Commit Graph

4606 Commits

Author SHA1 Message Date
des
72b19002fe Teach mount(8) about a 'late' keyword, which means the file system should
not be mounted unless the -l flag was specified.

Add an rc script, mountlate, which basically runs 'mount -a -l'.  It runs
after DAEMON but before LOGIN.

This is useful for things like loopback mounts, because mountcritremote
runs before mountd  / nfsd (since /usr might be a remote file system), so
an attempt to mount a loopback network file system in mountcritremote will
fail.

Also add a progress message to mountcritlocal, for the sake of symmetry
with similar messages in mountcritremote and mountlate.

Reviewed by:	freebsd-rc
MFC after:	3 weeks
2006-07-12 16:05:51 +00:00
stefanf
e8d77f637b Fix spelling in a comment. 2006-07-09 06:54:24 +00:00
flz
53217b55bf Since INSTALLS_SHLIB has been superseded by USE_LDCONFIG in bsd.port.mk, I
expect to see quite a few files appearing in libdata/ldconfig directories.
This change avoids the screen to be filled with the names of those ldconfig
files and replace them by the actual non-default directories they contain.
Most of them will be ${PREFIX}/lib so, 'sort -u' will help reducing the
output.

Approved by:	cperciva (implicit)
MFC after:	1 week
2006-06-21 10:22:44 +00:00
yar
170515b4b5 Set an example of using load_kld() from rc.subr. 2006-06-21 09:53:25 +00:00
yar
ad10a899ae Quite a number of rc.d scripts try to load kernel modules. Many
of them do that conditionally depending on kldstat.  The code is
duplicated all over, but bugs can be uniqie.

To make the things more consistent, introduce a new rc.subr function,
load_kld, which takes care of loading a kernel module conditionally.

(Found this lying for a while in my p4 branch for various hacks.)
2006-06-21 09:42:55 +00:00
maxim
0fee9bcf8f o Add missed $start variable in the grep statement back.
PR:		conf/96658
Submitted by:	James Snow
MFC after:	1 week
2006-06-11 20:39:12 +00:00
brueffer
835d031b9c Update geli_swap_flags, -e is now used to specify the encryption algorithm. 2006-06-07 17:14:27 +00:00
trhodes
fe0d6a9c3f Sync to p4:
o Add shutdown KEYWORD;
o Remove PID check;
o Stop auditd with '-t'
o General cleanup.
2006-06-06 17:22:55 +00:00
ume
c4b35c221a flush' is appropriate than reload'.
Requested by:	ceri
2006-06-06 15:34:50 +00:00
ume
581608f956 Add `reload' which invalidates the cache for every user. 2006-06-06 12:55:58 +00:00
obrien
bd7824e136 Use an option form better matching the manual. 2006-06-05 03:47:14 +00:00
csjp
6a0be273a2 Since NIS is an RPC based service, add a note that when adjusting access
controls in NIS, similar access controls should be considered for the
rpcbind as well.
2006-06-01 14:14:58 +00:00
thompsa
0a5ee5e4db Add rc.d/bridge which is invoked when a new interface arrives and can
automaticly add it to an Ethernet bridge. This is intended for applications
such as qemu, vmware, openvpn, ... which open tap interfaces and need them
bridged with the hosts network adapter, the user can set up a glob for
interfaces to be automatically added (eg tap*).
2006-06-01 11:01:54 +00:00
thompsa
f6293051c9 Announce all interfaces to devd on attach/detach. This adds a new devctl
notification so all interfaces including pseudo are reported. When netif
creates the clones at startup devctl_disable has not been turned off yet so the
interfaces will not be initialised twice, enforce this by adding an explicit
order between rc.d/netif and rc.d/devd.

This change allows actions to taken in userland when an interface is cloned
and the pseudo interface will be automatically configured if a ifconfig_<int>=""
line exists in rc.conf.

Reviewed by:		brooks
No objections on:	net
2006-06-01 00:41:07 +00:00
matteo
54eed11bfc Add jail_<jname>_exec_afterstart<N> rc.conf variable, where <N> is
1,2 and so on.
It specifies the command to be run as Nth after jail startup.

sh(1)-fu by: Dario Freni
PR: 	conf/97697
MFC after: 2 weeks
Reviewed by: ru@ (man page)
2006-05-30 16:20:48 +00:00
matteo
bb69a4c723 style(9) 2006-05-30 16:07:59 +00:00
brooks
348c115abb Remove reference to no longer existant /etc/rc.d/pccard.
PR:		conf/98055
Submitted by:	thierry herbelot <thierry at herbelot dot com>
2006-05-30 02:10:01 +00:00
glebius
bcebd3658f Quote the parameter to sysctl(1), allowing to use whitespaces in
sysctl values.

PR:		conf/96509
Submitted by:	Gregory Bond <gnb itga.com.au>
2006-05-24 11:36:48 +00:00
kris
6537a44f85 Increase the nfs access cache timeout from 2 to 60. The latter is a
more appropriate value and is also the default set by the kernel.  I
could not find a justification of why rc.conf began overriding it back
in 1998.

This dramatically cuts NFS traffic on e.g. a busy system with NFS root.

