diff --git a/libexec/rc/rc.d/accounting b/libexec/rc/rc.d/accounting --- a/libexec/rc/rc.d/accounting +++ b/libexec/rc/rc.d/accounting @@ -76,4 +76,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: jail can't manipulate accounting +accounting_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/adjkerntz b/libexec/rc/rc.d/adjkerntz --- a/libexec/rc/rc.d/adjkerntz +++ b/libexec/rc/rc.d/adjkerntz @@ -14,4 +14,8 @@ stop_cmd=":" load_rc_config $name + +# doesn't make sense to run in a svcj: jail can't modify kerntz +adjkerntz_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/auditdistd b/libexec/rc/rc.d/auditdistd --- a/libexec/rc/rc.d/auditdistd +++ b/libexec/rc/rc.d/auditdistd @@ -17,5 +17,8 @@ required_files="/etc/security/${name}.conf" extra_commands="reload" +: ${auditdistd_svcj_options:="net_basic"} + load_rc_config $name + run_rc_command "$1" diff --git a/libexec/rc/rc.d/automount b/libexec/rc/rc.d/automount --- a/libexec/rc/rc.d/automount +++ b/libexec/rc/rc.d/automount @@ -28,4 +28,8 @@ } load_rc_config $name + +# mounting shall not be performed in a svcj +automount_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/automountd b/libexec/rc/rc.d/automountd --- a/libexec/rc/rc.d/automountd +++ b/libexec/rc/rc.d/automountd @@ -17,4 +17,8 @@ required_modules="autofs" load_rc_config $name + +# mounting shall not be performed in a svcj +automountd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/bgfsck b/libexec/rc/rc.d/bgfsck --- a/libexec/rc/rc.d/bgfsck +++ b/libexec/rc/rc.d/bgfsck @@ -46,4 +46,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +bgfsck_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/bootparams b/libexec/rc/rc.d/bootparams --- a/libexec/rc/rc.d/bootparams +++ b/libexec/rc/rc.d/bootparams @@ -15,5 +15,7 @@ required_files="/etc/bootparams" command="/usr/sbin/${name}" +: ${bootparamd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/bridge b/libexec/rc/rc.d/bridge --- a/libexec/rc/rc.d/bridge +++ b/libexec/rc/rc.d/bridge @@ -90,4 +90,8 @@ iflist=$2 load_rc_config $name + +# doesn't make sense to run in a svcj +bridge_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/bsnmpd b/libexec/rc/rc.d/bsnmpd --- a/libexec/rc/rc.d/bsnmpd +++ b/libexec/rc/rc.d/bsnmpd @@ -13,6 +13,8 @@ rcvar="bsnmpd_enable" command="/usr/sbin/${name}" +: ${bsnmpd_svcj_options:="net_basic"} + load_rc_config $name pidfile="${bsnmpd_pidfile:-/var/run/snmpd.pid}" command_args="-p ${pidfile}" diff --git a/libexec/rc/rc.d/cleanvar b/libexec/rc/rc.d/cleanvar --- a/libexec/rc/rc.d/cleanvar +++ b/libexec/rc/rc.d/cleanvar @@ -43,4 +43,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +cleanvar_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cleartmp b/libexec/rc/rc.d/cleartmp --- a/libexec/rc/rc.d/cleartmp +++ b/libexec/rc/rc.d/cleartmp @@ -57,4 +57,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +cleartmp_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ddb b/libexec/rc/rc.d/ddb --- a/libexec/rc/rc.d/ddb +++ b/libexec/rc/rc.d/ddb @@ -35,4 +35,7 @@ required_files="${ddb_config}" command_args="${ddb_config}" +# doesn't make sense to run in a svcj: privileged operation +ddb_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devd b/libexec/rc/rc.d/devd --- a/libexec/rc/rc.d/devd +++ b/libexec/rc/rc.d/devd @@ -38,4 +38,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: executing potential privileged operations +devd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devfs b/libexec/rc/rc.d/devfs --- a/libexec/rc/rc.d/devfs +++ b/libexec/rc/rc.d/devfs @@ -68,4 +68,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +devfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devmatch b/libexec/rc/rc.d/devmatch --- a/libexec/rc/rc.d/devmatch +++ b/libexec/rc/rc.d/devmatch @@ -77,4 +77,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +devmatch_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/dmesg b/libexec/rc/rc.d/dmesg --- a/libexec/rc/rc.d/dmesg +++ b/libexec/rc/rc.d/dmesg @@ -23,4 +23,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +dmesg_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/dumpon b/libexec/rc/rc.d/dumpon --- a/libexec/rc/rc.d/dumpon +++ b/libexec/rc/rc.d/dumpon @@ -97,4 +97,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +dumpon_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/fsck b/libexec/rc/rc.d/fsck --- a/libexec/rc/rc.d/fsck +++ b/libexec/rc/rc.d/fsck @@ -91,4 +91,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +fsck_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ftpd b/libexec/rc/rc.d/ftpd --- a/libexec/rc/rc.d/ftpd +++ b/libexec/rc/rc.d/ftpd @@ -15,6 +15,8 @@ pidfile="/var/run/${name}.pid" start_precmd=ftpd_prestart +: ${ftpd_svcj_options:="net_all"} + ftpd_prestart() { rc_flags="-D ${rc_flags}" @@ -22,4 +24,5 @@ } load_rc_config $name + run_rc_command "$1" diff --git a/libexec/rc/rc.d/gptboot b/libexec/rc/rc.d/gptboot --- a/libexec/rc/rc.d/gptboot +++ b/libexec/rc/rc.d/gptboot @@ -73,4 +73,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +gptboot_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/growfs b/libexec/rc/rc.d/growfs --- a/libexec/rc/rc.d/growfs +++ b/libexec/rc/rc.d/growfs @@ -306,4 +306,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +growfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/growfs_fstab b/libexec/rc/rc.d/growfs_fstab --- a/libexec/rc/rc.d/growfs_fstab +++ b/libexec/rc/rc.d/growfs_fstab @@ -58,4 +58,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +growfs_fstab_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/gssd b/libexec/rc/rc.d/gssd --- a/libexec/rc/rc.d/gssd +++ b/libexec/rc/rc.d/gssd @@ -13,5 +13,7 @@ desc="Generic Security Services Daemon" rcvar=gssd_enable +: ${gssd_svcj_options:="net_basic nfsd"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostid b/libexec/rc/rc.d/hostid --- a/libexec/rc/rc.d/hostid +++ b/libexec/rc/rc.d/hostid @@ -156,4 +156,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +hostid_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostid_save b/libexec/rc/rc.d/hostid_save --- a/libexec/rc/rc.d/hostid_save +++ b/libexec/rc/rc.d/hostid_save @@ -44,4 +44,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +hostid_save_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostname b/libexec/rc/rc.d/hostname --- a/libexec/rc/rc.d/hostname +++ b/libexec/rc/rc.d/hostname @@ -77,4 +77,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +hostname_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/inetd b/libexec/rc/rc.d/inetd --- a/libexec/rc/rc.d/inetd +++ b/libexec/rc/rc.d/inetd @@ -16,5 +16,8 @@ required_files="/etc/${name}.conf" extra_commands="reload" +: ${inetd_svcj_options:="net_basic"} + load_rc_config $name + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipfilter b/libexec/rc/rc.d/ipfilter --- a/libexec/rc/rc.d/ipfilter +++ b/libexec/rc/rc.d/ipfilter @@ -15,6 +15,9 @@ load_rc_config $name stop_precmd="test -f ${ipfilter_rules}" +# doesn't make sense to run in a svcj +ipfilter_svcj="NO" + start_precmd="$stop_precmd" start_cmd="ipfilter_start" stop_cmd="ipfilter_stop" diff --git a/libexec/rc/rc.d/ipfw b/libexec/rc/rc.d/ipfw --- a/libexec/rc/rc.d/ipfw +++ b/libexec/rc/rc.d/ipfw @@ -163,4 +163,7 @@ load_rc_config $name firewall_coscripts="/etc/rc.d/natd ${firewall_coscripts}" +# doesn't make sense to run in a svcj +ipfw_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/ipfw_netflow b/libexec/rc/rc.d/ipfw_netflow --- a/libexec/rc/rc.d/ipfw_netflow +++ b/libexec/rc/rc.d/ipfw_netflow @@ -73,4 +73,7 @@ load_rc_config $name +# doesn't make sense to run in a svcj +ipfw_netflow_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/ipnat b/libexec/rc/rc.d/ipnat --- a/libexec/rc/rc.d/ipnat +++ b/libexec/rc/rc.d/ipnat @@ -18,6 +18,9 @@ required_files="${ipnat_rules}" required_modules="ipl:ipfilter" +# doesn't make sense to run in a svcj +ipnat_svcj="NO" + ipnat_start() { echo "Installing NAT rules." diff --git a/libexec/rc/rc.d/ipsec b/libexec/rc/rc.d/ipsec --- a/libexec/rc/rc.d/ipsec +++ b/libexec/rc/rc.d/ipsec @@ -57,4 +57,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +ipsec_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/jail b/libexec/rc/rc.d/jail --- a/libexec/rc/rc.d/jail +++ b/libexec/rc/rc.d/jail @@ -598,6 +598,10 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +jail_svcj="NO" + case $# in 1) run_rc_command $@ ${jail_list:-_ALL} ;; *) jail_reverse_stop="no" diff --git a/libexec/rc/rc.d/kadmind b/libexec/rc/rc.d/kadmind --- a/libexec/rc/rc.d/kadmind +++ b/libexec/rc/rc.d/kadmind @@ -14,6 +14,8 @@ required_vars=kdc_enable start_precmd=${name}_start_precmd +: ${kadmind_svcj_options:="net_basic"} + set_rcvar_obsolete kadmind5_server_enable kadmind_enable set_rcvar_obsolete kadmind5_server kadmind_program set_rcvar_obsolete kerberos5_server_enable kdc_enable @@ -25,4 +27,5 @@ } load_rc_config $name + run_rc_command "$1" diff --git a/libexec/rc/rc.d/kdc b/libexec/rc/rc.d/kdc --- a/libexec/rc/rc.d/kdc +++ b/libexec/rc/rc.d/kdc @@ -14,6 +14,8 @@ rcvar=${name}_enable start_precmd=${name}_start_precmd +: ${kdc_svcj_options:="net_basic"} + set_rcvar_obsolete kerberos5_server_enable kdc_enable set_rcvar_obsolete kerberos5_server kdc_program set_rcvar_obsolete kerberos5_server_flags kdc_flags @@ -25,4 +27,5 @@ } load_rc_config $name + run_rc_command "$1" diff --git a/libexec/rc/rc.d/kld b/libexec/rc/rc.d/kld --- a/libexec/rc/rc.d/kld +++ b/libexec/rc/rc.d/kld @@ -51,4 +51,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +kld_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/kldxref b/libexec/rc/rc.d/kldxref --- a/libexec/rc/rc.d/kldxref +++ b/libexec/rc/rc.d/kldxref @@ -33,4 +33,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +kldxref_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/kpasswdd b/libexec/rc/rc.d/kpasswdd --- a/libexec/rc/rc.d/kpasswdd +++ b/libexec/rc/rc.d/kpasswdd @@ -14,6 +14,8 @@ required_vars=kdc_enable start_precmd=${name}_start_precmd +: ${kapsswd_svcj_options:="net_basic"} + set_rcvar_obsolete kpasswdd_server_enable kpasswdd_enable set_rcvar_obsolete kpasswdd_server kpasswdd_program set_rcvar_obsolete kerberos5_server_enable kdc_enable @@ -25,4 +27,5 @@ } load_rc_config $name + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ldconfig b/libexec/rc/rc.d/ldconfig --- a/libexec/rc/rc.d/ldconfig +++ b/libexec/rc/rc.d/ldconfig @@ -66,4 +66,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +ldconfig_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/local_unbound b/libexec/rc/rc.d/local_unbound --- a/libexec/rc/rc.d/local_unbound +++ b/libexec/rc/rc.d/local_unbound @@ -35,6 +35,7 @@ : ${local_unbound_tls:=} : ${local_unbound_pidfile:=${pidfile}} pidfile=${local_unbound_pidfile} +: ${local_unbound_svcj_options:="net_basic"} do_as_unbound() { diff --git a/libexec/rc/rc.d/localpkg b/libexec/rc/rc.d/localpkg --- a/libexec/rc/rc.d/localpkg +++ b/libexec/rc/rc.d/localpkg @@ -66,6 +66,8 @@ (set -T trap 'exit 1' 2 ${script} stop) + elif [ -f "${script}" -o -L "${script}" ]; then + echo -n " (skipping ${script##*/}, not executable)" fi done [ -n "${initdone}" ] && echo '.' diff --git a/libexec/rc/rc.d/lockd b/libexec/rc/rc.d/lockd --- a/libexec/rc/rc.d/lockd +++ b/libexec/rc/rc.d/lockd @@ -16,6 +16,8 @@ command="/usr/sbin/rpc.${name}" start_precmd='lockd_precmd' +: ${lockd_svcj_options:="net_basic"} + # Make sure that we are either an NFS client or server, and that we get # the correct flags from rc.conf(5). # diff --git a/libexec/rc/rc.d/lpd b/libexec/rc/rc.d/lpd --- a/libexec/rc/rc.d/lpd +++ b/libexec/rc/rc.d/lpd @@ -16,6 +16,8 @@ required_files="/etc/printcap" start_precmd="chkprintcap" +: ${lpd_svcj_options:="net_basic"} + chkprintcap() { if checkyesno chkprintcap_enable ; then @@ -24,4 +26,5 @@ } load_rc_config $name + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mdconfig b/libexec/rc/rc.d/mdconfig --- a/libexec/rc/rc.d/mdconfig +++ b/libexec/rc/rc.d/mdconfig @@ -181,6 +181,9 @@ load_rc_config $name +# doesn't make sense to run in a svcj +mdconfig_svcj="NO" + if [ -z "${_mdconfig_list}" ]; then for _mdconfig_config in `list_vars mdconfig_md[0-9]\* | sort_lite -nk1.12` diff --git a/libexec/rc/rc.d/mdconfig2 b/libexec/rc/rc.d/mdconfig2 --- a/libexec/rc/rc.d/mdconfig2 +++ b/libexec/rc/rc.d/mdconfig2 @@ -211,6 +211,9 @@ load_rc_config $name +# doesn't make sense to run in a svcj +mdconfig2_svcj="NO" + if [ -z "${_mdconfig2_list}" ]; then for _mdconfig2_config in `list_vars mdconfig_md[0-9]\* | sort_lite -nk1.12` diff --git a/libexec/rc/rc.d/mixer b/libexec/rc/rc.d/mixer --- a/libexec/rc/rc.d/mixer +++ b/libexec/rc/rc.d/mixer @@ -100,4 +100,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +mixer_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/motd b/libexec/rc/rc.d/motd --- a/libexec/rc/rc.d/motd +++ b/libexec/rc/rc.d/motd @@ -55,4 +55,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +motd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountcritlocal b/libexec/rc/rc.d/mountcritlocal --- a/libexec/rc/rc.d/mountcritlocal +++ b/libexec/rc/rc.d/mountcritlocal @@ -60,4 +60,8 @@ } load_rc_config $name + +# mounting shall not be performed in a svcj +mountcritlocal_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountcritremote b/libexec/rc/rc.d/mountcritremote --- a/libexec/rc/rc.d/mountcritremote +++ b/libexec/rc/rc.d/mountcritremote @@ -86,4 +86,8 @@ } load_rc_config $name + +# mounting shall not be performed in a svcj +mountcritremote_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountd b/libexec/rc/rc.d/mountd --- a/libexec/rc/rc.d/mountd +++ b/libexec/rc/rc.d/mountd @@ -17,6 +17,8 @@ start_precmd="mountd_precmd" extra_commands="reload" +: ${mountd_svcj_options:="net_basic nfsd"} + mountd_precmd() { diff --git a/libexec/rc/rc.d/mountlate b/libexec/rc/rc.d/mountlate --- a/libexec/rc/rc.d/mountlate +++ b/libexec/rc/rc.d/mountlate @@ -44,4 +44,8 @@ } load_rc_config $name + +# mounting shall not be performed in a svcj +mountlate_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/natd b/libexec/rc/rc.d/natd --- a/libexec/rc/rc.d/natd +++ b/libexec/rc/rc.d/natd @@ -40,4 +40,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +natd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/netif b/libexec/rc/rc.d/netif --- a/libexec/rc/rc.d/netif +++ b/libexec/rc/rc.d/netif @@ -268,4 +268,8 @@ # This is needed for mfsBSD at least. load_rc_config network load_rc_config $name + +# doesn't make sense to run in a svcj +netif_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/netoptions b/libexec/rc/rc.d/netoptions --- a/libexec/rc/rc.d/netoptions +++ b/libexec/rc/rc.d/netoptions @@ -122,4 +122,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +netoptions_svcj="NO" + run_rc_command $1 diff --git a/libexec/rc/rc.d/netwait b/libexec/rc/rc.d/netwait --- a/libexec/rc/rc.d/netwait +++ b/libexec/rc/rc.d/netwait @@ -111,4 +111,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +netwait_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/newsyslog b/libexec/rc/rc.d/newsyslog --- a/libexec/rc/rc.d/newsyslog +++ b/libexec/rc/rc.d/newsyslog @@ -23,4 +23,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: needs to send signals outside the svcj +newsyslog_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfscbd b/libexec/rc/rc.d/nfscbd --- a/libexec/rc/rc.d/nfscbd +++ b/libexec/rc/rc.d/nfscbd @@ -14,6 +14,8 @@ command="/usr/sbin/${name}" sig_stop="USR1" +: ${nfscbd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfsclient b/libexec/rc/rc.d/nfsclient --- a/libexec/rc/rc.d/nfsclient +++ b/libexec/rc/rc.d/nfsclient @@ -46,4 +46,8 @@ fi } load_rc_config $name + +# no unmounting in svcj +nfsclient_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfsd b/libexec/rc/rc.d/nfsd --- a/libexec/rc/rc.d/nfsd +++ b/libexec/rc/rc.d/nfsd @@ -14,6 +14,8 @@ command="/usr/sbin/${name}" nfs_server_vhost="" +: ${nfsd_svcj_options:="net_basic nfsd"} + load_rc_config $name start_precmd="nfsd_precmd" sig_stop="USR1" diff --git a/libexec/rc/rc.d/nfsuserd b/libexec/rc/rc.d/nfsuserd --- a/libexec/rc/rc.d/nfsuserd +++ b/libexec/rc/rc.d/nfsuserd @@ -14,6 +14,8 @@ command="/usr/sbin/${name}" sig_stop="USR1" +: ${nfsuserd_svcj_options:="net_basic nfsd"} + load_rc_config $name start_precmd="nfsuserd_precmd" diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd --- a/libexec/rc/rc.d/ntpd +++ b/libexec/rc/rc.d/ntpd @@ -28,6 +28,9 @@ load_rc_config $name +# doesn't make sense to run in a svcj +ntpd_svcj="NO" + leapfile_is_disabled() { # Return true (0) if automatic leapfile handling is disabled. case "$ntp_db_leapfile" in diff --git