Commit Graph

4705 Commits

Author SHA1 Message Date
maxim
015f110c97 o Fix a comment: refer to the write community name by the OID not by
the line number which is incorrect now and probably will shift in future.
2006-12-31 11:19:48 +00:00
yar
0a888a1e57 Allow for /usr/bin/env when parsing the shebang line from an
interpreted $command.  Some "portable" sofware packages use such a
line to skip the task of figuring out the absolute pathname of the
interpreter at install time, e.g.:

	#!/usr/bin/env python

It is insecure, but a popular book on Python seems to have advised
it to a wide audience.  Hence a number of such scripts in the ports,
mostly written in Python.

PR:		bin/100287
MFC after:	1 week
2006-12-31 11:07:29 +00:00
yar
dc9f8423c3 Use $required_modules wherever suitable. Use load_kld() in special
cases.  So we get rid of quite a few lines of duplicated code.
2006-12-31 10:37:18 +00:00
yar
58a4c67f05 Fix a typo in a warning message. 2006-12-31 10:12:53 +00:00
yar
c91e4c56f6 Eliminate global symbols starting with an underscore from rc.d
scripts, except for mdconfig* and jail.  Such symbols are reserved
for the rc.subr internals.  Most scripts can be fixed by just
declaring _foo symbols as local: few scripts actually need them to
be global.

Discussed with:	dougb in freebsd-rc
2006-12-30 22:53:20 +00:00
piso
0db606a3b1 Summer of Code 2005: improve libalias - part 2 of 2
With the second (and last) part of my previous Summer of Code work, we get:

-ipfw's in kernel nat

-redirect_* and LSNAT support

General information about nat syntax and some examples are available
in the ipfw (8) man page. The redirect and LSNAT syntax are identical
to natd, so please refer to natd (8) man page.

To enable in kernel nat in rc.conf, two options were added:

o firewall_nat_enable: equivalent to natd_enable

o firewall_nat_interface: equivalent to natd_interface

Remember to set net.inet.ip.fw.one_pass to 0, if you want the packet
to continue being checked by the firewall ruleset after being
(de)aliased.

NOTA BENE: due to some problems with libalias architecture, in kernel
nat won't work with TSO enabled nic, thus you have to disable TSO via
ifconfig (ifconfig foo0 -tso).

Approved by: glebius (mentor)
2006-12-29 21:59:17 +00:00
hrs
86de427e3a Add "nojail" keyword to prevent spurious error messages.
Spotted by:	Keve Nagy
PR:		conf/107083
2006-12-29 15:56:21 +00:00
yar
c6dfd2ef7a MFp4:
Implement the checks for required_* objects as two functions, one
to be run before precmd and the other after it.  They get the current
rc command as an argument so they can choose what requirement tests
to perform.  As of now, only "start" needs such tests.

Implement a new requirement variable, required_modules.  It can
list kernel modules that need to be loaded after start_precmd
indicated success.  Each name in the list can be just "file", or
"file:module", or "file~regex".  This will allow us to remove a lot
of duplicated code from rc.d scripts.

Perform the checks not only for the default start method, but for
any method.  This allows for more flexibility and fixes a few rc.d
scripts (namely newsyslog, pf, sendmail) that rely on a required_*
variable while providing a non-default start method.

To be able to call the new check_required* functions naturally,
remove lots of crufty duplicated code pieces from run_rc_command
and replace each of them by a call to the helper function providing
a single corrected instance of the respective code snippet.  Now
run_rc_command isn't as scary as it used to be, and it even appears
to have quite a nice logic that was obscured by the old crufty code.

In the default handler for restart, run start from a subshell to
protect global varibles, e.g., _postcmd, from modification by the
start handler.  This enables using restart_postcmd. [x]

PR:		conf/98734 [x]
Submitted by:	Rick van der Zwet <rick@wzoeterwoude.net> [x]
Reviewed by:	freebsd-rc (silence for an older version)
MFC after:	1 month
2006-12-27 13:15:33 +00:00
syrinx
172079c1c6 Add a (disabled) configuration line to enable snmp_bridge(3) module.
Approved by:	bz (mentor)
2006-12-20 22:10:34 +00:00
yar
f022e5fd4f Syscons cannot be stopped, so provide a no-op stop method.
The default stop method from rc.subr isn't suited for this
case and produces a bogus warning: "syscons not running".

