in addition to secure level 1. The mask supports up to a secure level of 8
but only add defines through CTLFLAG_SECURE3 for now.
As per the missif in the log entry for 1.11 of ip_fw2.c which added the
secure flag to the IPFW sysctl's in the first place, change the secure
level requirement from 1 to 3 now that we have support for it.
Reviewed by: imp
With Design Suggestions by: imp
and ether_ifattach() to end. This fixes a "could sleep" case and
simplifies error exit cases as well. Also be sure to set errno
and clean up resources in !mac error case.
Tested by: Ryan Beasley
vchan creation doesn't lead to /dev entry creation if the new vchan is the
first child of a channel,
This fix a panic that happens when loading a sound driver module, creating
vchans and unloading the driver.
Approved by: cg
MFC after: 3 days
withough the $natd_interface having to be explicitly specified on the
command line.
Approved by: markm (mentor)
Submitted by: Aaron D. Gifford <agifford@infowest.com>
PR: conf/47024
MFC: upon re approval
so that multiple opens of the same semaphore without an intervening
sem_close() return the same object, and so that sem_close() does not
segfault while trying to remove the item from the list.
global substitution. In general it's a makefile bug to globally
substitute the empty string, but it's a bug in make(1) if a bug
in the makefile yields an infinite running time of make(1).
Not objected to by: arch@
confuses the controller, tell CAM not to do it. Also report the
correct error condition to CAM when it tries to probe a target that
doesn't exists.
This should make the CAM interface less risky to use.
MFC After: 3 days
dereferenced when a process exits due to the vmspace ref-count being
bumped. Change shmexit() and shmexit_myhook() to take a vmspace instead
of a process and call it in vmspace_dofree(). This way if it is missed
in exit1()'s early-resource-free it will still be caught when the zombie is
reaped.
Also fix a potential race in shmexit_myhook() by NULLing out
vmspace->vm_shm prior to calling shm_delete_mapping() and free().
MFC after: 7 days
access its controlling terminal.
In essense, history dictates that any process is allowed to open
/dev/tty for RW, irrespective of credential, because by definition
it is it's own controlling terminal.
Before DEVFS we relied on a hacky half-device thing (kern/tty_tty.c)
which did the magic deep down at device level, which at best was
disgusting from an architectural point of view.
My first shot at this was to use the cloning mechanism to simply
give people the right tty when they ask for /dev/tty, that's why
you get this, slightly counter intuitive result:
syv# ls -l /dev/tty `tty`
crw--w---- 1 u1 tty 5, 0 Jan 13 22:14 /dev/tty
crw--w---- 1 u1 tty 5, 0 Jan 13 22:14 /dev/ttyp0
Trouble is, when user u1 su(1)'s to user u2, he cannot open
/dev/ttyp0 anymore because he doesn't have permission to do so.
The above fix allows him to do that.
The interesting side effect is that one was previously only able
to access the controlling tty by indirection:
date > /dev/tty
but not by name:
date > `tty`
This is now possible, and that feels a lot more like DTRT.
PR: 46635
MFC candidate: could be.
o Revision 1.38 introduced the -n flag. It conflicted with the
RB_BOOTINFO flag, so was in effect always on. Change the -n flag to
be bit 0x1c instead of 0x1f. This also had the consequence that a mal-formed
/boot.config would render the system unbootable because the user was
unable to enter anything at all on the command line.
o Remove the initialization of opt to be RB_BOOTINFO since we filter that bit
out and do not otherwise use it.
Reviewed by: jhb
MFC after: 3 days
called -r but it takes 512 byte blocks instead of megabytes, and I felt a
megabytes specification would be far more useful so I did not use the same
option character.
This will *greatly* improve dump performance at the cost of possibly
missing filesystem changes that occur between passes, and does a fairly
good job making up for the loss of buffered block devices. Caching is disabled
by default to retain historical behavior.
In tests, dump performance improved by about 40% when dumping / or /usr.
Beware that dump forks and the cache may wind up being larger then you
specify, but a more complex shared memory implementation would not produce
results that are all that much better so I kept it simple for now.
MFC after: 3 days