Commit Graph

4988 Commits

Author SHA1 Message Date
Doug Barton
5ca51aad69 Reverse the effect of r193198 for pf and ipfw which will once again
allow them to start after netif. There were too many problems reported
with this change in the short period of time that it lived in HEAD, and
we are too late in the release cycle to properly shake it out.

IMO the issue of having the firewalls up before the network is still a
valid concern, particularly for pf whose default state is wide open.
However properly solving this issue is going to take some investment
on the part of the people who actually use those tools.

This is not a strict reversion of all the changes for r193198 since it
also included some simplification of the BEFORE/REQUIRE logic which is
still valid for ipfilter and ip6fw.
2009-06-26 01:04:50 +00:00
Konstantin Belousov
c9253e931d Usermode portion of the support for swap allocation accounting:
- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.

In collaboration with:	pho
Reviewed by:	alc
Approved by:	re (kensmith)
2009-06-23 20:57:27 +00:00
Ed Schouten
fcbfce6643 Remove the note about using vt220, which makes no sense at all.
vt220 will not work better. Even though it probably will remove warnings
about unknown terminal types, a cons25 emulator is not compatible with
vt220 at all.
2009-06-14 22:35:33 +00:00
Brian Somers
50a3e1d89e Remove HOME= - this has surprised me several times in the past.
PR:		132135
Submitted by:	Craig Leres
MFC after:	3 weeks
2009-06-14 06:37:19 +00:00
Edwin Groothuis
6850bf71da Sync termcap.small with main termcap; add xterm entry for libteken
PR:		conf/135530
Submitted by:	Alex Kozlov <spam@rm-rf.kiev.ua>
MFC after:	1 week
2009-06-13 13:35:18 +00:00
Edwin Groothuis
d7e47db675 Fix typo in cons25l7 definition in etc/termcap.small and share/termcap
There is a minor typo in the cons25l7 (':' instead of '|') entry
    in src/etc/termcap.small that causes syscons to complain about
    bogus characters in /etc/termcap.db.

PR:		conf/132777
Submitted by:	Nikos Ntarmos <ntarmos@cs.uoi.gr>
MFC after:	1 week
2009-06-12 23:43:19 +00:00
Andriy Gapon
44672a2966 syslog.conf: pop up from logging only ppp messages at the end of file
This allows to append custom rules at the end of the file without
risk of confusion that can result when one misses default !ppp line
and doesn't add another program specification and thus subsequent
selector(s) would belong to ppp program block.

Requested by:	marck
Submitted by:	marck
Approved by:	jhb (mentor)
2009-06-11 15:07:02 +00:00
Andriy Gapon
9af31fe2f8 rc.d/fsck: allow additional options for fsck_y_enable via fsck_y_flags
Primary intention is to allow to pass -C option to avoid (re-)checking
clean filesystems when preening fails and fsck -y kicks in.

Submitted by:	marck
Reviewed by:	current@
Approved by:	jhb (mentor)
MFC after:	1 week
2009-06-10 19:03:23 +00:00
Ed Schouten
87fa155012 Small cleanups to the jail script:
- Remove redundant debugging of consolelog.
- Use `while :', instead of `while [ true ]'. This is done in other
  places as well.

Submitted by:	Jille Timmermans <jille quis cx> (not jilles)
Reviewed by:	jilles
2009-06-10 18:18:14 +00:00
Edwin Groothuis
f8d7304fea add ca_AD, ca_FR and ca_IT locales
Catalan language is not only spoken in Spain (ca_ES), but also
    in Andorra, France and Italy. In Andorra it is the official
    language.

    (see http://en.wikipedia.org/wiki/Catalan_language#Geographic_distribution)

Add a bunch of symlinks to between ca_ES and ca_AD, ca_FR and ca_IT.

