Commit Graph

618 Commits

Author SHA1 Message Date
yar
0f5aca2db3 MFC:
Add an rc.d script to start the pfsync interface after all
the conventional network interfaces have been started so that
pfsync can be attached to any of the latter.

Record the dependency of rc.d/pf on the newly added rc.d/pfsync.
Also make rc.d/pf start as early as before rc.d/routing to improve
system security.

Document rc.d/pfsync on pfsync(4) and rc.conf(5).

Approved by:	re (scottl), mlaier
2005-10-08 03:32:54 +00:00
brooks
7bbedbf320 MFC rev 1.6:
Don't print anything if we can't do any localpkg shutdown (start already
does this).

Submitted by:	Andre Albsmeier <Andre dot Albsmeier at siemens dot com>
PR:		conf/86606
Approved by:	re (kensmith)
2005-10-07 17:20:35 +00:00
cvs2svn
abab8b0378 This commit was manufactured by cvs2svn to create branch 'RELENG_6'. 2005-10-05 05:21:08 +00:00
rwatson
f35d1a423f Merge rc.conf:1.260, kerberos:1.5, rc.conf.5:1.265 from HEAD to RELENG_6:
Add a new rc.conf entry, kerberos5_server_flags, which allows the
  administrator to specify additional start-up flags to the Kerberos
  5 Authentication Server.

Approved by:	re (scottl)
2005-09-25 18:45:56 +00:00
rodrigc
63a5da33bb MFC: 1.16:
In mountd_precmd(), use rc_args, not mountd_args to
  override the value of mountd_args.  This fixes the problem
  where mountd_args was not properly being set if
  weak_mountd_authentifcation="YES" was set in rc.conf.

PR:             conf/86260
Submitted by:   Thierry Herbelot <thierry at herbelot dot com>
Approved by:	re (kensmith)
2005-09-21 20:27:50 +00:00
rwatson
f142f17b2d Merge dumpon:1.10 from HEAD to RELENG_6:
Use kenv -q to extract dumpdev rather than kenv, in order to avoid
  spamming the console in the event that a loader tunable 'dumpdev'
  isn't defined, which is not a relevant failure to report.

Approved by:	re (kensmith)
2005-09-20 13:28:01 +00:00
brooks
82ed9e72d5 Sync network interface startup code with HEAD.
etc/network.subr: 1.165-1.167
 - kill removable_interfaces
 - add NOAUTO keyword
 - fix quoted entries in ifconfig_<ifn> variables
 - always up the interface
 - if ifconfig_<ifn> is defined, but empty, don't set it to
   ifconfig_DEFAULT
 - always configure lo0 first if it exists
etc/pccard_ether: 1.46
 - kill removable_interfaces
 - add NOAUTO keyword
etc/rc.d/netif: 1.15-1.17
 - block Ctrl-C in dhclient
 - minor cleanup of the interface list generation code

Approved by:	re (scottl)
Requested by:	many (death to removable_interfaces!)
2005-09-10 17:05:04 +00:00
gshapiro
6cfeae252f MFC: Be sure to execute sendmail_precmd() to check sendmail.cf conflicts and
rebuild the aliases file if necessary.

     Revision  Changes    Path
     1.15      +1 -0      src/etc/rc.d/sendmail

Approved by:	re (scottl)
2005-09-02 03:53:10 +00:00
pjd
df87555c46 MFC: etc/rc.d/Makefile 1.54,1.55
- Disconnect gbde_swap from the build.
- Connect encswap, geli and geli2 to the build.

Approved by:	re (kensmith)
2005-08-16 09:23:45 +00:00
pjd
e2d3543699 MFC: Remove gbde_swap script and introduce encswap script, which knows how to
encrypt swap partitions using both: gbde and geli.

Approved by:	re (kensmith)
2005-08-16 09:04:55 +00:00
pjd
0bd357e9d3 MFC: etc/rc.d/jail 1.25
Skip jails which are already running and inform why.
We're checking for /var/run/jail_<name>.id file and if it exists, we don't
start the jail. It should be also safe in case of reboot(8), because
rc.d/cleanvar script is going to remove /var/run/jail_* files.

