[Midnightbsd-cvs] src: src/etc:

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Tue Jan 20 16:32:31 EST 2009 

Log Message:
-----------


Modified Files:
--------------
    src/etc:
        rc.bsdextended (r1.2 -> r1.3)
        rc.initdiskless (r1.2 -> r1.3)

-------------- next part --------------
Index: rc.initdiskless
===================================================================
RCS file: /home/cvs/src/etc/rc.initdiskless,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/rc.initdiskless -L etc/rc.initdiskless -u -r1.2 -r1.3
--- etc/rc.initdiskless
+++ etc/rc.initdiskless
@@ -24,9 +24,9 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $FreeBSD: src/etc/rc.initdiskless,v 1.42.2.4 2006/01/24 05:49:58 brooks Exp $
 # $MidnightBSD$
-#
+# $FreeBSD: src/etc/rc.initdiskless,v 1.52 2006/12/03 23:50:29 luigi Exp $
+
 # On entry to this script the entire system consists of a read-only root
 # mounted via NFS. The kernel has run BOOTP and configured an interface
 # (otherwise it would not have been able to mount the NFS root!)
@@ -71,12 +71,16 @@
 #		then /dev/ad0s3 will be be mounted on /conf/1.2.3.4/foo/
 #
 # /conf/T/M/diskless_remount
-#		The contents of the file points to an NFS filesystem. E.g. if
-#		/conf/base/etc/diskless_remount contains "foo.com:/etc",
-#		then foo.com:/etc will be be mounted on /conf/base/etc/
-#		If the file contains a pathname starting with "/", then
-#		the root path is prepended to it; this allows relocation of
-#		the root filesystem without changing configuration files.
+#		The contents of the file points to an NFS filesystem,
+#		possibly followed by mount_nfs options. If the server name
+#		is omitted, the script will prepend the root path used when
+#		booting. E.g. if you booted from foo.com:/path/to/root,
+#		an entry for /conf/base/etc/diskless_remount could be any of
+#			foo.com:/path/to/root/etc
+#			/etc -o ro
+#		Because mount_nfs understands ".." in paths, it is
+#		possible to mount from locations above the NFS root with
+#		paths such as "/../../etc".
 #
 # /conf/T/M/md_size
 #		The contents of the file specifies the size of the memory
@@ -98,21 +102,27 @@
 #		The list of paths contained in the file are rm -rf'd
 #		relative to /SUBDIR.
 #
+# /conf/diskless_remount
+#		Similar to /conf/T/M/diskless_remount above, but allows
+#		all of /conf to be remounted.  This can be used to allow
+#		multiple roots to share the same /conf.
+#		
+#
 # You will almost universally want to create the following files under /conf
 #
-# File				Content
-# ----------------------------	------------------------------------------
-# /conf/base/etc/md_size	size of /etc filesystem
-# /conf/base/diskless_remount	"/etc"
-# /conf/default/etc/rc.conf	generic diskless config parameters
-# /conf/default/etc/fstab	generic diskless fstab e.g. like this
-#
-#	foo:/root_part		/	nfs	ro		0 0
-#	foo:/usr_part		/usr	nfs     ro		0 0
-#	foo:/home_part		/home   nfs     rw      	0 0
-#	md			/tmp	mfs     -s=30m,rw	0 0
-#	md			/var	mfs	-s=30m,rw	0 0
-#	proc			/proc	procfs	rw		0 0
+# File					Content
+# ----------------------------		----------------------------------
+# /conf/base/etc/md_size		size of /etc filesystem
+# /conf/base/etc/diskless_remount	"/etc"
+# /conf/default/etc/rc.conf		generic diskless config parameters
+# /conf/default/etc/fstab		generic diskless fstab e.g. like this
+#
+#	foo:/root_part			/	nfs	ro		0 0
+#	foo:/usr_part			/usr	nfs     ro		0 0
+#	foo:/home_part			/home   nfs     rw      	0 0
+#	md				/tmp	mfs     -s=30m,rw	0 0
+#	md				/var	mfs	-s=30m,rw	0 0
+#	proc				/proc	procfs	rw		0 0
 #
 # plus, possibly, overrides for password files etc.
 #
@@ -124,6 +134,14 @@
 
 dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null`
 
+# DEBUGGING
+# log something on stdout if verbose.
+o_verbose=0     # set to 1 or 2 if you want more debugging
+log() {
+    [ ${o_verbose} -gt 0 ] && echo "*** $* ***"
+    [ ${o_verbose} -gt 1 ] && read -p "=== Press enter to continue" foo
+}
+
 # chkerr:
 #
 # Routine to check for error
@@ -143,6 +161,23 @@
     esac
 }
 
