From owner-freebsd-current@FreeBSD.ORG Sun Feb 23 22:04:04 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EB6D59E3; Sun, 23 Feb 2014 22:04:04 +0000 (UTC) Received: from mail-ig0-x235.google.com (mail-ig0-x235.google.com [IPv6:2607:f8b0:4001:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id AACD51A60; Sun, 23 Feb 2014 22:04:04 +0000 (UTC) Received: by mail-ig0-f181.google.com with SMTP id y6so3380072igj.2 for ; Sun, 23 Feb 2014 14:04:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=SoGKuurqYrBBdkZ11GjsQLxQeF0jBmvg2gXGUstbg4A=; b=GNEl7w8GAkzyZ/uyE1oNzy8LubRDAm7xrG+hv6QQN3t3UbOlhX0kOZ9td6etQRl7HN mxXeI6LpY3GUiL0uesfbbERc2VlTJZRP5ft48/a+7lnHJhLqtWxKNID/VL5e3Az/otcI 6zk7c/Aks149iIcyp//+Vtxc07e0Rz9YKhxhSwTc4PnvNf5+nfZykEeup+NTHa/MDScU QhI4DDucUZbl3VtcpOnL/SHf6cSlcBt4Q/MggpIHXMzByJxNdsAPWsuzwbFmH9eZHwNk aW8zaqkM2ViWhX3P6t0Ce3P+aHkX0SpQy1dIY8yzCnIVLDa4X7boNI+mTZVF3Ldja09G ADJQ== X-Received: by 10.50.117.69 with SMTP id kc5mr10755125igb.25.1393193044216; Sun, 23 Feb 2014 14:04:04 -0800 (PST) Received: from [10.0.0.150] (50-78-194-198-static.hfc.comcastbusiness.net. [50.78.194.198]) by mx.google.com with ESMTPSA id f1sm19542612igy.2.2014.02.23.14.04.02 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 23 Feb 2014 14:04:03 -0800 (PST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Subject: Re: libinit idea From: Warner Losh In-Reply-To: <0DB376E3-8C7F-4F20-9DEE-4DB98C078571@FreeBSD.org> Date: Sun, 23 Feb 2014 15:04:07 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <6B911759-48AC-4981-A5E1-2634B5D01F0D@gmail.com> References: <62A9DF47-C938-464B-92B6-9A2A96B5A9C9@FreeBSD.org> <530A39BB.6070003@allanjude.com> <0DB376E3-8C7F-4F20-9DEE-4DB98C078571@FreeBSD.org> To: David Chisnall X-Mailer: Apple Mail (2.1827) X-Mailman-Approved-At: Mon, 24 Feb 2014 02:15:56 +0000 Cc: FreeBSD Current X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Feb 2014 22:04:05 -0000 On Feb 23, 2014, at 11:17 AM, David Chisnall = wrote: > On 23 Feb 2014, at 18:11, Allan Jude wrote: >=20 >> sysrc solves this nicely, it is in base now, and is great for >> programmatically adding, removing and changing lines in rc.conf style >> files. It is also in ports for older versions of FreeBSD where it is = not >> in base. >=20 > The problem is, there is no such thing as an rc.conf style file. = rc.conf is just a shell script. If you only edit it with sysrc, or you = are careful to preserve the structure, then it's fine. There is = absolutely nothing stopping you, however, from writing arbitrarily = complex shell scripts inside rc.conf. Sure, it's a terrible idea to do = so, but when has that ever stopped anyone? >=20 > An rc-replacement could enforce this by only accepting purely = declarative files for configuration, guaranteeing that if they were = syntactically valid they would also be machine editable, no matter what = the user does to them. We already have a rc.conf.default. Why not a rc.conf.automation that = does that and is added to the list of things to source? Then things like = sysrc could operation on that secure in the knowledge that no shell = commands could be there, and all bets are off if someone edits it by = hand? Warner