Add the nojail keyword which excludes services marked as such from the dependency tree when in a jail, #bug 22

2008-02-19 14:15:53 +00:00 · 2008-02-19 14:15:53 +00:00 · 0364bb2c84
commit 0364bb2c84
parent f95e0b2c3e
25 changed files with 121 additions and 41 deletions
--- a/init.d.BSD/hostid
+++ b/init.d.BSD/hostid
@ -9,6 +9,7 @@ depend()
 {
 	need root
 	before devd net
 	keywords nojail
 }
 _set()
--- a/init.d.BSD/moused
+++ b/init.d.BSD/moused
@ -16,6 +16,7 @@ depend()
 {
 	need localmount
 	after bootmisc
 	keywords nojail
 }
 start()
--- a/init.d.BSD/pf
+++ b/init.d.BSD/pf
@ -11,6 +11,7 @@ extra_started_commands="reload"
 depend() {
 	need localmount
 	keywords nojail
 }
 start()
--- a/init.d.BSD/savecore
+++ b/init.d.BSD/savecore
@ -7,6 +7,7 @@ description="Saves a kernel dump."
 depend()
 {
 	need localmount
 	keywords nojail
 }
 start()
--- a/init.d.FreeBSD/clock
+++ b/init.d.FreeBSD/clock
@ -21,6 +21,7 @@ depend()
 	   [ "${clock}" != "UTC" -a ! -e /etc/wall_cmos_clock ]; then
 		need root
 	fi
 	keywords nojail
 }
 start()
--- a/init.d.FreeBSD/devd
+++ b/init.d.FreeBSD/devd
@ -10,6 +10,7 @@ depend() {
 	need localmount
 	after bootmisc
 	before net.lo0
 	keywords nojail
 }
 start_pre() {
--- a/init.d.FreeBSD/dumpon
+++ b/init.d.FreeBSD/dumpon
@ -6,6 +6,7 @@ description="Configures a specific kernel dump device."
 depend() {
 	need swap
 	keywords nojail
 }
 start() {
--- a/init.d.FreeBSD/ipfw
+++ b/init.d.FreeBSD/ipfw
@ -13,6 +13,7 @@ opts="panic showstatus"
 depend() {
 	before net
 	provide firewall
 	keywords nojail
 }
 ipfw() {
--- a/init.d.FreeBSD/mixer
+++ b/init.d.FreeBSD/mixer
@ -7,6 +7,7 @@ extra_commands="restore"
 depend()
 {
 	need localmount
 	keywords nojail
 }
 restore()
--- a/init.d.FreeBSD/powerd
+++ b/init.d.FreeBSD/powerd
@ -12,6 +12,7 @@ depend()
 	need localmount
 	use logger
 	after bootmisc
 	keywords nojail
 }
 start_pre()
--- a/init.d.FreeBSD/syscons
+++ b/init.d.FreeBSD/syscons
@ -4,6 +4,7 @@
 depend() {
 	need localmount
 	keywords nojail
 }
 start() {
--- a/init.d/fsck
+++ b/init.d/fsck
@ -7,7 +7,7 @@ description="Check and repair filesystems according to /etc/fstab"
 depend()
 {
 	after clock modules
-	keywords notimeout
+	keywords nojail notimeout
 }
 start()
--- a/init.d/localmount
+++ b/init.d/localmount
@ -8,6 +8,7 @@ depend()
 {
 	need fsck
 	use modules mtab
 	keywords nojail
 }
 start()
--- a/init.d/netmount
+++ b/init.d/netmount
@ -34,6 +34,7 @@ depend()
 	config /etc/fstab
 	need net ${pmap}
 	use afc-client amd autofs dns nfs nfsmount portmap rpcbind rpc.statd
 	keywords nojail
 }
 start()
--- a/init.d/root
+++ b/init.d/root
@ -7,6 +7,7 @@ description="Mount the root fs read/write"
 depend()
 {
 	need fsck
 	keywords nojail
 }
 start()
--- a/init.d/swap
+++ b/init.d/swap
@ -5,6 +5,7 @@
 depend()
 {
 	need localmount
 	keywords nojail
 }
 start()
--- a/init.d/urandom
+++ b/init.d/urandom
@ -9,6 +9,7 @@ description="Initializes the random number generator."
 depend()
 {
 	need localmount
 	keywords nojail
 }
 save_seed()
--- a/man/runscript.8
+++ b/man/runscript.8
@ -132,9 +132,14 @@ We provide this virtual service. For example, named provides dns.