+# The list of filesystems to umount after the copy
+to_umount=""
+
+handle_remount() { # $1 = mount point
+    local nfspt mountopts b
+    b=$1
+    log handle_remount $1
+    [ -d $b -a -f $b/diskless_remount ] || return
+    read nfspt mountopts < $b/diskless_remount
+    log "nfspt ${nfspt} mountopts ${mountopts}"
+    # prepend the nfs root if not present
+    [ `expr "$nfspt" : '\(.\)'` = "/" ] && nfspt="${nfsroot}${nfspt}"
+    mount_nfs $mountopts $nfspt $b
+    chkerr $? "mount_nfs $nfspt $b"
+    to_umount="$b ${to_umount}"
+}
+
 # Create a generic memory disk
 #
 mount_md() {
@@ -152,16 +187,16 @@
 # Create the memory filesystem if it has not already been created
 #
 create_md() {
-    if [ "x`eval echo \\$md_created_$1`" = "x" ]; then
+	[ "x`eval echo \\$md_created_$1`" = "x" ] || return # only once
 	if [ "x`eval echo \\$md_size_$1`" = "x" ]; then
 	    md_size=10240
 	else
 	    md_size=`eval echo \\$md_size_$1`
 	fi
+	log create_md $1 with size $md_size
 	mount_md $md_size /$1
 	/bin/chmod 755 /$1
 	eval md_created_$1=created
-    fi
 }
 
 # DEBUGGING
@@ -197,7 +232,7 @@
 	echo "Interface ${bootp_ifc} IP-Address ${bootp_ipa} Broadcast ${bootp_ipbca} ${class}"
 fi
 
-# Figure out our NFS root path
+log Figure out our NFS root path
 #
 set -- `mount -t nfs`
 while [ $# -ge 1 ] ; do
@@ -220,20 +255,8 @@
 	templates="${templates} ${bootp_ipa} ip/${bootp_ipa}"
 fi
 
-# The list of filesystems to umount after the copy
-to_umount=""
-
-# If /conf/diskless_remount exists, remount all of /conf.  This allows
-# multiple roots to share the same conf files.
-if [ -d /conf -a -f /conf/diskless_remount ]; then
-    nfspt=`/bin/cat /conf/diskless_remount`
-    if [ `expr "$nfspt" : '\(.\)'` = "/" ]; then
-	nfspt="${nfsroot}${nfspt}"
-    fi
-    mount_nfs $nfspt /conf
-    chkerr $? "mount_nfs $nfspt /conf"
-    to_umount="/conf"
-fi
+# If /conf/diskless_remount exists, remount all of /conf.
+handle_remount /conf
 
 # Resolve templates in /conf/base, /conf/default, /conf/${bootp_ipbca},
 # and /conf/${bootp_ipa}.  For each subdirectory found within these
@@ -255,18 +278,17 @@
 #   it before attemping to the remount.  This allows the root to be
 #   relocated without needing to change the remount files.
 #
+log "templates are ${templates}"
 for i in ${templates} ; do
     for j in /conf/$i/* ; do
+	[ -d $j ] || continue
+
 	# memory filesystem size specification
-	#
 	subdir=${j##*/}
-	if [ -d $j -a -f $j/md_size ]; then
-	    eval md_size_$subdir=`cat $j/md_size`
-	fi
+	[ -f $j/md_size ] && eval md_size_$subdir=`cat $j/md_size`
 
-	# remount
-	#
-	if [ -d $j -a -f $j/remount ]; then
+	# remount. Beware, the command is in the file itself!
+	if [ -f $j/remount ]; then
 	    nfspt=`/bin/cat $j/remount`
 	    $nfspt $j
 	    chkerr $? "$nfspt $j"
@@ -274,16 +296,7 @@
 	fi
 
 	# NFS remount
-	#
-	if [ -d $j -a -f $j/diskless_remount ]; then
-	    nfspt=`/bin/cat $j/diskless_remount`
-	    if [ `expr "$nfspt" : '\(.\)'` = "/" ]; then
-		nfspt="${nfsroot}${nfspt}"
-	    fi
-	    mount_nfs $nfspt $j
-	    chkerr $? "mount_nfs $nfspt $j"
-	    to_umount="$j ${to_umount}"
-	fi
+	handle_remount $j
     done
 done
 
