rc: Use check_jail to check values of security.jail MIBs

PR: 282404
Reviewed by: markj, netchild
Approved by: markj (mentor)
MFC after: 2 weeks
Event: Berlin Hackathon 202507
Differential Revision

rc: Use check_jail to check values of security.jail MIBs

PR: 282404
Reviewed by: markj, netchild
Approved by: markj (mentor)
MFC after: 2 weeks
Event: Berlin Hackathon 202507
Differential Revision: https://reviews.freebsd.org/D47329

show more ...

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

rc.shutdown: kill shutdown process after logging message

Move the kill -KILL $$ back to the pre-r354446 location at the end of
the shutdown timeout handler.

MFC with: r354446

rc.shutdown: print a newline before watchdog timeout message

Previously the watchdog timeout message was appended to the last entry
in the "Waiting for PIDS" list, resulting in a message like

W

rc.shutdown: print a newline before watchdog timeout message

Previously the watchdog timeout message was appended to the last entry
in the "Waiting for PIDS" list, resulting in a message like

Waiting for PIDS: 31299 31296 90201 9020090 second watchdog timeout
expired. Shutdown terminated.

Print a newline to separate the watchdog timeout message. Also perform
the kill before logging or echoing the message.

PR: 241072
MFC after: 1 month
Sponsored by: The FreeBSD Foundation

show more ...

add ability to set watchdog timeout for a shutdown

This change allows to specify a watchdog(9) timeout for a system
shutdown. The timeout is activated when the watchdogd daemon is
stopped. The ide

add ability to set watchdog timeout for a shutdown

This change allows to specify a watchdog(9) timeout for a system
shutdown. The timeout is activated when the watchdogd daemon is
stopped. The idea is to a prevent any indefinite hang during late
stages of the shutdown. The feature is implemented in rc.d/watchdogd,
it builds upon watchdogd -x option.

Note that the shutdown timeout is not actiavted when the watchdogd
service is individually stopped by an operator. It is also not
activated for the 'shutdown' to the single-user mode. In those cases it
is assumed that the operator knows what they are doing and they have
means to recover the system should it hang.

Significant subchanges and implementation details:
- the argument to rc.shutdown, completely unused before, is assigned to
rc_shutdown variable that can be inspected by rc scripts
- init(8) passes "single" or "reboot" as the argument, this is not
changed
- the argument is not mandatory and if it is not set then rc_shutdown is
set to "unspecified"
- however, the default jail management scripts and jail configuration
examples have been updated to pass "jail" to rc.shutdown, just in case
- the new timeout can be set via watchdogd_shutdown_timeout rc option
- for consistency, the regular timeout can now be set via
watchdogd_timeout rc option
- watchdogd_shutdown_timeout and watchdogd_timeout override timeout
specifications in watchdogd_flags
- existing configurations, where the new rc options are not set, should
keep working as before

I am not particularly wed to any of the implementation specifics.
I am open to changing or removing any of them as long as the provided
functionality is the same (or very close) to the proposed one.
For example, I think it can be implemented without using watchdogd -x,
by means of watchdog(1) alone. In that case there would be a small
window between stopping watchdogd and running watchdog, but I think that
that is acceptable.

Reviewed by: bcr (man page changes)
MFC after: 5 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D21221

show more ...

Move the rc framework out of sbin/init into libexec/rc.

The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update bec

Move the rc framework out of sbin/init into libexec/rc.

The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update because an rc script was touched.
(a follow-up commit will make init its own package)
* having rc in its own place will allow more easy replacement
of the rc framework with alternatives, such as openrc.

Discussed with: brd (during BSDCam), kmoore
Requested by: cem, bz
PR: 231522
Approved by: re (gjb)

show more ...

Opps, I missed moving a couple of files in r336845.

Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16466

Since r275359, there is no need to provide a bogus service name.

MFC after: 3 weeks

Refine the "nojail" rc keyword, adding "nojailvnet" for files that don't
apply to most jails but do apply to vnet jails. This includes adding
a new sysctl "security.jail.vnet" to identify vnet jails

Refine the "nojail" rc keyword, adding "nojailvnet" for files that don't
apply to most jails but do apply to vnet jails. This includes adding
a new sysctl "security.jail.vnet" to identify vnet jails.

