Commit Graph

56 Commits

Author SHA1 Message Date
Joel Dahl
c2965cd185 mdoc: terminate quoted strings.
Reviewed by:	brueffer
2012-03-26 15:18:14 +00:00
Ed Schouten
4c2c7b2c94 Make init(8) slightly more robust when /dev/console is missing.
If the environment doesn't offer a working /dev/console, the existing
version of init(8) will simply refuse running rc(8) scripts. This means
you'll only have a system running init(8) and nothing else.

Change the code to do the following:

- Open /dev/console like we used to do, but make it more robust to use
  O_NONBLOCK to prevent blocking on a carrier.
- If this fails, use /dev/null as stdin and /var/log/init.log as stdout
  and stderr.
- If even this fails, use /dev/null as stdin, stdout and stderr.

So why us this useful? Well, if you remove the `getpid() == 1' check in
main(), you can now use init(8) inside jails to properly execute rc(8).
It still requires some polishing, as existing tools assume init(8) has
PID 1.

Also it is now possible to use use init(8) on `headless' devices that
don't even have a serial boot console.
2012-03-14 16:22:09 +00:00
Ed Schouten
c21ae3a403 Move utmpx handling out of init(8).
This has the following advantages:

- During boot, the BOOT_TIME record is now written right after the file
  systems become writable, but before users are allowed to log in. This
  means that they can't cause `hidden logins' by logging in right before
  init(8) kicks in.

- The pututxline(3) function may potentially block on file locking,
  though this is very rare to occur. By placing it in an rc script, the
  user can still kill it with ^C if needed.

- Most importantly: jails don't use init(8). This means that a force
  reboot of a system running jails will leave stale entries in the
  accounting database of the jails individually.
2012-02-11 20:47:16 +00:00
Eitan Adler
36daf0495a - change "is is" to "is" or "it is"
- change "the the" to "the"

Approved by:	lstewart
Approved by:	sahil (mentor)
MFC after:	3 days
2011-10-16 14:30:28 +00:00
Jilles Tjoelker
61bb1f4313 init(8): Document that login(1) is now responsible for recording logouts.
init(8) only uses utmpx for recording reboots and shutdowns.
2011-01-23 14:54:45 +00:00
Ed Schouten
0806dd9238 Remove stale references to utmp(5) and its corresponding filenames.
I removed utmp and its manpage, but not other manpages referring to it.
2010-01-21 17:25:12 +00:00
Ralf S. Engelschall
7090a0c6be Fix typo: effected -> affected
Submitted by: Gordon Stratton <tsr2600 (at) gmail (dot) com>
2007-01-02 09:12:37 +00:00
Ruslan Ermilov
4e9e907d63 -mdoc sweep. 2005-11-18 10:36:29 +00:00
Ralf S. Engelschall
724447ac41 Fix system shutdown timeout handling by again supporting longer running
shutdown procedures (which have a duration of more than 120 seconds).

We have two user-space affecting shutdown timeouts: a "soft" one in
/etc/rc.shutdown and a "hard" one in init(8). The first one can be
configured via /etc/rc.conf variable "rcshutdown_timeout" and defaults
to 30 seconds. The second one was originally (in 1998) intended to be
configured via sysctl(8) variable "kern.shutdown_timeout" and defaults
to 120 seconds.

Unfortunately, the "kern.shutdown_timeout" was declared "unused" in 1999
(as it obviously is actually not used within the kernel itself) and
hence was intentionally but misleadingly removed in revision 1.107 from
init_main.c. Kernel sysctl(8) variables are certainly a wrong way to
control user-space processes in general, but in this particular case the
sysctl(8) variable should have remained as it supports init(8), which
isn't passed command line flags (which in turn could have been set via
/etc/rc.conf), etc.

