Commit Graph

1392 Commits

Author SHA1 Message Date
David E. O'Brien
a23ec70a4e Depend on the new 'postrandom' instead of random.
We need to limit the amount of time between consuming the entropy seeds
and removing it in case of a kernel panic.
2012-08-22 18:49:02 +00:00
David E. O'Brien
7e7fd6c88d Remove old entropy seeding after consumption initializing /dev/random PRNG.
Not doing so opens us up to replay attacks.

Submitted by:	Arthur Mesh <arthurmesh@gmail.com>
Sponsored by:	Juniper Networks
2012-08-22 18:43:21 +00:00
David E. O'Brien
849d3c12df Add dependencies based on security(7). 2012-08-22 18:35:17 +00:00
Jun Kuriyama
9b9bfdcc30 - Allow to pass extra parameters for each jails.
- To achieve above, convert jail(8) invocation to use new style
  command line "-c" flag.

Reviewed at:	freebsd-jail@
2012-08-19 08:15:32 +00:00
Devin Teske
41e0047a15 Revert SVN r238628 (mistake). 2012-07-19 22:41:00 +00:00
Devin Teske
f316f2c30c Fix syntax errors (s/:=/:-/).
Reviewed by:	emaste (mentor)
Approved by:	emaste (mentor)
MFC after:	3 days
2012-07-19 22:33:13 +00:00
Maksim Yevmenkin
78cf63fc10 Allow to specify no source-address-selection policy
MFC after:	1 week
2012-07-19 15:36:36 +00:00
Dag-Erling Smørgrav
d256f21a9a Move -n ${_jail} before ${_flags} so that any -n options in ${_flags}
will override ours instead of the other way around.
2012-07-18 23:01:23 +00:00
Brooks Davis
ba7f643097 MFP4 214344:
Tighten the regular expression that checks for an md /tmp such that
no /tmp mount and an md / isn't improperly matched.

Sponsored by:	DARPA/AFRL
2012-07-13 20:10:59 +00:00
Kevin Lo
1424b561e1 Whitespace nit 2012-07-13 06:46:09 +00:00
Hiroki Sato
ef23194991 - Add IFT_L2VLAN (vlan(4)) support.
- Add -P option to support PID file.  When -a is specified /var/run/rarpd.pid
  is used, and when an interface is specified /var/run/rarpd.<ifname>.pid is
  used by default.
2012-07-09 08:11:16 +00:00
Hiroki Sato
8efbd296e0 Make ipfw0 logging pseudo-interface clonable. It can be created automatically
by $firewall_logif rc.conf(5) variable at boot time or manually by ifconfig(8)
after a boot.

Discussed on:	freebsd-ipfw@
2012-07-09 07:16:19 +00:00
Dag-Erling Smørgrav
7f8492ba48 Name jails automatically.
MFC after:	1 week
2012-07-04 13:37:44 +00:00
Sean Bruno
55fb7f3673 Revert r238004 as more review has come in and there is now a discussion
on how to best proceed.
2012-07-02 17:55:29 +00:00
Sean Bruno
7402aad3c7 Cosmetic display change of Cx states via cx_supported sysctl entries.
Adjust power_profile script to handle the new world order as well.

Some vendors are opting out of a C2 state and only defining C1 & C3.  This
leads the acpi_cpu display to indicate that the machine supports C1 & C2
which is caused by the (mis)use of the index of the cx_state array as the
ACPI_STATE_CX value.

e.g. the code was pretending that cx_state[i] would
always convert to i by subtracting 1.

cx_state[2] == ACPI_STATE_C3
cx_state[1] == ACPI_STATE_C2
cx_state[0] == ACPI_STATE_C1

however, on certain machines this would lead to
cx_state[1] == ACPI_STATE_C3
cx_state[0] == ACPI_STATE_C1

This didn't break anything but led to a display of:
 * dev.cpu.0.cx_supported: C1/1 C2/96

Instead of
 * dev.cpu.0.cx_supported: C1/1 C3/96

MFC after:	2 weeks
2012-07-02 16:57:13 +00:00
Stanislav Sedov
51506f39f4 - Change kfd rc script to be more conformant with rcNG conventions:
o change rcname to kfd;
  o move mandatory options to command_args;
  o add missing "shutdown" keyword;
  o fix require line.  Kfd doesn't really need to be started before
    daemons.

Suggested by:	dougb
2012-05-06 20:46:04 +00:00
John Baldwin
b8cb2346fc - Don't log messages saying that accounting is being disabled and enabled
if the accounting log file is atomically replaced with a new file
  (such as during log rotation).
- Simplify accounting log rotation a bit.  There is no need to re-run
  accton(8) after renaming the new log file to it's real name.

PR:		kern/167321
Tested by:	Jeremy Chadwick
2012-05-02 14:25:39 +00:00
Stanislav Sedov
7e2d4dcd24 - Add rc.d script for kfd, kerberos forwarded tickets daemon. 2012-04-10 09:27:41 +00:00
Bjoern A. Zeeb
9f0b9a0853 Rather than printing the output from route add for all FIBs just print them
for the default FIB followed by a statement with a list of FIB numbers for
all the other FIBs we install the routes for.

Request by:	kib (to make it less noisy)
Tested by:	kib
MFC after:	3 days
2012-03-04 18:53:35 +00:00
Bjoern A. Zeeb
9dba179d5e IFC @231845
Sponsored by:	Cisco Systems, Inc.
2012-02-17 00:27:48 +00:00
Doug Barton
20ceedfb69 Fix various issues with the NFS and RPC related scripts:
1. Add new functionality to the force_depend method to incorporate the
   tests for whether the service is enabled and/or already running.
2. Add a new option to bypass checking only that the service is enabled
   at boot time, and always check if it is running.
3. Use this new functionality to greatly simplify the rc.d scripts that
   use force_depend.
4. Add a force_depend for statd in lockd
5. Remove the check that either nfs_server or nfs_client is _enable'd
   from statd and lockd. This was always overkill, and prevented using
   the {one|force}start options, as well as stop'ing on the command line.
6. The yp* scripts had some of their arguments in various weird orders.
   Bring them into line with the model.
7. If mountd fails to create /var/db/mountdtab, err out.

Ideas, suggestions, and/or review from delphij and jilles.
Pointy hats are completely my responsibility however.
2012-02-14 10:51:24 +00:00
Andriy Gapon
5a197b4612 start watchdogd before most of other daemons/servers
The main benefit is that watchdogd would shutdown after most of other
daemons/servers and thus, for example, would remedy a system hang caused
by unlucky X server shutdown.

Reviewed by:	dougb (earlier version)
MFC after:	2 weeks
2012-02-12 14:58:50 +00:00
Ed Schouten
18568efd19 Avoid using BEFORE in the utx rc script.
Requested by:	dougb
2012-02-12 07:45:48 +00:00
Ed Schouten
c21ae3a403 Move utmpx handling out of init(8).
This has the following advantages:

- During boot, the BOOT_TIME record is now written right after the file
  systems become writable, but before users are allowed to log in. This
  means that they can't cause `hidden logins' by logging in right before
  init(8) kicks in.

- The pututxline(3) function may potentially block on file locking,
  though this is very rare to occur. By placing it in an rc script, the
  user can still kill it with ^C if needed.

- Most importantly: jails don't use init(8). This means that a force
  reboot of a system running jails will leave stale entries in the
  accounting database of the jails individually.
2012-02-11 20:47:16 +00:00
Doug Barton
f7451733fb In the days before r208307 addswap was running early in the second stage
of rcorder. Somehow in the intervening period addswap got moved to the
very end, which is almost certainly not what we want.

This change moves it to right after kld so that for users who need it,
they'll get it ASAP.
2012-02-11 06:21:16 +00:00
Doug Barton
95208e20d0 As it stands right now, the default devfs rulesets are only loaded as a
side effect of something else using them. If they haven't been loaded
already but you want to use them, say for configuring a jail, you're out
of luck.

So add a knob to always load the default rulesets. While I'm here document
the other devfs_ knobs in rc.conf.5.
2012-02-08 08:52:40 +00:00
Hiroki Sato
86b84592a8 Fix $ipv6_network_interfaces handling in rc.d/routing. It could fail when
it was set to "auto", for example.

MFC after:	3 days
2012-02-04 18:14:49 +00:00
Bjoern A. Zeeb
b202f3dc89 Install the IPv6 reject routes we do for the default FIB to all FIBs.
Sponsored by:	Cisco Systems, Inc.
2012-02-03 15:31:47 +00:00
Hiroki Sato
d830cea6b7 Perform IPv6 DAD only in ifn_start. 2012-01-29 08:33:34 +00:00
Hiroki Sato
f6e5ba31d2 Fix several glitches in IPv6-related knobs:
- ipv6_enable + ipv6_gateway_enable should unset ACCEPT_RTADV by default for
  backward compatibility.

- Configurations in ipv6_prefix_IF should be recognized even if there is no
  ifconfig_IF_ipv6.

- DAD wait should be performed at once, not on a per-interface basis, if
  possible.  This fixes an issue that a system with a lot of IPv6-capable
  interfaces takes too long for booting.

MFC after:	1 week
2012-01-22 10:57:32 +00:00
Brooks Davis
2dd3bcd48d When creating the jails /dev/log symlink, do it by full path to avoid
creating stray "log" symlinks if the mount fails.  That apparently
happens in some ezjail configs.

PR:		conf/143084
Submitted by:	Dirk Engling <erdgeist at erdgeist.org>
Reviewed by:	simon
MFC after:	2 weeks
2012-01-20 22:55:19 +00:00
Eygene Ryabinkin
1eea470950 dhclient: don't use syslog for logging non-DHCP interface errors
We should show the error to user, but it doesn't deserve syslog.

Approved by: jhb
2012-01-20 17:19:50 +00:00
Doug Barton
801c438304 Prepare for the removal of set_rcvar() by changing the rcvar=
assignments to the literal values it would have returned.

The concept of set_rcvar() was nice in theory, but the forks
it creates are a drag on the startup process, which is especially
noticeable on slower systems, such as embedded ones.

During the discussion on freebsd-rc@ a preference was expressed for
using ${name}_enable instead of the literal values. However the
code portability concept doesn't really apply since there are so
many other places where the literal name has to be searched for
and replaced. Also, using the literal value is also a tiny bit
faster than dereferencing the variables, and every little bit helps.
2012-01-14 02:18:41 +00:00
Eygene Ryabinkin
0113cca483 rc.d: document 'quiet' prefix and fix dhclient/devd interaction
Document the current semantics of the 'quiet' command prefix
in the rc.subr(8).

Fix dhclient rc.d script: it should not call err() for
non-DHCP-enabled interface when it is called from devd, because the
latter just blindly calls 'service dhclient quietstart' on each "link
up" event.

Since the 'quietstart' will silence the message "Cannot 'start' <foo>.
Set <foo>_enable to YES in /etc/rc.conf or use 'onestart' instead of
'start'." and running dhclient on the non-DHCP-enabled interface is
the same thing as running the service <foo> without <foo>_enable set,
such modification is in sync with the current semantics of the 'quiet'
prefix.

Approved by: glebius
Reviewed by: freebsd-rc list
MFC after:	2 weeks
2012-01-12 06:48:11 +00:00
Gleb Smirnoff
5c39f7bdeb Bunch of fixes to pfsync(4) module load/unload:
o Make the pfsync.ko actually usable. Before this change loading it
  didn't register protosw, so was a nop. However, a module /boot/kernel
  did confused users.
o Rewrite the way we are joining multicast group:
  - Move multicast initialization/destruction to separate functions.
  - Don't allocate memory if we aren't going to join a multicast group.
  - Use modern API for joining/leaving multicast group.
  - Now the utterly wrong pfsync_ifdetach() isn't needed.
o Move module initialization from SYSINIT(9) to moduledata_t method.
o Refuse to unload module, unless asked forcibly.
o Improve a bit some FreeBSD porting code:
  - Use separate malloc type.
  - Simplify swi sheduling.

This change is probably wrong from VIMAGE viewpoint, however pfsync
wasn't VIMAGE-correct before this change, too.

Glanced at by:	bz
2012-01-09 08:50:22 +00:00
Doug Barton
a194b02d88 There is no longer a need to abstract ${rcvar_manpage} as we are not
attempting to maintain compatibility with NetBSD for some years now.
2012-01-08 20:25:29 +00:00
Ulrich Spörlein
081dc98788 Spelling fixes for etc/ 2012-01-07 16:10:32 +00:00
Pawel Jakub Dawidek
e3bf08680d Add 'nojail' keyword as auditd(8) can't really do anything useful when
inside a jail.

Discussed with:	rwatson
MFC after:	1 week
2012-01-06 14:00:31 +00:00
Pawel Jakub Dawidek
04d8001793 - Put one file into one line. This makes keeping local changes and merging
with FreeBSD easier for vendors.
- For optional files use variables starting with underscore.

Both changes make rc.d/Makefile look similar to sys/modules/Makefile.

Reviewed by:	dim
2011-12-15 21:06:37 +00:00
David E. O'Brien
59509bae0a Ensure kldxref is run first. Currently both 'kldxref' and 'kld' depend
on "FILESYSTEMS" and 'kld' is being run 8 scripts ahead of 'kldxref'.

Reported by:	dhw
2011-12-01 22:50:10 +00:00
Jilles Tjoelker
e60150fafa rc.d: Eliminate some unnecessary non-POSIX constructs:
* set - ...
 * empty braces
 * ^ in character class
2011-11-08 23:02:32 +00:00
Dimitry Andric
66aa9b8dc9 Whenever you boot with nfsv4_server_enable=NO (the default) in rc.conf,
the /etc/rc.d/nfsd script sets vfs.nfsd.server_max_nfsvers to 3.

Then, when you set nfsv4_server_enable=YES in rc.conf, and restart nfsd
via the rc.d script, without rebooting, the sysctl does *not* get reset
to max version 4, so NFSv4 still doesn't work.

Fix this by explicitly setting vfs.nfsd.server_max_nfsvers to 4 when
NFSv4 is requested.

I also added resetting of the nfs_privport sysctls, since this has the
same issue: nfs_reserved_port_only=YES in rc.conf sets the nfs_privport
sysctl to 1, but in the other case, the sysctl doesn't get reset to 0.

Reviewed by:	rmacklem
Silence from:	rc@
MFC after:	3 days
2011-11-05 16:47:47 +00:00
Eygene Ryabinkin
0c4b17e1e7 Fix handling of rc_force in /etc/rc.d/dhclient
Variable 'rc_force' is accessible only at the time of rc_run_command,
so it can't be examined from the script's main code.

Spotted by:	hrs
Reviewed by:	hrs, des
Approved by:	des
MFC after:	2 weeks
2011-10-28 06:03:38 +00:00
Martin Matuska
4d428b10ae Correctly reassign copyright of etc/rc.d/static_ndp back to delphij@
as the project itself is no legal entity

Reported by:	Joe Dahl <joel@vnode.se>
MFC after:	3 days
2011-10-23 10:17:42 +00:00
Martin Matuska
dbedf61ce3 Add etc/rc.d/static_ndp, analogous to etc/rc.d/static_arp.
Make sure that static ARP and NDP bindings are set before NETWORKING.

As static_ndp is based on static_arp, pass copyright to the project with
permission of the original author (delphij@).

Reviewed by:	delphij@FreeBSD.org
MFC after:	3 days
2011-10-23 09:08:42 +00:00
Dag-Erling Smørgrav
32ca8e078d The rc_force test was inverted in the previous commit, so that dhclient ran
for interfaces which were not configured for DHCP *unless* rc_force was set;
the correct logic is to run dhclient for those interfaces *only if* rc_force
is set.

Broken by:	des@
Noticed by:	everybody and his dog
Submitted by:	rea@
PR:		bin/161733
2011-10-17 13:05:57 +00:00
Dag-Erling Smørgrav
23f39c906b Make dhclient use a pid file. Modify the rc script accordingly; while
there, clean it up and add some error checks.

Glanced at by:	brooks@
MFC after:	3 weeks
2011-10-13 17:20:45 +00:00
Hiroki Sato
04303fd864 Use REQUIRE: line to reorder rc.d/bridge instead of BEFORE: line.
Pointed out by:	dougb
Approved by:	re (bz)
2011-09-20 00:37:35 +00:00
Hiroki Sato
33b9d9a8d2 Use resolvconf(8) to create /etc/resolv.conf, not directly overwrite it.
Approved by:	re (kib)
2011-09-19 15:56:50 +00:00
Hiroki Sato
f8c5f6a6b8 Fix the script order to run rc.d/bridge after the initial network
interface configuration and before running network daemons.

Approved by:	re (kib)
2011-09-19 15:55:53 +00:00
Hiroki Sato
049087a0f3 Add $ipv6_cpe_wanif to enable functionality required for IPv6 CPE
(r225485).  When setting an interface name to it, the following
configurations will be enabled:

 1. "no_radr" is set to all IPv6 interfaces automatically.

 2. "-no_radr accept_rtadv" will be set only for $ipv6_cpe_wanif.  This is
    done just before evaluating $ifconfig_IF_ipv6 in the rc.d scripts (this
    means you can manually supersede this configuration if necessary).

 3. The node will add RA-sending routers to the default router list
    even if net.inet6.ip6.forwarding=1.

This mode is added to conform to RFC 6204 (a router which connects
the end-user network to a service provider network).  To enable
packet forwarding, you still need to set ipv6_gateway_enable=YES.

Note that accepting router entries into the default router list when
packet forwarding capability and a routing daemon are enabled can
result in messing up the routing table.  To minimize such unexpected
behaviors, "no_radr" is set on all interfaces but $ipv6_cpe_wanif.

Approved by:	re (bz)
2011-09-13 00:06:11 +00:00
Xin LI
aefb9fe04f Honor WITHOUT_IPX when installing etc/rc.d/ipxrouted.
MFC after:	1 week
Approved by:	re (kib)
2011-08-23 19:29:11 +00:00
Doug Barton
ab1779e30e Revert the apparently-unecessary module_path twiddling from r223917
Approved by:	re (kib)
2011-07-22 21:08:19 +00:00
Jilles Tjoelker
068c02de6d rc.d/routing: Fix ugly output with additional routing options.
Print a separate "Additional routing options" line for each address family
which has additional options, so that it does not get mixed up with the
output from adding routes.

This also reverts r224048 which added newlines to two arbitrary routing
options.
2011-07-17 14:52:55 +00:00
Kevin Lo
d99dc333db Remove "-n" from echo
Reviewed by:	dougb
2011-07-15 01:59:08 +00:00
Doug Barton
c2d900ef50 Make sure we load kernel modules from the same path as the running kernel 2011-07-10 23:47:03 +00:00
Rick Macklem
1e2cac7b7f Delete the /etc/rc.d/nfsserver script, since it is no
longer used by /etc/rc.d/nfsd and it is no longer necessary
to load the old nfs server by default, when nfs_server_enable="YES".

Tested by:	sgk at troutmask.apl.washington.edu
Reviewed by:	rc (Andrzej Tobola)
2011-07-08 00:49:50 +00:00
Rick Macklem
c4c07ee035 Fix the /etc/rc.d/nfsd script so that it no longer uses
the /etc/rc.d/nfsserver script to load the old nfs server
module.

Tested by:	sgk at troutmask.apl.washington.edu
Reviewed by:	rc (hrs)
2011-07-07 20:59:42 +00:00
Sergey Kandaurov
1bb5e90ffd Run load_rc_config before stop_cmd definition, so that ${quotaoff_flags}
is correctly expanded inside stop_cmd instead of getting nothing.

PR:		conf/157687
Reported by:	Dmitry Banschikov <d.banschikov peterhost ru>
MFC after:	1 week
2011-06-28 14:26:34 +00:00
Doug Barton
ef247ddad1 I knew there was something funny about this line 2011-06-22 06:27:32 +00:00
Doug Barton
0ee974f9cf Blah, forgot to svn add the actual script from r223310 2011-06-19 22:59:54 +00:00
Doug Barton
d732b516ea Add the netwait rc.d script. It waits for the specified period for the
network to become active.

PR:		conf/151063
Submitted by:	Jeremy Chadwick <freebsd@jdc.parodius.com>
2011-06-19 22:48:40 +00:00
Doug Barton
aff92fcbb9 Add rc.d/kld to load kernel modules after local disks are up.
This method is many times faster than doing it in /boot/loader.conf.
2011-06-18 19:41:05 +00:00
Hiroki Sato
1e1c0371e6 - Remove $ipv6_gateway_enable check.
- Use list_net_interfaces() instead of "ifconfig -l".
2011-06-11 21:41:44 +00:00
Rick Macklem
34eb31ca42 Make three one line changes to the rc scripts so that
they work with the new NFS client being the default,
since the new NFS client's module name is nfscl and
not nfsclient.
2011-06-11 21:14:22 +00:00
Hiroki Sato
88492dfb20 Remove redundant keywords.
Submitted by:	wxs
2011-05-17 07:40:13 +00:00
Rick Macklem
a0c2c3691c Change the new NFS server so that it uses vfs.nfsd naming
for its sysctls instead of vfs.newnfs. This separates the
names from the ones used by the client.
2011-05-08 01:01:27 +00:00
Dag-Erling Smørgrav
4a421b6336 Upgrade to OpenSSH 5.8p2. 2011-05-04 07:34:44 +00:00
Rick Macklem
afea74655f Fix module names and dependencies so the NFS clients will
load correctly as modules after r221124.
2011-04-27 20:42:30 +00:00
Rick Macklem
6bb544780b Update the /etc/rc.d scripts for mountd and nfsd so they
can use the "-o" option to force the old NFS server to run.
Running the old NFS server is enabled by setting
oldnfs_server_enable="YES". The scripts will only enable
providing service for NFSv4 if nfsv4_server_enable="YES"
is set.

Reviewed by:	dougb (rc)
2011-04-26 00:22:17 +00:00
Doug Barton
fb91147e08 Create a function for the code from r192246 so that it can be used both
times mount is called.

Limit the automatic behavior to when AUTO is specified (as it is in
etc/defaults/rc.conf) and for everything else take advantage of all
of the goodness in checkyesno.
2011-04-25 06:03:22 +00:00
Doug Barton
d63de2e297 Add svn:executable property 2011-04-25 05:57:01 +00:00
Doug Barton
8028832653 Introduce to rc.subr get_pidfile_from_conf(). It does just what it sounds
like, determines the path to a pid file as it is specified in a conf file.

Use the new feature for rc.d/named and rc.d/devd, the 2 services in the
base that list their pid files in their conf files.

Remove the now-obsolete named_pidfile, and warn users if they have it set.
2011-04-23 04:26:31 +00:00
Edward Tomasz Napierala
cb89c25099 Add startup script, to load rules from /etc/rctl.conf.
Sponsored by:	The FreeBSD Foundation
Reviewed by:	kib (ealier version)
2011-03-30 18:32:45 +00:00
Ed Maste
86fdaae573 Replace ${SYSCTL_W} with ${SYSCTL} in rc.d scripts, as they are identical.
This is a further clean up after r202988.

SYSCTL_W is still initialized in rc.subr as some ports may still use it.
2011-03-30 01:19:00 +00:00
Jeff Roberson
aa0a1e58f0 - Merge in OFED 1.5.3 from projects/ofed/head 2011-03-21 09:58:24 +00:00
Doug Barton
19cc9846fe Remove the svn:executable property on Makefile
Add it on hastd
2011-03-13 08:22:46 +00:00
Pawel Jakub Dawidek
6be04ba681 Commit two more files missed in r219089.
MFC after:	1 month
2011-02-27 19:44:10 +00:00
Pawel Jakub Dawidek
35d77156fa Recognize 'reload' command, as hastd can be reloaded with the SIGHUP signal.
MFC after:	1 week
2011-02-27 11:40:20 +00:00
Doug Barton
e1c7c9d377 The new accounting file needs to be 644 so that unprivileged users
can use lastcomm(1)
2011-02-24 06:28:48 +00:00
Doug Barton
0a6cd3ac6d Update how accounting log files are rotated.
The old version had a race between the time that the old file was
cp'ed to acct.0 and the time that 'sa -s' was run that prevented
the commands that occurred in the meantime from being backed up.

It's also arguable that the old version was inefficient in using
cp which can be a problem on a space-constrained system.

This version avoids both problems, albeit it's considerably more
complicated. The advantage of putting the log rotation in the rc.d
script is that it can handle the _enable and _file questions without
having to do gymnastics to discover either value in the periodic script.

As a side effect of reviewing the rc.d script I cleaned it up a bit.
2011-02-22 21:13:40 +00:00
Doug Barton
606fffda66 Let rpcbind clean up after itself 2011-01-31 21:03:08 +00:00
Warner Losh
212dfb3236 Don't require /usr/lib/aout to be on the system. Test for its
existance since we don't generally need it.

MFC after:	1 week
2011-01-06 21:09:22 +00:00
Doug Barton
be59eea018 Add pidfile [1]
While I'm here, don't run the sysctl frob unconditionally, and
s/sysctl/$SYSCTL/

PR:		conf/153460 [1]
Submitted by:	Grigory Rechistov <ggg_mail@inbox.ru>
2010-12-27 22:52:47 +00:00
Kevin Lo
1fd114b406 Add pf in quiet mode 2010-12-17 09:38:55 +00:00
Doug Barton
5c0612b199 Add a sync to the shutdown step. In the common case this will be harmless
at worst. On a heavily loaded server it will give the fs a chance to do
its business without the axe hanging over its head.

Submitted by:	ivoras
2010-11-25 18:20:28 +00:00
Pawel Jakub Dawidek
24b7ca3412 Add gptboot_enable rc variable, which allows to turn gptboot reporting off in
case user wants to implement his own actions and doesn't want the attributes to
vanish.

Obtained from:	Wheel Systems Sp. z o.o. http://www.wheelsystems.com
MFC after:	3 days
2010-11-24 15:25:17 +00:00
Ed Maste
e64241487f /etc/rc.d/defaultroute currently bails immediately if all interfaces
set to use DHCP have no carrier.  This can cause grief as it may take
some time for link to be established, and defaultroute may terminate
before this happens.

Introduce a defaultroute_carrier_delay variable and then wait that long
in defaultroute before bailing if no interfaces have carrier.  With the
default settings defaultroute will wait for five seconds for this, and
the original 30 second wait for a default route to appear is unchanged.
Note that there is in discussion an alternative approach to the broader
problem of waiting for DHCP-configured routes.  However, this change
addresses a real problem in the current defaultroute script.

Discussed on:	freebsd-rc@
2010-09-29 13:08:23 +00:00
Warner Losh
8f3ec30476 Prefer echo over printf 2010-09-27 15:55:39 +00:00
Pawel Jakub Dawidek
867b3ba46a Add gptboot script that is responsible for:
- looking for partition with 'bootonce' attribute alone (without 'bootme'
  attribute), removing it and logging that we successfully booted from this
  partition.
- looking for partitions with 'bootfailed' attribute, removing it and
  logging that we failed to boot from this partition.

Reviewed by:	arch (Message-ID: <20100917234542.GE1902@garage.freebsd.pl>)
Obtained from:	Wheel Systems Sp. z o.o. http://www.wheelsystems.com
MFC after:	2 weeks
2010-09-24 19:53:55 +00:00
Hiroki Sato
d3a8a8b9fa Split $ipv6_prefer into $ip6addrctl_policy and $ipv6_activate_all_interfaces.
The $ip6addrctl_policy is a variable to choose a pre-defined address
selection policy set by ip6addrctl(8).
The keyword "ipv4_prefer" sets IPv4-preferred one described in Section 10.3,
the keyword "ipv6_prefer" sets IPv6-preferred one in Section 2.1 in RFC 3484,
respectively.  When "AUTO" is specified, it attempts to read
/etc/ip6addrctl.conf first.  If it is found, it reads and installs it as
a policy table.  If not, either of the two pre-defined policy tables is
chosen automatically according to $ipv6_activate_all_interfaces.

When $ipv6_activate_all_interfaces=NO, interfaces which have no corresponding
$ifconfig_IF_ipv6 is marked as IFDISABLED for security reason.

The default values are ip6addrctl_policy=AUTO and
ipv6_activate_all_interfaces=NO.

Discussed with:	ume and bz
2010-09-13 19:55:40 +00:00
Hiroki Sato
abe3ac576a Add $ipv6_privacy to support net.inet6.ip6.use_tempaddr. Note that this
will be replaced with a per-IF version later.

Based on:	changes in r206408 by dougb
2010-09-13 19:52:46 +00:00
Hiroki Sato
c5ad71aff5 Revert changes in r206408.
Discussed with:	dougb, core.5, and core.6
2010-09-13 19:51:15 +00:00
Daichi GOTO
6f0bcd4110 Avoid to try to remove suj journal file (.sujournal) and conventional
snapshot directory (.snap) from cleartmp rc.d script.
2010-09-05 05:44:40 +00:00
Jilles Tjoelker
32c50473a8 Allow starting /etc/rc.d/ipmon if ipnat is enabled but ipfilter is not
(in /etc/rc.conf).

This fixes an apparent confusion between test(1) and sh(1) syntax for
AND/OR.

PR:		conf/149036
Submitted by:	pluknet
MFC after:	1 week
2010-08-01 15:41:00 +00:00
Doug Barton
2822c33f8c This change does the following for the scripts that run up through
FILESYSTEMS (the default early_late_divider):
1. Move sysctl to run first
2. Move as many BEFOREs to REQUIREs as possible.
3. Minor effect, move hostid_save from right before mdconfig to right
   after.

A lot of the early scripts make use of sysctl one way or another so
running this first makes a lot of sense given that system-critical
values are often placed in sysctl.conf.

My original purpose for working on this was that while doing some
debugging on other stuff I noticed that the order of execution was
different in the first pass through the early scripts and the second.
In practice that doesn't matter because the scripts are not executed the
second time. However this _can_ result in problems if the difference in
the rcorder moves a script from the late section to the early section in
the second pass (which would mean the script would not get executed).
So, I wanted to make the order of execution of the scripts in the early
section more deterministic.

In the course of debugging the ordering problems I noticed that moving
the BEFOREs to REQUIREs prevented the changes in order from the first
pass to the second pass without having to make any substantial changes.
(Of course it's no secret that I think BEFORE should be avoided as much
as possible, but this is a good example of why.)

Reviewed by:	silence on freebsd-rc@
MFC after:	8.1-RELEASE
2010-05-19 19:03:19 +00:00
Doug Barton
2557f5bf0a Remove trailing white space. No functional changes. 2010-05-14 04:53:57 +00:00
Doug Barton
a16334d031 In the case where named_chroot_autoupdate is NOT set, but
named_chrootdir IS set, named-checkconf fails because it
cannot find the conf file. Fix this by making checkconf a
variable that includes "-t $named_chrootdir" as needed.
Notice of the bug and suggested direction for the fix from [1].

Using required_files for named.conf is overkill ever since
I added the named-checkconf call, so rather than update the
logic to handle the case described above, remove it. This
also handles the case where named_chroot_autoupdate IS set
but the symlink doesn't exist yet.

PR:		conf/145904
Submitted by:	J R Matthews
2010-04-28 22:29:17 +00:00
Hajimu UMEMOTO
b13cc627c7 Better handling of ipv6_default_interface using
net.inet6.ip6.use_defaultzone=1.  Now, it works IPv6 link-local
unicast addresses as well as IPv6 link-local multicast addresses.

MFC after:	1 week
2010-04-26 15:31:58 +00:00
Rui Paulo
7a246d0b14 Add ubthidhci.
MFC after:	2 days
2010-04-16 16:49:42 +00:00
Rui Paulo
c6c608b33d Add rc.d/ubthidhci. This small script calls usbconfig(1) to change a USB
Bluetooth controller from HID mode to HCI mode.

MFC after:	1 week
2010-04-09 17:32:38 +00:00
Doug Barton
8aa4c57946 Improve the handling of IPv6 configuration in rc.d. The ipv6_enable
and ipv6_ifconfig_<interface> options have already been deprecated,
these changes do not alter that.

With these changes any value set for ipv6_enable will emit a
warning. In order to avoid a POLA violation for the deprecation
of the option ipv6_enable=NO will still disable configuration
for all interfaces other than lo0. ipv6_enable=YES will not have
any effect, but will emit an additional warning. Support and
warnings for this option will be removed in FreeBSD 10.x.

Consistent with the current code, in order for IPv6 to be configured
on an interface (other than lo0) an ifconfig_<interface>_ipv6
option will have to be added to /etc/rc.conf[.local].

1. Clean up and minor optimizations for the following functions:
ifconfig_up (the ipv6 elements)
ipv6if
ipv6_autoconfif
get_if_var
_ifconfig_getargs
The cleanups generally were to move the "easy" tests earlier in the
functions, and consolidate duplicate code.

2. Stop overloading ipv6_prefer with the ability to disable IPv6
configuration.

3. Remove noafif() which was only ever called from ipv6_autoconfif.
Instead, simplify and integrate the tests into that function, and
convert the test to use is_wired_interface() instead of listing
wireless interfaces explicitly.

4. Integrate backwards compatibility for ipv6_ifconfig_<interface>
into _ifconfig_getargs. This dramatically simplifies the code in
all of the callers, and avoids a lot of other code duplication.

5. In rc.d/netoptions, add code for an ipv6_privacy option to use
RFC 4193 style pseudo-random addresses (this is what windows does
by default, FYI).

6. Add support for the [NO]RTADV options in ifconfig_getargs() and
ipv6_autoconfif(). In the latter, include support for the explicit
addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done
in the current code.

7. In rc.d/netif add a warning if $ipv6_enable is set, and remove
the set_rcvar_obsolete for it. Also remove the latter from
rc.d/ip6addrctl.

8. In /etc/defaults/rc.conf:

Add an example for RTADV configuration.

Set ipv6_network_interfaces to AUTO.

Switch ipv6_prefer to YES. If ipv6_enable is not set this will have
no effect.

Add a default for ipv6_privacy (NO).

9. Document all of this in rc.conf.5.
2010-04-09 01:35:09 +00:00
Jaakko Heinonen
7d4bbea850 Use an unique directory name instead of hardcoded /tmp/.diskless.
A malicious user could create a file named /tmp/.diskless and cause
the script to misbehave.

PR:		conf/141258
Reported by:	Jon Passki
MFC after:	1 week
2010-03-13 12:02:44 +00:00
Doug Barton
5d3cc6a4f7 Implement the idea of parallel-only-at-start-time in a cleaner, more
rc.d'ish way.

Not objected to by:	netchild
2010-03-07 04:26:21 +00:00
Alexander Leidinger
333fb1c996 Redirect stdin from /dev/null when starting a jail:
At least in RELENG_7 this fixes some start problems for some programs
  from the ports. It is also more correct, as a jail shall not expect
  input (interactivity) from the jail-host.

Revert the current behavior of starting jails in the background and
make it optional only for the start of jails (jail_parallell_start=YES
in rc.conf):
 - The stop can not be done in the background, the system needs to wait
   until everything is stopped correctly before it can reboot or power
   down.
 - The start should not be done in parallel by default, this not only
   breaks POLA for people comming from RELENG_x, it may also break a
   dependency chain with other scripts in the jail-host, which need to
   do some stuff after the jails are up and running (e.g. hardlinking
   a mysql socket from one jail into another one).

Discussed on:	freebsd-jails@
2010-03-05 14:34:33 +00:00
Hajimu UMEMOTO
f0cba49cf4 Add the shutdown KEYWORD.
Pointed out by:	dougb
MFC after:	3 days
2010-02-27 19:02:21 +00:00
Pawel Jakub Dawidek
c3a9f615e6 Add missing KEYWORD line.
Pointed out by:	dougb
2010-02-19 09:18:26 +00:00
Pawel Jakub Dawidek
bc6237f5b0 Remove some lines left over by accident. 2010-02-18 23:20:15 +00:00
Pawel Jakub Dawidek
32115b105a Please welcome HAST - Highly Avalable Storage.
HAST allows to transparently store data on two physically separated machines
connected over the TCP/IP network. HAST works in Primary-Secondary
(Master-Backup, Master-Slave) configuration, which means that only one of the
cluster nodes can be active at any given time. Only Primary node is able to
handle I/O requests to HAST-managed devices. Currently HAST is limited to two
cluster nodes in total.

HAST operates on block level - it provides disk-like devices in /dev/hast/
directory for use by file systems and/or applications. Working on block level
makes it transparent for file systems and applications. There in no difference
between using HAST-provided device and raw disk, partition, etc. All of them
are just regular GEOM providers in FreeBSD.

For more information please consult hastd(8), hastctl(8) and hast.conf(5)
manual pages, as well as http://wiki.FreeBSD.org/HAST.

Sponsored by:	FreeBSD Foundation
Sponsored by:	OMCnet Internet Service GmbH
Sponsored by:	TransIP BV
2010-02-18 23:16:19 +00:00
Maksim Yevmenkin
fafa9c3c9a Introduce new rc.conf variable firewall_coscripts. It can be used to
specify list of executables and/or rc scripts that should be executed
after firewall starts/stops.

Submitted by:	Yuri Kurenkov <y dot kurenkov at init dot ru>
Reviewed by:	rhodes, rc@
MFC after:	1 week
2010-02-08 18:51:24 +00:00
Hajimu UMEMOTO
e60d067996 Add rc.d script for the rtsold(8) daemon.
The rtsol(8) handles just one RA then exit.  So, the OtherConfig flag
may not be handled well by rtsol(8) in the environment where there are
multiple RA servers on the segment.  In such case, rtsold(8) will be
your friend.

Reviewed by:	hrs
MFC after:	2 weeks
2010-02-03 16:18:42 +00:00
Hajimu UMEMOTO
98255d746a Allow use of -6 option to "server" and "peer" in ntp.conf.
MFC after:	1 week
2010-01-30 16:34:52 +00:00
Konstantin Belousov
c4c1575a01 Do not check for existence of symlink source for the link action. This
does not work for link in subdirectory, and sometimes it is useful to
create symlink in advance for dynamically created device node.

MFC after:	1 week
2010-01-23 11:42:31 +00:00
Ed Schouten
1e40039260 Let rc and periodic infrastructure and newsyslog use the utmpx files. 2010-01-13 19:07:48 +00:00
Xin LI
f91970991a Set svn:executable to *.
MFC after:	1 month
2010-01-11 23:32:36 +00:00
Gavin Atkinson
4c40efa74a Forced commit, to provide correct commit message for r201440:
Don't complain when we encounter the "cache" source, it's valid.  Also fix
the error message to include a line feed and not include a stray comma.

PR:		bin/121671
Submitted by:	Artis Caune  artis.caune gmail.com
Approved by:	ed (mentor)
MFC after:	2 weeks

While here, change "> /dev/stderr" for more usual ">&2"

Submitted by:	jilles
2010-01-03 21:27:10 +00:00
Gavin Atkinson
3e736db050 The default hash table size is 257 not 255. Reword the rest of the line
slightly while here.

PR:		bin/121671
Submitted by:	Artis Caune  artis.caune gmail.com
Approved by:	ed (mentor)
2010-01-03 19:14:22 +00:00
Doug Barton
1323e3dbec s/named_confidr/named_confdir/ in the rndc.key check. The line in
the command to create it was right, but the check was wrong, so it
was getting created every time. Mea culpa.

Submitted by:	oliver
2010-01-01 22:10:07 +00:00
Doug Barton
2128551758 The script hard-coded the assumption that the "configuration directory"
would be "/etc/namedb" in a number of places. Since the user may make
a different choice, introduce a new internal variable, named_confdir
that is generated relative to the location of $named_conf.

While this will work for some things (especially a highly customized
build from ISC source) there are still a number of places where
/etc/namedb is assumed that it is not easily virtualized (E.g., mtree).
If you deviate from the defaults you'd better know what you're doing. :)
2010-01-01 19:06:00 +00:00
Doug Barton
f25291f3a1 Since the change to rc.subr in r198162 it's not necessary to specify
command in the rc.d script if we have a corresponding ${name}_program
entry, which we do for named.

Rename named_precmd to named_prestart to make it more clear and match
convention.

Move the command_args definition related to -u up into _prestart().
It (and the associated $named_uid value) are only used there, and
unlike required_* and pidfile don't need to be used until this stage.

Fix a silly bug that would only have affected people who were using
the new named_wait or named_auto_forward features, AND had set up an
rndc.conf file instead of using the automatically generated rndc.key.

For named_conf:
	Add "-c $named_conf" to command_args if it's not set to the
	default. If it is set to the default and we're using the base
	BIND it's not necessary. If we're using BIND from the ports
	the user is likely to have included it in _flags (due to long
	necessity for doing so) so don't duplicate that if it's set.

	Add $named_conf to required_files
2009-12-12 21:51:50 +00:00
Hajimu UMEMOTO
2bba0e1a00 Unify rc.firewall and rc.firewall6, and obsolete rc.firewall6
and rc.d/ip6fw.

Reviewed by:	dougb, jhb
MFC after:	1 month
2009-12-02 15:05:26 +00:00
Remko Lodder
eabd1bcb21 Execute the start/stop process of a jail in the background.
This will prevent that the script hangs during startup, which
could cause annoying effects after rebooting for example.

