argument specifying the boundary for the resource allocation.
Use ulmin()/ulmax() instead of min()/max() in some places to correctly
deal with the u_long resource range specifications.
o Move nfs_reserved_port_only out of security profiles (where it was
set somewhat improperly) to the Security options menu directly.
Previously, the variable was set to true for Moderate, but not for
Extreme, which is at best inconsistent.
o Update the Security Profiles help file to remove reference to the
NFS reserved port.
o Note that the kernel currently defaults the sysctl to '0', but
sysinstall has changed it to '1' as a default as of late; however,
rc.conf sets the value to NO as the default. This change brings
them relatively into sync.
Sponsored by: DARPA, NAI Labs
and pull configSecurityProfile under that menu. Add a menu option
to determine whether LOMAC is enabled at boot. Probably, eventually,
many of the 'Security Profile' menu choices should be pulled out
independently into the Security Menu, so as to make them individually
selectable.
Sponsored by: DARPA, NAI Labs
LC_MESSAGES related data was installed to <locale>/LC_MESSAGES file.
Now it go to <locale>/LC_MESSAGES/SYS_LC_MESSAGES file. LC_MESSAGES
directory is supposed to be storage of message catalogs of userland tools.
This should allow us to avoid many potential problems with future
libintl related functionality introduction.
Thanks for useful suggestions about correct way how to replace plain
files with directories at installworld stage to: Ruslan Ermilov <ru>
There are two reasons why automounting remote filesystems can't be
delayed until after network initialization:
1) The right way would be to teach mount to distinguish between network
filesystems and local filesystems. This is not as easy as it was for
df, because the latter only has to cope with filesystems for which
kernel support is already present.
2) The easy way (see rev 1.268 of src/etc/rc for an extensible example)
is made awkward by a problem reported by dougb and addressed in
rev 1.286 of src/etc/rc, where mount_nfs misuses vfsload() and does
not correctly arrage for the loading of nfsclient support.
Since neither of these problems looks like it will be solved before
4.5-RELEASE, the previous delta to this file provides a safety belt,
which I'd like to encourage folks to use by applying a change to
sysinstall, described in a message sent to the freebsd-audit list
(Message-ID <5062.1008868549@axl.seasidesoftware.co.za>).
code only passed up the connection to the tcp stack when it was complete,
so it went directly into the so_comp (complete) queue. However, with
accept filters, there is an additional phase before calling it "complete".
Reviewed by: jlemon
and it's associated state variables: icu_lock with the name "icu". This
renames the imen_mtx for x86 SMP, but also uses the lock to protect
access to the 8259 PIC on x86 UP. This also adds an appropriate lock to
the various Alpha chipsets which fixes problems with Alpha SMP machines
dropping interrupts with an SMP kernel.
The user can still toggle it back off in the label editor (or post-install
for that matter) if they explicitly do not want soft updates to be used
for some reason.
Agreed to be a good thing by: kirk
against VM_WAIT in the pageout code. Both fixes involve adjusting
the lockmgr's timeout capability so locks obtained with timeouts do not
interfere with locks obtained without a timeout.
Hopefully MFC: before the 4.5 release
allows us to supply our own value for this, overriding the
default /usr/local/etc/nsmb.conf, which is not appropriate for
base system configuration files.