permit users and groups to bind ports for TCP or UDP, and is intended
to be combined with the recently committed support for
net.inet.ip.portrange.reservedhigh. The policy is twiddled using
sysctl(8). To use this module, you will need to compile in MAC
support, and probably set reservedhigh to 0, then twiddle
security.mac.portacl.rules to set things as desired. This policy
module only restricts ports explicitly bound using bind(), not
implicitly bound ports where the port number is selected by the
IP stack. It appears to work properly in my local configuration,
but needs more broad testing.
A sample policy might be:
# sysctl security.mac.portacl.rules="uid:425:tcp:80,uid:425:tcp:79"
This permits uid 425 to bind TCP sockets to ports 79 and 80. Currently
no distinction is made for incoming vs. outgoing ports with TCP,
although that would probably be easy to add.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
not send a signal to any processes. Also add a config-file flag of 'N' or
'n', which indicates that the given logfile has no process which needs a
signal when it is rotated. Both of these are based on changes NetBSD
has made, although the implementation is somewhat different.
PR: bin/36553 (2nd half)
Reviewed by: no objections on freebsd-arch
Obtained from: NetBSD (in spirit, at least)
MFC after: 3 weeks
queue items that can be allocated by netgraph and the number of free queue
items that are cached on a private list.
Netgraph places an upper limit on the number of queue items it may allocate.
When there is a large number of netgraph messages travelling through the
system (100k/sec and more) there is a high probability, that messages get
queued at the nodes and netgraph runs out of queue items. In this case the data
flow through netgraph gets blocked. The tuneable for the number of free
items lets one trade memory for performance.
The tunables are also available as read-only sysctls.
PR: kern/47393
Reviewed by: julian
Approved by: jake (mentor)
Both "product" and "build" ordering are rampant in /usr/src. This document
is not indented to be as strict as style(9) as historically BSD hasn't been
as consistent about Makefile as C code. Also there are too many variations,
exceptions and allowances in out existing Makefile style to be strict.
However there is a general level of consensus on what the general BSD style
of our Makefiles is. This manpage documents that "smell".
o Give the proper spelling for WARNS.
o Clarify using NO_WERROR.
o Embelish -D after -I verbage.
o Document preference of ${.ALLSRC} & ${.TARGET} vs. $< & $@.
Based on: brucification
program allows users in the operator group to take filesystem
snapshots. Its first use will be in support of `dump -L'.
Approved by: Technical Review Board <trb@FreeBSD.org>
Sponsored by: DARPA & NAI Labs.
are specified the old behaviour is old. The submitted applied a much cleaner
diff to ruptime.c, however it did not cover cases like listing failures. It
would probably be a good idea to move the printing from the ruptime function,
and have that function just be used to build the list, as that would unbreak
sorting, but this diff is intended to be clear, relative to the original
code. As the sort order is the order specified on the command line, for now,
such is documented in the manual page accordingly.
Submitted by: Edward J. M. Blocklesby <ejb@lythe.org.uk>
MFC after: 3 weeks
