Solved iocage removes files at startup

[Hiroo Ono]

I am using py39-iocage-1.2_10 on FreeBSD 13.1-STABLE.

To use samba416 in the jail, I added a fstab entry like:

# iocage fstab -a npm1 null /var/run/samba4/fd fdescfs rw,nodup 0 0

Then, if I start the jail by iocage start npm1, it starts removing files inside the jail.
If I do not add the fstab entry, iocage starts the jail without problems.
Does anyone know how to avoid this file removal?

for example:

# ls /usr/home/iocage/jails/npm1/root/etc
aliases                 localtime               protocols
authpf                  locate.rc               pwd.db
auto_master             login.access            rc
autofs                  login.conf              rc.bsdextended
blacklistd.conf         login.conf.db           rc.conf
bluetooth               mac.conf                rc.conf.d
cron.d                  mail                    rc.d
crontab                 mail.rc                 rc.firewall
csh.cshrc               master.passwd           rc.initdiskless
csh.login               motd.template           rc.resume
csh.logout              mtree                   rc.sendmail
ddb.conf                netconfig               rc.shutdown
defaults                netstart                rc.subr
devd                    network.subr            rc.suspend
devd.conf               networks                regdomain.xml
devfs.conf              newsyslog.conf          remote
dhclient.conf           newsyslog.conf.d        resolv.conf
disktab                 nscd.conf               rmt
dma                     nsmb.conf               rpc
dumpdates               nsswitch.conf           security
fbtab                   ntp                     services
freebsd-update.conf     ntp.conf                shells
ftpusers                opieaccess              snmpd.config
gettytab                opiekeys                spwd.db
group                   os-release              ssh
gss                     pam.d                   ssl
hosts                   passwd                  sysctl.conf
hosts.allow             pccard_ether            syslog.conf
hosts.equiv             periodic                syslog.d
hosts.lpd               pf.os                   termcap
inetd.conf              phones                  termcap.small
jail.conf.d             pkg                     ttys
krb5.keytab             portsnap.conf           unbound
kyua                    ppp                     X11
libalias.conf           printcap                zfs
libmap.conf             profile

becomes:

# ls /usr/home/iocage/jails/npm1/root/etc
aliases                 mail                    rmt
authpf                  mtree                   security
autofs                  newsyslog.conf.d        ssh
bluetooth               ntp                     ssl
cron.d                  os-release              syslog.d
defaults                pam.d                   termcap
devd                    periodic                unbound
dma                     pkg                     X11
gss                     ppp                     zfs
jail.conf.d             rc.conf.d
kyua                    rc.d

 

[Hiroo Ono]

The reason is not clear but editing /usr/local/lib/python3.9/site-packages/iocage_lib/ioc_start.py (just added logging then removed it) and re-running iocage start npm1 did not cause the problem.
The files updated to new date were above one and /usr/local/lib/python3.9/site-packages/iocage_lib/__pycache__/ioc_start.cpython-39.pyc. I suppose there was something wrong in the latter file.

 

[Hiroo Ono]

I retreived the old version of the latter file from zfs snapshot and tried to decompile, but in vain.
cf. https://stackoverflow.com/questions...-decompile-a-compiled-pyc-file-into-a-py-file
Even Decompyle++ did not help.

 

[Hiroo Ono]

The above statement was wrong. Just, I forgot to set fstab again after rollback.
The real solution was to put
cleanvar_enable="NO"
in the jail's rc.conf.

 

[juliannoble]

This has been frustrating me for a few days - thanks for the workaround!
I'm still puzzled by this behaviour. It deleted all files under /bin /sbin /etc (maybe others) .
It didn't remove symlinks or folders though.
As the r.conf(5) manual states cleanvar_enable only cleans the /var directory - this has me worried that this is a deeper bug, but I have no idea whether it's with iocage or is something more general.

 

[juliannoble]

Ok - it seems to me that /libexec/rc/rc.d/cleanvar should skip over any fdescfs mount points

Manually running something from rc.d/cleanvar like 'find /var/run \( -type f -or -type s ! -name log -and ! -name logpriv\) -delete '
I didn't delete /bin and others - but it did delete /root/.login, /root/.cshrc etc
I guess that at some point during startup various other parts of the filesystem are referenced under /var/run/samba4/fd and are vulnerable to cleanup.

I tried excluding */fd/* etc using various -name and -path options for find - but it didn't seem to work.
The -mount option to exclude descending into directories with a different device number to /var/run seems to work though:
e.g find /var/run -mount \( -type f -or -type s | -name log -and ! -name logpriv \) -delete

I'll put in a bug report to see if they're willing to change cleanvar to support this new samba requirement.

 

[juliannoble]

Bug report filed: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269213