This manpage has incorrectly documented the "dialup"
keyword as "dialin" since it was first added. Correct that.
Approved by: blackend (mentor)
MFC after: 12 days
Replace the check for zero harvest_mask with new check for empty string.
This allows one to specify harvest_mask="0" that disables harversting
entropy from all but "pure" sources. Exact bit values for "pure" sources
differ for stable/12 and later branches, so it is handy to use zero.
The check for zero pre-dates introduction of "pure" non-maskable sources
Use empty string to disable altering sysctl kern.random.harvest.mask.
Note that notion of "pure" random sources is not documented in user level
manual pages yet. Still, it helps to extend battery life for hardware
with embedded "Intel Secure Key RNG" by disabling all other sources.
Note that no defaults changed and default behaviour is not affected.
Reported by: Dmitry Luhtionov
/etc/rc.d/securelevel is supposed to run /etc/rc.d/sysctl lastload
late at boot time to apply /etc/sysctl.conf settings that fail
to apply early. However, this does not work in default configuration
because of kern_securelevel_enable="NO" by default.
Add new script /etc/rc.d/sysctl lastload that starts unconditionally.
Reported by: Marek Zarychta
MFC after: 1 month
Currently ipfw has multiple components that are not parts
of GENERIC kernel like dummynet etc. They can bring in important
sysctls if enabled with rc.conf(5) and loaded with ipfw startup script
by means of "required_modules" after initial consult
with /etc/sysctl.conf at boot time. Here is an example of one
increasing limit for dummynet hold queues that defaults to 100:
net.inet.ip.dummynet.pipe_slot_limit=1000
This makes it possible to use ipfw/dummynet rules such as:
ipfw pipe 1 config bw 50Mbit/s queue 1000
Such rule is rejected unless above sysctl is applied.
Another example is a group of net.inet.ip.alias.* sysctls
created after libalias.ko loaded as dependency of ipfw_nat.
This is not a problem if corresponding code compiled in custom kernel
so sysctls exist when sysctl.conf is read early or kernel modules
loaded with a loader. This change makes it work also for GENERIC
and modules loaded by means of rc.conf(5) settings.
MFC after: 1 month
There are still references to timed(8) and timedc(8) in the base system,
which were removed in 2018.
PR: 255425
Reported by: Ceri Davies <ceri at submonkey dot net>
Reviewed by: ygy, gbe
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30232
There should be no error after startup.
PR: 255698
Reported by: Eugene M. Kim <astralblue@gmail.com>
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Make rc.d/routing read defaultrouter_fibN and ipv6_defaultrouter_fibN, and
set it as the default gateway for FIB N, where N is from 1 to (net.fibs - 1)
This allows adding gateways for multiple FIBs in the same format as the main
gateway. (FIB 0)
Reviewed by: olivier, rgrimes, bcr (man page)
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D22706
rtld preserves its current error message around calls to user init/fini
lists, to not override original error with potential secondary errors
caused by user code recursing into rtld. After 4d9128da54,
the preservation of the string itself is not enough, the 'seen'
indicator must be preserved as well. Otherwise, since new code does not
clear string (it cannot), call to _rtld_error() from errmsg_restore()
revived whatever message was consumed last.
Change errmsg_save() to return structure recording both 'seen' indicator
and the message, if any.
PR: 255698
Reported by: Eugene M. Kim <astralblue@gmail.com>
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
set kld_disbale=y or any value in the boot loader and that will
disable loading of the kld_list.
Differential Revision: https://reviews.freebsd.org/D26939
Once the ipfw0 interface has been created, ifconfig(8) create will
throw a warning: ifconfig: create: bad value' when trying to create it
again.
PR: 241013
Submitted by: Jose Luis Duran
Approved by: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D30083
Previously it depended on sysctl, which itself has no dependencies,
so rcorder(8) had a bit too much flexibility when choosing when to run
it. Make sure it runs just between 'fsck' and 'root'.
Reviewed By: jmg, imp
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D29748
This removes a minor annoyance with Linux jails, where you often
want linux_mounts_enable="NO", yet you want those filesystems
available for mounting in jails; normally mount(8) would result
in kernel automatically loading the KLD, but this doesn't work
inside jails or chroots.
PR: 242955
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D29725
This improves consistency; the NETWORKING script provides both,
so there should be no functional change.
Differential Revision: https://reviews.freebsd.org/D29587
It was unused since 405c3050f1, which removed iBCS support.
This also moves the 'linux' rc script slightly earlier, which
might help in some setups. The original version of this patch
moved it even more, before 'mountcritlocal', which would fixe
mount(8) errors due to missing /dev/shm in setups with entries
for /path/to/chroot/dev/shm without the "late" flag; however,
in the end 'kldxref' turned out to depend on 'mountcritlocal'
anyway.
Reported By: pstef
Reviewed By: dchagin
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D29590
Right now, libthr does not initialize RtldLockInfo.rtli_version when calling
_rtld_thread_init(), which makes versioning the interface troublesome.
Add a workaround: if the calling object of _rtld_thread_init() exports
the "_pli_rtli_version" symbol, then consider rtli_version initialized.
Otherwise, forcibly set it to RTLI_VERSION_ONE, currently defined as
RTLI_VERSION.
