release openrc-0.7.0

* status on a stopped service now has a return code of 3 (was 1)
* starting an already started service now has a return code of 0 (was 1)
* stopping an already stopped service now has a return code of 0 (was 1)

Makefile.inc

@@ -1,3 +1,3 @@
 NAME=		openrc
-VERSION=	0.6.7
+VERSION=	0.7.0
 PKG=		${NAME}-${VERSION}

README

@@ -53,13 +53,10 @@ of the system.
 
 
 Reporting Bugs
--------------
-If you installed OpenRC from your chosen distribution, you should report
-bugs directly to them. For example, if you use Gentoo and emerged OpenRC
-then you should reports bugs to http://bugs.gentoo.org.
-
-Otherwise, you can report them directly to me at
-http://roy.marples.name/projects/openrc
+--------------
+Bugs should go to the Gentoo Bugzilla:
+	http://bugs.gentoo.org/
+You'll want the "Gentoo Linux" product and the "baselayout" component.
 
 
 History - by Roy Marples

TODO

@@ -1,3 +1,5 @@
 - ensure all forks block, restore and unblock signals. needs review 
 
 - add support somehow for optional translations
+
+- oldnet[bridging]: Review setting of bridge configuration on dynamic interface add

doc/net.example.Linux.in

@@ -787,11 +787,18 @@
 #bridge_add_eth0="br0"
 #bridge_add_eth1="br0"
 
+# NOTE: If you want to manually start an empty bridge, and then dynamically add
+# ports to it you must set at least one of the following variables based on the
+# interface name, so that we can pick it up from your configuration. Even an
+# empty value variable is fine, but at least one of them must be set:
+# brctl_IFVAR
+
 # You need to configure the ports to null values so dhcp does not get started 
 #config_eth0="null"
 #config_eth1="null"
 
-# Finally give the bridge an address - dhcp or a static IP
+# Finally give the bridge an address - dhcp or a static IP, this is assigned to
+# the bridge when the bridge is explicitly started.
 #config_br0="dhcp" # may not work when adding ports dynamically
 #config_br0="192.168.0.1/24"
 
@@ -805,6 +812,13 @@
 #sethello 0
 #stp off"
 
+# You can also configure the bridge or bridge members via sysfs on 2.6 kernels
+# or newer. See the kernel bridge documentation for a description of these
+# options.
+#stp_state_br0="0"
+#forward_delay_br0="10"
+#hairpin_mode_eth0="1"
+
 #-----------------------------------------------------------------------------
 # RFC 2684 Bridge Support 
 # For RFC 2684 bridge support emerge net-misc/br2684ctl
@@ -852,6 +866,52 @@
 #relay_6to4="192.168.3.2"
 #suffix_6to4=":ff"
 
+#-----------------------------------------------------------------------------
+# Advanced Routing
+# WARNING: For advanced routing you MUST be using sys-apps/iproute2
+#
+# This provides a means to do multi-homing and more using the Routing Policy
+# Database (RPDB).
+#
+# See the following links for background and more information.
+# http://linux-ip.net/html/ch-routing.html
+# http://linux-ip.net/html/ch-advanced-routing.html
+
+# The rules listed will be added with 'ip rule add LINE' when the interface is
+# being brought up. They will also be removed with 'ip rule delete LINE'.
+# The rules added are also stored for later removal, so if you alter your rules
+# directly before stopping, you should review your rules again after stopping.
+
+# Note in earlier versions of openrc, this was provided as an example in
+# postup/postdown, however that implementation suffered some bugs in corner
+# cases, which are now fixed with this merger. If you used the previous
+# example, you should only need to drop the relevent portions of your
+# postup/postdown functions, and review the quoting in your rules_IFACE
+# variables.
+
+# Below is a trivial example for a dual-homed connection where there is an OOB
+# management network. Only packets explicitly with an address from or to the
+# OOB are sent via eth0. All others go via eth1 as the eth1 rules have a lower
+# priority.
+
+# If you want to use names for your tables, you should put lines into
+# /etc/iproute2/rt_tables, an example follows:
+# 2 oob
+# 3 external
+
+#rules_eth0="
+#from ZZZ.ZZZ.200.128/27 table oob priority 500
+#to ZZZ.ZZZ.200.128/27 table oob priority 550"
+#rules_eth1="
+#from XXX.XXX.112.0/24 table external priority 400
+#to XXX.XXX.112.0/24 table external priority 450"
+#routes_eth0="
+#ZZZ.ZZZ.200.128/27 dev eth0 table oob scope link
+#default via ZZZ.ZZZ.200.129 table oob"
+#routes_eth1="
+#XXX.XXX.112.0/24 dev eth1 table external scope link
+#default via XXX.XXX.112.1 dev eth1"
+
 
