my fingers are getting tired. Here is a new manual page, 'development',
which describes a very powerful, generic, exportable development environment
suitable to developers, sysops, admins, and anyone at all who is
maintaining more the one FreeBSD box. I have used this type of environment
for many years and have had to make virtually no changes to it for all that
time.
MFC after: 3 days
o Correct the range of compartments (1..256 instead of 0..255)
o Use the correct name for "Network Associates Laboratories"
MFC Candidate.
Sponsored by: DARPA, Network Associates Laboratories
Reviewed by: Adam Migus <adam@migus.org>
background fsck. The delay defaults to sixty seconds to allow
large applications such as the X server to start before disk I/O
bandwidth is monopolized by fsck.
Submitted by: Brooks Davis <brooks@one-eyed-alien.net>
Sponsored by: DARPA & NAI Labs.
solution is worked out to clarify more specific compartment-related
cases.
Submitted by: dcs
Sponsored by: DARPA, Network Associates Labs
Approved by: re (blanket)
o None: Stub policy
o Seeotheruids: The "see processes and sockets owned by other users" policy
o Test: Debugging policy
Standardize the SYNOPSIS and HISTORY sections.
Update SEE ALSO sections.
it, so don't suggest it. It's likely going away soon also, so avoid
believing it's supported.
Suggested by: Sean Kelly <smkelly@zombie.org>
Approved by: re
that we do MP on more than just i386, and add some cross-references.
This is far from a perfect update, but at least it's a start. More
will no doubt follow.
Reviewed by: jhb
Approved by: re
o Biba: A data integrity policy
o BSD Extended: Support for the firewall-like access controls (ugidfw(8))
o MLS: Multi-level security, a confidentiality policy
(These files originally lived in src/share/man/man9)
Approved by: re (blanket)
Sponsored by: DARPA, Network Associates Labs
Obtained from: TrustedBSD Project
This mostly consists of functionality to serialize accesses to
the two ATA channels (which can also be used to "fix" certain
PCI based controllers).
Add support for Acard controllers.
Enable the ATA driver in PC98 GENERIC, and add device hints.
Update man page with latest support.
The PC98 core team has kindly provided me with a PC98
machine that made this all possible, thanks to all that
contributed to that effort, without that this would
probably newer have been possible..
Approved by: re@
the file system initial labeling policy exists in userland, and is
fed into setfsmac(1). This is based on the old LOMAC PLM.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
The /usr/bin/perl wrapper isn't solving many of the problems it was
imported to deal with. There are limitations to it that don't have a
clear "fix".
Reviewed by: markm, kris
Extorted approval from: re(jhb)
Revert to using the .Tn POSIX and .Tn ANSI instead of \*[Px] and \*[Ai]
strings; using these strings is unsafe in troff mode, as they include a
change in a font size.
Approved by: re
for the -static flag instead when constructing LIBPAM.
(This fixes false warnings from ``make checkdpadd -DNOSHARED'' in
lib/libpam/modules/.)
Submitted by: bde, ru
Approved by: re
device ppc
and
hint.ppc.0.at="isa"
hint.ppc.0.irq="7"
in /boot/device.hints to configure the ppc device.
Reviewed by: trhodes, ru
Approved by: re@ (rwatson)
This code allows a user program to enable target mode on a SIM and
then emulate any number of devices (disks, tape drives, etc.) All
decisions about device behavior (UA, CA, inquiry response) are left
to the usermode program and the kernel driver is merely a conduit
for CCBs. This enables multiple concurrent target emulators, each
using its own backing store and IO model.
Also included is a user program that emulates a disk (RBC) using a
file as a backing store. This provides functionality similar to
md(4) at the CAM layer.
Code has been tested on ahc(4) and should also work on isp(4) (and
other SIMs that gain target mode support). It is a complete rewrite
of /sys/cam/scsi_target* and /usr/share/examples/scsi_target.
Design, comments from: gibbs
Supported by: Cryptography Research
Approved by: re
Has been seen to work on several cards and communicating with
several mobile phones to use them as modems etc.
We are still talking with 3com to try get them to allow us to include
the firmware for their pccard in the driver but the driver is here..
