Commit Graph

6532 Commits

Author SHA1 Message Date
Konrad Witaszczyk
480f31c214 Add support for encrypted kernel crash dumps.
Changes include modifications in kernel crash dump routines, dumpon(8) and
savecore(8). A new tool called decryptcore(8) was added.

A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump
configuration in the diocskerneldump_arg structure to the kernel.
The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for
backward ABI compatibility.

dumpon(8) generates an one-time random symmetric key and encrypts it using
an RSA public key in capability mode. Currently only AES-256-CBC is supported
but EKCD was designed to implement support for other algorithms in the future.
The public key is chosen using the -k flag. The dumpon rc(8) script can do this
automatically during startup using the dumppubkey rc.conf(5) variable.  Once the
keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O
control.

When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random
IV and sets up the key schedule for the specified algorithm. Each time the
kernel tries to write a crash dump to the dump device, the IV is replaced by
a SHA-256 hash of the previous value. This is intended to make a possible
differential cryptanalysis harder since it is possible to write multiple crash
dumps without reboot by repeating the following commands:
# sysctl debug.kdb.enter=1
db> call doadump(0)
db> continue
# savecore

A kernel dump key consists of an algorithm identifier, an IV and an encrypted
symmetric key. The kernel dump key size is included in a kernel dump header.
The size is an unsigned 32-bit integer and it is aligned to a block size.
The header structure has 512 bytes to match the block size so it was required to
make a panic string 4 bytes shorter to add a new field to the header structure.
If the kernel dump key size in the header is nonzero it is assumed that the
kernel dump key is placed after the first header on the dump device and the core
dump is encrypted.

Separate functions were implemented to write the kernel dump header and the
kernel dump key as they need to be unencrypted. The dump_write function encrypts
data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps
are not supported due to the way they are constructed which makes it impossible
to use the CBC mode for encryption. It should be also noted that textdumps don't
contain sensitive data by design as a user decides what information should be
dumped.

savecore(8) writes the kernel dump key to a key.# file if its size in the header
is nonzero. # is the number of the current core dump.

decryptcore(8) decrypts the core dump using a private RSA key and the kernel
dump key. This is performed by a child process in capability mode.
If the decryption was not successful the parent process removes a partially
decrypted core dump.

Description on how to encrypt crash dumps was added to the decryptcore(8),
dumpon(8), rc.conf(5) and savecore(8) manual pages.

EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU.
The feature still has to be tested on arm and arm64 as it wasn't possible to run
FreeBSD due to the problems with QEMU emulation and lack of hardware.

Designed by:	def, pjd
Reviewed by:	cem, oshogbo, pjd
Partial review:	delphij, emaste, jhb, kib
Approved by:	pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
Dimitry Andric
1bde3b7066 Merge ^/head r309519 through r309757. 2016-12-09 20:57:43 +00:00
Andriy Voskoboinyk
7d3a36a88e Do not try to recreate wlan(4) interface if it already exists.
This should fix error messages caused by devd(8) during startup:

Starting Network: lo0 wlan0.
...
Starting devd.
ifconfig: SIOCS80211: Device busy
wpa_supplicant already running?  (pid=323).

MFC after:	2 weeks
2016-12-04 15:58:34 +00:00
Dimitry Andric
4f9d94bf64 Merge ^/head r309263 through r309518. 2016-12-04 00:00:56 +00:00
Devin Teske
4f38967037 Fix bug preventing limits(1) from being applied
PR:		misc/212493
Differential Revision:	https://reviews.freebsd.org/D8232
Submitted by:	girgen
Reviewed by:	adrian
MFC after:	3 days
X-MFC-to:	stable/11
2016-12-03 19:03:40 +00:00
Warner Losh
f8c1525499 Finish incomplete comments in prior revision. I was going to fix this
after I tested it, but didn't.
2016-12-01 05:16:27 +00:00
Warner Losh
5c42a629c3 Revert the 'performance' setting to 'NONE' from C2. C2 has issues with
USB in places, as well as having the potential for reducing
performance. Since this is used even when powerd isn't enabled, these
two problems can cause on servers. Supermicro X9 motherboards, for
example, have problems with the virtual IPMI USB keyboards and mice
attaching and detaching repeatedly. Since there are issues on some
CPUs with C2, fail safe by defaulting to not altering it.

MFC After: 3 days
2016-12-01 04:35:43 +00:00
Warner Losh
5ad34286cd If the kenv variable rc_debug is set, turn on rc_debug. 2016-12-01 04:35:41 +00:00
Dimitry Andric
5b41a5b675 Update build glue for llvm/clang 3.9.1. 2016-11-26 01:13:53 +00:00
Dimitry Andric
0ed76ec8e6 Merge ^/head r308870 through r309105. 2016-11-24 14:39:04 +00:00
Jilles Tjoelker
481b6d6f37 rc.subr: $(ps -p $$ -o jid=) is always 0, so do not fork ps for it.
The JID keyword writes 0 for a process also in the host system or in the
same jail.
2016-11-20 18:21:05 +00:00
Dimitry Andric
67bc8c8b9e Merge ^/head r308491 through r308841. 2016-11-19 16:05:55 +00:00
Jilles Tjoelker
bddbe3b2b1 rc.subr: Swap checks so we only fork sysctl if *_oomprotect is set. 2016-11-17 22:49:51 +00:00
Sepherosa Ziehau
168fce73b5 hyperv/vss: Add driver and tools for VSS
VSS stands for "Volume Shadow Copy Service".  Unlike virtual machine
snapshot, it only takes snapshot for the virtual disks, so both
filesystem and applications have to aware of it, and cooperate the
whole VSS process.

This driver exposes two device files to the userland:

    /dev/hv_fsvss_dev

    Normally userland programs should _not_ mess with this device file.
    It is currently used by the hv_vss_daemon(8), which freezes and
    thaws the filesystem.  NOTE: currently only UFS is supported, if
    the system mounts _any_ other filesystems, the hv_vss_daemon(8)
    will veto the VSS process.

    If hv_vss_daemon(8) was disabled, then this device file must be
    opened, and proper ioctls must be issued to keep the VSS working.

    /dev/hv_appvss_dev

    Userland application can opened this device file to receive the
    VSS freeze notification, hold the VSS for a while (mainly to flush
    application data to filesystem), release the VSS process, and
    receive the VSS thaw notification i.e. applications can run again.

    The VSS will still work, even if this device file is not opened.
    However, only filesystem consistency is promised, if this device
    file is not opened or is not operated properly.

hv_vss_daemon(8) is started by devd(8) by default.  It can be disabled
by editting /etc/devd/hyperv.conf.

