and jail_get(2). Jail(8) can now create jails using a "name=value"
format instead of just specifying a limited set of fixed parameters; it
can also modify parameters of existing jails. Jls(8) can display all
parameters of jails, or a specified set of parameters. The available
parameters are gathered from the kernel, and not hard-coded into these
programs.
Small patches on killall(1) and jexec(8) to support jail names with
jail_get(2).
Approved by: bz (mentor)
by creating a child jail, which is visible to that jail and to any
parent jails. Child jails may be restricted more than their parents,
but never less. Jail names reflect this hierarchy, being MIB-style
dot-separated strings.
Every thread now points to a jail, the default being prison0, which
contains information about the physical system. Prison0's root
directory is the same as rootvnode; its hostname is the same as the
global hostname, and its securelevel replaces the global securelevel.
Note that the variable "securelevel" has actually gone away, which
should not cause any problems for code that properly uses
securelevel_gt() and securelevel_ge().
Some jail-related permissions that were kept in global variables and
set via sysctls are now per-jail settings. The sysctls still exist for
backward compatibility, used only by the now-deprecated jail(2) system
call.
Approved by: bz (mentor)
of ip_forward(), if the IPSEC is compiled in. It is possible that there
is an SPD that this packets will go through, even if there is no matching
route. If not, ICMP will be sent anyway, after ip_output().
This is somewhat similar in purpose to r191621, except that one was
for the packets sent from the host, while this one is for packets
being forwarded by the host.
Reviewed by: bz@
Sponsored by: Wheel Sp. z o.o. (http://www.wheel.pl)
- Fix coordinates of Africa/Gaborone, Pacific/Noumea, Pacific/Tongatapu,
Europe/Vatican
- Fix URLs (=3D -> = etc)
- Jordan doesn't go at last Friday of March 00:00 but no last
Thursday of March 24:00
- Specifically state license for the data: public domain
MFC after: 1 week
- Fix coordinates of Africa/Gaborone, Pacific/Noumea, Pacific/Tongatapu,
Europe/Vatican
- Fix URLs (=3D -> = etc)
- Jordan doesn't go at last Friday of March 00:00 but no last
Thursday of March 24:00
- Specifically state license for the data: public domain
to dequeue a packet.
The tx path was trying to ensure that enough Xenbus TX ring slots existed but
it didn't check to see whether the mbuf TX ring slots were also available.
They get freed in xn_txeof() which occurs after transmission, rather than earlier
on in the process. (The same happens under Linux too.)
Due to whatever reason (CPU use, scheduling, memory constraints, whatever) the
mbuf TX ring may not have enough slots free and would allocate slot 0. This is
used as the freelist head pointer to represent "free" mbuf TX ring slots; setting
this to an actual mbuf value rather than an id crashes the code.
This commit introduces some basic code to track the TX mbuf ring use and then
(hopefully!) ensures that enough slots are free in said TX mbuf ring before it
enters the actual work loop.
A few notes:
* Similar logic needs to be introduced to check there are enough actual slots
available in the xenbuf TX ring. There's some logic which is invoked earlier
but it doesn't hard-check against the number of available ring slots.
Its trivial to do; I'll do it in a subsequent commit.
* As I've now commented in the source, it is likely possible to deadlock the
driver under certain conditions where the rings aren't receiving any changes
(which I should enumerate) and thus Xen doesn't send any further software
interrupts. I need to make sure that the timer(s) are running right and
the queues are periodically kicked.
PR: 134926
Slot 0 must always remain "free" and be a pointer to the first free entry in the
mbuf descriptor list. It is thus an error to have code allocate or push slot 0
back into the list.
More precisely, this gives precedence to an interpretation not using the
'(', ')', '-a' and '-o' in their special meaning, if possible. For example,
it is now safe to write [ "$a" = "$b" ] and assume it compares the two
strings.
The man page already says that test(1) works this way, so does not need to
be changed.
Interpretation of input with more parameters tries a bit harder to find a
valid parse in some cases.
Add various additional test cases to TEST.sh.
PR: standards/133369
Approved by: ed (mentor)
current NFSv4 ACLs, as defined in sys/acl.h. It still needs a
way to test a mount point for NFSv4 ACL support before it will
work. Until then, the NFSHASNFS4ACL() macro just always returns 0.
Approved by: kib (mentor)
get a quick snapshot of the kernel's symbol table including the symbols
from any loaded modules (the symbols are all merged into one symbol
table). Unlike like other implementations, this ksyms driver maps
memory in the process memory space to store the snapshot at the time
/dev/ksyms is opened. It also checks to see if the process has already
a snapshot open and won't allow it to open /dev/ksyms it again until it
closes first. This prevents kernel and process memory from being
exhausted. Note that /dev/ksyms is used by the lockstat(1) command.
Reviewed by: gallatin kib (freebsd-arch)
Approved by: gnn (mentor)
The source file, manual page and English translation are now directly
obtained from the contrib/ directory. This makes it a lot easier to
merge a newer version of ee(1) into the tree.
Thanks to: des and jhb
adds probes for mutexes, reader/writer and shared/exclusive locks to
gather contention statistics and other locking information for
dtrace scripts, the lockstat(1M) command and other potential
consumers.
Reviewed by: attilio jhb jb
Approved by: gnn (mentor)
request to arrive. Previously it would end up returning as soon as the
request length stored in the first two bytes had arrived.
Reviewed by: dwmalone
MFC after: 1 week
are specifically used by the experimental nfsv4 subsystem.
nfscbd - The NFSv4 client callback daemon.
nfsuserd - The NFSv4 daemon that maps between user and group name
and their corresponding uid/gid numbers.
nfsdumpstate - A utility that dumps out the NFSv4 Open/Lock state.
nfsrevoke - Administratively revokes an NFSv4 client, releasing all
NFSv4 Open/Lock state it holds on the server.
Approved by: kib (mentor)
about removing a few #ifdefs and providing compatibility wrappers and
VOP implementations to get and set an ACL; ZFS does ACL enforcement all
by itself.
Note that the VOPs are ifdefed out for now, so this change should be
a no-op.
Reviewed by: pjd
timer with a <0.05 second delta next to it.
This is done by avoiding the possibility of updating the first residual
time delta in the timer list to zero.
PR: 102747
Submitted by: Sergey Zaharchenko - doublef-ctm at yandex dot ru
MFC after: 3 weeks
that the range of versions of NFS handled by the server can
be limited. The nfsd daemon must be restarted after these
sysctl variables are changed, in order for the change to take
effect.
Approved by: kib (mentor)