mirror of
https://github.com/opnsense/src.git
synced 2026-06-06 23:32:52 -04:00
f99f0ee14e
This gives more permissions to services (e.g. network access to services which require this) when they are started as an automatic service jail. The sshd patch is important for the sshd-related functionality as described in the man-page in the service jails part. The location of the added env vars is supposed to allow overriding them in rc.conf, and to hard-disable the use of svcj for some parts where it doesn't make sense or will not work. Only a subset of all of the services are fully tested (I'm running this since more than a year with various services started as service jails). The untested parts should be most of the time ok, in some edge-cases more permissions are needed inside the service jail. Differential Revision: https://reviews.freebsd.org/D40371
72 lines
1.4 KiB
Bash
Executable file
72 lines
1.4 KiB
Bash
Executable file
#!/bin/sh
|
|
#
|
|
#
|
|
|
|
# PROVIDE: dhclient
|
|
# KEYWORD: nojailvnet nostart
|
|
|
|
. /etc/rc.subr
|
|
. /etc/network.subr
|
|
|
|
ifn="$2"
|
|
|
|
name="dhclient"
|
|
desc="Dynamic Host Configuration Protocol (DHCP) client"
|
|
rcvar=
|
|
pidfile="/var/run/dhclient/${name}.${ifn}.pid"
|
|
start_precmd="dhclient_prestart"
|
|
stop_precmd="dhclient_pre_check"
|
|
|
|
# rc_force check can only be done at the run_rc_command
|
|
# time, so we're testing it in the pre* hooks.
|
|
dhclient_pre_check()
|
|
{
|
|
if [ -z "${rc_force}" ] && ! dhcpif $ifn; then
|
|
local msg
|
|
msg="'$ifn' is not a DHCP-enabled interface"
|
|
if [ -z "${rc_quiet}" ]; then
|
|
echo "$msg"
|
|
else
|
|
debug "$msg"
|
|
fi
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
dhclient_prestart()
|
|
{
|
|
dhclient_pre_check
|
|
|
|
# Interface-specific flags (see rc.subr for $flags setting)
|
|
specific=$(get_if_var $ifn dhclient_flags_IF)
|
|
if [ -z "$flags" -a -n "$specific" ]; then
|
|
rc_flags=$specific
|
|
fi
|
|
|
|
background_dhclient=$(get_if_var $ifn background_dhclient_IF $background_dhclient)
|
|
if checkyesno background_dhclient; then
|
|
rc_flags="${rc_flags} -b"
|
|
fi
|
|
|
|
|
|
# /var/run/dhclient is not guaranteed to exist,
|
|
# e.g. if /var/run is a tmpfs
|
|
install -d -o root -g wheel -m 755 ${pidfile%/*}
|
|
|
|
rc_flags="${rc_flags} ${ifn}"
|
|
}
|
|
|
|
load_rc_config $name
|
|
load_rc_config network
|
|
|
|
# dhclient_prestart is not compatible with svcj
|
|
dhclient_svcj="NO"
|
|
|
|
if [ -z $ifn ] ; then
|
|
# only complain if a command was specified but no interface
|
|
if [ -n "$1" ] ; then
|
|
err 1 "$0: no interface specified"
|
|
fi
|
|
fi
|
|
|
|
run_rc_command "$1"
|