by default, so add a new knob that is on by default, and check that
knob in start_precmd so that it can run even if cleaning /tmp is
not enabled. This has the advantage of not violating POLA, while
still allowing the user to disable this behavior if they wish (for
example on a server that will never run X).
to light by the PR. Specifically, convert these three scripts
into good rc.d citizens, making sure that their functionality
is preserved, but the rc.d framework rules are not broken.
Add support for cleanvar as a regular rc.d script in the
default rc.conf, and document this in the man page.
Add a descriptive comment to rc.conf that regarding the
three emulation/compatibility services provided by abi
so users will not be confused by these services not having
their own startup scripts.
PR: conf/84574
Submitted by: Alexander Botero-Lowry
as part of rc. Doing this, and the sourcing of rc.subr after we have
determined if we are booting diskless (and correspondingly run
rc.initdiskless if necessary) are safe, and actually allow fewer files
to be needed on the diskless box. This also allows variables from
the configuration to be available to rc itself, such as ...
Add a variable to rc.conf, early_late_divider, which designates the
script which separates the early and late stages of the boot process.
Default this to mountcritlocal, and add text to etc/defaults/rc.conf,
rc.conf(5) and diskless(8) which describes how and why one might want
to change this.
Reviewed by: brooks
- Use _prestart rc.d method to automatically kldload ng_btsocket(4) if needed;
- Rename "sdpd_user" to "sdpd_username" and "sdpd_group" to "sdpd_groupname"
to avoid collision with "magic" variables;
Inspired by: yar
MFC after: 3 days
more IPv4 address from a ranged list in CIRD notation:
ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"
In the process move alias processing into new ipv4_up/down functions to
more toward a less IPv4 centric world.
Submitted by: Philipp Wuensche <cryx dash freebsd at h3q dot com>
Introduce /etc/rc.d/bluetooth script to start/stop Bluetooth devices. It
will be called from devd(8) in response to device arrival/departure events.
It is also possible to call it by hand to start/stop particular device
without unplugging it.
Introduce generic way to set configuration parameters for Bluetooth devices.
By default /etc/rc.d/bluetooth script has hardwired defaults compatible
with old rc.bluetooth from /usr/share/netgraph/bluetooth/examples. These
can be overridden using /etc/defaults/bluetooth.device.conf file (system
wide defaults). Finally, there could be another device specific override
file located in /etc/bluetooth/$device.conf (where $device is ubt0, btccc0
etc.)
The list of configuration parameters and their meaning described in the
/etc/defaults/bluetooth.device.conf file. Even though Bluetooth device
configuration files are not shell scripts, they must follow basic sh(1) syntax.
The bluetooth.device.conf(5) and handbook update will follow shortly.
Inspired by: Panagiotis Astithas ( past at ebs dot gr )
Reviewed by: brooks, yar
MFC after: 1 week
/etc/defaults/rc.conf. Both daemons can run even if no Bluetooth devices
are attached to the system. Both daemons depend on Bluetooth socket layer
and thus disabled by default. Bluetooth sockets layer must be either loaded
as a module or compiled into kernel before the daemons can run.
MFC after: 1 month
system boot, and hook it up in the system.
The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.
Discussed with: mlaier on -pf
MFC after: 5 days
Now this flag can be set, or not set, for memory-backed
file systems on individual basis, as illustrated by the
rc.conf(5) variables tmpmfs_flags and varmfs_flags. The
flag is set for those FS'en by default, in /etc/defaults/rc.conf,
in order to stay compatible with the old rc.subr behaviour.
Submitted by: marck
MFC after: 3 days
now run on any interface.
- Add a new ifconfig_<ifn> keyword, NOAUTO which prevents configuration
of an interface at boot or via /etc/pccard_ether. This allows
/etc/rc.d/netif to be used to start and stop an interface on a purely
manual basis. The decision to affect pccard_ether may be revisited at
a later date.
Requested by: imp, gallatin (removable_interfaces)
Discussed with: sam, Randy Bush (NOAUTO)
rc.d/geli - configures encryption (ask for passphrases, etc.);
rc.d/geli2 - is called after file systems are mounted and mark devices for
detach on last close.
Sponsored by: Wheel Sp. z o.o.
http://www.wheel.pl
MFC after: 3 days
way interfaces are configured. Some key points:
- At startup, all interfaces are configured through /etc/rc.d/netif.
- ifconfig_<if> variables my now mix real ifconfig commands the with
DHCP and WPA directives. For example, this allows media
configuration prior to running dhclient.