PR:		conf/92541
Submitted by:	<rmh@io.debian.net>
MFC after:	1 week
2009-06-10 12:20:11 +00:00
Edwin Groothuis
e530f4b50d Welcome to a default installed /etc/ntp.conf
This NTP configuration file points to the [012].pool.ntp.org servers,
which will return a list of geographical local NTP servers.
It uses the best-practice options of "iburst" and "maxpoll 9".
It gives examples on how to use the "restrict" commands, which are
unfortunately not working when you use the pool.ntp.org servers.
It sets up a fudge server so any clients syncing against this server
will always be synced even if we lose the master.

The idea of this file was briefly discussed on -net.

PR:		conf/58595
Submitted by:	Chris Stenton <jacs@gnome.co.uk>
MFC after:	1 week
2009-06-07 13:26:57 +00:00
Rick Macklem
f0a011a1b1 Add support for the experimental nfs subsystem to the scripts in
/etc/rc.d. They use the following new rc variables:
  nfsv4_server_enable - set to "YES" to run the experimental server
  nfsuserd_enable - set to "YES" to run nfsuserd for NFSv4 client and
    server
  nfsuserd_flags - command line flags for nfsuserd
  nfscbd_enable - set to "YES" to run the experimental nfs client's
    NFSv4 callback daemon
  nfscbd_flags - command line flags for nfscbd

Reviewed by:	dougb
Approved by:	kib (mentor)
2009-06-02 22:15:47 +00:00
Brian Somers
045e970615 Rather than using both -prune (which requires directory-first tree traversal)
and -delete (which implies depth-first traversal), avoid using -delete in
favour of -execdir.

This has a side-effect of not removing directories that contain files,
even if we delete all of those files, but IMHO that's a better option
than specifying all possible local filesystem types in this script.

PR:		122811
MFC after:	3 weeks
2009-06-02 07:35:51 +00:00
Doug Barton
9cdd13b268 Eliminate the warning that "Values of network_interfaces other than
AUTO are deprecated.' There is no good reason to deprecate them, and
setting this to different values can be useful for custom solutions
and/or one-off configuration problems.
2009-06-01 05:37:13 +00:00
Doug Barton
a3f6188b53 Make the pf and ipfw firewalls start before netif, just like ipfilter
already does. This eliminates a logical inconsistency, and a small
window where the system is open after the network comes up.
2009-06-01 05:35:03 +00:00
Doug Barton
a3e42d03b9 Substitute ypset for ypbind in REQUIRE lines. If you use ypset it has to
happen right after ypbind, and before anything that uses NIS. The only
change in rcorder accomplished by this patch is make that happen.

PR:		conf/117555
Submitted by:	John Marshall <john@rwsrv05.mby.riverwillow.net.au>
2009-06-01 04:55:13 +00:00
Doug Barton
fe9e60d287 Small cleanup, add (spurious) quotation marks around the value
for name= to make these scripts consistent with the rest.
2009-05-30 21:51:38 +00:00
Doug Barton
b004b4e45f Now that the last of the *.sh scripts are gone from the base,
emit a warning if come across one.
2009-05-30 21:41:54 +00:00
Doug Barton
38e2331796 As previously advertised, remove this script prior to the 8.0 branch. 2009-05-30 19:38:51 +00:00
Brian Somers
48369f7cc0 Update this script so that it handles different ruleset failures
differently.  The output now shows the ruleset and shortens to
slightly different text (using $daily_status_mail_rejects_shorten),
but it should be more descriptive.

PR:		35018
Inspired by:	Mikhail Teterin - mi at aldan dot algebra dot com
MFC after:	3 weeks
2009-05-28 07:43:06 +00:00
Andrew Thompson
11c63ede84 Delete the old USB stack. The new stack has settled in and has all the
drivers/functionality and then some.
2009-05-27 16:16:56 +00:00
Robert Watson
8ab21fb261 Further idmapd garbage collection -- remove rc.d Makefile reference and
default settings.

Submitted by:	Pawel Worach <pawel.worach at gmail.com>
2009-05-22 13:56:16 +00:00
Robert Watson
86ce6a83d1 Remove the unmaintained University of Michigan NFSv4 client from 8.x
prior to 8.0-RELEASE.  Rick Macklem's new and more feature-rich NFSv234
client and server are replacing it.

