Where is the devfs_ruleset for iocage jails configured?

[Patrick M. Hausen]

Hi all,

this seems just a wee bit odd to me:

Code:

root@freenas-pmh# iocage get devfs_ruleset gitea
4
root@freenas-pmh# grep devfs_ruleset /mnt/zfs/iocage/jails/gitea/config.json
    "devfs_ruleset": "4",
root@freenas-pmh# iocage start gitea
* Starting gitea
  + Started OK
  + Using devfs_ruleset: 5
  + Configuring VNET OK
  + Using IP options: vnet
  + Starting services OK
  + Executing poststart OK

What the ...? Most of all there is no ruleset 5 in /etc/defaults/devfs.rules! The jail ruleset is number 4.

Thanks to anyone who can enlighten me ;)

Take care,
Patrick

 

[Patrick M. Hausen]

The plot thickens - still mysterious:

Code:

root@freenas-pmh[~]# iocage get -r devfs_ruleset     
+-----------+----------------------+
|   NAME    | PROP - devfs_ruleset |
+===========+======================+
| gitea     | 4                    |
+-----------+----------------------+
| guacamole | 4                    |
+-----------+----------------------+
| proxy     | 4                    |
+-----------+----------------------+
root@freenas-pmh[~]# iocage start gitea
* Starting gitea
  + Started OK
  + Using devfs_ruleset: 5
  + Configuring VNET OK
  + Using IP options: vnet
  + Starting services OK
  + Executing poststart OK
root@freenas-pmh[~]# iocage start guacamole
* Starting guacamole
  + Started OK
  + Using devfs_ruleset: 6
  + Configuring VNET OK
  + Using IP options: vnet
  + Starting services OK
  + Executing poststart OK
root@freenas-pmh[~]# iocage start proxy   
* Starting proxy
  + Started OK
  + Using devfs_ruleset: 7
  + Configuring VNET OK
  + Using IP options: vnet
  + Starting services OK
  + Executing poststart OK
root@freenas-pmh[~]# iocage get -r devfs_ruleset
+-----------+----------------------+
|   NAME    | PROP - devfs_ruleset |
+===========+======================+
| gitea     | 5                    |
+-----------+----------------------+
| guacamole | 6                    |
+-----------+----------------------+
| proxy     | 7                    |
+-----------+----------------------+

Who is messing with my settings and why? Seems like iocage is creating rulesets on the fly???

Kind regards,
Patrick

 

[kebian]

I would also love to know why this is happening.

 

[Xcapee]

I have the same problem - I set devfs_ruleset to zero - when I start the jail it is 5

 

[Samuel Tai]

Unfortunately, this looks like an iocage bug in /usr/local/lib/python3.7/site-packages/iocage_lib/ioc_common.py, lines 740-821. The generate_devfs_ruleset subroutine is supposed to honor the external setting and exit, but appears to always reset it to 5 on runtime.

 

[Xcapee]

Thank you @Samuel Tai
I was just looking at raising a bug about this.

root@bosnas[~]# iocage set devfs_ruleset=0 plex
devfs_ruleset: 5 -> 0
root@bosnas[~]# iocage get -r devfs_ruleset
+------+----------------------+
| NAME | PROP - devfs_ruleset |
+======+======================+
| plex | 5 |
+------+----------------------+

 

[Xcapee]

Thank you @Samuel Tai
I was just looking at raising a bug about this.

https://jira.ixsystems.com/browse/NAS-106134

 

[mistermanko]

Does this bug still appears in 11.3 U3.2? jira says it'S due 11.3 U4.

 

[Samuel Tai]

Does this bug still appears in 11.3 U3.2? jira says it'S due 11.3 U4.

Yes, still zapping all devfs_ruleset settings to 5 in U3.2.

 

[RegularJoe]

Samuel,

Can we just copy a working /usr/local/lib/python3.7/site-packages/iocage_lib/ioc_common.py and replace the broken one? Is there a version of 11.3 that this was not broken in, 11.3-U2?

Thanks,
Joe

 

[RegularJoe]

I just loaded up FreeNAS 11.3-RELEASE to see if I could get the devfs_ruleset to work and it still fails, my first start it said it was looking for ruleset 46but it thinks it does not exist

Code:

root@freenas[/mnt/volHD]# iocage start bacula-server
* Ruleset 46 does not exist, using defaults
No default gateway found for ipv6.
* Starting bacula-server
  + Started OK
  + Using devfs_ruleset: 6
  + Configuring VNET OK
  + Using IP options: vnet
  + Starting services OK
  + Executing poststart OK
  + DHCP Address: 10.31.6.111/23
root@freenas[/mnt/volHD]# iocage stop bacula-server
* Stopping bacula-server
  + Executing prestop OK
  + Stopping services OK
  + Tearing down VNET OK
  + Removing devfs_ruleset: 6 OK
  + Removing jail process OK
  + Executing poststop OK
root@freenas[/mnt/volHD]#

Code:

cat /etc/devfs.rules
[usbrules=100]
add path 'usbctl' mode 660 group uucp
add path 'usb/*' mode 660 group uucp
add path 'ttyU*' mode 660 group uucp

[devfsrules=6]
add path sa0    unhide
add path pass10  unhide mode 0660

[devfsrules=46]
add path sa0    unhide
add path pass10  unhide mode 0660

Code:

