diff options
Diffstat (limited to 'libexec/rc')
186 files changed, 2093 insertions, 526 deletions
diff --git a/libexec/rc/Makefile b/libexec/rc/Makefile index 48115d873fe3..e82b582462d0 100644 --- a/libexec/rc/Makefile +++ b/libexec/rc/Makefile @@ -1,4 +1,3 @@ - .include <src.opts.mk> CONFGROUPS= CONFETC CONFETCEXEC CONFETCDEFAULTS @@ -19,7 +18,7 @@ CONFETCDEFAULTS= rc.conf CONFETCDEFAULTSPACKAGE= rc FILESGROUPS= LIBEXEC_SCRIPTS -LIBEXEC_SCRIPTS= debug.sh safe_eval.sh +LIBEXEC_SCRIPTS= debug.sh hooks.sh safe_eval.sh LIBEXEC_SCRIPTSDIR= /libexec LIBEXEC_SCRIPTSMODE= 755 LIBEXEC_SCRIPTSPACKAGE= rc diff --git a/libexec/rc/debug.sh b/libexec/rc/debug.sh index 7bbb500e2d22..739c81a709f6 100755 --- a/libexec/rc/debug.sh +++ b/libexec/rc/debug.sh @@ -1,6 +1,4 @@ : -# SPDX-License-Identifier: BSD-2-Clause - # NAME: # debug.sh - selectively debug scripts # @@ -9,6 +7,7 @@ # DebugOn [-eo] "tag" ... # DebugOff [-eo] [rc="rc"] "tag" ... # Debugging +# DebugAdd "tag" # DebugEcho ... # DebugLog ... # DebugShell "tag" ... @@ -30,6 +29,11 @@ # If the '-o' flag is given, tracing is turned off unless there # was a matched "tag", useful for functions too noisy to tace. # +# Further; when we set "DEBUG_ON" if we find +# "$DEBUG_ON:debug_add:tag" in "DEBUG_SH" we will +# add the new "tag" to "DEBUG_SH" so it only has effect after that +# point. +# # DebugOff turns tracing on if any "tag" matches "DEBUG_OFF" or # off if any "tag" matches "DEBUG_ON". This allows nested # functions to not interfere with each other. @@ -39,6 +43,9 @@ # default of 0. Thus if DebugOff is the last operation in a # function, "rc" will be the return code of that function. # +# DebugAdd allows adding a "tag" to "DEBUG_SH" to influence +# later events, possibly in a child process. +# # DebugEcho is just shorthand for: #.nf # $DEBUG_DO echo "$@" @@ -74,16 +81,11 @@ # Simon J. Gerraty <sjg@crufty.net> # RCSid: -# $Id: debug.sh,v 1.35 2024/02/03 19:04:47 sjg Exp $ +# $Id: debug.sh,v 1.47 2025/08/07 21:59:54 sjg Exp $ # # @(#) Copyright (c) 1994-2024 Simon J. Gerraty # -# This file is provided in the hope that it will -# be of use. There is absolutely NO WARRANTY. -# Permission to copy, redistribute or otherwise -# use this file is hereby granted provided that -# the above copyright notice and this notice are -# left intact. +# SPDX-License-Identifier: BSD-2-Clause # # Please send copies of changes and bug-fixes to: # sjg@crufty.net @@ -98,38 +100,193 @@ DEBUG_DO=: DEBUG_SKIP= export DEBUGGING DEBUG_DO DEBUG_SKIP +# have is handy +if test -z "$_HAVE_SH"; then + _HAVE_SH=: + + ## + # have that does not rely on return code of type + # + have() { + case `(type "$1") 2>&1` in + *" found") return 1;; + esac + return 0 + } +fi + +# does local *actually* work? +local_works() { + local _fu +} + +if local_works > /dev/null 2>&1; then + _local=local +else + _local=: +fi +# for backwards compatability +local=$_local + +if test -z "$isPOSIX_SHELL"; then + if (echo ${PATH%:*}) > /dev/null 2>&1; then + # true should be a builtin, : certainly is + isPOSIX_SHELL=: + else + isPOSIX_SHELL=false + false() { + return 1 + } + fi +fi + +is_posix_shell() { + $isPOSIX_SHELL + return +} + + +## +# _debugAdd match +# +# Called from _debugOn when $match also appears in $DEBUG_SH with +# a suffix of :debug_add:tag we will add tag to DEBUG_SH +# +_debugAdd() { + eval $_local tag + + for tag in `IFS=,; echo $DEBUG_SH` + do + : tag=$tag + case "$tag" in + $1:debug_add:*) + if is_posix_shell; then + tag=${tag#$1:debug_add:} + else + tag=`expr $tag : '.*:debug_add:\(.*\)'` + fi + case ",$DEBUG_SH," in + *,$tag,*) ;; + *) set -x + : _debugAdd $1 + DEBUG_SH=$DEBUG_SH,$tag + set +x + ;; + esac + ;; + esac + done + export DEBUG_SH +} + + +## +# _debugOn match first +# +# Actually turn on tracing, set $DEBUG_ON=$match +# +# Check if $DEBUG_SH contains $match:debug_add:* and call _debugAdd +# to add the suffix to DEBUG_SH. This useful when we only want +# to trace some script when run under specific circumstances. +# +# If we have included hooks.sh $_HOOKS_SH will be set +# and if $first (the first arg to DebugOn) is suitable as a variable +# name we will run ${first}_debugOn_hooks. +# +# We disable tracing for hooks_run itself but functions can trace +# if they want based on DEBUG_DO +# _debugOn() { DEBUG_OFF= DEBUG_DO= DEBUG_SKIP=: DEBUG_X=-x + # do this firt to reduce noise + case ",$DEBUG_SH," in + *,$1:debug_add:*) _debugAdd $1;; + *,$2:debug_add:*) _debugAdd $2;; + esac set -x DEBUG_ON=$1 + case "$_HOOKS_SH,$2" in + ,*|:,|:,*[${CASE_CLASS_NEG:-!}A-Za-z0-9_]*) ;; + *) # avoid noise from hooks_run + set +x + hooks_run ${2}_debugOn_hooks + set -x + ;; + esac } +## +# _debugOff match $DEBUG_ON $first +# +# Actually turn off tracing, set $DEBUG_OFF=$match +# +# If we have included hooks.sh $_HOOKS_SH will be set +# and if $first (the first arg to DebugOff) is suitable as a variable +# name we will run ${first}_debugOff_hooks. +# +# We do hooks_run after turning off tracing, but before resetting +# DEBUG_DO so functions can trace if they want +# _debugOff() { DEBUG_OFF=$1 set +x + case "$_HOOKS_SH,$3" in + ,*|:,|:,*[${CASE_CLASS_NEG:-!}A-Za-z0-9_]*) ;; + *) hooks_run ${3}_debugOff_hooks;; + esac + set +x # just to be sure DEBUG_ON=$2 DEBUG_DO=: DEBUG_SKIP= DEBUG_X= } +## +# DebugAdd tag +# +# Add tag to DEBUG_SH +# +DebugAdd() { + DEBUG_SH=${DEBUG_SH:+$DEBUG_SH,}$1 + export DEBUG_SH +} + +## +# DebugEcho message +# +# Output message if we are debugging +# DebugEcho() { $DEBUG_DO echo "$@" } +## +# Debugging +# +# return 0 if we are debugging. +# Debugging() { test "$DEBUG_SKIP" } +## +# DebugLog message +# +# Outout message with timestamp if we are debugging +# DebugLog() { $DEBUG_SKIP return 0 echo `date '+@ %s [%Y-%m-%d %H:%M:%S %Z]'` "$@" } -# something hard to miss when wading through huge -x output +## +# DebugTrace message +# +# Something hard to miss when wading through huge -x output +# DebugTrace() { $DEBUG_SKIP return 0 set +x @@ -139,8 +296,13 @@ DebugTrace() { set -x } -# Turn on debugging if appropriate +## +# DebugOn [-e] [-o] match ... +# +# Turn on debugging if any $match is found in $DEBUG_SH. +# DebugOn() { + eval ${local:-:} _e _match _off _rc _rc=0 # avoid problems with set -e _off=: while : @@ -170,14 +332,14 @@ DebugOn() { *,!$_e,*|*,!$Myname:$_e,*) # only turn it off if it was on _rc=0 - $DEBUG_DO _debugOff $_e $DEBUG_ON + $DEBUG_DO _debugOff $_e $DEBUG_ON $1 break ;; *,$_e,*|*,$Myname:$_e,*) # only turn it on if it was off _rc=0 _match=$_e - $DEBUG_SKIP _debugOn $_e + $DEBUG_SKIP _debugOn $_e $1 break ;; esac @@ -185,7 +347,7 @@ DebugOn() { if test -z "$_off$_match"; then # off unless explicit match, but # only turn it off if it was on - $DEBUG_DO _debugOff $_e $DEBUG_ON + $DEBUG_DO _debugOff $_e $DEBUG_ON $1 fi DEBUGGING=$DEBUG_SKIP # backwards compatability $DEBUG_DO set -x # back on if needed @@ -193,11 +355,20 @@ DebugOn() { return $_rc } +## +# DebugOff [-e] [-o] [rc=$?] match ... +# # Only turn debugging off if one of our args was the reason it # was turned on. +# # We normally return 0, but caller can pass rc=$? as first arg # so that we preserve the status of last statement. +# +# The options '-e' and '-o' are ignored, they just make it easier to +# keep DebugOn and DebugOff lines in sync. +# DebugOff() { + eval ${local:-:} _e _rc case ",${DEBUG_SH:-$DEBUG}," in *,[Dd]ebug,*) ;; *) $DEBUG_DO set +x;; # reduce the noise @@ -216,7 +387,7 @@ DebugOff() { : $_e==$DEBUG_OFF DEBUG_OFF case "$DEBUG_OFF" in "") break;; - $_e) _debugOn $DEBUG_ON; return $_rc;; + $_e) _debugOn $DEBUG_ON $1; return $_rc;; esac done for _e in $* @@ -224,7 +395,7 @@ DebugOff() { : $_e==$DEBUG_ON DEBUG_ON case "$DEBUG_ON" in "") break;; - $_e) _debugOff; return $_rc;; + $_e) _debugOff "" "" $1; return $_rc;; esac done DEBUGGING=$DEBUG_SKIP # backwards compatability @@ -237,6 +408,7 @@ _TTY=${_TTY:-`test -t 0 && tty`}; export _TTY # override this if you like _debugShell() { + test "x$_TTY" != x || return 0 { echo DebugShell "$@" echo "Type 'exit' to continue..." @@ -247,6 +419,7 @@ _debugShell() { # Run an interactive shell if appropriate # Note: you can use $DEBUG_SKIP DebugShell ... to skip unless debugOn DebugShell() { + eval ${local:-:} _e case "$_TTY%${DEBUG_INTERACTIVE}" in *%|%*) return 0;; # no tty or no spec esac diff --git a/libexec/rc/hooks.sh b/libexec/rc/hooks.sh new file mode 100755 index 000000000000..af4aff3d6bc5 --- /dev/null +++ b/libexec/rc/hooks.sh @@ -0,0 +1,274 @@ +: +# NAME: +# hooks.sh - provide hooks for customization +# +# SYNOPSIS: +# hooks_add_all HOOKS [--first] func [...] +# hooks_add_once HOOKS [--first] func [...] +# hooks_add_default_set {all,once} +# hooks_add HOOKS func [...] +# hooks_get [--lifo] HOOKS +# hooks_run [--lifo] HOOKS ["args"] +# hooks_run_all [--lifo] HOOKS ["args"] +# hooks_has HOOKS func +# +# add_hooks HOOKS [--first] func [...] +# run_hooks HOOKS [LIFO] ["args"] +# run_hooks_all HOOKS [LIFO] ["args"] +# +# DESCRIPTION: +# The functions add_hooks and run_hooks are retained for +# backwards compatibility. They are aliases for hooks_add and +# hooks_run. +# +# hooks_add_all simply adds the "func"s to the list "HOOKS". +# +# If the first arg is '--first' "func"s are added to the start +# of the list. +# +# hooks_add_once does the same but only if "func" is not in "HOOKS". +# hooks_add uses one of the above based on "option", '--all' (default) +# or '--once'. +# +# hooks_add_default_set sets the default behavior of hooks_add +# +# hooks_get simply returns the named list of functions. +# +# hooks_has indicates whether "func" in in "HOOKS". +# +# hooks_run runs each "func" in $HOOKS and stops if any of them +# return a bad status. +# +# hooks_run_all does the same but does not stop on error. +# +# If run_hooks or run_hooks_all is given a flag of '--lifo' or +# 2nd argument of LIFO the hooks are run in the reverse order of +# calls to hooks_add. +# Any "args" specified are passed to each hook function. +# + +# RCSid: +# $Id: hooks.sh,v 1.26 2025/08/07 21:59:54 sjg Exp $ +# +# @(#)Copyright (c) 2000-2024 Simon J. Gerraty +# +# SPDX-License-Identifier: BSD-2-Clause +# +# Please send copies of changes and bug-fixes to: +# sjg@crufty.net +# + +# avoid multiple inclusion +_HOOKS_SH=: + +# does local *actually* work? +local_works() { + local _fu +} + +if local_works > /dev/null 2>&1; then + _local=local +else + _local=: +fi +# for backwards compatability +local=$_local + + +## +# hooks_add_all list func ... +# +# add "func"s to "list" regardless +# +hooks_add_all() { + eval $_local __h + __h=$1; shift + case "$1" in + --first) + shift + eval "$__h=\"$* \$$__h\"" + ;; + *) eval "$__h=\"\$$__h $*\"";; + esac +} + +## +# hooks_add_once list func ... +# +# add "func"s to "list" if not already there +# +hooks_add_once() { + eval $_local __h __hh __first + __h=$1; shift + case "$1" in + --first) shift; __first=:;; + *) __first=;; + esac + eval "__hh=\$$__h" + while [ $# -gt 0 ] + do + : __hh="$__hh" 1="$1" + case "$__first $__hh " in + *" $1 "*) ;; # dupe + :*) __hh="$1 $__hh";; + *) __hh="$__hh $1";; + esac + shift + done + eval "$__h=\"$__hh\"" +} + +## +# hooks_add_default_set [--]{all,once} +# +# change the default method of hooks_add +# +hooks_add_default_set() { + case "$1" in + once|--once) HOOKS_ADD_DEFAULT=once;; + *) HOOKS_ADD_DEFAULT=all;; + esac +} + +## +# hooks_add [--{all,once}] list func ... +# +# add "func"s to "list" +# +# If '--once' use hooks_add_once, +# default is hooks_add_all. +# +hooks_add() { + case "$1" in + --all) shift; hooks_add_all "$@";; + --once) shift; hooks_add_once "$@";; + *) hooks_add_${HOOKS_ADD_DEFAULT:-all} "$@";; + esac +} + +## +# hooks_get [--lifo] list [LIFO] +# +# return $list +# +hooks_get() { + eval $_local __h __h2 e __l + case "$1" in + --lifo) __l=LIFO; shift;; + esac + eval "__h=\$$1" + case "$__l$2" in + LIFO*) + __h2="$__h" + __h= + for e in $__h2 + do + __h="$e $__h" + done + ;; + esac + echo "$__h" +} + +## +# hooks_has list func +# +# is func in $list ? +# +hooks_has() { + eval $_local __h + eval "__h=\$$1" + case " $__h " in + *" $1 "*) return 0;; + esac + return 1 +} + +## +# hooks_run [--all] [--lifo] list [LIFO] [args] +# +# pass "args" to each function in "list" +# Without '--all'; if any return non-zero return that immediately +# +hooks_run() { + eval $_local __a e __h __hl __h2 __l + __a=return + __l= + + while : + do + case "$1" in + --all) __a=:; shift;; + --lifo) __l=$1; shift;; + *) break;; + esac + done + __hl=$1; shift + case "$1" in + LIFO) __l=--lifo; shift;; + esac + __h=`hooks_get $__l $__hl` + for e in $__h + do + $e "$@" || $__a $? + done +} + +## +# hooks_run_all [--lifo] list [LIFO] [args] +# +# pass "args" to each function in "list" +# +hooks_run_all() { + hooks_run --all "$@" +} + +## +# add_hooks,run_hooks[_all] aliases +# +add_hooks() { + hooks_add "$@" +} + +run_hooks() { + hooks_run "$@" +} + +run_hooks_all() { + hooks_run --all "$@" +} + + +case /$0 in +*/hooks.sh) + # simple unit-test + list=HOOKS + flags= + while : + do + : 1=$1 + case "$1" in + HOOKS|*hooks) list=$1; shift;; + --*) flags="$flags $1"; shift;; + *) break;; + esac + done + for f in "$@" + do + : f=$f + case "$f" in + LIFO) ;; + false|true) ;; + *) eval "$f() { echo This is $f; }";; + esac + done + echo hooks_add $flags $list "$@" + hooks_add $flags $list "$@" + echo hooks_run $list + hooks_run $list + echo hooks_run --all --lifo $list + hooks_run --all --lifo $list + echo hooks_run $list LIFO + hooks_run $list LIFO + ;; +esac diff --git a/libexec/rc/network.subr b/libexec/rc/network.subr index 257643f48ba5..5e4f2c1f39a0 100644 --- a/libexec/rc/network.subr +++ b/libexec/rc/network.subr @@ -46,8 +46,8 @@ ifn_start() ifscript_up ${ifn} && cfg=0 ifconfig_up ${ifn} && cfg=0 if ! noafif $ifn; then - afexists inet && ipv4_up ${ifn} && cfg=0 afexists inet6 && ipv6_up ${ifn} && cfg=0 + afexists inet && ipv4_up ${ifn} && cfg=0 fi childif_create ${ifn} && cfg=0 @@ -67,8 +67,8 @@ ifn_stop() [ -z "$ifn" ] && err 1 "ifn_stop called without an interface" if ! noafif $ifn; then - afexists inet6 && ipv6_down ${ifn} && cfg=0 afexists inet && ipv4_down ${ifn} && cfg=0 + afexists inet6 && ipv6_down ${ifn} && cfg=0 fi ifconfig_down ${ifn} && cfg=0 ifscript_down ${ifn} && cfg=0 @@ -653,6 +653,26 @@ ifexists() ${IFCONFIG_CMD} -n $1 > /dev/null 2>&1 } +# ifisup if +# Returns 0 if the interface exists and UP, +# returns 1 if the interface exists and not UP, +# returns 2 otherwise. +ifisup() +{ + local _if + + [ -z "$1" ] && return 2 + _if="$1" + + set -- $(${IFCONFIG_CMD} -n ${_if} 2>/dev/null) + case "$1$2" in + ${_if}:*'<UP'[,\>]*) return 0 ;; + ${_if}:*) return 1 ;; + esac + + return 2 +} + # ipv4_up if # add IPv4 addresses to the interface $if ipv4_up() diff --git a/libexec/rc/pccard_ether b/libexec/rc/pccard_ether index 7ca58f210085..957983e55a8e 100755 --- a/libexec/rc/pccard_ether +++ b/libexec/rc/pccard_ether @@ -69,16 +69,17 @@ checkauto() pccard_ether_start() { - ifexists $ifn || exit 1 - - if [ -z "$rc_force" ]; then - for uif in `ifconfig -ul`; do - if [ "${uif}" = "${ifn}" ]; then - # Interface is already up, so ignore it. + ifisup $ifn + case $? in + 0) # Interface is already up, so ignore it. + if [ -z "$rc_force"]; then exit 0 fi - done - fi + ;; + 2) # Interface does not exist. + exit 1 + ;; + esac /etc/rc.d/netif quietstart $ifn diff --git a/libexec/rc/rc b/libexec/rc/rc index b23b0f35f263..db3c3e20ab44 100644 --- a/libexec/rc/rc +++ b/libexec/rc/rc @@ -72,15 +72,20 @@ set -o verify set +o verify load_rc_config $rc_config_xtra +if have DebugOn; then + # allow DEBUG_SH to be set from loader prompt + export DEBUG_SH=${DEBUG_SH:-$(kenv -q DEBUG_SH)} +fi + # If we receive a SIGALRM, re-source /etc/rc.conf; this allows rc.d # scripts to perform "boot-time configuration" including enabling and # disabling rc.d scripts which appear later in the boot order. trap "_rc_conf_loaded=false; load_rc_config" ALRM skip="-s nostart" -if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then +if check_jail jailed; then skip="$skip -s nojail" - if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then + if ! check_jail vnet; then skip="$skip -s nojailvnet" fi fi diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf index c91f13bd9812..0ef3012892dd 100644 --- a/libexec/rc/rc.conf +++ b/libexec/rc/rc.conf @@ -21,6 +21,7 @@ ############################################################## # Set default value of _localbase if not previously set +: ${_localbase:="$(/sbin/sysctl -n user.localbase 2> /dev/null)"} : ${_localbase:="/usr/local"} # rc_debug can't be set here without interferring with rc.subr's setting it @@ -29,6 +30,8 @@ rc_info="NO" # Enables display of informational messages at boot. rc_startmsgs="YES" # Show "Starting foo:" messages at boot rcshutdown_timeout="90" # Seconds to wait before terminating rc.shutdown +precious_machine="NO" # Set to YES to get some guards against mis-directed + # shutdown(8) commands early_late_divider="FILESYSTEMS" # Script that separates