Adding mlock, sysvshm, sysvsem, sysvmsg attributes

[zilti]

No description provided.

[grembo]

Also: How does this interact with the logic in _js_start

pot/share/pot/start.sh

Lines 451 to 471 in 28b302d

	local _pname _confdir _epaira _epairb _ipv6_epaira _ipv6_epairb
	local _ifaces _hostname _osrelease _param _ip _cmd _persist
	local _stack _value _name _type _wait_pid _exit_code _tmp
	_pname="$1"
	_confdir="${POT_FS_ROOT}/jails/$_pname/conf"
	_param="allow.set_hostname=false allow.raw_sockets allow.socket_af allow.sysvipc"
	_param="$_param allow.chflags exec.clean mount.devfs"
	_param="$_param sysvmsg=new sysvsem=new sysvshm=new"
	for _attr in ${_POT_JAIL_RW_ATTRIBUTES} ; do
	# shellcheck disable=SC1083,2086
	eval _name=\"\${_POT_DEFAULT_${_attr}_N}\"
	# shellcheck disable=SC1083,2086
	eval _type=\"\${_POT_DEFAULT_${_attr}_T}\"
	_value="$(_get_conf_var "$_pname" "pot.attr.${_attr}")"
	if [ "${_value}" = "YES" ]; then
	_param="$_param ${_name}"
	elif [ "${_type}" != "bool" ] && [ -n "${_value}" ]; then
	_param="$_param ${_name}=${_value}"
	fi
	done

Especially sysvmsg=new sysvsem=new sysvshm=new?

[grembo]

Reading the current start-up code it seems like our current logic always sets allow.sysvipc sysvmsg=new sysvsem=new sysvshm=new.

Given that allow.sysvipc is deprecated anyway, this makes fixing this quite easy:

1. Remove the sysvip attribute
2. Add sysvmsg=new, sysvsem=new, sysvshm=new as default attributes

[grembo]

@zilti Thank you for your contribution!