[OpenWrt-Devel] Jails current broken due to not following symlinks
Daniel Dickinson
openwrt at daniel.thecshore.com
Fri Oct 9 22:07:20 EDT 2015
Hi all,
An update: current Chaos Calmer HEAD (i.e. latest commit) does correctly
follow symlinks on ar71xx but not x86_64.
That is jails work on ar71xx but not x86_64 with current Chaos Calmer
branch. (as described previously manually addingthe links on x86_64
allows the jails to work).
Regards,
Daniel
On 2015-10-08 11:46 PM, Daniel Dickinson wrote:
> Hi all,
>
> Reverting to 15.05 release fails to resolve the issue on x86_64 so I
> suspect jails are simply broken on x86_64 due not following symlinks.
> For some reason ar71xx does follow the symlinks and does not experience
> this issue with the same commit.
>
> Regards,
>
> Daniel
>
> On 2015-10-08 2:45 AM, Daniel Dickinson wrote:
>> Ok, I thought I had found the root cause but all I'm left with is that
>> symlinks aren't followed.
>>
>> That is when procd-jail is installed and using procd_add_jail (or
>> manually executing ujail) on x86_64 using squashfs, on (for example)
>> /usr/sbin/ntpd (which is a symlink to /bin/busybox), then in syslog you
>> get (assuming you have correctly included all config/pid files that ntpd
>> depends on):
>>
>> Thu Oct 8 06:33:12 2015 user.err syslog: jail: failed to spawn child
>> /usr/sbin/ntpd: No such file or directory
>>
>> Using strace I see that the mounts are occuring correctly and the
>> necessary files are found, but execve of /usr/sbin/ntpd returns ENOENT.
>>
>> I took a closer look and realized that e.g. /bin/busybox and the actual
>> libraries that are the target of the so versions listed by ldd (i.e. the
>> so versions points to a symlink which points to the actual fully
>> verisoned so, such as the uClibc dependencies of busybox) were not being
>> mounted.
>>
>> I added the targets of the symlinks to procd_add_jail_mount and lo and
>> behold the jailed daemon started correctly.
>>
>> In short, at least on x86_64 with squashfs rootfs the symlinks are not
>> being followed.
>>
>> The behaviour was correct on previous version of Chaos Calmer (release
>> commit) on ar71xx and it was not necessary to add the symlink targets to
>> procd_jail_mount in that case.
>>
>> Regards,
>>
>> Daniel
>>
>> On 2015-10-08 2:18 AM, John Crispin wrote:
>>>
>>>
>>> On 08/10/2015 06:01, Daniel Dickinson wrote:
>>>> Hi again,
>>>>
>>>> It turns out the problem isn't Etienne's code, it is the fstools update
>>>> in revision 47083.
>>>>
>>>> This causes symlinks to not be followed which breaks procd-jail even
>>>> though the real issue is that procd-jail was in fact only working
>>>> due to
>>>> broken behaviour.
>>>>
>>>> Regards,
>>>>
>>>> Daniel
>>>>
>>>> On 2015-10-07 11:16 PM, Daniel Dickinson wrote:
>>>>> Hi all,
>>>>>
>>>>> In Chaos Calmer revision 46996 which bumps procd to latest git breaks
>>>>> jails because Etienne's code fails to follow symlinks.
>>>>>
>>>>> This is a major problem because especially for libraries symlinks are
>>>>> what is reported int the ELF header (and for busybox 'binaries', or
>>>>> other multicall binaries failure to follow symlinks also fails).
>>>>>
>>>>> This results in jails failing with ENOENT due to inability to find the
>>>>> needed binaries.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Daniel
>>>> _______________________________________________
>>>> openwrt-devel mailing list
>>>> openwrt-devel at lists.openwrt.org
>>>> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>>>
>>>
>>> wanna be a bit more specific ?
>>> _______________________________________________
>>> openwrt-devel mailing list
>>> openwrt-devel at lists.openwrt.org
>>> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>>>
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list