git: 0268d03ba195 - main - svcj: add "routing" option
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 12 May 2025 22:27:19 UTC
The branch main has been updated by ivy:
URL: https://cgit.FreeBSD.org/src/commit/?id=0268d03ba1955c5cc3cbef9a86691718e516a77c
commit 0268d03ba1955c5cc3cbef9a86691718e516a77c
Author: Lexi Winter <ivy@FreeBSD.org>
AuthorDate: 2025-05-11 02:01:10 +0000
Commit: Lexi Winter <ivy@FreeBSD.org>
CommitDate: 2025-05-12 22:25:45 +0000
svcj: add "routing" option
"routing" enables the jail allow.routing permission, which allows the jail to
modify the system routing table. this can be used to run routing daemons
(e.g., BIRD) in a service jail.
Reviewed by: jamie, des
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D49844
---
libexec/rc/rc.subr | 3 +++
share/man/man5/rc.conf.5 | 4 +++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr
index c74cbcef9d62..2261ab0461e1 100644
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@@ -1259,6 +1259,9 @@ run_rc_command()
nfsd)
_svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}"
;;
+ routing)
+ _svcj_cmd_options="allow.routing ${_svcj_cmd_options}"
+ ;;
settime)
_svcj_cmd_options="allow.settime ${_svcj_cmd_options}"
;;
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 7dbea16d51f9..4b15db07a129 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd May 6, 2025
+.Dd May 11, 2025
.Dt RC.CONF 5
.Os
.Sh NAME
@@ -5019,6 +5019,8 @@ allows to open raw sockets, and allows to open sockets of protocol stacks that
have not had jail functionality added to them.
.It nfsd
Allows to run nfsd and affiliated daemons.
+.It routing
+Allows to modify the system routing table.
.It settime
Allows to set and slew the system time.
.It sysvipc