Users with a tmpfs /var/run will lose the directory tree state of
/var/run at reboot. This rc script will optionally (by default)
capture the state of the directory structure in /var/run prior to
shutdown and recreate it at system boot.
Alternatively a user can save the state of the /var/run directories
manually using service var_run save and disable the autosaving of
/var/run state using the var_run_autosave variable, for those
paranoid SSD users.
PR: 259585, 259699
Reported by: freebsd@walstatt-de.de,
Reviewed by: philip, gbe (previous version)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36386
None of tools working with login classes change umask(1)
and we had no ways to specify non-default umask for a service
not touching its startup script. This change makes in possible.
Some file-sharing services that create new files may benefit from it.
Differential: https://reviews.freebsd.org/D36309
MFC-after: 3 days
ELFCOMPRESS_ZSTD indicates that an ELF section is compressed with zstd.
It is the second compression type, after the existing ELFCOMPRESS_ZLIB.
Zstd generally provides a compelling tradeoff of speed and compression
(other algorithms may compress slightly better but take a lot longer,
or run faster but do not compress nearly as well).
See https://groups.google.com/g/generic-abi/c/satyPkuMisk for details.
ELFCOMPRESS_ZSTD will be supported in a future Clang/LLVM update. ELF
Tool Chain tools also need updating.
Reviewed by: Fangrui Song
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Apart from improving readability, this commit mentions that
<name>_oomprotect is ignored in a jail environment. Also, replace
${name}_cmd with the correct ${argument}_cmd and point the reader to
rc.subr(8).
MFC after: 1 week
Add an option to enable/disable DTrace without disabling ZFS. New
architectures such as CHERI may support ZFS before they support DTrace
and the old model of WITHOUT_CDDL disabling both wasn't helpful.
For compatiblity, the CDDL option remains and WITHOUT_CDDL implies
WITHOUT_DTRACE. WITHOUT_DTRACE also implies WITHOUT_CTF.
As part of this change, largely convert cddl/*/Makefile to using the
more compact SUBDIR.${MK_<FOO>}+= form rather than using intermediate
variables.
Reviewed by: markj
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D35718
Also, update the BUGS section. The example describes an issue, which is
not true anymore thanks to sysctl_lastload. Point readers to rcorder(8)
instead.
MFC after: 2 weeks
Debug data is enabled via `makeoptions DEBUG=-g` in the kernel config
file (e.g. GENERIC).
If debug data is enabled and WITHOUT_KERNEL_SYMBOLS is set then debug
data is included in the kernel and module files.
PR: 264433
Discussed with: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
If one boots up multiple copies of a template VM image containing a
zpool, the pool GUIDs will be identical, making it impossible to, e.g.,
share datasets between them.
This diff introduces a simple workaround for the problem: one can use
the script to, upon first boot, assign a new GUID to one or more zpools.
This will be useful when building ZFS-based VM images from release(7).
Reviewed by: mav, allanjude, asomers
Reviewed by: Pau Amma (docs)
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35336
src.conf(5) previously stated they would be removed before FreeBSD 12.0,
but that did not happen. Change it to "a future version of FreeBSD."
Also pick up LOADER_KBOOT change (enabled on x86) in src.conf regen.
Reported by: jhb
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
It supports only the obsolete SMBv1 protocol, is known to be buggy, and
likely has security vulnerabilities. It will either be updated or
removed in the future, but for now at least describe the current state
in the man page.
PR: 263043
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Allow filtering based on the source or destination IP/IPv6 address in
the Ethernet layer rules.
Reviewed by: pauamma_gundo.com (man), debdrup (man)
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34482
The security/520-pfdenied script only reports blocked packets from the
main ruleset or any blocklistd(8) anchor.
Add an option to periodic.conf(5) to make it possible to specify
additional anchors to report.
PR: 262446
Reviewed by: kp
With the initial import of 386BSD 0.1 in 1993, the daily execution of
/etc/news.expire was introduced (see commit 1bf9d5d951).
In 1997, this was brought into periodic resulting in daily/330.news
(see commit 28dce04d19). But as far as I see, /etc/news.expire has
never existed.
PR: 256238
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30631
When filtering Ethernet packets allow rules to specify a mac address
with a mask. This indicates which bits of the specified address are
significant. This allows users to do things like filter based on device
manufacturer.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Document how 'ether' rules can be set, and what options they support.
Reviewed by: bcr
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31751
- Do not set Os to FreeBSD explicitly. We don't do it in other manual
pages.
- Remove macros from the -width specifier.
- Use Xr instead of Cm to refer to the freebsd-update command.
- Address some mandoc lint warnings and use \(em instead of --.
- Wordsmith some paragraphs.
- Add a missing El macro.
MFC after: 1 week
It's sometimes easier to exclude some modules rather than listing all
possibly needed ones with MODULES_OVERRIDE.
So for this add MODULES_EXCLUDE which do exactly as one would guess, excludes
some modules from the build/install.
For example if one wants to exclude all modules which are only present in the
GENERIC config on amd64 :
export MODULES_EXCLUDE=$(grep -E '^device' sys/amd64/conf/GENERIC | awk '{print $2}' | tr '\n' ' ')
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33443
Summary: It's currently just as stable as powerpc64, with more ports working.
Reviewers: alfredo, bdragon, luporl, jhibbits, #manpages
Subscribers: imp
Differential Revision: https://reviews.freebsd.org/D33610
The Li macros has been deprecated by mdoc some time ago. Recommend the
use of Ql instead.
Reviewed by: debdrup
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D33232
