should be used from now on for anything security but not auth-related.
Included are updates for all relevant manpages and also to /etc files,
creating a new /var/log/security. Nothing in the system logs to
/var/log/security yet as of the time of this commit.
Reviewed by: rgrimes, imp, chris
- Sort xrefs
- FreeBSD.ORG -> FreeBSD.org
- Be consistent with section names as outlines in mdoc(7)
- Other misc mdoc cleanup.
PR: doc/13144
Submitted by: Alexy M. Zelkin <phantom@cris.net>
When fts_open is used with option FTS_NOCHDIR the full
path entry of type FTS_DP is returned with a trailing
'/' if the final directory is empty.
This fix coresponds to netbsd's __fts13.c v. 1.16
Note: you need to install the current groff tmac macros for these
man pages to format correctly. Specifically, rev 1.21 of
contrib_groff/tmac/doc-syms in -current, or rev 1.17.24 for 3.2-stable
(devname() returned "??" when the lookup failed, but callers expected it
to return NULL). This was fixed in Lite2, but until recently the changes
were only merged into devname.3. A day or two after devname.c was fixed,
devname.3 was made inconsistent again by backing out most of the Lite2
changes.
track.
The $Id$ line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;
.\" $Id$
.\"
If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.
Approved by: bde
function. It was an ill-considered feature. It didn't solve the
problem I wanted it to solve. And it added Yet Another Version
Number that would have to be maintained at every release point.
I'm nuking it now before anybody grows too fond of it.
that counted the number of elements in argv. The counter is incremented
in the next-iteration section of the loop, not the body, so at termination
it's already "counted" the element that failed the continuation test - in
this case the NULL argv terminator.
Noted by: bde
call them. All the execX() libc functions should be vfork() safe now.
Specifically:
- execlp() does the argument count-and-build into a vector from alloca
(like the others) - buildargv() is no longer used (and gone).
- execvp() uses alloca/strcpy rather than strdup().
- the ENOEXEC handler uses alloca rather than malloc.
- a couple of free() calls removed - alloca works on the local stack and
the allocations are freed on function exit (which is why buildargv
wasn't useful - it's alloca() context would disappear on return).
Along the way:
- If alloca() fails (can it?), set errno = ENOMEM explicitly.
- The ENOEXEC recovery routine that trys again with /bin/sh appeared to
not be terminating the new argv[] array for /bin/sh, allowing it to
walk off the end of the list.
I dithered a bit about using alloca() even more as it's most commonly
associated with gcc. However, standalone portable (using malloc) and
machine-specific assembler alloca implementations appear to be available
on just about all the architectures we're likely to want to port to.
alloca will be the least of our problems if ever going to another compiler.
which ones cause us to fail. Now all open errors on the databse file
will cause the next file in the list to be tried.
Submitted by: Arne Henrik Juul <arnej@math.ntnu.no>
PR: 4585
- document that sysctl() and sysctlbyname() return 0 on success
- if the provided buffer is too small, set errno to ENOMEM and return -1
instead of returning ENOMEM.
is actually mounted on "/" can be determined using statfs() and is
in /dev. This fixes fsck operating on the wrong device when the
fs_spec entry is only an alias. The aliased case became more
dangerous when the ROOTSLICE_HUNT hack was committed in mount(8).
ROOTSLICE_HUNT may be unnecessary now.
an unimprovement here. I thought it would be an improvement, as in libkvm,
but here we can access the strings directly.
Use sysctlbyname() instead of sysctl() and trust it to give a nonzero
address if it succeeds.
they cannot mount a filesystem that they cannot see in getvfsbyname().
Part 1 of this is a hack, make vfsisloadable() always return true - the
ultimate decider of whether it's loadable or not is kldload() or mount().
Part 2 of this is to have vfsload() call kldload(2) and return success if
it works. This means that we will use a viable kld module in preference
to an LKM!
Ultimately, the thing to do is remove the hacks to do a vfsload in all the
mount_* commands and let the kernel do it by itself in mount(2).