It helps to avoid potential mess when the same jail is started twice,
because of an administrator mistake (been there, done that).

Approved by:	re (kensmith)
2005-08-16 08:43:06 +00:00
pjd
773b4d816d MFC: rc.d/cleanvar 1.10
Skip 'logpriv' socket when cleaning /var/.

Approved by:	re (kensmith)
2005-08-16 08:41:30 +00:00
pjd
d2afcc9cb9 MFC: rc.d/gbde 1.13
rc.subr		1.35

Move 'local_tr' function to rc.subr and change its name to 'ltr'.

Approved by:	re (kensmith)
2005-08-16 08:39:36 +00:00
cvs2svn
aa9ad453cc This commit was manufactured by cvs2svn to create branch 'RELENG_6'. 2005-08-15 17:07:38 +00:00
pjd
a996384698 MFC: rc.d/jail 1.24
Allow to give more than one jail's name, eg.:

	# /etc/rc.d/jail start www mail

Approved by:	re (kensmith)
2005-08-10 14:30:05 +00:00
brooks
7b1f88bc8a Sync dhclient with HEAD:
- Don't complain when debouncing dhclient startup.
 - Fix buffer handling in reveive_packet().  This fixes infinite cpu
   eating loops and probably some crashes.
 - Spell if_defaultroute route correctly in dhclient-script so we
   are allowed to change the default route.
 - Document dhclient -b.
 - Treat reassociation like association.
 - Do not force server-name to be a valid domain name.
 - Handle servers that send NUL-terminated host-name options.

Approved by:	re (scottl)
2005-07-29 23:36:28 +00:00
cvs2svn
dd2adf2c10 This commit was manufactured by cvs2svn to create branch 'RELENG_6'. 2005-07-11 04:14:43 +00:00
jkim
08e6ec1ce1 `net.inet.ipf.fr_running' can be a negative value, which was introduced by
recent ipfilter import.

Approved by:	re (scottl), anholt (mentor)
2005-07-07 05:59:44 +00:00
brooks
680c0ca6d1 Remove REQUIRE and BEFORE lines since this script is not run by rcorder
at startup.  Instead it is called by other scripts.

Approved by:	re (network interface startup blanket)
2005-06-30 17:50:34 +00:00
brooks
17407ba288 Add support for starting wpa_supplicant by adding the WPA keyword to an
interface's ifconfig_<ifn> entry in /etc/rc.conf.

Approved by:	re (network interface startup blanket)
2005-06-30 04:52:47 +00:00
brooks
da81e8c0fc When interfaces are given on the command line, don't attempt to filter
them.  Just try to run the given command on them.  We need to be able to
run stop functions on interfaces that have been deleted to stop
wpa_supplicant.

Approved by:	re (interface startup blanket)
2005-06-30 04:46:21 +00:00
pjd
573c1a1020 Introduce new per-jail variable jail_<name>_flags, which allows to specify
jail(8) flags (before the change we had hardcoded "-l -U root").

Submitted by:	Frank Behrens <frank@pinky.sax.de>
PR:		conf/80244
Approved by:	re (scottl)
MFC after:	1 week
2005-06-26 16:30:20 +00:00
dd
570bbf677f Unbreak the ipfilter_loaded function. There doesn't seem to be a way
for kldstat to ever print "IP Filter" (the module is called "ipfilter"
and modules don't have anything like a description), so this function
would always return false. That would cause prestart to attempt to
load the module even if it's already loaded, which would fail and
prevent the rules from being loaded.

Approved by:	re (dwhite)
2005-06-21 09:39:09 +00:00
des
f7c1b7b972 Honor the "dumpdev" kenv variable if it is set and the "dumpdev" rc
variable is set to "AUTO".

