Commit Graph

4660 Commits

Author SHA1 Message Date
Poul-Henning Kamp
75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
Jordan K. Hubbard
78e2e8ea35 Deal with new loader syntax in determining how/when to load a userconfig
script.

Submitted by:		"Daniel C. Sobral" <dcs@newsguy.com>
Avoided by:		jkh
Demanded by:		The Users
1999-04-28 10:51:01 +00:00
David E. O'Brien
0acc1823a4 \begin{bdemode}
sort tcpd* entries
\end{bdemode}
1999-04-28 08:00:50 +00:00
Jordan K. Hubbard
da95ac4842 Write config files to /usr/share/skel as well as root's profile. 1999-04-28 07:20:11 +00:00
Jordan K. Hubbard
a5a953fc61 Do the right thing for windowmaker installation if it's picked. Add some
seat belts for failed desktop installations.
1999-04-28 06:39:25 +00:00
Jordan K. Hubbard
4d24621b10 o Make package matching for specific package loading use the Latest/
feature of packages now so that no version info is embedded.

o Add a default X desktop menu offering afterstep, enlightenment, KDE, GNOME
  and Windowmaker desktops instead of the boring twm(1) based one if the
  user so chooses.  This will require a little testing.
1999-04-27 14:33:29 +00:00
Jordan K. Hubbard
d5483ddfba lpd tries to be clever and checks if RM == my_hostname.
However, it doesn't check if the remote printer name it
is sending it to is the same as the local printer name,
and so chokes 'cos "laser" is not a real printer.

PR:		7081
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
1999-04-27 07:09:18 +00:00
Jordan K. Hubbard
c89686d6b7 If pkg_info is run with no args, default to "-aI". 1999-04-27 02:30:27 +00:00
Luoqi Chen
e07fcb3e2e Make options like NO_F00F_HACK work (with context sensitive lexical rules). 1999-04-27 01:37:01 +00:00
Brian Somers
a8d7acdc03 Change ``set device'' so that it parses its arguments as one
device per argument rather than the old way of concatenating
everything then splitting the result at commas and whitespace.

