From owner-svn-src-all@freebsd.org Sun Sep 27 04:03:11 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DAD6FA0AA2B; Sun, 27 Sep 2015 04:03:11 +0000 (UTC) (envelope-from adrian@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CBFCBE16; Sun, 27 Sep 2015 04:03:11 +0000 (UTC) (envelope-from adrian@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t8R43Bb5062242; Sun, 27 Sep 2015 04:03:11 GMT (envelope-from adrian@FreeBSD.org) Received: (from adrian@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t8R43B5Z062241; Sun, 27 Sep 2015 04:03:11 GMT (envelope-from adrian@FreeBSD.org) Message-Id: <201509270403.t8R43B5Z062241@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: adrian set sender to adrian@FreeBSD.org using -f From: Adrian Chadd Date: Sun, 27 Sep 2015 04:03:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r288291 - head/etc X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Sep 2015 04:03:12 -0000 Author: adrian Date: Sun Sep 27 04:03:11 2015 New Revision: 288291 URL: https://svnweb.freebsd.org/changeset/base/288291 Log: Enforce consistent limits of daemons run from rc.subr: * Allow the user to configure the login class to use in rc.conf by using {daemon}_login_class, which; * Use the daemon class by default; * .. and then use 'limits' to set the login class so it works both via init at startup (which runs this in 'daemon' class) and via whichever root environment (eg command line, other daemons, etc.) Reviewed by: dteske Differential Revision: https://reviews.freebsd.org/D3630 Modified: head/etc/rc.subr Modified: head/etc/rc.subr ============================================================================== --- head/etc/rc.subr Sun Sep 27 03:46:55 2015 (r288290) +++ head/etc/rc.subr Sun Sep 27 04:03:11 2015 (r288291) @@ -768,6 +768,8 @@ check_startmsgs() # # ${name}_prepend n Command added before ${command}. # +# ${name}_login_class n Login class to use, else "daemon". +# # ${rc_arg}_cmd n If set, use this as the method when invoked; # Otherwise, use default command (see below) # @@ -942,7 +944,7 @@ run_rc_command() _nice=\$${name}_nice _user=\$${name}_user \ _group=\$${name}_group _groups=\$${name}_groups \ _fib=\$${name}_fib _env=\$${name}_env \ - _prepend=\$${name}_prepend + _prepend=\$${name}_prepend _login_class=\${${name}_login_class:-daemon} if [ -n "$_user" ]; then # unset $_user if running as that user if [ "$_user" = "$(eval $IDCMD)" ]; then @@ -1050,6 +1052,9 @@ $command $rc_flags $command_args" fi fi + # Prepend default limits + _doit="limits -C $_login_class $_doit" + # run the full command # if ! _run_rc_doit "$_doit"; then