Commit Graph

3363 Commits

Author SHA1 Message Date
jake
8325f04853 Add example entries for ttya and ttyb (sab). 2002-08-04 19:16:13 +00:00
gshapiro
8cc0839b13 If all file systems are marked nosuid, the line:
MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`

sets ${MP} to an empty string so the next line:

	set ${MP}

actually just dumps all of the shells variables to stdout (and therefore
the security report).  Fixed by surrounding the code which goes through the
mounts with a test for an empty string before using ${MP}.

Reviewed by:	brian
MFC after:	3 days
2002-08-03 22:33:34 +00:00
rwatson
5ca8a85ebe Introduce support for Mandatory Access Control and extensible
kernel access control.

Create directories for per-policy include files.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 22:37:08 +00:00
ume
ec26b61ae7 FreeBSD has setkey in different location from NetBSD.
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-07-31 16:39:19 +00:00
blackend
5b8d2d8de6 Correct URL to the Handbook
MFC after:	1 week
2002-07-31 10:05:37 +00:00
ru
a8adf98c82 Drop support for COPY, -c has been the default mode of install(1)
for a long time now.

Approved by:	bde
2002-07-29 09:40:17 +00:00
dd
67306baf36 Stock -current has more than 300 files in /etc, so 255 inodes for the
/etc filesystem isn't enough; consequently, add "-i 4096" to the newfs
command for /etc.  This results in 1022 inodes, which should be enough
for the forseeable future (although I don't know why we would ever
have more than 1000 files in a default /etc).

Silence by:	-current
2002-07-28 03:41:53 +00:00
dd
6f27324be2 Add a period to the end of the "starting" message to be consistent
with the rest of the output during a boot.
2002-07-28 03:38:10 +00:00
imp
def36fc897 Add a generic NANOSPEED wi card.
Submitted by: matt peterson

While I'm here, kill the flags 0x10000 on all the prism based cards.
Both stable and current figure this out on their own and we've had at
least one releases where this is the case.
2002-07-26 06:12:14 +00:00
ume
afcf651cf8 Change the default setting of an IPv4-mapped IPv6 address to off.
Requested by:	many people
2002-07-25 15:44:01 +00:00
ume
ae5301d38f be able to configure to run an IPv6 routing daemon even on
an end node (sync with rc.network6 1.30).

Approved by:	gordon
2002-07-21 19:12:21 +00:00
ru
f2824cbad3 sys.mk no longer includes bsd.own.mk. 2002-07-20 10:56:00 +00:00
ru
ed13465e59 Install scripts via FILES (purposedly not via SCRIPTS that would
strip the suffixes).
2002-07-18 12:33:01 +00:00
ru
cd7c90d38f s/${INSTALL} -c/${INSTALL} ${COPY}/ 2002-07-18 12:07:49 +00:00
imp
ebb07e7ff8 The Compaq WL200 is a CL-PD6729 based pci card with a prism 2 pcmcia
card behind it (without the pcmcia form factor).  This entry gets to
the point of attaching, but there's something wrong with the '29
support, so it doesn't quite work yet.
2002-07-18 06:01:35 +00:00
dd
6197784f1d Remove spurious "echo '.'". 2002-07-18 05:00:23 +00:00
bsd
e3e0f48306 Apply same fix as Rev 1.19 of /etc/rc.diskless2: create sendmail
required directories if sendmail_enable is not set to "none".

Suggested by:   gordon
2002-07-18 05:00:22 +00:00
dougb
ebec404eb6 Anonymize the "portmap" program to get better compatibility with
rpcbind in -current.

Submitted by:   Alexander Kabaev <ak03@gte.com>
2002-07-18 05:00:21 +00:00
dougb
0564223a48 Make nisdomainname=NO DTRT
Submitted by:   des, via Mike Makonnen <makonnen@pacbell.net>
2002-07-18 05:00:20 +00:00
dougb
30dfb601b9 Cleanup some pollution from the NetBSD sync, and add gif setup.
Submitted by:   Mike Makonnen <makonnen@pacbell.net>
2002-07-18 05:00:19 +00:00
gordon
e141e08d6b Fix a typo that caused dhclient not to work.
Submitted by:   Dennis Kristensen <snicki@snicki.dk>
Reviewed by:    Mike Makonnen <makonnen@pacbell.net>
2002-07-18 05:00:18 +00:00
gordon
259601fa05 Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.

Submitted by:   Mike Makonnen <makonnen@pacbell.net>
Reviewed by:    silence on -current and -hackers
Prodded by:     rwatson
2002-07-18 05:00:17 +00:00
ume
c8703a911a be able to configure to run an IPv6 routing daemon even on
an end node.