Submitted by:	Hongjiang Zhang <honzhan microsoft com>
Reviewed by:	kib, mckusick
MFC after:	3 weeks
Sponsored by:	Microsoft
Differential Revision:	https://reviews.freebsd.org/D8224
2016-11-15 02:36:12 +00:00
Dimitry Andric
2828dafcf3 Merge ^/head r308227 through r308490. 2016-11-10 22:12:19 +00:00
Marcelo Araujo
46542a426e We can't use protect(1) inside a jail(8)!
To avoid have warning for services that are using oomprotect, oomprotect
will only be applied on services that won't run inside jails.

Reported by:	allanjude
MFC after:	2 weeks.
2016-11-10 07:05:41 +00:00
Andriy Voskoboinyk
fafbeccf90 Fix device driver name if devd.conf + move it into appropriate place.
Noticed by:	Idwer Vollering <vidwer@gmail.com>
2016-11-06 19:51:01 +00:00
Dimitry Andric
a2b802ce70 Merge ^/head r303250 through r308226. 2016-11-02 19:18:24 +00:00
Baptiste Daroussin
fdec22c37d syslogd(8): add an 'include' keyword
All the '.conf' files not beginning with a '.' contained int he directory
following the keyword will be included.

This keyword can only be used in the first level configuration files.

Modify the default syslogd.conf to 'include' /etc/syslog.d and
/usr/local/etc/syslog.d

It simplify a lot handling of syslog from automation tools.

Reviewed by:	markj, kib (via irc)
Approved by:	markj
MFC after:	2 weeks
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D8402
2016-11-01 01:41:24 +00:00
Glen Barber
2d5386cc2c Fix packaging /usr/share/examples/etc.
Reported by:	woodsb02
MFC after:	3 days
X-MFC-With:	r308148
Sponsored by:	The FreeBSD Foundation
2016-10-31 21:11:46 +00:00
Dimitry Andric
02ebdc7823 Merge ^/head r307736 through r308146. 2016-10-31 19:02:42 +00:00
Baptiste Daroussin
b2fd8384ff cron(8): add support for /etc/cron.d and /usr/local/etc/cron.d
For automation tools it is way easier to maintain files in directories rather
than modifying /etc/crontab.

The files in those directories are in the same format as /etc/crontab

Reviewed by:	adrian
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	Gandi.net
Differential Revision:	https://reviews.freebsd.org/D8400
2016-10-31 18:20:12 +00:00
Kevin Lo
a24d62b533 Add preliminary support for the RTL8153.
Reviewed by:	hselasky
2016-10-31 05:58:11 +00:00
Warner Losh
40adda8665 Use checkyesno instead of rolling my own.. 2016-10-23 18:00:09 +00:00
Baptiste Daroussin
62352309a8 Do not install NIS program rc script if WITHOUT_NIS is set
PR:		213375
Submitted by:	sergey@akhmatov.ru
MFC after:	3 days
2016-10-22 19:51:32 +00:00
Jilles Tjoelker
7627b33010 swapoff: Remove only late devices with -aL.
Currently, '/etc/rc.d/swaplate stop' removes all swap devices. This can be
very slow and may not even be possible if there is a lot of swap space in
use. However, removing swap devices is only needed for late swap devices
that may depend on daemons that subsequent shutdown steps stop. Normal swap
devices such as hard disk partitions will remain available throughout the
shutdown process and need not be removed.

In swapoff, interpret -aL to remove late swap devices only, and use this in
etc/rc.d/swaplate. The meaning of -aL in swapon remains unchanged (add all
swap devices, both normal and late).

PR:		187081
Reviewed by:	wblock (man page only), ngie
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D8126
2016-10-21 21:55:50 +00:00
Dimitry Andric
5763f79695 Merge ^/head r307383 through r307735. 2016-10-21 16:29:40 +00:00
Enji Cooper
669c253531 Integrate contrib/netbsd-tests/fs/tmpfs into the FreeBSD test suite
as tests/sys/fs

These testcases exercise tmpfs support

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2016-10-21 05:24:08 +00:00
Andriy Voskoboinyk
7453645f2a rtwn(4), urtwn(4): merge common code, add support for 11ac devices.
All devices:
- add support for rate adaptation via ieee80211_amrr(9);
- use short preamble for transmitted frames when needed;
- multi-bss support:
 * for RTL8821AU: 2 VAPs at the same time;
 * other: 1 any VAP + 1 sta VAP.
RTL8188CE:
- fix IQ calibration bug (reason of significant speed degradation);
- add h/w crypto acceleration support.
USB:
- A-MPDU Tx support;
- short GI support;
Other:
- add support for RTL8812AU / RTL8821AU chipsets
(a/b/g/n only; no ac yet);
- split merged code into subparts:
 * bus glue (usb/*, pci/*, rtl*/usb/*, rtl*/pci/*)
 * common (if_rtwn*)
 * chip-specific (rtl*/*)
- various other bugfixes.

Due to code reorganization, module names / requirements were changed too:
urtwn urtwnfw -> rtwn rtwn_usb rtwnfw
rtwn  rtwnfw  -> rtwn rtwn_pci rtwnfw

Tested with RTL8188CE, RTL8188CUS, RTL8188EU and RTL8821AU.

Tested by:	kevlo, garga,
		Peter Garshtja <peter.garshtja@ambient-md.com>,
		Kevin McAleavey <kevin.mcaleavey@knosproject.com>,
		Ilias-Dimitrios Vrachnis <id@vrachnis.com>,
		<otacilio.neto@bsd.com.br>
Relnotes:	yes
2016-10-17 20:38:24 +00:00
Warner Losh
2cf098b8fc Allow root_rw_mount to be both lower and upper case. Before, if it was
upper case, you'd wind up with a read-only filesystem when you should
sometimes.

PR: 213549
2016-10-17 04:07:13 +00:00
Marcel Moolenaar
50875ed2c1 Re-apply change 306811 or alternatively, revert change 307385. 2016-10-16 02:43:51 +00:00
Marcel Moolenaar
9ffbf09f2f Revert change 306811 so that the change can be re-done using
svn copy instead of svn move.  This to preserve history on
the originals headers as well.
2016-10-16 02:05:22 +00:00
Dimitry Andric
a0e610c439 Merge ^/head r306906 through r307382. 2016-10-15 22:49:04 +00:00
Baptiste Daroussin
a0135a1e35 Remove GNU rcs from base.
GNU rcs is still available as a package:
- rcs: Latest GPLv3 GNU rcs version.
- rcs57: Copy of the latest version of GNU rcs (GPLv2) from base.