Suggested by:	matteo
2006-12-20 12:59:50 +00:00
yar
7474222271 Improve rc.d conformance:
- don't play a needless trick with prestart, just use start method;
- provide no-op stop method so that we don't get bogus "abi not running" error.
2006-12-20 11:37:15 +00:00
hrs
13f5cb2be8 Disable IPv6 configuration for interfaces in pccard_ether_start().
After a change of devd.conf, devd(8) handles NIC attach/detach event
by using /etc/pccard_ether with the interface name as the argument.
This model does not work properly with IPv6 configuration because the
implementation of IPv6 stateless auto-configuration in the FreeBSD
rc.d scripts depends on whether there are any explicit configurations
for interfaces or not.  It works this way: if no manual configuration,
it will perform auto-configuration, but otherwise no
auto-configuration will be performed.  So, this behavior can only be
determined by all of the interfaces on a system, not a single one.
For this reason, the network6_interface_setup() function called from
the pccard_ether_start() does not work with a single interface name.
And what is worse, this combination of devd.conf and
pccard_ether_start() caused a bad side-effect that when
ipv6_enable=YES, all of interfaces marked as DOWN would be UP
unconditionally (and router solicitation was sent) just after devd(8)
was invoked.  This should be fixed in a more sophisticated way.
2006-12-08 15:48:42 +00:00
hrs
5ed0fdbeea Add a link-local address to the lo0 even when ipv6_enable="NO".
A kernel with INET6 always has ::1 on lo0, so in the case of
ipv6_enable="NO" the lo0 can have ::1 with no link-local address.
This is a violation of the IPv6 specification.  As a workaround for
this situation, fe80::1 is added in rc.d/auto_linklocal when lo0 has
no link-local address.  This should not be harmful for IPv4-only users.
2006-12-08 06:34:06 +00:00
ru
ca2bb82f44 Move npe.4 to a machine specific manpage subdirectory. 2006-12-05 16:57:10 +00:00
luigi
517e9da299 - put some common code in a function handle_remount();
- add better checks on non-existing directories to prevent error
  messages at run time;
- introduce a function log() to help debugging diskless booting
  when things don't work;
- modify the parsing of diskless_remount so you can add mount_nfs
  options after the pathname. You could use 'remount' to do something
  similar, but this way is more convenient because you don't have to
  hardwire the server name in the command.
- document the above.

I have been running the above in a diskless lab since february on RELENG_6.

MFC after: 1 week
2006-12-03 23:50:29 +00:00
flz
e1d91fee6d Teach find_processes() to use ${name}_chroot.
Obtained from:	NetBSD
X-MFC after:	6.2-RELEASE
2006-11-26 22:02:09 +00:00
flz
15f017fe4d Remove leading dollar sign in rcvar command output.
There's no dollar use in variable assignment in sh.
Assuming this is can be expected behavior for some
people, this change won't be MFC'ed to RELENG_6.

Discussed with:	yar on -rc
2006-11-26 19:03:19 +00:00
ache
0f6ab68217 Back out 1.120, it was premature. 2006-11-12 12:02:34 +00:00
des
c2c5b4471a Back out 1.122, it was poorly thought out. 2006-11-11 23:26:08 +00:00
des
e013709c26 Back out 1.121, it was premature. 2006-11-11 22:23:49 +00:00
ceri
4e3a86984a Ensure that the load of rules into the alternate ruleset worked before
loading them into the live one too.

PR:		conf/97311
Submitted by:	David Bushong
Reviewed by:	silence on rc@
Approved by:	ru (mentor)
MFC after:	10 days
2006-11-11 10:48:34 +00:00
des
2fdb0b5663 Add share/xsl.
MFC after:	1 week
2006-11-10 22:57:39 +00:00
des
a9a2f810d6 Add locales for nb_NO and nn_NO.
Reviewed by:	philip
2006-11-09 18:10:34 +00:00
rwatson
9463ede042 Add auditd_program variable to defaults, in order to make it more clear
how to change the auditd instance.  When using a port/package-based
OpenBSM, changing the auditd pointer may be desirable.

Obtained from:	TrustedBSD Project
MFC after:	3 weeks
2006-11-06 15:11:24 +00:00
obrien
ea874b999e Switch default proto to TCP. 2006-11-06 01:42:11 +00:00
pjd
ac6b680a94 Hook up gjournal bits to the build.
Sponsored by:	home.pl
2006-10-31 22:22:30 +00:00
harti
969c298091 Bind to INADDR_ANY in the default configuration. This makes bsnmpd(1)
automatically work on multi-homed hosts and without explicite specification
of the hostname in the config file.

Submitted by:	jmg
2006-10-31 10:23:28 +00:00
mlaier
e7bc018a5c Do not try to rtsol on pflog or pfsync devices. 2006-10-29 13:29:49 +00:00
phk
417527cc24 Give rc.firewall a polish and a new method.
Factor out the loopback setup

Use "me" instead of hardcoded $ip where possible.

Add "workstation" which protects just this machine with stateful
    firewalling.  Put the variables for this in rc.conf.

Submitted by:	Flemming Jacobsen <fj@batmule.dk>
Reviewed by:	cperciva
2006-10-28 20:08:12 +00:00
avatar
07cb91236d Re-sync'ing pf rules in post command as we already did for ipfilter.
With this patch, pf rules with dynamically created devices such like tun0
works without further intervention.

Reviewed by:	mlaier
MFC after:	3 days
2006-10-26 00:29:43 +00:00
delphij
d95f4fb5ef Synchronize pf.os with OpenBSD.
Obtained from:	OpenBSD
MFC After:	3 days
Approved by:	mlaier (maintainer)
2006-10-23 05:09:44 +00:00
hrs
1b1b112c84 Suppress a spurious warning message when a kernel without INET6 is
used.

