Commit Graph

5655 Commits

Author SHA1 Message Date
Colin Percival
b6ae696fc9 The rc system aggressively caches the contents of /etc/rc.conf in order to
improve boot performance; this produces arguably astonishing (non-)results
if /etc/rc.conf is modified during the boot process.

Since performance considerations make it infeasible to automatically detect
if the cached /etc/rc.conf parameters should be invalidated, provide a
mechanism for explicitly requesting that /etc/rc.conf be reloaded: Catch
SIGALRM and reload /etc/rc.conf if it is received.

Discussed on:	freebsd-rc
MFC after:	3 days
2013-12-03 21:55:57 +00:00
Eitan Adler
c9f609a92f Add DragonFly BSD fingerprints to pf.os
Obtained From:	DragonFly BSD (commit 321b0bb006b0857d2c212dc8cd12a36d750bcf9a)
2013-12-03 04:32:02 +00:00
Eitan Adler
326f183e4b Add an autologin entry for the console.
Obtained From:	DragonFly BSD (commit f95025e8c9a4471edb610557263b12acd8e7fb3a)
2013-12-03 04:13:55 +00:00
Eitan Adler
edf06f9a53 Add Veritas NetBackup
Obtained From:	DragonFly BSD
2013-12-03 04:03:19 +00:00
Eitan Adler
67e7600bcc Add the Short Message Peer-to-Peer protocol
PR:		conf/183398
Submitted by:	olgeni
2013-12-03 03:57:22 +00:00
Pawel Jakub Dawidek
42a8595256 Please welcome casperd daemon. It (and its services) will be responsible for
giving access to functionality that is not available in capability mode
sandbox. The functionality can be precisely restricted.

Start with the following services:
- system.dns - provides API compatible to:
	- gethostbyname(3),
	- gethostbyname2(3),
	- gethostbyaddr(3),
	- getaddrinfo(3),
	- getnameinfo(3),
- system.grp - provides getgrent(3)-compatible API,
- system.pwd - provides getpwent(3)-compatible API,
- system.random - allows to obtain entropy from /dev/random,
- system.sysctl - provides sysctlbyname(3-compatible API.

Sponsored by:	The FreeBSD Foundation
2013-12-02 08:21:28 +00:00
Xin LI
45475f1761 Create /var/cache with mode 0755 instead of 0750.
This directory is used by many third party applications and having
permission 0750 makes it impossible to drop group privileges.

MFC after:	3 days
2013-11-26 20:03:25 +00:00
Don Lewis
a2c0f474c4 Regenerate after r258363 (alternate ID for Novatel MiFi 2200) and
r258333 (bus_autoconf.sh tweak).
2013-11-20 02:20:27 +00:00
Mark Johnston
39be692974 Regenerate usb.conf after r258331. 2013-11-19 00:40:38 +00:00
Julio Merino
21203fdd06 Add some sample test programs.
This change adds some sample test cases to share/examples/tests/
demonstrating the basic usage of the atf and plain interfaces.

These test programs are fully-functional and are installed as part
of the test suite, which guarantees that the sample code remains
correct.  However, they currently mostly serve as a placeholder for
additional examples and may be incomplete (depending on how you
look at them).  I will see what else can be useful while working on
documentation.

As a bonus, the addition of these tests exercise the *.test.mk files,
one of which (plain.test.mk) was not yet in use, and also demonstrates
that it's possible to mix different kinds of test programs into the
same test suite.

Approved by:	rpaulo (mentor)
2013-11-18 12:57:46 +00:00
Julio Merino
5efcd27a34 Move all atf directories to the tests mtree.
This is to ensure that test-related directories don't get needlessly
created (and later deleted) when MK_TESTS=no.

Problem found by jhb@.

Approved by:	rpaulo (mentor)
2013-11-16 19:42:40 +00:00
Julio Merino
8496b1293a Install BSD.tests.mtree when MK_TESTS is yes.
Problem found by jhb@.

