diff --git a/libexec/rc/rc.d/accounting b/libexec/rc/rc.d/accounting --- a/libexec/rc/rc.d/accounting +++ b/libexec/rc/rc.d/accounting @@ -76,4 +76,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: jail can't manipulate accounting +accounting_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/adjkerntz b/libexec/rc/rc.d/adjkerntz --- a/libexec/rc/rc.d/adjkerntz +++ b/libexec/rc/rc.d/adjkerntz @@ -14,4 +14,8 @@ stop_cmd=":" load_rc_config $name + +# doesn't make sense to run in a svcj: jail can't modify kerntz +adjkerntz_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/apm b/libexec/rc/rc.d/apm --- a/libexec/rc/rc.d/apm +++ b/libexec/rc/rc.d/apm @@ -43,4 +43,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +apm_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/apmd b/libexec/rc/rc.d/apmd --- a/libexec/rc/rc.d/apmd +++ b/libexec/rc/rc.d/apmd @@ -34,4 +34,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +apmd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/auditd b/libexec/rc/rc.d/auditd --- a/libexec/rc/rc.d/auditd +++ b/libexec/rc/rc.d/auditd @@ -32,4 +32,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +auditd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/auditdistd b/libexec/rc/rc.d/auditdistd --- a/libexec/rc/rc.d/auditdistd +++ b/libexec/rc/rc.d/auditdistd @@ -17,5 +17,7 @@ required_files="/etc/security/${name}.conf" extra_commands="reload" +: ${auditdistd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/automount b/libexec/rc/rc.d/automount --- a/libexec/rc/rc.d/automount +++ b/libexec/rc/rc.d/automount @@ -28,4 +28,8 @@ } load_rc_config $name + +# mounting shall not be performed in a svcj +automount_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/automountd b/libexec/rc/rc.d/automountd --- a/libexec/rc/rc.d/automountd +++ b/libexec/rc/rc.d/automountd @@ -17,4 +17,8 @@ required_modules="autofs" load_rc_config $name + +# mounting shall not be performed in a svcj +automountd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/autounmountd b/libexec/rc/rc.d/autounmountd --- a/libexec/rc/rc.d/autounmountd +++ b/libexec/rc/rc.d/autounmountd @@ -16,4 +16,8 @@ command="/usr/sbin/${name}" load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +autounmountd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/bgfsck b/libexec/rc/rc.d/bgfsck --- a/libexec/rc/rc.d/bgfsck +++ b/libexec/rc/rc.d/bgfsck @@ -46,4 +46,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +bgfsck_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/blacklistd b/libexec/rc/rc.d/blacklistd --- a/libexec/rc/rc.d/blacklistd +++ b/libexec/rc/rc.d/blacklistd @@ -40,5 +40,8 @@ command="/usr/sbin/${name}" required_files="/etc/blacklistd.conf" +# no svcj options needed +: ${blacklistd_svcj_options:=""} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/bluetooth b/libexec/rc/rc.d/bluetooth --- a/libexec/rc/rc.d/bluetooth +++ b/libexec/rc/rc.d/bluetooth @@ -317,5 +317,8 @@ load_rc_config $name hccontrol="${bluetooth_hccontrol:-/usr/sbin/hccontrol}" +# doesn't make sense to run in a svcj: nojail keyword +bluetooth_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/bootparams b/libexec/rc/rc.d/bootparams --- a/libexec/rc/rc.d/bootparams +++ b/libexec/rc/rc.d/bootparams @@ -15,5 +15,7 @@ required_files="/etc/bootparams" command="/usr/sbin/${name}" +: ${bootparamd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/bridge b/libexec/rc/rc.d/bridge --- a/libexec/rc/rc.d/bridge +++ b/libexec/rc/rc.d/bridge @@ -90,4 +90,8 @@ iflist=$2 load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +bridge_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/bsnmpd b/libexec/rc/rc.d/bsnmpd --- a/libexec/rc/rc.d/bsnmpd +++ b/libexec/rc/rc.d/bsnmpd @@ -13,6 +13,8 @@ rcvar="bsnmpd_enable" command="/usr/sbin/${name}" +: ${bsnmpd_svcj_options:="net_basic"} + load_rc_config $name pidfile="${bsnmpd_pidfile:-/var/run/snmpd.pid}" command_args="-p ${pidfile}" diff --git a/libexec/rc/rc.d/bthidd b/libexec/rc/rc.d/bthidd --- a/libexec/rc/rc.d/bthidd +++ b/libexec/rc/rc.d/bthidd @@ -50,4 +50,7 @@ fi required_files="${config}" +# doesn't make sense to run in a svcj: nojail keyword +bthidd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ccd b/libexec/rc/rc.d/ccd --- a/libexec/rc/rc.d/ccd +++ b/libexec/rc/rc.d/ccd @@ -21,4 +21,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ccd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cfumass b/libexec/rc/rc.d/cfumass --- a/libexec/rc/rc.d/cfumass +++ b/libexec/rc/rc.d/cfumass @@ -145,4 +145,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +cfumass_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cleanvar b/libexec/rc/rc.d/cleanvar --- a/libexec/rc/rc.d/cleanvar +++ b/libexec/rc/rc.d/cleanvar @@ -43,4 +43,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +cleanvar_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cleartmp b/libexec/rc/rc.d/cleartmp --- a/libexec/rc/rc.d/cleartmp +++ b/libexec/rc/rc.d/cleartmp @@ -57,4 +57,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +cleartmp_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cron b/libexec/rc/rc.d/cron --- a/libexec/rc/rc.d/cron +++ b/libexec/rc/rc.d/cron @@ -16,6 +16,11 @@ pidfile="/var/run/${name}.pid" load_rc_config $name + +# doesn't make sense to run in a svcj: in the generic case it may need +# access to more than a jails allows +cron_svcj="NO" + if checkyesno cron_dst then cron_flags="$cron_flags -s" diff --git a/libexec/rc/rc.d/ctld b/libexec/rc/rc.d/ctld --- a/libexec/rc/rc.d/ctld +++ b/libexec/rc/rc.d/ctld @@ -19,4 +19,8 @@ extra_commands="reload" load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ctld_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ddb b/libexec/rc/rc.d/ddb --- a/libexec/rc/rc.d/ddb +++ b/libexec/rc/rc.d/ddb @@ -35,4 +35,7 @@ required_files="${ddb_config}" command_args="${ddb_config}" +# doesn't make sense to run in a svcj: privileged operation +ddb_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/defaultroute b/libexec/rc/rc.d/defaultroute --- a/libexec/rc/rc.d/defaultroute +++ b/libexec/rc/rc.d/defaultroute @@ -70,4 +70,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +defaultroute_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devd b/libexec/rc/rc.d/devd --- a/libexec/rc/rc.d/devd +++ b/libexec/rc/rc.d/devd @@ -38,4 +38,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: executing potential privileged operations +devd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devfs b/libexec/rc/rc.d/devfs --- a/libexec/rc/rc.d/devfs +++ b/libexec/rc/rc.d/devfs @@ -68,4 +68,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: may need more permissions +devfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devmatch b/libexec/rc/rc.d/devmatch --- a/libexec/rc/rc.d/devmatch +++ b/libexec/rc/rc.d/devmatch @@ -77,4 +77,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +devmatch_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/dhclient b/libexec/rc/rc.d/dhclient --- a/libexec/rc/rc.d/dhclient +++ b/libexec/rc/rc.d/dhclient @@ -59,6 +59,9 @@ load_rc_config $name load_rc_config network +# dhclient_prestart is not compatible with svcj +dhclient_svcj="NO" + if [ -z $ifn ] ; then # only complain if a command was specified but no interface if [ -n "$1" ] ; then diff --git a/libexec/rc/rc.d/dmesg b/libexec/rc/rc.d/dmesg --- a/libexec/rc/rc.d/dmesg +++ b/libexec/rc/rc.d/dmesg @@ -23,4 +23,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +dmesg_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/dnctl b/libexec/rc/rc.d/dnctl --- a/libexec/rc/rc.d/dnctl +++ b/libexec/rc/rc.d/dnctl @@ -16,6 +16,9 @@ required_files="$dnctl_rules" required_modules="dummynet" +# doesn't make sense to run in a svcj: config setting +dnctl_svcj="NO" + dnctl_start() { startmsg -n "Enabling ${name}" diff --git a/libexec/rc/rc.d/dumpon b/libexec/rc/rc.d/dumpon --- a/libexec/rc/rc.d/dumpon +++ b/libexec/rc/rc.d/dumpon @@ -97,4 +97,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +dumpon_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/fsck b/libexec/rc/rc.d/fsck --- a/libexec/rc/rc.d/fsck +++ b/libexec/rc/rc.d/fsck @@ -91,4 +91,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +fsck_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ftp-proxy b/libexec/rc/rc.d/ftp-proxy --- a/libexec/rc/rc.d/ftp-proxy +++ b/libexec/rc/rc.d/ftp-proxy @@ -13,6 +13,8 @@ rcvar="ftpproxy_enable" command="/usr/sbin/ftp-proxy" +: ${ftpproxy_svcj_options:="net_basic"} + load_rc_config $name # diff --git a/libexec/rc/rc.d/ftpd b/libexec/rc/rc.d/ftpd --- a/libexec/rc/rc.d/ftpd +++ b/libexec/rc/rc.d/ftpd @@ -13,13 +13,11 @@ rcvar="ftpd_enable" command="/usr/libexec/${name}" pidfile="/var/run/${name}.pid" -start_precmd=ftpd_prestart -ftpd_prestart() -{ - rc_flags="-D ${rc_flags}" - return 0 -} +: ${ftpd_svcj_options:="net_basic"} load_rc_config $name + +flags="-D ${flags} ${rc_flags}" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/gbde b/libexec/rc/rc.d/gbde --- a/libexec/rc/rc.d/gbde +++ b/libexec/rc/rc.d/gbde @@ -116,4 +116,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +gbde_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/geli b/libexec/rc/rc.d/geli --- a/libexec/rc/rc.d/geli +++ b/libexec/rc/rc.d/geli @@ -122,4 +122,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +geli_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/geli2 b/libexec/rc/rc.d/geli2 --- a/libexec/rc/rc.d/geli2 +++ b/libexec/rc/rc.d/geli2 @@ -55,4 +55,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +geli2_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ggated b/libexec/rc/rc.d/ggated --- a/libexec/rc/rc.d/ggated +++ b/libexec/rc/rc.d/ggated @@ -14,6 +14,9 @@ load_rc_config $name required_files="${ggated_config}" +# XXX?: doesn't make sense to run in a svcj: low-level access +ggated_svcj="NO" + command_args="${ggated_config}" run_rc_command "$1" diff --git a/libexec/rc/rc.d/gptboot b/libexec/rc/rc.d/gptboot --- a/libexec/rc/rc.d/gptboot +++ b/libexec/rc/rc.d/gptboot @@ -73,4 +73,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +gptboot_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/growfs b/libexec/rc/rc.d/growfs --- a/libexec/rc/rc.d/growfs +++ b/libexec/rc/rc.d/growfs @@ -306,4 +306,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +growfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/growfs_fstab b/libexec/rc/rc.d/growfs_fstab --- a/libexec/rc/rc.d/growfs_fstab +++ b/libexec/rc/rc.d/growfs_fstab @@ -58,4 +58,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +growfs_fstab_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/gssd b/libexec/rc/rc.d/gssd --- a/libexec/rc/rc.d/gssd +++ b/libexec/rc/rc.d/gssd @@ -13,5 +13,7 @@ desc="Generic Security Services Daemon" rcvar=gssd_enable +: ${gssd_svcj_options:="net_basic nfsd"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/hastd b/libexec/rc/rc.d/hastd --- a/libexec/rc/rc.d/hastd +++ b/libexec/rc/rc.d/hastd @@ -26,4 +26,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +hastd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hcsecd b/libexec/rc/rc.d/hcsecd --- a/libexec/rc/rc.d/hcsecd +++ b/libexec/rc/rc.d/hcsecd @@ -21,4 +21,7 @@ command_args="-f ${config}" required_files="${config}" +# doesn't make sense to run in a svcj: nojail keyword +hcsecd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostapd b/libexec/rc/rc.d/hostapd --- a/libexec/rc/rc.d/hostapd +++ b/libexec/rc/rc.d/hostapd @@ -38,4 +38,8 @@ extra_commands="reload" load_rc_config ${name} + +# doesn't make sense to run in a svcj: nojail keyword +hostapd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostid b/libexec/rc/rc.d/hostid --- a/libexec/rc/rc.d/hostid +++ b/libexec/rc/rc.d/hostid @@ -156,4 +156,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +hostid_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostid_save b/libexec/rc/rc.d/hostid_save --- a/libexec/rc/rc.d/hostid_save +++ b/libexec/rc/rc.d/hostid_save @@ -44,4 +44,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +hostid_save_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostname b/libexec/rc/rc.d/hostname --- a/libexec/rc/rc.d/hostname +++ b/libexec/rc/rc.d/hostname @@ -77,4 +77,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +hostname_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/inetd b/libexec/rc/rc.d/inetd --- a/libexec/rc/rc.d/inetd +++ b/libexec/rc/rc.d/inetd @@ -16,5 +16,7 @@ required_files="/etc/${name}.conf" extra_commands="reload" +: ${inetd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/iovctl b/libexec/rc/rc.d/iovctl --- a/libexec/rc/rc.d/iovctl +++ b/libexec/rc/rc.d/iovctl @@ -35,4 +35,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +iovctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ip6addrctl b/libexec/rc/rc.d/ip6addrctl --- a/libexec/rc/rc.d/ip6addrctl +++ b/libexec/rc/rc.d/ip6addrctl @@ -120,4 +120,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ipv6addrctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipfilter b/libexec/rc/rc.d/ipfilter --- a/libexec/rc/rc.d/ipfilter +++ b/libexec/rc/rc.d/ipfilter @@ -15,6 +15,9 @@ load_rc_config $name stop_precmd="test -f ${ipfilter_rules}" +# doesn't make sense to run in a svcj +ipfilter_svcj="NO": config setting + start_precmd="$stop_precmd" start_cmd="ipfilter_start" stop_cmd="ipfilter_stop" diff --git a/libexec/rc/rc.d/ipfs b/libexec/rc/rc.d/ipfs --- a/libexec/rc/rc.d/ipfs +++ b/libexec/rc/rc.d/ipfs @@ -49,4 +49,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ipfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipfw b/libexec/rc/rc.d/ipfw --- a/libexec/rc/rc.d/ipfw +++ b/libexec/rc/rc.d/ipfw @@ -163,4 +163,7 @@ load_rc_config $name firewall_coscripts="/etc/rc.d/natd ${firewall_coscripts}" +# doesn't make sense to run in a svcj: config setting +ipfw_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/ipfw_netflow b/libexec/rc/rc.d/ipfw_netflow --- a/libexec/rc/rc.d/ipfw_netflow +++ b/libexec/rc/rc.d/ipfw_netflow @@ -73,4 +73,7 @@ load_rc_config $name +# doesn't make sense to run in a svcj: config setting +ipfw_netflow_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/ipmon b/libexec/rc/rc.d/ipmon --- a/libexec/rc/rc.d/ipmon +++ b/libexec/rc/rc.d/ipmon @@ -15,6 +15,9 @@ command="/sbin/${name}" start_precmd="ipmon_precmd" +# no svcj options needed +: ${ipmon_svcj_options:=""} + ipmon_precmd() { # Continue only if ipfilter or ipnat is enabled and the diff --git a/libexec/rc/rc.d/ipnat b/libexec/rc/rc.d/ipnat --- a/libexec/rc/rc.d/ipnat +++ b/libexec/rc/rc.d/ipnat @@ -18,6 +18,9 @@ required_files="${ipnat_rules}" required_modules="ipl:ipfilter" +# doesn't make sense to run in a svcj: config setting +ipnat_svcj="NO" + ipnat_start() { echo "Installing NAT rules." diff --git a/libexec/rc/rc.d/ippool b/libexec/rc/rc.d/ippool --- a/libexec/rc/rc.d/ippool +++ b/libexec/rc/rc.d/ippool @@ -13,6 +13,10 @@ desc="user interface to the IPFilter pools" rcvar="ippool_enable" load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ippool_svcj="NO" + start_precmd="ippool_start_precmd" stop_cmd="${ippool_program} -F" reload_cmd="ippool_reload" diff --git a/libexec/rc/rc.d/ipropd_master b/libexec/rc/rc.d/ipropd_master --- a/libexec/rc/rc.d/ipropd_master +++ b/libexec/rc/rc.d/ipropd_master @@ -14,6 +14,8 @@ start_precmd=${name}_start_precmd start_postcmd=${name}_start_postcmd +: ${ipropd_master_svcj_options:="net_basic"} + ipropd_master_start_precmd() { @@ -24,10 +26,6 @@ for _slave in $ipropd_master_slaves; do echo $_slave done > /var/heimdal/slaves || return 1 - command_args="$command_args \ - --keytab=\"$ipropd_master_keytab\" \ - --detach \ - " } ipropd_master_start_postcmd() { @@ -36,4 +34,10 @@ } load_rc_config $name + +command_args="$command_args \ + --keytab=\"$ipropd_master_keytab\" \ + --detach \ +" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipropd_slave b/libexec/rc/rc.d/ipropd_slave --- a/libexec/rc/rc.d/ipropd_slave +++ b/libexec/rc/rc.d/ipropd_slave @@ -13,6 +13,8 @@ required_files="$ipropd_slave_keytab" start_precmd=${name}_start_precmd +: ${ipropd_slave_svcj_options:="net_basic"} + ipropd_slave_start_precmd() { @@ -20,12 +22,14 @@ warn "\$ipropd_slave_master is empty." return 1 fi - command_args=" \ - $command_args \ - --keytab=\"$ipropd_slave_keytab\" \ - --detach \ - $ipropd_slave_master" } load_rc_config $name + +command_args=" \ + command_args \ + --keytab=\"$ipropd_slave_keytab\" \ + --detach \ + $ipropd_slave_master" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipsec b/libexec/rc/rc.d/ipsec --- a/libexec/rc/rc.d/ipsec +++ b/libexec/rc/rc.d/ipsec @@ -57,4 +57,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ipsec_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/iscsictl b/libexec/rc/rc.d/iscsictl --- a/libexec/rc/rc.d/iscsictl +++ b/libexec/rc/rc.d/iscsictl @@ -17,4 +17,8 @@ required_modules="iscsi" load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +iscsictl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/iscsid b/libexec/rc/rc.d/iscsid --- a/libexec/rc/rc.d/iscsid +++ b/libexec/rc/rc.d/iscsid @@ -17,4 +17,8 @@ required_modules="iscsi" load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +iscsid_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/jail b/libexec/rc/rc.d/jail --- a/libexec/rc/rc.d/jail +++ b/libexec/rc/rc.d/jail @@ -598,6 +598,10 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +jail_svcj="NO" + case $# in 1) run_rc_command $@ ${jail_list:-_ALL} ;; *) jail_reverse_stop="no" diff --git a/libexec/rc/rc.d/kadmind b/libexec/rc/rc.d/kadmind --- a/libexec/rc/rc.d/kadmind +++ b/libexec/rc/rc.d/kadmind @@ -12,17 +12,13 @@ desc="Server for administrative access to Kerberos database" rcvar=${name}_enable required_vars=kdc_enable -start_precmd=${name}_start_precmd +command_args="$command_args &" + +: ${kadmind_svcj_options:="net_basic"} set_rcvar_obsolete kadmind5_server_enable kadmind_enable set_rcvar_obsolete kadmind5_server kadmind_program set_rcvar_obsolete kerberos5_server_enable kdc_enable -kadmind_start_precmd() -{ - - command_args="$command_args &" -} - load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/kdc b/libexec/rc/rc.d/kdc --- a/libexec/rc/rc.d/kdc +++ b/libexec/rc/rc.d/kdc @@ -12,17 +12,13 @@ name=kdc desc="Kerberos 5 server" rcvar=${name}_enable -start_precmd=${name}_start_precmd +command_args="$command_args --detach" + +: ${kdc_svcj_options:="net_basic"} set_rcvar_obsolete kerberos5_server_enable kdc_enable set_rcvar_obsolete kerberos5_server kdc_program set_rcvar_obsolete kerberos5_server_flags kdc_flags -kdc_start_precmd() -{ - - command_args="$command_args --detach" -} - load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/keyserv b/libexec/rc/rc.d/keyserv --- a/libexec/rc/rc.d/keyserv +++ b/libexec/rc/rc.d/keyserv @@ -17,6 +17,8 @@ command="/usr/sbin/${name}" start_precmd="keyserv_prestart" +: ${keyserv_svcj_options:="net_basic"} + keyserv_prestart() { force_depend rpcbind || return 1 diff --git a/libexec/rc/rc.d/kfd b/libexec/rc/rc.d/kfd --- a/libexec/rc/rc.d/kfd +++ b/libexec/rc/rc.d/kfd @@ -11,13 +11,9 @@ name=kfd desc="Receive forwarded tickets" rcvar=${name}_enable -start_precmd=${name}_start_precmd +command_args="$command_args -i &" -kfd_start_precmd() -{ - - command_args="$command_args -i &" -} +: ${kfd_svcj_options:="net_basic"} load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/kld b/libexec/rc/rc.d/kld --- a/libexec/rc/rc.d/kld +++ b/libexec/rc/rc.d/kld @@ -51,4 +51,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +kld_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/kldxref b/libexec/rc/rc.d/kldxref --- a/libexec/rc/rc.d/kldxref +++ b/libexec/rc/rc.d/kldxref @@ -33,4 +33,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +kldxref_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/kpasswdd b/libexec/rc/rc.d/kpasswdd --- a/libexec/rc/rc.d/kpasswdd +++ b/libexec/rc/rc.d/kpasswdd @@ -12,17 +12,13 @@ desc="Kerberos 5 password changing" rcvar=${name}_enable required_vars=kdc_enable -start_precmd=${name}_start_precmd +command_args="$command_args &" + +: ${kpasswdd_svcj_options:="net_basic"} set_rcvar_obsolete kpasswdd_server_enable kpasswdd_enable set_rcvar_obsolete kpasswdd_server kpasswdd_program set_rcvar_obsolete kerberos5_server_enable kdc_enable -kpasswdd_start_precmd() -{ - - command_args="$command_args &" -} - load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/ldconfig b/libexec/rc/rc.d/ldconfig --- a/libexec/rc/rc.d/ldconfig +++ b/libexec/rc/rc.d/ldconfig @@ -69,4 +69,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ldconfig_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/linux b/libexec/rc/rc.d/linux --- a/libexec/rc/rc.d/linux +++ b/libexec/rc/rc.d/linux @@ -81,4 +81,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: kernel modules and FS-mounting +linux_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/local b/libexec/rc/rc.d/local --- a/libexec/rc/rc.d/local +++ b/libexec/rc/rc.d/local @@ -33,4 +33,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: it may contain everything +local_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/local_unbound b/libexec/rc/rc.d/local_unbound --- a/libexec/rc/rc.d/local_unbound +++ b/libexec/rc/rc.d/local_unbound @@ -35,6 +35,7 @@ : ${local_unbound_tls:=} : ${local_unbound_pidfile:=${pidfile}} pidfile=${local_unbound_pidfile} +: ${local_unbound_svcj_options:="net_basic"} do_as_unbound() { diff --git a/libexec/rc/rc.d/localpkg b/libexec/rc/rc.d/localpkg --- a/libexec/rc/rc.d/localpkg +++ b/libexec/rc/rc.d/localpkg @@ -66,6 +66,8 @@ (set -T trap 'exit 1' 2 ${script} stop) + elif [ -f "${script}" -o -L "${script}" ]; then + echo -n " (skipping ${script##*/}, not executable)" fi done [ -n "${initdone}" ] && echo '.' @@ -74,4 +76,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: other rc.d scripts need to decide on their own +localpkg_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/lockd b/libexec/rc/rc.d/lockd --- a/libexec/rc/rc.d/lockd +++ b/libexec/rc/rc.d/lockd @@ -16,6 +16,8 @@ command="/usr/sbin/rpc.${name}" start_precmd='lockd_precmd' +: ${lockd_svcj_options:="net_basic"} + # Make sure that we are either an NFS client or server, and that we get # the correct flags from rc.conf(5). # @@ -23,9 +25,10 @@ { force_depend rpcbind || return 1 force_depend statd rpc_statd || return 1 - - rc_flags=${rpc_lockd_flags} } load_rc_config $name + +rc_flags=${rpc_lockd_flags} + run_rc_command $1 diff --git a/libexec/rc/rc.d/lpd b/libexec/rc/rc.d/lpd --- a/libexec/rc/rc.d/lpd +++ b/libexec/rc/rc.d/lpd @@ -16,6 +16,8 @@ required_files="/etc/printcap" start_precmd="chkprintcap" +: ${lpd_svcj_options:="net_basic"} + chkprintcap() { if checkyesno chkprintcap_enable ; then diff --git a/libexec/rc/rc.d/mdconfig b/libexec/rc/rc.d/mdconfig --- a/libexec/rc/rc.d/mdconfig +++ b/libexec/rc/rc.d/mdconfig @@ -181,6 +181,9 @@ load_rc_config $name +# doesn't make sense to run in a svcj: config setting +mdconfig_svcj="NO" + if [ -z "${_mdconfig_list}" ]; then for _mdconfig_config in `list_vars mdconfig_md[0-9]\* | sort_lite -nk1.12` diff --git a/libexec/rc/rc.d/mdconfig2 b/libexec/rc/rc.d/mdconfig2 --- a/libexec/rc/rc.d/mdconfig2 +++ b/libexec/rc/rc.d/mdconfig2 @@ -211,6 +211,9 @@ load_rc_config $name +# doesn't make sense to run in a svcj: config setting +mdconfig2_svcj="NO" + if [ -z "${_mdconfig2_list}" ]; then for _mdconfig2_config in `list_vars mdconfig_md[0-9]\* | sort_lite -nk1.12` diff --git a/libexec/rc/rc.d/mixer b/libexec/rc/rc.d/mixer --- a/libexec/rc/rc.d/mixer +++ b/libexec/rc/rc.d/mixer @@ -100,4 +100,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +mixer_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/motd b/libexec/rc/rc.d/motd --- a/libexec/rc/rc.d/motd +++ b/libexec/rc/rc.d/motd @@ -55,4 +55,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +motd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountcritlocal b/libexec/rc/rc.d/mountcritlocal --- a/libexec/rc/rc.d/mountcritlocal +++ b/libexec/rc/rc.d/mountcritlocal @@ -60,4 +60,8 @@ } load_rc_config $name + +# mounting shall not be performed in a svcj +mountcritlocal_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountcritremote b/libexec/rc/rc.d/mountcritremote --- a/libexec/rc/rc.d/mountcritremote +++ b/libexec/rc/rc.d/mountcritremote @@ -86,4 +86,8 @@ } load_rc_config $name + +# mounting shall not be performed in a svcj +mountcritremote_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountd b/libexec/rc/rc.d/mountd --- a/libexec/rc/rc.d/mountd +++ b/libexec/rc/rc.d/mountd @@ -17,6 +17,8 @@ start_precmd="mountd_precmd" extra_commands="reload" +: ${mountd_svcj_options:="net_basic nfsd"} + mountd_precmd() { @@ -68,4 +70,8 @@ } load_rc_config $name + +# precmd is not compatible with svcj +mountd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountlate b/libexec/rc/rc.d/mountlate --- a/libexec/rc/rc.d/mountlate +++ b/libexec/rc/rc.d/mountlate @@ -44,4 +44,8 @@ } load_rc_config $name + +# mounting shall not be performed in a svcj +mountlate_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/moused b/libexec/rc/rc.d/moused --- a/libexec/rc/rc.d/moused +++ b/libexec/rc/rc.d/moused @@ -18,6 +18,11 @@ pidarg= load_rc_config $name +# doesn't make sense to run in a svcj: nojail keyword +# XXX: How does moused communiacte with the kernel? +# XXX: Does the kernel prevent this communcation in jails? +moused_svcj="NO" + # Set the pid file and variable name. The second argument, if it exists, is # expected to be the mouse device. # diff --git a/libexec/rc/rc.d/msgs b/libexec/rc/rc.d/msgs --- a/libexec/rc/rc.d/msgs +++ b/libexec/rc/rc.d/msgs @@ -22,4 +22,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +msgs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/natd b/libexec/rc/rc.d/natd --- a/libexec/rc/rc.d/natd +++ b/libexec/rc/rc.d/natd @@ -40,4 +40,8 @@ } load_rc_config $name + +# precmd is not compatible with svcj +natd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/netif b/libexec/rc/rc.d/netif --- a/libexec/rc/rc.d/netif +++ b/libexec/rc/rc.d/netif @@ -268,4 +268,8 @@ # This is needed for mfsBSD at least. load_rc_config network load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +netif_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/netoptions b/libexec/rc/rc.d/netoptions --- a/libexec/rc/rc.d/netoptions +++ b/libexec/rc/rc.d/netoptions @@ -122,4 +122,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +netoptions_svcj="NO" + run_rc_command $1 diff --git a/libexec/rc/rc.d/netwait b/libexec/rc/rc.d/netwait --- a/libexec/rc/rc.d/netwait +++ b/libexec/rc/rc.d/netwait @@ -111,4 +111,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +netwait_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/newsyslog b/libexec/rc/rc.d/newsyslog --- a/libexec/rc/rc.d/newsyslog +++ b/libexec/rc/rc.d/newsyslog @@ -23,4 +23,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: needs to send signals outside the svcj +newsyslog_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfscbd b/libexec/rc/rc.d/nfscbd --- a/libexec/rc/rc.d/nfscbd +++ b/libexec/rc/rc.d/nfscbd @@ -14,6 +14,8 @@ command="/usr/sbin/${name}" sig_stop="USR1" +: ${nfscbd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfsclient b/libexec/rc/rc.d/nfsclient --- a/libexec/rc/rc.d/nfsclient +++ b/libexec/rc/rc.d/nfsclient @@ -46,4 +46,8 @@ fi } load_rc_config $name + +# no unmounting in svcj +nfsclient_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfsd b/libexec/rc/rc.d/nfsd --- a/libexec/rc/rc.d/nfsd +++ b/libexec/rc/rc.d/nfsd @@ -14,7 +14,11 @@ command="/usr/sbin/${name}" nfs_server_vhost="" +: ${nfsd_svcj_options:="net_basic nfsd"} + load_rc_config $name +# precmd is not compatible with svcj +nfsd_svcj="NO" start_precmd="nfsd_precmd" sig_stop="USR1" diff --git a/libexec/rc/rc.d/nfsuserd b/libexec/rc/rc.d/nfsuserd --- a/libexec/rc/rc.d/nfsuserd +++ b/libexec/rc/rc.d/nfsuserd @@ -14,7 +14,11 @@ command="/usr/sbin/${name}" sig_stop="USR1" +: ${nfsuserd_svcj_options:="net_basic nfsd"} + load_rc_config $name +# precmd is not compatible with svcj +nfsuserd_svcj="NO" start_precmd="nfsuserd_precmd" nfsuserd_precmd() diff --git a/libexec/rc/rc.d/nisdomain b/libexec/rc/rc.d/nisdomain --- a/libexec/rc/rc.d/nisdomain +++ b/libexec/rc/rc.d/nisdomain @@ -51,4 +51,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +nisdomain_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/nscd b/libexec/rc/rc.d/nscd --- a/libexec/rc/rc.d/nscd +++ b/libexec/rc/rc.d/nscd @@ -21,6 +21,9 @@ desc="Name-service caching daemon" rcvar="nscd_enable" +# no svcj options needed +: ${nscd_svcj_options:=""} + command=/usr/sbin/nscd extra_commands="flush" flush_cmd="${command} -I all" diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd --- a/libexec/rc/rc.d/ntpd +++ b/libexec/rc/rc.d/ntpd @@ -28,6 +28,9 @@ load_rc_config $name +# doesn't make sense to run in a svcj: nojail keyword +ntpd_svcj="NO" + leapfile_is_disabled() { # Return true (0) if automatic leapfile handling is disabled. case "$ntp_db_leapfile" in diff --git a/libexec/rc/rc.d/ntpdate b/libexec/rc/rc.d/ntpdate --- a/libexec/rc/rc.d/ntpdate +++ b/libexec/rc/rc.d/ntpdate @@ -31,4 +31,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +ntpdate_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/opensm b/libexec/rc/rc.d/opensm --- a/libexec/rc/rc.d/opensm +++ b/libexec/rc/rc.d/opensm @@ -12,6 +12,8 @@ start_cmd="opensm_start" rcvar="opensm_enable" +: ${opensm_svcj_options:="net_basic"} + command=/usr/bin/opensm command_args="-B" diff --git a/libexec/rc/rc.d/os-release b/libexec/rc/rc.d/os-release --- a/libexec/rc/rc.d/os-release +++ b/libexec/rc/rc.d/os-release @@ -41,4 +41,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +osrelease_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/pf b/libexec/rc/rc.d/pf --- a/libexec/rc/rc.d/pf +++ b/libexec/rc/rc.d/pf @@ -22,6 +22,9 @@ required_files="$pf_rules" required_modules="pf" +# doesn't make sense to run in a svcj: config setting +pf_svcj="NO" + pf_fallback() { warn "Unable to load $pf_rules." diff --git a/libexec/rc/rc.d/pflog b/libexec/rc/rc.d/pflog --- a/libexec/rc/rc.d/pflog +++ b/libexec/rc/rc.d/pflog @@ -17,6 +17,9 @@ stop_postcmd="pflog_poststop" extra_commands="reload resync" +# no svcj options needed +: ${pflog_svcj_options:=""} + # for backward compatibility resync_cmd="pflog_resync" @@ -70,6 +73,9 @@ load_rc_config $name +# precmd is not compatible with svcj +pflog_svcj="NO" + # Check if spawning multiple pflogd and told what to spawn if [ -n "$2" ]; then # Set required variables diff --git a/libexec/rc/rc.d/pfsync b/libexec/rc/rc.d/pfsync --- a/libexec/rc/rc.d/pfsync +++ b/libexec/rc/rc.d/pfsync @@ -45,4 +45,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +pfsync_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/power_profile b/libexec/rc/rc.d/power_profile --- a/libexec/rc/rc.d/power_profile +++ b/libexec/rc/rc.d/power_profile @@ -62,6 +62,9 @@ fi load_rc_config $name +# doesn't make sense to run in a svcj: privileged operations +power_profile_svcj="NO" + # Find the next state (performance or economy). state=$1 case ${state} in diff --git a/libexec/rc/rc.d/powerd b/libexec/rc/rc.d/powerd --- a/libexec/rc/rc.d/powerd +++ b/libexec/rc/rc.d/powerd @@ -15,4 +15,8 @@ command="/usr/sbin/${name}" load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +powerd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ppp b/libexec/rc/rc.d/ppp --- a/libexec/rc/rc.d/ppp +++ b/libexec/rc/rc.d/ppp @@ -131,4 +131,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ppp_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/pppoed b/libexec/rc/rc.d/pppoed --- a/libexec/rc/rc.d/pppoed +++ b/libexec/rc/rc.d/pppoed @@ -30,4 +30,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +pppoed_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/pwcheck b/libexec/rc/rc.d/pwcheck --- a/libexec/rc/rc.d/pwcheck +++ b/libexec/rc/rc.d/pwcheck @@ -24,4 +24,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +pwcheck_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/quota b/libexec/rc/rc.d/quota --- a/libexec/rc/rc.d/quota +++ b/libexec/rc/rc.d/quota @@ -18,6 +18,9 @@ start_cmd="quota_start" stop_cmd="/usr/sbin/quotaoff ${quotaoff_flags}" +# doesn't make sense to run in a svcj: config setting +quota_svcj="NO" + quota_start() { if checkyesno check_quotas; then diff --git a/libexec/rc/rc.d/random b/libexec/rc/rc.d/random --- a/libexec/rc/rc.d/random +++ b/libexec/rc/rc.d/random @@ -151,4 +151,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +random_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/rarpd b/libexec/rc/rc.d/rarpd --- a/libexec/rc/rc.d/rarpd +++ b/libexec/rc/rc.d/rarpd @@ -15,6 +15,8 @@ command="/usr/sbin/${name}" required_files="/etc/ethers" +: ${rarpd_svcj_options:="net_basic"} + load_rc_config $name pidfile="${rarpd_pidfile:-/var/run/${name}.pid}" diff --git a/libexec/rc/rc.d/rctl b/libexec/rc/rc.d/rctl --- a/libexec/rc/rc.d/rctl +++ b/libexec/rc/rc.d/rctl @@ -38,4 +38,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +rctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/resolv b/libexec/rc/rc.d/resolv --- a/libexec/rc/rc.d/resolv +++ b/libexec/rc/rc.d/resolv @@ -59,4 +59,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +resolv_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/rfcomm_pppd_server b/libexec/rc/rc.d/rfcomm_pppd_server --- a/libexec/rc/rc.d/rfcomm_pppd_server +++ b/libexec/rc/rc.d/rfcomm_pppd_server @@ -119,4 +119,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +rfcomm_pppd_server_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/root b/libexec/rc/rc.d/root --- a/libexec/rc/rc.d/root +++ b/libexec/rc/rc.d/root @@ -39,4 +39,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: mounting / config setting +root_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/route6d b/libexec/rc/rc.d/route6d --- a/libexec/rc/rc.d/route6d +++ b/libexec/rc/rc.d/route6d @@ -12,6 +12,8 @@ desc="RIP6 routing daemon" rcvar="route6d_enable" +: ${route6d_svcj_options:="net_basic"} + set_rcvar_obsolete ipv6_router_enable route6d_enable set_rcvar_obsolete ipv6_router route6d_program set_rcvar_obsolete ipv6_router_flags route6d_flags diff --git a/libexec/rc/rc.d/routed b/libexec/rc/rc.d/routed --- a/libexec/rc/rc.d/routed +++ b/libexec/rc/rc.d/routed @@ -13,6 +13,8 @@ desc="Network RIP and router discovery routing daemon" rcvar="routed_enable" +: ${routed_svcj_options:="net_basic"} + set_rcvar_obsolete router_enable routed_enable set_rcvar_obsolete router routed_program set_rcvar_obsolete router_flags routed_flags diff --git a/libexec/rc/rc.d/routing b/libexec/rc/rc.d/routing --- a/libexec/rc/rc.d/routing +++ b/libexec/rc/rc.d/routing @@ -435,4 +435,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +routing_svcj="NO" + run_rc_command "$@" diff --git a/libexec/rc/rc.d/rpcbind b/libexec/rc/rc.d/rpcbind --- a/libexec/rc/rc.d/rpcbind +++ b/libexec/rc/rc.d/rpcbind @@ -13,6 +13,8 @@ rcvar="rpcbind_enable" command="/usr/sbin/${name}" +: ${rpcbind_svcj_options:="net_basic"} + stop_postcmd='/bin/rm -f /var/run/rpcbind.