a/libexec/rc/rc.d/ntpdate b/libexec/rc/rc.d/ntpdate --- a/libexec/rc/rc.d/ntpdate +++ b/libexec/rc/rc.d/ntpdate @@ -31,4 +31,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +ntpdate_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/os-release b/libexec/rc/rc.d/os-release --- a/libexec/rc/rc.d/os-release +++ b/libexec/rc/rc.d/os-release @@ -41,4 +41,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +osrelease_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/pf b/libexec/rc/rc.d/pf --- a/libexec/rc/rc.d/pf +++ b/libexec/rc/rc.d/pf @@ -22,6 +22,9 @@ required_files="$pf_rules" required_modules="pf" +# doesn't make sense to run in a svcj +pf_svcj="NO" + pf_fallback() { warn "Unable to load $pf_rules." diff --git a/libexec/rc/rc.d/pfsync b/libexec/rc/rc.d/pfsync --- a/libexec/rc/rc.d/pfsync +++ b/libexec/rc/rc.d/pfsync @@ -45,4 +45,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +pfsync_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/power_profile b/libexec/rc/rc.d/power_profile --- a/libexec/rc/rc.d/power_profile +++ b/libexec/rc/rc.d/power_profile @@ -62,6 +62,9 @@ fi load_rc_config $name +# doesn't make sense to run in a svcj: privileged operations +power_profile_svcj="NO" + # Find the next state (performance or economy). state=$1 case ${state} in diff --git a/libexec/rc/rc.d/powerd b/libexec/rc/rc.d/powerd --- a/libexec/rc/rc.d/powerd +++ b/libexec/rc/rc.d/powerd @@ -15,4 +15,8 @@ command="/usr/sbin/${name}" load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +powerd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/pwcheck b/libexec/rc/rc.d/pwcheck --- a/libexec/rc/rc.d/pwcheck +++ b/libexec/rc/rc.d/pwcheck @@ -24,4 +24,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +pwcheck_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/quota b/libexec/rc/rc.d/quota --- a/libexec/rc/rc.d/quota +++ b/libexec/rc/rc.d/quota @@ -18,6 +18,9 @@ start_cmd="quota_start" stop_cmd="/usr/sbin/quotaoff ${quotaoff_flags}" +# doesn't make sense to run in a svcj +quota_svcj="NO" + quota_start() { if checkyesno check_quotas; then diff --git a/libexec/rc/rc.d/random b/libexec/rc/rc.d/random --- a/libexec/rc/rc.d/random +++ b/libexec/rc/rc.d/random @@ -151,4 +151,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +random_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/resolv b/libexec/rc/rc.d/resolv --- a/libexec/rc/rc.d/resolv +++ b/libexec/rc/rc.d/resolv @@ -59,4 +59,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +resolv_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/root b/libexec/rc/rc.d/root --- a/libexec/rc/rc.d/root +++ b/libexec/rc/rc.d/root @@ -39,4 +39,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +root_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/savecore b/libexec/rc/rc.d/savecore --- a/libexec/rc/rc.d/savecore +++ b/libexec/rc/rc.d/savecore @@ -78,4 +78,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +savecore_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/securelevel b/libexec/rc/rc.d/securelevel --- a/libexec/rc/rc.d/securelevel +++ b/libexec/rc/rc.d/securelevel @@ -22,4 +22,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +securelevel_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/sshd b/libexec/rc/rc.d/sshd --- a/libexec/rc/rc.d/sshd +++ b/libexec/rc/rc.d/sshd @@ -25,6 +25,12 @@ : ${sshd_ecdsa_enable:="yes"} : ${sshd_ed25519_enable:="yes"} +# sshd in a jail would not see other jails. As such exclude it from +# svcj_all_enable="YES" by setting sshd_svcj to NO. This allows to +# enable it in rc.conf. +: ${sshd_svcj:="NO"} +: ${sshd_svcj_options:="net_basic"} + sshd_keygen_alg() { local alg=$1 @@ -80,4 +86,5 @@ } load_rc_config $name + run_rc_command "$1" diff --git a/libexec/rc/rc.d/statd b/libexec/rc/rc.d/statd --- a/libexec/rc/rc.d/statd +++ b/libexec/rc/rc.d/statd @@ -16,6 +16,8 @@ command="/usr/sbin/rpc.${name}" start_precmd='statd_precmd' +: ${statd_svcj_options:="net_basic"} + # Make sure that we are either an NFS client or server, and that we get # the correct flags from rc.conf(5). # diff --git a/libexec/rc/rc.d/swap b/libexec/rc/rc.d/swap --- a/libexec/rc/rc.d/swap +++ b/libexec/rc/rc.d/swap @@ -14,4 +14,8 @@ stop_cmd=':' load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +swap_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/swaplate b/libexec/rc/rc.d/swaplate --- a/libexec/rc/rc.d/swaplate +++ b/libexec/rc/rc.d/swaplate @@ -14,4 +14,8 @@ stop_cmd='/sbin/swapoff -aLq' load_rc_config swap + +# doesn't make sense to run in a svcj: privileged operations +swaplate_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/syscons b/libexec/rc/rc.d/syscons --- a/libexec/rc/rc.d/syscons +++ b/libexec/rc/rc.d/syscons @@ -396,5 +396,9 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +syscons_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/sysctl b/libexec/rc/rc.d/sysctl --- a/libexec/rc/rc.d/sysctl +++ b/libexec/rc/rc.d/sysctl @@ -34,4 +34,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +sysctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/sysctl_lastload b/libexec/rc/rc.d/sysctl_lastload --- a/libexec/rc/rc.d/sysctl_lastload +++ b/libexec/rc/rc.d/sysctl_lastload @@ -14,4 +14,8 @@ stop_cmd=":" load_rc_config $name + +# doesn't make sense to run in a svcj +sysctl_lastload_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/syslogd b/libexec/rc/rc.d/syslogd --- a/libexec/rc/rc.d/syslogd +++ b/libexec/rc/rc.d/syslogd @@ -22,6 +22,8 @@ sockfile="/var/run/syslogd.sockets" evalargs="rc_flags=\"\`set_socketlist\` \$rc_flags\"" +: ${syslogd_svcj_options:="net_basic"} + syslogd_precmd() { local _l _ldir @@ -70,4 +72,5 @@ echo $_socketargs } load_rc_config $name + run_rc_command "$1" diff --git a/libexec/rc/rc.d/sysvipc b/libexec/rc/rc.d/sysvipc --- a/libexec/rc/rc.d/sysvipc +++ b/libexec/rc/rc.d/sysvipc @@ -22,4 +22,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +sysvipc_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/tlsclntd b/libexec/rc/rc.d/tlsclntd --- a/libexec/rc/rc.d/tlsclntd +++ b/libexec/rc/rc.d/tlsclntd @@ -15,6 +15,8 @@ command="/usr/sbin/rpc.${name}" pidfile="/var/run/rpc.${name}.pid" +: ${tlsclntd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/tlsservd b/libexec/rc/rc.d/tlsservd --- a/libexec/rc/rc.d/tlsservd +++ b/libexec/rc/rc.d/tlsservd @@ -14,6 +14,8 @@ rcvar="tlsservd_enable" command="/usr/sbin/rpc.${name}" +: ${tlsservd_svcj_options:="net_basic nfsd"} + pidfile="/var/run/rpc.