Old syntax of ``set device /dev/cuaa0, /dev/cuaa1''
may no longer contain the comma, but syntax such as
``set device "!ssh host ppp -direct label"'' is now
possible.
1999-04-27 00:23:57 +00:00
Brian Somers
7884358fdd Add support for NetBSD 1999-04-26 08:54:34 +00:00
Brian Somers
119386a38b #include <errno.h>, not <sys/errno.h> 1999-04-26 08:54:25 +00:00
Brian Somers
b941043fa2 Add support for NetBSD (history() from libedit is different). 1999-04-26 08:53:52 +00:00
Peter Wemm
061eb3abb3 Bump configvers; when the updates to generic/lint get committed, the old
config has severe indigestion.
1999-04-24 21:38:50 +00:00
Peter Wemm
96217b0fbc More cleanups, tweaks and features.
- make this work:   options FOO123=456   *without quotes*
- grumble (but accept) vector xxxintr, and tty/net/bio/cam flags.
- complain if a device is specified twice (eg: 2 x psm0)
- don't require quotes around:  port IO_COM2
- recognize negative numbers.  (ie: options CAM_DEBUG_UNIT=-1)
- GC some more unused stuff (we don't have composite disks from config(8)).
- various other nits (snprintf paranoia etc)
1999-04-24 18:59:19 +00:00
John Hay
3333e32aa0 Add an option to disable responses to SAP_GETNEAREST_SERVER requests.
Submitted by:	Boris Popov <bp@butya.kz>
1999-04-24 09:18:49 +00:00
Jordan K. Hubbard
c8f07a79f8 Remove the registration stuff; we're redoing this and the emailed
registrations have a high failure rate for various reasons.
1999-04-24 01:53:55 +00:00
Guy Helmer
f8c6d853b0 local_cron -> local_periodic
PR:		docs/11253
1999-04-23 18:26:55 +00:00
Brian Somers
7c6b3a5704 Spelling police 1999-04-23 13:45:50 +00:00
Alexander Langer
6436fcb9f0 Typo fix in diagnostic: -alldir --> -alldirs
PR:		11049
Submitted by:	Gerhard Gonter <gonter@whisky.wu-wien.ac.at>
1999-04-21 22:42:36 +00:00
Brian Somers
28e610e378 int -> size_t 1999-04-21 08:13:25 +00:00
Brian Somers
a38cc90182 Split the recorded chap challenge into two - one for the
receiver and one for the sender.  This allows two simultaneous
chap conversations - something that I *thought* I was already
doing on a daily basis myself until the existence of the
problem was
Beaten into me by: sos
1999-04-21 08:03:51 +00:00
Brian Somers
1599fce5c6 If ioctl TIOCMGET fails, continue. The device may be
a pseudo device created by an interactive version of
rlogin/telnet/ssh & friends
1999-04-21 08:03:35 +00:00
David E. O'Brien
6df198f879 Add Id. 1999-04-21 07:42:02 +00:00
David E. O'Brien
a0154df93c Add compat3x to the mix.
Reviewed by:	jkh
1999-04-21 07:22:37 +00:00
Peter Wemm
14dd465c07 The Alpha probably wouldn't appreciate getting the pc98 isa port
definitions.  Change it from  machine != I386 to machine == PC98.
1999-04-19 14:40:55 +00:00
Peter Wemm
4498c1f307 Slightly reorder the all: to make sure it's before any alternate kernel
names for debugging etc.  all: should now always be the first target.
1999-04-19 13:53:07 +00:00
Joseph Koshy
59d615f8c7 Correct typo.
PR:		docs/11185
Submitted by:	Kazuo Horikawa <horikawa@jp.freebsd.org>
1999-04-19 07:17:58 +00:00
KATO Takenori
5fad759c59 Use pc98/pc98/pc98.h instead of isa/isareg.h in PC98 kernel.
Submitted by:	Takahashi Yoshihiro <nyan@wyvern.cc.kogakuin.ac.jp>
1999-04-18 14:27:33 +00:00
Peter Wemm
e6fbbbe459 Further cleanups. i386_ioconf.c and alpha_ioconf.c were essentially the
same and were merged into a single newbus_ioconf.c.  CG'd some more unused
code.
1999-04-18 13:36:29 +00:00
Peter Wemm
188334f6de Get out the blow torch and hack away all the unused stuff. Note that
I zapped the MACHINE_MIPS stuff, it isn't likely to be useful apart from
recognition of the machine name.  It would be reasonable to expect new
ports would look something like the alpha/i386 from a config perspective.
1999-04-17 14:41:41 +00:00
Peter Wemm
2c43119102 Corresponding minimal changes for kernel configuration after new-bus
commit.
1999-04-16 21:28:10 +00:00
Bruce Evans
e05da2e941 Made booting with -a work for all configurations. Previously it
only worked for configurations with "swap on generic".

usr.sbin/config/config.y:
- ignore all "swap [on] device ...' specifications except for
  warning about them.  They haven't done anything related to swap
  for almost 4 years, and were previously silently ignored,
  except for "swap on generic" which stopped swap${KERNEL}.c
  from being generated.  Code to support swapping is now deader
  than before.

usr.sbin/config/mkswapconf.c:
- don't generate a dummy setconf() function in swap${KERNEL}.c.

sys/i386/conf/files.i386:
- swapgeneric.c is now standard.  It should be merged into autoconf.c
  so that it doesn't conflict with swap${KERNEL}.c for kernels named
  "generic".

sys/i386/i386/autoconf.c:
- don't call setroot() for mfs roots.  Since setroot() doesn't do anything
  harmful, this was just a waste of time, except possibly for booting with
  -a it may have helped prevent an undesireable call to setconf() by
  finding a bogus rootdev.
- honor -a for ffs roots.  -a now overrides all other ways of specifying
  the root device.  Previously, -r had precedence over -a, and the -a
  handling was usually a no-op.
- don't honor -a for non-ffs roots, since it would currently just get in
  the way of a clean panic.

sys/i386/i386/swapgeneric.c:
- don't declare things that are now always declared in swap${KERNEL}.c.
  Don't decide things that are now decided in autoconf.c.  Code to
  support the "generic" case is now dead instead of useless.
1999-04-15 14:52:24 +00:00
Bill Paul
68cd974800 Close PR #11122: check key length before calling strncmp()
in yp_next_record().
1999-04-14 04:05:59 +00:00
Peter Wemm
b282e6c130 Clean up the -g/DEBUG handling. This logic can go in the Makefile
so that config -g can work the same as:  makeoptions DEBUG="-g"
1999-04-13 18:22:57 +00:00
Hidetoshi Shimokawa
9d3c09b69f Use u_int32_t for sin_addr.s_addr rather than u_long to avoid
unaligned access on alpha.
1999-04-13 16:26:21 +00:00
Nick Hibma
6f749ef4fc Syncing with NetBSD version 1998/12/14 1999-04-11 21:03:28 +00:00
Mark Murray
d06590a52b Fix the "internal" wrapping as well as a nasty bug involving
the daemon name vs the path. Also fix some warnings and improve
the wrapper section of the man page.

