From nobody Mon May 12 22:27:19 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZxDkJ1kqyz5vwZg; Mon, 12 May 2025 22:27:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZxDkJ0F3Cz4GD3; Mon, 12 May 2025 22:27:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1747088840; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NxQLZxXlfALtfDHbMOQ+ajTZg1Y3krXJj1l9z3wCMsg=; b=PxANhAR/eCnPCDYaQ/4SlbwYD+7yseobi67y/zqFazBuOc2iHLv40toL3hFy8Kv02QeSwk s9LeD4GHABmC2Jrrm5ELRZQoN4OfuCSV3MGRkjL3/RuymMbMLTFL8UPJVU7llNft74NIza MEQJjyP1DrJESmXYLGW2b5rYiXH0ywr3uNXg661G3xaOd+0Q13Wb/+9JJ0R7GwjCScbedP nDyAL3JtKEQDZ1a701B0Ub0bEKHCRVIpu9rsRizzNesyCeUIqn3m8hKuQGSQxo9yUnhGpd axwwTZC5Nz0xjitGNOS1AOM9GeKc3t9P1CrkFLo6hwTVaSsqD87i2meuqK5Jcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1747088840; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NxQLZxXlfALtfDHbMOQ+ajTZg1Y3krXJj1l9z3wCMsg=; b=uLguKHdFLOB7PnArHM6k/vJvapE7OVrZHqpY6nY9VcIx/aX4BaZoDA3r8+l5vYbX7eemxt yr4UM5wGJshj8byXWKasV7OFk3wOX+sB8mh0HF4hPsFwn+DBMmS/knhRdia4fTItBpWEkk 53pLUfS8159hp5T1k7DTKI39PHhCWXCBfU7OvyIO6RZN3JDHmzTroh1YPh8UME6utcNqht hNRYXBuEZiw8T/wPsY7ke6cFedHXoFKbngc5Lxb3yJeUB//BDjJtUOn9fKZaigXzKe+hn+ gklthK5CnbDD/LOCyRC493s98YyQsQQNz/bb8Hra5rccopuzRVCiiKissC8aWA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1747088840; a=rsa-sha256; cv=none; b=D5MD953fat5po331i2Fhj3q30q5EQmil7o2Z+6ldMcAZ5z8D382Mu74uJTctPZWsylIAxM 9bT+8pP/SomTmS5yV3TAJ+WieYBS5JEPhg6v5iNPoCQxmS6d8cv3yM8oh7A2CU9+wMTNPn pOKaf9tFTS+88dQMSIJDBRAMozsM9TfOgv6YTFi/V8ilQXbArtXj2ZBqyvvLxnrEXJMpCX qBhoOumF18O5H7APQ2WDck5KEMWhAORj9DTPzflbFgUBEL+kIpQyhg0GeK37N3m0bkoamK 9533eWSGRc/jmQg9dv5xKsVfv+mvIU1EiR480JVwVdOvXc2lJ46cZk9qkUR0Lw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZxDkH6tKYz4ry; Mon, 12 May 2025 22:27:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 54CMRJbO061022; Mon, 12 May 2025 22:27:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 54CMRJIr061019; Mon, 12 May 2025 22:27:19 GMT (envelope-from git) Date: Mon, 12 May 2025 22:27:19 GMT Message-Id: <202505122227.54CMRJIr061019@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Lexi Winter Subject: git: 0268d03ba195 - main - svcj: add "routing" option List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ivy X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0268d03ba1955c5cc3cbef9a86691718e516a77c Auto-Submitted: auto-generated The branch main has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=0268d03ba1955c5cc3cbef9a86691718e516a77c commit 0268d03ba1955c5cc3cbef9a86691718e516a77c Author: Lexi Winter AuthorDate: 2025-05-11 02:01:10 +0000 Commit: Lexi Winter CommitDate: 2025-05-12 22:25:45 +0000 svcj: add "routing" option "routing" enables the jail allow.routing permission, which allows the jail to modify the system routing table. this can be used to run routing daemons (e.g., BIRD) in a service jail. Reviewed by: jamie, des Approved by: des (mentor) Differential Revision: https://reviews.freebsd.org/D49844 --- libexec/rc/rc.subr | 3 +++ share/man/man5/rc.conf.5 | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index c74cbcef9d62..2261ab0461e1 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -1259,6 +1259,9 @@ run_rc_command() nfsd) _svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}" ;; + routing) + _svcj_cmd_options="allow.routing ${_svcj_cmd_options}" + ;; settime) _svcj_cmd_options="allow.settime ${_svcj_cmd_options}" ;; diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index 7dbea16d51f9..4b15db07a129 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd May 6, 2025 +.Dd May 11, 2025 .Dt RC.CONF 5 .Os .Sh NAME @@ -5019,6 +5019,8 @@ allows to open raw sockets, and allows to open sockets of protocol stacks that have not had jail functionality added to them. .It nfsd Allows to run nfsd and affiliated daemons. +.It routing +Allows to modify the system routing table. .It settime Allows to set and slew the system time. .It sysvipc