From nobody Wed May 28 01:16:43 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4b6Wmr3PhWz5wghQ; Wed, 28 May 2025 01:16:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4b6Wmr0xMyz4GBJ; Wed, 28 May 2025 01:16:44 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1748395004; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y03TkcPo8N0SzWdB004tDinxfw8LOfDW0NbuD1P9TKA=; b=d6d3efG36wM9gPOFOMwk98zMPgsJmZfmiT0w9iA4fZgp+o5SgcnsQAWmWDgSII7tCIoRTB ke3eCK6lEAAbYI+m2vj2w6xa3z0ktqAa82cCC+t+9/cfztLxN7wMLe3gMupB1SfNYtzVkW cCGIx5NYItxTKP88atIUjNBxJcY/9nhJQcztkAN3Q/BYN11qtmlf/dMYMoqX5Ym0rWo2WS cHsjhgyvCpmo4UsQb7AklK/pT6meNWcztBB2pVUuyFM3LJeY7Dkk1T+11sRDx6di+mimDb 1n2sBBFc7337Ld0c3MClAFJL6VF6Qhecpp4gQnLsFZukvGHAod32Gx4+mCm2wg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1748395004; a=rsa-sha256; cv=none; b=NM/R8R9KSin+llZDYMVTKi5wlGovPSOETLaOF7H53PnGFsvWu9KZEQXUmAJ6m7dqjF0MsI CvHksesOCWEe8auTHzPz7Ilt41CeZReQqSJaGJul/x2YYJzxRX1uTH5MwmdZSiBD+pvc1F COkqbi1fyPodbZB1WJ8xCcQx7mrah8O7pbfd5+zm7xI4ZagvElFMdgdJCGE05ok3JSvnVL NBxAwHESfY1GTuasoQIxZZFyzBOr8tdWOTD8a546FJB6OoIQ+845q0CIeCjtvxiT8H99YF 3XfG6opYo+rXg2V+ALwVATJnvUNWrlU6iNQLf+wTydjAXzn3ZXQtO2Sff5uN/Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1748395004; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y03TkcPo8N0SzWdB004tDinxfw8LOfDW0NbuD1P9TKA=; b=tCXowegFsNrlc0SiRrpeDwXuTTTIeYbVC+KJ0Mf/jGFYrXHue8XdqNrj9h5Moy1nR+z+1k Gw3TntEb1seby2oq9jJjNYNTa2bB0cW3+ukTJPwVkEH83XSgOZeLvfPFb+LyKBxqe6C/rk RPBCS3KL7a4bZheSkcs6VXQX3liGVFTT5DkZtEFRW6Hgngfcq7GOJOp7rFqTo9fUsAgI1V dih1vH/CCuyT9KjsjBKFr1bjbtw7P2rY3d1zGSzXPET+6YM3GkIykbmQISkHstRkH9A5jF 6kiOajdMoerCn60uu+1IZpDKhHy+y4dvzY6cIw5ISQKvESREbMUnaNLQlH/uNA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4b6Wmr0WvVz21v; Wed, 28 May 2025 01:16:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 54S1Ghev030972; Wed, 28 May 2025 01:16:43 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 54S1Ghpn030969; Wed, 28 May 2025 01:16:43 GMT (envelope-from git) Date: Wed, 28 May 2025 01:16:43 GMT Message-Id: <202505280116.54S1Ghpn030969@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Lexi Winter Subject: git: 06c41801afac - main - svcj: correctly handle kernels without INET or INET6 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ivy X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 06c41801afacbcfb2912a6716788a2c26e94ea00 Auto-Submitted: auto-generated The branch main has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=06c41801afacbcfb2912a6716788a2c26e94ea00 commit 06c41801afacbcfb2912a6716788a2c26e94ea00 Author: Lexi Winter AuthorDate: 2025-05-27 07:31:18 +0000 Commit: Lexi Winter CommitDate: 2025-05-28 01:16:30 +0000 svcj: correctly handle kernels without INET or INET6 If either INET or INET6 is not enabled in the kernel, then the jail(8) options ip4= resp. ip6= are not available. Detect this case and don't try to provide those options, otherwise svcjs will not start. Do this automatically (without a warning) so that net_basic, which includes both netv4 and netv6, continues to work as expected. If _svcj_ipaddrs is explicitly configured with an address for an IP version not supported by the kernel, issue a