- /etc/rc.d/dhclient is not run at startup except by netif to start
dhclient on specific interfaces.
- /etc/pccard_ether calls "/etc/rc.d/netif start <if>" to do most of
it's work.
- /etc/pccard_ether no longer takes additional arguments to pass to
ifconfig. Instead, ifconfig_<if> variables are now honored in favor
of pccard_ifconfig when available.
- /etc/pccard_ether will only run on interfaces specified in
removable_interfaces, even if pccard_ifconfig is set.
save file was /var/db/entropy, which also happens to
be the directory where the individual entropy files
created by /usr/libexec/save-entropy are stored.
Change the suggestion to be /var/db/entropy-file
instead.
In an error condition where the shutdown file is not
created, the error message accessed a variable that
doesn't exist.
PR: conf/75722
Submitted by: Nicolas Rachinsky <list@rachinsky.de>
systems that boot with this value at the lowest setting. Change the
default boot config back to "leave frequency as BIOS set it". Also, fix
buglet where acpi_throttle wouldn't be used if p4tcc was present but
disabled by the user.
MFC after: 1 week
on boot, force it to HIGH. This is needed for some systems which appear
to boot with a low acpi_throttle setting by default. Thanks to Christian
Brueffer for tracking this down on his system.
MFC after: 1 day
default for now. Default flags create missing directories.
Remove comment about doing this in etc/rc.d/var.
Unlike in the PR, I chose to do this in the lpd script where we reliably
have /usr available.
PR: conf/71488
Submitted by: RZ-FreeBSD0904 at fh-karlsruhe dot de
- Enable it by default, running newsyslog with -CN which creates files
that have the C flag specified in /etc/newsyslog.conf.
- Remove the "newsyslog -CC" call from etc/rc.d/var and the check for
newsyslog.
- Add the C flag to entries in /etc/newsyslog.conf that are currently
installed as part of the base system.
There are two effects from this change:
- Users who delete default syslog files to stop logging to them
will need to set newsyslog_enable=NO in rc.conf or remove the C
flag from those file in /etc/newsyslog.conf or they will come back
on the next boot.
- Diskless systems now create the same set of files that ordinary
systems have by default instead of every file in newsyslog.conf.
frequencies are specified with performance_cpu_freq and economy_cpu_freq.
Of course, special values LOW and HIGH are also supported. Also, remove
old throttling support.
1. Feature: for flexibility reasons and as a prerequisite to clean
shutdowns, allow the configuration of a stop/shutdown command
via rc.conf variable "jail_<name>_exec_stop" in addition to the
start/boot command (rc.conf variable "jail_<name>_exec_start"). For
backward compatibility reasons, rc.conf variable "jail_<name>_exec"
is still supported, too.
2. Debug: Add the used boot/shutdown commands to the debug output of
the /etc/rc.d/jail script, too.
3. Security: Run the Jail start/boot command in a cleaned environment
to not leak information from the host to the Jail during startup.
4. Feature: Run the Jail stop/shutdown command "jail_<name>_exec_stop" on
"/etc/rc.d/jail stop <name>" to allow a graceful shutdown of the Jail
before its processes are just killed.
5. Bugfix: When killing the remaining Jail processes give the processes
time to actually perform their termination sequence. Without this the
subsequent umount(8) operations usually fail because the resources
are still in use. Additionally, if after trying to TERM-inate the
processes there are still processes hanging around, finally just KILL
them.
6. Bugfix: In rc.shutdown, if running inside a Jail, skip the /etc/rc.d/*
scripts which are flagged with the KEYWORD "nojail" to allow the
correct operation of rc.shutdown under jail_<name>_exec_stop="/bin/sh
/etc/rc.shutdown". This is analogous to what /etc/rc does inside a Jail.
Now the following typical host-configuration for two Jails works as
expected and correctly boots and shutdowns the Jails:
-----------------------------------------------------------
# /etc/rc.conf:
jail_enable="YES"
jail_list="foo bar"
jail_foo_rootdir="/j/foo"
jail_foo_hostname="foo.example.com"
jail_foo_ip="192.168.0.1"
jail_foo_devfs_enable="YES"
jail_foo_mount_enable="YES"
jail_foo_exec_start="/bin/sh /etc/rc"
jail_foo_exec_stop="/bin/sh /etc/rc.shutdown"
jail_bar_rootdir="/j/bar"
jail_bar_hostname="bar.example.com"
jail_bar_ip="192.168.0.2"
jail_bar_devfs_enable="YES"
jail_bar_mount_enable="YES"
jail_bar_exec_start="/path/to/kjailer -v"
jail_bar_exec_stop="/bin/sh -c 'killall kjailer && sleep 60'"
-----------------------------------------------------------
# /etc/fstab.foo
/v/foo /j/foo/v/foo nullfs rw 0 0
-----------------------------------------------------------
# /etc/fstab.bar
/v/bar /j/bar/v/bar nullfs rw 0 0
-----------------------------------------------------------
Reviewed by: freebsd-hackers
MFC after: 2 weeks
rebadged Xircom REM56 RealPort card. Short MFC timeout to beat the 4.11
code freeze.
