#
f99f0ee1 |
|
22-May-2024 |
Alexander Leidinger <netchild@FreeBSD.org> |
rc.d: add a service jails config to all base system services This gives more permissions to services (e.g. network access to services which require this) when they are started as an automatic service jail. The sshd patch is important for the sshd-related functionality as described in the man-page in the service jails part. The location of the added env vars is supposed to allow overriding them in rc.conf, and to hard-disable the use of svcj for some parts where it doesn't make sense or will not work. Only a subset of all of the services are fully tested (I'm running this since more than a year with various services started as service jails). The untested parts should be most of the time ok, in some edge-cases more permissions are needed inside the service jail. Differential Revision: https://reviews.freebsd.org/D40371
|
#
d0b2dbfa |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
#
51da4b19 |
|
11-Aug-2020 |
Cy Schubert <cy@FreeBSD.org> |
When booting a system with WITHOUT_IPFILTER the following errors are encountered at boot time: rcorder: requirement `ipfs' in file `/etc/rc.d/netif' has no providers. rcorder: requirement `ipfilter' in file `/etc/rc.d/netif' has no providers. rcorder: requirement `ipfilter' in file `/etc/rc.d/netwait' has no providers. rcorder: requirement `ipfilter' in file `/etc/rc.d/net_watchdog' has no providers. rcorder: requirement `ipfilter' in file `/etc/rc.d/securelevel' has no providers. Listing its own requrements in BEFORE rather than use REQUIRE of non-optional scripts resolves this issue. The issue was discovered and patched by glebius at Netflix. Submitted by: glebius Reported by: glebius MFC after: 1 week
|
#
795be686 |
|
23-Jul-2020 |
Cy Schubert <cy@FreeBSD.org> |
Load ipfilter, ipnat, and ippool rules, and start ipmon in a vnet jail. PR: 248109 Reported by: joeb1@a1poweruser.com MFC after: 2 weeks
|
#
d19c1c8e |
|
21-Nov-2018 |
Cy Schubert <cy@FreeBSD.org> |
Allow forced start of ipmon in special cases where testing is desired (or other special cases) and when ipfilter is disabled in rc.conf but started by other means. MFC after: 1 week
|
#
0696600c |
|
17-Oct-2018 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Move the rc framework out of sbin/init into libexec/rc. The reasons for this are forward looking to pkgbase: * /sbin/init is a special binary; try not to replace it with every package update because an rc script was touched. (a follow-up commit will make init its own package) * having rc in its own place will allow more easy replacement of the rc framework with alternatives, such as openrc. Discussed with: brd (during BSDCam), kmoore Requested by: cem, bz PR: 231522 Approved by: re (gjb)
|