diff --git a/libexec/rc/rc.d/accounting b/libexec/rc/rc.d/accounting index 5c08f18cd2ca..1e0ece84fb15 100755 --- a/libexec/rc/rc.d/accounting +++ b/libexec/rc/rc.d/accounting @@ -1,79 +1,83 @@ #!/bin/sh # # # PROVIDE: accounting # REQUIRE: mountcritremote # BEFORE: DAEMON # KEYWORD: nojail . /etc/rc.subr name="accounting" rcvar="accounting_enable" accounting_command="/usr/sbin/accton" accounting_file="/var/account/acct" extra_commands="rotate_log" start_cmd="accounting_start" stop_cmd="accounting_stop" rotate_log_cmd="accounting_rotate_log" create_accounting_file() { install -o root -g wheel -m 0640 /dev/null "${accounting_file}" } accounting_start() { local _dir _dir="${accounting_file%/*}" if [ ! -d "$_dir" ]; then if ! mkdir -p -m 0750 "$_dir"; then err 1 "Could not create $_dir." fi fi if [ ! -e "$accounting_file" ]; then echo -n "Creating accounting file ${accounting_file}" create_accounting_file echo '.' fi echo "Turning on accounting." ${accounting_command} ${accounting_file} } accounting_stop() { echo "Turning off accounting." ${accounting_command} } accounting_rotate_log() { # Note that this function must handle being called as "onerotate_log" # (by the periodic scripts) when accounting is disabled, and handle # being called multiple times (by an admin making mistakes) without # anything having actually rotated the old .0 file out of the way. if [ -e "${accounting_file}.0" ]; then err 1 "Cannot rotate accounting log, ${accounting_file}.0 already exists." fi if [ ! -e "${accounting_file}" ]; then err 1 "Cannot rotate accounting log, ${accounting_file} does not exist." fi mv ${accounting_file} ${accounting_file}.0 if checkyesno accounting_enable; then create_accounting_file ${accounting_command} "${accounting_file}" fi } load_rc_config $name + +# doesn't make sense to run in a svcj: jail can't manipulate accounting +accounting_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/adjkerntz b/libexec/rc/rc.d/adjkerntz index 81ee596369a5..339f8add7201 100755 --- a/libexec/rc/rc.d/adjkerntz +++ b/libexec/rc/rc.d/adjkerntz @@ -1,17 +1,21 @@ #!/bin/sh # # # PROVIDE: adjkerntz # REQUIRE: FILESYSTEMS # BEFORE: netif # KEYWORD: nojail . /etc/rc.subr name="adjkerntz" start_cmd="adjkerntz -i" stop_cmd=":" load_rc_config $name + +# doesn't make sense to run in a svcj: jail can't modify kerntz +adjkerntz_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/apm b/libexec/rc/rc.d/apm index b2bde4d32d1c..3187f41c3a50 100755 --- a/libexec/rc/rc.d/apm +++ b/libexec/rc/rc.d/apm @@ -1,46 +1,50 @@ #!/bin/sh # # # PROVIDE: apm # REQUIRE: DAEMON # BEFORE: LOGIN # KEYWORD: nojail . /etc/rc.subr name="apm" desc="Advanced power management" rcvar="apm_enable" start_precmd="apm_precmd" command="/usr/sbin/${name}" start_cmd="${command} -e enable" stop_cmd="${command} -e disable" status_cmd="apm_status" apm_precmd() { case `${SYSCTL_N} hw.machine_arch` in i386) return 0 ;; esac return 1 } apm_status() { case `${command} -s` in 1) echo "APM is enabled." return 0 ;; 0) echo "APM is disabled" ;; esac return 1 } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +apm_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/apmd b/libexec/rc/rc.d/apmd index 8c6293549dc0..aeb5042342d6 100755 --- a/libexec/rc/rc.d/apmd +++ b/libexec/rc/rc.d/apmd @@ -1,37 +1,41 @@ #!/bin/sh # # # PROVIDE: apmd # REQUIRE: DAEMON apm # BEFORE: LOGIN # KEYWORD: nojail shutdown . /etc/rc.subr name="apmd" desc="Advanced power management daemon" rcvar="apmd_enable" command="/usr/sbin/${name}" start_precmd="apmd_prestart" apmd_prestart() { case `${SYSCTL_N} hw.machine_arch` in i386) force_depend apm || return 1 # Warn user about acpi apm compatibility support which # does not work with apmd. if [ ! -e /dev/apmctl ]; then warn "/dev/apmctl not found; kernel is missing apm(4)" fi ;; *) return 1 ;; esac } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +apmd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/auditd b/libexec/rc/rc.d/auditd index 90017d88ab85..caea2587a2e9 100755 --- a/libexec/rc/rc.d/auditd +++ b/libexec/rc/rc.d/auditd @@ -1,35 +1,39 @@ #!/bin/sh # # # Start up for the Audit daemon. # # PROVIDE: auditd # REQUIRE: syslogd # BEFORE: DAEMON # KEYWORD: nojail shutdown . /etc/rc.subr name="auditd" desc="Audit daemon" stop_cmd="auditd_stop" command="/usr/sbin/${name}" pidfile="/var/run/${name}.pid" rcvar="auditd_enable" command_args="${auditd_flags}" required_files="/etc/security/audit_class /etc/security/audit_control /etc/security/audit_event /etc/security/audit_user /etc/security/audit_warn" auditd_stop() { /usr/sbin/audit -t if [ -n "$rc_pid" ]; then wait_for_pids $rc_pid fi } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +auditd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/auditdistd b/libexec/rc/rc.d/auditdistd index e7ae7d64d39d..0814c2a4d2c7 100755 --- a/libexec/rc/rc.d/auditdistd +++ b/libexec/rc/rc.d/auditdistd @@ -1,21 +1,23 @@ #!/bin/sh # # # PROVIDE: auditdistd # REQUIRE: auditd # BEFORE: DAEMON # KEYWORD: nojail shutdown . /etc/rc.subr name="auditdistd" desc="Audit trail files distribution daemon" rcvar="${name}_enable" pidfile="/var/run/${name}.pid" command="/usr/sbin/${name}" required_files="/etc/security/${name}.conf" extra_commands="reload" +: ${auditdistd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/automount b/libexec/rc/rc.d/automount index b01928651ec4..19f367837189 100755 --- a/libexec/rc/rc.d/automount +++ b/libexec/rc/rc.d/automount @@ -1,31 +1,35 @@ #!/bin/sh # # # PROVIDE: automount # REQUIRE: nfsclient automountd # BEFORE: DAEMON # KEYWORD: nojail shutdown . /etc/rc.subr name="automount" rcvar="autofs_enable" start_cmd="automount_start" stop_cmd="automount_stop" required_modules="autofs" automount_start() { /usr/sbin/automount ${automount_flags} } automount_stop() { /sbin/umount -At autofs } load_rc_config $name + +# mounting shall not be performed in a svcj +automount_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/automountd b/libexec/rc/rc.d/automountd index 4bc6f7d01862..b809e9dfc8ad 100755 --- a/libexec/rc/rc.d/automountd +++ b/libexec/rc/rc.d/automountd @@ -1,20 +1,24 @@ #!/bin/sh # # # PROVIDE: automountd # REQUIRE: rpcbind ypset nfsclient FILESYSTEMS ldconfig # BEFORE: DAEMON # KEYWORD: nojail . /etc/rc.subr name="automountd" desc="daemon handling autofs mount requests" rcvar="autofs_enable" pidfile="/var/run/${name}.pid" command="/usr/sbin/${name}" required_modules="autofs" load_rc_config $name + +# mounting shall not be performed in a svcj +automountd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/autounmountd b/libexec/rc/rc.d/autounmountd index c939c6d8d011..1d8b3bfa354f 100755 --- a/libexec/rc/rc.d/autounmountd +++ b/libexec/rc/rc.d/autounmountd @@ -1,19 +1,23 @@ #!/bin/sh # # # PROVIDE: autounmountd # REQUIRE: FILESYSTEMS # BEFORE: DAEMON # KEYWORD: nojail . /etc/rc.subr name="autounmountd" desc="daemon unmounting automounted filesystems" rcvar="autofs_enable" pidfile="/var/run/${name}.pid" command="/usr/sbin/${name}" load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +autounmountd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/bgfsck b/libexec/rc/rc.d/bgfsck index 24753f9f561f..dd5c330c3d11 100755 --- a/libexec/rc/rc.d/bgfsck +++ b/libexec/rc/rc.d/bgfsck @@ -1,49 +1,53 @@ #!/bin/sh # # # PROVIDE: bgfsck # REQUIRE: cron devfs syslogd # KEYWORD: nojail . /etc/rc.subr name="background_fsck" desc="Run fsck in background" rcvar="background_fsck" start_cmd="bgfsck_start" start_precmd="bgfsck_start_precmd" stop_cmd=":" bgfsck_start_precmd() { if [ $($ID -u) != 0 ]; then err 1 "Must be root." fi } bgfsck_start() { : ${background_fsck_delay=0} if [ -n "${rc_force}" ]; then background_fsck_delay=0 fi if [ ${background_fsck_delay} -lt 0 ]; then warn "Background file system checks delayed indefinitely" return 0 fi bgfsck_msg='Starting background file system checks' if [ "${background_fsck_delay}" -gt 0 ]; then bgfsck_msg="${bgfsck_msg} in ${background_fsck_delay} seconds" fi if [ -z "${rc_force}" ]; then startmsg "${bgfsck_msg}." fi (sleep ${background_fsck_delay}; nice -4 fsck -B -p) 2>&1 | \ logger -p daemon.notice -t fsck & } load_rc_config $name + +# doesn't make sense to run in a svcj +bgfsck_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/blacklistd b/libexec/rc/rc.d/blacklistd index b58c7c8a76b6..ecbb71e41fca 100755 --- a/libexec/rc/rc.d/blacklistd +++ b/libexec/rc/rc.d/blacklistd @@ -1,44 +1,47 @@ #!/bin/sh # # Copyright (c) 2016 The FreeBSD Foundation # All rights reserved. # # This software was developed by Kurt Lidl under sponsorship from the # FreeBSD Foundation. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # PROVIDE: blacklistd # REQUIRE: netif pf . /etc/rc.subr name="blacklistd" desc="System blacklist daemon" rcvar="blacklistd_enable" command="/usr/sbin/${name}" required_files="/etc/blacklistd.conf" +# no svcj options needed +: ${blacklistd_svcj_options:=""} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/bluetooth b/libexec/rc/rc.d/bluetooth index 679d669a6191..22bd5078034d 100755 --- a/libexec/rc/rc.d/bluetooth +++ b/libexec/rc/rc.d/bluetooth @@ -1,321 +1,324 @@ #!/bin/sh # # Copyright (c) 2005 Maksim Yevmenkin # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # PROVIDE: bluetooth # REQUIRE: DAEMON # KEYWORD: nojail nostart . /etc/rc.subr name="bluetooth" desc="Bluetooth setup script" rcvar= start_cmd="bluetooth_start" stop_cmd="bluetooth_stop" required_modules="ng_bluetooth ng_hci ng_l2cap ng_btsocket" ############################################################################## # Read and parse Bluetooth device configuration file ############################################################################## bluetooth_read_conf() { local _err _file _line _namespace _file=$1 _namespace=$2 _err=0 if [ ! -e $_file ]; then return 0 fi if [ ! -f $_file -o ! -r $_file ]; then err 1 "Bluetooth configuration file $_file is not a file or not readable" fi while read _line do case "$_line" in \#*) continue ;; *) if [ -z "$_line" ]; then continue; fi if expr "$_line" : "[a-zA-Z0-9_]*=" > /dev/null 2>&1; then eval "${_namespace}${_line}" else warn "Unable to parse line \"$_line\" in $_file" _err=1 fi ;; esac done < $_file return $_err } ############################################################################## # Setup Bluetooth stack. Create and connect nodes ############################################################################## bluetooth_setup_stack() { dev=$1 shift hook=$1 shift # Setup HCI ngctl mkpeer ${dev}: hci ${hook} drv \ > /dev/null 2>&1 || return 1 ngctl name ${dev}:${hook} ${dev}hci \ > /dev/null 2>&1 || return 1 ngctl msg ${dev}hci: set_debug ${bluetooth_device_hci_debug_level} \ > /dev/null 2>&1 || return 1 # Setup L2CAP ngctl mkpeer ${dev}hci: l2cap acl hci \ > /dev/null 2>&1 || return 1 ngctl name ${dev}hci:acl ${dev}l2cap \ > /dev/null 2>&1 || return 1 ngctl msg ${dev}l2cap: set_debug ${bluetooth_device_l2cap_debug_level} \ > /dev/null 2>&1 || return 1 # Connect HCI node to the Bluetooth sockets layer ngctl connect ${dev}hci: btsock_hci_raw: raw ${dev}raw \ > /dev/null 2>&1 || return 1 # Connect L2CAP node to Bluetooth sockets layer ngctl connect ${dev}l2cap: btsock_l2c_raw: ctl ${dev}ctl \ > /dev/null 2>&1 || return 1 ngctl connect ${dev}l2cap: btsock_l2c: l2c ${dev}l2c \ > /dev/null 2>&1 || return 1 # Initilalize HCI node ${hccontrol} -n ${dev}hci reset \ > /dev/null 2>&1 || return 1 ${hccontrol} -n ${dev}hci read_bd_addr \ > /dev/null 2>&1 || return 1 ${hccontrol} -n ${dev}hci read_local_supported_features \ > /dev/null 2>&1 || return 1 ${hccontrol} -n ${dev}hci read_buffer_size \ > /dev/null 2>&1 || return 1 if checkyesno bluetooth_device_discoverable; then if checkyesno bluetooth_device_connectable; then ${hccontrol} -n ${dev}hci write_scan_enable 3 \ > /dev/null 2>&1 || return 1 else ${hccontrol} -n ${dev}hci write_scan_enable 1 \ > /dev/null 2>&1 || return 1 fi else if checkyesno bluetooth_device_connectable; then ${hccontrol} -n ${dev}hci write_scan_enable 2 \ > /dev/null 2>&1 || return 1 else ${hccontrol} -n ${dev}hci write_scan_enable 0 \ > /dev/null 2>&1 || return 1 fi fi ${hccontrol} -n ${dev}hci write_class_of_device ${bluetooth_device_class} \ > /dev/null 2>&1 || return 1 if checkyesno bluetooth_device_authentication_enable; then ${hccontrol} -n ${dev}hci write_authentication_enable 1 \ > /dev/null 2>&1 || return 1 else ${hccontrol} -n ${dev}hci write_authentication_enable 0 \ > /dev/null 2>&1 || return 1 fi case "${bluetooth_device_encryption_mode}" in [Nn][Oo][Nn][Ee]|0) ${hccontrol} -n ${dev}hci write_encryption_mode 0 \ > /dev/null 2>&1 || return 1 ;; [Pp][2][Pp]|1) ${hccontrol} -n ${dev}hci write_encryption_mode 1 \ > /dev/null 2>&1 || return 1 ;; [Al][Ll][Ll]|2) ${hccontrol} -n ${dev}hci write_encryption_mode 2 \ > /dev/null 2>&1 || return 1 ;; *) warn "Unsupported encryption mode ${bluetooth_device_encryption_mode} for device ${dev}" return 1 ;; esac if checkyesno bluetooth_device_role_switch; then ${hccontrol} -n ${dev}hci write_node_role_switch 1 \ > /dev/null 2>&1 || return 1 else ${hccontrol} -n ${dev}hci write_node_role_switch 0 \ > /dev/null 2>&1 || return 1 fi ${hccontrol} -n ${dev}hci change_local_name "${bluetooth_device_local_name}" \ > /dev/null 2>&1 || return 1 ${hccontrol} -n ${dev}hci initialize \ > /dev/null 2>&1 || return 1 return 0 } ############################################################################## # Shutdown Bluetooth stack. Destroy all nodes ############################################################################## bluetooth_shutdown_stack() { dev=$1 ngctl shutdown ${dev}hci: > /dev/null 2>&1 ngctl shutdown ${dev}l2cap: > /dev/null 2>&1 return 0 } ############################################################################## # bluetooth_start() ############################################################################## bluetooth_start() { local _file dev=$1 # Try to figure out device type by looking at device name case "${dev}" in # USB Bluetooth adapters ubt*) hook="hook" # Obtain unit number from device. unit=`expr ${dev} : 'ubt\([0-9]\{1,\}\)'` if [ -z "${unit}" ]; then err 1 "Unable to get ubt unit number: ${dev}" fi ;; # Unknown *) err 1 "Unsupported device: ${dev}" ;; esac # Be backward compatible and setup reasonable defaults bluetooth_device_authentication_enable="0" bluetooth_device_class="ff:01:0c" bluetooth_device_connectable="1" bluetooth_device_discoverable="0" bluetooth_device_encryption_mode="0" bluetooth_device_hci_debug_level="3" bluetooth_device_l2cap_debug_level="3" bluetooth_device_local_name="`/usr/bin/uname -n` (${dev})" bluetooth_device_role_switch="1" # Load default device configuration parameters _file="/etc/defaults/bluetooth.device.conf" if ! bluetooth_read_conf $_file bluetooth_device_ ; then err 1 "Unable to read default Bluetooth configuration from $_file" fi # Load device specific overrides _file="/etc/bluetooth/$dev.conf" if ! bluetooth_read_conf $_file bluetooth_device_ ; then err 1 "Unable to read Bluetooth device configuration from $_file" fi # Setup stack if ! bluetooth_setup_stack ${dev} ${hook} ; then bluetooth_shutdown_stack $dev err 1 "Unable to setup Bluetooth stack for device ${dev}" fi return 0 } ############################################################################## # bluetooth_stop() ############################################################################## bluetooth_stop() { dev=$1 # Try to figure out device type by looking at device name case "${dev}" in # USB Bluetooth adapters ubt*) ;; # Unknown *) err 1 "Unsupported device: ${dev}" ;; esac bluetooth_shutdown_stack ${dev} return 0 } ############################################################################## # Start here ############################################################################## load_rc_config $name hccontrol="${bluetooth_hccontrol:-/usr/sbin/hccontrol}" +# doesn't make sense to run in a svcj: nojail keyword +bluetooth_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/bootparams b/libexec/rc/rc.d/bootparams index ce0b8a45e672..1d435d4ee480 100755 --- a/libexec/rc/rc.d/bootparams +++ b/libexec/rc/rc.d/bootparams @@ -1,19 +1,21 @@ #!/bin/sh # # # PROVIDE: bootparams # REQUIRE: rpcbind DAEMON # BEFORE: LOGIN # KEYWORD: nojail . /etc/rc.subr name="bootparamd" desc="Boot parameter daemon" rcvar="bootparamd_enable" required_files="/etc/bootparams" command="/usr/sbin/${name}" +: ${bootparamd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/bridge b/libexec/rc/rc.d/bridge index a42d82adacc5..98d9212593e5 100755 --- a/libexec/rc/rc.d/bridge +++ b/libexec/rc/rc.d/bridge @@ -1,93 +1,97 @@ #!/bin/sh # # Copyright (c) 2006 The FreeBSD Project. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE PROJECT ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # PROVIDE: bridge # REQUIRE: netif ppp stf # KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr name="bridge" desc="Network bridge setup" start_cmd="bridge_start" stop_cmd="bridge_stop" cmd="" glob_int() { case "$1" in $2 ) true ;; * ) false ;; esac } bridge_test() { bridge=$1 iface=$2 eval interfaces=\$autobridge_${bridge} if [ -n "${interfaces}" ]; then for i in ${interfaces}; do if glob_int $iface $i ; then ifconfig $bridge $cmd $iface > /dev/null 2>&1 return fi done fi } autobridge() { if [ -n "${autobridge_interfaces}" ]; then if [ -z "$iflist" ]; then # We're operating as a general network start routine. iflist="`list_net_interfaces`" fi for br in ${autobridge_interfaces}; do for i in $iflist; do bridge_test $br $i done done fi } bridge_start() { cmd="addm" autobridge } bridge_stop() { cmd="deletem" autobridge } iflist=$2 load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +bridge_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/bsnmpd b/libexec/rc/rc.d/bsnmpd index 60c7242f0c1f..60f4f5e86617 100755 --- a/libexec/rc/rc.d/bsnmpd +++ b/libexec/rc/rc.d/bsnmpd @@ -1,19 +1,21 @@ #!/bin/sh # # # PROVIDE: bsnmpd # REQUIRE: NETWORKING syslogd # KEYWORD: nojailvnet shutdown . /etc/rc.subr name="bsnmpd" desc="Simple and extensible SNMP daemon" rcvar="bsnmpd_enable" command="/usr/sbin/${name}" +: ${bsnmpd_svcj_options:="net_basic"} + load_rc_config $name pidfile="${bsnmpd_pidfile:-/var/run/snmpd.pid}" command_args="-p ${pidfile}" run_rc_command "$1" diff --git a/libexec/rc/rc.d/bthidd b/libexec/rc/rc.d/bthidd index ec7da8181ca3..4b230406c4d5 100755 --- a/libexec/rc/rc.d/bthidd +++ b/libexec/rc/rc.d/bthidd @@ -1,53 +1,56 @@ #!