Export "_pli_rtli_version" from libthr and properly initialize rtli_version.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D29633
This makes it run a bit earlier in the startup, which will
be useful for the linux rc script later on.
Reviewed By: imp (earlier version)
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D29589
This eliminates some non-trivial amount of code duplication, where done.
Only x86 and mips are handled right now.
Tested by: bdragon (powerpc), mhorne (riscv)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D29623
This fixes a regression in d36d681615, where the call to
__tls_get_address() was performed under rtld_bind_lock write-locked.
Instead use tls_get_addr_slow() directly, with locked = true.
Reported by: jkim, many others
Tested by: jkim, bdragon (powerpc), mhorne (riscv)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D29623
This was only needed on 32-bit arm prior to ARMv6. As we only support
ARMv6 or later remove it.
Reviewed by: mannu
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D29624
dl_iterate_phdr() dlpi_tls_data should provide the TLS module segment
address, and not the TLS init segment address as it does now.
Reported by: emacsray@gmail.com
PR: 254774
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
If the root file system is composed from multiple devices, wait for
devices to be ready before running zpool and dumpon rc scripts.
An example of this is if the bulk of the root file system exists on a
fast device (e.g. NVMe) but the /var directory comes from a ZFS dataset
on a slower device (e.g. SATA). In this case, it is possible that the
zpool import may run before the slower device has finished being probed,
leaving the system in an intermediate state.
Fix is to add root_hold_wait to the zpool and dumpon (which has a
similar issue) rc scripts.
PR: 242189
Reported by: osidorkin@gmail.com
Reviewed by: allanjude
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D29101
This fixes a problem where ctld(8) would refuse to start on boot
with a specific IP address to listen on configured in ctl.conf(5).
It also fixes a problem where ctld(8) would fail to start with
some network interfaces which require a sysctl.conf(5) tweak
to configure them, eg to switch them from InfiniBand to IP mode.
PR: 232397
Reported By: Mahmoud Al-Qudsi <mqudsi at neosmart.net>
Submitted By: Jeremy Faulkner <gldisater at gmail.com>
Reviewed By: mav
Differential Revision: https://reviews.freebsd.org/D29578
The new PRELOAD_FDS variable accepts a list of file descriptors
that should be loaded into the process.
This may be used to optimize a loading process - in the case when
we already have a file descriptor to the library; we don't have
to look into multiple PATH to find it.
It may also be used in capability mode to load a single additional
library without the need to open a directory that contains it.
The last use of this functionality t may be a race-free method
of loading libraries.
Reviewed by: kib, markj
Differential Revision: https://reviews.freebsd.org/D29334
Previously it would try to load linux.ko instead of linux64.ko
and fail. While here, don't try to match 'linuxaout'; even if
implemented, it's the same module as `linuxelf`.
Reviewed By: emaste
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D29288
This is not ready yet for prime time
This reverts commit 763db58932.
This reverts commit f1ab799927.
This reverts commit 6e822e9957.
This reverts commit 77e1ccbee3.
Daniel reported that NFSv4 mounts were not working despite having
set "nfsv4_server_enable=YES" in /etc/rc.conf. Mountd was logging a
message that there was no /etc/exports file.
He noted that creating a /etc/exports file with a "V4:" line in it
was needed make NFSv4 mounts work.
At least one "V4:" line in one of the exports(5) file(s) is needed to
make NFSv4 mounts work. This patch fixes mountd.c so that it logs a
message indicting that there is no "V4:" line in any exports(5)
file when NFSv4 mounts are enabled.
To avoid this message being generated erroneously, /etc/rc.d/mountd
is updated to make sure vfs.nfsd.server_max_nfsvers is properly set
before mountd(8) is started.
Reported by: debdrup
PR: 253901
MFC after: 2 weeks
Parentheses added to HASZERO macro to avoid a GCC warning, and formatted
with clang-format as we have adopted these and don't consider them
'contrib' code.
Obtained from: musl (snapshot at commit 4d0a82170a25)
Reviewed by: kib (libc integration), mjg (both earlier)
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17630
Fix another bug in 77e1ccbee3. $IFS
should be fully restored for its other users.
PR: 249192
Reported by: jkim
MFC after: 3 weeks
X-MFC with: 77e1ccbee3
77e1ccbee3 introduced a bug whereby
rc scripts in etc/rc.d and $local_startup failed to parse output
from called commands because IFS was set to " " instead of the
default " \t\n". This caused parsing of output that contains any
whitespace character, such as tabs and newlines, not matching just a
space to fail.
PR: 249192
MFC after: 3 weeks
X-MFC with: 77e1ccbee3
77e1ccbee3 introduced parallel execution
of rc. It separated groups with line feeds (\n) and elements within
groups using spaces. This is a natural separation due to rcorder
using spaces and lines to separate elements within groups with groups
of services separated by line feeds.
77e1ccbee3 parses the output from rcorder
by setting $IFS. However it failed to reset $IFS to default ' \t\n'
prior to calling find_local_scripts_new(), causing find_local_scripts_new()
to fail parsing $local_startup for site-specific local rc scripts, i.e.
${LOCALBASE}/etc/rc.d. This caused daemons from ports and packages such
as postfix, dovecot, nut, and others in ${LOCALBASE} not to be started.
PR: 249192
MFC after: 3 week
X-MFC with: 77e1ccbee3