Differential D40371

automatic service jails: some setup for full functionality of the services in automatic service jails
ClosedPublic
Actions

Authored by netchild on Jun 1 2023, 9:00 AM.

Tags

Referenced Files

	Unknown Object (File)
	Sat, May 16, 5:14 AM

	Unknown Object (File)
	Fri, May 15, 3:30 PM

	Unknown Object (File)
	Fri, May 15, 10:35 AM

	Unknown Object (File)
	Fri, May 15, 10:27 AM

	Unknown Object (File)
	Fri, May 15, 4:34 AM

	Unknown Object (File)
	Thu, May 14, 11:44 PM

	Unknown Object (File)
	Thu, May 14, 8:08 PM

	Unknown Object (File)
	Wed, May 13, 11:50 PM

Subscribers

guest-patmaddox

mateusz_serveraptor.com

Details

Reviewers: None
Commits: rGf99f0ee14e3a: rc.d: add a service jails config to all base system services

Summary

This depends upon:

--https://reviews.freebsd.org/D40369-- committed

https://reviews.freebsd.org/D40370

It gives more permissions to services (e.g. network access to services which require this) which are started as an automatic service jail (D40370). The sshd patch is important for the sshd-related functionality as described in the man-page of D40370.

The location of the added env vars is supposed to allow overriding them in rc.conf, and to hard-disable the use of svcj for some parts where it doesn't make sense or will not work. Only a small subset of all of the services is tested.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

netchild requested review of this revision.Jun 1 2023, 9:00 AM

netchild created this revision.

mateusz_serveraptor.com added a subscriber: mateusz_serveraptor.com.Jun 1 2023, 11:19 AM

ihor_antonovs.family added a project: Jails.Jun 5 2023, 2:55 PM

netchild added a project: rc.Jun 6 2023, 8:29 AM

Add config for some more services.

Herald added a subscriber: imp. · View Herald TranscriptNov 16 2023, 10:08 AM

netchild updated this revision to Diff 130506.Nov 24 2023, 11:38 AM

netchild edited the summary of this revision. (Show Details)

Only rc.d/opensm is missing.

netchild mentioned this in D42779: Handbook / rc-article update for Service Jails.Nov 27 2023, 12:36 PM

guest-patmaddox added a subscriber: guest-patmaddox.Dec 13 2023, 10:00 PM

make some scripts compatible with svcj (convert parts of the precmd into another way of settings variables), precmd is not run inside the same shell/jail = make it work with svcj
add some support for nfs in svcj, not yet finished (precmd is not comaptible)
exclude some scripts from svcj due to an incompatible precmd (not run in same shell/jail)

This revision was not accepted when it landed; it landed in state Needs Review.May 22 2024, 1:42 PM

Closed by commit rGf99f0ee14e3a: rc.d: add a service jails config to all base system services (authored by netchild). · Explain Why

This revision was automatically updated to reflect the committed changes.

netchild added a commit: rGf99f0ee14e3a: rc.d: add a service jails config to all base system services.

Revision Contents
Changeset List

Path

Size

libexec/

rc/

rc.d/

4 lines

4 lines

4 lines

4 lines

4 lines

2 lines

4 lines

4 lines

4 lines

4 lines

3 lines

3 lines

2 lines

4 lines

2 lines

3 lines

4 lines

4 lines

4 lines

4 lines

5 lines

4 lines

3 lines

4 lines

4 lines

4 lines

4 lines

3 lines

4 lines

3 lines

4 lines

4 lines

2 lines

10 lines

4 lines

4 lines

3 lines

4 lines

4 lines

4 lines

2 lines

4 lines

3 lines

4 lines

4 lines

4 lines

4 lines

2 lines

4 lines

4 lines

3 lines

4 lines

3 lines

3 lines

3 lines

3 lines

4 lines

12 lines

14 lines

4 lines

4 lines

4 lines

4 lines

10 lines

1 line

2 lines

8 lines

4 lines

4 lines

10 lines

4 lines

4 lines

4 lines

1 line

6 lines

7 lines

2 lines

3 lines

3 lines

4 lines

4 lines

4 lines

mountcritremote

4 lines

6 lines

4 lines

5 lines

4 lines

4 lines

4 lines

4 lines

4 lines

4 lines

2 lines

4 lines

4 lines

4 lines

4 lines

3 lines

3 lines

4 lines

2 lines

4 lines

3 lines

6 lines

4 lines

3 lines

4 lines

4 lines

4 lines

4 lines

3 lines

4 lines

2 lines

4 lines

4 lines

rfcomm_pppd_server

4 lines

4 lines

2 lines

2 lines

4 lines

2 lines

5 lines

2 lines

2 lines

4 lines

3 lines

4 lines

2 lines

6 lines

7 lines

4 lines

4 lines

4 lines

4 lines

4 lines

4 lines

4 lines

sysctl_lastload

4 lines

2 lines

4 lines

2 lines

2 lines

3 lines

4 lines

4 lines

4 lines

3 lines

3 lines

4 lines

4 lines

3 lines

2 lines

2 lines

2 lines

2 lines

3 lines

2 lines

2 lines

4 lines

4 lines

4 lines

4 lines

4 lines

4 lines

4 lines

4 lines

Diff 138914

libexec/rc/rc.d/accounting

Loading...

