changes since the last imported OpenBSM release:
OpenBSM 1.1 beta 1
- The filesz parameter in audit_control(5) now accepts suffixes: 'B' for
Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes.
For legacy support no suffix defaults to bytes.
- Audit trail log expiration support added. It is configured in
audit_control(5) with the expire-after parameter. If there is no
expire-after parameter in audit_control(5), the default, then the audit
trail files are not expired and removed. See audit_control(5) for
more information.
- Change defaults in audit_control: warn at 5% rather than 20% free for audit
partitions, rotate automatically at 2mb, and set the default policy to
cnt,argv rather than cnt so that execve(2) arguments are captured if
AUE_EXECVE events are audited. These may provide more usable defaults for
many users.
- Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert
au_to_socket_ex(3) arguments to BSM format.
- Fix error encoding AUT_IPC_PERM tokens.
Obtained from: TrustedBSD Project
Sponsored by: Apple Inc.
filesystem. This avoids confusion with nullfs and unionfs filesystems
which reference the root of a UFS filesystem as a target.
PR: 116849
Approved by: kib
ready status. Most of controllers managed to issue coommand and set BUSY
bit almost simultaneously, before we will read it, but at least JMicron JMB363
don't. Ignore timeout errors to keep old behavior when error there was
impossible.
For me this fixes timeout errors on the first command after channel attach
or reinit. Boot in my case is not affected, as there is much time passing
between reset and next command giving reset time to complete.
Unlike GCC, LLVM defines __STDC_VERSION__ to 199901L by default. This
means `restrict' keywords in files end up being given to lint, which
results in errors during compilation of usr.bin/xlint.
Other keywords are also expanded to nothing when using lint, so do the
same with restrict.
done in other places. Until we have no support for command queueing we have
no any benefit from FBS, while enabling it only here somehow leads to
"port not ready" errors on Intel 63XXESB2 controller.
Tested by: Larry Rosenman <ler AT lerctr.org>
pointers together, move padding to the bottom of the structure, and add
two new integer spares due to attrition over time. Remove unused spare
"flags" field, we can use one of the spare ints if we need it later.
This change requires a rebuild of device driver modules that depend on
the layout of ifnet for binary compatibility reasons.
Discussed with: kmacy
which are not in a module of their own like gif.
Single kernel compiles and universe will fail if the size of the struct
changes. Th expected values are given in sys/vimage.h.
See the comments where how to handle this.
Requested by: peter
architecture to implement size-guards on the vimage vnet_* structures.
As CTASSERT_EQUAL() needs special compile time options we back it
by CTASSERT() in the default case. Unfortunately CTASSERT() triggers
first, thus add an option to allow compilation with CTASSERT_EQUAL() only.
See the comments how to get new values if you trigger the assert
and what to do in that case.
Reviewed by: rwatson, zec (earlier versions)
It's better to just use internal language constructs, because it is
likely the compiler has a better opinion on whether to perform inlining,
which is very likely to happen to struct winsize.
Submitted by: Christoph Mallon <christoph mallon gmx de>
It takes a positive integer constant (the expected value) and
another positive integer, usually compile-time evaluated,
e.g. CTASSERT_EQUAL(FOO_EXPECTED_SIZE, sizeof (struct foo));
While the classic CTASSERT() gives:
error: size of array '__assert60' is negative
this gives you:
In function '__ctassert_equal_at_line_60':
warning: '__expected_42_but_got[464ul]' is used uninitialized in this function
and you can directly see the difference in the expected and the
real value.
CTASSERT_EQUAL() needs special compile time options to trigger
thus keep it locally to this header. If it proves to be of general
interest it can be moved to systm.h.
Submitted by: jmallett
Reviewed by: sam, warner, rwatson, jmallett (earlier versions)
@7 (kp_end). As ncurses has the limitation that it returns the first
matched key symbol, you can not use END in ncurses based program under
screen (like ports/misc/mc).
We did similar changes to xterm entry last year for exactly the same reason.
PR: 132199
Submitted by: Timur I. Bakeyev <timur at FreeBSD.org>
MFC after: 2 month
* Add RB_FOREACH_FROM() which continues traversal *at*
the y-node provided. There is no pre-increment.
* Nuke RB_FOREACH_SAFE as it was buggy; it would omit the final node.
* Replace RB_FOREACH_SAFE() with a working implementation
derived from RB_FOREACH_FROM().
The key observation is that we now only check the loop-control
variable, but still cache the next member pointer.
* Add RB_FOREACH_REVERSE_FROM() which continues backwards
traversal *at* the y-node provided. There is no pre-increment.
Typically this is used to back out of allocations made
whilst walking an RB-tree.
* Add RB_FOREACH_REVERSE_SAFE() which performs insertion and
deletion safe backwards traversal.
and partially r188903. Revert breaks new drives detection on reinit to the
state as it was before me, but fixes series of new bugs reported by some
people.
Unconditional queueing of ata_completed() calls can lead to deadlock if
due to timeout ata_reinit() was called at the same thread by previous
ata_completed(). Calling of ata_identify() on ata_reinit() in current
implementation opens numerous races and deadlocks.
Problems I was touching here are still exist and should be addresed, but
probably in different way.
When copying big structures, LLVM generates calls to memmove(), because
it may not be able to figure out whether structures overlap. This caused
linker errors to occur. memmove() is now implemented using bcopy().
Ideally it would be the other way around, but that can be solved in the
future. On ARM we don't do add anything, because it already has
memmove().
Discussed on: arch@
Reviewed by: rdivacky
Increasing WARNS seems to have broken compilation of this utility.
Instead of lowering WARNS, just fix to code to compile properly.
Submitted by: <bf2006a yahoo com>
Tested by: bms
arbitrarily long lines and embedded NULs. The new functionality is
nugatory, but adding it is a simple way to improve the exposure of
getline() in -CURRENT.
drivers' probe routines. It allows not to sleep and so not drop Giant inside
ata_identify() critical section and so avoid crash if it reentered on
request timeout. Reentering of probe call checked inside of it.
Give device own knowledge about it's type (ata/atapi/atapicam). It is not
a good idea to ask channel status for device type inside ata_getparam().
Add softc memory deallocation on device destruction.