calculations. Keep this changes local to the function so the tick count
is in its natural form otherwise. Previously 1000 was added each time
a tick fired and we divided by 1000 when it was reported. This is done
to reduce rounding errors.
password quality, not login.conf(5).
- Move warnexpire and warnpasswd from the ``Accounting Limits''
section to ``Authentication'', and nix everything else in the
former section. The accounting knobs are not available in
the base system, and the subset of them available in ports
should be documented in the ports' manpages.
PR: 47960
Reviewed by: mike (mentor), doc
This should fix some problem of SBP2 device probing.
Prior to rev 1.41, we keep writing the register while bus reset phase.
But in rev 1.41, we ignore successive bus reset events and some chips seem to
clear the register after we write to it.
Tested by: Michael Reifenberger <root@nihil.reifenberger.com>
file in the NFS file system when the underlying device is not a
network device. A Sparc64 specific hack for this exact problem was
already present (nfs.c:1.9, tftp.c:1.10), but the problem is not
specific to Sparc64. The hack has been promoted to a non-i386 test
because on non-i386 architectures it's either impossible to have
non-network devices coexist in the same loader with the NFS FS, or
network and non-network device coexist and NFS filesystems can only
be used on top of network devices. I believe i386 pxeboot is where
this does not hold.
The root cause of this problem is in open.c where each file system
is tried until no more file systems exist or a file system returns
success. There's no notion of a list of valid file systems given
the underlying device and the non-existence of a file can cause
the invalid combination to be tried.
and config-file entries which specify a filename-pattern (glob). It is
still not perfectly-right, but at least it isn't completely-wrong.
Reviewed by: no objections on freebsd-arch
MFC after: 3 weeks
MFC addendum: (or after the code-freeze of 4.x is lifted)
should rotate all files given on the command, even if they don't seem to
need to be rotated. This would be used by some other command that decides
the given log file(s) should be rotated, but wants the "how" of that rotation
to be determined by entries to newsyslog. Wes expects to change syslogd to
take advantage of this. Man page will be updated after we're sure this is
all working the way we want it to.
Reviewed by: no objections on freebsd-arch
MFC after: 3 weeks
MFC addendum: (or after the code-freeze of 4.x is lifted)
permit users and groups to bind ports for TCP or UDP, and is intended
to be combined with the recently committed support for
net.inet.ip.portrange.reservedhigh. The policy is twiddled using
sysctl(8). To use this module, you will need to compile in MAC
support, and probably set reservedhigh to 0, then twiddle
security.mac.portacl.rules to set things as desired. This policy
module only restricts ports explicitly bound using bind(), not
implicitly bound ports where the port number is selected by the
IP stack. It appears to work properly in my local configuration,
but needs more broad testing.
A sample policy might be:
# sysctl security.mac.portacl.rules="uid:425:tcp:80,uid:425:tcp:79"
This permits uid 425 to bind TCP sockets to ports 79 and 80. Currently
no distinction is made for incoming vs. outgoing ports with TCP,
although that would probably be easy to add.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
not send a signal to any processes. Also add a config-file flag of 'N' or
'n', which indicates that the given logfile has no process which needs a
signal when it is rotated. Both of these are based on changes NetBSD
has made, although the implementation is somewhat different.
PR: bin/36553 (2nd half)
Reviewed by: no objections on freebsd-arch
Obtained from: NetBSD (in spirit, at least)
MFC after: 3 weeks
queue items that can be allocated by netgraph and the number of free queue
items that are cached on a private list.
Netgraph places an upper limit on the number of queue items it may allocate.
When there is a large number of netgraph messages travelling through the
system (100k/sec and more) there is a high probability, that messages get
queued at the nodes and netgraph runs out of queue items. In this case the data
flow through netgraph gets blocked. The tuneable for the number of free
items lets one trade memory for performance.
The tunables are also available as read-only sysctls.
PR: kern/47393
Reviewed by: julian
Approved by: jake (mentor)