As there is already a similar "kern.init_path" sysctl(8) variable which
directly affects init(8), resurrect the init(8) shutdown timeout under
sysctl(8) variable "kern.init_shutdown_timeout". But this time document
it as being intentionally unused within the kernel and used by init(8).
Also document it in the manpages init(8) and rc.conf(5).

Reviewed by: phk
MFC after: 2 weeks
2005-09-15 13:16:07 +00:00
Gary W. Swearingen
e17c0e3256 Moved descriptions of securelevels from init(7) to security(7).
Files used both "securelevel" and either "secure level" or
"security level"; all are now "security level".

PR:             docs/84266
Submitted by:   garys
Approved by:    keramida
MFC after:      3 days
2005-09-03 17:16:00 +00:00
Ruslan Ermilov
6087df9e8b Sort sections. 2005-01-18 10:09:38 +00:00
Giorgos Keramidas
328dbe4a94 Add references to pf(4) and pfctl(8) at the description of
securelevel = 3.

PR:		docs/69417
Submitted by:	Janos Mohacsi (mohacsi(at)niif(dot)hu)
2004-07-22 10:38:13 +00:00
Ruslan Ermilov
9806e23132 Mechanically kill hard sentence breaks. 2004-07-02 21:45:06 +00:00
Ruslan Ermilov
d04b5dfe6c Assorted markup, grammar, and spelling fixes. 2004-05-17 08:35:43 +00:00
Mark Murray
4c723140a4 Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp
2004-04-09 19:58:40 +00:00
Maxime Henrion
b4089f6417 Mention that securelevel 1 also blocks access to /dev/io if it
exists (not all platforms have it).
2004-02-20 21:38:23 +00:00
Ken Smith
280b191c3a - Add some information about how init, securelevel, and jails
interact with each other.
	- Minor markup fix (.Dq -> .Va for a variable)

Reviewed by:	rwatson
Approved by:	blackend (mentor)
2003-11-11 18:37:50 +00:00
Philippe Charnier
9680d7b695 Add section number to .Xr 2003-06-08 12:51:28 +00:00
Giorgos Keramidas
09003f98d8 There are 5 securelevels, not 4.
PR:		docs/50049
Submitted by:	Colin Percival <cperciva@sfu.ca>
2003-03-26 01:30:34 +00:00
Ruslan Ermilov
522ccf3f35 mdoc(7) police: markup laundry. 2003-02-23 01:47:49 +00:00
Tom Rhodes
ce66ddb763 s/filesystem/file system/g as discussed on -developers 2002-08-21 18:11:48 +00:00
Ruslan Ermilov
e091d0c2ac can not -> cannot. 2002-08-13 14:10:36 +00:00
Philippe Charnier
e1205e80e5 The .Nm utility 2002-07-06 19:34:18 +00:00
Ruslan Ermilov
57e4378bf6 mdoc(7) police: protect trailing full stops of abbreviations
with a trailing zero-width space: `e.g.\&'.
2001-08-10 13:45:36 +00:00
Ruslan Ermilov
c4d9468ea0 mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
Dima Dorfman
7ebcc426ef Remove whitespace at EOL. 2001-07-15 07:53:42 +00:00
Ruslan Ermilov
9fe48c6e8d mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
Dima Dorfman
2306a12f75 Back out most of revision 1.28: lists of diagnostics must use -diag,
not -tag.  Instead, put a period after the error messages to aide
those using dumb terminals not capable of properly displaying markup.

Requested by:	ru
2001-04-13 06:54:05 +00:00
Dima Dorfman
f643366677 Make the list in the DIAGNOSTICS section "-tag" instead of "-diag":
the former makes it more obvious as to there the error message starts
and the explanation begins.

PR:		26431
2001-04-10 01:03:29 +00:00
Ruslan Ermilov
d8aa002e9c Prepare for mdoc(7)NG. 2000-12-19 15:36:48 +00:00
Ben Smithurst
8afbbd41f4 Explicitly document the fact that securelevel > 0 means that kernel modules
may not be (un)loaded.

