rc.d: add a service jails config to all base system services

This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
servic

rc.d: add a service jails config to all base system services

This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.

The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.

The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.

Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision: https://reviews.freebsd.org/D40371

show more ...

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

Move the rc framework out of sbin/init into libexec/rc.

The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update bec

Move the rc framework out of sbin/init into libexec/rc.

The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update because an rc script was touched.
(a follow-up commit will make init its own package)
* having rc in its own place will allow more easy replacement
of the rc framework with alternatives, such as openrc.

Discussed with: brd (during BSDCam), kmoore
Requested by: cem, bz
PR: 231522
Approved by: re (gjb)

show more ...

Move rc startup scripts from etc/ to sbin/init/

This keeps most startup scripts as CONFS per discussion on src-committers from
back during BSDCan.

Approved by: will (mentor)
Differential Revision:

Move rc startup scripts from etc/ to sbin/init/

This keeps most startup scripts as CONFS per discussion on src-committers from
back during BSDCan.

Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16466

show more ...

- Add descriptions to most of the rc scripts. Those are mostly taken from their
daemon's manpage and probably improved.
- Consistently use "filesystem" not "file system".

Approved by: bapt, brueff

- Add descriptions to most of the rc scripts. Those are mostly taken from their
daemon's manpage and probably improved.
- Consistently use "filesystem" not "file system".

Approved by: bapt, brueffer
Differential Revision: D452

show more ...

As it stands right now, the default devfs rulesets are only loaded as a
side effect of something else using them. If they haven't been loaded
already but you want to use them, say for configuring a j

As it stands right now, the default devfs rulesets are only loaded as a
side effect of something else using them. If they haven't been loaded
already but you want to use them, say for configuring a jail, you're out
of luck.

So add a knob to always load the default rulesets. While I'm here document
the other devfs_ knobs in rc.conf.5.

show more ...

Do not check for existence of symlink source for the link action. This
does not work for link in subdirectory, and sometimes it is useful to
create symlink in advance for dynamically created device n

Do not check for existence of symlink source for the link action. This
does not work for link in subdirectory, and sometimes it is useful to
create symlink in advance for dynamically created device node.

MFC after: 1 week

show more ...

As previously discussed, add the svn:executable property to all scripts

Allow the use of wildcarded device names in devfs.conf

PR: conf/90760
Submitted by: Darren Pilgrim <darren.pilgrim@gmail.com>
Approved by: philip (mentor)

Remove rcconf.sh from /etc/rc.d, and instead load the configuration
as part of rc. Doing this, and the sourcing of rc.subr after we have
determined if we are booting diskless (and correspondingly run

Remove rcconf.sh from /etc/rc.d, and instead load the configuration
as part of rc. Doing this, and the sourcing of rc.subr after we have
determined if we are booting diskless (and correspondingly run
rc.initdiskless if necessary) are safe, and actually allow fewer files
to be needed on the diskless box. This also allows variables from
the configuration to be available to rc itself, such as ...

Add a variable to rc.conf, early_late_divider, which designates the
script which separates the early and late stages of the boot process.
Default this to mountcritlocal, and add text to etc/defaults/rc.conf,
rc.conf(5) and diskless(8) which describes how and why one might want
to change this.

Reviewed by: brooks

show more ...

Move devfs earlier in the boot sequence. Some system daemons and other
programs may need to use the symlinks and permissions that it sets up.

Discussed on: -current

Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days

Add a way for rc.d/devfs to set more than just the system devfs up.
Yes, this means for stuff OTHER than jails, too. Example usage:
#devfs_system_ruleset="root"
devfs_set_rulesets="/dev=root /etc/na

Add a way for rc.d/devfs to set more than just the system devfs up.
Yes, this means for stuff OTHER than jails, too. Example usage:
#devfs_system_ruleset="root"
devfs_set_rulesets="/dev=root /etc/namedb/dev=named_devfs"

show more ...

Mark scripts as not usable inside a jail by adding keyword 'nojail'.

Some suggestions from: rwatson, Ruben de Groot <mail25@bzerk.org>

Add a general mechanism for creating and applying
devfs(8) rules in rc(8). It is most useful for applying
rules to devfs(5) mount points in /dev or inside jails.
The following line of script is suffi

Add a general mechanism for creating and applying
devfs(8) rules in rc(8). It is most useful for applying
rules to devfs(5) mount points in /dev or inside jails.
The following line of script is sufficient to
mount a relatively useful+secure devfs(5) in a jail:

devfs_mount_jail /some/jail/dev

Some new shell routines available to scripts that source
rc.subr(5):
o devfs_link - Makes it a little easier to create symlinks
o devfs_init_rulesets - Create devfs(8) rulesets from devfs.rules
o devfs_set_ruleset - Set a ruleset to a devfs(5) mount
o devfs_apply_ruleset - Apply a ruleset to a devfs(5) mount
o devfs_domount - Mount devfs(5) and apply some ruleset
o devfs_mount_jail - Mount devfs(5) and apply a ruleset
appropriate to jails.

Additional rulesets can be specified in /etc/devfs.rules.
If the devfs_system_ruleset variable is defined in rc.conf
and it contains the name of a ruleset defined in /etc/defaults/devfs.rules
or user supplied rulesets in /etc/devfs.rules then that ruleset will
be applied to /dev at startup by the /etc/rc.d/devfs script. It can
also be applied post-startup:

/etc/rc.d/devfs start

This is a more flexible mechanism than the previous method of using
/etc/devfs.conf. However, that method is still available.

Note: since devfs(8) doesn't provide any way for creating symlinks
as part of a ruleset, anyone wishing to create symlinks in a devfs(5)
as part of the bootup sequence will still have to rely on /etc/devfs.conf.

show more ...

Allow users to configure stuff in /dev once again by re-doing the devfs
script to read /etc/devfs.conf, and take appropriate actions based on
what it finds there.

The (commented out) examples in the

Allow users to configure stuff in /dev once again by re-doing the devfs
script to read /etc/devfs.conf, and take appropriate actions based on
what it finds there.

The (commented out) examples in the new devfs.conf file are taken in
part from the old rc.devfs script.

show more ...

Move securelevel further back in the boot order.

Approved by: markm (mentor)(implicit)
Reviewed by: dougb

Create a symbolic link /dev/vga -> /dev/ttyv0.

We can't remove the sourcing of /etc/rc.devfs yet in case the user
might have custom entries in it. We will have to come up with an
/etc/devfs.rules or

Create a symbolic link /dev/vga -> /dev/ttyv0.

We can't remove the sourcing of /etc/rc.devfs yet in case the user
might have custom entries in it. We will have to come up with an
/etc/devfs.rules or something to make this kind of thing easier.

Approved by: markm (mentor)(implicit)

show more ...

Bring in the settings from /etc/rc.devfs, which include the vga symlink
that's being replaced here. This is what /etc/rc does now.

There is no NetBSD devfs, so there is no compatibility issue.

Not

Bring in the settings from /etc/rc.devfs, which include the vga symlink
that's being replaced here. This is what /etc/rc does now.

There is no NetBSD devfs, so there is no compatibility issue.

Not objected to by: FreeBSD-rc@yahoogroups.com
Approved by: re (murray)

show more ...

Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.

Submitted by: Mike Makonnen <makonnen@pacbell.net>
Re

Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.

Submitted by: Mike Makonnen <makonnen@pacbell.net>
Reviewed by: silence on -current and -hackers
Prodded by: rwatson

show more ...