Commit Graph

995 Commits

Author SHA1 Message Date
Bryan Drewery
d5cc057985 DIRDEPS_BUILD: Fix staging of share/sendmail and share/examples.
Sponsored by:	EMC / Isilon Storage Division
2016-03-11 23:45:09 +00:00
Andriy Voskoboinyk
b6a21c5c8e etc/defaults/rc.conf: fix a typo (wlanddebug -> wlandebug)
Approved by:	adrian (mentor)
Differential Revision:	https://reviews.freebsd.org/D5480
2016-02-28 23:57:26 +00:00
Mariusz Zaborski
c501d73c7e Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.

Discussed with:		pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by:	drysdale@google.com, bdrewery
Approved by:		pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4277
2016-02-25 18:23:40 +00:00
Marcelo Araujo
3bead71e95 - Add a global option where we can protect processes when swap space
is exhausted.

How to use:

Basically we need to add on rc.conf an another option like:

    If we want to protect only the main processes.
    syslogd_oomprotect="YES"

    If we want to protect all future children of the specified processes.
    syslogd_oomprotect="ALL"

PR:		204741 (based on)
Submitted by:	eugen@grosbein.net
Reviewed by:	jhb, allanjude, rpokala and bapt
MFC after:	4 weeks
Relnotes:	Yes
Sponsored by:	gandi.net
Differential Revision:	https://reviews.freebsd.org/D5176
2016-02-24 01:32:12 +00:00
Mark Felder
0ba5cf0e44 Add new rc.conf parameter "jail_reverse_stop"
When a user defines "jail_list" in rc.conf the jails are started in the
order defined. Currently the jails are not are stopped in reverse order
which may break dependencies between jails/services and prevent a clean
shutdown. The new parameter "jail_reverse_stop" will shutdown jails in
"jail_list" in reverse order when set to "YES".

Please note that this does not affect manual invocation of the jail rc
script. If a user runs the command

  # service jail stop jail1 jail2 jail3

the jails will be stopped in exactly the order specified regardless of
jail_reverse_stop being defined in rc.conf.

PR:		196152
Approved by:	jamie
MFC after:	1 week
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D5233
2016-02-10 16:13:59 +00:00
Devin Teske
d62a61608f Fix typo in a comment; s/redined/redefined/
Thanks to:	rpokala
2016-02-06 02:35:52 +00:00
Devin Teske
1ba4612e13 Add comment to explain functionality of code
Thanks to:	rpokala
2016-02-06 02:32:13 +00:00
Devin Teske
a8cb567afb Allow rc_conf_files to be redefined in rc.conf(5)
With this change, it's possible to redefine rc_conf_files (e.g.,
sysrc rc_conf_files+=/etc/rc.conf.other) and have the boot process
pick up settings in extra files. The sysrc(8) tool can be used to
query/enumerate/find/manage extra files configured in this manner.

Relnotes:	yes
2016-02-06 02:16:48 +00:00
Cy Schubert
f9ddb2af5f Allow specification of fetch options for ntp leap-seconds fetch.
MFC after:	1 week
X-MFC with:	r289421, r293037, r294773
2016-01-27 02:25:25 +00:00
Cy Schubert
b5bdbd0461 Add support for automatic leap-second file updates.
The working copy of leapfile resides in /var/dbntpd.leap-seconds.list.
/etc/ntp/leap-seconds (periodically updated from ftp://time.nist.gov/pub/
or ftp://tycho.usno.navy.mil/pub/ntp/) contains the master copy should
automatic leapfile updates be disabled (default).

Automatic leapfile updates are fetched from $ntp_leapfile_sources,
defaulting to https://www.ietf.org/timezones/data/leap-seconds.list,
within $ntp_leapfile_expiry_days (default 30 days) from leap-seconds
file expiry. Automatic updates can be enabled by setting
$daily_ntpd_leapfile_enable="YES" in periodic.conf. To avoid congesting
the ntp leapfile source the automatic update randomized by default but
can be disabled through daily_ntpd_avoid_congestion="NO" in
periodic.conf.

