From f99f0ee14e3af81c23150a6a340259ca8a33d01a Mon Sep 17 00:00:00 2001 From: Alexander Leidinger Date: Wed, 22 May 2024 15:31:47 +0200 Subject: [PATCH] rc.d: add a service jails config to all base system services This gives more permissions to services (e.g. network access to services which require this) when they are started as an automatic service jail. The sshd patch is important for the sshd-related functionality as described in the man-page in the service jails part. The location of the added env vars is supposed to allow overriding them in rc.conf, and to hard-disable the use of svcj for some parts where it doesn't make sense or will not work. Only a subset of all of the services are fully tested (I'm running this since more than a year with various services started as service jails). The untested parts should be most of the time ok, in some edge-cases more permissions are needed inside the service jail. Differential Revision: https://reviews.freebsd.org/D40371 --- libexec/rc/rc.d/accounting | 4 ++++ libexec/rc/rc.d/adjkerntz | 4 ++++ libexec/rc/rc.d/apm | 4 ++++ libexec/rc/rc.d/apmd | 4 ++++ libexec/rc/rc.d/auditd | 4 ++++ libexec/rc/rc.d/auditdistd | 2 ++ libexec/rc/rc.d/automount | 4 ++++ libexec/rc/rc.d/automountd | 4 ++++ libexec/rc/rc.d/autounmountd | 4 ++++ libexec/rc/rc.d/bgfsck | 4 ++++ libexec/rc/rc.d/blacklistd | 3 +++ libexec/rc/rc.d/bluetooth | 3 +++ libexec/rc/rc.d/bootparams | 2 ++ libexec/rc/rc.d/bridge | 4 ++++ libexec/rc/rc.d/bsnmpd | 2 ++ libexec/rc/rc.d/bthidd | 3 +++ libexec/rc/rc.d/ccd | 4 ++++ libexec/rc/rc.d/cfumass | 4 ++++ libexec/rc/rc.d/cleanvar | 4 ++++ libexec/rc/rc.d/cleartmp | 4 ++++ libexec/rc/rc.d/cron | 5 +++++ libexec/rc/rc.d/ctld | 4 ++++ libexec/rc/rc.d/ddb | 3 +++ libexec/rc/rc.d/defaultroute | 4 ++++ libexec/rc/rc.d/devd | 4 ++++ libexec/rc/rc.d/devfs | 4 ++++ libexec/rc/rc.d/devmatch | 4 ++++ libexec/rc/rc.d/dhclient | 3 +++ libexec/rc/rc.d/dmesg | 4 ++++ libexec/rc/rc.d/dnctl | 3 +++ libexec/rc/rc.d/dumpon | 4 ++++ libexec/rc/rc.d/fsck | 4 ++++ libexec/rc/rc.d/ftp-proxy | 2 ++ libexec/rc/rc.d/ftpd | 10 ++++------ libexec/rc/rc.d/geli | 4 ++++ libexec/rc/rc.d/geli2 | 4 ++++ libexec/rc/rc.d/ggated | 3 +++ libexec/rc/rc.d/gptboot | 4 ++++ libexec/rc/rc.d/growfs | 4 ++++ libexec/rc/rc.d/growfs_fstab | 4 ++++ libexec/rc/rc.d/gssd | 2 ++ libexec/rc/rc.d/hastd | 4 ++++ libexec/rc/rc.d/hcsecd | 3 +++ libexec/rc/rc.d/hostapd | 4 ++++ libexec/rc/rc.d/hostid | 4 ++++ libexec/rc/rc.d/hostid_save | 4 ++++ libexec/rc/rc.d/hostname | 4 ++++ libexec/rc/rc.d/inetd | 2 ++ libexec/rc/rc.d/iovctl | 4 ++++ libexec/rc/rc.d/ip6addrctl | 4 ++++ libexec/rc/rc.d/ipfilter | 3 +++ libexec/rc/rc.d/ipfs | 4 ++++ libexec/rc/rc.d/ipfw | 3 +++ libexec/rc/rc.d/ipfw_netflow | 3 +++ libexec/rc/rc.d/ipmon | 3 +++ libexec/rc/rc.d/ipnat | 3 +++ libexec/rc/rc.d/ippool | 4 ++++ libexec/rc/rc.d/ipropd_master | 12 ++++++++---- libexec/rc/rc.d/ipropd_slave | 14 +++++++++----- libexec/rc/rc.d/ipsec | 4 ++++ libexec/rc/rc.d/iscsictl | 4 ++++ libexec/rc/rc.d/iscsid | 4 ++++ libexec/rc/rc.d/jail | 4 ++++ libexec/rc/rc.d/kadmind | 10 +++------- libexec/rc/rc.d/kdc | 1 + libexec/rc/rc.d/keyserv | 2 ++ libexec/rc/rc.d/kfd | 8 ++------ libexec/rc/rc.d/kld | 4 ++++ libexec/rc/rc.d/kldxref | 4 ++++ libexec/rc/rc.d/kpasswdd | 10 +++------- libexec/rc/rc.d/ldconfig | 4 ++++ libexec/rc/rc.d/linux | 4 ++++ libexec/rc/rc.d/local | 4 ++++ libexec/rc/rc.d/local_unbound | 1 + libexec/rc/rc.d/localpkg | 6 ++++++ libexec/rc/rc.d/lockd | 7 +++++-- libexec/rc/rc.d/lpd | 2 ++ libexec/rc/rc.d/mdconfig | 3 +++ libexec/rc/rc.d/mdconfig2 | 3 +++ libexec/rc/rc.d/mixer | 4 ++++ libexec/rc/rc.d/motd | 4 ++++ libexec/rc/rc.d/mountcritlocal | 4 ++++ libexec/rc/rc.d/mountcritremote | 4 ++++ libexec/rc/rc.d/mountd | 6 ++++++ libexec/rc/rc.d/mountlate | 4 ++++ libexec/rc/rc.d/moused | 5 +++++ libexec/rc/rc.d/msgs | 4 ++++ libexec/rc/rc.d/natd | 4 ++++ libexec/rc/rc.d/netif | 4 ++++ libexec/rc/rc.d/netoptions | 4 ++++ libexec/rc/rc.d/netwait | 4 ++++ libexec/rc/rc.d/newsyslog | 4 ++++ libexec/rc/rc.d/nfscbd | 2 ++ libexec/rc/rc.d/nfsclient | 4 ++++ libexec/rc/rc.d/nfsd | 4 ++++ libexec/rc/rc.d/nfsuserd | 4 ++++ libexec/rc/rc.d/nisdomain | 4 ++++ libexec/rc/rc.d/nscd | 3 +++ libexec/rc/rc.d/ntpd | 3 +++ libexec/rc/rc.d/ntpdate | 4 ++++ libexec/rc/rc.d/opensm | 2 ++ libexec/rc/rc.d/os-release | 4 ++++ libexec/rc/rc.d/pf | 3 +++ libexec/rc/rc.d/pflog | 6 ++++++ libexec/rc/rc.d/pfsync | 4 ++++ libexec/rc/rc.d/power_profile | 3 +++ libexec/rc/rc.d/powerd | 4 ++++ libexec/rc/rc.d/ppp | 4 ++++ libexec/rc/rc.d/pppoed | 4 ++++ libexec/rc/rc.d/pwcheck | 4 ++++ libexec/rc/rc.d/quota | 3 +++ libexec/rc/rc.d/random | 4 ++++ libexec/rc/rc.d/rarpd | 2 ++ libexec/rc/rc.d/rctl | 4 ++++ libexec/rc/rc.d/resolv | 4 ++++ libexec/rc/rc.d/rfcomm_pppd_server | 4 ++++ libexec/rc/rc.d/root | 4 ++++ libexec/rc/rc.d/route6d | 2 ++ libexec/rc/rc.d/routed | 2 ++ libexec/rc/rc.d/routing | 4 ++++ libexec/rc/rc.d/rpcbind | 2 ++ libexec/rc/rc.d/rtadvd | 5 +++++ libexec/rc/rc.d/rtsold | 2 ++ libexec/rc/rc.d/rwho | 2 ++ libexec/rc/rc.d/savecore | 4 ++++ libexec/rc/rc.d/sdpd | 3 +++ libexec/rc/rc.d/securelevel | 4 ++++ libexec/rc/rc.d/sendmail | 2 ++ libexec/rc/rc.d/sshd | 6 ++++++ libexec/rc/rc.d/statd | 7 +++++-- libexec/rc/rc.d/static_arp | 4 ++++ libexec/rc/rc.d/static_ndp | 4 ++++ libexec/rc/rc.d/stf | 4 ++++ libexec/rc/rc.d/swap | 4 ++++ libexec/rc/rc.d/swaplate | 4 ++++ libexec/rc/rc.d/syscons | 4 ++++ libexec/rc/rc.d/sysctl | 4 ++++ libexec/rc/rc.d/sysctl_lastload | 4 ++++ libexec/rc/rc.d/syslogd | 2 ++ libexec/rc/rc.d/sysvipc | 4 ++++ libexec/rc/rc.d/tlsclntd | 2 ++ libexec/rc/rc.d/tlsservd | 2 ++ libexec/rc/rc.d/tmp | 3 +++ libexec/rc/rc.d/ubthidhci | 4 ++++ libexec/rc/rc.d/ugidfw | 4 ++++ libexec/rc/rc.d/utx | 4 ++++ libexec/rc/rc.d/var | 3 +++ libexec/rc/rc.d/var_run | 3 +++ libexec/rc/rc.d/virecover | 4 ++++ libexec/rc/rc.d/watchdogd | 4 ++++ libexec/rc/rc.d/wpa_supplicant | 3 +++ libexec/rc/rc.d/ypbind | 2 ++ libexec/rc/rc.d/ypldap | 2 ++ libexec/rc/rc.d/yppasswdd | 2 ++ libexec/rc/rc.d/ypserv | 2 ++ libexec/rc/rc.d/ypset | 3 +++ libexec/rc/rc.d/ypupdated | 2 ++ libexec/rc/rc.d/ypxfrd | 2 ++ libexec/rc/rc.d/zfs | 4 ++++ libexec/rc/rc.d/zfsbe | 4 ++++ libexec/rc/rc.d/zfsd | 4 ++++ libexec/rc/rc.d/zfskeys | 4 ++++ libexec/rc/rc.d/zpool | 4 ++++ libexec/rc/rc.d/zpoolreguid | 4 ++++ libexec/rc/rc.d/zpoolupgrade | 4 ++++ libexec/rc/rc.d/zvol | 4 ++++ 166 files changed, 598 insertions(+), 39 deletions(-) diff --git a/libexec/rc/rc.d/accounting b/libexec/rc/rc.d/accounting index 5c08f18cd2ca..1e0ece84fb15 100755 --- a/libexec/rc/rc.d/accounting +++ b/libexec/rc/rc.d/accounting @@ -76,4 +76,8 @@ accounting_rotate_log() } load_rc_config $name + +# doesn't make sense to run in a svcj: jail can't manipulate accounting +accounting_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/adjkerntz b/libexec/rc/rc.d/adjkerntz index 81ee596369a5..339f8add7201 100755 --- a/libexec/rc/rc.d/adjkerntz +++ b/libexec/rc/rc.d/adjkerntz @@ -14,4 +14,8 @@ start_cmd="adjkerntz -i" stop_cmd=":" load_rc_config $name + +# doesn't make sense to run in a svcj: jail can't modify kerntz +adjkerntz_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/apm b/libexec/rc/rc.d/apm index b2bde4d32d1c..3187f41c3a50 100755 --- a/libexec/rc/rc.d/apm +++ b/libexec/rc/rc.d/apm @@ -43,4 +43,8 @@ apm_status() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +apm_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/apmd b/libexec/rc/rc.d/apmd index 8c6293549dc0..aeb5042342d6 100755 --- a/libexec/rc/rc.d/apmd +++ b/libexec/rc/rc.d/apmd @@ -34,4 +34,8 @@ apmd_prestart() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +apmd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/auditd b/libexec/rc/rc.d/auditd index 90017d88ab85..caea2587a2e9 100755 --- a/libexec/rc/rc.d/auditd +++ b/libexec/rc/rc.d/auditd @@ -32,4 +32,8 @@ auditd_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +auditd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/auditdistd