early/late # stages of the boot process. Make sure you know # the ramifications if you change this. @@ -86,12 +89,6 @@ zfsd_enable="NO" # Set to YES to automatically start the ZFS fault gptboot_enable="YES" # GPT boot success/failure reporting. -# Experimental - test before enabling -gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab -gbde_devices="NO" # Devices to automatically attach (list, or AUTO) -gbde_attach_attempts="3" # Number of times to attempt attaching gbde devices -gbde_lockdir="/etc" # Where to look for gbde lockfiles - # GELI disk encryption configuration. geli_devices="" # List of devices to automatically attach in addition to # GELI devices listed in /etc/fstab. @@ -144,6 +141,7 @@ dhclient_flags="" # Extra flags to pass to dhcp client. #dhclient_flags_em0="" # Extra dhclient flags for em0 only background_dhclient="NO" # Start dhcp client in the background. #background_dhclient_em0="YES" # Start dhcp client on em0 in the background. +dhclient_arpwait="YES" # Wait for ARP resolution synchronous_dhclient="NO" # Start dhclient directly on configured # interfaces during startup. defaultroute_delay="30" # Time to wait for a default route on a DHCP interface. @@ -217,8 +215,9 @@ natd_flags="" # Additional flags for natd. ipfilter_enable="NO" # Set to YES to enable ipfilter functionality ipfilter_program="/sbin/ipf" # where the ipfilter program lives ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see - # /usr/src/contrib/ipfilter/rules for examples + # /usr/src/share/examples/ipfilter for examples ipfilter_flags="" # additional flags for ipfilter +ipfilter_optionlist="" # optionlist for ipf(8) -T ippool_enable="NO" # Set to YES to enable ip filter pools ippool_program="/sbin/ippool" # where the ippool program lives ippool_rules="/etc/ippool.tables" # rules definition file for ippool @@ -267,8 +266,8 @@ icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets network_interfaces="auto" # List of network interfaces (or "auto"). cloned_interfaces="" # List of cloned network interfaces to create. #cloned_interfaces="gif0 gif1 gif2 gif3" # Pre-cloning GENERIC config. -#ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. -#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. +#ifconfig_lo0="inet 127.0.0.1/8" # default loopback device configuration. +#ifconfig_lo0_alias0="inet 127.0.0.254/32" # Sample alias entry. #ifconfig_em0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry #ifconfig_em0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias #ifconfig_em0_name="net0" # Change interface name from em0 to net0. @@ -328,7 +327,7 @@ resolv_enable="YES" # Enable resolv / resolvconf # kerberos. Do not run the admin daemons on slave servers # kdc_enable="NO" # Run a kerberos 5 KDC (or NO). -kdc_program="/usr/libexec/kdc" # path to kerberos 5 KDC +kdc_program="" # path to kerberos 5 KDC kdc_flags="" # Additional flags to the kerberos 5 KDC kdc_restart="NO" # Auto restart kdc on abnormal termination kdc_restart_delay="" # Auto restart delay seconds @@ -398,8 +397,6 @@ rpcbind_enable="NO" # Run the portmapper service (YES/NO). rpcbind_program="/usr/sbin/rpcbind" # path to rpcbind, if you want a different one. rpcbind_flags="" # Flags to rpcbind (if enabled). rpc_ypupdated_enable="NO" # Run if NIS master and SecureRPC (or NO). -keyserv_enable="NO" # Run the SecureRPC keyserver (or NO). -keyserv_flags="" # Flags to keyserv (if enabled). nfsv4_server_enable="NO" # Enable support for NFSv4 nfsv4_server_only="NO" # Set NFS server to NFSv4 only nfscbd_enable="NO" # NFSv4 client side callback daemon @@ -426,7 +423,7 @@ ntp_src_leapfile="/etc/ntp/leap-seconds" # Initial source for ntpd leapfile ntp_db_leapfile="/var/db/ntpd.leap-seconds.list" # Canonical place to get the leap seconds from -ntp_leapfile_sources="https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list" +ntp_leapfile_sources="https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list https://data.iana.org/time-zones/tzdb/leap-seconds.list" # Source from which to fetch leapfile ntp_leapfile_fetch_opts="-mq" # Options to use for ntp leapfile fetch, # e.g. --no-verify-peer @@ -555,6 +552,7 @@ rtadvd_enable="NO" # Set to YES to enable an IPv6 router # advertisement daemon. If set to YES, # this router becomes a possible candidate # IPv6 default router for local subnets. +rtadvd_flags="" # Flags to the IPv6 router advertisement daemon. rtadvd_interfaces="" # Interfaces rtadvd sends RA packets. stf_interface_ipv4addr="" # Local IPv4 addr for 6to4 IPv6 over IPv4 # tunneling interface. Specify this entry @@ -588,15 +586,19 @@ font8x14="NO" # font 8x14 from /usr/share/{syscons,vt}/fonts/* (or NO). font8x8="NO" # font 8x8 from /usr/share/{syscons,vt}/fonts/* (or NO). blanktime="300" # blank time (in seconds) or "NO" to turn it off. saver="NO" # screen saver: Uses /boot/kernel/${saver}_saver.ko -moused_nondefault_enable="YES" # Treat non-default mice as enabled unless +moused_nondefault_enable="NO" # Treat non-default mice as enabled unless # specifically overridden in rc.conf(5). moused_enable="NO" # Run the mouse daemon. moused_type="auto" # See man page for rc.conf(5) for available settings. -moused_port="/dev/psm0" # Set to your mouse port. +moused_port="auto" # Set to your mouse port. moused_flags="" # Any additional flags to moused. mousechar_start="NO" # if 0xd0-0xd3 default range is occupied in your # language code table, specify alternative range # start like mousechar_start=3, see vidcontrol(1) +msconvd_enable="NO" # Run the mouse protocol conversion daemon. +msconvd_type="auto" # See rc.conf(5) man page for available moused_type-s. +msconvd_ports="" # List of msconvd ports. +msconvd_flags="" # Any additional flags to msconvd. allscreens_flags="" # Set this vidcontrol mode for all virtual screens allscreens_kbdflags="" # Set this kbdcontrol mode for all virtual screens @@ -697,7 +699,7 @@ entropy_file="/entropy" # Set to NO to disable late (used when going multi-user) entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron. entropy_save_sz="4096" # Size of the entropy cache files. entropy_save_num="8" # Number of entropy cache files to save. -harvest_mask="511" # Entropy device harvests all but the very invasive sources. +harvest_mask="4607" # Entropy device harvests all but the very invasive sources. # (See 'sysctl kern.random.harvest' and random(4)) osrelease_enable="YES" # Update /var/run/os-release on boot (or NO). osrelease_file="/var/run/os-release" # File to update for os-release. @@ -727,6 +729,7 @@ newsyslog_enable="YES" # Run newsyslog at startup. newsyslog_flags="-CN" # Newsyslog flags to create marked files mixer_enable="YES" # Run the sound mixer. opensm_enable="NO" # Opensm(8) for infiniband devices defaults to off +nuageinit_enable="NO" # Run nuageinit at startup # rctl(8) requires kernel options RACCT and RCTL rctl_enable="YES" # Load rctl(8) rules on boot diff --git a/libexec/rc/rc.d/Makefile b/libexec/rc/rc.d/Makefile index 6e9cb7fc50ae..e5ee34e62185 100644 --- a/libexec/rc/rc.d/Makefile +++ b/libexec/rc/rc.d/Makefile @@ -1,4 +1,3 @@ - .include <src.opts.mk> CONFDIR= /etc/rc.d @@ -12,22 +11,16 @@ CONFS= DAEMON \ SERVERS \ adjkerntz \ bgfsck \ - ${_blacklistd} \ bridge \ cfumass \ cleanvar \ cleartmp \ - ctld \ ddb \ defaultroute \ devfs \ dmesg \ dumpon \ fsck \ - gbde \ - geli \ - geli2 \ - gptboot \ growfs \ growfs_fstab \ hostid \ @@ -36,17 +29,12 @@ CONFS= DAEMON \ iovctl \ ip6addrctl \ ipsec \ - ${_kadmind} \ - ${_kdc} \ - ${_kfd} \ kld \ kldxref \ - ${_kpasswdd} \ ldconfig \ linux \ local \ localpkg \ - lockd \ mixer \ motd \ mountcritlocal \ @@ -54,27 +42,15 @@ CONFS= DAEMON \ mountlate \ mdconfig \ mdconfig2 \ - mountd \ msgs \ - natd \ netif \ netoptions \ netwait \ - newsyslog \ - nfsclient \ - nfscbd \ - nfsd \ - nfsuserd \ - nisdomain \ + noshutdown \ ${_nscd} \ - ntpdate \ ${_opensm} \ os-release \ - pf \ - pflog \ - pfsync \ powerd \ - ppp \ pppoed \ pwcheck \ quota \ @@ -82,16 +58,13 @@ CONFS= DAEMON \ rarpd \ rctl \ root \ - route6d \ routing \ rpcbind \ rtadvd \ rtsold \ - rwho \ savecore \ securelevel \ serial \ - statd \ static_arp \ static_ndp \ stf \ @@ -99,11 +72,9 @@ CONFS= DAEMON \ swaplate \ sysctl \ sysctl_lastload \ - syslogd \ sysvipc \ tmp \ ugidfw \ - ${_utx} \ var \ var_run \ watchdogd @@ -120,6 +91,12 @@ CONFGROUPS+= DHCLIENT DHCLIENT= dhclient DHCLIENTPACKAGE= dhclient +CONFGROUPS+= GEOM +GEOM= geli \ + geli2 \ + gptboot +GEOMPACKAGE= geom + CONFGROUPS+= GGATED GGATED= ggated GGATEDPACKAGE= ggate @@ -132,20 +109,41 @@ CONFGROUPS+= CRON CRON+= cron CRONPACKAGE= cron -.if ${MK_NIS} != "no" -CONFS+= ypbind \ - ypldap \ - yppasswdd \ - ypserv \ - ypset \ - ypupdated \ - ypxfrd -.endif - -.if ${MK_ACCT} != "no" +CONFGROUPS+= CTL +CTL= ctld +CTLPACKAGE= ctl + +CONFGROUPS+= NFS +NFS= lockd \ + mountd \ + nfscbd \ + nfsclient \ + nfsd \ + nfsuserd \ + statd +NFSPACKAGE= nfs + +CONFGROUPS+= NEWSYSLOG +NEWSYSLOG= newsyslog +NEWSYSLOGPACKAGE= newsyslog + +CONFGROUPS+= SYSLOGD +SYSLOGD= syslogd +SYSLOGDPACKAGE= syslogd + +CONFGROUPS+= RCMDS +RCMDS= rwho +RCMDSPACKAGE= rcmds + +.if ${MK_ACCT} != "no" || ${MK_UTMPX} != "no" CONFGROUPS+= ACCT -ACCT+= accounting ACCTPACKAGE= acct +.if ${MK_ACCT} != "no" +ACCT+= accounting +.endif +.if ${MK_UTMPX} != "no" +ACCT+= utx +.endif .endif .if ${MK_ACPI} != "no" @@ -167,17 +165,21 @@ APMPACKAGE= apm CONFGROUPS+= AUDIT AUDIT+= auditd AUDIT+= auditdistd -AUDITPACKAGE= rc +AUDITPACKAGE= audit .endif .if ${MK_AUTOFS} != "no" -CONFS+= automount -CONFS+= automountd -CONFS+= autounmountd +CONFGROUPS+= AUTOFS +AUTOFS= automount \ + automountd \ + autounmountd +AUTOFSPACKAGE= autofs .endif .if ${MK_BLACKLIST} != "no" -_blacklistd+= blacklistd +CONFGROUPS+= BLOCKLIST +BLOCKLIST= blacklistd +BLOCKLISTPACKAGE=blocklist .endif .if ${MK_BLUETOOTH} != "no" @@ -202,17 +204,21 @@ BSNMPPACKAGE= bsnmp .endif .if ${MK_CCD} != "no" -CONFS+= ccd +CONFGROUPS+= CCD +CCD= ccd +CCDPACKAGE= ccdconfig .endif .if ${MK_FTP} != "no" -CONFS+= ftpd +CONFGROUPS+= FTPD +FTPD= ftpd +FTPDPACKAGE= ftpd .endif -.if ${MK_GSSAPI} != "no" +.if ${MK_KERBEROS_SUPPORT} != "no" CONFGROUPS+= GSSD GSSD= gssd -GSSDPACKAGE= kerberos +GSSDPACKAGE= gssd .endif .if ${MK_HAST} != "no" @@ -222,28 +228,40 @@ HASTPACKAGE= hast .endif .if ${MK_INETD} != "no" -CONFS+= inetd +CONFGROUPS+= INETD +INETD= inetd +INETDPACKAGE= inetd .endif .if ${MK_IPFILTER} != "no" -CONFS+= ipfilter \ - ipfs \ - ipmon \ - ipnat \ - ippool +CONFGROUPS+= IPF +IPF= ipfilter \ + ipfs \ + ipmon \ + ipnat \ + ippool +IPFPACKAGE= ipf .endif .if ${MK_IPFW} != "no" -CONFS+= ipfw \ - dnctl +CONFGROUPS+= IPFW +IPFW= ipfw dnctl .if ${MK_NETGRAPH} != "no" -CONFS+= ipfw_netflow +IPFW+= ipfw_netflow .endif +IPFWPACKAGE= ipfw + +# natd is only built when ipfw is built +CONFGROUPS+= NATD +NATD+= natd +NATDPACKAGE= natd .endif .if ${MK_ISCSI} != "no" -CONFS+= iscsictl -CONFS+= iscsid +CONFGROUPS+= ISCSI +ISCSI= iscsictl \ + iscsid +ISCSIPACKAGE= iscsi .endif .if ${MK_JAIL} != "no" @@ -255,6 +273,7 @@ JAILPACKAGE= jail .if ${MK_LEGACY_CONSOLE} != "no" CONFGROUPS+= CONSOLE CONSOLE+= moused +CONSOLE+= msconvd CONSOLE+= syscons CONSOLEPACKAGE= console-tools .endif @@ -266,16 +285,44 @@ LPPACKAGE= lp .endif .if ${MK_KERBEROS} != "no" -CONFS+= ipropd_master -CONFS+= ipropd_slave -_kadmind= kadmind -_kdc= kdc -_kfd= kfd -_kpasswdd= kpasswdd - -DIRS+= VAR_HEMIDAL +.if ${MK_MITKRB5} == "no" + +# Heimdal rc scripts +CONFGROUPS+= HEIMDAL +HEIMDAL= ipropd_master \ + ipropd_slave \ + kadmind \ + kdc \ + kfd \ + kpasswdd +HEIMDALPACKAGE= kerberos + +DIRS+= VAR_HEMIDAL VAR_HEMIDAL= /var/heimdal VAR_HEMIDAL_MODE= 700 + +.else # ${MK_MITKRB5} != "no" + +# MIT KRB5 rc scripts +CONFGROUPS+= KRB5 +KRB5= kadmind \ + kdc +KRB5PACKAGE= kerberos-kdc + +.endif # ${MK_MITKRB5} +.endif # ${MK_KERBEROS} + +.if ${MK_NIS} != "no" +CONFGROUPS+= YP +YP= ypbind \ + ypldap \ + yppasswdd \ + ypserv \ + ypset \ + ypupdated \ + ypxfrd \ + nisdomain +YPPACKAGE= yp .endif .if ${MK_NS_CACHING} != "no" @@ -283,20 +330,20 @@ _nscd= nscd .endif .if ${MK_NTP} != "no" -CONFS+= ntpd +CONFGROUPS+= NTP +NTP+= ntpd \ + ntpdate +NTPPACKAGE= ntp .endif -.if ${MK_OFED} != "no" +.if ${MK_OFED_EXTRA} != "no" _opensm= opensm .endif -.if ${MK_OPENSSL} != "no" -CONFS+= keyserv -.if ${MK_OPENSSL_KTLS} != "no" +.if ${MK_OPENSSL} != "no" && ${MK_OPENSSL_KTLS} != "no" CONFS+= tlsclntd \ tlsservd .endif -.endif .if ${MK_OPENSSH} != "no" CONFGROUPS+= SSH @@ -305,11 +352,30 @@ SSHPACKAGE= ssh .endif .if ${MK_PF} != "no" -CONFS+= ftp-proxy +CONFGROUPS+= PF +PF= pf \ + pflog \ + pfsync \ + ftp-proxy +PFPACKAGE= pf +.endif + +.if ${MK_PPP} != "no" +CONFGROUPS+= PPP +PPP= ppp +PPPPACKAGE= ppp .endif +.if ${MK_INET6} != "no" || ${MK_ROUTED} != "no" +CONFGROUPS+= RIP +RIPPACKAGE= rip + +.if ${MK_INET6} != "no" +RIP+= route6d +.endif .if ${MK_ROUTED} != "no" -CONFS+= routed +RIP+= routed +.endif .endif .if ${MK_SENDMAIL} != "no" @@ -320,7 +386,9 @@ SMRCDPACKAGE= sendmail .if ${MK_NUAGEINIT} != "no" CONFGROUPS+= NIUAGEINIT -NIUAGEINIT= nuageinit +NIUAGEINIT= nuageinit \ + nuageinit_post_net \ + nuageinit_user_data_script NIUAGEINITPACKAGE= nuageinit .endif @@ -330,10 +398,6 @@ UNBOUND+= local_unbound UNBOUNDPACKAGE= unbound .endif -.if ${MK_UTMPX} != "no" -_utx= utx -.endif - .if ${MK_VI} != "no" CONFGROUPS+= VI VI+= virecover @@ -341,8 +405,13 @@ VIPACKAGE= vi .endif .if ${MK_WIRELESS} != "no" -CONFS+= hostapd -CONFS+= wpa_supplicant +CONFGROUPS+= HOSTAPD +HOSTAPD= hostapd +HOSTAPDPACKAGE= hostapd + +CONFGROUPS+= WPA +WPA= wpa_supplicant +WPAPACKAGE= wpa .endif .if ${MK_ZFS} != "no" @@ -355,7 +424,7 @@ ZFS+= zpool ZFS+= zpoolreguid ZFS+= zpoolupgrade ZFS+= zvol -ZFSPACKAGE= rc +ZFSPACKAGE= zfs .endif .for fg in ${CONFGROUPS} diff --git a/libexec/rc/rc.d/accounting b/libexec/rc/rc.d/accounting index 5c08f18cd2ca..1e0ece84fb15 100755 --- a/libexec/rc/rc.d/accounting +++ b/libexec/rc/rc.d/accounting @@ -76,4 +76,8 @@ accounting_rotate_log() } load_rc_config $name + +# doesn't make sense to run in a svcj: jail can't manipulate accounting +accounting_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/adjkerntz b/libexec/rc/rc.d/adjkerntz index 81ee596369a5..339f8add7201 100755 --- a/libexec/rc/rc.d/adjkerntz +++ b/libexec/rc/rc.d/adjkerntz @@ -14,4 +14,8 @@ start_cmd="adjkerntz -i" stop_cmd=":" load_rc_config $name + +# doesn't make sense to run in a svcj: jail can't modify kerntz +adjkerntz_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/apm b/libexec/rc/rc.d/apm index b2bde4d32d1c..3187f41c3a50 100755 --- a/libexec/rc/rc.d/apm +++ b/libexec/rc/rc.d/apm @@ -43,4 +43,8 @@ apm_status() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +apm_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/apmd b/libexec/rc/rc.d/apmd index 8c6293549dc0..aeb5042342d6 100755 --- a/libexec/rc/rc.d/apmd +++ b/libexec/rc/rc.d/apmd @@ -34,4 +34,8 @@ apmd_prestart() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +apmd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/auditd b/libexec/rc/rc.d/auditd index 90017d88ab85..caea2587a2e9 100755 --- a/libexec/rc/rc.d/auditd +++ b/libexec/rc/rc.d/auditd @@ -32,4 +32,8 @@ auditd_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +auditd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/auditdistd b/libexec/rc/rc.d/auditdistd index e7ae7d64d39d..0814c2a4d2c7 100755 --- a/libexec/rc/rc.d/auditdistd +++ b/libexec/rc/rc.d/auditdistd @@ -17,5 +17,7 @@ command="/usr/sbin/${name}" required_files="/etc/security/${name}.conf" extra_commands="reload" +: ${auditdistd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/automount b/libexec/rc/rc.d/automount index b01928651ec4..19f367837189 100755 --- a/libexec/rc/rc.d/automount +++ b/libexec/rc/rc.d/automount @@ -28,4 +28,8 @@ automount_stop() } load_rc_config $name + +# mounting shall not be performed in a svcj +automount_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/automountd b/libexec/rc/rc.d/automountd index 4bc6f7d01862..b809e9dfc8ad 100755 --- a/libexec/rc/rc.d/automountd +++ b/libexec/rc/rc.d/automountd @@ -17,4 +17,8 @@ command="/usr/sbin/${name}" required_modules="autofs" load_rc_config $name + +# mounting shall not be performed in a svcj +automountd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/autounmountd b/libexec/rc/rc.d/autounmountd index c939c6d8d011..1d8b3bfa354f 100755 --- a/libexec/rc/rc.d/autounmountd +++ b/libexec/rc/rc.d/autounmountd @@ -16,4 +16,8 @@ pidfile="/var/run/${name}.pid" command="/usr/sbin/${name}" load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +autounmountd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/bgfsck b/libexec/rc/rc.d/bgfsck index 24753f9f561f..dd5c330c3d11 100755 --- a/libexec/rc/rc.d/bgfsck +++ b/libexec/rc/rc.d/bgfsck @@ -46,4 +46,8 @@ bgfsck_start() } load_rc_config $name + +# doesn't make sense to run in a svcj +bgfsck_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/blacklistd b/libexec/rc/rc.d/blacklistd index b58c7c8a76b6..5248b0ea3580 100755 --- a/libexec/rc/rc.d/blacklistd +++ b/libexec/rc/rc.d/blacklistd @@ -1,7 +1,6 @@ #!