From nobody Sun Mar 12 21:35:28 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PZY403bYnz3xfyB; Sun, 12 Mar 2023 21:35:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PZY4036DCz4b54; Sun, 12 Mar 2023 21:35:28 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678656928; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9lGYXHRdJ0ZiMTb6nqZ6pD/qA4LpUHIUwqTQczgDDUU=; b=ee7y9/wPKvI9Yrz9MPYLVAB/MqiiZRhtsMD1NRM0Q5nsb3BvJ3wPqZVy8uNIx4gvwE+fqp rcEto1yO5s14Tt6QWuc2KHn/307z4d/yboDUfbS8wPncUqjkBn89zkfEUcBAONc+uMhskC Uvp0EBWP9h6KZSTSA1wS4dzUu9SSTkivoQhm+T/HYINE8v3XXyE1zv/YiU/0mJRBFUPyBZ G6ey85s1TCj56q4BXXgKzlgsFSB2VuiSLCFI+yfJ3CenYOhGIRyjTlgW7vXG7M7ymD7fTy mXmyYhFPPh76UXBiom+VKSKkP75GGkja35Va1OHeNbl6KnFOAMtGemVY+p1khQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678656928; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9lGYXHRdJ0ZiMTb6nqZ6pD/qA4LpUHIUwqTQczgDDUU=; b=OoIDhs4pe68MuaTCuCD9XoGZyCbRlUOJsF87A5opUo7RCfoa6r3gstFbWx87caE70P65xT bCFB6/FG3qmWm8x2lLYnoLiHxb92tEoTsb3OL/r0VWceM3EOH+VJFzdbEM4vUoQwvLTYNe DCpp+8Nfa2EZfR8aX6XFKaTVnFZ+ZcCVqx1QQL3H8JI+HvAzC2B1lrMscEzrfM67MR4zUk LbLefu+Q6c5FgZMOy5Kfxm2JC3bahtsmXmoP4rvTepsf8E/bS0e6IrBpY7Oaua2JKtNEOL DY/1iBUjeHa5NmHTHu0iEw6kOry8C5uJZxAXeXrQjHrrVpc5yR92duE8/5rZxg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1678656928; a=rsa-sha256; cv=none; b=w5N754ZhfPZrgRRIG43AiEi7n0ogWu1tMhP6iLKXcDV0N+T69+daIzZHcc/+4ZymX1vUmy rQ77bGGY8LjM+ald8+f8U/xFNwZCsinuWcDrrDblp/0jM0hjJG20zaeYIwe+o+Y5UbWEVk 18fqqhqUnUryfzi51sYJlKIgvtj51sZ/6htBr4dLvrFETUJKc6kyFOtZybqIU1Z7A9ZCxN gwGMm5e7r+fIANAMRiUe0DB5JVWolUhjPfutGWifTUx0Gf8xqL/6v1heN/2TOV7+7FG9Xb 8ttYpmvC0Bl4P6+u+lxwivDnlrA39P+6BnI+ixQ2I8lAYD+BcwkrtJmELgTMsw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PZY4029XczS8c; Sun, 12 Mar 2023 21:35:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 32CLZSOF032044; Sun, 12 Mar 2023 21:35:28 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 32CLZSuY032043; Sun, 12 Mar 2023 21:35:28 GMT (envelope-from git) Date: Sun, 12 Mar 2023 21:35:28 GMT Message-Id: <202303122135.32CLZSuY032043@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Rick Macklem Subject: git: 0bb08f21cc5c - main - rc.d: Fix NFS server startup scripts to enable vnet prison use List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0bb08f21cc5c62d0e2dfcea500521fa801058dd3 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=0bb08f21cc5c62d0e2dfcea500521fa801058dd3 commit 0bb08f21cc5c62d0e2dfcea500521fa801058dd3 Author: Rick Macklem AuthorDate: 2023-03-12 21:34:25 +0000 Commit: Rick Macklem CommitDate: 2023-03-12 21:34:25 +0000 rc.d: Fix NFS server startup scripts to enable vnet prison