132144 Commits

Author SHA1 Message Date
njl
a22d768e0f Add back the original behavior of changing the entire directory path at
once (CWD a/b/c vs. 3 CWDs).  If an error occurs, we fall back to the default
method of a single CWD per directory element.  Since this is technically
a violation of the basic FTP RFC, this behavior is under a compile-time
option FTP_COMBINE_CWDS and is off by default.  It should work with most
Unix-based FTP daemons and can save latency.

MFC after:	2 weeks
2007-04-22 22:33:29 +00:00
pjd
328ad8c39b Fix 'zpool status -v'. To get object number we should use ZFS_DIRENT_OBJ()
macro, as za_first_integer field also contains type. This should be fixed in
ZFS itself, but this bug is not visible on Solaris, because there, type is
not stored in za_first_integer. On the other hand it will be visible on
MacOS X.

Reported by:	Barry Pederson <bp@barryp.org>
2007-04-22 21:18:40 +00:00
pjd
6af3e59793 Fix st_rdev handling (implement it, actually).
Reported by:	gj
2007-04-22 21:16:15 +00:00
erwin
5b7440b907 Clement has stepped down from portmgr.
Thanks for all your work!

Reminded by:	brueffer
2007-04-22 21:11:46 +00:00
pjd
410069d287 When zfs dataset has jailed=on property, it won't be mounted with
'zfs mount -a' from the main system - this is by design, as mountpoint
may be set to dangerous value. This all means, that such file system
has to be mounted from within a jail. To make it easier, reorganize
rc.d/zfs script so it can be used from within a jail.
2007-04-22 20:55:08 +00:00
rwatson
48ef639907 Normalize variable naming in the MAC Framework by adopting the normal
variable name conventions for arguments passed into the framework --
for example, name network interfaces 'ifp', sockets 'so', mounts 'mp',
mbufs 'm', processes 'p', etc, wherever possible.  Previously there
was significant variation in this regard.

Normalize copyright lists to ranges where sensible.
2007-04-22 19:55:56 +00:00
rwatson
1c94b6d3ee In the MAC Framework implementation, file systems have two per-mountpoint
labels: the mount label (label of the mountpoint) and the fs label (label
of the file system).  In practice, policies appear to only ever use one,
and the distinction is not helpful.

Combine mnt_mntlabel and mnt_fslabel into a single mnt_label, and
eliminate extra machinery required to maintain the additional label.
Update policies to reflect removal of extra entry points and label.

Obtained from:	TrustedBSD Project
Sponsored by:	SPARTA, Inc.
2007-04-22 16:18:10 +00:00
phk
c729a4c68d Remove the old software bit-banging MII interface, we started using
the Rhines shiftregisters in four years ago (1.60).
2007-04-22 15:58:56 +00:00
phk
ac1868addb Remove further cobwebs: Two layers of pointless substructures. 2007-04-22 15:48:29 +00:00
rwatson
d1196975a0 Remove MAC Framework access control check entry points made redundant with
the introduction of priv(9) and MAC Framework entry points for privilege
checking/granting.  These entry points exactly aligned with privileges and
provided no additional security context:

- mac_check_sysarch_ioperm()
- mac_check_kld_unload()
- mac_check_settime()
- mac_check_system_nfsd()

Add mpo_priv_check() implementations to Biba and LOMAC policies, which,
for each privilege, determine if they can be granted to processes
considered unprivileged by those two policies.  These mostly, but not
entirely, align with the set of privileges granted in jails.

Obtained from:	TrustedBSD Project
2007-04-22 15:31:22 +00:00
phk
db8dcec801 Initialize the physical next pointer in the tx descriptors when we
initialize instead of in the start routine.
2007-04-22 15:09:03 +00:00
jkoshy
bf9c7e516d MFP4: Enhancements and bug-fixes to pmcstat(8):
- The '-c' option now takes a comma-separated list of CPU
   numbers, or a literal '*' denoting all CPUs in the system.
   Subsequent system PMCs are allocated on the CPUs so specified.

   Change the default behaviour to allocate system PMCs on all CPUs,
   not just CPU 0.

   Update the manual page and add an example of how to use the new
   functionality.

 - Attach PMCs to a (commandline) child process more reliably.  This
   fixes a long standing bug in counting events incurred by short-lived
   processes.
2007-04-22 15:00:39 +00:00
phk
fc0fe76a27 Don't rename fields with #define.
Collapse two semantically identical structs.
Add missing vr_ prefix.
2007-04-22 14:57:05 +00:00
rwatson
7851a71064 Further MAC test policy cleanup and enhancement:
- Redistribute counter declarations to where they are used, rather than at
  the file header, so it's more clear where we do (and don't) have
  counters.

- Add many more counters, one per policy entry point, so that many
  individual access controls and object life cycle events are tracked.

- Perform counter increments for label destruction explicitly in entry
  point functions rather than in LABEL_DESTROY().

- Use LABEL_INIT() instead of SLOT_SET() directly in label init functions
  to be symmetric with destruction.