Reviewed by:	mohans
MFC After:	2 weeks
2006-05-24 00:06:14 +00:00
emax
884339463a Correct BD_ADDR entry for "Dummy" device in the default hcsecd.conf.
Each byte in BD_ADDR should exactly two nibbles, i.e
"1:2:3:4:5:6" is NOT valid and "01:02:03:04:05:06" is valid BD_ADDR.

MFC after:	1 day
2006-05-18 17:53:49 +00:00
flz
2b8bb5dee2 Remove the require_kld function I just committed and replace with a nicer solution.
Reported by:	pjd
Approved by:	cperciva
2006-05-18 16:04:56 +00:00
flz
3d58ab6ef3 Add two new scripts (mdconfig/mdconfig2) to replace old ramdisk{,-own}
scripts. These scripts handle vnode backed md(4) devices.

Old ramdisk{,-own} scripts will stay a bit in CVS to allow some time for
migration since variable names have changed (ramdisk_* -> mdconfig_*).

Two new variables have been introduced to be able to populate the md(4)
device once it has been mounted (mdconfig_*_files and mdconfig_*_cmd).

Use should be as easy as:

mdconfig_md0="-t malloc -s 10m"
mdconfig_md1="-t vnode -f /var/foo.img"

See rc.conf(5) for more information and description of the additional
variables.

Approved by:	cperciva
2006-05-18 15:29:27 +00:00
matteo
cf7281ca13 Correctly set moused_$2_enable when moused_nondefault_enable is set to NO
PR:		conf/92654
MFC after:	3
2006-05-17 11:37:09 +00:00
phk
537a82e24b Send the pcvt(4) driver off to retirement. 2006-05-17 09:33:15 +00:00
mlaier
23ea781ace Move etc/rc.firewall6 to ipfw2+v6, update related rc.d and periodic scripts.
Since ipfw2 now does dual-stack, statistics for IPv6 come from the ipfw
scripts as well.
2006-05-12 19:17:34 +00:00
flz
76e07854c3 - Change the "jail_" prefix for internal script variables. This fixes an
issue where some global jail_* variables were overriden in the script. [1]
- Change "jid" to "jname" in rc.conf(5), since it's more a jail name than a
jail id. [1]
- Update examples and comments in defaults/rc.conf to advertise new
variables and the fact that some of the jail-specific variables may be made
jail-global. [2]

Reported by:	pjd [1], clsung [2]
Approved by:	cperciva
X-MFC after:	i got sufficient testing from people using rc.d/jail
2006-05-11 14:23:43 +00:00
matteo
57f8bd5896 if we fail to start a jail and jail_foobar_*fs_enable or jail_foobar_mount_enable were set, umount those filesystem before exiting. If we set up an alias for jail's IP, remove that alias before exiting.
MFC after:	2 weeks
2006-05-11 13:29:01 +00:00
marcus
a585030ace Add a /media to FreeBSD. /media is a directory designed to contain
subdirectories that will be used for removable media mount points (i.e.
mount points for CDs, floppy disks, USB drives, etc.).  While the primary
purpose of /media is to provide a location for HAL
(http://www.freedesktop.org/wiki/Software_2fhal) to mount volumes, it could
be used by any application that needs to manage removable media volumes.

Discussed on:	arch@
Approved by:	mux
MFC after:	1 week
2006-05-10 18:53:15 +00:00
matteo
0aae2a2db4 if a jail fails to start, don't add its jid to /var/run and print a message with the error.
PR:	conf/97024
MFC after:	1 week
2006-05-09 17:50:16 +00:00
flz
12a9a4edc9 - Fix quoting.
Reported by:	Dirk Engling <erdgeist@erdgeist.org>
Pointyhat to:	self
2006-05-08 17:32:45 +00:00
flz
141ad138ac - Check for some mandatory variables.
Approved by:	cperciva (mentor)
MFC after:	1 week
2006-05-07 23:15:39 +00:00
ume
bc8c6150b8 Install /etc/nsswitch.conf statically rather than generating it at
boot.  Autogeneration of nsswitch.conf doesn't makes sense in 7.0
since it's not permitted to upgrade from a pre-nss release without
passing through an intermediate release.

Suggested by:	brooks
2006-05-03 15:14:47 +00:00
des
a604f42a00 Update host.conf every time nsswitch.conf changes, instead of just creating
it if it does not exist.

Submitted by:	Rostislav Krasny <rosti.bsd@gmail.com>
MFC after:	2 weeks
2006-05-01 11:02:48 +00:00
ume
e98f478e56 Oops, services should be compat by default for backward compatibility. 2006-04-29 06:39:07 +00:00
ume
00dbaccdc4 Add newly supported databases such as services, protocols and rpc
into generated nsswitch.conf.
2006-04-29 04:49:19 +00:00
ume
e14f1c3b3b - Extend the nsswitch to support Services, Protocols and Rpc
databases.
- Make nsswitch support caching.

Submitted by:	Michael Bushkov <bushman__at__rsu.ru>
Sponsored by:	Google Summer of Code 2005
2006-04-28 12:03:38 +00:00
marius
49cbf99f47 Remove last vestiges of sab(4). 2006-04-25 19:43:53 +00:00
brueffer
99320e5a00 Correct two typos in comments. 2006-04-22 13:42:49 +00:00
trhodes
954529dea3 Clean up, comment out non-base utilities, fix up comments.
Prodded by:	hrs
2006-04-22 11:02:44 +00:00
delphij
672b486845 After some discussion we believe that having SERVERS to REQUIRE:
ldconfig would provide necessary protection for named as well,
so remove the dependency here.

