7670 Commits

Author SHA1 Message Date
rwatson
5796438433 o Add a configSecurity menu to generally configure security settings,
and pull configSecurityProfile under that menu.  Add a menu option
  to determine whether LOMAC is enabled at boot.  Probably, eventually,
  many of the 'Security Profile' menu choices should be pulled out
  independently into the Security Menu, so as to make them individually
  selectable.

Sponsored by:	DARPA, NAI Labs
2001-12-21 18:30:50 +00:00
rwatson
5e8b04ff7f o Don't make 'Moderate Security Settings' the DEFAULT, as otherwise
selecting 'Cancel' to avoid making changes doesn't work.  Really, we
  should deprecate security profiles and move to a more fine-grained
  model.
2001-12-21 18:08:54 +00:00
ru
68e2919497 mdoc(7) police: fix markup, remove stray .Xr. 2001-12-21 08:10:28 +00:00
jkh
7a0109b5c0 Enable soft updates by default for everything but the root filesystem.
The user can still toggle it back off in the label editor (or post-install
for that matter) if they explicitly do not want soft updates to be used
for some reason.

Agreed to be a good thing by:	kirk
2001-12-20 23:39:30 +00:00
nectar
deebe243c0 Use correct mode for temporary file.
Reported by:	ryan beasley <ryanb@goddamnbastard.org>
2001-12-20 16:03:04 +00:00
pb
ecd2abc180 Fix typo in usage (power same -> power save). 2001-12-18 23:28:45 +00:00
ru
0005151aeb Install files via FILES. 2001-12-17 16:21:59 +00:00
ru
bbef88e1a5 FILES support for bsd.prog.mk. See bsd.README for details.
Stolen from:	NetBSD
2001-12-17 13:59:35 +00:00
gad
6737fb8eb7 Add another level of checking to 'chkprintcap', which is done by
"skimming thru" the printcap file looking for some common mistakes that
people make.  These are the kinds of mistakes where the printcap file
probably looks correct to human eyes, but is wrong in some subtle way
which causes a problem in some queue definitions.  The program treats
these as "warnings" not "errors".
    Note that I'm flexible on the m.f.c. schedule, if people would rather
this waited until after 4.5-release.

Reviewed by:	no screams from freebsd-audit freebsd-print@bostonradio.org
MFC after:	4 days
2001-12-15 23:35:55 +00:00
joerg
b2bcdd0ab8 Long promised major enhancement set for the floppy disk driver:
. The main device node now supports automatic density selection for
  commonly used media densities.  So you can stuff your 1.44 MB and
  720 KB media into your drive and just access /dev/fd0, no questions
  asked.  It's all that easy, isn't it? :)

. Device density handling has been completely overhauled.  The old way
  of hardwired kernel density knowledge is no longer there.  Instead,
  the kernel now implements 16 subdevices per drive.  The first
  subdevice uses automatic density selection, while the remaining 15
  devices are freely programmable.  They can be assigned an arbitrary
  name of the form /dev/fd[:digit]+.[:digit:]{1,4}, where the second
  number is meant to either implement device names that are mnemonic
  for their raw capacity (as it used to be), or they can alternatively
  be created as "anonymous" devices like fd0.1 through fd0.15,
  depending on the taste of the administrator.  After creating a
  subdevice, it is initialized to the maximal native density of the
  respective drive type, so it needs to be customized for other
  densities by using fdcontrol(8).  Pseudo-partition devices (fd0a
  through fd0h) are still supported as symlinks.

. The old hack to use flags 0x1 to always assume drive 0 were there is
  no longer supported; this is now supposed to be done by wiring the
  devices down from the loader via device flags.  On IA32
  architectures, the first two drives are looked up in the CMOS
  configuration records though.  On PCMCIA (i. e., the Y-E Data
  controller of the Toshiba Libretto), a single drive is always
  assumed.

