diff options
| author | Lexi Winter <lexi@hemlock.eden.le-fay.org> | 2025-03-23 06:00:50 +0000 |
|---|---|---|
| committer | Alexander Leidinger <netchild@FreeBSD.org> | 2025-04-14 13:11:06 +0000 |
| commit | 6fbd1bed6e7bf880a6cc579b06bdc6476983613a (patch) | |
| tree | 08cc80ee6420319d396f25e14537d6a3f647b485 /libexec | |
| parent | 71baab405ef6102714f06de50d889509babe7413 (diff) | |
Diffstat (limited to 'libexec')
| -rw-r--r-- | libexec/rc/rc.subr | 36 |
1 files changed, 29 insertions, 7 deletions
diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index b7f8953012d7..29ed0eb05824 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -1196,7 +1196,8 @@ run_rc_command() _prepend=\$${name}_prepend _login_class=\${${name}_login_class:-daemon} \ _limits=\$${name}_limits _oomprotect=\$${name}_oomprotect \ _setup=\$${name}_setup _env_file=\$${name}_env_file \ - _umask=\$${name}_umask _svcj_options=\$${name}_svcj_options + _umask=\$${name}_umask _svcj_options=\$${name}_svcj_options \ + _svcj_ipaddrs=\$${name}_svcj_ipaddrs if [ -n "$_env_file" ] && [ -r "${_env_file}" ]; then # load env from file set -a @@ -1210,9 +1211,30 @@ run_rc_command() fi fi - if [ -n "$_svcj_options" ]; then # translate service jail options - _svcj_cmd_options="" + _svcj_ip="inherit" + _svcj_ip4_addrs="" + _svcj_ip6_addrs="" + + for addr in $_svcj_ipaddrs; do + case $addr in + *:*) _svcj_ip6_addrs="$addr,${_svcj_ip6_addrs}" ;; + *) _svcj_ip4_addrs="$addr,${_svcj_ip4_addrs}" ;; + esac + done + + _svcj_cmd_options="" + if [ -n "$_svcj_ip4_addrs" ]; then + _svcj_cmd_options="ip4.addr=${_svcj_ip4_addrs%*,} ${_svcj_cmd_options}" + _svcj_ip="new" + fi + + if [ -n "$_svcj_ip6_addrs" ]; then + _svcj_cmd_options="ip6.addr=${_svcj_ip6_addrs%*,} ${_svcj_cmd_options}" + _svcj_ip="new" + fi + + if [ -n "$_svcj_options" ]; then # translate service jail options _svcj_sysvipc_x=0 for _svcj_option in $_svcj_options; do case "$_svcj_option" in @@ -1220,19 +1242,19 @@ run_rc_command() _svcj_cmd_options="allow.mlock ${_svcj_cmd_options}" ;; netv4) - _svcj_cmd_options="ip4=inherit allow.reserved_ports ${_svcj_cmd_options}" + _svcj_cmd_options="ip4=${_svcj_ip} allow.reserved_ports ${_svcj_cmd_options}" ;; netv6) - _svcj_cmd_options="ip6=inherit allow.reserved_ports ${_svcj_cmd_options}" + _svcj_cmd_options="ip6=${_svcj_ip} allow.reserved_ports ${_svcj_cmd_options}" ;; net_basic) - _svcj_cmd_options="ip4=inherit ip6=inherit allow.reserved_ports ${_svcj_cmd_options}" + _svcj_cmd_options="ip4=${_svcj_ip} ip6=${_svcj_ip} allow.reserved_ports ${_svcj_cmd_options}" ;; net_raw) _svcj_cmd_options="allow.raw_sockets ${_svcj_cmd_options}" ;; net_all) - _svcj_cmd_options="allow.socket_af allow.raw_sockets allow.reserved_ports ip4=inherit ip6=inherit ${_svcj_cmd_options}" + _svcj_cmd_options="allow.socket_af allow.raw_sockets allow.reserved_ports ip4=${_svcj_ip} ip6=${_svcj_ip} ${_svcj_cmd_options}" ;; nfsd) _svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}" |