Approved by:	flz
2006-04-20 12:30:12 +00:00
delphij
8d6d5b29e8 Make ldconfig as SERVER dependency. This makes it possible
for some early starting services from the ports collection
to have their shared objects available before start.

Reviewed by:	freebsd-rc (dougb, brooks)
MFC After:	3 days
2006-04-19 05:10:34 +00:00
flz
5fc54bd044 - Move _rc_subr_loaded=: at the end of the file, to be consistent with NetBSD.
- Sync with latest version from NetBSD.

'In order to handle some perl scripts running as daemons, add a
pattern which also matches "`basename $interpreter`: $command" in the
ps listing.'

Approved by:	cperciva (mentor)
Obtained from:	NetBSD
MFC after:	1 week
2006-04-18 15:16:55 +00:00
flz
b1851f7c4d - Add new ntpd_config variable so that people can override it in rc.conf.
- Add default value in /etc/defaults/rc.conf.
- Add documentation bits to rc.conf(5).

Approved by:	cperciva (mentor)
MFC after:	1 week
2006-04-18 15:02:24 +00:00
flz
7bf3da7b94 Add ldconfig to the list of requirements for named, needed to use bind
from ports. The effect is that ldconfig is now started right after
mountcritremote. Everything else is left unchanged.

PR:		conf/68916
Submitted by:	JD Bronson <jd@aurora.org>
Approved by:	cperciva (mentor)
MFC after:	1 week
2006-04-18 10:35:05 +00:00
brooks
054ff1b467 Spell synchronous with required silent 'h'.
Reported by:	ru, ceri
Pointy hat:	brooks
2006-04-13 18:34:14 +00:00
brooks
63f9dcf030 Add missing _ to $_punct.
Submitted by:	Dmitry Pryanishnikov <dmitry at atlantis.dp.ua>
2006-04-13 18:27:49 +00:00
flz
45d238b51a Use ps true power instead of tr/tail which aren't available early enough.
PR:		conf/95654
Submitted by:	Rong-En Fan <rafan@infor.org>
Noticed/Fix by:	many people on freebsd-current@
Approved by:	cperciva (mentor)
2006-04-13 08:30:43 +00:00
brooks
1f100dedee Commit the various network interface configutation updates I've been
working on.
  1) Make it possible to configure interfaces with certain characters in
     their names that aren't valid in shell variables.  Currently supported
     characters are ".-/+".  They are converted into '_' characters.
  2) Replace nearly all eval statements in network.subr with a new
     function get_if_var which substitues an interface name (after the
     translations above) for "IF" in a variable name.
  3) Fix list_net_interfaces() in the nodhcp case.
  4) Allow the administrator to specify if dhclient should be started
     when /etc/rc.d/netif configures the interface or only by devd.
     This can be set on both a per interface and system wide basis.

PR:	conf/88974 [1,2], conf/92433 [1,2]
2006-04-13 06:50:46 +00:00
ume
5acd17702f Remove an inappropriate comment which is put into generated
host.conf.  Someone may want to edit it later.

Requested by:	Rostislav Krasny <rosti.bsd__at__gmail.com>
2006-04-12 12:01:53 +00:00
des
4ccfd37f87 Add autologin entries (al.NNN) for higher console speeds.
MFC after:	2 weeks
2006-04-11 09:54:23 +00:00
flz
386dfb985a - If no pidfile has been created at startup, only stop processes
with current jid.

PR:		conf/93287
Submitted by:	anders
Approved by:	cperciva (mentor)
MFC after:	1 month
2006-04-11 09:20:47 +00:00
flz
3d79b5ee35 - Oops, add a missing "then".
Approved by:	cperciva (mentor, implicit)
2006-04-11 09:14:51 +00:00
flz
8c63e779ed - Fix rc.d/sshd test on kern.random.sys.seeded.
PR:		conf/94377
Submitted by:	dwhite
Approved by:	cperciva (mentor)
MFC after:	1 week
2006-04-11 09:08:15 +00:00
flz
7e4f15ea33 - Fix amd startup when amd is installed from ports.
- Add the according amd_program default value in defaults.

PR:		conf/82738
Submitted by:	TAOKA Fumiyoshi <fmysh@iijmio-mail.jp>
Approved by:	cperciva (mentor)
MFC after:	3 days
2006-04-11 09:02:07 +00:00
flz
bb0676a401 - Set a two read-only variables (${prefix} and ${etcdir}). This is
especially useful when using /etc/rc.d scripts with third-party
software installed from ports.
- Fix rc.d/sshd to work with openssh from ports using ${etcdir}
instead of hardcoded /etc.

Reviewed by:	brooks
Approved by:	cperciva (mentor)
MFC after:	1 week
2006-04-11 08:55:27 +00:00
flz
04498a993a - Add following global jail options, used if no jail-specific options are
set:
 * jail_mount_enable
 * jail_devfs_ruleset
 * jail_devfs_enable
 * jail_fdescfs_enable
 * jail_procfs_enable
 * jail_fstab
 * jail_flags
- Add a jail_interface / jail_<jid>_interface option. An ip alias will be
created (jail_<jid>_ip) on jail_interface or jail_<jid>_interface if set.
This is not a mandatory option.
- Document all missing jail_* options in rc.conf(5).

