environments.
Please note that this can't be done while such processes run in jails.
Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.
Obtained from: Sandvine Incorporated
Reviewed by: emaste, arch@
Sponsored by: Sandvine Incorporated
MFC: 1 month
This was needed during the IPSEC->FAST_IPSEC->IPSEC transition
period to not break the build after picking up netipsec header
files. Now that the FAST_IPSEC kernel option is gone and the
default is IPSEC again those defines are superfluous.
Approved by: re (rwatson)
sockets. Instead of rejecting all unix domain connections when the
-C flag is given, allow them instead. Aragon tested an earlier
version of the patch.
PR: 109315
MFC after: 2 weeks
Tested-by: Aragon Gouveia <aragon@phat.za.net>
crunched floppies, but they can be included as options in
src/release/picobsd (omitted by default though.) Therefore
preserve the RELEASE_CRUNCH knob in their Makefiles, but
tell its real purpose in a comment.
1900 in network byte order. Use a uint32_t to calculate and send
the time, so that we don't need to know how big ints or longs are.
I used uint32_t instead of int in the patch, on the off chance
someone uses our inetd source on a system that doesnt 32 bit ints.
PR: 95290
Submitted by: Bruce Becker <hostmaster@whois.gts.net>
MFC after: 2 weeks
for each of udp and tcp (and their IPv6 equivalents when INET6 is
enabled). Note that dependency here.
PR: docs/90435
Submitted by: Dmitry Kazarov <kazarov at mcm dot ru>
Pointed out by: Daniel Gerzo <danger at rulez dot sk>
MFC after: 8 days
method of executing commands remotely. There are no rexec clients in
the FreeBSD tree, and the client function rexec(3) is present only in
libcompat. It has been documented as "obsolete" since 4.3BSD, and its
use has been discouraged in the man page for over 10 years.
exactly the same as patch from the PR, which also exited if the
config file was missing. I didn't use Jeff's patch because I was
worried that some people might start inetd, create the config file
and then HUP inetd.
PR: 60806
Submitted by: Jeff Ito <jeffi@rcn.com>
MFC after: 2 weeks
(or possibly testing) the previous formula worked for the default
constants compiled into inetd, but if you recompiled with different
values of CHTSIZE and CHTGRAN the calculation might not have worked.
PR: 54354
Submitted by: Claus Assmann <ca@sendmail.org>
Submitted by: Jose Marcio Martins da Cruz <Jose-Marcio.Martins@ensmp.fr>
MFC after: 5 days
into a child process. Rather than closing the discriptors manually,
mark all discriptors as close-on-exec.
PR: 47694
Submitted by: Max Okumoto <okumoto@ucsd.edu>
Obtained from: NetBSD
MFC after: 2 weeks
we don't leak memory. Only one of these two cases (reconfig) actually
causes a leak because the other is usually followed by an exec.
PR: 46845
Reviewed by: David Wang <dsw@juniper.net>
MFC after: 2 weeks
rather than specifically setting the process priority and resource class;
otherwise, we improperly set other aspects of the login class. We have
a bit more to do here, but the proper fix will probably involve breaking
out MAC labels from the login class at some point, as well as further
clarifying the logic here.
Pointed out by: kuriyama, max
with a class, rather than all aspects of the class when switching
classes for an inetd service. Because we hard-code /daemon in the
current inetd implementation, using SETALL has unfortunate side-effects
involving the MAC code, and potentially other credential related
settings in the future. This change maintains the DoS-resistent
aspects of the class behavior, which is all that is promised in the
inetd man page.
A larger set of diffs providing more pluggability and configurability
was deferred for this more simple approach in the short term.
Reviewed by: ache
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
declared - it was bad style and caused a bug. v[46]bind need to be
reset whenever we go to the "more:" label.
Jean-Luc and I came up with this patch independently, so it had
better be right!
PR: 40771
Submitted by: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
invocations of each service from a single IP address.
Requested by: matusita
Reviewed by: dwmalone
Tested by: matusita on snapshots.jp.FreeBSD.org
MFC after: 2 weeks
