Commit Graph

165 Commits

Author SHA1 Message Date
Mark Felder
75a315f6d2 rc.subr: Support loading environmental variables from a file
The current support for setting environment via foo_env="" in rc.conf is
not scalable and does not handle envs with spaces in the value. It seems
a common pattern for some newer software is to skip configuration files
altogether and rely on the env. This is well supported in systemd unit
files and may be the inspiration for this trend.

MFH:		1 week
Differential Revision:	https://reviews.freebsd.org/D14453
2018-05-25 19:36:26 +00:00
Dmitry Marakasov
148ee4c3ff Support configuring arbitrary limits(1) for any daemon in rc.conf
Usage is ${name}_limits, and the argument is any flags accepted by
limits(1), such as `-n 100' (e.g. only allow 100 open files).

Approved by:	cy
Differential Revision:	https://reviews.freebsd.org/D14015
2018-01-24 14:15:06 +00:00
Eitan Adler
dae3a64fb9 userland: Fix several typos and minor errors
- duplicate words
- typos
- references to old versions of FreeBSD

Reviewed by:	imp, benno
2017-12-27 03:23:01 +00:00
Jilles Tjoelker
d78b853f0f rc.subr: Remove test that is always true.
The code above always sets _pidcmd to a non-empty value.
2017-10-15 11:28:41 +00:00
Ian Lepore
50e3590c44 Enhance mdmfs(8) to work with tmpfs(5).
Existing scripts and associated config such as rc.initdiskless, rc.d/var,
and others, use mdmfs to create memory filesystems. That program accepts a
size argument which allows SI suffixes and treats an unsuffixed number as a
count of 512 byte sectors. That makes it difficult to convert existing
scripts to use tmpfs instead of mdmfs, because tmpfs treats unsuffixed
numbers as a count of bytes. The script logic to deal with existing user
config that might include suffixed and unsuffixed numbers is... unpleasant.

Also, there is no g'tee that tmpfs will be available. It is sometimes
configured out of small-resource embedded systems to save memory and flash
storage space.

These changes enhance mdmfs(8) so that it accepts two new values for the
'md-device' arg: 'tmpfs' and 'auto'. With tmpfs, the program always uses
tmpfs(5) (and fails if it's not available). With 'auto' the program prefers
tmpfs, but falls back to using md(4) if tmpfs isn't available. It also
handles the -s <size> argument so that the mdconfig interpetation of
unsuffixed numbers applies when tmpfs is used as well, so that existing user
config keeps working after a switch to tmpfs.

A new rc setting, mfs_type, is added to etc/defaults/rc.conf to let users
force the use of tmpfs or md; the default value is "auto".

Differential Revision:	https://reviews.freebsd.org/D12301
2017-09-29 22:13:26 +00:00
Jilles Tjoelker
eaac4bffc7 rc.subr: Optimize repeated sourcing.
When /etc/rc runs all /etc/rc.d scripts, it has already loaded /etc/rc.subr
but each /etc/rc.d script sources it again (since /etc/rc.d scripts must
also work when started stand-alone).

Therefore, if rc.subr is already loaded, return so sh need not parse the
rest of the file.

A second effect is that there is no longer a compound command around most of
rc.subr. This reduces memory usage while sh is loading rc.subr for the first
time (but this memory is free()d once rc.subr is loaded).

For purposes of porting this to other systems, I do not recommend porting
this to systems with shells that do not have the change to the return
special builtin like in r255215 (before FreeBSD 10.0-RELEASE). This change
ensures that return in the top level of a dot script returns from the dot
script, even if the dot script was sourced from a function.

