mbuf is dropped, to preserve the invariant in the PR_ADDR case.
Add a regression test to detect this condition, but do not hook it
up to the build for now.
PR: kern/38495
Submitted by: James Juran
Reviewed by: sam, rwatson
Obtained from: NetBSD
MFC after: 2 weeks
wildcard specifications. Earlier the only wildcard syntax
was "-j 0" for "any jail". There were at least
two shortcomings in it: First, jail ID 0 was abused; it
meant "no jail" in other utils, e.g., ps(1). Second, it
was impossible to match processed not in jail, which could
be useful to rc.d developers. Therefore a new syntax is
introduced: "-j any" means any jail while "-j none" means
out of jail. The old syntax is preserved for compatibility,
but now it's deprecated because it's limited and confusing.
Update the respective regression tests. While I'm here,
make the tests more complex but sensitive: Start several
processes, some in jail and some out of jail, so we can
detect that only the right processes are killed by pkill
or matched by pgrep.
Reviewed by: gad, pjd
MFC after: 1 week
nature of implied connect via sendto(). Oddly, uipc_usrreq.c implements
this for stream sockets, but doesn't set the flag in its protocol
definition so that it can actually be used. As such, the stream test is
implemented but doesn't run for now.
prints out if bootverbose is set. This is to facilitate the code being
removed from the kernel at a later date.
While we're here, fix the __packed structures, and add some other
PCI interrupt router IDs.
Submitted by: jhb (with some tweaks)
MFC after: 3 weeks
KERNCONF after the file has been copied to the sys/${ARCH}/conf directory. This
allows the use of one kernel config file for multiple images. E.g.:
NANO_KERNEL=../../../../software/nanobsd/default/SOEKRIS
MFC: after 6.2
to WITH_CDDL.
This option enables building code that is licensed under Sun's CDDL.
The DTrace code is licensed that way, so by default it will get built
unless the WITHOUT_CDDL option is used.
There is another build toggle, NO_CTF, which turns off execution of
ctfconvert and ctfmerge in sys.mk, but this can't be implemented as
WITH_/WITHOUT because bsd.own.mk isn't included in all Makefiles and
sys.mk is included automatically by make.
This allows the user to specify that the root filoesystem should be
an MFS or teh actual medium itself.
Also a new command syntax, along with an interactive mode by default,
with crossinvocation memory of the last used values as defaults for the
current invocation.
Submitted by:jmeloatfreebsdbrasil,com-br
implemented properly for a number of kernel subsystems. In general, they
try to exercise the privilege first as the root user, then as a test user,
in order to determine when privilege is being checked.
Currently, these tests do not compare inside/outside jail, and probably
should be enhanced to do that.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Add "-C <column>" and "-d <delims>" options to chop up input lines.
Make '#' a comment character, rest of line is ignored.
Submitted by: Dmitry Morozovsky <marck@rinet.ru>
separate function which is called right after install_etc(). This makes
it simpler to (ab)use nanobsd.sh as a framework to build more normal
FreeBSD images where a normal /etc is used, since setup_nanobsd_etc()
can just be redefined.
OK'ed in principle by: phk
MFC after: 1 week
It is by no means expected to perform a complete test of the library
for correctness, but is meant to test the API to make sure libmp (or
libcrypto) updates don't totally break the library.
instead of setup_nanobsd(), because this gives customize tasks a chance
to fiddle the details.
Inspired & tested by: Jordan Coleman <jordan@JordanColeman.com>
o If something is wrong with options, then output short usage help message.
o Output errstr returned from strtonum(3).
PR: bin/98141
Submitted by: Andrey Simonenko
It uses doxygen to generate the API documentation. For each subsystem
a very small (about 20 lines with comments) subsystem specific Doxyfile
has to be written (have a look at the README for more). All common doxygen
options are specified in a separate file.
The framework is configured to not only generate the HTML version, but also
a PDF version (the paper size is hardcoded to DIN A4 currently and depending
on the subsystem you have to increase some limits in the latex configuration
of your system, the README tells more about this).
It also allows cross-references between the subsystems (it generates doxygen
tag files).
