Commit Graph

5524 Commits

Author SHA1 Message Date
jilles
b69a01f7fa rc.d/sysctl: Fix error messages about unknown OIDs.
There are three situations where the sysctl script is called:
1. "start", very early
2. "lastload", near the end of rc
3. "reload", at admin request while the system is booted

Ignore unknown OIDs in situation 1 because kernel modules may not be loaded
yet and complain about them in situations 2 and 3.

PR:		conf/174595
Submitted by:	Olivier Smedts
2013-03-22 20:12:25 +00:00
cperciva
f07d0be8f8 Fix typo in previous commit: Exit if */dev/dumpdev* does not exist, not if
*/bin/realpath* does not exist...

Submitted by:	markj
Pointy hat to:	cperciva
2013-03-19 05:08:25 +00:00
cperciva
262a11c529 If dumpdev is AUTO but no dump device has been set -- i.e., there is no swap
space configured for rc.d/dumpon to designate for dumping -- then exit
silently rather than with a
> realpath: /dev/dumpdev: No such file or directory
error message.

An argument could be made that we should print a (more informative) warning
message; but given that under the same conditions the rc.d/dumpon script will
already print a
> No suitable dump device was found
warning, it seems that printing an additional
> Dump device does not exist.  Savecore not run.
warning would be superfluous.
2013-03-19 04:42:04 +00:00
neel
b893c0b25f Add bhyve to examples.
Requested by: alfred, julian
Obtained from:	NetApp
2013-03-18 23:46:14 +00:00
antoine
0449dd83b1 Finish portalfs removal. 2013-03-10 17:33:41 +00:00
cperciva
0212924a12 Now that stable/7 is EOL, stop building INDEX-7.
MFC after:	1 week
2013-03-07 20:48:36 +00:00
schweikh
1b7bd76800 Comment cosmetics: capitalize SCSI
Fix some hard tabs in the wrong place.

MFC after:	2 weeks
2013-03-02 18:08:03 +00:00
des
11d336c804 If rtadvd_interfaces is set to "none", start rtadvd without listing
any interfaces on the command line.

MFC after:	1 week
2013-02-25 17:07:42 +00:00
ache
2f7ddc2dcd Back out prev. change preventing /sys/sys symlink. It appears my install
was not very recent and not acts like 'ln -h'
2013-02-22 19:57:18 +00:00
ache
711b357b3d In 'make hierarchy' don't install /sys/sys pointing to usr/src/sys
but just /sys pointing there
2013-02-17 13:06:59 +00:00
jkim
824572aa99 Revert r227528 and r227787. This hack is no longer necessary since r233580. 2013-02-15 22:58:44 +00:00
jhb
b313f550e1 Install <dev/agp/agpreg.h> and <dev/pci/pcireg.h> as userland headers
in /usr/include.

MFC after:	2 weeks
2013-02-05 18:55:09 +00:00
des
2ab43ec83e Load the pfsync module if necessary.
Reviewed by:	glebius@
MFC after:	1 week
2013-02-05 12:18:39 +00:00
ume
d10987d402 Use the default policy table of RFC 6724.
MFC after:	1 weeks
2013-02-02 18:08:09 +00:00
brooks
3e28301ce2 When adding the directory ownership to the METALOG do it by name rather
than number as is done in install so as to differ binding of names to
ids.

Remove the -W flag from the mtree command so that the correct user and
group is recorded rather than the default.
2013-01-30 17:39:43 +00:00
brooks
1a89a21cbd Log the addition of login.conf.db, passwd, pwd.db, and spwd.db via cat -l.
Make cat a bootstrap tool to facilitate this.
2013-01-29 22:17:58 +00:00
neel
15607eb86a Increase the "memorylocked" limit for the "daemon" class.
amd(8) requires more than the 64MB that is currently available to it so bump
it up to 128MB.

Reviewed by:	kib
Discussed with:	avg, kib, zont
2013-01-27 21:55:01 +00:00
brooks
75f69e58cc Introduce a new option -DNO_ROOT that allows install and distribution
targets to be run without root privilege.

Information about ownership, group, flags, and suid bits are stored in
the file specified by METALOG which defaults to ${DESTDIR}/METALOG.
This file can be used in conjunction with bsdtar or makefs to generate
archives or file system images with correct permissions.

The packageworld target has been altered to use this metadata allowing
non-root releases (subject to further changes in release/Makefile.)

Sponsored by:	DARPA, AFRL
Reviewed by:	ian, ray
2013-01-22 21:10:03 +00:00
brooks
6c2d158aba Replace all known uses of ln in the build process with appropriate
install -l invocations via new INSTALL_LINK and INSTALL_SYMLINK
variables.