- Align counter names more carefully with entry point names.

- More constant and variable name normalization.

Obtained from:	TrustedBSD Project
2007-04-22 13:29:37 +00:00
phk
1c813951d5 Run if_vr(4) through FlexeLint and clean some of the cobwebs found. 2007-04-22 12:55:36 +00:00
rrs
8374d51a34 Moves the PCB features and flags from sctp_pcb.h to
sctp.h so that netstat can access and display these
values.
2007-04-22 12:12:38 +00:00
rwatson
27da76ec29 Perform overdue clean up mac_test policy:
- Add a more detailed comment describing the mac_test policy.

- Add COUNTER_DECL() and COUNTER_INC() macros to declare and manage
  various test counters, reducing the verbosity of the test policy
  quite a bit.

- Add LABEL_CHECK() macro to abbreviate normal validation of labels.
  Unlike the previous check macros, this checks for a NULL label and
  doesn't test NULL labels.  This means that optionally passed labels
  will now be handled automatically, although in the case of optional
  credentials, NULL-checks are still required.

- Add LABEL_DESTROY() macro to abbreviate the handling of label
  validation and tear-down.

- Add LABEL_NOTFREE() macro to abbreviate check for non-free labels.

- Normalize the names of counters, magic values.

- Remove unused policy "enabled" flag.

Obtained from:	TrustedBSD Project
2007-04-22 11:35:15 +00:00
rrs
44fd758bd5 - Somehow the disable fragment option got lost. We could
set/clear it but would not do it. Now we will.
-  Moved to latest socket api for extended sndrcv info struct.
-  Moved to support all new levels of fragment interleave.
2007-04-22 11:06:27 +00:00
des
c494d6613e Now that we're MPSAFE, tell namei() to acquire Giant if necessary. 2007-04-22 08:41:52 +00:00
kris
fe3371c666 Add some notes clarifying usage and a couple of known bugs 2007-04-22 06:20:12 +00:00
tmclaugh
d613b021e9 Trace my mentor lineage as far back as I can determine.
Not really sure how to handle committers who no longer have a ports
commit bit but are still active in other repos.  Maybe a new node
definition? *shrug*
2007-04-22 02:36:08 +00:00
cperciva
642778cb21 Fix sorting in previous commit.
Pointed out by:	brueffer
Pointy hat to:	cperciva
2007-04-22 00:44:51 +00:00
cperciva
0ba02219ce Add myself. Edwin was my "mentor", even though he released me from
mentorship before approving a single commit.
2007-04-22 00:12:10 +00:00
tmclaugh
2e108c677e mezz was my co-mentor 2007-04-21 23:47:09 +00:00
tmclaugh
9261e1b494 Add xride who was mentored by me and co-mentored by garga 2007-04-21 23:44:36 +00:00
imp
28781a4ef4 Because there are so many more partitions on pc98 than on wintel (16
vs 4), supress all unused partition output unless -v is specified.
This makes operating on a 'typical' disk with one partition less
painful.  The 30 lines needed for the empty partitions no longer
scroll the useful information off the screen.  When the user requests
a specific partition, the unused information is not suppressed.

Also add the partition name to the -s output.

Initialize the partition name to 'FreeBSD' when -I is specified.
2007-04-21 22:47:35 +00:00
rwatson
9792022e80 Allow MAC policy modules to control access to audit configuration system
calls.  Add MAC Framework entry points and MAC policy entry points for
audit(), auditctl(), auditon(), setaudit(), aud setauid().

MAC Framework entry points are only added for audit system calls where
additional argument context may be useful for policy decision-making; other
audit system calls without arguments may be controlled via the priv(9)
entry points.

Update various policy modules to implement audit-related checks, and in
some cases, other missing system-related checks.

Obtained from:	TrustedBSD Project
Sponsored by:	SPARTA, Inc.
2007-04-21 22:08:48 +00:00
rwatson
3df166efbc Teach netinet6 to use PRIV_NETINET_REUSEPORT. 2007-04-21 18:14:04 +00:00
rwatson
32f12b60cc Attempt to rationalize NFS privileges:
- Replace PRIV_NFSD with PRIV_NFS_DAEMON, add PRIV_NFS_LOCKD.

- Use PRIV_NFS_DAEMON in the NFS server.

- In the NFS client, move the privilege check from nfslockdans(), which
  occurs every time a write is performed on /dev/nfslock, and instead do it
  in nfslock_open() just once.  This allows us to avoid checking the saved
  uid for root, and just use the effective on open.  Use PRIV_NFS_LOCKD.
2007-04-21 18:11:19 +00:00
ups
cca3de2c55 Modify TLB invalidation handling.
Reviewed by:	alc@, peter@
MFC after:	1 week
2007-04-21 14:17:30 +00:00
pjd
2cd524ebed Improve sharenfs option handling, so it is possible to give hosts list.
Before the change the command above:

	# zfs set sharenfs=freefall.freebsd.org,69.147.83.54 tank/foo

was translated to:

/tank/foo -freefall.freebsd.org -69.147.83.54

instead of:

/tank/foo freefall.freebsd.org 69.147.83.54

This commit corrects this.
2007-04-21 13:17:23 +00:00
jkoshy
4c79721dd4 Correct a sanity check. 2007-04-21 12:04:03 +00:00
pjd
24d4489802 MFp4:
@118370	Correct typo.