Nice debugging work by:	Sheldon Hearn
1999-04-11 09:22:17 +00:00
Brian Somers
4ae29eb73c Revert the ACCMAP changes where we OR the peers accmap
with our own if there are differing bits (last two revisions
of lcp.c).  This change broke at least one negotiation
session.
Instead, we just use an OR of the two accmap values when
we're doing the ASYNC framing.
1999-04-11 08:51:04 +00:00
Greg Lehey
4357ca882d Back out default debug kernel. The flags revert to historical behaviour.
Requested-by:	ache
		bde
		dg

Modify targets for debug kernels:  when -g was specified, make will
now build a debug kernel called kernel.debug, and create a stripped
version called kernel at the same time.  The two targets install and
install.debug are otherwise unchanged.

Requested-by:	dillon

Update man page accordingly.
1999-04-11 03:40:11 +00:00
Chuck Robey
06497d232b Fix description of size, it's in kilobytes, not bytes. 1999-04-10 15:09:07 +00:00
Andrey A. Chernov
052ce6c70d add -s to usage
PR: 11056
Submitted by: Nickolay N. Dudorov <nnd@mail.nsk.ru>
1999-04-10 14:03:38 +00:00
Andrey A. Chernov
fb6a9d37a0 add -s to synopsis 1999-04-10 01:56:20 +00:00
Guy Helmer
5e0abc7b6f Change LKM/modload to KLD/kldload.
Submitted by:	Nathan Ahlstrom <nrahlstr@winternet.com>
1999-04-08 14:02:56 +00:00
Guy Helmer
daec6ca7bd Change LKM to KLD.
Submitted by:	Nathan Ahlstrom <nrahlstr@winternet.com>
1999-04-08 13:51:54 +00:00
Greg Lehey
84676b86e6 1. Modify config to issue different code for debugging.
2.  Config complains if you use -g:

    Debugging is enabled by default, there is no ned to specify the -g option

3.  Config warns you if you don't use -s:

    Building kernel with full debugging symbols.  Do
    "config -s BSD" for historic partial symbolic support.
    To install the debugging kernel, do make install.debug

    (BSD was the name of the config file I used; I print out the same
    name).

4.  Modify Makefile.i386, Makefile.alpha, Makefile.pc98 and config to
    work if a kernel name other than 'kernel' is specified.  This is
    not absolutely necessary, but useful, and it was relatively easy.
    I now have a kernel called /crapshit :-)

5.  Modify Makefile.i386, Makefile.alpha, Makefile.pc98 "clean" target
    to remove both the debug and normal kernel.

6.  Modify all to install the stripped kernel by default and the debug
    kernel if you enter "make install.debug".

7.  Update version number of Makefiles and config.
1999-04-07 09:42:29 +00:00
Greg Lehey
2005b07aa8 1. Modify config to issue different code for debugging.
2.  Config complains if you use -g:

    Debugging is enabled by default, there is no ned to specify the -g option

3.  Config warns you if you don't use -s:

    Building kernel with full debugging symbols.  Do
    "config -s BSD" for historic partial symbolic support.
    To install the debugging kernel, do make install.debug

    (BSD was the name of the config file I used; I print out the same
    name).

4.  Modify Makefile.i386, Makefile.alpha, Makefile.pc98 and config to
    work if a kernel name other than 'kernel' is specified.  This is
    not absolutely necessary, but useful, and it was relatively easy.
    I now have a kernel called /crapshit :-)

5.  Modify Makefile.i386, Makefile.alpha, Makefile.pc98 "clean" target
    to remove both the debug and normal kernel.

6.  Modify all to install the stripped kernel by default and the debug
    kernel if you enter "make install.debug".

7.  Update version number of Makefiles and config.
1999-04-07 09:28:03 +00:00
Mike Smith
0adc9d60f1 Build memcontrol too. 1999-04-07 04:12:02 +00:00
Mike Smith
53f17f08ba Commandline tool for manipulating memory range attributes. 1999-04-07 04:11:14 +00:00
Jordan K. Hubbard
9d49bf557a Don't allow upgrade to touch /usr/src; only evil can result from
that kind of overlay smashing.
1999-04-07 03:06:44 +00:00