- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.
In collaboration with: pho
Reviewed by: alc
Approved by: re (kensmith)
vt220 will not work better. Even though it probably will remove warnings
about unknown terminal types, a cons25 emulator is not compatible with
vt220 at all.
There is a minor typo in the cons25l7 (':' instead of '|') entry
in src/etc/termcap.small that causes syscons to complain about
bogus characters in /etc/termcap.db.
PR: conf/132777
Submitted by: Nikos Ntarmos <ntarmos@cs.uoi.gr>
MFC after: 1 week
This allows to append custom rules at the end of the file without
risk of confusion that can result when one misses default !ppp line
and doesn't add another program specification and thus subsequent
selector(s) would belong to ppp program block.
Requested by: marck
Submitted by: marck
Approved by: jhb (mentor)
- Remove redundant debugging of consolelog.
- Use `while :', instead of `while [ true ]'. This is done in other
places as well.
Submitted by: Jille Timmermans <jille quis cx> (not jilles)
Reviewed by: jilles
Catalan language is not only spoken in Spain (ca_ES), but also
in Andorra, France and Italy. In Andorra it is the official
language.
(see http://en.wikipedia.org/wiki/Catalan_language#Geographic_distribution)
Add a bunch of symlinks to between ca_ES and ca_AD, ca_FR and ca_IT.
PR: conf/92541
Submitted by: <rmh@io.debian.net>
MFC after: 1 week
This NTP configuration file points to the [012].pool.ntp.org servers,
which will return a list of geographical local NTP servers.
It uses the best-practice options of "iburst" and "maxpoll 9".
It gives examples on how to use the "restrict" commands, which are
unfortunately not working when you use the pool.ntp.org servers.
It sets up a fudge server so any clients syncing against this server
will always be synced even if we lose the master.
The idea of this file was briefly discussed on -net.
PR: conf/58595
Submitted by: Chris Stenton <jacs@gnome.co.uk>
MFC after: 1 week
/etc/rc.d. They use the following new rc variables:
nfsv4_server_enable - set to "YES" to run the experimental server
nfsuserd_enable - set to "YES" to run nfsuserd for NFSv4 client and
server
nfsuserd_flags - command line flags for nfsuserd
nfscbd_enable - set to "YES" to run the experimental nfs client's
NFSv4 callback daemon
nfscbd_flags - command line flags for nfscbd
Reviewed by: dougb
Approved by: kib (mentor)
and -delete (which implies depth-first traversal), avoid using -delete in
favour of -execdir.
This has a side-effect of not removing directories that contain files,
even if we delete all of those files, but IMHO that's a better option
than specifying all possible local filesystem types in this script.
PR: 122811
MFC after: 3 weeks
AUTO are deprecated.' There is no good reason to deprecate them, and
setting this to different values can be useful for custom solutions
and/or one-off configuration problems.
happen right after ypbind, and before anything that uses NIS. The only
change in rcorder accomplished by this patch is make that happen.
PR: conf/117555
Submitted by: John Marshall <john@rwsrv05.mby.riverwillow.net.au>
differently. The output now shows the ruleset and shortens to
slightly different text (using $daily_status_mail_rejects_shorten),
but it should be more descriptive.
PR: 35018
Inspired by: Mikhail Teterin - mi at aldan dot algebra dot com
MFC after: 3 weeks
so that the .h files in src/sys/fs/nfs will be installed under
/usr/include/fs/nfs. This will allow the following utilities to
build, once additions and changes for the experimental nfs subsystem
are committed:
usr.sbin/mountd - Once modified to add support for the
experimental nfs subsystem.
ur.sbin/nfsstat - Once modified to add support for the
experimental nfs subsystem.
usr.sbin/nfscbd - The client side callback daemon for NFSv4.
usr.sbin/nfsuserd - The NFSv4 user/group name<->uid/gid mapping daemon.
usr.sbin/nfsdumpstate - The NFSv4 utility for dumping open/lock state.
usr.sbin/nfsrevoke - The sysadmin command for revoking NFSv4 state.
Approved by: kib (mentor)
(localhost by default) can be successfully looked up. Off by default.
2. New feature: option to create a forwarder configuration file based on
the contents of /etc/resolv.conf. This allows you to utilize a local
resolver for better performance, less network traffic, custom zones, etc.
while still relying on the benefits of your local network resolver.