Relnotes:	yes
2016-10-15 12:07:37 +00:00
Enji Cooper
5b143fd96f Install etc/rc.d/zfsbe when MK_ZFS != no
X-MFC with:	r307182
Sponsored by:	Dell EMC Isilon
2016-10-13 07:10:27 +00:00
Andriy Gapon
ebd3b79f20 rc.d/zfsbe: a new script designed for boot environment support
Currently zfsbe ensures that subordinate filesystems are mounted at the
right mount points.
The script assumes that the subordinate filesystems of a boot environment
have their canmount property set to noauto, so that they are not
automatically mounted on boot.  Whereas the root filesystem is mounted
by the kernel, there was nothing to mount its subordinates.
rc.d/zfsbe fills that gap.

Discussed with:	allanjude, will
MFC after:	3 weeks
Differential Revision: https://reviews.freebsd.org/D7797
2016-10-13 06:19:54 +00:00
Devin Teske
d119e0f7fb Many shops still prefer rc.conf(5) based jail configuration(s). In-part
because they can use sysrc in conjunction with ssh and xargs to perform
en-masse changes in a large distribution with lots of jails spread over
many hosts on a LAN/WAN.

Provide a mechanism for disabling the warning eschewed by /etc/rc.d/jail
in said situation. If jail_confwarn="NO" is in rc.conf(5) (default "YES")
skip the warning that per-jail configurations are obsolete and that the
user should migrate to jail.conf(5).

Reviewed by:	jelischer
MFC after:	3 days
Sponsored by:	FIS Global, Inc.
Differential Revision:	https://reviews.freebsd.org/D7465
2016-10-12 20:50:17 +00:00
Dimitry Andric
242b248284 Merge ^/head r306412 through r306905. 2016-10-09 13:30:57 +00:00
Marcel Moolenaar
0974f66d06 In order to allow mkimg(1) (and other tools) to become a build tool
that can be compiled on various OSes (including on older versions
of FreeBSD), make it possible to have it include the partitioning
scheme definitions without pulling in FreeBSD specifics.
In particular this means:
 o  move the scheme definitions iand related defines to header files
    under sys/disk,
 o  make them (more) portable by using uint#_t (where applicable)
    and renaming defines so that they at least have a good prefix,
 o  make the new headers stand-alone so that they don't need FreeBSD
    definitions, like struct uuid(*)
 o  keep the original headers for compatibility, but rewrite them to
    get the scheme definitions from <sys/disk/$scheme.h>.

(*) since UUID/GUID type definitions are non-portable and the GPT
scheme uses them, make it possible to have the scheme definitions
use an external type by allowing consumers of the header to set
GPT_UUID_TYPE. When GPT_UUID_TYPE has not been defined, the header
will use it's own type definition, which is the same as struct uuid.
The gpt_uuid_t typedef is created to abstract the details and allows
consumers to refer to a single type.

There is not conflict between the partitioning scheme headers and
what is defined in them. All headers can be included in the same
source files.

Note: consumers of the old headers have not been changed yet. Such
will be done if and when needed/beneficial.

Reviewed by:	imp, jhb
MFC after:	1 month
Sponsored by:	Bracket Computing
2016-10-07 15:42:20 +00:00
Kurt Lidl
d3de26c3d0 Make 502.pfdenied find blacklistd/* filter names dynamically
This change is needed to make the 520.pfdenied script find the new
blacklistd/* anchor points for reporting blocked traffic.

Reviewed by:	kp
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2016-10-04 23:12:35 +00:00
Dimitry Andric
8c4282b370 Merge ^/head r305892 through r306302. 2016-09-24 20:58:59 +00:00
Alan Somers
cc4ee17f44 Fix periodic scripts when an NFS mount covers a local mount
100.chksetuid and 110.neggrpperm try to search through all UFS and ZFS
filesystems. But their logic contains an error. They also search through
remote filesystems that are mounted on top of the root of a local
filesystem. For example, if a user installs a FreeBSD system with the
default ZFS layout, he'll get a zroot/usr/home filesystem. If he then mounts
/usr/home over NFS, these scripts would search through /usr/home.

MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D7482
2016-09-20 18:47:33 +00:00
Edward Tomasz Napierala
81eaa5685e Fix -media to not mount ufs with "async"; it doesn't make sense when
there is softupdates.

Suggested by:	imp@
MFC after:	1 month
2016-09-20 04:54:00 +00:00
Edward Tomasz Napierala
921bf145a6 Stop appending "noatime" in the autofs -media map, and instead add it
to auto_master, since all filesystems seem to support it.  It's cleaner
this way, and easier to customize.

MFC after:	1 month
2016-09-20 04:52:01 +00:00
Edward Tomasz Napierala
554159ec95 Make autofs(5) -media map also use "async" and "noatime" for ext2fs(5).
Suggested by:	pfg@
MFC after:	1 month
2016-09-20 04:33:58 +00:00
Edward Tomasz Napierala
1f902c4a09 Make autofs use the "noatime" flag for msdosfs, ntfs, and ufs
filesystems mounted on /media.

MFC after:	1 month
2016-09-19 08:55:36 +00:00
Edward Tomasz Napierala
0d0d6e4842 Make autofs use the "async" flag for msdosfs and ufs filesystems mounted
on /media.

MFC after:	1 month
2016-09-19 08:51:27 +00:00
Baptiste Daroussin
5b71d8999c Remove backup_uses_rcs from rc.subr
In preparation for the removal of GNU rcs from base, remove the backup_uses_rcs
functionality from the rc.subr backup_file feature. This functionnality was off
by default

Reviewed by:	wblock
Differential Revision:	https://reviews.freebsd.org/D7883
2016-09-18 12:49:23 +00:00
Dimitry Andric
93badfa1f2 Merge ^/head r305687 through r305890. 2016-09-16 20:49:12 +00:00
Oleksandr Tymoshenko
2b3f6d6650 Add evdev protocol implementation
evdev is a generic input event interface compatible with Linux
evdev API at ioctl level. It allows using unmodified (apart from
header name) input evdev drivers in Xorg, Wayland, Qt.

This commit has only generic kernel API. evdev support for individual
hardware drivers like ukbd, ums, atkbd, etc. will be committed later.

Project was started by Jakub Klama as part of GSoC 2014. Jakub's
evdev implementation was later used as a base, updated and finished
by Vladimir Kondratiev.

Submitted by:	Vladimir Kondratiev <wulf@cicgroup.ru>
Reviewed by:	adrian, hans
Differential Revision:	https://reviews.freebsd.org/D6998
2016-09-11 18:56:38 +00:00
Dimitry Andric
a75e9a0239 Merge ^/head r305623 through r305686. 2016-09-10 17:00:08 +00:00
Jung-uk Kim
3f65d720c3 Add new directories added in r305626 to fix "make installworld". 2016-09-08 21:59:34 +00:00
Dimitry Andric
d002f039ae Merge ^/head r305431 through r305622. 2016-09-08 18:15:36 +00:00
Enji Cooper
cb5fe245b1 Move tests/sys/kqueue/... to tests/sys/kqueue/libkqueue/...
This is being done to clearly distinguish the libkqueue tests
from the (soon to be imported) NetBSD tests.

