git: 3a0eb293164e - main - rc.subr: add 'settime' to svcj options
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 21 Apr 2025 00:40:14 UTC
The branch main has been updated by ivy:
URL: https://cgit.FreeBSD.org/src/commit/?id=3a0eb293164eb3badd2f45e835acd6f16518df93
commit 3a0eb293164eb3badd2f45e835acd6f16518df93
Author: Lexi Winter <ivy@FreeBSD.org>
AuthorDate: 2025-04-20 21:37:19 +0000
Commit: Lexi Winter <ivy@FreeBSD.org>
CommitDate: 2025-04-21 00:38:29 +0000
rc.subr: add 'settime' to svcj options
<svc>_svcj_options="settime" enables the jail allow.settime privilege,
which allows to set and slew the system clock. this allows NTP daemons
to run in a service jail.
Reviewed by: jamie, kevans, des, #jails, #manpages
Approved by: kevans (mentor)
Differential Revision: https://reviews.freebsd.org/D49845
---
libexec/rc/rc.subr | 3 +++
share/man/man5/rc.conf.5 | 4 +++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr
index 29ed0eb05824..c74cbcef9d62 100644
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@@ -1259,6 +1259,9 @@ run_rc_command()
nfsd)
_svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}"
;;
+ settime)
+ _svcj_cmd_options="allow.settime ${_svcj_cmd_options}"
+ ;;
sysvipc)
_svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1))
_svcj_cmd_options="sysvmsg=inherit sysvsem=inherit sysvshm=inherit ${_svcj_cmd_options}"
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 1086fe01a0e8..e58a1f5001b5 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd April 14, 2025
+.Dd April 20, 2025
.Dt RC.CONF 5
.Os
.Sh NAME
@@ -5009,6 +5009,8 @@ allows to open raw sockets, and allows to open sockets of protocol stacks that
have not had jail functionality added to them.
.It nfsd
Allows to run nfsd and affiliated daemons.
+.It settime
+Allows to set and slew the system time.
.It sysvipc
Inherits the SysV semaphores, SysV shared memory and
SysV messages from the host or the parent jail.