PR:		kern/139422
Submitted by:	Andrey Groshev <greenx at yartv dot ru>
Approved by:	imp (mentor, implicit)
MFC after:	3 days
Facilitated by:	Snow B.V.
2009-11-02 09:56:46 +00:00
Hiroki Sato
da5f0a6fac Use double-quotation marks to fix the unexpanded variable issue.
Spotted by:	swell.k
2009-10-23 09:30:19 +00:00
Doug Barton
c5a82ce01d Remove a circular dependency on routing
Submitted by:	Mykola Dzham <freebsd@levsha.org.ua>
Approved by:	hrs
2009-10-17 21:09:15 +00:00
Doug Barton
70d4ef1ea1 In regards to the "Starting foo:" type messages at boot time, create and
employ a more generic solution, and use it in the individual rc.d scripts
that also have an $rc_quiet test:

1. Add check_startmsgs() to rc.subr.
2. In the rc.d scripts that use rc_quiet (and rc.subr) substitute
variations of [ -z "$rc_quiet" ] with check_startmsgs
3. In savecore add a trailing '.' to the end of the message to make it
more consistent with other scripts.
4. In newsyslog remove a : before the terminal '.' since we do not expect
there to be anything printed out in between to make it more consistent.
5. In the following scripts change "quotes" to 'quotes' where no variables
exist in the message: savecore pf newsyslog
6. In the following scripts substitute if/then/fi for the simpler (and
more consistent) check_startmsgs &&: faith stf
7. In the following scripts separate the "Starting foo:" from the terminal
'.' to make them more consistent: moused hostname pf
8. In nfsclient move the message to its own line to avoid a style bug
9. In pf rc_quiet does not apply to the _stop method, so remove the
test there.
10. In motd add 'quotes' around the terminal '.' for consistency
2009-10-10 22:17:03 +00:00
Hiroki Sato
df2b25f6ee - Enable an afexists() check only when no AF argument is specified.
- Simplify helper functions.

Discussed with:	ume
2009-10-02 20:19:53 +00:00
Hiroki Sato
b5a70c98b2 The net.inet.tcp.log_in_vain accepts 0, 1 or 2, not Y/N. 2009-10-02 06:51:39 +00:00
Hiroki Sato
ccbc06d893 Revert the previous afexists() change. Knobs configured explicitly by
the user should not be ignored if possible even if the kernel does not
support the prerequisite feature.

Discussed with:	ume
2009-10-02 06:19:34 +00:00
Hiroki Sato
e248dc09a8 - Split routing_*() and option_*() to *_AF() and add afexists() check
for each address family.  Replace AF_static() with static_AF() for
  consistency.

- Display a message only if the user sets a non-default value, and set
  a sysctl explicitly even if it is the default value.
2009-10-02 02:28:59 +00:00
Hiroki Sato
01ce5591ad - Fix logic inversion bug of net.inet.tcp.rfc1323[*].
- Split netoptions_start() to netoptions_AF() and add afexists() check
  for each address family.

- Display a message only if the user sets a non-default value, and set
  a sysctl explicitly even if it is the default value.

Spotted by:	Pegasus Mc Cleaft[*]
2009-10-02 02:27:49 +00:00
Hiroki Sato
b558571de6 - Add AF_IPX and AF_NATM to afexists().
- Add afexists() check to address family specific rc.d scripts.  A
  script for an AF will be silently ignored if the kernel has no
  support for the AF.
2009-10-02 02:24:25 +00:00
Hajimu UMEMOTO
db4abd60a3 Don't do an IPv6 operation when the kernel doesn't have
an IPv6 support.

Reported by:	Alexander Best <alexbestms__at__math.uni-muenster.de>
Confirmed by:	Paul B. Mahol <onemda__at__gmail.com>,
		Alexander Best <alexbestms__at__math.uni-muenster.de>
2009-09-30 14:58:10 +00:00
Hiroki Sato
97c8942c91 Use ipv6if() when $rtadvd_interfaces="AUTO". 2009-09-26 19:00:47 +00:00
Hiroki Sato
27fa984efd Move rc.d/{stf,faith} to just before rc.d/routing.
Pointed out by:	tegge
2009-09-26 19:00:20 +00:00
Hiroki Sato
2e77c5abfb Fix several logic bugs in the previous IPv6 variable change and
re-add $ipv6_enable support for backward compatibility.  From
UPDATING:

 1. To use IPv6, simply define $ifconfig_IF_ipv6 like $ifconfig_IF
    for IPv4.  For aliases, $ifconfig_IF_aliasN should be used.
    Note that both variables need the "inet6" keyword at the head.

    Do not set $ipv6_network_interfaces manually if you do not
    understand what you are doing.  It is not needed in most cases.

    $ipv6_ifconfig_IF and $ipv6_ifconfig_IF_aliasN still work, but
    they are obsolete.

 2. $ipv6_enable is obsolete.  Use $ipv6_prefer and/or
    "inet6 accept_rtadv" keyword in ifconfig(8) instead.

    If you define $ipv6_enable=YES, it means $ipv6_prefer=YES and
    all configured interfaces have "inet6 accept_rtadv" in the
    $ifconfig_IF_ipv6.  These are for backward compatibility.

 3. A new variable $ipv6_prefer has been added.  If NO, IPv6
    functionality of interfaces with no corresponding
    $ifconfig_IF_ipv6 is disabled by using "inet6 ifdisabled" flag,
    and the default address selection policy of ip6addrctl(8)
    is the IPv4-preferred one (see rc.d/ip6addrctl for more details).
    Note that if you want to configure IPv6 functionality on the
    disabled interfaces after boot, first you need to clear the flag by
    using ifconfig(8) like:

         ifconfig em0 inet6 -ifdisabled

    If YES, the default address selection policy is set as
    IPv6-preferred.

    The default value of $ipv6_prefer is NO.

 4. If your system need to receive Router Advertisement messages,
    define "inet6 accept_rtadv" in $ifconfig_IF_ipv6.  The rc(8)
    scripts automatically invoke rtsol(8) when the interface becomes
    UP.  The Router Advertisement messages are used for SLAAC
    (State-Less Address AutoConfiguration).
2009-09-26 18:59:00 +00:00
Ed Maste
66e5a431cf Protect cross-script invocation by checking that the target script exists.
This allows pruning of rc.d scripts without getting too many ugly boottime
error messages.

Inspired by phk's r128714 change to netif.
2009-09-14 16:52:38 +00:00
Bjoern A. Zeeb
fc261d1dfa Correct a copy and paste error using the variable name from the
legacy IP handling rather than the IPv6 version.

Reported by:	Pegasus Mc Cleaft (ken mthelicon.com)
Tested by:	Pegasus Mc Cleaft (ken mthelicon.com)
MFC after:	2 days
X-MFX with:	r197139
2009-09-13 20:19:02 +00:00
Hiroki Sato
084a977959 Use is_wired_interface() instead of hard-coded interface device
names.

Pointed out by:	sam
2009-09-12 23:00:01 +00:00
Hiroki Sato
b528b5502b Add an extension of set_rcvar(), a new function set_rcvar_obsolete(),
and $desc.

The set_rcvar_obsolete() is for displaying an obsolete variable
and the new one.  More specifically, a warning is displayed when
a variable is removed or changed in the source tree and the user
still defines the old one.

$router* and $ipv6_router* are replaced with $routed_* and
$route6d_* for consistency.  The old variables still work but
can be removed in the future.

MFC after:	3 days
2009-09-12 22:19:48 +00:00
Hiroki Sato
40e0d27fc1 Use RCng coding convention.
MFC after:	3 days
2009-09-12 22:17:52 +00:00
Hiroki Sato
70a873df0f - Add "AUTO" keyword support in $rtadvd_interfaces.
- Wrap a long line.

MFC after:	3 days
2009-09-12 22:14:21 +00:00
Hiroki Sato
5d595cb88e Integrate rc.d/network_ipv6 into rc.d/netif:
- Add rc.d/stf and rc.d/faith for stf(4) and faith(4).
- Remove rc.d/auto_linklocal and rc.d/network_ipv6.
- Move rc.d/sysctl to just before FILESYSTEMS because rc.d/netif
  depends on some sysctl variables.

Reviewed by:	brooks
MFC after:	3 days
2009-09-12 22:13:41 +00:00
Xin LI
28ef31c725 Localize 'e'.
Submitted by:	dougb
2009-08-25 20:05:51 +00:00
Xin LI
7064977fd9 Add a new rc.d script, static_arp, which enables the administrator to
statically bind IPv4 <-> MAC address at boot time.

In order to use this, the administrator needs to configure the following
rc.conf(5) variable:

 - static_arp_pairs: A list of names for static bind pairs, and,
 - a series of static_arp_(name): the arguments that is being passed to
   ``arp -S'' operation.

Example:
  static_arp_pairs="gw"
  static_arp_gw="192.168.1.1 00:01:02:03:04:05"

See the rc.conf(5) manual page for more details.

Reviewed by:	-rc@
MFC after:	2 weeks
2009-08-25 19:07:26 +00:00
Doug Barton
3198bdba61 Fix the typo mentioned in the PR, and one additional.
Fix caps while I'm here.

PR:		conf/138087
Submitted by:	Chris Petrik <c.petrik.sosa@gmail.com>
2009-08-23 05:56:54 +00:00
Doug Barton
86567e4164 Move is_wired_interface() from rc.d/wpa_supplicant into network.subr,
simplify it a bit, and make use of that method to determine if an
interface is a candidate for IPv6 rtsol rather than listing all of the
possible wireless interfaces that should _not_ get rtsol'ed.

This change is only relevant for 8.0+ unless the "wlan mandatory" code
gets ported back to RELENG_7.
2009-08-23 05:47:19 +00:00
Pawel Jakub Dawidek
d5d7e76d2b Currently there is a problem with fscking UFS file systems created on
top of ZVOLs. The problem is that rc.d/fsck runs before rc.d/zfs. The
latter makes ZVOLs to appear in /dev/. In such case rc.d/fsck cannot
find devfs entry and aborts. We cannot simply move rc.d/zfs before
rc.d/fsck, because we first want kern.hostid to be configured (by
rc.d/hostid). If we won't wait (hostid will be 0) we can reuse disks
which are in use by different systems (eg. in SAN/NAS environment).
We also cannot move rc.d/hostid before rc.d/fsck, because rc.d/hostid on
first system start stores generated kern.hostuuid in /etc/hostid file,
so it needs root file system to be mounted read-write.

The fix is to split rc.d/hostid so that rc.d/hostid (which will now run
before rc.d/fsck) only generates hostid and sets up sysctls, but doesn't
touch root file system and rc.d/hostid_save (which is run after
rc.d/root) and only creates /etc/hostid file.

With that in place, we can move ZVOL initialization to dedicated
rc.d/zvol script which runs before rc.d/fsck.

PR:		conf/120194
Reported by:	James Snow <snow@teardrop.org>
Reviewed by:	brooks
Approved by:	re (kib)
MFC after:	2 weeks
2009-07-29 05:23:52 +00:00
Doug Barton
5ca51aad69 Reverse the effect of r193198 for pf and ipfw which will once again
allow them to start after netif. There were too many problems reported
with this change in the short period of time that it lived in HEAD, and
we are too late in the release cycle to properly shake it out.

IMO the issue of having the firewalls up before the network is still a
valid concern, particularly for pf whose default state is wide open.
However properly solving this issue is going to take some investment
on the part of the people who actually use those tools.

This is not a strict reversion of all the changes for r193198 since it
also included some simplification of the BEFORE/REQUIRE logic which is
still valid for ipfilter and ip6fw.
2009-06-26 01:04:50 +00:00
Andriy Gapon
9af31fe2f8 rc.d/fsck: allow additional options for fsck_y_enable via fsck_y_flags
Primary intention is to allow to pass -C option to avoid (re-)checking
clean filesystems when preening fails and fsck -y kicks in.

Submitted by:	marck
Reviewed by:	current@
Approved by:	jhb (mentor)
MFC after:	1 week
2009-06-10 19:03:23 +00:00
Ed Schouten
87fa155012 Small cleanups to the jail script:
- Remove redundant debugging of consolelog.
- Use `while :', instead of `while [ true ]'. This is done in other
  places as well.

Submitted by:	Jille Timmermans <jille quis cx> (not jilles)
Reviewed by:	jilles
2009-06-10 18:18:14 +00:00
Rick Macklem
f0a011a1b1 Add support for the experimental nfs subsystem to the scripts in
/etc/rc.d. They use the following new rc variables:
  nfsv4_server_enable - set to "YES" to run the experimental server
  nfsuserd_enable - set to "YES" to run nfsuserd for NFSv4 client and
    server
  nfsuserd_flags - command line flags for nfsuserd
  nfscbd_enable - set to "YES" to run the experimental nfs client's
    NFSv4 callback daemon
  nfscbd_flags - command line flags for nfscbd

Reviewed by:	dougb
Approved by:	kib (mentor)
2009-06-02 22:15:47 +00:00
Doug Barton
a3f6188b53 Make the pf and ipfw firewalls start before netif, just like ipfilter
already does. This eliminates a logical inconsistency, and a small
window where the system is open after the network comes up.
2009-06-01 05:35:03 +00:00
Doug Barton
a3e42d03b9 Substitute ypset for ypbind in REQUIRE lines. If you use ypset it has to
happen right after ypbind, and before anything that uses NIS. The only
change in rcorder accomplished by this patch is make that happen.

PR:		conf/117555
Submitted by:	John Marshall <john@rwsrv05.mby.riverwillow.net.au>
2009-06-01 04:55:13 +00:00
Doug Barton
fe9e60d287 Small cleanup, add (spurious) quotation marks around the value
for name= to make these scripts consistent with the rest.
2009-05-30 21:51:38 +00:00
Doug Barton
38e2331796 As previously advertised, remove this script prior to the 8.0 branch. 2009-05-30 19:38:51 +00:00
Robert Watson
8ab21fb261 Further idmapd garbage collection -- remove rc.d Makefile reference and
default settings.

Submitted by:	Pawel Worach <pawel.worach at gmail.com>
2009-05-22 13:56:16 +00:00
Robert Watson
86ce6a83d1 Remove the unmaintained University of Michigan NFSv4 client from 8.x
prior to 8.0-RELEASE.  Rick Macklem's new and more feature-rich NFSv234
client and server are replacing it.

Discussed with:	rmacklem
2009-05-22 12:35:12 +00:00
Daniel Gerzo
d4d65a21bc - do not create and mount new file systems on top of the old ones on every
invocation of this script once we already have one
  (in case tmpmfs="YES").