MFC after:	58 days
Sponsored by:	EMC / Isilon Storage Division
2016-09-06 08:45:29 +00:00
Dimitry Andric
491cdc1b53 Merge ^/head r304700 through r304884. 2016-08-27 09:40:29 +00:00
Cy Schubert
eb27c4c0e9 Remove the gratuitous check for $FreeBSD$ and rename the function
to ntpd_init_leapfile, to ensure a copy exists in /var/db if a copy
isn't already there.

Reported by:	ache@
MFC after:	1 day
2016-08-25 13:24:11 +00:00
Cy Schubert
05174bd95f Make validation of the leap-seconds file unconditional.
MFC after:	1 day
2016-08-25 03:09:23 +00:00
Cy Schubert
1ac66dd31d Add logic to replace the working ntp leap-seconds file in /var/db
if it contains a $FreeBSD$ header. The header will cause the file
to fail checksum of the hash causing ntpd to ignore the file.

MFC after:	1 day
2016-08-25 02:58:41 +00:00
Cy Schubert
0a8083a658 Change the algorithm by which /var/db/leap-seconds is updated.
1. Use the leap-seconds version number (update time) to determine
   whether to update the file or not.

2. If the version numbers of the files is the same, use the later
   expiry date to determine which file to use.

Suggested by:	ian@
MFC after:	1 day
2016-08-25 02:45:52 +00:00
Cy Schubert
383236844f Revert r298887 (spelling fix) and remove $FreeBSD$ because text changes
to leap-seconds invaldidates validation hash at the end of the file.

Remove svn:keywords and replace with fbsd:nokeywords=yes to
support this change.

MFC after:	1 day
2016-08-25 02:40:14 +00:00
Allan Jude
335906de4b Increase the default rotation threshold of log files from 100kb to 1000kb
Submitted by:	Sean Kelly <smkelly@freebsd.org>
Differential Revision:	https://reviews.freebsd.org/D6792
2016-08-24 23:02:20 +00:00
Dimitry Andric
65e1b13807 Merge ^/head r304236 through r304536. 2016-08-20 18:52:03 +00:00
John Baldwin
5d41c20b85 Remove stale drivers (amd(4) and asr(4)) from the SCSI controller regex. 2016-08-19 22:05:22 +00:00
John Baldwin
64450fdf48 Remove the wds(4) driver for the WD700 ISA SCSI HBA.
While this driver does do DMA, it bounce buffers all transactions through
a single 64k buffer.  It also does not have a manpage.

Relnotes:	yes
2016-08-19 21:51:42 +00:00
Dimitry Andric
7fff4413af Update build glue for clang and the llvm/clang extras. 2016-08-19 17:55:34 +00:00
Mark Johnston
5968c00154 Regenerate DTrace tests. 2016-08-16 02:34:25 +00:00
Alan Somers
55f27b093d Decrease the anti-congestion sleep in 480.leapfile-ntpd to 1 hour
24 hours is too long. Periodic scripts are executed serially, so when
combined with the sleep in 410.pkg-audit periodic could actually take more
than 24 hours and block the next invocation.

Reviewed by:	cy
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D7481
2016-08-15 14:58:25 +00:00
Xin LI
ed1202fc80 Now that the portsnap buildbox is generating the raw bits for INDEX-12,
add it to the set of INDEX files built by portsnap.

Switch to INDEX-12 for head/.
2016-08-14 05:18:38 +00:00
Devin Teske
d23b7f655c Allow enforce_statfs (see jail(8)) to be set per jail
Reviewed by:	jelischer
MFC after:	3 days
2016-08-10 23:24:21 +00:00
Dag-Erling Smørgrav
af8ee1391d Disable DSA again.
MFC after:	3 days
2016-08-03 16:34:20 +00:00
Bryan Drewery
bd4dcc3e5f Move chown tests to proper path
Sponsored by:	EMC / Isilon Storage Division
2016-07-23 05:49:18 +00:00
Cy Schubert
e0633de05a Update leap-seconds to leap-seconds.3676752000.
As per https://datacenter.iers.org/web/guest/eop/-/somos/5Rgv/latest/16:

                                  UTC TIME STEP
                            on the 1st of January 2017

 A positive leap second will be introduced at the end of December 2016.
 The sequence of dates of the UTC second markers will be:

                          2016 December 31, 23h 59m 59s
                          2016 December 31, 23h 59m 60s
                          2017 January   1,  0h  0m  0s

 The difference between UTC and the International Atomic Time TAI is:

  from 2015 July 1, 0h UTC, to 2017 January 1 0h UTC   : UTC-TAI = - 36s
  from 2017 January 1, 0h UTC, until further notice    : UTC-TAI = - 37s

Obtained from:	ftp://tycho.usno.navy.mil/pub/ntp/leap-seconds.3676752000
See also:	https://www.iers.org/SharedDocs/News/EN/BulletinC.html
	https://datacenter.iers.org/web/guest/eop/-/somos/5Rgv/latest/16
MFC after:	1 week
Relnotes:	yes
2016-07-21 19:27:04 +00:00
Jamie Gritton
106efceff3 Start jails non-parallel if jail_parallel_start is NO. This was true
for an explicitly specified jail list; now it's also true for all jails.

PR:		209112
MFC after:	3 days
2016-07-14 20:17:08 +00:00
Jamie Gritton
e25520bab3 Wait for jails to complete startup if jail_parallel_start is YES,
instead of assuming they'll take less than one second.

PR:		203172
Submitted by:	dmitry2004@yandex.ru
2016-07-14 19:51:54 +00:00
Cy Schubert
8cabd541f7 Restore lost comment from r301295.
PR:		211027
Reported by:	Trond.Endrestol@ximalas.info
Pointy hat to:	cy@ (me)
MFC after:	3 days
2016-07-14 01:16:07 +00:00
Mark Johnston
ba3c9fc45c Remove more references to mroute6d, which was removed in r298512. 2016-07-14 00:41:37 +00:00
Baptiste Daroussin
3cf6509d70 Posixify the locales name for variants
For all locales with variants:
- if no ambiguity on the locale (only one variant) just use the regular name
- if ambiguity, pick one as default and append @<variant> to the others
  respecting POSIX

As a result:
- All the 3 components locales added recently are renamed to the usual 2
  components version for all but sr_RS.UTF-8
- Set sr_RS.UTF-8 to the cyrillic variant
- Add sr_RS.UTF-8@latin
- Remove the symlinks aliases they were created to represent the 2 components
  version as aliasas and are now useless
- Update the OptionalObsoleteFiles.inc and ObsoleteFiles.inc to reflect those
  changes

Discussed with:	ache@
Approved by:	re@ (gjb)
2016-07-03 18:21:11 +00:00
Baptiste Daroussin
87dd365e3d Remove reference to mroute6d in /etc/netstart.
mroute6d has been removed in r298512.

