git: a70ecfb11757 - main - rc.subr: add new sysv option for service jails

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Alexander Leidinger <netchild_at_FreeBSD.org>
Date: Fri, 14 Jun 2024 18:15:50 UTC
The branch main has been updated by netchild:

URL: https://cgit.FreeBSD.org/src/commit/?id=a70ecfb11757812cd97b6499dc4b73984c310681

commit a70ecfb11757812cd97b6499dc4b73984c310681
Author:     Alexander Leidinger <netchild@FreeBSD.org>
AuthorDate: 2024-06-14 18:05:52 +0000
Commit:     Alexander Leidinger <netchild@FreeBSD.org>
CommitDate: 2024-06-14 18:15:45 +0000

    rc.subr: add new sysv option for service jails
    
    Clarify that the "sysvipc" svcj option inherits from the host / parent.
    Add "sysvipcnew" which creates a new SysV namespace for the service
    jail.
    Sanity check that only one of them is used.
---
 libexec/rc/rc.subr       | 11 +++++++++++
 share/man/man5/rc.conf.5 |  8 ++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr
index 2380d1aeabc3..f9d8bf9a3cc3 100644
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@@ -1219,6 +1219,7 @@ run_rc_command()
 	if [ -n "$_svcj_options" ]; then	# translate service jail options
 		_svcj_cmd_options=""
 
+		_svcj_sysvipc_x=0
 		for _svcj_option in $_svcj_options; do
 			case "$_svcj_option" in
 				mlock)
@@ -1243,8 +1244,13 @@ run_rc_command()
 					_svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}"
 					;;
 				sysvipc)
+					_svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1))
 					_svcj_cmd_options="sysvmsg=inherit sysvsem=inherit sysvshm=inherit  ${_svcj_cmd_options}"
 					;;
+				sysvipcnew)
+					_svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1))
+					_svcj_cmd_options="sysvmsg=new sysvsem=new sysvshm=new ${_svcj_cmd_options}"
+					;;
 				vmm)
 					_svcj_cmd_options="allow.vmm ${_svcj_cmd_options}"
 					;;
@@ -1253,6 +1259,11 @@ run_rc_command()
 					;;
 			esac
 		done
+		if [ ${_svcj_sysvipc_x} -gt 1 ]; then
+			echo -n "ERROR: more than one sysvipc option is "
+			echo "specified in ${name}_svcj_options: $_svcj_options"
+			return 1
+		fi
 	fi
 
 	[ -z "$autoboot" ] && eval $_pidcmd	# determine the pid if necessary
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 9f32cfa5ab82..3fa20fe3cf0c 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -4977,8 +4977,11 @@ to them.
 .It nfsd
 Allows to run nfsd and affiliated daemons.
 .It sysvipc
-Allows access to SysV semaphores, SysV shared memory and
-SysV messages.
+Inherits the SysV semaphores, SysV shared memory and
+SysV messages from the host or the parent jail.
+.It sysvipcnew
+Creates a new namespace for SysV semaphores, SysV shared memory
+and SysV messages for this particular service jail.
 .It vmm
 Allows access to
 .Xr vmm 4 .
@@ -4988,6 +4991,7 @@ is enabled in the kernel.
 .El
 
 All non-network options can be combined with all other options.
+From the SysV options only one option can be specified.
 
 If the
 .Ao Ar name Ac Ns Va _svcj