Reviewed by:	dougb
2009-05-17 08:25:02 +00:00
Doug Barton
94d77159ae 1. New feature; option to have the script loop until a specified hostname
(localhost by default) can be successfully looked up. Off by default.
2. New feature: option to create a forwarder configuration file based on
the contents of /etc/resolv.conf. This allows you to utilize a local
resolver for better performance, less network traffic, custom zones, etc.
while still relying on the benefits of your local network resolver.
Off by default.
3. Add named-checkconf into the startup routine. This will prevent named
from trying to start in a situation where it would not be possible to do
so.
2009-05-16 20:55:28 +00:00
Doug Barton
1adf50eea8 Trim trailing whitespace from the end of a line 2009-05-16 20:26:01 +00:00
Ruslan Ermilov
f3320e5fd8 Added (pre|post)(start|stop) jail hooks. These can be used to run
arbitrary commands (outside the jail) associated with said events,
e.g. to bring up/down CARP interfaces representing services run in
jails.

Reviewed by:	simon
2009-04-28 09:45:32 +00:00
Maksim Yevmenkin
f631c013c2 - Add ipfw_nat to the list of required modules if "firewall_nat_enable"
is set and "natd_enable" is NOT set;

- Accept and pass firewall type to the external firewall script.

Submitted by:		Yuri Kurenkov < y -dot- kurenkov -at- init -dot- ru >
MFC after:		3 days
No response from:	freebsd-rc
2009-03-30 21:31:52 +00:00
Guido van Rooij
2c52c7f05d Backout previous commit due to PEBKAC 2009-03-11 12:55:12 +00:00
Guido van Rooij
9dbd9d018b When swap resides on a mirror and it is not stopped, the mirror
is degraded upon the next reboot and will have to be rebuild.
Thus call swapoff when rebooting (read: when stopping swap1)
2009-03-10 15:19:49 +00:00
Mike Makonnen
553bf6a453 Rename the rc.conf(5) knob if_up_delay to defaultroute_delay to better
reflect its purpose.
2009-02-17 11:55:50 +00:00
Mike Makonnen
0dca64d80d Reword informational message by rc.d/defaultroute.
PR:		conf/131458
2009-02-11 09:18:09 +00:00
Bjoern A. Zeeb
507fe729a1 Named normally cannot be started chrooted inside a jail. Thus treat
the jail case specifically. In case we find a proper pre-seeded
devfs in the chroot path (mounted from the base system) permit
starting chrooted else give proper warn/error messages.

PR:		conf/103489
Reviewed by:	dougb
MFC after:	5 days
2009-02-07 16:37:02 +00:00
Mike Makonnen
bdc0df86f6 The 30 second wait for network interfaces to show up effectively makes the
time to boot an unplugged system 30 sec. longer for no good reason. Therefore,
add a check to make sure that any DHCP interfaces are plugged in before
waiting.
2009-02-02 15:33:22 +00:00
Warner Losh
5dc2a65eed Spawn one fewer shells on startup. We don't use dhcp_interfaces at
all in this function, and grep shows no other instances of it
(besides, this is a function, and in a sub-shell, so all changes are
local).
2009-01-30 03:41:45 +00:00
Giorgos Keramidas
9bad6e2c6d Backout change 187782. It inhibits ntpd from starting at all
when ntpd_sync_on_start is set.

Noticed by:	rafan
2009-01-29 06:43:29 +00:00
Giorgos Keramidas
2ba7d35b21 When synchronizing the clock at system startup time, use both
the -g and -q options.  They do a slightly different thing and
both are necessary when the time difference is large.

Noticed by:	danger, in the forums
Approved by:	roberto
MFC after:	1 week
2009-01-27 20:13:24 +00:00
Bjoern A. Zeeb
8154af81ff Update jail startup script for multi-IPv4/v6/no-IP jails.
Note: this is only really necessary because of the ifconfig
      logic to add/remove the jail IPs upon start/stop.
      Consensus among simon and I is that the logic should
      really be factored out from the startup script and put
      into a proper management solution.

- We now support starting of no-IP jails.
- Remove the global jail_<jname>_netmask option as it is only
  helpful to set netmasks/prefixes for the right address
  family and per address.
- Implement jail_<jname>_ip options to support both
  address familes with regard to ifconfig logic.
- Implement _multi<n> support suffix to the jail_<jname>_ip
  option to configure additional addresses to avoid overlong,
  unreadbale jail_<jname>_ip lines with lots of addresses.

Submitted by:	initial work from Ruben van Staveren
Discussed on:	freebsd-jail in Nov 2008.
Reviewed by:	simon, ru (partial, older version)
MFC after:	1 week
2009-01-26 12:59:11 +00:00
Brooks Davis
956cfb324c Correct a bug where /etc/rc.d/defaultroute fails to finish by printing a
newline when it fails to obtain an address via DHCP. This made the next
rc script begin its output on the same line.

PR:		conf
Submitted by:	Bruce Cran <bruce at cran dot org dot uk>
MFC after:	3 days
2008-12-17 17:35:14 +00:00
Doug Rabson
a9148abd9d Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager.  I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.

The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.

To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.

As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.

Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.

The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.

Sponsored by:	Isilon Systems
MFC after:	1 month
2008-11-03 10:38:00 +00:00
Pawel Jakub Dawidek
3239bc5923 ifconfig(8) can take only one interface at a time. 2008-10-30 20:24:25 +00:00
Ruslan Ermilov
85e5290d11 Allow a jail's IP alias to be created with an arbitrary netmask.
MFC after:	3 days
2008-09-24 15:18:27 +00:00
Andrew Thompson
51e1463035 Allow a jail to be started with a specific route fib.
Reviewed by:	secteam (simon)
Reviewed by:	brooks, bz
2008-09-16 20:18:25 +00:00
John Baldwin
a0f01ecb62 Add the ability to run /usr/sbin/crashinfo on a new core dump automatically
during boot.  Right now this is disabled by default, but it can be enabled
by setting 'crashinfo_enable=YES' in rc.conf.

MFC after:	2 weeks
2008-08-29 20:30:30 +00:00
Dag-Erling Smørgrav
e64eb994bf Make obrien happy 2008-08-25 16:28:54 +00:00
Rui Paulo
20c78c6e69 Cope with the file rename by changing rc variables. 2008-08-21 00:04:19 +00:00
David E. O'Brien
55a738ec2b Rename the RCng 'kernel' script to 'kernel_symlink'. 2008-08-20 03:02:06 +00:00
David E. O'Brien
5241279fa1 Rename the RCng 'kernel' script to 'kernel_symlink'.
Requested by: many
2008-08-19 14:23:31 +00:00
David E. O'Brien
01faf7789b Only symlink booted kernel directory to /boot/kernel if user has explicitly
requested it.  This is too dangerous to just do behind the admin's back.
2008-08-09 01:19:00 +00:00
Doug Barton
c1f84335c4 When using SRV records the protocols and services files need to be in the
chroot /etc directory.

PR:		conf/121101
Submitted by:	Stefan `Sec` Zehl <sec@42.org>
2008-08-01 06:11:33 +00:00
John Baldwin
4746c560a4 Oops, restore the recent changes to make startup messages quieter. 2008-07-31 22:13:14 +00:00
John Baldwin
4ceda705b7 Parse sysctl settings from /etc/sysctl.conf.local after /etc/sysctl.conf
if it exists.  This mirrors similar behavior for /boot/loader.conf and
/etc/rc.conf.

Obtained from:	Yahoo!
MFC after:	1 week
2008-07-31 21:57:35 +00:00
Marcel Moolenaar
9005d65e46 With uart(4) default, change /dev/cuad# to /dev/cuau# and
sio# to uart# so that out-of-the-box FreeBSD is consistent.
2008-07-19 20:12:02 +00:00
Marcel Moolenaar
7fc2c2bc83 With uart(4) default, change /dev/cuad# to /dev/cuau# and
sio# to uart# so that out-of-the-box FreeBSD is consistent.
2008-07-19 20:11:33 +00:00
Doug Barton
04f0f225dd Add the shutdown KEYWORD to those scripts that start persistent services
to allow them to do a "clean" shutdown.

I purposely avoided making changes to network-related stuff since the
system shutting down is pretty conclusive, and there may be complicated
dependencies on the network that I would rather not try to unravel.

I also skipped kerberos-related stuff for the reasons above, and
because I have no way to test it.
2008-07-16 19:50:29 +00:00
Doug Barton
2b9851690c As previously discussed, add the svn:executable property to all scripts 2008-07-16 19:22:48 +00:00
Mike Makonnen
5692c36098 The pfctl(8) program is already pretty verbose, so don't print extra
information in quiet mode.
2008-07-11 08:11:49 +00:00
Mike Makonnen
9300b74ce4 Remove the $DUMPDIR variable. It's redundant and the rest of the
script uses $dumpdir directly.
2008-07-06 08:31:29 +00:00
Mike Makonnen
f562910214 Make checking for the availability of core dumps work in the case
that $dumpdev is not set to "AUTO".

Reported by: Paul B. Mahol <onemda@gmail.com>
2008-07-06 07:51:29 +00:00
Mike Makonnen
7a711eb359 No need to display the result of enabling the ipfw sysctl if it's
successfull. Issue a warning if it fails, however.
2008-07-05 15:27:39 +00:00
Mike Makonnen
8144c9ac9b There's no need to announce that we're mounting local filesystems when
running in quiet mode since if we fail to mount any of them the boot
process gets interrupted.
2008-07-05 15:19:58 +00:00
Mike Makonnen
c5a80a7a3b Quiet down rc.d/nfsclient by not printing anything in 'quiet' mode. Instead
issue a warning of it fails to set the sysctls.
2008-07-05 15:13:21 +00:00
Mike Makonnen
cca7688f37 Backout r179941. The nfsclient knob always confuses me. I should have
double-checked my setup before commiting.

Noticed by: Florian Smeets
Pointy hat to: mtm
2008-06-27 15:45:17 +00:00
Mike Makonnen
522b9831bd Quiet rc.d/syscons unless it has something to say. 2008-06-24 21:01:56 +00:00
Mike Makonnen
45a5dc937d Add a -q flag to swapon(8) to suppress informational messages. Use it in
rc.d.
Note: errors are not affected by this flag.
2008-06-23 22:17:08 +00:00
Mike Makonnen
d9fcd86c3a The sysctl(8) program exits on some errors and only emits warnings on
others. In the case where it displayed warnings it would still return
succesfully. Modify it so that it returns the number of sysctls that
it was not able to set.

Make use of this in rc.d to display only *unsuccessfull* attempts to
set sysctls.
2008-06-23 22:06:28 +00:00
Mike Makonnen
2794059010 Run savecore(8) only if there is a core dump to save. If there is
no core dump hide the message to that effect behind $rc_quiet.
2008-06-23 20:54:32 +00:00
Mike Makonnen
b064049801 Implement a "quiet" mode for rc.d/netif, which only outputs
the interface name of interfaces that were configured.

This change has the added benefit that ifn_start() and
ifn_stop() in network.subr no longer write to standard output.
Whether to output and what to output is now handled entirely
in rc.d/netif.
2008-06-23 20:50:11 +00:00
Mike Makonnen
e2a76fa732 Set the sysctl(8) value in the same shell, not a subshell. This was
causing calls to netoptions_init() to not properly set a global variable,
which ended up being in the parent shell.
2008-06-23 12:06:35 +00:00
Mike Makonnen
94789e5ca4 Move a lot of diagnostic output behind $rc_quiet in scripts that
implement their own start command.
2008-06-23 04:46:54 +00:00
Mike Makonnen
252c018f5f Align the script more with rc.d/cleanvar (which doesn't output any
diagnostics). Instead, move output behind $rc_quiet.
2008-06-23 04:42:58 +00:00
Mike Makonnen
4af728134c Remove the -v flag from the command line to dumpon(8), and instead print
diagnostic ouput only if the command fails.
2008-06-23 04:39:36 +00:00
Mike Makonnen
3e9cc7692f Argh! s/nfs_client_enable/nfsclient_enable/g 2008-06-23 04:05:39 +00:00
Mike Makonnen
8b5adf2fab Do not print anything unless one of the net/routing options is set. 2008-06-23 04:00:45 +00:00
Mike Makonnen
b16a98ec6f s/daemon processes/local packages/ for consisitency. 2008-06-23 03:49:30 +00:00
Mike Makonnen
f27ca6ea2f Output information only if /etc/rc.local exists. 2008-06-22 16:23:39 +00:00
Mike Makonnen
3c81343da6 Do not print anything unless at least one of the abi emulators is
enabled.
2008-06-22 16:19:50 +00:00
Mike Makonnen
3dce702718 Simplify this script with the added bonus that the bit about i386
initialization doesn't get printed unless ibcs2_enable is set.
2008-06-22 15:57:50 +00:00
Mike Makonnen
69ad4d6960 Don't say we're going to mount filesystems of a certain type unless
there actually are filesystems of that type to mount.
2008-06-22 15:40:19 +00:00
Mike Makonnen
3773d8c3cf Don't say we're going to [start|stop] local packages unless there actually
are local (pre rc.d) scripts to run.
2008-06-22 15:34:40 +00:00
Mike Makonnen
7d28174b91 Make quota knob conform to other rc(8) knobs. Keep older knob for
compatibility.

Requested by: Volker <volker@vwsoft.com>
2008-06-19 07:06:11 +00:00
Brooks Davis
06118b48d0 Fix the wait for default route change I made a few weeks ago by creating
a new defaultroute script that just does the wait.  The previous attempt
created a circular dependency through network_ipv6.

Pointy hat to:	brooks
2008-06-05 17:26:47 +00:00
Bjoern A. Zeeb
2e598474fa Remove ISDN4BSD (I4B) from HEAD as it is not MPSAFE and
parts relied on the now removed NET_NEEDS_GIANT.
Most of I4B has been disconnected from the build
since July 2007 in HEAD/RELENG_7.