Approved by:	cperciva (mentor)
MFC after:	2 weeks
2006-04-08 12:15:36 +00:00
flz
c728727d1b - Sync rc.subr with NetBSD.
- Merge some documentation bits.

Reviewed by:	brooks, simon (doc)
Approved by:	cperciva (mentor)
Obtained from:	NetBSD
MFC after:	3 days
2006-04-04 10:52:15 +00:00
simon
d970ab3c6c Remove redundant ike rc.d script, since we do not have an IPsec IKE
daemon in the base system and all the IKE daemons in the Ports
Collection has their own rc.d script.

OK'ed by:	dougb
Discussed on:	freebsd-rc
MFC after:	1 month
Approved by:	cperciva (mentor)
2006-03-28 18:28:33 +00:00
flz
bf0f018e87 Harmless typo (s/overide/override/).
Approved by:	cperciva
MFC after:	3 days
2006-03-23 16:48:32 +00:00
ru
4da77db3b2 Add an example of how to set up a 3-wire serial terminal.
Usually, getty(8) does the trick, but if you just need a
serial console without getty(8), here's how.
2006-03-23 08:48:38 +00:00
flz
f6add5dd6c - Replace awk parts with shell.
Approved by:	brooks
MFC after:	2 weeks
2006-03-20 18:00:14 +00:00
rwatson
f1e0ea3d1d Merge Perforce change 93569 from TrustedBSD audit3 branch:
Do install sys/security/audit include files.  It would be nice just
  to install audit_ioctl.h, but we seem only to support installing
  directories, so we get them all.  The two not intended for extra-
  kernel use have !_KERNEL #error's, which should help.

Obtained from:	TrustedBSD Project
2006-03-19 15:44:53 +00:00
ru
388e590f95 Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
des
32c951cbb3 This script symlinks /boot/kernel to the directory that contains the kernel
you booted from, unless /boot/kernel already exists and is not a symlink.
This should only affect people like me who juggle multiple kernels and
have KODIR = /boot/${KERN_IDENT} in /etc/make.conf to keep them apart.
2006-03-17 16:28:12 +00:00
emax
f1994b9421 Reorganize /etc/rc.d/syscons and move all keyboard related settings
into one function syscons_configure_keyboard(). Call new function from
both syscons_start() and sysconst_setkeyboard(). The reason for this
is because syscons_start() will (re)configure both keyboard and screen
settings. Apparently, some graphics cards have problems with running
vidcontrol(1) while X11 is running.

Remove "/etc/rc.d/syscons restart" from /etc/devd.conf. It is no longer
required. Using "/etc/rc.d/syscons setkeyboard" is enough. This also
should fix annoying "syscons not running?" message.

Tested by:	Ulrich Spoerlein < q at galgenberg dot net >
MFC after:	3 days
2006-03-16 17:42:28 +00:00
marcus
c7404250a5 Add missing libdata/ldconfig[32] entries.
Approved by:	portmgr (implicit)
2006-03-14 18:23:35 +00:00
ru
0f40461c39 Fix "make distribution" when just NO_CRYPT is defined.
PR:		misc/94309
Submitted by:	Matthias Lederhofer
MFC after:	3 days
2006-03-11 08:51:16 +00:00
fjoe
74880d1ae0 Fix overriding jail_list from command line.
MFC after:	3 days
2006-03-08 20:40:37 +00:00
matteo
b19c8d2fcc Fix output and exit status when daily_mailq_shorten is set to YES
PR:		conf/93472
MFC after:	3
2006-03-08 17:26:53 +00:00
yar
d1c1a7001a Two years ago, in rev. 1.12, a typo slipped in etc/isdn/Makefile:
a control variable was misspelled as `SCRIPTS_NAME_isdntel.sh'
(should've been `SCRIPTSNAME_isdntel.sh') when the Makefile was
converted to using <bsd.prog.mk>.  Consequently, `isdntel.sh' has
been installed as `isdntel' since then.  Nevertheless, nobody has
been unhappy with the change.  So it's time to make it official.

Approved by:	hm
Pointy hat to:	ru
MFC after:	3 days
2006-03-07 09:53:11 +00:00
emax
2c76f6757e Add new 'setkeyboard' method to the /etc/rc.d/syscons. It accepts the
keyboard device name (i.e. /dev/kbd0). This method will do nothing is
kbdmux(4) is the current active keyboard, otherwise it will switch
active keyboard as requested.

Modify ukbd(4) entries in the /etc/devd.conf to use /etc/rc.d/syscons
and new 'setkeyboard' method.

No comments from:	freebsd-current@
MFC after:		1 day
2006-03-06 06:38:34 +00:00
matteo
00b7acda29 Enhance loginfail: it will catch sshd, proftpd and su errors, as well as other programs
PR: conf/70973
Submitted by:	Ryan Sommers" <ryans@gamersimpact.com>
Approved by:	philip (mentor)
MFC after:	3 days
2006-03-05 15:45:38 +00:00
brueffer
9044ef15cd Add the graid3(8), gstripe(8) and gconcat(8) status scripts, default is "off".
Approved by:	rwatson (mentor)
2006-03-02 14:46:00 +00:00
brueffer
04a5ecea57 Add periodic scripts that check the status of graid3(8), gstripe(8)
and gconcat(8) devices, respectively.

