Commit Graph

6701 Commits

Author SHA1 Message Date
Alan Somers
f7f4e0f7a8 Add initial set of tests for audit(4)
This change includes the framework for testing the auditability of various
syscalls, and includes changes for the first 12.  The tests will start
auditd(8) if needed, though they'll be much faster if it's already running.
The syscalls tested in this commit include mkdir(2), mkdirat(2), mknod(2),
mknodat(2), mkfifo(2), mkfifoat(2), link(2), linkat(2), symlink(2),
symlinkat(2), rename(2), and renameat(2).

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15286
2018-05-29 23:08:33 +00:00
Niclas Zeising
539e1e58af Complete removal of lmc(4)
The lmc(4) driver was removed in r333144 and relevant files added to
ObsoleteFiles.inc, however, include/sys/dev/lmc was not removed from mtree
and is recreated on every install.  Remove it from mtree.

Reviewed by:	imp, emaste
Approved by:	emaste
Differential Revision:	https://reviews.freebsd.org/D15590
2018-05-28 17:08:37 +00:00
Edward Tomasz Napierala
a5efdbd0c9 Make the cfumass rc script support USB template 10.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-05-27 10:48:21 +00:00
Edward Tomasz Napierala
a4ccdf9091 Revert r333493, which was a temporary fix for 11.2-RELEASE, and instead
switch the default kldxref_enable to YES.

The reason is that it's required for every image that's being cross-built,
as kldxref(8) cannot handle files for non-native architectures.  For the
one that is not - amd64 - having it on by default doesn't change anything;
the script is noop if the linker.hints already exists.

MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2018-05-26 11:13:17 +00:00
Mark Felder
75a315f6d2 rc.subr: Support loading environmental variables from a file
The current support for setting environment via foo_env="" in rc.conf is
not scalable and does not handle envs with spaces in the value. It seems
a common pattern for some newer software is to skip configuration files
altogether and rely on the env. This is well supported in systemd unit
files and may be the inspiration for this trend.

MFH:		1 week
Differential Revision:	https://reviews.freebsd.org/D14453
2018-05-25 19:36:26 +00:00
Emmanuel Vadot
729ba386f0 devd: Always install devmatch.conf
It allows devd to run devmatch to find the correct driver based on pnp info.

No Objection from:    imp
2018-05-21 21:44:47 +00:00
Edward Tomasz Napierala
57b1f8183c Set label when setting up USB LUNs, it looks nicer this way.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-05-16 20:44:08 +00:00
Edward Tomasz Napierala
463b6ed54f Change the cfumass rc script to stop pretending the USB LUN is a virtual
CD; for some reason OSX can't deal with it.

MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-05-16 20:39:15 +00:00
Dag-Erling Smørgrav
b70d78d6e8 Rename all Unbound binaries and man pages from unbound* to local-unbound*.
PR:		222902
2018-05-12 17:10:36 +00:00
Dag-Erling Smørgrav
9d0ade3630 Remove the ability to generate long since useless SSH1 RSA keys. 2018-05-12 08:23:17 +00:00
Edward Tomasz Napierala
2b55bea538 Make /etc/rc.d/kldxref not print anything for directories that don't
contain any kernel modules.  This makes the common case completely silent,
as it should be.

Reviewed by:	imp@
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D14694
2018-05-11 14:43:21 +00:00
Xin LI
b6f7731dba Remove "All rights reserved" from my files.
See r333391 for the rationale.

MFC after:	1 week
2018-05-10 06:41:08 +00:00
Warner Losh
e310437971 For video consoles, only launch a getty if the device exists.
Differential Revision: https://reviews.freebsd.org/D15169
2018-05-09 20:49:00 +00:00
Mark Johnston
e505460228 Import the netdump client code.
This is a component of a system which lets the kernel dump core to
a remote host after a panic, rather than to a local storage device.
The server component is available in the ports tree. netdump is
particularly useful on diskless systems.

The netdump(4) man page contains some details describing the protocol.
Support for configuring netdump will be added to dumpon(8) in a future
commit. To use netdump, the kernel must have been compiled with the
NETDUMP option.

The initial revision of netdump was written by Darrell Anderson and
was integrated into Sandvine's OS, from which this version was derived.

