| #
f99f0ee1 |
| 22-May-2024 |
Alexander Leidinger <netchild@FreeBSD.org> |
rc.d: add a service jails config to all base system services
This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
servic
rc.d: add a service jails config to all base system services
This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.
The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.
The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.
Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision: https://reviews.freebsd.org/D40371
show more ...
|
|
Revision tags: release/13.3.0, release/14.0.0 |
|
| #
d0b2dbfa |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
|
Revision tags: release/13.2.0, release/12.4.0 |
|
| #
7ed279f5 |
| 04-Sep-2022 |
Gordon Bergling <gbe@FreeBSD.org> |
ntpd(8): Correct a typo in comment of the rc script
- s/the the/the/
MFC after: 3 days
|
| #
1442fed7 |
| 14-Jun-2022 |
John Baldwin <jhb@FreeBSD.org> |
rc.d/ntpd: Restart ntpd when resuming from sleep.
ntpd does not always gracefully handle clock steps during resume.
This is probably most useful in conjunction with
ntpd_sync_on_start=YES which will
rc.d/ntpd: Restart ntpd when resuming from sleep.
ntpd does not always gracefully handle clock steps during resume.
This is probably most useful in conjunction with
ntpd_sync_on_start=YES which will work around any clock skew while
suspended.
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D35479
show more ...
|
|
Revision tags: release/13.1.0 |
|
| #
c6806434 |
| 18-Jan-2022 |
Cy Schubert <cy@FreeBSD.org> |
rc.d/ntp: Ensure ntpd.leap-seconds.list is readable by ntpd
When a use sets umask in login.conf(5) to 027 or 077 a subsequently
fetched /var/db/ntpd.leap-seconds.list will inherit the permissions
al
rc.d/ntp: Ensure ntpd.leap-seconds.list is readable by ntpd
When a use sets umask in login.conf(5) to 027 or 077 a subsequently
fetched /var/db/ntpd.leap-seconds.list will inherit the permissions
allowed by the umask, resulting in a file that may not be readable
ntpd running under the ntp account. This patch adds a umask command
to preempt the umask in login.conf(5) prior to fetching a new copy
of the leap-seconds file.
PR: 261298
Reported by: Martin Waschbusch <martin@waschbuesch.de>
MFC after: 3 days
show more ...
|
|
Revision tags: release/12.3.0, release/13.0.0, release/12.2.0, release/11.4.0 |
|
| #
735c001b |
| 25-Nov-2019 |
Ian Lepore <ian@FreeBSD.org> |
Allow opt-out of automatic ntpd leapfile checking/fetching.
When a system has no internet connection, or when it is configured to obtain
ntpd leapfiles from some source other than the internet, or e
Allow opt-out of automatic ntpd leapfile checking/fetching.
When a system has no internet connection, or when it is configured to obtain
ntpd leapfiles from some source other than the internet, or even when the
sysadmin has decided for some reason to customize ntp.conf to eliminate use
of the leapfile, the rc.d/ntpd script emits various error messages related
to the file.
This change allows setting the rc var ntp_db_leapfile to NONE to disable all
automatic processing related to that file in rc.d/ntpd.
Differential Revision: https://reviews.freebsd.org/D22461
show more ...
|
|
Revision tags: release/12.1.0, release/11.3.0 |
|
| #
0269ae4c |
| 06-Jun-2019 |
Alan Somers <asomers@FreeBSD.org> |
MFHead @348740
Sponsored by: The FreeBSD Foundation
|
| #
9c6dc2fe |
| 23-May-2019 |
Ian Lepore <ian@FreeBSD.org> |
Remove accidentally-added blank line; the style throughout this file
is to use no whitespace between a comment block and the code it describes.
|
| #
a2119d62 |
| 23-May-2019 |
Ian Lepore <ian@FreeBSD.org> |
Handle the driftfile option correctly when ntpd_flags is empty.
The logic I originally wrote to detect whether a driftfile option was in the
set of flags was based on the result of removing the patt
Handle the driftfile option correctly when ntpd_flags is empty.
The logic I originally wrote to detect whether a driftfile option was in the
set of flags was based on the result of removing the pattern *flag* being an
empty string. That didn't handle the case where the string was empty to
begin with. Doh! So now it also specifically checks for an empty string.
The result of the bad check was that ntpd would run without a driftfile, but
it would do so only if it was running as root instead of the non-priveleged
ntpd user, which isn't a typical case. Ntpd runs fine without a driftfile,
although it does take it longer to stabilize the clock frequency at startup.
Reported by: avg@
Pointy hat: ian@
MFC after: some testing
show more ...
|
|
Revision tags: release/12.0.0 |
|
| #
c6879c6c |
| 23-Oct-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r339015 through r339669.
|
| #
0696600c |
| 17-Oct-2018 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Move the rc framework out of sbin/init into libexec/rc.
The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update bec
Move the rc framework out of sbin/init into libexec/rc.
The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update because an rc script was touched.
(a follow-up commit will make init its own package)
* having rc in its own place will allow more easy replacement
of the rc framework with alternatives, such as openrc.
Discussed with: brd (during BSDCam), kmoore
Requested by: cem, bz
PR: 231522
Approved by: re (gjb)
show more ...
|