maintainer-feedback requested: [Bug 279494] www/apache24: make the start script service jails ready

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 279494] www/apache24: make the start script service jails ready"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 03 Jun 2024 12:38:39 UTC

Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-apache (Nobody)
<apache@FreeBSD.org> for maintainer-feedback:
Bug 279494: www/apache24: make the start script service jails ready
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279494



--- Description ---
Attached is a patch which makes the rc.d script service jails ready. This is a
new feature in -current.

The setup I've chosen is to allow ipv4/ipv6 access. It does not allow to use
sysv IPC in a jail. IF you want to add this possibility, the config would need
to be changed to "net_basic sysvipc" instead. The config can be overridden in
rc.conf.

See also:
  https://docs.freebsd.org/en/books/handbook/jails/#service-jails
  https://docs.freebsd.org/en/articles/rc-scripting/#rcng-service-jails

Some notes:
 - This is not tested.
 - Why are you using the special apache24_limits_* stuff? We have the
name_limits stuff as part of the rc framework.
 - The limits part in the precmd will probably not work in a service jail, as
the start command will be executed in a jail and the precmd outside the jail.
 - While the patch is taking the profiles into account, it may fail when the
jail is started, as the name of the service jail is derived from the name of
the rc script (assuming "profiles" means different instances of apache are
started for each profile). The tomcat/oauth2-proxy/openhab ports use a way to
have different instances of the software running in parallel which is based
upon the name of the rc script (links to the original rc script). That way
works well with service jails.