- Ask the user up to X times (3 by default) for the pass-phrase, if
it is incorrect the first time.
- Add support for storing the lockfiles in another other directory
than /etc.
- Document that it is possible to override the location of each single
lockfile.
Approved by: pjd
ip6addrctl_enable is set to YES, address selection policy is installed
into kernel.
If there is /etc/ip6addrctl.conf, it is used for address selection
policy. Even if there is no /etc/ip6addrctl.conf, we install default
policy. In this case, if ipv6_enable is set to YES, we use address
selection policy described in RFC 3484 as default. Otherwise, we
install priority policy for IPv4 address.
The default of ip6addrctl_enable is NO for now. However, it may
better to enable it by default.
hostname, resolve, tmp, and var scripts. The latter three are new and
were repo copied. These scripts no longer depend on being booted with
and NFS root instead attempt to automaticly create mfs /tmp and /var
volumes if the they are not writable. This behavior can be overridden
in /etc/rc.conf.
Reviewed by: luigi, pjd
thing, but we're ready to move on.
2. Remove the -g default argument in named_flags. It doesn't actually do
what most users think it does, and what most users want it to do is already
accomplished with a proper default group for the bind user, which we have.
Also, the -g knob does something entirely different in BIND 9, which leads
to a lot of needless confusion/aggravation.
3. In the rc.d script, don't bogusly override $command, or $rc_flags. Both
are adequately handled in rc.conf[.local].
4. DO properly override $rc_flags if user has named_chrootdir set.
This may need to be revisited, but should be ok for now.
5. Protect all chrootdir-related bits under that variable, instead of
named_rcng.
There is more work to be done here, especially in the area of BIND 9
compatibility, but this is a start at least.
Prompted in part by (legitmate) grousing from: kuriyama, Randy Bush
Certain MTA configurations mean that the notifications from
virecover keep bouncing; so here's a patch to allow administrators
to turn them off.
PR: conf/54910
Submitted by: bms (with a minor cleanup)
that the keys are currently generated by computing the MD5 checksum of 512
bytes read from /dev/random, and are passed to gbde on the command line.
Sponsored by: Teleplan AS
This commit also removes the support for the sysutils/jailer port. This
is inline with the general policy to keep ports related knobs out
of the base system's configuration mechanism.
Submitted by: Juergen Unger <j.unger@addict.de>
the throttling state in response to line transitions. Future plans
include adding support for CPU frequency changes.
Add a devd.conf entry for calling this script.
The default values for this are:
performance_cx_lowest="HIGH" # Use HLT (C0) online
performance_throttle_state="HIGH" # 100% (no throttling)
economy_cx_lowest="LOW" # Use the lowest Cx state possible
economy_throttle_state="HIGH" # 100% (no throttling)
systems are mounted. An example set of entries for /etc/rc.conf:
ataraid_enable="YES"
ataraid_devices="ar0"
ataraid_ar0_set="ad2 ad3"
ataraid_ar0_type="RAID1"
Because there is no "correct" way of doing ATA raid (ie, geom vs.
atacontrol vs. vinum) that is bikeshed proof, this rcng script stays within
the bounds of atacontrol and assumes that other RAID solutions for GEOM or
vinum will end up in a different rcNG script.
Reviewed by: green
time during the boot process. This is needed in the case where NFS mounts
from servers reachable only via IPSEC are in /etc/fstab.
PR: conf/42497
Submitted by: Volker Stolz
Approved by: re (rwatson)
A "driftfile" caches the oscillator offset estimate from boot to boot,
having this means faster and less bumpy time synchronization. Will
be overridden by any value in the config file.
o The following additional configuration attributes of a jail can be
controlled from rc.conf:
- mounting devfs(5)
- mounting fdescfs(5)
- mounting procfs(5)
- custom devfs(8) ruleset
If no ruleset is specified, the default jail ruleset is used.
o The output of executing /etc/rc in the jail is now redirected
to /dev/null. Instead, the hostname of the jail is echoed if
the jail(8) command exited successfully. If the output is wanted
it can probably be redirected to a file (/var/run/$jail maybe)
instead of /dev/null.
