From scrappy@jupiter.hub.org  Wed Mar 13 19:44:39 2002
Return-Path: <scrappy@jupiter.hub.org>
Received: from jupiter.hub.org (jupiter.hub.org [64.49.215.5])
	by hub.freebsd.org (Postfix) with ESMTP id 272B937B400
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 13 Mar 2002 19:44:38 -0800 (PST)
Received: (from scrappy@localhost)
	by jupiter.hub.org (8.11.6/8.11.6) id g2E3iWn16794;
	Wed, 13 Mar 2002 21:44:32 -0600 (CST)
	(envelope-from scrappy)
Message-Id: <200203140344.g2E3iWn16794@jupiter.hub.org>
Date: Wed, 13 Mar 2002 21:44:32 -0600 (CST)
From: The Hermit Hacker <scrappy@jupiter.hub.org>
Reply-To: The Hermit Hacker <scrappy@jupiter.hub.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: rc files could be a bit more jail friendly ...
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         35880
>Category:       conf
>Synopsis:       rc files could be a bit more jail friendly ...
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 13 19:50:01 PST 2002
>Closed-Date:    Sun Mar 28 03:28:05 PST 2004
>Last-Modified:  Sun Mar 28 03:28:05 PST 2004
>Originator:     The Hermit Hacker
>Release:        FreeBSD 4.5-STABLE i386
>Organization:
>Environment:
System: FreeBSD jupiter.hub.org 4.5-STABLE FreeBSD 4.5-STABLE #4: Mon Feb 25 09:55:46 CST 2002 root@jupiter.hub.org:/usr/obj/usr/src/sys/kernel i386


	
>Description:
	
	minor changes to the rc files to silence various warnings concerning
	processes that are no appropriate to a jail'd environment

>How-To-Repeat:
	
>Fix:


diff -cr etc.orig/defaults/rc.conf etc/defaults/rc.conf
*** etc.orig/defaults/rc.conf	Wed Mar 13 21:28:28 2002
--- etc/defaults/rc.conf	Wed Mar 13 21:31:17 2002
***************
*** 358,363 ****
--- 358,365 ----
  start_vinum="NO"	# set to YES to start vinum
  unaligned_print="YES"	# print unaligned access warnings on the alpha (or NO).
  
+ jail="NO"		# jail environment
+ 
  ##############################################################
  ### Define source_rc_confs, the mechanism used by /etc/rc.* ##
  ### scripts to source rc_conf_files overrides safely.	    ##
diff -cr etc.orig/rc etc/rc
*** etc.orig/rc	Wed Mar 13 21:05:21 2002
--- etc/rc	Wed Mar 13 21:36:01 2002
***************
*** 115,121 ****
  	;;
  esac
  
! swapon -a
  
  # Last chance to do things before potentially waiting for
  # operator to do fsck related tasks
--- 115,125 ----
  	;;
  esac
  
! case ${jail} in
! [Nn][Oo])
! 	swapon -a
! 	;;
! esac
  
  # Last chance to do things before potentially waiting for
  # operator to do fsck related tasks
***************
*** 180,221 ****
  set -T
  trap "echo 'Reboot interrupted'; exit 1" 3
  
! # root normally must be read/write, but if this is a BOOTP NFS
! # diskless boot it does not have to be.
! #
! case ${root_rw_mount} in
! [Nn][Oo] | '')
! 	;;
! *)
! 	if ! mount -u -o rw / ; then
! 		echo 'Mounting root filesystem rw failed, startup aborted'
! 		exit 1
! 	fi
! 	;;
! esac
! 
! umount -a >/dev/null 2>&1
  
! # If using diskless, run custom disk mounting function here
! #
! if [ -n "${diskless_mount}" -a -r "${diskless_mount}" ]; then
! 	sh ${diskless_mount}
! else
! # otherwise mount everything except nfs filesystems.
! 	mount -a -t nonfs
! fi
  
! case $? in
! 0)
! 	;;
! *)
! 	echo 'Mounting /etc/fstab filesystems failed, startup aborted'
! 	exit 1
  	;;
  esac
  
  
! adjkerntz -i
  
  purgedir() {
  	local dir file
--- 184,232 ----
  set -T
  trap "echo 'Reboot interrupted'; exit 1" 3
  
! case ${jail} in
! [Nn][Oo])
! 	# root normally must be read/write, but if this is a BOOTP NFS
! 	# diskless boot it does not have to be.
! 	#
! 	case ${root_rw_mount} in
! 	[Nn][Oo] | '')
! 		;;
! 	*)
! 		if ! mount -u -o rw / ; then
! 			echo 'Mounting root filesystem rw failed, startup aborted'
! 			exit 1
! 		fi
! 		;;
! 	esac
  
! 	umount -a >/dev/null 2>&1
  
! 	# If using diskless, run custom disk mounting function here
! 	#
! 	if [ -n "${diskless_mount}" -a -r "${diskless_mount}" ]; then
! 		sh ${diskless_mount}
! 	else
! 	# otherwise mount everything except nfs filesystems.
! 		mount -a -t nonfs
! 	fi
! 	case $? in
! 	0)
! 		;;
! 	*)
! 		echo 'Mounting /etc/fstab filesystems failed, startup aborted'
! 		exit 1
! 		;;
! 	esac
  	;;
  esac
  
  
! case ${jail} in
! [Nn][Oo])
! 	adjkerntz -i
!         ;;
! esac
  
  purgedir() {
  	local dir file


>Release-Note:
>Audit-Trail:

From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: The Hermit Hacker <scrappy@jupiter.hub.org>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: conf/35880: rc files could be a bit more jail friendly ...
Date: Wed, 13 Mar 2002 22:46:21 -0800

 On Wed, Mar 13, 2002 at 09:44:32PM -0600, The Hermit Hacker wrote:
 [snip]
 
 > 	minor changes to the rc files to silence various warnings concerning
 > 	processes that are no appropriate to a jail'd environment
 
 [snip patches]
 
 I don't think any of these changes are required. The swapon(8) and
 mount(8) commands don't do anything since the fstab(5) file will tell
 them to do nothing. As for adjkerntz(8), it doesn't hurt anything.
 -- 
 Crist J. Clark                     |     cjclark@alum.mit.edu
                                    |     cjclark@jhu.edu
 http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
State-Changed-From-To: open->closed 
State-Changed-By: pjd 
State-Changed-When: Sun Mar 28 03:20:59 PST 2004 
State-Changed-Why:  
This was fixed in -CURRENT in complete way - by adding 
'nojail' flag to scripts that doesn't make sens inside 
a jail. It'll not be backported. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=35880 
>Unformatted:
