upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-05 14:54:21 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/libexec/rc/rc.d/netwait
Alexander Leidinger f99f0ee14e rc.d: add a service jails config to all base system services 
This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.

The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.

The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.

Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision:	https://reviews.freebsd.org/D40371
2024-05-22 15:41:49 +02:00

118 lines
3.1 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
#
# PROVIDE: netwait
# REQUIRE: devd ipfw pf routing
# KEYWORD: nojail
#
# The netwait script helps handle two situations:
# - Systems with USB or other late-attaching network hardware which
# is initialized by devd events. The script waits for all the
# interfaces named in the netwait_if list to appear.
# - Systems with statically-configured IP addresses in rc.conf(5).
# The IP addresses in the netwait_ip list are pinged. The script
# waits for any single IP in the list to respond to the ping. If your
# system uses DHCP, you should probably use synchronous_dhclient="YES"
# in your /etc/rc.conf instead of netwait_ip.
# Either or both of the wait lists can be used (at least one must be
# non-empty if netwait is enabled).
. /etc/rc.subr
name="netwait"
desc="Wait for network devices or the network being up"
rcvar="netwait_enable"
start_cmd="${name}_start"
stop_cmd=":"
netwait_start()
{
local ip rc count output link wait_if got_if any_error
if [ -z "${netwait_if}" ] && [ -z "${netwait_ip}" ]; then
err 1 "No interface or IP addresses listed, nothing to wait for"
fi
if [ ${netwait_timeout} -lt 1 ]; then
err 1 "netwait_timeout must be >= 1"
fi
if [ -n "${netwait_if}" ]; then
any_error=0
for wait_if in ${netwait_if}; do
echo -n "Waiting for ${wait_if}"
link=""
got_if=0
count=1
# Handle SIGINT (Ctrl-C); force abort of while() loop
trap break SIGINT
while [ ${count} -le ${netwait_if_timeout} ]; do
if output=`/sbin/ifconfig ${wait_if} 2>/dev/null`; then
if [ ${got_if} -eq 0 ]; then
echo -n ", interface present"
got_if=1
fi
link=`expr "${output}" : '.*[[:blank:]]status: \(no carrier\)'`
if [ -z "${link}" ]; then
echo ', got link.'
break
fi
fi
sleep 1
count=$((count+1))
done
# Restore default SIGINT handler
trap - SIGINT
if [ ${got_if} -eq 0 ]; then
echo ", wait failed: interface never appeared."
any_error=1
elif [ -n "${link}" ]; then
echo ", wait failed: interface still has no link."
any_error=1
fi
done
if [ ${any_error} -eq 1 ]; then
warn "Continuing with startup, but be aware you may not have "
warn "a fully functional networking layer at this point."
fi
fi
if [ -n "${netwait_ip}" ]; then
# Handle SIGINT (Ctrl-C); force abort of for() loop
trap break SIGINT
for ip in ${netwait_ip}; do
echo -n "Waiting for ${ip} to respond to ICMP ping"
count=1
while [ ${count} -le ${netwait_timeout} ]; do
/sbin/ping -t 1 -c 1 -o ${ip} >/dev/null 2>&1
rc=$?
if [ $rc -eq 0 ]; then
# Restore default SIGINT handler
trap - SIGINT
echo ', got response.'
return
fi
count=$((count+1))
done
echo ', failed: No response from host.'
done
# Restore default SIGINT handler
trap - SIGINT
warn "Exhausted IP list. Continuing with startup, but be aware you may"
warn "not have a fully functional networking layer at this point."
fi
}
load_rc_config $name
# doesn't make sense to run in a svcj: config setting
netwait_svcj="NO"
run_rc_command "$1"
Reference in a new issue View git blame Copy permalink