Off by default.
3. Add named-checkconf into the startup routine. This will prevent named
from trying to start in a situation where it would not be possible to do
so.
During bootup, if /etc/rc.d/savecore detects a core dump file
on the dump device, the core file will be saved, and the crashinfo
script will be run to generate a human-readable report.
This will make it easier for end-users to provide feedback to
developers about kernel crashes.
Reviewed by: jhb
arbitrary commands (outside the jail) associated with said events,
e.g. to bring up/down CARP interfaces representing services run in
jails.
Reviewed by: simon
is set and "natd_enable" is NOT set;
- Accept and pass firewall type to the external firewall script.
Submitted by: Yuri Kurenkov < y -dot- kurenkov -at- init -dot- ru >
MFC after: 3 days
No response from: freebsd-rc
sendmail / postfix etc. may fail to start because DNS is unavailable and /
or the server is unreachable. In the worst case, the machine may become
unusable.
Debugging this issue was far more difficult than it should have been, due
to earlier changes to the rc framework to hide almost all useful information
about the boot process.
Approved by: silence
Even though I increased the amount of pts(4) entries in /etc/ttys some
time ago, I didn't realize back then those entries shouldn't have been
there in the first place.
I just looked at the getttyent() source code and it turns out when you
call setttyent(), it walks through /dev/pts and looks for the device
with the highest number. After you receive EOF's from getttyent(), it
makes up entries for pts(4) devices.
This means that adding entries for pts(4) is somewhat harmful, because
if you now traverse the list, you get redundant entries, so just remove
them.
the jail case specifically. In case we find a proper pre-seeded
devfs in the chroot path (mounted from the base system) permit
starting chrooted else give proper warn/error messages.
PR: conf/103489
Reviewed by: dougb
MFC after: 5 days
time to boot an unplugged system 30 sec. longer for no good reason. Therefore,
add a check to make sure that any DHCP interfaces are plugged in before
waiting.
o no need for special country codes; it's sufficient to use the sku
o no need to specify bands w/ 2.4G frequencies, use the real values
o remove duplicate band specs
the -g and -q options. They do a slightly different thing and
both are necessary when the time difference is large.
Noticed by: danger, in the forums
Approved by: roberto
MFC after: 1 week
Note: this is only really necessary because of the ifconfig
logic to add/remove the jail IPs upon start/stop.
Consensus among simon and I is that the logic should
really be factored out from the startup script and put
into a proper management solution.
- We now support starting of no-IP jails.
- Remove the global jail_<jname>_netmask option as it is only
helpful to set netmasks/prefixes for the right address
family and per address.
- Implement jail_<jname>_ip options to support both
address familes with regard to ifconfig logic.
- Implement _multi<n> support suffix to the jail_<jname>_ip
option to configure additional addresses to avoid overlong,
unreadbale jail_<jname>_ip lines with lots of addresses.
Submitted by: initial work from Ruben van Staveren
Discussed on: freebsd-jail in Nov 2008.
Reviewed by: simon, ru (partial, older version)
MFC after: 1 week
rcshutdown_timeout (normally 30s) around re-parented to init, make
sure both go away using pkill -P.
While noone normally notices this for the system shutdown, it helps for
cleanly shutting down trusted jails.
Found without a killall in the base system, which in rc.d/jail normally
ensures that all processes of a jail to be stopped will be killed.
Reviewed by: silence on current@
MFC after: 4 weeks
the suggested ruleset[1].
While here use an IP from the 'test-net' prefix for docs.
PR: kern/130102 ([1] different problem in the end)
Reviewed by: simon
MFC after: 2 weeks
easier to maintain custom rules for non-system things like ACPI hotkeys.
/etc/devd.conf is already set up to check this directory, no change needed there.
newline when it fails to obtain an address via DHCP. This made the next
rc script begin its output on the same line.
PR: conf
Submitted by: Bruce Cran <bruce at cran dot org dot uk>
MFC after: 3 days
it does come back it would probably be better if users who were interested
in slip added appropriate lines instead of this being here unconditionally.
