Commit Graph

4016 Commits

Author SHA1 Message Date
Warner Losh
0f23628969 + Patch is not my friend, but an evil toad
+ Patch is not my friend, but an evil toad

Remove redunant copy of each of these files that patch appended to them.
# Still not connected to the build.

Approved by: re@ <scottl>
2003-12-03 17:03:20 +00:00
Warner Losh
cdf2381638 New cx driver part 2: Commit the new userland pieces.
This is the new cronyx serial control program.

# A future commit will remove the old driver/userland pieces and connect things
# to the build.

Submitted by: Roamn Kurakin <rik@cronyx.ru>
2003-12-03 07:59:49 +00:00
Brooks Davis
bf164734d4 Reconnect ipfstat, ipnat, and ipftest to the build now that if_xname
support is enabled.

Approved by:	re (scottl)
2003-12-02 21:52:14 +00:00
Sam Leffler
d559f5c3d8 Include opt_ipsec.h so IPSEC/FAST_IPSEC is defined and the appropriate
code is compiled in to support the O_IPSEC operator.  Previously no
support was included and ipsec rules were always matching.  Note that
we do not return an error when an ipsec rule is added and the kernel
does not have IPsec support compiled in; this is done intentionally
but we may want to revisit this (document this in the man page).

PR:		58899
Submitted by:	Bjoern A. Zeeb
Approved by:	re (rwatson)
2003-12-02 00:23:45 +00:00
Don Lewis
408145888e I forgot about the code freeze, so back this out. 2003-12-01 00:33:57 +00:00
Don Lewis
c9648f4e31 Swap avgfilesize and avgfpdir order to give better column alignment. 2003-12-01 00:32:34 +00:00
Murray Stokely
28149368ce Update maintainer line. mbr has been maintainer for at least the last
6 months.

Approved by:	re (murray)
2003-11-30 21:09:58 +00:00
Poul-Henning Kamp
1510356035 Clarify that the encrypted device is called foo.bde and mention that
unmounting it before detaching GBDE is a good idea.

Insisted on by:	Flemming Jacobsen <fj@batmule.dk>
Approveed by:	re@
2003-11-27 20:54:51 +00:00
Wes Peters
96982f9bfd Fix whitespace error in previous commit.
Approved by:	RE@ (Robert Watson)
2003-11-27 01:19:23 +00:00
Alexander Kabaev
cc639d5589 Correct iov_len values passed to nmount(2) syscall. More accurate
parameter checking introduced in vfs_mount.c r1.113 rejects them
otherwise.

Submitted by: R. Imura <imura at ryu16 dot org>
Approved by: re (scottl,rwatson)
2003-11-24 16:14:32 +00:00
Wes Peters
f44ec7f89e Don't use UFS2_BAD_MAGIC on UFS (v1) filesystems; it is Not Ready
for Prime Time there.

Submitted by:	Xin LI <delphij@frontfree.net>
Approved by:	RE@ (John, Scott)
2003-11-23 08:29:01 +00:00
Alfred Perlstein
1647bdb853 Cleanup manpage for mount_nfs4 (make it actually refer to nfs4 options).
Cleanup option parsing for mount_nfs4 program, and remove dead code.

Approved by: re
2003-11-22 02:18:30 +00:00
Alfred Perlstein
38edd6eae9 Bring in manpage for idmapd and change domain to @FreeBSD.org.
Approved by: re
2003-11-22 02:16:53 +00:00
Gordon Tetlow
dc59303d62 Make init statically linked by default. It's not worth the pain of having
a dynamically linked init as recently seen by ia64 woes.

Approved by:	re (jhb)
2003-11-19 19:57:20 +00:00
Marcel Moolenaar
bd8477d623 Force a staticly linked /bin and /sbin for ia64. The necessary changes
to gcc have not been made for ia64, which means that executables still
have /usr/libexec/ld-elf.so.1 as the dynamic linker. This simply does
not work if /usr is a seperate filesystem not mounted when the kernel
tries to execute init(8).

Note that this is a temporary fix until a new gcc has been imported
that does have the required changes.

