While I'm here, don't run the sysctl frob unconditionally, and
s/sysctl/$SYSCTL/
PR: conf/153460 [1]
Submitted by: Grigory Rechistov <ggg_mail@inbox.ru>
and configure minimal target addresses & notifications needed for bsnmpd(1)
to send SNMPv3 notifications.
Sponsored by: The FreeBSD Foundation
Reviewed by: philip
Approved by: philip
snmp_vacm modules and minimal user/view configurations needed to for
the modules to work properly.
Sponsored by: The FreeBSD Foundation
Reviewed by: philip@ (mostly)
Approved by: philip@
case user wants to implement his own actions and doesn't want the attributes to
vanish.
Obtained from: Wheel Systems Sp. z o.o. http://www.wheelsystems.com
MFC after: 3 days
and add protocol entries for protocols which have SCTP port allocations.
These entries are according to
http://www.iana.org/assignments/port-numbers
as of today. Also add SCTP port allocation entires for the
echo, daytime, and chargen service.
Discussed with rwatson@
MFC after: 3 days.
group on a object has less permissions that everyone). These
permissions will not work reliably over NFS if you have more than
14 supplemental groups and are usually not what you mean.
MFC after: 1 week
Hardware donated by: Rusty Nejdl rnejdl at ringofsaturn dot com
Tested by: Rusty Nejdl rnejdl at ringofsaturn dot com
Tested by: Andrzej Tobola ato at iem dot pw dot edu dot pl
MFC after: 3 weeks
set to use DHCP have no carrier. This can cause grief as it may take
some time for link to be established, and defaultroute may terminate
before this happens.
Introduce a defaultroute_carrier_delay variable and then wait that long
in defaultroute before bailing if no interfaces have carrier. With the
default settings defaultroute will wait for five seconds for this, and
the original 30 second wait for a default route to appear is unchanged.
Note that there is in discussion an alternative approach to the broader
problem of waiting for DHCP-configured routes. However, this change
addresses a real problem in the current defaultroute script.
Discussed on: freebsd-rc@
- looking for partition with 'bootonce' attribute alone (without 'bootme'
attribute), removing it and logging that we successfully booted from this
partition.
- looking for partitions with 'bootfailed' attribute, removing it and
logging that we failed to boot from this partition.
Reviewed by: arch (Message-ID: <20100917234542.GE1902@garage.freebsd.pl>)
Obtained from: Wheel Systems Sp. z o.o. http://www.wheelsystems.com
MFC after: 2 weeks
The $ip6addrctl_policy is a variable to choose a pre-defined address
selection policy set by ip6addrctl(8).
The keyword "ipv4_prefer" sets IPv4-preferred one described in Section 10.3,
the keyword "ipv6_prefer" sets IPv6-preferred one in Section 2.1 in RFC 3484,
respectively. When "AUTO" is specified, it attempts to read
/etc/ip6addrctl.conf first. If it is found, it reads and installs it as
a policy table. If not, either of the two pre-defined policy tables is
chosen automatically according to $ipv6_activate_all_interfaces.
When $ipv6_activate_all_interfaces=NO, interfaces which have no corresponding
$ifconfig_IF_ipv6 is marked as IFDISABLED for security reason.
The default values are ip6addrctl_policy=AUTO and
ipv6_activate_all_interfaces=NO.
Discussed with: ume and bz
unless it is the current timer. When we have resumed successfully, restore
the previous timecounter hardware if it was changed earlier. Only the ACPI
timer is guaranteed to increase monotonically between S-state changes.
changes to the package database, i.e. any packages that
have been added, updated or deleted in the past 24 hours.
The format is intentionally simple and concise.
That information is particularly useful on servers that
are maintained by multiple administrators. When someone
adds, updates or deletes a package, the others will see
it in the daily periodic output.
This script is disabled by default.
PR: conf/113913
Submitted by: olli
Approved by: des (mentor)
MFC after: 3 weeks
(in /etc/rc.conf).
This fixes an apparent confusion between test(1) and sh(1) syntax for
AND/OR.
PR: conf/149036
Submitted by: pluknet
MFC after: 1 week
This commit merges the latest LLVM sources from the vendor space. It
also updates the build glue to match the new sources. Clang's version
number is changed to match LLVM's, which means /usr/include/clang/2.0
has been renamed to /usr/include/clang/2.8.
Obtained from: projects/clangbsd
shell script is the back end logic necessary for an installer. It
contains both query routines to allow a front-end installer to present
reasonable choices to the user and also action routines which allow
the front end installer to put a FreeBSD distribution onto a disk. It
supports installing onto the usual suspects, as well as advanced
features like Mirroring, ZFS, Encryprion and GPT labels.