PR:		209405
Submitted by:	Trond.Endrestol@ximalas.info
Approved by:	re (gjb)
2016-06-25 12:54:27 +00:00
Kurt Lidl
cc4eb1ea10 Add support for a /etc/defaults/vendor.conf override file
Reviewed by:	stas, imp
Approved by:	re (gjb)
Differential Revision:	https://reviews.freebsd.org/D6895
2016-06-23 19:37:00 +00:00
Warner Losh
f24c011beb Commit the bits of nda that were missed. This should fix the build.
Approved by: re@
2016-06-10 06:04:53 +00:00
Mark Johnston
714ac00292 Implement an NSS backend for netgroups and add getnetgrent_r(3).
This support appears to have been documented in nsswitch.conf(5) for some
time. The implementation adds two NSS netgroup providers to libc. The
default, compat, provides the behaviour documented in netgroup(5), so this
change does not make any user-visible behaviour changes. A files provider
is also implemented.

innetgr(3) is implemented as an optional NSS method so that providers such
as NIS which are able to implement efficient reverse lookup can do so.
A fallback implementation is used otherwise. getnetgrent_r(3) is added for
convenience and to provide compatibility with glibc and Solaris.

With a small patch to net/nss_ldap, it's possible to specify an ldap
netgroup provider, allowing one to query nisNetgroupTriple entries.

Sponsored by:	EMC / Isilon Storage Division
2016-06-09 01:28:44 +00:00
Enji Cooper
cadd473c52 Fix typo with description for $ipv6_cpe_wanif (upstram -> upstream)
MFC after: 3 days
PR: 210146
Reported by: Sean M. Collins <sean@coreitpro.com>
Sponsored by: EMC / Isilon Storage Division
2016-06-08 18:38:48 +00:00
Kurt Lidl
c0759dac0d Separate BLACKLIST vs BLACKLIST_SUPPORT properly
Sponsored by:	The FreeBSD Foundation
2016-06-07 16:31:03 +00:00
Kurt Lidl
00dc8270d5 Turn off blacklistd daemon in defaults
Reported by:	Matteo Riondato ( matteo @ FreeBSD.org )
Reviewed by:	rpaulo
Approved by:	rpaulo
Relnotes:	YES
Sponsored by:	The FreeBSD Foundation
2016-06-06 17:01:35 +00:00
Marcelo Araujo
3f708a3203 Connect ypldap(8) script on Makefile, forgotten on my previous commit r301480. 2016-06-06 04:13:49 +00:00
Marcelo Araujo
46b6ecf257 Add rc.d script for ypldap(8). 2016-06-06 03:55:00 +00:00
Marcelo Araujo
3191e5717d Install/Connect ypldap.conf(5) on examples. 2016-06-06 02:43:41 +00:00
Cy Schubert
2712f5b016 Enable daily_ntpd_leapfile_enable by default. Otherwise an expired
leapfile will be ignored and ntpd will behave as if it has no
leapfile.

While here, remove an extraneous blank line.

Suggested by:	ache
MFC after:	1 week
2016-06-04 01:01:46 +00:00
Kurt Lidl
95856e1457 Add basic blacklist build support
Reviewed by:	rpaulo
Approved by:	rpaulo
Relnotes:	YES
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5913
2016-06-02 19:06:04 +00:00
Alan Somers
6761eb4b11 Fix exit status of "service routing start <af> <iface>"
etc/rc.d/routing
	Ignore the exit status of options_{inet,inet6,atm}. It's
	meaningless.

Reviewed by:	hrs
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6687
2016-06-02 15:31:24 +00:00
Glen Barber
ea580d0b45 Revert r301137 and r301163, and implement a correct fix
for the CONFS issue with dma.conf and ppp.conf.

Thank you very much to Bryan Drewery for looking into the
problem and providing this fix.

Pointyhat:	gjb
Sponsored by:	The FreeBSD Foundation
2016-06-01 20:44:28 +00:00
Glen Barber
d1900df6cc Implement a hack to re-enable installation of the dma.conf.
The 'CONFS' entries in share/mk/bsd.confs.mk explicitly check
for the 'installconfig', but does not behave properly with the
'distribute' target.

This seems to be related to the previously-reported issues
with files within /etc in the past.

Reported by:	Ben Woods
Sponsored by:	The FreeBSD Foundation
2016-06-01 20:06:55 +00:00
Glen Barber
efe50fa18a Revert r289096:
Files listed in 'CONFS' are not properly included in new
installations (missing from base.txz), for reasons I still
do not fully understand.

This reverts the change excluding /etc/ppp/ppp.conf from
a new installation.  /etc/dma/dma.conf is also affected,
but requires a different solution, still being investigated.

Reported by:	Ben Woods
Sponsored by:	The FreeBSD Foundation
2016-06-01 16:45:08 +00:00
Cy Schubert
054b92544e Don't rely on $ntpd_enable to periodically fetch the latest
leapfile.

Suggested by:	cperciva
MFC after:	1 week
2016-06-01 04:37:43 +00:00
Eric van Gyzen
dd6aada336 Fix indentation in dhclient rc.d script 2016-05-31 18:40:47 +00:00
Edward Tomasz Napierala
92fa6c540c Cosmetics: add missing space after the ':' in etc/rc.d/random.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-05-31 08:31:34 +00:00
Enji Cooper
1b2b34583e Fix circular dependency created after r287197 between ldconfig and mountcritremote
ldconfig is already required by mountcritremote indirectly, as noted by rcorder:

> rcorder: Circular dependency on provision `mountcritremote' in file `ldconfig'.

Having mountcritremote REQUIRE ldconfig breaks dependency ordering.

Making the ldconfig hints be conditionally regenerated from mountcritremote when
remote filesystems are mounted is done after this change, similar to cleanvar
being conditionally called after the change.

Differential Revision: https://reviews.freebsd.org/D6621
PR: 202726
Reviewed by: jilles
Sponsored by: EMC / Isilon Storage Division
2016-05-30 19:59:51 +00:00
Enji Cooper
08f9163b69 Make netif REQUIRE hostid
As noted in the PR, if etc/rc.d/zvol is removed, netif will be run before
hostid, and the MAC address generated for any bridge devices will be
non-deterministic. Make the MAC address generated be deterministic for
bridge devices by explicitly REQUIRE'ing hostid.