Approved: re@
2003-11-19 16:59:00 +00:00
Kirk McKusick
b17f40bbda Document that the live dump command (`dump -L') creates its snapshot
in the .snap directory in the root of the filesystem being dumped.
Document that if the .snap directory is missing that it must be
created manually and that it should be owned by user root and
group operator and set to mode 770 before a live dump can be run.
2003-11-18 00:36:40 +00:00
Robert Watson
2fa430f2ab Add an entry to the BUGS section indicating that Vinum cannot currently
be used on devices with a block size other than DEV_BSIZE (512),
which specifically includes being unable to run on a swap-backed
md device.  Swap-backed md devices use a 4k block size.
2003-11-17 16:04:52 +00:00
Robert Watson
f315f7629f Don't attempt to make devices if we're using devfs. This
substantially cleans up the output when running the vinum
management tool, and also makes it work better.

Long sustained silence from:	grog
2003-11-17 15:56:00 +00:00
David Schultz
170f850343 Remove the BUGS section introduced in rev 1.11 now that the problem
has been addressed.
2003-11-17 06:39:54 +00:00
David Schultz
71ff2d08cd Reimplement nologin(8) as a C program. This allows us to statically
link it at low cost and avoid environment poisoning attacks associated
with LD_LIBRARY_PATH.

Suggested by:	rwatson
2003-11-17 06:39:38 +00:00
Don Lewis
88beb5c906 Print the dirpref avgfilesize and avgfpdir parameters.
MFC after:	2 weeks
2003-11-17 01:22:07 +00:00
David Schultz
4240849261 Document nologin(8) as being insecure in conjunction with a dynamic
root and suggest alternatives.
2003-11-17 00:08:28 +00:00
Ian Dowse
0ed25a9ad1 If the unmount by file system ID fails, don't warn before retrying
a non-fsid unmount if the file system ID is all zeros. This is a
temporary workaround for warnings that occur in the vfs.usermount=1
case because non-root users get a zeroed filesystem ID. I have a
more complete fix in the works, but I won't get it done for 5.2.
2003-11-16 16:48:18 +00:00
Kirk McKusick
d46b52859a Convert the live dump command (`dump -L') to use mksnap_ffs instead
of trying to directly create the snapshot itself. This change allows
users logged into the system as operator to run live dumps.

Note that dump no longer tries to create the snapshot in the root of
the filesystem, but rather in a .snap directory in the root of the
filesystem. The reason is that the operator is usually not permitted
to write into the root of the filesystem. The newfs command and
background fsck have both been modified to create a .snap directory
in the root of the filesystem, but if neither of these have been run,
then the .snap directory must be created manually by the superuser
before a live dump can be run. The .snap directory should be owned
by user root and group operator and set to mode 770.
2003-11-16 08:01:58 +00:00
Wes Peters
0af4e34b2e Add the -E command line option to force error conditions for testing.
Sponsord by:	St. Bernard Software
2003-11-16 07:17:30 +00:00
Wes Peters
3b7e1bf6b5 Catch and report on filesystems that were interrupted during newfs,
sporting the new 'BAD' magic number.  Exit with a unique error code
(11) so callers who care about this can respond appropriately.
2003-11-16 07:10:55 +00:00
Wes Peters
ec52df8eb9 Write the UFS2 superblock with a 'BAD' magic number at the beginning
of newfs, to signify the newfs operation has not yet completed.  Re-
write the superblock with the correct magic number once all of the
cylinder groups have been created to show the operation has finished.

Sponsored by:	St. Bernard Software
2003-11-16 07:08:27 +00:00
Ken Smith
12ce12716f - Add GPT header/table recovery command
- Minor related cleanup in add command

Approved by:	marcel
2003-11-16 06:45:26 +00:00
Ken Smith
3834ba7920 - Provide default values for LABELOFFSET and LABELSECTOR so
it compiles on all architectures.

Approved by:	marcel
2003-11-16 06:43:25 +00:00
Gordon Tetlow
7e83e0de77 Change the default for binaries in /bin and /sbin from statically to
dynamically linked. This has been a long time coming with the move of
critical libraries from /usr/lib to /lib. If you don't feel comfortable
with dynamically linked binaries in your root partition, now is the
time to define NO_DYNAMICROOT in your make.conf.

Approved by:	re
2003-11-16 04:57:28 +00:00
Alfred Perlstein
5d01eeb9e1 University of Michigan's Citi NFSv4 userland client code.
Submitted by: Jim Rees <rees@umich.edu>
2003-11-14 21:04:33 +00:00
Johan Karlsson
657c605c12 Make this WARNS=2 clean by
- using (intmax_t) and %j instead of %q

Tested by:	make universe
2003-11-14 13:13:23 +00:00
Johan Karlsson
8a0453d614 Make this WARNS=2 clean by
- using (intmax_t) and %j
	- giving a non-empty format string to msg()

Include <stdint.h> directly instead of depending on <inttypes.h>
to do it.