/bin/sh # # # PROVIDE: bthidd # REQUIRE: DAEMON hcsecd # BEFORE: LOGIN # KEYWORD: nojail shutdown . /etc/rc.subr name="bthidd" desc="Bluetooth HID daemon" rcvar="bthidd_enable" command="/usr/sbin/${name}" pidfile="/var/run/${name}.pid" start_precmd="bthidd_prestart" evdev_enabled() { case ${bthidd_evdev_support} in [Aa][Uu][Tt][Oo]) check_kern_features evdev_support return $? ;; *) checkyesno bthidd_evdev_support return $? ;; esac } bthidd_prestart() { if evdev_enabled; then load_kld -m uinput uinput fi load_kld -m kbdmux kbdmux load_kld -m vkbd vkbd load_kld -m ng_btsocket ng_btsocket return 0 } load_rc_config $name config="${bthidd_config:-/etc/bluetooth/${name}.conf}" hids="${bthidd_hids:-/var/db/${name}.hids}" command_args="-c ${config} -H ${hids} -p ${pidfile}" if evdev_enabled; then command_args="$command_args -u" fi required_files="${config}" +# doesn't make sense to run in a svcj: nojail keyword +bthidd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ccd b/libexec/rc/rc.d/ccd index f7dde1c23f4e..5f2427e4beb0 100755 --- a/libexec/rc/rc.d/ccd +++ b/libexec/rc/rc.d/ccd @@ -1,24 +1,28 @@ #!/bin/sh # # # PROVIDE: disks # KEYWORD: nojail . /etc/rc.subr name="ccd" desc="Concatenated disks setup" start_cmd="ccd_start" stop_cmd=":" ccd_start() { if [ -f /etc/ccd.conf ]; then echo "Configuring CCD devices." ccdconfig -C fi } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ccd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cfumass b/libexec/rc/rc.d/cfumass index 79c9b0ae63d4..7d1117d7c388 100755 --- a/libexec/rc/rc.d/cfumass +++ b/libexec/rc/rc.d/cfumass @@ -1,148 +1,152 @@ #!/bin/sh # # # PROVIDE: cfumass # REQUIRE: var # KEYWORD: nojail . /etc/rc.subr name="cfumass" desc="Configure the LUN for device mode USB mass storage" rcvar="cfumass_enable" start_cmd="${name}_start" stop_cmd="${name}_stop" extra_commands="reload" reload_cmd="${name}_start" : ${cfumass_dir:=/var/cfumass} : ${cfumass_image:=/var/tmp/cfumass.img} : ${cfumass_vendor:="FreeBSD"} : ${cfumass_product:="cfumass(4)"} remove_luns() { local _lun _luns _luns=`ctladm devlist -b block -v | awk ' $1 ~ /^[0-9]+$/ { lun = $1 } $1 == "file='"${cfumass_image}"'" { print lun }'` for _lun in ${_luns}; do ctladm remove -b block -l "${_lun}" > /dev/null done } cfumass_start() { local err _files _template _new_template if [ ! -d "${cfumass_dir}" ]; then warn "${cfumass_dir} does not exist" return 1 fi _files=`find "${cfumass_dir}" -newer "${cfumass_image}" -print 2> /dev/null` if [ ! -e "${cfumass_image}" -o -n "${_files}" ]; then # The image doesn't exist or is out of date. makefs -t cd9660 -o label="${cfumass_vendor}" \ -o rockridge "${cfumass_image}" "${cfumass_dir}" err=$? if [ "${err}" -ne 0 ]; then warn "unable to create ${cfumass_image}" return "${err}" fi fi remove_luns ctladm create -b block -o file="${cfumass_image}" -o readonly=on \ -o vendor="${cfumass_vendor}" -o product="${cfumass_product}" \ -S 0 > /dev/null err=$? if [ "${err}" -ne 0 ]; then warn "unable to create CTL LUN" return "${err}" fi load_kld -e cfumass cfumass # If the template is already switched to Mass Storage, then reset # it to -1 to force the host to reenumerate it; otherwise it might # not notice the new LUN. _template=`sysctl -n hw.usb.template` if [ "${_template}" -eq 0 ]; then sysctl hw.usb.template=-1 > /dev/null err=$? if [ "${err}" -ne 0 ]; then warn "unable to set hw.usb.template sysctl" return "${err}" fi fi # Set the template number based on the current one. _template=`sysctl -n hw.usb.template` case "${_template}" in -1) _new_template="0" ;; 8) _new_template="10" ;; *) warn "hw.usb.template sysctl set to neither -1 nor 8; not changing" _new_template="" ;; esac if [ -n "${_new_template}" ]; then sysctl hw.usb.template="${_new_template}" > /dev/null err=$? if [ "${err}" -ne 0 ]; then warn "unable to set hw.usb.template sysctl to ${_new_template}" return "${err}" fi fi } cfumass_stop() { local err _template _new_template remove_luns _template=`sysctl -n hw.usb.template` case "${_template}" in 0) _new_template="-1" ;; 10) _new_template="8" ;; *) warn "hw.usb.template sysctl set to neither 0 nor 10; not changing" _new_template="" ;; esac if [ -n "${_new_template}" ]; then sysctl hw.usb.template="${_new_template}" > /dev/null err=$? if [ "${err}" -ne 0 ]; then warn "unable to set hw.usb.template sysctl to ${_new_template}" return "${err}" fi fi } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +cfumass_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cleanvar b/libexec/rc/rc.d/cleanvar index 08e647dde5ae..dce5baa6875b 100755 --- a/libexec/rc/rc.d/cleanvar +++ b/libexec/rc/rc.d/cleanvar @@ -1,46 +1,50 @@ #!/bin/sh # # # PROVIDE: cleanvar # REQUIRE: var . /etc/rc.subr name="cleanvar" desc="Purge /var directory" rcvar="cleanvar_enable" start_precmd="${name}_prestart" start_cmd="${name}_start" stop_cmd=":" extra_commands="reload" reload_cmd="${name}_start" cleanvar_prestart() { # These files must be removed only the first time this script is run # on boot. # rm -f /var/run/clean_var /var/spool/lock/clean_var } cleanvar_start() { if [ -d /var/run -a ! -f /var/run/clean_var ]; then # Skip over logging sockets find -x /var/run \( -type f -or -type s ! -name log -and ! -name logpriv \) -delete >/var/run/clean_var fi if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then find -x /var/spool/lock -type f -delete >/var/spool/lock/clean_var fi if [ -d /var/spool/uucp/.Temp ]; then find -x /var/spool/uucp/.Temp -delete fi } load_rc_config $name + +# doesn't make sense to run in a svcj +cleanvar_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cleartmp b/libexec/rc/rc.d/cleartmp index 8101474b33cf..c4dfb5367dcb 100755 --- a/libexec/rc/rc.d/cleartmp +++ b/libexec/rc/rc.d/cleartmp @@ -1,60 +1,64 @@ #!/bin/sh # # # PROVIDE: cleartmp # REQUIRE: mountcritremote tmp # BEFORE: DAEMON . /etc/rc.subr name="cleartmp" desc="Purge /tmp directory" # Disguise rcvar for the start method to run irrespective of its setting. rcvar1="clear_tmp_enable" start_cmd="${name}_start" stop_cmd=":" cleartmp_start() { # Make /tmp location variable for easier debugging. local tmp="/tmp" # X related directories to create in /tmp. local x11_socket_dirs="${tmp}/.X11-unix ${tmp}/.XIM-unix \ ${tmp}/.ICE-unix ${tmp}/.font-unix" if checkyesno ${rcvar1}; then startmsg "Clearing ${tmp}." # This is not needed for mfs, but doesn't hurt anything. # Things to note: # + The dot in ${tmp}/. is important. # + Put -prune before -exec so find never descends # into a directory that was already passed to rm -rf. # + "--" in rm arguments isn't strictly necessary, but # it can prevent foot-shooting in future. # + /tmp/lost+found is preserved, but its contents are removed. # + lost+found and quota.* in subdirectories are removed. # + .sujournal and .snap are preserved. find -x ${tmp}/. ! -name . \ ! \( -name .sujournal -type f -user root \) \ ! \( -name .snap -type d -user root \) \ ! \( -name lost+found -type d -user root \) \ ! \( \( -name quota.user -or -name quota.group \) \ -type f -user root \) \ -prune -exec rm -rf -- {} + elif checkyesno clear_tmp_X; then # Remove X lock files, since they will prevent you from # restarting X. Remove other X related directories. startmsg "Clearing ${tmp} (X related)." rm -rf ${tmp}/.X[0-9]-lock ${x11_socket_dirs} fi if checkyesno clear_tmp_X; then # Create X related directories with proper permissions. mkdir -m 1777 ${x11_socket_dirs} fi } load_rc_config $name + +# doesn't make sense to run in a svcj +cleartmp_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/cron b/libexec/rc/rc.d/cron index a37d3ceee02e..584db590d835 100755 --- a/libexec/rc/rc.d/cron +++ b/libexec/rc/rc.d/cron @@ -1,23 +1,28 @@ #!/bin/sh # # # PROVIDE: cron # REQUIRE: LOGIN FILESYSTEMS # BEFORE: securelevel # KEYWORD: shutdown . /etc/rc.subr name="cron" desc="Daemon to execute scheduled commands" rcvar="cron_enable" command="/usr/sbin/${name}" pidfile="/var/run/${name}.pid" load_rc_config $name + +# doesn't make sense to run in a svcj: in the generic case it may need +# access to more than a jails allows +cron_svcj="NO" + if checkyesno cron_dst then cron_flags="$cron_flags -s" fi run_rc_command "$1" diff --git a/libexec/rc/rc.d/ctld b/libexec/rc/rc.d/ctld index f09c032575d9..c91d7a9be921 100755 --- a/libexec/rc/rc.d/ctld +++ b/libexec/rc/rc.d/ctld @@ -1,22 +1,26 @@ #!/bin/sh # # # PROVIDE: ctld # REQUIRE: FILESYSTEMS NETWORKING # BEFORE: DAEMON # KEYWORD: nojail . /etc/rc.subr name="ctld" desc="CAM Target Layer / iSCSI target daemon" rcvar="ctld_enable" pidfile="/var/run/${name}.pid" command="/usr/sbin/${name}" required_files="/etc/ctl.conf" required_modules="ctl" extra_commands="reload" load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +ctld_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ddb b/libexec/rc/rc.d/ddb index 40235bebf90e..08a7d345c326 100755 --- a/libexec/rc/rc.d/ddb +++ b/libexec/rc/rc.d/ddb @@ -1,38 +1,41 @@ #!/bin/sh # # # PROVIDE: ddb # REQUIRE: dumpon # BEFORE: disks # KEYWORD: nojail . /etc/rc.subr name="ddb" desc="DDB kernel debugger" rcvar="ddb_enable" command="/sbin/${name}" start_precmd="ddb_prestart" start_cmd="ddb_start" stop_cmd=":" ddb_prestart() { # Silently exit if ddb is not enabled if [ -z "`sysctl -Nq debug.ddb.scripting.scripts`" ]; then return 1 fi } ddb_start() { ${command} ${command_args} } load_rc_config $name required_files="${ddb_config}" command_args="${ddb_config}" +# doesn't make sense to run in a svcj: privileged operation +ddb_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/defaultroute b/libexec/rc/rc.d/defaultroute index d8d6b2e97dcd..b96f91d36118 100755 --- a/libexec/rc/rc.d/defaultroute +++ b/libexec/rc/rc.d/defaultroute @@ -1,73 +1,77 @@ #!/bin/sh # # Wait for the default route to be up if DHCP is in use # # # PROVIDE: defaultroute # REQUIRE: devd netif stf # KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr name="defaultroute" desc="Setup default router" start_cmd="defaultroute_start" stop_cmd=":" # Does any interface have a carrier? defaultroute_carrier() { local carrier nocarrier carrier=1 for _if in ${dhcp_interfaces}; do output=`/sbin/ifconfig ${_if}` nocarrier=`expr "${output}" : '.*[[:blank:]]status: \(no carrier\)'` [ -z "${nocarrier}" ] && carrier=0 done return ${carrier} } defaultroute_start() { local nl waited afexists inet || return 0 # Return without waiting if we don't have dhcp interfaces or # if none of the dhcp interfaces is plugged in. dhcp_interfaces=`list_net_interfaces dhcp` [ -z "${dhcp_interfaces}" ] && return # Wait for a default route waited=0 while [ ${waited} -lt ${defaultroute_delay} ]; do defif=`get_default_if -inet` if [ -n "${defif}" ]; then if [ ${waited} -ne 0 ]; then echo -n "($defif)" nl=1 fi break fi if [ ${waited} -eq 0 ]; then echo -n "Waiting ${defaultroute_delay}s for the default route interface: " else echo -n . fi if [ ${waited} -eq ${defaultroute_carrier_delay} ] && ! defaultroute_carrier; then echo -n "(no carrier)" break fi nl=1 sleep 1 waited=$(($waited + 1)) done [ -n "$nl" ] && echo } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +defaultroute_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devd b/libexec/rc/rc.d/devd index 43fb9d5928dd..47326662339c 100755 --- a/libexec/rc/rc.d/devd +++ b/libexec/rc/rc.d/devd @@ -1,41 +1,45 @@ #!/bin/sh # # # PROVIDE: devd # REQUIRE: netif ldconfig # BEFORE: NETWORKING mountcritremote # KEYWORD: nojail shutdown . /etc/rc.subr name="devd" desc="Device state change daemon" rcvar="devd_enable" command="/sbin/${name}" start_precmd=${name}_prestart stop_precmd=find_pidfile find_pidfile() { if get_pidfile_from_conf pid-file /etc/devd.conf; then pidfile="$_pidfile_from_conf" else pidfile="/var/run/${name}.pid" fi } devd_prestart() { find_pidfile # If devd is disabled, turn it off in the kernel to avoid unnecessary # memory usage. if ! checkyesno ${rcvar}; then $SYSCTL hw.bus.devctl_queue=0 fi } load_rc_config $name + +# doesn't make sense to run in a svcj: executing potential privileged operations +devd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devfs b/libexec/rc/rc.d/devfs index b7835bd561ce..9987d35f6ad3 100755 --- a/libexec/rc/rc.d/devfs +++ b/libexec/rc/rc.d/devfs @@ -1,71 +1,75 @@ #!/bin/sh # # # PROVIDE: devfs # REQUIRE: mountcritremote # BEFORE: SERVERS securelevel # KEYWORD: nojail . /etc/rc.subr name="devfs" desc="Device filesystem" start_cmd='devfs_start' stop_cmd=':' devfs_start() { if [ -n "$devfs_system_ruleset" -o -n "$devfs_set_rulesets" ] || checkyesno devfs_load_rulesets; then devfs_init_rulesets if [ -n "$devfs_system_ruleset" ]; then devfs_set_ruleset $devfs_system_ruleset /dev devfs_apply_ruleset $devfs_system_ruleset /dev fi if [ -n "$devfs_set_rulesets" ]; then local _dir_set local _dir local _set for _dir_set in $devfs_set_rulesets; do _dir=${_dir_set%=*} _set=${_dir_set#*=} devfs_set_ruleset $_set $_dir devfs_apply_ruleset $_set $_dir done fi fi read_devfs_conf } read_devfs_conf() { if [ -r /etc/devfs.conf ]; then cd /dev while read action devicelist parameter; do case "${action}" in l*) for device in ${devicelist}; do if [ ! -e ${parameter} ]; then ln -fs ${device} ${parameter} fi done ;; o*) for device in ${devicelist}; do if [ -c ${device} ]; then chown ${parameter} ${device} fi done ;; p*) for device in ${devicelist}; do if [ -c ${device} ]; then chmod ${parameter} ${device} fi done ;; esac done < /etc/devfs.conf fi } load_rc_config $name + +# doesn't make sense to run in a svcj: may need more permissions +devfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/devmatch b/libexec/rc/rc.d/devmatch index 67bb14761614..21846355fcfe 100755 --- a/libexec/rc/rc.d/devmatch +++ b/libexec/rc/rc.d/devmatch @@ -1,81 +1,85 @@ #!/bin/sh # Copyright (c) 2018 M. Warner Losh # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # PROVIDE: devmatch # REQUIRE: kld # BEFORE: netif # KEYWORD: nojail . /etc/rc.subr name="devmatch" desc="Use devmatch(8) to load kernel modules" rcvar="${name}_enable" start_cmd="${name}_start" stop_cmd=':' one_nomatch="$2" devmatch_start() { local x m list if [ -n "$one_nomatch" ]; then list=$(devmatch -p "${one_nomatch}" | sort -u) else sysctl hw.bus.devctl_nomatch_enabled=1 list=$(devmatch | sort -u) fi [ -n "$list" ] || return # While kldload can accept multiple modules on the line at once, we loop # here in case there's some weird error with one of them. We also # optimize against the false positives or drivers that have symbolic # links that confuse devmatch by running it -n. Finally, we filter out # all items in the devmatch_blocklist. # # We strip all the .ko suffixes off so that one may specify modules # with or without .ko. Prior version documented it was without, while # the code required it, so accept both now. devmatch produces module # names with .ko devctl freeze x=$(echo "#${devmatch_blocklist:-${devmatch_blacklist}}#$(kenv -q devmatch_blocklist)#" | \ sed -e "s/ /#/g;s/\.ko#/#/g") for m in ${list}; do m="${m%.ko}" case "${x}" in *"#${m}#"*) continue ;; esac kldstat -q -n ${m} || \ (echo "Autoloading module: ${m}"; kldload -n ${m}) done devctl thaw } load_rc_config $name + +# doesn't make sense to run in a svcj: privileged operations +devmatch_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/dhclient b/libexec/rc/rc.d/dhclient index e2f204076eb6..78442da29193 100755 --- a/libexec/rc/rc.d/dhclient +++ b/libexec/rc/rc.d/dhclient @@ -1,69 +1,72 @@ #!/bin/sh # # # PROVIDE: dhclient # KEYWORD: nojailvnet nostart . /etc/rc.subr . /etc/network.subr ifn="$2" name="dhclient" desc="Dynamic Host Configuration Protocol (DHCP) client" rcvar= pidfile="/var/run/dhclient/${name}.${ifn}.pid" start_precmd="dhclient_prestart" stop_precmd="dhclient_pre_check" # rc_force check can only be done at the run_rc_command # time, so we're testing it in the pre* hooks. dhclient_pre_check() { if [ -z "${rc_force}" ] && ! dhcpif $ifn; then local msg msg="'$ifn' is not a DHCP-enabled interface" if [ -z "${rc_quiet}" ]; then echo "$msg" else debug "$msg" fi exit 1 fi } dhclient_prestart() { dhclient_pre_check # Interface-specific flags (see rc.subr for $flags setting) specific=$(get_if_var $ifn dhclient_flags_IF) if [ -z "$flags" -a -n "$specific" ]; then rc_flags=$specific fi background_dhclient=$(get_if_var $ifn background_dhclient_IF $background_dhclient) if checkyesno background_dhclient; then rc_flags="${rc_flags} -b" fi # /var/run/dhclient is not guaranteed to exist, # e.g. if /var/run is a tmpfs install -d -o root -g wheel -m 755 ${pidfile%/*} rc_flags="${rc_flags} ${ifn}" } load_rc_config $name load_rc_config network +# dhclient_prestart is not compatible with svcj +dhclient_svcj="NO" + if [ -z $ifn ] ; then # only complain if a command was specified but no interface if [ -n "$1" ] ; then err 1 "$0: no interface specified" fi fi run_rc_command "$1" diff --git a/libexec/rc/rc.d/dmesg b/libexec/rc/rc.d/dmesg index ed36ec17b419..51e35d5d4e80 100755 --- a/libexec/rc/rc.d/dmesg +++ b/libexec/rc/rc.d/dmesg @@ -1,26 +1,30 @@ #!/bin/sh # # # PROVIDE: dmesg # REQUIRE: mountcritremote FILESYSTEMS # BEFORE: DAEMON # KEYWORD: nojail . /etc/rc.subr name="dmesg" desc="Save kernel boot messages to disk" rcvar="dmesg_enable" dmesg_file="/var/run/dmesg.boot" start_cmd="do_dmesg" stop_cmd=":" do_dmesg() { rm -f ${dmesg_file} ( umask 022 ; /sbin/dmesg $rc_flags > ${dmesg_file} ) } load_rc_config $name + +# doesn't make sense to run in a svcj +dmesg_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/dnctl b/libexec/rc/rc.d/dnctl index 7e65b899bd01..9067d278088e 100644 --- a/libexec/rc/rc.d/dnctl +++ b/libexec/rc/rc.d/dnctl @@ -1,26 +1,29 @@ #!/bin/sh # # # PROVIDE: dnctl # BEFORE: pf ipfw # KEYWORD: nojailvnet . /etc/rc.subr name="dnctl" desc="Dummynet packet queuing and scheduling" rcvar="${name}_enable" load_rc_config $name start_cmd="${name}_start" required_files="$dnctl_rules" required_modules="dummynet" +# doesn't make sense to run in a svcj: config setting +dnctl_svcj="NO" + dnctl_start() { startmsg -n "Enabling ${name}" $dnctl_program "$dnctl_rules" startmsg '.' } run_rc_command $* diff --git a/libexec/rc/rc.d/dumpon b/libexec/rc/rc.d/dumpon index a6748711b796..0dfcdb266b20 100755 --- a/libexec/rc/rc.d/dumpon +++ b/libexec/rc/rc.d/dumpon @@ -1,100 +1,104 @@ #!/bin/sh # # # PROVIDE: dumpon # BEFORE: disks # KEYWORD: nojail . /etc/rc.subr name="dumpon" desc="Dump kernel corefiles from swap to disk" start_cmd="dumpon_start" stop_cmd="dumpon_stop" dumpon_try() { local flags flags=${dumpon_flags} if [ -n "${dumppubkey}" ]; then warn "The dumppubkey variable is deprecated. Use dumpon_flags." flags="${flags} -k ${dumppubkey}" fi /sbin/dumpon ${flags} "${1}" if [ $? -eq 0 ]; then # Make a symlink in devfs for savecore ln -fs "${1}" /dev/dumpdev return 0 fi warn "unable to specify $1 as a dump device" return 1 } dumpon_warn_unencrypted() { if [ -n "${dumppubkey}" ]; then return fi for flag in ${dumpon_flags}; do if [ $flag = -k ]; then return fi done warn "Kernel dumps will be written to the swap partition without encryption." } dumpon_start() { # Enable dumpdev so that savecore can see it. Enable it # early so a crash early in the boot process can be caught. # case ${dumpdev} in [Nn][Oo]) ;; [Aa][Uu][Tt][Oo] | '') root_hold_wait dev=$(/bin/kenv -q dumpdev) if [ -n "${dev}" ] ; then dumpon_try "${dev}" return $? fi if [ -z ${dumpdev} ] ; then return fi while read dev mp type more ; do [ "${type}" = "swap" ] || continue case ${dev} in *.bde|*.eli) dumpon_warn_unencrypted dev=${dev%.