Submitted by: Scot W. Hetzel <hetzels@westbend.net>
with modifications by Jens Rehsack <rehsack@liwing.de>
and me.
off by default.
o Apparently the routine displaying the informational messages wasn't
checking its knob in rc.conf, so fix that as well.
Requested by: obrien
devfs(8) rules in rc(8). It is most useful for applying
rules to devfs(5) mount points in /dev or inside jails.
The following line of script is sufficient to
mount a relatively useful+secure devfs(5) in a jail:
devfs_mount_jail /some/jail/dev
Some new shell routines available to scripts that source
rc.subr(5):
o devfs_link - Makes it a little easier to create symlinks
o devfs_init_rulesets - Create devfs(8) rulesets from devfs.rules
o devfs_set_ruleset - Set a ruleset to a devfs(5) mount
o devfs_apply_ruleset - Apply a ruleset to a devfs(5) mount
o devfs_domount - Mount devfs(5) and apply some ruleset
o devfs_mount_jail - Mount devfs(5) and apply a ruleset
appropriate to jails.
Additional rulesets can be specified in /etc/devfs.rules.
If the devfs_system_ruleset variable is defined in rc.conf
and it contains the name of a ruleset defined in /etc/defaults/devfs.rules
or user supplied rulesets in /etc/devfs.rules then that ruleset will
be applied to /dev at startup by the /etc/rc.d/devfs script. It can
also be applied post-startup:
/etc/rc.d/devfs start
This is a more flexible mechanism than the previous method of using
/etc/devfs.conf. However, that method is still available.
Note: since devfs(8) doesn't provide any way for creating symlinks
as part of a ruleset, anyone wishing to create symlinks in a devfs(5)
as part of the bootup sequence will still have to rely on /etc/devfs.conf.
use the atmconfig(8) utility instead of route(8) to install those routes.
For this we need a new rc.conf variable natm_static_routes that works
just like static_routes except that the referenced routes use the syntax
of atmconfig(8).
Okay'ed by: mtm
This commit has two pieces. One half is the watchdog kernel code which lives
primarily in hardclock() in sys/kern/kern_clock.c. The other half is a userland
daemon which, when run, will keep the watchdog from firing while the userland
is intact and functioning.
Approved by: jeff (mentor)
take advantage of the rc.subr(8) glue. They are renamed dhclient_program
and dhclient_flags.
o Rename them in rc.conf(5)
o Rename them in /etc/defaults/rc.conf
o Add the deprecated variables to /etc/rc.subr
o Isolate the use of the 'command' variable to the
NetBSD specific parts in /etc/rc.d/dhclient.
o Now that dhcp_flags has also been renamed it will
be applied properly by rc.subr(8) glue code.
Reported by: John Nielsen <john@jnielsen.net>
All functionality from the previous system has been preserved, and
users should still customize their system boot with the familiar
methods, rc.conf, rc.conf.local, rc.firewall, sysctl.conf, etc.
Users who have customized versions of scripts that have been removed
should take great care when upgrading, since the compatibility code
that used those old scripts has also been removed.
be). Using that string leads rc.network to execute:
# sysctl -w vfs.nfs.bufpackets=DEFAULT
vfs.nfs.bufpackets: 4 -> 0
Which isn't what was intended.
PR: conf/31280
MFC after: 3 days
named(8) daemon by providing a new rc.conf knob: named_pidfile
that defaults to the path specified in the system-installed named.conf(5).
Approved by: markm (mentor)
Reviewed by: dougb
Noticed by : Galen Sampson <galen_sampson@yahoo.com>
Dan Pelleg <daniel+bsd@pelleg.org>
PR: conf/46402
MFC: 2 weeks (with re@ approval)
background fsck. The delay defaults to sixty seconds to allow
large applications such as the X server to start before disk I/O
bandwidth is monopolized by fsck.
Submitted by: Brooks Davis <brooks@one-eyed-alien.net>
Sponsored by: DARPA & NAI Labs.
where people want to have the cards configured. Lack of -z is a speed
optimization.
Submitted by: many voices on mobile@
Approved by: re@ (rwatson)
MFC after: 3 days