. Other specialities like disabling the FIFO and not probing the drive
  at boot-time are selected by per-controller or per-drive flags, too.

. Unit attentions (media has been changed) are supposed to be detected
  now; density autoselection only occurs after a unit attention.  (Can
  be turned off by a per-drive flag, this will cause each Fdopen() to
  perform the autoselection.)

. FM floppies can be handled now (on controllers that actually support
  it -- not all do these days).

. Fdopen() can be told to avoid density selection by setting
  O_NONBLOCK; this leaves the descriptor in a half-opened state where
  only a few ioctls are accepted.  This is necessary to run fdformat
  on a device that uses automatic density selection (since you cannot
  autoselect on an unformatted medium, obviously).

. Just differentiate between a plain old NE765 and the enhanced chips,
  but don't try more; the existing code was wrong and only misdetected
  the chips anyway.

BUGS and TODOs:

. All documentation update still needs to be done.

. Formatting not-so-standard format yields unpredictable results; i
  have yet to figure out why this happens.  "Standard" formats like
  720 and 1440 KB do work, however.

. rc scripts are needed to setup device nodes with nonstandard
  densities (like the old /dev/fdN.MMM we used to have).

. Obtaining device flags from the kernel environment doesn't work yet,
  thus currently only drives that are present in (IA32) CMOS are
  really detected.  Someone who knows the odds and ends about device
  flags is needed here, i can't figure out what i'm doing wrong.

. 2.88 MB still needs to be done.
2001-12-15 19:09:04 +00:00
brooks
d7cd33da25 Better document gif interface cloning intrastructure.
MFC After:	2 days
2001-12-14 22:55:10 +00:00
phk
cdb77be2ca Add some wisdom to the jail setup instructions. 2001-12-14 20:20:50 +00:00
luigi
6f50cc5876 Add prototypes for main() so that these programs compile with -Werror
(which somehow now seems to be the default for compiling -current).
This error popped up while doing a PicoBSD cross-compile on a 4.3-ish system,
it may well be that there are other apps which have similar problems,
but I did not spot them as they are not included in my picobsd config.

Whether adding prototypes for main() is the correct solution or not
I have no idea, a request to -current on the matter went basically
unanswered. Those who have better ideas are welcome to back this out
and replace it with the correct fix.
2001-12-14 16:22:41 +00:00
sheldonh
551d694f64 Add bmake glue for src/contrib/smbfs and connect userland smbfs
support to the build.

The MFC reminder below is subject to <re@FreeBSD.org> approval
prior to 4.5-RELEASE.

Reviewed by:	bp, fjoe
MFC:	1 week
2001-12-14 11:41:22 +00:00
ru
ff31678819 mdoc(7) police overhaul. 2001-12-14 10:18:15 +00:00
peter
a7d365d185 Bump configvers for different handling of maxusers. 2001-12-14 09:40:01 +00:00
arr
a83ce1350e - Update the sysctl mibs in order to reflect the recent kern_jail.c
changes.

Approved by:	rwatson
Reviewed by:	rwatson
2001-12-12 05:24:50 +00:00
sheldonh
29d0d30996 Update the default newfs block and fragment sizes from 8192/1024 to
16384/2048.

Following recent discussions on the -arch mailing list, involving dillon
and mckusick, this change parallels the one made over a decade ago when
the default was bumped up from 4096/512.

This should provide significant performance improvements for most
folks, less significant performance losses for a few folks and
wasted space lost to large fragments for many folks.