Reviewed by:	bdrewery, cem (earlier versions), julian, sbruno
MFC after:	1 month
X-MFC note:	use a spare field in struct ifnet
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D15253
2018-05-06 00:38:29 +00:00
Eitan Adler
0722b4b00e [etc] Update newsyslog.conf default comment
Remove line about allowed flags. It was missing 'pRTY' and is duplicative
of the man page. It didn't describe the flags in any detail to help
remind users of how to configure newsylog.
2018-05-03 00:57:19 +00:00
Warner Losh
e4eef18848 Use M. Warner Losh everywhere on my copyrights.
Remove 'All Rights Reserved' where I can.
2018-05-01 16:29:22 +00:00
Vladimir Kondratyev
44af5666d9 bthidd(8): Add evdev protocol support for bluetooth keyboards and mouses
User-visible changes:

"-u" is added to to list of command line options supported by bthidd.
Use it to enable evdev support. uinput and evdev modules should be
kld-loaded or compiled into the kernel in that case.

bthidd_evdev_support rc.conf variable is added to control enabling of
evdev support in bthidd startup script. Possible values are: "YES", "NO",
"AUTO"(default). Setting bthidd_evdev_support to "AUTO" inserts "-u" option
if kernel is compiled with EVDEV_SUPPORT option enabled.

Support for consumer HID usage page keyboard events is implemented. Most of
them are available only through evdev protocol.

kern.evdev.rcpt_mask sysctl is checked, so "sysctl kern.evdev.rcpt_mask=12"
should be executed if EVDEV_SUPPORT is compiled into kernel.

It is recommended to regenerate bthidd.conf entries with bthidcontrol(8)
"Query" command to set user-friendly names of bluetooth devices.

Reviewed by:	emax, gonzo, wblock (docs), bcr (docs, early version)
Differential Revision:	https://reviews.freebsd.org/D13456
2018-04-30 12:16:54 +00:00
Edward Tomasz Napierala
e73154c1d7 Add cfumass rc script, to create a LUN for cfumass(4).
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D14844
2018-04-21 14:56:41 +00:00
Kyle Evans
addc1b6ce4 Fix ddb rc script
r288291 added a call to limits(1), which isn't available before partitions
are mounted. This broke the ddb rc script, which does not provide its own
start_cmd.

Alleviate the situation here by providing a start_cmd. We still have other
problems with diskless setups that need to be considered, but this is a
start.

PR:		206291
Submitted by:	cy
Discussed with:	rgrimes
MFC after:	3 days
2018-04-19 15:02:53 +00:00
John Baldwin
8ce99bb405 Properly do a deep copy of the ioctls capability array for fget_cap().
fget_cap() tries to do a cheaper snapshot of a file descriptor without
holding the file descriptor lock.  This snapshot does not do a deep
copy of the ioctls capability array, but instead uses a different
return value to inform the caller to retry the copy with the lock
held.  However, filecaps_copy() was returning 1 to indicate that a
retry was required, and fget_cap() was checking for 0 (actually
'!filecaps_copy()').  As a result, fget_cap() did not do a deep copy
of the ioctls array and just reused the original pointer.  This cause
multiple file descriptor entries to think they owned the same pointer
and eventually resulted in duplicate frees.

The only code path that I'm aware of that triggers this is to create a
listen socket that has a restricted list of ioctls and then call
accept() which calls fget_cap() with a valid filecaps structure from
getsock_cap().

To fix, change the return value of filecaps_copy() to return true if
it succeeds in copying the caps and false if it fails because the lock
is required.  I find this more intuitive than fixing the caller in
this case.  While here, change the return type from 'int' to 'bool'.

Finally, make filecaps_copy() more robust in the failure case by not
copying any of the source filecaps structure over.  This avoids the
possibility of leaking a pointer into a structure if a similar future
caller doesn't properly handle the return value from filecaps_copy()
at the expense of one more branch.

I also added a test case that panics before this change and now passes.

Reviewed by:	kib
Discussed with:	mjg (not a fan of the extra branch)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D15047
2018-04-17 18:07:40 +00:00
Kristof Provost
98c5f9884e pf tests: Basic ioctl validation tests
Validate the DIOCRADDTABLES and DIOCRDELTABLES ioctls with invalid size
values. All of these requests should fail.

MFC after:	1 week
2018-04-06 15:03:48 +00:00
Ruslan Bukin
cde6fa2857 Add new shared library -- libopencsd.
OpenCSD is an ARM CoreSight(tm) trace packets decoder.

- Connect libopencsd to the arm64 build.
- Install opencsd headers to /usr/include/opencsd/

Sponsored by:	DARPA, AFRL
2018-04-04 14:31:56 +00:00
Kristof Provost
b93a1086cf pf: reload and resync do the same thing
The reload and resync commands for the startup script do exactly the same
thing, so implement one as a call to the other.

MFC after:	3 weeks
2018-03-26 09:36:22 +00:00
Jonathan T. Looney
2529f56ed3 Add the "TCP Blackbox Recorder" which we discussed at the developer
summits at BSDCan and BSDCam in 2017.

The TCP Blackbox Recorder allows you to capture events on a TCP connection
in a ring buffer. It stores metadata with the event. It optionally stores
the TCP header associated with an event (if the event is associated with a
packet) and also optionally stores information on the sockets.