 #-----------------------------------------------------------------------------
 # System
@@ -980,33 +1040,6 @@
 #	# This function could be used, for example, to register with a
 #	# dynamic DNS service.  Another possibility would be to
 #	# send/receive mail once the interface is brought up.
-
-#	# Here is an example that allows the use of iproute rules
-#	# which have been configured using the rules_eth0 variable.
-#	#rules_eth0=" \
-#	#	'from 24.80.102.112/32 to 192.168.1.0/24 table localnet priority 100' \
-#	#	'from 216.113.223.51/32 to 192.168.1.0/24 table localnet priority 100' \
-#	#"
-#	eval set -- \$rules_${IFVAR}
-#	if [ $# != 0 ]; then
-#		einfo "Adding IP policy routing rules"
-#		eindent
-#		# Ensure that the kernel supports policy routing
-#		if ! ip rule list | grep -q "^"; then
-#			eerror "You need to enable IP Policy Routing (CONFIG_IP_MULTIPLE_TABLES)"
-#			eerror "in your kernel to use ip rules"
-#		else
-#			for x; do
-#				ebegin "${x}"
-#				ip rule add ${x}
-#				eend $?
-#			done
-#		fi
-#		eoutdent
-#		# Flush the cache
-#		ip route flush cache dev "${IFACE}"
-#	fi
-
 #}
 
 #postdown() {
@@ -1014,21 +1047,6 @@
 #	# Probably a good idea to set ifdown="no" in /etc/conf.d/net
 #	# as well ;)
 #	[ "${IFACE}" != "lo" ] && ethtool -s "${IFACE}" wol g
-
-#	Automatically erase any ip rules created in the example postup above
-#	if interface_exists "${IFACE}"; then
-#		# Remove any rules for this interface
-#		local rule
-#		ip rule list | grep " iif ${IFACE}[ ]*" | {
-#			while read rule; do
-#				rule="${rule#*:}"	
-#				ip rule del ${rule}
-#			done
-#		}
-#		# Flush the route cache
-#		ip route flush cache dev "${IFACE}"
-#	fi
-
 #	# Return 0 always
 #	return 0
 #}

etc/Makefile

@@ -7,3 +7,6 @@ MK=	../mk
 include ${MK}/os.mk
 include Makefile.${OS}
 include ${MK}/scripts.mk
+
+rc.conf: rc.conf.in rc.conf.${OS}
+	${SED} ${SED_REPLACE} ${SED_EXTRA} $^ > $@

etc/Makefile.Linux

@@ -1,6 +1,2 @@
 SED_EXTRA=	-e 's:@TERM@:wsvt25:g'
-SRCS+=		rc.in rc.shutdown.in
-
-rc.conf:
-	cp rc.conf.in rc.conf
-	cat rc.conf.Linux >> rc.conf
+SRCS+=		rc.conf.in rc.in rc.shutdown.in

etc/rc.conf.FreeBSD

@@ -0,0 +1,8 @@
+# This is the subsystem type. Valid options on FreeBSD:
+# ""        - nothing special
+# "jail"    - FreeBSD jails
+# "prefix"  - Prefix
+# If unset, the old automagic detection code will be triggered. Said old code
+# is deprecated and be removed not later than 2010/03/01.
+rc_sys=""
+

etc/rc.conf.Linux

@@ -1,3 +1,15 @@
+# This is the subsystem type. Valid options on Linux:
+# ""        - nothing special
+# "lxc"     - Linux Containers
+# "openvz"  - Linux OpenVZ
+# "prefix"  - Prefix
+# "uml"     - Usermode Linux
+# "vserver" - Linux vserver
+# "xen0"    - Xen0 Domain
+# "xenU"    - XenU Domain
+# If unset, the old automagic detection code will be triggered. Said old code
+# is deprecated and be removed not later than 2010/03/01.
+rc_sys=""
 
 ##############################################################################
 # LINUX SPECIFIC OPTIONS

etc/rc.conf.NetBSD

@@ -0,0 +1,9 @@
+# This is the subsystem type. Valid options on NetBSD:
+# ""        - nothing special
+# "prefix"  - Prefix
+# "xen0"    - Xen0 Domain
+# "xenU"    - XenU Domain
+# If unset, the old automagic detection code will be triggered. Said old code
+# is deprecated and be removed not later than 2010/03/01.
+rc_sys=""
+

etc/rc.conf.in

@@ -115,3 +115,4 @@
 # You can also remove dependencies.
 # This is mainly used for saying which servies do NOT provide net.
 #rc_net_tap0_provide="!net"
+

