interpreted $command. Some "portable" sofware packages use such a
line to skip the task of figuring out the absolute pathname of the
interpreter at install time, e.g.:
#!/usr/bin/env python
It is insecure, but a popular book on Python seems to have advised
it to a wide audience. Hence a number of such scripts in the ports,
mostly written in Python.
PR: bin/100287
MFC after: 1 week
scripts, except for mdconfig* and jail. Such symbols are reserved
for the rc.subr internals. Most scripts can be fixed by just
declaring _foo symbols as local: few scripts actually need them to
be global.
Discussed with: dougb in freebsd-rc
With the second (and last) part of my previous Summer of Code work, we get:
-ipfw's in kernel nat
-redirect_* and LSNAT support
General information about nat syntax and some examples are available
in the ipfw (8) man page. The redirect and LSNAT syntax are identical
to natd, so please refer to natd (8) man page.
To enable in kernel nat in rc.conf, two options were added:
o firewall_nat_enable: equivalent to natd_enable
o firewall_nat_interface: equivalent to natd_interface
Remember to set net.inet.ip.fw.one_pass to 0, if you want the packet
to continue being checked by the firewall ruleset after being
(de)aliased.
NOTA BENE: due to some problems with libalias architecture, in kernel
nat won't work with TSO enabled nic, thus you have to disable TSO via
ifconfig (ifconfig foo0 -tso).
Approved by: glebius (mentor)
Implement the checks for required_* objects as two functions, one
to be run before precmd and the other after it. They get the current
rc command as an argument so they can choose what requirement tests
to perform. As of now, only "start" needs such tests.
Implement a new requirement variable, required_modules. It can
list kernel modules that need to be loaded after start_precmd
indicated success. Each name in the list can be just "file", or
"file:module", or "file~regex". This will allow us to remove a lot
of duplicated code from rc.d scripts.
Perform the checks not only for the default start method, but for
any method. This allows for more flexibility and fixes a few rc.d
scripts (namely newsyslog, pf, sendmail) that rely on a required_*
variable while providing a non-default start method.
To be able to call the new check_required* functions naturally,
remove lots of crufty duplicated code pieces from run_rc_command
and replace each of them by a call to the helper function providing
a single corrected instance of the respective code snippet. Now
run_rc_command isn't as scary as it used to be, and it even appears
to have quite a nice logic that was obscured by the old crufty code.
In the default handler for restart, run start from a subshell to
protect global varibles, e.g., _postcmd, from modification by the
start handler. This enables using restart_postcmd. [x]
PR: conf/98734 [x]
Submitted by: Rick van der Zwet <rick@wzoeterwoude.net> [x]
Reviewed by: freebsd-rc (silence for an older version)
MFC after: 1 month
After a change of devd.conf, devd(8) handles NIC attach/detach event
by using /etc/pccard_ether with the interface name as the argument.
This model does not work properly with IPv6 configuration because the
implementation of IPv6 stateless auto-configuration in the FreeBSD
rc.d scripts depends on whether there are any explicit configurations
for interfaces or not. It works this way: if no manual configuration,
it will perform auto-configuration, but otherwise no
auto-configuration will be performed. So, this behavior can only be
determined by all of the interfaces on a system, not a single one.
For this reason, the network6_interface_setup() function called from
the pccard_ether_start() does not work with a single interface name.
And what is worse, this combination of devd.conf and
pccard_ether_start() caused a bad side-effect that when
ipv6_enable=YES, all of interfaces marked as DOWN would be UP
unconditionally (and router solicitation was sent) just after devd(8)
was invoked. This should be fixed in a more sophisticated way.
A kernel with INET6 always has ::1 on lo0, so in the case of
ipv6_enable="NO" the lo0 can have ::1 with no link-local address.
This is a violation of the IPv6 specification. As a workaround for
this situation, fe80::1 is added in rc.d/auto_linklocal when lo0 has
no link-local address. This should not be harmful for IPv4-only users.
- add better checks on non-existing directories to prevent error
messages at run time;
- introduce a function log() to help debugging diskless booting
when things don't work;
- modify the parsing of diskless_remount so you can add mount_nfs
options after the pathname. You could use 'remount' to do something
similar, but this way is more convenient because you don't have to
hardwire the server name in the command.
- document the above.
I have been running the above in a diskless lab since february on RELENG_6.
MFC after: 1 week
There's no dollar use in variable assignment in sh.
Assuming this is can be expected behavior for some
people, this change won't be MFC'ed to RELENG_6.
Discussed with: yar on -rc
how to change the auditd instance. When using a port/package-based
OpenBSM, changing the auditd pointer may be desirable.
Obtained from: TrustedBSD Project
MFC after: 3 weeks
Factor out the loopback setup
Use "me" instead of hardcoded $ip where possible.
Add "workstation" which protects just this machine with stateful
firewalling. Put the variables for this in rc.conf.
Submitted by: Flemming Jacobsen <fj@batmule.dk>
Reviewed by: cperciva
+ Use rc.subr(8) features properly.
