For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.
- Limit file descriptors of a file specified by -r option or files specified
via -V option to CAP_READ only.
- If neither -r nor -V options were specified, we operate on /dev/bpf.
Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
BIOCGSTATS only.
- Limit file descriptor of a file specified by -w option to CAP_SEEK and
CAP_WRITE.
- If either -C or -G options were specified, we open directory containing
destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
files are limited to CAP_SEEK and CAP_WRITE only.
- Enter capability mode if -n option was specified and neither -z nor -V
options were specified.
Approved by: delphij, wxs
Sponsored by: The FreeBSD Foundation
They originated in the original Octeon port. They weren't present, as
far as I can tell, on the projects/mips branch until after this
point. They were in the original Octeon port in code picked up from
the vendor, who I've been able to find out trolling old email put them
there to get around an SMP problem that most likely was fixed in other
ways.
NetBSD and Linux don't have these, except for some specific uses of
SYNC on the alchemy parts (which we don't support, but even if we did
it is only a specific case and would be specifically coded
anyway). This is true of the current Linux code, as well as one old
version I polled.
I looked back at the old R12000, R8000, R6000, R4000, R4400 errata
that I have, and could find no mention of SYNC needing NOPs for
silicon bugs (although plenty of other cases where NOPs and other
contortions were needed).
An Google search turned up no old mailing list discussions on this on
Linux, NetBSD or FreeBSD (except the disussion that kicked off these
studies).
I've test booted this on my Octeon Plus eval board and survived a
buildworld. Adrian Chadd reports that this patch has no ill effects on
the Ahteros platforms he tested it on.
I conclude it is safe to just remove the NOPs. But added
__MIPS_PLATFORM_SYNC_NOPS as a failsafe in case we find some platform
where these are, in fact, required.
Reviewed by: adrian@
apply diff to compat/linux versions).
- The cp implies an update of videodev2.h to the linux kernel 2.6.34.14 one.
The update makes video in skype v4 work on FreeBSD.
Tested by: Artyom Mirgorodskiy <artyom.mirgorodsky@gmail.com>
(update of header only)
This is a port of NetBSD's GSoC 2012 Ext3 HTree directory indexing
by Vyacheslav Matyushin. It was cleaned up and enhanced for FreeBSD
by Zheng Liu (lz@).
This is an excellent example of work shared among different projects:
Vyacheslav was able to look at an early prototype from Zheng Liu who
was also able to check the code from Haiku (with permission).
As in linux, the feature is not available by default and must be
enabled explicitly with tune2fs. We still do not support the
workarounds required in readdir for NFS.
Submitted by: Zheng Liu
Tested by: Mike Ma
Sponsored by: Google Inc.
MFC after: 1 week
of Skyhawk adapters.
Many thanks to Emulex for their continued support of FreeBSD.
Submitted by: "Duvvuru,Venkat Kumar" <VenkatKumar.Duvvuru Emulex.Com>
MFC after: 1 day
This follows section 18.4.2.2 SD Soft Reset Flow in the TI AM335x Technical
Reference Manual and seems to fix the "ti_mmchs0: Error: current cmd NULL,
already done?" messages.
stable/9 planned after MFC 3-day period. The MFC to stable/9 is desired for
the next release to get some much-needed time:
+ Living side-by-side with sysinstall for compare/contrast/transition
+ Living side-by-side with bsdinstall for integration/transition
+ Additional feedback/testing before eventual 10.0-R to make it even better
MFC after: 3 days
full issue with ARC-1214 and ARC-1224.
Many thanks to Areca for continuing to support FreeBSD.
Submitted by: 黃清隆 <ching2048 areca com tw>
MFC after: 1 day
user, where when more than one hpt27xx adapters are being used,
the "unit number" stays at 0.
Many thanks to HighPoint for providing this driver update.
MFC after: 1 day
controllers. Update the hptiop(4) manual page to reflect this
as well as mentioning that some cards are already end-of-life.
Many thanks to Highpoint for providing this driver update.
MFC after: 1 day
the src/ tree into a directory that contains files/directories, such
as a case where a custom kernel configuration file is specified.
- Allow specification of multiple KERNCONFs to pass to 'make release'.
- Move evaluation of NODOCS/NOPORTS earlier, and set based on how the
release process expects these options to be evaluated.
- Wrap KERNCONF specification in double quotes, and use 'eval' so multiple
kernel configurations do not cause the build to fail in strange ways.
- Set WITHOUT_X11 for the port build flags for the documentation toolchain
build. Also run 'clean distclean' targets during port build.
PR: 180192
Submitted by: Anes Mukhametov
MFC after: 3 days
Approved by: kib (mentor, implicit)
(packageReinstall) and UI access have been tested successfully with a
variation of different situations including:
+ Reinstall a package for which no other packages depend
+ Purposefully do thinks like reinstall a package that is not installed
+ Try to reinstall a package which other installed packages still depend
NOTE: There is no "force" used; if a package is required by other packages,
it will not be uninstalled (and therefore no reinstall is done).
/dev/kmem and /dev/mem (in addition to traditional file permission checks).
PRIV_KMEM_READ is different from other PRIV_* checks in that it's allowed
by default.
Reviewed by: kib, mckusick
Quoting illumos issue #3836:
Currently zio_free() always puts the zio on a list for subsequent
processing by zio_free_sync(). This is only necessary for frees that
might need to issue reads (gang and dedup blocks).
By processing the majority of the frees as we encounter them, we reduce
the amount of time that the spa_sync() thread spends burning CPU and
not doing any i/o, thus increasing the overall write throughput of the
system.
Illumos ZFS issues:
3836 zio_free() can be processed immediately in the common case
MFC after: 1 week
mktemp(), mkstemp() and mkdtemp() are available in standard <stdlib.h> and
also in <unistd.h>. Encourage use of the former by listing it in the
synopsis.
Gcc outputs pre-UAL asm and expects the ldcl instruction with a condition
in the form ldc<c>l, where the code produces the instruction in the UAL
form ldcl<c>. Work around this by checking if we are using clang or gcc and
adjusting the instruction.
While here correct the cmp instruction's value to include the # before the
immediate value.
(this is designed to allow new modules to be installed via ports/packages).
To prevent conflict with itself (sysutils/bsdconfig) as a port (which
installs its base modules to the above directory, it was long-ago decided
that so-called `base' modules would look different than now-defined `add-on'
modules. The structure of the contents for each is the same, but the naming
convention for the module directory must be different.
Base modules are named `[0-9][0-9][0-9].*' to allow SysV-style organization
while add-on modules must avoid this naming style and are simply listed in
alphabetical order by their module directory.
For example, a hypothetical port named `bsdconfig-jails' could install
/usr/local/libexec/bsdconfig/jails and provide `bsdconfig jails' as well as
a new menu entry in the main-menu.
Add-on modules are listed in the main-menu (when bsdconfig is executed with-
out arguments) below a separator after the last base-module.
In `bsdconfig -h' output, add-on modules are listed right alongside base
modules (sorted alphabetically in columnar fashion; left-to-right).
If a base module declares a keyword used by an add-on module, the base
module will always win when given `bsdconfig keyword' syntax.
Add-on modules should avoid declaring any keyword found in `script.subr' as
a reserved-word (`Resword') since bsdconfig also supports `bsdconfig resword'
as a fall-back if no keyword is found to be declared by any module.