 .It Ic config
 We should recalculate our dependencies if the listed files have changed.
 .It Ic keywords
-Tags a service with a keyword. Currently the only keyword is notimeout
+Tags a service with a keyword. Here's the keywords we currently understand:-
-which means that services do not time out waiting for that service, which only
+.Bl -tag -width indent
-applies when services are enabled to start and stop in parallel.
+.It Dv nojail
 When in a jail, exclude this service from any dependencies. The service can
 still be run directly.
 .It Dv notimeout
 do not time out waiting for that service.
 .El
 .El
 .Pp
 To see how to influence dependencies in configuration files, see the
--- a/sh/net.sh
+++ b/sh/net.sh
@ -21,6 +21,7 @@ depend()
 	need localmount
 	after bootmisc
 	provide net
 	keywords nojail
 	case "${IFACE}" in
 		lo|lo0);;
--- a/src/librc/librc-depend.c
+++ b/src/librc/librc-depend.c
@ -741,24 +741,23 @@ bool rc_deptree_update (void)
 	rc_deptype_t *dt;
 	rc_deptype_t *last_deptype = NULL;
 	char *line;
-	int len;
+	size_t len;
-	int i;
+	size_t i;
-	int j;
+	size_t j;
-	int k;
+	size_t k;
 	bool already_added;
 	const char *sys = rc_sys ();
 	/* Some init scripts need RC_LIBDIR to source stuff
 	   Ideally we should be setting our full env instead */
 	if (! getenv ("RC_LIBDIR"))
 		setenv ("RC_LIBDIR", RC_LIBDIR, 0);
-	/* Phase 1 */
+	/* Phase 1 - source all init scripts and print dependencies */
 	if (! (fp = popen (GENDEP, "r")))
 		return (false);
 	deptree = xzalloc (sizeof (*deptree));
 	/* Phase 2 */
 	while ((line = rc_getline (fp)))
 	{
 		depends = line;
@ -865,6 +864,46 @@ next:
 	}
 	pclose (fp);
 	/* Phase 2 - if we're a special system, remove services that don't
 	 * work for them. This doesn't stop them from being run directly. */
 	if (sys) {
 		char *nosys;
 		len = strlen (sys);
 		nosys = xmalloc (len + 3);
 		nosys[0] = 'n';
 		nosys[1] = 'o';
 		for (i = 0; i < len; i++)
 			nosys[i + 2] = tolower (sys[i]);
 		nosys[i + 2] = '\0';
 		last_depinfo = NULL;
 		for (depinfo = deptree; depinfo; depinfo = depinfo->next)
 		{
 			bool removed = false;
 			if ((deptype = get_deptype (depinfo, "keywords"))) {
 				STRLIST_FOREACH (deptype->services, service, i)
 					if (strcmp (service, nosys) == 0) {
 						if (last_depinfo)
 							last_depinfo->next = depinfo->next;
 						else
 							deptree = depinfo->next;
 						removed = true;
 						break;
 					}
 			}
 			if (removed) {
 				for (di = deptree; di; di = di->next) {
 					for (dt = di->depends; dt; dt = dt->next)
 						rc_strlist_delete (&dt->services, depinfo->service);
 				}
 			} else
 				last_depinfo = depinfo;
 		}
 		free (nosys);
 	}
 	/* Phase 3 - add our providors to the tree */
 	for (depinfo = deptree; depinfo; depinfo = depinfo->next)
 	{
--- a/src/librc/librc.c
+++ b/src/librc/librc.c
@ -32,6 +32,9 @@
 const char librc_copyright[] = "Copyright (c) 2007-2008 Roy Marples";
 #include "librc.h"
 #ifdef __FreeBSD__
 #include <sys/sysctl.h>
 #endif
 #include <signal.h>
 #define SOFTLEVEL	RC_SVCDIR "/softlevel"
@ -144,6 +147,36 @@ static bool rm_dir (const char *pathname, bool top)
 	return (true);
 }
 const char *rc_sys (void)
 {
 #ifdef __FreeBSD__
 	int jailed = 0;
 	size_t len = sizeof (jailed);
