returning anything but EPERM.
o suser is enabled by default; once disabled, cannot be reenabled
o To be used in alternative security models where uid0 does not connote
additional privileges
o Should be noted that uid0 still has some additional powers as it
owns many important files and executables, so suffers from the same
fundamental security flaws as securelevels. This is fixed with
MAC integrity protection code (in progress)
o Not safe for consumption unless you are *really* sure you don't want
things like shutdown to work, et al :-)
Obtained from: TrustedBSD Project
boot.flp and plain boot.flp.
- Clean up crunchgen related routine.
- Add PC-98 support.
TODO:
o Documentation
o Fix some messages for PC-98
o Decrease the size of fixit.flp to 1.2MB
o I18N (See: http://www.jp.FreeBSD.org/BootAsia/index.html)
No response from jkh
this is extremely inefficient, instead write them all down at the
beginning.
The correct sequence to switch colours off is to first use 'op' if
it exists, otherwise use 'oc'. If neither of these exist then we
shouldn't be doing colour with this terminal.
Reviewed by: ache
to manage the ANSI colour sequences. Colour support is disabled
unless the TERM environment variable references a valid termcap.
* Allow optional compilation of the colour support in the Makefile,
defaulting to yes. This allows us to switch it off for fixit
floppies and other mediums where space is an issue and the extra
bloat of statically linking with ncurses isn't acceptable.
* Display a warning if colour is requested with '-G' but support
for it isn't compiled in.
standardized interface to the capability support in TrustedBSD.
o Not currently enabled in Makefile, as this code depends on syscalls
and include files that will be committed at a later date.
Obtained from: TrustedBSD Project
o Add shared library version 2 to libposix1e given API changes, et al
o Commented out cap_*.c as that is not currently being compiled into
the library (pending syscalls being committed)
Obtained from: TrustedBSD Project
o Switch reference to www.trustedbsd.org instead of POSIX.1e implementation
page
o Add cross references to capabilities man pages
o Remove extended attribute not implemented "BUGS" entry
Obtained from: TrustedBSD Project
needed to add into ether_input) and finally sorting IFF_RUNNING through
whole driver.
As part of the IFF_RUNNING stuff, we've added an extra flag so callers
can request that runq routines should check IFF_RUNNING before executing.
Remove BPF taps as this is now done by ether_input.
Resurrect multicast code, moving the multicast list stuff to the runq
routine.
Dump ray_promisc_user as all flag changes are now handled by ray_init, and
add a couple of checks to ray_promisc.
In uppparams_user, allow changes before the card is running (need to
fix some breakage with _download here later). In addition, don't
assume that the current n/w parameters are valid - they are only valid
in the runq.
Fix a nasty flag bug - runq_add cleared all the flags on the last command!
Remove the hacks for setting the memory flags - problems were down
to buggy versions of pccardd. For some reason pccardd only dtrt with
the "right" debug_level.
Fix typo.
Fix description.
VFS_FHTOVP.9:
Fix order in which the manpage says the calls should be made.
PR: 18590
Submitted by: Anatoly Vorobey <mellon@pobox.com>
if an FFS partition returns EOPNOTSUPP, as it just means extended
attributes weren't enabled on that partition. Prevents spurious
warning per-partition at shutdown.
TCP/IP (v4) sockets, and routing sockets. Previously, interaction
with IPv6 was not well-defined, and might be inappropriate for some
environments. Similarly, sysctl MIB entries providing interface
information also give out only addresses from those protocol domains.
For the time being, this functionality is enabled by default, and
toggleable using the sysctl variable jail.socket_unixiproute_only.
In the future, protocol domains will be able to determine whether or
not they are ``jail aware''.
o Further limitations on process use of getpriority() and setpriority()
by jailed processes. Addresses problem described in kern/17878.
Reviewed by: phk, jmg
This may break some scripts, but with the number of ways users can damage
a system with this tool, it's important to make sure they specify which
device they want to talk to.
Suggested by: joerg
lets unprivileged installworld: almost work first try and always work second.
BINOWN isn't quite right for this, but it's not really worth creating
a MAILOWN for this.
can be viewed more easily with a pager.
Regular (i.e. short) usage output is still sent to stderr.
PR: bin/12358
Submitted by: Christian Weisgerber <naddy@mips.rhein-neckar.de>
apparently-intended micro-optimization ("testb" is equivalent and smaller)
and added a style bug (the size suffix for "testl" was missing).
linux-2.3.35 already had the correct fix.