This fixes up the rest of the PR, inadvertently committed in r299844

MFC after: 1 week
PR: 195188
Sponsored by: EMC / Isilon Storage Division
2016-05-29 02:59:03 +00:00
Enji Cooper
51da679955 Fix "make installworld" with MK_CDDL == no after r300906 by
adding a missing entry for ${TESTSBASE}/cddl/sbin

X-MFC with: r300906
Pointyhat to: asomers
Reported by: Shawn Webb <shawn.webb@hardenedbsd.org>
Sponsored by: EMC / Isilon Storage Division
2016-05-29 01:38:12 +00:00
Alan Somers
7a0c41d5d7 zfsd(8), the ZFS fault management daemon
Add zfsd, which deals with hard drive faults in ZFS pools. It manages
hotspares and replements in drive slots that publish physical paths.

cddl/usr.sbin/zfsd
	Add zfsd(8) and its unit tests

cddl/usr.sbin/Makefile
	Add zfsd to the build

lib/libdevdctl
	A C++ library that helps devd clients process events

lib/Makefile
share/mk/bsd.libnames.mk
share/mk/src.libnames.mk
	Add libdevdctl to the build. It's a private library, unusable by
	out-of-tree software.

etc/defaults/rc.conf
	By default, set zfsd_enable to NO

etc/mtree/BSD.include.dist
	Add a directory for libdevdctl's include files

etc/mtree/BSD.tests.dist
	Add a directory for zfsd's unit tests

etc/mtree/BSD.var.dist
	Add /var/db/zfsd/cases, where zfsd stores case files while it's shut
	down.

etc/rc.d/Makefile
etc/rc.d/zfsd
	Add zfsd's rc script

sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev.c
	Fix the resource.fs.zfs.statechange message. It had a number of
	problems:

	It was only being emitted on a transition to the HEALTHY state.
	That made it impossible for zfsd to take actions based on drives
	getting sicker.

	It compared the new state to vdev_prevstate, which is the state that
	the vdev had the last time it was opened.  That doesn't make sense,
	because a vdev can change state multiple times without being
	reopened.

	vdev_set_state contains logic that will change the device's new
	state based on various conditions.  However, the statechange event
	was being posted _before_ that logic took effect.  Now it's being
	posted after.

Submitted by:	gibbs, asomers, mav, allanjude
Reviewed by:	mav, delphij
Relnotes:	yes
Sponsored by:	Spectra Logic Corp, iX Systems
Differential Revision:	https://reviews.freebsd.org/D6564
2016-05-28 17:43:40 +00:00
Alan Somers
30da687794 Always create loopback routes on every fib
Always create loopback routes on every fib, for both IPv4 and IPv6

etc/rc.d/routing
	Create loopback IPv4 and IPv6 routes on every fib at boot. Revert
	278302; now that all FIBs have IPv6 loopback routes, the
	"route add -reject" commands won't fail.

tests/etc/rc.d/routing_test.sh
	Greatly simplify static_ipv6_loopback_route_for_each_fib. It was
	written under the assumption that loopback routes would be added to
	a given fib by the kernel as soon as an interface is configured on
	that fib. However, the logic can be much simpler now that we simply
	add loopback routes to all fibs at boot. This also removes the need
	to run the test as root, removes the restriction that
	net.add_addr_allfibs=0, and removes the need to configure fibs in
	kyua.conf.

	Also, add a test case for IPv4 loopback routes

Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6582
2016-05-27 22:40:40 +00:00
Cy Schubert
3f9e9f234e Use the expiry date to determine whether to replace the DB copy of
leapfile instead of using the leapfile serial number (create
timestamp).

PR:		209577
MFC after:	3 days
2016-05-25 01:35:02 +00:00
Alan Somers
c5b5b50ded Better document security_show_{success,info,badconfig} in /etc/periodic.conf
periodic(8) already handles the security_show_{success,info,badconfig}
variables correctly. However, those variables aren't explicitly set in
/etc/defaults/periodic.conf or anywhere else, which suggests to the user
that they shouldn't be used.

etc/defaults/periodic.conf
	Explicitly set defaults for security_show_{success,info,badconfig}

usr.sbin/periodic/periodic.sh
	Update usage string

usr.sbin/periodic/periodic.8
	Minor man page updates

One thing I'm _not_ doing is recommending setting security_output to
/var/log/security.log or adding that file to /etc/newsyslog.conf, because
periodic(8) would create it with default permissions, usually 644, and
that's probably a bad idea.

Reviewed by:	brd
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6477
2016-05-21 02:14:11 +00:00
George V. Neville-Neil
71957470d5 Remove DTrace tooklkit from the mtree and add the files to remove
to the ObsoleteFiles list.

Sponsored by:	DARPA, AFRL
2016-05-20 01:38:31 +00:00
Cy Schubert
005bba27dc Update leap-seconds to leap-seconds.3661459200.
NO leap second will be introduced at the end of June 2016.

This commit reapplies the r298887 minor spelling fix.

Obtained from:	ftp://tycho.usno.navy.mil/pub/ntp/.
See also:	http://www.iers.org/SharedDocs/News/EN/BulletinC.html
MFC after:	2 weeks
2016-05-19 03:56:07 +00:00
Enji Cooper
73ffff5f64 Make hostid_save depend on hostid
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 06:00:13 +00:00
Enji Cooper
322c831d0c Fix broken dependency with routed when MK_ROUTED != no
Remove routed as a requirement in NETWORKING, and put it in routed as a BEFORE
requirement instead

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 05:45:54 +00:00
Enji Cooper
904bea8330 Conditionalize installing etc/rc.d/atm{1,2,3}
`BEFORE: netif` was already in etc/rc.d/atm1, so no additional changes
are needed in that script

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 05:38:47 +00:00
Enji Cooper
0648b47f06 Conditionalize etc/rc.d/{zfs,zvol} install on MK_ZFS != no
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 04:39:36 +00:00
Enji Cooper
7e7d2a6f50 Make FILESYSTEMS, dumpon, and var not depend on zfs and zvol
Make zfs and zvol come before all of the items that depended on them
previously

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2016-05-15 04:38:50 +00:00
Enji Cooper
142e7499c5 Reduce redundancy after release-pkg merge to head in r298107
- Use BINDIR instead of FILESDIR
- Default all <FILESGROUPS>MODEs to BINMODE with a single for-loop at the
  bottom of the Makefile
- Move all of the conditionals under the relevant MK_* != no build conditional
  blocks

Sponsored by: EMC / Isilon Storage Division
2016-05-15 04:19:50 +00:00
Eric van Gyzen
079171874c iconvctl(3): remove superfluous NULL pointer tests
convname and dst are guaranteed to be non-NULL by iconv_open(3).
src is an array. Remove these tests for NULL pointers.
While I'm here, eliminate a strlcpy with a correct but suspicious-looking
calculation for the third parameter (i.e. not a simple sizeof).
Compare the strings in-place instead of copying.

