Commit Graph

37409 Commits

Author SHA1 Message Date
obrien
f999fe682d Rather than hack config/freebsd.h to contain our hacks for a native compiler,
just include them in tm.h (as built from cc/cc_tools/Makefile).

This will reduce the diffs from the vendor sources.

Excellent idea by:	jdp
1999-04-28 18:48:08 +00:00
dt
701ea88a94 pmap_emulate_reference: don't ever lose PV_TABLE_MOD bit on page. If
PV_TABLE_REF cleared before PV_TABLE_MOD, the page may get fault on read again.

On fault on write, pmap_emulate_reference mark the page dirty with
vm_page_dirty. That decrease ill effects of the bug.

The problem probably become more serious after my rev.1.18 a week ago.
1999-04-28 15:52:09 +00:00
phk
79134080a0 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
phk
38461224e8 Add the jail system call. 1999-04-28 11:28:49 +00:00
dt
b17f73b287 s/static foo_devsw_installed = 0;/static int foo_devsw_installed;/.
(Edited automatically)
1999-04-28 10:54:24 +00:00
jkh
1c3da0388c Deal with new loader syntax in determining how/when to load a userconfig
script.

Submitted by:		"Daniel C. Sobral" <dcs@newsguy.com>
Avoided by:		jkh
Demanded by:		The Users
1999-04-28 10:51:01 +00:00
joerg
bdf02d2004 Mention that you can only create a block or char special file using
mknod(2).
1999-04-28 10:04:48 +00:00
kato
011af9b80f Sync with sys/i386/isa/clock.c revision 1.132. 1999-04-28 08:06:00 +00:00
kato
a7e2968508 Sync with sys/i386/i386/machdep.c revision 1.332. 1999-04-28 08:03:54 +00:00
obrien
4b80a67c4e \begin{bdemode}
sort tcpd* entries
\end{bdemode}
1999-04-28 08:00:50 +00:00
foxfair
cc046d4ddb Correction of better display under chinese terminal.
Submitted by : Peter_Chen.bbs@bbs.csie.nctu.edu.tw
1999-04-28 07:27:04 +00:00
jkh
a52a6ff5f7 Write config files to /usr/share/skel as well as root's profile. 1999-04-28 07:20:11 +00:00
jkh
92941a5cac By popular request, add /usr/local/sbin to this list. 1999-04-28 06:43:08 +00:00
jkh
ae990f4522 Do the right thing for windowmaker installation if it's picked. Add some
seat belts for failed desktop installations.
1999-04-28 06:39:25 +00:00
imp
4248f5a8ec Add two recent developments:
pccard is busted
	The cool new SMP stuff
1999-04-28 05:18:46 +00:00
jkoshy
925059c78e Correct reference to '/dev/rst0' to the more correct "/dev/rsa0".
PR:		11347
Submitted by:	Christian Weisgerber
1999-04-28 05:08:13 +00:00
ghelmer
1224816ff3 Explain when packets are tesed by the firewall rules and what attributes
of packets can be tested.

PR:		docs/7437
1999-04-28 02:49:29 +00:00
luoqi
9a0dd7fc67 Make gdb work with kernel after the SMP vmspace sharing changes. 1999-04-28 01:27:55 +00:00
msmith
9ea71a9636 Allow loadable interface drivers with BPF support to be loaded into a kernel
that doesn't have it.  This is achieved by having minimal do-nothing stubs
enabled when there are no bpfilter devices configured.

Driver modules should be built with BPF enabled for maximum
convenience (but can be built without it for maximum performance).
1999-04-28 01:18:13 +00:00
luoqi
81e3a332a9 Enable vmspace sharing on SMP. Major changes are,
- %fs register is added to trapframe and saved/restored upon kernel entry/exit.
- Per-cpu pages are no longer mapped at the same virtual address.
- Each cpu now has a separate gdt selector table. A new segment selector
  is added to point to per-cpu pages, per-cpu global variables are now
  accessed through this new selector (%fs). The selectors in gdt table are
  rearranged for cache line optimization.
- fask_vfork is now on as default for both UP and SMP.
- Some aio code cleanup.

Reviewed by:	Alan Cox	<alc@cs.rice.edu>
		John Dyson	<dyson@iquest.net>
		Julian Elischer	<julian@whistel.com>
		Bruce Evans	<bde@zeta.org.au>
		David Greenman	<dg@root.com>
1999-04-28 01:04:33 +00:00
hoek
40629bb91a .Xr chflags 1 , 1999-04-27 23:33:52 +00:00
msmith
9e6a8a63ec Simplify the tunefs example, since tunefs uses getfsfile(). Lots of
people complain about working out what device their filesystems are
mounted on.
1999-04-27 21:11:19 +00:00
obrien
17f34242b2 Simplify the definition of FBSD_SWITCH_TAKES_ARG, and make sure
SWITCH_TAKES_ARG isn't defined (which svr4.h does) when we assign our
definition to it.
1999-04-27 19:29:44 +00:00
jdp
788fe388a4 Eliminate compiler warning about missing type in declaration.
Remove useless initialization of static variable to 0.

Move static variable declaration into the only function that uses
it.
1999-04-27 18:47:39 +00:00
jdp
ba84af7dc3 Fix the code that prints the "Initializing PC-card drivers" message
so that the list of drivers is correct.  This is a slightly
simplified version of the patch from the PR.

