[Midnightbsd-cvs] src [11802] trunk/etc/defaults/rc.conf: update jail configs and add a few new programs

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Wed Jul 11 20:26:58 EDT 2018 

Revision: 11802
          http://svnweb.midnightbsd.org/src/?rev=11802
Author:   laffer1
Date:     2018-07-11 20:26:57 -0400 (Wed, 11 Jul 2018)
Log Message:
-----------
update jail configs and add a few new programs

Modified Paths:
--------------
    trunk/etc/defaults/rc.conf

Modified: trunk/etc/defaults/rc.conf
===================================================================
--- trunk/etc/defaults/rc.conf	2018-07-12 00:22:35 UTC (rev 11801)
+++ trunk/etc/defaults/rc.conf	2018-07-12 00:26:57 UTC (rev 11802)
@@ -22,7 +22,7 @@
 ###  Important initial Boot-time options  ####################
 ##############################################################
 
-rc_debug="NO"		# Set to YES to enable debugging output from rc.d
+#rc_debug="NO"		# Set to YES to enable debugging output from rc.d
 rc_info="NO"		# Enables display of informational messages at boot.
 rc_startmsgs="YES" 	# Show "Starting foo:" messages at boot
 rcshutdown_timeout="90" # Seconds to wait before terminating rc.shutdown
@@ -33,7 +33,6 @@
 always_force_depends="NO"	# Set to check that indicated dependencies are
 				# running during boot (can increase boot time).
 
-swapfile="NO"		# Set to name of swapfile if aux swapfile desired.
 apm_enable="NO"		# Set to YES to enable APM BIOS functions (or NO).
 apmd_enable="NO"	# Run apmd to handle APM event from userland.
 apmd_flags=""		# Flags to apmd (if enabled).
@@ -85,9 +84,6 @@
 #geli_da1_autodetach="NO"
 #geli_mirror_home_flags="-k /etc/geli/home.keys"
 
-geli_swap_flags="-e aes -l 256 -s 4096 -d"	# Options for GELI-encrypted
-						# swap partitions.
-
 root_rw_mount="YES"	# Set to NO to inhibit remounting root read-write.
 fsck_y_enable="NO"	# Set to YES to do fsck -y if the initial preen fails.
 fsck_y_flags=""		# Additional flags for fsck -y
@@ -129,6 +125,7 @@
 firewall_type="DESKTOP"		# Firewall type (see /etc/rc.firewall)
 firewall_quiet="YES"		# Set to YES to suppress rule display
 firewall_logging="NO"		# Set to YES to enable events logging
+firewall_logif="NO"		# Set to YES to create logging-pseudo interface
 firewall_flags=""		# Flags passed to ipfw when type is a file
 firewall_coscripts=""		# List of executables/scripts to run after
 				# firewall starts/stops
@@ -239,11 +236,6 @@
 sppp_interfaces=""		# List of sppp interfaces.
 #sppp_interfaces="...0"		# example: sppp over ...
 #spppconfig_...0="authproto=chap myauthname=foo myauthsecret='top secret' hisauthname=some-gw hisauthsecret='another secret'"
-gif_interfaces=""		# List of GIF tunnels.
-#gif_interfaces="gif0 gif1"	# Examples typically for a router.
-				# Choose correct tunnel addrs.
-#gifconfig_gif0="10.1.1.1 10.1.2.1"	# Examples typically for a router.
-#gifconfig_gif1="10.1.1.2 10.1.2.2"	# Examples typically for a router.
 fec_interfaces=""		# List of Fast EtherChannels.
 #fec_interfaces="fec0 fec1"
 #fecconfig_fec0="fxp0 dc0"	# Examples typically for two NICs
@@ -269,9 +261,13 @@
 syslogd_enable="YES"		# Run syslog daemon (or NO).
 syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a different one.
 syslogd_flags="-s"		# Flags to syslogd (if enabled).
+altlog_proglist=""		# List of chrooted applicatioins in /var
 inetd_enable="NO"		# Run the network daemon dispatcher (YES/NO).
 inetd_program="/usr/sbin/inetd"	# path to inetd, if you want a different one.
 inetd_flags="-wW -C 60"		# Optional flags to inetd
+iscsid_enable="NO"		# iSCSI initiator daemon.
+iscsictl_enable="NO"		# iSCSI initiator autostart.
+iscsictl_flags="-Aa"		# Optional flags to iscsictl.
 hastd_enable="NO"		# Run the HAST daemon (YES/NO).
 hastd_program="/sbin/hastd"	# path to hastd, if you want a different one.
 hastd_flags=""			# Optional flags to hastd.
@@ -322,6 +318,7 @@
 ipropd_slave_master=""		# master node name.
 
