diff options
author | Rick Macklem <rmacklem@FreeBSD.org> | 2023-05-28 18:06:27 +0000 |
---|---|---|
committer | Rick Macklem <rmacklem@FreeBSD.org> | 2023-05-28 18:08:38 +0000 |
commit | 697727110b68e483c320d834bcbcdf01c01142a1 (patch) | |
tree | 5ed7e49ae7938f1c50d7b7b4c296121570940a05 | |
parent | e15da6b10a4971f43aa604fca3ea43effa096f4c (diff) | |
download | src-697727110b68e483c320d834bcbcdf01c01142a1.tar.gz src-697727110b68e483c320d834bcbcdf01c01142a1.zip |
gssd: Improve failure message when running in a jail
If a jail is not correctly configured to run nfsd(8)
in the jail, gssd(8) cannot run.
This patch improves the failure message for this case.
MFC after: 2 weeks
-rw-r--r-- | usr.sbin/gssd/gssd.c | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/usr.sbin/gssd/gssd.c b/usr.sbin/gssd/gssd.c index d1722851e4e1..2bc839b7a2ea 100644 --- a/usr.sbin/gssd/gssd.c +++ b/usr.sbin/gssd/gssd.c @@ -35,6 +35,7 @@ __FBSDID("$FreeBSD$"); #include <sys/linker.h> #include <sys/module.h> #include <sys/queue.h> +#include <sys/sysctl.h> #include <sys/syslog.h> #include <ctype.h> #include <dirent.h> @@ -112,8 +113,9 @@ main(int argc, char **argv) * directly to us. */ struct sockaddr_un sun; - int fd, oldmask, ch, debug; + int fd, oldmask, ch, debug, jailed; SVCXPRT *xprt; + size_t jailed_size; /* * Initialize the credential cache file name substring and the @@ -243,7 +245,27 @@ main(int argc, char **argv) gss_next_id = 1; gss_start_time = time(0); - gssd_syscall(_PATH_GSSDSOCK); + if (gssd_syscall(_PATH_GSSDSOCK) < 0) { + jailed = 0; + if (errno == EPERM) { + jailed_size = sizeof(jailed); + sysctlbyname("security.jail.jailed", &jailed, + &jailed_size, NULL, 0); + } + if (debug_level == 0) { + if (jailed != 0) + syslog(LOG_ERR, "Cannot start gssd." + " allow.nfsd must be configured"); + else + syslog(LOG_ERR, "Cannot start gssd"); + exit(1); + } + if (jailed != 0) + err(1, "Cannot start gssd." + " allow.nfsd must be configured"); + else + err(1, "Cannot start gssd"); + } svc_run(); gssd_syscall(""); |