Found by:	bdrewery
Found by:	Coverity
CID:		1130050, 1130056
MFC after:	3 days
Sponsored by:	Dell Inc.
Differential Revision:	 https://reviews.freebsd.org/D6338
2016-05-14 00:35:35 +00:00
Martin Matuska
cdf63a700c MFV r299425:
Update libarchive to 3.2.0

New features:
- new bsdcat command-line utility
- LZ4 compression (in src only via external utility from ports)
- Warc format support
- 'Raw' format writer
- Zip: Support archives >4GB, entries >4GB
- Zip: Support encrypting and decrypting entries
- Zip: Support experimental streaming extension
- Identify encrypted entries in several formats
- New --clear-nochange-flags option to bsdtar tries to remove noschg and
  similar flags before deleting files
- New --ignore-zeros option to bsdtar to handle concatenated tar archives
- Use multi-threaded LZMA decompression if liblzma supports it
- Expose version info for libraries used by libarchive

Patched files (fixed compiler warnings):

contrib/libarchive/cat/bsdcat.c (vendor PR #702)
contrib/libarchive/cat/bsdcat.h (vendor PR #702)
contrib/libarchive/libarchive/archive_read_support_format_mtree.c (PR #701)
contrib/libarchive/libarchive_fe/err.c (vendor PR #703)

MFC after:	1 month
Relnotes:	yes
2016-05-12 10:16:16 +00:00
Benedict Reuschling
ebf75b599a Capitalize "LDAP" in the description field of the _ypldap entry.
Reviewed by:	bapt
MFC after:	5 days
Differential Revision:	https://reviews.freebsd.org/D5267
2016-05-10 12:47:36 +00:00
Edward Tomasz Napierala
6e9bf96d6f Refactor the root mount hold code and add the wait to etc/rc.d/fsck.
This fixes mounting (non-root) USB drives on boot with fsck enabled
(with non-zero 'Pass#' field in fstab(5)).

Reported by:	Graham Menhennitt <graham at menhennitt.com.au>
Reviewed by:	jilles@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D6221
2016-05-10 08:44:44 +00:00
Jilles Tjoelker
1f9b8f8e0d install: Add some tests. 2016-05-08 21:11:24 +00:00
Rick Macklem
90ce51106e Make "-S" a default option for mountd.
After a discussion on freebsd-fs@ there seemed to be a consensus that
the "-S" option for mountd should become the default.
Since the only known issue w.r.t. using "-S" was fixed by r299201,
this commit adds "-S" to the default mountd_flags.

Discussed on:	freebsd-fs
PR:		9619, 131342, 206855
MFC after:	2 weeks
Relnotes:	yes
2016-05-08 20:10:22 +00:00
Enji Cooper
9941801f1e Only install etc/rc.d/{rfcomm_pppd_server,sdpd} if MK_BLUETOOTH != no
These are bluetooth specific services

MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2016-05-06 09:18:09 +00:00
Alan Somers
8907f744ff Improve performance and functionality of the bitstring(3) api
Two new functions are provided, bit_ffs_at() and bit_ffc_at(), which allow
for efficient searching of set or cleared bits starting from any bit offset
within the bit string.

Performance is improved by operating on longs instead of bytes and using
ffsl() for searches within a long. ffsl() is a compiler builtin in both
clang and gcc for most architectures, converting what was a brute force
while loop search into a couple of instructions.

All of the bitstring(3) API continues to be contained in the header file.
Some of the functions are large enough that perhaps they should be uninlined
and moved to a library, but that is beyond the scope of this commit.

sys/sys/bitstring.h:
        Convert the majority of the existing bit string implementation from
        macros to inline functions.

        Properly protect the implementation from inadvertant macro expansion
        when included in a user's program by prefixing all private
        macros/functions and local variables with '_'.

        Add bit_ffs_at() and bit_ffc_at(). Implement bit_ffs() and
        bit_ffc() in terms of their "at" counterparts.

        Provide a kernel implementation of bit_alloc(), making the full API
        usable in the kernel.

        Improve code documenation.

share/man/man3/bitstring.3:
        Add pre-exisiting API bit_ffc() to the synopsis.

        Document new APIs.

        Document the initialization state of the bit strings
        allocated/declared by bit_alloc() and bit_decl().

        Correct documentation for bitstr_size(). The original code comments
        indicate the size is in bytes, not "elements of bitstr_t". The new
        implementation follows this lead. Only hastd assumed "elements"
        rather than bytes and it has been corrected.

etc/mtree/BSD.tests.dist:
tests/sys/Makefile:
tests/sys/sys/Makefile:
tests/sys/sys/bitstring.c:
        Add tests for all existing and new functionality.

include/bitstring.h
	Include all headers needed by sys/bitstring.h

lib/libbluetooth/bluetooth.h:
usr.sbin/bluetooth/hccontrol/le.c:
        Include bitstring.h instead of sys/bitstring.h.

sbin/hastd/activemap.c:
        Correct usage of bitstr_size().

sys/dev/xen/blkback/blkback.c
        Use new bit_alloc.

sys/kern/subr_unit.c:
        Remove hard-coded assumption that sizeof(bitstr_t) is 1.  Get rid of
        unrb.busy, which caches the number of bits set in unrb.map.  When
        INVARIANTS are disabled, nothing needs to know that information.
        callapse_unr can be adapted to use bit_ffs and bit_ffc instead.
        Eliminating unrb.busy saves memory, simplifies the code, and
        provides a slight speedup when INVARIANTS are disabled.

sys/net/flowtable.c:
        Use the new kernel implementation of bit-alloc, instead of hacking
        the old libc-dependent macro.

sys/sys/param.h
        Update __FreeBSD_version to indicate availability of new API

Submitted by:   gibbs, asomers
Reviewed by:    gibbs, ngie
MFC after:      4 weeks
Sponsored by:   Spectra Logic Corp
Differential Revision:  https://reviews.freebsd.org/D6004
2016-05-04 22:34:11 +00:00
John Baldwin
cf05aafc7e Add a debug dir for /boot/modules.
This provides a place for standalone modules to store debug symbols.

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D6190
2016-05-03 18:26:07 +00:00
Pedro F. Giffuni
f2730d1d65 etc: minor spelling fixes.
Mostly comments but these tend to be user-visible.