Discussed with:	rmacklem
2009-05-22 12:35:12 +00:00
Rick Macklem
46bd01cb33 Modify src/etc/mtree/BSD.include.dist and src/include/Makefile
so that the .h files in src/sys/fs/nfs will be installed under
/usr/include/fs/nfs. This will allow the following utilities to
build, once additions and changes for the experimental nfs subsystem
are committed:
usr.sbin/mountd - Once modified to add support for the
  experimental nfs subsystem.
ur.sbin/nfsstat - Once modified to add support for the
  experimental nfs subsystem.
usr.sbin/nfscbd - The client side callback daemon for NFSv4.
usr.sbin/nfsuserd - The NFSv4 user/group name<->uid/gid mapping daemon.
usr.sbin/nfsdumpstate - The NFSv4 utility for dumping open/lock state.
usr.sbin/nfsrevoke - The sysadmin command for revoking NFSv4 state.

Approved by:	kib (mentor)
2009-05-21 16:27:47 +00:00
Daniel Gerzo
d4d65a21bc - do not create and mount new file systems on top of the old ones on every
invocation of this script once we already have one
  (in case tmpmfs="YES").

Reviewed by:	dougb
2009-05-17 08:25:02 +00:00
Doug Barton
94d77159ae 1. New feature; option to have the script loop until a specified hostname
(localhost by default) can be successfully looked up. Off by default.
2. New feature: option to create a forwarder configuration file based on
the contents of /etc/resolv.conf. This allows you to utilize a local
resolver for better performance, less network traffic, custom zones, etc.
while still relying on the benefits of your local network resolver.
Off by default.
3. Add named-checkconf into the startup routine. This will prevent named
from trying to start in a situation where it would not be possible to do
so.
2009-05-16 20:55:28 +00:00
Doug Barton
1adf50eea8 Trim trailing whitespace from the end of a line 2009-05-16 20:26:01 +00:00
Maxim Konovalov
36744d51a6 o Add missed semicolon in action script.
PR:		conf/134579
Submitted by:	Lucius Windschuh
MFC after:	1 week
2009-05-16 15:12:56 +00:00
Craig Rodrigues
3f7dc796e8 Set crashinfo_enable to "YES" by default.
During bootup, if /etc/rc.d/savecore detects a core dump file
on the dump device, the core file will be saved, and the crashinfo
script will be run to generate a human-readable report.

This will make it easier for end-users to provide feedback to
developers about kernel crashes.

Reviewed by:	jhb
2009-05-14 08:26:20 +00:00
Ruslan Ermilov
f3320e5fd8 Added (pre|post)(start|stop) jail hooks. These can be used to run
arbitrary commands (outside the jail) associated with said events,
e.g. to bring up/down CARP interfaces representing services run in
jails.

Reviewed by:	simon
2009-04-28 09:45:32 +00:00
Maksim Yevmenkin
f631c013c2 - Add ipfw_nat to the list of required modules if "firewall_nat_enable"
is set and "natd_enable" is NOT set;

- Accept and pass firewall type to the external firewall script.

Submitted by:		Yuri Kurenkov < y -dot- kurenkov -at- init -dot- ru >
MFC after:		3 days
No response from:	freebsd-rc
2009-03-30 21:31:52 +00:00
Gregory Neil Shapiro
49d24250e2 Add the URL for RFC2142
PR:		conf/127510
2009-03-23 00:40:07 +00:00
Rui Paulo
2b676379ad Add /usr/include/pcap (new in libpcap 1.0.0). 2009-03-22 00:18:48 +00:00
Dag-Erling Smørgrav
01aedd7ecc Add hostid to the ranks.
MFC after:	2 weeks
2009-03-19 12:52:19 +00:00
Dag-Erling Smørgrav
661a0bbcd1 Revert r188010. When dhclient is backgrounded, services such as ntpdate,
sendmail / postfix etc. may fail to start because DNS is unavailable and /
or the server is unreachable.  In the worst case, the machine may become
unusable.