init.d/bootmisc.in

@@ -25,7 +25,7 @@ cleanup_tmp_dir()
 		mkdir -p "$dir" || return $?
 	fi
 	dir_writeable "$dir" || return 1
-	chmod a+rwt "$dir"
+	chmod a+rwt "$dir" 2> /dev/null
 	cd "$dir"
 	if yesno $wipe_tmp; then
 		ebegin "Wiping $dir directory"
@@ -77,7 +77,7 @@ mkutmp()
 start()
 {
 	# Remove any added console dirs
-	rm -rf "$RC_LIBEXECDIR"/console
+	rm -rf "$RC_LIBEXECDIR"/console/*
 
 	local logw=false runw=false extra=
 	# Ensure that our basic dirs exist

init.d/localmount.in

@@ -8,6 +8,7 @@ depend()
 {
 	need fsck
 	use lvm modules mtab
+	after lvm modules
 	keyword -jail -openvz -prefix -vserver -lxc
 }
 

init.d/net.lo.in

@@ -402,7 +402,7 @@ _load_config()
 		set -- ${config}
 		# Of course, we may have a single address added old style.
 		case "$2" in
-			netmask|broadcast|brd|brd+)
+			netmask|broadcast|brd|brd+|peer|pointopoint)
 				local IFS="$__IFS"
 				set -- ${config}
 				;;

init.d/netmount.in

@@ -43,7 +43,7 @@ start()
 	local myneed= myuse= pmap="portmap" nfsmounts=
 	[ -x @SYSCONFDIR@/init.d/rpcbind ] && pmap="rpcbind"
 
-	local x= fs=
+	local x= fs= rc=
 	for x in $net_fs_list; do
 		case "$x" in
 			nfs|nfs4)
@@ -65,7 +65,12 @@ start()
 
 	ebegin "Mounting network filesystems"
 	mount -at $fs
-	ewend $? "Could not mount all network filesystems"
+	rc=$?
+	if [ "$RC_UNAME" = Linux ]; then
+		mount -a -O _netdev
+		rc=$?
+	fi
+	ewend $rc "Could not mount all network filesystems"
 	return 0
 }
 
@@ -93,5 +98,9 @@ stop()
 	retval=$?
 
 	eoutdent
+	if [ "$RC_UNAME" = Linux ]; then
+		umount -a -O _netdev
+		retval=$?
+	fi
 	eend $retval "Failed to unmount network filesystems"
 }

init.d/sysctl.Linux.in

@@ -5,7 +5,7 @@
 depend()
 {
 	before bootmisc logger
-	keyword -openvz -prefix -vserver
+	keyword -prefix -vserver
 }
 
 start()

man/rc-status.8

@@ -62,6 +62,10 @@ Show information only for the named
 .Sh EXIT STATUS
 .Nm
 exits 0, except when checking for crashed services and it doesn't find any.
+.Sh IMPLEMENTATION NOTES
+.Nm
+tries to list services within each runlevel in the presently resolved
+dependency order if the dependency tree is available.
 .Sh SEE ALSO
 .Xr rc 8 ,
 .Xr rc-update 8

man/runscript.8

@@ -138,13 +138,6 @@ We should recalculate our dependencies if the listed files have changed.
 .It Ic keyword
 Tags a service with a keyword. Here's the keywords we currently understand:-
 .Bl -tag -width indent
-.It Dv -jail
-When in a jail, exclude this service from any dependencies. The service can
-still be run directly.
-.It Dv -openvz
-Same as -jail, but for OpenVZ systems.
-.It Dv -lxc
-Same as -jail, but for Linux Resource Containers (LXC).
 .It Dv -shutdown
 Don't stop this service when shutting the system down.
 This normally quite safe as remaining daemons will be sent a SIGTERM just
@@ -156,6 +149,18 @@ Don't stop this service when changing runlevels, even if not present.
 This includes shutting the system down.
 .It Dv -timeout
 Do not time out waiting for that service.
+.It Dv -jail
+When in a jail, exclude this service from any dependencies. The service can
+still be run directly. Set via 
+.Ic rc_sys 
+in 
+.Pa /etc/rc.conf
+.It Dv -lxc
+Same as -jail, but for Linux Resource Containers (LXC).
+.It Dv -openvz
+Same as -jail, but for OpenVZ systems.
+.It Dv -prefix
+Same as -jail, but for Prefix systems.
 .It Dv -uml
 Same as -jail, but for UML systems.
 .It Dv -vserver

net/bridge.sh

@@ -11,34 +11,64 @@ _config_vars="$_config_vars bridge bridge_add brctl"
 