b/libexec/rc/rc.d/auditdistd index e7ae7d64d39d..0814c2a4d2c7 100755 --- a/libexec/rc/rc.d/auditdistd +++ b/libexec/rc/rc.d/auditdistd @@ -17,5 +17,7 @@ command="/usr/sbin/${name}" required_files="/etc/security/${name}.conf" extra_commands="reload" +: ${auditdistd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/automount b/libexec/rc/rc.d/automount index b01928651ec4..19f367837189 100755 --- a/libexec/rc/rc.d/automount +++ b/libexec/rc/rc.d/automount @@ -28,4 +28,8 @@ automount_stop() } load_rc_config $name + +# mounting shall not be performed in a svcj +automount_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/automountd b/libexec/rc/rc.d/automountd index 4bc6f7d01862..b809e9dfc8ad 100755 --- a/libexec/rc/rc.d/automountd +++ b/libexec/rc/rc.d/automountd @@ -17,4 +17,8 @@ command="/usr/sbin/${name}" required_modules="autofs" load_rc_config $name + +# mounting shall not be performed in a svcj +automountd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/autounmountd b/libexec/rc/rc.d/autounmountd index c939c6d8d011..1d8b3bfa354f 100755 --- a/libexec/rc/rc.d/autounmountd +++ b/libexec/rc/rc.d/autounmountd @@ -16,4 +16,8 @@ pidfile="/var/run/${name}.pid" command="/usr/sbin/${name}" load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +autounmountd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/bgfsck b/libexec/rc/rc.d/bgfsck index 24753f9f561f..dd5c330c3d11 100755 --- a/libexec/rc/rc.d/bgfsck +++ b/libexec/rc/rc.d/bgfsck @@ -46,4 +46,8 @@ bgfsck_start() } load_rc_config $name + +# doesn't make sense to run in a svcj +bgfsck_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/blacklistd b/libexec/rc/rc.d/blacklistd index b58c7c8a76b6..ecbb71e41fca 100755 --- a/libexec/rc/rc.d/blacklistd +++ b/libexec/rc/rc.d/blacklistd @@ -40,5 +40,8 @@ rcvar="blacklistd_enable" command="/usr/sbin/${name}" required_files="/etc/blacklistd.conf" +# no svcj options needed +: ${blacklistd_svcj_options:=""} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/bluetooth b/libexec/rc/rc.d/bluetooth index 679d669a6191..22bd5078034d 100755 --- a/libexec/rc/rc.d/bluetooth +++ b/libexec/rc/rc.d/bluetooth @@ -317,5 +317,8 @@ bluetooth_stop() load_rc_config $name hccontrol="${bluetooth_hccontrol:-/usr/sbin/hccontrol}" +# doesn't make sense to run in a svcj: nojail keyword +bluetooth_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/bootparams b/libexec/rc/rc.d/bootparams index ce0b8a45e672..1d435d4ee480 100755 --- a/libexec/rc/rc.d/bootparams +++ b/libexec/rc/rc.d/bootparams @@ -15,5 +15,7 @@ rcvar="bootparamd_enable" required_files="/etc/bootparams" command="/usr/sbin/${name}" +: ${bootparamd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/bridge b/libexec/rc/rc.d/bridge index a42d82adacc5..98d9212593e5 100755 --- a/libexec/rc/rc.d/bridge +++ b/libexec/rc/rc.d/bridge @@ -90,4 +90,8 @@ bridge_stop() iflist=$2 load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +bridge_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/bsnmpd b/libexec/rc/rc.d/bsnmpd index 60c7242f0c1f..60f4f5e86617 100755 --- a/libexec/rc/rc.d/bsnmpd +++ b/libexec/rc/rc.d/bsnmpd @@ -13,6 +13,8 @@ desc="Simple and extensible SNMP daemon" rcvar="bsnmpd_enable" command="/usr/sbin/${name}" +: ${bsnmpd_svcj_options:="net_basic"} + load_rc_config $name pidfile="${bsnmpd_pidfile:-/var/run/snmpd.pid}" command_args="-p ${pidfile}" diff --git a/libexec/rc/rc.d/bthidd b/libexec/rc/rc.d/bthidd index ec7da8181ca3..4b230406c4d5 100755 --- a/libexec/rc/rc.d/bthidd +++ b/libexec/rc/rc.d/bthidd @@ -50,4 +50,7 @@ if evdev_enabled; then fi required_files="${config}" +# doesn't make sense to run in a svcj: nojail keyword +bthidd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ccd b/libexec/rc/rc.d/ccd index f7dde1c23f4e..5f2427e4beb0 100755 --- a/libexec/rc/rc.d/ccd +++ b/libexec/rc/rc.d/ccd @@ -21,4 +21,8 @@ ccd_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ccd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cfumass b/libexec/rc/rc.d/cfumass index 79c9b0ae63d4..7d1117d7c388 100755 --- a/libexec/rc/rc.d/cfumass +++ b/libexec/rc/rc.d/cfumass @@ -145,4 +145,8 @@ cfumass_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +cfumass_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cleanvar b/libexec/rc/rc.d/cleanvar index 08e647dde5ae..dce5baa6875b 100755 --- a/libexec/rc/rc.d/cleanvar +++ b/libexec/rc/rc.d/cleanvar @@ -43,4 +43,8 @@ cleanvar_start() } load_rc_config $name + +# doesn't make sense to run in a svcj +cleanvar_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cleartmp b/libexec/rc/rc.d/cleartmp index 8101474b33cf..c4dfb5367dcb 100755 --- a/libexec/rc/rc.d/cleartmp +++ b/libexec/rc/rc.d/cleartmp @@ -57,4 +57,8 @@ cleartmp_start() } load_rc_config $name + +# doesn't make sense to run in a svcj +cleartmp_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cron b/libexec/rc/rc.d/cron index a37d3ceee02e..584db590d835 100755 --- a/libexec/rc/rc.d/cron +++ b/libexec/rc/rc.d/cron @@ -16,6 +16,11 @@ command="/usr/sbin/${name}" pidfile="/var/run/${name}.pid" load_rc_config $name + +# doesn't make sense to run in a svcj: in the generic case it may need +# access to more than a jails allows +cron_svcj="NO" + if checkyesno cron_dst then cron_flags="$cron_flags -s" diff --git a/libexec/rc/rc.d/ctld b/libexec/rc/rc.d/ctld index f09c032575d9..c91d7a9be921 100755 --- a/libexec/rc/rc.d/ctld +++ b/libexec/rc/rc.d/ctld @@ -19,4 +19,8 @@ required_modules="ctl" extra_commands="reload" load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ctld_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ddb b/libexec/rc/rc.d/ddb index 40235bebf90e..08a7d345c326 100755 --- a/libexec/rc/rc.d/ddb +++ b/libexec/rc/rc.d/ddb @@ -35,4 +35,7 @@ load_rc_config $name required_files="${ddb_config}" command_args="${ddb_config}" +# doesn't make sense to run in a svcj: privileged operation +ddb_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/defaultroute b/libexec/rc/rc.d/defaultroute index d8d6b2e97dcd..b96f91d36118 100755 --- a/libexec/rc/rc.d/defaultroute +++ b/libexec/rc/rc.d/defaultroute @@ -70,4 +70,8 @@ defaultroute_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +defaultroute_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devd b/libexec/rc/rc.d/devd index 43fb9d5928dd..47326662339c 100755 --- a/libexec/rc/rc.d/devd +++ b/libexec/rc/rc.d/devd @@ -38,4 +38,8 @@ devd_prestart() } load_rc_config $name + +# doesn't make sense to run in a svcj: executing potential privileged operations +devd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devfs b/libexec/rc/rc.d/devfs index b7835bd561ce..9987d35f6ad3 100755 --- a/libexec/rc/rc.d/devfs +++ b/libexec/rc/rc.d/devfs @@ -68,4 +68,8 @@ read_devfs_conf() } load_rc_config $name + +# doesn't make sense to run in a svcj: may need more permissions +devfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devmatch b/libexec/rc/rc.d/devmatch index 67bb14761614..21846355fcfe 100755 --- a/libexec/rc/rc.d/devmatch +++ b/libexec/rc/rc.d/devmatch @@ -78,4 +78,8 @@ devmatch_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +devmatch_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/dhclient b/libexec/rc/rc.d/dhclient index e2f204076eb6..78442da29193 100755 --- a/libexec/rc/rc.d/dhclient +++ b/libexec/rc/rc.d/dhclient @@ -59,6 +59,9 @@ dhclient_prestart() load_rc_config $name load_rc_config network +# dhclient_prestart is not compatible with svcj +dhclient_svcj="NO" + if [ -z $ifn ] ; then # only complain if a command was specified but no interface if [ -n "$1" ] ; then diff --git a/libexec/rc/rc.d/dmesg b/libexec/rc/rc.d/dmesg index ed36ec17b419..51e35d5d4e80 100755 --- a/libexec/rc/rc.d/dmesg +++ b/libexec/rc/rc.d/dmesg @@ -23,4 +23,8 @@ do_dmesg() } load_rc_config $name + +# doesn't make sense to run in a svcj +dmesg_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/dnctl b/libexec/rc/rc.d/dnctl index 7e65b899bd01..9067d278088e 100644 --- a/libexec/rc/rc.d/dnctl +++ b/libexec/rc/rc.d/dnctl @@ -16,6 +16,9 @@ start_cmd="${name}_start" required_files="$dnctl_rules" required_modules="dummynet" +# doesn't make sense to run in a svcj: config setting +dnctl_svcj="NO" + dnctl_start() { startmsg -n "Enabling ${name}" diff --git a/libexec/rc/rc.d/dumpon b/libexec/rc/rc.d/dumpon index a6748711b796..0dfcdb266b20 100755 --- a/libexec/rc/rc.d/dumpon +++ b/libexec/rc/rc.d/dumpon @@ -97,4 +97,8 @@ dumpon_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +dumpon_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/fsck b/libexec/rc/rc.d/fsck index 359733d8484c..e755f055dbe6 100755 --- a/libexec/rc/rc.d/fsck +++ b/libexec/rc/rc.d/fsck @@ -91,4 +91,8 @@ fsck_start() } load_rc_config $name + +# doesn't make sense to run in a svcj +fsck_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ftp-proxy b/libexec/rc/rc.d/ftp-proxy index 250088d6bb35..c77dd36cd60b 100755 --- a/libexec/rc/rc.d/ftp-proxy +++ b/libexec/rc/rc.d/ftp-proxy @@ -13,6 +13,8 @@ desc="Internet File Transfer Protocol proxy daemon" rcvar="ftpproxy_enable" command="/usr/sbin/ftp-proxy" +: ${ftpproxy_svcj_options:="net_basic"} + load_rc_config $name # diff --git a/libexec/rc/rc.d/ftpd b/libexec/rc/rc.d/ftpd index 9bb9a722a2af..e25a561a520a 100755 --- a/libexec/rc/rc.d/ftpd +++ b/libexec/rc/rc.d/ftpd @@ -13,13 +13,11 @@ desc="Internet File Transfer Protocol daemon" rcvar="ftpd_enable" command="/usr/libexec/${name}" pidfile="/var/run/${name}.pid" -start_precmd=ftpd_prestart -ftpd_prestart() -{ - rc_flags="-D ${rc_flags}" - return 0 -} +: ${ftpd_svcj_options:="net_basic"} load_rc_config $name + +flags="-D ${flags} ${rc_flags}" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/geli b/libexec/rc/rc.d/geli index 16d24efd1e39..5fc5ded54ec3 100755 --- a/libexec/rc/rc.d/geli +++ b/libexec/rc/rc.d/geli @@ -121,4 +121,8 @@ geli_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +geli_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/geli2 b/libexec/rc/rc.d/geli2 index 16248d32ece8..cedd48a312ee 100755 --- a/libexec/rc/rc.d/geli2 +++ b/libexec/rc/rc.d/geli2 @@ -55,4 +55,8 @@ geli2_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +geli2_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ggated b/libexec/rc/rc.d/ggated index 22bc8beb7ca0..846019acb055 100755 --- a/libexec/rc/rc.d/ggated +++ b/libexec/rc/rc.d/ggated @@ -14,6 +14,9 @@ pidfile="/var/run/${name}.pid" load_rc_config $name required_files="${ggated_config}" +# XXX?: doesn't make sense to run in a svcj: low-level access +ggated_svcj="NO" + command_args="${ggated_config}" run_rc_command "$1" diff --git a/libexec/rc/rc.d/gptboot b/libexec/rc/rc.d/gptboot index 3f04143e79ec..188f1bb77557 100755 --- a/libexec/rc/rc.d/gptboot +++ b/libexec/rc/rc.d/gptboot @@ -73,4 +73,8 @@ gptboot_report() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +gptboot_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/growfs b/libexec/rc/rc.d/growfs index d16951b4bc3e..86bf199a8611 100755 --- a/libexec/rc/rc.d/growfs +++ b/libexec/rc/rc.d/growfs @@ -306,4 +306,8 @@ growfs_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +growfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/growfs_fstab b/libexec/rc/rc.d/growfs_fstab index a9d18c1eaed3..8b7cea3a63e5 100755 --- a/libexec/rc/rc.d/growfs_fstab +++ b/libexec/rc/rc.d/growfs_fstab @@ -58,4 +58,8 @@ growfs_fstab_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +growfs_fstab_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/gssd b/libexec/rc/rc.d/gssd index fa0edcead140..7ab3c181eeb1 100755 --- a/libexec/rc/rc.d/gssd +++ b/libexec/rc/rc.d/gssd @@ -13,5 +13,7 @@ name=gssd desc="Generic Security Services Daemon" rcvar=gssd_enable +: ${gssd_svcj_options:="net_basic nfsd"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/hastd b/libexec/rc/rc.d/hastd index 8c1d9e8bc16a..37df43d26c7d 100755 --- a/libexec/rc/rc.d/hastd +++ b/libexec/rc/rc.d/hastd @@ -26,4 +26,8 @@ hastd_stop_precmd() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +hastd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hcsecd b/libexec/rc/rc.d/hcsecd index 542305040357..8827e53777f3 100755 --- a/libexec/rc/rc.d/hcsecd +++ b/libexec/rc/rc.d/hcsecd @@ -21,4 +21,7 @@ config="${hcsecd_config:-/etc/bluetooth/${name}.conf}" command_args="-f ${config}" required_files="${config}" +# doesn't make sense to run in a svcj: nojail keyword +hcsecd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostapd b/libexec/rc/rc.d/hostapd index fe3dac1dea06..251df91a280b 100755 --- a/libexec/rc/rc.d/hostapd +++ b/libexec/rc/rc.d/hostapd @@ -38,4 +38,8 @@ required_modules="wlan_xauth wlan_wep wlan_tkip wlan_ccmp" extra_commands="reload" load_rc_config ${name} + +# doesn't make sense to run in a svcj: nojail keyword +hostapd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostid b/libexec/rc/rc.d/hostid index 0210ca433501..18d0fbabf6e4 100755 --- a/libexec/rc/rc.d/hostid +++ b/libexec/rc/rc.d/hostid @@ -156,4 +156,8 @@ hostid_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +hostid_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostid_save b/libexec/rc/rc.d/hostid_save index af7f4138a5dd..b9727d24bc57 100755 --- a/libexec/rc/rc.d/hostid_save +++ b/libexec/rc/rc.d/hostid_save @@ -44,4 +44,8 @@ hostid_save() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +hostid_save_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostname b/libexec/rc/rc.d/hostname index f6ac95c9c888..8b26c4f60633 100755 --- a/libexec/rc/rc.d/hostname +++ b/libexec/rc/rc.d/hostname @@ -77,4 +77,8 @@ hostname_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +hostname_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/inetd b/libexec/rc/rc.d/inetd index 9820f8dc319a..81cc18d95be2 100755 --- a/libexec/rc/rc.d/inetd +++ b/libexec/rc/rc.d/inetd @@ -16,5 +16,7 @@ pidfile="/var/run/${name}.pid" required_files="/etc/${name}.conf" extra_commands="reload" +: ${inetd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/iovctl b/libexec/rc/rc.d/iovctl index 01e16221cc4a..b2404f5665b1 100755 --- a/libexec/rc/rc.d/iovctl +++ b/libexec/rc/rc.d/iovctl @@ -35,4 +35,8 @@ iovctl_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +iovctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ip6addrctl b/libexec/rc/rc.d/ip6addrctl index 50d9408d0731..eac1d2729e78 100755 --- a/libexec/rc/rc.d/ip6addrctl +++ b/libexec/rc/rc.d/ip6addrctl @@ -120,4 +120,8 @@ ip6addrctl_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ipv6addrctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipfilter b/libexec/rc/rc.d/ipfilter index e951bc9b7878..d0cb09ab527c 100755 --- a/libexec/rc/rc.d/ipfilter +++ b/libexec/rc/rc.d/ipfilter @@ -15,6 +15,9 @@ rcvar="ipfilter_enable" load_rc_config $name stop_precmd="test -f ${ipfilter_rules}" +# doesn't make sense to run in a svcj: config setting +ipfilter_svcj="NO" + start_precmd="$stop_precmd" start_cmd="ipfilter_start" stop_cmd="ipfilter_stop" diff --git a/libexec/rc/rc.d/ipfs b/libexec/rc/rc.d/ipfs index c51527bde43c..2ec4ad3b1d00 100755 --- a/libexec/rc/rc.d/ipfs +++ b/libexec/rc/rc.d/ipfs @@ -49,4 +49,8 @@ ipfs_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ipfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipfw b/libexec/rc/rc.d/ipfw index 2f6b20a41b1a..6d6f7577828f 100755 --- a/libexec/rc/rc.d/ipfw +++ b/libexec/rc/rc.d/ipfw @@ -163,4 +163,7 @@ ipfw_status() load_rc_config $name firewall_coscripts="/etc/rc.d/natd ${firewall_coscripts}" +# doesn't make sense to run in a svcj: config setting +ipfw_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/ipfw_netflow b/libexec/rc/rc.d/ipfw_netflow index 219f0a4facf6..129488ce60d0 100755 --- a/libexec/rc/rc.d/ipfw_netflow +++ b/libexec/rc/rc.d/ipfw_netflow @@ -73,4 +73,7 @@ ipfw_netflow_stop() load_rc_config $name +# doesn't make sense to run in a svcj: config setting +ipfw_netflow_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/ipmon b/libexec/rc/rc.d/ipmon index a6449f241b87..3ef0c895ad16 100755 --- a/libexec/rc/rc.d/ipmon +++ b/libexec/rc/rc.d/ipmon @@ -15,6 +15,9 @@ rcvar="ipmon_enable" command="/sbin/${name}" start_precmd="ipmon_precmd" +# no svcj options needed +: ${ipmon_svcj_options:=""} + ipmon_precmd() { # Continue only if ipfilter or ipnat is enabled and the diff --git a/libexec/rc/rc.d/ipnat b/libexec/rc/rc.d/ipnat index 88cf368876d7..56fe443686b1 100755 --- a/libexec/rc/rc.d/ipnat +++ b/libexec/rc/rc.d/ipnat @@ -18,6 +18,9 @@ extra_commands="reload" required_files="${ipnat_rules}" required_modules="ipl:ipfilter" +# doesn't make sense to run in a svcj: config setting +ipnat_svcj="NO" + ipnat_start() { echo "Installing NAT rules." diff --git a/libexec/rc/rc.d/ippool b/libexec/rc/rc.d/ippool index 42cef3faf7eb..0db8bbe98f61 100755 --- a/libexec/rc/rc.d/ippool +++ b/libexec/rc/rc.d/ippool @@ -13,6 +13,10 @@ name="ippool" desc="user interface to the IPFilter pools" rcvar="ippool_enable" load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ippool_svcj="NO" + start_precmd="ippool_start_precmd" stop_cmd="${ippool_program} -F" reload_cmd="ippool_reload" diff --git a/libexec/rc/rc.d/ipropd_master b/libexec/rc/rc.d/ipropd_master index 9f8e1ee14490..a3ca498afe6c 100755 --- a/libexec/rc/rc.d/ipropd_master +++ b/libexec/rc/rc.d/ipropd_master @@ -14,6 +14,8 @@ required_files="$ipropd_master_keytab" start_precmd=${name}_start_precmd start_postcmd=${name}_start_postcmd +: ${ipropd_master_svcj_options:="net_basic"} + ipropd_master_start_precmd() { @@ -24,10 +26,6 @@ ipropd_master_start_precmd() for _slave in $ipropd_master_slaves; do echo $_slave done > /var/heimdal/slaves || return 1 - command_args="$command_args \ - --keytab=\"$ipropd_master_keytab\" \ - --detach \ - " } ipropd_master_start_postcmd() { @@ -36,4 +34,10 @@ ipropd_master_start_postcmd() } load_rc_config $name + +command_args="$command_args \ + --keytab=\"$ipropd_master_keytab\" \ + --detach \ +" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipropd_slave b/libexec/rc/rc.d/ipropd_slave index 9d4b06f0e8f3..1735cff3de86 100755 --- a/libexec/rc/rc.d/ipropd_slave +++ b/libexec/rc/rc.d/ipropd_slave @@ -13,6 +13,8 @@ rcvar=${name}_enable required_files="$ipropd_slave_keytab" start_precmd=${name}_start_precmd +: ${ipropd_slave_svcj_options:="net_basic"} + ipropd_slave_start_precmd() { @@ -20,12 +22,14 @@ ipropd_slave_start_precmd() warn "\$ipropd_slave_master is empty." return 1 fi - command_args=" \ - $command_args \ - --keytab=\"$ipropd_slave_keytab\" \ - --detach \ - $ipropd_slave_master" } load_rc_config $name + +command_args=" \ + command_args \ + --keytab=\"$ipropd_slave_keytab\" \ + --detach \ + $ipropd_slave_master" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipsec b/libexec/rc/rc.d/ipsec index 1e9d65f6699e..0e7ad213ce67 100755 --- a/libexec/rc/rc.d/ipsec +++ b/libexec/rc/rc.d/ipsec @@ -57,4 +57,8 @@ ipsec_reload() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ipsec_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/iscsictl b/libexec/rc/rc.d/iscsictl index d2231958c6cb..247954e0d4f1 100755 --- a/libexec/rc/rc.d/iscsictl +++ b/libexec/rc/rc.d/iscsictl @@ -17,4 +17,8 @@ command_args="${iscsictl_flags}" required_modules="iscsi" load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +iscsictl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/iscsid b/libexec/rc/rc.d/iscsid index 277b6f5a8c7e..e2418e8baaa1 100755 --- a/libexec/rc/rc.d/iscsid +++ b/libexec/rc/rc.d/iscsid @@ -17,4 +17,8 @@ command="/usr/sbin/${name}" required_modules="iscsi" load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +iscsid_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/jail b/libexec/rc/rc.d/jail index e24d6f8e21e0..f059363e1e8d 100755 --- a/libexec/rc/rc.d/jail +++ b/libexec/rc/rc.d/jail @@ -605,6 +605,10 @@ jail_warn() } load_rc_config $name + +# doesn't make sense to run in a svcj +jail_svcj="NO" + case $# in 1) run_rc_command $@ ${jail_list:-_ALL} ;; *) jail_reverse_stop="no" diff --git a/libexec/rc/rc.d/kadmind b/libexec/rc/rc.d/kadmind index 140ece811f66..0cee49630480 100755 --- a/libexec/rc/rc.d/kadmind +++ b/libexec/rc/rc.d/kadmind @@ -12,17 +12,13 @@ name=kadmind desc="Server for administrative access to Kerberos database" rcvar=${name}_enable required_vars=kdc_enable -start_precmd=${name}_start_precmd +command_args="$command_args &" + +: ${kadmind_svcj_options:="net_basic"} set_rcvar_obsolete kadmind5_server_enable kadmind_enable set_rcvar_obsolete kadmind5_server kadmind_program set_rcvar_obsolete kerberos5_server_enable kdc_enable -kadmind_start_precmd() -{ - - command_args="$command_args &" -} - load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/kdc b/libexec/rc/rc.d/kdc index a2d9f87f8e20..621129b20164 100755 --- a/libexec/rc/rc.d/kdc +++ b/libexec/rc/rc.d/kdc @@ -14,6 +14,7 @@ desc="Kerberos 5 server" rcvar=${name}_enable : ${kdc_restart:="NO"} : ${kdc_restart_delay:=""} +: ${kdc_svcj_options:="net_basic"} set_rcvar_obsolete kerberos5_server_enable kdc_enable set_rcvar_obsolete kerberos5_server kdc_program diff --git a/libexec/rc/rc.d/keyserv b/libexec/rc/rc.d/keyserv index b51d01cfceee..d78695eb33b2 100755 --- a/libexec/rc/rc.d/keyserv +++ b/libexec/rc/rc.d/keyserv @@ -17,6 +17,8 @@ rcvar="keyserv_enable" command="/usr/sbin/${name}" start_precmd="keyserv_prestart" +: ${keyserv_svcj_options:="net_basic"} + keyserv_prestart() { force_depend rpcbind || return 1 diff --git a/libexec/rc/rc.d/kfd b/libexec/rc/rc.d/kfd index 0d124e14033f..23ad790abab5 100755 --- a/libexec/rc/rc.d/kfd +++ b/libexec/rc/rc.d/kfd @@ -11,13 +11,9 @@ name=kfd desc="Receive forwarded tickets" rcvar=${name}_enable -start_precmd=${name}_start_precmd +command_args="$command_args -i &" -kfd_start_precmd() -{ - - command_args="$command_args -i &" -} +: ${kfd_svcj_options:="net_basic"} load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/kld b/libexec/rc/rc.d/kld index 510884a117d0..d9c45a05f7a6 100755 --- a/libexec/rc/rc.d/kld +++ b/libexec/rc/rc.d/kld @@ -51,4 +51,8 @@ kld_start() } load_rc_config $name + +# doesn't make sense to run in a svcj +kld_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/kldxref b/libexec/rc/rc.d/kldxref index d2b733eddce3..d6aa02d778d9 100755 --- a/libexec/rc/rc.d/kldxref +++ b/libexec/rc/rc.d/kldxref @@ -33,4 +33,8 @@ kldxref_start() { } load_rc_config $name + +# doesn't make sense to run in a svcj +kldxref_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/kpasswdd b/libexec/rc/rc.d/kpasswdd index 2d3449bf52a6..7e2562769640 100755 --- a/libexec/rc/rc.d/kpasswdd +++ b/libexec/rc/rc.d/kpasswdd @@ -12,17 +12,13 @@ name=kpasswdd desc="Kerberos 5 password changing" rcvar=${name}_enable required_vars=kdc_enable -start_precmd=${name}_start_precmd +command_args="$command_args &" + +: ${kpasswdd_svcj_options:="net_basic"} set_rcvar_obsolete kpasswdd_server_enable kpasswdd_enable set_rcvar_obsolete kpasswdd_server kpasswdd_program set_rcvar_obsolete kerberos5_server_enable kdc_enable -kpasswdd_start_precmd() -{ - - command_args="$command_args &" -} - load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/ldconfig b/libexec/rc/rc.d/ldconfig index fd54b2d3444e..494228e96501 100755 --- a/libexec/rc/rc.d/ldconfig +++ b/libexec/rc/rc.d/ldconfig @@ -72,4 +72,8 @@ ldconfig_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ldconfig_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/linux b/libexec/rc/rc.d/linux index 1c6a97f606fe..d419920acaca 100755 --- a/libexec/rc/rc.d/linux +++ b/libexec/rc/rc.d/linux @@ -81,4 +81,8 @@ linux_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: kernel modules and FS-mounting +linux_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/local b/libexec/rc/rc.d/local index 6ac99c4b7e3c..c3f5e037563e 100755 --- a/libexec/rc/rc.d/local +++ b/libexec/rc/rc.d/local @@ -33,4 +33,8 @@ local_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: it may contain everything +local_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/local_unbound b/libexec/rc/rc.d/local_unbound index 4a717dad70fd..94f01810b303 100755 --- a/libexec/rc/rc.d/local_unbound +++ b/libexec/rc/rc.d/local_unbound @@ -35,6 +35,7 @@ load_rc_config $name : ${local_unbound_tls:=} : ${local_unbound_pidfile:=${pidfile}} pidfile=${local_unbound_pidfile} +: ${local_unbound_svcj_options:="net_basic"} do_as_unbound() { diff --git a/libexec/rc/rc.d/localpkg b/libexec/rc/rc.d/localpkg index ca5fc3e1109b..12fb9e0fd927 100755 --- a/libexec/rc/rc.d/localpkg +++ b/libexec/rc/rc.d/localpkg @@ -66,6 +66,8 @@ pkg_stop() (set -T trap 'exit 1' 2 ${script} stop) + elif [ -f "${script}" -o -L "${script}" ]; then + echo -n " (skipping ${script##*/}, not executable)" fi done [ -n "${initdone}" ] && echo '.' @@ -74,4 +76,8 @@ pkg_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: other rc.d scripts need to decide on their own +localpkg_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/lockd b/libexec/rc/rc.d/lockd index c35dd0975cfe..9c804751031a 100755 --- a/libexec/rc/rc.d/lockd +++ b/libexec/rc/rc.d/lockd @@ -16,6 +16,8 @@ rcvar=rpc_lockd_enable command="/usr/sbin/rpc.