Commit Graph

176 Commits

Author SHA1 Message Date
Ralf S. Engelschall
7090a0c6be Fix typo: effected -> affected
Submitted by: Gordon Stratton <tsr2600 (at) gmail (dot) com>
2007-01-02 09:12:37 +00:00
Konstantin Belousov
5010c3b657 Reparent the process that executes the window= command from the ttys
to the init. This prevents zombies from being accumulated.

PR:		bin/64198
Tested by:	Eugene Grosbein <eugen at www svzserv kemerovo su>
Approved by:	kan (mentor)
MFC after:	1 month
2006-06-08 14:04:36 +00:00
Luigi Rizzo
cea897b2bf use standard mode instead of 500 for /sbin/init.
As discussed on -current, there is no sensitive info in /sbin/init
to prevent reading it from non-privileged users, nor any reason to
remove the 'x' bit as the first thing the program does is check the
uid and exit if it is not run by root.

Instead (and this is why i make the change), mode 500 prevents
operation when exporting the partition without -maproot=0 to diskless
clients.

All previuos releases are affected by the same problem, so a merge
to RELENG_6 at least would be appropriate (after proper re@ approval
of course).
2006-02-28 08:02:28 +00:00
Ruslan Ermilov
4e9e907d63 -mdoc sweep. 2005-11-18 10:36:29 +00:00
Ralf S. Engelschall
724447ac41 Fix system shutdown timeout handling by again supporting longer running
shutdown procedures (which have a duration of more than 120 seconds).

We have two user-space affecting shutdown timeouts: a "soft" one in
/etc/rc.shutdown and a "hard" one in init(8). The first one can be
configured via /etc/rc.conf variable "rcshutdown_timeout" and defaults
to 30 seconds. The second one was originally (in 1998) intended to be
configured via sysctl(8) variable "kern.shutdown_timeout" and defaults
to 120 seconds.

Unfortunately, the "kern.shutdown_timeout" was declared "unused" in 1999
(as it obviously is actually not used within the kernel itself) and
hence was intentionally but misleadingly removed in revision 1.107 from
init_main.c. Kernel sysctl(8) variables are certainly a wrong way to
control user-space processes in general, but in this particular case the
sysctl(8) variable should have remained as it supports init(8), which
isn't passed command line flags (which in turn could have been set via
/etc/rc.conf), etc.

As there is already a similar "kern.init_path" sysctl(8) variable which
directly affects init(8), resurrect the init(8) shutdown timeout under
sysctl(8) variable "kern.init_shutdown_timeout". But this time document
it as being intentionally unused within the kernel and used by init(8).
Also document it in the manpages init(8) and rc.conf(5).

Reviewed by: phk
MFC after: 2 weeks
2005-09-15 13:16:07 +00:00
Gary W. Swearingen
e17c0e3256 Moved descriptions of securelevels from init(7) to security(7).
Files used both "securelevel" and either "secure level" or
"security level"; all are now "security level".

PR:             docs/84266
Submitted by:   garys
Approved by:    keramida
MFC after:      3 days
2005-09-03 17:16:00 +00:00
Ruslan Ermilov
6087df9e8b Sort sections. 2005-01-18 10:09:38 +00:00
Xin LI
ab03e6d597 Make WARNS=6 happy with our init(8):
- Use more ``const''s where suitable.
	- Define strk() as a static function in global scope.
	  This avoids the "nested extern declaration" warnings.
	- Use static initialization of strings, rather than
	  referring string constants through char *.
	- Bump WARNS from 0 to 6.
2005-01-11 14:34:29 +00:00
Ruslan Ermilov
83c7ade90a NOSHARED -> NO_SHARED 2004-12-21 09:59:45 +00:00
Ruslan Ermilov
dee651eb15 Introduce the PRECIOUSPROG knob in bsd.prog.mk, similar
to PRECIOUSLIB from bsd.lib.mk.  The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.

Reviewed by:	oliver
2004-11-03 18:01:21 +00:00
Warner Losh
89e3b380f9 Turns out that revision 1.52 was a bad idea. It broke the long
standing ability to list a non-existant device in /etc/ttys to keep it
from dying.  This is a documented feature of init(8):
     The init utility can also be used to keep arbitrary daemons running,
     automatically restarting them if they die.  In this case, the first field
     in the ttys(5) file must not reference the path to a configured device
     node and will be passed to the daemon as the final argument on its com-
     mand line.  This is similar to the facility offered in the AT&T System V
     UNIX /etc/inittab.