Currently the docs are generated in OBJDIR, but this may change after
coordination with doc@. The makefile is prepared to generate/move various
parts of the generated docs to different destinations.
TARGET_ARCH is respected and some env-vars are set for architecture specific
handling of the source (the README tells more).
Subsystems for which docs are generated:
- cam - crypto - dev_pci
- dev_sound - dev_usb - geom
- i4b - kern - libkern
- linux - net80211 - netgraph
- netinet - netinet6 - netipsec
- opencrypto - vm
Requested by: gnn
o Introduce -r and -w keys which allow to load and save a worklist.
o Replace README by man page.
PR: bin/96677
Submitted by: Ulrich Spoerlein
Approved by: phk
MFC after: 1 month
case). Can be useful for recovering in some cases;
o use SBLOCK_UFS2 instead of SBLOCK_UFS1 to calculate likely start of the UFS2
partition from the beginning of disk.
subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, object matches subject uid/gid
object type
We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.
These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.
Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
o Add mount and umount actions so that partitions can be in use.
o Extend the testing of the add verb to include overlapping
partitions.
o Add tests for the remove verb. this includes tests to remove
a partition when in use (i.e. is mounted).
o Add a MD5 checksum to the output of the conf action so that
it can be tested. Make sure the MD5 doesn't vary based on
certain dynamic behaviour that is irrelevant to the output.
o Add MD5 checksums to the expected result of conf actions.
Add support for read-write parameters. Allow an optional initializer
for read-write parameters. Print the value of those parameters on
success following the PASS.
in the commit log) submitted support for some NO_* knobs for delete-old*
and check-old. I converted it to the new WITHOUT_* knobs (more correctly:
MK_*) and added some dummy ones so that people can see what's missing.
Volunteers can have a look at http://phk.freebsd.dk/misc/build_options/
for a list of files.
The location looks a little bit odd to me, but I don't care about the
color of this bikeshed and follow the suggestion of our build
infrastructure guru to place it "somewhere under src/tools/ please". [1]
The build/mk/ directory looks more sane to me than the other ones there.
Submitted by: milosz.galazka@gmail.com
Suggested by: ru [1]
the first part before starting, or the TCP port we want to bind may be in
use still. Sleep for a short period between tests.
Use SIGTERM instead of SIGKILL.
pru_abort() by closing a listen socket while completed connections are
presenting in its listen queue. Unfortunately, it's difficult to
trigger the other two pru_abort() cases using user APIs, so they are
not covered by this test.
mode. Support both connection via connect() and sendto(), but don't
compile in sendto() for now, since netipx doesn't appear to actually
implement that (doh).
times, with variable length sleeps between socket() and close(). This
will help to ensure that IPX/SPX timers fire while the sockets are
open, and hence have PCB's on the IPX pcb list, so that if timers are
going to stumble over PCB types they don't expect, it will happen as
part of this test.
an empty addenda section.
Handle kernel configs that lack a "machine" line by guessing at the location
of GENERIC (assuming that it is in the same directory as the config file)
two reasons:
(1) juggle is now maintained in CVS, not P4, so the CVS revision number is
the authoritative one.
(2) Apparently $P4$ requires special handling and juggle was not marked
as needing it, resulting in problems for the P4 importer.
Requested by: gordon
# Size of the /etc ramdisk in 512 bytes sectors
NANO_RAM_ETCSIZE=10240
# Size of the /tmp+/var ramdisk in 512 bytes sectors
NANO_RAM_TMPVARSIZE=10240
And a last_orders() shell function which can be redefined to copy
finished images away, order peanuts or whatever else is appropriate
in the first place).
- Add some XXX lines as a TODO.
- Add a cvs diff command to the generated commit script.
- Add cdiff/colordiff to the list of optional dependencies.
- Fix a problem when giving the commit mail without the headers to
mfc.pl -f, it should now work correctly.
- Bump version.
Approved by: ssouhlal (implicit)
generates a patchset along with a commit message and a commit script if the user has
commit rights.
- Add a README file to give a quick description of each script's purpose.
Approved by: netchild
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.
Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)