Suggested by:	des
Reviewed by:	des, roberto, dwmalone, ian, cperciva, glebius, gjb
MFC after:	1 week
X-MFC with:	r289421, r293037
2016-01-26 07:06:44 +00:00
Warner Losh
4153c21113 Add ldconfig -soft to process the soft float abi libraries and put it
into startup scripts for armv6. It acts much like ldconfig -32 does.
2016-01-18 21:40:18 +00:00
Ian Lepore
630c9dba7a Enhance rc.d/netwait script to wait for late-attaching interfaces such as
USB NICs.

USB network hardware may not be enumerated and available when the rc.d
networking scripts run. Eventually the USB attachment completes and devd
events cause the network initialization to happen, but by then other rc.d
scripts have already failed, because services which depend on NETWORKING
(such as mountcritremote) may end up running before the network is actually
ready.

There is an existing netwait script, but because it is dependent on
NETWORKING it runs too late to prevent failure of some other rc
scripts. This change flips the order so that NETWORKING depends on netwait,
and netwait now depends on devd and routing (the former is needed to make
interfaces appear, and the latter is needed to run the ping tests in
netwait).

The netwait script used to be oriented primarily towards "as soon as any
host is reachable the network is fully functional", so you gave it a list of
IPs to try and you could optionally name an interface and it would wait for
carrier on that interface. That functionality still works the same, but now
you can provide a list of interfaces to wait for and it waits until each one
of them is available. The ping logic still completes as soon as the first IP
on the list responds.

These changes were submitted by Brenden Molloy <brendan+freebsd@bbqsrc.net>
in PR 205186, and lightly modified by me to allow a list of interfaces
instead of just one.

PR:		205186
Differential Revision:	https://reviews.freebsd.org/D4608 (timeout w/o review)
2015-12-26 18:21:32 +00:00
Rick Macklem
b45c941c1c Add support for the new "-manage-gids" option for the nfsuserd daemon
to the rc scripts. With these changes, setting nfs_server_managegids="YES"
in /etc/rc.conf will enable this capability.

Suggested by:	jpaetzel
Tested by:	jpaetzel
Reviewed by:	rc (pending)
MFC after:	2 weeks
2015-11-30 22:29:11 +00:00
Jilles Tjoelker
f602321ba7 periodic: Fix backwards compatibility for daily_status_security_* vars.
Most daily_status_security_* variables in periodic.conf were changed to
security_status_* in SVN r254974. The compatibility code for the old names
did not work.

PR:		204331
Submitted by:	martin at lispworks.com
MFC after:	1 week
2015-11-07 22:06:49 +00:00
Enji Cooper
2a923f8f3c Rename etc/periodic/daily/430.status-rwho to periodic/daily/430.status-uptime
The command was checking local/remote system uptime, so rename the script to
match its function and to avoid confusion

The controlling variable in /etc/periodic.conf has been renamed from
daily_status_rwho_enable to daily_status_uptime_enable.

MFC after: 3 days
Reported by: Peter Jeremy <peter@rulingia.com>
Relnotes: yes
Sponsored by: EMC / Isilon Storage Division
2015-11-02 01:05:34 +00:00
Edward Tomasz Napierala
665aea9323 After r290196, the kernel won't wait for stuff like gmirror nodes
if they are not required for mounting rootfs.  However, it's possible
that some setups try to mount them in mountcritlocal (ie from fstab).

Export the list of current root mount holds using a new sysctl,
vfs.root_mount_hold, and make mountcritlocal retry if "mount -a" fails
and the list is not empty.

MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D3709
2015-10-30 15:52:10 +00:00
Edward Tomasz Napierala
ebce46b2c6 Make rctl_enable rc variable actually work. To avoid breaking existing
setups that worked before, flip the default to "YES".  Most people don't
have /etc/rctl.conf, so they won't be affected in any way.

MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2015-08-05 17:38:02 +00:00
Jeremie Le Hen
29513c141f Allow again periodic scripts to be run from command-line.
PR:		188109
Submitted by:	Jason Unovitch
MFC after:	1 week
2015-07-13 10:15:01 +00:00
Mark Murray
c4f9c760c9 Updated random(4) boot/shutdown scripting.
Fix the man pages as well.

