This change defines the RA "6" (IPv6-Only) flag which routers
may advertise, kernel logic to check if all routers on a link
have the flag set and accordingly update a per-interface flag.
If all routers agree that it is an IPv6-only link, ether_output_frame(),
based on the interface flag, will filter out all ETHERTYPE_IP/ARP
frames, drop them, and return EAFNOSUPPORT to upper layers.
The change also updates ndp to show the "6" flag, ifconfig to
display the IPV6_ONLY nd6 flag if set, and rtadvd to allow
announcing the flag.
Further changes to tcpdump (contrib code) are availble and will
be upstreamed.
Tested the code (slightly earlier version) with 2 FreeBSD
IPv6 routers, a FreeBSD laptop on ethernet as well as wifi,
and with Win10 and OSX clients (which did not fall over with
the "6" flag set but not understood).
We may also want to (a) implement and RX filter, and (b) over
time enahnce user space to, say, stop dhclient from running
when the interface flag is set. Also we might want to start
IPv6 before IPv4 in the future.
All the code is hidden under the EXPERIMENTAL option and not
compiled by default as the draft is a work-in-progress and
we cannot rely on the fact that IANA will assign the bits
as requested by the draft and hence they may change.
Dear 6man, you have running code.
Discussed with: Bob Hinden, Brian E Carpenter
dialog will conditionally ignore the --hline option if not enough space
was available to accomodate for the text width. Traditionally the width
of the widget had to be 10 wider than the text. Recent updates to dialog
have changed the requirement to be at least 12 wider than the hline text
else the hline text is not rendered at the bottom of the widget.
Sponsored by: Smule, Inc.
Architectures Software Developer’s Manual Volume 3"). Add the document
to SEE ALSO in bhyve.8 (and pet manlint here a bit).
Reviewed by: jhb, rgrimes, 0mp
Approved by: kib (mentor)
Differential Revision: https://reviews.freebsd.org/D17531
and runs scripts containing "KEYWORD: resume" with single "resume" argument.
Working example is the port sysutils/cpupdate that defines
extra_commands="resume" to reload CPU microcode cleared
by suspend/resume sequence.
This change does nothing for a system having no scripts with KEYWORD: resume.
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D15247
action to distribute traffic using the half of the VI's RSS indirection
table.
The value specified should either be the start of the VI's RSS slice
(available at dev.<ifname>.<inst>.rss_base since r339700) or the
midpoint (rss_base + rss_size/2). The traffic that hits the filter will
use the first or second half of the indirection table respectively.
The indirection table can be populated in different ways to achieve
different kinds of traffic/load distributions. For example, r339749
allows a netmap interface to have half the rx queues in the first half
of the table and the rest in the other.
Sponsored by: Chelsio Communications
So
./efivar --fromfile Boot0001.bin --print --load-option
will take the value from Boot0001.bin file and then decode it as if it
were a load-option. This is useful for debugging handling of such
variables that may be hanging the boot for some people.
Sponsored by: Netflix, Inc
The output of "ngctl ls -l" is hard to read. To make it easier, add a blank
line after each listed item much how traditional "ls -l" does when listing
the contents of multiple directories.
Sponsored by: Smule, Inc.
Alternatively to IPv4 address:port this will allow to listen on IPv6
link-local (incl. scope), a specific address, or ::. Addresses have
to be given in RFC2732 format so that [::]:port parsing will work.
This patch also starts to introduce WITH_INET/INET6_SUPPORT to bhyve.
PR: 232018
Submitted by: Dave Rush (northwoodlogic.free gmail.com) (original)
Reviewed by: Dave Rush (updated verison)
MFC after: 3 days
Remove mse and all support for bus and inport devices from the tree.
Data from nycbug's dmesg database shows the last sighting of this
driver was in 4.10 on only one machine.
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D17628
Legacy v3 db support was retired in r333133, and it was v3 support that
required the -B and -L options. The options were retained temporarily,
but now that stable/12 has branched they can be removed.
Sponsored by: The FreeBSD Foundation
We would fail to clear DNS search list configuration if a router
stopped specifying the DNSSL RA option. I suspect that the bug
was mostly harmless, as the RDNSS and DNSSL options are typically used
together and omitting the RDNSS option would have the same effect.