For discussion, please see the following thread in the -arch archive:

Subject: Using a larger block size on large filesystems

The discussion ceases to be relevant when the issue of partitioning
schemes is raised.
2001-12-11 16:21:40 +00:00
sheldonh
46e660813b Fix a typo.
Reported by:	Jurrien Koopmans <jjkoopmans@home.nl>
2001-12-11 13:14:48 +00:00
ru
7f320fa871 s/sysctl -w/sysctl/ 2001-12-11 08:29:10 +00:00
mikeh
f2a2bcb9ed WARNS=2 cleanup.
Submitted by:	Maxime Henrion <mux@qualys.com>
MFC after:	2 weeks
2001-12-11 06:44:29 +00:00
jhb
dd0efc9785 Fix the mouse question again to only run the mouse menu if a user doesn't
have a USB mouse.  Here's the deal on how this works:  USB mouse have
moused run for them automatically by usbd so we don't need to setup moused
for them.  We do need to setup moused for other mice though, so if the
user has a USB mouse, we don't need to do anything.  Hence the wording
"Do you have a non-USB mouse installed?" for the question.  The question
can be reworded as "Do you have a PS/2 or Serial mouse installed?" instead
if that is preferred.
2001-12-10 22:12:23 +00:00
mikeh
e408e50776 Reorder WARNS line for style.
Pointed out by:	bde
2001-12-10 21:13:36 +00:00
phantom
898745463b Install i4bing.4. It lives for more than year in the tree, but
never was installed.

MFC After: 3 days
2001-12-10 16:55:14 +00:00
murray
8caecaf302 Provide a more specific help line for PLIP installs, reminding the
user that they must provide the peer's IP address in the 'extra
options to ifconfig' box.

PR:	misc/21273
2001-12-10 10:34:47 +00:00
roam
efa68e4503 Add the Bulgarian BDS and Phonetic keymaps.
Reviewed by:	jhb
Approved by:	jhb, silence on -qa
MFC after:	1 week
2001-12-10 08:37:51 +00:00
mikeh
957a76ab24 WARNS=2 cleanup.
Submitted by:	Maxime Henrion <mux@qualys.com>
MFC after:	2 weeks
2001-12-10 06:42:56 +00:00
mikeh
38128efeca WARNS=2 cleanup.
Submitted by:	Maxime Henrion <mux@qualys.com>
MFC after:	2 weeks
2001-12-10 06:25:35 +00:00
mikeh
b147d3868e WARNS=2 cleanup.
Submitted by:	Maxime Henrion <mux@qualys.com>
MFC after:	2 weeks
2001-12-10 06:05:28 +00:00
obrien
7ec53404c0 An XFree86 install should not depend on any compat libs any longer.
(1) We don't need compat3x and compat4x as we build the bits on the proper
    release now (vs. getting them from the XFree people).
(2) We handle the compat2x needs thru proper port dependancies now.
2001-12-10 02:42:42 +00:00
obrien
5bec087a49 We do have a compat4x dist for Alpha. 2001-12-10 02:40:41 +00:00
obrien
c424147847 Update the list of public NTP servers from
http://www.eecis.udel.edu/~mills/ntp/clock2.htm
Also remove any Stratum 1 servers and only include Stratum 2 and higher
servers.

PR:		32586
Submitted by:	Arnaud Launay <asl@launay.org>
2001-12-10 02:35:54 +00:00
dillon
fc649adb91 cleanup 2001-12-10 02:18:05 +00:00
dillon
c956ace928 Add auto-fill-on-delete. When deleting an 'A'uto created partition
sysinstall will automatically expand the previous partition to take up
the freed up space.  So you can 'D'elete /home and /usr will get the
combined space, or you can 'D'elete /tmp and /var will get the combined space.

This gives the user, developer, or lay person a huge amount of flexibility
in constructing partitions from an 'A'uto base.  It takes only 3 or 4
keystrokes to achieve virtually any combination of having or not having
a /tmp and/or /home after doing an 'A'uto create.

Change 'A'uto creation of /var/tmp to 'A'uto creation /tmp, which should
be less controversial.