Differential Revision: https://reviews.freebsd.org/D2924
Approved by: so (delphij)
2015-06-30 17:09:41 +00:00
Adrian Chadd
709c1a78cf Drop the default for performance_cx_lowest (ie, what to use when AC is connected) to ACPI C2.
ACPI C3 ends up doing a lot more work before entering sleep, some of which
requires grabbing a global ACPI hardware serialising mutex.

Because of this, the more CPU cores you have, the more that lock contends
under load, reaching close to the #1 lock contention (after VM, which is being
worked on.)

Tested:

* Sandy bridge Xeon, 2 socket * 8 core
* Ivy bridge Xeon v2, 2 socket * 8 core
* Westmere-EX, 4 socket * 10 core
* Ivybridge desktop
* Sandybridge mobile
* Ivybridge mobile

MFC after:	2 weeks
2015-04-27 19:18:51 +00:00
Edward Tomasz Napierala
4e25c86f4c Remove some oldnfs remnants.
Differential Revision:	https://reviews.freebsd.org/D2287
Reviewed by:	rmacklem@
Sponsored by:	The FreeBSD Foundation
2015-04-18 16:08:06 +00:00
John Baldwin
d2077b4e57 Allow additional flags to be passed to netstat -i in the daily status check.
In particular, this allows an administrator to specify "-h" for human
readable output if that is preferred.

The default setting passes "-d", so that can be excluded by using a custom
setting.

Differential Revision:	https://reviews.freebsd.org/D2034
Submitted by:	Lystopad Aleksandr <laa@laa.zp.ua>
		(patch to add option for -h)
Reviewed by:	bz
MFC after:	1 week
2015-03-27 00:37:41 +00:00
John Baldwin
8f73e77536 - Align comment for df flags variable in periodic.conf.
- Note default value of df flags variable in periodoc.conf(5).

MFC after:	1 week
2015-03-13 09:50:29 +00:00
Ryan Stone
6888132b53 Add an rc.d script to invoke iovctl(8) during boot
Differential Revision:		https://reviews.freebsd.org/D88
Reviewed by:			wblock, emaste, allanjude
MFC after:			1 month
Relnotes:			yes
Sponsored by:			Sandvine Inc.
2015-03-01 00:58:23 +00:00
Enji Cooper
917fd1c5d6 Honor MK_BLUETOOTH with etc/defaults/bluetooth.device.conf
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2015-01-26 09:31:48 +00:00
Glen Barber
f7e6516a1f Evaluate running userland/kernel version in daily
periodic(8) run, taken from uname(1) '-U' and '-K'
flags.

Reviewed by:		allanjude, dvl
Differential Revision:	https://reviews.freebsd.org/D1541
MFC after:		1 week
Sponsored by:		The FreeBSD Foundation
2015-01-15 19:52:19 +00:00
Enji Cooper
b76f9cb7bc Remove etc/rc.d/mrouted
mrouted has been available in ports for the last 8 years as net/mrouted . An
equivalent rc.d script has been present in the port.

Remove all corresponding variables from etc/defaults/rc.conf

Relnotes: yes
2014-11-30 06:03:59 +00:00
Edward Tomasz Napierala
c74915e08d Make it possible to specify flags for autofs daemons in rc.conf.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-11-24 13:02:39 +00:00
Hiroki Sato
c474372803 Remove examples of gif_interfaces and gifconfig. These have already been
marked as deprecated in rc.conf(5) manual page but these examples
were still here.

Spotted by:	jmg
2014-11-22 08:09:26 +00:00
Alexander V. Chernikov
603eaf792b Renove faith(4) and faithd(8) from base. It looks like industry
have chosen different (and more traditional) stateless/statuful
NAT64 as translation mechanism. Last non-trivial commits to both
faith(4) and faithd(8) happened more than 12 years ago, so I assume
it is time to drop RFC3142 in FreeBSD.