/bin/sh # # Copyright (c) 2016 The FreeBSD Foundation -# All rights reserved. # # This software was developed by Kurt Lidl under sponsorship from the # FreeBSD Foundation. @@ -40,5 +39,8 @@ rcvar="blacklistd_enable" command="/usr/sbin/${name}" required_files="/etc/blacklistd.conf" +# no svcj options needed +: ${blacklistd_svcj_options:=""} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/bluetooth b/libexec/rc/rc.d/bluetooth index 679d669a6191..193fd969967f 100755 --- a/libexec/rc/rc.d/bluetooth +++ b/libexec/rc/rc.d/bluetooth @@ -127,8 +127,17 @@ bluetooth_setup_stack() > /dev/null 2>&1 || return 1 # Initilalize HCI node - ${hccontrol} -n ${dev}hci reset \ - > /dev/null 2>&1 || return 1 + for loop in 1 2 3 + do + ${hccontrol} -n ${dev}hci reset \ + > /dev/null 2>&1 && break + if [ ${loop} -eq 3 ] + then + warn Reset failed three times, giving up. + return 1 + fi + warn Reset failed, retrying. + done ${hccontrol} -n ${dev}hci read_bd_addr \ > /dev/null 2>&1 || return 1 @@ -317,5 +326,8 @@ bluetooth_stop() load_rc_config $name hccontrol="${bluetooth_hccontrol:-/usr/sbin/hccontrol}" +# doesn't make sense to run in a svcj: nojail keyword +bluetooth_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/bootparams b/libexec/rc/rc.d/bootparams index ce0b8a45e672..1d435d4ee480 100755 --- a/libexec/rc/rc.d/bootparams +++ b/libexec/rc/rc.d/bootparams @@ -15,5 +15,7 @@ rcvar="bootparamd_enable" required_files="/etc/bootparams" command="/usr/sbin/${name}" +: ${bootparamd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/bridge b/libexec/rc/rc.d/bridge index a42d82adacc5..98d9212593e5 100755 --- a/libexec/rc/rc.d/bridge +++ b/libexec/rc/rc.d/bridge @@ -90,4 +90,8 @@ bridge_stop() iflist=$2 load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +bridge_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/bsnmpd b/libexec/rc/rc.d/bsnmpd index 60c7242f0c1f..60f4f5e86617 100755 --- a/libexec/rc/rc.d/bsnmpd +++ b/libexec/rc/rc.d/bsnmpd @@ -13,6 +13,8 @@ desc="Simple and extensible SNMP daemon" rcvar="bsnmpd_enable" command="/usr/sbin/${name}" +: ${bsnmpd_svcj_options:="net_basic"} + load_rc_config $name pidfile="${bsnmpd_pidfile:-/var/run/snmpd.pid}" command_args="-p ${pidfile}" diff --git a/libexec/rc/rc.d/bthidd b/libexec/rc/rc.d/bthidd index ec7da8181ca3..4b230406c4d5 100755 --- a/libexec/rc/rc.d/bthidd +++ b/libexec/rc/rc.d/bthidd @@ -50,4 +50,7 @@ if evdev_enabled; then fi required_files="${config}" +# doesn't make sense to run in a svcj: nojail keyword +bthidd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ccd b/libexec/rc/rc.d/ccd index f7dde1c23f4e..5f2427e4beb0 100755 --- a/libexec/rc/rc.d/ccd +++ b/libexec/rc/rc.d/ccd @@ -21,4 +21,8 @@ ccd_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ccd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cfumass b/libexec/rc/rc.d/cfumass index 79c9b0ae63d4..7d1117d7c388 100755 --- a/libexec/rc/rc.d/cfumass +++ b/libexec/rc/rc.d/cfumass @@ -145,4 +145,8 @@ cfumass_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +cfumass_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cleanvar b/libexec/rc/rc.d/cleanvar index 08e647dde5ae..dce5baa6875b 100755 --- a/libexec/rc/rc.d/cleanvar +++ b/libexec/rc/rc.d/cleanvar @@ -43,4 +43,8 @@ cleanvar_start() } load_rc_config $name + +# doesn't make sense to run in a svcj +cleanvar_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cleartmp b/libexec/rc/rc.d/cleartmp index 8101474b33cf..c4dfb5367dcb 100755 --- a/libexec/rc/rc.d/cleartmp +++ b/libexec/rc/rc.d/cleartmp @@ -57,4 +57,8 @@ cleartmp_start() } load_rc_config $name + +# doesn't make sense to run in a svcj +cleartmp_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cron b/libexec/rc/rc.d/cron index a37d3ceee02e..584db590d835 100755 --- a/libexec/rc/rc.d/cron +++ b/libexec/rc/rc.d/cron @@ -16,6 +16,11 @@ command="/usr/sbin/${name}" pidfile="/var/run/${name}.pid" load_rc_config $name + +# doesn't make sense to run in a svcj: in the generic case it may need +# access to more than a jails allows +cron_svcj="NO" + if checkyesno cron_dst then cron_flags="$cron_flags -s" diff --git a/libexec/rc/rc.d/ctld b/libexec/rc/rc.d/ctld index f09c032575d9..c91d7a9be921 100755 --- a/libexec/rc/rc.d/ctld +++ b/libexec/rc/rc.d/ctld @@ -19,4 +19,8 @@ required_modules="ctl" extra_commands="reload" load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ctld_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ddb b/libexec/rc/rc.d/ddb index 40235bebf90e..08a7d345c326 100755 --- a/libexec/rc/rc.d/ddb +++ b/libexec/rc/rc.d/ddb @@ -35,4 +35,7 @@ load_rc_config $name required_files="${ddb_config}" command_args="${ddb_config}" +# doesn't make sense to run in a svcj: privileged operation +ddb_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/defaultroute b/libexec/rc/rc.d/defaultroute index d8d6b2e97dcd..b96f91d36118 100755 --- a/libexec/rc/rc.d/defaultroute +++ b/libexec/rc/rc.d/defaultroute @@ -70,4 +70,8 @@ defaultroute_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +defaultroute_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devd b/libexec/rc/rc.d/devd index 43fb9d5928dd..98f2068c2075 100755 --- a/libexec/rc/rc.d/devd +++ b/libexec/rc/rc.d/devd @@ -14,7 +14,8 @@ desc="Device state change daemon" rcvar="devd_enable" command="/sbin/${name}" -start_precmd=${name}_prestart +devd_offcmd=devd_off +start_precmd=find_pidfile stop_precmd=find_pidfile find_pidfile() @@ -26,10 +27,8 @@ find_pidfile() fi } -devd_prestart() +devd_off() { - find_pidfile - # If devd is disabled, turn it off in the kernel to avoid unnecessary # memory usage. if ! checkyesno ${rcvar}; then @@ -38,4 +37,8 @@ devd_prestart() } load_rc_config $name + +# doesn't make sense to run in a svcj: executing potential privileged operations +devd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devfs b/libexec/rc/rc.d/devfs index b7835bd561ce..9987d35f6ad3 100755 --- a/libexec/rc/rc.d/devfs +++ b/libexec/rc/rc.d/devfs @@ -68,4 +68,8 @@ read_devfs_conf() } load_rc_config $name + +# doesn't make sense to run in a svcj: may need more permissions +devfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devmatch b/libexec/rc/rc.d/devmatch index 78050cfa4541..7a8726de5677 100755 --- a/libexec/rc/rc.d/devmatch +++ b/libexec/rc/rc.d/devmatch @@ -41,11 +41,15 @@ one_nomatch="$2" devmatch_start() { - local x m list + local x m list boot_safe + + boot_safe=$(kenv -q boot_safe || echo "NO") + checkyesno boot_safe && return if [ -n "$one_nomatch" ]; then list=$(devmatch -p "${one_nomatch}" | sort -u) else + sysctl hw.bus.devctl_nomatch_enabled=1 > /dev/null list=$(devmatch | sort -u) fi @@ -77,4 +81,8 @@ devmatch_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +devmatch_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/dhclient b/libexec/rc/rc.d/dhclient index e2f204076eb6..1cd770031d71 100755 --- a/libexec/rc/rc.d/dhclient +++ b/libexec/rc/rc.d/dhclient @@ -48,6 +48,10 @@ dhclient_prestart() rc_flags="${rc_flags} -b" fi + dhclient_arpwait=$(get_if_var $ifn dhclient_arpwait_IF $dhclient_arpwait) + if ! checkyesno dhclient_arpwait; then + rc_flags="${rc_flags} -n" + fi # /var/run/dhclient is not guaranteed to exist, # e.g. if /var/run is a tmpfs @@ -59,6 +63,9 @@ dhclient_prestart() load_rc_config $name load_rc_config network +# dhclient_prestart is not compatible with svcj +dhclient_svcj="NO" + if [ -z $ifn ] ; then # only complain if a command was specified but no interface if [ -n "$1" ] ; then diff --git a/libexec/rc/rc.d/dmesg b/libexec/rc/rc.d/dmesg index ed36ec17b419..51e35d5d4e80 100755 --- a/libexec/rc/rc.d/dmesg +++ b/libexec/rc/rc.d/dmesg @@ -23,4 +23,8 @@ do_dmesg() } load_rc_config $name + +# doesn't make sense to run in a svcj +dmesg_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/dnctl b/libexec/rc/rc.d/dnctl index 7e65b899bd01..9067d278088e 100644..100755 --- a/libexec/rc/rc.d/dnctl +++ b/libexec/rc/rc.d/dnctl @@ -16,6 +16,9 @@ start_cmd="${name}_start" required_files="$dnctl_rules" required_modules="dummynet" +# doesn't make sense to run in a svcj: config setting +dnctl_svcj="NO" + dnctl_start() { startmsg -n "Enabling ${name}" diff --git a/libexec/rc/rc.d/dumpon b/libexec/rc/rc.d/dumpon index a6748711b796..0dfcdb266b20 100755 --- a/libexec/rc/rc.d/dumpon +++ b/libexec/rc/rc.d/dumpon @@ -97,4 +97,8 @@ dumpon_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +dumpon_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/fsck b/libexec/rc/rc.d/fsck index 359733d8484c..e755f055dbe6 100755 --- a/libexec/rc/rc.d/fsck +++ b/libexec/rc/rc.d/fsck @@ -91,4 +91,8 @@ fsck_start() } load_rc_config $name + +# doesn't make sense to run in a svcj +fsck_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ftp-proxy b/libexec/rc/rc.d/ftp-proxy index 250088d6bb35..c77dd36cd60b 100755 --- a/libexec/rc/rc.d/ftp-proxy +++ b/libexec/rc/rc.d/ftp-proxy @@ -13,6 +13,8 @@ desc="Internet File Transfer Protocol proxy daemon" rcvar="ftpproxy_enable" command="/usr/sbin/ftp-proxy" +: ${ftpproxy_svcj_options:="net_basic"} + load_rc_config $name # diff --git a/libexec/rc/rc.d/ftpd b/libexec/rc/rc.d/ftpd index 9bb9a722a2af..e25a561a520a 100755 --- a/libexec/rc/rc.d/ftpd +++ b/libexec/rc/rc.d/ftpd @@ -13,13 +13,11 @@ desc="Internet File Transfer Protocol daemon" rcvar="ftpd_enable" command="/usr/libexec/${name}" pidfile="/var/run/${name}.pid" -start_precmd=ftpd_prestart -ftpd_prestart() -{ - rc_flags="-D ${rc_flags}" - return 0 -} +: ${ftpd_svcj_options:="net_basic"} load_rc_config $name + +flags="-D ${flags} ${rc_flags}" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/gbde b/libexec/rc/rc.d/gbde deleted file mode 100755 index 295972a5697b..000000000000 --- a/libexec/rc/rc.d/gbde +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/sh -# -# This file, originally written by Garrett A. Wollman, is in the public -# domain. -# -# - -# PROVIDE: disks -# KEYWORD: nojail - -. /etc/rc.subr - -name="gbde" -desc="GEOM Based Disk Encryption" -start_precmd="find_gbde_devices start" -stop_precmd="find_gbde_devices stop" -start_cmd="gbde_start" -stop_cmd="gbde_stop" - -find_gbde_devices() -{ - case "${gbde_devices-auto}" in - [Aa][Uu][Tt][Oo]) - gbde_devices="" - ;; - *) - return 0 - ;; - esac - - case "$1" in - start) - fstab="/etc/fstab" - ;; - stop) - fstab=$(mktemp /tmp/mtab.XXXXXX) - mount -p >${fstab} - ;; - esac - - # - # We can't use "mount -p | while ..." because when a shell loop - # is the target of a pipe it executes in a subshell, and so can't - # modify variables in the script. - # - while read device mountpt type options dump pass; do - case "$device" in - *.bde) - # Ignore swap devices - case "$type" in - swap) - continue - ;; - esac - - case "$options" in - *noauto*) - if checkyesno gbde_autoattach_all; then - gbde_devices="${gbde_devices} ${device}" - fi - ;; - *) - gbde_devices="${gbde_devices} ${device}" - ;; - esac - ;; - esac - done <${fstab} - - case "$1" in - stop) - rm -f ${fstab} - ;; - esac - - return 0 -} - -gbde_start() -{ - for device in $gbde_devices; do - parent=${device%.bde} - parent=${parent#/dev/} - parent_=`ltr ${parent} '/' '_'` - eval "lock=\${gbde_lock_${parent_}-\"${gbde_lockdir}/${parent_}.lock\"}" - if [ -e "/dev/${parent}" -a ! -e "/dev/${parent}.bde" ]; then - echo "Configuring Disk Encryption for ${parent}." - - count=1 - while [ ${count} -le ${gbde_attach_attempts} ]; do - if [ -e "${lock}" ]; then - gbde attach ${parent} -l ${lock} - else - gbde attach ${parent} - fi - if [ -e "/dev/${parent}.bde" ]; then - break - fi - echo "Attach failed; attempt ${count} of ${gbde_attach_attempts}." - count=$((${count} + 1)) - done - fi - done -} - -gbde_stop() -{ - for device in $gbde_devices; do - parent=${device%.bde} - parent=${parent#/dev/} - if [ -e "/dev/${parent}.bde" ]; then - umount "/dev/${parent}.bde" 2>/dev/null - gbde detach "${parent}" - fi - done -} - -load_rc_config $name -run_rc_command "$1" diff --git a/libexec/rc/rc.d/geli b/libexec/rc/rc.d/geli index 312d76a361ad..5fc5ded54ec3 100755 --- a/libexec/rc/rc.d/geli +++ b/libexec/rc/rc.d/geli @@ -44,7 +44,6 @@ geli_start() if [ -z "${geli_tries}" ]; then if [ -n "${geli_attach_attempts}" ]; then - # Compatibility with rc.d/gbde. geli_tries=${geli_attach_attempts} else geli_tries=`${SYSCTL_N} kern.geom.eli.tries` @@ -122,4 +121,8 @@ geli_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +geli_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/geli2 b/libexec/rc/rc.d/geli2 index 16248d32ece8..cedd48a312ee 100755 --- a/libexec/rc/rc.d/geli2 +++ b/libexec/rc/rc.d/geli2 @@ -55,4 +55,8 @@ geli2_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +geli2_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ggated b/libexec/rc/rc.d/ggated index 22bc8beb7ca0..846019acb055 100755 --- a/libexec/rc/rc.d/ggated +++ b/libexec/rc/rc.d/ggated @@ -14,6 +14,9 @@ pidfile="/var/run/${name}.pid" load_rc_config $name required_files="${ggated_config}" +# XXX?: doesn't make sense to run in a svcj: low-level access +ggated_svcj="NO" + command_args="${ggated_config}" run_rc_command "$1" diff --git a/libexec/rc/rc.d/gptboot b/libexec/rc/rc.d/gptboot index 3f04143e79ec..188f1bb77557 100755 --- a/libexec/rc/rc.d/gptboot +++ b/libexec/rc/rc.d/gptboot @@ -73,4 +73,8 @@ gptboot_report() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +gptboot_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/growfs b/libexec/rc/rc.d/growfs index d16951b4bc3e..86bf199a8611 100755 --- a/libexec/rc/rc.d/growfs +++ b/libexec/rc/rc.d/growfs @@ -306,4 +306,8 @@ growfs_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +growfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/growfs_fstab b/libexec/rc/rc.d/growfs_fstab index a9d18c1eaed3..8b7cea3a63e5 100755 --- a/libexec/rc/rc.d/growfs_fstab +++ b/libexec/rc/rc.d/growfs_fstab @@ -58,4 +58,8 @@ growfs_fstab_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +growfs_fstab_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/gssd b/libexec/rc/rc.d/gssd index fa0edcead140..7ab3c181eeb1 100755 --- a/libexec/rc/rc.d/gssd +++ b/libexec/rc/rc.d/gssd @@ -13,5 +13,7 @@ name=gssd desc="Generic Security Services Daemon" rcvar=gssd_enable +: ${gssd_svcj_options:="net_basic nfsd"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/hastd b/libexec/rc/rc.d/hastd index 8c1d9e8bc16a..37df43d26c7d 100755 --- a/libexec/rc/rc.d/hastd +++ b/libexec/rc/rc.d/hastd @@ -26,4 +26,8 @@ hastd_stop_precmd() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +hastd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hcsecd b/libexec/rc/rc.d/hcsecd index 542305040357..8827e53777f3 100755 --- a/libexec/rc/rc.d/hcsecd +++ b/libexec/rc/rc.d/hcsecd @@ -21,4 +21,7 @@ config="${hcsecd_config:-/etc/bluetooth/${name}.conf}" command_args="-f ${config}" required_files="${config}" +# doesn't make sense to run in a svcj: nojail keyword +hcsecd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostapd b/libexec/rc/rc.d/hostapd index fe3dac1dea06..264cb4ef476b 100755 --- a/libexec/rc/rc.d/hostapd +++ b/libexec/rc/rc.d/hostapd @@ -34,8 +34,12 @@ fi command_args="-P ${pidfile} -B ${conf_file}" required_files="${conf_file}" -required_modules="wlan_xauth wlan_wep wlan_tkip wlan_ccmp" +required_modules="wlan_xauth wlan_wep wlan_tkip wlan_ccmp wlan_gcmp" extra_commands="reload" load_rc_config ${name} + +# doesn't make sense to run in a svcj: nojail keyword +hostapd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostid b/libexec/rc/rc.d/hostid index 0210ca433501..bde88d7e6be5 100755 --- a/libexec/rc/rc.d/hostid +++ b/libexec/rc/rc.d/hostid @@ -77,6 +77,8 @@ valid_hostid() ;; 11111111-2222-3333-4444-555555555555) ;; + 12345678-1234-5678-90ab-cddeefaabbcc) + ;; 4c4c4544-0000-2010-8020-80c04f202020) ;; 58585858-5858-5858-5858-585858585858) @@ -156,4 +158,8 @@ hostid_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +hostid_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostid_save b/libexec/rc/rc.d/hostid_save index af7f4138a5dd..b9727d24bc57 100755 --- a/libexec/rc/rc.d/hostid_save +++ b/libexec/rc/rc.d/hostid_save @@ -44,4 +44,8 @@ hostid_save() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +hostid_save_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostname b/libexec/rc/rc.d/hostname index f6ac95c9c888..0bc31ccd787e 100755 --- a/libexec/rc/rc.d/hostname +++ b/libexec/rc/rc.d/hostname @@ -42,8 +42,8 @@ hostname_start() # If we are not inside a jail, set the host name. # If we are inside a jail, set the host name if it is permitted. # - if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then - if [ `$SYSCTL_N security.jail.set_hostname_allowed` -eq 0 ]; then + if check_jail jailed; then + if ! check_jail set_hostname_allowed; then return fi else @@ -77,4 +77,8 @@ hostname_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +hostname_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/inetd b/libexec/rc/rc.d/inetd index 9820f8dc319a..81cc18d95be2 100755 --- a/libexec/rc/rc.d/inetd +++ b/libexec/rc/rc.d/inetd @@ -16,5 +16,7 @@ pidfile="/var/run/${name}.pid" required_files="/etc/${name}.conf" extra_commands="reload" +: ${inetd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/iovctl b/libexec/rc/rc.d/iovctl index 01e16221cc4a..70dc783aafb0 100755 --- a/libexec/rc/rc.d/iovctl +++ b/libexec/rc/rc.d/iovctl @@ -3,7 +3,7 @@ # # PROVIDE: iovctl -# REQUIRE: FILESYSTEMS sysctl +# REQUIRE: FILESYSTEMS sysctl kld . /etc/rc.subr @@ -35,4 +35,8 @@ iovctl_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +iovctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ip6addrctl b/libexec/rc/rc.d/ip6addrctl index 50d9408d0731..eac1d2729e78 100755 --- a/libexec/rc/rc.d/ip6addrctl +++ b/libexec/rc/rc.d/ip6addrctl @@ -120,4 +120,8 @@ ip6addrctl_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ipv6addrctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipfilter b/libexec/rc/rc.d/ipfilter index e951bc9b7878..9b64fcff0c7a 100755 --- a/libexec/rc/rc.d/ipfilter +++ b/libexec/rc/rc.d/ipfilter @@ -15,6 +15,9 @@ rcvar="ipfilter_enable" load_rc_config $name stop_precmd="test -f ${ipfilter_rules}" +# doesn't make sense to run in a svcj: config setting +ipfilter_svcj="NO" + start_precmd="$stop_precmd" start_cmd="ipfilter_start" stop_cmd="ipfilter_stop" @@ -30,7 +33,13 @@ required_modules="ipl:ipfilter" ipfilter_start() { echo "Enabling ipfilter." - if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then + if [ -n "${ifilter_optionlist}" ]; then + if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then + ${ipfilter_program:-/sbin/ipf} -D + fi + ${ipfilter_program:-/sbin/ipf} -T "${ipfilter_optionlist}" + ${ipfilter_program:-/sbin/ipf} -E + elif ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then ${ipfilter_program:-/sbin/ipf} -E fi ${ipfilter_program:-/sbin/ipf} -Fa diff --git a/libexec/rc/rc.d/ipfs b/libexec/rc/rc.d/ipfs index c51527bde43c..2ec4ad3b1d00 100755 --- a/libexec/rc/rc.d/ipfs +++ b/libexec/rc/rc.d/ipfs @@ -49,4 +49,8 @@ ipfs_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ipfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipfw b/libexec/rc/rc.d/ipfw index 2f6b20a41b1a..6d6f7577828f 100755 --- a/libexec/rc/rc.d/ipfw +++ b/libexec/rc/rc.d/ipfw @@ -163,4 +163,7 @@ ipfw_status() load_rc_config $name firewall_coscripts="/etc/rc.d/natd ${firewall_coscripts}" +# doesn't make sense to run in a svcj: config setting +ipfw_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/ipfw_netflow b/libexec/rc/rc.d/ipfw_netflow index 219f0a4facf6..129488ce60d0 100755 --- a/libexec/rc/rc.d/ipfw_netflow +++ b/libexec/rc/rc.d/ipfw_netflow @@ -73,4 +73,7 @@ ipfw_netflow_stop() load_rc_config $name +# doesn't make sense to run in a svcj: config setting +ipfw_netflow_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/ipmon b/libexec/rc/rc.d/ipmon index a6449f241b87..3ef0c895ad16 100755 --- a/libexec/rc/rc.d/ipmon +++ b/libexec/rc/rc.d/ipmon @@ -15,6 +15,9 @@ rcvar="ipmon_enable" command="/sbin/${name}" start_precmd="ipmon_precmd" +# no svcj options needed +: ${ipmon_svcj_options:=""} + ipmon_precmd() { # Continue only if ipfilter or ipnat is enabled and the diff --git a/libexec/rc/rc.d/ipnat b/libexec/rc/rc.d/ipnat index 88cf368876d7..56fe443686b1 100755 --- a/libexec/rc/rc.d/ipnat +++ b/libexec/rc/rc.d/ipnat @@ -18,6 +18,9 @@ extra_commands="reload" required_files="${ipnat_rules}" required_modules="ipl:ipfilter" +# doesn't make sense to run in a svcj: config setting +ipnat_svcj="NO" + ipnat_start() { echo "Installing NAT rules." diff --git a/libexec/rc/rc.d/ippool b/libexec/rc/rc.d/ippool index 42cef3faf7eb..0db8bbe98f61 100755 --- a/libexec/rc/rc.d/ippool +++ b/libexec/rc/rc.d/ippool @@ -13,6 +13,10 @@ name="ippool" desc="user interface to the IPFilter pools" rcvar="ippool_enable" load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ippool_svcj="NO" + start_precmd="ippool_start_precmd" stop_cmd="${ippool_program} -F" reload_cmd="ippool_reload" diff --git a/libexec/rc/rc.d/ipropd_master b/libexec/rc/rc.d/ipropd_master index 9f8e1ee14490..a3ca498afe6c 100755 --- a/libexec/rc/rc.d/ipropd_master +++ b/libexec/rc/rc.d/ipropd_master @@ -14,6 +14,8 @@ required_files="$ipropd_master_keytab" start_precmd=${name}_start_precmd start_postcmd=${name}_start_postcmd +: ${ipropd_master_svcj_options:="net_basic"} + ipropd_master_start_precmd() { @@ -24,10 +26,6 @@ ipropd_master_start_precmd() for _slave in $ipropd_master_slaves; do echo $_slave done > /var/heimdal/slaves || return 1 - command_args="$command_args \ - --keytab=\"$ipropd_master_keytab\" \ - --detach \ - " } ipropd_master_start_postcmd() { @@ -36,4 +34,10 @@ ipropd_master_start_postcmd() } load_rc_config $name + +command_args="$command_args \ + --keytab=\"$ipropd_master_keytab\" \ + --detach \ +" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipropd_slave b/libexec/rc/rc.d/ipropd_slave index 9d4b06f0e8f3..1735cff3de86 100755 --- a/libexec/rc/rc.d/ipropd_slave +++ b/libexec/rc/rc.d/ipropd_slave @@ -13,6 +13,8 @@ rcvar=${name}_enable required_files="$ipropd_slave_keytab" start_precmd=${name}_start_precmd +: ${ipropd_slave_svcj_options:="net_basic"} + ipropd_slave_start_precmd() { @@ -20,12 +22,14 @@ ipropd_slave_start_precmd() warn "\$ipropd_slave_master is empty." return 1 fi - command_args=" \ - $command_args \ - --keytab=\"$ipropd_slave_keytab\" \ - --detach \ - $ipropd_slave_master" } load_rc_config $name + +command_args=" \ + command_args \ + --keytab=\"$ipropd_slave_keytab\" \ + --detach \ + $ipropd_slave_master" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipsec b/libexec/rc/rc.d/ipsec index 1e9d65f6699e..0e7ad213ce67 100755 --- a/libexec/rc/rc.d/ipsec +++ b/libexec/rc/rc.d/ipsec @@ -57,4 +57,8 @@ ipsec_reload() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ipsec_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/iscsictl b/libexec/rc/rc.d/iscsictl index d2231958c6cb..247954e0d4f1 100755 --- a/libexec/rc/rc.d/iscsictl +++ b/libexec/rc/rc.d/iscsictl @@ -17,4 +17,8 @@ command_args="${iscsictl_flags}" required_modules="iscsi" load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +iscsictl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/iscsid b/libexec/rc/rc.d/iscsid index 277b6f5a8c7e..e2418e8baaa1 100755 --- a/libexec/rc/rc.d/iscsid +++ b/libexec/rc/rc.d/iscsid @@ -17,4 +17,8 @@ command="/usr/sbin/${name}" required_modules="iscsi" load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +iscsid_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/jail b/libexec/rc/rc.d/jail index e24d6f8e21e0..f059363e1e8d 100755 --- a/libexec/rc/rc.d/jail +++ b/libexec/rc/rc.d/jail @@ -605,6 +605,10 @@ jail_warn() } load_rc_config $name + +# doesn't make sense to run in a svcj +jail_svcj="NO" + case $# in 1) run_rc_command $@ ${jail_list:-_ALL} ;; *) jail_reverse_stop="no" diff --git a/libexec/rc/rc.d/kadmind b/libexec/rc/rc.d/kadmind index 140ece811f66..0cee49630480 100755 --- a/libexec/rc/rc.d/kadmind +++ b/libexec/rc/rc.d/kadmind @@ -12,17 +12,13 @@ name=kadmind desc="Server for administrative access to Kerberos database" rcvar=${name}_enable required_vars=kdc_enable -start_precmd=${name}_start_precmd +command_args="$command_args &" + +: ${kadmind_svcj_options:="net_basic"} set_rcvar_obsolete kadmind5_server_enable kadmind_enable set_rcvar_obsolete kadmind5_server kadmind_program set_rcvar_obsolete kerberos5_server_enable kdc_enable -kadmind_start_precmd() -{ - - command_args="$command_args &" -} - load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/kdc b/libexec/rc/rc.d/kdc index a2d9f87f8e20..204b08f1e99c 100755 --- a/libexec/rc/rc.d/kdc +++ b/libexec/rc/rc.d/kdc @@ -14,12 +14,28 @@ desc="Kerberos 5 server" rcvar=${name}_enable : ${kdc_restart:="NO"} : ${kdc_restart_delay:=""} +: ${kdc_svcj_options:="net_basic"} set_rcvar_obsolete kerberos5_server_enable kdc_enable set_rcvar_obsolete kerberos5_server kdc_program set_rcvar_obsolete kerberos5_server_flags kdc_flags +default_kdc_programs='/usr/libexec/kdc /usr/libexec/kdc /usr/libexec/krb5kdc /usr/local/sbin/krb5kdc' + load_rc_config $name + +# XXX Remove the following block of code when Heimdal is removed +if [ -z "${kdc_program}" ]; then + for i in ${default_kdc_programs}; do + if [ -x "${i}" ]; then + kdc_program=${i} + break + fi + done +fi + +command="${kdc_program}" + if [ "${kdc_program}" = /usr/libexec/kdc -o \ "${kdc_program}" = /usr/local/libexec/kdc ]; then detach="--detach" diff --git a/libexec/rc/rc.d/keyserv b/libexec/rc/rc.d/keyserv deleted file mode 100755 index b51d01cfceee..000000000000 --- a/libexec/rc/rc.d/keyserv +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -# -# - -# Start keyserv if we are running Secure RPC - -# PROVIDE: keyserv -# REQUIRE: ypset -# BEFORE: DAEMON -# KEYWORD: shutdown - -. /etc/rc.subr - -name="keyserv" -desc="Server for storing private encryption keys" -rcvar="keyserv_enable" -command="/usr/sbin/${name}" -start_precmd="keyserv_prestart" - -keyserv_prestart() -{ - force_depend rpcbind || return 1 -} - -load_rc_config $name -run_rc_command "$1" diff --git a/libexec/rc/rc.d/kfd b/libexec/rc/rc.d/kfd index 0d124e14033f..23ad790abab5 100755 --- a/libexec/rc/rc.d/kfd +++ b/libexec/rc/rc.d/kfd @@ -11,13 +11,9 @@ name=kfd desc="Receive forwarded tickets" rcvar=${name}_enable -start_precmd=${name}_start_precmd +command_args="$command_args -i &" -kfd_start_precmd() -{ - - command_args="$command_args -i &" -} +: ${kfd_svcj_options:="net_basic"} load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/kld b/libexec/rc/rc.d/kld index 510884a117d0..37b14255abb9 100755 --- a/libexec/rc/rc.d/kld +++ b/libexec/rc/rc.d/kld @@ -44,11 +44,15 @@ kld_start() local _kld - echo 'Loading kernel modules:' + echo 'Loading kernel modules:' $kld_list for _kld in $kld_list ; do load_kld -e ${_kld}.ko $_kld done } load_rc_config $name + +# doesn't make sense to run in a svcj +kld_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/kldxref b/libexec/rc/rc.d/kldxref index d2b733eddce3..d6aa02d778d9 100755 --- a/libexec/rc/rc.d/kldxref +++ b/libexec/rc/rc.d/kldxref @@ -33,4 +33,8 @@ kldxref_start() { } load_rc_config $name + +# doesn't make sense to run in a svcj +kldxref_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/kpasswdd b/libexec/rc/rc.d/kpasswdd index 2d3449bf52a6..7e2562769640 100755 --- a/libexec/rc/rc.d/kpasswdd +++ b/libexec/rc/rc.d/kpasswdd @@ -12,17 +12,13 @@ name=kpasswdd desc="Kerberos 5 password changing" rcvar=${name}_enable required_vars=kdc_enable -start_precmd=${name}_start_precmd +command_args="$command_args &" + +: ${kpasswdd_svcj_options:="net_basic"} set_rcvar_obsolete kpasswdd_server_enable kpasswdd_enable set_rcvar_obsolete kpasswdd_server kpasswdd_program set_rcvar_obsolete kerberos5_server_enable kdc_enable -kpasswdd_start_precmd() -{ - - command_args="$command_args &" -} - load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/ldconfig b/libexec/rc/rc.d/ldconfig index fd54b2d3444e..494228e96501 100755 --- a/libexec/rc/rc.d/ldconfig +++ b/libexec/rc/rc.d/ldconfig @@ -72,4 +72,8 @@ ldconfig_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ldconfig_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/linux b/libexec/rc/rc.d/linux index 1c6a97f606fe..d419920acaca 100755 --- a/libexec/rc/rc.d/linux +++ b/libexec/rc/rc.d/linux @@ -81,4 +81,8 @@ linux_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: kernel modules and FS-mounting +linux_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/local b/libexec/rc/rc.d/local index 6ac99c4b7e3c..c3f5e037563e 100755 --- a/libexec/rc/rc.d/local +++ b/libexec/rc/rc.d/local @@ -33,4 +33,8 @@ local_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: it may contain everything +local_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/local_unbound b/libexec/rc/rc.d/local_unbound index 4a717dad70fd..94f01810b303 100755 --- a/libexec/rc/rc.d/local_unbound +++ b/libexec/rc/rc.d/local_unbound @@ -35,6 +35,7 @@ load_rc_config $name : ${local_unbound_tls:=} : ${local_unbound_pidfile:=${pidfile}} pidfile=${local_unbound_pidfile} +: ${local_unbound_svcj_options:="net_basic"} do_as_unbound() { diff --git a/libexec/rc/rc.d/localpkg b/libexec/rc/rc.d/localpkg index ca5fc3e1109b..12fb9e0fd927 100755 --- a/libexec/rc/rc.d/localpkg +++ b/libexec/rc/rc.d/localpkg @@ -66,6 +66,8 @@ pkg_stop() (set -T trap 'exit 1' 2 ${script} stop) + elif [ -f "${script}" -o -L "${script}" ]; then + echo -n " (skipping ${script##*/}, not executable)" fi done [ -n "${initdone}" ] && echo '.' @@ -74,4 +76,8 @@ pkg_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: other rc.d scripts need to decide on their own +localpkg_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/lockd b/libexec/rc/rc.d/lockd index c35dd0975cfe..9c804751031a 100755 --- a/libexec/rc/rc.d/lockd +++ b/libexec/rc/rc.d/lockd @@ -16,6 +16,8 @@ rcvar=rpc_lockd_enable command="/usr/sbin/rpc.${name}" start_precmd='lockd_precmd' +: ${lockd_svcj_options:="net_basic"} + # Make sure that we are either an NFS client or server, and that we get # the correct flags from rc.conf(5). # @@ -23,9 +25,10 @@ lockd_precmd() { force_depend rpcbind || return 1 force_depend statd rpc_statd || return 1 - - rc_flags=${rpc_lockd_flags} } load_rc_config $name + +rc_flags=${rpc_lockd_flags} + run_rc_command $1 diff --git a/libexec/rc/rc.d/lpd b/libexec/rc/rc.d/lpd index 428b33f7c9fd..0c169bef99a5 100755 --- a/libexec/rc/rc.d/lpd +++ b/libexec/rc/rc.d/lpd @@ -16,6 +16,8 @@ command="/usr/sbin/${name}" required_files="/etc/printcap" start_precmd="chkprintcap" +: ${lpd_svcj_options:="net_basic"} + chkprintcap() { if checkyesno chkprintcap_enable ; then diff --git a/libexec/rc/rc.d/mdconfig b/libexec/rc/rc.d/mdconfig index 2322cdc55fc2..4df14017334b 100755 --- a/libexec/rc/rc.d/mdconfig +++ b/libexec/rc/rc.d/mdconfig @@ -181,6 +181,9 @@ fi load_rc_config $name +# doesn't make sense to run in a svcj: config setting +mdconfig_svcj="NO" + if [ -z "${_mdconfig_list}" ]; then for _mdconfig_config in `list_vars mdconfig_md[0-9]\* | sort_lite -nk1.12` diff --git a/libexec/rc/rc.d/mdconfig2 b/libexec/rc/rc.d/mdconfig2 index 2f958611f7de..716e71cd2a32 100755 --- a/libexec/rc/rc.d/mdconfig2 +++ b/libexec/rc/rc.d/mdconfig2 @@ -211,6 +211,9 @@ fi load_rc_config $name +# doesn't make sense to run in a svcj: config setting +mdconfig2_svcj="NO" + if [ -z "${_mdconfig2_list}" ]; then for _mdconfig2_config in `list_vars mdconfig_md[0-9]\* | sort_lite -nk1.12` diff --git a/libexec/rc/rc.d/mixer b/libexec/rc/rc.d/mixer index d8d43a2ffcc8..7527e16918d2 100755 --- a/libexec/rc/rc.d/mixer +++ b/libexec/rc/rc.d/mixer @@ -100,4 +100,8 @@ mixer_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +mixer_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/motd b/libexec/rc/rc.d/motd index b0f46df8ea7a..7858aef2c3fe 100755 --- a/libexec/rc/rc.d/motd +++ b/libexec/rc/rc.d/motd @@ -55,4 +55,8 @@ motd_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +motd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountcritlocal b/libexec/rc/rc.d/mountcritlocal index e9b8885279a2..5b80d4bfbb50 100755 --- a/libexec/rc/rc.d/mountcritlocal +++ b/libexec/rc/rc.d/mountcritlocal @@ -27,6 +27,15 @@ mountcritlocal_start() ;; esac + while read a b vfstype rest; do + if [ "$vfstype" = "zfs" -a "${a#\#}" = "$a" ]; then + # zpool is needed for legacy ZFS + echo 'Importing zpools for legacy ZFS' + /etc/rc.d/zpool start + break + fi + done < /etc/fstab + # Mount everything except nfs filesystems. startmsg -n 'Mounting local filesystems:' mount_excludes='no' @@ -60,4 +69,8 @@ mountcritlocal_start() } load_rc_config $name + +# mounting shall not be performed in a svcj +mountcritlocal_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountcritremote b/libexec/rc/rc.d/mountcritremote index b2e0f9cfec49..99becaefb10f 100755 --- a/libexec/rc/rc.d/mountcritremote +++ b/libexec/rc/rc.d/mountcritremote @@ -86,4 +86,8 @@ mountcritremote_start() } load_rc_config $name + +# mounting shall not be performed in a svcj +mountcritremote_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountd b/libexec/rc/rc.d/mountd index 39b16d604321..dfd2431f9c35 100755 --- a/libexec/rc/rc.d/mountd +++ b/libexec/rc/rc.d/mountd @@ -17,6 +17,8 @@ required_files="/etc/exports" start_precmd="mountd_precmd" extra_commands="reload" +: ${mountd_svcj_options:="net_basic nfsd"} + mountd_precmd() { @@ -68,4 +70,10 @@ mountd_precmd() } load_rc_config $name +load_rc_config nfsd +load_rc_config zfs + +# precmd is not compatible with svcj +mountd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountlate b/libexec/rc/rc.d/mountlate index 133192ac183c..87ea9edccb74 100755 --- a/libexec/rc/rc.d/mountlate +++ b/libexec/rc/rc.d/mountlate @@ -44,4 +44,8 @@ mountlate_start() } load_rc_config $name + +# mounting shall not be performed in a svcj +mountlate_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/moused b/libexec/rc/rc.d/moused index 85a04c89447a..aaf0dd0890a8 100755 --- a/libexec/rc/rc.d/moused +++ b/libexec/rc/rc.d/moused @@ -18,6 +18,11 @@ pidfile="${pidprefix}.pid" pidarg= load_rc_config $name +# doesn't make sense to run in a svcj: nojail keyword +# XXX: How does moused communiacte with the kernel? +# XXX: Does the kernel prevent this communcation in jails? +moused_svcj="NO" + # Set the pid file and variable name. The second argument, if it exists, is # expected to be the mouse device. # @@ -65,6 +70,7 @@ moused_start() esac for ttyv in /dev/ttyv* ; do + [ "$ttyv" = '/dev/ttyv*' ] && break vidcontrol < ${ttyv} ${mousechar_arg} -m on done } diff --git a/libexec/rc/rc.d/msconvd b/libexec/rc/rc.d/msconvd new file mode 100755 index 000000000000..c2a96bf2eb68 --- /dev/null +++ b/libexec/rc/rc.d/msconvd @@ -0,0 +1,61 @@ +#!