The branch main has been updated by netchild:
URL:
https://cgit.FreeBSD.org/src/commit/?id=a70ecfb11757812cd97b6499dc4b73984c310681
commit a70ecfb11757812cd97b6499dc4b73984c310681
Author: Alexander Leidinger <netch...@freebsd.org>
AuthorDate: 2024-06-14 18:05:52 +0000
Commit: Alexander Leidinger <netch...@freebsd.org>
CommitDate: 2024-06-14 18:15:45 +0000
rc.subr: add new sysv option for service jails
Clarify that the "sysvipc" svcj option inherits from the host / parent.
Add "sysvipcnew" which creates a new SysV namespace for the service
jail.
Sanity check that only one of them is used.
---
libexec/rc/rc.subr | 11 +++++++++++
share/man/man5/rc.conf.5 | 8 ++++++--
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr
index 2380d1aeabc3..f9d8bf9a3cc3 100644
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@@ -1219,6 +1219,7 @@ run_rc_command()
if [ -n "$_svcj_options" ]; then # translate service jail options
_svcj_cmd_options=""
+ _svcj_sysvipc_x=0
for _svcj_option in $_svcj_options; do
case "$_svcj_option" in
mlock)
@@ -1243,8 +1244,13 @@ run_rc_command()
_svcj_cmd_options="allow.nfsd
enforce_statfs=1 ${_svcj_cmd_options}"
;;
sysvipc)
+ _svcj_sysvipc_x=$((${_svcj_sysvipc_x} +
1))
_svcj_cmd_options="sysvmsg=inherit
sysvsem=inherit sysvshm=inherit ${_svcj_cmd_options}"
;;
+ sysvipcnew)
+ _svcj_sysvipc_x=$((${_svcj_sysvipc_x} +
1))
+ _svcj_cmd_options="sysvmsg=new
sysvsem=new sysvshm=new ${_svcj_cmd_options}"
+ ;;
vmm)
_svcj_cmd_options="allow.vmm
${_svcj_cmd_options}"
;;
@@ -1253,6 +1259,11 @@ run_rc_command()
;;
esac
done
+ if [ ${_svcj_sysvipc_x} -gt 1 ]; then
+ echo -n "ERROR: more than one sysvipc option is "
+ echo "specified in ${name}_svcj_options: $_svcj_options"
+ return 1
+ fi
fi
[ -z "$autoboot" ] && eval $_pidcmd # determine the pid if necessary
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 9f32cfa5ab82..3fa20fe3cf0c 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -4977,8 +4977,11 @@ to them.
.It nfsd
Allows to run nfsd and affiliated daemons.
.It sysvipc
-Allows access to SysV semaphores, SysV shared memory and
-SysV messages.
+Inherits the SysV semaphores, SysV shared memory and
+SysV messages from the host or the parent jail.
+.It sysvipcnew
+Creates a new namespace for SysV semaphores, SysV shared memory
+and SysV messages for this particular service jail.
.It vmm
Allows access to
.Xr vmm 4 .
@@ -4988,6 +4991,7 @@ is enabled in the kernel.
.El
All non-network options can be combined with all other options.
+From the SysV options only one option can be specified.
If the
.Ao Ar name Ac Ns Va _svcj
