Commit Graph

149 Commits

Author SHA1 Message Date
jilles
788f1361df init: Remove unnecessary 2-second delay before calling reboot(2). 2012-05-25 19:45:01 +00:00
ed
a1c22adf5f Properly clear the O_NONBLOCK flag after opening the TTY.
Though we should open the TTY with O_NONBLOCK to prevent rc(8) execution
from potentially stalling, we must not forget to clear the flag later
on, to prevent read(2) calls from failing later on.

This prevented the shell pathname prompt from working properly.

Reported by:	kib
2012-04-06 13:06:01 +00:00
joel
4234591b03 mdoc: terminate quoted strings.
Reviewed by:	brueffer
2012-03-26 15:18:14 +00:00
ed
1204585265 Make init(8) slightly more robust when /dev/console is missing.
If the environment doesn't offer a working /dev/console, the existing
version of init(8) will simply refuse running rc(8) scripts. This means
you'll only have a system running init(8) and nothing else.

Change the code to do the following:

- Open /dev/console like we used to do, but make it more robust to use
  O_NONBLOCK to prevent blocking on a carrier.
- If this fails, use /dev/null as stdin and /var/log/init.log as stdout
  and stderr.
- If even this fails, use /dev/null as stdin, stdout and stderr.

So why us this useful? Well, if you remove the `getpid() == 1' check in
main(), you can now use init(8) inside jails to properly execute rc(8).
It still requires some polishing, as existing tools assume init(8) has
PID 1.

Also it is now possible to use use init(8) on `headless' devices that
don't even have a serial boot console.
2012-03-14 16:22:09 +00:00
ed
d85719f11c Fix whitespace.
MFC after:	1 week
2012-03-11 22:30:06 +00:00
kevlo
1381e63d6c Handle NULL return from crypt(3). Mostly from DragonFly 2012-02-22 06:27:20 +00:00
ed
959ca16023 Move utmpx handling out of init(8).
This has the following advantages:

- During boot, the BOOT_TIME record is now written right after the file
  systems become writable, but before users are allowed to log in. This
  means that they can't cause `hidden logins' by logging in right before
  init(8) kicks in.

- The pututxline(3) function may potentially block on file locking,
  though this is very rare to occur. By placing it in an rc script, the
  user can still kill it with ^C if needed.

- Most importantly: jails don't use init(8). This means that a force
  reboot of a system running jails will leave stale entries in the
  accounting database of the jails individually.
2012-02-11 20:47:16 +00:00
ed
5b02333e84 Add missing static keywords for global variables to tools in sbin/.
These tools declare global variables without using the static keyword,
even though their use is limited to a single C-file, or without placing
an extern declaration of them in the proper header file.
2011-11-04 13:36:02 +00:00
eadler
9d7884364e - change "is is" to "is" or "it is"
- change "the the" to "the"

Approved by:	lstewart
Approved by:	sahil (mentor)
MFC after:	3 days
2011-10-16 14:30:28 +00:00
jilles
fa1f8f7188 init(8): Document that login(1) is now responsible for recording logouts.
init(8) only uses utmpx for recording reboots and shutdowns.
2011-01-23 14:54:45 +00:00
jilles
681c5b70ec init: Only run /etc/rc.shutdown if /etc/rc was run.
It does not make sense to shut down daemons that were not started. In
particular, this fixes loss of mixer settings when shutting down using
shutdown(8), init(8) or ctrl+alt+del from single-user mode.

If /etc/rc reboots, /etc/rc.shutdown is not run.

Also fix segfaults and other erratic behaviour if init receives SIGHUP or
SIGTSTP while in single-user mode.

This commit does not attempt to fix any badness with signal handlers
(assumption that pointers can be read and written atomically, EINTR race
condition). I believe it does not make this badness any worse.

Silence on:	-arch@
2011-01-23 14:22:26 +00:00
ed
2c4f8b663c Remove stale inclusion of <ulog.h>.
This tool doesn't require libulog anymore.
2010-01-27 20:32:58 +00:00
ed
b28da9a61e Remove stale references to utmp(5) and its corresponding filenames.
I removed utmp and its manpage, but not other manpages referring to it.
2010-01-21 17:25:12 +00:00
ed
6998c5b40b Migrate init(8) towards utmpx.
According to a comment, we cannot safely remove utmpx entries here
anymore. This is because the libc routines may block on file locking. In
an ideal world login(1) should just remove the entries, which is why I'm
disabling this code for now. If it turns out we get lots of stale
entries here, we should figure out a way to deal with that.
2010-01-13 17:58:49 +00:00
ed
171b5b9553 Let init(8) and reboot(8) use utmpx to log wtmp entries.
logwtmp() gets called with the raw strings that are written to disk. For
regular user entries, this isn't too bad, but when booting/shutting
down, the contents get rather cryptic.