${name}" start_precmd='lockd_precmd' +: ${lockd_svcj_options:="net_basic"} + # Make sure that we are either an NFS client or server, and that we get # the correct flags from rc.conf(5). # @@ -23,9 +25,10 @@ lockd_precmd() { force_depend rpcbind || return 1 force_depend statd rpc_statd || return 1 - - rc_flags=${rpc_lockd_flags} } load_rc_config $name + +rc_flags=${rpc_lockd_flags} + run_rc_command $1 diff --git a/libexec/rc/rc.d/lpd b/libexec/rc/rc.d/lpd index 428b33f7c9fd..0c169bef99a5 100755 --- a/libexec/rc/rc.d/lpd +++ b/libexec/rc/rc.d/lpd @@ -16,6 +16,8 @@ command="/usr/sbin/${name}" required_files="/etc/printcap" start_precmd="chkprintcap" +: ${lpd_svcj_options:="net_basic"} + chkprintcap() { if checkyesno chkprintcap_enable ; then diff --git a/libexec/rc/rc.d/mdconfig b/libexec/rc/rc.d/mdconfig index 2322cdc55fc2..4df14017334b 100755 --- a/libexec/rc/rc.d/mdconfig +++ b/libexec/rc/rc.d/mdconfig @@ -181,6 +181,9 @@ fi load_rc_config $name +# doesn't make sense to run in a svcj: config setting +mdconfig_svcj="NO" + if [ -z "${_mdconfig_list}" ]; then for _mdconfig_config in `list_vars mdconfig_md[0-9]\* | sort_lite -nk1.12` diff --git a/libexec/rc/rc.d/mdconfig2 b/libexec/rc/rc.d/mdconfig2 index 2f958611f7de..716e71cd2a32 100755 --- a/libexec/rc/rc.d/mdconfig2 +++ b/libexec/rc/rc.d/mdconfig2 @@ -211,6 +211,9 @@ fi load_rc_config $name +# doesn't make sense to run in a svcj: config setting +mdconfig2_svcj="NO" + if [ -z "${_mdconfig2_list}" ]; then for _mdconfig2_config in `list_vars mdconfig_md[0-9]\* | sort_lite -nk1.12` diff --git a/libexec/rc/rc.d/mixer b/libexec/rc/rc.d/mixer index d8d43a2ffcc8..7527e16918d2 100755 --- a/libexec/rc/rc.d/mixer +++ b/libexec/rc/rc.d/mixer @@ -100,4 +100,8 @@ mixer_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +mixer_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/motd b/libexec/rc/rc.d/motd index b0f46df8ea7a..7858aef2c3fe 100755 --- a/libexec/rc/rc.d/motd +++ b/libexec/rc/rc.d/motd @@ -55,4 +55,8 @@ motd_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +motd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountcritlocal b/libexec/rc/rc.d/mountcritlocal index e9b8885279a2..f91eaf44457c 100755 --- a/libexec/rc/rc.d/mountcritlocal +++ b/libexec/rc/rc.d/mountcritlocal @@ -60,4 +60,8 @@ mountcritlocal_start() } load_rc_config $name + +# mounting shall not be performed in a svcj +mountcritlocal_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountcritremote b/libexec/rc/rc.d/mountcritremote index b2e0f9cfec49..99becaefb10f 100755 --- a/libexec/rc/rc.d/mountcritremote +++ b/libexec/rc/rc.d/mountcritremote @@ -86,4 +86,8 @@ mountcritremote_start() } load_rc_config $name + +# mounting shall not be performed in a svcj +mountcritremote_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountd b/libexec/rc/rc.d/mountd index 39b16d604321..8c0aa87e1d13 100755 --- a/libexec/rc/rc.d/mountd +++ b/libexec/rc/rc.d/mountd @@ -17,6 +17,8 @@ required_files="/etc/exports" start_precmd="mountd_precmd" extra_commands="reload" +: ${mountd_svcj_options:="net_basic nfsd"} + mountd_precmd() { @@ -68,4 +70,8 @@ mountd_precmd() } load_rc_config $name + +# precmd is not compatible with svcj +mountd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountlate b/libexec/rc/rc.d/mountlate index 133192ac183c..87ea9edccb74 100755 --- a/libexec/rc/rc.d/mountlate +++ b/libexec/rc/rc.d/mountlate @@ -44,4 +44,8 @@ mountlate_start() } load_rc_config $name + +# mounting shall not be performed in a svcj +mountlate_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/moused b/libexec/rc/rc.d/moused index 85a04c89447a..6f1b95af0f0a 100755 --- a/libexec/rc/rc.d/moused +++ b/libexec/rc/rc.d/moused @@ -18,6 +18,11 @@ pidfile="${pidprefix}.pid" pidarg= load_rc_config $name +# doesn't make sense to run in a svcj: nojail keyword +# XXX: How does moused communiacte with the kernel? +# XXX: Does the kernel prevent this communcation in jails? +moused_svcj="NO" + # Set the pid file and variable name. The second argument, if it exists, is # expected to be the mouse device. # diff --git a/libexec/rc/rc.d/msgs b/libexec/rc/rc.d/msgs index 4ea396c99f66..424d545f884d 100755 --- a/libexec/rc/rc.d/msgs +++ b/libexec/rc/rc.d/msgs @@ -22,4 +22,8 @@ msgs_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +msgs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/natd b/libexec/rc/rc.d/natd index d95d586ac69f..1c8c1cb50a96 100755 --- a/libexec/rc/rc.d/natd +++ b/libexec/rc/rc.d/natd @@ -40,4 +40,8 @@ natd_precmd() } load_rc_config $name + +# precmd is not compatible with svcj +natd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/netif b/libexec/rc/rc.d/netif index 3da296e97384..4fe9b60cbb20 100755 --- a/libexec/rc/rc.d/netif +++ b/libexec/rc/rc.d/netif @@ -268,4 +268,8 @@ netif_common() # This is needed for mfsBSD at least. load_rc_config network load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +netif_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/netoptions b/libexec/rc/rc.d/netoptions index 7f57c02f0fb4..0f329a5385cf 100755 --- a/libexec/rc/rc.d/netoptions +++ b/libexec/rc/rc.d/netoptions @@ -122,4 +122,8 @@ netoptions_inet6() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +netoptions_svcj="NO" + run_rc_command $1 diff --git a/libexec/rc/rc.d/netwait b/libexec/rc/rc.d/netwait index 8342a100bd87..3f374806d97c 100755 --- a/libexec/rc/rc.d/netwait +++ b/libexec/rc/rc.d/netwait @@ -111,4 +111,8 @@ netwait_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +netwait_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/newsyslog b/libexec/rc/rc.d/newsyslog index 9434bb8e12ec..9b959bfabe85 100755 --- a/libexec/rc/rc.d/newsyslog +++ b/libexec/rc/rc.d/newsyslog @@ -23,4 +23,8 @@ newsyslog_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: needs to send signals outside the svcj +newsyslog_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfscbd b/libexec/rc/rc.d/nfscbd index 317a41ef8d3b..450de46e0855 100755 --- a/libexec/rc/rc.d/nfscbd +++ b/libexec/rc/rc.d/nfscbd @@ -14,6 +14,8 @@ rcvar="nfscbd_enable" command="/usr/sbin/${name}" sig_stop="USR1" +: ${nfscbd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfsclient b/libexec/rc/rc.d/nfsclient index f475e867b6c9..857cfa02036f 100755 --- a/libexec/rc/rc.d/nfsclient +++ b/libexec/rc/rc.d/nfsclient @@ -46,4 +46,8 @@ unmount_all() fi } load_rc_config $name + +# no unmounting in svcj +nfsclient_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfsd b/libexec/rc/rc.d/nfsd index 86409f0e655f..364c2a3b6bd3 100755 --- a/libexec/rc/rc.d/nfsd +++ b/libexec/rc/rc.d/nfsd @@ -14,7 +14,11 @@ rcvar="nfs_server_enable" command="/usr/sbin/${name}" nfs_server_vhost="" +: ${nfsd_svcj_options:="net_basic nfsd"} + load_rc_config $name +# precmd is not compatible with svcj +nfsd_svcj="NO" start_precmd="nfsd_precmd" sig_stop="USR1" diff --git a/libexec/rc/rc.d/nfsuserd b/libexec/rc/rc.d/nfsuserd index 297b88dccfcd..3ef88dcc6dfc 100755 --- a/libexec/rc/rc.d/nfsuserd +++ b/libexec/rc/rc.d/nfsuserd @@ -14,7 +14,11 @@ rcvar="nfsuserd_enable" command="/usr/sbin/${name}" sig_stop="USR1" +: ${nfsuserd_svcj_options:="net_basic nfsd"} + load_rc_config $name +# precmd is not compatible with svcj +nfsuserd_svcj="NO" start_precmd="nfsuserd_precmd" nfsuserd_precmd() diff --git a/libexec/rc/rc.d/nisdomain b/libexec/rc/rc.d/nisdomain index 56fe1a6c5c0b..9616d7be39ac 100755 --- a/libexec/rc/rc.d/nisdomain +++ b/libexec/rc/rc.d/nisdomain @@ -51,4 +51,8 @@ nisdomain_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +nisdomain_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/nscd b/libexec/rc/rc.d/nscd index 64421c29358c..611d2d8ddb8f 100755 --- a/libexec/rc/rc.d/nscd +++ b/libexec/rc/rc.d/nscd @@ -21,6 +21,9 @@ name="nscd" desc="Name-service caching daemon" rcvar="nscd_enable" +# no svcj options needed +: ${nscd_svcj_options:=""} + command=/usr/sbin/nscd extra_commands="flush" flush_cmd="${command} -I all" diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd index 76d83149ae1a..e7e42da8acc7 100755 --- a/libexec/rc/rc.d/ntpd +++ b/libexec/rc/rc.d/ntpd @@ -28,6 +28,9 @@ pidfile="${_ntp_default_dir}/${name}.pid" load_rc_config $name +# doesn't make sense to run in a svcj: nojail keyword +ntpd_svcj="NO" + leapfile_is_disabled() { # Return true (0) if automatic leapfile handling is disabled. case "$ntp_db_leapfile" in diff --git a/libexec/rc/rc.d/ntpdate b/libexec/rc/rc.d/ntpdate index 428072a05f49..cb948d739227 100755 --- a/libexec/rc/rc.d/ntpdate +++ b/libexec/rc/rc.d/ntpdate @@ -31,4 +31,8 @@ ntpdate_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +ntpdate_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/opensm b/libexec/rc/rc.d/opensm index ff208ddc3ae4..650345d81c12 100755 --- a/libexec/rc/rc.d/opensm +++ b/libexec/rc/rc.d/opensm @@ -12,6 +12,8 @@ name="opensm" start_cmd="opensm_start" rcvar="opensm_enable" +: ${opensm_svcj_options:="net_basic"} + command=/usr/bin/opensm command_args="-B" diff --git a/libexec/rc/rc.d/os-release b/libexec/rc/rc.d/os-release index 3373d42b1533..0f8ee71e06b4 100755 --- a/libexec/rc/rc.d/os-release +++ b/libexec/rc/rc.d/os-release @@ -41,4 +41,8 @@ __EOF__ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +osrelease_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/pf b/libexec/rc/rc.d/pf index f227782e640c..0b4c086db22b 100755 --- a/libexec/rc/rc.d/pf +++ b/libexec/rc/rc.d/pf @@ -22,6 +22,9 @@ extra_commands="check reload resync" required_files="$pf_rules" required_modules="pf" +# doesn't make sense to run in a svcj: config setting +pf_svcj="NO" + pf_fallback() { warn "Unable to load $pf_rules." diff --git a/libexec/rc/rc.d/pflog b/libexec/rc/rc.d/pflog index c6bb024ee0be..b47252a23e0f 100755 --- a/libexec/rc/rc.d/pflog +++ b/libexec/rc/rc.d/pflog @@ -17,6 +17,9 @@ start_precmd="pflog_prestart" stop_postcmd="pflog_poststop" extra_commands="reload resync" +# no svcj options needed +: ${pflog_svcj_options:=""} + # for backward compatibility resync_cmd="pflog_resync" @@ -70,6 +73,9 @@ pflog_resync() load_rc_config $name +# precmd is not compatible with svcj +pflog_svcj="NO" + # Check if spawning multiple pflogd and told what to spawn if [ -n "$2" ]; then # Set required variables diff --git a/libexec/rc/rc.d/pfsync b/libexec/rc/rc.d/pfsync index 1e75644315b1..e2ba9c17cd45 100755 --- a/libexec/rc/rc.d/pfsync +++ b/libexec/rc/rc.d/pfsync @@ -45,4 +45,8 @@ pfsync_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +pfsync_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/power_profile b/libexec/rc/rc.d/power_profile index 71f3f3ad8792..7e187bf0a67c 100755 --- a/libexec/rc/rc.d/power_profile +++ b/libexec/rc/rc.d/power_profile @@ -62,6 +62,9 @@ if [ $# -ne 1 ]; then fi load_rc_config $name +# doesn't make sense to run in a svcj: privileged operations +power_profile_svcj="NO" + # Find the next state (performance or economy). state=$1 case ${state} in diff --git a/libexec/rc/rc.d/powerd b/libexec/rc/rc.d/powerd index d0f10f781231..8ebc9cc2dc7f 100755 --- a/libexec/rc/rc.d/powerd +++ b/libexec/rc/rc.d/powerd @@ -15,4 +15,8 @@ rcvar="powerd_enable" command="/usr/sbin/${name}" load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +powerd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ppp b/libexec/rc/rc.d/ppp index cc7c8599777c..6f41d67f8940 100755 --- a/libexec/rc/rc.d/ppp +++ b/libexec/rc/rc.d/ppp @@ -131,4 +131,8 @@ ppp_stop() { } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ppp_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/pppoed b/libexec/rc/rc.d/pppoed index 6e7225b83a52..5c64862c6a49 100755 --- a/libexec/rc/rc.d/pppoed +++ b/libexec/rc/rc.d/pppoed @@ -30,4 +30,8 @@ pppoed_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +pppoed_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/pwcheck b/libexec/rc/rc.d/pwcheck index 564c110d6a98..db42fdd0d37e 100755 --- a/libexec/rc/rc.d/pwcheck +++ b/libexec/rc/rc.d/pwcheck @@ -24,4 +24,8 @@ pwcheck_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +pwcheck_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/quota b/libexec/rc/rc.d/quota index adbc3b3bd372..9a3a3d50739c 100755 --- a/libexec/rc/rc.d/quota +++ b/libexec/rc/rc.d/quota @@ -18,6 +18,9 @@ load_rc_config $name start_cmd="quota_start" stop_cmd="/usr/sbin/quotaoff ${quotaoff_flags}" +# doesn't make sense to run in a svcj: config setting +quota_svcj="NO" + quota_start() { if checkyesno check_quotas; then diff --git a/libexec/rc/rc.d/random b/libexec/rc/rc.d/random index 1900f6cef5a4..c34f0d1f86b4 100755 --- a/libexec/rc/rc.d/random +++ b/libexec/rc/rc.d/random @@ -151,4 +151,8 @@ random_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +random_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/rarpd b/libexec/rc/rc.d/rarpd index f7f5f3b04094..2618565ae0d1 100755 --- a/libexec/rc/rc.d/rarpd +++ b/libexec/rc/rc.d/rarpd @@ -15,6 +15,8 @@ rcvar="rarpd_enable" command="/usr/sbin/${name}" required_files="/etc/ethers" +: ${rarpd_svcj_options:="net_basic"} + load_rc_config $name pidfile="${rarpd_pidfile:-/var/run/${name}.pid}" diff --git a/libexec/rc/rc.d/rctl b/libexec/rc/rc.d/rctl index 3d644cd1d8ec..96c148e78bcd 100755 --- a/libexec/rc/rc.d/rctl +++ b/libexec/rc/rc.d/rctl @@ -38,4 +38,8 @@ rctl_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +rctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/resolv b/libexec/rc/rc.d/resolv index c94e1c8ff1f1..a46c7ba314e9 100755 --- a/libexec/rc/rc.d/resolv +++ b/libexec/rc/rc.d/resolv @@ -59,4 +59,8 @@ resolv_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +resolv_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/rfcomm_pppd_server b/libexec/rc/rc.d/rfcomm_pppd_server index ef5afa7a5de2..810c1adc8e91 100755 --- a/libexec/rc/rc.d/rfcomm_pppd_server +++ b/libexec/rc/rc.d/rfcomm_pppd_server @@ -119,4 +119,8 @@ rfcomm_pppd_server_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +rfcomm_pppd_server_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/root b/libexec/rc/rc.d/root index e64ea7fe2dcd..e1dad6270e7d 100755 --- a/libexec/rc/rc.d/root +++ b/libexec/rc/rc.d/root @@ -39,4 +39,8 @@ root_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: mounting / config setting +root_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/route6d b/libexec/rc/rc.d/route6d index f27a0e7f8d6c..873efdeb123c 100755 --- a/libexec/rc/rc.d/route6d +++ b/libexec/rc/rc.d/route6d @@ -12,6 +12,8 @@ name="route6d" desc="RIP6 routing daemon" rcvar="route6d_enable" +: ${route6d_svcj_options:="net_basic"} + set_rcvar_obsolete ipv6_router_enable route6d_enable set_rcvar_obsolete ipv6_router route6d_program set_rcvar_obsolete ipv6_router_flags route6d_flags diff --git a/libexec/rc/rc.d/routed b/libexec/rc/rc.d/routed index d5fb464ece8c..9338cf034edd 100755 --- a/libexec/rc/rc.d/routed +++ b/libexec/rc/rc.d/routed @@ -13,6 +13,8 @@ name="routed" desc="Network RIP and router discovery routing daemon" rcvar="routed_enable" +: ${routed_svcj_options:="net_basic"} + set_rcvar_obsolete router_enable routed_enable set_rcvar_obsolete router routed_program set_rcvar_obsolete router_flags routed_flags diff --git a/libexec/rc/rc.d/routing b/libexec/rc/rc.d/routing index d7113eb90722..893acb83cf4a 100755 --- a/libexec/rc/rc.d/routing +++ b/libexec/rc/rc.d/routing @@ -435,4 +435,8 @@ options_inet6() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +routing_svcj="NO" + run_rc_command "$@" diff --git a/libexec/rc/rc.d/rpcbind b/libexec/rc/rc.d/rpcbind index 699fdd094241..c393df666219 100755 --- a/libexec/rc/rc.d/rpcbind +++ b/libexec/rc/rc.d/rpcbind @@ -13,6 +13,8 @@ desc="Universal addresses to RPC program number mapper" rcvar="rpcbind_enable" command="/usr/sbin/${name}" +: ${rpcbind_svcj_options:="net_basic"} + stop_postcmd='/bin/rm -f /var/run/rpcbind.