This is what was removed:
- configuration in /etc/isdn
- examples
- man pages
- kernel configuration
- sys/i4b (drivers, layers, include files)
- user space tools
- i4b support from ppp
- further documentation

Discussed with: rwatson, re
2008-05-26 10:40:09 +00:00
Brooks Davis
ec200b32cd Move the wait for a default route to rc.d/routing. Once we test for
non-dhcp interfaces to negotiate/associate this will make more sense.

This also correctly gets run after both devd and netif are run so it has
a chance of working.
2008-05-18 02:57:54 +00:00
Brooks Davis
ace19032cf Change the default value of synchronous_dhclient to NO.
To preserve the existing behavior of etc/rc.d/netif, add code to wait
up to if_up_delay seconds (30 seconds by default) for a default route to
be configured if there are any dhcp interfaces.  This should be extended
to test that the interface is actually up.

X-MFC after:
2008-05-15 01:06:10 +00:00
Florent Thoumie
404b160361 Don't require a configuration file. Ntpd will be perfectly happy if there's
none or if the file doesn't exist (there's no ntp.conf in the base install).

PR:		conf/119592
Submitted by:	Renaud Waldura <renaud+freebsd@waldura.org>
MFC after:	1 week
2008-05-12 11:49:16 +00:00
Mike Makonnen
68abe9bdf2 Specify the full path to the md5(1) binary so the script will
still work even if it's not in the shell's path.

PR: conf/122215
MFC after: 1 week
2008-05-06 10:40:20 +00:00
Ruslan Ermilov
6e595c6fe0 Make it possible to disable sources of entropy harvesting.
Noticed by:	Igor Sysoev
MFC after:	3 days
2008-04-22 15:18:47 +00:00
Sam Leffler
5bd720a7c2 rc support for vaps 2008-04-20 20:37:21 +00:00
Brooks Davis
688e303c19 Add very limited support for the isc-dhclient. It will almostly certaintly
only work if there's just one interface doing dhcp.  This version implements
the same logic as the version in the PR, but uses pgrep to be less verbose.

PR:		conf/95905
MFC after:	1 week
2008-04-15 23:03:35 +00:00
Brooks Davis
30b6f51afe Declare _ppp_profile_cleaned, _punct, and _punct_c local in
ppp_start_profile().

Reported by:	yar
MFC after:	1 week
2008-04-10 01:32:49 +00:00
Maksim Yevmenkin
97078e0796 Add rfcomm_pppd_server rc script to allow start rfcomm_pppd(8) in server
mode at boot time. Multiple profiles can be started at the same time.
The whole idea is very similar to the ppp rc script.

Document Bluetooth knobs in rc.conf(5)

MFC after:	1 week
2008-04-08 23:34:12 +00:00
Sam Leffler
2a54bb549f o add rc.conf knobs to set the wpa_supplicant program, logging flags,
and config file
o change default logging options from -q to -s (log to syslog); this
  is currently broken for boot-time startup as syslogd is started too
  late but that'll be dealt with separately

MFC after:	2 weeks
2008-04-08 23:12:15 +00:00
Sam Leffler
49658ca926 add support wired interfaces
MFC after:	2 weeks
2008-04-08 23:00:04 +00:00
Sam Leffler
823687d052 spell pidfile correctly so multiple wpa_supplicant processes can be run
MFC after:	1 week
2008-04-08 18:54:42 +00:00
Brooks Davis
ef09860eca Fix a stupid typo.
Reviewed by:	bz
2008-04-06 20:39:33 +00:00
Doug Barton
53eb99795c Back out revision 1.6, the addition of "BEFORE: mountcritremote".
mountcritremote REQUIREs FILESYSTEMS, and that script REQUIREs zfs,
so this change is a noop. By removing it we make life a little easier
both for rcorder(8) and for debugging down the road.

Approved by:	2 weeks of silence from pjd
2008-04-02 19:29:16 +00:00
Brooks Davis
14b0729b93 Add support for hardwiring ppp sessions to particular devices with new
per-profile variables of the form ppp_<profile>_unit.  No ppp_unit
variable is supported since tying the same unit to more than one profile
won't work.

PR:		conf/122127
MFC after:	1 week
2008-03-28 07:57:52 +00:00
Brooks Davis
6ea3dc3746 Allow the characters .-+/ to appear in ppp profile names by folding them
to _ when evaluating ppp_<profile>_nat and ppp_<profile>_mode.  Document
the per-profile variables.

PR:		conf/121452, conf/122127 (partial)
MFC after:	1 week
2008-03-26 21:54:48 +00:00
Pawel Jakub Dawidek
2c5f8ef256 Be sure to run rc.d/zfs before mountcritremote. This way we can for example
configure devfs rules in /etc/devfs.conf for ZVOLs.

Submitted by:	Yarema <yds@CoolRat.org>
2008-03-19 14:44:55 +00:00
Xin LI
127d91856d Do nextboot -D twice during boot. The first time in rc.d/root which ensures that
we can remove the file as early as possible, but shut up nextboot at this moment
if the operation is failed, because /boot is not necessarily a part of /; the
newly added second run is placed in rc.d/mountlate after all filesystems were
mounted.

Discussed at:		-rc@
Suggestions from:	brooks, mtm
MFC after:		1 month
2008-03-11 17:21:14 +00:00
Xin LI
510a00dc93 root 2008-03-11 17:20:34 +00:00
Mike Makonnen
f2e7477d21 The check for errors from the mount command did not work as intended
because another command (echo) is executed between the mount command
and the check.

Reported by: Sergey Baturov <sergey@toor.org.ru>
MFC after: 2 weeks
2008-03-06 14:39:33 +00:00
Brooks Davis
ae2edb2af1 Use the new command file feature of ddb(8) to support setting ddb(4)
scripts at boot.  This is currently disabled by default. /etc/ddb.conf
contains some potentially reasonable default scripts.

PR:		conf/119995
Submitted by:	Scot Hetzel <swhetzel at gmail dot com> (Earlier version)
X-MFC after:	textdumps
2008-03-05 18:32:58 +00:00
Brooks Davis
983daa047f When the state of the interface changes rapidly enough (usually due to
rapid wireless association changes in my experience), there is a race
where dhclient is in the process of exiting due to the link going down
when the link coming up causes devd to try and start a new one.  This
results is the link being up, but no dhclient running.

Work around this race by checking a second time after a one second delay
before refusing to start a dhclient instance due to one already being
running.

MFC after:	1 week
2008-02-01 23:43:58 +00:00
Mike Makonnen
82e9dc59ce Add a dummynet_enable knob to go with firewall_enable. If this knob
is enabled dummynet(4) is added to the list of required modules.

Discussed on:	#freebsd-bugbusters (rwatson, trhodes)
PR:		conf/79196
MFC after:	1 week
2008-01-27 15:15:12 +00:00
Mike Makonnen
ae4d6ea88f Generally, anything that runs rc.d scripts internally should
start using the quiet prefix (i.e. quietstart, quietstop, etc...).
2008-01-26 14:02:19 +00:00
Mike Makonnen
a850398f3b Re-implement: do not silently fail when a command is not carried
out because the rc.conf(5) variable was not enabled. Display a
message that the command wasn't run and offer suggestions on
what the user can do.

Implement a quiet prefix, which will disable some diagnostics. The
fast prefix also implies quiet. During boot we use either fast or
quiet. For shutdown we already use 'faststop'. So, this informational
message should only appear during interactive use.

An additional benefit of having a quiet prefix is that we can start
putting some of our diagnostic messages behind this knob and start
"de-cluttering" the console during boot and shutdown.
2008-01-26 11:22:12 +00:00
Mike Makonnen
c3ff913134 Rev. 1.6 made it impossible to use rc.d/kerberos with the krb5 port.
Re-implement the change so that the script once again works with
the krb5 port.

Submitted by: kensmith (slightly modified)
MFC after: 3 days
2008-01-25 05:23:01 +00:00
Ruslan Ermilov
e57918352b Shorter equivalent of the command. 2008-01-24 07:04:12 +00:00
Simon L. B. Nielsen
ce4c63c52a Add warning about this script dealing with untrusted data.
MFC after:	1 week
2008-01-13 14:27:53 +00:00
John Baldwin
af14f69c40 Only pass paths to directories or config files that exist for ldconfig for
32-bit binaries.

MFC after:	3 days
2007-12-13 00:51:01 +00:00
Doug Barton
d6128b96d7 Add an empty stop_cmd to the remaining scripts that don't start
daemons and don't already have one.
2007-12-08 23:00:28 +00:00
Doug Barton
716df058ef Remove a meaningless KEYWORD 2007-12-08 22:40:31 +00:00
Doug Barton
b9070edf0f Remove the bootconf.sh script. It was never used on FreeBSD, and was
removed from the Makefile in version 1.5 (2002/09/02) but never GC'ed.
2007-12-08 22:33:11 +00:00
Doug Barton
9aaedf216b Remove spurious # marks to be more consistent with existing style. 2007-12-08 22:27:18 +00:00
Doug Barton
da1c1367ff Remove empty REQUIRE line 2007-12-08 22:26:30 +00:00
Doug Barton
e3c46a3332 Remove $NetBSD$ CVS tags. We no longer attempt to synch our rc.d files
with theirs, so this information doesn't need to be in the live file.
Having it in our CVS history is enough.
2007-12-08 07:20:23 +00:00
Henrik Brix Andersen
4ec59b0317 Add reload functionality.
PR:		conf/116659
Approved by:	sam, erwin (mentor)
2007-11-14 21:19:15 +00:00
Mike Makonnen
99e95e553c Nuke rc.d/nfslocking which has been superceeded by rc.d/{lockd,statd} 2007-10-25 18:10:05 +00:00
Mike Makonnen
815ac6842e Remove unnecessary whitespace 2007-10-25 16:59:06 +00:00
Doug Barton
3c9471138e 1. Determine the location of the rndc* binaries relative to $command
so that when using named from the ports (or elsewhere) the proper rndc*
commands will be run.

2. Rework the stop routine using ideas from brooks and delphij.
Specifically I am duplicating a lot of code from rc.subr's stop routine
so that this one will behave more like the one in rc.subr, but use rndc
to kill the daemon (or regular kill if that fails). This also avoids
the problems related to using killall if rndc fails, which is bad if
you're running more than one named on the same box.

3. Take a concept from gshapiro and allow the rndc.key file to be
owned by root OR the named_uid user.

Although I used different solutions, this commit handles issues raised in:
PR:	conf/73929
PR:	conf/103976
PR:	conf/109409
2007-10-22 09:38:44 +00:00
Mike Makonnen
1131159255 The amd_map_program knob can potentially contain a command whose output
is then used as an argument to the amd program. This outpu may contain
newlines, but the script did not take care to strip those newlines before
apending it to rc_flags. Revision 1.72 of rc.subr(8) introduced changes that
exposed this problem (specifically putting the final eval'ed command in
quotes).[1]

Also, for correctness' sake, shell directives appended to the command-line
by the script should go into command_args, and not appended directly
to rc_flags.

Reported by:	John E Hein <jhein@timing.com> [1]
Tested by:	John E Hein <jhein@timing.com>
MFC after:	1 week
2007-10-19 22:55:42 +00:00
Mike Makonnen
3b55b5fc42 Partial backout of rev. 1.6, but instead of putting kerberos5_server_flags
back in command_args, put it where rc.subr(8) expects it: kerberos5_flags.
2007-10-19 08:59:59 +00:00
Maksim Yevmenkin
69204f46de Teach /etc/rc.d/ppp how to start/stop individual instances
of ppp. This is an extension of previous commit.

Submitted by:	Yuri Kurenkov < y dot kurenkov at init dot ru >
Reviewed by:	mtm
MFC after:	3 days
2007-10-18 17:10:40 +00:00
Alexander Leidinger
9f05d312b3 Backout sensors framework.
Requested by:	phk
Discussed on:	cvs-all
2007-10-15 20:00:24 +00:00
Alexander Leidinger
99f6b270e3 Import OpenBSD's sysctl hardware sensors framework.
This commit includes the following core components:

 * sample configuration file for sensorsd
 * rc(8) script and glue code for sensorsd(8)
 * sysctl(3) doc fixes for CTL_HW tree
 * sysctl(3) documentation for hardware sensors
 * sysctl(8) documentation for hardware sensors
 * support for the sensor structure for sysctl(8)
 * rc.conf(5) documentation for starting sensorsd(8)
 * sensor_attach(9) et al documentation
 * /sys/kern/kern_sensors.c
   o sensor_attach(9) API for drivers to register ksensors
   o sensor_task_register(9) API for the update task
   o sysctl(3) glue code
   o hw.sensors shadow tree for sysctl(8) internal magic
 * <sys/sensors.h>
 * HW_SENSORS definition for <sys/sysctl.h>
 * sensors display for systat(1), including documentation
 * sensorsd(8) and all applicable documentation

The userland part of the framework is entirely source-code
compatible with OpenBSD 4.1, 4.2 and  -current as of today.

All sensor readings can be viewed with `sysctl hw.sensors`,
monitored in semi-realtime with `systat -sensors` and also
logged with `sensorsd`.

Submitted by:	Constantine A. Murenin <cnst@FreeBSD.org>
Sponsored by:	Google Summer of Code 2007 (GSoC2007/cnst-sensors)
Mentored by:	syrinx
Tested by:	many
OKed by:	kensmith
Obtained from:	OpenBSD (parts)
2007-10-14 10:45:31 +00:00
Maksim Yevmenkin
b1e50be2c6 Teach /etc/rc.d/ppp to start multiple instances of ppp.
ppp_profile variable can now contain multiple profiles.
Overrides for ppp mode and nat can go into ppp_$profile_mode
and ppp_$profile_nat variables respectively. If those are
not specified, defaults from ppp_mode and ppp_nat are used.

Submitted by:	Yuri Kurenkov < y dot kurenkov at init dot ru >
Reviewed by:	mtm
MFC after:	1 week
2007-10-12 16:35:36 +00:00
Doug Barton
b5ed5226dd Deprecate use of the early.sh script as advertised when the support for
local rc.d scripts in the overall boot order was added.

