Andrzej has a machine with 32GB of RAM, but only 16GB is reported by the
smbios.memory.enabled. Thus, use the greater of hw.realmem and the smbios
value.
Reported by: Andrzej Tobola <ato of iem pw edu pl>
Instead of blindly grabbing the line with 'Version string' and the
following one from the core info file, take all lines after 'Version
string' until the one one that matches the field format in the core info
file. This provides compatibility with VendorBSD modifications that have
a different kernel ident format.
Reviewed by: jhb
get rid of testing explicitly for clang (using ${CC:T:Mclang}) in
individual Makefiles.
Instead, use the following extra macros, for use with clang:
- NO_WERROR.clang (disables -Werror)
- NO_WCAST_ALIGN.clang (disables -Wcast-align)
- NO_WFORMAT.clang (disables -Wformat and friends)
- CLANG_NO_IAS (disables integrated assembler)
- CLANG_OPT_SMALL (adds flags for extra small size optimizations)
As a side effect, this enables setting CC/CXX/CPP in src.conf instead of
make.conf! For clang, use the following:
CC=clang
CXX=clang++
CPP=clang-cpp
MFC after: 2 weeks
Document the potential for jail escape.
From r224615:
Always disable mount and unmount for jails with enforce_statfs==2.
From r231267:
A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for
mounting devfs inside jails. A value of -1 disables mounting devfs in
jails, a value of zero means no restrictions. Nested jails can only
have mounting devfs disabled or inherit parent's enforcement as jails are
not allowed to view or manipulate devfs(8) rules.
From r232059:
To improve control over the use of mount(8) inside a jail(8), introduce
a new jail parameter node with the following parameters:
allow.mount.devfs:
allow mounting the devfs filesystem inside a jail
allow.mount.nullfs:
allow mounting the nullfs filesystem inside a jail
From r232186:
allow.mount.zfs:
allow mounting the zfs filesystem inside a jail
allow.mount.zfs:
allow mounting the zfs filesystem inside a jail
This way the permssions for mounting all current VFCF_JAIL filesystems
inside a jail are controlled wia allow.mount.* jail parameters.
Update sysctl descriptions.
Update jail(8) and zfs(8) manpages.
TODO: document the connection of allow.mount.* and VFCF_JAIL for kernel
developers
MFC after: 10 days
a new jail parameter node with the following parameters:
allow.mount.devfs:
allow mounting the devfs filesystem inside a jail
allow.mount.nullfs:
allow mounting the nullfs filesystem inside a jail
Both parameters are disabled by default (equals the behavior before
devfs and nullfs in jails). Administrators have to explicitly allow
mounting devfs and nullfs for each jail. The value "-1" of the
devfs_ruleset parameter is removed in favor of the new allow setting.
Reviewed by: jamie
Suggested by: pjd
MFC after: 2 weeks
process. Normally it will cause the child to exit followed by the
termination of the supervisor after removing the pidfile.
This looks like desirable behavior, because termination of a
supervisor usually supposes termination of its charge. Also it will
fix the issue with stale pid files after reboot due to init kills a
supervisor before its child exits.
MFC after: 2 weeks
not to leak the descriptor after exec(3). This raises the issue for
daemon(3) of the pidfile lock to be lost when the child process
executes.
To solve this and also to have the pidfile cleaned up when the program
exits, if a pidfile is specified, spawn a child to exec the command
and wait in the parent keeping the pidfile locked until the child
process exits and remove the file.
Reported by: Andrey Zonov <andrey zonov org>
Suggested by: pjd
Reviewed by: pjd
MFC after: 2 weeks
starting up before the previous script finishes. This prevents an
infinite number of them from piling up and slowing a system down.
Since all the refactoring to make this happen required churning the
indenting of most of this file, make the indentation more consistent.
Reviewed by: simon
MFC after: 1 week
The reasoning behind this, is that if we are consistent in our
documentation about the uint*_t stuff, people will be less tempted to
write new code that uses the non-standard types.
I am not going to bump the man page dates, as these changes can be
considered style nits. The meaning of the man pages is unaffected.
MFC after: 1 month
At first, I added a utility called utxrm(8) to remove stale entries from
the user accounting database. It seems there are cases in which we need
to perform different operations on the database as well. Simply rename
utxrm(8) to utx(8) and place the old code under the "rm" command.
In addition to "rm", this tool supports "boot" and "shutdown", which are
going to be used by an rc-script which I am going to commit separately.
A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for
mounting devfs inside jails. A value of -1 disables mounting devfs in
jails, a value of zero means no restrictions. Nested jails can only
have mounting devfs disabled or inherit parent's enforcement as jails are
not allowed to view or manipulate devfs(8) rules.
Utilizes new functions introduced in r231265.
Reviewed by: jamie
MFC after: 1 month
Some errors printed the jail name for unnamed (command line) jails.
Attempting to create an already-existing jail from the command line
returned with no error (even for non-root) due to bad logic in
start_state.
Ignore kvm_proc errors, which are typically caused by permission
problems. Instead, stop ignoring permission errors when removing
a jail (but continue to silently ignore other errors, i.e. the
jail no longer existing). This makes non-root attempts at removing
a jail give a clearer error message.