Approved by:	rwatson (mentor)
2006-03-02 14:44:19 +00:00
harti
f81b88c7e8 Document how to change the polling interval for the 64-bit interface
counters in case an interface reports the wrong speed via if_mib.
2006-02-27 16:31:01 +00:00
wkoszek
f23b544905 Use 'ipfw list' instead of 'ipfw l', since it's deprecated (and warning is
printed on system startup).

Approved by:	cognet (mentor)
MFC after:	3 days
2006-02-26 16:45:29 +00:00
delphij
ae16ca85eb Revert previous change for now. We traditionally add a new locale
directory when we have 10+ ports that make use of it, and now we have
only 3.  This change would come back if the tt/ usage grown up to the
level.

Knowledge provided by:	krion, kris
2006-02-25 22:09:37 +00:00
delphij
206a96b4db Add tt locale directory, since more and more ports create and use it. 2006-02-25 21:10:25 +00:00
dougb
21c7116ab9 Attempt to make running the new rc in a jail more automatic by
resetting of early_late_divider to a more appropriate value if
the admin has not modified the default.

Reviewed by:	brooks
2006-02-20 21:54:30 +00:00
dougb
d07e9ef4b2 Make sure abi (and therefore archdep) start before SERVERS as part of
the ongoing re-alignment of ordering that is necessary as a result of
including local scripts in the base rcorder. [1]

Accomplish this by removing the BEFORE's, and using REQUIRE instead.
This makes the dependencies more obvious, and less susceptible to turning
circular and/or nonsensical when seemingly innocent changes are made
in one place and not another.

Requested by:	delphij [1]
2006-02-19 08:18:48 +00:00
ru
2f299d4119 Check if /sbin/nextboot exists before running it.
PR:		93466
Submitted by:	Mats Palmgren
2006-02-17 08:34:01 +00:00
ceri
e32d79b3f8 Use example.com rather than bar.com for the system contact example.
Requested by:	glebius
2006-02-16 20:38:09 +00:00
ume
1372d441b5 The libwrap built with NO_INET6=yes cannot parse an IPv6 address.
So, mention it in comment.

Submitted by:	Dmitry Morozovsky <marck__at__rinet.ru>
MFC after:	2 days
2006-02-16 14:46:03 +00:00
ceri
9c98223a6b Update a comment to match functionality changed in r1.39 (allow square
brackets in process names).

MFC after:	2 days
2006-02-15 14:37:35 +00:00
imp
c557baf02d Remove vestiges of OLDCARD. 2006-02-14 04:16:56 +00:00
marcel
279b470f55 On ia64, the unaligned_print sysctl is a debugging knob under debug
and not under machdep as the behaviour is controlled by the process.
When PSR.ac is set the process expects to receive a SIGBUS. Otherwise
the processor or the kernel will emulate the misaligned memory access.

MFC after: 3 days
2006-02-13 21:41:32 +00:00
matteo
14c058cfc9 Add a default ldconfig32_paths entry in default/rc.conf for 32-bit compatability shared libraries.
It is used by the ldconfig rc.d scripts.
Document this variable in the man page

PR:		amd64/91571
Approved by:	philip (mentor)
MFC after:	3
2006-02-13 21:10:03 +00:00
imp
1be9da7b7f Since OLDCARD is gone from the kernel, catchup here and remove support
from here as well.
2006-02-13 20:08:31 +00:00
dougb
2a1b618d7b Overhaul the named boot script:
1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work
2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named
3. Replace the call to set rcvar with what that function would output,
and generally reduce indirection ($name -> named) since it's highly
unlikely the name of the named process or service will change any time soon.
4. Resort the order the variables at the top of the file to a more
traditional format, and remove a spurious required_dirs from the top, as it
works better after load_rc_config.
5. We do not want the default reload method with named, so define a simple
but appropriate substitute using rndc. If I were writing this script for
the first time I would not include this at all, since it's preferable to
control a running daemon with rndc to start with, but given that this is
already here, let's do it right. I hope that future generations will
however resist the tempation to add reconfig to extra_commands.
6. By the same token, we want to use rndc to shut down named, but given
that by defining a stop function we lose the "find the process by its
pid file in an emergency" goodness of rc.subr, try to do something useful
in the event that rndc is not available, and keep the user informed.
7. Replace some "test -f" with "test -r" to handle the unlikely event
that the relevant file exists, but is unreadable.
8. Twiddle whitespace in a few areas, remove a spurious blank line,
a bogus double space, and try to do better indenting.
9. Improve generation of the rndc.key file significantly
a. If for some reason a user has an rndc.conf file, assume that they
did that on purpose, and hence know what they are doing, so leave them alone.
b. Introduce a named_uid configuration variable so that the user which owns
the rndc.key file and the user named runs as always match, and is more
easily configurable. This should dramatically reduce problems with rndc.
c. Also test that the rndc.key file size is greater than zero, rather than
simply that the file exists. I have seen at least one user report this exact
problem, and although neither of us is sure where the empty file came from,
the fix is simple, so include it.
d. Rather than try to create an rndc.key file in both /etc/namedb and the
chroot'ed /etc/namedb, assume that they are be the same (which they should
be), and only create the file in the chroot'ed version of the directory.
This partially addresses the problem described in conf/73929, but I have
not yet finished thinking about the PREFIX issue that PR also raises.

