PAM/setloginclass link error in jail

看板FB_current作者時間14年前 (2011/09/06 08:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/2 (看更多)
Hello all, I upgraded my server today to a recent HEAD from its old sources from = about October 2010. After the upgrade I ran into an unusual problem. = I've worked around the issue for now, but I was wondering if anyone = could help me solve it correctly. The problem is that all PAM related operations fail inside jails. = Initially I was getting this error in /var/log/messages: passwd: in openpam_load_module(): no pam_unix.so found That file was clearly there, however, so I dug into PAM and enabled some = debug in pam_dynamic.c. This got me the following message: openpam_dynamic(): /usr/lib/pam_unix.so: /lib/libutil.so.9: Undefined = symbol "setloginclass" This is a syscall added to the system in March, 2011. The link process = works fine normally, but fails in any jail. I went as far as turning on = rtld debug to verify it was giving up on libutil about half way through = when it could not resolve the symbol. I verified that libc.so.7 was the = same both inside and outside the jail. The setloginclass symbol was = defined as a WEAK reference. Looking through past e-mail I noticed trasz@ said he was going to = explicitly put in code to support setloginclass from root in a jail. I = think I see this code in the prison privilege checking as well. Its = just not clear to me why its not linking. To work around the issue I hacked setloginclass out of libutil for now. = This is clearly not ideal as I'm not sure when and where that will blow = up on me. It did let me log back into my e-mail, however. For reference: FreeBSD ianto.in.wanderview.com 9.0-BETA2 FreeBSD 9.0-BETA2 #1 r278M: = Mon Sep 5 18:54:58 UTC 2011 = root@ianto.in.wanderview.com:/usr/obj/usr/src/sys/SERVER i386 The system is using zfs, nullfs, and ezjail to manage the jails. I did = upgrade my zfs pools to the latest version at this same time, but so far = I can't tie that to this problem. Does anyone know why a jail would prevent rtld from linking in a = particular syscall? Any help or advice is greatly appreciated. Thank you. Ben= _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
更多 ben. 的文章
文章代碼(AID): #1EPMA_Ly (FB_current)
更多 ben. 的文章
文章代碼(AID): #1EPMA_Ly (FB_current)