Spotted by:	ru
Reviewed by:	ume
MFC after:	3 days
2006-10-22 17:21:03 +00:00
flz
cbad7c02dc Add 'reload' to the list of available commands for the amd rc.d script.
PR:		conf/104507
Submitted by:	Douglas K. Rand <rand@meridian-enviro.com>
MFC after:	3 days
2006-10-18 15:56:11 +00:00
yar
26039aabd1 Improve cleartmp in a number of aspects:
+ Use rc.subr(8) features properly.
+ Do the whole job of obliterating /tmp contents in find(1).
+ Leave lost+found and quota.{user,group} in /tmp only if root-owned.
+ Make the overall structure clearer by first removing the X dirs
  (perhaps along with the rest of /tmp) and then re-creating them.
+ Use "find -exec rm -rf {} +" for efficiency: each rm instance gets
  a chance to kill as much files in /tmp as ARG_MAX permits.

PR:		bin/104044
Submitted by:	Andrey Simonenko <see PR for email>
Hacked by:	yar
MFC after:	1 month
2006-10-16 13:01:45 +00:00
ceri
e4ea7afca1 Add idmapd_flags to defaults/rc.conf.
Document it and idmapd_enable.
2006-10-15 15:55:00 +00:00
ceri
7b28cc9b2f RC script for idmapd(8), defaulting to off. 2006-10-15 14:19:06 +00:00
ru
34fd4e5d2b Replace duplicate and not quite accurate capabilities
description with a reference to the disktab(5) manpage.

PR:		doc/48105
2006-10-14 16:39:03 +00:00
ume
73c8098699 Revert the default value of net.inet6.ip6.auto_linklocal to 1.
If ipv6_enable is not set to "YES", net.inet6.ip6.auto_linklocal
is turned to 0 at boot.

Discussed with:	re@, gnn@
MFC after:	3 days
2006-10-13 12:41:36 +00:00
piso
5696dc1060 Fix a regression: let natd load libalias modules before /usr is mounted
renaming /lib/libalias_*.so.4 to /lib/libalias_*.so.

Approved by: glebius
Reviewed by: glebius, ru
2006-10-08 14:02:00 +00:00
ume
364695cff6 Restore the behavior that net.inet6.ip6.auto_linklocal=0 could
be coexist with ipv6_enable="YES".

MFC after:	3 days
2006-10-07 15:45:56 +00:00
flz
8587b166ef Introduce mixer_enable (default: YES).
PR:		conf/101268
Submitted by:	Eugene Grosbein <eugen@grosbein.pp.ru>
Approved by:	cperciva (mentor)
X-MFC after:	6.2-RELEASE
Sponsored by:	FreeBSD Test-Bugathon
2006-10-06 23:22:13 +00:00
ru
f53bc81fe1 A GEOM cache can speed up read performance by sending fixed size
read requests to its consumer.  It has been developed to address
the problem of a horrible read performance of a 64k blocksize FS
residing on a RAID3 array with 8 data components, where a single
disk component would only get 8k read requests, thus effectively
killing disk performance under high load.  Documentation will be
provided later.  I'd like to thank Vsevolod Lobko for his bright
ideas, and Pawel Jakub Dawidek for helping me fix the nasty bug.
2006-10-06 08:27:07 +00:00
brooks
120ed3e161 Pull in /etc/rc.conf.d/network so that ifconfig_<if> variables can be
set there.  This is required for consistency with /etc/rc.d/netif.

PR:		conf/103893
Submitted by:	Nick Hibma <nick at anywi.com>
MFC after:	3 days
2006-10-02 18:50:58 +00:00
gnn
3b143b31f6 Turn off automatic link local address if ipv6_enable is not set to YES
in rc.conf

Reviewed by:    KAME core team, cperciva
MFC after:      3 days
2006-10-02 10:13:30 +00:00
yar
53d4e5c17e debug() shouldn't misidentify itself to logger(1).
Noticed by:	David Thompson <dat1965 yahoo com>
2006-10-02 08:20:37 +00:00
ache
38c8b0a34c Add mn_MN.UTF-8 2006-10-02 00:23:14 +00:00
ru
a929436732 Create section 8 man subdirectories for PowerPC. 2006-09-30 09:02:38 +00:00
bms
686e54733a Push removal of mrouted down to the rest of the tree. 2006-09-29 15:45:11 +00:00
piso
5582e56d9d Summer of Code 2005: improve libalias - part 1 of 2
With the first part of my previous Summer of Code work, we get:

-made libalias modular:

 -support for 'particular' protocols (like ftp/irc/etcetc) is no more
  hardcoded inside libalias, but it's available through external
  modules loadable at runtime

 -modules are available both in kernel (/boot/kernel/alias_*.ko) and
  user land (/lib/libalias_*)

 -protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
  skinny and smedia

-added logging support for kernel side

-cleanup

After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.

During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.

User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.

The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).

General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.

NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.

Approved by: glebius
Reviewed by: glebius, ru
2006-09-26 23:26:53 +00:00
rwatson
249296fc03 Sleep for one second after calling audit -t to give the audit daemon a
chance to actually terminate the audit service and exit.  Otherwise, on
an rc.d/auditd restart, the new audit daemon instance may try to start
auditing while the previous session is still running.  Likewise, this
ensures a chance for auditd to terminate the audit trail at system
shutdown.