+ Do the whole job of obliterating /tmp contents in find(1).
+ Leave lost+found and quota.{user,group} in /tmp only if root-owned.
+ Make the overall structure clearer by first removing the X dirs
(perhaps along with the rest of /tmp) and then re-creating them.
+ Use "find -exec rm -rf {} +" for efficiency: each rm instance gets
a chance to kill as much files in /tmp as ARG_MAX permits.
PR: bin/104044
Submitted by: Andrey Simonenko <see PR for email>
Hacked by: yar
MFC after: 1 month
read requests to its consumer. It has been developed to address
the problem of a horrible read performance of a 64k blocksize FS
residing on a RAID3 array with 8 data components, where a single
disk component would only get 8k read requests, thus effectively
killing disk performance under high load. Documentation will be
provided later. I'd like to thank Vsevolod Lobko for his bright
ideas, and Pawel Jakub Dawidek for helping me fix the nasty bug.
With the first part of my previous Summer of Code work, we get:
-made libalias modular:
-support for 'particular' protocols (like ftp/irc/etcetc) is no more
hardcoded inside libalias, but it's available through external
modules loadable at runtime
-modules are available both in kernel (/boot/kernel/alias_*.ko) and
user land (/lib/libalias_*)
-protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
skinny and smedia
-added logging support for kernel side
-cleanup
After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.
During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.
User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.
The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).
General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.
NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.
Approved by: glebius
Reviewed by: glebius, ru
chance to actually terminate the audit service and exit. Otherwise, on
an rc.d/auditd restart, the new audit daemon instance may try to start
auditing while the previous session is still running. Likewise, this
ensures a chance for auditd to terminate the audit trail at system
shutdown.
Perhaps more ideally, the script would wait synchronously for auditd to
exit rather than for an arbitrary but short period of time.
MFC after: 3 days
Obtained from: TrustedBSD Project
interface is an IPv6 interface.
Use this method to decide if we should attempt to configure an interface
with an IPv6 address in pccard_ether. The mechanism pccard_ether uses
to do this is unsuited to the task because it assumes the list of
interfaces it is passed is the full list of IPv6 interfaces and makes
decissions based on that. This is at least a step in the right
direction and is probably about as much as we can MFC safely.
PR: conf/103428
MFC after: 3 days
- Note that diskless_remount files may use ".." to support mounts above
the root path.
- Copy dot files when populating directories from /conf. [1]
PR: misc/102724 [1]
Submitted by: Attila Nagy <bra at fsn.hu> [1]
certain conditions. I haven't been able to find a better solution yet:
- Set a two read-only variables (${prefix} and ${etcdir}). This is
especially useful when using /etc/rc.d scripts with third-party
software installed from ports.
- Fix rc.d/sshd to work with openssh from ports using ${etcdir}
instead of hardcoded /etc.
- Reflect prefix/etcdir changes in rc.subr.8.
src/etc/rc.d/sshd: rev 1.9 -> 1.10
src/etc/rc.subr: rev 1.51 -> 1.52
src/share/man/man8/rc.subr.8: rev 1.11 -> 1.12
Approved by: cperciva (mentor)
it limits the width of its output to the value of $COLUMNS, or
what TIOCGWINSZ reports, or 79 columns. We should specify -ww
to ps(1) so that it removes the limit and prints lines in full.
Otherwise very long command pathnames could be mishandled, e.g.,
by _find_processes().
MFC after: 1 week
despite the interface link status.
Add dhclient_flags_iface and background_dhclient_iface rc.conf options.
(where iface is a specific interface). These can be used to give
interface specific flags to dhclient.
Reviewed by: brooks@
The order in _doit must be "nice su", not "su nice", for that.
In addition, don't ignore the exit status from "cd $foo_chdir".
Reviewed by: freebsd-rc (silence)
MFC after: 1 week
touch interfaces that don't actually exist in the stop case. In the
process move some IPv4 specific code from ifconfig_down to ipv4_down.
This should solve problems with ifconfig: error messages on boot when
interfaces are renamed.
thing to do in most (all?) cases and certainly should not be the default
now that we're running pccard_ether on all interface creates and
destroys.
MFC after: 3 days
and so users get hangs until interrupts are generated another way. We'll
have to find a way to make the 2 work together before re-enabling this by
default.
PowerPC-based Apple's machines and small utility to do it from
userland modelled after the similar utility in Darwin/OSX.
Only tested on 1.25GHz G4 Mac Mini.
MFC after: 1 month
and replace it with a new ntpdate_config variable.
- Document it in defaults/rc.conf and rc.conf.5.
- Document ntpdate_hosts in defaults/rc.conf.
Requested by: Chris Timmons <cwt@networks.cwu.edu>
Approved by: cperciva (mentor, implicit)
MFC after: 1 week
not be mounted unless the -l flag was specified.
