Add an rc.d script to start the pfsync interface after all
the conventional network interfaces have been started so that
pfsync can be attached to any of the latter.
Record the dependency of rc.d/pf on the newly added rc.d/pfsync.
Also make rc.d/pf start as early as before rc.d/routing to improve
system security.
Document rc.d/pfsync on pfsync(4) and rc.conf(5).
Approved by: re (scottl), mlaier
Don't print anything if we can't do any localpkg shutdown (start already
does this).
Submitted by: Andre Albsmeier <Andre dot Albsmeier at siemens dot com>
PR: conf/86606
Approved by: re (kensmith)
Add a new rc.conf entry, kerberos5_server_flags, which allows the
administrator to specify additional start-up flags to the Kerberos
5 Authentication Server.
Approved by: re (scottl)
In mountd_precmd(), use rc_args, not mountd_args to
override the value of mountd_args. This fixes the problem
where mountd_args was not properly being set if
weak_mountd_authentifcation="YES" was set in rc.conf.
PR: conf/86260
Submitted by: Thierry Herbelot <thierry at herbelot dot com>
Approved by: re (kensmith)
Use kenv -q to extract dumpdev rather than kenv, in order to avoid
spamming the console in the event that a loader tunable 'dumpdev'
isn't defined, which is not a relevant failure to report.
Approved by: re (kensmith)
etc/network.subr: 1.165-1.167
- kill removable_interfaces
- add NOAUTO keyword
- fix quoted entries in ifconfig_<ifn> variables
- always up the interface
- if ifconfig_<ifn> is defined, but empty, don't set it to
ifconfig_DEFAULT
- always configure lo0 first if it exists
etc/pccard_ether: 1.46
- kill removable_interfaces
- add NOAUTO keyword
etc/rc.d/netif: 1.15-1.17
- block Ctrl-C in dhclient
- minor cleanup of the interface list generation code
Approved by: re (scottl)
Requested by: many (death to removable_interfaces!)
Skip jails which are already running and inform why.
We're checking for /var/run/jail_<name>.id file and if it exists, we don't
start the jail. It should be also safe in case of reboot(8), because
rc.d/cleanvar script is going to remove /var/run/jail_* files.
It helps to avoid potential mess when the same jail is started twice,
because of an administrator mistake (been there, done that).
Approved by: re (kensmith)
- Don't complain when debouncing dhclient startup.
- Fix buffer handling in reveive_packet(). This fixes infinite cpu
eating loops and probably some crashes.
- Spell if_defaultroute route correctly in dhclient-script so we
are allowed to change the default route.
- Document dhclient -b.
- Treat reassociation like association.
- Do not force server-name to be a valid domain name.
- Handle servers that send NUL-terminated host-name options.
Approved by: re (scottl)
them. Just try to run the given command on them. We need to be able to
run stop functions on interfaces that have been deleted to stop
wpa_supplicant.
Approved by: re (interface startup blanket)
for kldstat to ever print "IP Filter" (the module is called "ipfilter"
and modules don't have anything like a description), so this function
would always return false. That would cause prestart to attempt to
load the module even if it's already loaded, which would fail and
prevent the rules from being loaded.
Approved by: re (dwhite)
way interfaces are configured. Some key points:
- At startup, all interfaces are configured through /etc/rc.d/netif.
- ifconfig_<if> variables my now mix real ifconfig commands the with
DHCP and WPA directives. For example, this allows media
configuration prior to running dhclient.
- /etc/rc.d/dhclient is not run at startup except by netif to start
dhclient on specific interfaces.
- /etc/pccard_ether calls "/etc/rc.d/netif start <if>" to do most of
it's work.
- /etc/pccard_ether no longer takes additional arguments to pass to
ifconfig. Instead, ifconfig_<if> variables are now honored in favor
of pccard_ifconfig when available.
- /etc/pccard_ether will only run on interfaces specified in
removable_interfaces, even if pccard_ifconfig is set.
because new devfs entries can show up later and one can access such entires
from inside named chroot.
In rc.d scripts we can use devfs_domount() function with devfsrules_hide_all
policy and unhide 'null' and 'random' manually.
to see if a prior devfs has been mounted. If no devfs is mounted on
${jail_devdir}/dev then proceed. This will prevent the stack up of
multiple devfs mounts on the same mount point.
Discussed with: pjd
MFC after: 1 week
to run initdiskless before we run rcorder on /etc/rc.d. To allow this,
move /etc/rc.d/initdiskless to /etc/rc.initdiskless and run it directly
from /etc/rc.
Remove /etc/rc.d/preseedrandom as it is no longer necessicary (we start
with entropy unblocked) and was only used by initdiskless when it
was needed.
Discussed on: freebsd-rc
Repocopy by: peter
Without this flag, if the symlink existed already a new symlink would
be created in the source directory. While harmless if the two symlinks
were the same, it nonetheless caused pointless confusion.
The pathological case is that when there is an existing /etc/namedb
symlink, but named_chrootdir in rc.conf pointed to a different
directory, it was the symlink in /var/named that was getting
updated, not the one in /etc. This led to some difficult to diagnose
problems for users.
sockets placed into prisons from the host environment get clobbered
by the prison's instance of cleanvar. (assuming /etc/rc is run in
the prison).
Discussed with: pjd, green, cperciva
MFC after: 1 week
save file was /var/db/entropy, which also happens to
be the directory where the individual entropy files
created by /usr/libexec/save-entropy are stored.
Change the suggestion to be /var/db/entropy-file
instead.
In an error condition where the shutdown file is not
created, the error message accessed a variable that
doesn't exist.
PR: conf/75722
Submitted by: Nicolas Rachinsky <list@rachinsky.de>
default for now. Default flags create missing directories.
Remove comment about doing this in etc/rc.d/var.
Unlike in the PR, I chose to do this in the lpd script where we reliably
have /usr available.
PR: conf/71488
Submitted by: RZ-FreeBSD0904 at fh-karlsruhe dot de
to hit this case when /usr is remote and thus hasn't been mounted (since
you're supposed to have /var before mounting remote file systems).
Normal machines that don't have a /var for some reason will have /usr
already available because it's local.
- Enable it by default, running newsyslog with -CN which creates files
that have the C flag specified in /etc/newsyslog.conf.
- Remove the "newsyslog -CC" call from etc/rc.d/var and the check for
newsyslog.
- Add the C flag to entries in /etc/newsyslog.conf that are currently
installed as part of the base system.
There are two effects from this change:
- Users who delete default syslog files to stop logging to them
will need to set newsyslog_enable=NO in rc.conf or remove the C
flag from those file in /etc/newsyslog.conf or they will come back
on the next boot.
- Diskless systems now create the same set of files that ordinary
systems have by default instead of every file in newsyslog.conf.
to create /var/log/lastlog.
- Also create /var/log/wtmp if missing.
- Attempt to create these files unless populate_var is NO rather then
only when /var is empty or populate_var=YES.