It supports setting a log ID on a TCP connection and using this to correlate
multiple connections that share a common log ID.

You can log connections in different modes. If you are doing a coordinated
test with a particular connection, you may tell the system to put it in
mode 4 (continuous dump). Or, if you just want to monitor for errors, you
can put it in mode 1 (ring buffer) and dump all the ring buffers associated
with the connection ID when we receive an error signal for that connection
ID. You can set a default mode that will be applied to a particular ratio
of incoming connections. You can also manually set a mode using a socket
option.

This commit includes only basic probes. rrs@ has added quite an abundance
of probes in his TCP development work. He plans to commit those soon.

There are user-space programs which we plan to commit as ports. These read
the data from the log device and output pcapng files, and then let you
analyze the data (and metadata) in the pcapng files.

Reviewed by:	gnn (previous version)
Obtained from:	Netflix, Inc.
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D11085
2018-03-22 09:40:08 +00:00
Ruslan Bukin
30b3274fff Add new shared library -- libipt.
libipt is the Intel Processor Trace (Intel PT) packets decoder.

- Include libipt to amd64 build.
- Install libipt headers to /usr/include/libipt/

Sponsored by:	DARPA, AFRL
2018-03-21 14:37:04 +00:00
Kyle Evans
d5a390e6c7 Move /boot/overlays to /boot/dtb/overlays
The former is fairly vague; these are FDT overlays to be applied to the
running system, so /boot/dtb is a sensible location to put it without
cluttering up /boot/dtb even further if desired.
2018-03-19 16:16:12 +00:00
David Bright
cc732b9da5 Modify rc.d/fsck to handle new status from fsck/fsck_ffs
r328013 introduced a new error code from fsck_ffs that indicates that
it could not completely fix the file system; this happens when it
prints the message PLEASE RERUN FSCK. However, this status can happen
when fsck is run in "preen" mode and the rc.d/fsck script does not
handle that error code. Modify rc.d/fsck so that if "fsck -p"
("preen") returns the new status code (16) it will run "fsck -y", as
it currently does for a status code of 8 (the "standard error exit").

Reported by:	markj
Reviewed by:	mckusick, markj, ian, rgrimes
MFC after:	3 days
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D14679
2018-03-15 18:29:56 +00:00
Jamie Gritton
d0aee33dc9 Don't warn when the "hostname" rc variable is unset, but the hostname
is already non-empty (common in jails).
2018-03-10 20:13:07 +00:00
Alan Somers
c60fdff77d Commit missing file from r330696
MFC after:	3 weeks
X-MFC-With:	330696
2018-03-09 23:17:29 +00:00
Hans Petter Selasky
e808190a59 Add kernel and userspace code to dump the firmware state of supported
ConnectX-4/5 devices in mlx5core.

The dump is obtained by reading a predefined register map from the
non-destructive crspace, accessible by the vendor-specific PCIe
capability (VSC). The dump is stored in preallocated kernel memory and
managed by the mlx5tool(8), which communicates with the driver using a
character device node.

The utility allows to store the dump in format
    <address> <value>
into a file, to reset the dump content, and to manually initiate the
dump.

A call to mlx5_fwdump() should be added at the places where a dump
must be fetched automatically. The most likely place is right before a
firmware reset request.

Submitted by:	kib@
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2018-03-08 15:21:56 +00:00
Devin Teske
5bf5ca772c Introduce dwatch(1) as a tool for making DTrace more useful
Reviewed by:	markj, gnn, bdrewery (earlier version)
Relnotes:	yes
Sponsored by:	Smule, Inc.
Differential Revision:	https://reviews.freebsd.org/D10006
2018-03-06 23:44:19 +00:00
Edward Tomasz Napierala
fc5acf467c Add example devd.conf(5) entry for notifying init(8) about new USB ttys.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-03-06 21:05:34 +00:00
Ed Maste
da95763b3b rc.d/jail: avoid misinterpreting expr arguments
(Due to some misconfiguration) I ended up with _mask set to
"-v<something>", and /etc/rc.d/jail then failed with
"expr: illegal option -- v".

Use "expr --" so that variable content is never interpreted as an
option.

Reviewed by:	jamie
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D14535
2018-02-28 17:20:10 +00:00
Kristof Provost
6b8bcdc1e8 pf: Apply $pf_flags when verifying the pf.conf file
When checking the validity of the pf.conf file also include the user supplied
pf_flags. These flags might overrule macros or specify anchors, which we will
apply when actually applying the pf.conf file, so we must also take them into
account when verifying the validity.

Submitted by:	Andreas Longwitz <longwitz at incore.de>
MFC after:	3 weeks
2018-02-28 09:59:58 +00:00
Kristof Provost
5830b90f4b pf: Do not flush on reload
pfctl only takes the last '-F' argument into account, so this never did what
was intended.

