You may now optionally specify allow.noreserved_ports to prevent root
inside a jail from using privileged ports (less than 1024)
PR: 217728
Submitted by: Matt Miller <mattm916@pulsar.neomailbox.ch>
Reviewed by: jamie, cem, smh
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D10202
In batch mode, most messages go into the core.txt.N file instead of stdout.
Reviewed by: jhb
MFC after: 3 days
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D10429
This modification adds the capability to newsyslog to write the
rotation message in a format that is compliant with RFC5424. This
capability is enabled on a per-log file basis through a new value
("T") in the flags field in newsyslog.conf. This is useful on systems
that use the RFC5424 format for log files so that the rotation message
format matches that of the other log messages. There has been recent
mention of adding an RFC5424 compliant mode to syslogd and at least
one alternative system log daemon (rsyslogd) that already has the
capability to use that format.
Reviewed by: vangyzen, ngie
Approved by: vangyzen (mentor)
MFC after: 2 months
Relnotes: yes
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D10253
it has nothing to do with ffs and will eventually be moved.
gc sectorsize.
This is a corrected version of r317744.
NetBSD versions:
ffs.c 1.58
ffs/buf.c 1.14 1.18
ffs/buf.h 1.8
Submitted by: Siva Mahadevan <smahadevan@freebsdfoundation.org>
Obtained from: NetBSD
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D10803
Since the translation to vt as terminal emulator, the keymaps files
path has changed and this change does not get followed in bsdconfig.
This implicates boot time warnings about a wrong keymap file, what
is very confusing for the new users and for me too, so initialize
the default keymaps search path depending on terminal type.
Differential Revision: https://reviews.freebsd.org/D8734
Submitted by: Oliver Pinter <oliver.pinter@hardenedbsd.org>
Reviewed by: ed, jilles, dteske
MFC after: 3 days
X-MFC-to: stable/11
Sponsored by: HardenedBSD
Signed-off-by: Oliver Pinter <oliver.pinter@hardenedbsd.org>
If /etc/bootparams contains a line with an excessively long pathname, and a
client asks for that path, then bootparamd will overflow a buffer and crash
while parsing that line. This is not remotely exploitable since it requires
a malformed /etc/bootparams file.
Reported by: Coverity
CID: 1305954
MFC after: 1 week
Sponsored by: Spectra Logic Corp
Also add __FBSDID.
Reviewed by: grehan
This file lacks a license(!) so for this change the following declaration
applies:
To the greatest extent permitted by, but not in contravention of,
applicable law, Affirmer hereby overtly, fully, permanently, irrevocably
and unconditionally waives, abandons, and surrenders all of Affirmer's
Copyright and Related Rights and associated claims and causes of action,
whether now known or unknown (including existing as well as future claims
and causes of action).
Extend the ino_t, dev_t, nlink_t types to 64-bit ints. Modify
struct dirent layout to add d_off, increase the size of d_fileno
to 64-bits, increase the size of d_namlen to 16-bits, and change
the required alignment. Increase struct statfs f_mntfromname[] and
f_mntonname[] array length MNAMELEN to 1024.
ABI breakage is mitigated by providing compatibility using versioned
symbols, ingenious use of the existing padding in structures, and
by employing other tricks. Unfortunately, not everything can be
fixed, especially outside the base system. For instance, third-party
APIs which pass struct stat around are broken in backward and
forward incompatible ways.
Kinfo sysctl MIBs ABI is changed in backward-compatible way, but
there is no general mechanism to handle other sysctl MIBS which
return structures where the layout has changed. It was considered
that the breakage is either in the management interfaces, where we
usually allow ABI slip, or is not important.
Struct xvnode changed layout, no compat shims are provided.
For struct xtty, dev_t tty device member was reduced to uint32_t.
It was decided that keeping ABI compat in this case is more useful
than reporting 64-bit dev_t, for the sake of pstat.
Update note: strictly follow the instructions in UPDATING. Build
and install the new kernel with COMPAT_FREEBSD11 option enabled,
then reboot, and only then install new world.
Credits: The 64-bit inode project, also known as ino64, started life
many years ago as a project by Gleb Kurtsou (gleb). Kirk McKusick
(mckusick) then picked up and updated the patch, and acted as a
flag-waver. Feedback, suggestions, and discussions were carried
by Ed Maste (emaste), John Baldwin (jhb), Jilles Tjoelker (jilles),
and Rick Macklem (rmacklem). Kris Moore (kris) performed an initial
ports investigation followed by an exp-run by Antoine Brodin (antoine).
Essential and all-embracing testing was done by Peter Holm (pho).
The heavy lifting of coordinating all these efforts and bringing the
project to completion were done by Konstantin Belousov (kib).
Sponsored by: The FreeBSD Foundation (emaste, kib)
Differential revision: https://reviews.freebsd.org/D10439
- Start new sentences on new lines.
- Separate e.g. (more of an igor thing) with commas, and rewrite some examples
not to be enclosed in parentheses.
Reported by: igor, make manlint
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
It requires a tty, which might not be available in scripted installs. Instead
extract the sets manually using tar.
Reviewed by: tsoome
Sponsored by: Citrix Systems R&D
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D10736
Because the datasets are already mounted by zfsboot, and the mount script
doesn't know anything about ZFS. Also do not execute the "umount" script for
ZFS for the same reasons.
Reviewed by: dteske, tsoome
Sponsored by: Citrix Systems R&D
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D10738
Fix spelling [1], appease igor and mandoc -Tlint, and adopt the
language style to be more consistent with our corpus.
PR: 219434 [1]
Submitted by: olgeni [1]
entries never expiring. This patch honours the negative cache timeout.
To test/experience the failure do the following:
1. Edit /etc/ncd.conf to adjust the cache timeouts as follows:
positive-time-to-live hosts 30
negative-time-to-live hosts 1
2. Ensure that nsswitch.conf hosts line contains something like:
hosts: files cache dns
Note that cache must be specified before dns.
3. Start nscd.
4. Run the following command:
while true; do nc -z -w 3 www.google.com 80; sleep 5; done
5. While running the command, remove or comment out all nameserver
statements in /etc/resolv.conf. After a short while you will notice
non-recoverable name rsolution failures.
6. Uncomment or replace all nameserver statements back into
/etc/resolv.conf. Take note that name resolution never recovers.
To recover nscd must be restarted. This patch fixes this.
PR: 207804
Submitted by: Jov <amutu@amutu.com>
MFC after: 1 week
Add the ffs option to enable soft-updates.
The option is only processed is ufs2 has been selected.
Reviewed by: emaste, bapt (earlier version), allanjude (earlier version)
Sponsored by: Gandi.net
Differential Revision: https://reviews.freebsd.org/D10773
The default values found in /etc/passwd and /etc/group are 65534, 65533.
In mountd.c, the defaults were -2, which was 65534 back when uid_t was 16bits.
Without this patch, a file created by root on an NFS exported volume without
the "-root=" export option will end up owned by uid 4**32 - 2.
When discussed on freebsd-current@, it seemed that users preferred the
values being changed to 65534/65533.
I have not added code to acquire these values from the databases, since
the mountd daemon might get "stuck" during startup waiting for a non-responsive
password database server.
Discussed on: freebsd-current
