Date: Fri, 13 Jan 2012 17:18:59 -0800 From: Doug Barton <dougb@FreeBSD.org> To: obrien@FreeBSD.org Cc: freebsd-rc@FreeBSD.org Subject: Re: Problem with LOGIN and cron Message-ID: <4F10D803.5060706@FreeBSD.org> In-Reply-To: <20120113193246.GB87287@dragon.NUXI.org> References: <20120112234424.GA41056@dragon.NUXI.org> <4F1004DB.2030102@FreeBSD.org> <20120113193246.GB87287@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------090603040807070704090303 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 01/13/2012 11:32, David O'Brien wrote: > On Fri, Jan 13, 2012 at 02:18:03AM -0800, Doug Barton wrote: >> I haven't fully processed the implications to your proposed change to >> rcorder, but a quick meta-note. We should not introduce any new >> examples of BEFORE in base rc.d scripts. That knob is useful for >> ports/local stuff, but it makes debugging harder. > > Doug, > Thanks for the info. I need to digest the BEFORE vs. LOGIN REQUIRE it a > little bit more with my local patch. > > >> It moves cron and jail from right before LOGIN, to fairly late after it. >> There are no other changes. On my system specifically: > > With my change, jail was pushed earlier, not later. I'm pretty sure > jail should run before changes the secure level -- especially if one > wants securelevel=3. Fair enough, attached patch doesn't change jail but moves cron late like my last patch. Doug -- You can observe a lot just by watching. -- Yogi Berra Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ --------------090603040807070704090303 Content-Type: text/plain; name="rc.d-securelevel.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="rc.d-securelevel.diff" diff -ur /usr/src/etc/rc.d/LOGIN ./LOGIN --- /usr/src/etc/rc.d/LOGIN 2012-01-08 14:34:00.000000000 -0800 +++ ./LOGIN 2012-01-13 02:06:23.000000000 -0800 @@ -4,7 +4,7 @@ # # PROVIDE: LOGIN -# REQUIRE: DAEMON +# REQUIRE: DAEMON securelevel # This is a dummy dependency to ensure user services such as xdm, # inetd, cron and kerberos are started after everything else, in case Only in /usr/src/etc/rc.d: Makefile diff -ur /usr/src/etc/rc.d/cron ./cron --- /usr/src/etc/rc.d/cron 2012-01-08 14:34:01.000000000 -0800 +++ ./cron 2012-01-13 02:08:04.000000000 -0800 @@ -5,7 +5,6 @@ # PROVIDE: cron # REQUIRE: LOGIN cleanvar -# BEFORE: securelevel # KEYWORD: shutdown . /etc/rc.subr diff -ur /usr/src/etc/rc.d/jail ./jail --- /usr/src/etc/rc.d/jail 2012-01-08 14:34:01.000000000 -0800 +++ ./jail 2012-01-13 17:09:44.000000000 -0800 @@ -4,8 +4,7 @@ # # PROVIDE: jail -# REQUIRE: LOGIN cleanvar -# BEFORE: securelevel +# REQUIRE: DAEMON cleanvar # KEYWORD: nojail shutdown # WARNING: This script deals with untrusted data (the data and diff -ur /usr/src/etc/rc.d/securelevel ./securelevel --- /usr/src/etc/rc.d/securelevel 2012-01-08 14:34:01.000000000 -0800 +++ ./securelevel 2012-01-13 17:14:55.000000000 -0800 @@ -4,6 +4,7 @@ # # PROVIDE: securelevel +# REQUIRE: DAEMON jail . /etc/rc.subr --------------090603040807070704090303--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F10D803.5060706>