{
    "CONFIG_VERSION": "26",
    "allow_chflags": 0,
    "allow_mlock": 0,
    "allow_mount": 1,
    "allow_mount_devfs": 1,
    "allow_mount_fusefs": 0,
    "allow_mount_nullfs": 1,
    "allow_mount_procfs": 1,
    "allow_mount_tmpfs": 1,
    "allow_mount_zfs": 0,
    "allow_quotas": 0,
    "allow_raw_sockets": 0,
    "allow_set_hostname": 1,
    "allow_socket_af": 1,
    "allow_sysvipc": 0,
    "allow_tun": 0,
    "allow_vmm": 0,
    "assign_localhost": 0,
    "available": "readonly",
    "basejail": 1,
    "boot": 0,
    "bpf": 1,
    "children_max": "0",
    "cloned_release": "11.2-RELEASE-p15",
    "comment": "none",
    "compression": "lz4",
    "compressratio": "readonly",
    "coredumpsize": "off",
    "count": "1",
    "cpuset": "off",
    "cputime": "off",
    "datasize": "off",
    "dedup": "off",
    "defaultrouter": "auto",
    "defaultrouter6": "auto",
    "depends": "none",
    "devfs_ruleset": "46",
    "dhcp": 1,
    "enforce_statfs": "2",
    "exec_clean": 1,
    "exec_created": "/usr/bin/true",
    "exec_fib": "0",
    "exec_jail_user": "root",
    "exec_poststart": "/usr/bin/true",
    "exec_poststop": "/usr/bin/true",
    "exec_prestart": "/usr/bin/true",
    "exec_prestop": "/usr/bin/true",
    "exec_start": "/bin/sh /etc/rc",
    "exec_stop": "/bin/sh /etc/rc.shutdown",
    "exec_system_jail_user": "0",
    "exec_system_user": "root",
    "exec_timeout": "60",
    "host_domainname": "none",
    "host_hostname": "bacula-server",
    "host_hostuuid": "bacula-server",
    "host_time": 1,
    "hostid": "5accff1c-8980-11eb-a3a9-d05099d3030e",
    "hostid_strict_check": 0,
    "interfaces": "vnet0:bridge0",
    "ip4": "new",
    "ip4_addr": "none",
    "ip4_saddrsel": 1,
    "ip6": "new",
    "ip6_addr": "none",
    "ip6_saddrsel": 1,
    "ip_hostname": 0,
    "jail_zfs": 0,
    "jail_zfs_dataset": "iocage/jails/bacula-server/data",
    "jail_zfs_mountpoint": "none",
    "last_started": "2021-03-21 20:35:32",
    "localhost_ip": "none",
    "login_flags": "-f root",
    "mac_prefix": "000acd",
    "maxproc": "off",
    "memorylocked": "off",
    "memoryuse": "off",
    "mount_devfs": 1,
    "mount_fdescfs": 1,
    "mount_linprocfs": 0,
    "mount_procfs": 1,
    "mountpoint": "readonly",
    "msgqqueued": "off",
    "msgqsize": "off",
    "nat": 0,
    "nat_backend": "ipfw",
    "nat_forwards": "none",
    "nat_interface": "none",
    "nat_prefix": "172.16",
    "nmsgq": "off",
    "notes": "none",
    "nsem": "off",
    "nsemop": "off",
    "nshm": "off",
    "nthr": "off",
    "openfiles": "off",
    "origin": "readonly",
    "owner": "root",
    "pcpu": "off",
    "plugin_name": "bacula-server",
    "plugin_repository": "https://github.com/freenas/iocage-ix-plugins.git",
    "priority": "99",
    "pseudoterminals": "off",
    "quota": "none",
    "readbps": "off",
    "readiops": "off",
    "release": "11.2-RELEASE-p15",
    "reservation": "none",
    "resolver": "/etc/resolv.conf",
    "rlimits": "off",
    "rtsold": 0,
    "securelevel": "0",
    "shmsize": "off",
    "stacksize": "off",
    "stop_timeout": "30",
    "swapuse": "off",
    "sync_state": "none",
    "sync_target": "none",
    "sync_tgt_zpool": "none",
    "sysvmsg": "new",
    "sysvsem": "new",
    "sysvshm": "new",
    "template": 0,
    "type": "pluginv2",
    "used": "readonly",
    "vmemoryuse": "off",
    "vnet": 1,
    "vnet0_mac": "000acd9a84ac 000acd9a84ad",
    "vnet1_mac": "none",
    "vnet2_mac": "none",
    "vnet3_mac": "none",
    "vnet_default_interface": "auto",
    "vnet_interfaces": "none",
    "wallclock": "off",
    "writebps": "off",
    "writeiops": "off"
}#              

 

[hertzsae]

Per the bug linked above, it is marked as fixed in 11.3-U4. Is there a reason you're not running the latest 11.3-U5? People tend not to care about bugs that have been fixed.

 

[RegularJoe]

Per the bug linked above, it is marked as fixed in 11.3-U4. Is there a reason you're not running the latest 11.3-U5?

I could not get it to work on 11.3-U5, I will try 11.3-U4

 

[hertzsae]

I could not get it to work on 11.3-U5, I will try 11.3-U4

Then you probably don't have the exact issue that this thread is discussing. You'll get better help if you do your troubleshooting on the latest 11.3 (currently U5) and start a new thread.

I don't know much about devfs, just trying to help you get help. It can be confusing trying to help people when they resurrect threads for resolved problems due to finding something similar.