warning but continue to start the service. This can result in the service being started with fewer addresses than expected, but never more. Reviewed by: netchild, des Approved by: des (mentor) Differential Revision: https://reviews.freebsd.org/D49976 --- libexec/rc/rc.subr | 52 ++++++++++++++++++++++++++++++++++------------------ 1 file changed, 34 insertions(+), 18 deletions(-) diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index e2a30d9fc9bd..2eaf336b5220 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -1214,27 +1214,43 @@ run_rc_command() fi fi - _svcj_ip="inherit" _svcj_ip4_addrs="" _svcj_ip6_addrs="" - - for addr in $_svcj_ipaddrs; do - case $addr in - *:*) _svcj_ip6_addrs="$addr,${_svcj_ip6_addrs}" ;; - *) _svcj_ip4_addrs="$addr,${_svcj_ip4_addrs}" ;; - esac - done - _svcj_cmd_options="" - if [ -n "$_svcj_ip4_addrs" ]; then - _svcj_cmd_options="ip4.addr=${_svcj_ip4_addrs%*,} ${_svcj_cmd_options}" + if [ -n "$_svcj_ipaddrs" ]; then _svcj_ip="new" + + for addr in $_svcj_ipaddrs; do + case $addr in + *:*) _svcj_ip6_addrs="$addr,${_svcj_ip6_addrs}" ;; + *) _svcj_ip4_addrs="$addr,${_svcj_ip4_addrs}" ;; + esac + done + else + _svcj_ip="inherit" fi - if [ -n "$_svcj_ip6_addrs" ]; then - _svcj_cmd_options="ip6.addr=${_svcj_ip6_addrs%*,} ${_svcj_cmd_options}" - _svcj_ip="new" + if check_kern_features inet; then + _svcj_ip4="ip4=${_svcj_ip}" + if [ -n "$_svcj_ip4_addrs" ]; then + _svcj_cmd_options="ip4.addr=${_svcj_ip4_addrs%*,} ${_svcj_cmd_options}" + fi + else + if [ -n "$_svcj_ip4_addrs" ]; then + warn "$rc_service: ${name}_svcj_ipaddrs contains at least one IPv4 address, but IPv4 is not enabled in the kernel; IPv4 addresses will be ignored." + fi + fi + + if check_kern_features inet6; then + _svcj_ip6="ip6=${_svcj_ip}" + if [ -n "$_svcj_ip6_addrs" ]; then + _svcj_cmd_options="ip6.addr=${_svcj_ip6_addrs%*,} ${_svcj_cmd_options}" + fi + else + if [ -n "$_svcj_ip6_addrs" ]; then + warn "$rc_service: ${name}_svcj_ipaddrs contains at least one IPv6 address, but IPv6 is not enabled in the kernel; IPv6 addresses will be ignored." + fi fi if [ -n "$_svcj_options" ]; then # translate service jail options @@ -1245,19 +1261,19 @@ run_rc_command() _svcj_cmd_options="allow.mlock ${_svcj_cmd_options}" ;; netv4) - _svcj_cmd_options="ip4=${_svcj_ip} allow.reserved_ports ${_svcj_cmd_options}" + _svcj_cmd_options="${_svcj_ip4} allow.reserved_ports ${_svcj_cmd_options}" ;; netv6) - _svcj_cmd_options="ip6=${_svcj_ip} allow.reserved_ports ${_svcj_cmd_options}" + _svcj_cmd_options="${_svcj_ip6} allow.reserved_ports ${_svcj_cmd_options}" ;; net_basic) - _svcj_cmd_options="ip4=${_svcj_ip} ip6=${_svcj_ip} allow.reserved_ports ${_svcj_cmd_options}" + _svcj_cmd_options="${_svcj_ip4} ${_svcj_ip6} allow.reserved_ports ${_svcj_cmd_options}" ;; net_raw) _svcj_cmd_options="allow.raw_sockets ${_svcj_cmd_options}" ;; net_all) - _svcj_cmd_options="allow.socket_af allow.raw_sockets allow.reserved_ports ip4=${_svcj_ip} ip6=${_svcj_ip} ${_svcj_cmd_options}" + _svcj_cmd_options="allow.socket_af allow.raw_sockets allow.reserved_ports ${_svcj_ip4} ${_svcj_ip6} ${_svcj_cmd_options}" ;; nfsd) _svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}"