Commit Graph

6913 Commits

Author SHA1 Message Date
Brad Davis
f0a51d9df4 Move ssh config file handling into the ssh Makefiles.
This helps with pkgbase by using CONFS and tagging these as config files.

Approved by:	allanjude (mentor), des
Differential Revision:	https://reviews.freebsd.org/D16678
2018-08-15 14:53:42 +00:00
Brad Davis
b26c7f7fee Move all sh and csh files into bin/sh/ or bin/csh/
This simplifies pkgbase by migrating these to CONFS so they are properly
tagged as config files.

Approved by:	will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16708
2018-08-15 14:41:24 +00:00
Will Andrews
450e5a4378 zfs: add ztest to the kyua test suite.
This program is currently failing, and has been for >6 months on HEAD.
Ideally, this should be run 24x7 in CI, to discover hard-to-find bugs that
only manifest with concurrent i/o.

Requested by:	lwhsu, mmacy
2018-08-15 13:05:04 +00:00
Brad Davis
eecd09850d Move inetd.conf to usr.sbin/inetd/
This is pkgbase related as it uses CONFS to tag the file as a config file

Approved by:	AllanJude (mentor)
Sponsored by:	Essen Hackathon
Differential Revision:	https://reviews.freebsd.org/D16693
2018-08-12 13:29:40 +00:00
Brad Davis
31ef5c6891 Move all the newsyslog related configs to usr.sbin/newsyslog/
This is related to pkgbase and changes these to use CONFS so that these are
tagged as config files.

Approved by:	AllanJude (mentor)
Sponsored by:	Essen Hackathon
Differential Revision:	https://reviews.freebsd.org/D16694
2018-08-12 13:24:53 +00:00
Brad Davis
9488993b1d Move all NTP related files to usr.sbin/ntp/ntpd.
This helps with pkgbase by using CONFS to tag these as config files.

Approved by:	allanjude (mentor), ian, cy
Sponsored by:	Essen Hackathon
Differential Revision:	https://reviews.freebsd.org/D16661
2018-08-11 17:42:42 +00:00
Brad Davis
81ea85a884 Move all periodic related config and scripts to usr.sbin/periodic/
This makes pkgbase easier by tagging these as CONFS so they are properly
tagged as config files.

Approved by:	will (mentor)
Sponsored by:	Essen Hackathon
Differential Revision:	https://reviews.freebsd.org/D16553
2018-08-11 17:11:08 +00:00
Dimitry Andric
e35e6a3d71 Merge ^/head r337619 through r337645. 2018-08-11 16:41:08 +00:00
Brad Davis
6d76ed56a0 Move pf.os to sbin/pfctl/
Approved by:	will (mentor)
Glanced at by:	kp
Sponsored by:	Essen Hackathon
Differential Revision:	https://reviews.freebsd.org/D16557
2018-08-11 13:58:26 +00:00
Brad Davis
bf8a86cd14 Move cron.d/at to usr.bin/at/
This helps with pkgbase as it tags this as a config file so it is handled as
such

Approved by:	allanjude (mentor)
Sponsored by:	Essen Hackathon
Differential Revision:	https://reviews.freebsd.org/D16673
2018-08-11 13:52:23 +00:00
Brad Davis
c2d948fa77 Move snmpd.config to usr.sbin/bsnmpd/bsnmpd/
This helps with pkgbase as this config file will now be tagged as a config
file

Approved by:	allanjude (mentor)
Sponsored by:	Essen Hackathon
Differential Revision:	https://reviews.freebsd.org/D16674
2018-08-11 13:47:28 +00:00
Brad Davis
40557b99f5 Move sysctl.conf to sbin/sysctl/ and switch to CONFS.
This helps with pkgbase to tag this config file as a config file.

Approved by:	allanjude (mentor), will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16559
2018-08-11 13:28:03 +00:00
Brad Davis
cea9c033f2 Move ddb.conf to sbin/ddb/ and switch to CONFS.
This helps pkgbase as this config file will now be tagged as a config file.

Approved by:	allanjude (mentor)
Differential Revision:	https://reviews.freebsd.org/D16675
2018-08-11 13:25:39 +00:00
Brad Davis
9584f61992 Move OpenBSM to CONFS
This helps with pkgbase as these config files will be properly tagged as
config files.

Approved by:	allanjude (mentor), oshogbo
Differential Revision:	https://reviews.freebsd.org/D16679
2018-08-11 13:23:09 +00:00
Dimitry Andric
f9c0a51283 Merge ^/head r337286 through r337585. 2018-08-10 21:02:28 +00:00
Alan Somers
47cc9ee1b1 Switch the default pager for most commands to less
Finally, a pager for the nineties.

MFC after:	Never
Relnotes:	Yes
Differential Revision:	https://reviews.freebsd.org/D13465
Poll:		https://reviews.freebsd.org/V7
2018-08-08 19:24:20 +00:00
Mark Johnston
976e100378 dhclient: Don't chroot if we are in capability mode.
The main dhclient process is Capsicumized but also chroots to
restrict filesystem access.  With r322369, pidfile(3) maintains a
directory descriptor for the pidfile, which can cause the chroot
to fail in certain cases.  To minimize the problem, only chroot
if we fail to enter capability mode, and store dhclient pidfiles
in a subdirectory of /var/run, thus restricting access via
pidfile(3)'s directory descriptor.

PR:		223327
Reviewed by:	cem, oshogbo
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D16584
2018-08-06 16:22:01 +00:00
Brad Davis
624a22b84e Fix build after r337340.
Approved by:	will (mentor)
2018-08-05 04:20:52 +00:00
Brad Davis
0ab0a723ed Move autofs related configs to usr.sbin/autofs/
This is prep for pkgbase to have config files tagged as such.

Approved by:	will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16492
2018-08-04 22:41:17 +00:00
Brad Davis
99a84b826f Move portsnap.conf to head/usr.sbin/portsnap/portsnap/
This is prep for pkgbase to have config files tagged as such.

Approved by:	will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16554
2018-08-04 22:31:29 +00:00
Brad Davis
6e6d254d7c Move freebsd-update.conf to usr.sbin/freebsd-update.
This is prep for pkgbase so that config files are tagged as such.

Approved by:	will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16556
2018-08-04 22:25:41 +00:00
Brad Davis
4d2cf170d3 Move etc/minfree to sbin/savecore/.
This is prep for pkgbase to have config files tagged as such.

Approved by:	will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16558
2018-08-04 22:15:59 +00:00
Dimitry Andric
bbd7a9298f Merge ^/head r336870 through r337285, and resolve conflicts. 2018-08-04 11:53:41 +00:00
Dimitry Andric
6dfa117f67 Update llvm/clang version numbers in various files. 2018-07-31 18:13:44 +00:00
Brad Davis
5836319ae6 Move pkg/FreeBSD.conf to usr.sbin/pkg/
Approved by:	bapt (mentor)
Differential Revision:	https://reviews.freebsd.org/D16491
2018-07-31 16:42:03 +00:00
Brad Davis
6d88443da1 Move blacklistd.conf to usr.sbin/blacklistd/
This is prep for pkging base and helps tag and install config files with the
correct packages.

Approved by:	bapt (mentor)
Differential Revision:	https://reviews.freebsd.org/D16493
2018-07-31 16:39:38 +00:00
Brad Davis
4f1521406b Move nscd.conf from etc/ to usr.sbin/nscd/
Approved by:	will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16490
2018-07-28 23:29:36 +00:00
Brad Davis
df89e31712 Opps, I missed moving a couple of files in r336845.
Approved by:	will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16466
2018-07-28 20:41:33 +00:00
Brad Davis
1135e97b7c Move rc startup scripts from etc/ to sbin/init/
This keeps most startup scripts as CONFS per discussion on src-committers from
back during BSDCan.

Approved by:	will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16466
2018-07-28 20:36:23 +00:00
Brad Davis
a0a1ffcb16 Move etc/shells to lib/libc/gen with getusershell(3).
Approved by:	will (mentor)
Differential Revision:	https://reviews.freebsd.org/D16467
2018-07-28 20:21:23 +00:00
Brad Davis
74c3bf4ac0 Move apmd.conf to CONFS in usr.sbin/apmd which simplifies this nicely.
Approved by:	bapt (mentor)
Differential Revision:	https://reviews.freebsd.org/D16431
2018-07-26 16:51:23 +00:00
Brad Davis
5166d20d98 Move dumpdates creation to CONFS=
Approved by:	bapt (mentor)
Differential Revision:	https://reviews.freebsd.org/D16435
2018-07-26 16:45:25 +00:00
Alan Somers
3468bf40ce Introduce test program for auditpipe(4)
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D16395
2018-07-26 00:16:41 +00:00
Ian Lepore
9a23cbc4d4 Add ntpd to the list of users not allowed to log into ftp. 2018-07-22 16:17:45 +00:00
Brad Davis
31ad99a4af Revert r336572 and wrap them in machine checks so they are only installed on
i386.