MFC after:	2 weeks
2016-05-01 16:43:22 +00:00
Peter Wemm
47041448c0 Fix incorrect permissions for /etc/rc.d/sendmail in fallout from
release-pkg merge.
2016-04-30 19:01:51 +00:00
Enji Cooper
4cdbb1c0bf Make SERVERS REQUIRE clean when MK_KERBEROS==no
Make kdc run BEFORE SERVERS instead of being REQUIREd by SERVERS,
so systems that pedantically check REQUIREs function after r270782

MFC after: 1 week
X-MFC with: r270782
Sponsored by: EMC / Isilon Storage Division
2016-04-30 09:50:08 +00:00
Baptiste Daroussin
e6ff0a002c Add sdiff test directory to the tests mtree 2016-04-30 06:37:32 +00:00
Baptiste Daroussin
7f5ddefe05 Add a savecore_enable variable support for the savecore rc script
By default set to 'YES' so it does not change the current behaviour for users,
this variable allows to decide to not extract crach dumps from the dump
device at boot time by setting it to "NO" in rc.conf.

Sponsored by:	Gandi.net
2016-04-29 12:23:56 +00:00
Hans Petter Selasky
d308a222e9 Regenerate usb.conf .
MFC after:	1 week
2016-04-29 12:00:36 +00:00
Lars Engels
72e733c5b1 Fix duplicate "name" variable that sneaked in with the rc description commit.
Approved by:	jhibbits
2016-04-24 19:25:11 +00:00
Stefan Eßer
f732131386 Fix typo (forgotten "=" after desc). 2016-04-24 12:07:44 +00:00
Jens Schweikhardt
9b3940931d Cosmetics: - no need to escape the newline after '|'
- parenthesize the "case" string for symmetry and improved
             search for matching paren (e.g. with vi's %)
2016-04-24 10:52:59 +00:00
Jamie Gritton
abfdc877c6 Don't remove the /var/run/jail_name.id file if a jail fails to start.
This messes up ezjail (and possibly others), when attempting to start
a jail that already exists.

PR:		208806
Reviewed by:	tj
MFC after:	5 days
2016-04-23 16:23:01 +00:00
Lars Engels
1980d11b5f - Add two new subcommands to rc.subr:
"describe" shows an rc script's description
  "extracommands" shows an rc script's non-standard commands like "reload", "configtest", "keygen", etc
- Update the rc(8) manpage and the tcsh(1) completion examples to reflect these changes

Approved by:	bapt
Sponsored by:	Essen Linuxhotel Hackathon 2016
Differential Revision:	D452
2016-04-23 16:19:34 +00:00
Lars Engels
6c1a5e837d - Add descriptions to most of the rc scripts. Those are mostly taken from their
daemon's manpage and probably improved.
- Consistently use "filesystem" not "file system".

Approved by:	bapt, brueffer
Differential Revision:	D452
2016-04-23 16:10:54 +00:00
Baptiste Daroussin
49817d14f1 Remove mroute6d rc script
It is directly available via ports (pim6dd which provides the needed rc script)

Reported by:	lme
Sponsored by:	Essen Hackathon 2016
2016-04-23 13:24:45 +00:00
Alan Somers
83e2bfb685 Add ATF tests for usr.sbin/extattr
Add ATF tests for the existing behavior of setextattr, rmextattr, lsextattr,
and getextattr.

Reviewed by:	ngie
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D5889
2016-04-22 17:02:47 +00:00
Peter Wemm
e8c6a8339f Turn ssh_host_dsa_key back on until PR#208254 is taken care of. 2016-04-17 03:57:37 +00:00
Glen Barber
b40fde96d2 Fix etcupdate(8) with rc.sendmail and devd/*. It turns out
BIN1 and such in etc/* cannot use FILESGROUPS.

Reported by:	peter
Sponsored by:	The FreeBSD Foundation
2016-04-17 03:45:45 +00:00
Baptiste Daroussin
6d8d675d7d Remove Big5HKSCS entries from mtree
Reported by:	ache
2016-04-16 20:42:51 +00:00
Glen Barber
d60840138f MFH
Sponsored by:	The FreeBSD Foundation
2016-04-04 23:55:32 +00:00
Kristof Provost
2f396d3cc3 pf: Friendly error message for status if pf.ko is not loaded
Check if pf.ko is loaded (i.e. /dev/pf exists) before trying to use it. This
means that '/etc/rc.d/pf status' will no longer return 'pfctl: /dev/pf: No such
file or directory' but 'pf.ko is not loaded'.

PR:		205671
Submitted by:	Johannes Jost Meixner <xmj@FreeBSD.org>
2016-03-27 17:22:27 +00:00
Jilles Tjoelker
938e6bb267 rc.d: Make msgs a proper rc.d script.
PR:		207149
Reported by:	Jonathan de Boyne Pollard
2016-03-27 16:27:49 +00:00
Edward Tomasz Napierala
e299e01f56 Make the autofs(5) -hosts map more robust, primarily to make it correctly
handle NFS shares containing whitespace. This also adds the -E parameter
to showmount(8).

Reviewed by:	emaste@, jhibbits@, wblock@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D5649
2016-03-23 12:13:53 +00:00
Edward Tomasz Napierala
0b1b2722bf Add a special case for NTFS to the -media autofs(5) map.
Submitted by:	lme@ (earlier version)
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-03-18 09:54:09 +00:00
Warner Losh
486607d0b6 Just install ar5523.bin into /usr/share/firmware and stop compiling it
in.

Differential Review: https://reviews.freebsd.org/D5639
2016-03-15 04:42:37 +00:00
Edward Tomasz Napierala
94e900c6cd Restore accidentaly removed comment line.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-03-14 18:57:09 +00:00
Glen Barber
538354481e MFH
Sponsored by:	The FreeBSD Foundation
2016-03-14 18:54:29 +00:00
Edward Tomasz Napierala
0cae9d3d4a Fix autofs handling of filesystem labels containing plus signs and slashes.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-03-14 17:45:39 +00:00
Ian Lepore
e282d8f5bc Require firewall setup before running rc.d/netwait, otherwise the ping
packets sent by netwait may not get through.

PR:		207916
Submitted by:	John.Marshall@riverwillow.com.au (ipfw), ian@ (pf, ipfilter)
2016-03-13 19:42:59 +00:00
Konstantin Belousov
250d9fd8aa Fix handling of umtxp resource limit in sh(1)/ulimit(1), limits(1), add
login.conf(5) support.

Reviewed by:	jilles
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D5610
2016-03-12 14:54:34 +00:00
Bryan Drewery
b7d28aff10 META_MODE: Simplify the META_COOKIE handling to use .USE/.USEBEFORE.
Extend it to other cases of meta mode cookies so they get the proper rm
cookie behavior when a .meta file detects it needs to rebuild and fails.

Sponsored by:	EMC / Isilon Storage Division
2016-03-11 23:45:28 +00:00
Bryan Drewery
d5cc057985 DIRDEPS_BUILD: Fix staging of share/sendmail and share/examples.
Sponsored by:	EMC / Isilon Storage Division
2016-03-11 23:45:09 +00:00