Perhaps more ideally, the script would wait synchronously for auditd to
exit rather than for an arbitrary but short period of time.

MFC after:	3 days
Obtained from:	TrustedBSD Project
2006-09-24 17:31:04 +00:00
brooks
a1e5239462 network_ipv6 also does some interface configuration so require it to run
before starting devd so they don't trip over each other.

PR:		conf/103428
2006-09-21 14:29:32 +00:00
brooks
aa92e52181 Introduce a new method ipv6if which attemptes to figure out if an
interface is an IPv6 interface.

Use this method to decide if we should attempt to configure an interface
with an IPv6 address in pccard_ether.  The mechanism pccard_ether uses
to do this is unsuited to the task because it assumes the list of
interfaces it is passed is the full list of IPv6 interfaces and makes
decissions based on that.  This is at least a step in the right
direction and is probably about as much as we can MFC safely.

PR:		conf/103428
MFC after:	3 days
2006-09-21 01:44:52 +00:00
brooks
68deeefe49 Flushing all IPv4 routes when an interface is removed or unconfigured
makes no sense.  Remove the undocumented removable_route_flush feature
from pccard_ether.

X-MFC after:	never
2006-09-20 19:48:31 +00:00
brooks
6e1b63c897 Search the list of up interfaces provided by "ifconfig -ul" instead of
greping for UP in "ifconfig $ifn".  This eliminates a dependancy on
/usr.
2006-09-20 19:45:30 +00:00
emax
6f44289f61 Add bthidd(8) rc(8) script
MFC after:	1 month
2006-09-07 22:25:08 +00:00
emax
59b2f67d03 Prepare for upcoming bthidd(8) update. Install vkbd(4) header into dev/vkbd.
MFC after:	1 month
2006-09-07 18:24:24 +00:00
marcel
fe9fda2d7c Unbreak PowerPC build after addition of powermac_nvram(4powerpc). 2006-09-02 20:58:37 +00:00
brooks
931f11f642 - Document /conf/diskless_remount in the list of special files.
- Note that diskless_remount files may use ".." to support mounts above
  the root path.
- Copy dot files when populating directories from /conf. [1]

PR:		misc/102724 [1]
Submitted by:	Attila Nagy <bra at fsn.hu> [1]
2006-09-01 16:33:15 +00:00
ru
907b65e65a Kill the default phone numbers.
Obtained from:	OpenBSD
2006-08-31 21:13:12 +00:00
obrien
c3fa754b3f Re-add lukemftpd. It has: PAM, MAC, per-class nologin files,
login.conf resource limits and features.
2006-08-31 17:15:10 +00:00
cperciva
1caefdfb4b Add FreeBSD Update 2.0 client code. The build code is in the projects
repository.

Sponsored by:	FreeBSD security development fundraiser
2006-08-31 09:51:34 +00:00
ru
fbc656e8b0 Comment out lines that use example addresses and example.com names so
that local changes can be made more easily (without having to comment
these lines, and making the diff more readable).
2006-08-29 09:20:48 +00:00
ru
8b1d56c480 The kvm_mkdb(8) is long dead. 2006-08-29 08:49:58 +00:00
cperciva
c690e33e8e When stopping powerd, set the CPU frequency back to its maximum value
(i.e., what it was almost certainly at before powerd was started).

Submitted by:	R.B. Riddick
MFC after:	3 days
2006-08-27 11:04:39 +00:00
dougb
d7beaaec70 Use ports INDEX-7 instead of INDEX-6
Submitted by:	Niclas Zeising <lothrandil@n00b.apagnu.se>
2006-08-27 08:12:53 +00:00
trhodes
f21ca27dec Add login.conf checking to periodic security scripts. If the login.conf file
is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.

Head nod:	ru, rwatson
2006-08-25 07:34:36 +00:00
trhodes
e3d91b1fd3 Send more Alpha bits to the bin. 2006-08-25 00:36:59 +00:00
ru
dc5b14d7bc Fix example:
/conf/base/diskless_remount -> /conf/base/etc/diskless_remount

MFC after:	3 days
2006-08-22 16:21:16 +00:00
flz
93d42de8b0 - Add ypserv to the REQUIRE list.
Reported by:	David Thompson <dat1965@yahoo.com>
Discussed on:	-rc (brooks)
Approved by:	cperciva (mentor, implicit)
MFC after:	3 days
2006-08-22 14:58:23 +00:00
flz
54b7b1d84e Backout this commit since it breaks startup and some scripts in
certain conditions. I haven't been able to find a better solution yet:

    - Set a two read-only variables (${prefix} and ${etcdir}). This is
    especially useful when using /etc/rc.d scripts with third-party
    software installed from ports.
    - Fix rc.d/sshd to work with openssh from ports using ${etcdir}
    instead of hardcoded /etc.
    - Reflect prefix/etcdir changes in rc.subr.8.

        src/etc/rc.d/sshd: rev 1.9 -> 1.10
        src/etc/rc.subr: rev 1.51 -> 1.52
        src/share/man/man8/rc.subr.8: rev 1.11 -> 1.12

Approved by:	cperciva (mentor)
2006-08-22 11:17:29 +00:00
flz
0c85546033 - Remove ramdisk rc.d scripts since they've been replaced by mdconfig{,2}.
- Update ObsoleteFiles.inc.

