and takes over mountcritlocal's role as the early / late divider. This
makes it far easier to add rc scripts which need to run early, such as a
startup script for zfs, which is right around the corner.
This change should be a no-op; I have verified that the only change in
rcorder's output is the insertion of FILESYSTEMS immediately after
mountcritlocal.
MFC after: 3 weeks
for /tmp and /var. This makes the memory discs swap-backed instead
of malloc-backed. A swap-backed memory disc should not be worse
than a malloc-backed one in any scenario because it will start
touching swap only when needed. OTOH, a malloc-backed disc can
starve limited kernel resources and evenually crash the system.
Reflect the change in the rc.conf(5) manpage. Also stop telling
lies there about softupdates: it does not waste disc space, it
just can delay its freeing.
Suggested by: many
PR: kern/87255
MFC after: 1 week
Note: This also deprecates "NO" as a way to specify an empty list of
interfaces for gif_interfaces.
PR: conf/104884
Submitted by: nork
Harassed by: brd
Discussed with: brooks, dougb
how to change the auditd instance. When using a port/package-based
OpenBSM, changing the auditd pointer may be desirable.
Obtained from: TrustedBSD Project
MFC after: 3 weeks
Factor out the loopback setup
Use "me" instead of hardcoded $ip where possible.
Add "workstation" which protects just this machine with stateful
firewalling. Put the variables for this in rc.conf.
Submitted by: Flemming Jacobsen <fj@batmule.dk>
Reviewed by: cperciva
despite the interface link status.
Add dhclient_flags_iface and background_dhclient_iface rc.conf options.
(where iface is a specific interface). These can be used to give
interface specific flags to dhclient.
Reviewed by: brooks@
thing to do in most (all?) cases and certainly should not be the default
now that we're running pccard_ether on all interface creates and
destroys.
MFC after: 3 days
and so users get hangs until interrupts are generated another way. We'll
have to find a way to make the 2 work together before re-enabling this by
default.
and replace it with a new ntpdate_config variable.
- Document it in defaults/rc.conf and rc.conf.5.
- Document ntpdate_hosts in defaults/rc.conf.
Requested by: Chris Timmons <cwt@networks.cwu.edu>
Approved by: cperciva (mentor, implicit)
MFC after: 1 week
automaticly add it to an Ethernet bridge. This is intended for applications
such as qemu, vmware, openvpn, ... which open tap interfaces and need them
bridged with the hosts network adapter, the user can set up a glob for
interfaces to be automatically added (eg tap*).
1,2 and so on.
It specifies the command to be run as Nth after jail startup.
sh(1)-fu by: Dario Freni
PR: conf/97697
MFC after: 2 weeks
Reviewed by: ru@ (man page)
more appropriate value and is also the default set by the kernel. I
could not find a justification of why rc.conf began overriding it back
in 1998.
This dramatically cuts NFS traffic on e.g. a busy system with NFS root.
Reviewed by: mohans
MFC After: 2 weeks
issue where some global jail_* variables were overriden in the script. [1]
- Change "jid" to "jname" in rc.conf(5), since it's more a jail name than a
jail id. [1]
- Update examples and comments in defaults/rc.conf to advertise new
variables and the fact that some of the jail-specific variables may be made
jail-global. [2]
Reported by: pjd [1], clsung [2]
Approved by: cperciva
X-MFC after: i got sufficient testing from people using rc.d/jail
working on.
1) Make it possible to configure interfaces with certain characters in
their names that aren't valid in shell variables. Currently supported
characters are ".-/+". They are converted into '_' characters.
2) Replace nearly all eval statements in network.subr with a new
function get_if_var which substitues an interface name (after the
translations above) for "IF" in a variable name.
3) Fix list_net_interfaces() in the nodhcp case.
4) Allow the administrator to specify if dhclient should be started
when /etc/rc.d/netif configures the interface or only by devd.
This can be set on both a per interface and system wide basis.
PR: conf/88974 [1,2], conf/92433 [1,2]
- Add the according amd_program default value in defaults.
PR: conf/82738
Submitted by: TAOKA Fumiyoshi <fmysh@iijmio-mail.jp>
Approved by: cperciva (mentor)
MFC after: 3 days
1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work
2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named
3. Replace the call to set rcvar with what that function would output,
and generally reduce indirection ($name -> named) since it's highly
unlikely the name of the named process or service will change any time soon.
