[OpenWrt-Devel] Jails current broken due to not following symlinks

Daniel Dickinson openwrt at daniel.thecshore.com
Thu Oct 8 23:46:36 EDT 2015


Hi all,

Reverting to 15.05 release fails to resolve the issue on x86_64 so I 
suspect jails are simply broken on x86_64 due not following symlinks. 
For some reason ar71xx does follow the symlinks and does not experience 
this issue with the same commit.

Regards,

Daniel

On 2015-10-08 2:45 AM, Daniel Dickinson wrote:
> Ok, I thought I had found the root cause but all I'm left with is that
> symlinks aren't followed.
>
> That is when procd-jail is installed and using procd_add_jail (or
> manually executing ujail) on x86_64 using squashfs, on (for example)
> /usr/sbin/ntpd (which is a symlink to /bin/busybox), then in syslog you
> get (assuming you have correctly included all config/pid files that ntpd
> depends on):
>
> Thu Oct  8 06:33:12 2015 user.err syslog: jail: failed to spawn child
> /usr/sbin/ntpd: No such file or directory
>
> Using strace I see that the mounts are occuring correctly and the
> necessary files are found, but execve of /usr/sbin/ntpd returns ENOENT.
>
> I took a closer look and realized that e.g. /bin/busybox and the actual
> libraries that are the target of the so versions listed by ldd (i.e. the
> so versions points to a symlink which points to the actual fully
> verisoned so, such as the uClibc dependencies of busybox) were not being
> mounted.
>
> I added the targets of the symlinks to procd_add_jail_mount and lo and
> behold the jailed daemon started correctly.
>
> In short, at least on x86_64 with squashfs rootfs the symlinks are not
> being followed.
>
> The behaviour was correct on previous version of Chaos Calmer (release
> commit) on ar71xx and it was not necessary to add the symlink targets to
> procd_jail_mount in that case.
>
> Regards,
>
> Daniel
>
> On 2015-10-08 2:18 AM, John Crispin wrote:
>>
>>
>> On 08/10/2015 06:01, Daniel Dickinson wrote:
>>> Hi again,
>>>
>>> It turns out the problem isn't Etienne's code, it is the fstools update
>>> in revision 47083.
>>>
>>> This causes symlinks to not be followed which breaks procd-jail even
>>> though the real issue is that procd-jail was in fact only working due to
>>> broken behaviour.
>>>
>>> Regards,
>>>
>>> Daniel
>>>
>>> On 2015-10-07 11:16 PM, Daniel Dickinson wrote:
>>>> Hi all,
>>>>
>>>> In Chaos Calmer revision 46996 which bumps procd to latest git breaks
>>>> jails because Etienne's code fails to follow symlinks.
>>>>
>>>> This is a major problem because especially for libraries symlinks are
>>>> what is reported int the ELF header (and for busybox 'binaries', or
>>>> other multicall binaries failure to follow symlinks also fails).
>>>>
>>>> This results in jails failing with ENOENT due to inability to find the
>>>> needed binaries.
>>>>
>>>> Regards,
>>>>
>>>> Daniel
>>> _______________________________________________
>>> openwrt-devel mailing list
>>> openwrt-devel at lists.openwrt.org
>>> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>>
>>
>> wanna be a bit more specific ?
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list