Reminded by: tut <at> nhamon <dot> com <dot> ua
does ever come back it's probably best if its log file be something that
gets added if the user decided they want to run slip instead of having
it here unconditionally.
src/sys/dev/usb2/core/usbdevs
src/sys/dev/usb2/include/urio2_ioctl.h
src/sys/dev/usb2/storage/ustorage2_fs.h
These files are not used any more.
src/usr.sbin/Makefile
src/etc/mtree/BSD.include.dist
src/include/Makefile
src/lib/Makefile
src/share/man/man7/hier.7
src/share/mk/bsd.libnames.mk
src/etc/mtree/BSD.include.dist
Make "usbconfig" and "libusb20" a part of the default build.
src/sys/dev/usb/rio500_usb.h
src/sys/dev/usb2/storage/urio2.c
Use common include file.
src/sys/dev/usb2/bluetooth/ng_ubt2.c
Make USB bluetooth depend on "ng_hci" module.
src/sys/dev/usb2/controller/ehci2.c
src/sys/dev/usb2/controller/ehci2.h
Patches for Marvell EHCI.
src/sys/dev/usb2/core/usb2_busdma.c
Bugfix for 64-bit platforms. Need to unload the previously loaded DMA
map and some cleanup regarding some corner cases.
src/sys/dev/usb2/core/usb2_core.h
src/sys/dev/usb2/core/usb2_dev.c
src/sys/dev/usb2/core/usb2_dev.h
Bugfix for libusb filesystem interface.
New feature: Add support for filtering device data at the expense of the
userland process.
Add some more comments.
Some minor code styling.
Remove unused function, usb2_fifo_get_data_next().
Fix an issue about "fifo_index" being used instead of "ep_index".
src/sys/dev/usb2/core/usb2_device.c
src/sys/dev/usb2/core/usb2_generic.c
Bugfix for Linux USB compat layer. Do not free non-generic FIFOs when
doing an alternate setting.
Cleanup USB IOCTL and USB reference handling.
Fix a corner case where USB-FS was left initialised after
setting a new configuration or alternate setting.
src/sys/dev/usb2/core/usb2_hub.c
Improvement: Check all USB HUB ports by default at least one time.
src/sys/dev/usb2/core/usb2_request.c
Bugfix: Make sure destination ASCII string is properly zero terminated
in all cases.
Improvement: Skip invalid characters instead of replacing with a dot.
src/sys/dev/usb2/core/usb2_util.c
src/sys/dev/usb2/image/uscanner2.c
Spelling.
src/sys/dev/usb2/include/Makefile
Share "usbdevs" with the old USB stack.
src/sys/dev/usb2/include/usb2_devid.h
src/sys/dev/usb2/include/usb2_devtable.h
Regenerate files.
Alfred: Please fix the RCS tag at the top.
src/sys/dev/usb2/include/usb2_ioctl.h
Fix compilation of "kdump".
src/sys/dev/usb2/serial/ubsa2.c
src/sys/dev/usb2/serial/ugensa2.c
Remove device ID's which will end up in a new 3G driver.
src/sys/dev/usb2/sound/uaudio2.c
Correct a debug printout.
src/sys/dev/usb2/storage/umass2.c
Sync with old USB stack.
src/lib/libusb20/libusb20.3
Add more documentation.
src/lib/libusb20/libusb20.c
Various bugfixes and improvements.
src/usr.sbin/usbconfig/dump.c
src/usr.sbin/usbconfig/usbconfig.c
New commands for dumping strings and doing custom USB requests from
the command line.
Remove keyword requirements from generated files:
"head/sys/dev/usb2/include/usb2_devid.h"
"head/sys/dev/usb2/include/usb2_devtable.h"
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
but there won't be one so root won't be able to login; edit the installed
file to use /bin/sh in this case.
o while here split csh-related files apart from sh and only install them
when requested
I noticed on a system at home that restarting named(8) causes the
/var/named/dev mount to be moved to the bottom of the mount list,
because it gets remounted. When I received the daily security email this
morning, I was quite amazed to see that the security report listed the
differences, while it was nothing out of the ordinary.
If we just throw the `mount -p' output through sort(1), we'll only
receive notifications about changes to mounts if something has really
changed.
control over the result of buildworld and installworld; this especially
helps packaging systems such as nanobsd
Reviewed by: various (posted to arch)
MFC after: 1 month
This allows the location of the configuration data to be relocated
within the filesystem containing it. A nullfs mount is used in order
to achieve this.
Obtained from: XORP, Inc.