Tested by:	make universe
2003-11-14 13:07:38 +00:00
Dag-Erling Smørgrav
7fb7df3159 Warn about partitions that would overlap with the master boot record, and
if the user agrees, move them out one track.

MFC after:	7 days
2003-11-13 21:13:43 +00:00
Johan Karlsson
b1da57aeb5 Make this WARNS=2 clean by
- constifying copyright

PR:		39867
Submitted by:	Dan Lukes <dan@obluda.cz>
Tested by:	make universe
2003-11-13 19:18:43 +00:00
Johan Karlsson
8b5e064d28 Make this WARNS=2 clean by
- #include <timeconv.h> for _time_to_time32 et al
	- use (uintmax_t) and %j
	- remove unused variable 'j' (from PR 39866)

PR:		39866
Submitted by:	Dan Lukes <dan@obluda.cz>
Tested by:	make universe
2003-11-13 19:08:43 +00:00
Ken Smith
280b191c3a - Add some information about how init, securelevel, and jails
interact with each other.
	- Minor markup fix (.Dq -> .Va for a variable)

Reviewed by:	rwatson
Approved by:	blackend (mentor)
2003-11-11 18:37:50 +00:00
Christian Brueffer
76a8862646 Add a describtion for the '-d' flag
While I'm here, add a missing comma

PR:		41787
Obtained from:	OpenBSD
MFC after:	5 days
2003-11-10 14:28:33 +00:00
Hajimu UMEMOTO
db54001806 enable aes-xcbc-mac and aes-ctr, again. 2003-11-10 10:39:14 +00:00
Dag-Erling Smørgrav
7434ec74a8 Alphabetization braino.
Pointed out by:	johan
2003-11-07 21:28:29 +00:00
Dag-Erling Smørgrav
705916c692 Whitespace cleanup. 2003-11-07 16:41:47 +00:00
Dag-Erling Smørgrav
45817aaa9c Add a command-line option to format output for human readability.
Currently, the only effect it has is to print some (but not all) numbers
using thousands separators.
2003-11-07 16:33:45 +00:00
Ken Smith
5324d49a71 - add explanation of what an active file system is
- explain the reason for permitting 32 read errors for a dump

PR:		docs/35602 and docs/35607
Reviewed by:	jhb
Approved by:	blackend (mentor)
2003-11-05 22:17:37 +00:00
Johan Karlsson
8fbf7d0847 Make sure argv[x] exists before using it.
PR:		56696
Reported by:	Igor Truszkowski <igort@intergate.pl>
Submitted by:	maxim@
Approved by:	sos@
MFC after:	2 weeks
2003-11-05 21:56:21 +00:00
Johan Karlsson
8fb7e78565 Make this WARNS=6 clean by:
- declaring 'mode2str' as returning a 'const char *'
 - prototyping all function
 - rename the argument 'version' to 'ver', not to shadow
        the now prototyped function 'version'.

Also mark it as WARNS?= 6 clean to try to keep it clean.

Tested by:	make universe (including amd64)
2003-11-05 19:20:41 +00:00
Hajimu UMEMOTO
cf43a05493 - do hexdump on send. set length field properly
- check for encryption/authentication key together with algorithm.
- warned if a deprecated encryption algorithm (that includes "simple")
  is specified.
- changed the syntax how to define a policy of a ICMPv6 type and/or a
  code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none;
- random cleanup in parser.
- use yyfatal, or return -1 after yyerror.
- deal with strdup() failure.
- permit scope notation in policy string (-P
  esp/tunnel/foo%scope-bar%scope/use)
- simplify /prefix and [port].
- g/c some unused symbols.

Obtained from:	KAME
2003-11-05 09:47:54 +00:00
Scott Long
cc2c948fb5 Add support for multibyte character conversions.
Submitted by: imura@ryu16.org
2003-11-05 06:21:45 +00:00
Tom Rhodes
1476864b52 Use 'const' in the copyright stamp, this is done in other utilities.
Return linker.h to the includes list.

No objection from:	wollman (for the copyright)
2003-11-04 21:04:14 +00:00
Ian Dowse
155ea0634c In mapdirs(), do not use the `dp' inode pointer after searchdir()
has been called, since it points to a shared inode buffer that may
be overwritten. The two cases where `dp' was used incorrectly appear
to have been overlooked when "nodump" inheritance was first added
in revision 1.12.

This is reported to correct propagation of the nodump flag on
directories that are larger than one block in size.

