files for jailed process's

e9hack e9hack at gmail.com
Tue Jul 30 10:47:12 PDT 2024


Am 30.07.2024 um 17:29 schrieb Daniel Golle:
> On Tue, Jul 30, 2024 at 03:40:25PM +0200, e9hack wrote:
>> Hi,
>>
>> if a process is started via procd in a jail and uses some files, changes to those files outside the jail are not reflected inside the jail. For  E.g. dnsmasq runs in a jail. The configuration is changed, that only the host file does change. Sending SIGHUP to dnsmasq results in reloading of the unmodified host file.
>>
>> Is it possible to change this behaviour?
> 
> What you are observing is typically caused by the file being replaced
> rather than edited. In that case, the mount-bind on the old file will
> remain, and you will not be able to access the new (replacement) file
> inside the jail. This is due to the nature of mount --bind which
> attaches itself to a specific inode on the filesystem rather than to
> a filename.
> 
> There are two ways to work around this problem:
> 1. Actually edit instead of replace the file.
> 
> 2. procd_add_jail_mount_ro a folder instead of a file. In that way, the
> replaced file will also show up.

dnsmasq.init replaces the host file but mounts usually the folder of the
host file. I've two instances of dnsmasq running, which needs different
host files. I set the option 'ignore_hosts_dir=1' for both instances.

> 
> As in most cases only strategy 2 is truely a good option we have already
> moved resolv.conf.auto into a folder of its own. If the same problem
> also occurs for other dnsmasq config files, we shall introduce a folder
> for all of them and add that using procd_add_jail_mount_ro to make it
> accessible inside the jail instead of calling procd_add_jail_mount_ro for
> individual files.

I think for the host file is this necessary and maybe for all files, which
dnsmasq can reload at SIGHUP.




More information about the openwrt-devel mailing list