Moreover, there is no reason to flush rules before reloading, because pf keeps
track of the rule which created a given state. That means that existing
connections will keep being processed according to the rule which originally
created them. Simply reloading the (new) rules suffices. The new rules will
apply to new connections.

PR:		127814
Submitted by:	Andreas Longwitz <longwitz at incore.de>
MFC after:	3 weeks
2018-02-28 08:53:07 +00:00
Kyle Evans
3eae2a2e40 Add 'usr.bin/seq' to tests mtree after r330086 2018-02-27 22:22:23 +00:00
Alan Somers
4b40bdbd1f Add tests for lagg(4) and other cloned network interfaces
Unfortunately, most of the tests are disabled because they fairly frequently
trigger panics.

MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2018-02-23 18:18:42 +00:00
Alan Somers
2fae26bd8b Add the ZFS test suite
It was originally written by Sun as part of the STF (Solaris test framework).
They open sourced it in OpenSolaris, then HighCloud partially ported it to
FreeBSD, and Spectra Logic finished the port.  We also added many testcases,
fixed many broken ones, and converted them all to the ATF framework.  We've had
help along the way from avg, araujo, smh, and brd.

By default most of the tests are disabled.  Set the disks Kyua variable to
enable them.

Submitted by:	asomers, will, justing, ken, brd, avg, araujo, smh
Sponsored by:	Spectra Logic Corp, HighCloud
2018-02-23 16:31:00 +00:00
Marcelo Araujo
61e7e50da9 The firewall_type is ignored if not set in rc.conf or rc.conf.local,
after r190575 there is an option to call rc.firewall with the firewall_type
passed in as an argument.

Submitted by:	David P. Discher <dpd@dpdtech.com>
MFC after:	3 weeks.
Sponsored by:	iXsystems Inc.
Differential Revision:	https://reviews.freebsd.org/D14286
2018-02-22 08:25:39 +00:00
Hans Petter Selasky
974a95948a Fix handling of "one_nomatch" shell variable to preserve its contents
appearing as a single argument passed to devmatch(8).

Don't depend on "sort" utility from usr/bin which might not be
available when devd is started.

Sponsored by:	Mellanox Technologies
2018-02-17 13:32:29 +00:00
Hans Petter Selasky
9a44db43ea Invoke devmatch rc.d script directly instead of depending on "service"
which is installed in usr/sbin and might not be available at the time
devd is started.

Sponsored by:	Mellanox Technologies
2018-02-17 13:13:55 +00:00
Warner Losh
247f52f185 Pass in the NOMATCH event to devmatch
In devd/devmatch.conf, we need to pass the event to the devmatch
serivce. It gets passed to devmatch -p for matching. We always pass
this, unlike hps' original patch, so we kill two birds with one stone
and only match modules to the event passed in.

Submitted by: hps@
Sponsored by: Netflix
2018-02-17 06:57:38 +00:00
Warner Losh
7e1637e491 If we're passed an argument, then treat it as a single NOMATCH event
to parse rather than searching for all events. Pass with new -p arg to
devmatch. devmatch will use that one event rather than walking the
entire tree.

kldload will stop at the first failure. So we need to loop.  Also,
symbolic links may confused kldload into trying (and failing) to load
multiple modules at once, so guard against that.

Noticed by: hps (with similar patch)
Sponsored by: Netflix
2018-02-17 06:57:21 +00:00
Eitan Adler
bc43eb228d etc: clean up trailing whitespace in autofs
Obtained from:	DragonFlyBSD (48a93f514f93ff671b7b6c9bbed54d45b3f65180)
2018-02-15 11:41:38 +00:00
Alan Somers
ea9c2614cf Add mtree entry for 329275
MFC after:	3 weeks
X-MFC-With:	329275
Sponsored by:	Spectra Logic Corp
2018-02-14 21:02:38 +00:00
Warner Losh
b11df8a4a3 Add /boot/lua. 2018-02-13 17:42:10 +00:00
Brad Davis
4126c2e199 Fix resolv to run when it should and not when it should not..
Approved by:	manu
Reported by:	manu
Pointy hat to:	brd
2018-02-13 16:07:39 +00:00
Hans Petter Selasky
6bb41868ef Add missing semicolon to not break devd during system startup. 2018-02-13 08:10:17 +00:00
Warner Losh
ff99e28210 Fix typo 2018-02-12 06:52:49 +00:00
Warner Losh
8d99f31cbb Turn devmatch on by default.
Turn devmatch on by default. However, use 'start' instead of
'onestart' in the devmatch.conf file so the setting of
'devmatch_enable' is honored. Give an example of what to put in
devd.conf if you want to disable just the run-time part of devmatch.

Relnotes: yes
2018-02-12 06:51:20 +00:00