Previously we would display "OK, Swapped" for swapped disks,
instead of the usual disk size.
Reviewed By: allanjude
Differential Revision: https://reviews.freebsd.org/D31219
This builds on recently introduced NO_NEW_PRIVS flag to implement
unprivileged chroot, enabled by `security.bsd.unprivileged_chroot`.
It allows non-root processes to chroot(2), provided they have the
NO_NEW_PRIVS flag set.
The chroot(8) utility gets a new flag, -n, which sets NO_NEW_PRIVS
before chrooting.
Reviewed By: kib
Sponsored By: EPSRC
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D30130
Updated freebsd-update to allow it to create boot environments using
bectl should the system support it. The bectl utility was updated in
r352211 (490e13c1403f) to support a 'check' to determine if the system
supports boot environments. If UFS is used, the bectl check will fail
then no attempt will be made to create the boot environment.
If freebsd-update is run inside a jail, no attempt will be made to
create a boot environment.
The boot environment function will create a new environment using the
format: current FreeBSD kernel version and date/timestamp, example:
12.0-RELEASE-p10_2019-10-03_185233
This functionality can be disabled by setting 'CreateBootEnv' in
freebsd-update.conf to 'no'.
Discussed with: allanjude
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D21892
Since bsd.prog.mk includes bsd.obj.mk, and thus bsd.subdir.mk, we must
ensure all our bsd.subdir.mk-affecting variables are set before
including bsd.prog.mk. Since sbin's various Makefile.arch files add to
SUBDIR this results in those not taking effect, and presumably we also
end up not having buildworld as parallel as it should be due to the fact
that SUBDIR_PARALLEL was not being set before including bsd.prog.mk.
MFC with: 0a0f7486413c147d56808b38055c40c64cff61f5
Reviewed by: olivier
Differential Revision: https://reviews.freebsd.org/D31125
These were all incorrectly labeled as 2-clause BSD licenses by a
semi-automated process, when in fact they are 3-clause.
Discussed with: pfg, imp
MFC after: 2 weeks
Sponsored by: Axcient
Only ESRT and PROP tables are handled at the moment.
Submitted by: Pavel Balaev <pavel.balaev@3mdeb.com>
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D30104
Building and installing architecture-specific man pages only raises a number of
problems:
* The https://www.freebsd.org/cgi/man.cgi is incomplete. As an
example, it does not show results for pae(4). The reason for this is
that the cgi interface runs on FreeBSD amd64.
* In FreeBSD amd64 some manual pages have broken X-refs. See hptrr(4)
for an example.
* Also, we have broken links in our Release Notes. This is a
consequence of the first point. See
https://www.freebsd.org/releases/13.0R/hardware/#proc-i386.
Make MAN_ARCH default to 'all' so we build all the man pages for all the
architectures. The difference in disk space is negligible. Also link
architecture-specific man pages to their own section while keeping their own
namespace.
PR: 212290
Reported by: mj@bsdops.com
Approved by: ceri@, wosch@
MFC after: 4 weeks
Portsnap uses patches opportunistically to reduce download bandwidth: It
attempts to fetch patches which could be useful, and then makes use of
whichever patches it actually gets. (This solves the otherwise O(n^2)
issue for the server to build patches between every pair of versions.)
During the process of applying patches, portsnap prints lines of the
form "Skipping XXX-YYY (123 of 4567).\r", where the \r serves to allow
each of these (potentially many) lines to overwrite the previous one
on the console. Unfortunately, XXX and YYY here are SHA256 hashes,
resulting in these lines wrapping on reasonable-width consoles.
Replace the hashes with abbreviations of the form "0123...cdef"
(cutting 64 characters down to 11) in order to keep lines to a
reasonable length.
The rather ugly shell code here is used to avoid forking additional
processes; it would be much cleaner using sed(1), but in my testing
the sed-based alternative increases CPU time consumption by 50%.
Requested by: des
The UEFI driver included with Rocky Linux 8.4 uncovered an existing bug
in the NVMe emulation's construction of iovec's.
By default, NVMe data transfer operations use a scatter-gather list in
which all entries point to a fixed size memory region. For example, if
the Memory Page Size is 4KiB, a 2MiB IO requires 512 entries. Lists
themselves are also fixed size (default is 512 entries).
Because the list size is fixed, the last entry is special. If the IO
requires more than 512 entries, the last entry in the list contains the
address of the next list of entries. But if the IO requires exactly 512
entries, the last entry points to data.
The NVMe emulation missed this logic and unconditionally treated the
last entry as a pointer to the next list. Fix is to check if the
remaining data is greater than the page size before using the last entry
as a pointer to the next list.
