Allow more services to run in vnet jails

After some tests, here are the services that run into a vnet jail: - defaultroute - dhclient - ip6addrctl - natd - pf - pfsync - pflog (deamon runs, pflog0 interface usable, but /var/log/pflog not filled) - rarpd - route6d (do nothing anyway because obsolete) - routed (do nothing anyway because obsolete) - rtsold - static_arp - static_ndp PR: 220530 Submitted by: olivier@freebsd.org
2017-07-08 09:28:31 +00:00 · 2017-07-08 09:28:31 +00:00 · 2ca5f390c4
commit 2ca5f390c4
parent dd5ef26e97
13 changed files with 14 additions and 15 deletions
--- a/etc/rc.d/defaultroute
+++ b/etc/rc.d/defaultroute
@ -7,7 +7,7 @@

 # PROVIDE: defaultroute
 # REQUIRE: devd netif stf
-# KEYWORD: nojail
+# KEYWORD: nojailvnet

 . /etc/rc.subr
 . /etc/network.subr
--- a/etc/rc.d/dhclient
+++ b/etc/rc.d/dhclient
@ -4,7 +4,7 @@
 #

 # PROVIDE: dhclient
-# KEYWORD: nojail nostart
+# KEYWORD: nojailvnet nostart

 . /etc/rc.subr
 . /etc/network.subr
--- a/etc/rc.d/ip6addrctl
+++ b/etc/rc.d/ip6addrctl
@ -6,7 +6,7 @@
 # PROVIDE: ip6addrctl
 # REQUIRE: FILESYSTEMS
 # BEFORE: netif
-# KEYWORD: nojail
+# KEYWORD: nojailvnet

 . /etc/rc.subr
 . /etc/network.subr
--- a/etc/rc.d/natd
+++ b/etc/rc.d/natd
@ -4,7 +4,7 @@
 #

 # PROVIDE: natd
-# KEYWORD: nostart nojail
+# KEYWORD: nostart nojailvnet

 . /etc/rc.subr
 . /etc/network.subr
--- a/etc/rc.d/pf
+++ b/etc/rc.d/pf
@ -6,7 +6,7 @@
 # PROVIDE: pf
 # REQUIRE: FILESYSTEMS netif pflog pfsync
 # BEFORE:  routing
-# KEYWORD: nojail
+# KEYWORD: nojailvnet

 . /etc/rc.subr

--- a/etc/rc.d/pflog
+++ b/etc/rc.d/pflog
@ -5,7 +5,7 @@

 # PROVIDE: pflog
 # REQUIRE: FILESYSTEMS netif
-# KEYWORD: nojail
+# KEYWORD: nojailvnet

 . /etc/rc.subr

--- a/etc/rc.d/pfsync
+++ b/etc/rc.d/pfsync
@ -5,7 +5,7 @@

 # PROVIDE: pfsync
 # REQUIRE: FILESYSTEMS netif
-# KEYWORD: nojail
+# KEYWORD: nojailvnet

 . /etc/rc.subr

@ -15,7 +15,7 @@ rcvar="pfsync_enable"
 start_precmd="pfsync_prestart"
 start_cmd="pfsync_start"
 stop_cmd="pfsync_stop"
-required_modules="pf"
+required_modules="pf pfsync"

 pfsync_prestart()
 {
@ -36,7 +36,6 @@ pfsync_start()
 	if [ -n "${pfsync_syncpeer}" ]; then
 		_syncpeer="syncpeer ${pfsync_syncpeer}"
 	fi
-	load_kld pfsync
 	ifconfig pfsync0 $_syncpeer syncdev $pfsync_syncdev $pfsync_ifconfig up
 }

--- a/etc/rc.d/rarpd
+++ b/etc/rc.d/rarpd
@ -6,7 +6,7 @@
 # PROVIDE: rarpd
 # REQUIRE: DAEMON FILESYSTEMS
 # BEFORE:  LOGIN
-# KEYWORD: nojail
+# KEYWORD: nojailvnet

 . /etc/rc.subr

--- a/etc/rc.d/route6d
+++ b/etc/rc.d/route6d
@ -5,7 +5,7 @@

 # PROVIDE: route6d
 # REQUIRE: netif routing
-# KEYWORD: nojail
+# KEYWORD: nojailvnet

 . /etc/rc.subr

--- a/etc/rc.d/routed
+++ b/etc/rc.d/routed
@ -6,7 +6,7 @@
 # PROVIDE: routed
 # REQUIRE: netif routing
 # BEFORE: NETWORK
-# KEYWORD: nojail
+# KEYWORD: nojailvnet

 . /etc/rc.subr

--- a/etc/rc.d/rtsold
+++ b/etc/rc.d/rtsold
@ -6,7 +6,7 @@
 # PROVIDE: rtsold
 # REQUIRE: netif
 # BEFORE: NETWORKING
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown

 . /etc/rc.subr

--- a/etc/rc.d/static_arp
+++ b/etc/rc.d/static_arp
@ -31,7 +31,7 @@

 # PROVIDE: static_arp
 # REQUIRE: netif
-# KEYWORD: nojail
+# KEYWORD: nojailvnet

 . /etc/rc.subr
 . /etc/network.subr
--- a/etc/rc.d/static_ndp
+++ b/etc/rc.d/static_ndp
@ -31,7 +31,7 @@

 # PROVIDE: static_ndp
 # REQUIRE: netif
-# KEYWORD: nojail
+# KEYWORD: nojailvnet

 . /etc/rc.subr
 . /etc/network.subr