diff options
| author | mtm <mtm@FreeBSD.org> | 2004-02-03 07:15:32 +0000 |
|---|---|---|
| committer | mtm <mtm@FreeBSD.org> | 2004-02-03 07:15:32 +0000 |
| commit | 104a1a8ee7e67bcd8c5298c613c26e42507dae16 (patch) | |
| tree | 5a431fb75e0824c020eb4b580ba400fbb19b5ee3 /etc/rc.d/jail | |
| parent | 5499170a1210255c5ce193940b542f21618b681d (diff) | |
| download | FreeBSD-src-104a1a8ee7e67bcd8c5298c613c26e42507dae16.zip FreeBSD-src-104a1a8ee7e67bcd8c5298c613c26e42507dae16.tar.gz | |
Configure a jail sysctl value only if it is different than
what the rc.conf(5) knob specifies. Also, correct a minor
capitalization error.
Diffstat (limited to 'etc/rc.d/jail')
| -rw-r--r-- | etc/rc.d/jail | 59 |
1 files changed, 33 insertions, 26 deletions
diff --git a/etc/rc.d/jail b/etc/rc.d/jail index 6de0071..efbf856 100644 --- a/etc/rc.d/jail +++ b/etc/rc.d/jail @@ -59,38 +59,45 @@ init_variables() debug "$_j ruleset: $jail_ruleset" } -jail_start() +# set_sysctl rc_knob mib msg +# If the mib sysctl is set according to what rc_knob +# specifies, this function does nothing. However if +# rc_knob is set differently than mib, then the mib +# is set accordingly and msg is displayed followed by +# an '=" sign and the word 'YES' or 'NO'. +# +set_sysctl() { - echo -n 'Configuring jails:' - echo -n ' set_hostname_allowed=' - if checkyesno jail_set_hostname_allow ; then - echo -n 'YES' - ${SYSCTL_W} 1>/dev/null security.jail.set_hostname_allowed=1 - else - echo -n 'NO' - ${SYSCTL_W} 1>/dev/null security.jail.set_hostname_allowed=0 - fi - - echo -n ' unixiproute_only=' - if checkyesno jail_socket_unixiproute_only ; then - echo -n 'YES' - ${SYSCTL_W} 1>/dev/null security.jail.socket_unixiproute_only=1 + _knob="$1" + _mib="$2" + _msg="$3" + + _current=`${SYSCTL} -n $_mib 2>/dev/null` + if checkyesno $_knob ; then + if [ "$_current" -ne 1 ]; then + echo -n " ${_msg}=YES" + ${SYSCTL_W} 1>/dev/null ${_mib}=1 + fi else - echo -n 'NO' - ${SYSCTL_W} 1>/dev/null security.jail.socket_unixiproute_only=0 + if [ "$_current" -ne 0 ]; then + echo -n " ${_msg}=NO" + ${SYSCTL_W} 1>/dev/null ${_mib}=0 + fi fi +} - echo -n ' sysvipc_allow=' - if checkyesno jail_sysvipc_allow ; then - echo -n 'YES' - ${SYSCTL_W} 1>/dev/null security.jail.sysvipc_allowed=1 - else - echo -n 'NO' - ${SYSCTL_W} 1>/dev/null security.jail.sysvipc_allowed=0 - fi +jail_start() +{ + echo -n 'Configuring jails:' + set_sysctl jail_set_hostname_allow security.jail.set_hostname_allowed \ + set_hostname_allow + set_sysctl jail_socket_unixiproute_only \ + security.jail.socket_unixiproute_only unixiproute_only + set_sysctl jail_sysvipc_allow security.jail.sysvipc_allowed \ + sysvipc_allow echo '.' - echo -n 'Starting Jails:' + echo -n 'Starting jails:' for _jail in ${jail_list} do init_variables $_jail |