Approved by:	allanjude (mentor), imp
Differential Revision:	https://reviews.freebsd.org/D16380
2018-07-21 17:13:39 +00:00
Brad Davis
a3b6b79f57 Purge some old apmd files
Approved by:	allanjude
Differential Revision:	https://reviews.freebsd.org/D16373
2018-07-21 00:12:41 +00:00
Alan Somers
5717aa2d2a Allow mounting FUSE filesystems in jails
Reviewed by:	jamie
MFC after:	2 weeks
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D16371
2018-07-20 21:35:31 +00:00
Ian Lepore
d11f4dfd21 Automatically run ntpd as non-root when possible.
Ntpd needs only a subset of full root privileges to do its job. Specifically
it needs the ability to manipulate system time, and to re-bind to a
privileged UDP port after interface changes. The mac_ntpd(4) policy module
(see r336525) can grant these privs.

These changes detect the availability of mac_ntpd(4). If enabled, and if the
ntpd configuration is fairly vanilla, it automatically runs ntpd as the
non-root user 'ntpd' (uid 123). "Vanilla" means the config doesn't include
command line or ntp.conf options changing the location of files or using any
files/dirs likely to be inaccessible to user ntpd.  Ntpd can still run as
non-root when using such options, but the admin must ensure all required
files and dirs are accessible, and then set ntpd_user=ntpd in rc.conf.

Note that these changes also address PR 199127 by using the command_args
technique suggested in the patch. They also tangentially address PR 113552,
which is primarily about inconsistent filenames in documentation, but some
of the inconsistancy was caused by old code in rc.d/ntpd which is leftover
from the intial import from netbsd. There was code to do chroot setup which
required the use of the netbsd clockctl(4) device; that code never had any
effect on freebsd, because we lack that device and don't build ntpd with the
options that would allow using it.

PR:		113552 199127
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D16050
2018-07-20 13:59:29 +00:00
Ian Lepore
3496c981ac Make it possible to run ntpd as a non-root user, add ntpd uid and gid.
Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.

This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.

Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.

Differential Revision:	https://reviews.freebsd.org/D16281
2018-07-19 23:55:29 +00:00
Ian Lepore
9d6c74a0d9 Create an aarch64 subdir under man4, now that we have aarch64 manpages.
Reported by:	Mark Millard
2018-07-08 01:29:48 +00:00
Sean Bruno
6f077571b9 WITHOUT_SERVICESDB:
Add src.conf knob to disable the installation of /var/db/services.db

Default to leaving services.db in place, but allow the removal of the
file and its creation with a src.conf knob.

This file ends up being 2MB in size.  For small systems this is a waste
of space but its a tradeoff.

Reviewed by:	bdrewery
Differential Revision:	https://reviews.freebsd.org/D9655
2018-07-04 17:18:35 +00:00
Dimitry Andric
55458465af More follow-up to r335799 (llvm/clang 6.0.1 update), where I forgot to
update mtree files, ObsoleteFiles and a number of other paths.  Sorry
about all the breakage.

Pointy hat to:	me
MFC after:	2 weeks
X-MFC-With:	r335799
2018-06-30 15:03:22 +00:00
Alex Richardson
53ed3b32ae Fix missing files in METALOG with -DNO_ROOT
By using INSTALL_LINK instead of calling ln during install the files
end up in the METALOG file as well if we use -DNO_ROOT and will be
included in a disk image when using makefs with METALOG as the input.
The other file that was not included in METALOG was /var/db/services.db
which is now also included for -DNO_ROOT.

Approved By:	brooks (mentor)
Differential Revision: https://reviews.freebsd.org/D15665
2018-06-29 21:15:17 +00:00
Ian Lepore
795c4eaa37 When being verbose about various leapfile versions, also mention expiration.
The expiration date is actually more of a version number than the version
date, because expiration changes twice a year, whereas the version only
changes when actual leap second events occur (except in USNO leapfiles,
which inappropriately bump the version with every expiration date change).
2018-06-28 22:13:32 +00:00
Ian Lepore
b5a278bcf4 Rename variable ntp_tmp_leapfile to have a leading underbar, to distinguish
it from variables with similar names which are set in rc.conf.  This will
make more sense as the script grows more similar-name local variables in
some upcoming changes.
2018-06-28 22:05:29 +00:00
Warner Losh
0a463958e7 Fix quoting in sending the NOMATCH event to devmatch
The NOMATCH event was previously quoted to protect it from shell
expansion. However, that quoting now interferes with the quoting devd
is doing. Quote to protect just the ?.
2018-06-28 15:00:18 +00:00
Brad Davis
f59e535254 Simplify using bsd.endian.mk and have it provide CAP_MKDB_ENDIAN, since it is
the most common usage.

Approved by:	bapt (mentor)
2018-06-28 13:48:59 +00:00
Ben Woods
217df2da08 geli attach multiple providers
Allow attaching of multiple geli providers at once if they use same
passphrase and keyfiles.

This is helpful when the providers being attached are not used for boot,
and therefore the existing code to first try the cached password when
tasting the providers during boot does not apply.

Multiple providers with the same passphrase and keyfiles can be attached
at the same time during system start-up by adding the following to
rc.conf:
  geli_groups="storage backup"
  geli_storage_flags="-k /etc/geli/storage.keys"
  geli_storage_devices="ada0 ada1"
  geli_backup_flags="-j /etc/geli/backup.passfile -k /etc/geli/backup.keys"
  geli_backup_devices="ada2 ada3"

Reviewed by:	wblock, delphij, jilles
Approved by:	sobomax (src), bcr (doc)
Differential Revision:	https://reviews.freebsd.org/D12644
2018-06-26 18:07:16 +00:00
Brooks Davis
e4b0a90e77 Normalize the g(eom,cache,part,...) build.
Rather then combining hardlink creation for the geom(8) binary with
shared library build, move libraries to src/lib/geom so they are
built and installed normally.  Create a common Makefile.classes
which is included by both lib/geom/Makefile and sbin/geom/Makefile
so the symlink and libraries stay in sync.

The relocation of libraries allows libraries to be build for 32-bit
compat.  This also reduces the number of non-standard builds in
the system.

This commit is not sufficent to run a 32-bit /sbin/geom on a 64-bit
system out of the box as it will look in the wrong place for libraries
unless GEOM_LIBRARY_PATH is set appropriatly in the environment.

Reviewed by:	bdrewery
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D15360
2018-06-25 19:55:15 +00:00
Ian Lepore
0d88e3b240 Fix a comment; the ntp leaplist file is updated periodically, but not weekly
(it's only updated when a check shows it's within 30 days of expiring).

PR:		207138
2018-06-24 03:31:23 +00:00
Ian Lepore
4b4a865284 Modernize usage of "restrict" keyword in ntp.conf
It is no longer necessary to specify a -4/-6 flag on any ntp.conf
keyword.  The address type is inferred from the address itself as
necessary.  "restrict default" statements always apply to both address
families regardless of any -4/-6 flag that may be present.

So this change just tidies up our default config by removing the redundant
restrict -6 statement and comment, and by removing the -6 flag from the
restrict keyword that allows access from localhost.

This change was inspired by the patches provided in PRs 201803 and 210245,
and included some contrib/ntp code inspection to verify that the -4/-6
keywords are basically no-ops in all contexts now.

PR:		201803 210245
Differential Revision:	https://reviews.freebsd.org/D15974
2018-06-24 03:29:00 +00:00
Ian Lepore
6014f3c446 Use 'mv -f' in rc.d/ntpd to avoid spuriously halting the boot.
The final 'mv' to install a fetched leap-list file can fail (due to a
readonly fs, or schg flags, for example), and that leads to mv(1)
prompting the user, stopping the boot process.  Instead, use mv -f
to supress the prompting, and if verbose mode is on, emit a warning
that the existing file cannot be replaced.