CID: 1006219
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
can see the dmesg buffer (this is the current behavior). When false (the
new default), dmesg will be unavailable to jailed users, whether root or
not.
The security.bsd.unprivileged_read_msgbuf sysctl still works as before,
controlling system-wide whether non-root users can see the buffer.
PR: 211580
Submitted by: bz
Approved by: re@ (kib@)
MFC after: 3 days
it. Drop the now unused _PATH_PW_CONF definition. [1]
While here, change the last remaining hardcoded "/etc" to _PATH_PWD.
Noted by: glebius [1]
Reviewed by: eugen
Approved by: re (gjb), kib (mentor)
Differential Revision: https://reviews.freebsd.org/D17575
explicitly specified. -V path is already used to determine which file
to read default values from, so it's only logical to write them to the
same file.
PR: 231653
Reviewed by: eugen, bapt
Approved by: re (gjb), kib (mentor)
Differential Revision: https://reviews.freebsd.org/D17566
- Update OpenSSL to version 1.1.1.
- Update Kerberos/Heimdal API for OpenSSL 1.1.1 compatibility.
- Bump __FreeBSD_version.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
For OpenSSL 1.1.1 compatibility.
In Makefile.inc1 add (to the existing similar cases) a hack to handle
dependencies across the migration.
Reviewed by: jhb
Approved by: re (gjb)
Sponsored by: The FreeBSD Foundation.
Differential Revision: https://reviews.freebsd.org/D17481
the snapshots directory, not releases.
Reported by: David Marec david.marec _at_ davenulle _dot_ org
Approved by: re (rgrimes)
Sponsored by: The FreeBSD Foundation
r339213 was cherry-picked back to head from the project branch, which
caused a conflict. This commit properly records the mergeinfo from
head.
r339205 was missed, and r339214 is required for reintegration.
Sponsored by: The FreeBSD Foundation
Reported by: Jose Luis Duran
Reviewed by: bcr
Approved by: re (gjb), krion (mentor, implicit), mat (mentor, implicit)
Differential Revision: https://reviews.freebsd.org/D17409
- Extend the bsdinstall(8) man page with ZFS installation scripting
details. [1]
- Extend the bsdinstall(8) man page with the description of all the ZFS
variables involved in a scripted installation of ZFS-based systems. [1]
- Extend the SCRIPTING section with an example for a ZFS-based scripted
installation. [1]
- Create a new section explaining how ZFS datasets must be written into
a variable to get them set on the final system. [1]
While here:
- Add Roberto to the copyrights for recognition as changes to the manual
page are huge.
- Use "Dq" for default values.
- Use sysrc(8) instead of echo in examples.
Submitted by: Roberto Fernandez Cueto <roberfern@gmail.com> [1]
Reviewed by: dteske
Approved by: re (gjb), krion (mentor, implicit), mat (mentor, implicit)
Differential Revision: https://reviews.freebsd.org/D14169
GCC 8.1 failed to build LLVM's libc++ when -Wshadow is set,
so lower down WARNS flag to 3.
This is similar to dtc(1) which uses libc++ and sets WARNS to 3.
Approved by: re (gjb)
Sponsored by: DARPA, AFRL
The original spec for the strings describing the PNP info didn't allow
spaces. Several times now people have broken the install by including
them. Relax the syntax to allow them after the ; which is where
people's muscle memory tends to put them.
Approved by: re@ (gjb)
chown incorrectly allows a uid or gid greater than UID_MAX/GID_MAX respectively.
Using such an argument rolls over to accounts such as root, operator, etc.
Approved by: re (gjb)
Relnotes: yes
Reviewed by: cem, kib
Submitted by: Don Morris <dgmorris@earthlink.net>
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D15119
When I updated counter definition handling for x86 I broke
'pmccontrol -L' listing counter names. This just changes
pmccontrol to call the library function on x86.
PR: 230984
Approved by: re (kib@)
This leverages CONFS to handle the install of the config file.
Approved by: re (gjb), will (mentor)
Differential Revision: https://reviews.freebsd.org/D17159
I had disabled building of the aforementioned targets due to warnings breaking
tinderbox. This silences the warning and restores them to the build.
Reported by: jhibbits
Reviewed by: jhibbits
Approved by: re (gjb)
use of u3g(4) dongles, and in many cases can work out of the box.
Reviewed by: hselasky
Approved by: re (gjb)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D16974
Ths prevents etcupdate and mergemaster from deleting it for now.