4. Resort the order the variables at the top of the file to a more
traditional format, and remove a spurious required_dirs from the top, as it
works better after load_rc_config.
5. We do not want the default reload method with named, so define a simple
but appropriate substitute using rndc. If I were writing this script for
the first time I would not include this at all, since it's preferable to
control a running daemon with rndc to start with, but given that this is
already here, let's do it right. I hope that future generations will
however resist the tempation to add reconfig to extra_commands.
6. By the same token, we want to use rndc to shut down named, but given
that by defining a stop function we lose the "find the process by its
pid file in an emergency" goodness of rc.subr, try to do something useful
in the event that rndc is not available, and keep the user informed.
7. Replace some "test -f" with "test -r" to handle the unlikely event
that the relevant file exists, but is unreadable.
8. Twiddle whitespace in a few areas, remove a spurious blank line,
a bogus double space, and try to do better indenting.
9. Improve generation of the rndc.key file significantly
a. If for some reason a user has an rndc.conf file, assume that they
did that on purpose, and hence know what they are doing, so leave them alone.
b. Introduce a named_uid configuration variable so that the user which owns
the rndc.key file and the user named runs as always match, and is more
easily configurable. This should dramatically reduce problems with rndc.
c. Also test that the rndc.key file size is greater than zero, rather than
simply that the file exists. I have seen at least one user report this exact
problem, and although neither of us is sure where the empty file came from,
the fix is simple, so include it.
d. Rather than try to create an rndc.key file in both /etc/namedb and the
chroot'ed /etc/namedb, assume that they are be the same (which they should
be), and only create the file in the chroot'ed version of the directory.
This partially addresses the problem described in conf/73929, but I have
not yet finished thinking about the PREFIX issue that PR also raises.
As a result of introducing the named_uid knob, the default named_flags
are now empty.
Update defaults/rc.conf and rc.conf(5) to reflect these changes.
the names of directories to include in the base ldconfig script.
This will eliminate the need for each port to install its own
boot script which does nothing but ldocnfig a given directory.
This code was developed by flz (ports committer), discussed on
freebsd-rc@, and modified slightly by me.
Submitted by: flz
Reviewed by: brooks
by default, so add a new knob that is on by default, and check that
knob in start_precmd so that it can run even if cleaning /tmp is
not enabled. This has the advantage of not violating POLA, while
still allowing the user to disable this behavior if they wish (for
example on a server that will never run X).
to light by the PR. Specifically, convert these three scripts
into good rc.d citizens, making sure that their functionality
is preserved, but the rc.d framework rules are not broken.
Add support for cleanvar as a regular rc.d script in the
default rc.conf, and document this in the man page.
Add a descriptive comment to rc.conf that regarding the
three emulation/compatibility services provided by abi
so users will not be confused by these services not having
their own startup scripts.
PR: conf/84574
Submitted by: Alexander Botero-Lowry
as part of rc. Doing this, and the sourcing of rc.subr after we have
determined if we are booting diskless (and correspondingly run
rc.initdiskless if necessary) are safe, and actually allow fewer files
to be needed on the diskless box. This also allows variables from
the configuration to be available to rc itself, such as ...
Add a variable to rc.conf, early_late_divider, which designates the
script which separates the early and late stages of the boot process.
Default this to mountcritlocal, and add text to etc/defaults/rc.conf,
rc.conf(5) and diskless(8) which describes how and why one might want
to change this.
Reviewed by: brooks
- Use _prestart rc.d method to automatically kldload ng_btsocket(4) if needed;
- Rename "sdpd_user" to "sdpd_username" and "sdpd_group" to "sdpd_groupname"
to avoid collision with "magic" variables;
Inspired by: yar
MFC after: 3 days
more IPv4 address from a ranged list in CIRD notation:
ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"
In the process move alias processing into new ipv4_up/down functions to
more toward a less IPv4 centric world.
Submitted by: Philipp Wuensche <cryx dash freebsd at h3q dot com>
Introduce /etc/rc.d/bluetooth script to start/stop Bluetooth devices. It
will be called from devd(8) in response to device arrival/departure events.
It is also possible to call it by hand to start/stop particular device
without unplugging it.
Introduce generic way to set configuration parameters for Bluetooth devices.