Approved by:	cperciva (mentor)
2006-08-22 11:12:09 +00:00
brooks
91d01c20f9 Don't try to start interfaces that don't exist.
Reported by:    Dominique Goncalves <dominique.goncalves at gmail.com>
2006-08-18 13:19:45 +00:00
yar
3f0988c978 Eliminate header line(s) from ps(1) output instead of skipping over them. 2006-08-18 13:07:38 +00:00
yar
904a0ff853 The ps(1) command is unfriendly to scripts by default because
it limits the width of its output to the value of $COLUMNS, or
what TIOCGWINSZ reports, or 79 columns.  We should specify -ww
to ps(1) so that it removes the limit and prints lines in full.
Otherwise very long command pathnames could be mishandled, e.g.,
by _find_processes().

MFC after:	1 week
2006-08-18 12:10:18 +00:00
brian
85df8020c4 Make it a little clearer that interface-specific flags aren't additional
to specified dhclient flags.

Mention background_dhclient_iface.

Suggested by: ru
2006-08-17 20:13:24 +00:00
brian
97f069fb74 Add a missing quote
Spotted by: ru
2006-08-17 19:57:10 +00:00
brian
a3922ffaf6 Add a -p switch to dhclient. The switch tells dhclient to persist
despite the interface link status.

Add dhclient_flags_iface and background_dhclient_iface rc.conf options.
(where iface is a specific interface).  These can be used to give
interface specific flags to dhclient.

Reviewed by:	brooks@
2006-08-17 17:12:27 +00:00
yar
d5c64fa997 Allow for setting negative priority (niceness) when $foo_user is non-root.
The order in _doit must be "nice su", not "su nice", for that.
In addition, don't ignore the exit status from "cd $foo_chdir".

Reviewed by:	freebsd-rc (silence)
MFC after:	1 week
2006-08-17 08:04:20 +00:00
brooks
753b3bce68 Introduce a new function, ifexists and use it to avoid attempting to
touch interfaces that don't actually exist in the stop case.  In the
process move some IPv4 specific code from ifconfig_down to ipv4_down.

This should solve problems with ifconfig: error messages on boot when
interfaces are renamed.
2006-08-17 03:03:38 +00:00
brooks
fafadf82fa Set removable_route_flush to NO be default. It's clearly the wrong
thing to do in most (all?) cases and certainly should not be the default
now that we're running pccard_ether on all interface creates and
destroys.

MFC after:	3 days
2006-08-16 17:14:52 +00:00
njl
c8bd6b0fed Back out 1.272. The LAPIC timer conflicts with C2/3 on various systems,
and so users get hangs until interrupts are generated another way.  We'll
have to find a way to make the 2 work together before re-enabling this by
default.
2006-08-05 20:28:50 +00:00
des
4fa533ec15 Forgot to add mountlate to the Makefile. 2006-08-04 18:37:03 +00:00
jb
dd66f52f2b Not allowed to use tabs. The rule that proves the rule. Heh. 2006-08-03 05:44:51 +00:00
jb
cd9c5fe76a Alphabetical order is probably better. 2006-08-03 03:30:53 +00:00
jb
222db7c2ac Add the library directory where DTrace library scripts live. 2006-08-03 03:28:03 +00:00
marcel
0cae7b2fc7 Remove remnants of Alpha. 2006-08-02 17:22:30 +00:00
sobomax
a2e1257dac Add device to access and modify Open Firmware NVRAM settings in
PowerPC-based Apple's machines and small utility to do it from
userland modelled after the similar utility in Darwin/OSX.

Only tested on 1.25GHz G4 Mac Mini.

MFC after:	1 month
2006-08-01 22:19:01 +00:00
mckay
4dff9a1eda This script should probably have an enabling variable since it can produce
surprising results.  For now, at least make it safe to boot the default
kernel when /boot/kernel is already a symlink.
2006-07-30 12:54:37 +00:00
simon
945abe38da Add /usr/lib/engines for OpenSSL engines. 2006-07-29 19:47:09 +00:00
yar
2609e1a647 Back out rev. 1.63. It was a poor idea because
test(1) is built in sh(1) and it always evaluates
both sides of -a or -o, unlike && or || in sh(1).