A comparison of CPU time on an amd64 bhyve virtual machine from a times
command added near the end of /etc/rc, all four values summed:

x orig1
+ quickreturn
+--------------------------------------------------------------------------+
|  +    +              +                             x    x               x|
||______M__A_________|                             |______M___A__________| |
+--------------------------------------------------------------------------+
    N           Min           Max        Median           Avg        Stddev
x   3         1.704         1.802         1.726         1.744   0.051419841
+   3         1.467         1.559         1.487     1.5043333   0.048387326
Difference at 95.0% confidence
	-0.239667 +/- 0.113163
	-13.7424% +/- 6.48873%
	(Student's t, pooled s = 0.0499266)
2017-06-11 19:06:07 +00:00
Cy Schubert
f6245ac3f7 Revert r316487. It is broken, causing boot to fail due to line 25 in
etc/rc.d/dhclient unconditionally testing true when called by a devd
rule during boot, ignoring statically assigned IP addresses in rc.conf.

Requested by:	des@
2017-04-06 12:52:05 +00:00
Cy Schubert
89f0a53cfe Revert r316516. des@ asked that r316516 be reverted so that he can spend
a little more time getting r316487 right.

Requested by:	des@
2017-04-06 00:15:18 +00:00
Cy Schubert
4360d992ef r316487 altered the defined values of rc_force from "yes" (for yes)
and NULL (for no) to "no" (for no) and no change to the definition
of yes. Two rc.d scripts, dhclient and bgfsck check rc_force for
yesi, using test -n, and no, using test -z. The redefinition of
yes and no by r316487 caused rc.d/dhclient, when invoked by devd
using a devd.conf rule, to assign DHCP assigned IP addresses for
interfaces with statically assigned interfaces, breaking boot.
Point of breakage was at line 25 of etc/rc.d/dhclient (r301068)
where $rc_force needs to be NULL.

MFC after:	3 weeks
X-MFC with:	r316487
2017-04-05 05:23:09 +00:00
Dag-Erling Smørgrav
93385ba03b Allow command modifiers (fast, quiet etc.) to be stacked in any order.
Add a "debug" modifier that sets rc_debug.

MFC after:	3 weeks
2017-04-04 11:43:31 +00:00
Devin Teske
4f38967037 Fix bug preventing limits(1) from being applied
PR:		misc/212493
Differential Revision:	https://reviews.freebsd.org/D8232
Submitted by:	girgen
Reviewed by:	adrian
MFC after:	3 days
X-MFC-to:	stable/11
2016-12-03 19:03:40 +00:00
Warner Losh
f8c1525499 Finish incomplete comments in prior revision. I was going to fix this
after I tested it, but didn't.
2016-12-01 05:16:27 +00:00
Warner Losh
5ad34286cd If the kenv variable rc_debug is set, turn on rc_debug. 2016-12-01 04:35:41 +00:00
Jilles Tjoelker
481b6d6f37 rc.subr: $(ps -p $$ -o jid=) is always 0, so do not fork ps for it.
The JID keyword writes 0 for a process also in the host system or in the
same jail.
2016-11-20 18:21:05 +00:00
Jilles Tjoelker
bddbe3b2b1 rc.subr: Swap checks so we only fork sysctl if *_oomprotect is set. 2016-11-17 22:49:51 +00:00
Marcelo Araujo
46542a426e We can't use protect(1) inside a jail(8)!
To avoid have warning for services that are using oomprotect, oomprotect
will only be applied on services that won't run inside jails.

Reported by:	allanjude
MFC after:	2 weeks.
2016-11-10 07:05:41 +00:00
Baptiste Daroussin
5b71d8999c Remove backup_uses_rcs from rc.subr
In preparation for the removal of GNU rcs from base, remove the backup_uses_rcs
functionality from the rc.subr backup_file feature. This functionnality was off
by default

Reviewed by:	wblock
Differential Revision:	https://reviews.freebsd.org/D7883
2016-09-18 12:49:23 +00:00
Edward Tomasz Napierala
6e9bf96d6f Refactor the root mount hold code and add the wait to etc/rc.d/fsck.
This fixes mounting (non-root) USB drives on boot with fsck enabled
(with non-zero 'Pass#' field in fstab(5)).