Just call the standardized pututxline().
2009-12-05 20:26:55 +00:00
ru
763b9ae1f8 Switch the default WARNS level for sbin/ to 6.
Submitted by:	Ulrich Spörlein
2009-10-19 16:00:24 +00:00
ed
b3631c54b6 Remove redundant code from runshutdown() now tcsetsid(3) works reliably.
We can now just call setctty() without any problems. This means the
shell running the shutdown script is now the session leader, just like
on startup.
2009-06-15 19:24:47 +00:00
ed
ced07ef3b3 Fix the staircase issue properly this time.
Even though I thought this bug was somewhere in the TTY layer, it turns
out init(8) doesn't make sure /dev/console is opened initially properly.
I've added revoke() to two pieces of code:

- death(): Apart from killing the gettys on shutdown, this doesn't
  guarantee the TTY to be closed immediately.
- runshutdown(): Just like setctty(), we should revoke /dev/console.
  Applications like syslogd may have file descriptors to the console.
2009-06-14 17:00:35 +00:00
delphij
d720932e59 Static-ify procedures in init(8). 2008-09-27 00:09:10 +00:00
obrien
1c51acbce1 Addition style(9) change. 2007-11-20 21:25:58 +00:00
obrien
e478b5580a style(9) 2007-11-20 19:50:45 +00:00
remko
8266cab35b I understood the MLINK part incorrectly, it should be the other way around
also remove the init mlink to securelevel.

Discussed with and sharing pointyhat with:	brueffer
2007-06-01 21:48:07 +00:00
imp
25c9a05e1c Patches to allow one to allow one to specify a directory to chroot to.
This includes support for running a script to setup that directory.
The kenv variables init_chroot and init_script control this behavior,
and are documented in loader(8) that's about to be committed (along
with the other variables like init_path...).

Submitted by: Oliver Fromme
Reviewed by: myself, jhb (earlier versions)
2007-02-04 06:33:13 +00:00
rse
28b93922d1 Fix typo: effected -> affected
Submitted by: Gordon Stratton <tsr2600 (at) gmail (dot) com>
2007-01-02 09:12:37 +00:00
kib
e1974d2362 Reparent the process that executes the window= command from the ttys
to the init. This prevents zombies from being accumulated.

PR:		bin/64198
Tested by:	Eugene Grosbein <eugen at www svzserv kemerovo su>
Approved by:	kan (mentor)
MFC after:	1 month
2006-06-08 14:04:36 +00:00
luigi
883415e84d use standard mode instead of 500 for /sbin/init.
As discussed on -current, there is no sensitive info in /sbin/init
to prevent reading it from non-privileged users, nor any reason to
remove the 'x' bit as the first thing the program does is check the
uid and exit if it is not run by root.

Instead (and this is why i make the change), mode 500 prevents
operation when exporting the partition without -maproot=0 to diskless
clients.

All previuos releases are affected by the same problem, so a merge
to RELENG_6 at least would be appropriate (after proper re@ approval
of course).
2006-02-28 08:02:28 +00:00
ru
4de1ee30af -mdoc sweep. 2005-11-18 10:36:29 +00:00
rse
56379f0e5b Fix system shutdown timeout handling by again supporting longer running
shutdown procedures (which have a duration of more than 120 seconds).

We have two user-space affecting shutdown timeouts: a "soft" one in
/etc/rc.shutdown and a "hard" one in init(8). The first one can be
configured via /etc/rc.conf variable "rcshutdown_timeout" and defaults
to 30 seconds. The second one was originally (in 1998) intended to be
configured via sysctl(8) variable "kern.shutdown_timeout" and defaults
to 120 seconds.

Unfortunately, the "kern.shutdown_timeout" was declared "unused" in 1999
(as it obviously is actually not used within the kernel itself) and
hence was intentionally but misleadingly removed in revision 1.107 from
init_main.c. Kernel sysctl(8) variables are certainly a wrong way to
control user-space processes in general, but in this particular case the
sysctl(8) variable should have remained as it supports init(8), which
isn't passed command line flags (which in turn could have been set via
/etc/rc.conf), etc.

As there is already a similar "kern.init_path" sysctl(8) variable which
directly affects init(8), resurrect the init(8) shutdown timeout under
sysctl(8) variable "kern.init_shutdown_timeout". But this time document
it as being intentionally unused within the kernel and used by init(8).
Also document it in the manpages init(8) and rc.conf(5).

Reviewed by: phk
MFC after: 2 weeks
2005-09-15 13:16:07 +00:00
garys
dcf881b1eb Moved descriptions of securelevels from init(7) to security(7).
Files used both "securelevel" and either "secure level" or
"security level"; all are now "security level".