In the mean time
it can be downloaded from the 3com website and loaded using the utility
bt3cfw(8) (supplied) (instructions in the man page)
Not yet linked to the build
Submitted by: Maksim Yevmenkin <myevmenk@exodus.net>
Approved by: re
NAI.
Add cautionary notes on the experimental status of the MAC Framework
in FreeBSD 5.0.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Replace ARC4 with SHA2-512.
Change lock-structure encoding to use random ordering rather for obscurity.
Encrypt lock-structure with AES/256 instead of AES/128.
Change kkey derivation to be MD5 hash based.
Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen.
Remove clause 3 of the license with NAI Labs consent.
Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David
Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and
suggestions.
This code has still not been stared at for 10 years by a gang of
hard-core cryptographers. Discretion advised.
NB: These changes result in the on-disk format changing: dump/restore needed.
Sponsored by: DARPA & NAI Labs.
largely submitted by bde. Return our exemption of the #ifdef lint
comments since the exemption is intended to handle a particularly
common current case without mandating change. Improve language and
spelling, and slightly clarify the notions associated specifically
with #elif.
Obtained from: bde
This is NOT YET CONVERTED TO -current.
This node is a source for preprogrammed packets at a known rate for testing.
I will convert it to -current "in place" but will MFC teh original
pre-conversion variant as that is what is originally submitted.
Man page my me, info from Dave's README.
Submitted by: Dave Chapeskie <dchapeskie@SANDVINE.com>
Obtained from: Sandvine inc.
MFC after: 1 week
Abuse .for so that the variable expansion works inside the N modifier.
This won't be a simple abuse with the next version of bsd.doc.mk
which will support multi-value PRINTERDEVICE.
Don't gratuitously pipe thru a cat(1) if NODOCCOMPRESS.
Only create _stamp.extra when necessary.
Get rid of SOELIMPP and OBJS.
Use Groff version of soelim(1); we need its -I option
for the following to work.
Don't needlessly chdir to SRCDIR. Only a few documents
need CD_HACK, and those that need it either use refer(1)
or .PSPIC macro which internally uses the .psbb call.
The closing comment is required only for long conditionally defined
code sections, with the exception of lint cases. Attempt to document
also the logic for using '!' before the SOMETIMESSOMETHGINGHERE.
The goal of these comments is to make complex cases more
comprehensible, not to require them in all cases. The rules here are
derived from behavior used in 90+% of the kernel source code.
Reviewed by and discussed with: jhb, bde, mike
linking.
* Fix disorder in the SEE ALSO sections of aio_*(2).
* Remove unnecessary cross-references from the SEE ALSO sections of
aio_*(2); config(8), kldload(8) and kldunload(8) are cross-referenced
from aio(4).
* Remove the KERNEL OPTIONS sections from aio_*(2), now that these
pages cross-reference aio(4), which contains suitable kernel linking
reference material.
associated with the TrustedBSD MAC Framework, as well as some credits
to developers and contributors.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
a server process bound to a wildcard UDP socket to select the IP
address from which outgoing packets are sent on a per-datagram
basis. When combined with IP_RECVDSTADDR, such a server process can
guarantee to reply to an incoming request using the same source IP
address as the destination IP address of the request, without having
to open one socket per server IP address.
Discussed on: -net
Approved by: re
which may surprise developers coming from Solaris, or other platforms
which have a similar interface, but slightly different rules.
Reviewed by: jhb, ru
to creating the tags file using ctags(1). Defaults to "gtags".
Made GTAGSFLAGS and HTAGSFLAGS overrideable, added CTAGSFLAGS.
Folded bsd.prog.mk version of `tags' into bsd.dep.mk.
PR: bin/42852
o describe additional argument in driver callbacks
o describe flow-control mechanism for processing crypto requests
o remove old cruft
o remove openbsd-specific cruft
o fixup some references
o yada yada ...
Fix the "@gprel relocation against dynamic symbol xxx" linker error.
Variables defined in the link unit and small enough to be put in the
short data section will have a gp-relative access sequence (using the
@gprel relocation). It is invalid to have @gprel relocations in shared
libraries, because they are to be resolved by the static linker and
not the dynamic linker. The -fpic option will cause @ltoff relocations
for @gprel relocations, but the side-effects are untested (if any).
Instead, disable/eliminate the short data section to achieve the same.