So rather than fix the man page to 'break' this feature, back out the change.

At the time this change was made, people felt that the spamage from
getty was annoying on headless consoles.  Andrew Gallatin noted:
> Most of my machines are headless without video cards and use a serial
> console.  With devfs this means that /dev/ttyv[1-N] do not exist and
> getty bitches like this:
>
> Sep 26 11:00:11 monet getty[543]: open /dev/ttyv1: No such file or directory

and we went off and applied this hack rather than fixing getty to
sleep forever when it gets an unknown device, as was Andrew's other
suggestion.  Since it breaks things, I'm off to do that instead.
2004-09-28 04:22:55 +00:00
Giorgos Keramidas
328dbe4a94 Add references to pf(4) and pfctl(8) at the description of
securelevel = 3.

PR:		docs/69417
Submitted by:	Janos Mohacsi (mohacsi(at)niif(dot)hu)
2004-07-22 10:38:13 +00:00
Ruslan Ermilov
9806e23132 Mechanically kill hard sentence breaks. 2004-07-02 21:45:06 +00:00
Ruslan Ermilov
d04b5dfe6c Assorted markup, grammar, and spelling fixes. 2004-05-17 08:35:43 +00:00
Mark Murray
4c723140a4 Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp
2004-04-09 19:58:40 +00:00
Bruce Evans
30e8350c60 Fixed misspellings of 0 as NULL. 2004-03-11 10:01:12 +00:00
Johan Karlsson
604d24db95 style.Makefile(5):
Use WARNS?= instead of WARNS=.
2004-02-23 20:25:27 +00:00
Maxime Henrion
b4089f6417 Mention that securelevel 1 also blocks access to /dev/io if it
exists (not all platforms have it).
2004-02-20 21:38:23 +00:00
Warner Losh
35fc132143 Fix the case where one goes from zero to more than zero items enabled
in /etc/ttys.  Before this fix, once the count of active services
reaches 0, one could never restart any more without a reboot.

Steve Passe did the leg work on this patch.  After he found the fix,
we discovered that an identical fix had been made to NetBSD.

Approved by: re@ <scottl>
Approval tool: peril sensitive sunglasses
2003-12-05 04:28:03 +00:00
Gordon Tetlow
dc59303d62 Make init statically linked by default. It's not worth the pain of having
a dynamically linked init as recently seen by ia64 woes.

Approved by:	re (jhb)
2003-11-19 19:57:20 +00:00
Ken Smith
280b191c3a - Add some information about how init, securelevel, and jails
interact with each other.
	- Minor markup fix (.Dq -> .Va for a variable)

Reviewed by:	rwatson
Approved by:	blackend (mentor)
2003-11-11 18:37:50 +00:00
Philippe Charnier
9680d7b695 Add section number to .Xr 2003-06-08 12:51:28 +00:00
Giorgos Keramidas
09003f98d8 There are 5 securelevels, not 4.
PR:		docs/50049
Submitted by:	Colin Percival <cperciva@sfu.ca>
2003-03-26 01:30:34 +00:00
Ruslan Ermilov
522ccf3f35 mdoc(7) police: markup laundry. 2003-02-23 01:47:49 +00:00
Brian Feldman
f45a1cab59 Back out the previous commit, since there could be dire consequences if
/etc/rc were accidentally executed (as requested by other committeers).
2002-12-17 21:23:36 +00:00
Brian Feldman
1ad1ab1434 /home/green/tmp/cvsSFosXg 2002-12-17 20:39:38 +00:00
John Baldwin
60d6cc883c Give up on a tty if opening it's special file returns ENOENT like we do for
ENXIO.

Glanced at by:	imp, gallatin
2002-09-27 16:02:28 +00:00
Tom Rhodes
ce66ddb763 s/filesystem/file system/g as discussed on -developers 2002-08-21 18:11:48 +00:00
Ruslan Ermilov
e091d0c2ac can not -> cannot. 2002-08-13 14:10:36 +00:00
Maxime Henrion
1f083b1e3d I should have committed this ages ago...
Convert init(8) to use nmount() instead of mount() when
it has to mount devfs.  This doesn't happen normally,
since the kernel is supposed to mount devfs itself.
2002-08-03 16:21:33 +00:00
Philippe Charnier
e1205e80e5 The .Nm utility 2002-07-06 19:34:18 +00:00
Warner Losh
73bf18edb8 o remove __P
o Use ansi function definitions
o unifdef -D__STDC__
2002-03-20 22:53:13 +00:00
David E. O'Brien
3d438ad61f Remove 'register' keyword.
It does not help modern compilers, and some may take some hit from it.
(I also found several functions that listed *every* of its 10 local vars with
 "register" -- just how many free registers do people think machines have?)
2002-03-20 17:55:10 +00:00
David E. O'Brien
2d68bf45bf Default to WARNS=2.
Binary builds that cannot handle this must explicitly set WARNS=0.