PR:		219255
2018-06-23 02:42:08 +00:00
Rick Macklem
9d48901e34 Add "mountcritremote" to the REQUIRE line for nfsd.
For a pNFS MDS server, there must be mounts done to the DSs before the
nfsd is started. Adding the REQUIRE line makes sure these are done.
If there are NFS mounts in /etc/fstab that cannot be completed before
the nfsd starts, the "bg" mount option can still be used to handle that.
I do not believe this should cause problems for non-pNFS NFS servers.
(I have requested a review by rc@, but it is still pending.)
2018-06-22 20:58:51 +00:00
Alan Somers
f1ed5c000c praudit(1): add tests
Submitted by:	aniketp
MFC after:	2 weeks
X-MFC-With:	335287
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15751
2018-06-17 17:31:16 +00:00
Kyle Evans
9d3730e514 devmatch: Address some rc nits
- devmatch_enable in rc.conf(5) was not gating the start of devmatch

- Use quietstart in devd/devmatch to suppress dozens of 'Cannot start'
  messages and other spurious messages from rc.subr(8) that aren't
  necessarily helpful.

Discussed with:	imp
2018-06-14 16:09:29 +00:00
Warner Losh
b5e2ff92e5 User service foo rather than /etc/rc.d/foo.
devd predates service in the system. Modernize usage to use service to
start/stop things in reaction to events rather than calling the rc
file directly.

This was pointed out in my talk at BSDcan as well as indirectly
referrred to as a barrier to entry for OpenRC in that working group.
2018-06-11 22:48:34 +00:00
Warner Losh
1e9d36676f Set the $PATH in /etc/crontab like it is set by the cron(8)
daemon, for consistency.

Submitted by: Ben RUBSON
Pull Request: https://github.com/freebsd/freebsd/pull/155
2018-06-10 02:13:30 +00:00
Kristof Provost
af9f0aa430 ipfw: fix status if ipfw.ko is not loaded
If the ipfw module is not loaded the net.inet.ip.fw.enable OID does not exist,
which leads the script to report errors and incorrectly report that ipfw is
enabled.
2018-06-07 13:16:53 +00:00
Kristof Provost
42faa80be3 ipfw: fix whitespace
No functional changes.
2018-06-07 13:14:09 +00:00
Kristof Provost
fa1d4439f9 pf: Return non-zero from 'status' if pf is not enabled
In the pf rc.d script the output of `/etc/rc.d/pf status` or `/etc/rc.d/pf
onestatus` always provided an exit status of zero. This made it fiddly to
programmatically determine if pf was running or not.

Return a non-zero status if the pf module is not loaded, extend pfctl to have
an option to return an error status if pf is not enabled.

PR:		228632
Submitted by:	James Park-Watt <jimmypw AT gmail.com>
MFC after:	1 week
2018-06-06 19:36:37 +00:00
Brad Davis
64fe1b5e1d Only create /var/log/sendmail.st if start sendmail.
For those of us that never use or start sendmail, it is unneeded.

Approved by:	bapt (mentor)
2018-06-06 01:51:05 +00:00
Brad Davis
8dc84f09e0 Move /sys symlink creating out of etc/Makefile.
This is prep for etc/Makefile going away.

Approved by:	bapt (mentor)
2018-06-04 15:17:24 +00:00
Alan Somers
f7f4e0f7a8 Add initial set of tests for audit(4)
This change includes the framework for testing the auditability of various
syscalls, and includes changes for the first 12.  The tests will start
auditd(8) if needed, though they'll be much faster if it's already running.
The syscalls tested in this commit include mkdir(2), mkdirat(2), mknod(2),
mknodat(2), mkfifo(2), mkfifoat(2), link(2), linkat(2), symlink(2),
symlinkat(2), rename(2), and renameat(2).

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15286
2018-05-29 23:08:33 +00:00
Niclas Zeising
539e1e58af Complete removal of lmc(4)
The lmc(4) driver was removed in r333144 and relevant files added to
ObsoleteFiles.inc, however, include/sys/dev/lmc was not removed from mtree
and is recreated on every install.  Remove it from mtree.

Reviewed by:	imp, emaste
Approved by:	emaste
Differential Revision:	https://reviews.freebsd.org/D15590
2018-05-28 17:08:37 +00:00
Edward Tomasz Napierala
a5efdbd0c9 Make the cfumass rc script support USB template 10.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-05-27 10:48:21 +00:00
Edward Tomasz Napierala
a4ccdf9091 Revert r333493, which was a temporary fix for 11.2-RELEASE, and instead
switch the default kldxref_enable to YES.

The reason is that it's required for every image that's being cross-built,
as kldxref(8) cannot handle files for non-native architectures.  For the
one that is not - amd64 - having it on by default doesn't change anything;
the script is noop if the linker.hints already exists.

MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2018-05-26 11:13:17 +00:00
Mark Felder
75a315f6d2 rc.subr: Support loading environmental variables from a file
The current support for setting environment via foo_env="" in rc.conf is
not scalable and does not handle envs with spaces in the value. It seems
a common pattern for some newer software is to skip configuration files
altogether and rely on the env. This is well supported in systemd unit
files and may be the inspiration for this trend.

MFH:		1 week
Differential Revision:	https://reviews.freebsd.org/D14453
2018-05-25 19:36:26 +00:00
Emmanuel Vadot
729ba386f0 devd: Always install devmatch.conf
It allows devd to run devmatch to find the correct driver based on pnp info.

No Objection from:    imp
2018-05-21 21:44:47 +00:00
Edward Tomasz Napierala
57b1f8183c Set label when setting up USB LUNs, it looks nicer this way.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-05-16 20:44:08 +00:00
Edward Tomasz Napierala
463b6ed54f Change the cfumass rc script to stop pretending the USB LUN is a virtual
CD; for some reason OSX can't deal with it.

MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-05-16 20:39:15 +00:00
Dag-Erling Smørgrav
b70d78d6e8 Rename all Unbound binaries and man pages from unbound* to local-unbound*.
PR:		222902
2018-05-12 17:10:36 +00:00
Dag-Erling Smørgrav
9d0ade3630 Remove the ability to generate long since useless SSH1 RSA keys. 2018-05-12 08:23:17 +00:00
Edward Tomasz Napierala
2b55bea538 Make /etc/rc.d/kldxref not print anything for directories that don't
contain any kernel modules.  This makes the common case completely silent,
as it should be.

Reviewed by:	imp@
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D14694
2018-05-11 14:43:21 +00:00
Xin LI
b6f7731dba Remove "All rights reserved" from my files.
See r333391 for the rationale.

MFC after:	1 week
2018-05-10 06:41:08 +00:00
Warner Losh
e310437971 For video consoles, only launch a getty if the device exists.
Differential Revision: https://reviews.freebsd.org/D15169
2018-05-09 20:49:00 +00:00
Mark Johnston
e505460228 Import the netdump client code.
This is a component of a system which lets the kernel dump core to
a remote host after a panic, rather than to a local storage device.
The server component is available in the ports tree. netdump is
particularly useful on diskless systems.

The netdump(4) man page contains some details describing the protocol.
Support for configuring netdump will be added to dumpon(8) in a future
commit. To use netdump, the kernel must have been compiled with the
NETDUMP option.

The initial revision of netdump was written by Darrell Anderson and
was integrated into Sandvine's OS, from which this version was derived.

Reviewed by:	bdrewery, cem (earlier versions), julian, sbruno
MFC after:	1 month
X-MFC note:	use a spare field in struct ifnet
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D15253
2018-05-06 00:38:29 +00:00
Eitan Adler
0722b4b00e [etc] Update newsyslog.conf default comment
Remove line about allowed flags. It was missing 'pRTY' and is duplicative
of the man page. It didn't describe the flags in any detail to help
remind users of how to configure newsylog.
2018-05-03 00:57:19 +00:00
Warner Losh
e4eef18848 Use M. Warner Losh everywhere on my copyrights.
Remove 'All Rights Reserved' where I can.
2018-05-01 16:29:22 +00:00
Vladimir Kondratyev
44af5666d9 bthidd(8): Add evdev protocol support for bluetooth keyboards and mouses
User-visible changes:

"-u" is added to to list of command line options supported by bthidd.
Use it to enable evdev support. uinput and evdev modules should be
kld-loaded or compiled into the kernel in that case.

bthidd_evdev_support rc.conf variable is added to control enabling of
evdev support in bthidd startup script. Possible values are: "YES", "NO",
"AUTO"(default). Setting bthidd_evdev_support to "AUTO" inserts "-u" option
if kernel is compiled with EVDEV_SUPPORT option enabled.

Support for consumer HID usage page keyboard events is implemented. Most of
them are available only through evdev protocol.

kern.evdev.rcpt_mask sysctl is checked, so "sysctl kern.evdev.rcpt_mask=12"
should be executed if EVDEV_SUPPORT is compiled into kernel.

It is recommended to regenerate bthidd.conf entries with bthidcontrol(8)
"Query" command to set user-friendly names of bluetooth devices.

