for any reason other than ENOENT (think resource limits). Close allow and
deny files before allowed() returns to stop the user's EDITOR being able to
read them.
Obtained from: OpenBSD (partially)
remove all the code which was trying to do so.
This code was nasty in several ways, it was hiding
the kernel bug where the kernel was unable to properly
load a module, and it was quitting if it wasn't able
to load the module. The consequence is that an ABI
breakage of the vfsconf API would have broken *every*
mount utility.
kernel access control.
Provide ugidfw, a utility to manage the ruleset provided by
mac_bsdextended. Similar to ipfw, only for uids/gids and files.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
do not stop copying it into a buffer when encountering a
non-alphanumerical character. Only stop at unprintable characters.
This makes syslogd work correctly with executables like `interp.bin',
`httpd_old', etc.
PR: misc/40941
MFC after: 1 week
with random garbage in lower bits corresponding to stdin, stdout and
stderr to select(2).
This fixes the problem with nfsd sometimes getting stuck in a tight
select(2) loop eating 100% CPU time.
Reviewed by: iedowse
Approved by: obrien
attempting to export the non-root of a filesystem with -alldirs. This
pilot error seems to be very common, and the "could not remount" error
message doesn't give much hints about the real reason. See the old PR
below for an example.
While i was at it, make it possible to entirely omit the often
annoying error message in that case by specifying the "quiet" exports
flag. This allows to specify something like
/cdrom -alldirs,ro,quiet <where to export to>
which will silently fail if nothing is mounted under /cdrom, but do
the rigth thing as soon as you mount something.
While doing this, i've put the embedded example in the exports(5) man
page into a subsection of its own as it ought to be.
Thanks for Paul Southworth for reminding me about this problem.
PR: bin/4448
MFC after: 1 month
reflect much valuable feedback from wollman. More details on the new
'lpc topq' are in the log message for revision 1.2 of lpc/movejobs.c.
The previous implementation of 'lpc topq' is available as 'lpc xtopq',
in case there are any problems noticed in the new implementation. If
there are no problems with this version, a later update will remove the
'lpc xtopq' command.
Reviewed by: freebsd-print@bostonradio.org
MFC after: 6 days
(PROFLEVEL) to kern.pre.mk so that it is easier to manage. Bumped config
version to match.
Moved the check for cputype being configured to a less bogus place in
mkmakefile.c.
alphas:
.../elf2aout.c:130: warning: cast increases required alignment of
target type
The warning is about casting ((char *)e + phoff) to a struct pointer,
where e is aligned but phoff might be garbage, so I think the warning
should be emitted on most machines (even on i386's, alignment checking
might be on) and the correct fix would involve validation phoff before
using it.
most of the time (unless fork fails). This should fix the problem where
FreeBSD won't respond to a remote host and therefor the remote hosts
tries indefinitely to contact the FreeBSD hosts thereby irritating the
system administrator.
PR: misc/27810
implemented using a new VT_LOCKSWITCH ioctl. Although it is possible
to implement something like this by VT_SETMODEing to VT_PROCESS and
never releasing the vty, that method has a number of downsides, the
biggest of which is that some program has to stay resident for the
lock to be in effect.
Reviewed by: roam, sheldonh
sense. Since portmap/rpcbind is in /usr/sbin it doesn't make any sense for
nfsd and mountd to be in /sbin.
For the record, NetBSD has them in /usr/sbin while OpenBSD has them in /sbin
PR: bin/30972
Reviewed by: jake (mentor)
Objected to by: Andre Oppermann <oppermann@pipeline.ch>
After Andre's objection, I've re-examined rfc 2759 and noted that it
says that the domain name shouldn't be used when generating the
NT-Response field. So it looks like the bug is in freeradius rather
than in ppp.
This removes a bad latency problem during initial setup where we
end up waiting for too long before reading the connected message
and time the connection out.
Problem figured out by: Andre Albsmeier <andre@albsmeier.net>
In -STABLE, this is default, in -CURRENT it is not, which leads to many a
headache for a user coming to -CURRENT without remembering this fact. It
is one of the POLA violations we have not avoided by preparing the users
for it appopriately. Therefore, a warnx(3) is added here, explicitly to
be MFC'd shortly to start the re-education process rolling.
Reviewed by: General murmurs of approval in that IRC channel.
MFC after: 3 days
mainly so the compiler can correctly do printf-style parameter checking.
Some minor improvements to a few of the error messages, but the main
goal here is to get rid of a few more compile-time warning messages.
MFC after: 5 days
Change -l -> -L to match OpenBSD (since we haven't MFC'd it yet).
-l will now list stations that are associated with a hostap (preliminary)
MFC After: 2 weeks
is appropriate to avoid using typeof/__typeof__. It is worth noting that
SWAP() is only ever used to swap pointer values so 'void *' assumptions would
have been acceptable, but I'd gladly pay you tuesday for a cheeseburger^W
cleaner interface today.
Poked into submission by: bde
have native extended attributes rather than stacked extended attributes.
While I'm at it, make sure UFS_EXTATTR is not spelt FFS_EXTATTR.
Sponsored by: DARPA, NAI Labs
Obtained from: TrustedBSD Project
filesystem expands the inode to 256 bytes to make space for 64-bit
block pointers. It also adds a file-creation time field, an ability
to use jumbo blocks per inode to allow extent like pointer density,
and space for extended attributes (up to twice the filesystem block
size worth of attributes, e.g., on a 16K filesystem, there is space
for 32K of attributes). UFS2 fully supports and runs existing UFS1
filesystems. New filesystems built using newfs can be built in either
UFS1 or UFS2 format using the -O option. In this commit UFS1 is
the default format, so if you want to build UFS2 format filesystems,
you must specify -O 2. This default will be changed to UFS2 when
UFS2 proves itself to be stable. In this commit the boot code for
reading UFS2 filesystems is not compiled (see /sys/boot/common/ufsread.c)
as there is insufficient space in the boot block. Once the size of the
boot block is increased, this code can be defined.
Things to note: the definition of SBSIZE has changed to SBLOCKSIZE.
The header file <ufs/ufs/dinode.h> must be included before
<ufs/ffs/fs.h> so as to get the definitions of ufs2_daddr_t and
ufs_lbn_t.
Still TODO:
Verify that the first level bootstraps work for all the architectures.
Convert the utility ffsinfo to understand UFS2 and test growfs.
Add support for the extended attribute storage. Update soft updates
to ensure integrity of extended attribute storage. Switch the
current extended attribute interfaces to use the extended attribute
storage. Add the extent like functionality (framework is there,
but is currently never used).
Sponsored by: DARPA & NAI Labs.
Reviewed by: Poul-Henning Kamp <phk@freebsd.org>
path... after we've talked to any RADIUS servers involved, so that we
haven't touched the data before it gets to the server.
Make it clearer in the code that this compensation is done by setting
a flag to a value of zero, a flag which rfc2759 says *MUST* be zero.
While we're here, don't bother passing the peer challenge into
radius_Authenticate(). It's already part of the key we're passing in
(this becomes obvious now that I've structured that data...).
This ``fix'' doesn't help to authenticate Win98/WinME users in my test
environment as ports/net/freeradius seems to ignore the flag
completely anyway, but it may help with other RADIUS servers.