Reviewed by:	mike
2001-12-04 02:19:58 +00:00
Dag-Erling Smørgrav
6e8ff8b760 Allow reboot during runcom.
PR:		bin/28116
Submitted by:	Valentin Nechayev <netch@netch.kiev.ua>
MFC in:		1 week
2001-10-15 20:34:43 +00:00
Kris Kennaway
5979df34a6 Silence non-constant format string warnings by marking functions
as __printflike()/__printf0like(), adding const, or adding missing "%s"
format strings, as appropriate.

MFC after:	2 weeks
2001-08-19 08:19:37 +00:00
Ruslan Ermilov
57e4378bf6 mdoc(7) police: protect trailing full stops of abbreviations
with a trailing zero-width space: `e.g.\&'.
2001-08-10 13:45:36 +00:00
Ruslan Ermilov
c4d9468ea0 mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
Sheldon Hearn
e1b4d8d074 Use STD{ERR,IN,OUT}_FILENO instead of their numeric values. The
definitions are more readable, and it's possible that they're
more portable to pathalogical platforms.

Submitted by:   David Hill <david@phobia.ms>
2001-07-26 11:02:39 +00:00
Dima Dorfman
7ebcc426ef Remove whitespace at EOL. 2001-07-15 07:53:42 +00:00
Ruslan Ermilov
9fe48c6e8d mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
Mike Heffner
2d887af57e Fix typo which could lead to memory leak.
PR:		misc/28283
MFC after:	2 weeks
2001-06-20 01:56:09 +00:00
Ruslan Ermilov
4cf39050cc Use new backup feature of install(1). 2001-05-28 16:58:35 +00:00
Dima Dorfman
2306a12f75 Back out most of revision 1.28: lists of diagnostics must use -diag,
not -tag.  Instead, put a period after the error messages to aide
those using dumb terminals not capable of properly displaying markup.

Requested by:	ru
2001-04-13 06:54:05 +00:00
Dima Dorfman
f643366677 Make the list in the DIAGNOSTICS section "-tag" instead of "-diag":
the former makes it more obvious as to there the error message starts
and the explanation begins.

PR:		26431
2001-04-10 01:03:29 +00:00
Ruslan Ermilov
0a5779d45b - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:33:27 +00:00
Ruslan Ermilov
fe655281c5 Set the default manual section for sbin/ to 8. 2001-03-20 18:13:31 +00:00
Jeroen Ruigrok van der Werven
8a8d42eebb Fix typo present since 1997: single used mode -> single user mode. 2001-03-03 08:12:58 +00:00
Poul-Henning Kamp
421b0201ed Fix a cosmetic problem with some very defensive programming: The devfs
mount would show up as "/dev/", loose that trailing slash.
2001-02-08 22:07:08 +00:00
Peter Wemm
623d7cd30e Further tidy up the sbin/init and release builds. 2001-01-01 21:39:00 +00:00
Poul-Henning Kamp
8440a01077 This is not necessarily the correct fix, but at least sbin/init compiles
in a sterile environment like "make release"
2001-01-01 19:46:43 +00:00
Ruslan Ermilov
d8aa002e9c Prepare for mdoc(7)NG. 2000-12-19 15:36:48 +00:00
David E. O'Brien
1a37aa566b Add `_PATH_DEVZERO'.
Use _PATH_* where where possible.
2000-12-09 09:35:55 +00:00
Ben Smithurst
8afbbd41f4 Explicitly document the fact that securelevel > 0 means that kernel modules
may not be (un)loaded.

