git: 5d574146b0b2 - stable/13 - rc.d: Fix NFS server startup scripts to enable vnet prison use

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Rick Macklem <rmacklem_at_FreeBSD.org>
Date: Mon, 22 May 2023 18:25:04 UTC
The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=5d574146b0b299b64cf07fff8aee4182b7729709

commit 5d574146b0b299b64cf07fff8aee4182b7729709
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-03-12 21:34:25 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-05-22 18:23:58 +0000

    rc.d: Fix NFS server startup scripts to enable vnet prison use
    
    Now that commit cbbb22031f9b is in main,
    it is possible to run nfsd(8), nfsuserd(8), mountd(8),
    gssd(8) and rpc.tlsservd(8) in an appropriately configured vnet
    prison if the "allow.nfsd" option is specified in jail.conf.
    
    This patch fixes the rc scripts for this.
    Mostly just replaces the "nojail" KEYWORD with "nojailvnet",
    but also avoids setting vfs.nfsd.srvmaxio in a prison, since it
    must be set outside of the prisons and applies to all
    nfsd(8) instances.
    
    (cherry picked from commit 0bb08f21cc5c62d0e2dfcea500521fa801058dd3)
---
 libexec/rc/rc.d/gssd     | 2 +-
 libexec/rc/rc.d/mountd   | 2 +-
 libexec/rc/rc.d/nfsd     | 4 ++--
 libexec/rc/rc.d/nfsuserd | 2 +-
 libexec/rc/rc.d/tlsservd | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/libexec/rc/rc.d/gssd b/libexec/rc/rc.d/gssd
index 79dbf10ca575..8d67a3689b3c 100755
--- a/libexec/rc/rc.d/gssd
+++ b/libexec/rc/rc.d/gssd
@@ -6,7 +6,7 @@
 # PROVIDE: gssd
 # REQUIRE: root mountcritlocal NETWORKING kdc
 # BEFORE: mountcritremote
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
diff --git a/libexec/rc/rc.d/mountd b/libexec/rc/rc.d/mountd
index d75416736245..69391fe78e47 100755
--- a/libexec/rc/rc.d/mountd
+++ b/libexec/rc/rc.d/mountd
@@ -5,7 +5,7 @@
 
 # PROVIDE: mountd
 # REQUIRE: NETWORKING rpcbind quota mountlate
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
diff --git a/libexec/rc/rc.d/nfsd b/libexec/rc/rc.d/nfsd
index b746cf7cea9d..6c2d5c22d963 100755
--- a/libexec/rc/rc.d/nfsd
+++ b/libexec/rc/rc.d/nfsd
@@ -5,7 +5,7 @@
 
 # PROVIDE: nfsd
 # REQUIRE: mountcritremote mountd hostname gssd nfsuserd
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
@@ -28,7 +28,7 @@ nfsd_precmd()
 	# oids are available.
 	load_kld nfsd || return 1
 
-	if [ -n "${nfs_server_maxio}" ]; then
+	if [ -n "${nfs_server_maxio}" ] && ! check_jail jailed; then
 		if ! sysctl vfs.nfsd.srvmaxio=${nfs_server_maxio} >/dev/null; then
 			warn "Failed to set server max I/O"
 		fi
diff --git a/libexec/rc/rc.d/nfsuserd b/libexec/rc/rc.d/nfsuserd
index 804b1243a4c4..6c9293a52c09 100755
--- a/libexec/rc/rc.d/nfsuserd
+++ b/libexec/rc/rc.d/nfsuserd
@@ -5,7 +5,7 @@
 
 # PROVIDE: nfsuserd
 # REQUIRE: NETWORKING
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr
 
diff --git a/libexec/rc/rc.d/tlsservd b/libexec/rc/rc.d/tlsservd
index cca28ed60ffe..95a62060fe32 100755
--- a/libexec/rc/rc.d/tlsservd
+++ b/libexec/rc/rc.d/tlsservd
@@ -6,7 +6,7 @@
 # PROVIDE: tlsservd
 # REQUIRE: NETWORKING root mountcritlocal sysctl
 # BEFORE: nfsd
-# KEYWORD: nojail shutdown
+# KEYWORD: nojailvnet shutdown
 
 . /etc/rc.subr