${name}.pid" required_files="/etc/rpc.tlsservd/cert.pem /etc/rpc.tlsservd/certkey.pem" extra_commands="reload" diff --git a/libexec/rc/rc.d/tmp b/libexec/rc/rc.d/tmp --- a/libexec/rc/rc.d/tmp +++ b/libexec/rc/rc.d/tmp @@ -37,6 +37,9 @@ load_rc_config $name +# doesn't make sense to run in a svcj +tmp_svcj="NO" + mount_tmpmfs() { while read line; do diff --git a/libexec/rc/rc.d/utx b/libexec/rc/rc.d/utx --- a/libexec/rc/rc.d/utx +++ b/libexec/rc/rc.d/utx @@ -16,4 +16,8 @@ stop_cmd="utx shutdown" load_rc_config $name + +# doesn't make sense to run in a svcj +utx_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/var b/libexec/rc/rc.d/var --- a/libexec/rc/rc.d/var +++ b/libexec/rc/rc.d/var @@ -39,6 +39,9 @@ load_rc_config $name +# doesn't make sense to run in a svcj +var_svcj="NO" + populate_var() { /usr/sbin/mtree -deiU -f /etc/mtree/BSD.var.dist -p /var > /dev/null diff --git a/libexec/rc/rc.d/var_run b/libexec/rc/rc.d/var_run --- a/libexec/rc/rc.d/var_run +++ b/libexec/rc/rc.d/var_run @@ -17,6 +17,9 @@ load_rc_config $name +# doesn't make sense to run in a svcj +var_run_svcj="NO" + # Set defaults : ${var_run_enable:="NO"} : ${var_run_mtree:="/var/db/mtree/BSD.var-run.mtree"} diff --git a/libexec/rc/rc.d/virecover b/libexec/rc/rc.d/virecover --- a/libexec/rc/rc.d/virecover +++ b/libexec/rc/rc.d/virecover @@ -62,4 +62,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +virecover_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/watchdogd b/libexec/rc/rc.d/watchdogd --- a/libexec/rc/rc.d/watchdogd +++ b/libexec/rc/rc.d/watchdogd @@ -88,4 +88,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +watchdogd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfs b/libexec/rc/rc.d/zfs --- a/libexec/rc/rc.d/zfs +++ b/libexec/rc/rc.d/zfs @@ -75,4 +75,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +zfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfsbe b/libexec/rc/rc.d/zfsbe --- a/libexec/rc/rc.d/zfsbe +++ b/libexec/rc/rc.d/zfsbe @@ -85,4 +85,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +zfsbe_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfsd b/libexec/rc/rc.d/zfsd --- a/libexec/rc/rc.d/zfsd +++ b/libexec/rc/rc.d/zfsd @@ -13,4 +13,8 @@ command="/usr/sbin/${name}" load_rc_config $name + +# doesn't make sense to run in a svcj +zfsd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfskeys b/libexec/rc/rc.d/zfskeys --- a/libexec/rc/rc.d/zfskeys +++ b/libexec/rc/rc.d/zfskeys @@ -116,4 +116,8 @@ zfskeys_args=$(encode_args "$@") load_rc_config $name + +# doesn't make sense to run in a svcj +zfskeys_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zpool b/libexec/rc/rc.d/zpool --- a/libexec/rc/rc.d/zpool +++ b/libexec/rc/rc.d/zpool @@ -34,4 +34,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +zpool_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zpoolreguid b/libexec/rc/rc.d/zpoolreguid --- a/libexec/rc/rc.d/zpoolreguid +++ b/libexec/rc/rc.d/zpoolreguid @@ -22,4 +22,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +zpoolreguid_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zpoolupgrade b/libexec/rc/rc.d/zpoolupgrade --- a/libexec/rc/rc.d/zpoolupgrade +++ b/libexec/rc/rc.d/zpoolupgrade @@ -22,4 +22,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +zpoolupgrade_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zvol b/libexec/rc/rc.d/zvol --- a/libexec/rc/rc.d/zvol +++ b/libexec/rc/rc.d/zvol @@ -42,4 +42,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +zvol_svcj="NO" + run_rc_command "$1"