Reviewed by:	emax, gonzo, wblock (docs), bcr (docs, early version)
Differential Revision:	https://reviews.freebsd.org/D13456
2018-04-30 12:16:54 +00:00
Edward Tomasz Napierala
e73154c1d7 Add cfumass rc script, to create a LUN for cfumass(4).
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D14844
2018-04-21 14:56:41 +00:00
Kyle Evans
addc1b6ce4 Fix ddb rc script
r288291 added a call to limits(1), which isn't available before partitions
are mounted. This broke the ddb rc script, which does not provide its own
start_cmd.

Alleviate the situation here by providing a start_cmd. We still have other
problems with diskless setups that need to be considered, but this is a
start.

PR:		206291
Submitted by:	cy
Discussed with:	rgrimes
MFC after:	3 days
2018-04-19 15:02:53 +00:00
John Baldwin
8ce99bb405 Properly do a deep copy of the ioctls capability array for fget_cap().
fget_cap() tries to do a cheaper snapshot of a file descriptor without
holding the file descriptor lock.  This snapshot does not do a deep
copy of the ioctls capability array, but instead uses a different
return value to inform the caller to retry the copy with the lock
held.  However, filecaps_copy() was returning 1 to indicate that a
retry was required, and fget_cap() was checking for 0 (actually
'!filecaps_copy()').  As a result, fget_cap() did not do a deep copy
of the ioctls array and just reused the original pointer.  This cause
multiple file descriptor entries to think they owned the same pointer
and eventually resulted in duplicate frees.

The only code path that I'm aware of that triggers this is to create a
listen socket that has a restricted list of ioctls and then call
accept() which calls fget_cap() with a valid filecaps structure from
getsock_cap().

To fix, change the return value of filecaps_copy() to return true if
it succeeds in copying the caps and false if it fails because the lock
is required.  I find this more intuitive than fixing the caller in
this case.  While here, change the return type from 'int' to 'bool'.

Finally, make filecaps_copy() more robust in the failure case by not
copying any of the source filecaps structure over.  This avoids the
possibility of leaking a pointer into a structure if a similar future
caller doesn't properly handle the return value from filecaps_copy()
at the expense of one more branch.

I also added a test case that panics before this change and now passes.

Reviewed by:	kib
Discussed with:	mjg (not a fan of the extra branch)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D15047
2018-04-17 18:07:40 +00:00
Kristof Provost
98c5f9884e pf tests: Basic ioctl validation tests
Validate the DIOCRADDTABLES and DIOCRDELTABLES ioctls with invalid size
values. All of these requests should fail.

MFC after:	1 week
2018-04-06 15:03:48 +00:00
Ruslan Bukin
cde6fa2857 Add new shared library -- libopencsd.
OpenCSD is an ARM CoreSight(tm) trace packets decoder.

- Connect libopencsd to the arm64 build.
- Install opencsd headers to /usr/include/opencsd/

Sponsored by:	DARPA, AFRL
2018-04-04 14:31:56 +00:00
Kristof Provost
b93a1086cf pf: reload and resync do the same thing
The reload and resync commands for the startup script do exactly the same
thing, so implement one as a call to the other.

MFC after:	3 weeks
2018-03-26 09:36:22 +00:00
Jonathan T. Looney
2529f56ed3 Add the "TCP Blackbox Recorder" which we discussed at the developer
summits at BSDCan and BSDCam in 2017.

The TCP Blackbox Recorder allows you to capture events on a TCP connection
in a ring buffer. It stores metadata with the event. It optionally stores
the TCP header associated with an event (if the event is associated with a
packet) and also optionally stores information on the sockets.

It supports setting a log ID on a TCP connection and using this to correlate
multiple connections that share a common log ID.

You can log connections in different modes. If you are doing a coordinated
test with a particular connection, you may tell the system to put it in
mode 4 (continuous dump). Or, if you just want to monitor for errors, you
can put it in mode 1 (ring buffer) and dump all the ring buffers associated
with the connection ID when we receive an error signal for that connection
ID. You can set a default mode that will be applied to a particular ratio
of incoming connections. You can also manually set a mode using a socket
option.

This commit includes only basic probes. rrs@ has added quite an abundance
of probes in his TCP development work. He plans to commit those soon.

There are user-space programs which we plan to commit as ports. These read
the data from the log device and output pcapng files, and then let you
analyze the data (and metadata) in the pcapng files.

Reviewed by:	gnn (previous version)
Obtained from:	Netflix, Inc.
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D11085
2018-03-22 09:40:08 +00:00
Ruslan Bukin
30b3274fff Add new shared library -- libipt.
libipt is the Intel Processor Trace (Intel PT) packets decoder.

- Include libipt to amd64 build.
- Install libipt headers to /usr/include/libipt/

Sponsored by:	DARPA, AFRL
2018-03-21 14:37:04 +00:00
Kyle Evans
d5a390e6c7 Move /boot/overlays to /boot/dtb/overlays
The former is fairly vague; these are FDT overlays to be applied to the
running system, so /boot/dtb is a sensible location to put it without
cluttering up /boot/dtb even further if desired.
2018-03-19 16:16:12 +00:00
David Bright
cc732b9da5 Modify rc.d/fsck to handle new status from fsck/fsck_ffs
r328013 introduced a new error code from fsck_ffs that indicates that
it could not completely fix the file system; this happens when it
prints the message PLEASE RERUN FSCK. However, this status can happen
when fsck is run in "preen" mode and the rc.d/fsck script does not
handle that error code. Modify rc.d/fsck so that if "fsck -p"
("preen") returns the new status code (16) it will run "fsck -y", as
it currently does for a status code of 8 (the "standard error exit").

Reported by:	markj
Reviewed by:	mckusick, markj, ian, rgrimes
MFC after:	3 days
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D14679
2018-03-15 18:29:56 +00:00
Jamie Gritton
d0aee33dc9 Don't warn when the "hostname" rc variable is unset, but the hostname
is already non-empty (common in jails).
2018-03-10 20:13:07 +00:00
Alan Somers
c60fdff77d Commit missing file from r330696
MFC after:	3 weeks
X-MFC-With:	330696
2018-03-09 23:17:29 +00:00
Hans Petter Selasky
e808190a59 Add kernel and userspace code to dump the firmware state of supported
ConnectX-4/5 devices in mlx5core.

The dump is obtained by reading a predefined register map from the
non-destructive crspace, accessible by the vendor-specific PCIe
capability (VSC). The dump is stored in preallocated kernel memory and
managed by the mlx5tool(8), which communicates with the driver using a
character device node.

The utility allows to store the dump in format
    <address> <value>
into a file, to reset the dump content, and to manually initiate the
dump.

A call to mlx5_fwdump() should be added at the places where a dump
must be fetched automatically. The most likely place is right before a
firmware reset request.

Submitted by:	kib@
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2018-03-08 15:21:56 +00:00
Devin Teske
5bf5ca772c Introduce dwatch(1) as a tool for making DTrace more useful
Reviewed by:	markj, gnn, bdrewery (earlier version)
Relnotes:	yes
Sponsored by:	Smule, Inc.
Differential Revision:	https://reviews.freebsd.org/D10006
2018-03-06 23:44:19 +00:00
Edward Tomasz Napierala
fc5acf467c Add example devd.conf(5) entry for notifying init(8) about new USB ttys.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2018-03-06 21:05:34 +00:00
Ed Maste
da95763b3b rc.d/jail: avoid misinterpreting expr arguments
(Due to some misconfiguration) I ended up with _mask set to
"-v<something>", and /etc/rc.d/jail then failed with
"expr: illegal option -- v".

Use "expr --" so that variable content is never interpreted as an
option.

Reviewed by:	jamie
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D14535
2018-02-28 17:20:10 +00:00
Kristof Provost
6b8bcdc1e8 pf: Apply $pf_flags when verifying the pf.conf file
When checking the validity of the pf.conf file also include the user supplied
pf_flags. These flags might overrule macros or specify anchors, which we will
apply when actually applying the pf.conf file, so we must also take them into
account when verifying the validity.

Submitted by:	Andreas Longwitz <longwitz at incore.de>
MFC after:	3 weeks
2018-02-28 09:59:58 +00:00
Kristof Provost
5830b90f4b pf: Do not flush on reload
pfctl only takes the last '-F' argument into account, so this never did what
was intended.

Moreover, there is no reason to flush rules before reloading, because pf keeps
track of the rule which created a given state. That means that existing
connections will keep being processed according to the rule which originally
created them. Simply reloading the (new) rules suffices. The new rules will
apply to new connections.