PR: 53027
Submitted by: John Merryweather Cooper <coop9211 at uidaho dot edu>
Approved by: imp (mentor)
MFC after: 2 days
packet counts by pf(4).
This adds a ``daily_status_security_pfdenied_enable'' variable to
periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.
The output will look like this (line wrapped):
pf denied packets:
> block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0
Bytes: 0 States: 0 ]
> block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578
States: 0 ]
Submitted by: clive (thanks a lot!)
MFC after: 2 weeks
this feature for a jail named foo :
jail_foo_mount_enable="YES"
jail_foo_fstab="/etc/fstab.foo"
The second line is actually useless, since the code defaults to
using "/etc/fstab.$jailname" as the fstab file if none is specified.
MFC after: 3 days
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
These can be used to pass extra options to the mdmfs(8) utility,
to customize the finer details of the md file system creation
(i.e. to turn on/off softupdates, to specify a default owner for md
filesystem, etc).
Use these two new flags to mount tmpmfs and varmfs without
softupdates, since it doesn't make much sense to use SU on
malloc-backed file systems.
Reviewed by: mtm
Inspired by: J. D. Bronson, jbronson at wixb dot com
on the system.
To start/stop/check on a specific device give the device name as
the second argument to the script:
# /etc/rc.d/moused start ums0
To use different rc.conf(5) knobs with different mice use the device
name as part of the knob. For example, if the mouse device is ums0, then:
moused_ums0_enable=yes
moused_ums0_flags="-z 4"
moused_ums0_port="/dev/ums0"
Starting rc.d/moused without the device argument will use the standard
moused_* flags. So, this commit should not disrupt or change current usage.
To preserve current behaviour with respect to usb mice, which appear
automatically when inserted, there is a new knob, moused_nondefault_enable,
which will treat any devices without rc.conf knobs as enabled.
To minimize knobs in /etc/rc.conf, the device file and pid file are
auto-computed, so that in the typical case for a usb mouse you don't
need to add anything extra in /etc/rc.conf to get it working.
Additionally, this updates /etc/usbd.conf to use the rc.d/moused script so
people don't have to modify it to configure their usb mouse anymore.
MFC after: 1 month
unbreak /etc/rc.d/root for diskless systems that get their root
filesystem from a read-only NFS mount.
PR: conf/72927
Submitted by: Ralf Wenk <RZ-FreeBSD1004@fh-karlsruhe.de>
Reviewed by: brooks
pointed out that /usr/local/etc/rc.d/000.pkgtools.sh installed
with the portupgrade does an equivalent thing, so I personally
would like to see the change reverted, but let David handle it.
to NO of course). Provide a basic ruleset file, rc.bsdextended, but allow
the filename to be overridden through rc.conf.
Discussed with: rwatson (awhile ago)
by default when named is enabled. Also, improve our default directory
layout by creating /var/named/etc/namedb/{master|slave} directories,
and use the former for the generated localhost* files.
Rather than using pax to copy device entries, mount devfs in the
chroot directory.
There may be some corner cases where things need to be adjusted,
but overall this structure has been well tested on a production
network, and should serve the needs of the vast majority of users.
UPDATING has instructions on how to do the conversion for those
with existing configurations.
complete backout as the ntpd_sync_on_start etc/rc.conf tunable is still
present, though the default is now NO (was YES). Since we're no longer
syncing time at startup by default when ntpd is enabled (as was the case
24hrs ago), remove UPDATING entry pointing out that ntpd(1) -g is slower
than ntpdate(1).
Hopefully ntpd_sync_on_start="YES" can be made the default for -CURRENT
after 5.3 is cut. At the very least, this should be set to YES when a
user requests to have ntpd enabled via sysinstall(1).