Sponsored by:	DARPA, AFRL
Reviewed by:	ian, ray, rpaulo
2013-01-21 22:40:39 +00:00
brooks
2ba8b9706f In r245571, "rm -rf <foo>; ln -s <bar> <foo>" needed to be replaced with
"ln -sfh <bar> <foo>" or the links would fail when a valid link to a
directly was in place at <foo>.

Reported by:	peter
Tested by:	peter
Pointy hat to:	brooks
2013-01-17 23:05:03 +00:00
brooks
6fd273a1c0 In preparation for logging metadata about each filesystem object
refactor the link section of distrib-dirs to alwasy install to a full
path (the link contents remain relative as they should).

Eliminate the use of the "rm -r[f] <foo>; ln -s <bar> <foo>" pattern in
favor of "ln -sf <bar> <foo>".  None of these links could be directories
on a system installed in the last decade.

Sponsored by:	DARPA, AFRL
Reviewed by:	mtree
2013-01-17 20:21:30 +00:00
brooks
a390aab857 Rework the mtree portion of etc/Makefile's distrib-dirs target to run
mtree in a shell loop so there is only one mtree commandline.  Move the
implementation of LOCAL_MTREE into etc/Makefile.

Sponsored by:	DARPA, AFRL
Reviewed by:	mtree :)
2013-01-17 18:32:30 +00:00
bz
c68369b543 Add a conditional sleep 1 in case we add any IPv6 addresses to interfaces.
Do this per jail started, not per address.  This will allow DAD to complete
and services to properly start.   Before we have seen problems with services
trying to start before the IPv6 address was available to use and thus
erroring and failing to start.

MFC after:	3 days
2013-01-17 01:27:39 +00:00
brooks
621d391260 According to the notes in ObsoleteFiles.inc we last installed section
1aout manpages in 2002.  Stop making the directories and links to them.
2013-01-16 23:16:41 +00:00
brooks
8251e188c6 Add an option DB_FROM_SRC to use src/etc's user/group databases when
installing.  This allows things like running installworld for 10-CURRENT
on a 9.0-RELEASE system without adding extra users and groups to the
passwd and group files.

To prevent potentially risky uid/gid mismatches on systems with
non-standard local values, require that DESTDIR be set if DB_FROM_SRC is
set.

Sponsored by:	DARPA, AFRL
Reviewed by:	peter
2013-01-15 00:12:34 +00:00
brooks
97cd9ab39d Revert r245316. Systems with non-standard uids/gids are more prevalent
that I'd feared.  Discussion is ongoing about the scope of a safer
solution.
2013-01-11 23:44:35 +00:00
brooks
ae7a101bcb Use the -N option to install and nmtree to eliminate the need for the
checks for missing users and groups.

Sponsored by:	DARPA, AFRL
2013-01-11 23:08:19 +00:00
smh
5f83c0049f Allow perl scripts to be used in rc.d scripts
PR:		conf/117027
Reviewed by:	pjd (mentor)
Approved by:	hrs
MFC after:	2 weeks
2013-01-10 11:08:22 +00:00
peter
ae464bd0f7 Not using the full domain was a really bad idea. 2013-01-06 19:25:42 +00:00
erwin
5c3498dbc2 Update with new IPv4 address for D root.
Approved by:	delphij (mentor)
2013-01-04 09:15:59 +00:00
gshapiro
40a342aed7 Minor changes to force commit these files so new freebsd*.cf files are
built to use the new sendmail-8.14.6/cf tree.

While here, update DNSBL link once again.

MFC after:	4 days
2012-12-29 20:42:28 +00:00
gshapiro
896fc63862 Add missing closing quote on commented out example
PR:		bin/174108
Obtained from:	Julian H. Stacey
MFC after:	1 day
2012-12-29 19:57:52 +00:00
ume
1bd72ff3fb Fix location of /var/audit/dist and /var/audit/remote.
Note that those who did installworld after r243752 should
remove wrongly created /var/dist and /var/remote.

Reviewed by:	pjd
2012-12-28 10:42:01 +00:00
markj
f8816140af Don't reload syslogd after rotating sendmail.st, as this file isn't
managed by syslogd.

PR:		conf/169973
Approved by:	rstone (co-mentor)
MFC after:	1 week
2012-12-20 23:18:36 +00:00
bapt
eb5a928066 make installation of the 220.backup-pkgdb periodic script depend on PKGTOOLS
knob
2012-12-20 11:39:20 +00:00
zont
b56a027638 - Set memorylocked limit to 64Kb for default login class.
This prevents unprivileged users to lock too much memory.
- Set memorylocked limit to 64Mb for daemon login class.
  Some daemons such as amd(8) and watchdogd(8) calls mlockall(2) on
  startup, they are run from init(8) which uses daemon login class.
- Set memorylocked limit to unlimited for root login class.

