Safe mode may be enabled because of some problem discovered with a kmod,
thus wanting to avoid devmatch. Honor it and let the user deal with
the fallout of not autoloading modules. We've at least made it to
userland and the user demonstrably has a local console as they selected
safe mode in the first place, so this shouldn't be fatal if we don't,
e.g., load a necessary NIC driver.
The sendmail startup script can run 4 daemons: sendmail, sendmail_submit,
sendmail_outbound, and sendmail_msp_queue. Of the first 3 at most one
can be enabled. There's a run_rc_command call for each and the ones for
sendmail and sendmail_msp_queue run unconditionally. For some rc
commands this triggers warnings or errors when sendmail_enable="NO" or
sendmail_msp_queue_enable="NO". Since d2e7bb630b these errors are
propagated and the whole script fails.
Fix this by first determining which daemons are enabled, setting ${name}
and ${rcvar} accordingly, and then always calling run_rc_command
conditionally.
Also replace ${name}.cf with sendmail.cf because ${name} isn't always
sendmail.
PR: 282585
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D47757
When we match a tag and turn tracing, see if we have any
$DEBUG_ON:debug_add:tag in DEBUG_SH and if so add the new tag.
This allows for more focused debugging during boot.
Reviewed by: stevek
It was originally /usr/src/contrib/ipfilter/rules and moved to
/usr/src/share/examples/ipfilter/rules in 41edb306f0.
Point to users to /usr/src/share/examples/ipfilter instead, as the base
directory also contains example rules.
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47392
There is no easy way to set ipfilter optionlist variables during boot.
Add plumbing to the rc script to support this.
PR: 130555
Reviewed by: jlduran
MFC 1 week
Differential Revision: https://reviews.freebsd.org/D47346
Add naive support for openstack network config.
if no config driver have been found, try to detect that we are running a
VM on openstack via the smbios information, use the first iface
available and temporary activate dhcp on it, to be able to fetch the
necessary informations for cloudinit.
While here make the rc script execute after devmatch, some ethernet
device might be attached via devmatch and may be needed for cloudinit.
Tested on OVHCloud Public Cloud.
MFC after: 3 weeks
Sponsored by: OVHCloud
opensm itself is only installed when MK_OFED_EXTRA is set, so it only
makes sense for the same to be true of the rc script.
PR: 257646
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D47313
The rc_fast_and_loose variable allowed rc(8) to start services
by sourcing them into rc's own shell environment. Normally, each rc
service script is started by being sourced into its own subshell
instead. The feature was meant to speed up rc(8) by avoiding the extra
forking necessary to spawn subshells.
In practice, the feature has been broken for a long time now. One of the
reasons is that some rc service scripts call the exit builtin to return
non-zero error codes, which not only terminates the service subshell
but also rc(8) when rc_fast_and_loose is enabled. For example,
a system running any of the supported FreeBSD releases
with rc_fast_and_loose=yes would abort rc(8) as early as rc.d/hostid,
due to an "exit 0".
Fixing rc_fast_and_loose support would require rewriting some rc scripts
to support being sourced directly into rc(8) process. This would muddy
the code base and also would prove difficult to maintain long term
as this is simply not how rc(8) users write scripts. The potential
performance benefits are unlikely to be significant even for use cases
such as Morello under qemu.
Instead, remove support for rc_fast_and_loose completely from rc(8)
and inform users about the change.
PR: 282255
Reviewed by: brooks, christos, mhorne
Approved by: christos (mentor), markj (mentor)
MFC after: 2 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D47264
Some kernel modules will print informative messages when they are
loaded, making the output confusing. Print everything up front instead.
Fixes: 152382e661 ("rc.d/kld: Print the kernel modules being loaded")
Sometimes it is desirable while debugging one script for it to enable
debugging of a child.
We can do that with
$DEBUG_DO DebugAdd tag
to add tag to DEBUG_SH but only when we are already debugging.
If you have a mail server that is running sendmail daemon
(sendmail_enable=YES) and sendmail queue runner (sendmail_msp_queue=YES)
and the sendmail daemon dies, /etc/rc.d/sendmail status does see the
daemon is not running but returns 0 as the exit code. This prevents
other programs (like puppet) from restarting sendmail to fix the issue.
Make sure that the exit code is propagated towards the end of the script
if any of the sendmail services fail.
This patch does not call exit directly but instead just sets the exit
status code by calling exit in a subshell. This way we do not exit the
current shell in case the service script is sourced (e.g., when
rc_fast_and_loose is active).
PR: 223132
MFC after: 2 weeks
Reported by: pirzyk
Discussed with: jilles, eugen
Reviewed by: christos, gshapiro (previous version), markj
Approved by: christos (mentor), markj (mentor)
Differential Revision: https://reviews.freebsd.org/D46862
Co-authored-by: Jim Pirzyk <pirzyk@FreeBSD.org>
The sendmail service script needs to be stopped during shutdown
to ensure a clean shutdown of active SMTP connections (and writing
any in memory queue files).
rcorder(8) requires the rcorder block to be an uninterrupted sequence of
REQUIRE, PROVIDE, BEFORE, and KEYWORD lines. Having a comment in between
REQUIRE and KEYWORD makes rcorder stop parsing the block when it reaches
the comment.
Fix that by moving the comment out from the rcorder block.
