and config-file entries which specify a filename-pattern (glob). It is
still not perfectly-right, but at least it isn't completely-wrong.
Reviewed by: no objections on freebsd-arch
MFC after: 3 weeks
MFC addendum: (or after the code-freeze of 4.x is lifted)
should rotate all files given on the command, even if they don't seem to
need to be rotated. This would be used by some other command that decides
the given log file(s) should be rotated, but wants the "how" of that rotation
to be determined by entries to newsyslog. Wes expects to change syslogd to
take advantage of this. Man page will be updated after we're sure this is
all working the way we want it to.
Reviewed by: no objections on freebsd-arch
MFC after: 3 weeks
MFC addendum: (or after the code-freeze of 4.x is lifted)
permit users and groups to bind ports for TCP or UDP, and is intended
to be combined with the recently committed support for
net.inet.ip.portrange.reservedhigh. The policy is twiddled using
sysctl(8). To use this module, you will need to compile in MAC
support, and probably set reservedhigh to 0, then twiddle
security.mac.portacl.rules to set things as desired. This policy
module only restricts ports explicitly bound using bind(), not
implicitly bound ports where the port number is selected by the
IP stack. It appears to work properly in my local configuration,
but needs more broad testing.
A sample policy might be:
# sysctl security.mac.portacl.rules="uid:425:tcp:80,uid:425:tcp:79"
This permits uid 425 to bind TCP sockets to ports 79 and 80. Currently
no distinction is made for incoming vs. outgoing ports with TCP,
although that would probably be easy to add.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
not send a signal to any processes. Also add a config-file flag of 'N' or
'n', which indicates that the given logfile has no process which needs a
signal when it is rotated. Both of these are based on changes NetBSD
has made, although the implementation is somewhat different.
PR: bin/36553 (2nd half)
Reviewed by: no objections on freebsd-arch
Obtained from: NetBSD (in spirit, at least)
MFC after: 3 weeks
queue items that can be allocated by netgraph and the number of free queue
items that are cached on a private list.
Netgraph places an upper limit on the number of queue items it may allocate.
When there is a large number of netgraph messages travelling through the
system (100k/sec and more) there is a high probability, that messages get
queued at the nodes and netgraph runs out of queue items. In this case the data
flow through netgraph gets blocked. The tuneable for the number of free
items lets one trade memory for performance.
The tunables are also available as read-only sysctls.
PR: kern/47393
Reviewed by: julian
Approved by: jake (mentor)
Both "product" and "build" ordering are rampant in /usr/src. This document
is not indented to be as strict as style(9) as historically BSD hasn't been
as consistent about Makefile as C code. Also there are too many variations,
exceptions and allowances in out existing Makefile style to be strict.
However there is a general level of consensus on what the general BSD style
of our Makefiles is. This manpage documents that "smell".
o Give the proper spelling for WARNS.
o Clarify using NO_WERROR.
o Embelish -D after -I verbage.
o Document preference of ${.ALLSRC} & ${.TARGET} vs. $< & $@.
Based on: brucification
program allows users in the operator group to take filesystem
snapshots. Its first use will be in support of `dump -L'.
Approved by: Technical Review Board <trb@FreeBSD.org>
Sponsored by: DARPA & NAI Labs.