 gssd_enable="NO"		# Run the gssd daemon (or NO).
+gssd_program="/usr/sbin/gssd"	# Path to gssd.
 gssd_flags=""			# Flags for gssd.
 
 rwhod_enable="NO"		# Run the rwho daemon (or NO).
@@ -346,13 +343,18 @@
 amd_program="/usr/sbin/amd"	# path to amd, if you want a different one.
 amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map"
 amd_map_program="NO"		# Can be set to "ypcat -k amd.master"
+autofs_enable="NO"		# Run autofs daemons.
+automount_flags=""		# Flags to automount(8) (if autofs enabled).
+automountd_flags=""		# Flags to automountd(8) (if autofs enabled).
+autounmountd_flags=""		# Flags to autounmountd(8) (if autofs enabled).
 nfs_client_enable="NO"		# This host is an NFS client (or NO).
 nfs_access_cache="60"		# Client cache timeout in seconds
 nfs_server_enable="NO"		# This host is an NFS server (or NO).
 oldnfs_server_enable="NO"	# Run the old NFS server (YES/NO).
-nfs_server_flags="-u -t -n 4"	# Flags to nfsd (if enabled).
+nfs_server_flags="-u -t"	# Flags to nfsd (if enabled).
+nfs_server_managegids="NO"	# The NFS server maps gids for AUTH_SYS (or NO).
 mountd_enable="NO"		# Run mountd (or NO).
-mountd_flags="-r"		# Flags to mountd (if NFS server enabled).
+mountd_flags="-r -S"		# Flags to mountd (if NFS server enabled).
 weak_mountd_authentication="NO"	# Allow non-root mount requests to be served.
 nfs_reserved_port_only="NO"	# Provide NFS only on secure port (or NO).
 nfs_bufpackets=""		# bufspace (in packets) for client
@@ -467,9 +469,9 @@
 
 ### Network link/usability verification options
 netwait_enable="NO"		# Enable rc.d/netwait (or NO)
-#netwait_ip=""			# IP addresses to be pinged by netwait.
+#netwait_ip=""			# Wait for ping response from any IP in this list.
 netwait_timeout="60"		# Total number of seconds to perform pings.
-#netwait_if=""			# Interface name to watch link state on.
+#netwait_if=""			# Wait for active link on each intf in this list.
 netwait_if_timeout="30"		# Total number of seconds to monitor link state.
 
 ### Miscellaneous network options: ###
@@ -489,7 +491,7 @@
 				#  route toward loopback interface.
 #ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1"
 ipv6_gateway_enable="NO"	# Set to YES if this host will be a gateway.
-ipv6_cpe_wanif="NO"		# Set to the upstram interface name if this
+ipv6_cpe_wanif="NO"		# Set to the upstream interface name if this
 				# node will work as a router to forward IPv6
 				# packets not explicitly addressed to itself.
 ipv6_privacy="NO"		# Use privacy address on RA-receiving IFs
@@ -553,15 +555,15 @@
 ##############################################################
 