use Now that commit cbbb22031f9b is in main, it is possible to run nfsd(8), nfsuserd(8), mountd(8), gssd(8) and rpc.tlsservd(8) in an appropriately configured vnet prison if the "allow.nfsd" option is specified in jail.conf. This patch fixes the rc scripts for this. Mostly just replaces the "nojail" KEYWORD with "nojailvnet", but also avoids setting vfs.nfsd.srvmaxio in a prison, since it must be set outside of the prisons and applies to all nfsd(8) instances. Reviewed by: jamie MFC after: 3 months Differential Revision: https://reviews.freebsd.org/D38809 --- libexec/rc/rc.d/gssd | 2 +- libexec/rc/rc.d/mountd | 2 +- libexec/rc/rc.d/nfsd | 4 ++-- libexec/rc/rc.d/nfsuserd | 2 +- libexec/rc/rc.d/tlsservd | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/libexec/rc/rc.d/gssd b/libexec/rc/rc.d/gssd index 79dbf10ca575..8d67a3689b3c 100755 --- a/libexec/rc/rc.d/gssd +++ b/libexec/rc/rc.d/gssd @@ -6,7 +6,7 @@ # PROVIDE: gssd # REQUIRE: root mountcritlocal NETWORKING kdc # BEFORE: mountcritremote -# KEYWORD: nojail shutdown +# KEYWORD: nojailvnet shutdown . /etc/rc.subr diff --git a/libexec/rc/rc.d/mountd b/libexec/rc/rc.d/mountd index d75416736245..69391fe78e47 100755 --- a/libexec/rc/rc.d/mountd +++ b/libexec/rc/rc.d/mountd @@ -5,7 +5,7 @@ # PROVIDE: mountd # REQUIRE: NETWORKING rpcbind quota mountlate -# KEYWORD: nojail shutdown +# KEYWORD: nojailvnet shutdown . /etc/rc.subr diff --git a/libexec/rc/rc.d/nfsd b/libexec/rc/rc.d/nfsd index b746cf7cea9d..6c2d5c22d963 100755 --- a/libexec/rc/rc.d/nfsd +++ b/libexec/rc/rc.d/nfsd @@ -5,7 +5,7 @@ # PROVIDE: nfsd # REQUIRE: mountcritremote mountd hostname gssd nfsuserd -# KEYWORD: nojail shutdown +# KEYWORD: nojailvnet shutdown . /etc/rc.subr @@ -28,7 +28,7 @@ nfsd_precmd() # oids are available. load_kld nfsd || return 1 - if [ -n "${nfs_server_maxio}" ]; then + if [ -n "${nfs_server_maxio}" ] && ! check_jail jailed; then if ! sysctl vfs.nfsd.srvmaxio=${nfs_server_maxio} >/dev/null; then warn "Failed to set server max I/O" fi diff --git a/libexec/rc/rc.d/nfsuserd b/libexec/rc/rc.d/nfsuserd index 804b1243a4c4..6c9293a52c09 100755 --- a/libexec/rc/rc.d/nfsuserd +++ b/libexec/rc/rc.d/nfsuserd @@ -5,7 +5,7 @@ # PROVIDE: nfsuserd # REQUIRE: NETWORKING -# KEYWORD: nojail shutdown +# KEYWORD: nojailvnet shutdown . /etc/rc.subr diff --git a/libexec/rc/rc.d/tlsservd b/libexec/rc/rc.d/tlsservd index cca28ed60ffe..95a62060fe32 100755 --- a/libexec/rc/rc.d/tlsservd +++ b/libexec/rc/rc.d/tlsservd @@ -6,7 +6,7 @@ # PROVIDE: tlsservd # REQUIRE: NETWORKING root mountcritlocal sysctl # BEFORE: nfsd -# KEYWORD: nojail shutdown +# KEYWORD: nojailvnet shutdown . /etc/rc.subr