Proper rc.d scripts are run by rc.subr in a subshell, whereas scripts that
end in .sh are sourced into rc's shell. The latter has potential to create
serious boot problems, and there is no reason that the same functionality
cannot be added by the user in the form of a proper rc.d script (as
opposed to being added by the user in the form of /etc/rc.early).

This script will be removed prior to the 8.0 branch.

Approved by:	re (kensmith)
2007-10-09 07:30:14 +00:00
Michael Bushkov
1035d0cb65 Removing obsolete cached files after cached->nscd renaming.
Approved by:	re (kensmith), brooks (mentor)
2007-10-02 07:51:43 +00:00
Michael Bushkov
c97fe77db3 Finishing renaming of cached into nscd. etc/rc.d and usr.sbin/Makefile
updated. Note added to UPDATING.

Approved by:	re (kensmith, bmah), brooks (mentor)
2007-09-28 10:38:08 +00:00
Max Laier
ff72ebb1ba Add the startup script for ftp-proxy(8) to the Makefile as well.
Approved by:	re (bmah - implicit)
Reminded by:	mtm
2007-09-07 15:44:09 +00:00
Max Laier
cb3ab5e31a Add a startup script for ftp-proxy(8) now that it is no longer started as
part of inetd(8).

Approved by:	re (bmah)
Reviewed by:	freebsd-rc (a while back)
Reminded by:	kevlo
2007-09-06 21:00:48 +00:00
Mike Makonnen
5060bcfacd Start lockd after statd.
Approved by:	re (bmah)
Noticed by:	Ted Faber <faber@ISI.EDU>
2007-09-03 02:02:31 +00:00
Matteo Riondato
63f45c4bdf sleep 2 seconds after having loaded g_uzip.ko. We need this because
otherwise the /dev/mdX.uzip won't be created immediately, which is
needed because we issue a mount right afterwards.

Approved by:	re@ (bmah@)
MFC after:	2 days
2007-08-25 00:19:17 +00:00
Mike Makonnen
33eba7d495 My forced commit to note the repo-copy (naturally) changed the $FreeBSD$ keyword line,
so that when I applied the patch to my check-in tree the top half of my patch failed to
apply.  Off course I saw what I *expected* to see (the bottom half succeeded) and
didn't notice that it had failed to apply cleanly.

Approved by: re (bmah)
2007-08-18 04:08:53 +00:00
Mike Makonnen
6ee326fe2f The rc.d/nfslocking file controls two servers: rpc.statd and rpc.lockd. It worked well
in most cases, except one. The 'restart' case was not working as expected. Specifically,
it would stop both lockd and statd, but it would restart only statd (which appears first
in the script). This is because rc.subr(8) contains code to guard against infinite
recursion in the 'restart' casae.

To fix this use the traditional approach of controlling only one server from one script by
breaking out rc.d/nfslocking into its contituent parts: rc.d/lockd and rc.d/statd. Keep
rc.d/nfslocking around but don't include it in the boot rcorder(8)ing.

PR:	     conf/107316
Approved by: re (bmah)
MFC after:   2 weeks
2007-08-17 07:58:26 +00:00
Michael Bushkov
db1bdf2b02 - Renaming repocopied cached to nscd
Approved by:	re (kensmith), brooks (mentor)
2007-08-09 13:06:12 +00:00
John Baldwin
f2c789a923 Require 'cleanvar' so that files and sockets created in /var/run by
wpa_supplicant and other programs started by 'netif' don't get erased
by a subsequent 'cleanvar'.

Approved by:	re (bmah)
Reviewed by:	dougb
MFC after:	1 week
2007-07-25 18:08:01 +00:00
Gregory Neil Shapiro
2bc2025c44 Add a new rc.conf variable, sendmail_rebuild_aliases, which tells
/etc/rc.d/sendmail whether or not to run newaliases if the database
is missing or the aliases text file is newer than aliases.db.

In my opinion, the aliases file should never be automatically rebuilt.
The current text form could represent a work in progress.  Therefore,
in FreeBSD 7.0, this new option will default to "NO".  When this rc.d
change is MFC'ed, it will need to remain "YES" to maintain backward
compatibility.

PR:		conf/86252
Approved by:	re (kensmith)
MFC after:	3 days
2007-06-12 17:33:23 +00:00
Doug Barton
ab512a8e4d Finish making resolv ordering deterministic by REQUIRE'ing it here. 2007-06-02 05:25:19 +00:00
Doug Barton
36617e509a Add REQUIRE netif to make ordering more deterministic, and to make sure
we have a fighting chance of having useful stuff from DHCP.

Tighten up the code a little, and fix whitespace issues.
2007-06-02 05:24:39 +00:00
Ralf S. Engelschall
f31380b233 Fix indentation. 2007-05-24 06:01:06 +00:00
Ralf S. Engelschall
cc42bdd415 Remove two superfluous trailing semicolons. 2007-05-24 05:58:20 +00:00
Ralf S. Engelschall
b9b38f5d90 Remove two unnecessary and useless sub-shell constructs. 2007-05-24 05:54:37 +00:00
Ralf S. Engelschall
0d5b72b307 backout filter of Nil UUID as the boot loader code already filters out Nil UUIDs (see src/sys/boot/i386/libi386/smbios.c:smbios_setuuid for details) 2007-05-22 13:53:59 +00:00
Ralf S. Engelschall
dff50af93b Remove the ugly csh(1) based UUID lower-case translation hack from
/etc/rc.d/hostid now that we switched the origin of the UUID (variable
smbios.system.uuid as provided by the i386 BIOS code) to already provide
a standard conforming lower-case UUID text representation.
2007-05-22 10:22:24 +00:00
Ralf S. Engelschall
e3e421bacf Cleanup style by consistently using braces around variable expansion and
apply an addition from Andrew Thompson <thompsa> for filtering out the
special "Nil" UUID (all zeros) which would be a useless host UUID.
2007-05-21 11:57:01 +00:00
Ralf S. Engelschall
3148ce8687 Adjust UUID lower-case translation from straight-forward tr(1)
usage to an equivalent csh(1) usage as tr(1) stays in /usr/bin and
/etc/rc.d/hostid has just the root filesystem (and this way mainly the
tools in /bin) available.

I've chosen csh(1) here as the string manipulation tools available in
/bin is extremely limited and the (only) alternative ed(1) usage would
have been a lot more complicated or even might require a temporary file.
2007-05-21 11:44:13 +00:00
Ralf S. Engelschall
a8698e63bb The standardized textual representation of UUIDs according to RFC 4122
and ISO/IEC-9834-8:2005 is with LOWER-CASE hexadecimal characters only,
so translate the (usually upper-case and this way not conforming)
representation of the BIOS UUID when reading it. Also be more strict
about the valid characters in the textual representation by checking for
just the hexadecimal characters.
2007-05-21 08:22:43 +00:00
Mike Makonnen
3d03791bb4 o Implement the stop_boot subroutine [1]. This subroutine can be used by
scripts in rc.d to stop rc(8) from booting into multi-user mode when
  a critical or severe error condition is encountered.

o Modify scripts in etc/rc.d that already implemented this functionality
  independently.

o Document it.

[1] - This subroutine was implemented in FreeBSD in rc.d/fsck. I moved it
      to rc.subr(8). Our version differs slightly in that it takes an
      optional argument to stop the boot even if "autoboot" is not set.

Obtained from: NetBSD
MFC after: 2 weeks
2007-05-18 12:04:41 +00:00
Mike Makonnen
9cb24de6ed o Use the --detach option to kdc(8) instead of using the shell
background operator '&'.

  PR: conf/102722

o No need to include $kerberos5_server_flags in $command_args as
  rc.subr(8) will take care of this.
2007-05-17 11:33:08 +00:00
Mike Makonnen
c76ad7642f The precmd routine does not need to check whether the command should be
"forced". If some pre-condition is not met, it should fail as it normally
does and rc.subr(8) will make the appropriate decision. Incidentally, the
previous behaviour had a bug where the "force" flag was respected only
when checking rc.conf(5) knobs. The flag was ignored when verifying the
rpcbind(8) dependency.

MFC after: 2 weeks
2007-05-17 08:57:14 +00:00
Mike Makonnen
e11cc001a9 Move options that do not have anything to do with routing out of
rc.d/routing and in to rc.d/netoptions. Also instead of saying
"TCP options" say "IP options".
2007-05-02 15:49:30 +00:00
Mike Makonnen
47ba326abe When rc.d/NETWORKING included this script in its REQUIRE line, a circular
dependency was introduced because this script had rc.d/localpkg (which is
*after* rc.d/NETWORKING) in its REQUIRE line.

From an examination of its contents it seems that only the availability of
a local filesystem is necessary for this script to function properly.
2007-05-02 15:32:05 +00:00
Pawel Jakub Dawidek
4d739c23fd When zfs dataset has jailed=on property, it won't be mounted with
'zfs mount -a' from the main system - this is by design, as mountpoint
may be set to dangerous value. This all means, that such file system
has to be mounted from within a jail. To make it easier, reorganize
rc.d/zfs script so it can be used from within a jail.
2007-04-22 20:55:08 +00:00
Pawel Jakub Dawidek
2c9c9b9f7f When org.freebsd:swap property is set to 'on' on a ZVOL, use is as a swap
device.

Discussed with:	des
2007-04-15 18:07:14 +00:00
Dag-Erling Smørgrav
7c275b458a Remove the shutdown keyword. It just adds noise to the shutdown process. 2007-04-13 18:46:35 +00:00
Pawel Jakub Dawidek
e21f48c40e - Create an empty /etc/zfs/exports file when zfs_enable="YES" and we don't
NFS-share anything. This way we can safely start mountd with
  /etc/zfs/exports and mountd won't complain.

  Pointed out by:	ceri

- Move 'zfs volinit' before 'zfs mount -a' and 'zfs volfini' after
  'zfs unmount -a'.
2007-04-13 11:02:06 +00:00
Pawel Jakub Dawidek
83ad9fd2d5 mountd(8) was changed to only abort when all given exports files cannot be
open, so we not longer has to check if /etc/zfs/exports exists.
2007-04-13 10:29:25 +00:00
Mike Makonnen
e70b852038 o Look for a zfs(1) exports file only if it exists and is readable. If
we don't do this and the file doesn't exist mountd(8) will abort.
o The mountd(8) daemon creates a pidfile, so use it.
2007-04-13 06:42:25 +00:00
Pawel Jakub Dawidek
6f7c3bdd63 If available, take UUID from smbios.system.uuid, if not fall back to
software-generated UUID. Store the result in /etc/hostid and use it in
the future. Perform simple UUID format check, as there is a lot of
hardware with broken UUIDs. The check should be improved to also eliminate
fake UUIDs like 00000000-0000-0000-0000-000000000000.

Requested by:	many
2007-04-11 00:05:25 +00:00
Giorgos Keramidas
671901e973 Add a pfsync_syncpeer option to /etc/defaults/rc.conf and rc.conf(5),
which can be used to turn off multicast pfsync support, and enable
the transmission of directed PFSYNC (IP protocol: 240) packets to
a specific "sync peer" host.

PR:		conf/111225
Submitted by:	Bas van Beek <bas@tobin.nl>
Approved by:	mtm, mlaier
MFC after:	2 weeks
2007-04-10 16:42:14 +00:00
Pawel Jakub Dawidek
d5ec19ea68 Add rc.d/hostid script (turned on by default) which on first boot generates
UUID and stores it in /etc/hostid ($hostid_file) as well as sets kern.hostuuid
and kern.hostid sysctls on every boot.

Hostid can be reset using '/etc/rc.d/hostid reset' command.

Hostid generation and setting can be turned off by setting variable
hostid_enable to "NO" in /etc/rc.conf.

Reviewed by:	mlaier, rink, brooks, rwatson
2007-04-09 19:21:27 +00:00
Dag-Erling Smørgrav
680aa4e3b8 Apply "additional TCP options" earlier.
Requested by:	andre@
MFC after:	1 week
2007-04-09 10:09:40 +00:00
Dag-Erling Smørgrav
255d327cc5 FILESYSTEMS requires root, so requiring both of them is redundant. 2007-04-09 08:53:40 +00:00
Dag-Erling Smørgrav
90f6241a0e Add zfs to REQUIRE. 2007-04-09 08:44:50 +00:00
Pawel Jakub Dawidek
70cb12f264 - Add ZFS startup script.
Submitted by:	des

- When starting mountd(8) and ZFS is enabled, add /etc/zfs/exports file.
- Update rc.conf(5).
2007-04-06 02:27:02 +00:00
Matteo Riondato
f3636019cb Add rpc_statd_flags and rpc_lockd_flags options to allow options to be
passed to rpc.statd and rpc.lockd

MFC after:	1 week
2007-04-04 13:16:18 +00:00
Dag-Erling Smørgrav
7bd5b79de4 Add a dummy script, FILESYSTEMS, which depends on root and mountcritlocal
and takes over mountcritlocal's role as the early / late divider.  This
makes it far easier to add rc scripts which need to run early, such as a
startup script for zfs, which is right around the corner.

This change should be a no-op; I have verified that the only change in
rcorder's output is the insertion of FILESYSTEMS immediately after
mountcritlocal.

MFC after:	3 weeks
2007-04-02 22:53:07 +00:00
Mike Makonnen
1b0a8a3e52 Instead of directly sourcing the firewall script, run it in a separate shell.
If the firewall script is sourced directly from the script, then any
exit statements in it will also terminate the rc.d script prematurely.

PR: conf/78762
MFC-After: 2 weeks
2007-04-02 15:38:53 +00:00
Mike Makonnen
0a9b210037 Make subroutine names more conformant with other scripts in rc.d.
MFC After: 2 weeks
2007-03-31 09:03:38 +00:00
Mike Makonnen
624321b5a8 Record rc.d/nfslocking dependency on rc.d/rpcbind.
PR: conf/105465
Submitted By: ru (with minor cosmetic change)
MFC-After: 1 month
2007-03-30 19:08:58 +00:00
Mike Makonnen
cc164aba90 Some rc.d commands (such as stop|restart etc.) won't automagically work
if we don't explicitly set the name of the executable program.