While this is only the back-end of the installer, it can do unattended
scripted installations. In PC-BSD's world view, all installations are
scripted and all the front-end does is write the script. As such, it
is useful in its own right.
This has been extensively tested over the past several releases of
PC-BSD. However, differences between that environment and FreeBSD
suggest there will be a period of shake-out while those differences
are discovered and corrected.
A text-based front-end is in the works. For the GUI-based front-end,
you can use the PC-BSD distribution.
Kris' BSDcan paper on pc-sysinstall is linked off his talk on the
BSDcan site:
http://www.bsdcan.org/2010/schedule/events/173.en.html
The man page is written by Josh Paetzel, and I wrote the Makefiles for
the FreeBSD integration. Kris wrote the rest.
This represents version r7010 in the PC-BSD repo.
http://svn.pcbsd.org/pcbsd/current/pc-sysinstall
Submitted by: kris@
Sponsored by: iX Systems
Features:
- configurable amount of days between scrubs (default value or per pool)
- do not scrub directly after pool creation (respects the configured
number of days between scrubs)
- do not scrub if a scrub is in progress
- tells how to see the status of the scrub
- tells how many days since the last scrub if it skips the scrubbing
- warns if a non-existent pool is specified explicitely
(default: no pools specified -> all currently imported pools are
handled)
- runs late in the periodic run to not slow down the other periodic daily
scripts
Discussed on: fs@
utilities and related support files for manual pages, which were previously
controlled by MAN. For POLA, the default depends on MAN, i.e., WITHOUT_MAN
implies WITHOUT_MAN_UTILS and WITH_MAN implies WITH_MAN_UTILS. This patch
is slightly improved by me from:
PR: misc/145212
FILESYSTEMS (the default early_late_divider):
1. Move sysctl to run first
2. Move as many BEFOREs to REQUIREs as possible.
3. Minor effect, move hostid_save from right before mdconfig to right
after.
A lot of the early scripts make use of sysctl one way or another so
running this first makes a lot of sense given that system-critical
values are often placed in sysctl.conf.
My original purpose for working on this was that while doing some
debugging on other stuff I noticed that the order of execution was
different in the first pass through the early scripts and the second.
In practice that doesn't matter because the scripts are not executed the
second time. However this _can_ result in problems if the difference in
the rcorder moves a script from the late section to the early section in
the second pass (which would mean the script would not get executed).
So, I wanted to make the order of execution of the scripts in the early
section more deterministic.
In the course of debugging the ordering problems I noticed that moving
the BEFOREs to REQUIREs prevented the changes in order from the first
pass to the second pass without having to make any substantial changes.
(Of course it's no secret that I think BEFORE should be avoided as much
as possible, but this is a good example of why.)
Reviewed by: silence on freebsd-rc@
MFC after: 8.1-RELEASE
wlan interfaces) from being automatically reloaded via devd shutdown
event handlers.
- Revert part of my previous changes to call ifn_stop on subinterfaces
when an interface is detached. It is better to destroy the interfaces
first so that an 'ifconfig foo0.blah down' doesn't result in ifconfig
auto-loading if_foo.ko. The ifconfig command will not be invoked if
foo0.blah is gone when ifn_stop() is called. Furthermore, it is not
necessary to explicitly invoke ifn_stop() after the subinterface is
destroyed as devd will already do that.
- Pass -n to ifconfig when destroying interfaces so that destroying a
cloned interface does not kldload any drivers.
Reviewed by: dougb
MFC after: 4 days
Starting something that wants input on login seems strange and can be
dangerous. In some configurations, causing output can be bad, but it is not
as dangerous.
I do not expect this msgs invocation to be uncommented often.
PR: conf/96015
MFC after: 4 days
named_chrootdir IS set, named-checkconf fails because it
cannot find the conf file. Fix this by making checkconf a
variable that includes "-t $named_chrootdir" as needed.
Notice of the bug and suggested direction for the fix from [1].
Using required_files for named.conf is overkill ever since
I added the named-checkconf call, so rather than update the
logic to handle the case described above, remove it. This
also handles the case where named_chroot_autoupdate IS set
but the symlink doesn't exist yet.
PR: conf/145904
Submitted by: J R Matthews
proper device_t so it faked the devctl event to appear like one, this is now a
notify which allows more information to be passed.
We notify for both the device attach/detach and for each usb interface. A devd
rule can now match on the interface properties, including composite devices
which may have a uvideo interface and also usound and possibly uhid too.
