Commit Graph

49 Commits

Author SHA1 Message Date
ru
4de1ee30af -mdoc sweep. 2005-11-18 10:36:29 +00:00
rse
56379f0e5b Fix system shutdown timeout handling by again supporting longer running
shutdown procedures (which have a duration of more than 120 seconds).

We have two user-space affecting shutdown timeouts: a "soft" one in
/etc/rc.shutdown and a "hard" one in init(8). The first one can be
configured via /etc/rc.conf variable "rcshutdown_timeout" and defaults
to 30 seconds. The second one was originally (in 1998) intended to be
configured via sysctl(8) variable "kern.shutdown_timeout" and defaults
to 120 seconds.

Unfortunately, the "kern.shutdown_timeout" was declared "unused" in 1999
(as it obviously is actually not used within the kernel itself) and
hence was intentionally but misleadingly removed in revision 1.107 from
init_main.c. Kernel sysctl(8) variables are certainly a wrong way to
control user-space processes in general, but in this particular case the
sysctl(8) variable should have remained as it supports init(8), which
isn't passed command line flags (which in turn could have been set via
/etc/rc.conf), etc.

As there is already a similar "kern.init_path" sysctl(8) variable which
directly affects init(8), resurrect the init(8) shutdown timeout under
sysctl(8) variable "kern.init_shutdown_timeout". But this time document
it as being intentionally unused within the kernel and used by init(8).
Also document it in the manpages init(8) and rc.conf(5).

Reviewed by: phk
MFC after: 2 weeks
2005-09-15 13:16:07 +00:00
garys
dcf881b1eb Moved descriptions of securelevels from init(7) to security(7).
Files used both "securelevel" and either "secure level" or
"security level"; all are now "security level".

PR:             docs/84266
Submitted by:   garys
Approved by:    keramida
MFC after:      3 days
2005-09-03 17:16:00 +00:00
ru
13fe9ea5a2 Sort sections. 2005-01-18 10:09:38 +00:00
keramida
374897f0eb Add references to pf(4) and pfctl(8) at the description of
securelevel = 3.

PR:		docs/69417
Submitted by:	Janos Mohacsi (mohacsi(at)niif(dot)hu)
2004-07-22 10:38:13 +00:00
ru
46fddaa54b Mechanically kill hard sentence breaks. 2004-07-02 21:45:06 +00:00
ru
f6aa4621fd Assorted markup, grammar, and spelling fixes. 2004-05-17 08:35:43 +00:00
markm
90f91e7879 Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp
2004-04-09 19:58:40 +00:00
mux
14d69ee306 Mention that securelevel 1 also blocks access to /dev/io if it
exists (not all platforms have it).
2004-02-20 21:38:23 +00:00
kensmith
af4ffb5550 - Add some information about how init, securelevel, and jails
interact with each other.
	- Minor markup fix (.Dq -> .Va for a variable)

Reviewed by:	rwatson
Approved by:	blackend (mentor)
2003-11-11 18:37:50 +00:00
charnier
7aed4eadc7 Add section number to .Xr 2003-06-08 12:51:28 +00:00
keramida
936ff7b73e There are 5 securelevels, not 4.
PR:		docs/50049
Submitted by:	Colin Percival <cperciva@sfu.ca>
2003-03-26 01:30:34 +00:00
ru
8b5b8ec6a7 mdoc(7) police: markup laundry. 2003-02-23 01:47:49 +00:00
trhodes
136be46680 s/filesystem/file system/g as discussed on -developers 2002-08-21 18:11:48 +00:00
ru
dfc3706596 can not -> cannot. 2002-08-13 14:10:36 +00:00
charnier
a2accd01f0 The .Nm utility 2002-07-06 19:34:18 +00:00
ru
80f060f0cf mdoc(7) police: protect trailing full stops of abbreviations
with a trailing zero-width space: `e.g.\&'.
2001-08-10 13:45:36 +00:00
ru
4345758876 mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
dd
a145482cf6 Remove whitespace at EOL. 2001-07-15 07:53:42 +00:00
ru
7cef49ff86 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
dd
fb1146362f Back out most of revision 1.28: lists of diagnostics must use -diag,
not -tag.  Instead, put a period after the error messages to aide
those using dumb terminals not capable of properly displaying markup.

Requested by:	ru
2001-04-13 06:54:05 +00:00
dd
cb8bda79d6 Make the list in the DIAGNOSTICS section "-tag" instead of "-diag":
the former makes it more obvious as to there the error message starts
and the explanation begins.

PR:		26431
2001-04-10 01:03:29 +00:00
ru
979699b8a9 Prepare for mdoc(7)NG. 2000-12-19 15:36:48 +00:00
ben
287d08d04f Explicitly document the fact that securelevel > 0 means that kernel modules
may not be (un)loaded.

