Commit Graph

5087 Commits

Author SHA1 Message Date
Xin LI
510a00dc93 root 2008-03-11 17:20:34 +00:00
Mike Makonnen
f2e7477d21 The check for errors from the mount command did not work as intended
because another command (echo) is executed between the mount command
and the check.

Reported by: Sergey Baturov <sergey@toor.org.ru>
MFC after: 2 weeks
2008-03-06 14:39:33 +00:00
Mike Makonnen
0ffc99e80d The rarpd(8) daemon must be instructed to start on all interfaces or a
specific one. Instruct it to listen on all interfaces so that enabling
it in rc.conf(5) works "out of the box."

PR:	conf/121406
Submited by: trasz
MFC after: 1 week
2008-03-06 14:01:10 +00:00
Brooks Davis
ae2edb2af1 Use the new command file feature of ddb(8) to support setting ddb(4)
scripts at boot.  This is currently disabled by default. /etc/ddb.conf
contains some potentially reasonable default scripts.

PR:		conf/119995
Submitted by:	Scot Hetzel <swhetzel at gmail dot com> (Earlier version)
X-MFC after:	textdumps
2008-03-05 18:32:58 +00:00
Gregory Neil Shapiro
1bb3032058 Fix quoting for the dnsbl example -- m4 misparses quoted strings with
commas due to our deconstruction of the line in cf/feature/dnsbl.m4.

PR:		120038
Submitted by:	mattijs vreeling
MFC after:	1 week
2008-02-17 05:38:29 +00:00
Gregory Neil Shapiro
2c8f5e0c3e Use better examples (and comment them out for safety).
PR:             118837
Submitted by:   Matthew Seaman
MFC after:      1 week
2008-02-17 05:22:08 +00:00
Doug Barton
4a4e965247 From the 4 February 2008 update:
IPv6 addresses for 6 of the root name servers!
2008-02-07 06:28:02 +00:00
Dag-Erling Smørgrav
43085e37e4 Eliminate xargs in favor of find -exec {} + 2008-02-03 00:33:05 +00:00
Dag-Erling Smørgrav
a4afe9200c Rewrite to consume significantly less memory, by using find -s instead of
find | sort.  As a bonus, this simplifies the logic considerably.  Also
remove the bogus "overruning the args to ls" comment and the corresponding
"-n 20" argument to xargs; the whole point with xargs is precisely that it
knows how large the argument list can safely get.

Note that the first run of the updated script may hypotheticall produce
false positives due to differences between find's and sort's sorting
algorithm.  I haven't seen this during testing, but others might.

MFC after:	2 weeks
2008-02-02 12:27:37 +00:00
Brooks Davis
983daa047f When the state of the interface changes rapidly enough (usually due to
rapid wireless association changes in my experience), there is a race
where dhclient is in the process of exiting due to the link going down
when the link coming up causes devd to try and start a new one.  This
results is the link being up, but no dhclient running.

Work around this race by checking a second time after a one second delay
before refusing to start a dhclient instance due to one already being
running.

MFC after:	1 week
2008-02-01 23:43:58 +00:00
Mike Makonnen
82e9dc59ce Add a dummynet_enable knob to go with firewall_enable. If this knob
is enabled dummynet(4) is added to the list of required modules.

Discussed on:	#freebsd-bugbusters (rwatson, trhodes)
PR:		conf/79196
MFC after:	1 week
2008-01-27 15:15:12 +00:00
Mike Makonnen
73981c381a Clarify that devfs_system_ruleset should contain a name, not a number.
Prompted by PR conf/85363

MFC after: 3 days
2008-01-27 13:45:20 +00:00
Mike Makonnen
ae4d6ea88f Generally, anything that runs rc.d scripts internally should
start using the quiet prefix (i.e. quietstart, quietstop, etc...).
2008-01-26 14:02:19 +00:00
Mike Makonnen
8511b3cb47 Generally, anything that runs rc.d scripts internally should
start using the quiet prefix (i.e. quietstart, quietstop, etc...).
2008-01-26 13:50:38 +00:00
Mike Makonnen
016cb0ba87 Use 'quietstart' so as not to get spammed with informational diagnostics. 2008-01-26 13:37:48 +00:00
Mike Makonnen
a850398f3b Re-implement: do not silently fail when a command is not carried
out because the rc.conf(5) variable was not enabled. Display a
message that the command wasn't run and offer suggestions on
what the user can do.

Implement a quiet prefix, which will disable some diagnostics. The
fast prefix also implies quiet. During boot we use either fast or
quiet. For shutdown we already use 'faststop'. So, this informational
message should only appear during interactive use.

