mirror of
https://git.FreeBSD.org/src.git
synced 2024-10-19 02:29:40 +00:00
rc.subr: add some sanity checks for service jails
Add some sanity checks when service jails are used in jails: - children.max > 0 - children.max - children.cur > 0 The nesting is too deep at those places to have a sane formatting, so no line wrapping at the usual column. If someone has a better idea how to format this: feel free to go ahead.
This commit is contained in:
parent
a70ecfb117
commit
2d08f6b577
@ -1332,11 +1332,28 @@ run_rc_command()
|
||||
start)
|
||||
if [ "${_rc_svcj}" != jailing ]; then
|
||||
_return=1
|
||||
$JAIL_CMD -c $_svcj_generic_params $_svcj_cmd_options \
|
||||
exec.start="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}start $rc_extra_args" \
|
||||
exec.stop="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}stop $rc_extra_args" \
|
||||
exec.consolelog="/var/log/svcj_${name}_console.log" \
|
||||
name=svcj-${name} && _return=0
|
||||
_do_jailing=1
|
||||
|
||||
if check_jail jailed; then
|
||||
if [ $(${SYSCTL_N} security.jail.children.max) -eq 0 ]; then
|
||||
echo ERROR: jail parameter children.max is set to 0, can not create a new service jail.
|
||||
_do_jailing=0
|
||||
else
|
||||
_free_jails=$(($(${SYSCTL_N} security.jail.children.max) - $(${SYSCTL_N} security.jail.children.cur)))
|
||||
if [ ${_free_jails} -eq 0 ]; then
|
||||
echo ERROR: max number of jail children reached, can not create a new service jail.
|
||||
_do_jailing=0
|
||||
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if [ ${_do_jailing} -eq 1 ]; then
|
||||
$JAIL_CMD -c $_svcj_generic_params $_svcj_cmd_options \
|
||||
exec.start="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}start $rc_extra_args" \
|
||||
exec.stop="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}stop $rc_extra_args" \
|
||||
exec.consolelog="/var/log/svcj_${name}_console.log" \
|
||||
name=svcj-${name} && _return=0
|
||||
fi
|
||||
else
|
||||
_run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || _return=1
|
||||
fi
|
||||
@ -1432,6 +1449,18 @@ run_rc_command()
|
||||
|
||||
if checkyesno ${name}_svcj; then
|
||||
if [ "${_rc_svcj}" != jailing ]; then
|
||||
if check_jail jailed; then
|
||||
if [ $(${SYSCTL_N} security.jail.children.max) -eq 0 ]; then
|
||||
echo ERROR: jail parameter children.max is set to 0, can not create a new service jail.
|
||||
return 1
|
||||
else
|
||||
_free_jails=$(($(${SYSCTL_N} security.jail.children.max) - $(${SYSCTL_N} security.jail.children.cur)))
|
||||
if [ ${_free_jails} -eq 0 ]; then
|
||||
echo ERROR: max number of jail children reached, can not create a new service jail.
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
$JAIL_CMD -c $_svcj_generic_params $_svcj_cmd_options\
|
||||
exec.start="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}start $rc_extra_args" \
|
||||
exec.stop="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}stop $rc_extra_args" \
|
||||
|
Loading…
Reference in New Issue
Block a user