MFC after:	2 weeks
2005-06-07 15:20:10 +00:00
brooks
5a3d620fb1 Support code for the OpenBSD dhclient. This significantly changes the
way interfaces are configured.  Some key points:

  - At startup, all interfaces are configured through /etc/rc.d/netif.
  - ifconfig_<if> variables my now mix real ifconfig commands the with
    DHCP and WPA directives.  For example, this allows media
    configuration prior to running dhclient.
  - /etc/rc.d/dhclient is not run at startup except by netif to start
    dhclient on specific interfaces.
  - /etc/pccard_ether calls "/etc/rc.d/netif start <if>" to do most of
    it's work.
  - /etc/pccard_ether no longer takes additional arguments to pass to
    ifconfig.  Instead, ifconfig_<if> variables are now honored in favor
    of pccard_ifconfig when available.
  - /etc/pccard_ether will only run on interfaces specified in
    removable_interfaces, even if pccard_ifconfig is set.
2005-06-07 04:49:12 +00:00
obrien
3747899cae Remove RCng files that were brought in from NetBSD, but we ended up not
using them (or did and no longer do).
2005-06-06 02:51:26 +00:00
pjd
56ad93da86 We need to use 'applyset' command for devfs, 'apply hide' is not enough,
because new devfs entries can show up later and one can access such entires
from inside named chroot.
In rc.d scripts we can use devfs_domount() function with devfsrules_hide_all
policy and unhide 'null' and 'random' manually.
2005-05-23 12:25:33 +00:00
csjp
86d0205844 Do not unconditionally mount devfs to ${jail_devdir}/dev. First check
to see if a prior devfs has been mounted. If no devfs is mounted on
${jail_devdir}/dev then proceed. This will prevent the stack up of
multiple devfs mounts on the same mount point.

Discussed with:	pjd
MFC after:	1 week
2005-04-30 00:16:00 +00:00
brooks
02891f1c55 To allow /etc to be as minimal as possible in a diskless setup, we need
to run initdiskless before we run rcorder on /etc/rc.d.  To allow this,
move /etc/rc.d/initdiskless to /etc/rc.initdiskless and run it directly
from /etc/rc.

Remove /etc/rc.d/preseedrandom as it is no longer necessicary (we start
with entropy unblocked) and was only used by initdiskless when it
was needed.

Discussed on:	freebsd-rc
Repocopy by:	peter
2005-04-29 23:02:56 +00:00
dougb
37f3e68064 Add -h to the ln command to make the -f flag actually do something.
Without this flag, if the symlink existed already a new symlink would
be created in the source directory. While harmless if the two symlinks
were the same, it nonetheless caused pointless confusion.

The pathological case is that when there is an existing /etc/namedb
symlink, but named_chrootdir in rc.conf pointed to a different
directory, it was the symlink in /var/named that was getting
updated, not the one in /etc. This led to some difficult to diagnose
problems for users.
2005-04-24 01:51:22 +00:00
glebius
07ad0b76bc Add startup script and default configuration file for bsnmpd.
Reviewed by:	harti
2005-04-17 10:47:58 +00:00
csjp
b2d40e185a Do not remove logging sockets. This fixes an issue where logging
sockets placed into prisons from the host environment get clobbered
by the prison's instance of cleanvar. (assuming /etc/rc is run in
the prison).

Discussed with:	pjd, green, cperciva
MFC after:	1 week
2005-04-14 03:56:06 +00:00
dougb
7558fa129d The alternative suggested for /entropy as a shutdown
save file was /var/db/entropy, which also happens to
be the directory where the individual entropy files
created by /usr/libexec/save-entropy are stored.
Change the suggestion to be /var/db/entropy-file
instead.

In an error condition where the shutdown file is not
created, the error message accessed a variable that
doesn't exist.

PR:		conf/75722
Submitted by:	Nicolas Rachinsky <list@rachinsky.de>
2005-04-11 02:45:05 +00:00
obrien
bdc63e8f10 'dumpon' can run before 'initrandom' so make it.
This gives a better chance of debugging /dev/random related panics.
2005-04-05 18:59:24 +00:00
seanc
c8a26af59b When reloading rules via rc.d/pf, flush everything but existing state
entries that way when rules are read in, it doesn't break established
connections.