PR:		127814
Submitted by:	Andreas Longwitz <longwitz at incore.de>
MFC after:	3 weeks
2018-02-28 08:53:07 +00:00
Kyle Evans
3eae2a2e40 Add 'usr.bin/seq' to tests mtree after r330086 2018-02-27 22:22:23 +00:00
Alan Somers
4b40bdbd1f Add tests for lagg(4) and other cloned network interfaces
Unfortunately, most of the tests are disabled because they fairly frequently
trigger panics.

MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2018-02-23 18:18:42 +00:00
Alan Somers
2fae26bd8b Add the ZFS test suite
It was originally written by Sun as part of the STF (Solaris test framework).
They open sourced it in OpenSolaris, then HighCloud partially ported it to
FreeBSD, and Spectra Logic finished the port.  We also added many testcases,
fixed many broken ones, and converted them all to the ATF framework.  We've had
help along the way from avg, araujo, smh, and brd.

By default most of the tests are disabled.  Set the disks Kyua variable to
enable them.

Submitted by:	asomers, will, justing, ken, brd, avg, araujo, smh
Sponsored by:	Spectra Logic Corp, HighCloud
2018-02-23 16:31:00 +00:00
Marcelo Araujo
61e7e50da9 The firewall_type is ignored if not set in rc.conf or rc.conf.local,
after r190575 there is an option to call rc.firewall with the firewall_type
passed in as an argument.

Submitted by:	David P. Discher <dpd@dpdtech.com>
MFC after:	3 weeks.
Sponsored by:	iXsystems Inc.
Differential Revision:	https://reviews.freebsd.org/D14286
2018-02-22 08:25:39 +00:00
Hans Petter Selasky
974a95948a Fix handling of "one_nomatch" shell variable to preserve its contents
appearing as a single argument passed to devmatch(8).

Don't depend on "sort" utility from usr/bin which might not be
available when devd is started.

Sponsored by:	Mellanox Technologies
2018-02-17 13:32:29 +00:00
Hans Petter Selasky
9a44db43ea Invoke devmatch rc.d script directly instead of depending on "service"
which is installed in usr/sbin and might not be available at the time
devd is started.

Sponsored by:	Mellanox Technologies
2018-02-17 13:13:55 +00:00
Warner Losh
247f52f185 Pass in the NOMATCH event to devmatch
In devd/devmatch.conf, we need to pass the event to the devmatch
serivce. It gets passed to devmatch -p for matching. We always pass
this, unlike hps' original patch, so we kill two birds with one stone
and only match modules to the event passed in.

Submitted by: hps@
Sponsored by: Netflix
2018-02-17 06:57:38 +00:00
Warner Losh
7e1637e491 If we're passed an argument, then treat it as a single NOMATCH event
to parse rather than searching for all events. Pass with new -p arg to
devmatch. devmatch will use that one event rather than walking the
entire tree.

kldload will stop at the first failure. So we need to loop.  Also,
symbolic links may confused kldload into trying (and failing) to load
multiple modules at once, so guard against that.

Noticed by: hps (with similar patch)
Sponsored by: Netflix
2018-02-17 06:57:21 +00:00
Eitan Adler
bc43eb228d etc: clean up trailing whitespace in autofs
Obtained from:	DragonFlyBSD (48a93f514f93ff671b7b6c9bbed54d45b3f65180)
2018-02-15 11:41:38 +00:00
Alan Somers
ea9c2614cf Add mtree entry for 329275
MFC after:	3 weeks
X-MFC-With:	329275
Sponsored by:	Spectra Logic Corp
2018-02-14 21:02:38 +00:00
Warner Losh
b11df8a4a3 Add /boot/lua. 2018-02-13 17:42:10 +00:00
Brad Davis
4126c2e199 Fix resolv to run when it should and not when it should not..
Approved by:	manu
Reported by:	manu
Pointy hat to:	brd
2018-02-13 16:07:39 +00:00
Hans Petter Selasky
6bb41868ef Add missing semicolon to not break devd during system startup. 2018-02-13 08:10:17 +00:00
Warner Losh
ff99e28210 Fix typo 2018-02-12 06:52:49 +00:00
Warner Losh
8d99f31cbb Turn devmatch on by default.
Turn devmatch on by default. However, use 'start' instead of
'onestart' in the devmatch.conf file so the setting of
'devmatch_enable' is honored. Give an example of what to put in
devd.conf if you want to disable just the run-time part of devmatch.

Relnotes: yes
2018-02-12 06:51:20 +00:00
Warner Losh
ac28ac4863 Add usb.conf to ObsoleteFiles.
Add a note to UPDATING.
Fix a missing tab.

Relnotes: Yes
2018-02-12 06:42:38 +00:00
Warner Losh
4f28883dcd Install devmatch.conf, don't install usb.conf 2018-02-12 04:54:51 +00:00
Warner Losh
4d6e935eb2 Install devmatch int /etc/rc.d and echo modules being installed. 2018-02-12 04:52:25 +00:00
Warner Losh
4420d8e198 Switch to using devmatch to autoload drivers. Remove usb.conf
as obsolete because devmatch gets its information from the same
place as the genration scripts.
2018-02-12 04:45:26 +00:00
Warner Losh
c0c6f4d2e0 Add devmatch rc.d integration
Create simple script to load modules on demand based on the device
identifying information.

Sponsored by: Netflix
2018-02-12 04:45:17 +00:00
Ian Lepore
5eebd6c02b Regenerate devd/usb.conf after the recent addition of several new device IDs. 2018-02-11 16:35:56 +00:00
Mark Felder
330d62831f Refactor cleanvar to remove shell expansion vulnerability
If any process creates a directory named "-P" in /var/run or
/var/spool/lock it will cause the purgedir function to start to rm -r /.

Simplify a lot of complicated shell logic by leveraging find(1).

Reviewed by:	allanjude
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D13778
2018-02-06 21:35:41 +00:00
Mark Felder
1ce07411fa Fix firstboot fs mount logic
The firstboot logic has an error which causes the filesystem to be
mounted readonly even though root_rw_mount=YES. This fixes the error to
ensure that the root filesystem is mounted rw as expected after the run
of the firstboot scripts.

Reviewed by:	imp
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D14226
2018-02-06 20:12:05 +00:00
Ed Maste
e9a7bae553 Correct Russia spelling in regdomain.xml
PR:		225658
MFC after:	1 week
2018-02-05 18:45:21 +00:00
Dmitry Marakasov
148ee4c3ff Support configuring arbitrary limits(1) for any daemon in rc.conf
Usage is ${name}_limits, and the argument is any flags accepted by
limits(1), such as `-n 100' (e.g. only allow 100 open files).

Approved by:	cy
Differential Revision:	https://reviews.freebsd.org/D14015
2018-01-24 14:15:06 +00:00
Kyle Evans
25f0135c49 Add /boot/overlays to runtime pkg, fix distrib-dirs METALOG generation
/boot/overlays was recently added without belonging to a package. It's only
used by bootloaders at the moment, so add it to the 'runtime' package to get
added with ubldr and friends.

Fix distrib-dirs METALOG generation while we're here. History elsewhere
seems to indicate that bapt@ fixed this to pull in all attributes from
mtrees while generating the METALOG. This fix got clobbered somewhere later,
so restore it.

Reviewed by:	bapt, gjb
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D13996
2018-01-23 17:59:06 +00:00
Kyle Evans
b37f6c9805 Add libregex, connect it to the build
libregex is a regex(3) implementation intended to feature GNU extensions and
any other non-POSIX compliant extensions that are deemed worthy.

These extensions are separated out into a separate library for the sake of
not cluttering up libc further with them as well as not deteriorating the
speed (or lack thereof) of the libc implementation.

libregex is implemented as a build of the libc implementation with LIBREGEX
defined to distinguish this from a libc build. The reasons for
implementation like this are two-fold:

1.) Maintenance- This reduces the overhead induced by adding yet another
regex implementation to base.

2.) Ease of use- Flipping on GNU extensions will be as simple as linking
against libregex, and POSIX-compliant compilations can be guaranteed with a
REG_POSIX cflag that should be ignored by libc/regex and disables extensions
in libregex. It is also easier to keep REG_POSIX sane and POSIX pure when
implemented in this fashion.

Tests are added for future functionality, but left disconnected for the time
being while other testing is done.

Reviewed by:	cem (previous version)
Differential Revision:	https://reviews.freebsd.org/D12934
2018-01-22 02:44:41 +00:00
Brad Davis
5b0065e7db Teach the resolv startup script to respect its enable flag.
Reviewed by:	will, imp
Approved by:	imp
2018-01-18 20:45:41 +00:00
Kyle Evans
db180ae55c stand: Add /boot/overlays to allow separation of overlays from base FDT
This matches directory structure used commonly in Linux-land, and it's
cleaner than mixing overlays into the existing module paths. Overlays are
still mixed in by specifying fdt_overlays in loader.conf(5).

