o Move nfs_reserved_port_only out of security profiles (where it was
set somewhat improperly) to the Security options menu directly.
Previously, the variable was set to true for Moderate, but not for
Extreme, which is at best inconsistent.
o Update the Security Profiles help file to remove reference to the
NFS reserved port.
o Note that the kernel currently defaults the sysctl to '0', but
sysinstall has changed it to '1' as a default as of late; however,
rc.conf sets the value to NO as the default. This change brings
them relatively into sync.
Sponsored by: DARPA, NAI Labs
and pull configSecurityProfile under that menu. Add a menu option
to determine whether LOMAC is enabled at boot. Probably, eventually,
many of the 'Security Profile' menu choices should be pulled out
independently into the Security Menu, so as to make them individually
selectable.
Sponsored by: DARPA, NAI Labs
The user can still toggle it back off in the label editor (or post-install
for that matter) if they explicitly do not want soft updates to be used
for some reason.
Agreed to be a good thing by: kirk
"skimming thru" the printcap file looking for some common mistakes that
people make. These are the kinds of mistakes where the printcap file
probably looks correct to human eyes, but is wrong in some subtle way
which causes a problem in some queue definitions. The program treats
these as "warnings" not "errors".
Note that I'm flexible on the m.f.c. schedule, if people would rather
this waited until after 4.5-release.
Reviewed by: no screams from freebsd-audit freebsd-print@bostonradio.org
MFC after: 4 days
. The main device node now supports automatic density selection for
commonly used media densities. So you can stuff your 1.44 MB and
720 KB media into your drive and just access /dev/fd0, no questions
asked. It's all that easy, isn't it? :)
. Device density handling has been completely overhauled. The old way
of hardwired kernel density knowledge is no longer there. Instead,
the kernel now implements 16 subdevices per drive. The first
subdevice uses automatic density selection, while the remaining 15
devices are freely programmable. They can be assigned an arbitrary
name of the form /dev/fd[:digit]+.[:digit:]{1,4}, where the second
number is meant to either implement device names that are mnemonic
for their raw capacity (as it used to be), or they can alternatively
be created as "anonymous" devices like fd0.1 through fd0.15,
depending on the taste of the administrator. After creating a
subdevice, it is initialized to the maximal native density of the
respective drive type, so it needs to be customized for other
densities by using fdcontrol(8). Pseudo-partition devices (fd0a
through fd0h) are still supported as symlinks.
. The old hack to use flags 0x1 to always assume drive 0 were there is
no longer supported; this is now supposed to be done by wiring the
devices down from the loader via device flags. On IA32
architectures, the first two drives are looked up in the CMOS
configuration records though. On PCMCIA (i. e., the Y-E Data
controller of the Toshiba Libretto), a single drive is always
assumed.
. Other specialities like disabling the FIFO and not probing the drive
at boot-time are selected by per-controller or per-drive flags, too.
. Unit attentions (media has been changed) are supposed to be detected
now; density autoselection only occurs after a unit attention. (Can
be turned off by a per-drive flag, this will cause each Fdopen() to
perform the autoselection.)
. FM floppies can be handled now (on controllers that actually support
it -- not all do these days).
. Fdopen() can be told to avoid density selection by setting
O_NONBLOCK; this leaves the descriptor in a half-opened state where
only a few ioctls are accepted. This is necessary to run fdformat
on a device that uses automatic density selection (since you cannot
autoselect on an unformatted medium, obviously).
. Just differentiate between a plain old NE765 and the enhanced chips,
but don't try more; the existing code was wrong and only misdetected
the chips anyway.
BUGS and TODOs:
. All documentation update still needs to be done.
. Formatting not-so-standard format yields unpredictable results; i
have yet to figure out why this happens. "Standard" formats like
720 and 1440 KB do work, however.
. rc scripts are needed to setup device nodes with nonstandard
densities (like the old /dev/fdN.MMM we used to have).
. Obtaining device flags from the kernel environment doesn't work yet,
thus currently only drives that are present in (IA32) CMOS are
really detected. Someone who knows the odds and ends about device
flags is needed here, i can't figure out what i'm doing wrong.
. 2.88 MB still needs to be done.
(which somehow now seems to be the default for compiling -current).
This error popped up while doing a PicoBSD cross-compile on a 4.3-ish system,
it may well be that there are other apps which have similar problems,
but I did not spot them as they are not included in my picobsd config.
Whether adding prototypes for main() is the correct solution or not
I have no idea, a request to -current on the matter went basically
unanswered. Those who have better ideas are welcome to back this out
and replace it with the correct fix.
16384/2048.
Following recent discussions on the -arch mailing list, involving dillon
and mckusick, this change parallels the one made over a decade ago when
the default was bumped up from 4096/512.
This should provide significant performance improvements for most
folks, less significant performance losses for a few folks and
wasted space lost to large fragments for many folks.
For discussion, please see the following thread in the -arch archive:
Subject: Using a larger block size on large filesystems
The discussion ceases to be relevant when the issue of partitioning
schemes is raised.
have a USB mouse. Here's the deal on how this works: USB mouse have
moused run for them automatically by usbd so we don't need to setup moused
for them. We do need to setup moused for other mice though, so if the
user has a USB mouse, we don't need to do anything. Hence the wording
"Do you have a non-USB mouse installed?" for the question. The question
can be reworded as "Do you have a PS/2 or Serial mouse installed?" instead
if that is preferred.
(1) We don't need compat3x and compat4x as we build the bits on the proper
release now (vs. getting them from the XFree people).
(2) We handle the compat2x needs thru proper port dependancies now.
sysinstall will automatically expand the previous partition to take up
the freed up space. So you can 'D'elete /home and /usr will get the
combined space, or you can 'D'elete /tmp and /var will get the combined space.
This gives the user, developer, or lay person a huge amount of flexibility
in constructing partitions from an 'A'uto base. It takes only 3 or 4
keystrokes to achieve virtually any combination of having or not having
a /tmp and/or /home after doing an 'A'uto create.
Change 'A'uto creation of /var/tmp to 'A'uto creation /tmp, which should
be less controversial.
MFC after: 6 days
and SIGQUIT during shutdown", but rpc.umntall is also run at boot
time, so ignoring these signals is a really bad idea: it makes it
impossible to ^C the process as it waits for a server response. I
can't see any reason to block these signals during shutdown either.
MFC after: 3 days
defaults both in regards to the size of the partitions that are created
and in regards to safety and functional separation.
Still TODO: extend the previous partition to cover a deleted partition
if the previous partiton was auto-created, and supply some sort of
solution for /tmp.
Reviewed by: Just about everyone
Approved by: Nobody except maybe my pet mouse fred
Obtained from: God, so complain to HIM
MFC after: 1 week