 _is_bridge()
 {
-	# Ignore header line so as to allow for bridges named 'bridge'
-	brctl show 2>/dev/null | sed '1,1d' | grep -q "^${IFACE}[[:space:]]"
+	[ -d /sys/class/net/"${1:-${IFACE}}"/bridge ]
+	return $?
+}
+
+_is_bridge_port()
+{
+	[ -d /sys/class/net/"${1:-${IFACE}}"/brport ]
+	return $?
+}
+
+_bridge_ports()
+{
+	for x in /sys/class/net/"${1:-${IFACE}}"/brif/*; do
+		n=${x##*/}
+		echo $n
+	done
 }
 
 bridge_pre_start()
 {
-	local brif= iface="${IFACE}" e= x=
+	local brif= oiface="${IFACE}" e= x=
+	# ports is for static add
 	local ports="$(_get_array "bridge_${IFVAR}")"
+	# old config options
 	local opts="$(_get_array "brctl_${IFVAR}")"
-	
+	# brif is used for dynamic add
 	eval brif=\$bridge_add_${IFVAR}
-	eval x=\${bridge_${IFVAR}-y\}
-	if [ -z "${brif}" -a -z "${opts}" ]; then
-		[ -n "${ports}" -o "${x}" != "y" ] || return 0
+	
+	# we need a way to if the bridge exists in a variable name, not just the
+	# contents of a variable. Eg if somebody has only bridge_add_eth0='br0',
+	# with no other lines mentioning br0.
+	eval bridge_unset=\${bridge_${IFVAR}-y\}
+	eval brctl_unset=\${brctl_${IFVAR}-y\}
+	
+	if [ -z "${brif}" -a "${brctl_unset}" == 'y' ]; then
+		if [ -z "${ports}" -a "${bridge_unset}" == "y" ]; then
+			#eerror "Misconfigured static bridge detected (see net.example)"
+			return 0
+		fi
 	fi
 
-	[ -n "${ports}" ] && bridge_post_stop
+	# If the bridge was already up, we should clear it
+	[ "${bridge_unset}" != "y" ] && bridge_post_stop
 
 	(
+	# Normalize order of variables
 	if [ -z "${ports}" -a -n "${brif}" ]; then
+		# Dynamic mode detected
 		ports="${IFACE}"
 		IFACE="${brif}"
+		IFVAR=$(shell_var "${IFACE}")
 	else
+		# Static mode detected
 		ports="${ports}"
 		metric=1000
 	fi
 
-	if ! _is_bridge; then
+	if ! _is_bridge ; then
 		ebegin "Creating bridge ${IFACE}"
 		if ! brctl addbr "${IFACE}"; then
 			eend 1
@@ -46,6 +76,12 @@ bridge_pre_start()
 		fi
 	fi
 
+	# TODO: does this reset the bridge every time we add a interface to the
+	# bridge? We should probably NOT do that.
+
+	# Old configuration set mechanism
+	# Only a very limited subset of the options are available in the old
+	# configuration method. The sysfs interface is in the next block instead.
 	local IFS="$__IFS"
 	for x in ${opts}; do
 		unset IFS
@@ -57,21 +93,50 @@ bridge_pre_start()
 	done
 	unset IFS
 
+	# New configuration set mechanism, matches bonding
+	for x in /sys/class/net/"${IFACE}"/bridge/*; do
+		[ -f "${x}" ] || continue
+		n=${x##*/}
+		eval s=\$${n}_${IFVAR}
+		if [ -n "${s}" ]; then
+			einfo "Setting ${n}: ${s}"
+			echo "${s}" >"${x}" || \
+			eerror "Failed to configure $n (${n}_${IFVAR})"
+		fi
+	done
+
 	if [ -n "${ports}" ]; then
 		einfo "Adding ports to ${IFACE}"
 		eindent
 
-		local OIFACE="${IFACE}"
+		local BR_IFACE="${IFACE}"
 		for x in ${ports}; do
 			ebegin "${x}"
 			local IFACE="${x}"
+			local IFVAR=$(shell_var "${IFACE}")
+			if ! _exists "${IFACE}" ; then
+				eerror "Cannot add non-existent interface ${IFACE} to ${BR_IFACE}"
+				return 1
+			fi
+			# The interface is known to exist now
 			_set_flag promisc
 			_up
-			if ! brctl addif "${OIFACE}" "${x}"; then
+			if ! brctl addif "${BR_IFACE}" "${x}"; then
 				_set_flag -promisc
 				eend 1
 				return 1
 			fi
+			# Per-interface bridge settings
+			for x in /sys/class/net/"${IFACE}"/brport/*; do
+				[ -f "${x}" ] || continue
+				n=${x##*/}
+				eval s=\$${n}_${IFVAR}
+				if [ -n "${s}" ]; then
+					einfo "Setting ${n}@${IFACE}: ${s}"
+					echo "${s}" >"${x}" || \
+					eerror "Failed to configure $n (${n}_${IFVAR})"
+				fi
+			done
 			eend 0
 		done
 		eoutdent
@@ -86,27 +151,24 @@ bridge_post_stop()
 {
 	local port= ports= delete=false extra=
 