/bin/sh +# +# + +# PROVIDE: msconvd +# REQUIRE: DAEMON FILESYSTEMS +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="msconvd" +desc="Mouse protocol conversion daemon" +command="/usr/sbin/${name}" +start_cmd="msconvd_start" +pidprefix="/var/run/msconvd" +load_rc_config $name + +: ${msconvd_enable="NO"} +: ${msconvd_type="auto"} + +# doesn't make sense to run in a svcj: nojail keyword +# XXX: How does msconvd communiacte with the kernel? +# XXX: Does the kernel prevent this communcation in jails? +msconvd_svcj="NO" + +# Set the pid file and variable name. The second argument, if it exists, is +# expected to be the mouse device. +# +if [ -n "$2" ]; then + eval msconvd_$2_enable=\${msconvd_$2_enable-${msconvd_enable}} + rcvar="msconvd_$2_enable" + pidfile="${pidprefix}.$2.pid" +else + for ms in ${msconvd_ports}; do + /etc/rc.d/msconvd $1 ${ms} + done + exit 0 +fi + +msconvd_start() +{ + local ms myflags myport mytype + + # Set the mouse device and get any related variables. If + # a msconvd device has been specified on the commandline, then + # rc.conf(5) variables defined for that device take precedence + # over the generic msconvd_* variables. The only exception is + # the msconvd_port variable, which if not defined sets it to + # the passed in device name. + # + ms=$1 + eval myflags=\${msconvd_${ms}_flags-$msconvd_flags} + eval myport=\${msconvd_${ms}_port-/dev/${ms}} + eval mytype=\${msconvd_${ms}_type-$msconvd_type} + + startmsg -n "Starting ${ms} ${name}" + ${command} ${myflags} -p ${myport} -t ${mytype} -I ${pidfile} + startmsg '.' +} + +run_rc_command $* diff --git a/libexec/rc/rc.d/msgs b/libexec/rc/rc.d/msgs index 4ea396c99f66..424d545f884d 100755 --- a/libexec/rc/rc.d/msgs +++ b/libexec/rc/rc.d/msgs @@ -22,4 +22,8 @@ msgs_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +msgs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/natd b/libexec/rc/rc.d/natd index d95d586ac69f..1c8c1cb50a96 100755 --- a/libexec/rc/rc.d/natd +++ b/libexec/rc/rc.d/natd @@ -40,4 +40,8 @@ natd_precmd() } load_rc_config $name + +# precmd is not compatible with svcj +natd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/netif b/libexec/rc/rc.d/netif index 3da296e97384..8c033acaf828 100755 --- a/libexec/rc/rc.d/netif +++ b/libexec/rc/rc.d/netif @@ -151,7 +151,7 @@ vnet_down() # netif_common routine # Common configuration subroutine for network interfaces. This -# routine takes all the preparatory steps needed for configuriing +# routine takes all the preparatory steps needed for configuring # an interface and then calls $routine. netif_common() { @@ -268,4 +268,8 @@ netif_common() # This is needed for mfsBSD at least. load_rc_config network load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +netif_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/netoptions b/libexec/rc/rc.d/netoptions index 7f57c02f0fb4..0f329a5385cf 100755 --- a/libexec/rc/rc.d/netoptions +++ b/libexec/rc/rc.d/netoptions @@ -122,4 +122,8 @@ netoptions_inet6() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +netoptions_svcj="NO" + run_rc_command $1 diff --git a/libexec/rc/rc.d/netwait b/libexec/rc/rc.d/netwait index 8342a100bd87..3f374806d97c 100755 --- a/libexec/rc/rc.d/netwait +++ b/libexec/rc/rc.d/netwait @@ -111,4 +111,8 @@ netwait_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +netwait_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/newsyslog b/libexec/rc/rc.d/newsyslog index 9434bb8e12ec..9b959bfabe85 100755 --- a/libexec/rc/rc.d/newsyslog +++ b/libexec/rc/rc.d/newsyslog @@ -23,4 +23,8 @@ newsyslog_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: needs to send signals outside the svcj +newsyslog_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfscbd b/libexec/rc/rc.d/nfscbd index 317a41ef8d3b..450de46e0855 100755 --- a/libexec/rc/rc.d/nfscbd +++ b/libexec/rc/rc.d/nfscbd @@ -14,6 +14,8 @@ rcvar="nfscbd_enable" command="/usr/sbin/${name}" sig_stop="USR1" +: ${nfscbd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfsclient b/libexec/rc/rc.d/nfsclient index f475e867b6c9..857cfa02036f 100755 --- a/libexec/rc/rc.d/nfsclient +++ b/libexec/rc/rc.d/nfsclient @@ -46,4 +46,8 @@ unmount_all() fi } load_rc_config $name + +# no unmounting in svcj +nfsclient_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfsd b/libexec/rc/rc.d/nfsd index 86409f0e655f..364c2a3b6bd3 100755 --- a/libexec/rc/rc.d/nfsd +++ b/libexec/rc/rc.d/nfsd @@ -14,7 +14,11 @@ rcvar="nfs_server_enable" command="/usr/sbin/${name}" nfs_server_vhost="" +: ${nfsd_svcj_options:="net_basic nfsd"} + load_rc_config $name +# precmd is not compatible with svcj +nfsd_svcj="NO" start_precmd="nfsd_precmd" sig_stop="USR1" diff --git a/libexec/rc/rc.d/nfsuserd b/libexec/rc/rc.d/nfsuserd index 297b88dccfcd..3ef88dcc6dfc 100755 --- a/libexec/rc/rc.d/nfsuserd +++ b/libexec/rc/rc.d/nfsuserd @@ -14,7 +14,11 @@ rcvar="nfsuserd_enable" command="/usr/sbin/${name}" sig_stop="USR1" +: ${nfsuserd_svcj_options:="net_basic nfsd"} + load_rc_config $name +# precmd is not compatible with svcj +nfsuserd_svcj="NO" start_precmd="nfsuserd_precmd" nfsuserd_precmd() diff --git a/libexec/rc/rc.d/nisdomain b/libexec/rc/rc.d/nisdomain index 56fe1a6c5c0b..9616d7be39ac 100755 --- a/libexec/rc/rc.d/nisdomain +++ b/libexec/rc/rc.d/nisdomain @@ -51,4 +51,8 @@ nisdomain_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +nisdomain_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/noshutdown b/libexec/rc/rc.d/noshutdown new file mode 100755 index 000000000000..54924310a6c7 --- /dev/null +++ b/libexec/rc/rc.d/noshutdown @@ -0,0 +1,31 @@ +#!/bin/sh +# +# + +# PROVIDE: noshutdown +# REQUIRE: var +# BEFORE: LOGIN + +. /etc/rc.subr + +name="noshutdown" +desc="Disable shutdown(8) for precious machines" +rcvar="precious_machine" +start_cmd="noshutdown_start" +stop_cmd="noshutdown_stop" + +: ${noshutdown_file:="/var/run/noshutdown"} + +noshutdown_start() +{ + touch $noshutdown_file +} + +noshutdown_stop() +{ + rm -f $noshutdown_file +} + +load_rc_config $name + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/nscd b/libexec/rc/rc.d/nscd index 64421c29358c..611d2d8ddb8f 100755 --- a/libexec/rc/rc.d/nscd +++ b/libexec/rc/rc.d/nscd @@ -21,6 +21,9 @@ name="nscd" desc="Name-service caching daemon" rcvar="nscd_enable" +# no svcj options needed +: ${nscd_svcj_options:=""} + command=/usr/sbin/nscd extra_commands="flush" flush_cmd="${command} -I all" diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd index 76d83149ae1a..e7e42da8acc7 100755 --- a/libexec/rc/rc.d/ntpd +++ b/libexec/rc/rc.d/ntpd @@ -28,6 +28,9 @@ pidfile="${_ntp_default_dir}/${name}.pid" load_rc_config $name +# doesn't make sense to run in a svcj: nojail keyword +ntpd_svcj="NO" + leapfile_is_disabled() { # Return true (0) if automatic leapfile handling is disabled. case "$ntp_db_leapfile" in diff --git a/libexec/rc/rc.d/ntpdate b/libexec/rc/rc.d/ntpdate index 428072a05f49..cb948d739227 100755 --- a/libexec/rc/rc.d/ntpdate +++ b/libexec/rc/rc.d/ntpdate @@ -31,4 +31,8 @@ ntpdate_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +ntpdate_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/nuageinit b/libexec/rc/rc.d/nuageinit index 8da0b1aed741..c901971488bd 100755 --- a/libexec/rc/rc.d/nuageinit +++ b/libexec/rc/rc.d/nuageinit @@ -2,7 +2,7 @@ # # PROVIDE: nuageinit -# REQUIRE: mountcritlocal zfs +# REQUIRE: mountcritlocal zfs devmatch # BEFORE: NETWORKING # KEYWORD: firstboot @@ -14,12 +14,24 @@ start_cmd="nuageinit_start" stop_cmd=":" rcvar="nuageinit_enable" +fetch_openstack() +{ + cd /media/nuageinit/openstack/latest + for file in meta_data.json network_data.json user_data; do + fetch http://169.254.169.254/openstack/latest/$file || : + done + if [ -f user_data ]; then + chmod 755 user_data + fi + cd - +} + nuageinit_start() { local citype # detect cloud init provider - # according to the specification of the config drive - # it either formatted in vfat or iso9660 and labeled + # according to the specification, the config drive + # is either formatted in vfat or iso9660 and labeled # config-2 for f in iso9660 msdosfs; do drive="/dev/$f/[cC][oO][nN][fF][iI][gG]-2" @@ -34,13 +46,28 @@ nuageinit_start() fi unset drive done - if [ -z "$drive" ]; then - # try to detect networked based instance - err 1 "Impossible to find a cloud init provider" + if [ -n "$drive" ]; then + mkdir -p /media/nuageinit + fs=$(fstyp $drive 2> /dev/null) + mount -t $fs $drive /media/nuageinit + else + product=$(kenv smbios.system.product) + case "$product" in + OpenStack*) + mkdir -p /media/nuageinit/openstack/latest + ifaces=$(ifconfig -l ether) + set -- $ifaces + dhclient -p /tmp/ephemeraldhcp.pid $1 + fetch_openstack + pkill -F /tmp/ephemeraldhcp.pid + citype=config-2 + ;; + *) + # try to detect networked based instance + err 1 "Impossible to find a cloud init provider" + ;; + esac fi - mkdir -p /media/nuageinit - fs=$(fstyp $drive) - mount -t $fs $drive /media/nuageinit # according to the specification, the content is either # in the openstack or ec2 directory case "$citype" in @@ -48,19 +75,21 @@ nuageinit_start() for d in openstack ec2; do dir=/media/nuageinit/$d/latest if [ -d $dir ]; then - /usr/libexec/nuageinit $dir $citype + /usr/libexec/nuageinit $dir $citype 2>&1 | tee -a /var/log/nuageinit.log break fi done ;; nocloud) - /usr/libexec/nuageinit /media/nuageinit $citype + /usr/libexec/nuageinit /media/nuageinit $citype 2>&1 | tee -a /var/log/nuageinit.log ;; esac if [ -n "$drive" ]; then umount /media/nuageinit + rmdir /media/nuageinit + else + rm -rf /media/nuageinit fi - rmdir /media/nuageinit } load_rc_config $name diff --git a/libexec/rc/rc.d/nuageinit_post_net b/libexec/rc/rc.d/nuageinit_post_net new file mode 100755 index 000000000000..6d2591a603af --- /dev/null +++ b/libexec/rc/rc.d/nuageinit_post_net @@ -0,0 +1,25 @@ +#!/bin/sh +# + +# PROVIDE: nuageinit_post_net +# REQUIRE: NETWORKING devfs +# BEFORE: SERVERS +# KEYWORD: firstboot + +. /etc/rc.subr + +name="nuageinit_post_net" +desc="Post Network Cloud Init configuration" +start_cmd="execute_post_net" +stop_cmd=":" +rcvar="nuageinit_enable" + +execute_post_net() +{ + test -f /var/cache/nuageinit/user_data -o -f /var/cache/nuageinit/user-data || return + /usr/libexec/nuageinit /var/cache/nuageinit/ postnet | tee -a /var/log/nuageinit.log +} + +# Share the same config as nuageinit +load_rc_config nuageinit +run_rc_command "$1" diff --git a/libexec/rc/rc.d/nuageinit_user_data_script b/libexec/rc/rc.d/nuageinit_user_data_script new file mode 100755 index 000000000000..decb6bf1483e --- /dev/null +++ b/libexec/rc/rc.d/nuageinit_user_data_script @@ -0,0 +1,29 @@ +#!/bin/sh +# + +# PROVIDE: nuageinit_user_data_script +# REQUIRE: local +# KEYWORD: firstboot + +. /etc/rc.subr + +name="nuageinit_user_data_script" +desc="Execute user data script provided by cloudinit" +start_cmd="execute_user_data_script" +stop_cmd=":" +rcvar="nuageinit_enable" + +execute_user_data_script() +{ + if [ -x /var/cache/nuageinit/runcmds ]; then + echo "Executing 'runcmd'" | tee -a /var/log/nuageinit.log + /var/cache/nuageinit/runcmds 2>&1 | tee -a /var/log/nuageinit.log + fi + test -x /var/cache/nuageinit/user_data || return + echo "Executing user_data script" | tee -a /var/log/nuageinit.log + /var/cache/nuageinit/user_data 2>&1 | tee -a /var/log/nuageinit.log +} + +# Share the same config as nuageinit +load_rc_config nuageinit +run_rc_command "$1" diff --git a/libexec/rc/rc.d/opensm b/libexec/rc/rc.d/opensm index ff208ddc3ae4..650345d81c12 100755 --- a/libexec/rc/rc.d/opensm +++ b/libexec/rc/rc.d/opensm @@ -12,6 +12,8 @@ name="opensm" start_cmd="opensm_start" rcvar="opensm_enable" +: ${opensm_svcj_options:="net_basic"} + command=/usr/bin/opensm command_args="-B" diff --git a/libexec/rc/rc.d/os-release b/libexec/rc/rc.d/os-release index 3373d42b1533..0f8ee71e06b4 100755 --- a/libexec/rc/rc.d/os-release +++ b/libexec/rc/rc.d/os-release @@ -41,4 +41,8 @@ __EOF__ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +osrelease_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/pf b/libexec/rc/rc.d/pf index f227782e640c..46fb085e5175 100755 --- a/libexec/rc/rc.d/pf +++ b/libexec/rc/rc.d/pf @@ -22,6 +22,9 @@ extra_commands="check reload resync" required_files="$pf_rules" required_modules="pf" +# doesn't make sense to run in a svcj: config setting +pf_svcj="NO" + pf_fallback() { warn "Unable to load $pf_rules." @@ -35,7 +38,7 @@ pf_fallback() $pf_program -f "$pf_fallback_rules_file" $pf_flags else warn "Loading fallback rules: $pf_fallback_rules" - echo $pf_fallback_rules | $pf_program -f - $pf_flags + echo "$pf_fallback_rules" | $pf_program -f - $pf_flags fi } diff --git a/libexec/rc/rc.d/pflog b/libexec/rc/rc.d/pflog index c6bb024ee0be..b47252a23e0f 100755 --- a/libexec/rc/rc.d/pflog +++ b/libexec/rc/rc.d/pflog @@ -17,6 +17,9 @@ start_precmd="pflog_prestart" stop_postcmd="pflog_poststop" extra_commands="reload resync" +# no svcj options needed +: ${pflog_svcj_options:=""} + # for backward compatibility resync_cmd="pflog_resync" @@ -70,6 +73,9 @@ pflog_resync() load_rc_config $name +# precmd is not compatible with svcj +pflog_svcj="NO" + # Check if spawning multiple pflogd and told what to spawn if [ -n "$2" ]; then # Set required variables diff --git a/libexec/rc/rc.d/pfsync b/libexec/rc/rc.d/pfsync index 1e75644315b1..e2ba9c17cd45 100755 --- a/libexec/rc/rc.d/pfsync +++ b/libexec/rc/rc.d/pfsync @@ -45,4 +45,8 @@ pfsync_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +pfsync_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/power_profile b/libexec/rc/rc.d/power_profile index 71f3f3ad8792..7e187bf0a67c 100755 --- a/libexec/rc/rc.d/power_profile +++ b/libexec/rc/rc.d/power_profile @@ -62,6 +62,9 @@ if [ $# -ne 1 ]; then fi load_rc_config $name +# doesn't make sense to run in a svcj: privileged operations +power_profile_svcj="NO" + # Find the next state (performance or economy). state=$1 case ${state} in diff --git a/libexec/rc/rc.d/powerd b/libexec/rc/rc.d/powerd index d0f10f781231..8ebc9cc2dc7f 100755 --- a/libexec/rc/rc.d/powerd +++ b/libexec/rc/rc.d/powerd @@ -15,4 +15,8 @@ rcvar="powerd_enable" command="/usr/sbin/${name}" load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +powerd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ppp b/libexec/rc/rc.d/ppp index cc7c8599777c..6f41d67f8940 100755 --- a/libexec/rc/rc.d/ppp +++ b/libexec/rc/rc.d/ppp @@ -131,4 +131,8 @@ ppp_stop() { } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ppp_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/pppoed b/libexec/rc/rc.d/pppoed index 6e7225b83a52..5c64862c6a49 100755 --- a/libexec/rc/rc.d/pppoed +++ b/libexec/rc/rc.d/pppoed @@ -30,4 +30,8 @@ pppoed_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +pppoed_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/pwcheck b/libexec/rc/rc.d/pwcheck index 564c110d6a98..db42fdd0d37e 100755 --- a/libexec/rc/rc.d/pwcheck +++ b/libexec/rc/rc.d/pwcheck @@ -24,4 +24,8 @@ pwcheck_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +pwcheck_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/quota b/libexec/rc/rc.d/quota index adbc3b3bd372..9a3a3d50739c 100755 --- a/libexec/rc/rc.d/quota +++ b/libexec/rc/rc.d/quota @@ -18,6 +18,9 @@ load_rc_config $name start_cmd="quota_start" stop_cmd="/usr/sbin/quotaoff ${quotaoff_flags}" +# doesn't make sense to run in a svcj: config setting +quota_svcj="NO" + quota_start() { if checkyesno check_quotas; then diff --git a/libexec/rc/rc.d/random b/libexec/rc/rc.d/random index 1900f6cef5a4..c34f0d1f86b4 100755 --- a/libexec/rc/rc.d/random +++ b/libexec/rc/rc.d/random @@ -151,4 +151,8 @@ random_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +random_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/rarpd b/libexec/rc/rc.d/rarpd index f7f5f3b04094..2618565ae0d1 100755 --- a/libexec/rc/rc.d/rarpd +++ b/libexec/rc/rc.d/rarpd @@ -15,6 +15,8 @@ rcvar="rarpd_enable" command="/usr/sbin/${name}" required_files="/etc/ethers" +: ${rarpd_svcj_options:="net_basic"} + load_rc_config $name pidfile="${rarpd_pidfile:-/var/run/${name}.pid}" diff --git a/libexec/rc/rc.d/rctl b/libexec/rc/rc.d/rctl index 3d644cd1d8ec..96c148e78bcd 100755 --- a/libexec/rc/rc.d/rctl +++ b/libexec/rc/rc.d/rctl @@ -38,4 +38,8 @@ rctl_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +rctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/resolv b/libexec/rc/rc.d/resolv index c94e1c8ff1f1..a46c7ba314e9 100755 --- a/libexec/rc/rc.d/resolv +++ b/libexec/rc/rc.d/resolv @@ -59,4 +59,8 @@ resolv_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +resolv_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/rfcomm_pppd_server b/libexec/rc/rc.d/rfcomm_pppd_server index ef5afa7a5de2..810c1adc8e91 100755 --- a/libexec/rc/rc.d/rfcomm_pppd_server +++ b/libexec/rc/rc.d/rfcomm_pppd_server @@ -119,4 +119,8 @@ rfcomm_pppd_server_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +rfcomm_pppd_server_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/root b/libexec/rc/rc.d/root index e64ea7fe2dcd..e1dad6270e7d 100755 --- a/libexec/rc/rc.d/root +++ b/libexec/rc/rc.d/root @@ -39,4 +39,8 @@ root_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: mounting / config setting +root_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/route6d b/libexec/rc/rc.d/route6d index f27a0e7f8d6c..873efdeb123c 100755 --- a/libexec/rc/rc.d/route6d +++ b/libexec/rc/rc.d/route6d @@ -12,6 +12,8 @@ name="route6d" desc="RIP6 routing daemon" rcvar="route6d_enable" +: ${route6d_svcj_options:="net_basic"} + set_rcvar_obsolete ipv6_router_enable route6d_enable set_rcvar_obsolete ipv6_router route6d_program set_rcvar_obsolete ipv6_router_flags route6d_flags diff --git a/libexec/rc/rc.d/routed b/libexec/rc/rc.d/routed index d5fb464ece8c..9338cf034edd 100755 --- a/libexec/rc/rc.d/routed +++ b/libexec/rc/rc.d/routed @@ -13,6 +13,8 @@ name="routed" desc="Network RIP and router discovery routing daemon" rcvar="routed_enable" +: ${routed_svcj_options:="net_basic"} + set_rcvar_obsolete router_enable routed_enable set_rcvar_obsolete router routed_program set_rcvar_obsolete router_flags routed_flags diff --git a/libexec/rc/rc.d/routing b/libexec/rc/rc.d/routing index d7113eb90722..dd75604125a3 100755 --- a/libexec/rc/rc.d/routing +++ b/libexec/rc/rc.d/routing @@ -331,7 +331,7 @@ _check_dynamicrouting() # copied from /etc/rc skip="-s nostart" - if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then + if check_jail jailed; then skip="$skip -s nojail" fi [ -n "$local_startup" ] && find_local_scripts_new @@ -435,4 +435,8 @@ options_inet6() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +routing_svcj="NO" + run_rc_command "$@" diff --git a/libexec/rc/rc.d/rpcbind b/libexec/rc/rc.d/rpcbind index 699fdd094241..c393df666219 100755 --- a/libexec/rc/rc.d/rpcbind +++ b/libexec/rc/rc.d/rpcbind @@ -13,6 +13,8 @@ desc="Universal addresses to RPC program number mapper" rcvar="rpcbind_enable" command="/usr/sbin/${name}" +: ${rpcbind_svcj_options:="net_basic"} + stop_postcmd='/bin/rm -f /var/run/rpcbind.*' load_rc_config $name diff --git a/libexec/rc/rc.d/rtadvd b/libexec/rc/rc.d/rtadvd index 1340c18e29e4..99fec22604aa 100755 --- a/libexec/rc/rc.d/rtadvd +++ b/libexec/rc/rc.d/rtadvd @@ -18,6 +18,8 @@ extra_commands="reload" reload_cmd="rtadvd_reload" start_precmd="rtadvd_precmd" +: ${rtadvd_svcj_options:="net_basic"} + rtadvd_precmd() { # This should be enabled with a great care. @@ -69,4 +71,7 @@ rtadvd_reload() { } load_rc_config $name + +# precmd is not compatible with svcj +rtadvd_svcj="NO" run_rc_command "$1" diff --git a/libexec/rc/rc.d/rtsold b/libexec/rc/rc.d/rtsold index fe21e5a235bb..5578af5a367f 100755 --- a/libexec/rc/rc.d/rtsold +++ b/libexec/rc/rc.d/rtsold @@ -16,6 +16,8 @@ command="/usr/sbin/${name}" pidfile="/var/run/${name}.pid" start_postcmd="rtsold_poststart" +: ${rtsold_svcj_options:="net_basic"} + rtsold_poststart() { # wait for DAD diff --git a/libexec/rc/rc.d/rwho b/libexec/rc/rc.d/rwho index ea6c6c8c3b20..f35bcda30ebf 100755 --- a/libexec/rc/rc.d/rwho +++ b/libexec/rc/rc.d/rwho @@ -14,5 +14,7 @@ desc="System status server" rcvar="rwhod_enable" command="/usr/sbin/${name}" +: ${rwhod_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/savecore b/libexec/rc/rc.d/savecore index 9f326eba21b3..889476591dac 100755 --- a/libexec/rc/rc.d/savecore +++ b/libexec/rc/rc.d/savecore @@ -78,4 +78,8 @@ savecore_start() } load_rc_config $name + +# doesn't make sense to run in a svcj +savecore_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/sdpd b/libexec/rc/rc.d/sdpd index 1de7ed5d8fa9..a7bf51ecdc75 100755 --- a/libexec/rc/rc.d/sdpd +++ b/libexec/rc/rc.d/sdpd @@ -21,4 +21,7 @@ group="${sdpd_groupname:-nobody}" user="${sdpd_username:-nobody}" command_args="-c ${control} -g ${group} -u ${user}" +# doesn't make sense to run in a svcj: nojail keyword +sdpd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/securelevel b/libexec/rc/rc.d/securelevel index 427d424f5e3d..e5c5a410cf62 100755 --- a/libexec/rc/rc.d/securelevel +++ b/libexec/rc/rc.d/securelevel @@ -22,4 +22,8 @@ securelevel_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +securelevel_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/sendmail b/libexec/rc/rc.d/sendmail index 68803a957952..a9d37f3f7d69 100755 --- a/libexec/rc/rc.d/sendmail +++ b/libexec/rc/rc.d/sendmail @@ -4,9 +4,10 @@ # PROVIDE: mail # REQUIRE: LOGIN FILESYSTEMS -# we make mail start late, so that things like .forward's are not -# processed until the system is fully operational # KEYWORD: shutdown +# +# We make mail start late, so that things like .forward's are not processed +# until the system is fully operational. # XXX - Get together with sendmail mantainer to figure out how to # better handle SENDMAIL_ENABLE and 3rd party MTAs. @@ -19,6 +20,8 @@ rcvar="sendmail_enable" required_files="/etc/mail/${name}.cf" start_precmd="sendmail_precmd" +: ${sendmail_svcj_options:="net_basic"} + load_rc_config $name command=${sendmail_program:-/usr/sbin/${name}} pidfile=${sendmail_pidfile:-/var/run/${name}.pid} @@ -39,11 +42,28 @@ esac if checkyesno sendmail_enable; then sendmail_submit_enable="NO" sendmail_outbound_enable="NO" + _sendmail_run=true fi # If sendmail_submit_enable=yes, don't need outbound daemon if checkyesno sendmail_submit_enable; then + name="sendmail_submit" + rcvar="sendmail_submit_enable" sendmail_outbound_enable="NO" + _sendmail_run=true +fi + +if checkyesno sendmail_outbound_enable; then + name="sendmail_outbound" + rcvar="sendmail_outbound_enable" + _sendmail_run=true +fi + +if checkyesno sendmail_msp_queue_enable; then + _sendmail_msp_queue_run=true +else + # Make sure run_rc_command is called at least once. + _sendmail_run=true fi sendmail_cert_create() @@ -160,17 +180,6 @@ sendmail_cert_create() sendmail_precmd() { - # Die if there's pre-8.10 custom configuration file. This check is - # mandatory for smooth upgrade. See NetBSD PR 10100 for details. - # - if checkyesno ${rcvar} && [ -f "/etc/${name}.cf" ]; then - if ! cmp -s "/etc/mail/${name}.cf" "/etc/${name}.cf"; then - warn \ - "${name} was not started; you have multiple copies of sendmail.cf." - return 1 - fi - fi - # check modifications on /etc/mail/aliases if checkyesno sendmail_rebuild_aliases; then if [ -f "/etc/mail/aliases.db" ]; then @@ -202,27 +211,19 @@ sendmail_precmd() fi } -run_rc_command "$1" - -required_files= - -if checkyesno sendmail_submit_enable; then - name="sendmail_submit" - rcvar="sendmail_submit_enable" - _rc_restart_done=false +if ${_sendmail_run:-false}; then run_rc_command "$1" fi +_ret=$? -if checkyesno sendmail_outbound_enable; then - name="sendmail_outbound" - rcvar="sendmail_outbound_enable" +if ${_sendmail_msp_queue_run:-false}; then + name="sendmail_msp_queue" + rcvar="sendmail_msp_queue_enable" + pidfile="${sendmail_msp_queue_pidfile:-/var/spool/clientmqueue/sm-client.pid}" + required_files="/etc/mail/submit.cf" _rc_restart_done=false run_rc_command "$1" + _ret=$(( _ret > $? ? _ret : $? )) fi -name="sendmail_msp_queue" -rcvar="sendmail_msp_queue_enable" -pidfile="${sendmail_msp_queue_pidfile:-/var/spool/clientmqueue/sm-client.pid}" -required_files="/etc/mail/submit.cf" -_rc_restart_done=false -run_rc_command "$1" +(exit "$_ret") diff --git a/libexec/rc/rc.d/serial b/libexec/rc/rc.d/serial index ea60c8aa77da..f8ddc7ff30d4 100755 --- a/libexec/rc/rc.d/serial +++ b/libexec/rc/rc.d/serial @@ -45,7 +45,7 @@ default() { # Reset everything changed by the other functions to initial defaults. dc=$1; shift # device name character - drainwait=`sysctl -n kern.drainwait` + drainwait=`sysctl -n kern.tty_drainwait` for i in $* do @@ -84,7 +84,7 @@ modem() { for i in $* do # may depend on modem - comcontrol /dev/tty${dc}${i} dtrwait 100 drainwait 180 + comcontrol /dev/tty${dc}${i} drainwait 180 # Lock crtscts on. # Speed reasonable for V42bis. stty < /dev/tty${dc}${i}.init crtscts 115200 @@ -156,12 +156,3 @@ terminal() { # modem u 1 # terminal u 0 # 3wire u 0 - -# Initialize all ports on a Cyclades-8yo. -# modem c 00 01 02 03 04 05 06 07 - -# Initialize all ports on a Cyclades-16ye. -# modem c 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f - -# Initialize all ports on a Digiboard 8. -# modem D 00 01 02 03 04 05 06 07 diff --git a/libexec/rc/rc.d/sshd b/libexec/rc/rc.d/sshd index 63113fd9ee74..1d2c89cc88a8 100755 --- a/libexec/rc/rc.d/sshd +++ b/libexec/rc/rc.d/sshd @@ -21,10 +21,15 @@ pidfile="/var/run/${name}.pid" extra_commands="configtest keygen reload" : ${sshd_rsa_enable:="yes"} -: ${sshd_dsa_enable:="no"} : ${sshd_ecdsa_enable:="yes"} : ${sshd_ed25519_enable:="yes"} +# sshd in a jail would not see other jails. As such exclude it from +# svcj_all_enable="YES" by setting sshd_svcj to NO. This allows to +# enable it in rc.conf. +: ${sshd_svcj:="NO"} +: ${sshd_svcj_options:="net_basic"} + sshd_keygen_alg() { local alg=$1 @@ -36,7 +41,7 @@ sshd_keygen_alg() fi case $alg in - rsa|dsa|ecdsa|ed25519) + rsa|ecdsa|ed25519) keyfile="/etc/ssh/ssh_host_${alg}_key" ;; *) @@ -62,7 +67,6 @@ sshd_keygen_alg() sshd_keygen() { sshd_keygen_alg rsa - sshd_keygen_alg dsa sshd_keygen_alg ecdsa sshd_keygen_alg ed25519 } diff --git a/libexec/rc/rc.d/statd b/libexec/rc/rc.d/statd index 03254932c37c..3f2678af2940 100755 --- a/libexec/rc/rc.d/statd +++ b/libexec/rc/rc.d/statd @@ -16,15 +16,18 @@ rcvar=rpc_statd_enable command="/usr/sbin/rpc.${name}" start_precmd='statd_precmd' +: ${statd_svcj_options:="net_basic"} + # Make sure that we are either an NFS client or server, and that we get # the correct flags from rc.conf(5). # statd_precmd() { force_depend rpcbind || return 1 - - rc_flags=${rpc_statd_flags} } load_rc_config $name + +rc_flags=${rpc_statd_flags} + run_rc_command $1 diff --git a/libexec/rc/rc.d/static_arp b/libexec/rc/rc.d/static_arp index b6ad064cc102..42db3c2c8fff 100755 --- a/libexec/rc/rc.d/static_arp +++ b/libexec/rc/rc.d/static_arp @@ -70,4 +70,8 @@ static_arp_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +statc_arp_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/static_ndp b/libexec/rc/rc.d/static_ndp index 8f0f3fc35957..e66c4a0080c3 100755 --- a/libexec/rc/rc.d/static_ndp +++ b/libexec/rc/rc.d/static_ndp @@ -69,4 +69,8 @@ static_ndp_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +static_ndp_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/stf b/libexec/rc/rc.d/stf index 48a27b542f05..94a585693982 100755 --- a/libexec/rc/rc.d/stf +++ b/libexec/rc/rc.d/stf @@ -75,4 +75,8 @@ stf_down() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +stf_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/swap b/libexec/rc/rc.d/swap index fb1e11281ea6..f7663fc422bf 100755 --- a/libexec/rc/rc.d/swap +++ b/libexec/rc/rc.d/swap @@ -14,4 +14,8 @@ start_cmd='/sbin/swapon -aq' stop_cmd=':' load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +swap_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/swaplate b/libexec/rc/rc.d/swaplate index 28beb8e835c9..da86cb2bf686 100755 --- a/libexec/rc/rc.d/swaplate +++ b/libexec/rc/rc.d/swaplate @@ -14,4 +14,8 @@ start_cmd='/sbin/swapon -aLq' stop_cmd='/sbin/swapoff -aLq' load_rc_config swap + +# doesn't make sense to run in a svcj: privileged operations +swaplate_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/syscons b/libexec/rc/rc.d/syscons index beef467deaf8..b01b648ace6e 100755 --- a/libexec/rc/rc.d/syscons +++ b/libexec/rc/rc.d/syscons @@ -238,6 +238,7 @@ syscons_configure_keyboard() sc_init echo -n ' allscreens_kbd' for ttyv in /dev/ttyv*; do + [ "$ttyv" = '/dev/ttyv*' ] && break kbdcontrol ${allscreens_kbdflags} < ${ttyv} > ${ttyv} 2>&1 done fi @@ -382,6 +383,7 @@ syscons_start() sc_init echo -n ' allscreens' for ttyv in /dev/ttyv*; do + [ "$ttyv" = '/dev/ttyv*' ] && break vidcontrol ${allscreens_flags} < ${ttyv} > ${ttyv} 2>&1 done fi @@ -396,5 +398,9 @@ syscons_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +syscons_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/sysctl b/libexec/rc/rc.d/sysctl index 5d586776929e..0ca753b530af 100755 --- a/libexec/rc/rc.d/sysctl +++ b/libexec/rc/rc.d/sysctl @@ -34,4 +34,8 @@ sysctl_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +sysctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/sysctl_lastload b/libexec/rc/rc.d/sysctl_lastload index 335bd9cdc1bc..6d97561ed2c0 100755 --- a/libexec/rc/rc.d/sysctl_lastload +++ b/libexec/rc/rc.d/sysctl_lastload @@ -14,4 +14,8 @@ start_cmd="/etc/rc.d/sysctl lastload" stop_cmd=":" load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +sysctl_lastload_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/syslogd b/libexec/rc/rc.d/syslogd index 3f67014d0b01..8d0ff952a6b2 100755 --- a/libexec/rc/rc.d/syslogd +++ b/libexec/rc/rc.d/syslogd @@ -22,6 +22,8 @@ extra_commands="reload" sockfile="/var/run/syslogd.sockets" evalargs="rc_flags=\"\`set_socketlist\` \$rc_flags\"" +: ${syslogd_svcj_options:="net_basic"} + syslogd_precmd() { local _l _ldir diff --git a/libexec/rc/rc.d/sysvipc b/libexec/rc/rc.d/sysvipc index a76e662576db..ce38db598641 100755 --- a/libexec/rc/rc.d/sysvipc +++ b/libexec/rc/rc.d/sysvipc @@ -22,4 +22,8 @@ sysvipc_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +sysvipc_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/tlsclntd b/libexec/rc/rc.d/tlsclntd index ff1336b2d08a..5688c7ff53a2 100755 --- a/libexec/rc/rc.d/tlsclntd +++ b/libexec/rc/rc.d/tlsclntd @@ -15,6 +15,8 @@ rcvar="tlsclntd_enable" command="/usr/sbin/rpc.${name}" pidfile="/var/run/rpc.${name}.pid" +: ${tlsclntd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/tlsservd b/libexec/rc/rc.d/tlsservd index 98a713dd3ff5..989e17996043 100755 --- a/libexec/rc/rc.d/tlsservd +++ b/libexec/rc/rc.d/tlsservd @@ -14,6 +14,8 @@ desc="NFS over TLS server side daemon" rcvar="tlsservd_enable" command="/usr/sbin/rpc.${name}" +: ${tlsservd_svcj_options:="net_basic nfsd"} + pidfile="/var/run/rpc.${name}.pid" required_files="/etc/rpc.tlsservd/cert.pem /etc/rpc.tlsservd/certkey.pem" extra_commands="reload" diff --git a/libexec/rc/rc.d/tmp b/libexec/rc/rc.d/tmp index bde1ba257c2c..cc970816e45c 100755 --- a/libexec/rc/rc.d/tmp +++ b/libexec/rc/rc.d/tmp @@ -37,6 +37,9 @@ stop_cmd=':' load_rc_config $name +# doesn't make sense to run in a svcj: mounting +tmp_svcj="NO" + mount_tmpmfs() { while read line; do diff --git a/libexec/rc/rc.d/ubthidhci b/libexec/rc/rc.d/ubthidhci index a311ec07ebf6..9792a0e3530d 100755 --- a/libexec/rc/rc.d/ubthidhci +++ b/libexec/rc/rc.d/ubthidhci @@ -28,6 +28,10 @@ ubthidhci_prestart() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ubthidhci_svcj="NO" + # # We discard the output because: # 1) we don't want it to show up during boot; and diff --git a/libexec/rc/rc.d/ugidfw b/libexec/rc/rc.d/ugidfw index 852c04bc216f..13b20c45ee29 100755 --- a/libexec/rc/rc.d/ugidfw +++ b/libexec/rc/rc.d/ugidfw @@ -48,4 +48,8 @@ ugidfw_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ugidfw_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/utx b/libexec/rc/rc.d/utx index 96bbae07d2cf..d7149f66e68b 100755 --- a/libexec/rc/rc.d/utx +++ b/libexec/rc/rc.d/utx @@ -16,4 +16,8 @@ start_cmd="utx boot" stop_cmd="utx shutdown" load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +utx_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/var b/libexec/rc/rc.d/var index ff5150a96904..b4939e2bc4a0 100755 --- a/libexec/rc/rc.d/var +++ b/libexec/rc/rc.d/var @@ -39,6 +39,9 @@ stop_cmd=':' load_rc_config $name +# doesn't make sense to run in a svcj: mounting +var_svcj="NO" + populate_var() { /usr/sbin/mtree -deiU -f /etc/mtree/BSD.var.dist -p /var > /dev/null diff --git a/libexec/rc/rc.d/var_run b/libexec/rc/rc.d/var_run index bf8f0cb737b4..9a3732f593b6 100755 --- a/libexec/rc/rc.d/var_run +++ b/libexec/rc/rc.d/var_run @@ -17,27 +17,34 @@ stop_cmd="_var_run_stop" load_rc_config $name +# doesn't make sense to run in a svcj: config setting +var_run_svcj="NO" + _var_run_load() { - test -f ${var_run_mtree} && - mtree -U -i -q -f ${var_run_mtree} -p /var/run > /dev/null + if [ -f "${var_run_mtree}" ] ; then + mtree -U -i -q -f "${var_run_mtree}" -p /var/run > /dev/null + fi } _var_run_save() { - if [ ! -d $(dirname ${var_run_mtree}) ]; then - mkdir -p ${var_run_mtree} + if ! [ -d "${var_run_mtree%/*}" ]; then + mkdir -p "${var_run_mtree%/*}" fi - mtree -dcbj -p /var/run > ${var_run_mtree} + mtree -dcbj -p /var/run > "${var_run_mtree}" } _var_run_start() { - df -ttmpfs /var/run > /dev/null 2>&1 && + if df -ttmpfs /var/run > /dev/null 2>&1; then _var_run_load + fi } _var_run_stop() { - df -ttmpfs /var/run > /dev/null 2>&1 && - checkyesno var_run_autosave && + if checkyesno var_run_autosave; then + if df -ttmpfs /var/run > /dev/null 2>&1; then _var_run_save + fi + fi } run_rc_command "$1" diff --git a/libexec/rc/rc.d/virecover b/libexec/rc/rc.d/virecover index ed65fc00474a..d6f9f8bdef9a 100755 --- a/libexec/rc/rc.d/virecover +++ b/libexec/rc/rc.d/virecover @@ -62,4 +62,8 @@ virecover_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +virecover_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/watchdogd b/libexec/rc/rc.d/watchdogd index 7565d8bcd94d..6cd37b8c5ceb 100755 --- a/libexec/rc/rc.d/watchdogd +++ b/libexec/rc/rc.d/watchdogd @@ -88,4 +88,8 @@ watchdogd_poststop() } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +watchdogd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/wpa_supplicant b/libexec/rc/rc.d/wpa_supplicant index fea0f36997ef..e11dddfb5fd3 100755 --- a/libexec/rc/rc.d/wpa_supplicant +++ b/libexec/rc/rc.d/wpa_supplicant @@ -31,6 +31,9 @@ conf_file=${wpa_supplicant_conf_file} pidfile="/var/run/${name}/${ifn}.pid" command_args="-B -i $ifn -c $conf_file -D $driver -P $pidfile" required_files=$conf_file -required_modules="wlan_wep wlan_tkip wlan_ccmp" +required_modules="wlan_wep wlan_tkip wlan_ccmp wlan_gcmp" + +# doesn't make sense to run in a svcj: nojail keyword +wpa_supplicant_svcj="NO" run_rc_command "$1" diff --git a/libexec/rc/rc.d/ypbind b/libexec/rc/rc.d/ypbind index b4e47cb0a37d..a6bf00f1ed9d 100755 --- a/libexec/rc/rc.d/ypbind +++ b/libexec/rc/rc.d/ypbind @@ -13,6 +13,8 @@ name="ypbind" desc="NIS domain binding daemon" rcvar="nis_client_enable" +: ${ypbind_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/${name}" diff --git a/libexec/rc/rc.d/ypldap b/libexec/rc/rc.d/ypldap index 051d0ce9977e..579b004a07c0 100755 --- a/libexec/rc/rc.d/ypldap +++ b/libexec/rc/rc.d/ypldap @@ -12,6 +12,8 @@ name="ypldap" rcvar="nis_ypldap_enable" +: ${ypldap_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/${name}" diff --git a/libexec/rc/rc.d/yppasswdd b/libexec/rc/rc.d/yppasswdd index 83a7bcc713dd..81a04d753305 100755 --- a/libexec/rc/rc.d/yppasswdd +++ b/libexec/rc/rc.d/yppasswdd @@ -13,6 +13,8 @@ name="yppasswdd" desc="Server for updating NIS passwords" rcvar="nis_yppasswdd_enable" +: ${yppasswdd_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/rpc.