From nobody Fri Jun 14 18:15:50 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W16sL2LsRz5PHGm; Fri, 14 Jun 2024 18:15:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4W16sL1nYvz4CYY; Fri, 14 Jun 2024 18:15:50 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718388950; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=X8wRIYMY4RvyhHAeBkzs7jqUnQBxPbb5Fd5h5zZY6lo=; b=b4BwI13pRsbC6tARR8r/GwLllTHkwyEb+WCCswyAgfBbqE6/k/XAIjOrP3Oua9UMgMNOIK slU3n3FvrTpHaiA+mz3U8MfhAgFnav14OtmVYlBv/FIzv6la7iWfpxQR3DsN6zorVW4SMs ebWg0rhtQ3i0fEmjI8GFbiFeJR3VZ9EaNt7rkkO+gLT224oMkE+lbXov9/wMcuhxqwb+yu 2d9gFvo8Kz6UPCXpTw/OeYM0GBiVXaykQMGPXooB7KI6v7hMhJQ8s/fKn8QRF3Q6ULCZVH 9eNNzj6H5qvgRTRPBC7yanLlHZl7Ya2XYRLfM7HM8ka92ZNEK3MQRAIgdejCsA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1718388950; a=rsa-sha256; cv=none; b=rwVtZWS23ObzG/jNeDx+WpIbOII7zzpsystn+uijkurImoZKENh4pAMY6gNQ3uVtc70eBQ PVWNxCli8qINByZJUyQBRHDJOJYGkryrj+uyIKy8oPNRM0yU/CgpAfQRJAnGSDEacMIho9 pPcY/dG549LpUJp47TWEcRbKNs7JEhAiNOvm48r+ceooTZGRDzvQP5tCMR+PhXVdBDFaoW trF0ofIfA9bSiJoDvjrfuJPGAO1dtYC8oapMX7WATlg0XyiZDHAop9oyaEtGIkUDuZrSOK xCnO+oDL9NwrSopVVDVmG2bgzkol0uj4pcY4/3toAbowibZ8Mkmv2oJXimcAiA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1718388950; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=X8wRIYMY4RvyhHAeBkzs7jqUnQBxPbb5Fd5h5zZY6lo=; b=AS8da1LC51ERZWwev0mUvM1g5L9LbbfWlJgym1H7Biqiq2aDkLFgS0vtUU7ZirKK6ZxieQ KVM0Iv4x7O1ZV73mFcVJ+i6YNZoXfC9BQuQZMREkowtJArqdN37yjEOWUDJEsEI/6zWJ/G 5t2XzNARqA6p66m+4AFsDujDY+87WR/7RINceXAwvMNWPmS9MzLx78XFwM2tMlmur8rBM2 /D3Vx3JuB5GsXA6tDOTFrMn/N/wECZ7HJ9Rkt9Wj6DZqKway29A3qSYcSN4zXNI3iGyD9I +TLofSWLJZlOQxezwXzY1ElbalIFTACakpBESmSkkCgxigU6UAVR9OPxIgtJFQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4W16sL15SFzX15; Fri, 14 Jun 2024 18:15:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 45EIFoO1070407; Fri, 14 Jun 2024 18:15:50 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 45EIFon3070404; Fri, 14 Jun 2024 18:15:50 GMT (envelope-from git) Date: Fri, 14 Jun 2024 18:15:50 GMT Message-Id: <202406141815.45EIFon3070404@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Alexander Leidinger Subject: git: a70ecfb11757 - main - rc.subr: add new sysv option for service jails List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: netchild X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a70ecfb11757812cd97b6499dc4b73984c310681 Auto-Submitted: auto-generated The branch main has been updated by netchild: URL: https://cgit.FreeBSD.org/src/commit/?id=a70ecfb11757812cd97b6499dc4b73984c310681 commit a70ecfb11757812cd97b6499dc4b73984c310681 Author: Alexander Leidinger AuthorDate: 2024-06-14 18:05:52 +0000 Commit: Alexander Leidinger CommitDate: 2024-06-14 18:15:45 +0000 rc.subr: add new sysv option for service jails Clarify that the "sysvipc" svcj option inherits from the host / parent. Add "sysvipcnew" which creates a new SysV namespace for the service jail. Sanity check that only one of them is used. --- libexec/rc/rc.subr | 11 +++++++++++ share/man/man5/rc.conf.5 | 8 ++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index 2380d1aeabc3..f9d8bf9a3cc3 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -1219,6 +1219,7 @@ run_rc_command() if [ -n "$_svcj_options" ]; then # translate service jail options _svcj_cmd_options="" + _svcj_sysvipc_x=0 for _svcj_option in $_svcj_options; do case "$_svcj_option" in mlock) @@ -1243,8 +1244,13 @@ run_rc_command() _svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}" ;; sysvipc) + _svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1)) _svcj_cmd_options="sysvmsg=inherit sysvsem=inherit sysvshm=inherit ${_svcj_cmd_options}" ;; + sysvipcnew) + _svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1)) + _svcj_cmd_options="sysvmsg=new sysvsem=new sysvshm=new ${_svcj_cmd_options}" + ;; vmm) _svcj_cmd_options="allow.vmm ${_svcj_cmd_options}" ;; @@ -1253,6 +1259,11 @@ run_rc_command() ;; esac done + if [ ${_svcj_sysvipc_x} -gt 1 ]; then + echo -n "ERROR: more than one sysvipc option is " + echo "specified in ${name}_svcj_options: $_svcj_options" + return 1 + fi fi [ -z "$autoboot" ] && eval $_pidcmd # determine the pid if necessary diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index 9f32cfa5ab82..3fa20fe3cf0c 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -4977,8 +4977,11 @@ to them. .It nfsd Allows to run nfsd and affiliated daemons. .It sysvipc -Allows access to SysV semaphores, SysV shared memory and -SysV messages. +Inherits the SysV semaphores, SysV shared memory and +SysV messages from the host or the parent jail. +.It sysvipcnew +Creates a new namespace for SysV semaphores, SysV shared memory +and SysV messages for this particular service jail. .It vmm Allows access to .Xr vmm 4 . @@ -4988,6 +4991,7 @@ is enabled in the kernel. .El All non-network options can be combined with all other options. +From the SysV options only one option can be specified. If the .Ao Ar name Ac Ns Va _svcj