Approved by: re (rgrimes), will (mentor)
Differential Revision: https://reviews.freebsd.org/D16975
The switch to lualoader creates a problem with userboot: the host is
inclined to build userboot with Lua, but the host userboot's interpreter
must match what's available on the guest. For almost all FreeBSD guests in
the wild, Lua is not yet available and a Lua-based userboot will fail.
This revision updates userboot protocol to version 5, which adds a
swap_interpreter callback to request a different interpreter, and tries to
determine the proper interpreter to be used based on how the guest
/boot/loader is compiled. This is still a bit of a guess, but it's likely
the best possible guess we can make in order to get it right. The
interpreter is now embedded in the resulting executable, so we can open
/boot/loader on the guest and hunt that down to derive the interpreter it
was built with.
Using -l with bhyveload will not allow an intepreter swap, even if the
loader specified happens to be a userboot with the wrong interpreter. We'll
simply complain about the mismatch and bail out.
For legacy guests without the interpreter marker, we assume they're 4th.
For new guests with the interpreter marker, we'll read it and swap over
to the proper interpreter if it doesn't match what the userboot we're using
was compiled with.
Both flavors of userboot are installed by default, userboot_4th.so and
userboot_lua.so. This fixes the build WITHOUT_FORTH as a coincidence, which
was broken by userboot being forced to 4th.
Reviewed by: imp, jhb, araujo (earlier version)
Approved by: re (gjb)
Differential Revision: https://reviews.freebsd.org/D16945
After r336252 it is no longer necessary to have a separate bootpool when
booting from an encrypted disk with UEFI.
This change also switches the EFI System Partition contents from
the 800 KB boot1.efifat to a new 200 MB filesystem created with newfs_msdos
and uses loader.efi directly, instead of boot1.efi.
PR: 228916
Reviewed by: dteske
MFC after: 1 month
Relnotes: yes
Sponsored by: Klara Systems
Differential Revision: https://reviews.freebsd.org/D12315
* Constify rtpref_str declaration
* Remove unused h_errno declaration
* Use time_t type for expire
* Use strlcpy to set static "?" value to ifname
* Rename local variable 's' to stop shadowing global definition
* Close socket used in pfx_flush()
* Use local variables for sock() in setdefif() and getdefif()
* Increase WARNS to 3
Reviewed by: allanjude, kevans
Approved by: allanjude
Sponsored by: Rubicon Communications, LLC (Netgate)
Differential Revision: https://reviews.freebsd.org/D11118
This adds it to devctl, libdevctl, defines the two IOCTLs and
implements the kernel bits. causes any new drivers that are added via
kldload to be deferred until a 'thaw' comes in. These do not stack: it
is an error to freeze while frozen, or thaw while thawed.
Differential Revision: https://reviews.freebsd.org/D16735
This is pkgbase related as it switches to CONFS to properly tag this as a
config file.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16848
For tools that uses bhyve such like libvirt, it is important to be able to
probe what features are supported by the given bhyve binary.
To give more context, libvirt probes bhyve's capabilities in a not very
effective way:
- Running 'bhyve -h' and parsing output.
- To detect devices, it runs 'bhyve -s 0,dev' for every each device and
parses error output to identify if the device is supported or not.
PR: 2101111
Submitted by: novel
MFC after: 2 weeks
Relnotes: yes
Sponsored by: iXsystems Inc.
2^32 bps or greater to be used. Prior to this, bandwidth parameters
would simply wrap at the 2^32 boundary. The computations in the HFSC
scheduler and token bucket regulator have been modified to operate
correctly up to at least 100 Gbps. No other algorithms have been
examined or modified for correct operation above 2^32 bps (some may
have existing computation resolution or overflow issues at rates below
that threshold). pfctl(8) will now limit non-HFSC bandwidth
parameters to 2^32 - 1 before passing them to the kernel.
The extensions to the pf(4) ioctl interface have been made in a
backwards-compatible way by versioning affected data structures,
supporting all versions in the kernel, and implementing macros that
will cause existing code that consumes that interface to use version 0
without source modifications. If version 0 consumers of the interface
are used against a new kernel that has had bandwidth parameters of
2^32 or greater configured by updated tools, such bandwidth parameters
will be reported as 2^32 - 1 bps by those old consumers.