An example to match a umass device with a scsi subclass and BBB protocol would be
notify 100 {
match "system" "USB";
match "subsystem" "INTERFACE";
match "type" "ATTACH";
match "intclass" "0x08";
match "intsubclass" "0x06";
match "intprotocol" "0x50";
action ...
};
The old attach devctl event has been retained for the moment to make merging to
8.1 easier. This was never compatible with 7.x or earlier due to the ugen regex
change needed.
Reviewed by: warner
MFC after: 1 week
and ipv6_ifconfig_<interface> options have already been deprecated,
these changes do not alter that.
With these changes any value set for ipv6_enable will emit a
warning. In order to avoid a POLA violation for the deprecation
of the option ipv6_enable=NO will still disable configuration
for all interfaces other than lo0. ipv6_enable=YES will not have
any effect, but will emit an additional warning. Support and
warnings for this option will be removed in FreeBSD 10.x.
Consistent with the current code, in order for IPv6 to be configured
on an interface (other than lo0) an ifconfig_<interface>_ipv6
option will have to be added to /etc/rc.conf[.local].
1. Clean up and minor optimizations for the following functions:
ifconfig_up (the ipv6 elements)
ipv6if
ipv6_autoconfif
get_if_var
_ifconfig_getargs
The cleanups generally were to move the "easy" tests earlier in the
functions, and consolidate duplicate code.
2. Stop overloading ipv6_prefer with the ability to disable IPv6
configuration.
3. Remove noafif() which was only ever called from ipv6_autoconfif.
Instead, simplify and integrate the tests into that function, and
convert the test to use is_wired_interface() instead of listing
wireless interfaces explicitly.
4. Integrate backwards compatibility for ipv6_ifconfig_<interface>
into _ifconfig_getargs. This dramatically simplifies the code in
all of the callers, and avoids a lot of other code duplication.
5. In rc.d/netoptions, add code for an ipv6_privacy option to use
RFC 4193 style pseudo-random addresses (this is what windows does
by default, FYI).
6. Add support for the [NO]RTADV options in ifconfig_getargs() and
ipv6_autoconfif(). In the latter, include support for the explicit
addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done
in the current code.
7. In rc.d/netif add a warning if $ipv6_enable is set, and remove
the set_rcvar_obsolete for it. Also remove the latter from
rc.d/ip6addrctl.
8. In /etc/defaults/rc.conf:
Add an example for RTADV configuration.
Set ipv6_network_interfaces to AUTO.
Switch ipv6_prefer to YES. If ipv6_enable is not set this will have
no effect.
Add a default for ipv6_privacy (NO).
9. Document all of this in rc.conf.5.
still exists as a zombie. The 'kill -0' test in this function can
therefore return true even if the process isn't actually running.
This could lead to wait_for_pids() printing an endless string of the
pid number until the zombie finally exits.
Solve this problem by moving the sleep up to after the 'kill -0' test, but
only after we've run through the function once already. In the common case
(only one pid in the list) this will always do the right thing. On the rare
occasion that there is more than one pid in the list this will sleep 1
second per zombie process which will allow that process, and any other
in the list a chance to exit.
While I'm here, local'ize the variables that this function uses.
Just comment out the atrun line instead of completely removing it. It is
not a bad idea to leave it as a reference in case someone decides to
install atrun by hand afterwards.
- Remove dosansi, pc and pc3. I suspect nobody ever needs these.
- Add vt100, screen and xterm-color.
This file is now probably more than sufficient in most cases, even for
common use outside single user mode, where people just use the console
driver, a graphical terminal emulator and a terminal multiplexer.
Right now we have a termcap.small in the tree, but we don't install it.
If we do install this file by default, it is more likely for
applications to work in single user mode.
I am not entirely happy with the contents of this file. In my opinion we
should remove the `dosansi', `pc' and `pc3' entries and replace them
with `vt100' in case someone uses a serial console.
The file does already have entries for `cons25' and `xterm', which is
used most often.
Requested by: brucec
At least in RELENG_7 this fixes some start problems for some programs
from the ports. It is also more correct, as a jail shall not expect
input (interactivity) from the jail-host.
Revert the current behavior of starting jails in the background and
make it optional only for the start of jails (jail_parallell_start=YES
in rc.conf):
- The stop can not be done in the background, the system needs to wait
until everything is stopped correctly before it can reboot or power
down.
- The start should not be done in parallel by default, this not only
breaks POLA for people comming from RELENG_x, it may also break a
dependency chain with other scripts in the jail-host, which need to
do some stuff after the jails are up and running (e.g. hardlinking
a mysql socket from one jail into another one).