*} ;; esac [ -c "${dev}" ] || continue dumpon_try "${dev}" 2>/dev/null && return 0 done &2 return 1 ;; *) root_hold_wait dumpon_try "${dumpdev}" ;; esac } dumpon_stop() { case ${dumpdev} in [Nn][Oo]) ;; *) rm -f /dev/dumpdev /sbin/dumpon -v off ;; esac } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +dumpon_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/fsck b/libexec/rc/rc.d/fsck index 359733d8484c..e755f055dbe6 100755 --- a/libexec/rc/rc.d/fsck +++ b/libexec/rc/rc.d/fsck @@ -1,94 +1,98 @@ #!/bin/sh # # # PROVIDE: fsck # REQUIRE: swap # KEYWORD: nojail . /etc/rc.subr name="fsck" desc="Run file system checks" start_cmd="fsck_start" stop_cmd=":" fsck_start() { if [ "$autoboot" = no ]; then echo "Fast boot: skipping disk checks." elif [ ! -r /etc/fstab ]; then echo "Warning! No /etc/fstab: skipping disk checks." elif [ "$autoboot" = yes ]; then # During fsck ignore SIGQUIT trap : 3 startmsg "Starting file system checks:" # Background fsck can only be run with -p if checkyesno background_fsck; then fsck -F -p else fsck ${fsck_flags} fi err=$? if [ ${err} -eq 3 ]; then echo "Warning! Some of the devices might not be" \ "available; retrying" root_hold_wait startmsg "Restarting file system checks:" # Background fsck can only be run with -p if checkyesno background_fsck; then fsck -F -p else fsck ${fsck_flags} fi err=$? fi case ${err} in 0) ;; 2) stop_boot ;; 4) echo "Rebooting..." reboot echo "Reboot failed; help!" stop_boot ;; 8|16) if checkyesno fsck_y_enable; then echo "File system preen failed, trying fsck -y ${fsck_y_flags}" fsck -y ${fsck_y_flags} case $? in 0) ;; *) echo "Automatic file system check failed; help!" stop_boot ;; esac else echo "Automatic file system check failed; help!" stop_boot fi ;; 12) echo "Boot interrupted." stop_boot ;; 130) stop_boot ;; *) echo "Unknown error ${err}; help!" stop_boot ;; esac fi } load_rc_config $name + +# doesn't make sense to run in a svcj +fsck_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ftp-proxy b/libexec/rc/rc.d/ftp-proxy index 250088d6bb35..c77dd36cd60b 100755 --- a/libexec/rc/rc.d/ftp-proxy +++ b/libexec/rc/rc.d/ftp-proxy @@ -1,75 +1,77 @@ #!/bin/sh # # # PROVIDE: ftp-proxy # REQUIRE: DAEMON pf # KEYWORD: shutdown . /etc/rc.subr name="ftpproxy" desc="Internet File Transfer Protocol proxy daemon" rcvar="ftpproxy_enable" command="/usr/sbin/ftp-proxy" +: ${ftpproxy_svcj_options:="net_basic"} + load_rc_config $name # # manage_pid argument # Create or remove a pidfile manually, for daemons that can't be bothered # to do it themselves. Takes one argument, which is the argument provided # to the rc script. The pidfile will be named /var/run/<$name>.pid, # unless $pidfile is defined. # # The method used to determine the pid is rather hacky; grep ps output to # find '$procname|$command', then grep for ${name}_flags. If at all # possible, use another method if at all possible, to avoid that dirty- # code feeling. # manage_pid() { local search_string ps_pid case $1 in *start) cmd_string=`basename ${procname:-${command}}` eval flag_string=\"\$${name}_flags\" # Determine the pid. ps_pid=`ps ax -o pid= -o command= | grep $cmd_string | grep -e "$flag_string" | grep -v grep | awk '{ print $1 }'` # Write the pidfile depending on $pidfile status. echo $ps_pid > ${pidfile:-"/var/run/$name.pid"} ;; stop) rm $pidfile ;; esac } # Allow ftp-proxy to start up in two different ways. The typical behavior # is to start up one instance of ftp-proxy by setting ftpproxy_enable and # ftpproxy_flags. The alternate behavior allows multiple instances of ftp- # proxy to be started, allowing different types of proxy behavior. To use the # new behavior, a list of instances must be defined, and a list of flags for # each instance. For example, if we want to start two instances of ftp-proxy, # foo and bar, we would set the following vars. # ftpproxy_enable="YES" # ftpproxy_instances="foo bar" # ftpproxy_foo="" # ftpproxy_bar="" # # Starting more than one ftp-proxy? if [ "$ftpproxy_instances" ] && [ -n "${ftpproxy_instances}" ]; then # Iterate through instance list. for i in $ftpproxy_instances; do #eval ftpproxy_${i}_flags=\$ftpproxy_${i} #eval name=ftpproxy_${i} # Set flags for this instance. eval ftpproxy_flags=\$ftpproxy_${i} # Define a unique pid file name. pidfile="/var/run/ftp-proxy.$i.pid" run_rc_command "$1" manage_pid $1 done else # Traditional single-instance behavior run_rc_command "$1" fi diff --git a/libexec/rc/rc.d/ftpd b/libexec/rc/rc.d/ftpd index 9bb9a722a2af..e25a561a520a 100755 --- a/libexec/rc/rc.d/ftpd +++ b/libexec/rc/rc.d/ftpd @@ -1,25 +1,23 @@ #!/bin/sh # # # PROVIDE: ftpd # REQUIRE: LOGIN FILESYSTEMS # KEYWORD: shutdown . /etc/rc.subr name="ftpd" desc="Internet File Transfer Protocol daemon" rcvar="ftpd_enable" command="/usr/libexec/${name}" pidfile="/var/run/${name}.pid" -start_precmd=ftpd_prestart -ftpd_prestart() -{ - rc_flags="-D ${rc_flags}" - return 0 -} +: ${ftpd_svcj_options:="net_basic"} load_rc_config $name + +flags="-D ${flags} ${rc_flags}" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/geli b/libexec/rc/rc.d/geli index 16d24efd1e39..5fc5ded54ec3 100755 --- a/libexec/rc/rc.d/geli +++ b/libexec/rc/rc.d/geli @@ -1,124 +1,128 @@ #!/bin/sh # # Copyright (c) 2005 Pawel Jakub Dawidek # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # PROVIDE: disks # KEYWORD: nojail . /etc/rc.subr name="geli" desc="GELI disk encryption" start_precmd='[ -n "$(geli_make_list)" -o -n "${geli_groups}" ]' start_cmd="geli_start" stop_cmd="geli_stop" required_modules="geom_eli:g_eli" geli_start() { devices=`geli_make_list` if [ -z "${geli_tries}" ]; then if [ -n "${geli_attach_attempts}" ]; then geli_tries=${geli_attach_attempts} else geli_tries=`${SYSCTL_N} kern.geom.eli.tries` fi fi for provider in ${devices}; do provider_=`ltr ${provider} '/-' '_'` eval "flags=\${geli_${provider_}_flags}" if [ -z "${flags}" ]; then flags=${geli_default_flags} fi if [ -e "/dev/${provider}" -a ! -e "/dev/${provider}.eli" ]; then echo "Configuring Disk Encryption for ${provider}." count=1 while [ ${count} -le ${geli_tries} ]; do geli attach ${flags} ${provider} if [ -e "/dev/${provider}.eli" ]; then break fi echo "Attach failed; attempt ${count} of ${geli_tries}." count=$((count+1)) done fi done for group in ${geli_groups}; do group_=`ltr ${group} '/-' '_'` eval "flags=\${geli_${group_}_flags}" if [ -z "${flags}" ]; then flags=${geli_default_flags} fi eval "providers=\${geli_${group_}_devices}" if [ -z "${providers}" ]; then echo "No devices listed in geli group ${group}." continue fi if [ -e "/dev/${providers%% *}" -a ! -e "/dev/${providers%% *}.eli" ]; then echo "Configuring Disk Encryption for geli group ${group}, containing ${providers}." count=1 while [ ${count} -le ${geli_tries} ]; do geli attach ${flags} ${providers} if [ -e "/dev/${providers%% *}.eli" ]; then break fi echo "Attach failed; attempt ${count} of ${geli_tries}." count=$((count+1)) done fi done } geli_stop() { devices=`geli_make_list` for group in ${geli_groups}; do group_=`ltr ${group} '/-' '_'` eval "providers=\${geli_${group_}_devices}" devices="${devices} ${providers}" done for provider in ${devices}; do if [ -e "/dev/${provider}.eli" ]; then umount "/dev/${provider}.eli" 2>/dev/null geli detach "${provider}" fi done } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +geli_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/geli2 b/libexec/rc/rc.d/geli2 index 16248d32ece8..cedd48a312ee 100755 --- a/libexec/rc/rc.d/geli2 +++ b/libexec/rc/rc.d/geli2 @@ -1,58 +1,62 @@ #!/bin/sh # # Copyright (c) 2005 Pawel Jakub Dawidek # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # PROVIDE: geli2 # REQUIRE: FILESYSTEMS # KEYWORD: nojail . /etc/rc.subr name="geli2" desc="GELI disk encryption" start_cmd="geli2_start" stop_cmd=":" geli2_start() { devices=`geli_make_list` for provider in ${devices}; do provider_=`ltr ${provider} '/-' '_'` eval "autodetach=\${geli_${provider_}_autodetach}" if [ -z "${autodetach}" ]; then autodetach=${geli_autodetach} fi if checkyesno autodetach && [ -e "/dev/${provider}.eli" ]; then geli detach -l ${provider} fi done } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +geli2_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ggated b/libexec/rc/rc.d/ggated index 22bc8beb7ca0..846019acb055 100755 --- a/libexec/rc/rc.d/ggated +++ b/libexec/rc/rc.d/ggated @@ -1,19 +1,22 @@ #!/bin/sh # PROVIDE: ggated # REQUIRE: NETWORKING . /etc/rc.subr name="ggated" desc="GEOM Gate network daemon" rcvar="ggated_enable" command="/sbin/${name}" pidfile="/var/run/${name}.pid" load_rc_config $name required_files="${ggated_config}" +# XXX?: doesn't make sense to run in a svcj: low-level access +ggated_svcj="NO" + command_args="${ggated_config}" run_rc_command "$1" diff --git a/libexec/rc/rc.d/gptboot b/libexec/rc/rc.d/gptboot index 3f04143e79ec..188f1bb77557 100755 --- a/libexec/rc/rc.d/gptboot +++ b/libexec/rc/rc.d/gptboot @@ -1,76 +1,80 @@ #!/bin/sh # # Copyright (c) 2010 Pawel Jakub Dawidek # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # PROVIDE: gptboot # REQUIRE: mountcritremote # KEYWORD: nojail . /etc/rc.subr name="gptboot" rcvar="gptboot_enable" start_cmd="gptboot_report" gptboot_report() { gpart show | \ egrep '(^=>| freebsd-ufs .*(\[|,)(bootfailed|bootonce)(,|\]))' | \ sed 's/^=>//' | \ egrep -v '(\[|,)bootme(,|\])' | \ while read start size pos type attrs rest; do case "${pos}" in [0-9]*) if [ -n "${disk}" ]; then part="${disk}p${pos}" echo "${attrs}" | egrep -q '(\[|,)bootfailed(,|\])' bootfailed=$? echo "${attrs}" | egrep -q '(\[|,)bootonce(,|\])' bootonce=$? if [ ${bootfailed} -eq 0 ]; then logger -t gptboot -p local0.notice "Boot from ${part} failed." gpart unset -a bootfailed -i ${pos} ${disk} >/dev/null elif [ ${bootonce} -eq 0 ]; then # We want to log success after all failures. echo -n "Boot from ${part} succeeded." gpart unset -a bootonce -i ${pos} ${disk} >/dev/null fi fi ;; *) if [ "${type}" = "GPT" ]; then disk="${pos}" else disk="" fi ;; esac done | logger -t gptboot -p local0.notice } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +gptboot_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/growfs b/libexec/rc/rc.d/growfs index d16951b4bc3e..86bf199a8611 100755 --- a/libexec/rc/rc.d/growfs +++ b/libexec/rc/rc.d/growfs @@ -1,309 +1,313 @@ #!/bin/sh # # Copyright 2022 Michael J. Karels # Copyright 2014 John-Mark Gurney # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # PROVIDE: growfs # REQUIRE: fsck # BEFORE: root # KEYWORD: firstboot # Grow root partition to fill available space, optionally adding a swap # partition at the end. This allows us to distribute an image and # have it work on essentially any size drive. # Note that this uses awk(1), and thus will not work if /usr is on a separate # filesystem. We need to run early, because there might be not enough free # space on rootfs for the boot to succeed, and on images we ship - which are # the primary purpose of this script - there is no separate /usr anyway. . /etc/rc.subr name="growfs" desc="Grow root partition to fill device" start_cmd="growfs_start" stop_cmd=":" rcvar="growfs_enable" growfs_get_diskdev() { local _search=${1} sysctl -b kern.geom.conftxt | while read x1 _type _dev line do if [ "${_type}" = "DISK" -a -n "$(echo ${_search} | grep ${_dev})" ]; then echo -n ${_dev} break fi done } # Compute upper bound on swap partition size (if added), based on physmem # and vm.swap_maxpages / 2 (the limit that elicits a warning). # Rule for swap size based on memory size: # up to 4 GB twice memory size # 4 GB - 8 GB 8 GB # over 8 GB memory size growfs_swap_max() { memsize=$(sysctl -n hw.physmem) memsizeMB=$(($memsize / (1024 * 1024))) if [ $memsizeMB -lt 4096 ] then swapmax=$(($memsize * 2)) elif [ $memsizeMB -lt 8192 ] then swapmax=$((8192 * 1024 * 1024)) else swapmax=$memsize fi pagesize=$(sysctl -n hw.pagesize) vm_swap_max=$(($(sysctl -n vm.swap_maxpages) / 2 * $pagesize)) if [ $swapmax -gt $vm_swap_max ] then swapmax=$vm_swap_max fi echo -n "$swapmax" } # Find newly-added swap partition on parent device ($1). growfs_last_swap() { swapdev=$(gpart list $1 | awk ' $2 == "Name:" { dev = $3 } $1 == "type:" && $2 == "freebsd-swap" { swapdev = dev } END { print swapdev } ') echo -n $swapdev } growfs_start() { verbose=0 echo "Growing root partition to fill device" FSTYPE=$(mount -p | awk '{ if ( $2 == "/") { print $3 }}') FSDEV=$(mount -p | awk '{ if ( $2 == "/") { print $1 }}') case "$FSTYPE" in ufs) rootdev=${FSDEV#/dev/} ;; zfs) pool=${FSDEV%%/*} rootdev=$(zpool list -v $pool | awk 'END { print $1 }') ;; *) echo "Don't know how to grow root filesystem type: $FSTYPE" return esac if [ x"$rootdev" = x"${rootdev%/*}" ]; then # raw device rawdev="$rootdev" else rawdev=$(glabel status | awk -v rootdev=$rootdev 'index(rootdev, $1) { print $3; }') if [ x"$rawdev" = x"" ]; then echo "Can't figure out device for: $rootdev" return fi fi if [ x"diskid" = x"${rootdev%/*}" ]; then search=$rootdev else search=$rawdev fi diskdev=$(growfs_get_diskdev ${search}) if [ -z "${diskdev}" ]; then diskdev=${rootdev} fi # Check kenv for growfs_swap_size; if not present, # check $growfs_swap_size from /etc/rc.conf. # A value of 0 suppresses swap addition, # "" (or unset) specifies the default; # other values indicate the size in bytes. # If default, check whether swap is already in fstab; # if so, don't add another. addswap=1 swapsize="$(kenv -q growfs_swap_size 2>/dev/null)" case "$swapsize" in "0") addswap=0 ;; "") case "$growfs_swap_size" in "0") addswap=0 ;; "") if ! awk ' /^#/ { next } $3 == "swap" { exit 1 } ' < /etc/fstab then addswap=0 fi ;; *) swapsize="$growfs_swap_size" ;; esac ;; *) ;; esac swaplim=$(growfs_swap_max) [ $verbose -eq 1 ] && { echo "diskdev is $diskdev" echo "search is $search" echo "swapsize is $swapsize" echo "swaplim is $swaplim" } sysctl -b kern.geom.conftxt | awk ' { verbose = 0 lvl=$1 device[lvl] = $3 type[lvl] = $2 idx[lvl] = $7 offset[lvl] = $9 parttype[lvl] = $13 size[lvl] = $4 if (verbose) print lvl, type[lvl], $3 if (type[lvl] == "DISK") { disksize = size[lvl] if (verbose) print "disksize ", disksize # Do not add swap on disks under 15 GB (decimal) by default. if (addswap == 1 && (size[lvl] > 15000000000 || swapsize > 0)) doing_swap = 1 else doing_swap = 0 } else if (type[lvl] == "PART" && $11 == "freebsd-swap" && \ int(swapsize) == 0) { # This finds swap only if it precedes root, e.g. preceding disk. addswap = 0 doing_swap = 0 print "swap device exists, not adding swap" } if (dev == $3) { for (i = 1; i <= lvl; i++) { # resize if (type[i] == "PART") { pdev = device[i - 1] if (verbose) print i, pdev, addswap, disksize, \ doing_swap swapcmd = "" # Allow swap if current root is < 40% of disk. if (parttype[i] != "MBR" && doing_swap == 1 && \ (size[i] / disksize < 0.4 || \ swapsize > 0)) { print "Adding swap partition" if (int(swapsize) == 0) { swapsize = int(disksize / 10) if (swapsize > swaplim) swapsize = swaplim } sector = $5 swapsize /= sector if (verbose) print "swapsize sectors", swapsize align = 4 * 1024 * 1024 / sector # Estimate offset for swap; let # gpart compute actual start and size. # Assume expansion all goes into this # partition for MBR case. if (parttype[i - 1] == "MBR") { if (verbose) print "sz ", size[i - 1], \ " off ", offset[i - 1] expand = size[0] - \ (size[i - 1] + offset[i - 1]) } else { if (verbose) print "sz ", size[i], \ " off ", offset[i] expand = size[0] - \ (size[i] + offset[i]) } if (verbose) print "expand ", expand, \ " sz ", size[i] swapbase = (expand + size[i]) / sector swapbase -= swapsize + align swapcmd = "gpart add -t freebsd-swap -a " align " -b " int(swapbase) " " pdev " && kenv growfs_swap_pdev=" pdev " >/dev/null; " if (verbose) swapcmd = "set -x; gpart show; " swapcmd } cmd[i] = swapcmd "gpart resize -i " idx[i] " " pdev if (parttype[i] == "GPT") cmd[i] = "gpart recover " pdev " ; " cmd[i] } else if (type[i] == "LABEL") { continue } else { print "unhandled type: " type[i] exit 1 } } for (i = 1; i <= lvl; i++) { if (cmd[i]) system(cmd[i]) } exit 0 } }' dev="$search" addswap="$addswap" swapsize="$swapsize" swaplim="$swaplim" gpart commit "$diskdev" 2> /dev/null case "$FSTYPE" in ufs) growfs -y /dev/"$rootdev" ;; zfs) zpool online -e $pool $rootdev ;; esac # Get parent device of swap partition if one was added; # if so, find swap device and label it. pdev=$(kenv -q growfs_swap_pdev) if [ -n "$pdev" ] then dev=$(growfs_last_swap "$pdev") if [ -z "$dev" ] then echo "Swap partition not found on $pdev" exit 0 fi glabel label -v growfs_swap $dev fi } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +growfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/growfs_fstab b/libexec/rc/rc.d/growfs_fstab index a9d18c1eaed3..8b7cea3a63e5 100755 --- a/libexec/rc/rc.d/growfs_fstab +++ b/libexec/rc/rc.d/growfs_fstab @@ -1,61 +1,65 @@ #!/bin/sh # # Copyright 2022 Michael J. Karels # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # PROVIDE: growfs_fstab # REQUIRE: growfs root # KEYWORD: firstboot # If the growfs script added a swap partition, then add a swap entry # to /etc/fstab if none exists, and add as dumpdev. . /etc/rc.subr name="growfs_fstab" desc="Add new swap partition to /etc/fstab" start_cmd="growfs_fstab_start" stop_cmd=":" rcvar="growfs_enable" growfs_fstab_start() { if kenv -q growfs_swap_pdev >/dev/null then if awk ' /^#/ { next } $3 == "swap" { exit 1 } ' < /etc/fstab then printf "/dev/label/growfs_swap\tnone\t\tswap\tsw\t\t0\t0\n" >>/etc/fstab printf '# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable\n' >>/etc/rc.conf printf 'dumpdev="AUTO"\n' >>/etc/rc.conf dumpon $dumpon_flags /dev/label/growfs_swap fi fi } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +growfs_fstab_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/gssd b/libexec/rc/rc.d/gssd index fa0edcead140..7ab3c181eeb1 100755 --- a/libexec/rc/rc.d/gssd +++ b/libexec/rc/rc.d/gssd @@ -1,17 +1,19 @@ #!/bin/sh # # # PROVIDE: gssd # REQUIRE: root mountcritlocal NETWORKING kdc # BEFORE: mountcritremote # KEYWORD: nojailvnet shutdown . /etc/rc.subr name=gssd desc="Generic Security Services Daemon" rcvar=gssd_enable +: ${gssd_svcj_options:="net_basic nfsd"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/hastd b/libexec/rc/rc.d/hastd index 8c1d9e8bc16a..37df43d26c7d 100755 --- a/libexec/rc/rc.d/hastd +++ b/libexec/rc/rc.d/hastd @@ -1,29 +1,33 @@ #!