All in-tree consumers of the pf(4) interface have been updated. To
update out-of-tree consumers to the latest version of the interface,
define PFIOC_USE_LATEST ahead of any includes and use the code of
pfctl(8) as a guide for the ioctls of interest.
PR: 211730
Reviewed by: jmallett, kp, loos
MFC after: 2 weeks
Relnotes: yes
Sponsored by: RG Nets
Differential Revision: https://reviews.freebsd.org/D16782
PR#230752 shows a panic where an nfsd thread tries to do soconnect() on
the AF_LOCAL socket used by the nfsuserd while already holding an
exclusive lock on it. I am not 100% sure how this happens, but since an
AF_LOCAL socket is in the file system namespace it is conceivable that it
could lock it and then attempt an upcall to the nfsuserd.
However, reverting r320757 stops the nfsuserd from using an AF_LOCAL
socket, so it should avoid any such panic().
r320757 did fix a problem with running the nfsuserd when jails were
enabled, but that can be dealt with less elegantly by allowing the
use of an alternate address instead of 127.0.0.1.
The gssd daemon also uses an AF_LOCAL socket, but it will do upcalls
before the nfsd thread processes the RPC, so I think it should not
be suseptible to this problem.
PR: 230752
This way the target fails if unifdef doesn't exist or doesn't modify the
file instead of just generating an empty .c file.
I found this while building without inherited $PATH (D16815)
Approved By: jhb (mentor)
The original NVMe API used bit-fields to represent fields in data
structures defined by the specification (e.g. the op-code in the command
data structure). The implementation targeted x86_64 processors and
defined the bit fields for little endian dwords (i.e. 32 bits).
This approach does not work as-is for big endian architectures and was
changed to use a combination of bit shifts and masks to support PowerPC.
Unfortunately, this changed the NVMe API and forces #ifdef's based on
the OS revision level in user space code.
This change reverts to something that looks like the original API, but
it uses bytes instead of bit-fields inside the packed command structure.
As a bonus, this works as-is for both big and little endian CPU
architectures.
Bump __FreeBSD_version to 1200081 due to API change
Reviewed by: imp, kbowling, smh, mav
Approved by: imp (mentor)
Differential Revision: https://reviews.freebsd.org/D16404
Prevent some classes of foot-shooting that may result in permissions
problems.
Reviewed by: dab, delphij, vangyzen (earlier version)
Relnotes: yes (behavior change)
Sponsored by: Dell EMC Isilon
Differential Revision: D16831
This helps with pkgbase by switching to CONFS so they are properly tagged as
config files.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16833
This helps with pkgbase as it switches these to use CONFS which properly tags
them as config files.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16783
Add a -C option, similar to -B, that allows gstat to produce basic CSV output
with absolute timestamps (ISO 8601, nearly.) Multiple devices are handled by
way of a single-pivot CSV table with duplicated timestamps for each object
output.
Submitted by: Nick Principe <nap__ixsystems.com>
Reviewed by: myself, imp@, asomers (earlier verison), bcr (manpages)
Sponsored by: iXsystems Inc.
Differential Revision: https://reviews.freebsd.org/D16151
For use with things like BOOT_TAG=\"\" -- there are valid reasons to allow
empty strings, especially as these are usually being passed through as
options. The same argument could perhaps be made for the unquoted
variant in things like MODULES_OVERRIDE="", but it's not immediately clear
that this is an issue so I've left it untouched.
MFC after: 3 days
If we can't find a Makefile.inc1 in the specified / default SOURCEDIR, and
there's a Makefile.inc1 in the current directory, offer the user the choice
of using . for SOURCEDIR.
Differential Revsion: https://reviews.freebsd.org/D16709
However, for post-install configuration, bsdinstall
is not of much use. Point the user to bsdconfig instead.
Reviewed by: 0mp, bcr
Approved by: 0mp, bcr
Differential Revision: https://reviews.freebsd.org/D16751
The original commit added granularity to the transaction latency display
in the extended device stats mode, but didn't update the man page.
Reported by: Miroslav Lachman <000.fbsd@quip.cz> via jmg
MFC after: 1 day
This allows preferring small (e.g. ACK) packets, in upload heavy
environments.
It was already possible to mark packets urgent based on destination
port. This option piggy backs on that feature.
created and before exec.start is called. [1]
- Bump __FreeBSD_version.
