src/libexec/rc, branch releng/12.4

rc.d/var_run: Add needed "shutdown" keyword

2022-09-23T00:43:36Z

The "shutdown" keyword invokes rcorder with the -k flag, for rc scripts with the keyword at shutdown. Reported by: bdrewery Fixes: 27b9777c28b4 (cherry picked from commit b77b3099685f27fa1da89cb5b8f376bef87b05ec)

libexec/rc: Add var_run rc script

2022-09-12T00:43:42Z

Users with a tmpfs /var/run will lose the directory tree state of /var/run at reboot. This rc script will optionally (by default) capture the state of the directory structure in /var/run prior to shutdown and recreate it at system boot. Alternatively a user can save the state of the /var/run directories manually using service var_run save and disable the autosaving of /var/run state using the var_run_autosave variable, for those paranoid SSD users. PR: 259585, 259699 Reported by: freebsd@walstatt-de.de, Reviewed by: philip, gbe (previous version) Differential Revision: https://reviews.freebsd.org/D36386 (cherry picked from commit 27b9777c28b4e9474bdc500c28d04feec48fbb84)

ntpd(8): Correct a typo in comment of the rc script

2022-09-07T07:49:21Z

- s/the the/the/ (cherry picked from commit 7ed279f58f83499cc62d253487462c1743da6aec)

rc.conf: Fix a typo in a comment

2022-09-06T05:44:07Z

- s/overriden/overridden/ (cherry picked from commit 0a81527da8e51e3dd77af2ef4950d6559684487f)

rc.d/wpa_supplicant: Remove the sleep to improve boot time

2022-08-13T03:35:02Z

bapt@ had discovered a noticeable boot improvement without the sleep. Without the sleep does not affect warm or cold boot however a service netif restart may cause dhclient to spend a few extra seconds to rerequest the DHCP request. Reported by: bapt Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D35457 (cherry picked from commit 116679b39cb94fdb94c02dceb1c2cae719bd3f42)

[pf] /etc/rc.d/pf should REQUIRE routing

2022-07-26T14:58:47Z

When a system with pf_enable="YES" in /etc/rc.conf uses hostnames in /etc/pf.conf, these hostnames cannot be resolved via external nameservers because the default route is not yet set. This results in an empty (all open) ruleset. Since r195026 already put netif back to REQUIRE, this change does not affect the issue that the firewall should rather have been setup before any network traffic can occur. PR: 211928 Submitted by: Robert Schulze Reported by: Robert Schulze Tested by: Mateusz Kwiatkowski No objections from: kp MFC after: 3 days (cherry picked from commit 9ef917591248e35efea846d0d743b74503387099) Approved by: kp

rc.subr: Make sure oomprotect protects existing children

2022-07-22T00:09:30Z

The rc(8) framework support protecting services from OOM killer. The current implementation applies the protection after the service has already started. This works fine if only the main process is to be protected (*_oomprotect=yes). However, the current implementation fails to protect existing children when children are also to be protected (*_oomprotect=all). This patch fixes that. Note: it is not easy to apply the protectoin earlier because we want to support both the services which use the "command" variable and those that use the "start_cmd" variable. PR: 256148 Approved by: adrian, osogbo Tested by: Jamie Landeg-Jones Fixes: 3bead71e959d - Add a global option where we can protect MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D35747 (cherry picked from commit 68e035c0172b441db772de41ad0f8977679bfedc)

mountd startup: enable NFSv4 if needed on restart

2022-07-11T12:45:02Z

The mountd script in rc.d sets vfs.nfsd.server_max_nfsvers correctly when it is run at system startup, relying on the kernel default. However, if NFSv4 was enabled in /etc/rc.conf later, and the script was re-run to restart mountd, the sysctl was still set to 3. Set the sysctl to the right value in all cases. Reviewed by: rmacklem (cherry picked from commit 1cf8e6339e9add47107a6c9988a0f509225b7ef6)

rc.subr: use _pidcmd to determine pid for protect

2022-07-07T18:13:24Z

This is a more reliable method that accounts for existing pidfiles, procname and interpreter settings. Current method of obtaining the pid for oomprotect="YES"|"ALL" processes in certain cases fails to find a unique pid. One such case are rc.d scripts defining command as: command="daemon" which results in all processes started via daemon being selected and passed to protect(1) which fails and prints usage: $ /etc/rc.d/exampled restart Stopping exampled. Starting exampled. usage: protect [-i] command protect [-cdi] -g pgrp | -p pid Running the same with -x reveals what happens: + pid='3051 4268 4390 4421 4427 4470 4588 4733 4740 4870 4949 4954 4979 5835 5866 55487 55583 56525 57643 57789 57882 58072 58167 99419' + /usr/bin/protect -p 3051 4268 4390 4421 4427 4470 4588 4733 4740 4870 4949 4954 4979 5835 5866 55487 55583 56525 57643 57789 57882 58072 58167 99419 usage: protect [-i] command protect [-cdi] -g pgrp | -p pid We have a more reliable way of obtaining pid already defined in rc.subr and available when protect(1) needs it. We can simply `eval $_pidcmd` which also invokes `check_process` but properly accounts for existing pidfile, procname and interpreter settings. With the change the pidfile is properly obtained. Submitted by: Adam Wolk Sponsored by: Fudo Security Differential Revision: https://reviews.freebsd.org/D30367 Approved by: oshogbo (cherry picked from commit 6ba108e52d175b6833437c8627ae5d0546a4e102)

libexec/rc.d/hostapd: Down/up interface when interface is specified

2022-04-25T13:51:12Z

When no interface is specified results in a syntax error in the rc script. Only execute poststart when an interface has been specified. PR: 263358 Submitted by: markj Reported by: Joshua Kinard Fixes: 0da2c91e64528d896f69d36670e25b4b4a140579 (cherry picked from commit 1452bfcd9bbcb2f5bbb89fa38d01ce51dd9b6d44)