-	if _is_bridge; then
+	if _is_bridge "${IFACE}"; then
 		ebegin "Destroying bridge ${IFACE}"
 		_down
-		# Ignore header line so as to allow for bridges named 'bridge'
-		ports="$(brctl show 2>/dev/null | \
-			sed -n -e '1,1d' -e '/^'"${IFACE}"'[[:space:]]/,/^\S/ { /^\('"${IFACE}"'[[:space:]]\|\t\)/s/^.*\t//p }')"
+		for x in /sys/class/net/"${IFACE}"/brif/*; do
+			[ -s $x ] || continue
+			n=${x##*/}
+			ports="${ports} ${n}"
+		done
 		delete=true
 		iface=${IFACE}
 		eindent
 	else
-		# Work out if we're added to a bridge for removal or not
-		# Ignore header line so as to allow for bridges named 'bridge'
-		eval set -- $(brctl show 2>/dev/null | sed -e '1,1d' -e "s/'/'\\\\''/g" -e "s/$/'/g" -e "s/^/'/g")
-		local line=
-		for line; do
-			set -- ${line}
-			if [ "$3" = "${IFACE}" ]; then
-				iface=$1
-				break
-			fi
-		done
+		# We are taking down an interface that is part of a bridge maybe
+		ports="${IFACE}"
+		local brport_dir="/sys/class/net/${IFACE}/brport"
+		[ -d ${brport_dir} ] || return 0
+		iface=$(readlink ${brport_dir}/bridge)
+		iface=${iface##*/}
 		[ -z "${iface}" ] && return 0
 		extra=" from ${iface}"
 	fi

net/ifconfig.sh.Linux.in

@@ -172,7 +172,7 @@ _add_address()
 					cmd="${cmd} broadcast"
 				fi
 				;;
-			peer) cmd="${cmd} pointtopoint";;
+			peer) cmd="${cmd} pointopoint";;
 			*) cmd="${cmd} $1";;
 		esac
 		shift

net/iproute2.sh

@@ -118,7 +118,12 @@ _add_address()
 		set -- "${one}/$(_netmask2cidr "${three}")" "$@"
 	fi
 	
-	#config=( "${config[@]//pointopoint/peer}" )
+	# tunnel keyword is 'peer' in iproute2, but 'pointopoint' in ifconfig.
+	if [ "$2" = "pointopoint" ]; then
+		local one="$1"
+		shift; shift
+		set -- "${one}" "peer" "$@"
+	fi
 	
 	# Always scope lo addresses as host unless specified otherwise
 	if [ "${IFACE}" = "lo" ]; then
@@ -136,6 +141,7 @@ _add_address()
 			;;
 	esac
 
+	veinfo ip addr add "$@" dev "${IFACE}"
 	ip addr add "$@" dev "${IFACE}"
 }
 
@@ -175,6 +181,7 @@ _add_route()
 		cmd="${cmd} metric ${metric}"
 	fi
 
+	veinfo ip ${family} route append ${cmd} dev "${IFACE}"
 	ip ${family} route append ${cmd} dev "${IFACE}"
 	eend $?
 }
@@ -199,6 +206,32 @@ _tunnel()
 	ip tunnel "$@"
 }
 
+# This is just to trim whitespace, do not add any quoting!
+_trim() {
+	echo $*
+}
+
+# This is our interface to Routing Policy Database RPDB
+# This allows for advanced routing tricks
+_ip_rule_runner() {
+	local cmd rules OIFS="${IFS}"
+	cmd="$1"
+	rules="$2"
+	veindent
+	local IFS="$__IFS"
+	for ru in $rules ; do
+		unset IFS
+		ruN="$(trim "${ru}")"
+		[ -z "${ruN}" ] && continue
+		vebegin "${cmd} ${ruN}"
+		ip rule ${cmd} ${ru}
+		veend $?
+		local IFS="$__IFS"
+	done
+	IFS="${OIFS}"
+	veoutdent
+}
+
 iproute2_pre_start()
 {
 	local tunnel=
@@ -210,7 +243,7 @@ iproute2_pre_start()
 		ebegin "Creating tunnel ${IFVAR}"
 		ip tunnel add ${tunnel} name "${IFACE}"
 		eend $? || return 1
-		_up	
+		_up
 	fi
 
 	# MTU support
@@ -240,6 +273,16 @@ iproute2_post_start()
 
 	# Kernel may not have IP built in
 	if [ -e /proc/net/route ]; then
+		local rules="$(_get_array "rules_${IFVAR}")"
+		if [ -n "${rules}" ]; then
+			if ! ip rule list | grep -q "^"; then
+				eerror "IP Policy Routing (CONFIG_IP_MULTIPLE_TABLES) needed for ip rule"
+			else
+				service_set_value "ip_rule" "${rules}"
+				einfo "Adding RPDB rules"
+				_ip_rule_runner add "${rules}"
+			fi
+		fi
 		ip route flush table cache dev "${IFACE}"
 	fi
 
