Bug #27489

Sanitize IP addresses when set using iocage

Added by M Van Rompuy over 3 years ago. Updated about 3 years ago.

Brandon Schneider
Target version:
Seen in:
Reason for Closing:
Reason for Blocked:
Needs QA:
Needs Doc:
Needs Merging:
Needs Automation:
Support Suite Ticket:
Hardware Configuration:
ChangeLog Required:


When creating a new iocage jail (using the new UI), I accidentally started the 'IPv4 Address' field with a space. The jail started up fine and did have network connectivity but I was unable to stop the jail (both via the GUI and iocage stop/restart) due to a failing ifconfig call in

To prevent this from happening, whitespaces could be stripped when creating/adjusting the jail via the GUI (or at least warn the user).

IPv4 Address contents to reproduce issue (without quotes):
' bridge0|'

Error message:

~ # iocage stop jail_name
* Stopping jail_name
  + Running prestop OK
  + Stopping services OK
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/iocage/lib/", line 241                   , in __stop_jail__
  File "/usr/local/lib/python3.6/site-packages/iocage/lib/", line 4                   51, in checkoutput
    out = su.check_output(*args, **kwargs)
  File "/usr/local/lib/python3.6/", line 336, in check_output
  File "/usr/local/lib/python3.6/", line 418, in run
    output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['ifconfig', ' bridge0', '',                    '-alias']' returned non-zero exit status 1.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/iocage", line 10, in <module>
  File "/usr/local/lib/python3.6/site-packages/click/", line 722, in __ca                   ll__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.6/site-packages/click/", line 1066, in inv                   oke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.6/site-packages/click/", line 895, in invo                   ke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.6/site-packages/click/", line 535, in invo                   ke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/iocage/cli/", line 54, in                    cli
    ioc.IOCage(exit_on_error=True, jail=jail, rc=rc).stop()
  File "/usr/local/lib/python3.6/site-packages/iocage/lib/", line 1649,                    in stop
  File "/usr/local/lib/python3.6/site-packages/iocage/lib/", line 52,                    in __init__
  File "/usr/local/lib/python3.6/site-packages/iocage/lib/", line 252                   , in __stop_jail__
RuntimeError: ifconfig: interface  bridge0 does not exist

Adjusting the field to:


resolves the issue and allowed me to stop the jail as expected.


#1 Avatar?id=14398&size=24x24 Updated by Kris Moore over 3 years ago

  • Category changed from GUI (new) to 38
  • Assignee changed from Release Council to Brandon Schneider
  • Priority changed from No priority to Important
  • Target version set to 11.2-BETA1


Is this something you can easily sanitize on the API side? I'm thinking of the case where user drives API directly, and could have a whitespace there as well.

#2 Updated by Brandon Schneider over 3 years ago

  • Status changed from Unscreened to Ready For Release

#3 Updated by Dru Lavigne over 3 years ago

  • Subject changed from Unable to stop/restart iocage jail when ipv4 address starts with whitespace to Sanitize IP addresses when set using iocage
  • Status changed from Ready For Release to Done
  • Needs Doc changed from Yes to No
  • Needs Merging changed from Yes to No

#4 Updated by Dru Lavigne about 3 years ago

  • Status changed from Done to Ready for Testing

#5 Updated by Michael Reynolds about 3 years ago

  • Status changed from Ready for Testing to Passed Testing
  • Severity set to New
  • Needs QA changed from Yes to No

The Jail Wizard only allows a single IP address to be entered via regex validation so entering "bridge0|" isn't possible.

Using Jail Add (Advanced Jail creation) I was able to enter ' vnet1|' (notice preceding space) and was able to start and stop the jail without issue.

The IP/interface is invalid but this bug is not to prevent invalid input. This bug is to allow a jail with an invalid interface to be stopped. This allows the interface to be fixed.

Jail Add (Advanced Creation) is for use by more experienced people. Validating and/or preventing invalid input should be another bug.

Confirmed all of this with Brandon as well

#6 Updated by Dru Lavigne about 3 years ago

  • Status changed from Passed Testing to Done

Also available in: Atom PDF