${name}" diff --git a/libexec/rc/rc.d/ypserv b/libexec/rc/rc.d/ypserv index 9b60e9a55b25..8cae179fdd11 100755 --- a/libexec/rc/rc.d/ypserv +++ b/libexec/rc/rc.d/ypserv @@ -12,6 +12,8 @@ name="ypserv" desc="NIS database server" rcvar="nis_server_enable" +: ${ypserv_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/${name}" diff --git a/libexec/rc/rc.d/ypset b/libexec/rc/rc.d/ypset index 2f259de05e59..123a94ea44e8 100755 --- a/libexec/rc/rc.d/ypset +++ b/libexec/rc/rc.d/ypset @@ -14,6 +14,9 @@ rcvar="nis_ypset_enable" load_rc_config $name +# doesn't make sense to run in a svcj: config setting +ypset_svcj="NO" + command="/usr/sbin/${name}" command_args="${nis_ypset_flags}" diff --git a/libexec/rc/rc.d/ypupdated b/libexec/rc/rc.d/ypupdated index f7a7769c766a..1a4c595c745a 100755 --- a/libexec/rc/rc.d/ypupdated +++ b/libexec/rc/rc.d/ypupdated @@ -11,6 +11,8 @@ name="ypupdated" rcvar="rpc_ypupdated_enable" +: ${ypupdated_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/rpc.${name}" diff --git a/libexec/rc/rc.d/ypxfrd b/libexec/rc/rc.d/ypxfrd index 3bc7fd8d29e6..ea929b0d25ce 100755 --- a/libexec/rc/rc.d/ypxfrd +++ b/libexec/rc/rc.d/ypxfrd @@ -12,6 +12,8 @@ name="ypxfrd" desc="NIS map transfer server" rcvar="nis_ypxfrd_enable" +: ${ypxfrd_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/rpc.${name}" diff --git a/libexec/rc/rc.d/zfs b/libexec/rc/rc.d/zfs index d7c5b20ee6d1..f88f65c2ec18 100755 --- a/libexec/rc/rc.d/zfs +++ b/libexec/rc/rc.d/zfs @@ -18,7 +18,7 @@ required_modules="zfs" zfs_start_jail() { - if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then + if check_jail mount_allowed; then zfs mount -a fi } @@ -34,7 +34,7 @@ zfs_start_main() zfs_start() { - if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + if check_jail jailed; then zfs_start_jail else zfs_start_main @@ -54,7 +54,7 @@ zfs_poststart() zfs_stop_jail() { - if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then + if check_jail mount_allowed; then zfs unmount -a fi } @@ -67,7 +67,7 @@ zfs_stop_main() zfs_stop() { - if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + if check_jail jailed; then zfs_stop_jail else zfs_stop_main @@ -75,4 +75,8 @@ zfs_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: mounting / config setting +zfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfsbe b/libexec/rc/rc.d/zfsbe index 31b0a180800f..22d53f219679 100755 --- a/libexec/rc/rc.d/zfsbe +++ b/libexec/rc/rc.d/zfsbe @@ -64,7 +64,7 @@ activate_bootonce() be_start() { - if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + if check_jail jailed; then : else mount -p | while read _dev _mp _type _rest; do @@ -85,4 +85,8 @@ be_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: mounting / config setting +zfsbe_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfsd b/libexec/rc/rc.d/zfsd index 5b9c2ea31837..f0abeeeb446b 100755 --- a/libexec/rc/rc.d/zfsd +++ b/libexec/rc/rc.d/zfsd @@ -13,4 +13,8 @@ rcvar="zfsd_enable" command="/usr/sbin/${name}" load_rc_config $name + +# doesn't make sense to run in a svcj +zfsd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfskeys b/libexec/rc/rc.d/zfskeys index c558eb3af5d7..aff0224d5c9d 100755 --- a/libexec/rc/rc.d/zfskeys +++ b/libexec/rc/rc.d/zfskeys @@ -45,7 +45,15 @@ unlock_fs() local kl="$2" local k="${kl##file://}" - if [ "$k" ] && [ -f "$k" ] && [ -s "$k" ] && [ -r "$k" ]; then + if [ "$kl" == "prompt" ] + then + echo "Key prompt for $fs." + if zfs load-key -L "$kl" "$fs" < /dev/tty > /dev/tty 2>/dev/tty ; then + echo "Key loaded for $fs." + else + echo "Key failed to load for $fs." + fi + elif [ "$k" ] && [ -f "$k" ] && [ -s "$k" ] && [ -r "$k" ]; then if [ "$(zfs get -Ho value keystatus "$fs")" = 'available' ]; then echo "Key already loaded for $fs." elif keytest=$(zfs load-key -n -L "$kl" "$fs" 2>&1); then @@ -116,4 +124,8 @@ unload_zfs_keys() zfskeys_args=$(encode_args "$@") load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +zfskeys_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zpool b/libexec/rc/rc.d/zpool index 5a5ef00755cc..63f040ad122b 100755 --- a/libexec/rc/rc.d/zpool +++ b/libexec/rc/rc.d/zpool @@ -3,8 +3,7 @@ # # PROVIDE: zpool -# REQUIRE: hostid disks -# BEFORE: mountcritlocal +# REQUIRE: hostid disks mountcritlocal # KEYWORD: nojail . /etc/rc.subr @@ -34,4 +33,8 @@ zpool_start() } load_rc_config $name + +# doesn't make sense to run in a svcj +zpool_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zpoolreguid b/libexec/rc/rc.d/zpoolreguid index 77ecac13ad5a..f94630d9283f 100755 --- a/libexec/rc/rc.d/zpoolreguid +++ b/libexec/rc/rc.d/zpoolreguid @@ -22,4 +22,8 @@ zpoolreguid_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +zpoolreguid_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zpoolupgrade b/libexec/rc/rc.d/zpoolupgrade index 6f5720bac6a7..1435cba7199c 100755 --- a/libexec/rc/rc.d/zpoolupgrade +++ b/libexec/rc/rc.d/zpoolupgrade @@ -22,4 +22,8 @@ zpoolupgrade_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +zpoolupgrade_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zvol b/libexec/rc/rc.d/zvol index 351dce09ca27..b9f17fad5bfd 100755 --- a/libexec/rc/rc.d/zvol +++ b/libexec/rc/rc.d/zvol @@ -42,4 +42,8 @@ zvol_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +zvol_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.initdiskless b/libexec/rc/rc.initdiskless index a6820a546e55..3b66a3c4928a 100644 --- a/libexec/rc/rc.initdiskless +++ b/libexec/rc/rc.initdiskless @@ -174,7 +174,10 @@ log() { chkerr() { lastitem () ( n=$(($# - 1)) ; shift $n ; echo $1 ) mountpoint="$(lastitem $2)" - [ -r $mountpoint/remount_optional ] && ( echo "$2 failed: ignoring due to remount_optional" ; return ) + if [ -r $mountpoint/remount_optional ]; then + echo "$2 failed: ignoring due to remount_optional" + return + fi case $1 in 0) ;; @@ -204,7 +207,7 @@ handle_remount() { # $1 = mount point } # Create a generic memory disk. -# The 'auto' parameter will attempt to use tmpfs(5), falls back to md(4). +# The 'auto' parameter will attempt to use tmpfs(4), falls back to md(4). # $1 is size in 512-byte sectors, $2 is the mount point. mount_md() { if [ ${o_verbose} -gt 0 ] ; then diff --git a/libexec/rc/rc.shutdown b/libexec/rc/rc.shutdown index 18f67f5ca124..3dfd7a7e0936 100644 --- a/libexec/rc/rc.shutdown +++ b/libexec/rc/rc.shutdown @@ -83,9 +83,9 @@ fi # and perform the operation # rcorder_opts="-k shutdown" -if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then +if check_jail jailed; then rcorder_opts="$rcorder_opts -s nojail" - if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then + if ! check_jail vnet; then rcorder_opts="$rcorder_opts -s nojailvnet" fi fi diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index 16b2c9fc5e88..06b1bd51384c 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -50,9 +50,15 @@ PROTECT="/usr/bin/protect" ID="/usr/bin/id" IDCMD="if [ -x $ID ]; then $ID -un; fi" PS="/bin/ps -ww" +SERVICE=/usr/sbin/service +JAIL_CMD=/usr/sbin/jail +_svcj_generic_params="path=/ mount.nodevfs host=inherit" JID=0 CPUSET="/bin/cpuset" +# Cache the services that we loaded with load_rc_config. +_loaded_services="" + # rc_service provides the path to the service script that we are executing. # This is not being set here in an execution context, necessarily, so it's # really just a reasonable guess, and it will get overwritten later if @@ -204,15 +210,8 @@ rc_trace() if [ -z "$RC_LEVEL" ]; then [ -f $cf ] || return - if [ -s $cf ]; then - # don't try to set RC_LEVEL without sed - if [ -n "$SED" ]; then - RC_LEVEL=$($SED -n '/^RC_LEVEL=/ { s/.*=//p;q; }' $cf) - RC_LEVEL=${RC_LEVEL:-0} - fi - else - RC_LEVEL=0 - fi + RC_LEVEL=0 # existence is 0 at least + sdot $cf # allow override fi [ ${RC_LEVEL:-0} -ge ${level:-0} ] || return rc_log "$@" @@ -521,6 +520,16 @@ _find_processes() $_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")' fi + if checkyesno ${name}_svcj && [ "${_rc_svcj}" != jailing ]; then + JID=$(/usr/sbin/jls -j svcj-${name} jid 2>/dev/null) + + case ${JID} in + ''|*[!0-9]*) + # svcj-jail doesn't exist, fallback to host-check + JID=0 + ;; + esac + fi _proccheck="\ $PS 2>/dev/null -o pid= -o jid= -o command= $_psargs"' | while read _npid _jid '"$_fp_args"'; do @@ -791,7 +800,7 @@ wait_for_pids() fi _prefix= while true; do - _nlist=""; + _nlist="" for _j in $_list; do if kill -0 $_j 2>/dev/null; then _nlist="${_nlist}${_nlist:+ }$_j" @@ -804,7 +813,7 @@ wait_for_pids() _list=$_nlist echo -n ${_prefix:-"Waiting for PIDS: "}$_list _prefix=", " - pwait $_list 2>/dev/null + pwait -o $_list 2>/dev/null done if [ -n "$_prefix" ]; then echo "." @@ -962,12 +971,16 @@ startmsg() # # ${name}_prepend n Command added before ${command}. # -# ${name}_setup n Command executed before ${command}. +# ${name}_setup n Command executed during start, restart and +# reload before ${rc_arg}_precmd is run. # # ${name}_login_class n Login class to use, else "daemon". # # ${name}_limits n limits(1) to apply to ${command}. # +# ${name}_offcmd n If set, run during start +# if a service is not enabled. +# # ${rc_arg}_cmd n If set, use this as the method when invoked; # Otherwise, use default command (see below) # @@ -1076,7 +1089,7 @@ run_rc_command() err 3 'run_rc_command: $name is not set.' fi - DebugOn rc:$name rc:$name:$rc_arg $name:$rc_arg + DebugOn rc:all rc:all:$rc_arg rc:$name rc:$name:$rc_arg $name:$rc_arg # Don't repeat the first argument when passing additional command- # line arguments to the command subroutines. @@ -1138,6 +1151,18 @@ run_rc_command() _cpusetcmd="$CPUSET -l $_cpuset" fi + # If a specific jail has a specific svcj request, honor it (YES/NO). + # If not (variable empty), evaluate the global svcj catch-all. + # A global YES can be overriden by a specific NO, and a global NO is overriden + # by a specific YES. + eval _svcj=\$${name}_svcj + if [ -z "$_svcj" ]; then + _svcj=${svcj_all_enable} + if [ -z "$_svcj" ]; then + eval ${name}_svcj=NO + fi + fi + # setup pid check command if [ -n "$_procname" ]; then if [ -n "$pidfile" ]; then @@ -1174,7 +1199,8 @@ run_rc_command() _prepend=\$${name}_prepend _login_class=\${${name}_login_class:-daemon} \ _limits=\$${name}_limits _oomprotect=\$${name}_oomprotect \ _setup=\$${name}_setup _env_file=\$${name}_env_file \ - _umask=\$${name}_umask + _umask=\$${name}_umask _svcj_options=\$${name}_svcj_options \ + _svcj_ipaddrs=\$${name}_svcj_ipaddrs if [ -n "$_env_file" ] && [ -r "${_env_file}" ]; then # load env from file set -a @@ -1188,6 +1214,99 @@ run_rc_command() fi fi + _svcj_ip4_addrs="" + _svcj_ip6_addrs="" + _svcj_cmd_options="" + + if [ -n "$_svcj_ipaddrs" ]; then + _svcj_ip="new" + + for addr in $_svcj_ipaddrs; do + case $addr in + *:*) _svcj_ip6_addrs="$addr,${_svcj_ip6_addrs}" ;; + *) _svcj_ip4_addrs="$addr,${_svcj_ip4_addrs}" ;; + esac + done + else + _svcj_ip="inherit" + fi + + if check_kern_features inet; then + _svcj_ip4="ip4=${_svcj_ip}" + if [ -n "$_svcj_ip4_addrs" ]; then + _svcj_cmd_options="ip4.addr=${_svcj_ip4_addrs%*,} ${_svcj_cmd_options}" + fi + else + if [ -n "$_svcj_ip4_addrs" ]; then + warn "$rc_service: ${name}_svcj_ipaddrs contains at least one IPv4 address, but IPv4 is not enabled in the kernel; IPv4 addresses will be ignored." + fi + fi + + if check_kern_features inet6; then + _svcj_ip6="ip6=${_svcj_ip}" + if [ -n "$_svcj_ip6_addrs" ]; then + _svcj_cmd_options="ip6.addr=${_svcj_ip6_addrs%*,} ${_svcj_cmd_options}" + fi + else + if [ -n "$_svcj_ip6_addrs" ]; then + warn "$rc_service: ${name}_svcj_ipaddrs contains at least one IPv6 address, but IPv6 is not enabled in the kernel; IPv6 addresses will be ignored." + fi + fi + + if [ -n "$_svcj_options" ]; then # translate service jail options + _svcj_sysvipc_x=0 + for _svcj_option in $_svcj_options; do + case "$_svcj_option" in + mlock) + _svcj_cmd_options="allow.mlock ${_svcj_cmd_options}" + ;; + netv4) + _svcj_cmd_options="${_svcj_ip4} allow.reserved_ports ${_svcj_cmd_options}" + ;; + netv6) + _svcj_cmd_options="${_svcj_ip6} allow.reserved_ports ${_svcj_cmd_options}" + ;; + net_basic) + _svcj_cmd_options="${_svcj_ip4} ${_svcj_ip6} allow.reserved_ports ${_svcj_cmd_options}" + ;; + net_raw) + _svcj_cmd_options="allow.raw_sockets ${_svcj_cmd_options}" + ;; + net_all) + _svcj_cmd_options="allow.socket_af allow.raw_sockets allow.reserved_ports ${_svcj_ip4} ${_svcj_ip6} ${_svcj_cmd_options}" + ;; + nfsd) + _svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}" + ;; + routing) + _svcj_cmd_options="allow.routing ${_svcj_cmd_options}" + ;; + settime) + _svcj_cmd_options="allow.settime ${_svcj_cmd_options}" + ;; + sysvipc) + _svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1)) + _svcj_cmd_options="sysvmsg=inherit sysvsem=inherit sysvshm=inherit ${_svcj_cmd_options}" + ;; + sysvipcnew) + _svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1)) + _svcj_cmd_options="sysvmsg=new sysvsem=new sysvshm=new ${_svcj_cmd_options}" + ;; + vmm) + _svcj_cmd_options="allow.vmm ${_svcj_cmd_options}" + ;; + *) + echo ${name}: unknown service jail option: $_svcj_option + ;; + esac + done + if [ ${_svcj_sysvipc_x} -gt 1 ]; then + echo -n "ERROR: more than one sysvipc option is " + echo "specified in ${name}_svcj_options: $_svcj_options" + return 1 + fi + fi + [ -z "$autoboot" ] && eval $_pidcmd # determine the pid if necessary for _elem in $_keywords; do @@ -1205,13 +1324,13 @@ run_rc_command() -a "$rc_arg" != "describe" -a "$rc_arg" != "status" ] || [ -n "${rcvar}" -a "$rc_arg" = "stop" -a -z "${rc_pid}" ]; then if ! checkyesno ${rcvar}; then - if [ -n "${rc_quiet}" ]; then - return 0 - fi + [ "$rc_arg" = "start" ] && _run_rc_offcmd + if [ -z "${rc_quiet}" ]; then echo -n "Cannot '${rc_arg}' $name. Set ${rcvar} to " echo -n "YES in /etc/rc.conf or use 'one${rc_arg}' " echo "instead of '${rc_arg}'." - return 0 + fi + return 0 fi fi @@ -1223,21 +1342,88 @@ run_rc_command() return 1 fi - # if there's a custom ${XXX_cmd}, - # run that instead of the default - # + # if there's a custom ${XXX_cmd}, + # run that instead of the default + # eval _cmd=\$${rc_arg}_cmd \ _precmd=\$${rc_arg}_precmd \ _postcmd=\$${rc_arg}_postcmd if [ -n "$_cmd" ]; then - rc_trace 1 "$_cmd" + if [ "$_cmd" != : ]; then + rc_trace 1 "$_cmd" + fi if [ -n "$_env" ]; then eval "export -- $_env" fi - _run_rc_precmd || return 1 - _run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || return 1 - _run_rc_postcmd + + if [ "${_rc_svcj}" != jailing ]; then + # service can redefine all so + # check for valid setup target + if [ "$rc_arg" = 'start' -o \ + "$rc_arg" = 'restart' -o \ + "$rc_arg" = 'reload' ]; then + _run_rc_setup || \ + warn "failed to setup ${name}" + fi + _run_rc_precmd || return 1 + fi + if ! checkyesno ${name}_svcj; then + _run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || return 1 + else + case "$rc_arg" in + start) + if [ "${_rc_svcj}" != jailing ]; then + _return=1 + _do_jailing=1 + + if check_jail jailed; then + if [ $(${SYSCTL_N} security.jail.children.max) -eq 0 ]; then + echo ERROR: jail parameter children.max is set to 0, can not create a new service jail. + _do_jailing=0 + else + _free_jails=$(($(${SYSCTL_N} security.jail.children.max) - $(${SYSCTL_N} security.jail.children.cur))) + if [ ${_free_jails} -eq 0 ]; then + echo ERROR: max number of jail children reached, can not create a new service jail. + _do_jailing=0 + + fi + fi + fi + if [ ${_do_jailing} -eq 1 ]; then + $JAIL_CMD -c $_svcj_generic_params $_svcj_cmd_options \ + exec.start="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}start $rc_extra_args" \ + exec.stop="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}stop $rc_extra_args" \ + exec.consolelog="/var/log/svcj_${name}_console.log" \ + name=svcj-${name} && _return=0 + fi + else + _run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || _return=1 + fi + ;; + stop) + if [ "${_rc_svcj}" != jailing ]; then + $SERVICE -E _rc_svcj=jailing -j svcj-${name} ${name} ${_rc_prefix}stop $rc_extra_args || _return=1 + $JAIL_CMD -r svcj-${name} 2>/dev/null + else + _run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || _return=1 + fi + ;; + restart|status) ;; # no special case needed for svcj or handled somewhere else + *) + eval _rc_svcj_extra_cmd=\$${name}_${rc_arg}_svcj_enable + : ${_rc_svcj_extra_cmd:=NO} + if checkyesno _rc_svcj_extra_cmd && [ "${_rc_svcj}" != jailing ]; then + $SERVICE -v -E _rc_svcj=jailing -j svcj-${name} ${name} ${_rc_prefix}${rc_arg} $rc_extra_args || _return=1 + else + _run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || _return=1 + fi + ;; + esac + fi + if [ "${_rc_svcj}" != jailing ]; then + _run_rc_postcmd + fi return $_return fi @@ -1254,28 +1440,17 @@ run_rc_command() ;; enable) - _out=$(/usr/sbin/sysrc -vs "$name" "$rcvar=YES") && - echo "$name enabled in ${_out%%:*}" + _out=$(write_rcvar "$rcvar" "YES") && + echo "$name enabled in $_out" ;; disable) - _out=$(/usr/sbin/sysrc -vs "$name" "$rcvar=NO") && - echo "$name disabled in ${_out%%:*}" + _out=$(write_rcvar "$rcvar" "NO") && + echo "$name disabled in $_out" ;; delete) - _files= - for _file in $(sysrc -lEs "$name"); do - _out=$(sysrc -Fif $_file "$rcvar") && _files="$_files $_file" - done - /usr/sbin/sysrc -x "$rcvar" && echo "$rcvar deleted in ${_files# }" - # delete file in rc.conf.d if desired and empty. - checkyesno service_delete_empty || _files= - for _file in $_files; do - [ "$_file" = "${_file#*/rc.conf.d/}" ] && continue - [ $(/usr/bin/stat -f%z $_file) -gt 0 ] && continue - /bin/rm "$_file" && echo "Empty file $_file removed" - done + delete_rcvar "$rcvar" ;; status) @@ -1295,13 +1470,39 @@ run_rc_command() return 1 fi - if ! _run_rc_precmd; then - warn "failed precmd routine for ${name}" - return 1 + if [ "${_rc_svcj}" != jailing ]; then + _run_rc_setup || warn "failed to setup ${name}" + + if ! _run_rc_precmd; then + warn "failed precmd routine for ${name}" + return 1 + fi fi - # setup the full command to run - # + if checkyesno ${name}_svcj; then + if [ "${_rc_svcj}" != jailing ]; then + if check_jail jailed; then + if [ $(${SYSCTL_N} security.jail.children.max) -eq 0 ]; then + echo ERROR: jail parameter children.max is set to 0, can not create a new service jail. + return 1 + else + _free_jails=$(($(${SYSCTL_N} security.jail.children.max) - $(${SYSCTL_N} security.jail.children.cur))) + if [ ${_free_jails} -eq 0 ]; then + echo ERROR: max number of jail children reached, can not create a new service jail. + return 1 + fi + fi + fi + $JAIL_CMD -c $_svcj_generic_params $_svcj_cmd_options\ + exec.start="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}start $rc_extra_args" \ + exec.stop="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}stop $rc_extra_args" \ + exec.consolelog="/var/log/svcj_${name}_console.log" \ + name=svcj-${name} || return 1 + fi + fi + + # setup the full command to run + # startmsg "Starting ${name}." if [ -n "$_chroot" ]; then _cd= @@ -1332,25 +1533,30 @@ $_cpusetcmd $command $rc_flags $command_args" fi fi - if [ -n "$_setup" ]; then - if ! _run_rc_doit "$_setup"; then - warn "failed to setup ${name}" + # Prepend default limits + _doit="$_cd limits -C $_login_class $_limits $_doit" + + local _really_run_it=true + if checkyesno ${name}_svcj; then + if [ "${_rc_svcj}" != jailing ]; then + _really_run_it=false fi fi - # Prepend default limits - _doit="$_cd limits -C $_login_class $_limits $_doit" - - # run the full command - # - if ! _run_rc_doit "$_doit"; then - warn "failed to start ${name}" - return 1 + if [ "$_really_run_it" = true ]; then + # run the full command + # + if ! _run_rc_doit "$_doit"; then + warn "failed to start ${name}" + return 1 + fi fi - # finally, run postcmd - # - _run_rc_postcmd + if [ "${_rc_svcj}" != jailing ]; then + # finally, run postcmd + # + _run_rc_postcmd + fi ;; stop) @@ -1362,16 +1568,21 @@ $_cpusetcmd $command $rc_flags $command_args" _run_rc_precmd || return 1 - # send the signal to stop - # + # send the signal to stop + # echo "Stopping ${name}." _doit=$(_run_rc_killcmd "${sig_stop:-TERM}") _run_rc_doit "$_doit" || return 1 - # wait for the command to exit, - # and run postcmd. + # wait for the command to exit, + # and run postcmd. wait_for_pids $rc_pid + if checkyesno ${name}_svcj; then + # remove service jail + $JAIL_CMD -r svcj-${name} 2>/dev/null + fi + _run_rc_postcmd ;; @@ -1381,6 +1592,8 @@ $_cpusetcmd $command $rc_flags $command_args" return 1 fi + _run_rc_setup || warn "failed to setup ${name}" + _run_rc_precmd || return 1 _doit=$(_run_rc_killcmd "${sig_reload:-HUP}") @@ -1390,9 +1603,11 @@ $_cpusetcmd $command $rc_flags $command_args" ;; restart) - # prevent restart being called more - # than once by any given script - # + _run_rc_setup || warn "failed to setup ${name}" + + # prevent restart being called more + # than once by any given script + # if ${_rc_restart_done:-false}; then return 0 fi @@ -1474,7 +1689,7 @@ $_cpusetcmd $command $rc_flags $command_args" start) # We cannot use protect(1) inside jails. if [ -n "$_oomprotect" ] && [ -f "${PROTECT}" ] && - [ "$(sysctl -n security.jail.jailed)" -eq 0 ]; then + ! check_jail jailed; then [ -z "${rc_pid}" ] && eval $_pidcmd case $_oomprotect in [Aa][Ll][Ll]) @@ -1502,10 +1717,26 @@ $_cpusetcmd $command $rc_flags $command_args" # # name R/W # ------------------ +# _offcmd R # _precmd R # _postcmd R # _return W +# _setup R # +_run_rc_offcmd() +{ + eval _offcmd=\$${name}_offcmd + if [ -n "$_offcmd" ]; then + if [ -n "$_env" ]; then + eval "export -- $_env" + fi + debug "run_rc_command: ${name}_offcmd: $_offcmd $rc_extra_args" + eval "$_offcmd $rc_extra_args" + _return=$? + fi + return 0 +} + _run_rc_precmd() { check_required_before "$rc_arg" || return 1 @@ -1536,6 +1767,20 @@ _run_rc_postcmd() return 0 } +_run_rc_setup() +{ + # prevent multiple execution on restart => stop/start split + if ! ${_rc_restart_done:-false} && [ -n "$_setup" ]; then + debug "run_rc_command: ${rc_arg}_setup: $_setup" + eval "$_setup" + _return=$? + if [ $_return -ne 0 ]; then + return 1 + fi + fi + return 0 +} + _run_rc_doit() { local _m @@ -1584,9 +1829,6 @@ _run_rc_killcmd() # return value from the script. # If `file' ends with `.sh' and lives in /etc/rc.d, ignore it as it's # an old-style startup file. -# If `file' ends with `.sh' and does not live in /etc/rc.d, it's sourced -# into the current environment if $rc_fast_and_loose is set; otherwise -# it is run as a child process. # If `file' appears to be a backup or scratch file, ignore it. # Otherwise if it is executable run as a child process. # @@ -1622,15 +1864,13 @@ run_rc_script() if [ -n "$rc_boottrace" ]; then boottrace_fn "$_file" "$_arg" - elif [ -n "$rc_fast_and_loose" ]; then - set $_arg; . $_file else ( trap "echo Script $_file interrupted >&2 ; kill -QUIT $$" 3 trap "echo Script $_file interrupted >&2 ; exit 1" 2 trap "echo Script $_file running >&2" 29 set $_arg; . $_file ) fi - DebugOff $_file $_file:$_arg rc:${_file##*/} rc:${_file##*/}:$_arg ${_file##*/} ${_file##*/}:$_arg + DebugOff rc=$? $_file $_file:$_arg rc:${_file##*/} rc:${_file##*/}:$_arg ${_file##*/} ${_file##*/}:$_arg fi ;; esac @@ -1695,18 +1935,8 @@ boottrace_fn() _file=$1 _arg=$2 - if [ -n "$rc_fast_and_loose" ]; then - boottrace_sysctl "$_file start" - set $_arg; . $_file - boottrace_sysctl "$_file done" - else - $boottrace_cmd "$_file" "$_arg" - fi -} - -boottrace_sysctl() -{ - ${SYSCTL} kern.boottrace.boottrace="$1" + _boot="${_boot}" rc_fast="${rc_fast}" autoboot="${autoboot}" \ + $boottrace_cmd "$_file" "$_arg" } # @@ -1760,6 +1990,7 @@ load_rc_config() # If a service name was specified, attempt to load # service-specific configuration if [ -n "$_name" ] ; then + _loaded_services="${_loaded_services} ${_name}" for _d in /etc ${local_startup}; do _d=${_d%/rc.d} if [ -f ${_d}/rc.conf.d/"$_name" ]; then @@ -2440,7 +2671,7 @@ check_required_after() } # check_jail mib -# Return true if security.jail.$mib exists and set to 1. +# Return true if security.jail.$mib exists and is set to 1. check_jail() { @@ -2513,6 +2744,83 @@ _echoonce() esac } +# _find_rcvar var +# Find the rc.conf file (other than /etc/defaults/rc.conf) that sets $var. +_find_rcvar() +{ + local _var _dir _files + + [ -n "$1" ] || return 1 + _var="$1"; shift + + _files="/etc/rc.conf" + for _dir in /etc ${local_startup}; do + for _name in $_loaded_services; do + _files="${_dir%/rc.d}/rc.conf.d/${_name} ${_files}" + done + done + + /usr/bin/grep 2>/dev/null -rl "^${_var}=" $_files | /usr/bin/head -1 +} + +# write_rcvar var value +# Add or replace the rc var $var with the value $value. +# Look for a current setting of $var in /etc/rc.conf or /etc/rc.conf.d/$name, +# and if found, modify it there; otherwise, append to /etc/rc.conf. +write_rcvar() +{ + local _var _value _file _dir + + [ -n "$1" ] || return 1 + _var="$1"; shift + [ -n "$1" ] || return 1 + _value="$1"; shift + + _file="$(_find_rcvar "$_var")" + if [ -n "$_file" ]; then + local _=$'\01' + /usr/bin/sed -i '' "s${_}^${_var}=.*${_}${_var}=\"$_value\"${_}" "$_file" + echo $_file + return + fi + + for _dir in /etc ${local_startup}; do + _file="${_dir%/rc.d}/rc.conf.d/${name}" + if [ -f "$_file" ]; then + echo "${_var}=\"${_value}\"" >>"$_file" + echo "$_file" + return + fi + done + + echo "${_var}=\"${_value}\"" >>/etc/rc.conf + echo "/etc/rc.conf" +} + +# delete_rcvar var +# Remove the rc var $var. +# Look for a current setting of $var in /etc/rc.conf or /etc/rc.conf.d/$name, +# and if found, remove it. If service_delete_empty is enabled, and the +# resulting file is empty, also delete the file. +delete_rcvar() +{ + local _var _files + + [ -n "$1" ] || return 1 + _var="$1"; shift + + _file="$(_find_rcvar "$_var")" + if [ -n "$_file" ]; then + /usr/bin/sed -i '' "/^${_var}=/d" "$_file" + echo "$_var deleted in $_file" + + if checkyesno service_delete_empty && [ ! -s "$_file" ]; then + /bin/rm -f "$_file" + echo "Empty file $_file removed" + fi + fi +} + # If the loader env variable rc.debug is set, turn on debugging. rc.conf will # still override this, but /etc/defaults/rc.conf can't unconditionally set this # since it would undo what we've done here. @@ -2552,13 +2860,21 @@ $_DEBUG_SH vdot /libexec/debug.sh # Ensure we can still operate if debug.sh and # safe_eval.sh are not found. -if have DebugOn; then - # allow DEBUG_SH to be set from loader prompt - DEBUG_SH=${DEBUG_SH:-$(kenv -q DEBUG_SH)} -else +if ! have DebugOn; then DebugOn() { return 0; } - DebugOff() { return 0; } + DebugOff() { + local _rc=0 + while : + do + case "$1" in + -[eo]) shift;; # ignore it + rc=*) eval "_$1"; shift;; + *) break;; + esac + done + return $_rc + } fi -if ! have save_dot; then +if ! have safe_dot; then safe_dot() { dot "$@"; } fi diff --git a/libexec/rc/safe_eval.sh b/libexec/rc/safe_eval.sh index 10b6ed09c769..6c23b4c98218 100644 --- a/libexec/rc/safe_eval.sh +++ b/libexec/rc/safe_eval.sh @@ -1,22 +1,27 @@ -# SPDX-License-Identifier: BSD-2-Clause - +: # RCSid: -# $Id: safe_eval.sh,v 1.12 2023/10/12 18:46:53 sjg Exp $ +# $Id: safe_eval.sh,v 1.25 2025/08/07 22:13:03 sjg Exp $ # -# @(#) Copyright (c) 2023 Simon J. Gerraty +# @(#) Copyright (c) 2023-2024 Simon J. Gerraty # -# This file is provided in the hope that it will -# be of use. There is absolutely NO WARRANTY. -# Permission to copy, redistribute or otherwise -# use this file is hereby granted provided that -# the above copyright notice and this notice are -# left intact. +# SPDX-License-Identifier: BSD-2-Clause # # Please send copies of changes and bug-fixes to: # sjg@crufty.net _SAFE_EVAL_SH=: +# does local *actually* work? +local_works() { + local _fu +} + +if local_works > /dev/null 2>&1; then + _local=local +else + _local=: +fi + ## # safe_set # @@ -24,7 +29,7 @@ _SAFE_EVAL_SH=: # any non-alphanumeric chars are replaced with '_' # safe_set() { - ${SED:-sed} 's/[ ]*#.*//;/^[A-Za-z_][A-Za-z0-9_]*=/!d;s;[^A-Za-z0-9_. "$,/=-];_;g' + ${SED:-sed} 's/[ ]*#.*//;/^[A-Za-z_][A-Za-z0-9_]*=/!d;s;[^A-Za-z0-9_. "$,/=:+-];_;g' } ## @@ -38,21 +43,50 @@ safe_eval() { } ## +# safe_eval_export [file] +# +# eval variable assignments only from file +# taking care to eliminate any shell meta chars +# export any variables thus set +# +safe_eval_export() { + eval `cat "$@" | safe_set | ${SED:-sed} 's/^\([^=]*\)=.*/&; export \1/'` +} + +## # safe_dot file [...] # # feed all "file" that exist to safe_eval # safe_dot() { - local ef= f - + eval $_local ef ex f rc + ef= + ex= + rc=1 + while : + do + case "$1" in + --export) ex=_export; shift;; + *) break;; + esac + done for f in "$@" do - test -s $f || continue + test -s "$f" -a -f "$f" || continue + : check for space or tab in "$f" + case "$f" in + *[[:space:]]*|*" "*|*" "*) # we cannot do this efficiently + dotted="$dotted $f" + safe_eval$ex "$f" + rc=$? + continue + ;; + esac ef="${ef:+$ef }$f" dotted="$dotted $f" done - test -z "$ef" && return 1 - safe_eval $ef + test -z "$ef" && return $rc + safe_eval$ex $ef return 0 } diff --git a/libexec/rc/tests/rc_subr_test.sh b/libexec/rc/tests/rc_subr_test.sh index 90306de9a8a7..fe6d3b8264c9 100644 --- a/libexec/rc/tests/rc_subr_test.sh +++ b/libexec/rc/tests/rc_subr_test.sh @@ -1,7 +1,8 @@ +#- +# SPDX-License-Identifier: BSD-2-Clause # # Copyright 2022 Mateusz Piotrowski <0mp@FreeBSD.org> -# -# SPDX-License-Identifier: BSD-2-Clause +# Copyright (c) 2025 Klara, Inc. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions @@ -35,6 +36,10 @@ oomprotect_all_head() oomprotect_all_body() { + if [ "$(sysctl -n security.jail.jailed)" != 0 ]; then + atf_skip "protect(1) cannot be used in a jail" + fi + __name="$(atf_get ident)" __pidfile="$(mktemp -t "${__name}.pid")" __childpidfile="$(mktemp -t "${__name}.childpid")" @@ -48,16 +53,16 @@ oomprotect_all_body() _rc_arg="$4" setvar "${name}_oomprotect" all command="/usr/sbin/daemon" - command_args="-P $pidfile -p $_childpidfile -- /bin/sleep 5" + command_args="-P $pidfile -p $_childpidfile -- /bin/sleep 60" run_rc_command "$_rc_arg" LITERAL atf_check -s exit:0 -o inline:"Starting ${__name}.\n" -e empty \ /bin/sh "$__script" "$__name" "$__pidfile" "$__childpidfile" onestart atf_check -s exit:0 -o match:'^..1..... .......1$' -e empty \ - ps -p "$(cat "$__pidfile")" -ax -o flags,flags2 + ps -p "$(cat "$__pidfile")" -o flags,flags2 atf_check -s exit:0 -o match:'^..1..... .......1$' -e empty \ - ps -p "$(cat "$__childpidfile")" -ax -o flags,flags2 + ps -p "$(cat "$__childpidfile")" -o flags,flags2 atf_check -s exit:0 -o ignore -e empty \ /bin/sh "$__script" "$__name" "$__pidfile" "$__childpidfile" onestop } @@ -72,6 +77,10 @@ oomprotect_yes_head() oomprotect_yes_body() { + if [ "$(sysctl -n security.jail.jailed)" != 0 ]; then + atf_skip "protect(1) cannot be used in a jail" + fi + __name="$(atf_get ident)" __pidfile="$(mktemp -t "${__name}.pid")" __script=$(mktemp -t "${__name}.script") @@ -84,7 +93,7 @@ oomprotect_yes_body() setvar "${name}_oomprotect" yes procname="/bin/sleep" command="/usr/sbin/daemon" - command_args="-p $pidfile -- $procname 5" + command_args="-p $pidfile -- $procname 60" run_rc_command "$_rc_arg" LITERAL @@ -96,8 +105,32 @@ oomprotect_yes_body() /bin/sh "$__script" "$__name" "$__pidfile" onestop } +atf_test_case wait_for_pids_progress +wait_for_pids_progress_head() +{ + atf_set "descr" "Verify that wait_for_pids prints progress updates" +} +wait_for_pids_progress_body() +{ + cat >>script <<'EOF' +. /etc/rc.subr +sleep 15 & +a=$! +sleep 10 & +b=$! +sleep 5 & +c=$! +wait_for_pids $a $b $c +EOF + re="^Waiting for PIDS: [0-9]+ [0-9]+ [0-9]+" + re="${re}, [0-9]+ [0-9]+" + re="${re}, [0-9]+\.$" + atf_check -s exit:0 -o match:"${re}" /bin/sh script +} + atf_init_test_cases() { atf_add_test_case oomprotect_all atf_add_test_case oomprotect_yes + atf_add_test_case wait_for_pids_progress } |