By default /etc/rc.d/bluetooth script has hardwired defaults compatible
with old rc.bluetooth from /usr/share/netgraph/bluetooth/examples. These
can be overridden using /etc/defaults/bluetooth.device.conf file (system
wide defaults). Finally, there could be another device specific override
file located in /etc/bluetooth/$device.conf (where $device is ubt0, btccc0
etc.)
The list of configuration parameters and their meaning described in the
/etc/defaults/bluetooth.device.conf file. Even though Bluetooth device
configuration files are not shell scripts, they must follow basic sh(1) syntax.
The bluetooth.device.conf(5) and handbook update will follow shortly.
Inspired by: Panagiotis Astithas ( past at ebs dot gr )
Reviewed by: brooks, yar
MFC after: 1 week
/etc/defaults/rc.conf. Both daemons can run even if no Bluetooth devices
are attached to the system. Both daemons depend on Bluetooth socket layer
and thus disabled by default. Bluetooth sockets layer must be either loaded
as a module or compiled into kernel before the daemons can run.
MFC after: 1 month
system boot, and hook it up in the system.
The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.
Discussed with: mlaier on -pf
MFC after: 5 days
Now this flag can be set, or not set, for memory-backed
file systems on individual basis, as illustrated by the
rc.conf(5) variables tmpmfs_flags and varmfs_flags. The
flag is set for those FS'en by default, in /etc/defaults/rc.conf,
in order to stay compatible with the old rc.subr behaviour.
Submitted by: marck
MFC after: 3 days
now run on any interface.
- Add a new ifconfig_<ifn> keyword, NOAUTO which prevents configuration
of an interface at boot or via /etc/pccard_ether. This allows
/etc/rc.d/netif to be used to start and stop an interface on a purely
manual basis. The decision to affect pccard_ether may be revisited at
a later date.
Requested by: imp, gallatin (removable_interfaces)
Discussed with: sam, Randy Bush (NOAUTO)
rc.d/geli - configures encryption (ask for passphrases, etc.);
rc.d/geli2 - is called after file systems are mounted and mark devices for
detach on last close.
Sponsored by: Wheel Sp. z o.o.
http://www.wheel.pl
MFC after: 3 days
way interfaces are configured. Some key points:
- At startup, all interfaces are configured through /etc/rc.d/netif.
- ifconfig_<if> variables my now mix real ifconfig commands the with
DHCP and WPA directives. For example, this allows media
configuration prior to running dhclient.
- /etc/rc.d/dhclient is not run at startup except by netif to start
dhclient on specific interfaces.
- /etc/pccard_ether calls "/etc/rc.d/netif start <if>" to do most of
it's work.
- /etc/pccard_ether no longer takes additional arguments to pass to
ifconfig. Instead, ifconfig_<if> variables are now honored in favor
of pccard_ifconfig when available.
- /etc/pccard_ether will only run on interfaces specified in
removable_interfaces, even if pccard_ifconfig is set.
save file was /var/db/entropy, which also happens to
be the directory where the individual entropy files
created by /usr/libexec/save-entropy are stored.
Change the suggestion to be /var/db/entropy-file
instead.
In an error condition where the shutdown file is not
created, the error message accessed a variable that
doesn't exist.
PR: conf/75722
Submitted by: Nicolas Rachinsky <list@rachinsky.de>
systems that boot with this value at the lowest setting. Change the
default boot config back to "leave frequency as BIOS set it". Also, fix
buglet where acpi_throttle wouldn't be used if p4tcc was present but
disabled by the user.
MFC after: 1 week
on boot, force it to HIGH. This is needed for some systems which appear
to boot with a low acpi_throttle setting by default. Thanks to Christian
Brueffer for tracking this down on his system.
MFC after: 1 day
default for now. Default flags create missing directories.
Remove comment about doing this in etc/rc.d/var.
Unlike in the PR, I chose to do this in the lpd script where we reliably
have /usr available.
PR: conf/71488
Submitted by: RZ-FreeBSD0904 at fh-karlsruhe dot de
- Enable it by default, running newsyslog with -CN which creates files
that have the C flag specified in /etc/newsyslog.conf.
- Remove the "newsyslog -CC" call from etc/rc.d/var and the check for
newsyslog.
- Add the C flag to entries in /etc/newsyslog.conf that are currently
installed as part of the base system.
