rc.d: add a service jails config to all base system services

This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
servic

rc.d: add a service jails config to all base system services

This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.

The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.

The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.

Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision: https://reviews.freebsd.org/D40371

show more ...

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

Revert r346017 pending compiled-in zfs fix

PR: 237172
Approved by: jilles
Differential Revision: https://reviews.freebsd.org/D18670

Remove now unnecessary kldstat check before attempting to load modules.

Since r233109, kldload has the -n option, which silently ignores options
that are already loaded.

https://lists.freebsd.org/p

Remove now unnecessary kldstat check before attempting to load modules.

Since r233109, kldload has the -n option, which silently ignores options
that are already loaded.

https://lists.freebsd.org/pipermail/freebsd-rc/2018-December/003899.html

Note that this script no longer reports if the module is already loaded,
but it could be argued this wasn't particularly useful information.

PR: docs/234248
Reviewed by: bcr (docs), kib, rgrimes (visual)
Approved by: jilles
Differential Revision: https://reviews.freebsd.org/D18670

show more ...

Move the rc framework out of sbin/init into libexec/rc.

The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update bec

Move the rc framework out of sbin/init into libexec/rc.

The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update because an rc script was touched.
(a follow-up commit will make init its own package)
* having rc in its own place will allow more easy replacement
of the rc framework with alternatives, such as openrc.

Discussed with: brd (during BSDCam), kmoore
Requested by: cem, bz
PR: 231522
Approved by: re (gjb)

show more ...

Move rc startup scripts from etc/ to sbin/init/

This keeps most startup scripts as CONFS per discussion on src-committers from
back during BSDCan.

Approved by: will (mentor)
Differential Revision:

Move rc startup scripts from etc/ to sbin/init/

This keeps most startup scripts as CONFS per discussion on src-committers from
back during BSDCan.

Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16466

show more ...

- Add descriptions to most of the rc scripts. Those are mostly taken from their
daemon's manpage and probably improved.
- Consistently use "filesystem" not "file system".

Approved by: bapt, brueff

- Add descriptions to most of the rc scripts. Those are mostly taken from their
daemon's manpage and probably improved.
- Consistently use "filesystem" not "file system".

Approved by: bapt, brueffer
Differential Revision: D452

show more ...

Ignore per-mdN settings in mdconfig[2] startup

PR: base/189696
Submitted by: ganael.laplanche@martymac.org
MFC after: 3 days
X-MFC-to: stable/10 stable/9

Loosen the processing of *_IF_aliasN vars to be less strict. Previously,
the first alias had to be _alias0 and processing stopped at the first non-
defined variable (preventing gaps). Allowing gaps g

Loosen the processing of *_IF_aliasN vars to be less strict. Previously,
the first alias had to be _alias0 and processing stopped at the first non-
defined variable (preventing gaps). Allowing gaps gives the administrator
the ability to group aliases in an adhoc manner and also lifts the
requirement to renumber aliases simply to comment-out an existing one.
Aliases are processed in numerical ascending order.

Discussed on: -rc
MFC after: 1 week

show more ...

- Add vnode-backed swap space specification support. This is enabled when
device names "md" or "md[0-9]*" and a "file" option are specified in
/etc/fstab like this:

md none swap sw,f

- Add vnode-backed swap space specification support. This is enabled when
device names "md" or "md[0-9]*" and a "file" option are specified in
/etc/fstab like this:

md none swap sw,file=/swap.bin 0 0

- Add GBDE/GELI encrypted swap space specification support, which
rc.d/encswap supported. The /etc/fstab lines are like the following:

/dev/ada1p1.bde none swap sw 0 0
/dev/ada1p2.eli none swap sw 0 0

.eli devices accepts aalgo, ealgo, keylen, and sectorsize as options.

swapctl(8) can understand an encrypted device in the command line
like this:

# swapctl -a /dev/ada2p1.bde

- "-L" flag is added to support "late" option to defer swapon until
rc.d/mountlate runs.

- rc.d script change:

rc.d/encswap -> removed
rc.d/addswap -> just display a warning message if $swapfile is defined
rc.d/swap1 -> renamed to rc.d/swap
rc.d/swaplate -> newly added to support "late" option

These changes alleviate a race condition between device creation/removal
and swapon/swapoff.

MFC after: 1 week
Reviewed by: wblock (manual page)

show more ...

This change does the following for the scripts that run up through
FILESYSTEMS (the default early_late_divider):
1. Move sysctl to run first
2. Move as many BEFOREs to REQUIREs as possible.
3. Minor

This change does the following for the scripts that run up through
FILESYSTEMS (the default early_late_divider):
1. Move sysctl to run first
2. Move as many BEFOREs to REQUIREs as possible.
3. Minor effect, move hostid_save from right before mdconfig to right
after.

A lot of the early scripts make use of sysctl one way or another so
running this first makes a lot of sense given that system-critical
values are often placed in sysctl.conf.

My original purpose for working on this was that while doing some
debugging on other stuff I noticed that the order of execution was
different in the first pass through the early scripts and the second.
In practice that doesn't matter because the scripts are not executed the
second time. However this _can_ result in problems if the difference in
the rcorder moves a script from the late section to the early section in
the second pass (which would mean the script would not get executed).
So, I wanted to make the order of execution of the scripts in the early
section more deterministic.

In the course of debugging the ordering problems I noticed that moving
the BEFOREs to REQUIREs prevented the changes in order from the first
pass to the second pass without having to make any substantial changes.
(Of course it's no secret that I think BEFORE should be avoided as much
as possible, but this is a good example of why.)

Reviewed by: silence on freebsd-rc@
MFC after: 8.1-RELEASE

show more ...

Remove trailing white space. No functional changes.

As previously discussed, add the svn:executable property to all scripts

sleep 2 seconds after having loaded g_uzip.ko. We need this because
otherwise the /dev/mdX.uzip won't be created immediately, which is
needed because we issue a mount right afterwards.

Approved by:

sleep 2 seconds after having loaded g_uzip.ko. We need this because
otherwise the /dev/mdX.uzip won't be created immediately, which is
needed because we issue a mount right afterwards.

Approved by: re@ (bmah@)
MFC after: 2 days

show more ...

Use $required_modules wherever suitable. Use load_kld() in special
cases. So we get rid of quite a few lines of duplicated code.

Don't load geom_md.ko if there is no need to.

Remove the require_kld function I just committed and replace with a nicer solution.

Reported by: pjd
Approved by: cperciva

Add two new scripts (mdconfig/mdconfig2) to replace old ramdisk{,-own}
scripts. These scripts handle vnode backed md(4) devices.

Old ramdisk{,-own} scripts will stay a bit in CVS to allow some time

Add two new scripts (mdconfig/mdconfig2) to replace old ramdisk{,-own}
scripts. These scripts handle vnode backed md(4) devices.

Old ramdisk{,-own} scripts will stay a bit in CVS to allow some time for
migration since variable names have changed (ramdisk_* -> mdconfig_*).

Two new variables have been introduced to be able to populate the md(4)
device once it has been mounted (mdconfig_*_files and mdconfig_*_cmd).

Use should be as easy as:

mdconfig_md0="-t malloc -s 10m"
mdconfig_md1="-t vnode -f /var/foo.img"

See rc.conf(5) for more information and description of the additional
variables.

Approved by: cperciva

show more ...