We can't use protect(1) inside a jail(8)!

To avoid have warning for services that are using oomprotect, oomprotect will only be applied on services that won't run inside jails. Reported by: allanjude MFC after: 2 weeks.
2016-11-10 07:05:41 +00:00 · 2016-11-10 07:05:41 +00:00 · 7f2e9e1ffa
commit 7f2e9e1ffa
parent 33cfd7154f
1 changed files with 5 additions and 0 deletions
--- a/etc/rc.subr
+++ b/etc/rc.subr
@ -1205,6 +1205,11 @@ $command $rc_flags $command_args"
 		# Apply protect(1) to the PID if ${name}_oomprotect is set.
 		case "$rc_arg" in
 		start)
+			# We cannot use protect(1) inside jails.
+			jailed="$(sysctl -n security.jail.jailed)"
+			if [ ${jailed} -eq 1 ]; then
+				return $_return
+			fi
 			if [ -n "$_oomprotect" ]; then
 				if [ -f "${PROTECT}" ]; then
 					pid=$(check_process $command)