Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 May 2025 22:27:19 GMT
From:      Lexi Winter <ivy@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 0268d03ba195 - main - svcj: add "routing" option
Message-ID:  <202505122227.54CMRJIr061019@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by ivy:

URL: https://cgit.FreeBSD.org/src/commit/?id=0268d03ba1955c5cc3cbef9a86691718e516a77c

commit 0268d03ba1955c5cc3cbef9a86691718e516a77c
Author:     Lexi Winter <ivy@FreeBSD.org>
AuthorDate: 2025-05-11 02:01:10 +0000
Commit:     Lexi Winter <ivy@FreeBSD.org>
CommitDate: 2025-05-12 22:25:45 +0000

    svcj: add "routing" option
    
    "routing" enables the jail allow.routing permission, which allows the jail to
    modify the system routing table.  this can be used to run routing daemons
    (e.g., BIRD) in a service jail.
    
    Reviewed by:    jamie, des
    Approved by:    des (mentor)
    Differential Revision:  https://reviews.freebsd.org/D49844
---
 libexec/rc/rc.subr       | 3 +++
 share/man/man5/rc.conf.5 | 4 +++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr
index c74cbcef9d62..2261ab0461e1 100644
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@@ -1259,6 +1259,9 @@ run_rc_command()
 				nfsd)
 					_svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}"
 					;;
+				routing)
+					_svcj_cmd_options="allow.routing ${_svcj_cmd_options}"
+					;;
 				settime)
 					_svcj_cmd_options="allow.settime ${_svcj_cmd_options}"
 					;;
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 7dbea16d51f9..4b15db07a129 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -22,7 +22,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd May 6, 2025
+.Dd May 11, 2025
 .Dt RC.CONF 5
 .Os
 .Sh NAME
@@ -5019,6 +5019,8 @@ allows to open raw sockets, and allows to open sockets of protocol stacks that
 have not had jail functionality added to them.
 .It nfsd
 Allows to run nfsd and affiliated daemons.
+.It routing
+Allows to modify the system routing table.
 .It settime
 Allows to set and slew the system time.
 .It sysvipc

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202505122227.54CMRJIr061019>