Reviewed by:	manu
Differential Revision:	https://reviews.freebsd.org/D13922
2018-01-18 04:58:54 +00:00
Dimitry Andric
c79126f2e4 Merge ^/head r327624 through r327885. 2018-01-12 18:23:35 +00:00
Kyle Evans
12cea332f1 vmstat(8): Hook up NetBSD tests
The NetBSD tests for vmstat are basically just a smoke test, ensuring that
executing `vmstat` and `vmstat -s` exit successfully. This is more than we
test now, so go with it.
2018-01-11 16:04:04 +00:00
Kyle Evans
de45c289b9 awk(1): Add necessary bits for connecting tests, but leave disconnected
The NetBSD test suite has 24 tests for awk, and we pass exactly 4 of them.
Add the necessary pieces for interested parties to easily connect the
tests and run them, but leave them disconnected for the time being.

Some of these tests outright segfault in our awk, others just exhibit the
wrong behavior.
2018-01-11 05:36:13 +00:00
Cy Schubert
da7a237fac USNO and possibly others have misinterpreted the maining of the
leapseconds last-update field and incorrectly increment it when changing
the file even though the leapsecond data has not changed. For instance,
if a leapsecond file is obtained from USNO, when it expires it will not
be replaced by a newer file from other sources because it has an
incorrect later last-update (version).

This corrects r304780.

PR:		225029
Submitted by:	ian
MFC after:	3 days
2018-01-09 20:35:58 +00:00
Dimitry Andric
4b49587c3d Merge ^/head r327341 through r327623. 2018-01-06 16:13:17 +00:00
Jilles Tjoelker
9d75d6c9d5 find: Link tests to the build 2017-12-31 19:24:13 +00:00
Bryan Venteicher
0ac9f3f67f Add VXLAN (RFC 7348) port
PR:		202316
Submitted by:	olgeni@
MFC after:	2 weeks
2017-12-31 17:11:12 +00:00
Eitan Adler
5539cb324e mtree: remove /etc/skel
We use /usr/share/skel instead of /etc/skel. The existence of /etc/skel
has confused people.

PR:		46062 (submitted 2002-12-07)
PR:		218897
Submitted by:	carl@slackerbsd.org
Submitted by:	asv@inhio.net
2017-12-31 07:25:55 +00:00
Dimitry Andric
4fc74049d2 Merge ^/head r327169 through r327340. 2017-12-29 12:51:26 +00:00
Xin LI
a9a7c8c0a1 Replace send-mail with the more standarized sendmail, we do not create
links for send-mail in mailwrapper so it did not work anyway.

MFC after:	2 weeks
2017-12-27 06:23:50 +00:00
Eitan Adler
dae3a64fb9 userland: Fix several typos and minor errors
- duplicate words
- typos
- references to old versions of FreeBSD

Reviewed by:	imp, benno
2017-12-27 03:23:01 +00:00
Dimitry Andric
54b4b13c4a Merge ^/head r326936 through r327149. 2017-12-24 13:22:57 +00:00
Kevin Lo
f1ab57eead Add soft float abi caching form armv7, it would allow people with old
binaries to run them.

Reviewed by:	imp
2017-12-22 01:46:25 +00:00
Dimitry Andric
27228b49fb Update clang versioned dir in mtree files. 2017-12-20 20:28:40 +00:00
Dimitry Andric
14767bd616 Follow-up to r325967, which removed /etc/casper, by also removing it
from BSD.root.dist, so it does not get created again on installworld.
2017-12-12 22:21:20 +00:00
Eitan Adler
fbc88a6f35 sponge(1): revert
I did a complete buildworld and test... with the program disconnected
from the tree. Revert the change for now.

(this keeps the change to .arclint which is still correct)

Wearing:	my pointhat
2017-12-06 02:47:46 +00:00
Eitan Adler
8d4a7aab40 sponge(1): fix my tests
Reviewed by:	kevans
2017-12-05 04:43:39 +00:00
Alan Somers
95639a80ef dc(1): fix input of non-decimal fractional numbers
Inputting fractional non-decimal numbers has never worked correctly in our
OpenBSD-derived dc(1). It truncates the input to a number of decimal places
equal to the number of hexadecimal (or whatever base) places given on the
input. That's unacceptable, because many numbers require more precision to
represent in base 10 than in their original bases.

Fix this bug by using as many decimal places as needed to represent the
input, up to the maximum of the global scale factor.

This has one mildly surprising side effect: the scale of a number entered in
non-decimal mode will no longer necessarily equal the number of hexadecimal
(or whatever base) places given on the input. I think that's an acceptable
behavior change, given that inputting fractional non-decimal numbers never
worked in the first place, and the man page doesn't specify whether trailing
zeros on the input should affect a number's scale.

PR:		206230
Reported by:	nibbana@gmx.us
Reviewed by:	pfg
Differential Revision:	https://reviews.freebsd.org/D13336
2017-12-05 04:22:35 +00:00
Mark Johnston
04006780d9 Complete support for dtrace's -x setenv option.
This allows one to override the environment for processes created with
dtrace -c. By default, the environment is inherited.

This support was originally merged from illumos in r249367 but was lost
when the commit was later reverted and then brought back piecemeal.

Reported by:	Samuel Lepetit <slepetit@apple.com>
MFC after:	2 weeks
2017-12-03 16:57:28 +00:00
Kristof Provost
4fbebc7472 Add IPSec tests in tunnel mode
Some IPSec in tunnel mode allowing to test multiple IPSec
configurations.  These tests are reusing the jail/vnet scripts from pf
tests for generating complex network.

Submitted by:	olivier@
Differential Revision:	https://reviews.freebsd.org/D13017
2017-12-03 13:52:35 +00:00
Dimitry Andric
d4419f6fa8 Upgrade our copies of clang, llvm, lldb and libc++ to r319231 from the
upstream release_50 branch.  This corresponds to 5.0.1 rc2.

MFC after:	2 weeks
2017-12-03 12:14:34 +00:00
Eitan Adler
e6fb36794f pf.os: Add OpenBSD:6.1
Obtained From: OpenBSD
2017-12-02 06:23:02 +00:00
Alan Somers
cc58910608 Fix fetching ntp leapfile after 325256
Submitted by:	Ronald Klop <ronald-lists@klop.ws>
Reviewed by:	asomers
MFC after:	3 days
X-MFC-With:	325256
2017-11-28 20:44:10 +00:00
Alan Somers
013953eb5f Add basic tests for ctfconvert(1), fold(1) and rs(1)
Add basic command line parsing test coverage for these utilities.  The tests
were automatically generated based on their man pages.  These tests can be
expanded by hand for more thorough coverage.  The aim is to generate very
basic amount of test coverage for all the utilities in the base system.

Tests generated via: https://github.com/shivansh/smoketestsuite/

Submitted by:	shivansh
Reviewed by:	asomers
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D12424
2017-11-27 20:01:58 +00:00
Emmanuel Vadot
b7f38d774d growfs: Commit the changes after expanding the partition
This fix the problem in arm snapshot present since at least 6 months where
growfs was failing at firstboot and dropped you in a single user shell.
2017-11-27 15:39:11 +00:00
Pedro F. Giffuni
1de7b4b805 various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
2017-11-27 15:37:16 +00:00
Edward Tomasz Napierala
f497052bcf Add /etc/autofs/include_nis, a non-rewriting NIS map.
Submitted by:	G. Paul Ziemba
Suggested by:	asomers@
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2017-11-27 12:50:26 +00:00
Edward Tomasz Napierala
61cfb3db4c Rename /etc/autofs/include_nis to /etc/autofs/include_nis_nullfs, to indicate
that this script provides nullfs map rewriting for local mounts.

MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2017-11-27 12:46:18 +00:00
Edward Tomasz Napierala
db2ec83907 Change formatting; no functional changes.
MFC after:	2 weeks
Sponsored by:	DARPA, AFRL
2017-11-27 12:44:03 +00:00
Ed Maste
71d5ff4391 filter all passwords (not only changed) from periodic passwd backup
The periodic 200.backup-passwd script outputs any differences it finds
in master.passwd, relative to the previous backup.  It intends to elide
the encrypted password field, but previously did so only for changed
lines (i.e., those beginning with - or + in the diff).

Apply the sed expression also to unchanged lines to also elide their
passwords.