Discussed on: freebsd-jails@
HAST allows to transparently store data on two physically separated machines
connected over the TCP/IP network. HAST works in Primary-Secondary
(Master-Backup, Master-Slave) configuration, which means that only one of the
cluster nodes can be active at any given time. Only Primary node is able to
handle I/O requests to HAST-managed devices. Currently HAST is limited to two
cluster nodes in total.
HAST operates on block level - it provides disk-like devices in /dev/hast/
directory for use by file systems and/or applications. Working on block level
makes it transparent for file systems and applications. There in no difference
between using HAST-provided device and raw disk, partition, etc. All of them
are just regular GEOM providers in FreeBSD.
For more information please consult hastd(8), hastctl(8) and hast.conf(5)
manual pages, as well as http://wiki.FreeBSD.org/HAST.
Sponsored by: FreeBSD Foundation
Sponsored by: OMCnet Internet Service GmbH
Sponsored by: TransIP BV
specify list of executables and/or rc scripts that should be executed
after firewall starts/stops.
Submitted by: Yuri Kurenkov <y dot kurenkov at init dot ru>
Reviewed by: rhodes, rc@
MFC after: 1 week
The rtsol(8) handles just one RA then exit. So, the OtherConfig flag
may not be handled well by rtsol(8) in the environment where there are
multiple RA servers on the segment. In such case, rtsold(8) will be
your friend.
Reviewed by: hrs
MFC after: 2 weeks
When we had utmp(5), we had to list all the psuedo-terminals in ttys(5)
to make ttyslot(3) function properly. Now that pututxline(3) deals with
slot allocation internally (not based on TTY names), we don't need to
list all the TTYs on the system in ttys(5) to make user accounting work
properly.
This patch removes all the entries from the /etc/ttys files, but also
the pts(4) entries that were appended implicitly, which was added in
r154838.
assigned official port number 4369 by IANA.
PR: conf/113265
Submitted by: Jimmy Olgeni <olgeni@freebsd.org>
Obtained from: http://www.iana.org/assignments/port-numbers
MFC after: 2 days
released IPv4 documentation ranges (http://tools.ietf.org/html/rfc5737)
and catch up to the IPv6 documentation range and domain names that 5737
also references.
Note that due to e.g. write throttling ('wdrain'), it can stall all the disk
I/O instead of just the device it's configured for. Using it for removable
media is therefore not a good idea.
Reviewed by: pjd (earlier version)
I've been so busy hacking on utmpx the last couple of days, out of
reflex, I committed it to the wrong source tree. Note to myself: don't
hack on FreeBSD while watching TV at the same time.
PR: conf/142578
Submitted by: Yuri Pankov <yuri pankov gmail com>
Reminded by: stefanf
Don't complain when we encounter the "cache" source, it's valid. Also fix
the error message to include a line feed and not include a stray comma.
PR: bin/121671
Submitted by: Artis Caune artis.caune gmail.com
Approved by: ed (mentor)
MFC after: 2 weeks
While here, change "> /dev/stderr" for more usual ">&2"
Submitted by: jilles
would be "/etc/namedb" in a number of places. Since the user may make
a different choice, introduce a new internal variable, named_confdir
that is generated relative to the location of $named_conf.
While this will work for some things (especially a highly customized
build from ISC source) there are still a number of places where
/etc/namedb is assumed that it is not easily virtualized (E.g., mtree).
If you deviate from the defaults you'd better know what you're doing. :)
wlan(4) interfaces. vlan(4) interfaces are listed via a new 'vlans_<IF>'
variable. If a vlan interface is a number, then that number is treated as
the vlan tag for the interface and the interface will be named '<IF>.<tag>'.
Otherwise, the vlan tag must be provided via a vlan parameter in a
'create_args_<vlan>' variable.
While I'm here, fix a few nits in rc.conf(5) and mention create_args_<IF> in
the description of cloned_interfaces.
Reviewed by: brooks
MFC after: 2 weeks
This waits for the requested process(es) to terminate, rather than polling
with an interval of 2 seconds.
If pwait is not available, the old method is used.
PR: conf/132766
Reviewed by: dougb
write to. This is specified in "options { directory }" in named.conf.
So, create /etc/namedb/working with appropriate permissions, and
update the entry in named.conf to match.
In addition to specifying the working directory, file and path names
in named.conf can be specified relative to the directory listed.
However, since that directory is now different from /etc/namedb
(where the configuration, zone, rndc.*, and other files are located)
further update named.conf to specify all file names with fully
qualified paths. Also update the comment about file and path names
so users know this should be done for all file/path names in the file.
This change will eliminate the 'working directory is not writable'
messages at boot time without sacrificing security. It will also
allow for features in newer versions of BIND (9.7+) to work as
designed.
exiting a pager, vi, etc.