*' load_rc_config $name diff --git a/libexec/rc/rc.d/rtadvd b/libexec/rc/rc.d/rtadvd --- a/libexec/rc/rc.d/rtadvd +++ b/libexec/rc/rc.d/rtadvd @@ -18,6 +18,8 @@ reload_cmd="rtadvd_reload" start_precmd="rtadvd_precmd" +: ${rtadvd_svcj_options:="net_basic"} + rtadvd_precmd() { # This should be enabled with a great care. @@ -69,4 +71,7 @@ } load_rc_config $name + +# precmd is not compatible with svcj +rtadvd_svcj="NO" run_rc_command "$1" diff --git a/libexec/rc/rc.d/rtsold b/libexec/rc/rc.d/rtsold --- a/libexec/rc/rc.d/rtsold +++ b/libexec/rc/rc.d/rtsold @@ -16,6 +16,8 @@ pidfile="/var/run/${name}.pid" start_postcmd="rtsold_poststart" +: ${rtsold_svcj_options:="net_basic"} + rtsold_poststart() { # wait for DAD diff --git a/libexec/rc/rc.d/rwho b/libexec/rc/rc.d/rwho --- a/libexec/rc/rc.d/rwho +++ b/libexec/rc/rc.d/rwho @@ -14,5 +14,7 @@ rcvar="rwhod_enable" command="/usr/sbin/${name}" +: ${rwhod_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/savecore b/libexec/rc/rc.d/savecore --- a/libexec/rc/rc.d/savecore +++ b/libexec/rc/rc.d/savecore @@ -78,4 +78,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +savecore_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/sdpd b/libexec/rc/rc.d/sdpd --- a/libexec/rc/rc.d/sdpd +++ b/libexec/rc/rc.d/sdpd @@ -21,4 +21,7 @@ user="${sdpd_username:-nobody}" command_args="-c ${control} -g ${group} -u ${user}" +# doesn't make sense to run in a svcj: nojail keyword +sdpd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/securelevel b/libexec/rc/rc.d/securelevel --- a/libexec/rc/rc.d/securelevel +++ b/libexec/rc/rc.d/securelevel @@ -22,4 +22,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +securelevel_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/sendmail b/libexec/rc/rc.d/sendmail --- a/libexec/rc/rc.d/sendmail +++ b/libexec/rc/rc.d/sendmail @@ -19,6 +19,8 @@ required_files="/etc/mail/${name}.cf" start_precmd="sendmail_precmd" +: ${sendmail_svcj_options:="net_basic"} + load_rc_config $name command=${sendmail_program:-/usr/sbin/${name}} pidfile=${sendmail_pidfile:-/var/run/${name}.pid} diff --git a/libexec/rc/rc.d/sshd b/libexec/rc/rc.d/sshd --- a/libexec/rc/rc.d/sshd +++ b/libexec/rc/rc.d/sshd @@ -25,6 +25,12 @@ : ${sshd_ecdsa_enable:="yes"} : ${sshd_ed25519_enable:="yes"} +# sshd in a jail would not see other jails. As such exclude it from +# svcj_all_enable="YES" by setting sshd_svcj to NO. This allows to +# enable it in rc.conf. +: ${sshd_svcj:="NO"} +: ${sshd_svcj_options:="net_basic"} + sshd_keygen_alg() { local alg=$1 diff --git a/libexec/rc/rc.d/statd b/libexec/rc/rc.d/statd --- a/libexec/rc/rc.d/statd +++ b/libexec/rc/rc.d/statd @@ -16,15 +16,18 @@ command="/usr/sbin/rpc.${name}" start_precmd='statd_precmd' +: ${statd_svcj_options:="net_basic"} + # Make sure that we are either an NFS client or server, and that we get # the correct flags from rc.conf(5). # statd_precmd() { force_depend rpcbind || return 1 - - rc_flags=${rpc_statd_flags} } load_rc_config $name + +rc_flags=${rpc_statd_flags} + run_rc_command $1 diff --git a/libexec/rc/rc.d/static_arp b/libexec/rc/rc.d/static_arp --- a/libexec/rc/rc.d/static_arp +++ b/libexec/rc/rc.d/static_arp @@ -70,4 +70,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +statc_arp_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/static_ndp b/libexec/rc/rc.d/static_ndp --- a/libexec/rc/rc.d/static_ndp +++ b/libexec/rc/rc.d/static_ndp @@ -69,4 +69,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +static_ndp_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/stf b/libexec/rc/rc.d/stf --- a/libexec/rc/rc.d/stf +++ b/libexec/rc/rc.d/stf @@ -75,4 +75,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +stf_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/swap b/libexec/rc/rc.d/swap --- a/libexec/rc/rc.d/swap +++ b/libexec/rc/rc.d/swap @@ -14,4 +14,8 @@ stop_cmd=':' load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +swap_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/swaplate b/libexec/rc/rc.d/swaplate --- a/libexec/rc/rc.d/swaplate +++ b/libexec/rc/rc.d/swaplate @@ -14,4 +14,8 @@ stop_cmd='/sbin/swapoff -aLq' load_rc_config swap + +# doesn't make sense to run in a svcj: privileged operations +swaplate_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/syscons b/libexec/rc/rc.d/syscons --- a/libexec/rc/rc.d/syscons +++ b/libexec/rc/rc.d/syscons @@ -396,5 +396,9 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +syscons_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/sysctl b/libexec/rc/rc.d/sysctl --- a/libexec/rc/rc.d/sysctl +++ b/libexec/rc/rc.d/sysctl @@ -34,4 +34,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +sysctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/sysctl_lastload b/libexec/rc/rc.d/sysctl_lastload --- a/libexec/rc/rc.d/sysctl_lastload +++ b/libexec/rc/rc.d/sysctl_lastload @@ -14,4 +14,8 @@ stop_cmd=":" load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +sysctl_lastload_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/syslogd b/libexec/rc/rc.d/syslogd --- a/libexec/rc/rc.d/syslogd +++ b/libexec/rc/rc.d/syslogd @@ -22,6 +22,8 @@ sockfile="/var/run/syslogd.sockets" evalargs="rc_flags=\"\`set_socketlist\` \$rc_flags\"" +: ${syslogd_svcj_options:="net_basic"} + syslogd_precmd() { local _l _ldir diff --git a/libexec/rc/rc.d/sysvipc b/libexec/rc/rc.d/sysvipc --- a/libexec/rc/rc.d/sysvipc +++ b/libexec/rc/rc.d/sysvipc @@ -22,4 +22,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +sysvipc_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/tlsclntd b/libexec/rc/rc.d/tlsclntd --- a/libexec/rc/rc.d/tlsclntd +++ b/libexec/rc/rc.d/tlsclntd @@ -15,6 +15,8 @@ command="/usr/sbin/rpc.${name}" pidfile="/var/run/rpc.${name}.pid" +: ${tlsclntd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/tlsservd b/libexec/rc/rc.d/tlsservd --- a/libexec/rc/rc.d/tlsservd +++ b/libexec/rc/rc.d/tlsservd @@ -14,6 +14,8 @@ rcvar="tlsservd_enable" command="/usr/sbin/rpc.${name}" +: ${tlsservd_svcj_options:="net_basic nfsd"} + pidfile="/var/run/rpc.