/bin/sh # # # PROVIDE: hastd # REQUIRE: NETWORKING syslogd # BEFORE: DAEMON # KEYWORD: nojail shutdown . /etc/rc.subr name="hastd" desc="Highly Available Storage daemon" rcvar="hastd_enable" pidfile="/var/run/${name}.pid" command="/sbin/${name}" hastctl="/sbin/hastctl" required_files="/etc/hast.conf" stop_precmd="hastd_stop_precmd" required_modules="geom_gate:g_gate" extra_commands="reload" hastd_stop_precmd() { ${hastctl} role init all } load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +hastd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hcsecd b/libexec/rc/rc.d/hcsecd index 542305040357..8827e53777f3 100755 --- a/libexec/rc/rc.d/hcsecd +++ b/libexec/rc/rc.d/hcsecd @@ -1,24 +1,27 @@ #!/bin/sh # # # PROVIDE: hcsecd # REQUIRE: DAEMON # BEFORE: LOGIN # KEYWORD: nojail shutdown . /etc/rc.subr name="hcsecd" desc="Control link keys and PIN codes for Bluetooth devices" rcvar="hcsecd_enable" command="/usr/sbin/${name}" pidfile="/var/run/${name}.pid" required_modules="ng_btsocket" load_rc_config $name config="${hcsecd_config:-/etc/bluetooth/${name}.conf}" command_args="-f ${config}" required_files="${config}" +# doesn't make sense to run in a svcj: nojail keyword +hcsecd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostapd b/libexec/rc/rc.d/hostapd index fe3dac1dea06..251df91a280b 100755 --- a/libexec/rc/rc.d/hostapd +++ b/libexec/rc/rc.d/hostapd @@ -1,41 +1,45 @@ #!/bin/sh # # # PROVIDE: hostapd # REQUIRE: mountcritremote # KEYWORD: nojail shutdown . /etc/rc.subr name="hostapd" desc="Authenticator for IEEE 802.11 networks" command=${hostapd_program} start_postcmd="hostapd_poststart" hostapd_poststart() { if [ -n "$ifn" ]; then ifconfig ${ifn} down sleep 2 ifconfig ${ifn} up fi } ifn="$2" if [ -z "$ifn" ]; then rcvar="hostapd_enable" conf_file="/etc/${name}.conf" pidfile="/var/run/${name}.pid" else rcvar= conf_file="/etc/${name}-${ifn}.conf" pidfile="/var/run/${name}-${ifn}.pid" fi command_args="-P ${pidfile} -B ${conf_file}" required_files="${conf_file}" required_modules="wlan_xauth wlan_wep wlan_tkip wlan_ccmp" extra_commands="reload" load_rc_config ${name} + +# doesn't make sense to run in a svcj: nojail keyword +hostapd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostid b/libexec/rc/rc.d/hostid index 0210ca433501..18d0fbabf6e4 100755 --- a/libexec/rc/rc.d/hostid +++ b/libexec/rc/rc.d/hostid @@ -1,159 +1,163 @@ #!/bin/sh # # Copyright (c) 2007 Pawel Jakub Dawidek # Copyright (c) 2015 Xin LI # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # PROVIDE: hostid # REQUIRE: sysctl # KEYWORD: nojail . /etc/rc.subr name="hostid" desc="Generate a unique host ID" start_cmd="hostid_start" stop_cmd=":" reset_cmd="hostid_reset" extra_commands="reset" rcvar="hostid_enable" hostid_set() { uuid=$1 # Generate hostid based on hostuuid - take first four bytes from md5(uuid). id=`echo -n $uuid | /sbin/md5` id="0x${id%????????????????????????}" # Set both kern.hostuuid and kern.hostid. # startmsg "Setting hostuuid: ${uuid}." ${SYSCTL} kern.hostuuid="${uuid}" >/dev/null startmsg "Setting hostid: ${id}." ${SYSCTL} kern.hostid=${id} >/dev/null } valid_hostid() { uuid=$1 x="[0-9a-f]" y=$x$x$x$x # Check against a blacklist before # accepting the UUID. case "${uuid}" in 00000000-0000-0000-0000-000000000000) ;; 00020003-0004-0005-0006-000700080009) ;; 03000200-0400-0500-0006-000700080009) ;; 07090201-0103-0301-0807-060504030201) ;; 11111111-1111-1111-1111-111111111111) ;; 11111111-2222-3333-4444-555555555555) ;; 4c4c4544-0000-2010-8020-80c04f202020) ;; 58585858-5858-5858-5858-585858585858) ;; 890e2d14-cacd-45d1-ae66-bc80e8bfeb0f) ;; 8e275844-178f-44a8-aceb-a7d7e5178c63) ;; dc698397-fa54-4cf2-82c8-b1b5307a6a7f) ;; fefefefe-fefe-fefe-fefe-fefefefefefe) ;; *-ffff-ffff-ffff-ffffffffffff) ;; $y$y-$y-$y-$y-$y$y$y) return 0 ;; esac return 1 } hostid_hardware() { uuid=`kenv -q smbios.system.uuid` if valid_hostid $uuid; then echo "${uuid}" elif [ "$uuid" ]; then echo "INVALID" fi } hostid_generate() { # First look for UUID in hardware. uuid=`hostid_hardware` # Warn about invalid UUIDs if [ "${uuid}" = "INVALID" ]; then warn "hostid: unable to figure out a UUID from DMI data, generating a new one" sleep 2 uuid="" fi # Generate a random UUID if invalid or not found if [ -z "${uuid}" ]; then # If not found, fall back to software-generated UUID. uuid=`uuidgen ${hostid_uuidgen_flags}` fi hostid_set $uuid } hostid_reset() { hostid_generate # Store newly generated UUID in ${hostid_file}. echo $uuid > ${hostid_file} if [ $? -ne 0 ]; then warn "could not store hostuuid in ${hostid_file}." fi } hostid_start() { # If ${hostid_file} already exists, we take UUID from there. if [ -r ${hostid_file} ]; then read saved_hostid < ${hostid_file} if valid_hostid ${saved_hostid}; then hostid_set ${saved_hostid} exit 0 fi fi # No hostid file, generate UUID. hostid_generate } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +hostid_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostid_save b/libexec/rc/rc.d/hostid_save index af7f4138a5dd..b9727d24bc57 100755 --- a/libexec/rc/rc.d/hostid_save +++ b/libexec/rc/rc.d/hostid_save @@ -1,47 +1,51 @@ #!/bin/sh # # # PROVIDE: hostid_save # REQUIRE: hostid root # KEYWORD: nojail . /etc/rc.subr name="hostid_save" desc="Save unique host ID to disk" start_cmd="hostid_save" stop_cmd=":" rcvar="hostid_enable" hostid_machine_id() { local IFS IFS=- set -- ${current_hostid} IFS= current_machine_id=$* } hostid_save() { current_hostid=`$SYSCTL_N kern.hostuuid` read saved_hostid 2>/dev/null < ${hostid_file} if [ "${saved_hostid}" != "${current_hostid}" ]; then echo "${current_hostid}" > ${hostid_file} || warn "could not store hostuuid in ${hostid_file}." fi hostid_machine_id read saved_machine_id 2>/dev/null < ${machine_id_file} if [ "${saved_machine_id}" != "${current_machine_id}" ]; then echo "${current_machine_id}" > ${machine_id_file} || warn "could not store hostuuid in ${machine_id_file}." fi } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +hostid_save_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostname b/libexec/rc/rc.d/hostname index f6ac95c9c888..8b26c4f60633 100755 --- a/libexec/rc/rc.d/hostname +++ b/libexec/rc/rc.d/hostname @@ -1,80 +1,84 @@ #!/bin/sh # # Copyright (c) 2003 The FreeBSD Project. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # PROVIDE: hostname # REQUIRE: FILESYSTEMS # BEFORE: netif . /etc/rc.subr . /etc/network.subr name="hostname" desc="Set the system\'s hostname" start_cmd="hostname_start" stop_cmd=":" hostname_start() { # If we are not inside a jail, set the host name. # If we are inside a jail, set the host name if it is permitted. # if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then if [ `$SYSCTL_N security.jail.set_hostname_allowed` -eq 0 ]; then return fi else # If we're not in a jail and rc.conf doesn't specify a # hostname, see if we can get one from kenv. # if [ -z "${hostname}" -a \ -n "`/bin/kenv dhcp.host-name 2> /dev/null`" ]; then hostname=`/bin/kenv dhcp.host-name` fi fi # Have we got a hostname yet? # if [ -z "${hostname}" ]; then # Null hostname is probably OK if DHCP is in use, # or when hostname is already set (common for jails). # if [ -z "`list_net_interfaces dhcp`" -a \ -z "`/bin/hostname`" ]; then warn "\$hostname is not set -- see rc.conf(5)." fi return fi # All right, it is safe to invoke hostname(1) now. # startmsg -n "Setting hostname: ${hostname}" /bin/hostname "${hostname}" startmsg '.' } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +hostname_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/inetd b/libexec/rc/rc.d/inetd index 9820f8dc319a..81cc18d95be2 100755 --- a/libexec/rc/rc.d/inetd +++ b/libexec/rc/rc.d/inetd @@ -1,20 +1,22 @@ #!/bin/sh # # # PROVIDE: inetd # REQUIRE: DAEMON LOGIN FILESYSTEMS # KEYWORD: shutdown . /etc/rc.subr name="inetd" desc="Internet \"super-server\"" rcvar="inetd_enable" command="/usr/sbin/${name}" pidfile="/var/run/${name}.pid" required_files="/etc/${name}.conf" extra_commands="reload" +: ${inetd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/iovctl b/libexec/rc/rc.d/iovctl index 01e16221cc4a..b2404f5665b1 100755 --- a/libexec/rc/rc.d/iovctl +++ b/libexec/rc/rc.d/iovctl @@ -1,38 +1,42 @@ #!/bin/sh # # # PROVIDE: iovctl # REQUIRE: FILESYSTEMS sysctl . /etc/rc.subr name="iovctl" command="/usr/sbin/iovctl" start_cmd="iovctl_start" stop_cmd="iovctl_stop" run_iovctl() { local _f flag flag=$1 for _f in ${iovctl_files} ; do if [ -r ${_f} ]; then ${command} ${flag} -f ${_f} > /dev/null fi done } iovctl_start() { run_iovctl -C } iovctl_stop() { run_iovctl -D } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +iovctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ip6addrctl b/libexec/rc/rc.d/ip6addrctl index 50d9408d0731..eac1d2729e78 100755 --- a/libexec/rc/rc.d/ip6addrctl +++ b/libexec/rc/rc.d/ip6addrctl @@ -1,123 +1,127 @@ #!/bin/sh # # # PROVIDE: ip6addrctl # REQUIRE: FILESYSTEMS # BEFORE: netif # KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr name="ip6addrctl" desc="configure address selection policy for IPv6 and IPv4" rcvar="ip6addrctl_enable" start_cmd="ip6addrctl_start" stop_cmd="ip6addrctl_stop" extra_commands="status prefer_ipv6 prefer_ipv4" status_cmd="ip6addrctl" prefer_ipv6_cmd="ip6addrctl_prefer_ipv6" prefer_ipv4_cmd="ip6addrctl_prefer_ipv4" config_file="/etc/ip6addrctl.conf" set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces set_rcvar_obsolete ipv6_prefer ip6addrctl_policy IP6ADDRCTL_CMD="/usr/sbin/ip6addrctl" ip6addrctl_prefer_ipv6() { afexists inet6 || return 0 ${IP6ADDRCTL_CMD} flush >/dev/null 2>&1 cat </dev/null 2>&1 cat </dev/null 2>&1 ${IP6ADDRCTL_CMD} install "${config_file}" else if checkyesno ipv6_activate_all_interfaces; then ip6addrctl_prefer_ipv6 elif [ -n "$(list_vars ifconfig_\*_ipv6)" ]; then ip6addrctl_prefer_ipv6 else ip6addrctl_prefer_ipv4 fi fi ;; ipv4_prefer) ip6addrctl_prefer_ipv4 ;; ipv6_prefer) ip6addrctl_prefer_ipv6 ;; [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) # Backward compatibility when ipv6_prefer=YES ip6addrctl_prefer_ipv6 ;; [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) # Backward compatibility when ipv6_prefer=NO ip6addrctl_prefer_ipv4 ;; [Nn][Oo][Nn][Ee]) ${IP6ADDRCTL_CMD} flush >/dev/null 2>&1 ;; *) warn "\$ip6addrctl_policy is invalid: ${ip6addrctl_policy}. " \ " \"ipv4_prefer\" is used instead." ip6addrctl_prefer_ipv4 ;; esac if checkyesno ip6addrctl_verbose; then echo 'Address selection policy table for IPv4 and IPv6:' ${IP6ADDRCTL_CMD} fi } ip6addrctl_stop() { afexists inet6 || return 0 ip6addrctl flush >/dev/null 2>&1 } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ipv6addrctl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipfilter b/libexec/rc/rc.d/ipfilter index e951bc9b7878..d0cb09ab527c 100755 --- a/libexec/rc/rc.d/ipfilter +++ b/libexec/rc/rc.d/ipfilter @@ -1,79 +1,82 @@ #!/bin/sh # # # PROVIDE: ipfilter # REQUIRE: FILESYSTEMS # BEFORE: ipmon ipnat netif netwait securelevel # KEYWORD: nojailvnet . /etc/rc.subr name="ipfilter" desc="IP packet filter" rcvar="ipfilter_enable" load_rc_config $name stop_precmd="test -f ${ipfilter_rules}" +# doesn't make sense to run in a svcj: config setting +ipfilter_svcj="NO" + start_precmd="$stop_precmd" start_cmd="ipfilter_start" stop_cmd="ipfilter_stop" reload_precmd="$stop_precmd" reload_cmd="ipfilter_reload" resync_precmd="$stop_precmd" resync_cmd="ipfilter_resync" status_precmd="$stop_precmd" status_cmd="ipfilter_status" extra_commands="reload resync" required_modules="ipl:ipfilter" ipfilter_start() { echo "Enabling ipfilter." if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then ${ipfilter_program:-/sbin/ipf} -E fi ${ipfilter_program:-/sbin/ipf} -Fa if [ -r "${ipfilter_rules}" ]; then ${ipfilter_program:-/sbin/ipf} \ -f "${ipfilter_rules}" ${ipfilter_flags} fi } ipfilter_stop() { if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then echo "Saving firewall state tables" ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} echo "Disabling ipfilter." ${ipfilter_program:-/sbin/ipf} -D fi } ipfilter_reload() { echo "Reloading ipfilter rules." ${ipfilter_program:-/sbin/ipf} -I -Fa if [ -r "${ipfilter_rules}" ]; then ${ipfilter_program:-/sbin/ipf} -I \ -f "${ipfilter_rules}" ${ipfilter_flags} if [ $? -ne 0 ]; then err 1 'Load of rules into alternate set failed; aborting reload' fi fi ${ipfilter_program:-/sbin/ipf} -s } ipfilter_resync() { ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} } ipfilter_status() { ${ipfilter_program:-/sbin/ipf} -V } run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipfs b/libexec/rc/rc.d/ipfs index c51527bde43c..2ec4ad3b1d00 100755 --- a/libexec/rc/rc.d/ipfs +++ b/libexec/rc/rc.d/ipfs @@ -1,52 +1,56 @@ #!/bin/sh # # # PROVIDE: ipfs # REQUIRE: ipnat # BEFORE: netif # KEYWORD: nojail shutdown . /etc/rc.subr name="ipfs" desc="Saves and restores information for NAT and state tables" rcvar="ipfs_enable" start_cmd="ipfs_start" stop_cmd="ipfs_stop" start_precmd="ipfs_prestart" ipfs_prestart() { # Do not continue if either ipnat or ipfilter is not enabled or # if the ipfilter module is not loaded. # if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then err 1 "${name} requires either ipfilter or ipnat enabled" fi if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then err 1 "ipfilter module is not loaded" fi return 0 } ipfs_start() { if [ -r /var/db/ipf/ipstate.ipf -a -r /var/db/ipf/ipnat.ipf ]; then ${ipfs_program} -R ${rc_flags} rm -f /var/db/ipf/ipstate.ipf /var/db/ipf/ipnat.ipf fi } ipfs_stop() { if [ ! -d /var/db/ipf ]; then mkdir /var/db/ipf chmod 700 /var/db/ipf chown root:wheel /var/db/ipf fi ${ipfs_program} -W ${rc_flags} } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ipfs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipfw b/libexec/rc/rc.d/ipfw index 2f6b20a41b1a..6d6f7577828f 100755 --- a/libexec/rc/rc.d/ipfw +++ b/libexec/rc/rc.d/ipfw @@ -1,166 +1,169 @@ #!/bin/sh # # # PROVIDE: ipfw # REQUIRE: ppp # KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr name="ipfw" desc="Firewall, traffic shaper, packet scheduler, in-kernel NAT" rcvar="firewall_enable" start_cmd="ipfw_start" start_precmd="ipfw_prestart" start_postcmd="ipfw_poststart" stop_cmd="ipfw_stop" status_cmd="ipfw_status" required_modules="ipfw" extra_commands="status" set_rcvar_obsolete ipv6_firewall_enable ipfw_prestart() { if checkyesno dummynet_enable; then required_modules="$required_modules dummynet" fi if checkyesno natd_enable; then required_modules="$required_modules ipdivert" fi if checkyesno firewall_nat_enable; then required_modules="$required_modules ipfw_nat" fi if checkyesno firewall_nat64_enable; then required_modules="$required_modules ipfw_nat64" fi if checkyesno firewall_nptv6_enable; then required_modules="$required_modules ipfw_nptv6" fi if checkyesno firewall_pmod_enable; then required_modules="$required_modules ipfw_pmod" fi } ipfw_start() { local _firewall_type _module _sysctl_reload if [ -n "${1}" ]; then _firewall_type=$1 else _firewall_type=${firewall_type} fi _sysctl_reload=no for _module in ${required_modules} do if kldstat -qn ${_module}; then _sysctl_reload=yes break fi done if [ ${_sysctl_reload} = yes ]; then /etc/rc.d/sysctl reload fi # set the firewall rules script if none was specified [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall if [ -r "${firewall_script}" ]; then /bin/sh "${firewall_script}" "${_firewall_type}" echo 'Firewall rules loaded.' elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then echo 'Warning: kernel has firewall functionality, but' \ 'firewall rules are not enabled.' echo ' All ip services are disabled.' fi # Firewall logging # if checkyesno firewall_logging; then echo 'Firewall logging enabled.' ${SYSCTL} net.inet.ip.fw.verbose=1 >/dev/null fi if checkyesno firewall_logif; then if ! ifconfig ipfw0 >/dev/null 2>&1; then ifconfig ipfw0 create echo 'Firewall logging pseudo-interface (ipfw0)' \ 'created.' else echo 'Firewall logging pseudo-interface (ipfw0)' \ 'already created.' fi fi } ipfw_poststart() { local _coscript # Start firewall coscripts # for _coscript in ${firewall_coscripts} ; do if [ -f "${_coscript}" ]; then ${_coscript} quietstart fi done # Enable the firewall # if ! ${SYSCTL} net.inet.ip.fw.enable=1 >/dev/null 2>&1; then warn "failed to enable IPv4 firewall" fi if afexists inet6; then if ! ${SYSCTL} net.inet6.ip6.fw.enable=1 >/dev/null 2>&1 then warn "failed to enable IPv6 firewall" fi fi } ipfw_stop() { local _coscript # Disable the firewall # ${SYSCTL} net.inet.ip.fw.enable=0 >/dev/null if afexists inet6; then ${SYSCTL} net.inet6.ip6.fw.enable=0 >/dev/null fi # Stop firewall coscripts # for _coscript in `reverse_list ${firewall_coscripts}` ; do if [ -f "${_coscript}" ]; then ${_coscript} quietstop fi done } ipfw_status() { status=$(sysctl -i -n net.inet.ip.fw.enable) : ${status:=0} if afexists inet6; then status6=$(sysctl -i -n net.inet6.ip6.fw.enable) : ${status6:=0} status=$((${status} + ${status6})) fi if [ ${status} -eq 0 ]; then echo "ipfw is not enabled" exit 1 else echo "ipfw is enabled" exit 0 fi } load_rc_config $name firewall_coscripts="/etc/rc.d/natd ${firewall_coscripts}" +# doesn't make sense to run in a svcj: config setting +ipfw_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/ipfw_netflow b/libexec/rc/rc.d/ipfw_netflow index 219f0a4facf6..129488ce60d0 100755 --- a/libexec/rc/rc.d/ipfw_netflow +++ b/libexec/rc/rc.d/ipfw_netflow @@ -1,76 +1,79 @@ #!