Suggested by:	avg
Approved by:	kib (mentor)
MFC after:	1 week
2012-12-18 07:27:50 +00:00
pjd
cbf6823f9a Use new savecore(8) option and limit number of kernel dumps that will
be kept around to the 10 most recent ones.

Add UPDATING entry with info how to return to the previous behaviour (no
limits).

Obtained from:	WHEEL Systems
2012-12-16 23:29:56 +00:00
hselasky
8ee2f7fcb1 Regenerate usb.conf
MFC after:	1 week
2012-12-15 10:56:16 +00:00
pjd
1d3ec906ca - When checking if a dump exists on the given device there is no need to
provide dump directory. Eliminate this redundant argument. This changes
  the usage, but the only risk here is that a warning will be printed
  about directory given as device.

- Update usage of -C option.

- When clearing dump header from the given device there is also no need to
  provide dump directory, although additional arguments for -c were not
  documented.

- Document that -v can be used with -c and that list of devices can be given.

Obtained from:	WHEEL Systems
2012-12-14 15:12:08 +00:00
delphij
976943f3a9 Teach sysctl(8) about parsing a file (while I'm there also give it
capability of parsing both = and : formats).

Submitted by:	hrs (initial version, bugs are mine)
MFC after:	3 months
2012-12-13 23:32:47 +00:00
pjd
3b54c5ffbe Fix the location of auditdistd configuration file.
Reported by:	Johan Hendriks <joh.hendriks@gmail.com>
2012-12-13 09:41:32 +00:00
delphij
36123bbedb Sync pf.os with OpenBSD:
add a handful of linux signatures from p0fv2 and some other
signatures from observation.

MFC after:	2 weeks
2012-12-10 20:52:52 +00:00
adrian
51bed028d5 Add a new 900MHz GSM regulatory SKU for the Xagyl Communications XC900M.
The XC900M acts as a Ubiquiti XR9 (and I _think_ SR9) by default;
it uses the same 900MHz<->2.4GHz downconverter mapping.

However it has an alternative frequency mapping which squeezes in a couple
more half/quarter rate channels.  Since the default HAL doesn't support
fractional tuning (sub-1MHz) in 2.4GHz mode on the AR5413/AR5414, they
implement it using a jumper.

Datasheet: http://www.xagyl.com/download/XC900M_Datasheet.pdf

Thankyou to Xagyl Communications for the XC900M NICs and Edgar Martinez
for organising the donation.

Tested:

* XC900M <-> XC900M
* Ubiquiti XR9 <-> XC900M

TODO:

* Test against SR9 and GZ901 if possible (the IEEE channel<->frequency
  mapping may not match up, thanks to the slightly different channels
  involved)
2012-12-07 06:34:46 +00:00
eadler
6dd12d609d Remove hack to emulate effective uid and just use the EUID's name in the
first place.  I was unaware of this option when originally committing
this change.

Submitted by:	gcooper
Approved by:	cperciva
MFC after:	3 days
2012-12-05 13:56:39 +00:00
rwatson
991e942bf2 Merge a number of changes required to hook up OpenBSM 1.2-alpha2's
auditdistd (distributed audit daemon) to the build:

- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.

The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.

Submitted by:	pjd
Sponsored by:	The FreeBSD Foundation (auditdistd)
2012-12-01 15:11:46 +00:00
hselasky
9cb06d4917 Regenerate usb.conf
MFC after:	1 week
2012-11-28 18:37:20 +00:00
glebius
8f5310865e Fix typo in weekly line which made it to rotated after reaching > 1 Kb.
PR:		conf/173857
Submitted by:	Matt Smith <matt xtaz.co.uk>
2012-11-26 19:42:38 +00:00
crees
133206e35a Revert r243228. This commit appears to cause more trouble than
it was designed to avoid; the issue described in the PR was no
longer an issue anyway.
2012-11-21 18:12:28 +00:00
hrs
f5a468d92e Do not put "already running" message when rc_quiet=yes.
PR:	bin/165477
2012-11-20 04:45:04 +00:00
crees
88807e15b4 cp -R misses out dotfiles; use pax instead to copy file hierarchies
PR:		conf/99721 (based on)
Submitted by:	Florian Zavatzki <f_zavatzki@blue-network.org>
Approved by:	hrs
MFC after:	1 month
2012-11-18 14:21:05 +00:00