Add an rc script, mountlate, which basically runs 'mount -a -l'. It runs
after DAEMON but before LOGIN.
This is useful for things like loopback mounts, because mountcritremote
runs before mountd / nfsd (since /usr might be a remote file system), so
an attempt to mount a loopback network file system in mountcritremote will
fail.
Also add a progress message to mountcritlocal, for the sake of symmetry
with similar messages in mountcritremote and mountlate.
Reviewed by: freebsd-rc
MFC after: 3 weeks
expect to see quite a few files appearing in libdata/ldconfig directories.
This change avoids the screen to be filled with the names of those ldconfig
files and replace them by the actual non-default directories they contain.
Most of them will be ${PREFIX}/lib so, 'sort -u' will help reducing the
output.
Approved by: cperciva (implicit)
MFC after: 1 week
of them do that conditionally depending on kldstat. The code is
duplicated all over, but bugs can be uniqie.
To make the things more consistent, introduce a new rc.subr function,
load_kld, which takes care of loading a kernel module conditionally.
(Found this lying for a while in my p4 branch for various hacks.)
automaticly add it to an Ethernet bridge. This is intended for applications
such as qemu, vmware, openvpn, ... which open tap interfaces and need them
bridged with the hosts network adapter, the user can set up a glob for
interfaces to be automatically added (eg tap*).
notification so all interfaces including pseudo are reported. When netif
creates the clones at startup devctl_disable has not been turned off yet so the
interfaces will not be initialised twice, enforce this by adding an explicit
order between rc.d/netif and rc.d/devd.
This change allows actions to taken in userland when an interface is cloned
and the pseudo interface will be automatically configured if a ifconfig_<int>=""
line exists in rc.conf.
Reviewed by: brooks
No objections on: net
1,2 and so on.
It specifies the command to be run as Nth after jail startup.
sh(1)-fu by: Dario Freni
PR: conf/97697
MFC after: 2 weeks
Reviewed by: ru@ (man page)
more appropriate value and is also the default set by the kernel. I
could not find a justification of why rc.conf began overriding it back
in 1998.
This dramatically cuts NFS traffic on e.g. a busy system with NFS root.
Reviewed by: mohans
MFC After: 2 weeks
scripts. These scripts handle vnode backed md(4) devices.
Old ramdisk{,-own} scripts will stay a bit in CVS to allow some time for
migration since variable names have changed (ramdisk_* -> mdconfig_*).
Two new variables have been introduced to be able to populate the md(4)
device once it has been mounted (mdconfig_*_files and mdconfig_*_cmd).
Use should be as easy as:
mdconfig_md0="-t malloc -s 10m"
mdconfig_md1="-t vnode -f /var/foo.img"
See rc.conf(5) for more information and description of the additional
variables.
Approved by: cperciva
issue where some global jail_* variables were overriden in the script. [1]
- Change "jid" to "jname" in rc.conf(5), since it's more a jail name than a
jail id. [1]
- Update examples and comments in defaults/rc.conf to advertise new
variables and the fact that some of the jail-specific variables may be made
jail-global. [2]
Reported by: pjd [1], clsung [2]
Approved by: cperciva
X-MFC after: i got sufficient testing from people using rc.d/jail
subdirectories that will be used for removable media mount points (i.e.
mount points for CDs, floppy disks, USB drives, etc.). While the primary
purpose of /media is to provide a location for HAL
(http://www.freedesktop.org/wiki/Software_2fhal) to mount volumes, it could
be used by any application that needs to manage removable media volumes.
Discussed on: arch@
Approved by: mux
MFC after: 1 week
boot. Autogeneration of nsswitch.conf doesn't makes sense in 7.0
since it's not permitted to upgrade from a pre-nss release without
passing through an intermediate release.
Suggested by: brooks
for some early starting services from the ports collection
to have their shared objects available before start.
Reviewed by: freebsd-rc (dougb, brooks)
MFC After: 3 days
- Sync with latest version from NetBSD.
'In order to handle some perl scripts running as daemons, add a
pattern which also matches "`basename $interpreter`: $command" in the
ps listing.'
Approved by: cperciva (mentor)
Obtained from: NetBSD
MFC after: 1 week
from ports. The effect is that ldconfig is now started right after
mountcritremote. Everything else is left unchanged.
PR: conf/68916
Submitted by: JD Bronson <jd@aurora.org>
Approved by: cperciva (mentor)
MFC after: 1 week
working on.
1) Make it possible to configure interfaces with certain characters in
their names that aren't valid in shell variables. Currently supported
characters are ".-/+". They are converted into '_' characters.
2) Replace nearly all eval statements in network.subr with a new
function get_if_var which substitues an interface name (after the
translations above) for "IF" in a variable name.
3) Fix list_net_interfaces() in the nodhcp case.
4) Allow the administrator to specify if dhclient should be started
when /etc/rc.d/netif configures the interface or only by devd.
This can be set on both a per interface and system wide basis.
PR: conf/88974 [1,2], conf/92433 [1,2]