git: a70ecfb11757 - main - rc.subr: add new sysv option for service jails
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 14 Jun 2024 18:15:50 UTC
The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=a70ecfb11757812cd97b6499dc4b73984c310681 commit a70ecfb11757812cd97b6499dc4b73984c310681 Author: Alexander Leidinger <netchild@FreeBSD.org> AuthorDate: 2024-06-14 18:05:52 +0000 Commit: Alexander Leidinger <netchild@FreeBSD.org> CommitDate: 2024-06-14 18:15:45 +0000 rc.subr: add new sysv option for service jails Clarify that the "sysvipc" svcj option inherits from the host / parent. Add "sysvipcnew" which creates a new SysV namespace for the service jail. Sanity check that only one of them is used. --- libexec/rc/rc.subr | 11 +++++++++++ share/man/man5/rc.conf.5 | 8 ++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index 2380d1aeabc3..f9d8bf9a3cc3 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -1219,6 +1219,7 @@ run_rc_command() if [ -n "$_svcj_options" ]; then # translate service jail options _svcj_cmd_options="" + _svcj_sysvipc_x=0 for _svcj_option in $_svcj_options; do case "$_svcj_option" in mlock) @@ -1243,8 +1244,13 @@ run_rc_command() _svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}" ;; sysvipc) + _svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1)) _svcj_cmd_options="sysvmsg=inherit sysvsem=inherit sysvshm=inherit ${_svcj_cmd_options}" ;; + sysvipcnew) + _svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1)) + _svcj_cmd_options="sysvmsg=new sysvsem=new sysvshm=new ${_svcj_cmd_options}" + ;; vmm) _svcj_cmd_options="allow.vmm ${_svcj_cmd_options}" ;; @@ -1253,6 +1259,11 @@ run_rc_command() ;; esac done + if [ ${_svcj_sysvipc_x} -gt 1 ]; then + echo -n "ERROR: more than one sysvipc option is " + echo "specified in ${name}_svcj_options: $_svcj_options" + return 1 + fi fi [ -z "$autoboot" ] && eval $_pidcmd # determine the pid if necessary diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index 9f32cfa5ab82..3fa20fe3cf0c 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -4977,8 +4977,11 @@ to them. .It nfsd Allows to run nfsd and affiliated daemons. .It sysvipc -Allows access to SysV semaphores, SysV shared memory and -SysV messages. +Inherits the SysV semaphores, SysV shared memory and +SysV messages from the host or the parent jail. +.It sysvipcnew +Creates a new namespace for SysV semaphores, SysV shared memory +and SysV messages for this particular service jail. .It vmm Allows access to .Xr vmm 4 . @@ -4988,6 +4991,7 @@ is enabled in the kernel. .El All non-network options can be combined with all other options. +From the SysV options only one option can be specified. If the .Ao Ar name Ac Ns Va _svcj