Requested by:	Masachika ISHIZUKA <ishizuka@ish.org>
MFC after:	1 week
2002-07-18 05:00:16 +00:00
ru
8280e04b3b Removed no longer used share/examples/diskless/* dirs (forgotten
by luigi@) and never used share/examples/kld/dyn_sysctl/module.
2002-07-11 07:15:36 +00:00
joe
ddb988fd9f Rename 'usio' to 'ucom'.
Spotted by:	akiyama
2002-07-10 16:07:33 +00:00
gordon
a4cf039ac6 Remove debugging nit
Submitted by:	bmah
2002-07-08 21:04:16 +00:00
peter
a01296978c GRRR! rc.* cannot do an "exit 0" or it aborts the entire /etc/rc process.
We do a '. /etc/rc.syscons' - not run it in a seperate shell.
2002-07-08 04:03:21 +00:00
gordon
6a6fb8b86a nfsd and mountd now live in /usr/sbin not /sbin. Correct the command args.
This also reduces the diff to NetBSD (very marginally).

Reviewed by:	jake (mentor)
2002-07-07 22:19:08 +00:00
des
5c93810aed Silence pam_lastlog for now. 2002-07-07 10:00:43 +00:00
dougb
93b3f4508c Another update from Mike Makonnen.
Missed by: Me
2002-07-07 08:00:31 +00:00
dougb
9b623ad295 Latest improvements from Mike Makonnen. Better kerberos and apm handling. 2002-07-07 04:16:53 +00:00
ru
13ade03a10 There is apparently no reason for the existence of the `etc' target. 2002-07-05 13:47:29 +00:00
ru
294d4cf00f Whitespace and indentation (style) fixes. 2002-07-05 13:39:38 +00:00
ru
0bcd5c6bf3 Added DEFAULTS, to denote the contents of etc/defaults/.
Once upon a time (in rev. 1.81), COPYRIGHT and FREEBSD
were multi-value.

Moved installation of /var/log/cron to where it belongs
(this finishes the change in rev. 1.205).

Removed (with extreme prejudice) a bunch of parentheses
that unnecessarily obfuscated this makefile.

Run pwd_mkdb(8) right after master.passwd is installed.

Install nsmb.conf to /usr/share/examples/etc/.
2002-07-05 13:17:24 +00:00
maxim
954ff8bf68 Trim EOL spaces.
Reviewed by:	gshapiro
2002-06-30 12:08:36 +00:00
maxim
d0a28864e1 Add an alias for sshd. 2002-06-30 12:04:41 +00:00
maxim
638246b4b9 Include 'sshd' to the lists of forbidden users.
Reviewed by:	cvs-committers
2002-06-28 15:46:29 +00:00
brian
c4dd2bd45f Mention that we're checking kernel log messages, even if there's
no output.

PR:		39618
MFC after:	1 week
2002-06-28 10:32:18 +00:00
sheldonh
0148f2db27 Revert previous delta, setting the system immutable flag on /var/empty
instead of the user immutable flag, now that mergemaster handles
schg directories in its /var/tmp/temproot.
2002-06-26 17:05:48 +00:00
sheldonh
70a58092b5 Tone down the previous delta: don't set the system immutable flag on
/var/empty, because it makes it difficult for mergemaster(8) to remove
/var/tmp/temproot/var.
2002-06-26 08:58:28 +00:00
dillon
5a2f3bd0ed add default vmemoryuse (unlimited), and samples 2002-06-26 04:04:37 +00:00
ken
0d3a835f3f At long last, commit the zero copy sockets code.
MAKEDEV:	Add MAKEDEV glue for the ti(4) device nodes.

ti.4:		Update the ti(4) man page to include information on the
		TI_JUMBO_HDRSPLIT and TI_PRIVATE_JUMBOS kernel options,
		and also include information about the new character
		device interface and the associated ioctls.

man9/Makefile:	Add jumbo.9 and zero_copy.9 man pages and associated
		links.

jumbo.9:	New man page describing the jumbo buffer allocator
		interface and operation.

zero_copy.9:	New man page describing the general characteristics of
		the zero copy send and receive code, and what an
		application author should do to take advantage of the
		zero copy functionality.

NOTES:		Add entries for ZERO_COPY_SOCKETS, TI_PRIVATE_JUMBOS,
		TI_JUMBO_HDRSPLIT, MSIZE, and MCLSHIFT.

conf/files:	Add uipc_jumbo.c and uipc_cow.c.

conf/options:	Add the 5 options mentioned above.

kern_subr.c:	Receive side zero copy implementation.  This takes
		"disposable" pages attached to an mbuf, gives them to
		a user process, and then recycles the user's page.
		This is only active when ZERO_COPY_SOCKETS is turned on
		and the kern.ipc.zero_copy.receive sysctl variable is
		set to 1.

uipc_cow.c:	Send side zero copy functions.  Takes a page written
		by the user and maps it copy on write and assigns it
		kernel virtual address space.  Removes copy on write
		mapping once the buffer has been freed by the network
		stack.

uipc_jumbo.c:	Jumbo disposable page allocator code.  This allocates
		(optionally) disposable pages for network drivers that
		want to give the user the option of doing zero copy
		receive.

uipc_socket.c:	Add kern.ipc.zero_copy.{send,receive} sysctls that are
		enabled if ZERO_COPY_SOCKETS is turned on.