As discussed with Robert Watson on the src-committers list, it is safer
to keep at least some pty(4) entries in /etc/ttys, for applications that
roll their own PTY allocation routine and only search for BSD-style
PTY's.
This means we've now just toggled the amount of entries for pts(4) and
pty(4).
Requested by: rwatson
Because we now use pts(4)-style PTY's exclusively, there is no use for
these entries in /etc/ttys. Right now the pts(4) entries only go from 0
to 255. Because we're going to touch these files anyway, increase the
number to 511.
Discussed with: philip (ex-mentor)
The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:
- Improved driver model:
The old TTY layer has a driver model that is not abstract enough to
make it friendly to use. A good example is the output path, where the
device drivers directly access the output buffers. This means that an
in-kernel PPP implementation must always convert network buffers into
TTY buffers.
If a PPP implementation would be built on top of the new TTY layer
(still needs a hooks layer, though), it would allow the PPP
implementation to directly hand the data to the TTY driver.
- Improved hotplugging:
With the old TTY layer, it isn't entirely safe to destroy TTY's from
the system. This implementation has a two-step destructing design,
where the driver first abandons the TTY. After all threads have left
the TTY, the TTY layer calls a routine in the driver, which can be
used to free resources (unit numbers, etc).
The pts(4) driver also implements this feature, which means
posix_openpt() will now return PTY's that are created on the fly.
- Improved performance:
One of the major improvements is the per-TTY mutex, which is expected
to improve scalability when compared to the old Giant locking.
Another change is the unbuffered copying to userspace, which is both
used on TTY device nodes and PTY masters.
Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.
Obtained from: //depot/projects/mpsafetty/...
Approved by: philip (ex-mentor)
Discussed: on the lists, at BSDCan, at the DevSummit
Sponsored by: Snow B.V., the Netherlands
dcons(4) fixed by: kan
"workstation" firewall types to be set from rc.conf so that rc.firewall
no longer needs local patching to be usable for those types. For now
I've set the variables in /etc/defaults/rc.conf to the previous defaults
in /etc/rc.firewall.
PR: bin/65258
Submitted by: Valentin Nechayev netch of netch.kiev.ua
Silence from: net
MFC after: 2 weeks
and "mask" variables into a single "net" variable that contains a full
network address (including either a netmask or prefix length at the user's
choice). Update the example settings to match.
MFC after: 2 weeks
- don't run it if net.inet.ip.fw.verbose = 0 as it is pointless
- handle rules without logging limit correctly [1]
(those rules show up without logamount in "ipfw -a list")
PR: conf/126060 [1]
MFC after: 1 month
to allow them to do a "clean" shutdown.
I purposely avoided making changes to network-related stuff since the
system shutting down is pretty conclusive, and there may be complicated
dependencies on the network that I would rather not try to unravel.
I also skipped kerberos-related stuff for the reasons above, and
because I have no way to test it.
The uart(4) driver has the advantage of supporting a wider variety of
hardware on a greater amount of platforms. This driver has already been
the standard on platforms such as ia64, powerpc and sparc64.
I've decided not to change anything on pc98. I'd rather let people from
the pc98 team look at this.
Approved by: philip (mentor), marcel
Give a better example if a user absolutely must use this option, and
suggest they pick something from the ephemeral port range rather than
port 53. This means that the example will not work if it is merely
uncommented, but this will hopefully encourage users to read the comment.
This includes hotkeys support and sysctl variables to control camera
and card reader. These new sysctls don't have CTFLAG_ANYBODY set.
While there add entries to devd.conf related to the Eee volume keys.
Reviewed by: phillip
MFC after: 1 week
Also tested by: lme (previous version)
others. In the case where it displayed warnings it would still return
succesfully. Modify it so that it returns the number of sysctls that
it was not able to set.
Make use of this in rc.d to display only *unsuccessfull* attempts to
set sysctls.
the interface name of interfaces that were configured.
This change has the added benefit that ifn_start() and
ifn_stop() in network.subr no longer write to standard output.
Whether to output and what to output is now handled entirely
in rc.d/netif.
service behind $rc_quiet. Instead, output a warning if the pre-command
routine or the command itself failed. Arguably, it's more useful to know when
a command failed to start than it is to have an endless list of
"Starting ...." lines[1].
[1] - This change actually helped me to discover a bug in rc.d/{lockd,statd}
(fixed in r179941) that used to fail silently before.