After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.
Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by: drysdale@google.com, bdrewery
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4277
These are no longer needed after the recent 'beforebuild: depend' changes
and hooking DIRDEPS_BUILD into a subset of FAST_DEPEND which supports
skipping 'make depend'.
Sponsored by: EMC / Isilon Storage Division
If one does 'ifconfig tap create name blah', it will return error because the
'name' command doesn't properly populate the request sent to ioctl(...). The
'description' command has the same bug, and is also fixed with this patch.
If one does 'ifconfig tap create mtu 9000 name blah', it DOES work, but 'tap0'
(or other sequence number) is echoed, instead of the expected 'blah'. (assuming
the name change actually succeeded)
Submitted by: Marie Helene Kvello-Aune <marieheleneka@gmail.com>
Differential Revision: https://reviews.freebsd.org/D5341
The variable isn't actually checked -- just the end result which gets
returned from the function
Differential Revision: https://reviews.freebsd.org/D5156
Reviewed by: araujo, delphij
MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division
embedded structures out of a packed, unaligned struct into local copies
on the stack which are aligned.
The original patch to do this was submitted by Guy Yur <guyyur@gmail.com>,
and this is conceptually the same change, but restructured with the
#ifndef __NO_STRICT_ALIGNMENT wrapper, similar to how the same issue is
handled in the kernel pf code.
PR: 185617
PR: 206658
Some of the structures referenced in power.c (in particular
struct nvme_power_state) are missing from sbin/nvmecontrol/
Pointyhat to: imp
Reported by: Jenkins [*], O. Hartmann <ohartman@zedat.fu-berlin.de>, Outback Dingo <outbackdingo@gmail.com>
The tests will manipulate the system daemon today, which can cause undesired
service interruption when the tests are run.
This change allows the geom_gate tests to be run with an arbitrary ggated(8)
daemon / geom_gate(4) device pairing.
Other changes:
- Sort #includes
- Use a more common idiom for parsing options with getopt(3)
Differential Revision: https://reviews.freebsd.org/D4836
MFC after: 2 weeks
Reviewed by: bjk (manpages), pjd (maintainer timeout)
Sponsored by: EMC / Isilon Storage Division
sent using roundrobin protocol and set a better granularity and distribution
among the interfaces. Tuning the number of packages sent by interface can
increase throughput and reduce unordered packets as well as reduce SACK.
Example of usage:
# ifconfig bge0 up
# ifconfig bge1 up
# ifconfig lagg0 create
# ifconfig lagg0 laggproto roundrobin laggport bge0 laggport bge1 \
192.168.1.1 netmask 255.255.255.0
# ifconfig lagg0 rr_limit 500
Reviewed by: thompsa, glebius, adrian (old patch)
Approved by: bapt (mentor)
Relnotes: Yes
Differential Revision: https://reviews.freebsd.org/D540
The upcoming GELI support in the loader reuses parts of this code
Some ifdefs are added, and some code is moved outside of existing ifdefs
The HMAC parts of GELI are broken out into their own file, to separate
them from the kernel crypto/openssl dependant parts that are replaced
in the boot code.
Passed the GELI regression suite (tools/regression/geom/eli)
Files=20 Tests=14996
Result: PASS
Reviewed by: pjd, delphij
MFC after: 1 week
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D4699
cperciva's libmd implementation is 5-30% faster
The same was done for SHA256 previously in r263218
cperciva's implementation was lacking SHA-384 which I implemented, validated against OpenSSL and the NIST documentation
Extend sbin/md5 to create sha384(1)
Chase dependancies on sys/crypto/sha2/sha2.{c,h} and replace them with sha512{c.c,.h}
Reviewed by: cperciva, des, delphij
Approved by: secteam, bapt (mentor)
MFC after: 2 weeks
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D3929
sbin/mount.c
Check whether an fstab entry has the same fstype as a mounted
filesystem before declaring it to be mounted. This will allow NFS
filesystems that share a mountpoint with a local filesystem to be
automatically mounted at boot.
This is not such an unusual situation. For example, if somebody uses
the standard installer with a ZFS root, he'll get a /usr/home
filesystem, even though he may choose to mount /usr/home over NFS.
Reviewed by: trasz
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D4556
Add -N flag to reboot(8) which bypasses the userland sync(2) during
reboot(8) while still allow the kernel sync during the reboot(2) syscall
to occur.
An example use of this is when rebooting with disconnected iSCSI sessions
which would otherwise cause the reboot to hang on BIOs that will never
complete.
Reviewed by: bjk
MFC after: 2 weeks
Sponsored by: Multiplay
Differential Revision: https://reviews.freebsd.org/D4449
it looks, because we'll hit the sockbuf's mbuf limit long before hitting its
data limit. A 256KB data limit allows creating a ZFS pool on about 450
drives without overflowing the client socket buffers.
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D4476
the real build file.
This lessens the need to define DPADD_<lib> and LDADD_<lib> to just very
special cases.
Sponsored by: EMC / Isilon Storage Division
This had no real impact since libipf is a static INTERNALLIB. It does conflict
with an assertion I am adding for LIBADD though.
Sponsored by: EMC / Isilon Storage Division
This is not properly respecting WITHOUT or ARCH dependencies in target/.
Doing so requires a massive effort to rework targets/ to do so. A
better approach will be to either include the SUBDIR Makefiles directly
and map to DIRDEPS or just dynamically lookup the SUBDIR. These lose
the benefit of having a userland/lib, userland/libexec, etc, though and
results in a massive package. The current implementation of targets/ is
very unmaintainable.
Currently rescue/rescue and sys/modules are still not connected.
Sponsored by: EMC / Isilon Storage Division
Unfortunately filemon/meta mode tracks all indirect dependencies here
since ld(1) is reading libelf when linking in libkvm. Churn would be
reduced if this was able to be limited to direct dependencies.
Sponsored by: EMC / Isilon Storage Division
* remove regdomain.[ch] - it's now part of lib80211.
* convert ifieee80211.c to use the ioctl routines in lib80211 and
implement the "error? exit" wrapper behaviour the callers expect.
Right now net80211 is configured as type IBSS but then treats it
as mediatype ADHOC. This doesn't change that; it just correctly handles
being given a mediatype of IBSS.
Return -1 on errors from mkfs_msdos() instead of err()/errx(), to
allow different consumers to handle errors as appropriate.
Obtained from: NetBSD
Sponsored by: The FreeBSD Foundation
The dumpdev kenv supports devices without the /dev/ prefix, fix dumpon to
also support this which is required after r288153.
MFC after: 1 week
Sponsored by: Multiplay
a seek for every block... For large (Exabyte sized files) this would
issue lots of unneeded seeks, so combine them...
Thanks for the work Jan, sorry took so long to commit... And an item
completed off the IdeasPage!
Submitted by: Jan Sucan
the root filesystem without full reboot, using "reboot -r". This can
be used to to eg. boot from a temporary md_image preloaded by loader(8),
setup an iSCSI session, and continue booting from rootfs mounted over
iSCSI.
Reviewed by: kib@, bapt@
MFC after: 1 month
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D3693
Make savecore(8) more suitable for init-time scripts; be quiet by default.
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D3229