diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr index b0b255e8b6f..5199a915297 100644 --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -55,6 +55,7 @@ JAIL_CMD=/usr/sbin/jail _svcj_generic_params="path=/ mount.nodevfs host=inherit" JID=0 CPUSET="/bin/cpuset" +SETAUDIT="/usr/sbin/setaudit" # Cache the services that we loaded with load_rc_config. _loaded_services="" @@ -933,6 +934,9 @@ startmsg() # Meant to be used in /etc/rc.conf to override # ${command}. # +# ${name}_audit_user n Override the audit user for ${command}, +# specified as a user name or UID. +# # ${name}_chroot n Directory to chroot to before running ${command} # Requires /usr to be mounted. # @@ -1151,6 +1155,15 @@ run_rc_command() _cpusetcmd="$CPUSET -l $_cpuset" fi + eval _audit_user=\$${name}_audit_user + if [ -z "$_audit_user" -a -n "$audit_user" ]; then + _audit_user=$audit_user + fi + _setauditcmd= + if [ -n "$_audit_user" ]; then + _setauditcmd="setaudit -U -a $_audit_user" + fi + # If a specific jail has a specific svcj request, honor it (YES/NO). # If not (variable empty), evaluate the global svcj catch-all. # A global YES can be overriden by a specific NO, and a global NO is overriden @@ -1515,6 +1528,7 @@ run_rc_command() _doit="\ ${_nice:+nice -n $_nice }\ $_cpusetcmd \ +$_setauditcmd \ ${_fib:+setfib -F $_fib }\ ${_env:+env $_env }\ chroot ${_user:+-u $_user }${_group:+-g $_group }${_groups:+-G $_groups }\ @@ -1524,7 +1538,9 @@ $_chroot $command $rc_flags $command_args" _doit="\ ${_fib:+setfib -F $_fib }\ ${_env:+env $_env }\ -$_cpusetcmd $command $rc_flags $command_args" +$_cpusetcmd \ +$_setauditcmd \ +$command $rc_flags $command_args" if [ -n "$_user" ]; then _doit="su -m $_user -c 'sh -c \"$_doit\"'" fi diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index 6274c1ee5b9..fa8d8aab8c4 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd October 5, 2025 +.Dd November 14, 2025 .Dt RC.CONF 5 .Os .Sh NAME @@ -190,6 +190,17 @@ Setting this option will bypass that check at boot time and always test whether or not the service is actually running. Enabling this option is likely to increase your boot time if services are enabled that utilize the force_depend check. +.It Ao Ar name Ac Ns Va _audit_user +.Pq Vt str +A user name or UID to use as the +.Xr audit 4 +user for the service. +Run the chrooted service under this system group. +By default, when an unprvileged user restarts a service using a utility +such as sudo or doas, the service's will audit session will point to the +unprivileged user, which may be undesirable. +In that case, this variable can be used to override the audit user using +.Xr setaudit 8 . .It Ao Ar name Ac Ns Va _chroot .Pq Vt str .Xr chroot 8 @@ -209,7 +220,6 @@ The value to run the service under. .It Ao Ar name Ac Ns Va _group .Pq Vt str -Run the chrooted service under this system group. Unlike the .Ao Ar name Ac Ns Va _user setting, this setting has no effect if the service is not chrooted.