Approved by:	rpaulo (mentor)
2013-11-16 19:41:04 +00:00
Baptiste Daroussin
63af4435d9 Enabled should be a boolean, not a string
MFC after:	2 days
2013-11-16 15:54:46 +00:00
Josh Paetzel
e2838b315a Add support for multiple instances of ftp-proxy
and pflog devices.

PR:	conf/158171
Submitted by:	Thomas Johnson <tom@claimlynx.com>
2013-11-13 03:50:31 +00:00
John Baldwin
25c58526a3 Revert r257715. This breaks the case where devd isn't running. The
real solution to this is still being discussed and probably won't look
quite like this.
2013-11-12 18:59:23 +00:00
Julio Merino
fba3cde907 Build and install the atf tests.
Reviewed by:	freebsd-testing
Approved by:	rpaulo (mentor)
2013-11-08 14:33:41 +00:00
John Baldwin
765f1c5ae7 Don't explicitly invoke ifn_start on new child interfaces (vaps and
subinterfaces) after they are created.  Interfaces are already started
by devd invoking /etc/pccard_ether when they are created, so the explicit
calls in childif_create() resulted in interfaces being started twice.

Note that interfaces created via cloned_interfaces are not explicitly
started but depend on the devd mechanism already.

MFC after:	1 week
2013-11-05 19:49:53 +00:00
Gleb Smirnoff
3e0f3c1e42 Remove remnants of BIND from /etc, since there is no BIND in base now.
Sorry, that would break users running head and BIND from ports, since
ports rely on these scripts. The ports will be fixed soon.

Reviewed by:	erwin
2013-11-05 09:30:06 +00:00
Bryan Drewery
cecc016791 Use proper capitalization for FreeBSD.org
Approved by:	bapt
MFC after:	2 days
2013-11-05 02:22:04 +00:00
Bryan Drewery
5ca9b3ca8e Enable fingerprint checking as the currently known
fingerprint has an uploaded signature on all mirrors.

Approved by:	bapt
MFC after:	2 days
2013-11-05 02:20:49 +00:00
Baptiste Daroussin
c92d635ad3 After around 20 years of duty it is time for pkg_install to retire 2013-10-31 13:00:35 +00:00
Jeremie Le Hen
a5198c41bc Fix indentation.
MFC after:     4 days
2013-10-29 20:38:19 +00:00
Jeremie Le Hen
1f00510804 Fix compatibility function for old daily_status_security_${name}_enable
variable

PR:	        conf/183137
Reported by:    Adam McDougall <mcdouga9 at egr msu edu>
MFC after:	3 days
2013-10-29 20:35:35 +00:00
Bryan Drewery
8d20be1e22 Move /etc/keys to /usr/share/keys where users are less likely to modify them.
Requested by:	secteam (cperciva, des)
Approved by:	bapt
2013-10-29 15:07:54 +00:00
Gleb Smirnoff
a7a36fea40 Remove more remnants of ng_fec(4).
The ng_create_one() and ng_mkpeer() functions in network.subr are
now not used anywhere, but I left them, since they can be useful
in future in netgraph scripting.

Submitted by:	pluknet
2013-10-28 16:21:31 +00:00
Gleb Smirnoff
75bf2db380 Move new pf includes to the pf directory. The pfvar.h remain
in net, to avoid compatibility breakage for no sake.

The future plan is to split most of non-kernel parts of
pfvar.h into pf.h, and then make pfvar.h a kernel only
include breaking compatibility.

Discussed with:		bz
2013-10-27 16:25:57 +00:00
Bryan Drewery
b8fc65696b Fix indentation
Reported by:	zont
Approved by:	bapt (implicit)
MFC after:	2 days
X-MFC-With:	r257145
2013-10-26 16:19:14 +00:00
Bryan Drewery
a4c821f9b2 Add missing /etc/pkg to BSD.root.dist
Approved by:	bapt
MFC after:	2 days
X-MFC-With:	r257145
2013-10-26 15:02:34 +00:00
Bryan Drewery
914d05f14e Disable fingerprint checking for now as the pkg repository mirrors will
not receive the signature until later this week.