${name}.pid" required_files="/etc/rpc.tlsservd/cert.pem /etc/rpc.tlsservd/certkey.pem" extra_commands="reload" diff --git a/libexec/rc/rc.d/tmp b/libexec/rc/rc.d/tmp --- a/libexec/rc/rc.d/tmp +++ b/libexec/rc/rc.d/tmp @@ -37,6 +37,9 @@ load_rc_config $name +# doesn't make sense to run in a svcj: mounting +tmp_svcj="NO" + mount_tmpmfs() { while read line; do diff --git a/libexec/rc/rc.d/ubthidhci b/libexec/rc/rc.d/ubthidhci --- a/libexec/rc/rc.d/ubthidhci +++ b/libexec/rc/rc.d/ubthidhci @@ -28,6 +28,10 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ubthidhci_svcj="NO" + # # We discard the output because: # 1) we don't want it to show up during boot; and diff --git a/libexec/rc/rc.d/ugidfw b/libexec/rc/rc.d/ugidfw --- a/libexec/rc/rc.d/ugidfw +++ b/libexec/rc/rc.d/ugidfw @@ -48,4 +48,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ugidfw_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/utx b/libexec/rc/rc.d/utx --- a/libexec/rc/rc.d/utx +++ b/libexec/rc/rc.d/utx @@ -16,4 +16,8 @@ stop_cmd="utx shutdown" load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +utx_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/var b/libexec/rc/rc.d/var --- a/libexec/rc/rc.d/var +++ b/libexec/rc/rc.d/var @@ -39,6 +39,9 @@ load_rc_config $name +# doesn't make sense to run in a svcj: mounting +var_svcj="NO" + populate_var() { /usr/sbin/mtree -deiU -f /etc/mtree/BSD.var.dist -p /var > /dev/null diff --git a/libexec/rc/rc.d/var_run b/libexec/rc/rc.d/var_run --- a/libexec/rc/rc.d/var_run +++ b/libexec/rc/rc.d/var_run @@ -17,6 +17,9 @@ load_rc_config $name +# doesn't make sense to run in a svcj: config setting +var_run_svcj="NO" + # Set defaults : ${var_run_enable:="NO"} : ${var_run_mtree:="/var/db/mtree/BSD.var-run.mtree"} diff --git a/libexec/rc/rc.d/virecover b/libexec/rc/rc.d/virecover --- a/libexec/rc/rc.d/virecover +++ b/libexec/rc/rc.d/virecover @@ -62,4 +62,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +virecover_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/watchdogd b/libexec/rc/rc.d/watchdogd --- a/libexec/rc/rc.d/watchdogd +++ b/libexec/rc/rc.d/watchdogd @@ -88,4 +88,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +watchdogd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/wpa_supplicant b/libexec/rc/rc.d/wpa_supplicant --- a/libexec/rc/rc.d/wpa_supplicant +++ b/libexec/rc/rc.d/wpa_supplicant @@ -33,4 +33,7 @@ required_files=$conf_file required_modules="wlan_wep wlan_tkip wlan_ccmp" +# doesn't make sense to run in a svcj: nojail keyword +wpa_supplicant_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ypbind b/libexec/rc/rc.d/ypbind --- a/libexec/rc/rc.d/ypbind +++ b/libexec/rc/rc.d/ypbind @@ -13,6 +13,8 @@ desc="NIS domain binding daemon" rcvar="nis_client_enable" +: ${ypbind_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/${name}" diff --git a/libexec/rc/rc.d/ypldap b/libexec/rc/rc.d/ypldap --- a/libexec/rc/rc.d/ypldap +++ b/libexec/rc/rc.d/ypldap @@ -12,6 +12,8 @@ name="ypldap" rcvar="nis_ypldap_enable" +: ${ypldap_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/${name}" diff --git a/libexec/rc/rc.d/yppasswdd b/libexec/rc/rc.d/yppasswdd --- a/libexec/rc/rc.d/yppasswdd +++ b/libexec/rc/rc.d/yppasswdd @@ -13,6 +13,8 @@ desc="Server for updating NIS passwords" rcvar="nis_yppasswdd_enable" +: ${yppasswdd_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/rpc.${name}" diff --git a/libexec/rc/rc.d/ypserv b/libexec/rc/rc.d/ypserv --- a/libexec/rc/rc.d/ypserv +++ b/libexec/rc/rc.d/ypserv @@ -12,6 +12,8 @@ desc="NIS database server" rcvar="nis_server_enable" +: ${ypserv_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/${name}" diff --git a/libexec/rc/rc.d/ypset b/libexec/rc/rc.d/ypset --- a/libexec/rc/rc.d/ypset +++ b/libexec/rc/rc.d/ypset @@ -14,6 +14,9 @@ load_rc_config $name +# doesn't make sense to run in a svcj: config setting +ypset_svcj="NO" + command="/usr/sbin/${name}" command_args="${nis_ypset_flags}" diff --git a/libexec/rc/rc.d/ypupdated b/libexec/rc/rc.d/ypupdated --- a/libexec/rc/rc.d/ypupdated +++ b/libexec/rc/rc.d/ypupdated @@ -11,6 +11,8 @@ name="ypupdated" rcvar="rpc_ypupdated_enable" +: ${ypupdated_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/rpc.${name}" diff --git a/libexec/rc/rc.d/ypxfrd b/libexec/rc/rc.d/ypxfrd --- a/libexec/rc/rc.d/ypxfrd +++ b/libexec/rc/rc.d/ypxfrd @@ -12,6 +12,8 @@ desc="NIS map transfer server" rcvar="nis_ypxfrd_enable" +: ${ypxfrd_svcj_options:="net_basic"} + load_rc_config $name command="/usr/sbin/rpc.${name}" diff --git a/libexec/rc/rc.d/zfs b/libexec/rc/rc.d/zfs --- a/libexec/rc/rc.d/zfs +++ b/libexec/rc/rc.d/zfs @@ -75,4 +75,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: mounting / config setting +zfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfsbe b/libexec/rc/rc.d/zfsbe --- a/libexec/rc/rc.d/zfsbe +++ b/libexec/rc/rc.d/zfsbe @@ -85,4 +85,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: mounting / config setting +zfsbe_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfsd b/libexec/rc/rc.d/zfsd --- a/libexec/rc/rc.d/zfsd +++ b/libexec/rc/rc.d/zfsd @@ -13,4 +13,8 @@ command="/usr/sbin/${name}" load_rc_config $name + +# doesn't make sense to run in a svcj +zfsd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfskeys b/libexec/rc/rc.d/zfskeys --- a/libexec/rc/rc.d/zfskeys +++ b/libexec/rc/rc.d/zfskeys @@ -116,4 +116,8 @@ zfskeys_args=$(encode_args "$@") load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +zfskeys_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zpool b/libexec/rc/rc.d/zpool --- a/libexec/rc/rc.d/zpool +++ b/libexec/rc/rc.d/zpool @@ -34,4 +34,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj +zpool_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zpoolreguid b/libexec/rc/rc.d/zpoolreguid --- a/libexec/rc/rc.d/zpoolreguid +++ b/libexec/rc/rc.d/zpoolreguid @@ -22,4 +22,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +zpoolreguid_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zpoolupgrade b/libexec/rc/rc.d/zpoolupgrade --- a/libexec/rc/rc.d/zpoolupgrade +++ b/libexec/rc/rc.d/zpoolupgrade @@ -22,4 +22,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +zpoolupgrade_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/zvol b/libexec/rc/rc.d/zvol --- a/libexec/rc/rc.d/zvol +++ b/libexec/rc/rc.d/zvol @@ -42,4 +42,8 @@ } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +zvol_svcj="NO" + run_rc_command "$1"