svn commit: r341793 - stable/12/usr.sbin/periodic/etc/weekly
Eugene Grosbein
eugen at FreeBSD.org
Mon Dec 10 14:19:59 UTC 2018
Author: eugen
Date: Mon Dec 10 14:19:57 2018
New Revision: 341793
URL: https://svnweb.freebsd.org/changeset/base/341793
Log:
MFC r340322-r340324,r340327: periodic/etc/weekly/340.noid
Prevent periodic/etc/weekly/340.noid from descending into root directories
of jails. Jails have their own user/group databases and this script
can produce multiple false warnings, not to mention significant extra
load in case of large jailed subtrees. Leave this check for jailed
invocations of the same script.
Modified:
stable/12/usr.sbin/periodic/etc/weekly/340.noid
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/usr.sbin/periodic/etc/weekly/340.noid
==============================================================================
--- stable/12/usr.sbin/periodic/etc/weekly/340.noid Mon Dec 10 14:12:04 2018 (r341792)
+++ stable/12/usr.sbin/periodic/etc/weekly/340.noid Mon Dec 10 14:19:57 2018 (r341793)
@@ -16,8 +16,26 @@ case "$weekly_noid_enable" in
echo ""
echo "Check for files with an unknown user or group:"
+ # Host should not test jailed subtrees as jails have their own
+ # databases of users and groups. Leave them for jailed invocations
+ # of this script.
+
+ exclude=''
+ if [ $(sysctl -n security.jail.jailed) = 0 ]; then
+ sep=:
+ OIFS="$IFS"
+ IFS="$sep"
+ for param in $(jail -f "`sysrc -n jail_conf`" -e "$sep" 2>/dev/null)
+ do
+ case "$param" in
+ path=*) exclude="$exclude -path ${param#path=} -prune -or"
+ esac
+ done
+ IFS="$OIFS"
+ fi
+
rc=$(find -H ${weekly_noid_dirs:-/} \
- \( ! -fstype local -prune -or -name \* \) -and \
+ \( $exclude ! -fstype local -prune -or -name \* \) -and \
\( -nogroup -o -nouser \) -print | sed 's/^/ /' |
tee /dev/stderr | wc -l)
[ $rc -gt 1 ] && rc=1
More information about the svn-src-all
mailing list