Approved by:	bapt
2013-10-26 14:19:57 +00:00
Bryan Drewery
24a2212906 Add infrastructure for installing pkg(8) keys into /etc/keys/pkg and add
the current test key that packages will be signed with until 10.0-RELEASE.

Approved by:	bapt
Discussed by:	bapt with des
MFC after:	2 days
2013-10-26 03:53:24 +00:00
Bryan Drewery
f12db248e7 Support checking signature for pkg bootstrap.
If the pkg.conf is configured with SIGNATURE_TYPE: FINGERPRINTS,
and FINGERPRINTS: /etc/keys/pkg then a pkg.sig file is fetched along
with pkg.txz. The signature contains the signature provided by the
signing server, and the public key. The .sig is the exact output
from the signing server in the following format:

  SIGNATURE
  <openssl signed>
  CERT
  <rsa public key>
  END

The signature is verified with the following logic:

 - If the .sig file is missing, it fails.
 - If the .sig doesn't validate, it fails.
 - If the public key in the .sig is not in the known trusted fingerprints,
   it fails.
 - If the public key is in the revoked key list, it fails.

Approved by:	bapt
MFC after:	2 days
Discussed by:	bapt with des, jonathan, gavin
2013-10-26 03:43:02 +00:00
Bryan Drewery
bc5e9ac08d Add support for reading configuration files from /etc/pkg.
For now only /etc/pkg/FreeBSD.conf is supported. Its style is:

Repo: {
   URL: "...",
   MIRROR_TYPE: "...",
   ...
}

The configuration will be read from /usr/local/etc/pkg.conf if exists,
otherwise /etc/pkg/FreeBSD.conf

Approved by:	bapt
MFC after: 	2 days
2013-10-26 03:31:05 +00:00
Rui Paulo
e2197f8018 Set up the /usr/tests hierarchy.
Populate /usr/tests with the only test programs that currently live
in the tree (those in lib/libcrypt/tests/) and add all the build
machinery to accompany this change.

In particular:

- Add a WITHOUT_TESTS variable that users can define to request that
  no tests be put in /usr/tests.
- Add a top-level Kyuafile for /usr/tests and a way to create similar
  Kyuafiles in top-level subdirectories.
- Add a BSD.tests.dist file to define the directory layout of
  /usr/tests.

Submitted by:	Julio Merino jmmv google.com
Reviewed by:	sjg
MFC after:	2 weeks
2013-10-25 05:25:19 +00:00
Andrey Zonov
34f41cb067 Cleanup empty directories
PR:	conf/167133
2013-10-24 21:58:14 +00:00
Dag-Erling Smørgrav
c614125e67 Add a reload command.
Reviewed by:	hrs
MFC after:	3 days
2013-10-22 07:44:26 +00:00
Dag-Erling Smørgrav
0be7f787bb Start rtsold if necessary.
Reviewed by:	hrs
MFC after:	3 days
2013-10-22 06:53:01 +00:00
Konstantin Belousov
85a0ddfd0b Add a resource limit for the total number of kqueues available to the
user.  Kqueue now saves the ucred of the allocating thread, to
correctly decrement the counter on close.

Under some specific and not real-world use scenario for kqueue, it is
possible for the kqueues to consume memory proportional to the square
of the number of the filedescriptors available to the process.  Limit
allows administrator to prevent the abuse.

This is kernel-mode side of the change, with the user-mode enabling
commit following.

Reported and tested by:	pho
Discussed with:	jmg
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2013-10-21 16:46:12 +00:00
Hiroki Sato
3ad6f56a5a - Fix jail_parallel_start="YES".
- Fix ip[46].addr when interface parameter is not defined.

Spotted by:	rpaulo
2013-10-21 08:49:46 +00:00
Colin Percival
cabad26453 Add support for "first boot" rc.d scripts. [1]
These scripts, containing
# KEYWORD: firstboot
will only be run if a sentinel file (default: /firstboot, configurable
via the rc.conf ${firstboot_sentinel} variable) exists; this sentinel
file will be deleted at the end of the boot process.

