[OpenWrt-Devel] Jails current broken due to not following symlinks
Daniel Dickinson
openwrt at daniel.thecshore.com
Thu Oct 8 02:45:42 EDT 2015
Ok, I thought I had found the root cause but all I'm left with is that
symlinks aren't followed.
That is when procd-jail is installed and using procd_add_jail (or
manually executing ujail) on x86_64 using squashfs, on (for example)
/usr/sbin/ntpd (which is a symlink to /bin/busybox), then in syslog you
get (assuming you have correctly included all config/pid files that ntpd
depends on):
Thu Oct 8 06:33:12 2015 user.err syslog: jail: failed to spawn child
/usr/sbin/ntpd: No such file or directory
Using strace I see that the mounts are occuring correctly and the
necessary files are found, but execve of /usr/sbin/ntpd returns ENOENT.
I took a closer look and realized that e.g. /bin/busybox and the actual
libraries that are the target of the so versions listed by ldd (i.e. the
so versions points to a symlink which points to the actual fully
verisoned so, such as the uClibc dependencies of busybox) were not being
mounted.
I added the targets of the symlinks to procd_add_jail_mount and lo and
behold the jailed daemon started correctly.
In short, at least on x86_64 with squashfs rootfs the symlinks are not
being followed.
The behaviour was correct on previous version of Chaos Calmer (release
commit) on ar71xx and it was not necessary to add the symlink targets to
procd_jail_mount in that case.
Regards,
Daniel
On 2015-10-08 2:18 AM, John Crispin wrote:
>
>
> On 08/10/2015 06:01, Daniel Dickinson wrote:
>> Hi again,
>>
>> It turns out the problem isn't Etienne's code, it is the fstools update
>> in revision 47083.
>>
>> This causes symlinks to not be followed which breaks procd-jail even
>> though the real issue is that procd-jail was in fact only working due to
>> broken behaviour.
>>
>> Regards,
>>
>> Daniel
>>
>> On 2015-10-07 11:16 PM, Daniel Dickinson wrote:
>>> Hi all,
>>>
>>> In Chaos Calmer revision 46996 which bumps procd to latest git breaks
>>> jails because Etienne's code fails to follow symlinks.
>>>
>>> This is a major problem because especially for libraries symlinks are
>>> what is reported int the ELF header (and for busybox 'binaries', or
>>> other multicall binaries failure to follow symlinks also fails).
>>>
>>> This results in jails failing with ENOENT due to inability to find the
>>> needed binaries.
>>>
>>> Regards,
>>>
>>> Daniel
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>
>
> wanna be a bit more specific ?
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list