PR: 256422
Reported by: dave@syix.com
Tested by: jason@tubnor.net
MFC after: 5 days
Relnotes: yes
Reviewed by: imp, grehan
Differential Revision: https://reviews.freebsd.org/D30897
After 34766aa8cb514472c571f8b0e90e833833acef51 we are mounting and
unmounting devfs elsewhere already.
Reviewed by: nwhitehorn
MFC after: 1 week
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D30877
While here only compile both of them if WITH_ISCSI is set (this is the default).
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D30755
Sponsored by: Diablotin Systems
And move all the nfs related commands there.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D30754
Sponsored by: Diablotin Systems
It can still be enabled as usual in /etc/periodic.conf
PR: 256253
Reported by: delphij
Submitted by: Miroslav Lachman <000.fbsd@quip.cz>
MFC after: 2 weeks
Old certctl commands still work for compatability, but are deprecated.
Approved by: secteam (gordon)
Differential Revision: https://reviews.freebsd.org/D30807
The "config" line in config files has been obsolete since FreeBSD 4.x
when we moved to having the boot loader pass in the root device. Remove
it.
MFC After: 1 week
Sponsored by: Netflix
When we introduced libpfctl in bnsmpd this was done incorrectly, and a
GETRULE call was replaced by pfctl_add_rule().
Change it to pfctl_get_rule().
Reviewed by: donner
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Apparently some large-file systems out there, such as my powerpc64le
Linux box, define daddr_t as a 32-bit type, which is sad and stymies
cross-building disk images. Cast daddr_t to off_t before doing
arithmetic that overflows.
Reviewed by: arichardson, jrtc27, imp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D27458
Since 2d82b47 syslogd can't be built with `WITHOUT_INET` or
`WITHOUT_INET6` build variables set, because `iovlist_truncate` is not
defined but used.
This change wraps the problematic `iovlist_truncate` call within ifdef
directive. It's compiled out in this situation...
Pull Request: https://github.com/freebsd/freebsd-src/pull/475
Reviewed by: imp@ (commit message slightly tweaked)
Register a resize callback with the blockif interface. When the
callback fires, update the size of the disk and notify the guest via a
configuration change interrupt.
Reviewed by: grehan, markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D30506
This allows device models to assert VirtIO interrupts for reasons
other than publishing changes to a VirtIO ring such as configuration
changes.
Reviewed by: grehan, markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D30505
Allow clients of blockif to register a resize callback handler. When
a callback is registered, register an EVFILT_VNODE kevent watching the
backing store for a change in the file's attributes. If the size has
changed when the kevent fires, invoke the clients' callback.
Currently resize detection is limited to backing stores that support
EVFILT_VNODE kevents such as regular files.
Reviewed by: grehan, markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D30504
This allows registering an event to watch for changes to a file's
attributes. This is a bit imperfect as it would be nice to have a way
to determine if an fd can use EVFILT_VNODE successfully. mevent's
current structure does not permit that and a failure to register a
single kevent impacts several other kevents.
Reviewed by: grehan, markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D30503
Change mevent_add*() to synchronously add the new kevent. This
permits reporting event registration failures to the caller and avoids
failing the registration of other, unrelated events queued up in the
same batch.
Reviewed by: grehan, markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D30502
Last an(4) devices have been End Of Life and End Of Sale in 2007.
Time to remove this driver.
Differential Revision: https://reviews.freebsd.org/D30680
Reviewed by: imp (earlier version), emaste (earlier version)
Sponsored by: Diablotin Systems
This will be used to inject keyboard/mouse input events into a guest.
The command line syntax is:
-s <slot>,virtio-input,/dev/input/eventX
Reviewed by: jhb (bhyve), grehan
Obtained from: Corvin Köhne <C.Koehne@beckhoff.com>
MFC after: 3 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D30020
This check was too aggressive: it is fine if SizeOfHeaders is exactly
equal to the size of the DOS stub + PE header + section table. Despite
being wrong this code typically worked for most EFI binaries because
SizeOfHeaders is rounded up to a multiple of FileAlignment, which is
often large (e.g., 512 bytes for the FreeBSD loader) so most binaries
made it through.
Reviewed by: imp@
Sponsored by: Netflix
Pull Request: https://github.com/freebsd/freebsd-src/pull/445
Incorrectly linked built-in wpa functions resulted in overwriting
sm->ctx->set_rekey_offload with garbage. It was initialized correctly
however it changed after wpa_supplicant became a daemon.
No SIGBUS violations reported by dhw@ were experienced during testing
of the original commit by msyelf or philip@.
Reported by: dhw
Tested by: dhw
MFC after: 2 months
X-MFC with: 25ecdc7d52770caf1c9b44b5ec11f468f6b636f3