PR:		misc/10544
Submitted by:	Christophe Colle <colle@krtkg1.rug.ac.be>
1999-04-27 18:34:13 +00:00
obrien
60741f3b56 Wait until EGCS 1.2 to use more efficient ``thunks'' to implement C++ vtables.
While I have yet to hear of any problems with us using thunks.  The EGCS
mailing list notes some have problems with it and not using them are a
safer default.  People wanting to use them, can set the appropiate
compiler flag.
1999-04-27 15:43:56 +00:00
jkh
a16d10d610 o Make package matching for specific package loading use the Latest/
feature of packages now so that no version info is embedded.

o Add a default X desktop menu offering afterstep, enlightenment, KDE, GNOME
  and Windowmaker desktops instead of the boring twm(1) based one if the
  user so chooses.  This will require a little testing.
1999-04-27 14:33:29 +00:00
phk
8dcac09a03 Change suser_xxx() to suser() where it applies. 1999-04-27 12:21:16 +00:00
jkh
645ea8a194 1. Remove the hateful EDITOR=ee from root's environment; it's one
thing to use it at startup, when you don't know if the user can
   handle vi or not, but yet another thing to leave it as a permanent
   land mine for root.

2. Put /usr/X11R6/bin in path; it makes getting the desktop up a lot easier.
1999-04-27 11:55:02 +00:00
phk
eefbb16cbd bump __FreeBSD_version to 400005:
suser() API changed.
1999-04-27 11:20:54 +00:00
phk
b097bd1d95 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
jkh
a56c36333e lpd tries to be clever and checks if RM == my_hostname.
However, it doesn't check if the remote printer name it
is sending it to is the same as the local printer name,
and so chokes 'cos "laser" is not a real printer.

PR:		7081
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-04-27 07:09:18 +00:00
max
b3e3613d63 echo ^G^G -> echo \007\007 in loader.rc in kern.flp. 1999-04-27 05:09:43 +00:00
hoek
1967616b85 Mention that set-id bits are not honoured for shell scripts and
filesystems with the "nosuid" option.  Mention that syscall tracing
is disabled sometimes.

PR:		misc/11328
1999-04-27 03:56:10 +00:00
jkh
8914746e4b If pkg_info is run with no args, default to "-aI". 1999-04-27 02:30:27 +00:00
luoqi
51e6fbbebb Make options like NO_F00F_HACK work (with context sensitive lexical rules). 1999-04-27 01:37:01 +00:00
brian
4235aa257b Specify the ssh command to use for a VPN inline. 1999-04-27 00:25:22 +00:00
brian
7f54ce017a Change ``set device'' so that it parses its arguments as one
device per argument rather than the old way of concatenating
everything then splitting the result at commas and whitespace.

Old syntax of ``set device /dev/cuaa0, /dev/cuaa1''
may no longer contain the comma, but syntax such as
``set device "!ssh host ppp -direct label"'' is now
possible.
1999-04-27 00:23:57 +00:00
ken
3a42f7ca47 Fix from Justin for transfer negotiations for targets up to target ID 7. 1999-04-26 22:03:44 +00:00
luigi
7486c3d75e Add support for printing bridging statistics with ``-p bdg '' .
If someone has a better flag to use I'll be glad to change it.
1999-04-26 16:11:50 +00:00
luigi
6e96509cf5 Make one pass through the firewall the default.
Multiple pass (which only affects dummynet) is too confusing.
1999-04-26 14:57:24 +00:00
kris
c80be589b5 Move an option outside of a nested list and up a bit to live free among
its brothers and sisters.
1999-04-26 14:08:04 +00:00
peter
01cdea0e7e Only call kvtop on non-null id_maddr's... 1999-04-26 12:49:39 +00:00
peter
6374adf906 Temporary hack. The radix code shouldn't need this, it should be
able to expand the zeros, ones etc masks on the fly.  It seems a good
number of domains don't set the rn_maxkey variable anyway, and because
this is a domain itself, there is no guarantee we've been called after
a protocol that actually has set it (ie: inet), so start with a maxkey
of a relatively sane size as a base point until it can adapt on the fly.
1999-04-26 09:05:31 +00:00
peter
2ae1da9703 Protect the ifinit() function's internals with splimp() for safety since
it used to be that way. I'm not sure that it's needed, but it does
walk the ifp list..

Incidently, there's nothing to sanity check the ifq_maxlen on loaded
interfaces..
1999-04-26 09:02:40 +00:00
peter
0b0b744990 Minor seatbelt tweak. The init code used to be splimp() protected,
maintain that in case.
1999-04-26 09:00:47 +00:00
peter
228585667e Register the netisr's via SYSINIT rather than linker sets. 1999-04-26 08:57:51 +00:00
peter
a1dc504fcc Register the local (unix domain) sockets ourselves. 1999-04-26 08:56:53 +00:00
peter
dfa1816cf0 Redo domain registration to use SYSINITS rather than linker sets.
Get rid of the spl wrapper kludge, it doesn't seem to be needed between
init calls since all that's running is the domain/protocol timers and they
are safe since domain list modifications are splnet() protected (which
blocks the timers)
1999-04-26 08:56:09 +00:00
brian
c052ed7e84 Add support for NetBSD 1999-04-26 08:54:34 +00:00