PR: conf/149050
Submitted by: mdodd
MFC after: 3 days

show more ...

Hide stty(1) errors.

If rc(8) is executed without using a TTY, this error appears at the
beginning:

stty: stdin isn't a terminal

Because this is to be expected and of course not harmful, it is be

Hide stty(1) errors.

If rc(8) is executed without using a TTY, this error appears at the
beginning:

stty: stdin isn't a terminal

Because this is to be expected and of course not harmful, it is better
to simply hide the error message.

MFC after: 1 week

show more ...

Instead of killing the 'watchdog' subshell and leaving a sleep for
rcshutdown_timeout (normally 30s) around re-parented to init, make
sure both go away using pkill -P.

While noone normally notices t

Instead of killing the 'watchdog' subshell and leaving a sleep for
rcshutdown_timeout (normally 30s) around re-parented to init, make
sure both go away using pkill -P.

While noone normally notices this for the system shutdown, it helps for
cleanly shutting down trusted jails.
Found without a killall in the base system, which in rc.d/jail normally
ensures that all processes of a jail to be stopped will be killed.

Reviewed by: silence on current@
MFC after: 4 weeks

show more ...

Introduce startup scripts from the local_startup directories to
the base rcorder. This is accomplished by running rcorder twice,
first to get all the disks mounted (through mountcritremote),
then aga

Introduce startup scripts from the local_startup directories to
the base rcorder. This is accomplished by running rcorder twice,
first to get all the disks mounted (through mountcritremote),
then again to include the local_startup directories.

This dramatically changes the behavior of rc.d/localpkg, as
all "local" scripts that have the new rc.d semantics are now
run in the base rcorder, so only scripts that have not been
converted yet will run in rc.d/localpkg.

Make a similar change in rc.shutdown, and add some functions in
rc.subr to support these changes.

Bump __FreeBSD_version to reflect this change.

show more ...

Improve the RC framework for the clean booting/shutdown of Jails:

1. Feature: for flexibility reasons and as a prerequisite to clean
shutdowns, allow the configuration of a stop/shutdown command

Improve the RC framework for the clean booting/shutdown of Jails:

1. Feature: for flexibility reasons and as a prerequisite to clean
shutdowns, allow the configuration of a stop/shutdown command
via rc.conf variable "jail_<name>_exec_stop" in addition to the
start/boot command (rc.conf variable "jail_<name>_exec_start"). For
backward compatibility reasons, rc.conf variable "jail_<name>_exec"
is still supported, too.

2. Debug: Add the used boot/shutdown commands to the debug output of
the /etc/rc.d/jail script, too.

3. Security: Run the Jail start/boot command in a cleaned environment
to not leak information from the host to the Jail during startup.

4. Feature: Run the Jail stop/shutdown command "jail_<name>_exec_stop" on
"/etc/rc.d/jail stop <name>" to allow a graceful shutdown of the Jail
before its processes are just killed.

5. Bugfix: When killing the remaining Jail processes give the processes
time to actually perform their termination sequence. Without this the
subsequent umount(8) operations usually fail because the resources
are still in use. Additionally, if after trying to TERM-inate the
processes there are still processes hanging around, finally just KILL
them.

6. Bugfix: In rc.shutdown, if running inside a Jail, skip the /etc/rc.d/*
scripts which are flagged with the KEYWORD "nojail" to allow the
correct operation of rc.shutdown under jail_<name>_exec_stop="/bin/sh
/etc/rc.shutdown". This is analogous to what /etc/rc does inside a Jail.