/bin/sh # # # PROVIDE: ipfw_netflow # REQUIRE: ipfw # KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr name="ipfw_netflow" desc="firewall, ipfw, netflow" rcvar="${name}_enable" start_cmd="${name}_start" stop_cmd="${name}_stop" start_precmd="${name}_test" status_cmd="${name}_status" required_modules="ipfw ng_netflow ng_ipfw" extra_commands="status" : ${ipfw_netflow_hook:=9995} : ${ipfw_netflow_rule:=01000} : ${ipfw_netflow_ip:=127.0.0.1} : ${ipfw_netflow_port:=9995} : ${ipfw_netflow_version:=} ipfw_netflow_test() { if [ "${ipfw_netflow_version}" != "" ] && [ "${ipfw_netflow_version}" != 9 ]; then err 1 "Unknown netflow version \'${ipfw_netflow_version}\'" fi case "${ipfw_netflow_hook}" in [!0-9]*) err 1 "Bad value \"${ipfw_netflow_hook}\": Hook must be numerical" esac case "${ipfw_netflow_rule}" in [!0-9]*) err 1 "Bad value \"${ipfw_netflow_rule}\": Rule number must be numerical" esac } ipfw_netflow_is_running() { ngctl show netflow: > /dev/null 2>&1 && return 0 || return 1 } ipfw_netflow_status() { ipfw_netflow_is_running && echo "ipfw_netflow is active" || echo "ipfw_netflow is not active" } ipfw_netflow_start() { ipfw_netflow_is_running && err 1 "ipfw_netflow is already active" ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any ${ipfw_netflow_fib:+fib ${ipfw_netflow_fib}} ngctl -f - <<-EOF mkpeer ipfw: netflow ${ipfw_netflow_hook} iface0 name ipfw:${ipfw_netflow_hook} netflow mkpeer netflow: ksocket export${ipfw_netflow_version} inet/dgram/udp msg netflow: setdlt {iface=0 dlt=12} name netflow:export${ipfw_netflow_version} netflow_export msg netflow:export${ipfw_netflow_version} connect inet/${ipfw_netflow_ip}:${ipfw_netflow_port} EOF } ipfw_netflow_stop() { ipfw_netflow_is_running || err 1 "ipfw_netflow is not active" ngctl shutdown netflow: ipfw delete ${ipfw_netflow_rule} } load_rc_config $name +# doesn't make sense to run in a svcj: config setting +ipfw_netflow_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/ipmon b/libexec/rc/rc.d/ipmon index a6449f241b87..3ef0c895ad16 100755 --- a/libexec/rc/rc.d/ipmon +++ b/libexec/rc/rc.d/ipmon @@ -1,33 +1,36 @@ #!/bin/sh # # # PROVIDE: ipmon # REQUIRE: FILESYSTEMS hostname sysctl # BEFORE: SERVERS # KEYWORD: nojailvnet . /etc/rc.subr name="ipmon" desc="Monitors /dev/ipl for logged packets" rcvar="ipmon_enable" command="/sbin/${name}" start_precmd="ipmon_precmd" +# no svcj options needed +: ${ipmon_svcj_options:=""} + ipmon_precmd() { # Continue only if ipfilter or ipnat is enabled and the # ipfilter module is loaded. # if ! checkyesno ipfilter_enable && ! checkyesno ipnat_enable && ! checkyesno rc_force ; then err 1 "${name} requires either ipfilter or ipnat enabled" fi if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then err 1 "ipfilter module is not loaded" fi return 0 } load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipnat b/libexec/rc/rc.d/ipnat index 88cf368876d7..56fe443686b1 100755 --- a/libexec/rc/rc.d/ipnat +++ b/libexec/rc/rc.d/ipnat @@ -1,27 +1,30 @@ #!/bin/sh # # # PROVIDE: ipnat # KEYWORD: nojailvnet . /etc/rc.subr name="ipnat" desc="user interface to the NAT subsystem" rcvar="ipnat_enable" load_rc_config $name start_cmd="ipnat_start" stop_cmd="${ipnat_program} -F -C" reload_cmd="${ipnat_program} -F -C -f ${ipnat_rules}" extra_commands="reload" required_files="${ipnat_rules}" required_modules="ipl:ipfilter" +# doesn't make sense to run in a svcj: config setting +ipnat_svcj="NO" + ipnat_start() { echo "Installing NAT rules." ${ipnat_program} -CF -f ${ipnat_rules} ${ipnat_flags} } run_rc_command "$1" diff --git a/libexec/rc/rc.d/ippool b/libexec/rc/rc.d/ippool index 42cef3faf7eb..0db8bbe98f61 100755 --- a/libexec/rc/rc.d/ippool +++ b/libexec/rc/rc.d/ippool @@ -1,36 +1,40 @@ #!/bin/sh # # # PROVIDE: ippool # REQUIRE: FILESYSTEMS # BEFORE: ipfilter # KEYWORD: nojailvnet . /etc/rc.subr name="ippool" desc="user interface to the IPFilter pools" rcvar="ippool_enable" load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ippool_svcj="NO" + start_precmd="ippool_start_precmd" stop_cmd="${ippool_program} -F" reload_cmd="ippool_reload" extra_commands="reload" required_files="${ippool_rules}" required_modules="ipl:ipfilter" ippool_start_precmd() { rc_flags="-f ${ippool_rules} ${rc_flags}" } ippool_reload() { echo "Reloading IP Pools." ${stop_cmd} ${start_cmd} } run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipropd_master b/libexec/rc/rc.d/ipropd_master index 9f8e1ee14490..a3ca498afe6c 100755 --- a/libexec/rc/rc.d/ipropd_master +++ b/libexec/rc/rc.d/ipropd_master @@ -1,39 +1,43 @@ #!/bin/sh # # # PROVIDE: ipropd_master # REQUIRE: kdc # KEYWORD: shutdown . /etc/rc.subr name=ipropd_master rcvar=${name}_enable required_files="$ipropd_master_keytab" start_precmd=${name}_start_precmd start_postcmd=${name}_start_postcmd +: ${ipropd_master_svcj_options:="net_basic"} + ipropd_master_start_precmd() { if [ -z "$ipropd_master_slaves" ]; then warn "\$ipropd_master_slaves is empty." return 1 fi for _slave in $ipropd_master_slaves; do echo $_slave done > /var/heimdal/slaves || return 1 - command_args="$command_args \ - --keytab=\"$ipropd_master_keytab\" \ - --detach \ - " } ipropd_master_start_postcmd() { echo "${name}: slave nodes: $ipropd_master_slaves" } load_rc_config $name + +command_args="$command_args \ + --keytab=\"$ipropd_master_keytab\" \ + --detach \ +" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipropd_slave b/libexec/rc/rc.d/ipropd_slave index 9d4b06f0e8f3..1735cff3de86 100755 --- a/libexec/rc/rc.d/ipropd_slave +++ b/libexec/rc/rc.d/ipropd_slave @@ -1,31 +1,35 @@ #!/bin/sh # # # PROVIDE: ipropd_slave # REQUIRE: kdc # KEYWORD: shutdown . /etc/rc.subr name=ipropd_slave rcvar=${name}_enable required_files="$ipropd_slave_keytab" start_precmd=${name}_start_precmd +: ${ipropd_slave_svcj_options:="net_basic"} + ipropd_slave_start_precmd() { if [ -z "$ipropd_slave_master" ]; then warn "\$ipropd_slave_master is empty." return 1 fi - command_args=" \ - $command_args \ - --keytab=\"$ipropd_slave_keytab\" \ - --detach \ - $ipropd_slave_master" } load_rc_config $name + +command_args=" \ + command_args \ + --keytab=\"$ipropd_slave_keytab\" \ + --detach \ + $ipropd_slave_master" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipsec b/libexec/rc/rc.d/ipsec index 1e9d65f6699e..0e7ad213ce67 100755 --- a/libexec/rc/rc.d/ipsec +++ b/libexec/rc/rc.d/ipsec @@ -1,60 +1,64 @@ #!/bin/sh # # # PROVIDE: ipsec # REQUIRE: FILESYSTEMS # BEFORE: DAEMON mountcritremote # KEYWORD: nojailvnet . /etc/rc.subr name="ipsec" desc="Internet Protocol Security protocol" rcvar="ipsec_enable" start_precmd="ipsec_prestart" start_cmd="ipsec_start" stop_precmd="test -f $ipsec_file" stop_cmd="ipsec_stop" reload_cmd="ipsec_reload" extra_commands="reload" ipsec_program="/sbin/setkey" required_modules="ipsec" # ipsec_file is set by rc.conf ipsec_prestart() { if [ ! -f "$ipsec_file" ]; then warn "$ipsec_file not readable; ipsec start aborted." stop_boot return 1 fi return 0 } ipsec_start() { echo "Installing ipsec manual keys/policies." ${ipsec_program} -f $ipsec_file } ipsec_stop() { echo "Clearing ipsec manual keys/policies." # Still not 100% sure if we would like to do this. # It is very questionable to do this during shutdown session # since it can hang any of the remaining IPv4/v6 sessions. # ${ipsec_program} -F ${ipsec_program} -FP } ipsec_reload() { echo "Reloading ipsec manual keys/policies." ${ipsec_program} -f "$ipsec_file" } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ipsec_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/iscsictl b/libexec/rc/rc.d/iscsictl index d2231958c6cb..247954e0d4f1 100755 --- a/libexec/rc/rc.d/iscsictl +++ b/libexec/rc/rc.d/iscsictl @@ -1,20 +1,24 @@ #!/bin/sh # # # PROVIDE: iscsictl # REQUIRE: NETWORKING iscsid # BEFORE: DAEMON # KEYWORD: nojail . /etc/rc.subr name="iscsictl" desc="iSCSI initiator management utility" rcvar="iscsictl_enable" command="/usr/bin/${name}" command_args="${iscsictl_flags}" required_modules="iscsi" load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +iscsictl_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/iscsid b/libexec/rc/rc.d/iscsid index 277b6f5a8c7e..e2418e8baaa1 100755 --- a/libexec/rc/rc.d/iscsid +++ b/libexec/rc/rc.d/iscsid @@ -1,20 +1,24 @@ #!/bin/sh # # # PROVIDE: iscsid # REQUIRE: NETWORKING # BEFORE: DAEMON # KEYWORD: nojail . /etc/rc.subr name="iscsid" desc="iSCSI initiator daemon" rcvar="iscsid_enable" pidfile="/var/run/${name}.pid" command="/usr/sbin/${name}" required_modules="iscsi" load_rc_config $name + +# doesn't make sense to run in a svcj: nojail keyword +iscsid_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/jail b/libexec/rc/rc.d/jail index e24d6f8e21e0..f059363e1e8d 100755 --- a/libexec/rc/rc.d/jail +++ b/libexec/rc/rc.d/jail @@ -1,612 +1,616 @@ #!/bin/sh # # # PROVIDE: jail # REQUIRE: LOGIN FILESYSTEMS # BEFORE: securelevel # KEYWORD: shutdown . /etc/rc.subr name="jail" desc="Manage system jails" rcvar="jail_enable" start_cmd="jail_start" start_postcmd="jail_warn" stop_cmd="jail_stop" config_cmd="jail_config" console_cmd="jail_console" status_cmd="jail_status" extra_commands="config console status" : ${jail_program:=/usr/sbin/jail} : ${jail_consolecmd:=/usr/bin/login -f root} : ${jail_jexec:=/usr/sbin/jexec} : ${jail_jls:=/usr/sbin/jls} need_dad_wait= # extract_var jv name param num defval # Extract value from ${jail_$jv_$name} or ${jail_$name} and # set it to $param. If not defined, $defval is used. # When $num is [0-9]*, ${jail_$jv_$name$num} are looked up and # $param is set by using +=. $num=0 is optional (params may start at 1). # When $num is YN or NY, the value is interpreted as boolean. # When $num is @, the value is interpreted as an array separted by IFS. extract_var() { local i _jv _name _param _num _def _name1 _name2 _jv=$1 _name=$2 _param=$3 _num=$4 _def=$5 case $_num in YN) _name1=jail_${_jv}_${_name} _name2=jail_${_name} eval $_name1=\"\${$_name1:-\${$_name2:-$_def}}\" if checkyesno $_name1; then echo " $_param = 1;" else echo " $_param = 0;" fi ;; NY) _name1=jail_${_jv}_${_name} _name2=jail_${_name} eval $_name1=\"\${$_name1:-\${$_name2:-$_def}}\" if checkyesno $_name1; then echo " $_param = 0;" else echo " $_param = 1;" fi ;; [0-9]*) i=$_num while : ; do _name1=jail_${_jv}_${_name}${i} _name2=jail_${_name}${i} eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\" if [ -n "$_tmpargs" ]; then echo " $_param += \"$_tmpargs\";" elif [ $i != 0 ]; then break; fi i=$(($i + 1)) done ;; @) _name1=jail_${_jv}_${_name} _name2=jail_${_name} eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\" set -- $_tmpargs if [ $# -gt 0 ]; then echo -n " $_param = " while [ $# -gt 1 ]; do echo -n "\"$1\", " shift done echo "\"$1\";" fi ;; *) _name1=jail_${_jv}_${_name} _name2=jail_${_name} eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\" if [ -n "$_tmpargs" ]; then echo " $_param = \"$_tmpargs\";" fi ;; esac } # parse_options _j _jv # Parse options and create a temporary configuration file if necessary. # parse_options() { local _j _jv _p _j=$1 _jv=$2 _confwarn=0 if [ -z "$_j" ]; then warn "parse_options: you must specify a jail" return fi eval _jconf=\"\${jail_${_jv}_conf:-/etc/jail.${_j}.conf}\" eval _rootdir=\"\$jail_${_jv}_rootdir\" eval _jconfdir=\"/etc/jail.conf.d/${_j}.conf\" eval _hostname=\"\$jail_${_jv}_hostname\" if [ -z "$_rootdir" -o \ -z "$_hostname" ]; then if [ -r "$_jconf" ]; then _conf="$_jconf" return 0 elif [ -r "$_jconfdir" ] && ! egrep -q \ '^\s*\.include\s*["'\'']?/etc/jail.conf.d/' "$jail_conf" \ 2>/dev/null; then _conf="$_jconfdir" return 0 elif [ -r "$jail_conf" ]; then _conf="$jail_conf" return 0 else warn "Invalid configuration for $_j " \ "(no jail.conf, no hostname, or no path). " \ "Jail $_j was ignored." fi return 1 fi eval _ip=\"\$jail_${_jv}_ip\" if [ -z "$_ip" ] && ! check_kern_features vimage; then warn "no ipaddress specified and no vimage support. " \ "Jail $_j was ignored." return 1 fi _conf=/var/run/jail.${_j}.conf # # To relieve confusion, show a warning message. # : ${jail_confwarn:=YES} checkyesno jail_confwarn && _confwarn=1 if [ -r "$jail_conf" -o -r "$_jconf" ]; then if ! checkyesno jail_parallel_start; then warn "$_conf is created and used for jail $_j." fi fi /usr/bin/install -m 0644 -o root -g wheel /dev/null $_conf || return 1 eval : \${jail_${_jv}_flags:=${jail_flags}} eval _exec=\"\$jail_${_jv}_exec\" eval _exec_start=\"\$jail_${_jv}_exec_start\" eval _exec_stop=\"\$jail_${_jv}_exec_stop\" if [ -n "${_exec}" ]; then # simple/backward-compatible execution _exec_start="${_exec}" _exec_stop="" else # flexible execution if [ -z "${_exec_start}" ]; then _exec_start="/bin/sh /etc/rc" if [ -z "${_exec_stop}" ]; then _exec_stop="/bin/sh /etc/rc.shutdown jail" fi fi fi eval _interface=\"\${jail_${_jv}_interface:-${jail_interface}}\" eval _parameters=\"\${jail_${_jv}_parameters:-${jail_parameters}}\" eval _fstab=\"\${jail_${_jv}_fstab:-${jail_fstab:-/etc/fstab.$_j}}\" ( date +"# Generated by rc.d/jail at %Y-%m-%d %H:%M:%S" echo "$_j {" extract_var $_jv hostname host.hostname - "" extract_var $_jv rootdir path - "" if [ -n "$_ip" ]; then extract_var $_jv interface interface - "" jail_handle_ips_option $_ip $_interface alias=0 while : ; do eval _x=\"\$jail_${_jv}_ip_multi${alias}\" [ -z "$_x" ] && break jail_handle_ips_option $_x $_interface alias=$(($alias + 1)) done case $need_dad_wait in 1) # Sleep to let DAD complete before # starting services. echo " exec.start += \"sleep " \ $(($(${SYSCTL_N} net.inet6.ip6.dad_count) + 1)) \ "\";" ;; esac # These are applicable only to non-vimage jails. extract_var $_jv fib exec.fib - "" extract_var $_jv socket_unixiproute_only \ allow.raw_sockets NY YES else echo " vnet;" extract_var $_jv vnet_interface vnet.interface @ "" fi echo " exec.clean;" echo " exec.system_user = \"root\";" echo " exec.jail_user = \"root\";" extract_var $_jv exec_prestart exec.prestart 0 "" extract_var $_jv exec_poststart exec.poststart 0 "" extract_var $_jv exec_prestop exec.prestop 0 "" extract_var $_jv exec_poststop exec.poststop 0 "" echo " exec.start += \"$_exec_start\";" extract_var $_jv exec_afterstart exec.start 0 "" echo " exec.stop = \"$_exec_stop\";" extract_var $_jv consolelog exec.consolelog - \ /var/log/jail_${_j}_console.log if [ -r $_fstab ]; then echo " mount.fstab = \"$_fstab\";" fi eval : \${jail_${_jv}_devfs_enable:=${jail_devfs_enable:-NO}} if checkyesno jail_${_jv}_devfs_enable; then echo " mount.devfs;" eval _ruleset=\${jail_${_jv}_devfs_ruleset:-${jail_devfs_ruleset}} case $_ruleset in "") ;; [0-9]*) echo " devfs_ruleset = \"$_ruleset\";" ;; devfsrules_jail) # XXX: This is the default value, # Let jail(8) to use the default because # mount(8) only accepts an integer. # This should accept a ruleset name. ;; *) warn "devfs_ruleset must be an integer." ;; esac fi eval : \${jail_${_jv}_fdescfs_enable:=${jail_fdescfs_enable:-NO}} if checkyesno jail_${_jv}_fdescfs_enable; then echo " mount.fdescfs;" fi eval : \${jail_${_jv}_procfs_enable:=${jail_procfs_enable:-NO}} if checkyesno jail_${_jv}_procfs_enable; then echo " mount.procfs;" fi eval : \${jail_${_jv}_mount_enable:=${jail_mount_enable:-NO}} if checkyesno jail_${_jv}_mount_enable; then echo " allow.mount;" fi extract_var $_jv set_hostname_allow allow.set_hostname YN NO extract_var $_jv sysvipc_allow allow.sysvipc YN NO extract_var $_jv enforce_statfs enforce_statfs - 2 extract_var $_jv osreldate osreldate extract_var $_jv osrelease osrelease _zfs_dataset="$(eval echo \$jail_${_jv}_zfs_dataset)" if [ -n "$_zfs_dataset" ]; then for ds in $_zfs_dataset; do echo " zfs.dataset += ${ds};" done fi for _p in $_parameters; do echo " ${_p%\;};" done echo "}" ) >> $_conf return 0 } # jail_extract_address argument iface # The second argument is the string from one of the _ip # or the _multi variables. In case of a comma separated list # only one argument must be passed in at a time. # The function alters the _type, _iface, _addr and _mask variables. # jail_extract_address() { local _i _interface _i=$1 _interface=$2 if [ -z "${_i}" ]; then warn "jail_extract_address: called without input" return fi # Check if we have an interface prefix given and split into # iFace and rest. case "${_i}" in *\|*) # ifN|.. prefix there _iface=${_i%%|*} _r=${_i##*|} ;; *) _iface="" _r=${_i} ;; esac # In case the IP has no interface given, check if we have a global one. _iface=${_iface:-${_interface}} # Set address, cut off any prefix/netmask/prefixlen. _addr=${_r} _addr=${_addr%%[/ ]*} # Theoretically we can return here if interface is not set, # as we only care about the _mask if we call ifconfig. # This is not done because we may want to santize IP addresses # based on _type later, and optionally change the type as well. # Extract the prefix/netmask/prefixlen part by cutting off the address. _mask=${_r} _mask=`expr -- "${_mask}" : "${_addr}\(.*\)"` # Identify type {inet,inet6}. case "${_addr}" in *\.*\.*\.*) _type="inet" ;; *:*) _type="inet6" ;; *) warn "jail_extract_address: type not identified" ;; esac # Handle the special /netmask instead of /prefix or # "netmask xxx" case for legacy IP. # We do NOT support shortend class-full netmasks. if [ "${_type}" = "inet" ]; then case "${_mask}" in /*\.*\.*\.*) _mask=" netmask ${_mask#/}" ;; *) ;; esac # In case _mask is still not set use /32. _mask=${_mask:-/32} elif [ "${_type}" = "inet6" ]; then # In case _mask is not set for IPv6, use /128. _mask=${_mask:-/128} fi } # jail_handle_ips_option input iface # Handle a single argument imput which can be a comma separated # list of addresses (theoretically with an option interface and # prefix/netmask/prefixlen). # jail_handle_ips_option() { local _x _type _i _defif _x=$1 _defif=$2 if [ -z "${_x}" ]; then # No IP given. This can happen for the primary address # of each address family. return fi # Loop, in case we find a comma separated list, we need to handle # each argument on its own. while [ ${#_x} -gt 0 ]; do case "${_x}" in *,*) # Extract the first argument and strip it off the list. _i=`expr -- "${_x}" : '^\([^,]*\)'` _x=`expr -- "${_x}" : "^[^,]*,\(.