An additional benefit of having a quiet prefix is that we can start
putting some of our diagnostic messages behind this knob and start
"de-cluttering" the console during boot and shutdown.
2008-01-26 11:22:12 +00:00
Mike Makonnen
581487018d Backout previous commit. It's going to clutter the console
during boot and shutdown. I think I'll hide it behind autoboot or
maybe take brooks@ suggestion and implement a different command
prefix for booting/shutdown purposes, but in any case it needs more
thought and attention.

Noticed by: ceri
Pointyhat to: mtm
2008-01-25 16:44:34 +00:00
Mike Makonnen
0908cccf90 If the rc.conf(5) variable for a script is not enabled do not fail
silently. Display a message that the command wasn't run and make
possible suggestions for what to do.

PR:	   conf/118770
MFC after: 1 week
2008-01-25 15:06:26 +00:00
Mike Makonnen
c3ff913134 Rev. 1.6 made it impossible to use rc.d/kerberos with the krb5 port.
Re-implement the change so that the script once again works with
the krb5 port.

Submitted by: kensmith (slightly modified)
MFC after: 3 days
2008-01-25 05:23:01 +00:00
Ruslan Ermilov
e57918352b Shorter equivalent of the command. 2008-01-24 07:04:12 +00:00
Rong-En Fan
8602063e3c Improve kernel NAT support in rc.firewall
- Allow IP in firewall_nat_interface, just like natd_interface
- Allow additional configuration parameters passed to ipfw via
  firewall_nat_flags
- Document firewall_nat_* in defaults/rc.conf

Tested by:	Albert B. Wang <abwang at gmail.com>
MFC after:	1 month
2008-01-21 04:41:18 +00:00
Simon L. B. Nielsen
ce4c63c52a Add warning about this script dealing with untrusted data.
MFC after:	1 week
2008-01-13 14:27:53 +00:00
Maxim Konovalov
2123fbe6cd o From the Problem Report: the TCP_DROP_SYNFIN kernel option is now
included in the kernel by default.  Remove reference to this option
from defaults/rc.conf and rc.conf(5).

PR:		conf/119098
Submitted by:	Beat Gaetzi
MFC after:	1 week
2008-01-12 20:52:30 +00:00
Maxim Konovalov
991eaf3af4 o Correct an info about "Firewalls and Internet Security" book: name,
authors list, ISBN, URLs.

PR:		conf/119590
MFC after:	1 week
2008-01-12 19:02:09 +00:00
Doug Barton
d207e3a35c Remove from the default empty zone list zones that, unlike the others,
could theoretically be allocated one day.
2008-01-11 22:41:21 +00:00
Diomidis Spinellis
f029c53a5c A new configuration variable, daily_status_mail_rejects_shorten, allows
the rejected mail reports to tally the rejects per blacklist without
providing details about individual sender hosts.  The default configuration
keeps the reports in their original form.

MFC after:	1 week
2008-01-08 07:22:43 +00:00
Doug Barton
0079ea2086 Update pkg_version_index to INDEX-8 2007-12-20 20:37:22 +00:00
John Baldwin
af14f69c40 Only pass paths to directories or config files that exist for ldconfig for
32-bit binaries.

MFC after:	3 days
2007-12-13 00:51:01 +00:00
Doug Barton
d6128b96d7 Add an empty stop_cmd to the remaining scripts that don't start
daemons and don't already have one.
2007-12-08 23:00:28 +00:00
Doug Barton
716df058ef Remove a meaningless KEYWORD 2007-12-08 22:40:31 +00:00
Doug Barton
b9070edf0f Remove the bootconf.sh script. It was never used on FreeBSD, and was
removed from the Makefile in version 1.5 (2002/09/02) but never GC'ed.
2007-12-08 22:33:11 +00:00
Doug Barton
9aaedf216b Remove spurious # marks to be more consistent with existing style. 2007-12-08 22:27:18 +00:00
Doug Barton
da1c1367ff Remove empty REQUIRE line 2007-12-08 22:26:30 +00:00
Doug Barton
e3c46a3332 Remove $NetBSD$ CVS tags. We no longer attempt to synch our rc.d files
with theirs, so this information doesn't need to be in the live file.
Having it in our CVS history is enough.
2007-12-08 07:20:23 +00:00
Colin Percival
095daa921a Add /root/, /.cshrc, and /.profile to the default UpdateIfUnmodified
directive.  Users get irritated if FreeBSD Update steps on these while
upgrading to a new release.

