libinit idea
Allan Jude
freebsd at allanjude.com
Sun Feb 23 22:16:55 UTC 2014
On 2014-02-23 17:04, Warner Losh wrote:
>
> On Feb 23, 2014, at 11:17 AM, David Chisnall <theraven at FreeBSD.org> wrote:
>
>> On 23 Feb 2014, at 18:11, Allan Jude <freebsd at allanjude.com> wrote:
>>
>>> sysrc solves this nicely, it is in base now, and is great for
>>> programmatically adding, removing and changing lines in rc.conf style
>>> files. It is also in ports for older versions of FreeBSD where it is not
>>> in base.
>>
>> The problem is, there is no such thing as an rc.conf style file. rc.conf is just a shell script. If you only edit it with sysrc, or you are careful to preserve the structure, then it's fine. There is absolutely nothing stopping you, however, from writing arbitrarily complex shell scripts inside rc.conf. Sure, it's a terrible idea to do so, but when has that ever stopped anyone?
>>
>> An rc-replacement could enforce this by only accepting purely declarative files for configuration, guaranteeing that if they were syntactically valid they would also be machine editable, no matter what the user does to them.
>
> We already have a rc.conf.default. Why not a rc.conf.automation that does that and is added to the list of things to source? Then things like sysrc could operation on that secure in the knowledge that no shell commands could be there, and all bets are off if someone edits it by hand?
>
> Warner
>
This is basically what we do, we have puppet add:
rc_conf_files="/etc/rc.conf /etc/rc.conf.local /etc/rc.conf.scaleengine"
to rc.conf, and then we push our global config to the .scaleengine file
--
Allan Jude
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20140223/56a12304/attachment.sig>
More information about the freebsd-current
mailing list