rc.subr: Try to make svjc option handling a bit easier to read
Specifically, make this code fit in fewer columns: - deindent cases to conform to the usual style, - use a local variable to minimize duplication in each case. No functional change intended. Reviewed by: 0mp, netchild MFC after: 2 weeks Sponsored by: Klara, Inc. Sponsored by: Modirum MDPay Differential Revision: https://reviews.freebsd.org/D53754
This commit is contained in:
+47
-41
@@ -1256,49 +1256,55 @@ run_rc_command()
|
||||
if [ -n "$_svcj_options" ]; then # translate service jail options
|
||||
_svcj_sysvipc_x=0
|
||||
for _svcj_option in $_svcj_options; do
|
||||
_opts=
|
||||
case "$_svcj_option" in
|
||||
mlock)
|
||||
_svcj_cmd_options="allow.mlock ${_svcj_cmd_options}"
|
||||
;;
|
||||
netv4)
|
||||
_svcj_cmd_options="${_svcj_ip4} allow.reserved_ports ${_svcj_cmd_options}"
|
||||
;;
|
||||
netv6)
|
||||
_svcj_cmd_options="${_svcj_ip6} allow.reserved_ports ${_svcj_cmd_options}"
|
||||
;;
|
||||
net_basic)
|
||||
_svcj_cmd_options="${_svcj_ip4} ${_svcj_ip6} allow.reserved_ports ${_svcj_cmd_options}"
|
||||
;;
|
||||
net_raw)
|
||||
_svcj_cmd_options="allow.raw_sockets ${_svcj_cmd_options}"
|
||||
;;
|
||||
net_all)
|
||||
_svcj_cmd_options="allow.socket_af allow.raw_sockets allow.reserved_ports ${_svcj_ip4} ${_svcj_ip6} ${_svcj_cmd_options}"
|
||||
;;
|
||||
nfsd)
|
||||
_svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}"
|
||||
;;
|
||||
routing)
|
||||
_svcj_cmd_options="allow.routing ${_svcj_cmd_options}"
|
||||
;;
|
||||
settime)
|
||||
_svcj_cmd_options="allow.settime ${_svcj_cmd_options}"
|
||||
;;
|
||||
sysvipc)
|
||||
_svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1))
|
||||
_svcj_cmd_options="sysvmsg=inherit sysvsem=inherit sysvshm=inherit ${_svcj_cmd_options}"
|
||||
;;
|
||||
sysvipcnew)
|
||||
_svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1))
|
||||
_svcj_cmd_options="sysvmsg=new sysvsem=new sysvshm=new ${_svcj_cmd_options}"
|
||||
;;
|
||||
vmm)
|
||||
_svcj_cmd_options="allow.vmm ${_svcj_cmd_options}"
|
||||
;;
|
||||
*)
|
||||
echo ${name}: unknown service jail option: $_svcj_option
|
||||
;;
|
||||
mlock)
|
||||
_opts="allow.mlock"
|
||||
;;
|
||||
netv4)
|
||||
_opts="${_svcj_ip4} allow.reserved_ports"
|
||||
;;
|
||||
netv6)
|
||||
_opts="${_svcj_ip6} allow.reserved_ports"
|
||||
;;
|
||||
net_basic)
|
||||
_opts="${_svcj_ip4} ${_svcj_ip6}"
|
||||
_opts="${_opts} allow.reserved_ports"
|
||||
;;
|
||||
net_raw)
|
||||
_opts="allow.raw_sockets"
|
||||
;;
|
||||
net_all)
|
||||
_opts="allow.socket_af"
|
||||
_opts="${_opts} allow.raw_sockets"
|
||||
_opts="${_opts} allow.reserved_ports"
|
||||
_opts="${_opts} ${_svcj_ip4} ${_svcj_ip6}"
|
||||
;;
|
||||
nfsd)
|
||||
_opts="allow.nfsd enforce_statfs=1"
|
||||
;;
|
||||
routing)
|
||||
_opts="allow.routing"
|
||||
;;
|
||||
settime)
|
||||
_opts="allow.settime"
|
||||
;;
|
||||
sysvipc)
|
||||
_svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1))
|
||||
_opts="sysvmsg=inherit sysvsem=inherit sysvshm=inherit"
|
||||
;;
|
||||
sysvipcnew)
|
||||
_svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1))
|
||||
_opts="sysvmsg=new sysvsem=new sysvshm=new"
|
||||
;;
|
||||
vmm)
|
||||
_opts="allow.vmm"
|
||||
;;
|
||||
*)
|
||||
echo ${name}: unknown service jail option: $_svcj_option
|
||||
;;
|
||||
esac
|
||||
_svcj_cmd_options="${_opts} ${_svcj_cmd_options}"
|
||||
done
|
||||
if [ ${_svcj_sysvipc_x} -gt 1 ]; then
|
||||
echo -n "ERROR: more than one sysvipc option is "
|
||||
|
||||
Reference in New Issue
Block a user