@@ -259,6 +302,16 @@ iproute2_post_start()
 
 iproute2_post_stop()
 {
+	# Kernel may not have IP built in
+	if [ -e /proc/net/route ]; then
+		local rules="$(service_get_value "ip_rule")"
+		if [ -n "${rules}" ]; then
+			einfo "Removing RPDB rules"
+			_ip_rule_runner del "${rules}"
+		fi
+		ip route flush table cache dev "${IFACE}"
+	fi
+
 	# Don't delete sit0 as it's a special tunnel
 	if [ "${IFACE}" != "sit0" ]; then
 		if [ -n "$(ip tunnel show "${IFACE}" 2>/dev/null)" ]; then

net/wpa_supplicant.sh

@@ -3,10 +3,14 @@
 
 wpa_supplicant_depend()
 {
-	if [ -x /usr/sbin/wpa_supplicant ]; then
-		program start /usr/sbin/wpa_supplicant
-	else
-		program start /sbin/wpa_supplicant
+	wpas=/usr/sbin/wpa_supplicant
+	[ -x ${wpas} ] || wpas=/sbin/wpa_supplicant
+	if [ -x ${wpas} ]; then
+		program start ${wpas}
+		# bug 345281: if wpa_supplicant is built w/ USE=dbus, we need to start
+		# dbus before we can start wpa_supplicant.
+		${wpas} -h |grep DBus -sq
+		[ $? -eq 0 ] && need dbus
 	fi
 	after macnet plug
 	before interface

sh/init.sh.Linux.in

@@ -6,6 +6,17 @@
 # This basically mounts $RC_SVCDIR as a ramdisk.
 # The tricky part is finding something our kernel supports
 # tmpfs and ramfs are easy, so force one or the other.
+svcdir_restorecon()
+{
+	local rc=0
+	if [ -x /usr/sbin/selinuxenabled -a -c /selinux/null ] &&
+	  selinuxenabled; then
+		restorecon $RC_SVCDIR
+		rc=$?
+	fi
+	return $rc
+}
+
 mount_svcdir()
 {
 	# mount from fstab if we can
@@ -16,8 +27,12 @@ mount_svcdir()
 
 	# Some buggy kernels report tmpfs even when not present :(
 	if grep -Eq "[[:space:]]+tmpfs$" /proc/filesystems; then
-		mount -n -t tmpfs $fsopts,mode=755,size=${svcsize}k \
-			rc-svcdir "$RC_SVCDIR" && return 0
+		local tmpfsopts="${fsopts},mode=755,size=${svcsize}k"
+		mount -n -t tmpfs $tmpfsopts rc-svcdir "$RC_SVCDIR"
+		if [ $? -eq 0 ]; then
+			svcdir_restorecon
+			[ $? -eq 0 ] && return 0
+		fi
 	fi
 	
 	if grep -Eq "[[:space:]]+ramfs$" /proc/filesystems; then
@@ -38,6 +53,10 @@ mount_svcdir()
 	fi
 
 	mount -n -t "$fs" $fsopts rc-svcdir "$RC_SVCDIR"
+	if [ $? -eq 0 ]; then
+		svcdir_restorecon
+		[ $? -eq 0 ] && return 0
+	fi
 }
 
 . "$RC_LIBEXECDIR"/sh/functions.sh

sh/runscript.sh.in

@@ -4,12 +4,24 @@
 # Copyright (c) 2007-2009 Roy Marples <roy@marples.name>
 # All rights reserved. Released under the 2-clause BSD license.
 
-. @SYSCONFDIR@/init.d/functions.sh
-. @LIBEXECDIR@/sh/rc-functions.sh
+sourcex()
+{
+	if [ "$1" = "-e" ]; then
+		shift
+		[ -e "$1" ] || return 1
+	fi
+	if ! . "$1"; then
+		eerror "$RC_SVCNAME: error loading $1"
+		exit 1
+	fi
+}
+
+sourcex "@SYSCONFDIR@/init.d/functions.sh"
+sourcex "@LIBEXECDIR@/sh/rc-functions.sh"
 
 # Support LiveCD foo
 if [ -r /sbin/livecd-functions.sh ]; then
-	. /sbin/livecd-functions.sh
+	sourcex "/sbin/livecd-functions.sh"
 	livecd_read_commandline
 fi
 
@@ -89,7 +101,7 @@ _status()
 		return 0
 	else
 		einfo "status: stopped"
-		return 1
+		return 3
 	fi
 }
 
