From owner-svn-src-all@freebsd.org  Mon Dec 10 14:19:58 2018
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D89321327788;
 Mon, 10 Dec 2018 14:19:58 +0000 (UTC)
 (envelope-from eugen@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7D9357AC1A;
 Mon, 10 Dec 2018 14:19:58 +0000 (UTC)
 (envelope-from eugen@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5E8C620F62;
 Mon, 10 Dec 2018 14:19:58 +0000 (UTC)
 (envelope-from eugen@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wBAEJwIn048189;
 Mon, 10 Dec 2018 14:19:58 GMT (envelope-from eugen@FreeBSD.org)
Received: (from eugen@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id wBAEJwdU048188;
 Mon, 10 Dec 2018 14:19:58 GMT (envelope-from eugen@FreeBSD.org)
Message-Id: <201812101419.wBAEJwdU048188@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: eugen set sender to
 eugen@FreeBSD.org using -f
From: Eugene Grosbein <eugen@FreeBSD.org>
Date: Mon, 10 Dec 2018 14:19:58 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject: svn commit: r341793 - stable/12/usr.sbin/periodic/etc/weekly
X-SVN-Group: stable-12
X-SVN-Commit-Author: eugen
X-SVN-Commit-Paths: stable/12/usr.sbin/periodic/etc/weekly
X-SVN-Commit-Revision: 341793
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 7D9357AC1A
X-Spamd-Result: default: False [-2.96 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-0.997,0];
 NEURAL_HAM_SHORT(-0.97)[-0.967,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
 NEURAL_HAM_LONG(-1.00)[-0.997,0]
X-Rspamd-Server: mx1.freebsd.org
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Dec 2018 14:19:59 -0000

Author: eugen
Date: Mon Dec 10 14:19:57 2018
New Revision: 341793
URL: https://svnweb.freebsd.org/changeset/base/341793

Log:
  MFC r340322-r340324,r340327: periodic/etc/weekly/340.noid
  
  Prevent periodic/etc/weekly/340.noid from descending into root directories
  of jails. Jails have their own user/group databases and this script
  can produce multiple false warnings, not to mention significant extra
  load in case of large jailed subtrees. Leave this check for jailed
  invocations of the same script.

Modified:
  stable/12/usr.sbin/periodic/etc/weekly/340.noid
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/usr.sbin/periodic/etc/weekly/340.noid
==============================================================================
--- stable/12/usr.sbin/periodic/etc/weekly/340.noid	Mon Dec 10 14:12:04 2018	(r341792)
+++ stable/12/usr.sbin/periodic/etc/weekly/340.noid	Mon Dec 10 14:19:57 2018	(r341793)
@@ -16,8 +16,26 @@ case "$weekly_noid_enable" in
 	echo ""
 	echo "Check for files with an unknown user or group:"
 
+	# Host should not test jailed subtrees as jails have their own
+	# databases of users and groups. Leave them for jailed invocations
+	# of this script.
+
+	exclude=''
+	if [ $(sysctl -n security.jail.jailed) = 0 ]; then
+	    sep=:
+	    OIFS="$IFS"
+	    IFS="$sep"
+	    for param in $(jail -f "`sysrc -n jail_conf`" -e "$sep" 2>/dev/null)
+	    do
+		case "$param" in
+		    path=*) exclude="$exclude -path ${param#path=} -prune -or"
+		esac
+	    done
+	    IFS="$OIFS"
+	fi
+
 	rc=$(find -H ${weekly_noid_dirs:-/} \
-	    \( ! -fstype local -prune -or -name \* \) -and \
+	    \( $exclude ! -fstype local -prune -or -name \* \) -and \
 	    \( -nogroup -o -nouser \) -print | sed 's/^/  /' |
 	    tee /dev/stderr | wc -l)
 	[ $rc -gt 1 ] && rc=1