libexec/rc/rc.d/adjkerntz

Loading...

libexec/rc/rc.d/apm

Loading...

libexec/rc/rc.d/apmd

Loading...

libexec/rc/rc.d/auditd

Loading...

libexec/rc/rc.d/auditdistd

Loading...

libexec/rc/rc.d/automount

Loading...

libexec/rc/rc.d/automountd

Loading...

libexec/rc/rc.d/autounmountd

Loading...

libexec/rc/rc.d/bgfsck

Loading...

libexec/rc/rc.d/blacklistd

Loading...

libexec/rc/rc.d/bluetooth

Loading...

libexec/rc/rc.d/bootparams

Loading...

libexec/rc/rc.d/bridge

Loading...

libexec/rc/rc.d/bsnmpd

Loading...

libexec/rc/rc.d/bthidd

Loading...

libexec/rc/rc.d/ccd

Loading...

libexec/rc/rc.d/cfumass

Loading...

libexec/rc/rc.d/cleanvar

Loading...

libexec/rc/rc.d/cleartmp

Loading...

libexec/rc/rc.d/cron

Loading...

libexec/rc/rc.d/ctld

Loading...

libexec/rc/rc.d/ddb

Loading...

libexec/rc/rc.d/defaultroute

Loading...

libexec/rc/rc.d/devd

Loading...

libexec/rc/rc.d/devfs

Loading...

libexec/rc/rc.d/devmatch

Loading...

libexec/rc/rc.d/dhclient

Loading...

libexec/rc/rc.d/dmesg

Loading...

libexec/rc/rc.d/dnctl

Loading...

libexec/rc/rc.d/dumpon

Loading...

libexec/rc/rc.d/fsck

Loading...

libexec/rc/rc.d/ftp-proxy

Loading...

libexec/rc/rc.d/ftpd

Loading...

libexec/rc/rc.d/geli

Loading...

libexec/rc/rc.d/geli2

Loading...

libexec/rc/rc.d/ggated

Loading...

libexec/rc/rc.d/gptboot

Loading...

libexec/rc/rc.d/growfs

Loading...

libexec/rc/rc.d/growfs_fstab

Loading...

libexec/rc/rc.d/gssd

Loading...

libexec/rc/rc.d/hastd

Loading...

libexec/rc/rc.d/hcsecd

Loading...

libexec/rc/rc.d/hostapd

Loading...

libexec/rc/rc.d/hostid

Loading...

libexec/rc/rc.d/hostid_save

Loading...

libexec/rc/rc.d/hostname

Loading...

libexec/rc/rc.d/inetd

Loading...

libexec/rc/rc.d/iovctl

Loading...

libexec/rc/rc.d/ip6addrctl

Loading...

libexec/rc/rc.d/ipfilter

Loading...

libexec/rc/rc.d/ipfs

Loading...

libexec/rc/rc.d/ipfw

Loading...

libexec/rc/rc.d/ipfw_netflow

Loading...

libexec/rc/rc.d/ipmon

Loading...

libexec/rc/rc.d/ipnat

Loading...

libexec/rc/rc.d/ippool

Loading...

libexec/rc/rc.d/ipropd_master

Loading...

libexec/rc/rc.d/ipropd_slave

Loading...

libexec/rc/rc.d/ipsec

Loading...

libexec/rc/rc.d/iscsictl

Loading...

libexec/rc/rc.d/iscsid

Loading...

libexec/rc/rc.d/jail

Loading...

libexec/rc/rc.d/kadmind

Loading...

libexec/rc/rc.d/kdc

Loading...

libexec/rc/rc.d/keyserv

Loading...

libexec/rc/rc.d/kfd

Loading...

libexec/rc/rc.d/kld

Loading...

libexec/rc/rc.d/kldxref

Loading...

libexec/rc/rc.d/kpasswdd

Loading...

libexec/rc/rc.d/ldconfig

Loading...

libexec/rc/rc.d/linux

Loading...

libexec/rc/rc.d/local

Loading...

libexec/rc/rc.d/local_unbound

Loading...

libexec/rc/rc.d/localpkg

Loading...

libexec/rc/rc.d/lockd

Loading...

libexec/rc/rc.d/lpd

Loading...

libexec/rc/rc.d/mdconfig

Loading...

libexec/rc/rc.d/mdconfig2

Loading...