Requested by:	dougb
2006-07-26 08:03:24 +00:00
yar
c7502768a7 De-uglify messages from the ipfw script. 2006-07-25 17:28:18 +00:00
yar
14382e7407 Use more rc.subr(8) features.
Skip useless work when ${natd_interface} is unset.
Double quote user-supplied vars unless there is a reason not to.
2006-07-25 17:25:44 +00:00
yar
01293392f3 Avoid extra runs of test(1) by using its built-in logical operations. 2006-07-25 17:20:22 +00:00
pjd
8b60fade6c Don't load geom_md.ko if there is no need to. 2006-07-25 17:19:00 +00:00
yar
60b057864d Sync comments around _doit with the code. 2006-07-25 17:16:48 +00:00
yar
ad3f561128 We notify of failures with err or warn.
Messages should end in full stop unless
that can lead to confusion.
2006-07-25 17:14:38 +00:00
yar
eb3e86a428 Add diagnostics to load_kld(). 2006-07-25 17:10:35 +00:00
yar
ed24981d4f Since Alpha support isn't in HEAD anymore, remove Alpha-specific
rc.conf(5) knobs, too: osf1_enable, unaligned_print.
2006-07-21 15:55:18 +00:00
flz
146016a7bb - Remove hardcoded /etc/ntp.conf configuration file from ntpdate rc.d script
and replace it with a new ntpdate_config variable.
- Document it in defaults/rc.conf and rc.conf.5.
- Document ntpdate_hosts in defaults/rc.conf.

Requested by:	Chris Timmons <cwt@networks.cwu.edu>
Approved by:	cperciva (mentor, implicit)
MFC after:	1 week
2006-07-20 10:07:34 +00:00
des
72b19002fe Teach mount(8) about a 'late' keyword, which means the file system should
not be mounted unless the -l flag was specified.

Add an rc script, mountlate, which basically runs 'mount -a -l'.  It runs
after DAEMON but before LOGIN.

This is useful for things like loopback mounts, because mountcritremote
runs before mountd  / nfsd (since /usr might be a remote file system), so
an attempt to mount a loopback network file system in mountcritremote will
fail.

Also add a progress message to mountcritlocal, for the sake of symmetry
with similar messages in mountcritremote and mountlate.

Reviewed by:	freebsd-rc
MFC after:	3 weeks
2006-07-12 16:05:51 +00:00
stefanf
e8d77f637b Fix spelling in a comment. 2006-07-09 06:54:24 +00:00
flz
53217b55bf Since INSTALLS_SHLIB has been superseded by USE_LDCONFIG in bsd.port.mk, I
expect to see quite a few files appearing in libdata/ldconfig directories.
This change avoids the screen to be filled with the names of those ldconfig
files and replace them by the actual non-default directories they contain.
Most of them will be ${PREFIX}/lib so, 'sort -u' will help reducing the
output.

Approved by:	cperciva (implicit)
MFC after:	1 week
2006-06-21 10:22:44 +00:00
yar
170515b4b5 Set an example of using load_kld() from rc.subr. 2006-06-21 09:53:25 +00:00
yar
ad10a899ae Quite a number of rc.d scripts try to load kernel modules. Many
of them do that conditionally depending on kldstat.  The code is
duplicated all over, but bugs can be uniqie.

To make the things more consistent, introduce a new rc.subr function,
load_kld, which takes care of loading a kernel module conditionally.

(Found this lying for a while in my p4 branch for various hacks.)
2006-06-21 09:42:55 +00:00
maxim
0fee9bcf8f o Add missed $start variable in the grep statement back.
PR:		conf/96658
Submitted by:	James Snow
MFC after:	1 week
2006-06-11 20:39:12 +00:00
brueffer
835d031b9c Update geli_swap_flags, -e is now used to specify the encryption algorithm. 2006-06-07 17:14:27 +00:00
trhodes
fe0d6a9c3f Sync to p4:
o Add shutdown KEYWORD;
o Remove PID check;
o Stop auditd with '-t'
o General cleanup.
2006-06-06 17:22:55 +00:00
ume
c4b35c221a flush' is appropriate than reload'.
Requested by:	ceri
2006-06-06 15:34:50 +00:00
ume
581608f956 Add `reload' which invalidates the cache for every user. 2006-06-06 12:55:58 +00:00
obrien
bd7824e136 Use an option form better matching the manual. 2006-06-05 03:47:14 +00:00
csjp
6a0be273a2 Since NIS is an RPC based service, add a note that when adjusting access
controls in NIS, similar access controls should be considered for the
rpcbind as well.
2006-06-01 14:14:58 +00:00
thompsa
0a5ee5e4db Add rc.d/bridge which is invoked when a new interface arrives and can
automaticly add it to an Ethernet bridge. This is intended for applications
such as qemu, vmware, openvpn, ... which open tap interfaces and need them
bridged with the hosts network adapter, the user can set up a glob for
interfaces to be automatically added (eg tap*).
2006-06-01 11:01:54 +00:00
thompsa
f6293051c9 Announce all interfaces to devd on attach/detach. This adds a new devctl
notification so all interfaces including pseudo are reported. When netif
creates the clones at startup devctl_disable has not been turned off yet so the
interfaces will not be initialised twice, enforce this by adding an explicit
order between rc.d/netif and rc.d/devd.

This change allows actions to taken in userland when an interface is cloned
and the pseudo interface will be automatically configured if a ifconfig_<int>=""
line exists in rc.conf.