Scripts can request that the system reboot after the first boot by
creating the file ${firstboot_sentinel}-reboot.

This functionality is expected to be useful for embedded systems and
virtual machine images, where it may be desirable to
(a) download and install updates which became available between when
the image was created and when it was "turned on";
(b) download and install packages which may be newer than those
which were available when the image was created;
(c) install packages which run binaries during their install process,
bypassing the problem of cross-architecture installs;
(d) resize filesystems to match the disk onto which a VM image was
installed;
(e) perform initialization tasks relevant to cloud systems (e.g.,
Amazon's Elastic Compute Cloud);
and likely to perform many other one-time initialization functions.

Document this new functionality in rc.conf(5) and rc(8). [2]

Reviewed by:	freebsd-current, freebsd-rc [1]
Reviewed by:	Warren Block [2]
MFC after:	3 days
2013-10-19 21:37:06 +00:00
John-Mark Gurney
ff14d523bb Enable the automatic creation of a certificate (if one does not exists)
and enable the usage by sendmail if sendmail is enabled.  Include and
document knobs to disable this feature and also set the Common Name of
the certificate created.

As the certificate is signed w/ a discarded key, it only helps prevent
Eve, but not Malory from knowing the contents of the emails.

This means that new installs (and people that use the updated freebsd.mc
file) will automaticly have STARTTLS enabled allowing incoming email to
be encrypted in most cases.

Reviewed by:	gshapiro
MFC after:	3 days
Security:	Yes, please.
2013-10-19 18:51:06 +00:00
Dag-Erling Smørgrav
487a635bdc Last few remnants of BIND (hopefully...)
MFC after:	3 days
2013-10-19 10:00:51 +00:00
Hiroki Sato
d3b57253ee - Fix a bug which prevented jails from starting when $jail_conf was used and
no jail name was specified.
- Display error messages when start/stop fails.

Reported by:	swills
2013-10-18 03:44:16 +00:00
Hiroki Sato
b290250058 - Fix "ifname|addr" syntax support in jail_{jname}_ip.
- Create /var/run/jail_{jname}.id because ezjail-admin depends on it.
2013-10-15 04:54:49 +00:00
Hiroki Sato
6fbfa3731b - Normalize jailname. "example.com" is converted to "example_com".
- Fix a bug that some $jail_{jname}_foo variables did not work.
- Fix a bug which prevented $jail_devfs_ruleset from working[1].
- Move $jail_parameters to the last of the configuraiton lines[1].

Reported by:	Jase Thew[1]
Approved by:	re (glebius)
2013-10-14 11:05:13 +00:00
Hiroki Sato
fbd868c9d8 - Add mount.fdescfs parameter to jail(8). This is similar to
mount.devfs but mounts fdescfs.  The mount happens just after
  mount.devfs.

- rc.d/jail now displays whole error message from jail(8) when a jail
  fails to start.

Approved by:	re (gjb)
2013-10-12 17:27:59 +00:00
Mark Murray
cc4d059c03 Merge from project branch. Uninteresting commits are trimmed.
Refactor of /dev/random device. Main points include:

* Userland seeding is no longer used. This auto-seeds at boot time
on PC/Desktop setups; this may need some tweeking and intelligence
from those folks setting up embedded boxes, but the work is believed
to be minimal.

* An entropy cache is written to /entropy (even during installation)
and the kernel uses this at next boot.

* An entropy file written to /boot/entropy can be loaded by loader(8)

* Hardware sources such as rdrand are fed into Yarrow, and are no
longer available raw.

------------------------------------------------------------------------
r256240 | des | 2013-10-09 21:14:16 +0100 (Wed, 09 Oct 2013) | 4 lines

Add a RANDOM_RWFILE option and hide the entropy cache code behind it.
Rename YARROW_RNG and FORTUNA_RNG to RANDOM_YARROW and RANDOM_FORTUNA.
Add the RANDOM_* options to LINT.