*' load_rc_config $name diff --git a/libexec/rc/rc.d/rtadvd b/libexec/rc/rc.d/rtadvd index 1340c18e29e4..99fec22604aa 100755 --- a/libexec/rc/rc.d/rtadvd +++ b/libexec/rc/rc.d/rtadvd @@ -18,6 +18,8 @@ extra_commands="reload" reload_cmd="rtadvd_reload" start_precmd="rtadvd_precmd" +: ${rtadvd_svcj_options:="net_basic"} + rtadvd_precmd() { # This should be enabled with a great care. @@ -69,4 +71,7 @@ rtadvd_reload() { } load_rc_config $name + +# precmd is not compatible with svcj +rtadvd_svcj="NO" run_rc_command "$1" diff --git a/libexec/rc/rc.d/rtsold b/libexec/rc/rc.d/rtsold index fe21e5a235bb..5578af5a367f 100755 --- a/libexec/rc/rc.d/rtsold +++ b/libexec/rc/rc.d/rtsold @@ -16,6 +16,8 @@ command="/usr/sbin/${name}" pidfile="/var/run/${name}.pid" start_postcmd="rtsold_poststart" +: ${rtsold_svcj_options:="net_basic"} + rtsold_poststart() { # wait for DAD diff --git a/libexec/rc/rc.d/rwho b/libexec/rc/rc.d/rwho index ea6c6c8c3b20..f35bcda30ebf 100755 --- a/libexec/rc/rc.d/rwho +++ b/libexec/rc/rc.d/rwho @@ -14,5 +14,7 @@ desc="System status server" rcvar="rwhod_enable" command="/usr/sbin/${name}" +: ${rwhod_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/savecore b/libexec/rc/rc.d/savecore index 9f326eba21b3..889476591dac 100755 --- a/libexec/rc/rc.d/savecore +++ b/libexec/rc/rc.d/savecore @@ -78,4 +78,8 @@ savecore_start() } load_rc_config $name + +# doesn't make sense to run in a svcj +savecore_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/sdpd b/libexec/rc/rc.d/sdpd index 1de7ed5d8fa9..a7bf51ecdc75 100755 --- a/libexec/rc/rc.d/sdpd +++ b/libexec/rc/rc.d/sdpd @@ -21,4 +21,7 @@ group="${sdpd_groupname:-nobody}" user="${sdpd_username:-nobody}" command_args="-c ${control} -g ${group} -u ${user}" +# doesn't make sense to run in a svcj: nojail keyword +sdpd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/securelevel b/libexec/rc/rc.d/securelevel index 427d424f5e3d..e5c5a410cf62 100755 --- a/libexec/rc/rc.d/securelevel +++ b/libexec/rc/rc.d/securelevel @@ -22,4 +22,8 @@ securelevel_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +securelevel_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/sendmail b/libexec/rc/rc.d/sendmail index 68803a957952..94100b6d00a9 100755 --- a/libexec/rc/rc.d/sendmail +++ b/libexec/rc/rc.d/sendmail @@ -19,6 +19,8 @@ rcvar="sendmail_enable" required_files="/etc/mail/${name}.cf" start_precmd="sendmail_precmd" +: ${sendmail_svcj_options:="net_basic"} + load_rc_config $name command=${sendmail_program:-/usr/sbin/${name}} pidfile=${sendmail_pidfile:-/var/run/${name}.pid} diff --git a/libexec/rc/rc.d/sshd b/libexec/rc/rc.d/sshd index 63113fd9ee74..000336a6dcc8 100755 --- a/libexec/rc/rc.d/sshd +++ b/libexec/rc/rc.d/sshd @@ -25,6 +25,12 @@ extra_commands="configtest keygen reload" : ${sshd_ecdsa_enable:="yes"} : ${sshd_ed25519_enable:="yes"} +# sshd in a jail would not see other jails. As such exclude it from +# svcj_all_enable="YES" by setting sshd_svcj to NO. This allows to +# enable it in rc.conf. +: ${sshd_svcj:="NO"} +: ${sshd_svcj_options:="net_basic"} + sshd_keygen_alg() { local alg=$1 diff --git a/libexec/rc/rc.d/statd b/libexec/rc/rc.d/statd index 03254932c37c..3f2678af2940 100755 --- a/libexec/rc/rc.d/statd +++ b/libexec/rc/rc.d/statd @@ -16,15 +16,18 @@ rcvar=rpc_statd_enable command="/usr/sbin/rpc.${name}" start_precmd='statd_precmd' +: ${statd_svcj_options:="net_basic"} + # Make sure that we are either an NFS client or server, and that we get # the correct flags from rc.conf(5). # statd_precmd() { force_depend rpcbind || return 1 - - rc_flags=${rpc_statd_flags} } load_rc_config $name + +rc_flags=${rpc_statd_flags} + run_rc_command $1 diff --git a/libexec/rc/rc.d/static_arp b/libexec/rc/rc.d/static_arp index b6ad064cc102..42db3c2c8fff 100755 --- a/libexec/rc/rc.d/static_arp +++ b/libexec/rc/rc.d/static_arp @@ -70,4 +70,8 @@ static_arp_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +statc_arp_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/static_ndp b/libexec/rc/rc.d/static_ndp index 8f0f3fc35957..e66c4a0080c3 100755 --- a/libexec/rc/rc.d/static_ndp +++ b/libexec/rc/rc.d/static_ndp @@ -69,4 +69,8 @@ static_ndp_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +static_ndp_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/stf b/libexec/rc/rc.d/stf index 48a27b542f05..94a585693982 100755 --- a/libexec/rc/rc.d/stf +++ b/libexec/rc/rc.d/stf @@ -75,4 +75,8 @@ stf_down() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +stf_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/swap b/libexec/rc/rc.d/swap index fb1e11281ea6..f7663fc422bf 100755 --- a/libexec/rc/rc.d/swap +++ b/libexec/rc/rc.d/swap @@ -14,4 +14,8 @@ start_cmd='/sbin/swapon -aq' stop_cmd=':' load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +swap_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/swaplate b/libexec/rc/rc.d/swaplate index 28beb8e835c9..da86cb2bf686 100755 --- a/libexec/rc/rc.d/swaplate +++ b/libexec/rc/rc.d/swaplate @@ -14,4 +14,8 @@ start_cmd='/sbin/swapon -aLq' stop_cmd='/sbin/swapoff -aLq' load_rc_config swap + +# doesn't make sense to run in a svcj: privileged operations +swaplate_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/syscons b/libexec/rc/rc.d/syscons index beef467deaf8..325628a83d8c 100755 --- a/libexec/rc/rc.d/syscons +++ b/libexec/rc/rc.d/syscons @@ -396,5 +396,9 @@ syscons_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +syscons_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/sysctl b/libexec/rc/rc.d/sysctl index 5d586776929e..0ca753b530af 100755 --- a/libexec/rc/rc.d/sysctl +++ b/libexec/rc/rc.d/sysctl @@ -34,4 +34,8 @@ sysctl_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +sysctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/sysctl_lastload b/libexec/rc/rc.d/sysctl_lastload index 335bd9cdc1bc..6d97561ed2c0 100755 --- a/libexec/rc/rc.d/sysctl_lastload +++ b/libexec/rc/rc.d/sysctl_lastload @@ -14,4 +14,8 @@ start_cmd="/etc/rc.d/sysctl lastload" stop_cmd=":" load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +sysctl_lastload_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/syslogd b/libexec/rc/rc.d/syslogd index 3f67014d0b01..8d0ff952a6b2 100755 --- a/libexec/rc/rc.d/syslogd +++ b/libexec/rc/rc.d/syslogd @@ -22,6 +22,8 @@ extra_commands="reload" sockfile="/var/run/syslogd.sockets" evalargs="rc_flags=\"\`set_socketlist\` \$rc_flags\"" +: ${syslogd_svcj_options:="net_basic"} + syslogd_precmd() { local _l _ldir diff --git a/libexec/rc/rc.d/sysvipc b/libexec/rc/rc.d/sysvipc index a76e662576db..ce38db598641 100755 --- a/libexec/rc/rc.d/sysvipc +++ b/libexec/rc/rc.d/sysvipc @@ -22,4 +22,8 @@ sysvipc_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +sysvipc_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/tlsclntd b/libexec/rc/rc.d/tlsclntd index ff1336b2d08a..5688c7ff53a2 100755 --- a/libexec/rc/rc.d/tlsclntd +++ b/libexec/rc/rc.d/tlsclntd @@ -15,6 +15,8 @@ rcvar="tlsclntd_enable" command="/usr/sbin/rpc.${name}" pidfile="/var/run/rpc.${name}.pid" +: ${tlsclntd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/tlsservd b/libexec/rc/rc.d/tlsservd index 98a713dd3ff5..989e17996043 100755 --- a/libexec/rc/rc.d/tlsservd +++ b/libexec/rc/rc.d/tlsservd @@ -14,6 +14,8 @@ desc="NFS over TLS server side daemon" rcvar="tlsservd_enable" command="/usr/sbin/rpc.