Requested by: many
calls to ntpd -g. ntpd is noticably slower than ntpdate, but is also more
accurate. This removes the nasty hackery in rc.d/ntpdate that would parse
out ntp servers from /etc/ntp.conf (ntpd knows how to read its own config
file). By default, ntpd *will* sync with its listed time servers. To
turn this off so that ntpd does not sync, ntpd_sync_on_start="NO" can be
added to /etc/rc.conf. If ntpd is not enabled (the default), then time is
not synced on startup. ntpdate's use has been depreciated by the ntpd
authors for quite some time so this change shouldn't be unexpected.
Suggested by: des
Approved by: roberto (resident ntp guru)
- Ask the user up to X times (3 by default) for the pass-phrase, if
it is incorrect the first time.
- Add support for storing the lockfiles in another other directory
than /etc.
- Document that it is possible to override the location of each single
lockfile.
Approved by: pjd
ip6addrctl_enable is set to YES, address selection policy is installed
into kernel.
If there is /etc/ip6addrctl.conf, it is used for address selection
policy. Even if there is no /etc/ip6addrctl.conf, we install default
policy. In this case, if ipv6_enable is set to YES, we use address
selection policy described in RFC 3484 as default. Otherwise, we
install priority policy for IPv4 address.
The default of ip6addrctl_enable is NO for now. However, it may
better to enable it by default.
hostname, resolve, tmp, and var scripts. The latter three are new and
were repo copied. These scripts no longer depend on being booted with
and NFS root instead attempt to automaticly create mfs /tmp and /var
volumes if the they are not writable. This behavior can be overridden
in /etc/rc.conf.
Reviewed by: luigi, pjd
thing, but we're ready to move on.
2. Remove the -g default argument in named_flags. It doesn't actually do
what most users think it does, and what most users want it to do is already
accomplished with a proper default group for the bind user, which we have.
Also, the -g knob does something entirely different in BIND 9, which leads
to a lot of needless confusion/aggravation.
3. In the rc.d script, don't bogusly override $command, or $rc_flags. Both
are adequately handled in rc.conf[.local].
4. DO properly override $rc_flags if user has named_chrootdir set.
This may need to be revisited, but should be ok for now.
5. Protect all chrootdir-related bits under that variable, instead of
named_rcng.
There is more work to be done here, especially in the area of BIND 9
compatibility, but this is a start at least.
Prompted in part by (legitmate) grousing from: kuriyama, Randy Bush
Certain MTA configurations mean that the notifications from
virecover keep bouncing; so here's a patch to allow administrators
to turn them off.
PR: conf/54910
Submitted by: bms (with a minor cleanup)
that the keys are currently generated by computing the MD5 checksum of 512
bytes read from /dev/random, and are passed to gbde on the command line.
Sponsored by: Teleplan AS
This commit also removes the support for the sysutils/jailer port. This
is inline with the general policy to keep ports related knobs out
of the base system's configuration mechanism.
Submitted by: Juergen Unger <j.unger@addict.de>
the throttling state in response to line transitions. Future plans
include adding support for CPU frequency changes.
Add a devd.conf entry for calling this script.
The default values for this are:
performance_cx_lowest="HIGH" # Use HLT (C0) online
performance_throttle_state="HIGH" # 100% (no throttling)
economy_cx_lowest="LOW" # Use the lowest Cx state possible
economy_throttle_state="HIGH" # 100% (no throttling)
systems are mounted. An example set of entries for /etc/rc.conf:
ataraid_enable="YES"
ataraid_devices="ar0"
ataraid_ar0_set="ad2 ad3"
ataraid_ar0_type="RAID1"
Because there is no "correct" way of doing ATA raid (ie, geom vs.
atacontrol vs. vinum) that is bikeshed proof, this rcng script stays within
the bounds of atacontrol and assumes that other RAID solutions for GEOM or
vinum will end up in a different rcNG script.
Reviewed by: green
time during the boot process. This is needed in the case where NFS mounts
from servers reachable only via IPSEC are in /etc/fstab.
PR: conf/42497
Submitted by: Volker Stolz
Approved by: re (rwatson)
A "driftfile" caches the oscillator offset estimate from boot to boot,
having this means faster and less bumpy time synchronization. Will
be overridden by any value in the config file.
o The following additional configuration attributes of a jail can be
controlled from rc.conf:
- mounting devfs(5)
- mounting fdescfs(5)
- mounting procfs(5)
- custom devfs(8) ruleset
If no ruleset is specified, the default jail ruleset is used.
o The output of executing /etc/rc in the jail is now redirected
to /dev/null. Instead, the hostname of the jail is echoed if
the jail(8) command exited successfully. If the output is wanted
it can probably be redirected to a file (/var/run/$jail maybe)
instead of /dev/null.