------------------------------------------------------------------------
r256239 | des | 2013-10-09 21:12:59 +0100 (Wed, 09 Oct 2013) | 2 lines

Define RANDOM_PURE_RNDTEST for rndtest(4).

------------------------------------------------------------------------
r256204 | des | 2013-10-09 18:51:38 +0100 (Wed, 09 Oct 2013) | 2 lines

staticize struct random_hardware_source

------------------------------------------------------------------------
r256203 | markm | 2013-10-09 18:50:36 +0100 (Wed, 09 Oct 2013) | 2 lines

Wrap some policy-rich code in 'if NOTYET' until we can thresh out
what it really needs to do.

------------------------------------------------------------------------
r256184 | des | 2013-10-09 10:13:12 +0100 (Wed, 09 Oct 2013) | 2 lines

Re-add /dev/urandom for compatibility purposes.

------------------------------------------------------------------------
r256182 | des | 2013-10-09 10:11:14 +0100 (Wed, 09 Oct 2013) | 3 lines

Add missing include guards and move the existing ones out of the
implementation namespace.

------------------------------------------------------------------------
r256168 | markm | 2013-10-08 23:14:07 +0100 (Tue, 08 Oct 2013) | 10 lines

Fix some just-noticed problems:

o Allow this to work with "nodevice random" by fixing where the
MALLOC pool is defined.

o Fix the explicit reseed code. This was correct as submitted, but
in the project branch doesn't need to set the "seeded" bit as this
is done correctly in the "unblock" function.

o Remove some debug ifdeffing.

o Adjust comments.

------------------------------------------------------------------------
r256159 | markm | 2013-10-08 19:48:11 +0100 (Tue, 08 Oct 2013) | 6 lines

Time to eat crow for me.

I replaced the sx_* locks that Arthur used with regular mutexes;
this turned out the be the wrong thing to do as the locks need to
be sleepable. Revert this folly.

# Submitted by:	Arthur Mesh <arthurmesh@gmail.com> (In original diff)

------------------------------------------------------------------------
r256138 | des | 2013-10-08 12:05:26 +0100 (Tue, 08 Oct 2013) | 10 lines

Add YARROW_RNG and FORTUNA_RNG to sys/conf/options.

Add a SYSINIT that forces a reseed during proc0 setup, which happens
fairly late in the boot process.

Add a RANDOM_DEBUG option which enables some debugging printf()s.

Add a new RANDOM_ATTACH entropy source which harvests entropy from the
get_cyclecount() delta across each call to a device attach method.

------------------------------------------------------------------------
r256135 | markm | 2013-10-08 07:54:52 +0100 (Tue, 08 Oct 2013) | 8 lines

Debugging. My attempt at EVENTHANDLER(multiuser) was a failure; use
EVENTHANDLER(mountroot) instead.

This means we can't count on /var being present, so something will
need to be done about harvesting /var/db/entropy/... .

Some policy now needs to be sorted out, and a pre-sync cache needs
to be written, but apart from that we are now ready to go.

Over to review.

------------------------------------------------------------------------
r256094 | markm | 2013-10-06 23:45:02 +0100 (Sun, 06 Oct 2013) | 8 lines

Snapshot.

Looking pretty good; this mostly works now. New code includes:

* Read cached entropy at startup, both from files and from loader(8)
preloaded entropy. Failures are soft, but announced. Untested.

* Use EVENTHANDLER to do above just before we go multiuser. Untested.

------------------------------------------------------------------------
r256088 | markm | 2013-10-06 14:01:42 +0100 (Sun, 06 Oct 2013) | 2 lines

Fix up the man page for random(4). This mainly removes no-longer-relevant
details about HW RNGs, reseeding explicitly and user-supplied
entropy.

------------------------------------------------------------------------
r256087 | markm | 2013-10-06 13:43:42 +0100 (Sun, 06 Oct 2013) | 6 lines

As userland writing to /dev/random is no more, remove the "better
than nothing" bootstrap mode.