@@ -145,30 +157,26 @@ _conf_d=${RC_SERVICE%/*}/../conf.d
 # If we're net.eth0 or openvpn.work then load net or openvpn config
 _c=${RC_SVCNAME%%.*}
 if [ -n "$_c" -a "$_c" != "$RC_SVCNAME" ]; then
-	if [ -e "$_conf_d/$_c.$RC_RUNLEVEL" ]; then
-		. "$_conf_d/$_c.$RC_RUNLEVEL"
-	elif [ -e "$_conf_d/$_c" ]; then
-		. "$_conf_d/$_c"
+	if ! sourcex -e "$_conf_d/$_c.$RC_RUNLEVEL"; then
+		sourcex -e "$_conf_d/$_c"
 	fi
 fi
 unset _c
 
 # Overlay with our specific config
-if [ -e "$_conf_d/$RC_SVCNAME.$RC_RUNLEVEL" ]; then
-	. "$_conf_d/$RC_SVCNAME.$RC_RUNLEVEL"
-elif [ -e "$_conf_d/$RC_SVCNAME" ]; then
-	. "$_conf_d/$RC_SVCNAME"
+if ! sourcex -e "$_conf_d/$RC_SVCNAME.$RC_RUNLEVEL"; then
+	sourcex -e "$_conf_d/$RC_SVCNAME"
 fi
 unset _conf_d
 
 # Load any system overrides
-[ -e @SYSCONFDIR@/rc.conf ] && . @SYSCONFDIR@/rc.conf
+sourcex -e "@SYSCONFDIR@/rc.conf"
 
 # Apply any ulimit defined
 [ -n "${rc_ulimit:-$RC_ULIMIT}" ] && ulimit ${rc_ulimit:-$RC_ULIMIT}
 
 # Load our script
-. "$RC_SERVICE"
+sourcex "$RC_SERVICE"
 
 for _d in $required_dirs; do
 	if [ ! -d $_d ]; then

src/librc/librc.c

@@ -199,7 +199,51 @@ file_regex(const char *file, const char *regex)
 #endif
 
 const char *
-rc_sys(void)
+rc_sys_v2(void)
+{
+#define __STRING_SWITCH(x) { char* __string_switch = x; if(false) {}
+#define __STRING_CASE(y) else if(strcmp(__string_switch,y) == 0)
+#define __STRING_SWITCH_END() }
+	char* systype = rc_conf_value("rc_sys");
+	/* New sys identification code */
+	if(systype) {
+		char* s = systype;
+		// Convert to uppercase
+		while(s && *s) { 
+			if(islower((unsigned char)*s))
+				*s = toupper((unsigned char)*s); 
+			s++;
+		}
+		// Now do detection
+		__STRING_SWITCH(systype)
+		__STRING_CASE(RC_SYS_PREFIX)	{ return RC_SYS_PREFIX; }
+#ifdef __FreeBSD__
+		__STRING_CASE(RC_SYS_JAIL) { return RC_SYS_JAIL; }
+#endif /* __FreeBSD__ */
+#ifdef __NetBSD__
+		__STRING_CASE(RC_SYS_XEN0) { return RC_SYS_XEN0; }
+		__STRING_CASE(RC_SYS_XENU) { return RC_SYS_XENU; }
+#endif /* __NetBSD__ */
+#ifdef __linux__
+		__STRING_CASE(RC_SYS_XEN0) { return RC_SYS_XEN0; }
+		__STRING_CASE(RC_SYS_XENU) { return RC_SYS_XENU; }
+		__STRING_CASE(RC_SYS_UML) { return RC_SYS_UML; }
+		__STRING_CASE(RC_SYS_VSERVER) { return RC_SYS_VSERVER; }
+		__STRING_CASE(RC_SYS_OPENVZ) { return RC_SYS_OPENVZ; }
+		__STRING_CASE(RC_SYS_LXC) { return RC_SYS_LXC; }
+#endif /* __linux__ */
+		__STRING_SWITCH_END()
+	}
+#undef __STRING_SWITCH
+#undef __STRING_CASE
+#undef __STRING_SWITCH_END
+	return NULL;
+}
+librc_hidden_def(rc_sys_v2)
+
+/* Old sys identification code */
+const char *
+rc_sys_v1(void)
 {
 #ifdef PREFIX
 	return RC_SYS_PREFIX;
@@ -233,8 +277,6 @@ rc_sys(void)
 		return RC_SYS_VSERVER;
 	else if (exists("/proc/vz/veinfo") && !exists("/proc/vz/version"))
 		return RC_SYS_OPENVZ;
-	else if (file_regex("/proc/self/cgroup", ":/.+$"))
-		return RC_SYS_LXC;
 	else if (file_regex("/proc/self/status",
 		"envID:[[:space:]]*[1-9]"))
 		return RC_SYS_OPENVZ; /* old test */
@@ -243,6 +285,17 @@ rc_sys(void)
 	return NULL;
 #endif /* PREFIX */
 }
+librc_hidden_def(rc_sys_v1)
+
+const char *
+rc_sys(void)
+{
+	if(rc_conf_value("rc_sys")) {
+		return rc_sys_v2();
+	} else {
+		return rc_sys_v1();
+	}
+}
 librc_hidden_def(rc_sys)
 