Add some example xterm*-clear entries to the termcap files to make
it easier for people to enable that behavior.
Document the examples in the man page to make them easier to find.
command in the rc.d script if we have a corresponding ${name}_program
entry, which we do for named.
Rename named_precmd to named_prestart to make it more clear and match
convention.
Move the command_args definition related to -u up into _prestart().
It (and the associated $named_uid value) are only used there, and
unlike required_* and pidfile don't need to be used until this stage.
Fix a silly bug that would only have affected people who were using
the new named_wait or named_auto_forward features, AND had set up an
rndc.conf file instead of using the automatically generated rndc.key.
For named_conf:
Add "-c $named_conf" to command_args if it's not set to the
default. If it is set to the default and we're using the base
BIND it's not necessary. If we're using BIND from the ports
the user is likely to have included it in _flags (due to long
necessity for doing so) so don't duplicate that if it's set.
Add $named_conf to required_files
It turns out these entries do make Terminal.app behave a little better.
According to Thomas Dickey, Terminal.app should use TERM=nsterm anyway,
but we don't support this yet. Already having an improved termcap entry
helps, so I am going to MFC this change after all.
Suggested by: Leonidas Tsampros <ltsampros upnet gr>
MFC after: 1 month
protocol flaw. [09:15]
Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]
Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]
Approved by: so (cperciva)
Security: FreeBSD-SA-09:15.ssl
Security: FreeBSD-SA-09:16.rtld
Security: FreeBSD-SA-09:17.freebsd-udpate
Right now syscons(4) uses a cons25-style terminal emulator. The
disadvantages of that are:
- Little compatibility with embedded devices with serial interfaces.
- Bad bandwidth efficiency, mainly because of the lack of scrolling
regions.
- A very hard transition path to support for modern character sets like
UTF-8.
Our terminal emulation library, libteken, has been supporting
xterm-style terminal emulation for months, so flip the switch and make
everyone use an xterm-style console driver.
I still have to enable this on i386. Right now pc98 and i386 share the
same /etc/ttys file. I'm not going to switch pc98, because it uses its
own Kanji-capable cons25 emulator.
IMPORTANT: What to do if things go wrong (i.e. graphical artifacts):
- Run the application inside script(1), try to reduce the problem and
send me the log file.
- In the mean time, you can run `vidcontrol -T cons25' and `export
TERM=cons25' so you can run applications the same way you did before.
You can also build your kernel with `options TEKEN_CONS25' to make all
virtual terminals use the cons25 emulator by default.
Discussed on: current@
This will prevent that the script hangs during startup, which
could cause annoying effects after rebooting for example.
PR: kern/139422
Submitted by: Andrey Groshev <greenx at yartv dot ru>
Approved by: imp (mentor, implicit)
MFC after: 3 days
Facilitated by: Snow B.V.
By misinterpreting some data, I thought that getty wouldn't apply any
baud rate to the syscons devices, but it uses the default entry instead.
This means that the baud rate is set to 1200. This isn't too bad, except
when using canonical mode. Make it use 9600 baud by default.
MFC after: 1 week
Devices that don't implement param() (which means they don't support
hardware parameters such as flow control, baud rate) hardcode the baud
rate to TTYDEF_SPEED. This means the buffer size cannot be configured,
which is a little inconvenient when using canonical mode with big lines
of input, etc.
Make it adjustable, but do clamp it between B50 and B115200 to prevent
awkward buffer sizes. Remove the baud rate assignment from
/etc/gettytab. Trust the kernel to fill in a proper value.
Reported by: Mikolaj Golub <to my trociny gmail com>
MFC after: 1 month
employ a more generic solution, and use it in the individual rc.d scripts
that also have an $rc_quiet test:
1. Add check_startmsgs() to rc.subr.
2. In the rc.d scripts that use rc_quiet (and rc.subr) substitute
variations of [ -z "$rc_quiet" ] with check_startmsgs
3. In savecore add a trailing '.' to the end of the message to make it
more consistent with other scripts.
4. In newsyslog remove a : before the terminal '.' since we do not expect
there to be anything printed out in between to make it more consistent.
5. In the following scripts change "quotes" to 'quotes' where no variables
exist in the message: savecore pf newsyslog
6. In the following scripts substitute if/then/fi for the simpler (and
more consistent) check_startmsgs &&: faith stf
7. In the following scripts separate the "Starting foo:" from the terminal
'.' to make them more consistent: moused hostname pf
8. In nfsclient move the message to its own line to avoid a style bug
9. In pf rc_quiet does not apply to the _stop method, so remove the
test there.
10. In motd add 'quotes' around the terminal '.' for consistency