Add SWI harvesting to the mix.

My box seeds Yarrow by itself in a few seconds! YMMV; more to follow.

------------------------------------------------------------------------
r256086 | markm | 2013-10-06 13:40:32 +0100 (Sun, 06 Oct 2013) | 11 lines

Debug run. This now works, except that the "live" sources haven't
been tested. With all sources turned on, this unlocks itself in
a couple of seconds! That is no my box, and there is no guarantee
that this will be the case everywhere.

* Cut debug prints.

* Use the same locks/mutexes all the way through.

* Be a tad more conservative about entropy estimates.

------------------------------------------------------------------------
r256084 | markm | 2013-10-06 13:35:29 +0100 (Sun, 06 Oct 2013) | 5 lines

Don't use the "real" assembler mnemonics; older compilers may not
understand them (like when building CURRENT on 9.x).

# Submitted by:	Konstantin Belousov <kostikbel@gmail.com>

------------------------------------------------------------------------
r256081 | markm | 2013-10-06 10:55:28 +0100 (Sun, 06 Oct 2013) | 12 lines

SNAPSHOT.

Simplify the malloc pools; We only need one for this device.

Simplify the harvest queue.

Marginally improve the entropy pool hashing, making it a bit faster
in the process.

Connect up the hardware "live" source harvesting. This is simplistic
for now, and will need to be made rate-adaptive.

All of the above passes a compile test but needs to be debugged.

------------------------------------------------------------------------
r256042 | markm | 2013-10-04 07:55:06 +0100 (Fri, 04 Oct 2013) | 25 lines

Snapshot. This passes the build test, but has not yet been finished or debugged.

Contains:

* Refactor the hardware RNG CPU instruction sources to feed into
the software mixer. This is unfinished. The actual harvesting needs
to be sorted out. Modified by me (see below).

* Remove 'frac' parameter from random_harvest(). This was never
used and adds extra code for no good reason.

* Remove device write entropy harvesting. This provided a weak
attack vector, was not very good at bootstrapping the device. To
follow will be a replacement explicit reseed knob.

* Separate out all the RANDOM_PURE sources into separate harvest
entities. This adds some secuity in the case where more than one
is present.

* Review all the code and fix anything obviously messy or inconsistent.
Address som review concerns while I'm here, like rename the pseudo-rng
to 'dummy'.

# Submitted by:	Arthur Mesh <arthurmesh@gmail.com> (the first item)

------------------------------------------------------------------------
r255319 | markm | 2013-09-06 18:51:52 +0100 (Fri, 06 Sep 2013) | 4 lines

Yarrow wants entropy estimations to be conservative; the usual idea
is that if you are certain you have N bits of entropy, you declare
N/2.

------------------------------------------------------------------------
r255075 | markm | 2013-08-30 18:47:53 +0100 (Fri, 30 Aug 2013) | 4 lines

Remove short-lived idea; thread to harvest (eg) RDRAND enropy into the
usual harvest queues. It was a nifty idea, but too heavyweight.

# Submitted by:	Arthur Mesh <arthurmesh@gmail.com>

------------------------------------------------------------------------
r255071 | markm | 2013-08-30 12:42:57 +0100 (Fri, 30 Aug 2013) | 4 lines

Separate out the Software RNG entropy harvesting queue and thread
into its own files.

# Submitted by:	 Arthur Mesh <arthurmesh@gmail.com>

------------------------------------------------------------------------
r254934 | markm | 2013-08-26 20:07:03 +0100 (Mon, 26 Aug 2013) | 2 lines

Remove the short-lived namei experiment.

------------------------------------------------------------------------
r254928 | markm | 2013-08-26 19:35:21 +0100 (Mon, 26 Aug 2013) | 2 lines

Snapshot; Do some running repairs on entropy harvesting. More needs
to follow.

------------------------------------------------------------------------
r254927 | markm | 2013-08-26 19:29:51 +0100 (Mon, 26 Aug 2013) | 15 lines

Snapshot of current work;

1) Clean up namespace; only use "Yarrow" where it is Yarrow-specific
or close enough to the Yarrow algorithm. For the rest use a neutral
name.