 keyboard=""		# keyboard device to use (default /dev/kbd0).
-keymap="NO"		# keymap in /usr/share/syscons/keymaps/* (or NO).
+keymap="NO"		# keymap in /usr/share/{syscons,vt}/keymaps/* (or NO).
 keyrate="NO"		# keyboard rate to: slow, normal, fast (or NO).
 keybell="NO" 		# See kbdcontrol(1) for options.  Use "off" to disable.
 keychange="NO"		# function keys default values (or NO).
 cursor="NO"		# cursor type {normal|blink|destructive} (or NO).
 scrnmap="NO"		# screen map in /usr/share/syscons/scrnmaps/* (or NO).
-font8x16="NO"		# font 8x16 from /usr/share/syscons/fonts/* (or NO).
-font8x14="NO"		# font 8x14 from /usr/share/syscons/fonts/* (or NO).
-font8x8="NO"		# font 8x8 from /usr/share/syscons/fonts/* (or NO).
+font8x16="NO"		# font 8x16 from /usr/share/{syscons,vt}/fonts/* (or NO).
+font8x14="NO"		# font 8x14 from /usr/share/{syscons,vt}/fonts/* (or NO).
+font8x8="NO"		# font 8x8 from /usr/share/{syscons,vt}/fonts/* (or NO).
 blanktime="300"		# blank time (in seconds) or "NO" to turn it off.
 saver="NO"		# screen saver: Uses /boot/kernel/${saver}_saver.ko
 moused_nondefault_enable="YES" # Treat non-default mice as enabled unless
@@ -622,7 +624,9 @@
 chkprintcap_flags="-d"	# Create missing directories by default.
 dumpdev="NO"		# Device to crashdump to (device name, AUTO, or NO).
 dumpdir="/var/crash"	# Directory where crash dumps are to be stored
-savecore_flags=""	# Used if dumpdev is enabled above, and present.
+savecore_flags="-m 10"	# Used if dumpdev is enabled above, and present.
+			# By default, only the 10 most recent kernel dumps
+			# are saved.
 crashinfo_enable="YES"	# Automatically generate crash dump summary.
 crashinfo_program="/usr/sbin/crashinfo"	# Script to generate crash dump summary.
 quota_enable="NO"	# turn on quotas on startup (or NO).
@@ -633,6 +637,9 @@
 accounting_enable="NO"	# Turn on process accounting (or NO).
 ibcs2_enable="NO"	# Ibcs2 (SCO) emulation loaded at startup (or NO).
 ibcs2_loaders="coff"	# List of additional Ibcs2 loaders (or NO).
+firstboot_sentinel="/firstboot"	# Scripts with "firstboot" keyword are run if
+			# this file exists.  Should be on a R/W filesystem so
+			# the file can be deleted after the boot completes.
 
 # Emulation/compatibility services provided by /etc/rc.d/abi
 sysvipc_enable="NO"	# Load System V IPC primitives at startup (or NO).
@@ -666,6 +673,7 @@
 harvest_interrupt="YES"	# Entropy device harvests interrupt randomness
 harvest_ethernet="YES"	# Entropy device harvests ethernet randomness
 harvest_p_to_p="YES"	# Entropy device harvests point-to-point randomness
+harvest_swi="YES"	# Entropy device harvests internal SWI randomness
 dmesg_enable="YES"	# Save dmesg(8) to /var/run/dmesg.boot
 watchdogd_enable="NO"	# Start the software watchdog daemon
 watchdogd_flags=""	# Flags to watchdogd (if enabled)
@@ -674,7 +682,7 @@
 devfs_system_ruleset=""	# The name (NOT number) of a ruleset to apply to /dev
 devfs_set_rulesets=""	# A list of /mount/dev=ruleset_name settings to
 			# apply (must be mounted already, i.e. fstab(5))
-devfs_load_rulesets="NO"	# Enable to always load the default rulesets
+devfs_load_rulesets="YES"	# Enable to always load the default rulesets
 performance_cx_lowest="HIGH"	# Online CPU idle state
 performance_cpu_freq="NONE"	# Online CPU frequency
 economy_cx_lowest="HIGH"	# Offline CPU idle state
@@ -688,47 +696,18 @@
 mixer_enable="YES"	# Run the sound mixer.
 opensm_enable="NO"	# Opensm(8) for infiniband devices defaults to off
 