PR:		23350
Submitted by:	Gordon Tetlow <gordont@bluemtn.net>
2000-12-07 21:09:22 +00:00
Ruslan Ermilov
7c7fb079b9 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 16:52:27 +00:00
Sheldon Hearn
01de01168f Improve the clarification of the handling of the securelevel.
Submitted by:	bde
2000-09-13 08:39:41 +00:00
Sheldon Hearn
67b661fd0a Clarify the handling of the securelevel.
PR:		20974
2000-09-12 12:30:13 +00:00
Poul-Henning Kamp
64ec80423e Mount DEVFS with no options. 2000-08-26 11:53:53 +00:00
Alexander Langer
aeca5be56b Add MLINK init.8 --> securelevel.8
Requested by:	Brett Glass <brett@lariat.org>
PR:		13792
Submitted by:	nik
2000-06-09 09:40:34 +00:00
Jeroen Ruigrok van der Werven
1552a9dbad Remove unused include. 2000-05-01 20:20:05 +00:00
Warner Losh
37736675d1 Add include of errno.h where needed, remove extern int errno where not.
These commits were inspired by a similar commit to netbsd.
2000-04-14 06:15:01 +00:00
Sheldon Hearn
ef8f7ac935 Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 11:27:47 +00:00
Mark Murray
21fd828d7c Change DISTRIBUTION to match new world order. 2000-02-29 11:40:57 +00:00
Alfred Perlstein
b0b670ee94 detect deleted tty lines in /etc/ttys. 2000-02-19 20:28:45 +00:00
Nik Clayton
ae11003873 Document that securelevel >= 2 clamps time changes to at most one second.
PR:             docs/14449
Submitted by:   James FitzGibbon <james@targetnet.com>
1999-12-16 02:15:53 +00:00
Sheldon Hearn
f0f4f75620 Correct the ttys.5 and init.8 manpages with respect to the incorrect
assumption that only getty processes can be managed.  Describe the
SysV-like ability to keep arbitrary long-running processes alive
using a non-device first field in /etc/ttys.

PR:		12767
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
1999-12-06 09:07:14 +00:00
Matthew Dillon
a69497d73f Finish up umntall support. init now passed an argument to the
rundown script 'reboot' or 'single'.  ISO support (which never
    worked) has been removed from mount_nfs.  mount_nfs and umount
    now use mounttab, which allows umntall to work properly.  The
    rc scripts now call umntall as appropriate.

Submitted by:	Martin Blapp <mb@imp.ch>
1999-11-22 04:23:11 +00:00
KATO Takenori
a4edcf8989 FreeBSD kernel doesn't allow any process to decrease securelevel. So,
init(8) cannot decrease securelevel.  The manual page explains this
and single_user() doesn't try to downgrade kernel to insecure mode.

Reviewed by:	bde (manual page)
1999-09-06 08:41:32 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Ruslan Ermilov
ec3e2c5d4f Backup existing init(8) as /sbin/init.bak.
PR:		12976
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
1999-08-05 09:13:57 +00:00
Ruslan Ermilov
6be40c9535 Fix a non-critical memory leak.
PR:		12769
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
1999-07-23 08:28:46 +00:00
Matthew Hunt
ec32ddd693 "Cannot" is one word. "Can not" has a different meaning if taken
literally.
1999-07-05 18:12:13 +00:00
Ruslan Ermilov
5d94d8b6a2 Turn System V command line syntax ``on'' by default.
Requested by:		peter
Reviewed by:		des, billf
1999-07-01 13:33:56 +00:00
Ruslan Ermilov
1681d65976 Bring in System V run-level patches (turned off by default).
While I'm here, fix some typos in the manpage.

Requested by:	des
1999-06-18 09:08:09 +00:00
Ruslan Ermilov
a0a549c7fd Init(8) will halt the system if sent USR1 signal,
or halt and turn the power off if sent SIGUSR2.

PR:		5451
Submitted by:	Leif Neland <leifn@image.dk>
Reworked by:	ru
Reviewed by:	-hackers
1999-06-16 20:01:19 +00:00
Guy Helmer
04b2ac6e73 Mention securelevel 3 as affecting ipfw and dummynet. Generalize comment
about fdisk and securelevel 2.
PR:		docs/7785
1998-12-16 16:50:12 +00:00
Poul-Henning Kamp
63322c283d Memory management error in init.
PR:		7320
Reviewed by:	phk
Submitted by:	Anders Thulin <Anders.X.Thulin@telia.se>
1998-07-22 05:45:11 +00:00
Philippe Charnier
5df42cf4ae Correct .Nm use. Add rcsid. Use min for minutes instead of mn. 1998-07-06 06:56:08 +00:00
Joseph Koshy
6ebaa024df Fixes per PR 2850:
(a) Note that the default securelevel value is -1, in -current and -stable.
(b) Mention kernel sysctl variable that controls securelevel.
(c) Add warning the `fsck' will fail if securelevel >= 2.
(d) Suggest end of /etc/rc as the right place to raise securelevel.

and one spelling fix.