2) Tidy up headers; put private stuff in private places. More could
be done here.

3) Streamline the hashing/encryption; no need for a 256-bit counter;
128 bits will last for long enough.

There are bits of debug code lying around; these will be removed
at a later stage.

------------------------------------------------------------------------
r254784 | markm | 2013-08-24 14:54:56 +0100 (Sat, 24 Aug 2013) | 39 lines

1) example (partially humorous random_adaptor, that I call "EXAMPLE")
 * It's not meant to be used in a real system, it's there to show how
   the basics of how to create interfaces for random_adaptors. Perhaps
   it should belong in a manual page

2) Move probe.c's functionality in to random_adaptors.c
 * rename random_ident_hardware() to random_adaptor_choose()

3) Introduce a new way to choose (or select) random_adaptors via tunable
"rngs_want" It's a list of comma separated names of adaptors, ordered
by preferences. I.e.:
rngs_want="yarrow,rdrand"

Such setting would cause yarrow to be preferred to rdrand. If neither of
them are available (or registered), then system will default to
something reasonable (currently yarrow). If yarrow is not present, then
we fall back to the adaptor that's first on the list of registered
adaptors.

4) Introduce a way where RNGs can play a role of entropy source. This is
mostly useful for HW rngs.

The way I envision this is that every HW RNG will use this
functionality by default. Functionality to disable this is also present.
I have an example of how to use this in random_adaptor_example.c (see
modload event, and init function)

5) fix kern.random.adaptors from
kern.random.adaptors: yarrowpanicblock
to
kern.random.adaptors: yarrow,panic,block

6) add kern.random.active_adaptor to indicate currently selected
adaptor:
root@freebsd04:~ # sysctl kern.random.active_adaptor
kern.random.active_adaptor: yarrow

# Submitted by:	Arthur Mesh <arthurmesh@gmail.com>

Submitted by:	Dag-Erling Smørgrav <des@FreeBSD.org>, Arthur Mesh <arthurmesh@gmail.com>
Reviewed by:	des@FreeBSD.org
Approved by:	re (delphij)
Approved by:	secteam (des,delphij)
2013-10-12 12:57:57 +00:00
Rui Paulo
ec0e2ac611 Remove most of the ATF tools and the _atf user.
This is necessary because ATF is deprecated and it will be replaced by Kyua.

Submitted by:	jmmv@netbsd.org
Reviewed by:	Garrett Cooper
Approved by:	re
2013-10-12 06:06:53 +00:00
Glen Barber
006a42a9cb Turn it all the way up to 11:
- Update FreeBSD version in:
  - UPDATING
  - sys/conf/newvers.sh

- Add 11.0 FreeBSD version for manual pages

- Bump __FreeBSD_version to 1100000

Approved by:	re (implicit)
Sponsored by:	The FreeBSD Foundation
2013-10-10 18:05:13 +00:00
Hiroki Sato
84b354cb9a - Update rc.d/jail to use a jail(8) configuration file instead of
command line options.  The "jail_<jname>_*" rc.conf(5) variables for
  per-jail configuration are automatically converted to
  /var/run/jail.<jname>.conf before the jail(8) utility is invoked.
  This is transparently backward compatible.

- Fix a minor bug in jail(8) which prevented it from returning false
  when jail -r failed.

Approved by:	re (glebius)
2013-10-10 09:32:27 +00:00
Hiroki Sato
a62939d37b Add support for "vnet jname" argument in ifconfig_IF. The vnet keyword
is ignored except for "rc.d/netif vnet{up,down} ifn" because a jail is
usually created after interface initialization on boot time.

"rc.d/netif vnetup ifn" moves ifn into the specified jail.  It is
designed to be used in other scripts like rc.d/jail, not automatically
invoked during the interface initialization.

Approved by:	re (kib)
2013-10-10 07:41:11 +00:00