.org  Tue Dec  7 21:06:37 2004
Return-Path: <byron@rhps.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 80BCF16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  7 Dec 2004 21:06:37 +0000 (GMT)
Received: from mail.rhps.org (www.rhps.org [66.250.128.137])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 405F943D1F
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  7 Dec 2004 21:06:35 +0000 (GMT)
	(envelope-from byron@rhps.org)
Received: from rhps.org (localhost [127.0.0.120])
	by mail.rhps.org (8.13.1/8.13.1) with ESMTP id iB7L52bw023719;
	Tue, 7 Dec 2004 13:05:02 -0800 (PST)
	(envelope-from byron@rhps.org)
Received: (from root@localhost)
	by rhps.org (8.13.1/8.13.1/Submit) id iB7L52FN023718;
	Tue, 7 Dec 2004 13:05:02 -0800 (PST)
	(envelope-from byron)
Message-Id: <200412072105.iB7L52FN023718@rhps.org>
Date: Tue, 7 Dec 2004 13:05:02 -0800 (PST)
From: zenin@rhps.org
Reply-To: zenin@rhps.org
To: FreeBSD-gnats-submit@freebsd.org
Cc: zenin@rhps.org
Subject: /etc/rc deletes /var/run/log by mistake, problem for syslogd running outside of chroot jails
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         74820
>Category:       conf
>Synopsis:       /etc/rc deletes /var/run/log by mistake, problem for syslogd running outside of chroot jails
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 07 21:10:23 GMT 2004
>Closed-Date:    Thu May 19 21:31:40 GMT 2005
>Last-Modified:  Thu May 19 21:31:40 GMT 2005
>Originator:     Zenin
>Release:        FreeBSD 4.10-STABLE i386
>Organization:
RHPS.ORG
>Environment:
System: FreeBSD mail.rhps.org 4.10-STABLE FreeBSD 4.10-STABLE #1: Wed Nov 24 15:40:27 PST 2004 root@rhps.org:/usr/src/sys/compile/RHPS i386


	
>Description:

While special care was taken in the syslogd initialization section of
/etc/rc to refrain from deleting the log socket /var/run/log unless
"syslogd_enable" was set to YES, this effort is for not as /etc/rc then goes
on to run "clean_var" which deletes everything without consideration
including this log socket.

In a standard configuration this doesn't really matter, however when /etc/rc
is started as a jailed virtual system it can be a problem.  The FreeBSD
syslogd has a -l option to create additional log socket files explicitly so
they may be placed inside of chroot jail environments.  When one attempts to
use this feature of syslogd this minor bug then becomes critical.

Attached is a patch of the changes I made to /etc/rc.   It's an ugly kludge,
but it does go the extra mile to do the right thing.  Namely it modifies the
"pergedir" function to handle /var/run/log as a special case, IFF two other
conditions are met: syslogd_enable is not YES and we are inside a jailed
environment.

I'm possitive a better solution could be found, but it would likely involve
far more structural changes to /etc/rc.  Consider this patch an example; a
cleaner solution should probably be sought for general consumption.
>How-To-Repeat:
    Create a standard full jail environment following the directions
    outlined in jail(8).  Configure the jail's /etc/rc.conf so that
    syslogd_enable is set to NO.

    Restart the host syslogd with the additional option:

        -l /path_to_my_jail/var/run/log

    Confirm /path_to_my_jail/var/run/log has been created.

    Start the jail as jail(8) describes, eg:

        jail /path_to_my_jail/var/run/log testhostname 192.168.11.100 /bin/sh /etc/rc

    Note that /path_to_my_jail/var/run/log has been deleted.

>Fix:

	

--- rc.diff begins here ---
*** /etc/rc	Wed Nov 20 03:58:28 2002
--- etc/rc	Mon Dec  6 17:05:00 2004
***************
*** 242,248 ****
  				if [ -d "$file" -a ! -L "$file" ]; then
  					purgedir "$file"
  				else
! 					rm -f -- "$file"
  				fi
  			done
  		)
--- 242,263 ----
  				if [ -d "$file" -a ! -L "$file" ]; then
  					purgedir "$file"
  				else
! 					# Ugly Kludge to protect /var/run/log when it's created outside (in a jail)
! 					if [ "$dir" = "/var/run" -a "$file" = "log" ]; then
! 						# Are we in a jail?  -Ed: There must be an easier way to tell?
! 						if ps -p $$ -o stat | tail -1 | grep 'J'>/dev/null; then
! 							# If the jail has its own syslogd then ignore all this hubbub
! 							case ${syslogd_enable} in
! 								[Yy][Ee][Ss])
! 									# do *NOT* delete /var/run/log unless *this*
! 									# jail is going to be running syslog.
! 									rm -f -- "$file"
! 								;;
! 							esac
! 						fi
! 					else
! 						rm -f -- "$file"
! 					fi
  				fi
  			done
  		)
--- rc.diff ends here ---
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: csjp 
State-Changed-When: Thu May 19 21:28:46 GMT 2005 
State-Changed-Why:  
I fixed this issue in revision 1.8 of src/etc/rc.d/cleanvar: 

revision 1.8 
date: 2005/04/14 03:56:06;  author: csjp;  state: Exp;  lines: +2 -0 
Do not remove logging sockets. This fixes an issue where logging 
sockets placed into prisons from the host environment get clobbered 
by the prison's instance of cleanvar. (assuming /etc/rc is run in 
the prison). 

Discussed with: pjd, green, cperciva 
MFC after:      1 week 


http://www.freebsd.org/cgi/query-pr.cgi?pr=74820 
>Unformatted:
