So bump the default from `16' to `22', which is the largest value allowed
with the current default block size. This change increases the the
group size from 32MB/g to 44MB/g on a 4GB SCSI disk.
o Revise description in light of commits over last month including:
- ACL editing library is now implemented
- ACLs are now implemented
Obtained from: TrustedBSD Project
1) really check for size overflow by checking negative value.
2) since mmap() not support files over INT_MAX size, add check for it
until either mmap() will be fixed or tail will be rewritted to handle
large files alternatively.
3) replace fseek(... file_size, SEEK_SET) with fseek(... 0L, SEEK_END)
to avoid off_t -> long cast
4) Use exit() if file is too big instead of warning and wrong logic
afterwards.
implementation is still experimental, and while fairly broadly tested,
is not yet intended for production use. Support for POSIX.1e ACLs on
UFS will not be MFC'd to RELENG_4.
This implementation works by providing implementations of VOP_[GS]ETACL()
for FFS, as well as modifying the appropriate access control and file
creation routines. In this implementation, ACLs are backed into extended
attributes; the base ACL (owner, group, other) permissions remain in the
inode for performance and compatibility reasons, so only the extended and
default ACLs are placed in extended attributes. The logic for ACL
evaluation is provided by the fs-independent kern/kern_acl.c.
o Introduce UFS_ACL, a compile-time configuration option that enables
support for ACLs on FFS (and potentially other UFS-based file systems).
o Introduce ufs_getacl(), ufs_setacl(), ufs_aclcheck(), which
respectively get, set, and check the ACLs on the passed vnode.
o Introduce ufs_sync_acl_from_inode(), ufs_sync_inode_from_acl() to
maintain access control information between inode permissions and
extended attribute data.
o Modify ufs_access() to load a file access ACL and invoke
vaccess_acl_posix1e() if ACLs are available on the file system
o Modify ufs_mkdir() and ufs_makeinode() to associate ACLs with newly
created directories and files, inheriting from the parent directory's
default ACL.
o Enable these new vnode operations and conditionally compiled code
paths if UFS_ACL is defined.
A few notes:
o This implementation is fairly widely tested, but still should be
considered experimental.
o Currently, ACLs are not exported via NFS, instead, the summarizing
file mode/etc from the inode is. This results in conservative
protection behavior, similar to the behavior of ACL-nonaware programs
acting locally.
o It is possible that underlying binary data formats associated with
this implementation may change. Consumers of the implementation
should expect to find their local configuration obsoleted in the
next few months, resulting in possible loss of ACL data during an
upgrade.
o The extended attributes interface and implementation is still
undergoing modification to address portable interface concerns, as
well as performance.
o Many applications do not yet correctly handle ACLs. In general,
due to the POSIX.1e ACL model, behavior of ACL-unaware applications
will be conservative with respects to file protection; some caution
is recommended.
o Instructions for configuring and maintaining ACLs on UFS will be
committed in the near future; in the mean time it is possible to
reference the README included in the last UFS ACL distribution
placed in the TrustedBSD web site:
http://www.TrustedBSD.org/downloads/
Substantial debugging, hardware, travel, or connectivity support for this
project was provided by: BSDi, Safeport Network Services, and NAI Labs.
Significant coding contributions were made by Chris Faulhaber. Additional
support was provided by Brian Feldman, Thomas Moestl, and Ilmar Habibulin.
Reviewed by: jedgar, keichii, mckusick, trustedbsd-discuss, freebsd-fs
Obtained from: TrustedBSD Project
- TELNETOBJDIR is gone. `buildworld' already installs libtelnet.a
in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there.
- SSHDIR (formerly SSHSRC) is now shared between all SSH modules.
New LIBSSH is introduced for libssh.a (an internal static lib).
Previously, build without prior `obj' was broken; SSH modules
always looked for libssh.a in ${.OBJDIR}. Also, the dependancies
on the libssh.a were missing.
- libtelnet/ did not install the crypto version of telnet.h into
/usr/include/arpa.
- Removed BINOWN, BINMODE, BINDIR and SRCS with default values.
Reviewed by: markm
- MAN[1-9] -> MAN.
region for CIS reading" problem:
Use bus_alloc_resource to get the memory that we'll be using. Also
has the benefit of doing usage checking as well. This gets rid of the
ugly kludge that we had before for mapping pmem to vmem.
Second, move PIOCSRESOURCE to its own routine and make it conform more
to style(9) in the process.
and do the unregister/reregister work.
Don't call syslog in the unregister/reregister code as we haven't called
openlog() yet.
Be a more conservative about accepting errno values from socket(2),
only EPROTONOSUPPORT means that the kernel isn't supporting it
something like INET6. The other possible errnos would be returned
if there was a mistake in the socket(2) call so remove them from the
list of "acceptable" return values.
then wait for the connection to be closed by the peer.
This means that commands such as ``pppctl ... show links'' will
display the correct output again (rather than truncating it depending
on how much data arrived in the last packet).
