Foxy's (mis)Adventures with NetBSD | ezjail

When I was doing regular maintenance of some jails in planet-express machine I
came across this rather annoying issue of ezjail not being able to create a jail
if the jail of same name was deleted at some point back.

ezjail even has a section[1] dedicated to it in the handbook, hence my decision
to use ezjail for jail management.

Here is a simple way to reproduce the issue.

[root@freebsd-test: ~]# ezjail-admin create dnsjail 'lo1|127.0.1.1,vtnet0|172.16.0.100'
[root@freebsd-test: ~]# ezjail-admin delete dnsjail
[root@freebsd-test: ~]# ezjail-admin create dnsjail 'lo1|127.0.1.1,vtnet0|172.16.0.100'
Error: A file or a non empty directory already exists at the specified jail root /usr/jails/dnsjail.
  Maybe you want to 'ezjail-admin create -x' an existing jail?
  Please specify another jail root with the -r switch.
[root@freebsd-test: ~]#

So I decided to investigate a bit more into this, since I was experimenting with
jails and this started to leave back traces of all these unused folders in the
system.

Upon further investigation I noticed that, the directory in which the jail was
maintained had this file /usr/jails/dnsjail/var/empty and when I tried to
remove it using a simple rm(1) command it did not work out and I did not know
what exactly to do. But then I remembered a conversation I had with Todd about a
file which just refused to be removed by rm(1) and he told about
chflags(1)[2] and to check if the schg flag had been set on it.

So, doing a simple ls(1) with the -o flag showed the file flags set.

[root@freebsd-test: ~]# ls -lo /usr/jails/dnsjail/var
dr-xr-xr-x   2 root     wheel    schg 512 Jun 27 14:21 empty
[root@freebsd-test: ~]#

From the man page

schg, schange, simmutable
set the system immutable flag (super-user only)

The solution was simple enough chflags -R noschg /usr/jails/dnsjail/var/empty
on the above said file and then doing a rm -rf /usr/jails/dnsjail.

I expected the jail orchestration tool to be a lot more better especially when a
tool has a dedicated section in the FreeBSD handbook.

Meanwhile due to the annoyance of using ezjail I been looking at other options
one of them being iocage.

References

https://www.freebsd.org/doc/handbook/jails-ezjail.html
https://www.freebsd.org/cgi/man.cgi?query=chflags&sektion=1

ezjail - Jail deletion bug

Recent Posts

Tags