PR:		223461
Reported by:	Andre Albsmeier
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2017-11-21 20:31:54 +00:00
Alan Somers
396c556d77 Add ATF tests for head(1)
Submitted by:	Fred Schlecter <https://github.com/fjs-github>
Reviewed by:	asomers, jilles
MFC after:	3 weeks
Differential Revision:	https://github.com/freebsd/freebsd/pull/127
2017-11-20 22:55:02 +00:00
Andriy Voskoboinyk
c92451ae9d Reduce code duplication for wlan(4) interface creation in network.subr.
Since wlandebug(8) can accept any (original or changed) interface name
this part may be simplified a bit.
2017-11-19 20:18:21 +00:00
Mariusz Zaborski
3aa239f187 Remove unused Casper configurations files.
This is a reaming of Casper daemon.
2017-11-18 15:34:31 +00:00
Konstantin Belousov
9898800172 Remove xlint(1).
xlint is currently a fossil.  We have much more useful and alive tools
to do now what xlint did twenty years ago.

I did not cleared some stuff which makes lint operational, in
sys/x86/include and sys/sys, but I might do it as followup.  The
x86/include/ucontext.h and _types.h hacks made to please lint was the
main reason for my initial proposal to classify xlint as obsolete and
to remove it.

Also I do not intend to clear sccs ids.

Reviewed by:	bapt, brooks, emaste, jhb, pfg
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D13015
2017-11-16 14:37:18 +00:00
Alan Somers
d02819b5e6 devd.conf: add mps and mpr to the scsi controllers regex
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D12744
2017-11-14 16:32:40 +00:00
Brad Davis
f58e59923e Remove an unused variable.
Approved by:	bdrewery
2017-11-14 01:48:24 +00:00
Eugene Grosbein
cedc7c5870 Add suitable knob ifconfig_<interface>_descr for static interface description.
Document availability of interface descriptions within rc.conf(5).

Approved by:	avg (mentor), mav (mentor)
MFC after:	3 days
2017-11-08 16:53:11 +00:00
Edward Tomasz Napierala
35dd951c8c Make autofs(5) rc scripts run earlier, matching those for amd(8).
This helps when you have some daemons that need to access automounted shares.

PR:		221011
MFC after:	2 weeks
2017-11-04 15:52:16 +00:00
Edward Tomasz Napierala
533b437eae Add NIS automounter map, which supports rewriting of self-hosted locations
to make them nullfs.

PR:		221010
Submitted by:	G. Paul Ziemba
MFC after:	2 weeks
2017-11-04 14:38:00 +00:00
Conrad Meyer
648176e095 bluetooth: Default to discoverable off
Try to not expose bluetooth devices to external devices unless the user
explicitly configures it, like any other radio/network device.  Bluetooth
has a long history of security problems and it is probably best to keep it
disabled if not needed.

Users who do use the bluetooth device should enable "discoverable" in
bluetooth.device.conf(5) after this change.

Keep in mind that bluetooth addresses can be discovered by passive
monitoring or whole address-space scans[0], so a safety conscious user
should also disable "connectable" in bluetooth.device.conf(5).

[0]: https://www.sans.edu/cyber-research/security-laboratory/article/bluetooth

Reviewed by:	emax, hselasky
Security:	maybe
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12831
2017-11-01 18:58:54 +00:00
Andriy Voskoboinyk
99a1c8894a Regenerate etc/devd/usb.conf
Reminded by:		hselasky
2017-10-31 23:33:24 +00:00
Bryan Drewery
939d033cab Disconnect libpathconv tests since they require external perl and do not work with kyua.
This reverts r325192 and is due to libpathconv being connected in r325186.

Reported by:	ngie
Sponsored by:	Dell EMC Isilon
2017-10-31 19:52:30 +00:00
Bryan Drewery
ae160963d8 Fix installworld/distrib-dirs for pathconv after r325186.
Sponsored by:	Dell EMC Isilon
2017-10-31 01:43:36 +00:00
Eitan Adler
a2aef24aa3 Update several more URLs
- Primarily http -> https
- Primarily FreeBSD project URLs
2017-10-29 08:17:03 +00:00
Mark Johnston
64a16434d8 Add support for compressed kernel dumps.
When using a kernel built with the GZIO config option, dumpon -z can be
used to configure gzip compression using the in-kernel copy of zlib.
This is useful on systems with large amounts of RAM, which require a
correspondingly large dump device. Recovery of compressed dumps is also
faster since fewer bytes need to be copied from the dump device.

Because we have no way of knowing the final size of a compressed dump
until it is written, the kernel will always attempt to dump when
compression is configured, regardless of the dump device size. If the
dump is aborted because we run out of space, an error is reported on
the console.

savecore(8) is modified to handle compressed dumps and save them to
vmcore.<index>.gz, as it does when given the -z option.

A new rc.conf variable, dumpon_flags, is added. Its value is added to
the boot-time dumpon(8) invocation that occurs when a dump device is
configured in rc.conf.

Reviewed by:	cem (earlier version)
Discussed with:	def, rgrimes
Relnotes:	yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D11723
2017-10-25 00:51:00 +00:00
Brad Davis
bd6bc862e3 Remove a atrun check that is nullified by r318443.
Approved by:	will
2017-10-21 21:58:24 +00:00
Cy Schubert
dde7644292 Anticongestion refinements for ntpd rc script. This reverts r324681
and checks if ntp leapfile needs fetching before entering into the
anticongestion sleep.

Unfortunately some ports still use their own sleeps so, this commit
doesn't address the complete problem which is compounded by every
port that uses its own anticongestion mechanism.

Discussed with:		asomers
2017-10-19 03:17:50 +00:00
Cy Schubert
53ddaabc12 Style. Replace 8 spaces with a tab.
MFC after:	2 weeks (with prior commit to this file)
2017-10-17 01:15:55 +00:00
Cy Schubert
088e763042 Provide an option to run the anticongestion ntpd leapfile fetch in
the background.

Original patch submitted by feld@. I added the "optional" bit.

Submitted by:	feld (original patch)
MFC after:	2 weeks
2017-10-17 01:15:13 +00:00
Jilles Tjoelker
d78b853f0f rc.subr: Remove test that is always true.
The code above always sets _pidcmd to a non-empty value.
2017-10-15 11:28:41 +00:00
Kristof Provost
96842052d3 Regenerate usb.conf 2017-10-13 20:29:35 +00:00
Kristof Provost
1d6f5f214a pf: Basic automated test using VIMAGE
If VIMAGE is present we can start jails with their own pf instance. This
makes it fairly easy to run tests.
For example, this basic test verifies that drop/pass and icmp
classification works. It's a basic sanity test for pf, and hopefully an
example on how to write more pf tests.

The tests are skipped if VIMAGE is not enabled.

This work is inspired by the GSoC work of Panagiotes Mousikides.

Differential Revision:	https://reviews.freebsd.org/D12580
2017-10-06 20:43:14 +00:00
Jeremie Le Hen
e415aa2846 Remove rcmds.
If they are still needed, you can find them in the net/bsdrcmds port.

This was proposed June, 20th and approved by various committers [1].
They have been marked as deprecated on CURRENT in r320644 [2] on July, 4th.
Both stable/11 and release/11.1 contain the deprecation notice (thanks to
allanjude@).

Note that ruptime(1)/rwho(1)/rwhod(8) were initially thought to be part of
rcmds but this was a mistake and those are therefore NOT removed.

[1] https://lists.freebsd.org/pipermail/freebsd-arch/2017-June/018239.html
[2] https://svnweb.freebsd.org/base?view=revision&revision=320644

Reviewed by:	bapt, brooks
Differential Revision:	https://reviews.freebsd.org/D12573
2017-10-06 08:43:14 +00:00
Andriy Gapon
31f976bc4a fix the misleading log facility used in devd/zfs.conf
In general, the "kern" facility is reserved for the kernel use only.
If a program specifies that facility, then it is silently converted
to "user" facility.
So, using logger -p kern.xxx was both misleading and non-specific.

Thus, change the facility to local7, so that users can create
more adequate syslogd configurations.

While local0..local7 are documented as being for local use we already
have several examples in the tree where they are used because none of
the named facilities really fits.

Approved by:	asomers
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D12420
2017-10-05 12:38:26 +00:00
Ian Lepore
e8b437ef9a Remove spurious $flags; it's a paste-o from copying the line from rc.subr.
Also, add a comment documenting the args passed to mount_md().
2017-09-29 22:21:42 +00:00
Ian Lepore
50e3590c44 Enhance mdmfs(8) to work with tmpfs(5).
Existing scripts and associated config such as rc.initdiskless, rc.d/var,
and others, use mdmfs to create memory filesystems. That program accepts a
size argument which allows SI suffixes and treats an unsuffixed number as a
count of 512 byte sectors. That makes it difficult to convert existing
scripts to use tmpfs instead of mdmfs, because tmpfs treats unsuffixed
numbers as a count of bytes. The script logic to deal with existing user
config that might include suffixed and unsuffixed numbers is... unpleasant.