This allows to attach ZFS datasets and various other things to be
done before any command/service/rc-script is started in the new
jail.
PR: 228066 [1]
Reviewed by: jamie [1]
Submitted by: Stefan Grönke <stefan@gronke.net> [1]
Differential Revision: https://reviews.freebsd.org/D15330 [1]
it read-only instead of just failing if the media is write-protected.
The /net doesn't seem to require the flag.
MFC after: 2 weeks
Relnotes: yes
Sponsored by: DARPA, AFRL
This is pkgbase related as it uses CONFS to tag the file as a config file
Approved by: AllanJude (mentor)
Sponsored by: Essen Hackathon
Differential Revision: https://reviews.freebsd.org/D16693
This is related to pkgbase and changes these to use CONFS so that these are
tagged as config files.
Approved by: AllanJude (mentor)
Sponsored by: Essen Hackathon
Differential Revision: https://reviews.freebsd.org/D16694
This helps with pkgbase by using CONFS to tag these as config files.
Approved by: allanjude (mentor), ian, cy
Sponsored by: Essen Hackathon
Differential Revision: https://reviews.freebsd.org/D16661
This makes pkgbase easier by tagging these as CONFS so they are properly
tagged as config files.
Approved by: will (mentor)
Sponsored by: Essen Hackathon
Differential Revision: https://reviews.freebsd.org/D16553
This helps with pkgbase as this config file will now be tagged as a config
file
Approved by: allanjude (mentor)
Sponsored by: Essen Hackathon
Differential Revision: https://reviews.freebsd.org/D16674
This helps with pkgbase as these config files will be properly tagged as
config files.
Approved by: allanjude (mentor), oshogbo
Differential Revision: https://reviews.freebsd.org/D16679
and make sure it would terminate with nul with strlcpy().
Reviewed by: imp (earlier revision)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D16595
argv has been incremented during argument handling, so elements of the
array are no longer valid. Change the err() arguments so only the
first string pointer in argv is used.
Found during code inspection.
- Remove the compression suffix macros and move them directly into the
compress_type array.
- Remove the hardcoded sizes on the suffix and compression args arrays.
- Simplify the compression args arrays at the expense of a __DECONST
when calling execv().
- Rewrite do_zipwork. The COMPRESS_* macros can directly index the
compress_types array, so the outer loop is not needed. Convert
fixed-length strings into asprintf or sbuf calls.
Submitted by: Dan Nelson <dnelson_1901@yahoo.com>
Reviewed by: gad
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D16518
This actually makes the rights requirements for accessing PCI config
space and BARs using /dev/pci same. Since unchanged /dev/pci mode
only allows write open for root, default configuration de-facto limits
the BAR read to root only. In particular, state-changing reads of the
registers are limited to root.
Discussed with: se
Suggested and reviewed by: jhb (kernel part)
Sponsored by: The FreeBSD Foundation
MFC after: 12 days
Differential revision: https://reviews.freebsd.org/D16580
The zstd invocation constructed by newsyslog contains one more parameter
than invocations for the other supported compression utilities. However,
the maximum number of arguments was hard-coded, leading to an
out-of-bounds array access when using zstd compression.
This patch adds a new sysctl(8) knob "security.jail.vmm_allowed",
by default this option is disable.
Submitted by: Shawn Webb <shawn.webb____hardenedbsd.org>
Reviewed by: jamie@ and myself.
Relnotes: Yes.
Sponsored by: HardenedBSD and G2, Inc.
Differential Revision: https://reviews.freebsd.org/D16057
This is prep for pkging base and helps tag and install config files with the
correct packages.
Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D16493
The timespecadd(3) family of macros were imported from NetBSD back in
r35029. However, they were initially guarded by #ifdef _KERNEL. In the
meantime, we have grown at least 28 syscalls that use timespecs in some
way, leading many programs both inside and outside of the base system to
redefine those macros. It's better just to make the definitions public.
Our kernel currently defines two-argument versions of timespecadd and
timespecsub. NetBSD, OpenBSD, and FreeDesktop.org's libbsd, however, define
three-argument versions. Solaris also defines a three-argument version, but
only in its kernel. This revision changes our definition to match the
common three-argument version.
Bump _FreeBSD_version due to the breaking KPI change.