+# rctl(8) requires kernel options RACCT and RCTL
+rctl_enable="NO"		# Load rctl(8) rules on boot
+rctl_rules="/etc/rctl.conf"	# rctl(8) ruleset. See rctl.conf(5).
+
 ##############################################################
-### Jail Configuration #######################################
+### Jail Configuration (see rc.conf(5) manual page) ##########
 ##############################################################
 jail_enable="NO"	# Set to NO to disable starting of any jails
-jail_exec_stop="/bin/sh /etc/rc.shutdown"
 jail_parallel_start="NO"	# Start jails in the background
 jail_list=""		# Space separated list of names of jails
-jail_set_hostname_allow="YES" # Allow root user in a jail to change its hostname
-jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail
-jail_sysvipc_allow="NO"	# Allow SystemV IPC use from within a jail
+jail_reverse_stop="NO"	# Stop jails in reverse order
 
-#
-# To use rc's built-in jail infrastructure create entries for
-# each jail, specified in jail_list, with the following variables.
-# NOTES:
-# - replace 'example' with the jail's name.
-# - except rootdir, hostname, ip and the _multi<n> addresses,
-#   all of the following variables may be made global jail variables
-#   if you don't specify a jail name (ie. jail_interface, jail_devfs_ruleset).
-#
-#jail_example_rootdir="/usr/jail/default"	# Jail's root directory
-#jail_example_hostname="default.domain.com"	# Jail's hostname
-#jail_example_interface=""			# Jail's interface variable to create IP aliases on
-#jail_example_fib="0"				# Routing table for setfib(1)
-#jail_example_ip="192.0.2.10,2001:db8::17"	# Jail's primary IPv4 and IPv6 address
-#jail_example_ip_multi0="2001:db8::10"		#  and another IPv6 address
-#jail_example_exec_start="/bin/sh /etc/rc"		# command to execute in jail for starting
-#jail_example_exec_afterstart0="/bin/sh command"	# command to execute after the one for
-							# starting the jail. More than one can be
-							# specified using a trailing number
-#jail_example_exec_stop="/bin/sh /etc/rc.shutdown"	# command to execute in jail for stopping
-#jail_example_devfs_enable="NO"			# mount devfs in the jail
-#jail_example_devfs_ruleset="ruleset_name"	# devfs ruleset to apply to jail -
-						# usually you want "devfsrules_jail".
-#jail_example_fdescfs_enable="NO"		# mount fdescfs in the jail
-#jail_example_procfs_enable="NO"		# mount procfs in jail
-#jail_example_mount_enable="NO"			# mount/umount jail's fs
-#jail_example_fstab=""				# fstab(5) for mount/umount
-#jail_example_flags="-l -U root"		# flags for jail(8)
-#jail_example_parameters="allow.raw_sockets=1"	# extra parameters for this jail
-
 ##############################################################
 ### Define source_rc_confs, the mechanism used by /etc/rc.* ##
 ### scripts to source rc_conf_files overrides safely.	    ##
@@ -736,7 +715,7 @@
 
 if [ -z "${source_rc_confs_defined}" ]; then
 	source_rc_confs_defined=yes
-	source_rc_confs () {
+	source_rc_confs() {
 		local i sourced_files
 		for i in ${rc_conf_files}; do
 			case ${sourced_files} in
@@ -750,5 +729,18 @@
 				;;
 			esac
 		done
+		# Re-do process to pick up [possibly] redefined $rc_conf_files
+		for i in ${rc_conf_files}; do
+			case ${sourced_files} in
+			*:$i:*)
+				;;
+			*)
+				sourced_files="${sourced_files}:$i:"
+				if [ -r $i ]; then
+					. $i
+				fi
+				;;
+			esac
+		done
 	}
 fi

More information about the Midnightbsd-cvs mailing list