No objections from:	net@
2014-11-09 21:33:01 +00:00
Mark Murray
10cb24248a This is the much-discussed major upgrade to the random(4) device, known to you all as /dev/random.
This code has had an extensive rewrite and a good series of reviews, both by the author and other parties. This means a lot of code has been simplified. Pluggable structures for high-rate entropy generators are available, and it is most definitely not the case that /dev/random can be driven by only a hardware souce any more. This has been designed out of the device. Hardware sources are stirred into the CSPRNG (Yarrow, Fortuna) like any other entropy source. Pluggable modules may be written by third parties for additional sources.

The harvesting structures and consequently the locking have been simplified. Entropy harvesting is done in a more general way (the documentation for this will follow). There is some GREAT entropy to be had in the UMA allocator, but it is disabled for now as messing with that is likely to annoy many people.

The venerable (but effective) Yarrow algorithm, which is no longer supported by its authors now has an alternative, Fortuna. For now, Yarrow is retained as the default algorithm, but this may be changed using a kernel option. It is intended to make Fortuna the default algorithm for 11.0. Interested parties are encouraged to read ISBN 978-0-470-47424-2 "Cryptography Engineering" By Ferguson, Schneier and Kohno for Fortuna's gory details. Heck, read it anyway.

Many thanks to Arthur Mesh who did early grunt work, and who got caught in the crossfire rather more than he deserved to.

My thanks also to folks who helped me thresh this out on whiteboards and in the odd "Hallway track", or otherwise.

My Nomex pants are on. Let the feedback commence!

Reviewed by:	trasz,des(partial),imp(partial?),rwatson(partial?)
Approved by:	so(des)
2014-10-30 21:21:53 +00:00
Hiroki Sato
37c7d4443c Rename s/network/netif/ and set netif_enable for namespace consistency. 2014-10-11 20:28:04 +00:00
Mark Johnston
8302963dc2 Remove settings for pkg_* scripts which are no longer present.
MFC after:	1 week
2014-09-23 18:38:06 +00:00
Xin LI
76cd7220b5 Use a devd event to start hv_kvpd instead of doing so in rc.d script.
This is cleaner and eliminates the unneeded startup of KVP daemon on
systems that do not run as a Hyper-V guest.

Submitted by:	hrs
X-MFC-with:	271493, 271688, 271699
2014-09-17 02:32:22 +00:00
Sean Bruno
c13a313284 Add proper disable/enable hooks to the default scripts so that this is only
run when asked for by the user.  Right now, hv_kvpd is run on every boot.

Don't do that.

Add hv_kvpd_enable= for this script to be run.

MFC with 271493

MFC after:	2 weeks
Relnotes:	yes
2014-09-16 20:02:16 +00:00
Hiroki Sato
c2b6b3bea9 Fix a typo; master server for iprop service should be singular. 2014-09-16 05:45:38 +00:00
Hiroki Sato
15c7266a7f - Add $netif_ipexpand_max to specify the upper limit for the number of
addresses generated by an address range specification.  The default
  value is 2048.  This can be increased by setting $netif_ipexpand_max
  in rc.conf.

- Fix warning messages when an address range spec exceeds the upper limit.

PR:	186841
2014-09-11 12:30:29 +00:00
Dag-Erling Smørgrav
29be5943e8 Revert r271257 after several issues were pointed out. An updated patch
will be committed at a later date.
2014-09-08 12:26:52 +00:00
Dag-Erling Smørgrav
e1d9a028f6 Use the correct idiom for default values, and ensure that the script
works correctly if the user overrides them.

PR:		193255
Submitted by:	hrs@
MFC after:	3 days
2014-09-08 09:33:43 +00:00
Hiroki Sato
137ae2c4f0 Restructure rc.d scripts for kerberos5 daemons:
- Rename $kerberos5_server_enable with $kdc_enable and rename
  rc.d/kerberos with rc.d/kdc.

- Rename $kadmin5_server_enable with $kadmind_enable.

- Rename ${kerberos5,kpasswdd}_server with ${kdc,kpasswdd}_program.