As a result of introducing the named_uid knob, the default named_flags
are now empty.

Update defaults/rc.conf and rc.conf(5) to reflect these changes.
2006-02-13 08:45:51 +00:00
rwatson
92a26d2fa0 Install audit_control and audit_user, both of which are likely to be
modified by the administrator, as user-writable instead of read-only.

Obtained from:	TrustedBSD Project
2006-02-12 13:01:39 +00:00
flz
ea926ddbd3 Don't include geli devices in list when noauto is specified in the options field.
Approved by:	pjd
MFC after:	3 days
2006-02-12 12:57:07 +00:00
matteo
609d51b24f Make localpkg print local scripts names when the boot is verbose
PR:		conf/68525
Approved by:	philip (mentor)
MFC after:	3 days
2006-02-12 10:04:56 +00:00
glebius
ae6d6a4d2d The bar.com is an existing domain. Instead of trying to listen on
64.15.205.248 address, change host to "foobar". This won't be
resolvable in most cases, so administrator will need to change it.
Also do not send our trap messages to 64.15.205.248, use localhost
as default traphost.
2006-02-08 11:55:03 +00:00
matteo
603c4fe5f3 When there are no interesting information in output, exit with 0.
PR:		conf/92299
Submitted by:	Petr Rehor <prehor@gmail.com>
Approved by:	philip (mentor)
MFC after:	3 days
2006-02-07 08:21:06 +00:00
mlaier
1bebb42407 pflog is a separate module now.
Submitted by:	Antoine Brodin
PR:		kern/88271
MFC after:	1 week
2006-02-05 22:38:08 +00:00
rwatson
a6de13a9ec Assign gid 77 to audit instead of gid 73. The ports group list did not
include '73', which was assigned in a ports passwd entry to ircservices.

Pointed out by:	ceri
2006-02-05 19:34:09 +00:00
ceri
c06055baa8 The rpc.pcnfsd server was in the base for a little over seven minutes
back in 1994.  Change the example entry to point at the port, as per
the entries for uucpd et al.
2006-02-05 19:23:05 +00:00
rwatson
3926af01b2 Change group for /var/audit to audit, so that audit review can be
delegated to non-administrators.

Obtained from:	TrustedBSD Project
2006-02-05 18:22:56 +00:00
rwatson
da1aa8f5a8 Allocate an 'audit' group, membership in which will grant the audit
review right by virtue of read file permission on /var/audit and its
contents.

Obtained from:	TrustedBSD Project
2006-02-05 18:04:39 +00:00
marius
d83080f6ae Enable getty(8) on ttyu2 by default in order to get machines that use a
RSC (Remote System Control) connected via uart2 as console working out
of the box. On machines that use uart2 to connect a keyboard and thus
the ttyu2 node doesn't exist this will trigger a warning from getty(8)
but cause no real harm.

MFC after:	1 week
2006-02-04 23:30:09 +00:00
flz
06bbcb2dd7 - Add a startup script for hostapd.
- Document associated variable in rc.conf(5).

Approved by:	dougb
MFC after:	1 week
2006-02-03 01:35:36 +00:00
rwatson
07968a9d9a Install /etc/security configuration files from OpenBSM.
Obtained from:	TrustedBSD Project
2006-02-02 10:03:43 +00:00
rwatson
4a1c13c118 Add auditd rc.d script.
Submitted by:	trhodes
Obtained from:	TrustedBSD Project
2006-02-02 10:02:55 +00:00
rwatson
c34b7e5c9a Add auditd_enable and auditd_flags rc.d scripts.
Obtained from:	TrustedBSD Project
2006-02-02 10:02:19 +00:00
rwatson
7a4b60ef35 Add /var/audit, mode 750, which will hold audit trail files.
Obtained from:	TrustedBSD Project
2006-02-02 01:19:31 +00:00
matteo
b21d7a0700 Make df output more consistent:
Remove -k now that -h is present
use -l instead of -t nonfs to match smbfs too [1]
PR:	conf/50956 [1]
Approved by:	philip (mentor)
MFC after:	3 days
2006-01-30 19:23:24 +00:00
matteo
383fbf3c49 Make df output in periodic mail human readable
PR:		conf/87196
Submitted by:	Mike <mspam@ideaway.net>
Approved by:	philip (mentor)
MFC after:	3 days
2006-01-30 12:33:44 +00:00
njl
89c22f2e1a Enable the lowest Cx state by default. This will save power and we have
had enough testing of acpi_cpu to know this is stable now.
2006-01-29 05:51:58 +00:00
mlaier
33a996340a Document the user/group LOR in our sample pf.conf
Submitted by:	Devon H. O'Dell
2006-01-27 17:16:20 +00:00
maxim
3f40c02a7b o Add IANA assigned InterBase Database Remote Protocol 3050/tcp/udp.
PR:		conf/92319
Submitted by:	skv
MFC after:	1 week
2006-01-25 17:37:15 +00:00
netchild
b9239b94b7 As a quick fix disable the update of the linux ld.so.cache file, since
currently it grabs some FreeBSD native libs too.