Discussed with: cem, jilles, ian, bde
Differential Revision: https://reviews.freebsd.org/D14725
Reuse of the index variable in two nested loops resulted in only the first
argument in the list being used (fine for gzip, not fine for zstd). Also
add tests for xz and zstd, and fix the COMPRESS_SUFFIX_MAXLEN macro.
Submitted by: dnelson_1901_yahoo.com
Differential Revision: https://reviews.freebsd.org/D16509
It allows locking or unlocking physical pages in memory within a jail
This allows running elasticsearch with "bootstrap.memory_lock" inside a jail
Reviewed by: jamie@
Differential Revision: https://reviews.freebsd.org/D16342
r336795 adds support for handling of IPv6 addresses returned by getaddrinfo(3)
for DS hostnames. This updates the man page for this change.
This is a content change.
This patch adds code to handle IPv6 addresses returned by getaddrinfo()
for the host entries in the "-p" command line argument.
If the IPv6 address is a link local address, only use it if it is the
only address for the host. This is done since there is no way to know
if the NFSv4.1 pNFS client is in the same scope zone as the MDS.
inet_ntop() is used for the IPv6 address translation, since the client
will have no use for the scope zone suffix and inet_ntop() does not
put this in the address string.
Discussed with: bu7cher@yandex.ru
than the auotmatic selection). This is important in some scripting
environments.
Also, remove bogus checks for bootnum != 0. 0 is a valid bootnum.
Sponsored by: Netflix
It was also leading to segfaults; pw can be NULL when control reaches these
lines now, because of the way my previous change restructured the loops.
Reported by: lwhsu@
pw_scan(3) has been fixed in a way that doesn't perturb other callers of
it or the getpwnam(3) family.
Make pw(8) showuser work the same with or without -R <path> for non-root
users. Without -R, pw(8) uses getpwnam(3), which will open master.passwd
for the root user or passwd for non-root users. With -R <path> pw(8) was
always opening <path>/master.passwd, which would fail for a non-root user,
then falsely claim the userid you're trying to show doesn't exist.
Now for a non-root user it opens <path>/passwd, and populates the fields in
the returned struct passwd which aren't present in that file with well-known
canonical values, which duplicates the behavior of getpwnam(3). The net
effect is that the showuser output is identical whether using -R or not.
Although the ffs (and later msdosfs) implementation in makefs is
independent of the one in kernel, it makes sense to keep differences to
a minimum in order to ease comparison and porting changes across.
Submitted by: Siva Mahadevan
Sponsored by: The FreeBSD Foundation
to the type of rate limiter being configured. For example, the class
WRR scheduler doesn't need any kbps limits (it just needs the weights
for each class), the channel scheduler doesn't need anything except the
aggregate kbps to limit the channel to, and so on.
MFC after: 3 days
Sponsored by: Chelsio Communications
Temporarily decompress a copy of a crash dump compressed with either
gzip or zstd and run various tools against the decompressed copy while
generating the crash information. The uncompressed copy is deleted when
the script exits.
Note that crashinfo is enabled by default, so this will attempt to
decompress the most recent compressed crash dump after a crash that
generates a compressed crash dump. Users who wish to only do offline
analysis of compressed crash dumps can disable crashinfo in rc.conf.
Tested by: ler
Reviewed by: markj
MFC after: 2 weeks
users. Without -R, pw(8) uses getpwnam(3), which will open master.passwd
for the root user or passwd for non-root users. With -R <path> pw(8) was
always opening <path>/master.passwd, which would fail for a non-root user,
then falsely claim the userid you're trying to show doesn't exist.
Now for a non-root user it opens <path>/passwd and zeroes out the 3 fields
that aren't available in the passwd file, which duplicates the behavior of
getpwnam(3). The net effect is that the showuser output is identical
whether using -R or not.
Fix two failing makefs test cases by adding "-M 1m", which was already used
for every other FFS test case. Add a new test case for the underlying
issue: with no -M, -m, or -s options, makefs can underestimate image size.
PR: 229929
Reported by: Jenkins
MFC after: 2 weeks
- Use "Fl -" instead of "Cm --" for long options.
- Sort options alphabetically.
- Pet "mandoc -Tlint".
- Clean up the description of the "--interpreter" option.
- Clean up the description of the first example in the examples section.
- Use ".Bd -literal -offset indent" for all example code blocks for consistency.