libexec/rc/rc.d/mixer

Loading...

libexec/rc/rc.d/motd

Loading...

libexec/rc/rc.d/mountcritlocal

Loading...

libexec/rc/rc.d/mountcritremote

Loading...

libexec/rc/rc.d/mountd

Loading...

libexec/rc/rc.d/mountlate

Loading...

libexec/rc/rc.d/moused

Loading...

libexec/rc/rc.d/msgs

Loading...

libexec/rc/rc.d/natd

Loading...

libexec/rc/rc.d/netif

Loading...

libexec/rc/rc.d/netoptions

Loading...

libexec/rc/rc.d/netwait

Loading...

libexec/rc/rc.d/newsyslog

Loading...

libexec/rc/rc.d/nfscbd

Loading...

libexec/rc/rc.d/nfsclient

Loading...

libexec/rc/rc.d/nfsd

Loading...

libexec/rc/rc.d/nfsuserd

Loading...

libexec/rc/rc.d/nisdomain

Loading...

libexec/rc/rc.d/nscd

Loading...

libexec/rc/rc.d/ntpd

Loading...

libexec/rc/rc.d/ntpdate

Loading...

libexec/rc/rc.d/opensm

Loading...

libexec/rc/rc.d/os-release

Loading...

libexec/rc/rc.d/pf

Loading...

libexec/rc/rc.d/pflog

Loading...

libexec/rc/rc.d/pfsync

Loading...

libexec/rc/rc.d/power_profile

Loading...

libexec/rc/rc.d/powerd

Loading...

libexec/rc/rc.d/ppp

Loading...

libexec/rc/rc.d/pppoed

Loading...

libexec/rc/rc.d/pwcheck

Loading...

libexec/rc/rc.d/quota

Loading...

libexec/rc/rc.d/random

Loading...

libexec/rc/rc.d/rarpd

Loading...

libexec/rc/rc.d/rctl

Loading...

libexec/rc/rc.d/resolv

Loading...

libexec/rc/rc.d/rfcomm_pppd_server

Loading...

libexec/rc/rc.d/root

Loading...

libexec/rc/rc.d/route6d

Loading...

libexec/rc/rc.d/routed

Loading...

libexec/rc/rc.d/routing

Loading...

libexec/rc/rc.d/rpcbind

Loading...

libexec/rc/rc.d/rtadvd

Loading...

libexec/rc/rc.d/rtsold

Loading...

libexec/rc/rc.d/rwho

Loading...

libexec/rc/rc.d/savecore

Loading...

libexec/rc/rc.d/sdpd

Loading...

libexec/rc/rc.d/securelevel

Loading...

libexec/rc/rc.d/sendmail

Loading...

libexec/rc/rc.d/sshd

Loading...

libexec/rc/rc.d/statd

Loading...

libexec/rc/rc.d/static_arp

Loading...

libexec/rc/rc.d/static_ndp

Loading...

libexec/rc/rc.d/stf

Loading...

libexec/rc/rc.d/swap

Loading...

libexec/rc/rc.d/swaplate

Loading...

libexec/rc/rc.d/syscons

Loading...

libexec/rc/rc.d/sysctl

Loading...

libexec/rc/rc.d/sysctl_lastload

Loading...

libexec/rc/rc.d/syslogd

Loading...

libexec/rc/rc.d/sysvipc

Loading...

libexec/rc/rc.d/tlsclntd

Loading...

libexec/rc/rc.d/tlsservd

Loading...

libexec/rc/rc.d/tmp

Loading...

libexec/rc/rc.d/ubthidhci

Loading...

libexec/rc/rc.d/ugidfw

Loading...

libexec/rc/rc.d/utx

Loading...

libexec/rc/rc.d/var

Loading...

libexec/rc/rc.d/var_run

Loading...

libexec/rc/rc.d/virecover

Loading...

libexec/rc/rc.d/watchdogd

Loading...

libexec/rc/rc.d/wpa_supplicant

Loading...

libexec/rc/rc.d/ypbind

Loading...

libexec/rc/rc.d/ypldap

Loading...

libexec/rc/rc.d/yppasswdd

Loading...

libexec/rc/rc.d/ypserv

Loading...

libexec/rc/rc.d/ypset

Loading...

libexec/rc/rc.d/ypupdated

Loading...

libexec/rc/rc.d/ypxfrd

Loading...

libexec/rc/rc.d/zfs

Loading...

libexec/rc/rc.d/zfsbe

Loading...

libexec/rc/rc.d/zfsd

Loading...

libexec/rc/rc.d/zfskeys

Loading...

libexec/rc/rc.d/zpool

Loading...

libexec/rc/rc.d/zpoolreguid

Loading...

libexec/rc/rc.d/zpoolupgrade

Loading...

libexec/rc/rc.d/zvol

Loading...