Re: Jails that keep hanging around

From: Maxim Konovalov <maxim_at_macomnet.ru>
Date: Sun, 15 Feb 2004 19:37:42 +0300 (MSK)
Hello,

On Sun, 15 Feb 2004, 17:14+0100, Melvyn Sopacua wrote:

> Hi,
>
> I have yet to figure out what triggers the bug, but I end up with 'running'
> jails, without any processes. So I thought I'd create 'jld' to remove a jail.
> However - prison_find isn't exported to userland. Probably for good reason.
>
> Should I worry about these jails or is it harmless:
[...]

Yes, it is a known bug, see kern/54163 for example.  It seems we are
leaking ucred reference somewhere.  TIME_WAIT handling is involved
too.  You can reproduce it easily:

1/ Start a jail:

# jail / j 127.0.0.1 /usr/local/bin/nc -p 1973 -l 127.0.0.1

2/ Telnet to it:

# telnet 127.0.0.1 1973

3/ Kill the jail:

# killall nc

4/ Watch a leak:

# jls
...

or

# sysctl -o security.jail.list
...

I were trying to fix this for a long time but no success.

-- 
Maxim Konovalov
Received on Sun Feb 15 2004 - 07:37:44 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:43 UTC