- Use "Nm" instead of "Cm binmiscctl".
- Indent all examples for consistency.
Reviewed by: allanjude
Approved by: mat (mentor)
Differential Revision: https://reviews.freebsd.org/D15589
Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.
This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.
Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.
Differential Revision: https://reviews.freebsd.org/D16281
Plumb the %VERSREQ from Makefile.<arch> through to the rest of config(8).
We've recorded the config(8) version that we're calling "the end of
envmode and hintmode," and we'll write them out for earlier versions. Later
kernel version bumps will remove envmode/hintmode from the kernel as needed,
which is OK since the current kernel does not use them at all.
These compatibility shims really need to go away when the major version
rolls over...
Discussed with: imp
config-generated hints.c/env.c from r335998 and later are incompatible with
earlier kernels due to no longer setting envmode/hintmode. A minor bump for
this is insufficient, as matching major version with a later minor version
is still viewed as backwards-compatible.
This was an MI kernel change, soo all VERSREQ's are bumped.
PR: bin/229806
Reported by: Andreas Sommer <andreas.sommer87@googlemail.com>
MFC after: 3 days
X-MFC-to: stable/11 stable/10 stable/9
Sponsored by: Smule, Inc.
Normally, we can get away with just reading the 1k buffer for the
string, since the placement of the data is generally no where near the
end of the file. However, it's possible that the string is within the
last 1k of the file, in which case the read will fail, and we'll not
produce the proper records needed for devmatch to work. By reading
using EF_SEG_READ_STRING, we automatically work around these problems
while still retaining safety.
This fix a problem with devmatch where we wouldn't load certain
modules (like ums). This didn't always happen (my tree didn't exhibit
it, while nathan's did because his optimization options were more
agressive).
Reported by: nathanw@
This variable has been given the name "loader_env.disabled" as it's the
primary way most people will have an MD environment. This restores the
previously-default behavior of ignoring the loader(8) environment, which may
be useful for vendor distributions or other scenarios where inheriting the
loader environment may be considered a security issue or potentially
breaking of a more locked-down environment.
As the change to config(5) indicates, disabling the loader environment
should not be a choice made lightly since it may provide ACPI hints and
other useful things that the system can rely on to boot.
An UPDATING entry has been added to mention an upgrade path for those that
may have relied on the previous behavior.
Discussed with: bde
Relnotes: yes (maybe)
The bhyve(8) exit status indicates how the VM was terminated:
0 rebooted
1 powered off
2 halted
3 triple fault
The problem is when we have wrappers around bhyve that parses the exit
error code and gets an exit(1) for an error but interprets it as "powered off".
So to mitigate this issue and makes it less error prone for third part
applications, I have added a new exit code 4 that is "exited due to an error".
For now the bhyve(8) exit status are:
0 rebooted
1 powered off
2 halted
3 triple fault
4 exited due to an error
Reviewed by: @jhb
MFC after: 2 weeks.
Sponsored by: iXsystems Inc.
Differential Revision: https://reviews.freebsd.org/D16161
The pnfsdskill(8) command will normally fail if there is no valid mirror
for the DS to be disabled. However, a system administrator may need to
disable a DS which does not have a valid mirror so that the nfsd threads
can be terminated. This patch adds a "-f" option to pnfsdskill(8) that
uses the kernel changes made by r336141 to implement this "forced" case
of disabling a DS.
This patch only affects the pNFS server.
The RFC 5424 spec mentions that logging FQDNs over short hostnames is
preferred. Alter this code, so that the hostname doesn't get truncated
on startup. Keep track of the length of the short hostname, so that
fprintf() can do the truncation where necessary.
MFC after: 1 month
Tools such as Postfix use slashes in process names for hierarchy
(postfix/qmgr). By allowing these slashes, syslogd is able to extract
the process name and process ID nicely, so that they can be stored in
RFC 5424 message fields.
MFC after: 1 week
r336019 introduced ${SRCTOP}/sys to the include paths in order to pull in a
new sys/{c,}nv.h. This is wrong, because the build tree's ABI isn't
guaranteed to match what's running on the host system.
Fix instead by removing -I${SRCTOP}/sys and installing the libnv headers
with `make -C lib/libnv includes`... this may or may not get re-worked in
the future so that a userland lib isn't installing includes from sys/.
Reported by: bdrewery