MFC after:	3 days
2007-11-28 22:45:09 +00:00
John Baldwin
cb2482de6b Don't delete files in the X11 socket directories under /tmp (.X11-unix,
.ICE-unix, .font-unix, .XIM-unix) when purging files from /tmp via the
daily 100.clean-tmps job.  If you are logged into an X session longer
than the timeout period (default of 3 days), then this job can delete
the X11 sockets out from under the session without this fix.

MFC after:	3 days
2007-11-28 17:31:11 +00:00
John Baldwin
9f0c02d425 Update the shlib version for libgssapi_krb5. This file needs to be updated
anytime that library version is bumped.

XXX: I wonder if this breaks any 6.x binaries using Kerberos5 via GSSAPI.
2007-11-27 21:47:56 +00:00
Ruslan Ermilov
5f3a6945d4 Also check setuid executables on ZFS. 2007-11-23 13:00:31 +00:00
John Baldwin
790c2471b9 Bump up the number of ttys supported by pty(4) to 512 by making use of
[pt]ty[lmnoLMNO][0-9a-v].

MFC after:	3 days
Reviewed by:	rwatson
2007-11-19 20:49:42 +00:00
Robert Watson
dc08061ccd Add ttys lines for pts/0-pts/255.
MFC after:	3 days
2007-11-15 16:22:59 +00:00
Henrik Brix Andersen
4ec59b0317 Add reload functionality.
PR:		conf/116659
Approved by:	sam, erwin (mentor)
2007-11-14 21:19:15 +00:00
Colin Percival
db6b0a619f Add support for "freebsd-update -r newrelease upgrade" -- binary
upgrading to new releases.  Important parts of this code include
 * automatically determining which optional components (e.g., src,
info, proflibs) are installed.
 * merging changes in files which are modified locally and have
changed between the currently running and new release.
 * prompting the user to rebuild all 3rd party software before
deleting old shared libraries.

Yes, this is compatible with "freebsd-update rollback" -- you can
test a new -BETA and roll back to the old release if you don't
like it.

Subject to re@ approval, this will be MFCed before 7.0-BETA3 and
6.3-RC1.

MFC after:	2 days
2007-11-12 04:47:57 +00:00
Max Laier
42a227f8ba Update pf examples from OpenBSD to catch up with new stateful defaults and
other syntax changes.  Move pf.conf from /etc to examples, too.
2007-11-11 01:16:51 +00:00
Sam Leffler
dd85d6d345 spaces are preferred to tabs
Noted by:	simon
2007-11-10 22:47:46 +00:00
Sam Leffler
e57bb31acd add wpa_supplicant + hostapd directories to examples
MFC after:	1 week
2007-11-10 20:23:07 +00:00
Benjamin Close
037347714a Link wpi(4) into the build.
This includes:
    o mtree (for legal/intel_wpi)
    o manpage for i386/amd64 archs
    o module for i386/amd64 archs
    o NOTES for i386/amd64 archs

Approved by: mlaier (comentor)
2007-11-08 22:09:37 +00:00
Warner Losh
7cd2389835 Another vestige of OLDCARD that needs to be retired.
Prodded by: jhb@
2007-11-08 17:41:35 +00:00
Andrew Thompson
5090437236 Change wpa_supplicant to down the interface at the start of the init routine.
wpa_supplicant expects that it has exclusive access to the net80211 state so
when its starts poking in the WEP/WPA settings and the card is already
scanning it can cause net80211 to try and associate incorrectly with a
protected AP.

This is an inconvenience for firmware based cards such as iwi where it can be
sent an auth instruction with incomplete security info and cause a firmware
error.

Remove the 'ifconfig up' from network.subr since wpa_supplicant will
immediately down the interface again.

Reported by:	Guy Helmer (and others)
Reviewed by:	sam, brooks, avatar
MFC after:	3 days
2007-11-05 06:13:07 +00:00
Doug Barton
8003dd03de Update to the 1 November 2007 version of this file. The change
is to the address of l.root-servers.net, which is moving to a
new /24 in order to enable anycast routing down the road.
2007-11-02 22:37:15 +00:00
Yaroslav Tykhiy
e0cb3d9c5c Add support for `make -nn' dry runs to this makefile. Basically,
it's just a matter of adding a `${_+_}' prefix before each submake
invokation.  This allows a dry run to proceed down to, but not
including, leaf commands.  (See <sys.mk> for how ${_+_} is set
depending on the number of -n flags.)
2007-10-29 07:37:08 +00:00
Mike Makonnen
99e95e553c Nuke rc.d/nfslocking which has been superceeded by rc.d/{lockd,statd} 2007-10-25 18:10:05 +00:00
Mike Makonnen
815ac6842e Remove unnecessary whitespace 2007-10-25 16:59:06 +00:00
Doug Barton
3c9471138e 1. Determine the location of the rndc* binaries relative to $command
so that when using named from the ports (or elsewhere) the proper rndc*
commands will be run.