PR:		23350
Submitted by:	Gordon Tetlow <gordont@bluemtn.net>
2000-12-07 21:09:22 +00:00
ru
ea31070695 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 16:52:27 +00:00
sheldonh
93a57684b2 Improve the clarification of the handling of the securelevel.
Submitted by:	bde
2000-09-13 08:39:41 +00:00
sheldonh
cfc3af2b90 Clarify the handling of the securelevel.
PR:		20974
2000-09-12 12:30:13 +00:00
sheldonh
ff1f324516 Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 11:27:47 +00:00
nik
23f67763ad Document that securelevel >= 2 clamps time changes to at most one second.
PR:             docs/14449
Submitted by:   James FitzGibbon <james@targetnet.com>
1999-12-16 02:15:53 +00:00
sheldonh
e8d92f3cff Correct the ttys.5 and init.8 manpages with respect to the incorrect
assumption that only getty processes can be managed.  Describe the
SysV-like ability to keep arbitrary long-running processes alive
using a non-device first field in /etc/ttys.

PR:		12767
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
1999-12-06 09:07:14 +00:00
kato
6ed01edd23 FreeBSD kernel doesn't allow any process to decrease securelevel. So,
init(8) cannot decrease securelevel.  The manual page explains this
and single_user() doesn't try to downgrade kernel to insecure mode.

Reviewed by:	bde (manual page)
1999-09-06 08:41:32 +00:00
peter
76f0c923fe $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
mph
8a83bdfe59 "Cannot" is one word. "Can not" has a different meaning if taken
literally.
1999-07-05 18:12:13 +00:00
ru
5824f4faaa Turn System V command line syntax ``on'' by default.
Requested by:		peter
Reviewed by:		des, billf
1999-07-01 13:33:56 +00:00
ru
412b642b28 Bring in System V run-level patches (turned off by default).
While I'm here, fix some typos in the manpage.

Requested by:	des
1999-06-18 09:08:09 +00:00
ru
f97d9ce3bb Init(8) will halt the system if sent USR1 signal,
or halt and turn the power off if sent SIGUSR2.

PR:		5451
Submitted by:	Leif Neland <leifn@image.dk>
Reworked by:	ru
Reviewed by:	-hackers
1999-06-16 20:01:19 +00:00
ghelmer
fe04bf9dba Mention securelevel 3 as affecting ipfw and dummynet. Generalize comment
about fdisk and securelevel 2.
PR:		docs/7785
1998-12-16 16:50:12 +00:00
charnier
fff847fc47 Correct .Nm use. Add rcsid. Use min for minutes instead of mn. 1998-07-06 06:56:08 +00:00
jkoshy
20df804cb4 Fixes per PR 2850:
(a) Note that the default securelevel value is -1, in -current and -stable.
(b) Mention kernel sysctl variable that controls securelevel.
(c) Add warning the `fsck' will fail if securelevel >= 2.
(d) Suggest end of /etc/rc as the right place to raise securelevel.

and one spelling fix.

PR: 2850
1998-06-19 08:34:52 +00:00
davidn
c0b9ea4c76 Add /etc/rc.shutdown capability to init.
Add sample /etc/rc.shutdown (which is just a shell for now).
Submitted by:	Ollivier Robert <roberto@keltia.freenix.fr>
1997-08-02 00:22:52 +00:00
mpp
4b08ee0ed3 Be more specific as to which flags may not be turned off when the
system is running in secure mode.

Obtained from: NetBSD PR# 3299
1997-04-01 20:41:04 +00:00
peter
4968036f61 Revert $FreeBSD$ to $Id$ 1997-02-22 14:40:44 +00:00
adam
2ee6680619 typo 1997-01-22 12:38:40 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
wosch
71f5160702 Sort cross references. 1997-01-13 00:25:51 +00:00
bde
b24c97a50f Rewrote the section about the "normal" setting of the security level to
match reality.

Say that secured devices `may not be opened for writing' instead of
`are read-only'.
1996-10-12 15:37:23 +00:00
mpp
3c57dc7753 Correct some man page xrefs, and some other minor changes to bring some
man pages up to mdoc guidelines and fix some minor formatting glitches.
Also fixed a number of man pages to not abuse the .Xr macro to
display functions and path names and a lot of other junk.
1996-04-08 04:18:31 +00:00
nate
398581a79d Bring in my changes from the 1.1 init.bsdi which causes a reboot (was a
halt before)  if init is sent an interrupt signal.  This is necessary
for <CTL><ALT><DEL> to do the right thing if enabled.
1994-08-27 21:32:01 +00:00
rgrimes
d038e02fd6 BSD 4.4 Lite sbin Sources
Note:  XNSrouted and routed NOT imported here, they shall be imported with
usr.sbin.
1994-05-26 06:35:07 +00:00