The rtnetlink(4) RTM_GETADDR does not list link level addresses, thus
the correct match for interfaces that have a link level address should
be based on what was returned by RTM_GETLINK.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D41586
When matching interfaces for being Ethernet, use same trick that
the link module does - pass if_type through convert_iftype().
That restores historicaly behaviour of listing lagg(4) ports.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D41585
This affects only ifconfig(8) compiled WITHOUT_NETLINK_SUPPORT, which
is not the default.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D41584
Fixes: d1cd0344f7
This module allows controlled privilege escallation via mac labels
securely associated with a process via mac_veriexec.
There are over 700 PRIV_* but we can compress many of them into
a single GBL_* thus constraining the size of gbl labels.
The goal is to allow a daemon to run as an unprivileged process while
still being able a set of privileged operations needed.
We add APIs to libveriexec so that userland processes can check labels
and an exec_script API that allows a suitably labeled process to run
something like a python interpreter directly if necessary;
overcomming the 'indirect' flag applied to the interpreter.
Add -l option to sbin/veriexec to report labels.
Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D41431
The mount subcommand currently produces output such as:
# bectl mount <bootenv>
Successfully mounted <bootenv> at <mountpoint>
This commit changes it to only print the mountpoint:
# bectl mount <bootenv>
<mountpoint>
This makes it easier to script the mount subcommand. If an error occurs
while mounting, an error message is printed to stderr and bectl will
exit with a non-zero value.
PR: 273180
Reviewed by: kevans, asomers
Differential Revision: https://reviews.freebsd.org/D41562
9600 was a standard baud rate decades ago, but 115200 is now more common
so choose defaults that are useful to the largest number of users.
Note that boot0sio does not support rates above 9600 so it remains
unchanged.
Reviewed by: bz, imp, manu
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36295
In setups without hints whatsoever one can get a long list of
"Can't read linker hints file" error messages during boot.
Add a -q/--quiet option which would suppress the noise and leave
space for more essential information.
While here switch to a pre-defined exit code from sysexits.
MFC after: 4 weeks
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D41443
When listing anchors pfctl lists both 'regular' layer 3 anchors and
Ethernet anchors. It's possible to have the same anchor name in both,
which can be confusing.
Mitigate this a little by explicitly marking where the Ethernet anchors
start. Avoid breaking scripts by only doing this at the second level
of verbosity.
Sponsored by: Rubicon Communications, LLC ("Netgate")
In 4849767cb1, we did a large refactor of the md5(1) source code.
One of them is that instead of reading data using read(2) syscall, we
are using binary stream input (fread(3)).
fread(3) requires additional Capsicum capabilities:
sha256 CAP operation requires CAP_FSTAT, descriptor holds CAP_READ
sha256 RET fstat -1 errno 93 Capabilities insufficient
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D41348
Delete note that UFS/FFS filesystems running with journaled soft updates
cannot run background fsck as 344b5bf made it possible to do so.
MFC-with: 344b5bf
Sponsored-by: The FreeBSD Foundation
Previously dumpfs(8) exited when a cylinder group read failed (such
as a cylinder-group check-hash failure). Now an error message
indicating the cylinder group number and the type of failure is
printed and the output continues for the remaining cylinder groups.
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
An earlier addition of code to fsck_ffs(8) allowed it to support
snapshots when running with journalled soft updates. Further
functionality has now been added to fsck_ffs(8) to allow it to use
snapshots to run in background on live filesystems running with
journaled soft updates. This commit enables the use of this functionality.
Tested-by: Peter Holm
Sponsored-by: The FreeBSD Foundation
MFC-after: 2 weeks
A new command, quitclean, is added to fsdb(8) to request that the
filesystem not be marked as needing a full fsck(8). This is useful
when creating deliberately bad filesystem images to be used to check
that fsck is properly able to clean them up.
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
Until this update, the fsdb(8) command always marked a filesystem
as needing a full fsck unless it was run with the -n flag which
allowed no changes to be made.
This change tracks modifications to the filesystem. Two types of
changes are tracked. The first type of changes are those that are
not critical to the integrity of the filesystem such as changes to
owner, group, time stamps, access mode, and generation number. The
second type of changes are those that do affect the integrity of
the filesystem including zeroing inodes, changing block pointers,
directory entries, link counts, file lengths, file types, and file
flags.
When quitting having made no changes or only changes to data that
is not critical to filesystem integrity, the clean state of the
filesystem is left unchanged. But if filesystem critical data are
changed then fsdb will set the unclean flag which will require a
full fsck to be run before the filesystem can be mounted.
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
Basic state tracking for SCTP. This means we scan through the packet to
identify the different chunks (so we can identify state changes).
MFC after: 3 weeks
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D40862
The capabilities in if_capabilities2/if_capenable2 are reported in the
second 32b and were not being displayed correctly. v does not need to
be advanced because v[i / 32] is the correct 32b value already.
Sponsored by: Chelsio Communications
Reviewed by: kib@
Differential Revision: https://reviews.freebsd.org/D41107
beadm will recursively promote deep BE datasets. In order to match the
beadm behavior, we need to recursively iterate over child filesystems
and promote them along the way.
This patch further refines the work from D40903, completing the fix for
promotion.
Reviewed by: kevans, rew
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D40972
This matches the beadm behavior; generally, we need to keep promoting
until the BE is no longer a clone from a snapshot. This fixes scenarios
where the dataset associated with a BE's origin is itself a clone,
activating the BE previously would promote it to a clone of the origin's
origin.
We could keep using be_get_dataset_props here, except for two
annoyances:
1.) I couldn't find a clean way to just clear an nvlist rather than
having to re-alloc it, and I didn't want to just remove the one prop
we're inspecting out of it.
2.) That's a lot of overhead when all we want to do is fetch the origin
anyways.
Note that this is not a complete fix, but it does fix the majority of
cases; deep BE subordinates are still notably broken, pending a patch
from Christian.
Reported by: R. Christian McDonald <rcm@rcm.sh>
Reviewed by: rew
Differential Revision: https://reviews.freebsd.org/D40903
Only i386 still uses a 32-bit time_t. I knew this, and I still failed
to compile-test on i386. My bad.
Reported by: cy
Fixes: c210cac00f ("dhclient: fix time parsing for leases...")
Sponsored by: Dell EMC Isilon
Convert lease parsing to timegm to calculate timestamp. For reference, when
writing the lease, we use gmtime to convert the timestamp to struct tm.
Reviewed By: markj, vangyzen
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D40760
This will allow the latter to be removed, reducing the boilerplate
needed for a new libcompat.
Reviewed by: kib, brooks, jhb
Differential Revision: https://reviews.freebsd.org/D40933
In most cases, usage does not return, so mark them as __dead2. For the
cases where they do return, they have not been marked __dead2.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/735
The function that uses nextnum expects to return a u_int32_t, not a mere
int, so let's make nextnum a u_int32_t instead.
Note: retained current u_int32_t style, since the rest of the file uses
it.
Reviewed by: imp, mckusick
Pull Request: https://github.com/freebsd/freebsd-src/pull/734