A final solution is under discussion with brooks.
2006-01-24 18:58:48 +00:00
pjd
7ae11fdb19 The 'reload' command did the same as 'restart' command.
Allow user to decide if SAD and SPD entries should be flushed on 'reload'.
With this change flush/spdflush is not done automatically (it could still
be done from ipsec.conf).
2006-01-24 15:16:55 +00:00
pjd
0af7bce7e6 Remove stale comment.
This change should be made in rev1.9.

MFC after:	1 week
2006-01-24 15:12:44 +00:00
pjd
633461c588 Use $ipsec_file instead of hardcoded /etc/ipsec.conf.
This change should be made in rev1.2.

MFC after:	1 week
2006-01-24 15:11:11 +00:00
matteo
a6e212c0ac Add gettytab entry for 3wire 19200 baud console
PR:		conf/90346
Submitted by:	Gavin Atkinson <gavin.atkinson@ury.york.ac.uk>
Approved by:	philip (mentor)
MFC after:	3 days
2006-01-22 15:33:16 +00:00
maxim
96735772f3 o Add 406.status-gmirror, sort.
Submitted by:	brueffer
2006-01-21 20:16:30 +00:00
yar
e9ad335f2d Add an rc.d script for stand-alone ftpd.
Document the script's controls on the rc.conf(5)
manpage and touch its Dd.

PR:		conf/90893
MFC after:	5 days
2006-01-21 18:08:16 +00:00
matteo
33d3c223da Allow the use of wildcarded device names in devfs.conf
PR:		conf/90760
Submitted by:	Darren Pilgrim <darren.pilgrim@gmail.com>
Approved by:	philip (mentor)
2006-01-21 14:31:45 +00:00
wes
9455e2dc0d Tell nextboot to clean up after itself. 2006-01-18 04:53:48 +00:00
cperciva
b04b9d3ae4 Add a warning pointing out that incomplete ports trees are not
supported and that users of REFUSE directives should update their
entire ports tree before asking for help on the mailing lists.

Requested by:	kris
MFC after:	3 days
2006-01-18 03:40:57 +00:00
philip
00ce0e8a4a Remove the module loading magic again; it's not needed after all.
Pointy hat to:	matteo
Submitted by:	matteo
Reviewed by:	pjd
MFC after:	3 days
2006-01-17 19:29:31 +00:00
philip
528140c6f2 Load the g_md kernel module if needed.
Pointed out by:	Gianmarco Giovannelli
Submitted by:	matteo
MFC after:	3 days
2006-01-16 13:26:05 +00:00
dougb
8961e0fe8a REQUIRE named. On all systems I've examined running HEAD and
RELENG_6 this will be a noop, however as we introduce local
startup scripts to the base rcorder, we'll see more cases
where the previous status quo will need to be made explicit
to avoid having it disrupted when random local scripts are
added to the mix.
2006-01-16 06:03:42 +00:00
ceri
a415f589c8 Marius Nuennerich pointed out that nextboot(8) configured boot options
were now sticky.  This script was deleting /boot/nextkernel on boot, but
there is no code in the tree that creates that file since revision 1.15
of src/sbin/reboot/reboot.c.
nextboot(8) creates /boot/nextboot.conf, so remove that instead.

Approved by:	jhb (proxy mentor)
MFC after:	1 week
2006-01-15 23:12:26 +00:00
wollman
c637bc1255 Add a daily script to show the status of gmirror(8) devices. 2006-01-13 18:07:52 +00:00
brooks
bada3291be Creating memory file systems with softupdates enabled is pointless,
don't do it.

PR:		conf/85558
Submitted by:	Ralf Wenk <RZ dash FreeBSD0605 at hs dash karlsruhe dot de>
MFC after:	5 days
2006-01-11 21:59:30 +00:00
brooks
b818dbf010 Be a little more read-only file system friendly when running the Linux
ldconfig.  Build the cache in a temporary directory and only install it
if it's actually different that the installed one.

Also, use "cat tmp > real" to install the temporary file in the real
location to allow the real location to be a symlink to a writable
directory such as /var/run (where the file actually belongs).

MFC After:	5 days
2006-01-11 21:30:41 +00:00
harti
0b56383eac Disable default write access by not setting the write community string.
PR:		91404, 91406
2006-01-10 12:08:25 +00:00
harti
53ef42030b Add a (disabled) configuration line to enable the HOST-RESOURCES MIB. 2006-01-10 11:43:25 +00:00
dougb
2bdeba9d87 Add a mechanism to include files added by ports which contain
the names of directories to include in the base ldconfig script.
This will eliminate the need for each port to install its own
boot script which does nothing but ldocnfig a given directory.

This code was developed by flz (ports committer), discussed on
freebsd-rc@, and modified slightly by me.

Submitted by:	flz
Reviewed by:	brooks
2006-01-08 10:15:31 +00:00
rse
f298c45195 1. Add missing semicolon between "warn" and "return" to make sure
the line continuation backslash doesn't cause "warn" to print "return".
2. Group "warn" and "return" together as the "return 1" should be
   performed only if the "kldload nfsclient" also failed (and not
   already if the "vfs.nfs" sysctl(8) check failed).