*\)"` ;; *) _i=${_x} _x="" ;; esac _type="" _addr="" _mask="" _iface="" jail_extract_address $_i $_defif # make sure we got an address. case $_addr in "") continue ;; *) ;; esac # Append address to list of addresses for the jail command. case $_type in inet) echo " ip4.addr += \"${_iface:+${_iface}|}${_addr}${_mask}\";" ;; inet6) echo " ip6.addr += \"${_iface:+${_iface}|}${_addr}${_mask}\";" need_dad_wait=1 ;; esac done } jail_config() { local _j _jv case $1 in _ALL) return ;; esac for _j in $@; do _j=$(echo $_j | tr /. _) _jv=$(echo -n $_j | tr -c '[:alnum:]' _) if parse_options $_j $_jv; then echo "$_j: parameters are in $_conf." fi done } jail_console() { local _j _jv _cmd # One argument that is not _ALL. case $#:$1 in 0:*|1:_ALL) err 3 "Specify a jail name." ;; 1:*) ;; esac _j=$(echo $1 | tr /. _) _jv=$(echo -n $1 | tr -c '[:alnum:]' _) shift case $# in 0) eval _cmd=\${jail_${_jv}_consolecmd:-$jail_consolecmd} ;; *) _cmd=$@ ;; esac $jail_jexec $_j $_cmd } jail_status() { $jail_jls -N } jail_start() { local _j _jv _jid _id _name if [ $# = 0 ]; then return fi startmsg -n 'Starting jails:' case $1 in _ALL) command=$jail_program rc_flags=$jail_flags command_args="-f $jail_conf -c" if ! checkyesno jail_parallel_start; then command_args="$command_args -p1" fi _tmp=`mktemp -t jail` || exit 3 if $command $rc_flags $command_args >> $_tmp 2>&1; then $jail_jls jid name | while read _id _name; do startmsg -n " $_name" echo $_id > /var/run/jail_${_name}.id done else cat $_tmp fi rm -f $_tmp startmsg '.' return ;; esac if checkyesno jail_parallel_start; then # # Start jails in parallel and then check jail id when # jail_parallel_start is YES. # for _j in $@; do _j=$(echo $_j | tr /. _) _jv=$(echo -n $_j | tr -c '[:alnum:]' _) parse_options $_j $_jv || continue eval rc_flags=\${jail_${_jv}_flags:-$jail_flags} eval command=\${jail_${_jv}_program:-$jail_program} command_args="-i -f $_conf -c $_j" ( _tmp=`mktemp -t jail_${_j}` || exit 3 if $command $rc_flags $command_args \ >> $_tmp 2>&1 /var/run/jail_${_j}.id else startmsg " cannot start jail " \ "\"${_hostname:-${_j}}\": " cat $_tmp fi rm -f $_tmp ) & done wait else # # Start jails one-by-one when jail_parallel_start is NO. # for _j in $@; do _j=$(echo $_j | tr /. _) _jv=$(echo -n $_j | tr -c '[:alnum:]' _) parse_options $_j $_jv || continue eval rc_flags=\${jail_${_jv}_flags:-$jail_flags} eval command=\${jail_${_jv}_program:-$jail_program} command_args="-i -f $_conf -c $_j" _tmp=`mktemp -t jail` || exit 3 if $command $rc_flags $command_args \ >> $_tmp 2>&1 /var/run/jail_${_j}.id else startmsg " cannot start jail " \ "\"${_hostname:-${_j}}\": " cat $_tmp fi rm -f $_tmp done fi startmsg '.' } jail_stop() { local _j _jv if [ $# = 0 ]; then return fi echo -n 'Stopping jails:' case $1 in _ALL) command=$jail_program rc_flags=$jail_flags command_args="-f $jail_conf -r" if checkyesno jail_reverse_stop; then $jail_jls name | tail -r else $jail_jls name fi | while read _j; do echo -n " $_j" _tmp=`mktemp -t jail` || exit 3 $command $rc_flags $command_args $_j >> $_tmp 2>&1 if $jail_jls -j $_j > /dev/null 2>&1; then cat $_tmp else rm -f /var/run/jail_${_j}.id fi rm -f $_tmp done echo '.' return ;; esac checkyesno jail_reverse_stop && set -- $(reverse_list $@) for _j in $@; do _j=$(echo $_j | tr /. _) _jv=$(echo -n $_j | tr -c '[:alnum:]' _) parse_options $_j $_jv || continue if ! $jail_jls -j $_j > /dev/null 2>&1; then continue fi eval command=\${jail_${_jv}_program:-$jail_program} echo -n " ${_hostname:-${_j}}" _tmp=`mktemp -t jail` || exit 3 $command -q -f $_conf -r $_j >> $_tmp 2>&1 if $jail_jls -j $_j > /dev/null 2>&1; then cat $_tmp else rm -f /var/run/jail_${_j}.id fi rm -f $_tmp done echo '.' } jail_warn() { # To relieve confusion, show a warning message. case $_confwarn in 1) warn "Per-jail configuration via jail_* variables " \ "is obsolete. Please consider migrating to $jail_conf." ;; esac } load_rc_config $name + +# doesn't make sense to run in a svcj +jail_svcj="NO" + case $# in 1) run_rc_command $@ ${jail_list:-_ALL} ;; *) jail_reverse_stop="no" run_rc_command $@ ;; esac diff --git a/libexec/rc/rc.d/kadmind b/libexec/rc/rc.d/kadmind index 140ece811f66..0cee49630480 100755 --- a/libexec/rc/rc.d/kadmind +++ b/libexec/rc/rc.d/kadmind @@ -1,28 +1,24 @@ #!/bin/sh # # # PROVIDE: kadmind # REQUIRE: kdc # KEYWORD: shutdown . /etc/rc.subr name=kadmind desc="Server for administrative access to Kerberos database" rcvar=${name}_enable required_vars=kdc_enable -start_precmd=${name}_start_precmd +command_args="$command_args &" + +: ${kadmind_svcj_options:="net_basic"} set_rcvar_obsolete kadmind5_server_enable kadmind_enable set_rcvar_obsolete kadmind5_server kadmind_program set_rcvar_obsolete kerberos5_server_enable kdc_enable -kadmind_start_precmd() -{ - - command_args="$command_args &" -} - load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/kdc b/libexec/rc/rc.d/kdc index a2d9f87f8e20..621129b20164 100755 --- a/libexec/rc/rc.d/kdc +++ b/libexec/rc/rc.d/kdc @@ -1,51 +1,52 @@ #!/bin/sh # # # PROVIDE: kdc # REQUIRE: NETWORKING # BEFORE: SERVERS # KEYWORD: shutdown . /etc/rc.subr name=kdc desc="Kerberos 5 server" rcvar=${name}_enable : ${kdc_restart:="NO"} : ${kdc_restart_delay:=""} +: ${kdc_svcj_options:="net_basic"} set_rcvar_obsolete kerberos5_server_enable kdc_enable set_rcvar_obsolete kerberos5_server kdc_program set_rcvar_obsolete kerberos5_server_flags kdc_flags load_rc_config $name if [ "${kdc_program}" = /usr/libexec/kdc -o \ "${kdc_program}" = /usr/local/libexec/kdc ]; then detach="--detach" flavor=heimdal else flavor=mit unset detach fi case ${kdc_restart} in [Yy][Ee][Ss]) if [ "$flavor" = mit ]; then detach=-n else unset detach fi case ${kdc_restart_delay} in "") unset daemon_restart_delay;; *) daemon_restart_delay="-R ${kdc_restart_delay}";; esac command_args="-r ${daemon_restart_delay} ${kdc_program} ${detach} ${command_args}" kdc_program=/usr/sbin/daemon ;; *) command_args="${detach} ${command_args}" ;; esac run_rc_command "$1" diff --git a/libexec/rc/rc.d/keyserv b/libexec/rc/rc.d/keyserv index b51d01cfceee..d78695eb33b2 100755 --- a/libexec/rc/rc.d/keyserv +++ b/libexec/rc/rc.d/keyserv @@ -1,26 +1,28 @@ #!/bin/sh # # # Start keyserv if we are running Secure RPC # PROVIDE: keyserv # REQUIRE: ypset # BEFORE: DAEMON # KEYWORD: shutdown . /etc/rc.subr name="keyserv" desc="Server for storing private encryption keys" rcvar="keyserv_enable" command="/usr/sbin/${name}" start_precmd="keyserv_prestart" +: ${keyserv_svcj_options:="net_basic"} + keyserv_prestart() { force_depend rpcbind || return 1 } load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/kfd b/libexec/rc/rc.d/kfd index 0d124e14033f..23ad790abab5 100755 --- a/libexec/rc/rc.d/kfd +++ b/libexec/rc/rc.d/kfd @@ -1,23 +1,19 @@ #!/bin/sh # # # PROVIDE: kfd # REQUIRE: NETWORKING # KEYWORD: shutdown . /etc/rc.subr name=kfd desc="Receive forwarded tickets" rcvar=${name}_enable -start_precmd=${name}_start_precmd +command_args="$command_args -i &" -kfd_start_precmd() -{ - - command_args="$command_args -i &" -} +: ${kfd_svcj_options:="net_basic"} load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/kld b/libexec/rc/rc.d/kld index 510884a117d0..d9c45a05f7a6 100755 --- a/libexec/rc/rc.d/kld +++ b/libexec/rc/rc.d/kld @@ -1,54 +1,58 @@ #!/bin/sh # Copyright (c) 2011 Douglas Barton # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # PROVIDE: kld # REQUIRE: kldxref # KEYWORD: nojail . /etc/rc.subr name="kld" desc="Load kernel modules" start_cmd="${name}_start" stop_cmd=':' kld_start() { [ -n "$kld_list" ] || return [ -z "$(kenv -q kld_disable 2>/dev/null)" ] || return local _kld echo 'Loading kernel modules:' for _kld in $kld_list ; do load_kld -e ${_kld}.ko $_kld done } load_rc_config $name + +# doesn't make sense to run in a svcj +kld_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/kldxref b/libexec/rc/rc.d/kldxref index d2b733eddce3..d6aa02d778d9 100755 --- a/libexec/rc/rc.d/kldxref +++ b/libexec/rc/rc.d/kldxref @@ -1,36 +1,40 @@ #!/bin/sh # # # PROVIDE: kldxref # REQUIRE: mountcritlocal # BEFORE: netif # KEYWORD: nojail . /etc/rc.subr rcvar="kldxref_enable" name="kldxref" desc="Generate hints for the kernel loader" stop_cmd=":" start_cmd="kldxref_start" kldxref_start() { if [ -n "$kldxref_module_path" ]; then MODULE_PATHS="$kldxref_module_path" else MODULE_PATHS=`sysctl -n kern.module_path` fi IFS=';' for MODULE_DIR in $MODULE_PATHS; do if checkyesno kldxref_clobber || [ ! -f "$MODULE_DIR/linker.hints" ] && [ `echo ${MODULE_DIR}/*.ko` != "${MODULE_DIR}/*.ko" ]; then echo "Building $MODULE_DIR/linker.hints" kldxref "$MODULE_DIR" fi done } load_rc_config $name + +# doesn't make sense to run in a svcj +kldxref_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/kpasswdd b/libexec/rc/rc.d/kpasswdd index 2d3449bf52a6..7e2562769640 100755 --- a/libexec/rc/rc.d/kpasswdd +++ b/libexec/rc/rc.d/kpasswdd @@ -1,28 +1,24 @@ #!/bin/sh # # # PROVIDE: kpasswdd # REQUIRE: kdc # KEYWORD: shutdown . /etc/rc.subr name=kpasswdd desc="Kerberos 5 password changing" rcvar=${name}_enable required_vars=kdc_enable -start_precmd=${name}_start_precmd +command_args="$command_args &" + +: ${kpasswdd_svcj_options:="net_basic"} set_rcvar_obsolete kpasswdd_server_enable kpasswdd_enable set_rcvar_obsolete kpasswdd_server kpasswdd_program set_rcvar_obsolete kerberos5_server_enable kdc_enable -kpasswdd_start_precmd() -{ - - command_args="$command_args &" -} - load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/ldconfig b/libexec/rc/rc.d/ldconfig index fd54b2d3444e..494228e96501 100755 --- a/libexec/rc/rc.d/ldconfig +++ b/libexec/rc/rc.d/ldconfig @@ -1,75 +1,79 @@ #!/bin/sh # # # PROVIDE: ldconfig # REQUIRE: FILESYSTEMS # BEFORE: DAEMON . /etc/rc.subr name="ldconfig" desc="Configure the shared library cache" ldconfig_command="/sbin/ldconfig" start_cmd="ldconfig_start" stop_cmd=":" ldconfig_paths() { local _dirs _files _ii _ldpaths _paths _dirs="${1}" _paths="${2}" _ldpaths="${3}" for _ii in ${_dirs}; do if [ -d "${_ii}" ]; then _files=`find ${_ii} -type f` if [ -n "${_files}" ]; then _paths="${_paths} `cat ${_files} | sort -u`" fi fi done for _ii in ${_paths}; do if [ -r "${_ii}" ]; then _ldpaths="${_ldpaths} ${_ii}" fi done echo "${_ldpaths}" } ldconfig_start() { local _files _ins _ins= ldconfig=${ldconfig_command} checkyesno ldconfig_insecure && _ins="-i" if [ -x "${ldconfig_command}" ]; then _LDC=$(/libexec/ld-elf.so.1 -v | sed -n -e '/^Default lib path /s///p' | tr : ' ') _LDC=$(ldconfig_paths "${ldconfig_local_dirs}" \ "${ldconfig_paths} /etc/ld-elf.so.conf" "$_LDC") startmsg 'ELF ldconfig path:' ${_LDC} ${ldconfig} -elf ${_ins} ${_LDC} if check_kern_features compat_freebsd32; then _LDC="" if [ -x /libexec/ld-elf32.so.1 ]; then for x in $(/libexec/ld-elf32.so.1 -v | sed -n -e '/^Default lib path /s///p' | tr : ' '); do if [ -d "${x}" ]; then _LDC="${_LDC} ${x}" fi done fi _LDC=$(ldconfig_paths "${ldconfig_local32_dirs}" \ "${ldconfig32_paths}" "$_LDC") startmsg '32-bit compatibility ldconfig path:' ${_LDC} ${ldconfig} -32 ${_ins} ${_LDC} fi fi } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ldconfig_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/linux b/libexec/rc/rc.d/linux index 1c6a97f606fe..d419920acaca 100755 --- a/libexec/rc/rc.d/linux +++ b/libexec/rc/rc.d/linux @@ -1,84 +1,88 @@ #!/bin/sh # # # PROVIDE: linux # REQUIRE: kldxref zfs # KEYWORD: nojail . /etc/rc.subr name="linux" desc="Enable Linux ABI" rcvar="linux_enable" start_cmd="${name}_start" stop_cmd=":" linux_mount() { local _fs _mount_point _fs="$1" _mount_point="$2" shift 2 if ! mount | grep -q "^$_fs on $_mount_point ("; then mkdir -p "$_mount_point" mount "$@" -t "$_fs" "$_fs" "$_mount_point" fi } linux_start() { local _emul_path _tmpdir case `sysctl -n hw.machine_arch` in aarch64) load_kld -e 'linux64elf' linux64 ;; amd64) load_kld -e 'linuxelf' linux load_kld -e 'linux64elf' linux64 ;; i386) load_kld -e 'linuxelf' linux ;; esac _emul_path="$(sysctl -n compat.linux.emul_path)" if [ -x ${_emul_path}/sbin/ldconfigDisabled ]; then _tmpdir=`mktemp -d -t linux-ldconfig` ${_emul_path}/sbin/ldconfig -C ${_tmpdir}/ld.so.cache if ! cmp -s ${_tmpdir}/ld.so.cache ${_emul_path}/etc/ld.so.cache; then cat ${_tmpdir}/ld.so.cache > ${_emul_path}/etc/ld.so.cache fi rm -rf ${_tmpdir} fi # Linux uses the pre-pts(4) tty naming scheme. load_kld pty # Explicitly load the filesystem modules; they are usually required, # even with linux_mounts_enable="NO". load_kld fdescfs load_kld linprocfs load_kld linsysfs # Handle unbranded ELF executables by defaulting to ELFOSABI_LINUX. if [ `sysctl -ni kern.elf64.fallback_brand` -eq "-1" ]; then sysctl kern.elf64.fallback_brand=3 > /dev/null fi if [ `sysctl -ni kern.elf32.fallback_brand` -eq "-1" ]; then sysctl kern.elf32.fallback_brand=3 > /dev/null fi if checkyesno linux_mounts_enable; then linux_mount linprocfs "${_emul_path}/proc" -o nocover linux_mount linsysfs "${_emul_path}/sys" -o nocover linux_mount devfs "${_emul_path}/dev" -o nocover linux_mount fdescfs "${_emul_path}/dev/fd" -o nocover,linrdlnk linux_mount tmpfs "${_emul_path}/dev/shm" -o nocover,mode=1777 fi } load_rc_config $name + +# doesn't make sense to run in a svcj: kernel modules and FS-mounting +linux_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/local b/libexec/rc/rc.d/local index 6ac99c4b7e3c..c3f5e037563e 100755 --- a/libexec/rc/rc.d/local +++ b/libexec/rc/rc.d/local @@ -1,36 +1,40 @@ #!/bin/sh # # # PROVIDE: local # REQUIRE: DAEMON # BEFORE: LOGIN # KEYWORD: shutdown . /etc/rc.subr name="local" desc="Run /etc/rc.local and /etc/rc.shutdown.local" start_cmd="local_start" stop_cmd="local_stop" local_start() { if [ -f /etc/rc.local ]; then startmsg -n 'Starting local daemons:' . /etc/rc.local startmsg '.' fi } local_stop() { if [ -f /etc/rc.shutdown.local ]; then echo -n 'Shutting down local daemons:' . /etc/rc.shutdown.local echo '.' fi } load_rc_config $name + +# doesn't make sense to run in a svcj: it may contain everything +local_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/local_unbound b/libexec/rc/rc.d/local_unbound index 4a717dad70fd..94f01810b303 100755 --- a/libexec/rc/rc.d/local_unbound +++ b/libexec/rc/rc.d/local_unbound @@ -1,122 +1,123 @@ #!/bin/sh # # # PROVIDE: local_unbound # REQUIRE: FILESYSTEMS defaultroute netwait resolv # BEFORE: NETWORKING # KEYWORD: shutdown . /etc/rc.subr name="local_unbound" desc="Local caching forwarding resolver" rcvar="local_unbound_enable" command="/usr/sbin/local-unbound" extra_commands="anchor configtest reload setup" start_precmd="local_unbound_prestart" start_postcmd="local_unbound_poststart" reload_precmd="local_unbound_configtest" anchor_cmd="local_unbound_anchor" configtest_cmd="local_unbound_configtest" setup_cmd="local_unbound_setup" pidfile="/var/run/${name}.pid" load_rc_config $name : ${local_unbound_workdir:=/var/unbound} : ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} : ${local_unbound_flags:="-c ${local_unbound_config}"} : ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} : ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf} : ${local_unbound_anchor:=${local_unbound_workdir}/root.key} : ${local_unbound_forwarders:=} : ${local_unbound_tls:=} : ${local_unbound_pidfile:=${pidfile}} pidfile=${local_unbound_pidfile} +: ${local_unbound_svcj_options:="net_basic"} do_as_unbound() { echo "$@" | su -m unbound } # # Retrieve or update the DNSSEC root anchor # local_unbound_anchor() { do_as_unbound ${command}-anchor -a ${local_unbound_anchor} # we can't trust the exit code - check if the file exists [ -f ${local_unbound_anchor} ] } # # Check the unbound configuration file # local_unbound_configtest() { do_as_unbound ${command}-checkconf ${local_unbound_config} } # # Create the unbound configuration file and update resolv.conf to # point to unbound. # local_unbound_setup() { local tls_flag if checkyesno local_unbound_tls ; then tls_flag="-t" fi echo "Performing initial setup." ${command}-setup -n \ -u unbound \ -w ${local_unbound_workdir} \ -c ${local_unbound_config} \ -f ${local_unbound_forwardconf} \ -o ${local_unbound_controlconf} \ -a ${local_unbound_anchor} \ ${tls_flag} \ ${local_unbound_forwarders} } # # Before starting, check that the configuration file and root anchor # exist. If not, attempt to generate them. # local_unbound_prestart() { # Create configuration file if [ ! -f ${local_unbound_config} ] ; then run_rc_command setup fi # Retrieve DNSSEC root key if [ ! -s ${local_unbound_anchor} ] ; then run_rc_command anchor fi } # # After starting, wait for Unbound to report that it is ready to avoid # race conditions with services which require functioning DNS. # local_unbound_poststart() { local retry=5 echo -n "Waiting for nameserver to start..." until "${command}-control" -c "${local_unbound_config}" status | grep -q "is running" ; do if [ $((retry -= 1)) -eq 0 ] ; then echo " giving up" return 1 fi echo -n "." sleep 1 done echo " good" } load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/localpkg b/libexec/rc/rc.d/localpkg index ca5fc3e1109b..12fb9e0fd927 100755 --- a/libexec/rc/rc.d/localpkg +++ b/libexec/rc/rc.d/localpkg @@ -1,77 +1,83 @@ #!/bin/sh # # # PROVIDE: localpkg # REQUIRE: sysvipc linux # BEFORE: securelevel # KEYWORD: shutdown . /etc/rc.subr name="localpkg" desc="Run local init scripts" start_cmd="pkg_start" stop_cmd="pkg_stop" pkg_start() { local initdone # For each dir in $local_startup, search for init scripts matching *.sh # case ${local_startup} in [Nn][Oo] | '') ;; *) initdone= find_local_scripts_old for script in ${zlist} ${slist}; do if [ -z "${initdone}" -a -f "${script}" ]; then echo -n 'Local package initialization:' initdone=yes fi if [ -x "${script}" ]; then (set -T trap 'exit 1' 2 ${script} start) elif [ -f "${script}" -o -L "${script}" ]; then echo -n " (skipping ${script}, not executable)" fi done [ -n "${initdone}" ] && echo '.' ;; esac } pkg_stop() { local initdone case ${local_startup} in [Nn][Oo] | '') ;; *) initdone= find_local_scripts_old for script in `reverse_list ${slist} ${zlist}`; do if [ -z "${initdone}" -a -f "${script}" ]; then echo -n 'Shutting down local packages:' initdone=yes fi if [ -x "${script}" ]; then if [ `sysctl -n debug.bootverbose` -eq 1 ]; then echo "==>" ${script} fi (set -T trap 'exit 1' 2 ${script} stop) + elif [ -f "${script}" -o -L "${script}" ]; then + echo -n " (skipping ${script##*/}, not executable)" fi done [ -n "${initdone}" ] && echo '.' ;; esac } load_rc_config $name + +# doesn't make sense to run in a svcj: other rc.d scripts need to decide on their own +localpkg_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/lockd b/libexec/rc/rc.d/lockd index c35dd0975cfe..9c804751031a 100755 --- a/libexec/rc/rc.d/lockd +++ b/libexec/rc/rc.d/lockd @@ -1,31 +1,34 @@ #!/bin/sh # # FreeBSD History: src/etc/rc.d/nfslocking,v 1.11 2004/10/07 13:55:26 mtm # # PROVIDE: lockd # REQUIRE: nfsclient rpcbind statd # BEFORE: DAEMON # KEYWORD: nojail shutdown . /etc/rc.subr name="lockd" desc="NFS file locking daemon" rcvar=rpc_lockd_enable command="/usr/sbin/rpc.${name}" start_precmd='lockd_precmd' +: ${lockd_svcj_options:="net_basic"} + # Make sure that we are either an NFS client or server, and that we get # the correct flags from rc.conf(5). # lockd_precmd() { force_depend rpcbind || return 1 force_depend statd rpc_statd || return 1 - - rc_flags=${rpc_lockd_flags} } load_rc_config $name + +rc_flags=${rpc_lockd_flags} + run_rc_command $1 diff --git a/libexec/rc/rc.d/lpd b/libexec/rc/rc.d/lpd index 428b33f7c9fd..0c169bef99a5 100755 --- a/libexec/rc/rc.d/lpd +++ b/libexec/rc/rc.d/lpd @@ -1,27 +1,29 @@ #!/bin/sh # # # PROVIDE: lpd # REQUIRE: DAEMON # BEFORE: LOGIN # KEYWORD: shutdown . /etc/rc.subr name="lpd" desc="Line printer spooler daemon" rcvar="lpd_enable" command="/usr/sbin/${name}" required_files="/etc/printcap" start_precmd="chkprintcap" +: ${lpd_svcj_options:="net_basic"} + chkprintcap() { if checkyesno chkprintcap_enable ; then /usr/sbin/chkprintcap ${chkprintcap_flags} fi } load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/mdconfig b/libexec/rc/rc.d/mdconfig index 2322cdc55fc2..4df14017334b 100755 --- a/libexec/rc/rc.d/mdconfig +++ b/libexec/rc/rc.d/mdconfig @@ -1,196 +1,199 @@ #!