@118371	Integrate changes from vendor.

@118491	Show backtrace on unexpected code paths.

@118494	Integrate changes from vendor.

@118504	Fix sendfile(2). I had two ways of fixing it:
	1. Fixing sendfile(2) itself to use VOP_GETPAGES() instead of
	   hacking around with vn_rdwr(UIO_NOCOPY), which was suggested
	   by ups.
	2. Modify ZFS behaviour to handle this special case.

	Although 1 is more correct, I've choosen 2, because hack from 1
	have a side-effect of beeing faster - it reads ahead MAXBSIZE
	bytes instead of reading page by page. This is not easy to implement
	with VOP_GETPAGES(), at least not for me in this very moment.

	Reported by:	Andrey V. Elsukov <bu7cher@yandex.ru>

@118525	Reorganize the code to reduce diff.

@118526	This code path is expected. It is simply when file is opened with
	O_FSYNC flag.

	Reported by:	kris
	Reported by:	Michal Suszko <dry@dry.pl>
2007-04-21 12:02:57 +00:00
mtm
e60ce7e120 Regression tests for recent changes to inet6_rth_* family of functions
regarding RFC3542 compliance.
2007-04-21 11:23:33 +00:00
hrs
d0bcca2e7b Update release notes:
- hw.pci.do_powerstate split into hw.pci.do_power_nodriver
	and hw.pci.do_power_resume.

Pointed out by: pluknet at gmail.com
2007-04-21 03:45:18 +00:00
yar
edda503ffe Add a missing link: if_edsc.4 -> edsc.4 .
Network interface manpages should have such links.
2007-04-21 03:00:19 +00:00
yar
802e70c6ff Don't forget to bump document date after changing the content. 2007-04-21 01:22:51 +00:00
yar
65b331b4a1 Change the semantics of -i (in-place editing) so that it treats
each file independently from other files.  The new semantics are
desired in the most of practical cases, e.g.: delete lines 5-9
from each file.

Keep the previous semantics of -i under a new option, -I, which
uses a single continuous address space covering all files to edit
in-place -- they are too cool to just drop them.

Add regression tests for -i and -I.

Approved by:	dds
Compared with:	GNU sed
Discussed on:	-hackers
MFC after:	2 weeks
2007-04-21 01:21:36 +00:00
sepotvin
a1e73b1eaf Add support for specifying a minimal size for vm.kmem_size in the loader via
vm.kmem_size_min. Useful when using ZFS to make sure that vm.kmem size will
be at least 256mb (for example) without forcing a particular value via vm.kmem_size.

Approved by: njl (mentor)
Reviewed by: alc
2007-04-21 01:14:48 +00:00
brueffer
a1cba020dd Bah, sorting alphabetically is hard. 2007-04-21 00:25:05 +00:00
brueffer
9c97982fc8 Add markus. 2007-04-21 00:18:37 +00:00
brueffer
9efc16eab1 Remove useless FILES section.
MFC after:	3 days
2007-04-21 00:05:35 +00:00
brueffer
2df123e4e2 Spring cleaning: Remove worm(4) manpage, the driver was removed pre-3.0. 2007-04-20 23:47:30 +00:00
pjd
acc4c54fc5 Don't reinvent vm_page_grab().
Reviewed by:	ups
2007-04-20 19:49:20 +00:00
pjd
b388ff90ba Test sending 0 bytes. 2007-04-20 19:01:42 +00:00
pjd
c6bba81ef0 Fix length calculation. 2007-04-20 19:00:43 +00:00
brueffer
0f442faf2e New release notes:
- IPLware 3.33 support for pc98
- CAM MPSAFE
- ahc(4) and ahd(4) MPSAFE
- pseudofs(9) and consumers MPSAFE
- OpenBSM 1.0 alpha 14
- lastcomm -X flag
- ftpd(8) RFC2389 and RFC2640 support

Modified release notes:
- ncurses was updated from version 5.2-20020615

While here, moved the lagg(4) and XFS entries to the correct places.
2007-04-20 16:12:31 +00:00
brueffer
0beeeb1864 Xref linsysfs(5).
MFC after:	3 days
2007-04-20 15:38:06 +00:00
kientzle
0c3bc8c454 Fix a memory leak in the uname/gname lookup cache.
Thanks to: VMiklos
2007-04-20 15:32:13 +00:00
andre
0af88c9154 o Remove unncessary TOF_SIGLEN flag from struct tcpopt
o Correctly set to->to_signature in tcp_dooptions()
o Update comments
2007-04-20 15:28:01 +00:00