Reviewed by:		brooks
No objections on:	net
2006-06-01 00:41:07 +00:00
matteo
54eed11bfc Add jail_<jname>_exec_afterstart<N> rc.conf variable, where <N> is
1,2 and so on.
It specifies the command to be run as Nth after jail startup.

sh(1)-fu by: Dario Freni
PR: 	conf/97697
MFC after: 2 weeks
Reviewed by: ru@ (man page)
2006-05-30 16:20:48 +00:00
matteo
bb69a4c723 style(9) 2006-05-30 16:07:59 +00:00
brooks
348c115abb Remove reference to no longer existant /etc/rc.d/pccard.
PR:		conf/98055
Submitted by:	thierry herbelot <thierry at herbelot dot com>
2006-05-30 02:10:01 +00:00
glebius
bcebd3658f Quote the parameter to sysctl(1), allowing to use whitespaces in
sysctl values.

PR:		conf/96509
Submitted by:	Gregory Bond <gnb itga.com.au>
2006-05-24 11:36:48 +00:00
kris
6537a44f85 Increase the nfs access cache timeout from 2 to 60. The latter is a
more appropriate value and is also the default set by the kernel.  I
could not find a justification of why rc.conf began overriding it back
in 1998.

This dramatically cuts NFS traffic on e.g. a busy system with NFS root.

Reviewed by:	mohans
MFC After:	2 weeks
2006-05-24 00:06:14 +00:00
emax
884339463a Correct BD_ADDR entry for "Dummy" device in the default hcsecd.conf.
Each byte in BD_ADDR should exactly two nibbles, i.e
"1:2:3:4:5:6" is NOT valid and "01:02:03:04:05:06" is valid BD_ADDR.

MFC after:	1 day
2006-05-18 17:53:49 +00:00
flz
2b8bb5dee2 Remove the require_kld function I just committed and replace with a nicer solution.
Reported by:	pjd
Approved by:	cperciva
2006-05-18 16:04:56 +00:00
flz
3d58ab6ef3 Add two new scripts (mdconfig/mdconfig2) to replace old ramdisk{,-own}
scripts. These scripts handle vnode backed md(4) devices.

Old ramdisk{,-own} scripts will stay a bit in CVS to allow some time for
migration since variable names have changed (ramdisk_* -> mdconfig_*).

Two new variables have been introduced to be able to populate the md(4)
device once it has been mounted (mdconfig_*_files and mdconfig_*_cmd).

Use should be as easy as:

mdconfig_md0="-t malloc -s 10m"
mdconfig_md1="-t vnode -f /var/foo.img"

See rc.conf(5) for more information and description of the additional
variables.

Approved by:	cperciva
2006-05-18 15:29:27 +00:00
matteo
cf7281ca13 Correctly set moused_$2_enable when moused_nondefault_enable is set to NO
PR:		conf/92654
MFC after:	3
2006-05-17 11:37:09 +00:00
phk
537a82e24b Send the pcvt(4) driver off to retirement. 2006-05-17 09:33:15 +00:00
mlaier
23ea781ace Move etc/rc.firewall6 to ipfw2+v6, update related rc.d and periodic scripts.
Since ipfw2 now does dual-stack, statistics for IPv6 come from the ipfw
scripts as well.
2006-05-12 19:17:34 +00:00
flz
76e07854c3 - Change the "jail_" prefix for internal script variables. This fixes an
issue where some global jail_* variables were overriden in the script. [1]
- Change "jid" to "jname" in rc.conf(5), since it's more a jail name than a
jail id. [1]
- Update examples and comments in defaults/rc.conf to advertise new
variables and the fact that some of the jail-specific variables may be made
jail-global. [2]

Reported by:	pjd [1], clsung [2]
Approved by:	cperciva
X-MFC after:	i got sufficient testing from people using rc.d/jail
2006-05-11 14:23:43 +00:00
matteo
57f8bd5896 if we fail to start a jail and jail_foobar_*fs_enable or jail_foobar_mount_enable were set, umount those filesystem before exiting. If we set up an alias for jail's IP, remove that alias before exiting.
MFC after:	2 weeks
2006-05-11 13:29:01 +00:00
marcus
a585030ace Add a /media to FreeBSD. /media is a directory designed to contain
subdirectories that will be used for removable media mount points (i.e.
mount points for CDs, floppy disks, USB drives, etc.).  While the primary
purpose of /media is to provide a location for HAL
(http://www.freedesktop.org/wiki/Software_2fhal) to mount volumes, it could
be used by any application that needs to manage removable media volumes.

Discussed on:	arch@
Approved by:	mux
MFC after:	1 week
2006-05-10 18:53:15 +00:00
matteo
0aae2a2db4 if a jail fails to start, don't add its jid to /var/run and print a message with the error.
PR:	conf/97024
MFC after:	1 week
2006-05-09 17:50:16 +00:00
flz
12a9a4edc9 - Fix quoting.
Reported by:	Dirk Engling <erdgeist@erdgeist.org>
Pointyhat to:	self
2006-05-08 17:32:45 +00:00
flz
141ad138ac - Check for some mandatory variables.
Approved by:	cperciva (mentor)
MFC after:	1 week
2006-05-07 23:15:39 +00:00
ume
bc8c6150b8 Install /etc/nsswitch.conf statically rather than generating it at
boot.  Autogeneration of nsswitch.conf doesn't makes sense in 7.0
since it's not permitted to upgrade from a pre-nss release without
passing through an intermediate release.

