rc.d: add a service jails config to all base system services

This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
servic

rc.d: add a service jails config to all base system services

This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.

The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.

The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.

Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision: https://reviews.freebsd.org/D40371

show more ...

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

MFH

Sponsored by: Rubicon Communications, LLC (netgate.com)

Load ipfilter, ipnat, and ippool rules, and start ipmon in a vnet jail.

PR: 248109
Reported by: joeb1@a1poweruser.com
MFC after: 2 weeks

MFHead@r345677

The check for $ippool_rules in start_cmd is tautological.

Reported by: hrs@
MFC after: 13 days
X-MFC with: r345400

Use internal command variables for consistent style.

Reported by: rgrimes@
MFC after: 13 days
X-MFC with: r345400

Add rc.d support for ippool(8).

I've been using ippool at my site for approximately two years. It's
about time this was committed.

PR: 218433
MFC after: 2 weeks