3571e53040
patches for easier mirroring, to eliminate a special copy, to make www.freebsd.org/security a full copy of security.freebsd.org and be eventually be the same. For now files are just sitting there. The symlinks are missing. Discussed on: www (repository location) Discussed with: simon (so)
90 lines
3.5 KiB
Text
90 lines
3.5 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA1
|
|
|
|
FreeBSD-EN-06:01.jail Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: Jail startup scripts may override some global jail_*
|
|
variables.
|
|
|
|
Category: core
|
|
Module: etc_rc.d
|
|
Announced: 2006-07-07
|
|
Credits: Florent Thoumie, Pawel Dawidek, Cheng-Lung Sung
|
|
Affects: FreeBSD 6.1-RELEASE
|
|
Corrected: 2006-07-07 07:25:21 UTC
|
|
|
|
I. Background
|
|
|
|
System startup scripts, typically in /etc/rc.d, control what happens
|
|
as a system boots to multi-user mode. The behavior of those scripts
|
|
can be controlled by "global" variables in /etc/rc.conf.
|
|
|
|
II. Problem Description
|
|
|
|
The names of several internal variables in the jail startup script
|
|
conflicted with those of global variables that could be set by
|
|
administrators. In addition, some configuration variables are not
|
|
properly validated in the jail startup script.
|
|
|
|
III. Impact
|
|
|
|
Jails may not have started up as the administrator intended. If some
|
|
configuration variables required by jail configuration in /etc/rc.conf
|
|
are not correctly set jail startup may have been attempted by the script
|
|
anyway.
|
|
|
|
IV. Solution
|
|
|
|
Do one of the following to update the source tree:
|
|
|
|
1) Upgrade your affected system to the RELENG_6_1 errata branch dated
|
|
after the correction date using cvsup(1) or cvs(1). This is the
|
|
preferred method. For information on how to use cvsup(1) to update
|
|
your source code see:
|
|
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
|
|
|
|
2) Obtain the updated files using the cvsweb interface. Cvsweb is a
|
|
Web interface to the CVS repository. The URL to the general
|
|
interface is "http://www.freebsd.org/cgi/cvsweb.cgi/". You can
|
|
obtain any of the source files for the RELENG_6_1 branch by going
|
|
to the src directory ("http://www.freebsd.org/cgi/cvsweb.cgi/src")
|
|
and then selecting the "RELENG_6_1" branch tag. With the branch
|
|
tag set navigate to the files listed below in the "Correction
|
|
details" section and download them, making sure you get the correct
|
|
revision numbers. Copy the downloaded files into your /usr/src tree.
|
|
|
|
If using the second procedure you should make sure you have used that
|
|
same procedure to download all previous Errata Notices and Security
|
|
Advisories. We strongly discourage this procedure due to the problems
|
|
that may be caused by not doing that - using the first procedure takes
|
|
care of making sure all updates get applied.
|
|
|
|
Then use mergemaster(8) to install the updated startup script support. Note
|
|
that mergemaster(8) will expect to find a normal object file tree having
|
|
resulted from doing 'make world' in /usr/src, and will build one if it
|
|
does not exist. If you do not have a recent object file tree you may
|
|
want to just manually copy the src/etc/rc.d/jail and src/etc/defaults/rc.conf
|
|
files into place.
|
|
|
|
V. Correction details
|
|
|
|
The following list contains the revision numbers of each file that was
|
|
corrected in FreeBSD.
|
|
|
|
- ---------------------------------------------------------------------------
|
|
RELENG_6_1
|
|
|
|
Revision Changes Path
|
|
1.416.2.22.2.5 +3 -0 src/UPDATING
|
|
1.23.2.3.2.2 +102 -91 src/etc/rc.d/jail
|
|
1.69.2.11.2.5 +1 -1 src/sys/conf/newvers.sh
|
|
|
|
- ---------------------------------------------------------------------------
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: GnuPG v1.4.3 (FreeBSD)
|
|
|
|
iD8DBQFErgzzFdaIBMps37IRAh17AJwLueUv5ZzXrbZG8qtL1lwgpPZCCgCfYGxE
|
|
2oAorGMRBTbqVx/YhKJX1lA=
|
|
=Lmti
|
|
-----END PGP SIGNATURE-----
|