PR:		bin/58912
Submitted by:	Volker Paepcke <vpaepcke@incore.de>
MFC after:	1 week
2003-11-04 14:20:14 +00:00
Ian Dowse
ec3f495c76 Add missing prototype for cread(). 2003-11-04 12:27:18 +00:00
Kirk McKusick
524ee1107f Create a .snap directory mode 770 group operator in the root of
a new filesystem. Dump and fsck will create snapshots in this
directory rather than in the root for two reasons:

1) For terabyte-sized filesystems, the snapshot may require many
   minutes to build. Although the filesystem will not be suspended
   during most of the snapshot build, the snapshot file itself is
   locked during the entire snapshot build period. Thus, if it is
   accessed during the period that it is being built, the process
   trying to access it will block holding its containing directory
   locked. If the snapshot is in the root, the root will lock and
   the system will come to a halt until the snapshot finishes. By
   putting the snapshot in a subdirectory, it is out of the likely
   path of any process traversing through the root and hence much
   less likely to cause a lock race to the root.

2) The dump program is usually run by a non-root user running with
   operator group privilege. Such a user is typically not permitted
   to create files in the root of a filesystem. By having a directory
   in group operator with group write access available, such a user
   will be able to create a snapshot there. Having the dump program
   create its snapshot in a subdirectory below the root will benefit
   from point (1) as well.

Sponsored by:   DARPA & NAI Labs.
2003-11-04 07:34:32 +00:00
Kirk McKusick
d62e006473 Check that the user running mksnap_ffs has permission to create and
remove a snapshot file from the directory in which they have requested
to have it made. If they do not have write permission in the directory
or the directory is sticky and not owned by the user, then they
will not be able to remove the snapshot when they are done with it.
2003-11-04 07:04:01 +00:00
Stefan Eßer
5758d949d5 Set exit code to 1 in case at least one of the input files
could not be opened.
2003-11-02 23:12:08 +00:00
Ruslan Ermilov
3565c6a8e3 Style. 2003-11-02 06:47:39 +00:00
Tom Rhodes
b34553a3ab Revert the first part of my previous change.
Requested by:	wollman
2003-11-01 16:57:19 +00:00
Tom Rhodes
31212c21bf The copywrite is not a 'static char', remove the #ifdefs and move the copywrite up
into the commented out 'copywrite' section.

Include sys/linker.h for kldload(3).
2003-11-01 15:58:06 +00:00
Mike Silbersack
ac8711d28e Fix a few style glitches in the previous commit and make the
tunable error message more brief.

Suggested by:	bde
2003-11-01 07:06:04 +00:00
Brooks Davis
405077fd53 We want the length of the string, not the size of its pointer. 2003-11-01 00:03:20 +00:00
Brooks Davis
cd30ca946d Temporarily disconnect ipfstat, ipnat, and ipftest to unbreak world.
Pointy hat to:	brooks
2003-10-31 18:54:46 +00:00
Brooks Davis
9bf40ede4a Replace the if_name and if_unit members of struct ifnet with new members
if_xname, if_dname, and if_dunit. if_xname is the name of the interface
and if_dname/unit are the driver name and instance.

This change paves the way for interface renaming and enhanced pseudo
device creation and configuration symantics.

Approved By:	re (in principle)
Reviewed By:	njl, imp
Tested On:	i386, amd64, sparc64
Obtained From:	NetBSD (if_xname)
2003-10-31 18:32:15 +00:00
Hartmut Brandt
14ecc3c0f0 Use (char *)NULL to terminate the argument list for execlp().
Without this cast the compiler cannot know that it has to convert the
null pointer constant NULL to a null pointer.
2003-10-30 15:04:37 +00:00
Tom Rhodes
565e3e6567 In check.c:
Avoid shadowing declarations.
Avoid compairing signed and unsigned types.
2003-10-30 09:08:09 +00:00
Tom Rhodes
654c287479 Remove a few unused variables. 2003-10-30 05:43:56 +00:00
Tom Rhodes
201747dffc style(9): sort functions. 2003-10-29 21:23:44 +00:00
Tom Rhodes
91b6ac7c44 Properly prototype C function usage().
Sync usage() with the manual page: s/file/snapshot_name/g.
2003-10-29 21:21:09 +00:00
Ian Dowse
5fff09147f When removing trailing slashes, don't remove the first character
of the name if it is '/'. Also fix a comparison between signed and
unsigned quantities (pointed out by trhodes).
2003-10-29 17:44:36 +00:00
Tom Rhodes
feeac7d216 Bump WARNS level and add a '?' to WARNS=. 2003-10-29 16:10:17 +00:00
Tom Rhodes
ff7e70a9ab Remove redundant declaration of the perror() function, it's provided by stdio.h.
Don't define DKTYPENAMES without using it.
2003-10-29 16:09:17 +00:00
Hartmut Brandt
7672807356 Defer allocation of the actual receive mbuf until the external buffer
is returned from the card to the driver. Add a counter that shows
how many times this allocation has failed. Note, that we could even
further delay the allocation of the mbuf until we know, that we need it
(there are no receive errors and the connection is open). This will be done
in a later commit.

