contain any kernel modules. This makes the common case completely silent,
as it should be.
Reviewed by: imp@
MFC after: 2 weeks
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D14694
User-visible changes:
"-u" is added to to list of command line options supported by bthidd.
Use it to enable evdev support. uinput and evdev modules should be
kld-loaded or compiled into the kernel in that case.
bthidd_evdev_support rc.conf variable is added to control enabling of
evdev support in bthidd startup script. Possible values are: "YES", "NO",
"AUTO"(default). Setting bthidd_evdev_support to "AUTO" inserts "-u" option
if kernel is compiled with EVDEV_SUPPORT option enabled.
Support for consumer HID usage page keyboard events is implemented. Most of
them are available only through evdev protocol.
kern.evdev.rcpt_mask sysctl is checked, so "sysctl kern.evdev.rcpt_mask=12"
should be executed if EVDEV_SUPPORT is compiled into kernel.
It is recommended to regenerate bthidd.conf entries with bthidcontrol(8)
"Query" command to set user-friendly names of bluetooth devices.
Reviewed by: emax, gonzo, wblock (docs), bcr (docs, early version)
Differential Revision: https://reviews.freebsd.org/D13456
r288291 added a call to limits(1), which isn't available before partitions
are mounted. This broke the ddb rc script, which does not provide its own
start_cmd.
Alleviate the situation here by providing a start_cmd. We still have other
problems with diskless setups that need to be considered, but this is a
start.
PR: 206291
Submitted by: cy
Discussed with: rgrimes
MFC after: 3 days
r328013 introduced a new error code from fsck_ffs that indicates that
it could not completely fix the file system; this happens when it
prints the message PLEASE RERUN FSCK. However, this status can happen
when fsck is run in "preen" mode and the rc.d/fsck script does not
handle that error code. Modify rc.d/fsck so that if "fsck -p"
("preen") returns the new status code (16) it will run "fsck -y", as
it currently does for a status code of 8 (the "standard error exit").
Reported by: markj
Reviewed by: mckusick, markj, ian, rgrimes
MFC after: 3 days
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D14679
(Due to some misconfiguration) I ended up with _mask set to
"-v<something>", and /etc/rc.d/jail then failed with
"expr: illegal option -- v".
Use "expr --" so that variable content is never interpreted as an
option.
Reviewed by: jamie
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D14535
When checking the validity of the pf.conf file also include the user supplied
pf_flags. These flags might overrule macros or specify anchors, which we will
apply when actually applying the pf.conf file, so we must also take them into
account when verifying the validity.
Submitted by: Andreas Longwitz <longwitz at incore.de>
MFC after: 3 weeks
pfctl only takes the last '-F' argument into account, so this never did what
was intended.
Moreover, there is no reason to flush rules before reloading, because pf keeps
track of the rule which created a given state. That means that existing
connections will keep being processed according to the rule which originally
created them. Simply reloading the (new) rules suffices. The new rules will
apply to new connections.
PR: 127814
Submitted by: Andreas Longwitz <longwitz at incore.de>
MFC after: 3 weeks
after r190575 there is an option to call rc.firewall with the firewall_type
passed in as an argument.
Submitted by: David P. Discher <dpd@dpdtech.com>
MFC after: 3 weeks.
Sponsored by: iXsystems Inc.
Differential Revision: https://reviews.freebsd.org/D14286
appearing as a single argument passed to devmatch(8).
Don't depend on "sort" utility from usr/bin which might not be
available when devd is started.
Sponsored by: Mellanox Technologies
to parse rather than searching for all events. Pass with new -p arg to
devmatch. devmatch will use that one event rather than walking the
entire tree.
kldload will stop at the first failure. So we need to loop. Also,
symbolic links may confused kldload into trying (and failing) to load
multiple modules at once, so guard against that.
Noticed by: hps (with similar patch)
Sponsored by: Netflix
If any process creates a directory named "-P" in /var/run or
/var/spool/lock it will cause the purgedir function to start to rm -r /.
Simplify a lot of complicated shell logic by leveraging find(1).
Reviewed by: allanjude
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D13778
leapseconds last-update field and incorrectly increment it when changing
the file even though the leapsecond data has not changed. For instance,
if a leapsecond file is obtained from USNO, when it expires it will not
be replaced by a newer file from other sources because it has an
incorrect later last-update (version).
This corrects r304780.
PR: 225029
Submitted by: ian
MFC after: 3 days
Try to not expose bluetooth devices to external devices unless the user
explicitly configures it, like any other radio/network device. Bluetooth
has a long history of security problems and it is probably best to keep it
disabled if not needed.
Users who do use the bluetooth device should enable "discoverable" in
bluetooth.device.conf(5) after this change.
Keep in mind that bluetooth addresses can be discovered by passive
monitoring or whole address-space scans[0], so a safety conscious user
should also disable "connectable" in bluetooth.device.conf(5).
[0]: https://www.sans.edu/cyber-research/security-laboratory/article/bluetooth
Reviewed by: emax, hselasky
Security: maybe
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D12831
When using a kernel built with the GZIO config option, dumpon -z can be
used to configure gzip compression using the in-kernel copy of zlib.
This is useful on systems with large amounts of RAM, which require a
correspondingly large dump device. Recovery of compressed dumps is also
faster since fewer bytes need to be copied from the dump device.
Because we have no way of knowing the final size of a compressed dump
until it is written, the kernel will always attempt to dump when
compression is configured, regardless of the dump device size. If the
dump is aborted because we run out of space, an error is reported on
the console.
savecore(8) is modified to handle compressed dumps and save them to
vmcore.<index>.gz, as it does when given the -z option.
A new rc.conf variable, dumpon_flags, is added. Its value is added to
the boot-time dumpon(8) invocation that occurs when a dump device is
configured in rc.conf.
Reviewed by: cem (earlier version)
Discussed with: def, rgrimes
Relnotes: yes
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D11723
and checks if ntp leapfile needs fetching before entering into the
anticongestion sleep.
Unfortunately some ports still use their own sleeps so, this commit
doesn't address the complete problem which is compounded by every
port that uses its own anticongestion mechanism.
Discussed with: asomers
r322277 moved rwho* and ruptime out of the MK_RCMDS conditional including
updating the obsolete files entries to not remove these scripts due to
WITHOUT_RCMDS=yes. However, the initial installation was still conditional
on MK_RCMDS, so new installs did not include these scripts and upgrades via
mergemaster or etcupdate removed them.
PR: 220953
MFC after: 1 month
Given that RFC7530 allows uid/gids to be placed in owner/owner_group
strings directly, many NFSv4 environments don't need the nfsuserd.
This small patch modified /etc/rc.d/nfsd so that it does not force
startup of the nfsuserd daemon unless nfs_server_managegids is enabled.
This implies that nfsuserd_enable="YES" must be added to /etc/rc.conf
for NFSv4 server environments that use Kerberos mounts or clients that
do not support the uid/gid in string capability.
Since this could be considered a POLA violation, it will not be MFC'd.
Discussed on: freebsd-current
If ipfw_netflow_fib, the ipfw rule will only match packets in that FIB.
While here correct some value in rc.conf(5) to be int and not str.
Sponsored by: Gandi.net
The default is to export netflow data on localhost on the netflow port.
ngtee is used to have the lowest overhead possible.
The ipfw ng hook is the netflow port (it can only be numeric)
Default is netflow version 5.
Sponsored-By: Gandi.net
Reviewed by: bapt (earlier version), olivier (earlier version)
After some tests, here are the services that run into a vnet jail:
- defaultroute
- dhclient
- ip6addrctl
- natd
- pf
- pfsync
- pflog (deamon runs, pflog0 interface usable, but /var/log/pflog not filled)
- rarpd
- route6d (do nothing anyway because obsolete)
- routed (do nothing anyway because obsolete)
- rtsold
- static_arp
- static_ndp
PR: 220530
Submitted by: olivier@freebsd.org
In batch mode, most messages go into the core.txt.N file instead of stdout.
Reviewed by: jhb
MFC after: 3 days
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D10429
This makes 'stop' behave consistently with 'start' in the script.
Also use $SYSCTL instead of sysctl for consistency within that script.
MFC after: 3 weeks
Changes include modifications in kernel crash dump routines, dumpon(8) and
savecore(8). A new tool called decryptcore(8) was added.
A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump
configuration in the diocskerneldump_arg structure to the kernel.
The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for
backward ABI compatibility.
dumpon(8) generates an one-time random symmetric key and encrypts it using
an RSA public key in capability mode. Currently only AES-256-CBC is supported
but EKCD was designed to implement support for other algorithms in the future.
The public key is chosen using the -k flag. The dumpon rc(8) script can do this
automatically during startup using the dumppubkey rc.conf(5) variable. Once the
keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O
control.
When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random
IV and sets up the key schedule for the specified algorithm. Each time the
kernel tries to write a crash dump to the dump device, the IV is replaced by
a SHA-256 hash of the previous value. This is intended to make a possible
differential cryptanalysis harder since it is possible to write multiple crash
dumps without reboot by repeating the following commands:
# sysctl debug.kdb.enter=1
db> call doadump(0)
db> continue
# savecore
A kernel dump key consists of an algorithm identifier, an IV and an encrypted
symmetric key. The kernel dump key size is included in a kernel dump header.
The size is an unsigned 32-bit integer and it is aligned to a block size.
The header structure has 512 bytes to match the block size so it was required to
make a panic string 4 bytes shorter to add a new field to the header structure.
If the kernel dump key size in the header is nonzero it is assumed that the
kernel dump key is placed after the first header on the dump device and the core
dump is encrypted.
Separate functions were implemented to write the kernel dump header and the
kernel dump key as they need to be unencrypted. The dump_write function encrypts
data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps
are not supported due to the way they are constructed which makes it impossible
to use the CBC mode for encryption. It should be also noted that textdumps don't
contain sensitive data by design as a user decides what information should be
dumped.
savecore(8) writes the kernel dump key to a key.# file if its size in the header
is nonzero. # is the number of the current core dump.
decryptcore(8) decrypts the core dump using a private RSA key and the kernel
dump key. This is performed by a child process in capability mode.
If the decryption was not successful the parent process removes a partially
decrypted core dump.
Description on how to encrypt crash dumps was added to the decryptcore(8),
dumpon(8), rc.conf(5) and savecore(8) manual pages.
EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU.
The feature still has to be tested on arm and arm64 as it wasn't possible to run
FreeBSD due to the problems with QEMU emulation and lack of hardware.
Designed by: def, pjd
Reviewed by: cem, oshogbo, pjd
Partial review: delphij, emaste, jhb, kib
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4712
Currently, '/etc/rc.d/swaplate stop' removes all swap devices. This can be
very slow and may not even be possible if there is a lot of swap space in
use. However, removing swap devices is only needed for late swap devices
that may depend on daemons that subsequent shutdown steps stop. Normal swap
devices such as hard disk partitions will remain available throughout the
shutdown process and need not be removed.
In swapoff, interpret -aL to remove late swap devices only, and use this in
etc/rc.d/swaplate. The meaning of -aL in swapon remains unchanged (add all
swap devices, both normal and late).
PR: 187081
Reviewed by: wblock (man page only), ngie
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D8126