Reported by:	Graham Menhennitt <graham at menhennitt.com.au>
Reviewed by:	jilles@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D6221
2016-05-10 08:44:44 +00:00
Lars Engels
1980d11b5f - Add two new subcommands to rc.subr:
"describe" shows an rc script's description
  "extracommands" shows an rc script's non-standard commands like "reload", "configtest", "keygen", etc
- Update the rc(8) manpage and the tcsh(1) completion examples to reflect these changes

Approved by:	bapt
Sponsored by:	Essen Linuxhotel Hackathon 2016
Differential Revision:	D452
2016-04-23 16:19:34 +00:00
Marcelo Araujo
3bead71e95 - Add a global option where we can protect processes when swap space
is exhausted.

How to use:

Basically we need to add on rc.conf an another option like:

    If we want to protect only the main processes.
    syslogd_oomprotect="YES"

    If we want to protect all future children of the specified processes.
    syslogd_oomprotect="ALL"

PR:		204741 (based on)
Submitted by:	eugen@grosbein.net
Reviewed by:	jhb, allanjude, rpokala and bapt
MFC after:	4 weeks
Relnotes:	Yes
Sponsored by:	gandi.net
Differential Revision:	https://reviews.freebsd.org/D5176
2016-02-24 01:32:12 +00:00
Jilles Tjoelker
80fe6bcf09 rc.subr: Check for running daemons before a custom start_cmd is executed.
Currently rc scripts implementing their own start_cmd do not enjoy the
benefits of rc.subr's own check for rc_pid.

This leads to around a third of ports with such a start_cmd not to check for
the process at all and two thirds of ports to re-implement this check
(sometimes wrongly).

This patch moves the check for rc_pid to before ${rc_arg}_cmd is executed.

Submitted by:	Dirk Engling
Reviewed by:	feld
MFC after:	1 week
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D4156
2015-12-04 16:32:29 +00:00
Dag-Erling Smørgrav
0b9c2e7ac5 Correctly document the change made in r275359. 2015-10-26 15:14:55 +00:00
Adrian Chadd
ef4cd02bfa Enforce consistent limits of daemons run from rc.subr:
* Allow the user to configure the login class to use in rc.conf
  by using {daemon}_login_class, which;
* Use the daemon class by default;
* .. and then use 'limits' to set the login class so it works both
  via init at startup (which runs this in 'daemon' class) and via
  whichever root environment (eg command line, other daemons, etc.)

Reviewed by:	dteske
Differential Revision:	https://reviews.freebsd.org/D3630
2015-09-27 04:03:11 +00:00
Enji Cooper
1b44fd7506 Update the comment about handling old-style rc(5) scripts
The old-style (*.sh) scripts in /etc/rc.d are explicitly ignored, whereas
other scripts ending in .sh are permitted
2015-08-05 03:03:57 +00:00
Jilles Tjoelker
738b6d4109 rc.subr: Allow rc.conf.d with multi-directory local_startup.
I also changed ${...%*/rc.d} to ${...%/rc.d} since the shortest match always
has an empty string for the asterisk.

PR:		201641
Submitted by:	Jamie Landeg-Jones (original version)
MFC after:	1 week
2015-08-01 22:00:25 +00:00
Dag-Erling Smørgrav
e27961a496 Allow load_rc_config to be called without a service name.
MFC after:	1 week
2014-12-01 12:17:42 +00:00
Hiroki Sato
2869fca8b0 Add env and prepend to _rc_namevarlist. 2014-10-12 02:42:36 +00:00
Hiroki Sato
61a8e84918 Add ${name}_env and ${name}_prepend. ${name}_env is an argument list which
will be passed to env(1).  ${name}_prepend is simply prepended to the command
line for $command.
2014-10-11 23:49:27 +00:00
Hiroki Sato
4a387a583b Resurrect set_rcvar() as a function to define a rc.conf variable.
It defines a variable and its default value in load_rc_config() just after
rc.conf is loaded.  "rcvar" command shows the current and the default values.

This is an attempt to solve a problem that rc.d scripts from third-party
software do not have entries in /etc/defaults/rc.conf.  The fact that
load_rc_config() reads rc.conf only once and /etc/rc invokes the function
before running rc.d scripts made developers confused for a long time because
load_rc_config() just before run_rc_command() in each rc.d script overrides
variables only when the script is directly invoked, not from /etc/rc.