Approved by:	mlaier
Reviewed by:	rc
MFC after:	3 weeks
2005-04-04 23:06:10 +00:00
trhodes
52ff34dd11 Add a ugidfw_load() function and fix up some of the scripting in this file.
This will allow better integration with the ports system.

Submitted by:	clement
2005-04-02 00:01:03 +00:00
njl
b39d6b16b2 Remove the 'usbd' keyword (it isn't necessary for mixer). Also, use
BEFORE instead of REQUIRE.

Probably ok by:	jhb
MFC after:	3 days
2005-03-17 22:36:16 +00:00
ru
e4eb567539 Start natd(8) before loading firewall rules, to give the
ipdivert.ko module a chance to load.
2005-03-16 08:47:48 +00:00
dougb
650ccf9997 Unhook the recently departed lomac file from the build.
Forgotten by:	trhodes (the real one)
2005-03-13 08:07:11 +00:00
trhodes
fa95e1004c Remove mac_lomac(4) functionality. The proper way is to use loader.conf
or build the policy into a kernel.

Approved by:	rwatson
2005-03-12 21:09:15 +00:00
brooks
0c521317a0 It is sufficent to require rcconf rather than initdiskless. 2005-03-02 19:03:08 +00:00
brooks
924c3f6df2 Remove stray else.
Reported by:	Tai-hwa Liang <avatar at mmlab dot cse dot yzu dot edu dot tw>
Point hat:	brooks
2005-03-02 16:41:35 +00:00
brooks
5960c03b45 Allow chkprintcap(8) to be run before lpd is started. Disabled by
default for now.  Default flags create missing directories.

Remove comment about doing this in etc/rc.d/var.

Unlike in the PR, I chose to do this in the lpd script where we reliably
have /usr available.

PR:		conf/71488
Submitted by:	RZ-FreeBSD0904 at fh-karlsruhe dot de
2005-03-02 02:46:47 +00:00
brooks
e0e77927b6 If we don't have /usr/sbin/mtree, try to mount /usr. We're only likely
to hit this case when /usr is remote and thus hasn't been mounted (since
you're supposed to have /var before mounting remote file systems).
Normal machines that don't have a /var for some reason will have /usr
already available because it's local.
2005-03-02 00:58:05 +00:00
brooks
14774e80ee - Update etc/rc.d/newsyslog to FreeBSD standards and install it.
- Enable it by default, running newsyslog with -CN which creates files
   that have the C flag specified in /etc/newsyslog.conf.
 - Remove the "newsyslog -CC" call from etc/rc.d/var and the check for
   newsyslog.
 - Add the C flag to entries in /etc/newsyslog.conf that are currently
   installed as part of the base system.

There are two effects from this change:
 - Users who delete default syslog files to stop logging to them
   will need to set newsyslog_enable=NO in rc.conf or remove the C
   flag from those file in /etc/newsyslog.conf or they will come back
   on the next boot.
 - Diskless systems now create the same set of files that ordinary
   systems have by default instead of every file in newsyslog.conf.
2005-03-02 00:40:55 +00:00
brooks
ae565b7e33 - Remove the dependency of /usr/bin/touch by using "cp /dev/null <target>"
to create /var/log/lastlog.
- Also create /var/log/wtmp if missing.
- Attempt to create these files unless populate_var is NO rather then
  only when /var is empty or populate_var=YES.
2005-03-01 22:08:15 +00:00
njl
6583ba4496 command_args is redundant.
Submitted by:	Pawel Worach
2005-02-27 07:11:47 +00:00
njl
a4011c08cb Add rc.conf options for powerd (disabled by default) and hook the script
up to the build.
2005-02-26 21:19:35 +00:00
njl
e9018b74a4 Add an rc script for powerd(8). 2005-02-26 21:18:54 +00:00
njl
bedad858af Add the ability to specify "NONE" if the user wants no change for the
given power profile.

MFC after:	1 day
2005-02-26 20:17:07 +00:00