PR: conf/104408
2007-03-30 18:36:45 +00:00
Brooks Davis
3f857d8115 Use "-ne" instead of "!=" for integer comparison. 2007-03-25 23:58:46 +00:00
Mike Makonnen
bcbff0a86f Having gone to the trouble of setting up a variable, we should use it. 2007-03-25 19:45:20 +00:00
Maxime Henrion
fffe34c5a8 Make "/etc/rc.d/syscons start" correctly reload screensaver settings.
The code looks for all the loaded screensaver modules, tries to
kldunload them, and only loads the new one if kldstat's output shows
that there aren't any left.  However, the regexp looking for modules
to unload was still searching according to the the old naming scheme,
splash_<name>.ko, instead of <name>_saver.ko.

MFC after:	3 days
2007-03-12 22:35:43 +00:00
Brooks Davis
0b45d130bf Allow background_fsck_delay to be set to a negative value which delays
the background fsck indefinitely.  This allows the administrator to run
it at a convenient time.  To support running it from cron, the
forcestart argument now causes the fsck to start with no delay and all
output to be suppressed.
2007-03-11 06:53:07 +00:00
Nate Lawson
4fce38ec78 Get rid of chatter for failed commands if the filesystem is read-only.
Include /var/db/entropy-file in the reseeding if present.  It is used for
last-ditch efforts to save entropy and thus should also be used to seed
the RNG when starting.  Print a warning instead of an error if writing the
file fails -- err() exits, preventing the umask from being restored.
Also, since there's not much that can be done about it, notifying the user
is all that's needed.

MFC after:	2 weeks
2007-03-03 06:39:06 +00:00
Brooks Davis
a9e1dd9098 Use get_if_var() to retrieve interface specific values of dhclient_flags
and background_dhclient.  This allows interfaces who's names are not
valid parts of shell variables and shortens the code.

MFC after:	1 week
2007-03-02 20:48:35 +00:00
Yaroslav Tykhiy
d798671ba8 pkill(1) and pgrep(1) have been moved to /bin so that they are
available to rc.d scripts early in the boot sequence.
2007-02-15 06:51:31 +00:00
Yaroslav Tykhiy
5f9af361f4 Don't be paranoid about hostname(1) and order the things logically.
Pointed out by:	ceri
2007-02-15 06:46:33 +00:00
Yaroslav Tykhiy
01b777f4cb Don't nag about unset $hostname if DHCP is in use.
Pointed out by:	ceri
2007-02-15 06:42:42 +00:00
Yaroslav Tykhiy
aad85353cc Handle the case when the admin forgot to set $hostname,
which can happen in new installations: advise to set the
variable and refer to rc.conf(5).
2007-02-10 13:13:32 +00:00
Florent Thoumie
2d69b43eb2 Add support for EtherChannel configuration to rc startup scripts.
Note: This also deprecates "NO" as a way to specify an empty list of
interfaces for gif_interfaces.

PR:		conf/104884
Submitted by:	nork
Harassed by:	brd
Discussed with:	brooks, dougb
2007-02-09 12:11:27 +00:00
Mike Pritchard
a0072eda86 Add the following knobs for quotas if they are enabled:
quotaon_flags - flags for the quotaon command
quotaoff_flags - flags for the quotaoff command
quotacheck_flags - flags for the quotacheck command
2007-01-20 04:24:20 +00:00
Simon L. B. Nielsen
26d67ea70f Fix jail rc.d script privilege escalation via symlink attack against
/var/log/console.log and mount points.

Security:	FreeBSD-SA-07:01.jail
2007-01-11 18:18:57 +00:00
Nate Lawson
907b6777c1 Re-work Cx handling to be per-cpu and asymmetrical, fixing support on
modern dual-core systems as well.

- Parse the _CST packages for each cpu and track all the states individually,
on a per-cpu basis.

- Revert to generic FADT/P_BLK based Cx control if the _CST package
is not present on all cpus. In that case, the new driver will
still support per-cpu Cx state handling. The driver will determine the
highest Cx level that can be supported by all the cpus and configure the
available Cx state based on that.

- Fixed the case where multiple cpus in the system share the same
registers for Cx state handling. To do that, added a new flag
parameter to the acpi_PkgGas and acpi_bus_alloc_gas functions that
enable the caller to add the RF_SHAREABLE flag.  This flag could also be
useful to other callers (acpi_throttle?) in the tree but this change is
not yet made.

- For Core Duo cpus, both cores seems to be taken out of C3 state when
any one of the cores need to transition out. This broke the short sleep
detection logic.  It is disabled now if there is more than one cpu in
the system for now as it fixed it in my case.  This quirk may need to
be re-enabled later differently.

- Added support to control cx_lowest on a per-cpu basis. There is still
a generic cx_lowest to enable changing cx_lowest for all cpus with a single
sysctl and for ease of use.  Sample output for the new sysctl:

dev.cpu.0.cx_supported: C1/1 C2/1 C3/57
dev.cpu.0.cx_lowest: C3
dev.cpu.0.cx_usage: 0.00% 43.16% 56.83%
dev.cpu.1.cx_supported: C1/1 C2/1 C3/57
dev.cpu.1.cx_lowest: C3
dev.cpu.1.cx_usage: 0.00% 45.65% 54.34%
hw.acpi.cpu.cx_lowest: C3

This work was done by Stephane E. Potvin with some simple reworking by
myself.  Thank you.

Submitted by:	Stephane E. Potvin <sepotvin / videotron.ca>
MFC after:	2 weeks
2007-01-07 21:53:42 +00:00
Florent Thoumie
eacc7cde7d Jail_ip and jail_interface local variables were renamed to _ip and _interface
in a previous commit to avoid namespace collisions, unfortunately I missed two
of them. This leads to the ip alias being incorrectly removed in some cases
when using the stop command.

Reported by:	Philipp Wuensche <cryx-freebsd@h3q.com>
2007-01-02 11:07:13 +00:00
Yaroslav Tykhiy
0c30639059 Use $required_modules wherever suitable. Use load_kld() in special
cases.  So we get rid of quite a few lines of duplicated code.
2006-12-31 10:37:18 +00:00
Yaroslav Tykhiy
619a36fa66 Fix a typo in a warning message. 2006-12-31 10:12:53 +00:00
Yaroslav Tykhiy
45da9952e5 Eliminate global symbols starting with an underscore from rc.d
scripts, except for mdconfig* and jail.  Such symbols are reserved
for the rc.subr internals.  Most scripts can be fixed by just
declaring _foo symbols as local: few scripts actually need them to
be global.

Discussed with:	dougb in freebsd-rc
2006-12-30 22:53:20 +00:00
Hiroki Sato
fc61bfebd0 Add "nojail" keyword to prevent spurious error messages.
Spotted by:	Keve Nagy
PR:		conf/107083
2006-12-29 15:56:21 +00:00
Yaroslav Tykhiy
a9e42d31b7 Syscons cannot be stopped, so provide a no-op stop method.
The default stop method from rc.subr isn't suited for this
case and produces a bogus warning: "syscons not running".

Suggested by:	matteo
2006-12-20 12:59:50 +00:00
Yaroslav Tykhiy
51f1dbba96 Improve rc.d conformance:
- don't play a needless trick with prestart, just use start method;
- provide no-op stop method so that we don't get bogus "abi not running" error.
2006-12-20 11:37:15 +00:00
Hiroki Sato
6027060830 Add a link-local address to the lo0 even when ipv6_enable="NO".
A kernel with INET6 always has ::1 on lo0, so in the case of
ipv6_enable="NO" the lo0 can have ::1 with no link-local address.
This is a violation of the IPv6 specification.  As a workaround for
this situation, fe80::1 is added in rc.d/auto_linklocal when lo0 has
no link-local address.  This should not be harmful for IPv4-only users.
2006-12-08 06:34:06 +00:00
Ceri Davies
8495277664 Ensure that the load of rules into the alternate ruleset worked before
loading them into the live one too.

PR:		conf/97311
Submitted by:	David Bushong
Reviewed by:	silence on rc@
Approved by:	ru (mentor)
MFC after:	10 days
2006-11-11 10:48:34 +00:00
Tai-hwa Liang
7e75ef1374 Re-sync'ing pf rules in post command as we already did for ipfilter.
With this patch, pf rules with dynamically created devices such like tun0
works without further intervention.

Reviewed by:	mlaier
MFC after:	3 days
2006-10-26 00:29:43 +00:00
Hiroki Sato
e7bf82055f Suppress a spurious warning message when a kernel without INET6 is
used.

Spotted by:	ru
Reviewed by:	ume
MFC after:	3 days
2006-10-22 17:21:03 +00:00
Florent Thoumie
8dcd83aa8f Add 'reload' to the list of available commands for the amd rc.d script.
PR:		conf/104507
Submitted by:	Douglas K. Rand <rand@meridian-enviro.com>
MFC after:	3 days
2006-10-18 15:56:11 +00:00
Yaroslav Tykhiy
7d0ed28d3b Improve cleartmp in a number of aspects:
+ Use rc.subr(8) features properly.
+ Do the whole job of obliterating /tmp contents in find(1).
+ Leave lost+found and quota.{user,group} in /tmp only if root-owned.
+ Make the overall structure clearer by first removing the X dirs
  (perhaps along with the rest of /tmp) and then re-creating them.
+ Use "find -exec rm -rf {} +" for efficiency: each rm instance gets
  a chance to kill as much files in /tmp as ARG_MAX permits.

PR:		bin/104044
Submitted by:	Andrey Simonenko <see PR for email>
Hacked by:	yar
MFC after:	1 month
2006-10-16 13:01:45 +00:00
Ceri Davies
715e675c5f RC script for idmapd(8), defaulting to off. 2006-10-15 14:19:06 +00:00
Hajimu UMEMOTO
f5c04409eb Revert the default value of net.inet6.ip6.auto_linklocal to 1.
If ipv6_enable is not set to "YES", net.inet6.ip6.auto_linklocal
is turned to 0 at boot.

Discussed with:	re@, gnn@
MFC after:	3 days
2006-10-13 12:41:36 +00:00
Hajimu UMEMOTO
639b2c8e5a Restore the behavior that net.inet6.ip6.auto_linklocal=0 could
be coexist with ipv6_enable="YES".

MFC after:	3 days
2006-10-07 15:45:56 +00:00
Florent Thoumie
2440a169c5 Introduce mixer_enable (default: YES).
PR:		conf/101268
Submitted by:	Eugene Grosbein <eugen@grosbein.pp.ru>
Approved by:	cperciva (mentor)
X-MFC after:	6.2-RELEASE
Sponsored by:	FreeBSD Test-Bugathon
2006-10-06 23:22:13 +00:00
Brooks Davis
12d828393a Pull in /etc/rc.conf.d/network so that ifconfig_<if> variables can be
set there.  This is required for consistency with /etc/rc.d/netif.

PR:		conf/103893
Submitted by:	Nick Hibma <nick at anywi.com>
MFC after:	3 days
2006-10-02 18:50:58 +00:00
Bruce M Simpson
2d20d32344 Push removal of mrouted down to the rest of the tree. 2006-09-29 15:45:11 +00:00
Robert Watson
9b2b93002d Sleep for one second after calling audit -t to give the audit daemon a
chance to actually terminate the audit service and exit.  Otherwise, on
an rc.d/auditd restart, the new audit daemon instance may try to start
auditing while the previous session is still running.  Likewise, this
ensures a chance for auditd to terminate the audit trail at system
shutdown.

Perhaps more ideally, the script would wait synchronously for auditd to
exit rather than for an arbitrary but short period of time.

MFC after:	3 days
Obtained from:	TrustedBSD Project
2006-09-24 17:31:04 +00:00
Brooks Davis
cf81114dc4 network_ipv6 also does some interface configuration so require it to run
before starting devd so they don't trip over each other.

PR:		conf/103428
2006-09-21 14:29:32 +00:00
Maksim Yevmenkin
e6c8f242ae Add bthidd(8) rc(8) script
MFC after:	1 month
2006-09-07 22:25:08 +00:00
Colin Percival
1dcb6ad173 When stopping powerd, set the CPU frequency back to its maximum value
(i.e., what it was almost certainly at before powerd was started).

Submitted by:	R.B. Riddick
MFC after:	3 days
2006-08-27 11:04:39 +00:00
Florent Thoumie
1ff6181777 - Add ypserv to the REQUIRE list.
Reported by:	David Thompson <dat1965@yahoo.com>
Discussed on:	-rc (brooks)
Approved by:	cperciva (mentor, implicit)
MFC after:	3 days
2006-08-22 14:58:23 +00:00
Florent Thoumie
3081bf98bf Backout this commit since it breaks startup and some scripts in
certain conditions. I haven't been able to find a better solution yet:

    - Set a two read-only variables (${prefix} and ${etcdir}). This is
    especially useful when using /etc/rc.d scripts with third-party
    software installed from ports.
    - Fix rc.d/sshd to work with openssh from ports using ${etcdir}
    instead of hardcoded /etc.
    - Reflect prefix/etcdir changes in rc.subr.8.

        src/etc/rc.d/sshd: rev 1.9 -> 1.10
        src/etc/rc.subr: rev 1.51 -> 1.52
        src/share/man/man8/rc.subr.8: rev 1.11 -> 1.12

Approved by:	cperciva (mentor)
2006-08-22 11:17:29 +00:00
Florent Thoumie
94733fef16 - Remove ramdisk rc.d scripts since they've been replaced by mdconfig{,2}.
- Update ObsoleteFiles.inc.

Approved by:	cperciva (mentor)
2006-08-22 11:12:09 +00:00
Brian Somers
5f9d14bd5f Add a missing quote
Spotted by: ru
2006-08-17 19:57:10 +00:00
Brian Somers
9341e8dd88 Add a -p switch to dhclient. The switch tells dhclient to persist
despite the interface link status.

Add dhclient_flags_iface and background_dhclient_iface rc.conf options.
(where iface is a specific interface).  These can be used to give
interface specific flags to dhclient.

Reviewed by:	brooks@
2006-08-17 17:12:27 +00:00