Variables defined in set_rcvar are always set in load_rc_config() after
loading rc.conf.  An rc.d script can now be written in a self-contained
manner regarding the related variables as follows:

---
name=foo
rcvar=foo_enable

set_rcvar foo_enable	YES	"Enable $name"
set_rcvar foo_flags	"-s"	"Flags to $name"

...

load_rc_config $name
run_rc_command "$@"
---
2014-10-02 01:16:30 +00:00
Hiroki Sato
363a68722a Do not set net.inet.ip.{sourceroute,accept_sourceroute} in a vnet jail.
The following warnings were displayed:

 sysctl: net.inet.ip.sourceroute=0: Operation not permitted
 sysctl: net.inet.ip.accept_sourceroute=0: Operation not permitted
2014-09-13 18:54:15 +00:00
Hiroki Sato
8eac80769b - Use $local_startup to load rc.conf.d/* scripts.
- Document support of rc.conf.d/<dir>/* introduced in r270392.

Discussed with:	bapt
2014-08-27 09:19:22 +00:00
Baptiste Daroussin
0dba3159e1 Allow to configure services from ${LOCALBASE}/etc/rc.conf.d
Reviewed by:	bdrewery
MFC after:	1 week
Relnotes:	yes
2014-08-26 22:33:34 +00:00
Dag-Erling Smørgrav
5407523fe5 Add support for /etc/rc.conf.d/<service> subdirectories. This is
particularly useful for services such as "network" (netif) where each
interface can now have its own separate configuration file.
Add /etc/rc.conf.d to the mtree file so it is always present.

MFC after:	3 days
2014-08-23 10:51:37 +00:00
Devin Teske
99082d19f1 Loosen the processing of *_IF_aliasN vars to be less strict. Previously,
the first alias had to be _alias0 and processing stopped at the first non-
defined variable (preventing gaps). Allowing gaps gives the administrator
the ability to group aliases in an adhoc manner and also lifts the
requirement to renumber aliases simply to comment-out an existing one.
Aliases are processed in numerical ascending order.

Discussed on:	-rc
MFC after:	1 week
2014-04-07 22:40:29 +00:00
Hiroki Sato
84b354cb9a - Update rc.d/jail to use a jail(8) configuration file instead of
command line options.  The "jail_<jname>_*" rc.conf(5) variables for
  per-jail configuration are automatically converted to
  /var/run/jail.<jname>.conf before the jail(8) utility is invoked.
  This is transparently backward compatible.

- Fix a minor bug in jail(8) which prevented it from returning false
  when jail -r failed.

Approved by:	re (glebius)
2013-10-10 09:32:27 +00:00
Dag-Erling Smørgrav
49cede74ee Add a setup script for unbound(8) called local-unbound-setup. It
generates a configuration suitable for running unbound as a caching
forwarding resolver, and configures resolvconf(8) to update unbound's
list of forwarders in addition to /etc/resolv.conf.  The initial list
is taken from the existing resolv.conf, which is rewritten to point to
localhost.  Alternatively, a list of forwarders can be provided on the
command line.

To assist this script, add an rc.subr command called "enabled" which
does nothing except return 0 if the service is enabled and 1 if it is
not, without going through the usual checks.  We should consider doing
the same for "status", which is currently pointless.

Add an rc script for unbound, called local_unbound.  If there is no
configuration file, the rc script runs local-unbound-setup to generate
one.

Note that these scripts place the unbound configuration files in
/var/unbound rather than /etc/unbound.  This is necessary so that
unbound can reload its configuration while chrooted.  We should
probably provide symlinks in /etc.

Approved by:	re (blanket)
2013-09-23 04:36:51 +00:00
Andriy Gapon
3ee030e1e9 rc.subr: disabling globbing while processing devfs rules
The rules themselves typically have shell-like patterns and it is
incorrect when they get replaced with matching filesystem entries.