PR: 2850
1998-06-19 08:34:52 +00:00
James Raynard
39034633c8 Don't assume sigset_t and int are equivalent. 1998-03-02 23:19:29 +00:00
Bruce Evans
87f01287d2 Removed definition of _NEW_VFSCONF. The new vfsconf interface is now
the default.
1998-01-20 10:40:18 +00:00
Peter Wemm
1bc5fcd008 This has always bugged me. At single user, the implied example it gives
is not valid - it says that "sh" is the default, but you can't
actually type "sh" at this prompt - it has to be /bin/sh or some other
full pathname.
1997-10-10 12:14:48 +00:00
David Nugent
80f69e57cd ".if exists(${CURDIR}/../../secure)" rather than testing relative to the
object directory.
1997-08-18 03:32:09 +00:00
David Nugent
86bf62dc4a Test that rc.shutdown exists before attempting to run it - silently
return success if it doesn't to prevent any unwanted error msgs.
1997-08-18 01:40:12 +00:00
Andrey A. Chernov
3ee1f2280e runshutdown(): get rid of getdtablesize loop, it gains nothing now
but can waste time if many descriptors are available
1997-08-06 16:34:51 +00:00
Andrey A. Chernov
25cf4a545a rc.shutdown fixes:
1) revoke -> HUP
2) controlling terminal already present
3) add missing setprocresources call
1997-08-06 16:07:52 +00:00
David Nugent
8889c700f3 Add /etc/rc.shutdown capability to init.
Add sample /etc/rc.shutdown (which is just a shell for now).
Submitted by:	Ollivier Robert <roberto@keltia.freenix.fr>
1997-08-02 00:22:52 +00:00
Andrey A. Chernov
3f31fb330d Move logwtmp(shutdown) call before any real action in death(). 1997-07-08 11:51:11 +00:00
Andrey A. Chernov
1054bb1e43 1. Replace malloc+bzero by calloc
2. Revoke internal active session list only now, not whole /etc/ttys
1997-07-05 19:36:55 +00:00
Andrey A. Chernov
19e00c1345 Add -D_NEW_VFSCONF to eliminate compilation warning 1997-07-05 19:34:51 +00:00
Andrey A. Chernov
c3d7c52e04 death: revoke all lines listed in /etc/ttys instead of sending HUP
to all processes
1997-07-04 22:09:07 +00:00
Andrey A. Chernov
423b6a39ff Include <libutil.h> instead of private declarations 1997-07-03 11:37:43 +00:00
Andrey A. Chernov
a2ee73bcc6 Remove unneded cast in login_getclassbyname which cause warning 1997-07-02 13:53:31 +00:00
Paul Traina
4cbf8903a2 Attempt to open the device for reading before actually adding the device
to the session list.  If the device comes back as unconfigured, just
ignore that line in /etc/ttys.  If someone HUP's init, we'll try again.

This change stops getty's from hanging on vty and sio ports that don't
exist, either due to LKM drivers not being loaded, or probes failing.
Reviewed by:	bde
1997-06-28 08:18:29 +00:00
Philippe Charnier
c584283545 Use err(3). 1997-06-13 06:24:42 +00:00
Mike Pritchard
7966553397 Be more specific as to which flags may not be turned off when the
system is running in secure mode.

Obtained from: NetBSD PR# 3299
1997-04-01 20:41:04 +00:00
Poul-Henning Kamp
a6534afb2a Fix mount call for devfs.
Submitted by:	bde
1997-03-30 09:22:41 +00:00
Peter Wemm
c0ec1f37ef Revert $FreeBSD$ to $Id$ 1997-02-22 14:40:44 +00:00
David Greenman
33a20f8291 Protect from stack overrun via /etc/ttys, which could possibly allow a
root user to change the securelevel. Pointed out by Thomas H. Ptacek
<tqbf@enteract.com>.
1997-02-19 08:04:58 +00:00
Mark Murray
35c6fcd43b Part two of a "fix-and-move". There were some macros declared in ../sbin's
Makefile that were a) broken and b) bogusly placed. This brings the
repeared macros in.

Pointed-out-by:	BDE
1997-02-10 17:44:34 +00:00