On Sat, 11 Dec 2004, Tom Dymond wrote:
> I'm having a serious problem with jails on my 5.3-RELEASE machine. When
> I stop a jail using '/etc/rc.d jail stop <jail name>' the
jail stops but
> jls still shows it running.
>
> I have tried fstat, lsof, nothing is running in this jail, yet if there
> is a reason why jls says it is running, how can i kill it ?
>
> I thought it could be related to time but it's been 1 hour now since
the
> jail has been stopped.
Jails are reference counted objects, generally referenced from process
credentials. Process credentials are in turn reference counted objects,
generally referenced by threads, processes, file descriptors, sockets,
network protocol control blocks, mountpoints, and a couple of other misc
bits and pieces (such as the accounting code). Jails are garbage
collected when the last process credential reference to the jail is
released, which generally occurs because the last process credential
refering to the jail is also released. A straggling jail is almost always
a sign of one of two things:
- A long-lived object persisting beyond the death of the last process in a
jail. For example, a TCP connection in the TIME_WAIT state.
- A credential reference count leak.
While the second is not impossible (such as the bug mentioned in the PRs
you reference), it's more likely to be the first. Could you check
"netstat -na" for references to the jail, especially in TCP
connections?
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org Principal Research Scientist, McAfee Research
>
> ruby# ps aux | grep J
> root 46737 0.0 0.2 1472 808 p3 S+ 12:37PM 0:00.01 grep J
>
> ruby# killall -j 9
> No matching processes were found
>
> ruby# lsof | grep jail
> ruby#
>
> ruby# jls
> JID IP Address Hostname Path
> 9 10.0.0.17 green.vps.kmem.org
> /usr/local/jails/green.vps.kmem.org
>
>
> ruby# sysctl -a -o | grep jail
> security.jail.set_hostname_allowed: 0
> security.jail.socket_unixiproute_only: 1
> security.jail.sysvipc_allowed: 0
> security.jail.getfsstatroot_only: 1
> security.jail.allow_raw_sockets: 1
> security.jail.list: Format:S Length:1292
> Dump:0x01000000090000002f7573722f6c6f63...
> security.jail.jailed: 0
>
> -------------------------------------
>
> kernel :
> ruby# uname -a
> FreeBSD ruby.london.kmem.org 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Tue Nov
> 16 12:08:02 GMT 2004
> tom@ruby.london.kmem.org:/usr/obj/usr/src/sys/EPIA i386
>
> My kernel and world are in sync.
>
>
> I have looked on google and found the Following PR's that describes my
> problem but it is said to have been resolved. Guess not for me though :(
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=65442
> http://www.freebsd.org/cgi/query-pr.cgi?pr=54163
>
> My version of tcp_subr.c:
>
> ruby# grep "FreeBSD" /sys/netinet/tcp_subr.c
> * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.201.2.1.2.1 2004/10/21
> 09:30:47 rwatson Exp $
>
> If there is any data/information missing here, please let me know and i
> will provide it.
>
>
> Thanks
>
> Tom
>
>
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to
"freebsd-stable-unsubscribe@freebsd.org"
>