Print the new statistics field in atmconfig.
2003-10-29 13:14:39 +00:00
Peter Wemm
a2141d7a53 Fix some 64 bit warnings. You can't fit a pointer in an int. 2003-10-26 04:47:31 +00:00
Peter Wemm
7e9c84c757 Fix a 64 bit warning. Have set_T_dev_t() take a pointer to a size_t rather
than a pointer to an int, since that is what it really wants anyway.
2003-10-26 04:45:08 +00:00
Peter Wemm
30d38f7b0d Fix gcc warnings. If NAME_MAX is 255, and d_namlen is a uint8_t, then
d_namlen can never be > NAME_MAX.  Stop gcc worrying about this by
using a preprocessor test to see if NAME_MAX changes.
2003-10-26 04:43:02 +00:00
Peter Wemm
7b4ef4ac04 64 bit fixes. in_addr_t is an uint32_t, not a u_long. 2003-10-26 04:37:57 +00:00
Peter Wemm
566214a32a Give wider types to sscanf to fix two warnings (u_short cannot be > 0xffff)
and to make sure that we catch oversized arguments rather than silently
truncate them.  I dont know if sscanf will reject an integer if it will
not fit in the short return variable or not, but this way it should be
detected.
2003-10-26 04:36:47 +00:00
Tom Rhodes
2998b879f0 style.Makefile: Add a '?' before '=' in WARNS. 2003-10-26 00:35:05 +00:00
Warner Losh
842ccec57e Parse the ! lines that will soon be coming from the kernel. These are
a generalized notification mechanism for subsystems wishing to report
events.

Revieded by: njl

# The kernel side seems like it might be causing panics for me, but should
# be forthcoming shortly.
2003-10-24 22:02:29 +00:00
Hajimu UMEMOTO
f95d46333d Switch Advanced Sockets API for IPv6 from RFC2292 to RFC3542
(aka RFC2292bis).  Though I believe this commit doesn't break
backward compatibility againt existing binaries, it breaks
backward compatibility of API.
Now, the applications which use Advanced Sockets API such as
telnet, ping6, mld6query and traceroute6 use RFC3542 API.

Obtained from:	KAME
2003-10-24 18:26:30 +00:00
Tom Rhodes
1c614e098d Fix several old bugs which got worse over time:
o WARNS should be WARNS?= (broke in rev 1.21).
o Includes should be sorted.
o Move "mntopt.h" out of the standard includes section.
o Rewrite usage() to match the manual page and make it < 80 characters.
o Remove extra .El call on line 187.  It is unused and causes mdoc(7) warnings.

Discussed with:	bde
2003-10-23 16:09:20 +00:00
Tom Rhodes
9d9696b8e3 Move prototypes into their function. 2003-10-22 20:58:57 +00:00
Tom Rhodes
b0e30de9d8 Make WARNS=2 build without error. 2003-10-22 20:11:42 +00:00
Tom Rhodes
5c9124b23e Add back the commas ',' in usage to avoid a garbled usage message.
They were erroneously removed in revision 1.27.
2003-10-22 19:50:57 +00:00
Sean Chittenden
c80f12d0af Reduce fstab(5)/mount(8) confusion by changing the man pages to say "ro"
instead of "rdonly".  "rdonly" works for mount(8) and mount_std(8) but
not from /etc/fstab, whereas "ro" works for all mount_*(8) commands.
2003-10-22 18:25:49 +00:00
Hajimu UMEMOTO
d24cb2490d stop use of NI_WITHSCOPEID. it was deprecated.
Obtained from:	KAME
2003-10-21 20:11:47 +00:00
Mike Silbersack
d108e6633b Wrap a long line in the previous commit
Suggested by:	njl
2003-10-21 18:48:49 +00:00
Mike Silbersack
9b4b73b7ba Have sysctl print out a more useful error message when it detects that the
user has attempted to write to a read only, tunable value.
2003-10-21 16:49:30 +00:00
Ian Dowse
d6ad008082 Change the default mode for lost+found from 01777 to 0700. The
original intention of the less restrictive permissions was to allow
users to move or delete recovered files that they own. However, it
is better to not create world-writable directories by default; the
administrator can always pre-create lost+found if different permissions
are desired.

