Re: Executing rc.d on rdomain != 0

[YASUOKA Masahiko]

On Tue, 19 Feb 2019 22:33:53 -0700
"Theo de Raadt" <dera...@openbsd.org> wrote:
> I think that's really gross.
> 
> route domains are a concept usable by some people, not everyone should
> need to see this.

Ah, may be yes.  I am using sshd on routing domain other than 0, but
actually I'll add "RDomain 0" to sshd_config for keeping rdomain 0 for
shells logged in, to avoid this kind of confusion.


>> I think rc.d should specify the routing domain explicitly when it
>> executes the daemon program even if the daemon's rtable is configured
>> 0 since the executed routing domain may not be 0.
>> 
>> Exmaple:
>> 
>>   (run sshd on rtable 100)
>>   $ doas ifconfig lo100 rdomain 100 127.0.0.1/8
>>   $ doas ln -s sshd /etc/rc.d/sshd100 
>>   $ doas rcctl enable sshd100
>>   $ doas rcctl set sshd100 rtable 100
>>   $ doas rcctl start sshd100
>> 
>>   (ssh login from rdomain 100)
>>   $ route -T100 exec ssh 127.0.0.1
>> 
>>   (logged in, default routing domain becomes 100)
>>   $ doas rcctl get ntpd rtable
>>   0
>>   $ doas rcctl restart ntpd
>>   ntpd(ok)
>>   ntpd(ok)
>> 
>>   $ doas /etc/rc.d/ntpd check
>>   ntpd(failed)
>>   $ ps ax -o 'pid comm rtable' | grep ntpd
>>   26036 ntpd                100
>>    2924 ntpd                100
>>   78901 ntpd                100
>>   $
>> 
>> "check" fails because /var/run/rc.d/ntpd rtable is 0, but it is
>> actually running on 100.
>> 
>> ok?
>> 
>> Execute the daemon program on the configured routing table always even
>> if its rtable is configured 0 and rc.d is executed on a routing domain
>> other than 0.
>> 
>> Index: etc/rc.d/rc.subr
>> ===================================================================
>> RCS file: /cvs/src/etc/rc.d/rc.subr,v
>> retrieving revision 1.130
>> diff -u -p -r1.130 rc.subr
>> --- etc/rc.d/rc.subr 20 Jan 2019 04:52:07 -0000      1.130
>> +++ etc/rc.d/rc.subr 20 Feb 2019 03:57:37 -0000
>> @@ -320,5 +320,4 @@ unset _rcflags _rcrtable _rcuser _rctime
>>  # make sure pexp matches the process (i.e. doesn't include the quotes)
>>  pexp="$(eval echo ${daemon}${daemon_flags:+ ${daemon_flags}})"
>>  rcexec="su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c"
>> -[ "${daemon_rtable}" -eq 0 ] ||
>> -    rcexec="route -T ${daemon_rtable} exec ${rcexec}"
>> +rcexec="route -T ${daemon_rtable} exec ${rcexec}"
>>