Of course, I have set the fewer modification on rc.subr because cases mentionned by Todd are more rare. I think those cases must be handled by rc.local. (but i agree with todd concept, but his modification is too big for majority of systems).
Loïc Blot, Ingénieur systèmes UNIX, Sécurité et Réseaux http://www.unix-experience.fr Theo de Raadt <dera...@cvs.openbsd.org> a écrit : >> Penned by Mike Belopuhov on 20140711 6:49.19, we have: >> | On 11 July 2014 10:29, Antoine Jacoutot <ajacou...@bsdfrog.org> wrote: >> | > On Thu, Jul 10, 2014 at 06:51:01PM +0200, Lo��c BLOT wrote: >> | >> Hello all, >> | >> I use rdomains to split routing domains per company and also separate >> | >> administration interfaces from routing interfaces on my routers (sshd, >> | >> bacula, postfix and puppetd running on a dedicated rdomain) >> | >> >> | >> Actually there is a problem with rdomains, we need to modify /etc/rc.d >> | >> scripts to add rdomain execution environment to the specified service. >> | >> If rc.subr have support to rdomains, we can let the rc.d scripts clean. >> | >> >> | >> To resolve those rdomain issues, I created a patch and I added a new >> | >> variable we could use on rc.conf(.local), ${_name}_rdomain. (This >> | >> variable needs a signed integer and use an existing rdomain, this is >> | >> checked by rc.subr. >> | >> >> | >> I want to contribute to OpenBSD and I give you this patch. If you have >> | >> any suggestions to improve it, tell me. >> | > >> | > I don't use rdomain so someone knowledgeable should comment here. >> | > But it does look like a nice idea. >> | > >> | >> | having something like this would be really cool. in case you'll be >> | tweaking the code, make sure that the "route -T exec printf" check >> | is preserved. i would use "true" in this test however. >> | >> | as far as i can tell the daemon_rdomain bit that goes into the rc >> | script is fine, however i'm not quite sure how can i start two >> | daemons in different rdomains via rc.conf.local. looks like this >> | diff doesn't handle this and allows only one instance in the >> | ${_name}_rdomain rdomain. but sometimes you want multiple, say >> | sshd in rdomain 0 and 1. daemon_rdomain flag allows me to go and >> | create another rc.d/sshd-rdomain-1 script and stuff daemon_rdomain=1 >> | in there. but then i'd have to add it to the pkg_scripts... this >> | is a minor issue that i see. perhaps ${_name}_rdomain should list >> | multiple values, like sshd_rdomain=0,1,2,3. >> >> multiple rdomain instances might even have different daemon_flags. >> >> I think in addition to sshd_rdomain=0,1,2,3 the patch might handle >> ssh_rdomain_0_flags="-C /etc/ssh/sshd_0_config". I'm guessing it >> makes sense to add to sshd_flags= rather than over-write it, but >> that's splitting hairs. >> >> I've been wondering about how to implement what you've done, and >> have ended up with 'route -T 3 exec /etc/rc.d/... -f' in /etc/rc.local. >> >> I like this direction. > >For crazy stuff, use /etc/rc.local