Debugging this issue was far more difficult than it should have been, due
to earlier changes to the rc framework to hide almost all useful information
about the boot process.

Approved by:	silence
2009-03-19 12:48:00 +00:00
Brooks Davis
3e5f41cf03 Add support for setting the debug flags on wlan interfaces after the are
created using wlandebug_<ifn> variables.
2009-03-13 07:12:25 +00:00
Guido van Rooij
2c52c7f05d Backout previous commit due to PEBKAC 2009-03-11 12:55:12 +00:00
Guido van Rooij
9dbd9d018b When swap resides on a mirror and it is not stopped, the mirror
is degraded upon the next reboot and will have to be rebuild.
Thus call swapoff when rebooting (read: when stopping swap1)
2009-03-10 15:19:49 +00:00
Andrew Thompson
8b446f57a8 Install the old usb headers under /usr/include/legacy/dev/usb as they are
needed by the hal port. This will be removed before 8.0.

Add an exclusion to kdump as some structs will be redefined.

Requested by:	marcus
2009-02-24 00:53:10 +00:00
Andrew Thompson
bf41796c4e Build fixups for the new USB stack. 2009-02-23 18:36:54 +00:00
Mike Makonnen
553bf6a453 Rename the rc.conf(5) knob if_up_delay to defaultroute_delay to better
reflect its purpose.
2009-02-17 11:55:50 +00:00
Yoshihiro Takahashi
5a25eda53a sys/pccard is gone. 2009-02-15 11:05:50 +00:00
Ed Schouten
5ebad6a76a Remove pts(4) entries from /etc/ttys.
Even though I increased the amount of pts(4) entries in /etc/ttys some
time ago, I didn't realize back then those entries shouldn't have been
there in the first place.

I just looked at the getttyent() source code and it turns out when you
call setttyent(), it walks through /dev/pts and looks for the device
with the highest number. After you receive EOF's from getttyent(), it
makes up entries for pts(4) devices.

This means that adding entries for pts(4) is somewhat harmful, because
if you now traverse the list, you get redundant entries, so just remove
them.
2009-02-12 19:21:48 +00:00
Sam Leffler
1baa021ab6 turn off ttyv*; not aware of any arm-based systems with syscons
Reviewed by:	imp
2009-02-12 18:33:13 +00:00
Mike Makonnen
0dca64d80d Reword informational message by rc.d/defaultroute.
PR:		conf/131458
2009-02-11 09:18:09 +00:00
Bjoern A. Zeeb
507fe729a1 Named normally cannot be started chrooted inside a jail. Thus treat
the jail case specifically. In case we find a proper pre-seeded
devfs in the chroot path (mounted from the base system) permit
starting chrooted else give proper warn/error messages.

PR:		conf/103489
Reviewed by:	dougb
MFC after:	5 days
2009-02-07 16:37:02 +00:00
Andrew Thompson
c05bf25301 Check for NOAUTO on child interfaces (eg wlanX) so they can be created via
rc.conf but not necessarily started.
2009-02-04 18:20:27 +00:00
Mike Makonnen
b698a32036 Since, rc.d/defaultroute has the ability to wait for a
default route to show up we can turn this knob back on
without screwing subsequent daemons that expect to be
able to talk to the outside world.
2009-02-02 15:38:24 +00:00
Mike Makonnen
bdc0df86f6 The 30 second wait for network interfaces to show up effectively makes the
time to boot an unplugged system 30 sec. longer for no good reason. Therefore,
add a check to make sure that any DHCP interfaces are plugged in before
waiting.
2009-02-02 15:33:22 +00:00
Warner Losh
5dc2a65eed Spawn one fewer shells on startup. We don't use dhcp_interfaces at
all in this function, and grep shows no other instances of it
(besides, this is a function, and in a sub-shell, so all changes are
local).
2009-01-30 03:41:45 +00:00