MFC after: 3 days
2005-12-30 09:16:23 +00:00
rse
51a6864846 Remove superfluous line continuation backslash.
MFC after: 3 days
2005-12-30 08:57:33 +00:00
dfr
d9cbcb50b5 Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
2005-12-29 14:40:22 +00:00
dougb
5e13600953 Fix another braino, don't remove the X related socket directories
right after creating them.

Twiddle whitespace while I'm here.
2005-12-27 23:22:18 +00:00
dougb
761b74bc75 Make sure that the prestart routine is run with *start, instead of
just 'start'.

Reminded by:	keramida
2005-12-27 23:08:58 +00:00
dougb
2bb58e1702 syslogd should REQUIRE newsyslog, rather than newsyslog using
BEFORE: syslogd. This does not produce any change in the
ordering at the moment, but is cleaner style for the long term.
2005-12-21 09:54:15 +00:00
dougb
41ec533c29 Several users have commented (via filing PRs) that having ntp* depend
on devfs is useful so that a hardware time device can start with its
necessary device nodes already in place. While this ordering happens
as a side effect currently in HEAD, and the PRs were generally fixed
via upgrades, etc; it's better to make it explicit.

While I'm here, ntpd should REQUIRE ntpdate, rather than ntpdate
using BEFORE: ntpd.
2005-12-21 09:48:41 +00:00
dougb
0be5d450a6 REQUIRE: syslogd and BEFORE: NETWORKING are now antithetical,
and including both in this file had nasty side effects on the
ordering of syslogd, as well as producing an error when running
rcorder. Remove the more bogus of the two options, which restores
proper ordering and removes the error.

There is an open question as to whether scripts with the nostart
KEYWORD should even have REQUIRE/BEFORE lines, and indeed, whether
they should be in /etc/rc.d at all, but that's for another time.
2005-12-21 01:19:20 +00:00
dougb
d2867372db Include a somewhat hackish way to make sure that we *always* test the
new clear_tmp_X variable when start'ing.
2005-12-20 23:22:47 +00:00
dougb
5a09b5d83f Brooks pointed out a potential problem with disabling the X cleaning
by default, so add a new knob that is on by default, and check that
knob in start_precmd so that it can run even if cleaning /tmp is
not enabled. This has the advantage of not violating POLA, while
still allowing the user to disable this behavior if they wish (for
example on a server that will never run X).
2005-12-20 20:36:48 +00:00
dougb
c9292fd995 Clear up problems with /etc/rc.d/{abi|cleanvar|cleartmp} brought
to light by the PR.  Specifically, convert these three scripts
into good rc.d citizens, making sure that their functionality
is preserved, but the rc.d framework rules are not broken.

Add support for cleanvar as a regular rc.d script in the
default rc.conf, and document this in the man page.

Add a descriptive comment to rc.conf that regarding the
three emulation/compatibility services provided by abi
so users will not be confused by these services not having
their own startup scripts.

PR:		conf/84574
Submitted by:	Alexander Botero-Lowry
2005-12-19 10:57:00 +00:00
iedowse
0b71e714c9 Remove usbd(8) and all references to it. It is no longer necessary
since devd(8) now provides the same functionality.

Submitted by:	Anish Mistry
2005-12-15 01:04:51 +00:00
delphij
3c8b4e6094 Add /boot/firmware as iwi(4) now reads its firmware there.
Reminded by:	flz
2005-12-11 15:21:18 +00:00
iedowse
7eeb4d1fc2 Move the remaining entries from usbd.conf to devd.conf. This now
makes usbd redundant.

PR:		conf/73799
Submitted by:	Anish Mistry
2005-12-11 00:18:28 +00:00
dougb
06a285042d Drop rcconf.sh now that it has been removed 2005-12-10 23:23:09 +00:00
dougb
156819c498 Remove rcconf.sh from /etc/rc.d, and instead load the configuration
as part of rc. Doing this, and the sourcing of rc.subr after we have
determined if we are booting diskless (and correspondingly run
rc.initdiskless if necessary) are safe, and actually allow fewer files
to be needed on the diskless box. This also allows variables from
the configuration to be available to rc itself, such as ...

Add a variable to rc.conf, early_late_divider, which designates the
script which separates the early and late stages of the boot process.
Default this to mountcritlocal, and add text to etc/defaults/rc.conf,
rc.conf(5) and diskless(8) which describes how and why one might want
to change this.

Reviewed by:	brooks
2005-12-10 20:21:46 +00:00
dougb
18ad8e36cd Silence a warning about empty directories in all the places it might
occur.

Reminded by: yar
2005-12-10 20:19:08 +00:00
dougb
e948569c6b Use of REQUIRE is better than BEFORE for most scripts, and very
few scripts should have no REQUIRE at all.
2005-12-10 19:49:03 +00:00
ru
97be6030e1 Files are installed with mode 444 by default. 2005-12-09 15:19:31 +00:00
yar
7749f8a04f Since rc.subr is a library of functions, it should not use exit
every now and then.  It is up to the caller to choose a proper
action upon an error condition.  Therefore, use return, not exit,
except for some special cases.

Consistently return 1 to indicate an error.

Submitted by:	sem (initially)
Reviewed by:	freebsd-rc (silence)
MFC after:	2 weeks
2005-12-06 05:27:11 +00:00