@@ -301,7 +314,7 @@
 	subdir=${j##*/}
 	if [ -d $j -a ! -f $j.cpio.gz  ]; then
 	    create_md $subdir
-	    cp -Rp $j/* /$subdir
+	    cp -Rp $j/ /$subdir
 	fi
     done
     for j in /conf/$i/*.cpio.gz ; do
Index: rc.bsdextended
===================================================================
RCS file: /home/cvs/src/etc/rc.bsdextended,v
retrieving revision 1.2
retrieving revision 1.3
diff -L etc/rc.bsdextended -L etc/rc.bsdextended -u -r1.2 -r1.3
--- etc/rc.bsdextended
+++ etc/rc.bsdextended
@@ -23,10 +23,9 @@
 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
-# 
-# $MidnightBSD$
-# $FreeBSD: src/etc/rc.bsdextended,v 1.1 2004/09/29 00:12:28 trhodes Exp $
 #
+# $FreeBSD: src/etc/rc.bsdextended,v 1.2 2006/04/22 11:02:44 trhodes Exp $
+# $MidnightBSD$
 
 ####
 # Sample startup policy for the mac_bsdextended(4) security module.
@@ -49,34 +48,25 @@
 
 ####
 # WARNING: recommended reading is the handbook's MAC
-# chapter and the ugidfw(8)
-# manual page.  You can lock yourself out of the system
-# very quickly by setting incorrect values here.
-####
-
-####
-# Set the value of 'x' to system users.  This would be nice but it
-# does not get the \n proper.  Work around is used below.
-#x=`awk -F: '($3 >= 1001) && ($3 != 65534) { print $1 }' /etc/passwd`;
-#l=`awk -F: '($3 >= 1001) && ($3 != 65534) { print $3 }' /etc/passwd`;
+# chapter and the ugidfw(8) manual page.  You can
+# lock yourself out of the system very quickly by setting
+# incorrect values here.  These are only examples.
 ####
 
 ####
 # Build a generic list of rules here, these should be
 # modified before using this script.
-# ugidfw add 1 subject uid USER1 object uid USER2 mode n
-# ugidfw add 2 subject gid USER1 object gid USER2 mode n
 #
 # For apache to read user files, the ruleadd must give
 # it permissions by default.
 ####
-${CMD} add subject uid 80 object not uid 80 mode rxws;
-${CMD} add subject gid 80 object not gid 80 mode rxws;
+#${CMD} add subject uid 80 object not uid 80 mode rxws;
+#${CMD} add subject gid 80 object not gid 80 mode rxws;
 
 ####
 # majordomo compat:
 #${CMD} add subject uid 54 object not uid 54 mode rxws;
-${CMD} add subject gid 26 object gid 54 mode rxws;
+#${CMD} add subject gid 26 object gid 54 mode rxws;
 
 ####
 # This is for root:
@@ -84,14 +74,9 @@
 ${CMD} add subject gid 0 object not gid 0 mode arxws;
 
 ####
-# And for mailnull:
-${CMD} add subject uid 26 object not uid 26 mode rxws;
-${CMD} add subject gid 26 object not gid 26 mode rxws;
-
-####
 # And for majordomo:
-${CMD} add subject uid 54 object not uid 54 mode rxws;
-${CMD} add subject gid 54 object not gid 54 mode rxws;
+#${CMD} add subject uid 54 object not uid 54 mode rxws;
+#${CMD} add subject gid 54 object not gid 54 mode rxws;
 
 ####
 # And for bin:
@@ -100,8 +85,8 @@
 
 ####
 # And for mail/pop:
-${CMD} add subject uid 68 object not uid 68 mode rxws;
-${CMD} add subject gid 6 object not gid 6 mode arxws;
+#${CMD} add subject uid 68 object not uid 68 mode rxws;
+#${CMD} add subject gid 6 object not gid 6 mode arxws;
 
 ####
 # And for smmsp:
@@ -115,13 +100,13 @@
 
 ####
 # For cyrus:
-${CMD} add subject uid 60 object not uid 60 mode rxws;
-${CMD} add subject gid 60 object not gid 60 mode rxws;
+#${CMD} add subject uid 60 object not uid 60 mode rxws;
+#${CMD} add subject gid 60 object not gid 60 mode rxws;
 
 ####
 # For stunnel:
-${CMD} add subject uid 1018 object not uid 1018 mode rxws;
-${CMD} add subject gid 1018 object not gid 1018 mode rxws;
+#${CMD} add subject uid 1018 object not uid 1018 mode rxws;
+#${CMD} add subject gid 1018 object not gid 1018 mode rxws;
 
 ####
 # For the nobody account:
@@ -137,12 +122,6 @@
 done;
 
 ####
-# Work around majordomo problem where gid is `4'.
-for x in `awk -F: '($3 >= 1001) && ($3 != 65534) { print $1 }' /etc/passwd`;
-    do ${CMD} add subject uid $x object gid 4 mode arwxs;
-done;
-
-####
 # Use some script to get a list of users and
 # add all users to mode n for all other users.  This
 # will isolate all users from other user home directories while

More information about the Midnightbsd-cvs mailing list