 	if (sysctlbyname ("security.jail.jailed", &jailed, &len, NULL, 0) == 0)
 		if (jailed == 1)
 			return (RC_SYS_JAIL);
 #endif
 #ifdef __linux__
 	if (exists ("/proc/xen")) {
 		if ((fp = fopen ("/proc/xen/capabilities", "r"))) {
 			fclose (fp);
 			if (file_regex ("/proc/xen/capabilities", "control_d"))
 				return (RC_SYS_XEN0);
 		}
 		if (! sys[0])
 			return (RC_SYS_XENU);
 	} else if (file_regex ("/proc/cpuinfo", "UML"))
 		return (RC_SYS_UML);
 	else if (file_regex ("/proc/self/status",
 			       "(s_context|VxID|envID):[[:space:]]*[1-9]"))
 		return (RC_SYS_VPS);
 #endif
 	return (NULL);
 }
 static const char *rc_parse_service_state (rc_service_state_t state)
 {
 	int i;
--- a/src/librc/librc.h
+++ b/src/librc/librc.h
@ -40,6 +40,7 @@
 #include <sys/time.h>
 #include <sys/wait.h>
 #include <ctype.h>
 #include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
--- a/src/librc/rc.h
+++ b/src/librc/rc.h
@ -228,6 +228,16 @@ char **rc_services_scheduled (const char *service);
 * @return true if all daemons started are still running, otherwise false */
 bool rc_service_daemons_crashed (const char *service);
 /*! @name System types
 * OpenRC can support some special sub system types, normally virtualization.
 * Some services cannot work in these systems, or we do something else. */
 #define RC_SYS_JAIL    "JAIL"
 #define RC_SYS_UML     "UML"
 #define RC_SYS_VPS     "VPS"
 #define RC_SYS_XEN0    "XEN0"
 #define RC_SYS_XENU    "XENU"
 const char *rc_sys (void);
 /*! @name Dependency options
 * These options can change the services found by the rc_get_depinfo and
 * rc_get_depends functions. */
--- a/src/librc/rc.map
+++ b/src/librc/rc.map
@ -52,6 +52,7 @@ global:
 	rc_strlist_free;
 	rc_strlist_join;
 	rc_strlist_reverse;
 	rc_sys;
 	rc_yesno;
 local:
--- a/src/rc/rc-misc.c
+++ b/src/rc/rc-misc.c
@ -276,9 +276,7 @@ char **env_config (void)
 	char **env = NULL;
 	char *line;
 	size_t l;
-#ifdef __linux__
+	const char *sys = rc_sys ();
 	char sys[6];
 #endif
 	struct utsname uts;
 	FILE *fp;
 	char buffer[PATH_MAX];
@ -323,29 +321,7 @@ char **env_config (void)
 	} else
 		rc_strlist_add (&env, "RC_DEFAULTLEVEL=" RC_LEVEL_DEFAULT);
-
+	if (sys) {
 #ifdef __linux__
 	/* Linux can run some funky stuff like Xen, VServer, UML, etc
 	   We store this special system in RC_SYS so our scripts run fast */
 	memset (sys, 0, sizeof (sys));
 	if (exists ("/proc/xen")) {
 		if ((fp = fopen ("/proc/xen/capabilities", "r"))) {
 			fclose (fp);
 			if (file_regex ("/proc/xen/capabilities", "control_d"))
 				snprintf (sys, sizeof (sys), "XEN0");
 		}
 		if (! sys[0])
 			snprintf (sys, sizeof (sys), "XENU");
 	} else if (file_regex ("/proc/cpuinfo", "UML")) {
 		snprintf (sys, sizeof (sys), "UML");
 	} else if (file_regex ("/proc/self/status",
 			       "(s_context|VxID|envID):[[:space:]]*[1-9]"))
 	{
 		snprintf (sys, sizeof (sys), "VPS");
 	}
 	if (sys[0]) {
 		l = strlen ("RC_SYS=") + strlen (sys) + 2;
 		line = xmalloc (sizeof (char) * l);
 		snprintf (line, l, "RC_SYS=%s", sys);
@ -353,8 +329,6 @@ char **env_config (void)
 		free (line);
 	}
 #endif
 	/* Some scripts may need to take a different code path if Linux/FreeBSD, etc
 	   To save on calling uname, we store it in an environment variable */
 	if (uname (&uts) == 0) {