Now the following typical host-configuration for two Jails works as
expected and correctly boots and shutdowns the Jails:

-----------------------------------------------------------
# /etc/rc.conf:
jail_enable="YES"
jail_list="foo bar"
jail_foo_rootdir="/j/foo"
jail_foo_hostname="foo.example.com"
jail_foo_ip="192.168.0.1"
jail_foo_devfs_enable="YES"
jail_foo_mount_enable="YES"
jail_foo_exec_start="/bin/sh /etc/rc"
jail_foo_exec_stop="/bin/sh /etc/rc.shutdown"
jail_bar_rootdir="/j/bar"
jail_bar_hostname="bar.example.com"
jail_bar_ip="192.168.0.2"
jail_bar_devfs_enable="YES"
jail_bar_mount_enable="YES"
jail_bar_exec_start="/path/to/kjailer -v"
jail_bar_exec_stop="/bin/sh -c 'killall kjailer && sleep 60'"
-----------------------------------------------------------
# /etc/fstab.foo
/v/foo /j/foo/v/foo nullfs rw 0 0
-----------------------------------------------------------
# /etc/fstab.bar
/v/bar /j/bar/v/bar nullfs rw 0 0
-----------------------------------------------------------

Reviewed by: freebsd-hackers
MFC after: 2 weeks

show more ...

Fix a bogus variable assignment. You can't expect
_msg="a" \
" b"
to concat the strings. Use
_msg="a"
_msg="$_msg b"
instead (intent is to not exceed 80 chars per line).

MFC after:

Fix a bogus variable assignment. You can't expect
_msg="a" \
" b"
to concat the strings. Use
_msg="a"
_msg="$_msg b"
instead (intent is to not exceed 80 chars per line).

MFC after: 1 week

show more ...

Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days

Make the stop command respect the 'fast' prefix.

Most notably, this cleans up messages when shutting down from
single user. In such a case there are usually no daemons running,
but their pid files a

Make the stop command respect the 'fast' prefix.

Most notably, this cleans up messages when shutting down from
single user. In such a case there are usually no daemons running,
but their pid files are still in /var/run. This causes rc.d to
output diagnostics about daemons with pidfiles, but that are
not running.

show more ...

Removed whitespace at BOF, EOL & EOF.

Remove last vestiges of the old rc.

Quiet warnings on shutdown.

Add the final bits that allow the use of rc.d. Note that you can toggle
between rc.d and the classic boot scripts based on the rcng variable in
your rc.conf. Defaults to classic boot scripts.

Submit

Add the final bits that allow the use of rc.d. Note that you can toggle
between rc.d and the classic boot scripts based on the rcng variable in
your rc.conf. Defaults to classic boot scripts.

Submitted by: Mike Makonnen

show more ...

Fix the order of shutdown scripts so it not only reverses the order of the
files in each ${local_startup} directory, it also reverses the order of the
directories.

Suggested by: jhb
Reviewed by: jak

Fix the order of shutdown scripts so it not only reverses the order of the
files in each ${local_startup} directory, it also reverses the order of the
directories.

Suggested by: jhb
Reviewed by: jake
Approved by: dougb
MFC after: 1 week

show more ...

Set the script_name_sep variable to a safe value if it is not
already set (e.g. a failed/skipped mergemaster run during an upgrade).
Without this, if script_name_sep was not set in the rc.conf files,

Set the script_name_sep variable to a safe value if it is not
already set (e.g. a failed/skipped mergemaster run during an upgrade).
Without this, if script_name_sep was not set in the rc.conf files,
local scripts will not be executed on startup or shutdown.

PR: misc/32687
Submitted by: Nicholas Paufler <echofox@discordia.ca> (the problem)
Sheldon Hearn (the idea behind the fix)
Reviewed by: sheldonh
MFC after: 1 week

show more ...

second part of the patches to complete ipf changes to rc

PR: multiple
Submitted by: Arjan de Vet <devet@devet.org>

Put in place for using ipfs use on shutdown and startup.

PR: 27070

Add a script_name_sep rc.conf knob to specify the IFS character
for separating the startup scripts' list into individual filenames.

Run the shutdown scripts in reverse alphabetical order, so depende

Add a script_name_sep rc.conf knob to specify the IFS character
for separating the startup scripts' list into individual filenames.

Run the shutdown scripts in reverse alphabetical order, so dependent
services are stopped before the services they depend upon.

Reviewed by: -arch, -audit
MFC after: 3 weeks

show more ...