Shell magic by:	jilles
MFC after:	2 weeks
2013-03-28 08:13:52 +00:00
Steven Hartland
7ef204a2a9 Allow perl scripts to be used in rc.d scripts
PR:		conf/117027
Reviewed by:	pjd (mentor)
Approved by:	hrs
MFC after:	2 weeks
2013-01-10 11:08:22 +00:00
Hiroki Sato
c426f75e3b Do not put "already running" message when rc_quiet=yes.
PR:	bin/165477
2012-11-20 04:45:04 +00:00
Hiroki Sato
571b26027e Add check_namevarlist() to check if ${name}_var is reserved in rc.subr or not. 2012-11-17 18:11:10 +00:00
Hiroki Sato
c58c2dc7d5 Add setfib(1) support for services as <name>_fib in rc.conf. 2012-10-27 19:09:09 +00:00
Chris Rees
b2de5bffb6 Allow spaces in _chroot
Noticed by:	adj (IRC/#bsdports)
Approved by:	hrs
MFC after:	1 month
2012-10-27 17:43:30 +00:00
Kevin Lo
1424b561e1 Whitespace nit 2012-07-13 06:46:09 +00:00
Xin LI
90de8d2a65 Put the signal trap output to standard error instead of standard output.
Without this change, pressing ^T could result in rc.d script putting
junk strings like:

	Script <filename> running

in configuration files when redirecting standard output to these files.

MFC after:	2 weeks
2012-02-18 00:46:18 +00:00
Doug Barton
20ceedfb69 Fix various issues with the NFS and RPC related scripts:
1. Add new functionality to the force_depend method to incorporate the
   tests for whether the service is enabled and/or already running.
2. Add a new option to bypass checking only that the service is enabled
   at boot time, and always check if it is running.
3. Use this new functionality to greatly simplify the rc.d scripts that
   use force_depend.
4. Add a force_depend for statd in lockd
5. Remove the check that either nfs_server or nfs_client is _enable'd
   from statd and lockd. This was always overkill, and prevented using
   the {one|force}start options, as well as stop'ing on the command line.
6. The yp* scripts had some of their arguments in various weird orders.
   Bring them into line with the model.
7. If mountd fails to create /var/db/mountdtab, err out.

Ideas, suggestions, and/or review from delphij and jilles.
Pointy hats are completely my responsibility however.
2012-02-14 10:51:24 +00:00
Doug Barton
72fc1aafe2 If we're booting there is no need to waste time determining if the service
is running or not.

PR:		conf/150752
Submitted by:	YIN Xiaofeng <75394094@qq.com>
2012-01-20 10:31:27 +00:00
Doug Barton
61d4638e52 Now that its callers have been udpated, remove set_rcvar().
The concept of set_rcvar() was nice in theory, but the forks
it creates are a drag on the startup process, which is especially
noticeable on slower systems, such as embedded ones.
2012-01-14 08:59:02 +00:00
Eygene Ryabinkin
0113cca483 rc.d: document 'quiet' prefix and fix dhclient/devd interaction
Document the current semantics of the 'quiet' command prefix
in the rc.subr(8).

Fix dhclient rc.d script: it should not call err() for
non-DHCP-enabled interface when it is called from devd, because the
latter just blindly calls 'service dhclient quietstart' on each "link
up" event.

Since the 'quietstart' will silence the message "Cannot 'start' <foo>.
Set <foo>_enable to YES in /etc/rc.conf or use 'onestart' instead of
'start'." and running dhclient on the non-DHCP-enabled interface is
the same thing as running the service <foo> without <foo>_enable set,
such modification is in sync with the current semantics of the 'quiet'
prefix.

Approved by: glebius
Reviewed by: freebsd-rc list
MFC after:	2 weeks
2012-01-12 06:48:11 +00:00
Doug Barton
a194b02d88 There is no longer a need to abstract ${rcvar_manpage} as we are not
attempting to maintain compatibility with NetBSD for some years now.
2012-01-08 20:25:29 +00:00
Ulrich Spörlein
081dc98788 Spelling fixes for etc/ 2012-01-07 16:10:32 +00:00