PR:             docs/84266
Submitted by:   garys
Approved by:    keramida
MFC after:      3 days
2005-09-03 17:16:00 +00:00
ru
13fe9ea5a2 Sort sections. 2005-01-18 10:09:38 +00:00
delphij
9f0f84e349 Make WARNS=6 happy with our init(8):
- Use more ``const''s where suitable.
	- Define strk() as a static function in global scope.
	  This avoids the "nested extern declaration" warnings.
	- Use static initialization of strings, rather than
	  referring string constants through char *.
	- Bump WARNS from 0 to 6.
2005-01-11 14:34:29 +00:00
ru
c1a820195c NOSHARED -> NO_SHARED 2004-12-21 09:59:45 +00:00
ru
f0fbc30e0d Introduce the PRECIOUSPROG knob in bsd.prog.mk, similar
to PRECIOUSLIB from bsd.lib.mk.  The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.

Reviewed by:	oliver
2004-11-03 18:01:21 +00:00
imp
19102a399d Turns out that revision 1.52 was a bad idea. It broke the long
standing ability to list a non-existant device in /etc/ttys to keep it
from dying.  This is a documented feature of init(8):
     The init utility can also be used to keep arbitrary daemons running,
     automatically restarting them if they die.  In this case, the first field
     in the ttys(5) file must not reference the path to a configured device
     node and will be passed to the daemon as the final argument on its com-
     mand line.  This is similar to the facility offered in the AT&T System V
     UNIX /etc/inittab.

So rather than fix the man page to 'break' this feature, back out the change.

At the time this change was made, people felt that the spamage from
getty was annoying on headless consoles.  Andrew Gallatin noted:
> Most of my machines are headless without video cards and use a serial
> console.  With devfs this means that /dev/ttyv[1-N] do not exist and
> getty bitches like this:
>
> Sep 26 11:00:11 monet getty[543]: open /dev/ttyv1: No such file or directory

and we went off and applied this hack rather than fixing getty to
sleep forever when it gets an unknown device, as was Andrew's other
suggestion.  Since it breaks things, I'm off to do that instead.
2004-09-28 04:22:55 +00:00
keramida
374897f0eb Add references to pf(4) and pfctl(8) at the description of
securelevel = 3.

PR:		docs/69417
Submitted by:	Janos Mohacsi (mohacsi(at)niif(dot)hu)
2004-07-22 10:38:13 +00:00
ru
46fddaa54b Mechanically kill hard sentence breaks. 2004-07-02 21:45:06 +00:00
ru
f6aa4621fd Assorted markup, grammar, and spelling fixes. 2004-05-17 08:35:43 +00:00
markm
90f91e7879 Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp
2004-04-09 19:58:40 +00:00
bde
1b963c9bef Fixed misspellings of 0 as NULL. 2004-03-11 10:01:12 +00:00
johan
31854a224a style.Makefile(5):
Use WARNS?= instead of WARNS=.
2004-02-23 20:25:27 +00:00
mux
14d69ee306 Mention that securelevel 1 also blocks access to /dev/io if it
exists (not all platforms have it).
2004-02-20 21:38:23 +00:00
imp
f1d2a9b826 Fix the case where one goes from zero to more than zero items enabled
in /etc/ttys.  Before this fix, once the count of active services
reaches 0, one could never restart any more without a reboot.

Steve Passe did the leg work on this patch.  After he found the fix,
we discovered that an identical fix had been made to NetBSD.

Approved by: re@ <scottl>
Approval tool: peril sensitive sunglasses
2003-12-05 04:28:03 +00:00
gordon
2f101d59e8 Make init statically linked by default. It's not worth the pain of having
a dynamically linked init as recently seen by ia64 woes.

Approved by:	re (jhb)
2003-11-19 19:57:20 +00:00
kensmith
af4ffb5550 - Add some information about how init, securelevel, and jails
interact with each other.
	- Minor markup fix (.Dq -> .Va for a variable)

Reviewed by:	rwatson
Approved by:	blackend (mentor)
2003-11-11 18:37:50 +00:00
charnier
7aed4eadc7 Add section number to .Xr 2003-06-08 12:51:28 +00:00
keramida
936ff7b73e There are 5 securelevels, not 4.
PR:		docs/50049
Submitted by:	Colin Percival <cperciva@sfu.ca>
2003-03-26 01:30:34 +00:00
ru
8b5b8ec6a7 mdoc(7) police: markup laundry. 2003-02-23 01:47:49 +00:00
green
25073c9645 Back out the previous commit, since there could be dire consequences if
/etc/rc were accidentally executed (as requested by other committeers).
2002-12-17 21:23:36 +00:00
green
29351ad491 /home/green/tmp/cvsSFosXg 2002-12-17 20:39:38 +00:00
jhb
762d97ed23 Give up on a tty if opening it's special file returns ENOENT like we do for
ENXIO.

Glanced at by:	imp, gallatin
2002-09-27 16:02:28 +00:00