${name}" +: ${tlsservd_svcj_options:="net_basic nfsd"} + pidfile="/var/run/rpc.${name}.pid" required_files="/etc/rpc.tlsservd/cert.pem /etc/rpc.tlsservd/certkey.pem" extra_commands="reload" diff --git a/libexec/rc/rc.d/tmp b/libexec/rc/rc.d/tmp index bde1ba257c2c..cc970816e45c 100755 --- a/libexec/rc/rc.d/tmp +++ b/libexec/rc/rc.d/tmp @@ -37,6 +37,9 @@ stop_cmd=':' load_rc_config $name +# doesn't make sense to run in a svcj: mounting +tmp_svcj="NO" + mount_tmpmfs() { while read line; do diff --git a/libexec/rc/rc.d/ubthidhci b/libexec/rc/rc.d/ubthidhci index a311ec07ebf6..9792a0e3530d 100755 --- a/libexec/rc/rc.d/ubthidhci +++ b/libexec/rc/rc.d/ubthidhci @@ -28,6 +28,10 @@ ubthidhci_prestart() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ubthidhci_svcj="NO" + # # We discard the output because: # 1) we don't want it to show up during boot; and diff --git a/libexec/rc/rc.d/ugidfw b/libexec/rc/rc.d/ugidfw index 852c04bc216f..13b20c45ee29 100755 --- a/libexec/rc/rc.d/ugidfw +++ b/libexec/rc/rc.d/ugidfw @@ -48,4 +48,8 @@ ugidfw_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ugidfw_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/utx b/libexec/rc/rc.d/utx index 96bbae07d2cf..d7149f66e68b 100755 --- a/libexec/rc/rc.d/utx +++ b/libexec/rc/rc.d/utx @@ -16,4 +16,8 @@ start_cmd="utx boot" stop_cmd="utx shutdown" load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +utx_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/var b/libexec/rc/rc.d/var index ff5150a96904..b4939e2bc4a0 100755 --- a/libexec/rc/rc.d/var +++ b/libexec/rc/rc.d/var @@ -39,6 +39,9 @@ stop_cmd=':' load_rc_config $name +# doesn't make sense to run in a svcj: mounting +var_svcj="NO" + populate_var() { /usr/sbin/mtree -deiU -f /etc/mtree/BSD.var.dist -p /var > /dev/null diff --git a/libexec/rc/rc.d/var_run b/libexec/rc/rc.d/var_run index bf8f0cb737b4..0dc37698ee76 100755 --- a/libexec/rc/rc.d/var_run +++ b/libexec/rc/rc.d/var_run @@ -17,6 +17,9 @@ stop_cmd="_var_run_stop" load_rc_config $name +# doesn't make sense to run in a svcj: config setting +var_run_svcj="NO" + _var_run_load() { test -f ${var_run_mtree} && mtree -U -i -q -f ${var_run_mtree} -p /var/run > /dev/null diff --git a/libexec/rc/rc.d/virecover b/libexec/rc/rc.d/virecover index ed65fc00474a..d6f9f8bdef9a 100755 --- a/libexec/rc/rc.d/virecover +++ b/libexec/rc/rc.d/virecover @@ -62,4 +62,8 @@ virecover_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +virecover_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/watchdogd b/libexec/rc/rc.d/watchdogd index 7565d8bcd94d..6cd37b8c5ceb 100755 --- a/libexec/rc/rc.d/watchdogd +++ b/libexec/rc/rc.d/watchdogd @@ -88,4 +88,8 @@ watchdogd_poststop() } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +watchdogd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/wpa_supplicant b/libexec/rc/rc.d/wpa_supplicant index fea0f36997ef..61525a82894b 100755 --- a/libexec/rc/rc.d/wpa_supplicant +++ b/libexec/rc/rc.d/wpa_supplicant @@ -33,4 +33,7 @@ command_args="-B -i $ifn -c $conf_file -D $driver -P $pidfile" required_files=$conf_file required_modules="wlan_wep wlan_tkip wlan_ccmp" +# doesn't make sense to run in a svcj: nojail keyword +wpa_supplicant_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ypbind b/libexec/rc/rc.d/ypbind index b4e47cb0a37d..a6bf00f1ed9d 100755 --- a/libexec/rc/rc.d/ypbind +++ b/libexec/rc/rc.d/ypbind @@ -13,6 +13,8 @@ name="ypbind" desc="NIS domain binding daemon" rcvar="nis_client_enable" +: ${ypbind_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/${name}" diff --git a/libexec/rc/rc.d/ypldap b/libexec/rc/rc.d/ypldap index 051d0ce9977e..579b004a07c0 100755 --- a/libexec/rc/rc.d/ypldap +++ b/libexec/rc/rc.d/ypldap @@ -12,6 +12,8 @@ name="ypldap" rcvar="nis_ypldap_enable" +: ${ypldap_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/${name}" diff --git a/libexec/rc/rc.d/yppasswdd b/libexec/rc/rc.d/yppasswdd index 83a7bcc713dd..81a04d753305 100755 --- a/libexec/rc/rc.d/yppasswdd +++ b/libexec/rc/rc.d/yppasswdd @@ -13,6 +13,8 @@ name="yppasswdd" desc="Server for updating NIS passwords" rcvar="nis_yppasswdd_enable" +: ${yppasswdd_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/rpc.${name}" diff --git a/libexec/rc/rc.d/ypserv b/libexec/rc/rc.d/ypserv index 9b60e9a55b25..8cae179fdd11 100755 --- a/libexec/rc/rc.d/ypserv +++ b/libexec/rc/rc.d/ypserv @@ -12,6 +12,8 @@ name="ypserv" desc="NIS database server" rcvar="nis_server_enable" +: ${ypserv_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/${name}" diff --git a/libexec/rc/rc.d/ypset b/libexec/rc/rc.d/ypset index 2f259de05e59..123a94ea44e8 100755 --- a/libexec/rc/rc.d/ypset +++ b/libexec/rc/rc.d/ypset @@ -14,6 +14,9 @@ rcvar="nis_ypset_enable" load_rc_config $name +# doesn't make sense to run in a svcj: config setting +ypset_svcj="NO" + command="/usr/sbin/${name}" command_args="${nis_ypset_flags}" diff --git a/libexec/rc/rc.d/ypupdated b/libexec/rc/rc.d/ypupdated index f7a7769c766a..1a4c595c745a 100755 --- a/libexec/rc/rc.d/ypupdated +++ b/libexec/rc/rc.d/ypupdated @@ -11,6 +11,8 @@ name="ypupdated" rcvar="rpc_ypupdated_enable" +: ${ypupdated_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/rpc.${name}" diff --git a/libexec/rc/rc.d/ypxfrd b/libexec/rc/rc.d/ypxfrd index 3bc7fd8d29e6..ea929b0d25ce 100755 --- a/libexec/rc/rc.d/ypxfrd +++ b/libexec/rc/rc.d/ypxfrd @@ -12,6 +12,8 @@ name="ypxfrd" desc="NIS map transfer server" rcvar="nis_ypxfrd_enable" +: ${ypxfrd_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/rpc.${name}" diff --git a/libexec/rc/rc.d/zfs b/libexec/rc/rc.d/zfs index d7c5b20ee6d1..26bf3046444b 100755 --- a/libexec/rc/rc.d/zfs +++ b/libexec/rc/rc.d/zfs @@ -75,4 +75,8 @@ zfs_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: mounting / config setting +zfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfsbe b/libexec/rc/rc.d/zfsbe index 31b0a180800f..f61f3bf097f0 100755 --- a/libexec/rc/rc.d/zfsbe +++ b/libexec/rc/rc.d/zfsbe @@ -85,4 +85,8 @@ be_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: mounting / config setting +zfsbe_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfsd b/libexec/rc/rc.d/zfsd index 5b9c2ea31837..f0abeeeb446b 100755 --- a/libexec/rc/rc.d/zfsd +++ b/libexec/rc/rc.d/zfsd @@ -13,4 +13,8 @@ rcvar="zfsd_enable" command="/usr/sbin/${name}" load_rc_config $name + +# doesn't make sense to run in a svcj +zfsd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfskeys b/libexec/rc/rc.d/zfskeys index c558eb3af5d7..ea38182a66c7 100755 --- a/libexec/rc/rc.d/zfskeys +++ b/libexec/rc/rc.d/zfskeys @@ -116,4 +116,8 @@ unload_zfs_keys() zfskeys_args=$(encode_args "$@") load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +zfskeys_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zpool b/libexec/rc/rc.d/zpool index 5a5ef00755cc..94e107bd9ae0 100755 --- a/libexec/rc/rc.d/zpool +++ b/libexec/rc/rc.d/zpool @@ -34,4 +34,8 @@ zpool_start() } load_rc_config $name + +# doesn't make sense to run in a svcj +zpool_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zpoolreguid b/libexec/rc/rc.d/zpoolreguid index 77ecac13ad5a..f94630d9283f 100755 --- a/libexec/rc/rc.d/zpoolreguid +++ b/libexec/rc/rc.d/zpoolreguid @@ -22,4 +22,8 @@ zpoolreguid_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +zpoolreguid_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zpoolupgrade b/libexec/rc/rc.d/zpoolupgrade index 6f5720bac6a7..1435cba7199c 100755 --- a/libexec/rc/rc.d/zpoolupgrade +++ b/libexec/rc/rc.d/zpoolupgrade @@ -22,4 +22,8 @@ zpoolupgrade_start() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +zpoolupgrade_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zvol b/libexec/rc/rc.d/zvol index 351dce09ca27..b9f17fad5bfd 100755 --- a/libexec/rc/rc.d/zvol +++ b/libexec/rc/rc.d/zvol @@ -42,4 +42,8 @@ zvol_stop() } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +zvol_svcj="NO" + run_rc_command "$1"