svn commit: r340322 - head/usr.sbin/periodic/etc/weekly

[Eugene Grosbein]

Author: eugen
Date: Sat Nov 10 14:21:26 2018
New Revision: 340322
URL: https://svnweb.freebsd.org/changeset/base/340322

Log:
  Prevent periodic/etc/weekly/340.noid from descending into root directories
  of jails. Jails have their own user/group databases and this script
  can produce multiple false warnings, not to mention significant extra
  load in case of large jailed subtrees. Leave this check for jailed
  invocations of the same script.
  
  MFC after:	1 month

Modified:
  head/usr.sbin/periodic/etc/weekly/340.noid

Modified: head/usr.sbin/periodic/etc/weekly/340.noid
==============================================================================
--- head/usr.sbin/periodic/etc/weekly/340.noid	Sat Nov 10 14:11:54 2018	(r340321)
+++ head/usr.sbin/periodic/etc/weekly/340.noid	Sat Nov 10 14:21:26 2018	(r340322)
@@ -16,8 +16,26 @@ case "$weekly_noid_enable" in
 	echo ""
 	echo "Check for files with an unknown user or group:"
 
+	# Host should not test jailed subtrees as jails have their own
+	# databases of users and groups. Leave them for jailed invocations
+	# of this script.
+
+	exclude=''
+	if [ $(sysctl -n security.jail.jailed) = 0 ]; then
+	    sep=:
+	    OIFS="$IFS"
+	    IFS="$sep"
+	    for param in $(jail -f "`syscrc jail_conf`" -e "$sep")
+	    do
+		case "$param" in
+		    path=*) exclude="$exclude -path ${param#path=} -prune -or"
+		esac
+	    done
+	    IFS="$OIFS"
+	fi
+
 	rc=$(find -H ${weekly_noid_dirs:-/} \
-	    \( ! -fstype local -prune -or -name \* \) -and \
+	    \( $exclude ! -fstype local -prune -or -name \* \) -and \
 	    \( -nogroup -o -nouser \) -print | sed 's/^/  /' |
 	    tee /dev/stderr | wc -l)
 	[ $rc -gt 1 ] && rc=1