rcctl issues when running in non-default rdomain

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

rcctl issues when running in non-default rdomain

Matthieu Herrb-3
Hi,

on my redundant firealls I have an " admin" interface in rdomain 1
with a sshd listening, used to be able to access the slave machine and
let it access the internet to be able to run syspatch or pkg_add.

This works well, but but if I use rcctl in this non default rdomain to
control services normally running in the default rdomain, things don't
behave too well. In particular, 'rcctl start' or 'restart' starts the
service with rtable 1.

Alternatives would be to run the admin interface in the default rdomain
and all other interfaces in a separate one, but it feels more painful
to setup.

It seems to me that the patch below helps, but may be it has other
unforseen and unwanted effects ?

Thoughts ?

Index: rc.subr
===================================================================
RCS file: /cvs/OpenBSD/src/etc/rc.d/rc.subr,v
retrieving revision 1.131
diff -u -r1.131 rc.subr
--- rc.subr 21 Mar 2019 15:10:27 -0000 1.131
+++ rc.subr 5 Sep 2019 20:56:38 -0000
@@ -320,5 +320,4 @@
 # make sure pexp matches the process (i.e. doesn't include the quotes)
 pexp="$(eval echo ${daemon}${daemon_flags:+ ${daemon_flags}})"
 rcexec="su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c"
-[ "${daemon_rtable}" -eq "$(id -R)" ] ||
- rcexec="route -T ${daemon_rtable} exec ${rcexec}"
+rcexec="route -T ${daemon_rtable} exec ${rcexec}"


--
Matthieu Herrb

Reply | Threaded
Open this post in threaded view
|

Re: rcctl issues when running in non-default rdomain

Matthieu Herrb-3
On Thu, Sep 05, 2019 at 11:00:06PM +0200, Matthieu Herrb wrote:

> Hi,
>
> on my redundant firealls I have an " admin" interface in rdomain 1
> with a sshd listening, used to be able to access the slave machine and
> let it access the internet to be able to run syspatch or pkg_add.
>
> This works well, but but if I use rcctl in this non default rdomain to
> control services normally running in the default rdomain, things don't
> behave too well. In particular, 'rcctl start' or 'restart' starts the
> service with rtable 1.
>
> Alternatives would be to run the admin interface in the default rdomain
> and all other interfaces in a separate one, but it feels more painful
> to setup.
>
> It seems to me that the patch below helps, but may be it has other
> unforseen and unwanted effects ?
>
> Thoughts ?

I've been told privately that this was already handled. Indeed this
was a pair of firewalls still runnuing 6.4.

So issue closed. Thanks.

>
> Index: rc.subr
> ===================================================================
> RCS file: /cvs/OpenBSD/src/etc/rc.d/rc.subr,v
> retrieving revision 1.131
> diff -u -r1.131 rc.subr
> --- rc.subr 21 Mar 2019 15:10:27 -0000 1.131
> +++ rc.subr 5 Sep 2019 20:56:38 -0000
> @@ -320,5 +320,4 @@
>  # make sure pexp matches the process (i.e. doesn't include the quotes)
>  pexp="$(eval echo ${daemon}${daemon_flags:+ ${daemon_flags}})"
>  rcexec="su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c"
> -[ "${daemon_rtable}" -eq "$(id -R)" ] ||
> - rcexec="route -T ${daemon_rtable} exec ${rcexec}"
> +rcexec="route -T ${daemon_rtable} exec ${rcexec}"
>
>
> --
> Matthieu Herrb

--
Matthieu Herrb