git: 6ec2f0d74b22 - stable/12 - rc.d: unbreak sysctl lastload

Eugene Grosbein eugen at FreeBSD.org
Fri Jul 16 06:37:49 UTC 2021 

The branch stable/12 has been updated by eugen:

URL: https://cgit.FreeBSD.org/src/commit/?id=6ec2f0d74b22f857530b87ce8db153831fff1cca

commit 6ec2f0d74b22f857530b87ce8db153831fff1cca
Author:     Eugene Grosbein <eugen at FreeBSD.org>
AuthorDate: 2021-05-19 13:02:31 +0000
Commit:     Eugene Grosbein <eugen at FreeBSD.org>
CommitDate: 2021-07-16 06:37:04 +0000

    rc.d: unbreak sysctl lastload
    
    /etc/rc.d/securelevel is supposed to run /etc/rc.d/sysctl lastload
    late at boot time to apply /etc/sysctl.conf settings that fail
    to apply early. However, this does not work in default configuration
    because of kern_securelevel_enable="NO" by default.
    
    Add new script /etc/rc.d/sysctl_lastload that starts unconditionally.
    
    Reported by:    Marek Zarychta
    MFC after:      1 month
    
    (cherry picked from commit f4b38c360e63a6e66245efedbd6c070f9c0aee55)
---
 libexec/rc/rc.d/securelevel     |  6 +-----
 libexec/rc/rc.d/sysctl_lastload | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/libexec/rc/rc.d/securelevel b/libexec/rc/rc.d/securelevel
index 24dbf269df3f..8bb09dd920bd 100755
--- a/libexec/rc/rc.d/securelevel
+++ b/libexec/rc/rc.d/securelevel
@@ -4,7 +4,7 @@
 #
 
 # PROVIDE: securelevel
-# REQUIRE: adjkerntz ipfw pf
+# REQUIRE: adjkerntz ipfw pf sysctl_lastload
 
 . /etc/rc.subr
 
@@ -14,10 +14,6 @@ rcvar='kern_securelevel_enable'
 start_cmd="securelevel_start"
 stop_cmd=":"
 
-# Last chance to set sysctl variables that failed the first time.
-#
-/etc/rc.d/sysctl lastload
-
 securelevel_start()
 {
 	if [ ${kern_securelevel} -ge 0 ]; then
diff --git a/libexec/rc/rc.d/sysctl_lastload b/libexec/rc/rc.d/sysctl_lastload
new file mode 100755
index 000000000000..22aafd96d051
--- /dev/null
+++ b/libexec/rc/rc.d/sysctl_lastload
@@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: sysctl_lastload
+# REQUIRE: LOGIN
+# BEFORE:  jail
+
+. /etc/rc.subr
+
+name="sysctl_lastload"
+desc="Last chance to set sysctl variables that failed the first time."
+start_cmd="/etc/rc.d/sysctl lastload"
+stop_cmd=":"
+
+load_rc_config $name
+run_rc_command "$1"

More information about the dev-commits-src-all mailing list