| #
f99f0ee1 |
| 22-May-2024 |
Alexander Leidinger <netchild@FreeBSD.org> |
rc.d: add a service jails config to all base system services
This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
servic
rc.d: add a service jails config to all base system services
This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.
The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.
The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.
Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision: https://reviews.freebsd.org/D40371
show more ...
|
| #
d0b2dbfa |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
| #
0bb08f21 |
| 12-Mar-2023 |
Rick Macklem <rmacklem@FreeBSD.org> |
rc.d: Fix NFS server startup scripts to enable vnet prison use
Now that commit cbbb22031f9b is in main,
it is possible to run nfsd(8), nfsuserd(8), mountd(8),
gssd(8) and rpc.tlsservd(8) in an appro
rc.d: Fix NFS server startup scripts to enable vnet prison use
Now that commit cbbb22031f9b is in main,
it is possible to run nfsd(8), nfsuserd(8), mountd(8),
gssd(8) and rpc.tlsservd(8) in an appropriately configured vnet
prison if the "allow.nfsd" option is specified in jail.conf.
This patch fixes the rc scripts for this.
Mostly just replaces the "nojail" KEYWORD with "nojailvnet",
but also avoids setting vfs.nfsd.srvmaxio in a prison, since it
must be set outside of the prisons and applies to all
nfsd(8) instances.
Reviewed by: jamie
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D38809
show more ...
|
| #
0f5e9425 |
| 15-Feb-2022 |
Rick Macklem <rmacklem@FreeBSD.org> |
gssd: Modify /etc/rc.d/gssd so that it starts after NETWORKING
Arno Tuber reported via email that he needed to restart the gssd daemon
after booting, to get his Kerberized NFS mount to work.
Withou
gssd: Modify /etc/rc.d/gssd so that it starts after NETWORKING
Arno Tuber reported via email that he needed to restart the gssd daemon
after booting, to get his Kerberized NFS mount to work.
Without this patch, rcorder shows that the gssd starts before NETWORKING
and kdc. The gssd will need NETWORKING to connect to the KDC and, if
the kdc is running on the same system, it does not make sense to start it
before the kdc. This fixed the problem for Arno.
While here, I also added a "# BEFORE: mountcritremote".
It does not affect ordering at this time, but I felt
it should be added, since the gssd needs to be running
when remote NFS mounts are done.
PR: 261939
Reported by: anothatuber@gmail.com
Tested by: anothatuber@gmail.com
Reviewed by: rew
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34265
show more ...
|
| #
01b139f2 |
| 14-Nov-2020 |
Rick Macklem <rmacklem@FreeBSD.org> |
Fix startup of gssd when /usr is a separately mounted local file system.
meowthink@gmail.com reported that the gssd daemon was not
starting, because /etc/rc.d/gssd was executed before his local
/usr
Fix startup of gssd when /usr is a separately mounted local file system.
meowthink@gmail.com reported that the gssd daemon was not
starting, because /etc/rc.d/gssd was executed before his local
/usr file system was mounted.
He fixed the problem by adding mountcritlocal to the REQUIRED
line.
This fix seems safe and works for a separately mounted /usr file
system on a local disk.
The case of a separately mounted remote /usr file system (such as
NFS) is still broken, but there is no obvious solution for that.
Adding mountcritremote would fix the problem, but it would
cause a POLA violation, because all kerberized NFS mounts
in /etc/fstab would need the "late" option specified to work.
Submitted by: meowthink@gmail.com
Reported by: meowthink@gmail.com
Reviewed by: 0mp
MFC after: 2 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D27203
show more ...
|
| #
0696600c |
| 17-Oct-2018 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Move the rc framework out of sbin/init into libexec/rc.
The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update bec
Move the rc framework out of sbin/init into libexec/rc.
The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update because an rc script was touched.
(a follow-up commit will make init its own package)
* having rc in its own place will allow more easy replacement
of the rc framework with alternatives, such as openrc.
Discussed with: brd (during BSDCam), kmoore
Requested by: cem, bz
PR: 231522
Approved by: re (gjb)
show more ...
|