 static const char *

src/librc/librc.h

@@ -125,6 +125,8 @@ librc_hidden_proto(rc_stringlist_new)
 librc_hidden_proto(rc_stringlist_split)
 librc_hidden_proto(rc_stringlist_sort)
 librc_hidden_proto(rc_sys)
+librc_hidden_proto(rc_sys_v1)
+librc_hidden_proto(rc_sys_v2)
 librc_hidden_proto(rc_yesno)
 
 #endif

src/librc/rc.h.in

@@ -274,8 +274,19 @@ bool rc_service_daemons_crashed(const char *);
 #define RC_SYS_VSERVER "VSERVER"
 #define RC_SYS_XEN0    "XEN0"
 #define RC_SYS_XENU    "XENU"
+
+/*! Returns the type of subsystem
+ * @return string from RC_SYS_* types or NULL if none detected */
 const char *rc_sys(void);
 
+/*! Returns the type of subsystem using old automatic code
+ * @return string from RC_SYS_* types or NULL if none detected */
+const char *rc_sys_v1(void);
+
+/*! Returns the type of subsystem using new rc.conf rc_sys value
+ * @return string from RC_SYS_* types or NULL if none detected */
+const char *rc_sys_v2(void);
+
 /*! @name Dependency options
  * These options can change the services found by the rc_get_depinfo and
  * rc_get_depends functions. */

src/librc/rc.map

@@ -55,6 +55,8 @@ global:
 	rc_stringlist_sort;
 	rc_stringlist_free;
 	rc_sys;
+	rc_sys_v1;
+	rc_sys_v2;
 	rc_yesno;
 
 local:

src/rc/rc.c

@@ -878,9 +878,16 @@ main(int argc, char **argv)
 			eerrorx("%s: %s", applet, strerror(errno));
 			/* NOTREACHED */
 		case 'S':
-			bootlevel = rc_sys();
-			if (bootlevel)
-				printf("%s\n", bootlevel);
+			if (rc_conf_value("rc_sys")) {
+				bootlevel = rc_sys_v2();
+				if(bootlevel)
+					printf("%s\n", bootlevel);
+			} else {
+				ewarn("WARNING: rc_sys not defined in rc.conf. Falling back to automatic detection");
+				bootlevel = rc_sys_v1();
+				if(bootlevel)
+					printf("%s\n", bootlevel);
+			}
 			exit(EXIT_SUCCESS);
 			/* NOTREACHED */
 			case_RC_COMMON_GETOPT

src/rc/runscript.c

@@ -596,8 +596,10 @@ svc_start_check(void)
 	fcntl(exclusive_fd, F_SETFD,
 	    fcntl(exclusive_fd, F_GETFD, 0) | FD_CLOEXEC);
 
-	if (state & RC_SERVICE_STARTED)
-		ewarnx("WARNING: %s has already been started", applet);
+	if (state & RC_SERVICE_STARTED) {
+		ewarn("WARNING: %s has already been started", applet);
+		exit(EXIT_SUCCESS);
+	}
 	else if (state & RC_SERVICE_INACTIVE && !in_background)
 		ewarnx("WARNING: %s has already started, but is inactive",
 		    applet);
@@ -845,8 +847,10 @@ svc_stop_check(RC_SERVICE *state)
 	fcntl(exclusive_fd, F_SETFD,
 	    fcntl(exclusive_fd, F_GETFD, 0) | FD_CLOEXEC);
 
-	if (*state & RC_SERVICE_STOPPED)
-		ewarnx("WARNING: %s is already stopped", applet);
+	if (*state & RC_SERVICE_STOPPED) {
+		ewarn("WARNING: %s is already stopped", applet);
+		exit(EXIT_SUCCESS);
+	}
 
 	rc_service_mark(service, RC_SERVICE_STOPPING);
 	hook_out = RC_HOOK_SERVICE_STOP_OUT;

src/test/librc.funcs.hidden.list

@@ -51,4 +51,6 @@ rc_stringlist_new
 rc_stringlist_sort
 rc_stringlist_split
 rc_sys
+rc_sys_v1
+rc_sys_v2
 rc_yesno

src/test/rc.funcs.list

@@ -104,5 +104,9 @@ rc_stringlist_split
 rc_stringlist_split@@RC_1.0
 rc_sys
 rc_sys@@RC_1.0
+rc_sys_v1
+rc_sys_v1@@RC_1.0
+rc_sys_v2
+rc_sys_v2@@RC_1.0
 rc_yesno
 rc_yesno@@RC_1.0