There are two effects from this change:
- Users who delete default syslog files to stop logging to them
will need to set newsyslog_enable=NO in rc.conf or remove the C
flag from those file in /etc/newsyslog.conf or they will come back
on the next boot.
- Diskless systems now create the same set of files that ordinary
systems have by default instead of every file in newsyslog.conf.
frequencies are specified with performance_cpu_freq and economy_cpu_freq.
Of course, special values LOW and HIGH are also supported. Also, remove
old throttling support.
1. Feature: for flexibility reasons and as a prerequisite to clean
shutdowns, allow the configuration of a stop/shutdown command
via rc.conf variable "jail_<name>_exec_stop" in addition to the
start/boot command (rc.conf variable "jail_<name>_exec_start"). For
backward compatibility reasons, rc.conf variable "jail_<name>_exec"
is still supported, too.
2. Debug: Add the used boot/shutdown commands to the debug output of
the /etc/rc.d/jail script, too.
3. Security: Run the Jail start/boot command in a cleaned environment
to not leak information from the host to the Jail during startup.
4. Feature: Run the Jail stop/shutdown command "jail_<name>_exec_stop" on
"/etc/rc.d/jail stop <name>" to allow a graceful shutdown of the Jail
before its processes are just killed.
5. Bugfix: When killing the remaining Jail processes give the processes
time to actually perform their termination sequence. Without this the
subsequent umount(8) operations usually fail because the resources
are still in use. Additionally, if after trying to TERM-inate the
processes there are still processes hanging around, finally just KILL
them.
6. Bugfix: In rc.shutdown, if running inside a Jail, skip the /etc/rc.d/*
scripts which are flagged with the KEYWORD "nojail" to allow the
correct operation of rc.shutdown under jail_<name>_exec_stop="/bin/sh
/etc/rc.shutdown". This is analogous to what /etc/rc does inside a Jail.
Now the following typical host-configuration for two Jails works as
expected and correctly boots and shutdowns the Jails:
-----------------------------------------------------------
# /etc/rc.conf:
jail_enable="YES"
jail_list="foo bar"
jail_foo_rootdir="/j/foo"
jail_foo_hostname="foo.example.com"
jail_foo_ip="192.168.0.1"
jail_foo_devfs_enable="YES"
jail_foo_mount_enable="YES"
jail_foo_exec_start="/bin/sh /etc/rc"
jail_foo_exec_stop="/bin/sh /etc/rc.shutdown"
jail_bar_rootdir="/j/bar"
jail_bar_hostname="bar.example.com"
jail_bar_ip="192.168.0.2"
jail_bar_devfs_enable="YES"
jail_bar_mount_enable="YES"
jail_bar_exec_start="/path/to/kjailer -v"
jail_bar_exec_stop="/bin/sh -c 'killall kjailer && sleep 60'"
-----------------------------------------------------------
# /etc/fstab.foo
/v/foo /j/foo/v/foo nullfs rw 0 0
-----------------------------------------------------------
# /etc/fstab.bar
/v/bar /j/bar/v/bar nullfs rw 0 0
-----------------------------------------------------------
Reviewed by: freebsd-hackers
MFC after: 2 weeks
rebadged Xircom REM56 RealPort card. Short MFC timeout to beat the 4.11
code freeze.
PR: 53027
Submitted by: John Merryweather Cooper <coop9211 at uidaho dot edu>
Approved by: imp (mentor)
MFC after: 2 days
packet counts by pf(4).
This adds a ``daily_status_security_pfdenied_enable'' variable to
periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.
The output will look like this (line wrapped):
pf denied packets:
> block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0
Bytes: 0 States: 0 ]
> block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578
States: 0 ]
Submitted by: clive (thanks a lot!)
MFC after: 2 weeks
this feature for a jail named foo :
jail_foo_mount_enable="YES"
jail_foo_fstab="/etc/fstab.foo"
The second line is actually useless, since the code defaults to
using "/etc/fstab.$jailname" as the fstab file if none is specified.
MFC after: 3 days
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
These can be used to pass extra options to the mdmfs(8) utility,
to customize the finer details of the md file system creation
(i.e. to turn on/off softupdates, to specify a default owner for md
filesystem, etc).
Use these two new flags to mount tmpmfs and varmfs without
softupdates, since it doesn't make much sense to use SU on
malloc-backed file systems.
Reviewed by: mtm
Inspired by: J. D. Bronson, jbronson at wixb dot com