Also, there is no g'tee that tmpfs will be available. It is sometimes
configured out of small-resource embedded systems to save memory and flash
storage space.

These changes enhance mdmfs(8) so that it accepts two new values for the
'md-device' arg: 'tmpfs' and 'auto'. With tmpfs, the program always uses
tmpfs(5) (and fails if it's not available). With 'auto' the program prefers
tmpfs, but falls back to using md(4) if tmpfs isn't available. It also
handles the -s <size> argument so that the mdconfig interpetation of
unsuffixed numbers applies when tmpfs is used as well, so that existing user
config keeps working after a switch to tmpfs.

A new rc setting, mfs_type, is added to etc/defaults/rc.conf to let users
force the use of tmpfs or md; the default value is "auto".

Differential Revision:	https://reviews.freebsd.org/D12301
2017-09-29 22:13:26 +00:00
Baptiste Daroussin
52eb4160a1 Do not actually install uneeded alias for man 2017-09-26 05:46:10 +00:00
Baptiste Daroussin
e6340c5d05 Remove unneeded locales and alias man directories
In base, locales (and encoding) specific directories are not used
by any tool. Just remove them.

While here also remove the cat page directory for openssl
2017-09-26 05:43:55 +00:00
Baptiste Daroussin
05572d356b Remove the cat pages directory now that catman(1) is gone 2017-09-25 21:23:49 +00:00
Hans Petter Selasky
05a3427964 Regenerate usb.conf .
MFC after:	1 week
2017-09-20 15:00:00 +00:00
Gordon Tetlow
4572fb3faf Deorbit catman. The tradeoff of disk for performance has long since tipped
in favor of just rendering the manpage instead of relying on pre-formatted
catpages. Note, this does not impede the ability to use existing catpages,
it just removes the utility to generate them.

Reviewed by:	imp, allanjude
Approved by:	emaste (mentor)
Differential Revision:	https://reviews.freebsd.org/D12317
2017-09-13 16:35:16 +00:00
Alan Somers
014404db1a Add basic tests for chflags, mkdir, rcp, and rmdir
Add basic command line parsing test coverage for these utilities.  The tests
were automatically generated based on their man pages.  These tests can be
expanded by hand for more thorough coverage.  The aim is to generate very
basic amount of test coverage for all the utilities in the base system.

Submitted by:	shivansh
Reviewed by:	asomers, brooks
MFC after:	3 weeks
Sponsored by:	Google, Inc (GSoC 2017)
Differential Revision:	https://reviews.freebsd.org/D12036
2017-09-07 16:54:47 +00:00
Alan Somers
cc15f41351 Fix 100.chksetuid and 110.neggrpperm for mountpoints with spaces
Also, fix them for mountpoints with tabs.

PR:		48325
Reported by:	pguyot@kallisys.net, aaron@baugher.biz
MFC after:	3 weeks
2017-08-25 00:28:56 +00:00
Marius Strobl
ae47d9383f Bring back the much more readable unified format for differences in
/etc/{group,master.passwd}. This was originally turned on for all of
/etc/{aliases,group,master.passwd} in r55196, but then backed out
only for the latter two in r56697, as the adaption of the sed(1)ing
done in r56308 was incorrect. This left us with inconsistent diff(1)
formats in the daily output of periodic(8) ever since, despite in
r56697 having been promised to be revisited. So properly adapt the
password hash filtering to the unified format and turn the later on
again for /etc/{group,master.passwd}, too.
2017-08-20 20:38:15 +00:00
John Baldwin
0bfcfa8634 Unconditionally install rwhod support scripts.
r322277 moved rwho* and ruptime out of the MK_RCMDS conditional including
updating the obsolete files entries to not remove these scripts due to
WITHOUT_RCMDS=yes.  However, the initial installation was still conditional
on MK_RCMDS, so new installs did not include these scripts and upgrades via
mergemaster or etcupdate removed them.

PR:		220953
MFC after:	1 month
2017-08-15 22:16:15 +00:00
Jilles Tjoelker
2cc32af06f sh: Add tests for sh -c that already pass.
PR:		220587
Submitted by:	Ryan Moeller
2017-08-12 19:17:48 +00:00
Sepherosa Ziehau
c685956956 hyperv: Add VF bringup scripts and devd rules.
How network VF works with hn(4) on Hyper-V in non-transparent mode:

- Each network VF has a cooresponding hn(4).
- The network VF and the it's cooresponding hn(4) have the same hardware
  address.
- Once the network VF is up, e.g. ifconfig VF up:
  o  All of the transmission should go through the network VF.
  o  Most of the reception goes through the network VF.
  o  Small amount of reception may go through the cooresponding hn(4).
     This reception will happen, even if the the cooresponding hn(4) is
     down.  The cooresponding hn(4) will change the reception interface
     to the network VF, so that network layer and application layer will
     be tricked into thinking that these packets were received by the
     network VF.
  o  The cooresponding hn(4) pretends the physical link is down.
- Once the network VF is down or detached:
  o  All of the transmission should go through the cooresponding hn(4).
  o  All of the reception goes through the cooresponding hn(4).
  o  The cooresponding hn(4) fallbacks to the original physical link
     detection logic.

All these features are mainly used to help live migration, during which
the network VF will be detached, while the network communication to the
VM must not be cut off.  In order to reach this level of live migration
transparency, we use failover mode lagg(4) with the network VF and the
cooresponding hn(4) attached to it.

To ease user configuration for both network VF and non-network VF, the
lagg(4) will be created by the following rules, and the configuration
of the cooresponding hn(4) will be applied to the lagg(4) automatically.

Sponsored by:	Microsoft
Differential Revision:	https://reviews.freebsd.org/D11635
2017-07-31 07:18:15 +00:00
Rick Macklem
a70ee81756 Modify /etc/rc.d/nfsd so it doesn't force a startup of nfsuserd for NFSv4.
Given that RFC7530 allows uid/gids to be placed in owner/owner_group
strings directly, many NFSv4 environments don't need the nfsuserd.
This small patch modified /etc/rc.d/nfsd so that it does not force
startup of the nfsuserd daemon unless nfs_server_managegids is enabled.
This implies that nfsuserd_enable="YES" must be added to /etc/rc.conf
for NFSv4 server environments that use Kerberos mounts or clients that
do not support the uid/gid in string capability.
Since this could be considered a POLA violation, it will not be MFC'd.

Discussed on:	freebsd-current
2017-07-28 21:07:57 +00:00
Enji Cooper
fcb60eb0bb Unconditionally install etc/mtree/BSD.debug.dist again
r279248 unconditionally installed BSD.debug.dist for ease-of-developer-use.
Restore the previous behavior.

While here, add a comment to note that this is intentional to avoid accidental
future removal.

MFC after:	2 months
MFC with:	r321444
2017-07-25 00:28:23 +00:00
Enji Cooper
e017348aa8 Remove ${MTREE} and leverage etc/mtree/Makefile instead with
"make distribution".

This also fixes the fact that BSD.debug.dist was being installed if/when
${MK_DEBUG_FILES} != "no" before this commit.

MFC after:	2 months
2017-07-24 23:57:43 +00:00
Dimitry Andric
2fef18f836 Merge ^/head r320994 through r321238. 2017-07-19 19:43:10 +00:00
Emmanuel Vadot
2a4727a472 ipfw_netflow: Add support for FIB
If ipfw_netflow_fib, the ipfw rule will only match packets in that FIB.

While here correct some value in rc.conf(5) to be int and not str.

Sponsored by:	Gandi.net
2017-07-18 14:02:02 +00:00
Emmanuel Vadot
fd75b64d7e ipfw_netflow: add +ipfw_netflow_enable="NO" to defaults/rc.conf and document
usage in rc.conf(5)

Reported by:	markj
Sponsored by:	Gandi.net
2017-07-17 08:53:51 +00:00
Kristof Provost
4d7709ddf6 pfctl parser tests
Copy the most important test cases from OpenBSD's corresponding
src/regress/sbin/pfctl, those that run pfctl on a test input file and check
correctness of its output. We have also added some new tests using the same
format.

The tests consist of a collection of input files (pf*.in) and
corresponding output files (pf*.ok). We run pfctl -nv on the input
files and check that the output matches the output files. If any
discrepancy is discovered during future development in the source
tree, we know that a regression bug has been introduced into the tree.

Submitted by:	paggas
Sponsored by:	Google, Inc (GSoC 2017)
Differential Revision:	https://reviews.freebsd.org/D11322
2017-07-15 19:22:01 +00:00