aboutsummaryrefslogtreecommitdiff
path: root/share/man/man5/rc.conf.5
diff options
context:
space:
mode:
Diffstat (limited to 'share/man/man5/rc.conf.5')
-rw-r--r--share/man/man5/rc.conf.518
1 files changed, 14 insertions, 4 deletions
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index edbfa937f8df..fa8d8aab8c4e 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd October 5, 2025
+.Dd November 14, 2025
.Dt RC.CONF 5
.Os
.Sh NAME
@@ -190,6 +190,17 @@ Setting this option will bypass that check at boot time and
always test whether or not the service is actually running.
Enabling this option is likely to increase your boot time if
services are enabled that utilize the force_depend check.
+.It Ao Ar name Ac Ns Va _audit_user
+.Pq Vt str
+A user name or UID to use as the
+.Xr audit 4
+user for the service.
+Run the chrooted service under this system group.
+By default, when an unprvileged user restarts a service using a utility
+such as sudo or doas, the service's will audit session will point to the
+unprivileged user, which may be undesirable.
+In that case, this variable can be used to override the audit user using
+.Xr setaudit 8 .
.It Ao Ar name Ac Ns Va _chroot
.Pq Vt str
.Xr chroot 8
@@ -209,7 +220,6 @@ The
value to run the service under.
.It Ao Ar name Ac Ns Va _group
.Pq Vt str
-Run the chrooted service under this system group.
Unlike the
.Ao Ar name Ac Ns Va _user
setting, this setting has no effect if the service is not chrooted.
@@ -4950,7 +4960,7 @@ can be used in jails) depending on the content of the
.Ao Ar name Ac Ns Va _svcj_options
variable.
Typically this variable is set inside rc scripts, but it can be
-overriden in the rc config.
+overridden in the rc config.
Valid options for
.Ao Ar name Ac Ns Va _svcj_options
are:
@@ -5041,7 +5051,7 @@ service at all, or may set it to
if it is not set in the
rc config, to exclude it from
.Va svcj_all_enable
-but allow to explicitely enable it.
+but allow to explicitly enable it.
The sshd service for example would not see other jails, if
it would run as a service jail.
This may or may not be what is needed, and as such it is
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-01 08:39:35 +0000