Reviewed by:	mckusick
2003-10-19 21:49:44 +00:00
Poul-Henning Kamp
427823d576 Only automatically create an 'a' partition when there is nothing
but a 'c' partition.
2003-10-18 19:32:35 +00:00
Poul-Henning Kamp
2925fa2283 Make the regression test run also with obj directories. 2003-10-17 19:52:07 +00:00
Hajimu UMEMOTO
2f4c5de968 - style
- rename variable
- use strlcpy
- const'fy

Obtained from:	KAME
2003-10-17 11:43:44 +00:00
Poul-Henning Kamp
b6badb5a54 Insert an overview of the plans here, in case I get run over by a bus. 2003-10-13 20:14:02 +00:00
Hajimu UMEMOTO
b42ac57f4f - support AES counter mode for ESP.
- use size_t as return type of schedlen(), as there's no error
  check needed.
- clear key schedule buffer before freeing.

Obtained from:	KAME
2003-10-13 14:57:41 +00:00
Hajimu UMEMOTO
c65ee7c758 - support AES XCBC MAC for AH
- correct SADB_X_AALG_RIPEMD160HMAC to 8

Obtained from:	KAME
2003-10-13 04:54:51 +00:00
Hajimu UMEMOTO
492528c051 - RIPEMD160 support
- pass size arg to ah->result (avoid assuming result buffer size)

Obtained from:	KAME
2003-10-12 09:41:42 +00:00
Max Khon
d03a9dc77a Describe '-M' in usage().
PR:		57462
Submitted by:	Ryuichiro Imura <imura@ryu16.org>
2003-10-11 12:05:05 +00:00
Hajimu UMEMOTO
c0839c961f correct unsafe use of realloc().
Obtained from:	KAME
2003-10-11 10:37:43 +00:00
Marc Fonvieille
84783ceaeb Add a full example of a file-backed disk creation, I used the Handbook's
example.

PR:		docs/51897
Submitted by:	Kevin Oberman <oberman@es.net>
2003-10-11 09:59:25 +00:00
Marc Fonvieille
8b23842d38 s/disklabel/bsdlabel where needed. 2003-10-11 08:24:07 +00:00
Poul-Henning Kamp
fc36082a22 I think it is more correct to use modfind() than kldfind() here. 2003-10-10 14:32:28 +00:00
Marcel Moolenaar
4b290df1dd Revision 1.61 changed the allocation of buffer 'buf' in DoFile() from
the stack to the heap to work around a problem on ia64. Now, roughly
16 months and two compiler updates later, it isn't an issue anymore
in the sense that putting a 1M buffer on the stack just works and we
don't actually need to work around anything anymore.
However, since there's no advantage or need to put the buffer on the
stack (again), this change merely removes the XXX comment describing
that there's an explicit reason for the heap allocation. Hence, this
change is a functional no-op.

PR: ia64/38677
2003-10-08 07:37:11 +00:00
Kirk McKusick
ff76fc7f16 Create a .snap directory mode 770 group operator in the root of each
filesystem that is checked in background. Create the snapshot in this
directory rather than in the root. There are two benefits:

1) For terabyte-sized filesystems, the snapshot may require many
   minutes to build. Although the filesystem will not be suspended
   during most of the snapshot build, the snapshot file itself is
   locked during the entire snapshot build period. Thus, if it is
   accessed during the period that it is being built, the process
   trying to access it will block holding its containing directory
   locked. If the snapshot is in the root, the root will lock and
   the system will come to a halt until the snapshot finishes. By
   putting the snapshot in a subdirectory, it is out of the likely
   path of any process traversing through the root and hence much
   less likely to cause a lock race to the root.

2) The dump program is usually run by a non-root user running with
   operator group privilege. Such a user is typically not permitted
   to create files in the root of a filesystem. By having a directory
   in group operator with group write access available, such a user
   will be able to create a snapshot there. Having the dump program
   create its snapshot in a subdirectory below the root will benefit
   from point (1) as well.

Sponsored by:   DARPA & NAI Labs.
2003-10-08 02:14:03 +00:00