PR:		23350
Submitted by:	Gordon Tetlow <gordont@bluemtn.net>
2000-12-07 21:09:22 +00:00
Ruslan Ermilov
7c7fb079b9 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 16:52:27 +00:00
Sheldon Hearn
01de01168f Improve the clarification of the handling of the securelevel.
Submitted by:	bde
2000-09-13 08:39:41 +00:00
Sheldon Hearn
67b661fd0a Clarify the handling of the securelevel.
PR:		20974
2000-09-12 12:30:13 +00:00
Sheldon Hearn
ef8f7ac935 Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 11:27:47 +00:00
Nik Clayton
ae11003873 Document that securelevel >= 2 clamps time changes to at most one second.
PR:             docs/14449
Submitted by:   James FitzGibbon <james@targetnet.com>
1999-12-16 02:15:53 +00:00
Sheldon Hearn
f0f4f75620 Correct the ttys.5 and init.8 manpages with respect to the incorrect
assumption that only getty processes can be managed.  Describe the
SysV-like ability to keep arbitrary long-running processes alive
using a non-device first field in /etc/ttys.

PR:		12767
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
1999-12-06 09:07:14 +00:00
KATO Takenori
a4edcf8989 FreeBSD kernel doesn't allow any process to decrease securelevel. So,
init(8) cannot decrease securelevel.  The manual page explains this
and single_user() doesn't try to downgrade kernel to insecure mode.

Reviewed by:	bde (manual page)
1999-09-06 08:41:32 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Matthew Hunt
ec32ddd693 "Cannot" is one word. "Can not" has a different meaning if taken
literally.
1999-07-05 18:12:13 +00:00
Ruslan Ermilov
5d94d8b6a2 Turn System V command line syntax ``on'' by default.
Requested by:		peter
Reviewed by:		des, billf
1999-07-01 13:33:56 +00:00
Ruslan Ermilov
1681d65976 Bring in System V run-level patches (turned off by default).
While I'm here, fix some typos in the manpage.

Requested by:	des
1999-06-18 09:08:09 +00:00
Ruslan Ermilov
a0a549c7fd Init(8) will halt the system if sent USR1 signal,
or halt and turn the power off if sent SIGUSR2.

PR:		5451
Submitted by:	Leif Neland <leifn@image.dk>
Reworked by:	ru
Reviewed by:	-hackers
1999-06-16 20:01:19 +00:00
Guy Helmer
04b2ac6e73 Mention securelevel 3 as affecting ipfw and dummynet. Generalize comment
about fdisk and securelevel 2.
PR:		docs/7785
1998-12-16 16:50:12 +00:00
Philippe Charnier
5df42cf4ae Correct .Nm use. Add rcsid. Use min for minutes instead of mn. 1998-07-06 06:56:08 +00:00
Joseph Koshy
6ebaa024df Fixes per PR 2850:
(a) Note that the default securelevel value is -1, in -current and -stable.
(b) Mention kernel sysctl variable that controls securelevel.
(c) Add warning the `fsck' will fail if securelevel >= 2.
(d) Suggest end of /etc/rc as the right place to raise securelevel.

and one spelling fix.

PR: 2850
1998-06-19 08:34:52 +00:00
David Nugent
8889c700f3 Add /etc/rc.shutdown capability to init.
Add sample /etc/rc.shutdown (which is just a shell for now).
Submitted by:	Ollivier Robert <roberto@keltia.freenix.fr>
1997-08-02 00:22:52 +00:00
Mike Pritchard
7966553397 Be more specific as to which flags may not be turned off when the
system is running in secure mode.

Obtained from: NetBSD PR# 3299
1997-04-01 20:41:04 +00:00
Peter Wemm
c0ec1f37ef Revert $FreeBSD$ to $Id$ 1997-02-22 14:40:44 +00:00
Adam David
4f3cac8f23 typo 1997-01-22 12:38:40 +00:00