aboutsummaryrefslogtreecommitdiffstats
path: root/dns/bind912/files/named.in
diff options
context:
space:
mode:
Diffstat (limited to 'dns/bind912/files/named.in')
-rw-r--r--dns/bind912/files/named.in44
1 files changed, 30 insertions, 14 deletions
diff --git a/dns/bind912/files/named.in b/dns/bind912/files/named.in
index a2ab7de1d832..a5a18660ac8c 100644
--- a/dns/bind912/files/named.in
+++ b/dns/bind912/files/named.in
@@ -146,16 +146,13 @@ chroot_autoupdate()
# The OpenSSL engines should be present in the chroot, named loads them
# after chrooting.
if [ -d ${_openssl_engines} ]; then
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
- [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
- [ `${SYSCTL_N} security.jail.mount_nullfs_allowed` -eq 1 ] ; then
- mkdir -p ${named_chrootdir}${_openssl_engines}
+ mkdir -p ${named_chrootdir}${_openssl_engines}
+ if can_mount nullfs ; then
mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
else
warn "named chroot: cannot nullfs mount OpenSSL" \
"engines into the chroot, will copy the shared" \
"libraries instead."
- mkdir -p ${named_chrootdir}${_openssl_engines}
cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
fi
fi
@@ -241,22 +238,41 @@ named_stop()
named_poststop()
{
- if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
+ if [ -n "${named_chrootdir}" ]; then
# if using OpenSSL from ports, unmount OpenSSL engines, if they
# were not mounted but only copied, do nothing.
- if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
- umount ${named_chrootdir}${_openssl_engines}
+ if [ -d ${_openssl_engines} ]; then
+ if can_mount nullfs; then
+ umount ${named_chrootdir}${_openssl_engines}
+ fi
fi
- # unmount /dev
- if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
- umount ${named_chrootdir}/dev 2>/dev/null || true
- else
- warn "named chroot:" \
- "cannot unmount devfs from inside jail!"
+ if [ -c ${named_chrootdir}/dev/null ]; then
+ # unmount /dev
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null || true
+ else
+ warn "named chroot:" \
+ "cannot unmount devfs from inside jail!"
+ fi
fi
fi
}
+can_mount()
+{
+ local kld
+ kld=$1
+ if ! load_kld $kld; then
+ return 1
+ fi
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] ||
+ [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] ||
+ [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then
+ return 0
+ fi
+ return 1
+}
+
create_file()
{
if [ -e "$1" ]; then