/bin/sh # # Copyright (c) 2006 The FreeBSD Project # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # PROVIDE: mdconfig # REQUIRE: swap root . /etc/rc.subr name="mdconfig" desc="Create and control memory disks" stop_cmd="mdconfig_stop" start_cmd="mdconfig_start" start_precmd='[ -n "${_mdconfig_list}" ]' required_modules="geom_md:g_md" is_readonly() { local _mp _ret _mp=$1 _ret=`mount | while read _line; do case ${_line} in *" ${_mp} "*read-only*) echo "yes" ;; *) ;; esac; done` if [ -n "${_ret}" ]; then return 0 else return 1 fi } init_variables() { local _i _fs="" _mp="" _dev="/dev/${_md}" eval _config=\$mdconfig_${_md} eval _newfs=\$mdconfig_${_md}_newfs _type=${_config##*-t\ } _type=${_type%%\ *} if [ -z "${_type}" ]; then err 1 "You need to specify \"-t \" in mdconfig_${_md}" fi if [ "${_type}" = "vnode" ]; then _file=${_config##*-f\ } _file=${_file%%\ *} if [ -z "${_file}" ]; then err 2 "You need to specify \"-f \" in mdconfig_${_md} for vnode devices" fi if [ "${_file}" != "${_file%.uzip}" ]; then _dev="/dev/${_md}.uzip" fi for _i in `df ${_file} 2>/dev/null`; do _fs=${_i}; done fi # Debugging help. debug "${_md} config: ${_config}" debug "${_md} type: ${_type}" debug "${_md} dev: ${_dev}" debug "${_md} file: ${_file}" debug "${_md} fs: ${_fs}" debug "${_md} newfs flags: ${_newfs}" } mdconfig_start() { local _md _mp _config _type _dev _file _fs _newfs _fsck_cmd for _md in ${_mdconfig_list}; do init_variables ${_md} # Create md(4) devices of types swap, malloc and vnode if the # file is on the root partition. if [ "${_type}" != "vnode" -o "${_fs}" = "/" ]; then if [ "${_type}" = "vnode" ]; then if is_readonly ${_fs}; then warn "${_fs} is mounted read-only, skipping ${_md}." continue fi if [ "${_file}" != "${_file%.uzip}" ]; then load_kld -m g_uzip geom_uzip || return 3 # sleep a bit to allow creation of /dev/mdX.uzip sleep 2 fi fi if mdconfig -l -u ${_md} >/dev/null 2>&1; then err 3 "${_md} already exists" fi echo "Creating ${_md} device (${_type})." if ! mdconfig -a ${_config} -u ${_md}; then echo "Creating ${_md} device failed, moving on." continue fi # Skip fsck for uzip devices. if [ "${_type}" = "vnode" ]; then if [ "${_file}" != "${_file%.uzip}" ]; then _fsck_cmd=":" elif checkyesno background_fsck; then _fsck_cmd="fsck -F" else _fsck_cmd="fsck" fi if ! eval ${_fsck_cmd} -p ${_dev} >/dev/null; then echo "Fsck failed on ${_dev}, not mounting the filesystem." continue fi else newfs ${_newfs} ${_dev} >/dev/null fi if mount -d ${_dev} 2>&1 >/dev/null; then echo "Mounting ${_dev}." mount ${_dev} fi fi done } mdconfig_stop() { local _md _mp _config _type _dev _file _fs _newfs _i for _md in ${_mdconfig_list}; do init_variables ${_md} if [ "${_type}" != "vnode" -o "${_fs}" = "/" ]; then for _i in `df ${_dev} 2>/dev/null`; do _mp=${_i}; done if [ -z "${_mp}" -o "${_mp}" != "${_mp%%%}" ]; then echo "Device ${_dev} isn't mounted." else echo "Umounting ${_dev}." umount ${_dev} fi if mdconfig -l -u ${_md} >/dev/null 2>&1; then echo "Destroying ${_md}." mdconfig -d -u ${_md} fi fi done } _mdconfig_cmd="$1" if [ $# -gt 0 ]; then shift fi [ -n "$*" ] && _mdconfig_list="$*" load_rc_config $name +# doesn't make sense to run in a svcj: config setting +mdconfig_svcj="NO" + if [ -z "${_mdconfig_list}" ]; then for _mdconfig_config in `list_vars mdconfig_md[0-9]\* | sort_lite -nk1.12` do _mdconfig_unit=${_mdconfig_config#mdconfig_md} [ "${_mdconfig_unit#*[!0-9]}" = "$_mdconfig_unit" ] || continue _mdconfig_list="$_mdconfig_list md$_mdconfig_unit" done _mdconfig_list="${_mdconfig_list# }" fi run_rc_command "${_mdconfig_cmd}" diff --git a/libexec/rc/rc.d/mdconfig2 b/libexec/rc/rc.d/mdconfig2 index 2f958611f7de..716e71cd2a32 100755 --- a/libexec/rc/rc.d/mdconfig2 +++ b/libexec/rc/rc.d/mdconfig2 @@ -1,226 +1,229 @@ #!/bin/sh # # Copyright (c) 2006 The FreeBSD Project # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # PROVIDE: mdconfig2 # REQUIRE: mountcritremote # BEFORE: SERVERS . /etc/rc.subr name="mdconfig2" desc="Create and control memory disks" stop_cmd="mdconfig2_stop" start_cmd="mdconfig2_start" start_precmd='[ -n "${_mdconfig2_list}" ]' required_modules="geom_md:g_md" is_readonly() { local _mp _ret _mp=$1 _ret=`mount | while read _line; do case ${_line} in *" ${_mp} "*read-only*) echo "yes" ;; *) ;; esac; done` if [ -n "${_ret}" ]; then return 0 else return 1 fi } init_variables() { local _i _fs="" _mp="" _mounted="no" _dev="/dev/${_md}" eval _config=\$mdconfig_${_md} eval _owner=\$mdconfig_${_md}_owner eval _perms=\$mdconfig_${_md}_perms eval _files=\$mdconfig_${_md}_files eval _populate=\$mdconfig_${_md}_cmd _type=${_config##*-t\ } _type=${_type%%\ *} if [ -z "${_type}" ]; then err 1 "You need to specify \"-t \" in mdconfig_${_md}" fi if [ "${_type}" = "vnode" ]; then _file=${_config##*-f\ } _file=${_file%%\ *} if [ -z "${_file}" ]; then err 2 "You need to specify \"-f \" in mdconfig_${_md} for vnode devices" fi if [ "${_file}" != "${_file%.uzip}" ]; then _dev="/dev/${_md}.uzip" fi for _i in `df ${_file} 2>/dev/null`; do _fs=${_i}; done fi # Debugging help. debug "${_md} config: ${_config}" debug "${_md} type: ${_type}" debug "${_md} dev: ${_dev}" debug "${_md} file: ${_file}" debug "${_md} fs: ${_fs}" debug "${_md} owner: ${_owner}" debug "${_md} perms: ${_perms}" debug "${_md} files: ${_files}" debug "${_md} populate cmd: ${_populate}" } mdconfig2_start() { local _md _fs _mp _mounted _dev _config _type _file _owner _perms _files _populate _fsck_cmd _i for _md in ${_mdconfig2_list}; do init_variables ${_md} if [ ! -r ${_file} ]; then err 3 "${_file} doesn't exist" continue fi # First pass: create md(4) vnode devices from files stored on # non-root partition. Swap and malloc md(4) devices have already # been created. if [ "${_type}" = "vnode" -a "${_fs}" != "/" ]; then if [ "${_file}" != "${_file%.uzip}" ]; then load_kld -m g_uzip geom_uzip || return 3 fi if is_readonly ${_fs}; then warn "${_fs} is mounted read-only, skipping ${_md}." continue fi if mdconfig -l -u ${_md} >/dev/null 2>&1; then err 3 "${_md} already exists" fi echo "Creating ${_md} device (${_type})." if ! mdconfig -a ${_config} -u ${_md}; then echo "Creating ${_md} device failed, moving on." continue fi # Skip fsck for uzip devices. if [ "${_file}" != "${_file%.uzip}" ]; then _fsck_cmd=":" elif checkyesno background_fsck; then _fsck_cmd="fsck -F" else _fsck_cmd="fsck" fi if ! eval ${_fsck_cmd} -p ${_dev} >/dev/null; then echo "Fsck failed on ${_dev}, not mounting the filesystem." continue fi if mount -d ${_dev} >/dev/null 2>&1; then echo "Mounting ${_dev}." mount ${_dev} fi fi for _i in `df ${_dev} 2>/dev/null`; do _mp=${_i}; done if [ ! -z "${_mp}" -a "${_mp}" = "${_mp%%%}" ]; then _mounted="yes" fi if checkyesno _mounted; then # Second pass: change permissions and ownership. [ -z "${_owner}" ] || chown -f ${_owner} ${_dev} ${_mp} [ -z "${_perms}" ] || chmod -f ${_perms} ${_dev} ${_mp} # Third pass: populate with foreign files. if [ -n "${_files}" -o -n "${_populate}" ]; then echo "Populating ${_dev}." fi if [ -n "${_files}" ]; then cp -Rp ${_files} ${_mp} fi if [ -n "${_populate}" ]; then eval ${_populate} fi fi done } mdconfig2_stop() { local _md _fs _mp _mounted _dev _config _type _file _owner _perms _files _populate for _md in ${_mdconfig2_list}; do init_variables ${_md} if [ "${_type}" = "vnode" ]; then for i in `df ${_dev} 2>/dev/null`; do _mp=$i; done if [ ! -r "${_file}" -o "${_fs}" = "/" ]; then continue fi if [ -z "${_mp}" -o "${_mp}" != "${_mp%%%}" ]; then echo "Device ${_dev} isn't mounted." else echo "Umounting ${_dev}." umount ${_dev} fi if mdconfig -l -u ${_md} >/dev/null 2>&1; then echo "Destroying ${_md}." mdconfig -d -u ${_md} fi fi done } _mdconfig2_cmd="$1" if [ $# -gt 0 ]; then shift fi [ -n "$*" ] && _mdconfig2_list="$*" load_rc_config $name +# doesn't make sense to run in a svcj: config setting +mdconfig2_svcj="NO" + if [ -z "${_mdconfig2_list}" ]; then for _mdconfig2_config in `list_vars mdconfig_md[0-9]\* | sort_lite -nk1.12` do _mdconfig2_unit=${_mdconfig2_config#mdconfig_md} [ "${_mdconfig2_unit#*[!0-9]}" = "$_mdconfig2_unit" ] || continue _mdconfig2_list="$_mdconfig2_list md$_mdconfig2_unit" done _mdconfig2_list="${_mdconfig2_list# }" fi run_rc_command "${_mdconfig2_cmd}" diff --git a/libexec/rc/rc.d/mixer b/libexec/rc/rc.d/mixer index d8d43a2ffcc8..7527e16918d2 100755 --- a/libexec/rc/rc.d/mixer +++ b/libexec/rc/rc.d/mixer @@ -1,103 +1,107 @@ #!/bin/sh - # # Copyright (c) 2004 The FreeBSD Project # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # PROVIDE: mixer # REQUIRE: FILESYSTEMS # KEYWORD: nojail shutdown . /etc/rc.subr name="mixer" desc="Save and restore soundcard mixer values" rcvar="mixer_enable" stop_cmd="mixer_stop" start_cmd="mixer_start" reload_cmd="mixer_start" extra_commands="reload" # # List current mixer devices to stdout. # list_mixers() { ( cd /dev ; ls mixer* 2>/dev/null ) } # # Save state of an individual mixer specified as $1 # mixer_save() { local dev dev="/dev/${1}" if [ -r ${dev} ]; then /usr/sbin/mixer -f ${dev} -o > /var/db/${1}-state 2>/dev/null fi } # # Restore the state of an individual mixer specified as $1 # mixer_restore() { local file dev dev="/dev/${1}" file="/var/db/${1}-state" if [ -r ${dev} -a -r ${file} ]; then /usr/sbin/mixer -f ${dev} `cat ${file}` > /dev/null fi } # # Restore state of all mixers # mixer_start() { local mixer for mixer in `list_mixers`; do mixer_restore ${mixer} done } # # Save the state of all mixers # mixer_stop() { local mixer for mixer in `list_mixers`; do mixer_save ${mixer} done } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +mixer_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/motd b/libexec/rc/rc.d/motd index b0f46df8ea7a..7858aef2c3fe 100755 --- a/libexec/rc/rc.d/motd +++ b/libexec/rc/rc.d/motd @@ -1,58 +1,62 @@ #!/bin/sh # # # PROVIDE: motd # REQUIRE: mountcritremote FILESYSTEMS # BEFORE: LOGIN . /etc/rc.subr name="motd" desc="Update /var/run/motd" rcvar="update_motd" start_cmd="motd_start" stop_cmd=":" COMPAT_MOTD="/etc/motd" TARGET="/var/run/motd" TEMPLATE="/etc/motd.template" PERMS="644" motd_start() { # Update kernel info in /var/run/motd # Must be done *before* interactive logins are possible # to prevent possible race conditions. # startmsg -n 'Updating motd:' if [ ! -f "${TEMPLATE}" ]; then # Create missing template from existing regular motd file, if # one exists. if [ -f "${COMPAT_MOTD}" ]; then sed '1{/^FreeBSD.*/{d;};};' "${COMPAT_MOTD}" > "${TEMPLATE}" chmod $PERMS "${TEMPLATE}" rm -f "${COMPAT_MOTD}" else # Otherwise, create an empty template file. install -c -o root -g wheel -m ${PERMS} /dev/null "${TEMPLATE}" fi fi # Provide compatibility symlink: if [ ! -h "${COMPAT_MOTD}" ]; then ln -sF "${TARGET}" "${COMPAT_MOTD}" fi T=`mktemp -t motd` uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\)$,\1 (\3) #\2,' \ -e 's,^\([^ ]*\) \([^ ]*\) \([^ ]*\) \([^ ]*\)$,\1 \2 (\4) \3,' > ${T} cat "${TEMPLATE}" >> ${T} install -C -o root -g wheel -m "${PERMS}" "$T" "${TARGET}" rm -f "$T" startmsg '.' } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +motd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountcritlocal b/libexec/rc/rc.d/mountcritlocal index e9b8885279a2..f91eaf44457c 100755 --- a/libexec/rc/rc.d/mountcritlocal +++ b/libexec/rc/rc.d/mountcritlocal @@ -1,63 +1,67 @@ #!/bin/sh # # # PROVIDE: mountcritlocal # REQUIRE: root hostid_save mdconfig # KEYWORD: nojail shutdown . /etc/rc.subr name="mountcritlocal" desc="Mount critical local filesystems" start_cmd="mountcritlocal_start" stop_cmd=sync mountcritlocal_start() { local err holders waited # Set up the list of network filesystem types for which mounting # should be delayed until after network initialization. case ${extra_netfs_types} in [Nn][Oo]) ;; *) netfs_types="${netfs_types} ${extra_netfs_types}" ;; esac # Mount everything except nfs filesystems. startmsg -n 'Mounting local filesystems:' mount_excludes='no' for i in ${netfs_types}; do fstype=${i%:*} mount_excludes="${mount_excludes}${fstype}," done mount_excludes=${mount_excludes%,} mount -a -t ${mount_excludes} err=$? if [ ${err} -ne 0 ]; then echo 'Mounting /etc/fstab filesystems failed,' \ 'will retry after root mount hold release' root_hold_wait mount -a -t ${mount_excludes} err=$? fi startmsg '.' case ${err} in 0) ;; *) echo 'Mounting /etc/fstab filesystems failed,' \ 'startup aborted' stop_boot true ;; esac } load_rc_config $name + +# mounting shall not be performed in a svcj +mountcritlocal_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountcritremote b/libexec/rc/rc.d/mountcritremote index b2e0f9cfec49..99becaefb10f 100755 --- a/libexec/rc/rc.d/mountcritremote +++ b/libexec/rc/rc.d/mountcritremote @@ -1,89 +1,93 @@ #!/bin/sh # # # PROVIDE: mountcritremote # REQUIRE: NETWORKING FILESYSTEMS ipsec netwait nfscbd # KEYWORD: nojail . /etc/rc.subr name="mountcritremote" desc="Mount critical remote filesystems" stop_cmd=":" start_cmd="mountcritremote_start" start_precmd="mountcritremote_precmd" # Mount NFS filesystems if present in /etc/fstab # # XXX When the vfsload() issues with nfsclient support and related sysctls # have been resolved, this block can be removed, and the condition that # skips nfs in the following block (for "other network filesystems") can # be removed. # mountcritremote_precmd() { case "`mount -d -a -t nfs 2> /dev/null`" in *mount_nfs*) # Handle absent nfs client support load_kld -m nfs nfscl || return 1 ;; esac return 0 } mountcritremote_start() { local mounted_remote_filesystem=false # Mount nfs filesystems. # case "`/sbin/mount -d -a -t nfs`" in '') ;; *) mounted_remote_filesystem=true echo -n 'Mounting NFS filesystems:' mount -a -t nfs echo '.' ;; esac # Mount other network filesystems if present in /etc/fstab. case ${extra_netfs_types} in [Nn][Oo]) ;; *) netfs_types="${netfs_types} ${extra_netfs_types}" ;; esac for i in ${netfs_types}; do fstype=${i%:*} fsdecr=${i#*:} [ "${fstype}" = "nfs" ] && continue case "`mount -d -a -t ${fstype}`" in *mount_${fstype}*) mounted_remote_filesystem=true echo -n "Mounting ${fsdecr} filesystems:" mount -a -t ${fstype} echo '.' ;; esac done if $mounted_remote_filesystem; then # Cleanup /var again just in case it's a network mount. /etc/rc.d/cleanvar quietreload rm -f /var/run/clean_var /var/spool/lock/clean_var # Regenerate the ldconfig hints in case there are additional # library paths on remote file systems /etc/rc.d/ldconfig quietstart fi } load_rc_config $name + +# mounting shall not be performed in a svcj +mountcritremote_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountd b/libexec/rc/rc.d/mountd index 39b16d604321..8c0aa87e1d13 100755 --- a/libexec/rc/rc.d/mountd +++ b/libexec/rc/rc.d/mountd @@ -1,71 +1,77 @@ #!/bin/sh # # # PROVIDE: mountd # REQUIRE: NETWORKING rpcbind quota mountlate # KEYWORD: nojailvnet shutdown . /etc/rc.subr name="mountd" desc="Service remote NFS mount requests" rcvar="mountd_enable" command="/usr/sbin/${name}" pidfile="/var/run/${name}.pid" required_files="/etc/exports" start_precmd="mountd_precmd" extra_commands="reload" +: ${mountd_svcj_options:="net_basic nfsd"} + mountd_precmd() { # Load the modules now, so that the vfs.nfsd sysctl # oids are available. load_kld nfsd || return 1 # Do not force rpcbind to be running for an NFSv4 only server. # if checkyesno nfsv4_server_only; then echo 'NFSv4 only server' sysctl vfs.nfsd.server_min_nfsvers=4 > /dev/null sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null rc_flags="${rc_flags} -R" else force_depend rpcbind || return 1 if checkyesno nfsv4_server_enable; then sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null else sysctl vfs.nfsd.server_max_nfsvers=3 > /dev/null fi fi # mountd flags will differ depending on rc.conf settings # if checkyesno nfs_server_enable || checkyesno nfsv4_server_only; then if checkyesno weak_mountd_authentication; then if checkyesno nfsv4_server_only; then echo -n 'weak_mountd_authentication ' echo -n 'incompatible with nfsv4_server_only, ' echo 'ignored' else rc_flags="${rc_flags} -n" fi fi else if checkyesno mountd_enable; then checkyesno weak_mountd_authentication && rc_flags="-n" fi fi if checkyesno zfs_enable; then rc_flags="${rc_flags} /etc/exports /etc/zfs/exports" fi rm -f /var/db/mountdtab ( umask 022 ; > /var/db/mountdtab ) || err 1 'Cannot create /var/db/mountdtab' } load_rc_config $name + +# precmd is not compatible with svcj +mountd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountlate b/libexec/rc/rc.d/mountlate index 133192ac183c..87ea9edccb74 100755 --- a/libexec/rc/rc.d/mountlate +++ b/libexec/rc/rc.d/mountlate @@ -1,47 +1,51 @@ #!/bin/sh # # # PROVIDE: mountlate # REQUIRE: DAEMON # BEFORE: LOGIN # KEYWORD: nojail . /etc/rc.subr name="mountlate" desc="Mount filesystems with \"late\" option from /etc/fstab" start_cmd="mountlate_start" stop_cmd=":" mountlate_start() { local err latefs # Mount "late" filesystems. # err=0 echo -n 'Mounting late filesystems:' mount -a -L err=$? echo '.' case ${err} in 0) ;; *) echo 'Mounting /etc/fstab filesystems failed,' \ 'startup aborted' stop_boot true ;; esac # If we booted a special kernel remove the record # so we will boot the default kernel next time. if [ -x /sbin/nextboot ]; then /sbin/nextboot -D fi } load_rc_config $name + +# mounting shall not be performed in a svcj +mountlate_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/moused b/libexec/rc/rc.d/moused index 85a04c89447a..6f1b95af0f0a 100755 --- a/libexec/rc/rc.d/moused +++ b/libexec/rc/rc.d/moused @@ -1,72 +1,77 @@ #!/bin/sh # # # PROVIDE: moused # REQUIRE: DAEMON FILESYSTEMS # KEYWORD: nojail shutdown . /etc/rc.subr name="moused" desc="Mouse daemon" rcvar="moused_enable" command="/usr/sbin/${name}" start_cmd="moused_start" pidprefix="/var/run/moused" pidfile="${pidprefix}.pid" pidarg= load_rc_config $name +# doesn't make sense to run in a svcj: nojail keyword +# XXX: How does moused communiacte with the kernel? +# XXX: Does the kernel prevent this communcation in jails? +moused_svcj="NO" + # Set the pid file and variable name. The second argument, if it exists, is # expected to be the mouse device. # if [ -n "$2" ]; then eval moused_$2_enable=\${moused_$2_enable-${moused_nondefault_enable}} rcvar="moused_${2}_enable" pidfile="${pidprefix}.