MFC after:	6 days
2001-12-09 23:40:02 +00:00
mikeh
845894074a WARNS=2 cleanup.
Submitted by:	Maxime Henrion <mux@qualys.com>
MFC after:	2 weeks
2001-12-09 21:56:31 +00:00
mikeh
3ef9a13ce0 Turn on WARNS=2, no code fixes needed.
Submitted by:	Maxime Henrion <mux@qualys.com>
MFC after:	2 weeks
2001-12-09 21:52:22 +00:00
iedowse
3791f11fd7 Don't ignore SIGINT and SIGQUIT. The comment said "Ignore SIGINT
and SIGQUIT during shutdown", but rpc.umntall is also run at boot
time, so ignoring these signals is a really bad idea: it makes it
impossible to ^C the process as it waits for a server response. I
can't see any reason to block these signals during shutdown either.

MFC after:	3 days
2001-12-09 20:18:36 +00:00
mikeh
9b498cae46 style(9) cleanup: spaces -> tabs.
MFC after:	2 weeks
2001-12-09 19:34:11 +00:00
mikeh
bb541f1f22 WARNS=2 cleanup.
PR:		bin/32646
MFC after:	2 weeks
2001-12-09 18:40:56 +00:00
dillon
3824d202d7 Cleanup sysinstall's 'A'uto partitioning mode to provide more reasonable
defaults both in regards to the size of the partitions that are created
and in regards to safety and functional separation.

Still TODO: extend the previous partition to cover a deleted partition
if the previous partiton was auto-created, and supply some sort of
solution for /tmp.

Reviewed by:	Just about everyone
Approved by:	Nobody except maybe my pet mouse fred
Obtained from:	God, so complain to HIM
MFC after:	1 week
2001-12-09 09:47:09 +00:00
mikeh
234a9fe490 WARNS=2 cleanup.
PR:		bin/32567
MFC after:	2 weeks
2001-12-09 07:51:26 +00:00
mikeh
ad64dedff4 WARNS=2 cleanup and fix potential unitialized variable bug.
PR:		bin/32567
MFC after:	2 weeks
2001-12-09 07:32:55 +00:00
mikeh
41747ff124 WARNS=2 cleanup.
PR:		bin/32567
MFC after:	2 weeks
2001-12-09 07:22:26 +00:00
dillon
6fe4980d43 Allow maxusers to be specified as 0 in the kernel config, which will
cause the system to auto-size to between 32 and 512 depending on the
amount of memory.

MFC after:	1 week
2001-12-09 01:57:09 +00:00
brian
2d4ab797ed Consider PROTO_IPV6 as compressible by CCP.
Spotted by: Nick Sayer <nsayer@quack.kfu.com>
2001-12-09 01:29:12 +00:00
ru
0fc2bbdd69 mdoc(7) police:
- bump document date
- add -n to SYNOPSIS
- remove whitespace at EOL
- remove hard sentence break
- be a bit verbose about "vcd" operation
2001-12-08 16:58:48 +00:00
ru
d991472c31 mdoc(7) police: markup nits. 2001-12-08 16:17:49 +00:00
ru
2cc18c1514 mdoc(7) police: fix markup in revision 1.25. 2001-12-08 16:15:44 +00:00
cjc
ba1e7b8577 Long ago, there was just /etc/daily. Then /etc/security was split out
of /etc/daily. Some time later, /etc/daily became a set of periodic(8)
scripts. Now, this evolution continues, and /etc/security has been
broken into periodic(8) scripts to make local customization easier and
more maintainable.

Reviewed by:	ru
Approved by:	ru
2001-12-07 23:57:39 +00:00
gad
bae50f587d Move the checks for '/' a little sooner in the code which receives files
for a remote print job.  This change comes from OpenBSD (who got it from
Sebastian Krahmer of SuSE).  In OpenBSD this avoids a tiny theoretical
security issue, but that security issue does not exist in FreeBSD's lpr
due to the changes which added 'ctl_renametf()' just before 4.4-release.
This change is still worth doing in our version, but it isn't fixing a
security issue.

MFC after:	4 days
2001-12-05 02:07:20 +00:00