This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.
The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.
The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.
Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision: https://reviews.freebsd.org/D40371
In order to reduce the pre-requisites of this file, implement the
pattern matching and creation of a temporary test directory without
use of grep respectively mktemp.
The new version makes it possible to provide a writable /tmp in any
case and independently of other local or remote file systems (except /
and /dev) being mounted.
The use of "dd if=/dev/random" has the same dependency on /dev/random
being operational as the previous version that used "mktemp". If this
is found to be an issue on platforms that do not have gathered
sufficient entropy at the time when this scriot is run, I suggest to
replace the "dd" command with "ps lauxww" to get a somewhat random
test directory name.
Approved by: rgrimes, glebius, cy
MFC after: 4 weeks
Differential Revision: https://reviews.freebsd.org/D28209
remote filesystems. Discussed this with Brooks and he can't find
evidence that provoked the change in 2005. If anything gets broken
I will fix it in a different way, not via rc sequence change.
Discussed with: brooks
Reviewed by: ngie
Differential Revision: https://reviews.freebsd.org/D28097
The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update because an rc script was touched.
(a follow-up commit will make init its own package)
* having rc in its own place will allow more easy replacement
of the rc framework with alternatives, such as openrc.
Discussed with: brd (during BSDCam), kmoore
Requested by: cem, bz
PR: 231522
Approved by: re (gjb)