Submitted by: Scot W. Hetzel <hetzels@westbend.net>
with modifications by Jens Rehsack <rehsack@liwing.de>
and me.
the src/etc makefile. This list was used to manually
install the files from src/etc. Instead, simply change
directory and 'make install'.
o There is no reason for the files in src/etc/defaults to
be installed as writeable.
Reviewed by: ru
off by default.
o Apparently the routine displaying the informational messages wasn't
checking its knob in rc.conf, so fix that as well.
Requested by: obrien
devfs(8) rules in rc(8). It is most useful for applying
rules to devfs(5) mount points in /dev or inside jails.
The following line of script is sufficient to
mount a relatively useful+secure devfs(5) in a jail:
devfs_mount_jail /some/jail/dev
Some new shell routines available to scripts that source
rc.subr(5):
o devfs_link - Makes it a little easier to create symlinks
o devfs_init_rulesets - Create devfs(8) rulesets from devfs.rules
o devfs_set_ruleset - Set a ruleset to a devfs(5) mount
o devfs_apply_ruleset - Apply a ruleset to a devfs(5) mount
o devfs_domount - Mount devfs(5) and apply some ruleset
o devfs_mount_jail - Mount devfs(5) and apply a ruleset
appropriate to jails.
Additional rulesets can be specified in /etc/devfs.rules.
If the devfs_system_ruleset variable is defined in rc.conf
and it contains the name of a ruleset defined in /etc/defaults/devfs.rules
or user supplied rulesets in /etc/devfs.rules then that ruleset will
be applied to /dev at startup by the /etc/rc.d/devfs script. It can
also be applied post-startup:
/etc/rc.d/devfs start
This is a more flexible mechanism than the previous method of using
/etc/devfs.conf. However, that method is still available.
Note: since devfs(8) doesn't provide any way for creating symlinks
as part of a ruleset, anyone wishing to create symlinks in a devfs(5)
as part of the bootup sequence will still have to rely on /etc/devfs.conf.
use the atmconfig(8) utility instead of route(8) to install those routes.
For this we need a new rc.conf variable natm_static_routes that works
just like static_routes except that the referenced routes use the syntax
of atmconfig(8).
Okay'ed by: mtm
This commit has two pieces. One half is the watchdog kernel code which lives
primarily in hardclock() in sys/kern/kern_clock.c. The other half is a userland
daemon which, when run, will keep the watchdog from firing while the userland
is intact and functioning.
Approved by: jeff (mentor)
take advantage of the rc.subr(8) glue. They are renamed dhclient_program
and dhclient_flags.
o Rename them in rc.conf(5)
o Rename them in /etc/defaults/rc.conf
o Add the deprecated variables to /etc/rc.subr
o Isolate the use of the 'command' variable to the
NetBSD specific parts in /etc/rc.d/dhclient.
o Now that dhcp_flags has also been renamed it will
be applied properly by rc.subr(8) glue code.
Reported by: John Nielsen <john@jnielsen.net>
All functionality from the previous system has been preserved, and
users should still customize their system boot with the familiar
methods, rc.conf, rc.conf.local, rc.firewall, sysctl.conf, etc.
Users who have customized versions of scripts that have been removed
should take great care when upgrading, since the compatibility code
that used those old scripts has also been removed.
be). Using that string leads rc.network to execute:
# sysctl -w vfs.nfs.bufpackets=DEFAULT
vfs.nfs.bufpackets: 4 -> 0
Which isn't what was intended.
PR: conf/31280
MFC after: 3 days
named(8) daemon by providing a new rc.conf knob: named_pidfile
that defaults to the path specified in the system-installed named.conf(5).
Approved by: markm (mentor)
Reviewed by: dougb
Noticed by : Galen Sampson <galen_sampson@yahoo.com>
Dan Pelleg <daniel+bsd@pelleg.org>
PR: conf/46402
MFC: 2 weeks (with re@ approval)
background fsck. The delay defaults to sixty seconds to allow
large applications such as the X server to start before disk I/O
bandwidth is monopolized by fsck.
Submitted by: Brooks Davis <brooks@one-eyed-alien.net>
Sponsored by: DARPA & NAI Labs.
where people want to have the cards configured. Lack of -z is a speed
optimization.
Submitted by: many voices on mobile@
Approved by: re@ (rwatson)
MFC after: 3 days
to specify rules definition file for ipfilter. The default is
/etc/ipf6.rules. If there is a file which is specified by
'ipv6_ipfilter_rules', IPv6 rule is installed.
Reviewed by: Ronald van der Pol <Ronald.vanderPol@rvdp.org>
MFC after: 1 week