$2.pid" pidarg="-I $pidfile" fi moused_start() { local ms myflags myport mytype # Set the mouse device and get any related variables. If # a moused device has been specified on the commandline, then # rc.conf(5) variables defined for that device take precedence # over the generic moused_* variables. The only exception is # the moused_port variable, which if not defined sets it to the # passed in device name. # ms=$1 if [ -n "$ms" ]; then eval myflags=\${moused_${ms}_flags-$moused_flags} eval myport=\${moused_${ms}_port-/dev/$ms} eval mytype=\${moused_${ms}_type-$moused_type} else ms="default" myflags="$moused_flags" myport="$moused_port" mytype="$moused_type" fi startmsg -n "Starting ${ms} moused" /usr/sbin/moused ${myflags} -p ${myport} -t ${mytype} ${pidarg} startmsg '.' mousechar_arg= case ${mousechar_start} in [Nn][Oo] | '') ;; *) mousechar_arg="-M ${mousechar_start}" ;; esac for ttyv in /dev/ttyv* ; do vidcontrol < ${ttyv} ${mousechar_arg} -m on done } run_rc_command $* diff --git a/libexec/rc/rc.d/msgs b/libexec/rc/rc.d/msgs index 4ea396c99f66..424d545f884d 100755 --- a/libexec/rc/rc.d/msgs +++ b/libexec/rc/rc.d/msgs @@ -1,25 +1,29 @@ #!/bin/sh # # # PROVIDE: msgs # REQUIRE: LOGIN . /etc/rc.subr name="msgs" desc="Make a bounds file for msgs(1)" start_cmd="msgs_start" stop_cmd=":" msgs_start() { # Make a bounds file for msgs(1) if there isn't one already # if [ -d /var/msgs -a ! -f /var/msgs/bounds -a ! -L /var/msgs/bounds ]; then echo 0 > /var/msgs/bounds fi } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +msgs_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/natd b/libexec/rc/rc.d/natd index d95d586ac69f..1c8c1cb50a96 100755 --- a/libexec/rc/rc.d/natd +++ b/libexec/rc/rc.d/natd @@ -1,43 +1,47 @@ #!/bin/sh # # # PROVIDE: natd # KEYWORD: nostart nojailvnet . /etc/rc.subr . /etc/network.subr name="natd" desc="Network Address Translation daemon" rcvar="natd_enable" command="/sbin/${name}" pidfile="/var/run/${name}.pid" start_precmd="natd_precmd" required_modules="ipdivert" natd_precmd() { if [ -n "${natd_interface}" ]; then dhcp_list="`list_net_interfaces dhcp`" for ifn in ${dhcp_list}; do case "${natd_interface}" in ${ifn}) rc_flags="$rc_flags -dynamic" ;; esac done if echo "${natd_interface}" | \ grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then rc_flags="$rc_flags -a ${natd_interface}" else rc_flags="$rc_flags -n ${natd_interface}" fi fi return 0 } load_rc_config $name + +# precmd is not compatible with svcj +natd_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/netif b/libexec/rc/rc.d/netif index 3da296e97384..4fe9b60cbb20 100755 --- a/libexec/rc/rc.d/netif +++ b/libexec/rc/rc.d/netif @@ -1,271 +1,275 @@ #!/bin/sh # # Copyright (c) 2003 The FreeBSD Project. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE PROJECT ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # PROVIDE: netif # REQUIRE: FILESYSTEMS iovctl serial sysctl # REQUIRE: hostid # KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr name="netif" desc="Network interface setup" rcvar="${name}_enable" start_cmd="netif_start" stop_cmd="netif_stop" wlanup_cmd="wlan_up" wlandown_cmd="wlan_down" cloneup_cmd="clone_up" clonedown_cmd="clone_down" clear_cmd="doclear" vnetup_cmd="vnet_up" vnetdown_cmd="vnet_down" extra_commands="cloneup clonedown clear vnetup vnetdown" cmdifn= set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces set_rcvar_obsolete ipv6_prefer netif_start() { local _if # Set the list of interfaces to work on. # cmdifn=$* if [ -z "$cmdifn" ]; then # # We're operating as a general network start routine. # # disable SIGINT (Ctrl-c) when running at startup trap : 2 fi # Create IEEE802.11 interface wlan_up $cmdifn # Create cloned interfaces clone_up $cmdifn # Rename interfaces. ifnet_rename $cmdifn # Configure the interface(s). netif_common ifn_start $cmdifn if [ -f /etc/rc.d/ipfilter ] ; then # Resync ipfilter /etc/rc.d/ipfilter quietresync fi if [ -f /etc/rc.d/bridge -a -n "$cmdifn" ] ; then /etc/rc.d/bridge start $cmdifn fi if [ -f /etc/rc.d/routing -a -n "$cmdifn" ] ; then for _if in $cmdifn; do /etc/rc.d/routing static any $_if done fi } netif_stop() { _clone_down=1 _wlan_down=1 netif_stop0 $* } doclear() { _clone_down= _wlan_down= netif_stop0 $* } netif_stop0() { local _if # Set the list of interfaces to work on. # cmdifn=$* # Deconfigure the interface(s) netif_common ifn_stop $cmdifn # Destroy wlan interfaces if [ -n "$_wlan_down" ]; then wlan_down $cmdifn fi # Destroy cloned interfaces if [ -n "$_clone_down" ]; then clone_down $cmdifn fi if [ -f /etc/rc.d/routing -a -n "$cmdifn" ] ; then for _if in $cmdifn; do /etc/rc.d/routing stop any $_if done fi } vnet_up() { cmdifn=$* netif_common ifn_vnetup $cmdifn } vnet_down() { cmdifn=$* netif_common ifn_vnetdown $cmdifn } # netif_common routine # Common configuration subroutine for network interfaces. This # routine takes all the preparatory steps needed for configuriing # an interface and then calls $routine. netif_common() { local _cooked_list _tmp_list _fail _func _ok _str _cmdifn _func= if [ -z "$1" ]; then err 1 "netif_common(): No function name specified." else _func="$1" shift fi # Set the scope of the command (all interfaces or just one). # _cooked_list= _tmp_list= _cmdifn=$* if [ -n "$_cmdifn" ]; then # Don't check that the interface(s) exist. We need to run # the down code even when the interface doesn't exist to # kill off wpa_supplicant. # XXXBED: is this really true or does wpa_supplicant die? # if so, we should get rid of the devd entry _cooked_list="$_cmdifn" else _cooked_list="`list_net_interfaces`" fi # Expand epair[0-9] to epair[0-9][ab]. for ifn in $_cooked_list; do case ${ifn#epair} in [0-9]*[ab]) ;; # Skip epair[0-9]*[ab]. [0-9]*) for _str in $_cooked_list; do case $_str in $ifn) _tmp_list="$_tmp_list ${ifn}a ${ifn}b" ;; *) _tmp_list="$_tmp_list ${ifn}" ;; esac done _cooked_list=${_tmp_list# } ;; esac done _dadwait= _fail= _ok= for ifn in ${_cooked_list# }; do # Skip if ifn does not exist. case $_func in ifn_stop) if ! ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then warn "$ifn does not exist. Skipped." _fail="${_fail} ${ifn}" continue fi ;; esac if ${_func} ${ifn} $2; then _ok="${_ok} ${ifn}" if ipv6if ${ifn} && [ "${ifn}" != "lo0" ]; then _dadwait=1 fi else _fail="${_fail} ${ifn}" fi done # inet6 address configuration needs sleep for DAD. case ${_func}:${_dadwait} in ifn_start:1|ifn_vnetup:1|ifn_vnetdown:1) sleep `${SYSCTL_N} net.inet6.ip6.dad_count` sleep 1 ;; esac _str= if [ -n "${_ok}" ]; then case ${_func} in ifn_start) _str='Starting' ;; ifn_stop) _str='Stopping' ;; ifn_vnetup) _str='Moving' ;; ifn_vnetdown) _str='Reclaiming' ;; esac startmsg "${_str} Network:${_ok}." case ${_func} in ifn_vnetup) # Clear _ok not to do "ifconfig $ifn" # because $ifn is no longer in the current vnet. _ok= ;; esac if check_startmsgs; then for ifn in ${_ok}; do /sbin/ifconfig ${ifn} done fi fi debug "The following interfaces were not configured: $_fail" } # Load the old "network" config file also for compatibility. # This is needed for mfsBSD at least. load_rc_config network load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +netif_svcj="NO" + run_rc_command $* diff --git a/libexec/rc/rc.d/netoptions b/libexec/rc/rc.d/netoptions index 7f57c02f0fb4..0f329a5385cf 100755 --- a/libexec/rc/rc.d/netoptions +++ b/libexec/rc/rc.d/netoptions @@ -1,125 +1,129 @@ #!/bin/sh # # # PROVIDE: netoptions # REQUIRE: FILESYSTEMS # BEFORE: netif # KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr name="netoptions" desc="Network options setup" start_cmd="netoptions_start" stop_cmd=: _netoptions_initdone= netoptions_init() { if [ -z "${_netoptions_initdone}" ]; then echo -n 'Additional TCP/IP options:' _netoptions_initdone=yes fi } netoptions_start() { local _af for _af in inet inet6; do afexists ${_af} && eval netoptions_${_af} done [ -n "${_netoptions_initdone}" ] && echo '.' } netoptions_inet() { case ${log_in_vain} in [12]) netoptions_init echo -n " log_in_vain=${log_in_vain}" ${SYSCTL} net.inet.tcp.log_in_vain=${log_in_vain} >/dev/null ${SYSCTL} net.inet.udp.log_in_vain=${log_in_vain} >/dev/null ;; *) ${SYSCTL} net.inet.tcp.log_in_vain=0 >/dev/null ${SYSCTL} net.inet.udp.log_in_vain=0 >/dev/null ;; esac if checkyesno tcp_extensions; then ${SYSCTL} net.inet.tcp.rfc1323=1 >/dev/null else netoptions_init echo -n " rfc1323 extensions=${tcp_extensions}" ${SYSCTL} net.inet.tcp.rfc1323=0 >/dev/null fi if checkyesno tcp_keepalive; then ${SYSCTL} net.inet.tcp.always_keepalive=1 >/dev/null else netoptions_init echo -n " TCP keepalive=${tcp_keepalive}" ${SYSCTL} net.inet.tcp.always_keepalive=0 >/dev/null fi if checkyesno tcp_drop_synfin; then netoptions_init echo -n " drop SYN+FIN packets=${tcp_drop_synfin}" ${SYSCTL} net.inet.tcp.drop_synfin=1 >/dev/null else ${SYSCTL} net.inet.tcp.drop_synfin=0 >/dev/null fi case ${ip_portrange_first} in [0-9]*) netoptions_init echo -n " ip_portrange_first=$ip_portrange_first" ${SYSCTL} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null ;; esac case ${ip_portrange_last} in [0-9]*) netoptions_init echo -n " ip_portrange_last=$ip_portrange_last" ${SYSCTL} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null ;; esac } netoptions_inet6() { if checkyesno ipv6_ipv4mapping; then netoptions_init echo -n " ipv4-mapped-ipv6=${ipv6_ipv4mapping}" ${SYSCTL} net.inet6.ip6.v6only=0 >/dev/null else ${SYSCTL} net.inet6.ip6.v6only=1 >/dev/null fi if checkyesno ipv6_privacy; then netoptions_init echo -n " IPv6 Privacy Addresses" ${SYSCTL} net.inet6.ip6.use_tempaddr=1 >/dev/null ${SYSCTL} net.inet6.ip6.prefer_tempaddr=1 >/dev/null fi case $ipv6_cpe_wanif in ""|[Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) ${SYSCTL} net.inet6.ip6.no_radr=0 >/dev/null ${SYSCTL} net.inet6.ip6.rfc6204w3=0 >/dev/null ;; *) netoptions_init echo -n " IPv6 CPE WANIF=${ipv6_cpe_wanif}" ${SYSCTL} net.inet6.ip6.no_radr=1 >/dev/null ${SYSCTL} net.inet6.ip6.rfc6204w3=1 >/dev/null ;; esac } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +netoptions_svcj="NO" + run_rc_command $1 diff --git a/libexec/rc/rc.d/netwait b/libexec/rc/rc.d/netwait index 8342a100bd87..3f374806d97c 100755 --- a/libexec/rc/rc.d/netwait +++ b/libexec/rc/rc.d/netwait @@ -1,114 +1,118 @@ #!/bin/sh # # PROVIDE: netwait # REQUIRE: devd ipfw pf routing # KEYWORD: nojail # # The netwait script helps handle two situations: # - Systems with USB or other late-attaching network hardware which # is initialized by devd events. The script waits for all the # interfaces named in the netwait_if list to appear. # - Systems with statically-configured IP addresses in rc.conf(5). # The IP addresses in the netwait_ip list are pinged. The script # waits for any single IP in the list to respond to the ping. If your # system uses DHCP, you should probably use synchronous_dhclient="YES" # in your /etc/rc.conf instead of netwait_ip. # Either or both of the wait lists can be used (at least one must be # non-empty if netwait is enabled). . /etc/rc.subr name="netwait" desc="Wait for network devices or the network being up" rcvar="netwait_enable" start_cmd="${name}_start" stop_cmd=":" netwait_start() { local ip rc count output link wait_if got_if any_error if [ -z "${netwait_if}" ] && [ -z "${netwait_ip}" ]; then err 1 "No interface or IP addresses listed, nothing to wait for" fi if [ ${netwait_timeout} -lt 1 ]; then err 1 "netwait_timeout must be >= 1" fi if [ -n "${netwait_if}" ]; then any_error=0 for wait_if in ${netwait_if}; do echo -n "Waiting for ${wait_if}" link="" got_if=0 count=1 # Handle SIGINT (Ctrl-C); force abort of while() loop trap break SIGINT while [ ${count} -le ${netwait_if_timeout} ]; do if output=`/sbin/ifconfig ${wait_if} 2>/dev/null`; then if [ ${got_if} -eq 0 ]; then echo -n ", interface present" got_if=1 fi link=`expr "${output}" : '.*[[:blank:]]status: \(no carrier\)'` if [ -z "${link}" ]; then echo ', got link.' break fi fi sleep 1 count=$((count+1)) done # Restore default SIGINT handler trap - SIGINT if [ ${got_if} -eq 0 ]; then echo ", wait failed: interface never appeared." any_error=1 elif [ -n "${link}" ]; then echo ", wait failed: interface still has no link." any_error=1 fi done if [ ${any_error} -eq 1 ]; then warn "Continuing with startup, but be aware you may not have " warn "a fully functional networking layer at this point." fi fi if [ -n "${netwait_ip}" ]; then # Handle SIGINT (Ctrl-C); force abort of for() loop trap break SIGINT for ip in ${netwait_ip}; do echo -n "Waiting for ${ip} to respond to ICMP ping" count=1 while [ ${count} -le ${netwait_timeout} ]; do /sbin/ping -t 1 -c 1 -o ${ip} >/dev/null 2>&1 rc=$? if [ $rc -eq 0 ]; then # Restore default SIGINT handler trap - SIGINT echo ', got response.' return fi count=$((count+1)) done echo ', failed: No response from host.' done # Restore default SIGINT handler trap - SIGINT warn "Exhausted IP list. Continuing with startup, but be aware you may" warn "not have a fully functional networking layer at this point." fi } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +netwait_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/newsyslog b/libexec/rc/rc.d/newsyslog index 9434bb8e12ec..9b959bfabe85 100755 --- a/libexec/rc/rc.d/newsyslog +++ b/libexec/rc/rc.d/newsyslog @@ -1,26 +1,30 @@ #!/bin/sh # # # PROVIDE: newsyslog # REQUIRE: FILESYSTEMS mountcritremote . /etc/rc.subr name="newsyslog" desc="Logfile rotation" rcvar="newsyslog_enable" required_files="/etc/newsyslog.conf" command="/usr/sbin/${name}" start_cmd="newsyslog_start" stop_cmd=":" newsyslog_start() { startmsg -n 'Creating and/or trimming log files' ${command} ${rc_flags} startmsg '.' } load_rc_config $name + +# doesn't make sense to run in a svcj: needs to send signals outside the svcj +newsyslog_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfscbd b/libexec/rc/rc.d/nfscbd index 317a41ef8d3b..450de46e0855 100755 --- a/libexec/rc/rc.d/nfscbd +++ b/libexec/rc/rc.d/nfscbd @@ -1,19 +1,21 @@ #!/bin/sh # # # PROVIDE: nfscbd # REQUIRE: NETWORKING nfsuserd # KEYWORD: nojail shutdown . /etc/rc.subr name="nfscbd" desc="NFSv4 client side callback daemon" rcvar="nfscbd_enable" command="/usr/sbin/${name}" sig_stop="USR1" +: ${nfscbd_svcj_options:="net_basic"} + load_rc_config $name run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfsclient b/libexec/rc/rc.d/nfsclient index f475e867b6c9..857cfa02036f 100755 --- a/libexec/rc/rc.d/nfsclient +++ b/libexec/rc/rc.d/nfsclient @@ -1,49 +1,53 @@ #!/bin/sh # # # PROVIDE: nfsclient # REQUIRE: NETWORKING mountcritremote rpcbind # KEYWORD: nojail shutdown . /etc/rc.subr name="nfsclient" desc="NFS client setup" rcvar="nfs_client_enable" start_cmd="nfsclient_start" stop_cmd="unmount_all" required_modules="nfscl:nfs" nfsclient_start() { # # Set some nfs client related sysctls # if [ -n "${nfs_access_cache}" ]; then startmsg "NFS access cache time=${nfs_access_cache}" if ! sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null; then warn "failed to set access cache timeout" fi fi if [ -n "${nfs_bufpackets}" ]; then if ! sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null; then warn "failed to set vfs.nfs.bufpackets" fi fi unmount_all } unmount_all() { # If /var/db/mounttab exists, some nfs-server has not been # successfully notified about a previous client shutdown. # If there is no /var/db/mounttab, we do nothing. if [ -f /var/db/mounttab ]; then rpc.umntall -k fi } load_rc_config $name + +# no unmounting in svcj +nfsclient_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfsd b/libexec/rc/rc.d/nfsd index 86409f0e655f..364c2a3b6bd3 100755 --- a/libexec/rc/rc.d/nfsd +++ b/libexec/rc/rc.d/nfsd @@ -1,64 +1,68 @@ #!/bin/sh # # # PROVIDE: nfsd # REQUIRE: mountcritremote mountd hostname gssd nfsuserd # KEYWORD: nojailvnet shutdown . /etc/rc.subr name="nfsd" desc="Remote NFS server" rcvar="nfs_server_enable" command="/usr/sbin/${name}" nfs_server_vhost="" +: ${nfsd_svcj_options:="net_basic nfsd"} + load_rc_config $name +# precmd is not compatible with svcj +nfsd_svcj="NO" start_precmd="nfsd_precmd" sig_stop="USR1" nfsd_precmd() { local _vhost rc_flags="${nfs_server_flags}" # Load the modules now, so that the vfs.nfsd sysctl # oids are available. load_kld nfsd || return 1 if [ -n "${nfs_server_maxio}" ] && ! check_jail jailed; then if ! sysctl vfs.nfsd.srvmaxio=${nfs_server_maxio} >/dev/null; then warn "Failed to set server max I/O" fi fi if checkyesno nfs_reserved_port_only; then echo 'NFS on reserved port only=YES' sysctl vfs.nfsd.nfs_privport=1 > /dev/null else sysctl vfs.nfsd.nfs_privport=0 > /dev/null fi if checkyesno nfs_server_managegids; then force_depend nfsuserd || err 1 "Cannot run nfsuserd" fi if checkyesno nfsv4_server_enable; then sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null elif ! checkyesno nfsv4_server_only; then echo 'NFSv4 is disabled' sysctl vfs.nfsd.server_max_nfsvers=3 > /dev/null fi if ! checkyesno nfsv4_server_only; then force_depend rpcbind || return 1 fi force_depend mountd || return 1 if [ -n "${nfs_server_vhost}" ]; then command_args="-V \"${nfs_server_vhost}\"" fi } run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfsuserd b/libexec/rc/rc.d/nfsuserd index 297b88dccfcd..3ef88dcc6dfc 100755 --- a/libexec/rc/rc.d/nfsuserd +++ b/libexec/rc/rc.d/nfsuserd @@ -1,28 +1,32 @@ #!/bin/sh # # # PROVIDE: nfsuserd # REQUIRE: NETWORKING # KEYWORD: nojailvnet shutdown . /etc/rc.subr name="nfsuserd" desc="Load user and group information into the kernel for NFSv4 services and support manage-gids for all NFS versions" rcvar="nfsuserd_enable" command="/usr/sbin/${name}" sig_stop="USR1" +: ${nfsuserd_svcj_options:="net_basic nfsd"} + load_rc_config $name +# precmd is not compatible with svcj +nfsuserd_svcj="NO" start_precmd="nfsuserd_precmd" nfsuserd_precmd() { if checkyesno nfs_server_managegids; then rc_flags="-manage-gids ${nfsuserd_flags}" fi return 0 } run_rc_command "$1" diff --git a/libexec/rc/rc.d/nisdomain b/libexec/rc/rc.d/nisdomain index 56fe1a6c5c0b..9616d7be39ac 100755 --- a/libexec/rc/rc.d/nisdomain +++ b/libexec/rc/rc.d/nisdomain @@ -1,54 +1,58 @@ #!/bin/sh # # Copyright (c) 1993 - 2003 The FreeBSD Project. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # PROVIDE: nisdomain # REQUIRE: SERVERS rpcbind # BEFORE: ypset ypbind ypserv ypxfrd . /etc/rc.subr name="nisdomain" desc="Set NIS domain name" start_cmd="nisdomain_start" stop_cmd=":" nisdomain_start() { # Set the domainname if we're using NIS # case ${nisdomainname} in [Nn][Oo]|'') ;; *) domainname ${nisdomainname} echo "Setting NIS domain: `/bin/domainname`." ;; esac } load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +nisdomain_svcj="NO" + run_rc_command "$1" diff --git a/libexec/rc/rc.d/nscd b/libexec/rc/rc.d/nscd index 64421c29358c..611d2d8ddb8f 100755 --- a/libexec/rc/rc.d/nscd +++ b/libexec/rc/rc.d/nscd @@ -1,53 +1,56 @@ #!/bin/sh # # # PROVIDE: nscd # REQUIRE: DAEMON # BEFORE: LOGIN # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf to enable nscd: # # nscd_enable="YES" # # See nscd(8) for flags # . /etc/rc.subr name="nscd" desc="Name-service caching daemon" rcvar="nscd_enable" +# no svcj options needed +: ${nscd_svcj_options:=""} + command=/usr/sbin/nscd extra_commands="flush" flush_cmd="${command} -I all" # usage: _nscd_set_option