diff options
Diffstat (limited to 'libexec/rc')
| -rw-r--r-- | libexec/rc/rc | 4 | ||||
| -rw-r--r-- | libexec/rc/rc.conf | 2 | ||||
| -rwxr-xr-x | libexec/rc/rc.d/hostname | 4 | ||||
| -rwxr-xr-x | libexec/rc/rc.d/pf | 2 | ||||
| -rwxr-xr-x | libexec/rc/rc.d/routing | 2 | ||||
| -rwxr-xr-x | libexec/rc/rc.d/zfs | 8 | ||||
| -rwxr-xr-x | libexec/rc/rc.d/zfsbe | 2 | ||||
| -rw-r--r-- | libexec/rc/rc.shutdown | 4 | ||||
| -rw-r--r-- | libexec/rc/rc.subr | 4 | ||||
| -rw-r--r-- | libexec/rc/tests/rc_subr_test.sh | 4 |
10 files changed, 18 insertions, 18 deletions
diff --git a/libexec/rc/rc b/libexec/rc/rc index 5ed47d6eac20..db3c3e20ab44 100644 --- a/libexec/rc/rc +++ b/libexec/rc/rc @@ -83,9 +83,9 @@ fi trap "_rc_conf_loaded=false; load_rc_config" ALRM skip="-s nostart" -if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then +if check_jail jailed; then skip="$skip -s nojail" - if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then + if ! check_jail vnet; then skip="$skip -s nojailvnet" fi fi diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf index 00f4b718bfad..d502361eca37 100644 --- a/libexec/rc/rc.conf +++ b/libexec/rc/rc.conf @@ -694,7 +694,7 @@ entropy_file="/entropy" # Set to NO to disable late (used when going multi-user) entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron. entropy_save_sz="4096" # Size of the entropy cache files. entropy_save_num="8" # Number of entropy cache files to save. -harvest_mask="511" # Entropy device harvests all but the very invasive sources. +harvest_mask="4607" # Entropy device harvests all but the very invasive sources. # (See 'sysctl kern.random.harvest' and random(4)) osrelease_enable="YES" # Update /var/run/os-release on boot (or NO). osrelease_file="/var/run/os-release" # File to update for os-release. diff --git a/libexec/rc/rc.d/hostname b/libexec/rc/rc.d/hostname index 8b26c4f60633..0bc31ccd787e 100755 --- a/libexec/rc/rc.d/hostname +++ b/libexec/rc/rc.d/hostname @@ -42,8 +42,8 @@ hostname_start() # If we are not inside a jail, set the host name. # If we are inside a jail, set the host name if it is permitted. # - if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then - if [ `$SYSCTL_N security.jail.set_hostname_allowed` -eq 0 ]; then + if check_jail jailed; then + if ! check_jail set_hostname_allowed; then return fi else diff --git a/libexec/rc/rc.d/pf b/libexec/rc/rc.d/pf index 0b4c086db22b..46fb085e5175 100755 --- a/libexec/rc/rc.d/pf +++ b/libexec/rc/rc.d/pf @@ -38,7 +38,7 @@ pf_fallback() $pf_program -f "$pf_fallback_rules_file" $pf_flags else warn "Loading fallback rules: $pf_fallback_rules" - echo $pf_fallback_rules | $pf_program -f - $pf_flags + echo "$pf_fallback_rules" | $pf_program -f - $pf_flags fi } diff --git a/libexec/rc/rc.d/routing b/libexec/rc/rc.d/routing index 893acb83cf4a..dd75604125a3 100755 --- a/libexec/rc/rc.d/routing +++ b/libexec/rc/rc.d/routing @@ -331,7 +331,7 @@ _check_dynamicrouting() # copied from /etc/rc skip="-s nostart" - if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then + if check_jail jailed; then skip="$skip -s nojail" fi [ -n "$local_startup" ] && find_local_scripts_new diff --git a/libexec/rc/rc.d/zfs b/libexec/rc/rc.d/zfs index 26bf3046444b..f88f65c2ec18 100755 --- a/libexec/rc/rc.d/zfs +++ b/libexec/rc/rc.d/zfs @@ -18,7 +18,7 @@ required_modules="zfs" zfs_start_jail() { - if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then + if check_jail mount_allowed; then zfs mount -a fi } @@ -34,7 +34,7 @@ zfs_start_main() zfs_start() { - if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + if check_jail jailed; then zfs_start_jail else zfs_start_main @@ -54,7 +54,7 @@ zfs_poststart() zfs_stop_jail() { - if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then + if check_jail mount_allowed; then zfs unmount -a fi } @@ -67,7 +67,7 @@ zfs_stop_main() zfs_stop() { - if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + if check_jail jailed; then zfs_stop_jail else zfs_stop_main diff --git a/libexec/rc/rc.d/zfsbe b/libexec/rc/rc.d/zfsbe index f61f3bf097f0..22d53f219679 100755 --- a/libexec/rc/rc.d/zfsbe +++ b/libexec/rc/rc.d/zfsbe @@ -64,7 +64,7 @@ activate_bootonce() be_start() { - if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + if check_jail jailed; then : else mount -p | while read _dev _mp _type _rest; do diff --git a/libexec/rc/rc.shutdown b/libexec/rc/rc.shutdown index 18f67f5ca124..3dfd7a7e0936 100644 --- a/libexec/rc/rc.shutdown +++ b/libexec/rc/rc.shutdown @@ -83,9 +83,9 @@ fi # and perform the operation # rcorder_opts="-k shutdown" -if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then +if check_jail jailed; then rcorder_opts="$rcorder_opts -s nojail" - if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then + if ! check_jail vnet; then rcorder_opts="$rcorder_opts -s nojailvnet" fi fi diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index 2eaf336b5220..a2e2e98a5087 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -1689,7 +1689,7 @@ $_cpusetcmd $command $rc_flags $command_args" start) # We cannot use protect(1) inside jails. if [ -n "$_oomprotect" ] && [ -f "${PROTECT}" ] && - [ "$(sysctl -n security.jail.jailed)" -eq 0 ]; then + ! check_jail jailed; then [ -z "${rc_pid}" ] && eval $_pidcmd case $_oomprotect in [Aa][Ll][Ll]) @@ -2671,7 +2671,7 @@ check_required_after() } # check_jail mib -# Return true if security.jail.$mib exists and set to 1. +# Return true if security.jail.$mib exists and is set to 1. check_jail() { diff --git a/libexec/rc/tests/rc_subr_test.sh b/libexec/rc/tests/rc_subr_test.sh index 60f77c2c2de3..9931389e7a02 100644 --- a/libexec/rc/tests/rc_subr_test.sh +++ b/libexec/rc/tests/rc_subr_test.sh @@ -52,7 +52,7 @@ oomprotect_all_body() _rc_arg="$4" setvar "${name}_oomprotect" all command="/usr/sbin/daemon" - command_args="-P $pidfile -p $_childpidfile -- /bin/sleep 5" + command_args="-P $pidfile -p $_childpidfile -- /bin/sleep 60" run_rc_command "$_rc_arg" LITERAL @@ -92,7 +92,7 @@ oomprotect_yes_body() setvar "${name}_oomprotect" yes procname="/bin/sleep" command="/usr/sbin/daemon" - command_args="-p $pidfile -- $procname 5" + command_args="-p $pidfile -- $procname 60" run_rc_command "$_rc_arg" LITERAL |