Reviewed by: bnovkov, christos, gshapiro, markj
Approved by: bnovkov (mentor), christos (mentor), markj (mentor)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D46924
Silence a warning emitted by fread(3) in fstyp(8)'s read_buf(), when
detecting the file system type of the cloud-init device:
% fstyp /dev/iso9660/cidata
fstyp: fread: Invalid argument
cd9660
Also rephrase slightly a comment while here.
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
If the ZFS key is setup in prompt mode, use zfs to prompt to load the key
during boot to unlock it.
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D36081
Allow Debug{On,Off} to run associated hooks.
This makes it feasible to collect extra debug info at runtime
without needing to modify any potentially verified and hence immutable
scripts.
Like debug.sh, hooks.sh is extremely handy and used extensively
in many parts of Junos and its build environment.
It is provided here in the hope that others may benefit.
We do not dot hooks.sh by default to reduce overhead, but it can
but done from rc.conf et al using
$_HOOKS_SH . /libexec/hooks.sh
to avoid including more than once.
Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D46552
Ensure that run_rc_script returns the true return code of the
rc command and not the return code of DebugOff
Reviewed by: sjg
Approved by: kp
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46626
As of 1b5be7204e we setup parts of IPv6
before IPv4 if configured. For consistency change a case in ifn_start()
calling ipv6_up() before ipv4_up() and reverse in ifn_stop().
MFC after: 10 days
Reviewed by: zlei
Differential Revision: https://reviews.freebsd.org/D33426
As with various other rc scripts, we don't want the output from this
being visible in the boot log.
Fixes: 6437872c1d ("New sysctl to disable NOMATCH until devmatch runs")
MFC after: 1 week
Since we are being paranoid, check that each arg to safe_dot is
actually a file as well as non-empty.
Check for white-space in filenames - these require special handling.
Introduce a new rc.conf option to not wait for ARP resolution within
dhclient. This is plausible on many modern networks where it is possible
to trust the DHCP server to know whether an IP address is available.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
We only need to check kenv for DEBUG_SH once.
We also need to export DEBUG_SH to be useful.
Sponsored by: Juniper Networks, Inc.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D46219
11da791920 switched Leap-seconds source from IANA to IERS, as IERS
is the canonoical source. The problem ist that IERS is not accessible
from IPv6 only networks. To work around this we must add IANA back in
order to provide IPv6-only users a source for leap-seconds fetch.
PR: 279413
Fixes: 11da791920
MFC after: 3 days
Add some sanity checks when service jails are used in jails:
- children.max > 0
- children.max - children.cur > 0
The nesting is too deep at those places to have a sane formatting, so no
line wrapping at the usual column.
If someone has a better idea how to format this: feel free to go ahead.
Clarify that the "sysvipc" svcj option inherits from the host / parent.
Add "sysvipcnew" which creates a new SysV namespace for the service
jail.
Sanity check that only one of them is used.
New variable ${name}_offcmd may be used to supply commands
executed if named service is not enabled. Previously start_precmd
could be used for such a task but now rc.subr(8) does not call it
if a service is not enabled.
Fix devd startup script to use it instead of start_precmd.
PR: 279198
MFC after: 2 weeks
Reported by: Dmitry S. Lukhtionov
Tested by: Dmitry S. Lukhtionov
At the moment, if bootrace profiling is enabled, autoboot is not
exported to the rc scripts. This causes fsck to not check the root
filesystem. To fix this, pass _boot, rc_fast and autoboot to the
boottrace process to mimic what diretly sourcing the rc.d scripts.
PR: 278993
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1261
Reload is used for service reconfiguration as well
and lacks a NAME_prepend-like mechanism so it makes
sense to extend the NAME_reload hook into this
action.
precmd may use configuration checks and blocks setup
from doing its designated work (e.g. nginx). In moving
the invoke of the setup script in front allows us to
provide custom scripts for config file generation and
fixing prior to precmd checking configuration integrity.
Also introduce _run_rc_setup to separate the launcher
from the main one. Let it run correctly in the case
of restart_precmd and block further execution as
would be the case in start due to the internal plumbing
of restart being split into calling stop and start
afterwards.
Differential-Revsiion: https://reviews.freebsd.org/D36259
Signed-off-by: Franco Fichtner <franco@opnsense.org>
Reviewed by: imp, oshogbo
Pull Request: https://github.com/freebsd/freebsd-src/pull/1258
This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.
The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.
The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.
Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision: https://reviews.freebsd.org/D40371
This takes a rc.d-service and starts it in a jail which shares the same
root-path as the host (or parent jail) and may inherit the network from
the host (or parent jail). Per service there is the possibility to
specify some arguments which give more permissions (e.g. netv4, netv6,
sysvipc...).
Reviewed by: bcr (man page)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D40370
Introduce hw.bus.devctl_nomatch_enabled and use it to suppress NOMATCH
until devmatch runs
There's a lot of NOMATCH events generated at boot. We also run devmatch
once during early boot to load unmatched devices. To avoid redundant
work, don't start generating NOMATCH events until after devmatch runs.
Set hw.bus.devctl_nomatch_enabled=1 just before we run devmatch. The
kernel will suppress NOMATCH events until this is set to true.
This saves about 170ms from the boot on aarch64 running atop Apple
M-series processors and the VMWare Fusion hypervisor.
Reviewed by: imp, cperciva
MFC after: 3 days
Sponsored by: Google Summer of Code
Pull Request: https://github.com/freebsd/freebsd-src/pull/1213
