From nobody Mon Apr 21 00:40:14 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Zgmjq1Wcjz5sc3y; Mon, 21 Apr 2025 00:40:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Zgmjp5Lr2z3TVH; Mon, 21 Apr 2025 00:40:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1745196014; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bvd25kpmNPpDQNB+B1ICmjBb5J2DjlSAnIlAuW3e5QI=; b=OAqUQ+mjUGyRL+Ml2f5hctFfmslAsD5sslZom30k8ILjBwxMlXqrVFzrEzq1tKQKMu+Ohh y2YpF2nPLGoPB3ko3wz3fh2z1nleyxyrU+ldQl58r0kLjSs/6w+tkxGqxdubzXWUoDx7Ml lH282iGvk58ps0zM2LFwMNTjfW/HpJEViRXeYb5vZbVoqkcQLotSLuzCIm5FrDKI9pIKWB p9bEmp3AcbZdXhiPWbdTrRMOtGPxEeAxICUV3vdUXNRF3tGCp+0DaMqIGR3IsVy9xsPaU9 q1xY9T9QogZ3vHkobcILEFFMQ9euWy15XiBm9G1st++0ZfbZvvOZ+Z3A2Owcnw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1745196014; a=rsa-sha256; cv=none; b=Tmq0YNgJdimxE1qa+Li3jwC42LYA72p29c5SQpTFpL3Tjeo1FRJB8wsg5StC9iVMJOk3RV n6X2TKerLuVcqP1D8rj0dqFz+mbmkm/hFcxtj7Dyouel9vyE1vhWmnSkM8rcQe33B2gDAE Zro0aLiSZ0HZDceq32P+TfIKlEnFpTiZo4o4N8RZo2pD9iQHOWiXvIXxj5O1CJepqPRbqj BTjz3tV1HV2F/og8nDdzEnNxjotFCLg0Y2kkF4uAjuVDfYgcvrL4rzYuQiRdVYPajH94B3 AmKWhhkcrFMqJuNMc90nsETRriaV38VNnEYUaP1YCW6cXX1/BvdEpVbxWfHFtw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1745196014; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bvd25kpmNPpDQNB+B1ICmjBb5J2DjlSAnIlAuW3e5QI=; b=V47VnMIHtEnCJNLFnaXZvQAXch8glFZq6+l3KviNPDfT7qOkmiObc+YtAzXWBZoMi/8HMh EZdTyzjutiMQe6rJItrhNewb+wXg/s49cjR82ARUbZB66AZZVQpzXvUFd45sG1u7juoQoZ aRFm6Dm6f3YNOqxQ7QsY+7Qpp3hTfZn0S1DErZ2VUNrzcIKZCbQHReV/pIGMyxQHoaSkfR FYsYfFjoAFMQcz8bOBwmr8EC/PcVntiXZopgBvJSfp5m4s4c0tbRMFarDwuZbRNDP25SCF 2CnSU0dRzjJvt3F6t3jXkc588gzv35LycgMstLoSrja3LnoZzDkp/Iijqn6wNA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Zgmjp4bNFzBVV; Mon, 21 Apr 2025 00:40:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 53L0eE6q011245; Mon, 21 Apr 2025 00:40:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 53L0eEDu011236; Mon, 21 Apr 2025 00:40:14 GMT (envelope-from git) Date: Mon, 21 Apr 2025 00:40:14 GMT Message-Id: <202504210040.53L0eEDu011236@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Lexi Winter Subject: git: 3a0eb293164e - main - rc.subr: add 'settime' to svcj options List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ivy X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3a0eb293164eb3badd2f45e835acd6f16518df93 Auto-Submitted: auto-generated The branch main has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=3a0eb293164eb3badd2f45e835acd6f16518df93 commit 3a0eb293164eb3badd2f45e835acd6f16518df93 Author: Lexi Winter AuthorDate: 2025-04-20 21:37:19 +0000 Commit: Lexi Winter CommitDate: 2025-04-21 00:38:29 +0000 rc.subr: add 'settime' to svcj options _svcj_options="settime" enables the jail allow.settime privilege, which allows to set and slew the system clock. this allows NTP daemons to run in a service jail. Reviewed by: jamie, kevans, des, #jails, #manpages Approved by: kevans (mentor) Differential Revision: https://reviews.freebsd.org/D49845 --- libexec/rc/rc.subr | 3 +++ share/man/man5/rc.conf.5 | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index 29ed0eb05824..c74cbcef9d62 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -1259,6 +1259,9 @@ run_rc_command() nfsd) _svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}" ;; + settime) + _svcj_cmd_options="allow.settime ${_svcj_cmd_options}" + ;; sysvipc) _svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1)) _svcj_cmd_options="sysvmsg=inherit sysvsem=inherit sysvshm=inherit ${_svcj_cmd_options}" diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index 1086fe01a0e8..e58a1f5001b5 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd April 14, 2025 +.Dd April 20, 2025 .Dt RC.CONF 5 .Os .Sh NAME @@ -5009,6 +5009,8 @@ allows to open raw sockets, and allows to open sockets of protocol stacks that have not had jail functionality added to them. .It nfsd Allows to run nfsd and affiliated daemons. +.It settime +Allows to set and slew the system time. .It sysvipc Inherits the SysV semaphores, SysV shared memory and SysV messages from the host or the parent jail.