Suggested by:	brooks
2006-05-03 15:14:47 +00:00
des
a604f42a00 Update host.conf every time nsswitch.conf changes, instead of just creating
it if it does not exist.

Submitted by:	Rostislav Krasny <rosti.bsd@gmail.com>
MFC after:	2 weeks
2006-05-01 11:02:48 +00:00
ume
e98f478e56 Oops, services should be compat by default for backward compatibility. 2006-04-29 06:39:07 +00:00
ume
00dbaccdc4 Add newly supported databases such as services, protocols and rpc
into generated nsswitch.conf.
2006-04-29 04:49:19 +00:00
ume
e14f1c3b3b - Extend the nsswitch to support Services, Protocols and Rpc
databases.
- Make nsswitch support caching.

Submitted by:	Michael Bushkov <bushman__at__rsu.ru>
Sponsored by:	Google Summer of Code 2005
2006-04-28 12:03:38 +00:00
marius
49cbf99f47 Remove last vestiges of sab(4). 2006-04-25 19:43:53 +00:00
brueffer
99320e5a00 Correct two typos in comments. 2006-04-22 13:42:49 +00:00
trhodes
954529dea3 Clean up, comment out non-base utilities, fix up comments.
Prodded by:	hrs
2006-04-22 11:02:44 +00:00
delphij
672b486845 After some discussion we believe that having SERVERS to REQUIRE:
ldconfig would provide necessary protection for named as well,
so remove the dependency here.

Approved by:	flz
2006-04-20 12:30:12 +00:00
delphij
8d6d5b29e8 Make ldconfig as SERVER dependency. This makes it possible
for some early starting services from the ports collection
to have their shared objects available before start.

Reviewed by:	freebsd-rc (dougb, brooks)
MFC After:	3 days
2006-04-19 05:10:34 +00:00
flz
5fc54bd044 - Move _rc_subr_loaded=: at the end of the file, to be consistent with NetBSD.
- Sync with latest version from NetBSD.

'In order to handle some perl scripts running as daemons, add a
pattern which also matches "`basename $interpreter`: $command" in the
ps listing.'

Approved by:	cperciva (mentor)
Obtained from:	NetBSD
MFC after:	1 week
2006-04-18 15:16:55 +00:00
flz
b1851f7c4d - Add new ntpd_config variable so that people can override it in rc.conf.
- Add default value in /etc/defaults/rc.conf.
- Add documentation bits to rc.conf(5).

Approved by:	cperciva (mentor)
MFC after:	1 week
2006-04-18 15:02:24 +00:00
flz
7bf3da7b94 Add ldconfig to the list of requirements for named, needed to use bind
from ports. The effect is that ldconfig is now started right after
mountcritremote. Everything else is left unchanged.

PR:		conf/68916
Submitted by:	JD Bronson <jd@aurora.org>
Approved by:	cperciva (mentor)
MFC after:	1 week
2006-04-18 10:35:05 +00:00
brooks
054ff1b467 Spell synchronous with required silent 'h'.
Reported by:	ru, ceri
Pointy hat:	brooks
2006-04-13 18:34:14 +00:00
brooks
63f9dcf030 Add missing _ to $_punct.
Submitted by:	Dmitry Pryanishnikov <dmitry at atlantis.dp.ua>
2006-04-13 18:27:49 +00:00
flz
45d238b51a Use ps true power instead of tr/tail which aren't available early enough.
PR:		conf/95654
Submitted by:	Rong-En Fan <rafan@infor.org>
Noticed/Fix by:	many people on freebsd-current@
Approved by:	cperciva (mentor)
2006-04-13 08:30:43 +00:00
brooks
1f100dedee Commit the various network interface configutation updates I've been
working on.
  1) Make it possible to configure interfaces with certain characters in
     their names that aren't valid in shell variables.  Currently supported
     characters are ".-/+".  They are converted into '_' characters.
  2) Replace nearly all eval statements in network.subr with a new
     function get_if_var which substitues an interface name (after the
     translations above) for "IF" in a variable name.
  3) Fix list_net_interfaces() in the nodhcp case.
  4) Allow the administrator to specify if dhclient should be started
     when /etc/rc.d/netif configures the interface or only by devd.
     This can be set on both a per interface and system wide basis.

PR:	conf/88974 [1,2], conf/92433 [1,2]
2006-04-13 06:50:46 +00:00
ume
5acd17702f Remove an inappropriate comment which is put into generated
host.conf.  Someone may want to edit it later.

Requested by:	Rostislav Krasny <rosti.bsd__at__gmail.com>
2006-04-12 12:01:53 +00:00
des
4ccfd37f87 Add autologin entries (al.NNN) for higher console speeds.
MFC after:	2 weeks
2006-04-11 09:54:23 +00:00
flz
386dfb985a - If no pidfile has been created at startup, only stop processes
with current jid.

PR:		conf/93287
Submitted by:	anders
Approved by:	cperciva (mentor)
MFC after:	1 month
2006-04-11 09:20:47 +00:00