rc.d: add a service jails config to all base system services

This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
servic

rc.d: add a service jails config to all base system services

This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.

The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.

The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.

Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision: https://reviews.freebsd.org/D40371

show more ...

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

ipfw: reload sysctl.conf variables if needed

Currently ipfw has multiple components that are not parts
of GENERIC kernel like dummynet etc. They can bring in important
sysctls if enabled with rc.con

ipfw: reload sysctl.conf variables if needed

Currently ipfw has multiple components that are not parts
of GENERIC kernel like dummynet etc. They can bring in important
sysctls if enabled with rc.conf(5) and loaded with ipfw startup script
by means of "required_modules" after initial consult
with /etc/sysctl.conf at boot time. Here is an example of one
increasing limit for dummynet hold queues that defaults to 100:

net.inet.ip.dummynet.pipe_slot_limit=1000

This makes it possible to use ipfw/dummynet rules such as:

ipfw pipe 1 config bw 50Mbit/s queue 1000

Such rule is rejected unless above sysctl is applied.
Another example is a group of net.inet.ip.alias.* sysctls
created after libalias.ko loaded as dependency of ipfw_nat.

This is not a problem if corresponding code compiled in custom kernel
so sysctls exist when sysctl.conf is read early or kernel modules
loaded with a loader. This change makes it work also for GENERIC
and modules loaded by means of rc.conf(5) settings.

MFC after: 1 month

show more ...

service/ipfw: Silence warning on restart

Once the ipfw0 interface has been created, ifconfig(8) create will
throw a warning: ifconfig: create: bad value' when trying to create it
again.

PR: 241013

service/ipfw: Silence warning on restart

Once the ipfw0 interface has been created, ifconfig(8) create will
throw a warning: ifconfig: create: bad value' when trying to create it
again.

PR: 241013
Submitted by: Jose Luis Duran
Approved by: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D30083

show more ...

Fix the ipfw service status output when ipfw.ko isn't loaded

Reported by: lme
Reviewed by: lme
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D27657

Remove excess spaces from rc.d scripts

The space between words is already being echoed by the space between quoted strings:

% echo 'foo' 'bar'
foo bar

% echo 'foo' ' baz'
foo baz

Remove excess spaces from rc.d scripts

The space between words is already being echoed by the space between quoted strings:

% echo 'foo' 'bar'
foo bar

% echo 'foo' ' baz'
foo baz

Found in `ipfw` and `mountlate` messages.

PR: 247948
Submitted by: Jose Luis Duran <jlduran@gmail.com>
MFC after: 2 weeks
Sponsored by: Klara Inc.

show more ...

Merge ^/head r356931 through r357118.

libexec/rc/rc.d/ipfw: style fix after r356943

Also, make sure it does not break for systems without ipfw code loaded.

MFC after: 1 months
X-MFC-with: 356943

Correct "service ipfw status" for INET6-only systems.

MFC after: 1 month

MFHead@r345677

Add ability to automatically load ipfw_nat64, ipfw_nptv6 and ipfw_pmod
modules by declaring corresponding variables in rc.conf. Also document
them in rc.conf(5).

Submitted by: Dries Michiels
Differe

Add ability to automatically load ipfw_nat64, ipfw_nptv6 and ipfw_pmod
modules by declaring corresponding variables in rc.conf. Also document
them in rc.conf(5).

Submitted by: Dries Michiels
Differential Revision: https://reviews.freebsd.org/D19673

show more ...

Merge ^/head r339015 through r339669.

Move the rc framework out of sbin/init into libexec/rc.

The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update bec

Move the rc framework out of sbin/init into libexec/rc.

The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update because an rc script was touched.
(a follow-up commit will make init its own package)
* having rc in its own place will allow more easy replacement
of the rc framework with alternatives, such as openrc.

Discussed with: brd (during BSDCam), kmoore
Requested by: cem, bz
PR: 231522
Approved by: re (gjb)

show more ...