Date: Sun, 23 Feb 2014 17:09:45 -0500 From: Allan Jude <freebsd@allanjude.com> To: Warner Losh <bsdimp@gmail.com>, David Chisnall <theraven@FreeBSD.org> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: libinit idea Message-ID: <530A71A9.5040705@allanjude.com> In-Reply-To: <6B911759-48AC-4981-A5E1-2634B5D01F0D@gmail.com> References: <BLU179-W28221A0539478FDDF45ADDC6840@phx.gbl> <62A9DF47-C938-464B-92B6-9A2A96B5A9C9@FreeBSD.org> <530A39BB.6070003@allanjude.com> <0DB376E3-8C7F-4F20-9DEE-4DB98C078571@FreeBSD.org> <6B911759-48AC-4981-A5E1-2634B5D01F0D@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 2014-02-23 17:04, Warner Losh wrote: > > On Feb 23, 2014, at 11:17 AM, David Chisnall <theraven@FreeBSD.org> wrote: > >> On 23 Feb 2014, at 18:11, Allan Jude <freebsd@allanjude.com> wrote: >> >>> sysrc solves this nicely, it is in base now, and is great for >>> programmatically adding, removing and changing lines in rc.conf style >>> files. It is also in ports for older versions of FreeBSD where it is not >>> in base. >> >> The problem is, there is no such thing as an rc.conf style file. rc.conf is just a shell script. If you only edit it with sysrc, or you are careful to preserve the structure, then it's fine. There is absolutely nothing stopping you, however, from writing arbitrarily complex shell scripts inside rc.conf. Sure, it's a terrible idea to do so, but when has that ever stopped anyone? >> >> An rc-replacement could enforce this by only accepting purely declarative files for configuration, guaranteeing that if they were syntactically valid they would also be machine editable, no matter what the user does to them. > > We already have a rc.conf.default. Why not a rc.conf.automation that does that and is added to the list of things to source? Then things like sysrc could operation on that secure in the knowledge that no shell commands could be there, and all bets are off if someone edits it by hand? > > Warner > This is basically what we do, we have puppet add: rc_conf_files="/etc/rc.conf /etc/rc.conf.local /etc/rc.conf.scaleengine" to rc.conf, and then we push our global config to the .scaleengine file -- Allan Jude [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTCnGsAAoJEJrBFpNRJZKfijMP/2otas8rmwBAuz9b63kw0ySm qr1qDVKNM9ji71TXuwHBd4NGfJfPR6Q55EjhJAEsnBGVmh7iZZZlnCX4I/tsDMJN FtSUCVsmmFINqSndpWxaxUXdjs3nNoQndHlL8L0cydO8JgX/BDhz43YAMAKGMlZu +OuaptiJPEzBjXKUwHpxpNGgp3RdtEEpavuwWwogu6+uqi6m+Th4hgaLCRb5/y/j +4xgHrXWS636Wg+Bn4DBKOFZJg+E7ObgvwrFfFeJg1xXReG3l+Jp9ZLTLYTLPKld 5SJcu9Xl9XGhcH83ltlZeMGquz+KtI4av5N1sOA0sLqM894myxatabMpZg/bbOkP V11wfHGA8pQI6E64zVBvtg/YHABge5X9ljeKi6b0c1WoyaYIW5CwXj1JukE8YXpM AWipF7daguVSlKFwr9+0982ckZJQdq6r8Jm9RtGUqOimWysNCuiBbYl9uAc00HgS TlAGyO7swsKy9lprxERg0TxwdBYB2mfHGOGsG3GXDn2HZUiOznvtiLtyGzpQYCR2 g3sZa//o2KWJoHTqPf6k41TuqY88wi5QTrRtOespZ2QVT/KrlZY+2FHbRW5u0hm/ qXArN5szVQ5g+5hegK5hD5WaI4f8iPGcm3Ll5ciX46fTaoGHFbRQa1MNhHSJcRzz Prr4/XmuYXpm7F1wCxEo =ZqrW -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?530A71A9.5040705>