git: 34380bc26770 - stable/12 - rc.conf(5): Add _limits, _login_class, and _oomprotect

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mateusz Piotrowski <0mp_at_FreeBSD.org>
Date: Fri, 22 Jul 2022 00:27:59 UTC
The branch stable/12 has been updated by 0mp (doc, ports committer):

URL: https://cgit.FreeBSD.org/src/commit/?id=34380bc2677090a126e65b57512e220a8b06f660

commit 34380bc2677090a126e65b57512e220a8b06f660
Author:     Daniel Ebdrup Jensen <debdrup@FreeBSD.org>
AuthorDate: 2021-05-18 12:46:41 +0000
Commit:     Mateusz Piotrowski <0mp@FreeBSD.org>
CommitDate: 2022-07-22 00:19:40 +0000

    rc.conf(5): Add _limits, _login_class, and _oomprotect
    
    Add a few very useful variables that might easily be overlooked, since
    they're only documented in rc.subr(8) which might not be the first place
    that people look.
    
    At least _oomprotect has existed since 11.0-RELEASE, and doesn't appear
    to be very well-known. While the others aren't as new, in my estimation,
    a lot more people would use them if they knew about them.
    
    While here, also add a reference to rc.subr(8) and login.conf(5), and
    sort the variables alphabetically.
    
    Reported by:    Daniel Dettlaff <dmilith at gmail.com>
    Reviewed by:    ceri, gbe, 0mp, ygy, a.wolk, pauamma
    
    (cherry picked from commit bd6dce978c1a4d4472c98ff5685de3c2f2bd0203)
---
 share/man/man5/rc.conf.5 | 49 ++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 41 insertions(+), 8 deletions(-)

diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 060fcc5ed6e3..fcc8ee5a4a89 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -187,24 +187,53 @@ services are enabled that utilize the force_depend check.
 .Pq Vt str
 .Xr chroot 8
 to this directory before running the service.
-.It Ao Ar name Ac Ns Va _user
-.Pq Vt str
-Run the service under this user account.
-.It Ao Ar name Ac Ns Va _group
-.Pq Vt str
-Run the chrooted service under this system group.
-Unlike the _user
-setting, this setting has no effect if the service is not chrooted.
 .It Ao Ar name Ac Ns Va _fib
 .Pq Vt int
 The
 .Xr setfib 1
 value to run the service under.
+.It Ao Ar name Ac Ns Va _group
+.Pq Vt str
+Run the chrooted service under this system group.
+Unlike the
+.Ao Ar name Ac Ns Va _user
+setting, this setting has no effect if the service is not chrooted.
+.It Ao Ar name Ac Ns Va _limits
+.Pq Vt str
+Resource limits to apply to the service using
+.Xr limits 1 .
+By default, resource limits are based on the login class defined in
+.Ao Ar name Ac Ns Va _login_class .
+.It Ao Ar name Ac Ns Va _login_class
+.Pq Vt str
+Login class to be used with
+.Ao Ar name Ac Ns Va _limits .
+Defaults to
+.Dq Li daemon .
 .It Ao Ar name Ac Ns Va _nice
 .Pq Vt int
 The
 .Xr nice 1
 value to run the service under.
+.It Ao Ar name Ac Ns Va _oomprotect
+Use
+.Xr protect 1
+to prevent the service from being killed when swap space
+is exhausted.
+Use
+.Dq Li YES
+to protect only the service itself, and
+.Dq Li ALL
+to protect the service and all child processes.
+.Pp
+Please note rc scripts that redefine
+.Bd
+${name}_cmd
+.Ed
+such as PostgreSQL will not a inherit the OOM killer protection.
+.It Ao Ar name Ac Ns Va _user
+.Pq Vt str
+Run the service under this user account.
 .It Va apm_enable
 .Pq Vt bool
 If set to
@@ -4609,6 +4638,8 @@ files.
 .Xr gdb 1 ,
 .Xr info 1 ,
 .Xr kbdcontrol 1 ,
+.Xr limits 1 ,
+.Xr protect 1 ,
 .Xr sh 1 ,
 .Xr vi 1 ,
 .Xr vidcontrol 1 ,
@@ -4630,6 +4661,7 @@ files.
 .Xr ipnat 5 ,
 .Xr jail.conf 5 ,
 .Xr loader.conf 5 ,
+.Xr login.conf 5 ,
 .Xr motd 5 ,
 .Xr newsyslog.conf 5 ,
 .Xr pf.conf 5 ,
@@ -4676,6 +4708,7 @@ files.
 .Xr quotaon 8 ,
 .Xr rc 8 ,
 .Xr rc.sendmail 8 ,
+.Xr rc.subr 8 ,
 .Xr rfcomm_pppd 8 ,
 .Xr route 8 ,
 .Xr routed 8 ,