From nobody Mon May 22 18:25:04 2023
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QQ5TX5jTBz4CJ0P;
	Mon, 22 May 2023 18:25:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QQ5TX29Lrz3vK0;
	Mon, 22 May 2023 18:25:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1684779904;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=u7BcREEELk6ZJRe59ne8jbM/EA+mQlDskBuX79qaRGQ=;
	b=Li8iWZtt7L/u4naOEMiRC79YeI8bZ1mb5HhltvvMr1iNxZw/xTXu7sRPhWKy2HnJd7UBcD
	9V9uoI8+57MZ40B/w3KTUykPzPCCXgNjfZnVAOKM6fX/Tu87dsencg7rn6ld41iGIiauzC
	noYOFiztBGrKO/kDzfxC70Q3MjWJAyj75gJ28x+XnPMC0r1JLf9Uti2eyvy82dFRx5J9dr
	wj9cA+eNMXfNFYP9o07MWwAGnIh4CDEvjnpF1yFGEMSGrtZsnBuhf6TaUi/Gs35VwzHnid
	r6r0tyv0enP3si0NiteP6EFDFLQdHBURg6nH2DCbMmX5YwfVPrduYiBBZVxy8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1684779904;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=u7BcREEELk6ZJRe59ne8jbM/EA+mQlDskBuX79qaRGQ=;
	b=w5jQYo5oYD0U2pn3VI4r4Q+8/lMWdUAZPJKQDH8BY3f5XHCklrcQsNcscNrdTT3It2h1bL
	SWYcK3Y01q7mQsw4Rldbk7Dzte3uT41C/QwhpxiLBTfh9Gz1pzovRRzhnnicQFLc2hQlFH
	ZJiu6JCEHD9kAXyld4J1vfOHjVBp03Oj1vf2RVqKMoiILvapD6F9ERmo8AtovS5xRWH/4o
	r1ojBOQCjpAUKU1z7tnujG11V/rrbv2O8eYT2H8fTaWW4ZS07utxWqPBH5V4THupd+tUjM
	yqXG97N0TK1KYHnoGyB7+YTlQJCU/NN11wpwmCe9L07SZGlIykL6pk0n80Ytzg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684779904; a=rsa-sha256; cv=none;
	b=Ku3UQj1MsYsx8EwHULD4b1FRDelw/Si8EVmEQwKC+Sng889vx6sTRzelfao4oisjMIxfcX
	Q6QYV/aQZ7ToBe1jUgYHfh9T6fYM8hKqhwc+ySM9CQ7xxjv3WN/T1zYwERw4tXZbN1SWbi
	+D9kCPQH4/zblG/WmeQ1FOav2mpP1/B9qmUn65nFDJg4iwUZ7ybGZYV0M2LUwtxJNzStFl
	x2lIYISnhDF73PxOzuOei/2j4XO5LaKjr0rpVULXwfc/CS26DwQwwc0C/wnJqRdXV8qSm7
	/NAlJMS0Pyj5R/rgS+AwAlsQF5eWbUPurFKWLSVI4atCI8nMgRSgrrByZ4b3xw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QQ5TX1CyvzSKr;
	Mon, 22 May 2023 18:25:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34MIP4O6038004;
	Mon, 22 May 2023 18:25:04 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34MIP40N038003;
	Mon, 22 May 2023 18:25:04 GMT
	(envelope-from git)
Date: Mon, 22 May 2023 18:25:04 GMT
Message-Id: <202305221825.34MIP40N038003@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 5d574146b0b2 - stable/13 - rc.d: Fix NFS server startup scripts to enable vnet prison use
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-branches@freebsd.org
X-BeenThere: dev-commits-src-branches@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 5d574146b0b299b64cf07fff8aee4182b7729709
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=5d574146b0b299b64cf07fff8aee4182b7729709

commit 5d574146b0b299b64cf07fff8aee4182b7729709
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-03-12 21:34:25 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-22 18:23:58 +0000

    rc.d: Fix NFS server startup scripts to enable vnet prison use
    
    Now that commit cbbb22031f9b is in main,
    it is possible to run nfsd(8), nfsuserd(8), mountd(8),
    gssd(8) and rpc.tlsservd(8) in an appropriately configured vnet
    prison if the "allow.nfsd" option is specified in jail.conf.
    
    This patch fixes the rc scripts for this.
    Mostly just replaces the "nojail" KEYWORD with "nojailvnet",
    but also avoids setting vfs.nfsd.srvmaxio in a prison, since it
    must be set outside of the prisons and applies to all
    nfsd(8) instances.
    
    (cherry picked from commit 0bb08f21cc5c62d0e2dfcea500521fa801058dd3)
---
 libexec/rc/rc.d/gssd     | 2 +-
 libexec/rc/rc.d/mountd   | 2 +-
 libexec/rc/rc.d/nfsd     | 4 ++--
 libexec/rc/rc.d/nfsuserd | 2 +-
 libexec/rc/rc.d/tlsservd | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/libexec/rc/rc.d/gssd b/libexec/rc/rc.d/gssd
index 79dbf10ca575..8d67a3689b3c 100755
--- a/libexec/rc/rc.d/gssd
+++ b/libexec/rc/rc.d/gssd
@@ -6,7 +6,7 @@
 # PROVIDE: gssd
 # REQUIRE: root mountcritlocal NETWORKING kdc
 # BEFORE: mountcritremote
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
diff --git a/libexec/rc/rc.d/mountd b/libexec/rc/rc.d/mountd
index d75416736245..69391fe78e47 100755
--- a/libexec/rc/rc.d/mountd
+++ b/libexec/rc/rc.d/mountd
@@ -5,7 +5,7 @@
 
 # PROVIDE: mountd
 # REQUIRE: NETWORKING rpcbind quota mountlate
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
diff --git a/libexec/rc/rc.d/nfsd b/libexec/rc/rc.d/nfsd
index b746cf7cea9d..6c2d5c22d963 100755
--- a/libexec/rc/rc.d/nfsd
+++ b/libexec/rc/rc.d/nfsd
@@ -5,7 +5,7 @@
 
 # PROVIDE: nfsd
 # REQUIRE: mountcritremote mountd hostname gssd nfsuserd
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
@@ -28,7 +28,7 @@ nfsd_precmd()
 	# oids are available.
 	load_kld nfsd || return 1
 
-	if [ -n "${nfs_server_maxio}" ]; then
+	if [ -n "${nfs_server_maxio}" ] && ! check_jail jailed; then
 		if ! sysctl vfs.nfsd.srvmaxio=${nfs_server_maxio} >/dev/null; then
 			warn "Failed to set server max I/O"
 		fi
diff --git a/libexec/rc/rc.d/nfsuserd b/libexec/rc/rc.d/nfsuserd
index 804b1243a4c4..6c9293a52c09 100755
--- a/libexec/rc/rc.d/nfsuserd
+++ b/libexec/rc/rc.d/nfsuserd
@@ -5,7 +5,7 @@
 
 # PROVIDE: nfsuserd
 # REQUIRE: NETWORKING
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
diff --git a/libexec/rc/rc.d/tlsservd b/libexec/rc/rc.d/tlsservd
index cca28ed60ffe..95a62060fe32 100755
--- a/libexec/rc/rc.d/tlsservd
+++ b/libexec/rc/rc.d/tlsservd
@@ -6,7 +6,7 @@
 # PROVIDE: tlsservd
 # REQUIRE: NETWORKING root mountcritlocal sysctl
 # BEFORE: nfsd
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr