diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr --- a/libexec/rc/rc.subr +++ b/libexec/rc/rc.subr @@ -55,6 +55,7 @@ _svcj_generic_params="path=/ mount.nodevfs host=inherit" JID=0 CPUSET="/bin/cpuset" +SETAUDIT="/usr/sbin/setaudit" # Cache the services that we loaded with load_rc_config. _loaded_services="" @@ -933,6 +934,9 @@ # Meant to be used in /etc/rc.conf to override # ${command}. # +# ${name}_audit_user n Override the audit user for ${command}, +# specified as a user name or UID. +# # ${name}_chroot n Directory to chroot to before running ${command} # Requires /usr to be mounted. # @@ -1151,6 +1155,15 @@ _cpusetcmd="$CPUSET -l $_cpuset" fi + eval _audit_user=\$${name}_audit_user + if [ -z "$_audit_user" -a -n "$audit_user" ]; then + _audit_user=$audit_user + fi + _setauditcmd= + if [ -n "$_audit_user" ]; then + _setauditcmd="setaudit -U -a $_audit_user" + fi + # If a specific jail has a specific svcj request, honor it (YES/NO). # If not (variable empty), evaluate the global svcj catch-all. # A global YES can be overriden by a specific NO, and a global NO is overriden @@ -1515,6 +1528,7 @@ _doit="\ ${_nice:+nice -n $_nice }\ $_cpusetcmd \ +$_setauditcmd \ ${_fib:+setfib -F $_fib }\ ${_env:+env $_env }\ chroot ${_user:+-u $_user }${_group:+-g $_group }${_groups:+-G $_groups }\ @@ -1524,7 +1538,9 @@ _doit="\ ${_fib:+setfib -F $_fib }\ ${_env:+env $_env }\ -$_cpusetcmd $command $rc_flags $command_args" +$_cpusetcmd \ +$_setauditcmd \ +$command $rc_flags $command_args" if [ -n "$_user" ]; then _doit="su -m $_user -c 'sh -c \"$_doit\"'" fi diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd October 5, 2025 +.Dd November 14, 2025 .Dt RC.CONF 5 .Os .Sh NAME @@ -190,6 +190,17 @@ always test whether or not the service is actually running. Enabling this option is likely to increase your boot time if services are enabled that utilize the force_depend check. +.It Ao Ar name Ac Ns Va _audit_user +.Pq Vt str +A user name or UID to use as the +.Xr audit 4 +user for the service. +Run the chrooted service under this system group. +By default, when an unprvileged user restarts a service using a utility +such as sudo or doas, the service's will audit session will point to the +unprivileged user, which may be undesirable. +In that case, this variable can be used to override the audit user using +.Xr setaudit 8 . .It Ao Ar name Ac Ns Va _chroot .Pq Vt str .Xr chroot 8 @@ -209,7 +220,6 @@ value to run the service under. .It Ao Ar name Ac Ns Va _group .Pq Vt str -Run the chrooted service under this system group. Unlike the .Ao Ar name Ac Ns Va _user setting, this setting has no effect if the service is not chrooted.