- Fix rc.d/{kadmind,kerberos,kpasswdd,kfd} scripts not to change variables
  after load_rc_config().

- Add rc.d/ipropd_master and rc.d/ipropd_slave scripts.  These are
  for iprop-master(8) and iprop-slave(8).  Keytab used for iprop service is
  defined in ipropd_{master,slave}_keytab (/etc/krb5.keytab by default).

- Add dependency on rc.d/kdc to SERVERS.  rc.d/kdc must be invoked as early
  as possible before scripts divided by rc.d/SERVERS.

Note that changes to rc.d/{kdc,kpasswdd,kadmind} are backward-compatible
with the old configuration variables:
${kerberos5,kpasswdd,kadmin5}_server{,_enable,_flags}.
2014-08-29 07:51:47 +00:00
Hiroki Sato
5316d2b10f Fix rc.d/gssd script to define the default values in a standard way. 2014-08-29 06:23:00 +00:00
Stefan Eßer
651045d6de Add references to vt(4) and the configuration files in /usr7share/vt where
appropriate (i.e. where syscons was already mentioned and vt supports the
feature). Comments in defaults/rc.conf are updated to match the contents
of the modified man-page rc.conf(5).

Reviewed by:	pluknet, emaste
MFC after:	3 days
2014-08-26 08:13:30 +00:00
Dag-Erling Smørgrav
fe248ffb7f Setting rc_debug explicitly in /etc/defaults/rc.conf defeats its purpose.
MFC after:	3 days
2014-08-23 10:49:02 +00:00
Edward Tomasz Napierala
3914ddf8a7 Bring in the new automounter, similar to what's provided in most other
UNIX systems, eg. MacOS X and Solaris.  It uses Sun-compatible map format,
has proper kernel support, and LDAP integration.

There are still a few outstanding problems; they will be fixed shortly.

Reviewed by:	allanjude@, emaste@, kib@, wblock@ (earlier versions)
Phabric:	D523
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	The FreeBSD Foundation
2014-08-17 09:44:42 +00:00
Peter Wemm
6ffcf5d515 Like with /usr/lib + /usr/lib/compat, add the optional /usr/lib32/compat
to the ldconfig32 default path.  /usr/lib32 is the 32 bit versions of
*current* libraries, while old versions should be able to be in
/usr/lib32/compat, like with /usr/lib/compat.  The separation is meant to
keep the compile time default search paths cleaner.
2014-08-01 19:32:20 +00:00
Adrian Chadd
08595c4c81 Bump the default C-state to Cmax, rather than the kernel default
of C1.

This may not stay through 11.0-RELEASE, but at least having it
on by default in -HEAD will expose (more) issues with broken hardware.

Note: I have no plans or desire to MFC this to stable/10.
2014-05-06 23:28:37 +00:00
Xin LI
97a065c889 Fix devfs rules not applied by default for jails.
Security:	FreeBSD-SA-14:07.devfs
Security:	CVE-2014-3001
2014-04-30 04:02:32 +00:00
Gleb Smirnoff
2c284d9395 Remove IPX support.
IPX was a network transport protocol in Novell's NetWare network operating
system from late 80s and then 90s. The NetWare itself switched to TCP/IP
as default transport in 1998. Later, in this century the Novell Open
Enterprise Server became successor of Novell NetWare. The last release
that claimed to still support IPX was OES 2 in 2007. Routing equipment
vendors (e.g. Cisco) discontinued support for IPX in 2011.

Thus, IPX won't be supported in FreeBSD 11.0-RELEASE.
2014-03-14 02:58:48 +00:00
Bryan Drewery
87d236ddee Allow overriding rctl.conf(5) file location for /etc/rc.d/rctl
Reviewed by:	trasz
Approved by:	bapt (mentor)
MFC after:      1 week
2014-02-15 14:50:47 +00:00
Baptiste Daroussin
6c23872995 Remove pkg_* related info from periodic.conf
Reported by:	Robin Brocks <robin.brocks@brocks.de>
MFC after:	3 days
2014-01-22 14:22:44 +00:00