		Add zero copy send support to sosend() -- pages get
		mapped into the kernel instead of getting copied if
		they meet size and alignment restrictions.

uipc_syscalls.c:Un-staticize some of the sf* functions so that they
		can be used elsewhere.  (uipc_cow.c)

if_media.c:	In the SIOCGIFMEDIA ioctl in ifmedia_ioctl(), avoid
		calling malloc() with M_WAITOK.  Return an error if
		the M_NOWAIT malloc fails.

		The ti(4) driver and the wi(4) driver, at least, call
		this with a mutex held.  This causes witness warnings
		for 'ifconfig -a' with a wi(4) or ti(4) board in the
		system.  (I've only verified for ti(4)).

ip_output.c:	Fragment large datagrams so that each segment contains
		a multiple of PAGE_SIZE amount of data plus headers.
		This allows the receiver to potentially do page
		flipping on receives.

if_ti.c:	Add zero copy receive support to the ti(4) driver.  If
		TI_PRIVATE_JUMBOS is not defined, it now uses the
		jumbo(9) buffer allocator for jumbo receive buffers.

		Add a new character device interface for the ti(4)
		driver for the new debugging interface.  This allows
		(a patched version of) gdb to talk to the Tigon board
		and debug the firmware.  There are also a few additional
		debugging ioctls available through this interface.

		Add header splitting support to the ti(4) driver.

		Tweak some of the default interrupt coalescing
		parameters to more useful defaults.

		Add hooks for supporting transmit flow control, but
		leave it turned off with a comment describing why it
		is turned off.

if_tireg.h:	Change the firmware rev to 12.4.11, since we're really
		at 12.4.11 plus fixes from 12.4.13.

		Add defines needed for debugging.

		Remove the ti_stats structure, it is now defined in
		sys/tiio.h.

ti_fw.h:	12.4.11 firmware.

ti_fw2.h:	12.4.11 firmware, plus selected fixes from 12.4.13,
		and my header splitting patches.  Revision 12.4.13
		doesn't handle 10/100 negotiation properly.  (This
		firmware is the same as what was in the tree previously,
		with the addition of header splitting support.)

sys/jumbo.h:	Jumbo buffer allocator interface.

sys/mbuf.h:	Add a new external mbuf type, EXT_DISPOSABLE, to
		indicate that the payload buffer can be thrown away /
		flipped to a userland process.

socketvar.h:	Add prototype for socow_setup.

tiio.h:		ioctl interface to the character portion of the ti(4)
		driver, plus associated structure/type definitions.

uio.h:		Change prototype for uiomoveco() so that we'll know
		whether the source page is disposable.

ufs_readwrite.c:Update for new prototype of uiomoveco().

vm_fault.c:	In vm_fault(), check to see whether we need to do a page
		based copy on write fault.

vm_object.c:	Add a new function, vm_object_allocate_wait().  This
		does the same thing that vm_object allocate does, except
		that it gives the caller the opportunity to specify whether
		it should wait on the uma_zalloc() of the object structre.

		This allows vm objects to be allocated while holding a
		mutex.  (Without generating WITNESS warnings.)

		vm_object_allocate() is implemented as a call to
		vm_object_allocate_wait() with the malloc flag set to
		M_WAITOK.

vm_object.h:	Add prototype for vm_object_allocate_wait().

vm_page.c:	Add page-based copy on write setup, clear and fault
		routines.

vm_page.h:	Add page based COW function prototypes and variable in
		the vm_page structure.

Many thanks to Drew Gallatin, who wrote the zero copy send and receive
code, and to all the other folks who have tested and reviewed this code
over the years.
2002-06-26 03:37:47 +00:00
jdp
8b97544268 Fix the amd invocation to honor the amd_flags setting.
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-06-24 19:50:56 +00:00
sheldonh
68469a22f1 The previous delta introduced /var/empty, for use by openssh-portable,
which needs an empty directory into which to chroot(2).

Hint to the operator that this directory really _should_ be empty
by creating it with mode 0555 and the system immutable flag (schg)
set.

Reviewed by:	des
2002-06-24 18:31:47 +00:00
des
049fabb373 Previous commit was just a tad too hasty, the sshd peudo-user's home
directory should be /var/empty.
2002-06-23 20:46:44 +00:00
des
6c4dd41fe3 Add /var/empty for the OpenSSH privsep code. 2002-06-23 20:44:19 +00:00
des
9ffcd90b2f Add an sshd user and group for the OpenSSH privilege separation code. 2002-06-23 20:41:06 +00:00
bsd
4dd39b52f9 Create sendmail required directories if sendmail is enabled. 2002-06-22 19:44:25 +00:00
dougb
a27bc1f2cf Hone the rpcbind dependency checking.
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-06-21 19:50:01 +00:00
obrien
f91ef96f2f This commit was generated by cvs2svn to compensate for changes in r98576,
which included commits to RCS files with non-trunk default branches.
2002-06-21 19:07:21 +00:00