2. Rework the stop routine using ideas from brooks and delphij.
Specifically I am duplicating a lot of code from rc.subr's stop routine
so that this one will behave more like the one in rc.subr, but use rndc
to kill the daemon (or regular kill if that fails). This also avoids
the problems related to using killall if rndc fails, which is bad if
you're running more than one named on the same box.

3. Take a concept from gshapiro and allow the rndc.key file to be
owned by root OR the named_uid user.

Although I used different solutions, this commit handles issues raised in:
PR:	conf/73929
PR:	conf/103976
PR:	conf/109409
2007-10-22 09:38:44 +00:00
Mike Makonnen
1131159255 The amd_map_program knob can potentially contain a command whose output
is then used as an argument to the amd program. This outpu may contain
newlines, but the script did not take care to strip those newlines before
apending it to rc_flags. Revision 1.72 of rc.subr(8) introduced changes that
exposed this problem (specifically putting the final eval'ed command in
quotes).[1]

Also, for correctness' sake, shell directives appended to the command-line
by the script should go into command_args, and not appended directly
to rc_flags.

Reported by:	John E Hein <jhein@timing.com> [1]
Tested by:	John E Hein <jhein@timing.com>
MFC after:	1 week
2007-10-19 22:55:42 +00:00
Mike Makonnen
3b55b5fc42 Partial backout of rev. 1.6, but instead of putting kerberos5_server_flags
back in command_args, put it where rc.subr(8) expects it: kerberos5_flags.
2007-10-19 08:59:59 +00:00
Maksim Yevmenkin
69204f46de Teach /etc/rc.d/ppp how to start/stop individual instances
of ppp. This is an extension of previous commit.

Submitted by:	Yuri Kurenkov < y dot kurenkov at init dot ru >
Reviewed by:	mtm
MFC after:	3 days
2007-10-18 17:10:40 +00:00
Michael Bushkov
e83df45f27 Removing obsolete etc/cached.conf.
Approved by:	brooks (mentor)
2007-10-18 09:09:22 +00:00
Michael Bushkov
0f3c4f0fac Forced commit to note cached.conf -> nscd.conf repocopy. etc/Makefile
changed accordingly.

Approved by:	brooks (mentor)
2007-10-18 08:26:20 +00:00
Alexander Leidinger
9f05d312b3 Backout sensors framework.
Requested by:	phk
Discussed on:	cvs-all
2007-10-15 20:00:24 +00:00
Alexander Leidinger
99f6b270e3 Import OpenBSD's sysctl hardware sensors framework.
This commit includes the following core components:

 * sample configuration file for sensorsd
 * rc(8) script and glue code for sensorsd(8)
 * sysctl(3) doc fixes for CTL_HW tree
 * sysctl(3) documentation for hardware sensors
 * sysctl(8) documentation for hardware sensors
 * support for the sensor structure for sysctl(8)
 * rc.conf(5) documentation for starting sensorsd(8)
 * sensor_attach(9) et al documentation
 * /sys/kern/kern_sensors.c
   o sensor_attach(9) API for drivers to register ksensors
   o sensor_task_register(9) API for the update task
   o sysctl(3) glue code
   o hw.sensors shadow tree for sysctl(8) internal magic
 * <sys/sensors.h>
 * HW_SENSORS definition for <sys/sysctl.h>
 * sensors display for systat(1), including documentation
 * sensorsd(8) and all applicable documentation

The userland part of the framework is entirely source-code
compatible with OpenBSD 4.1, 4.2 and  -current as of today.

All sensor readings can be viewed with `sysctl hw.sensors`,
monitored in semi-realtime with `systat -sensors` and also
logged with `sensorsd`.

Submitted by:	Constantine A. Murenin <cnst@FreeBSD.org>
Sponsored by:	Google Summer of Code 2007 (GSoC2007/cnst-sensors)
Mentored by:	syrinx
Tested by:	many
OKed by:	kensmith
Obtained from:	OpenBSD (parts)
2007-10-14 10:45:31 +00:00
Maksim Yevmenkin
b1e50be2c6 Teach /etc/rc.d/ppp to start multiple instances of ppp.
ppp_profile variable can now contain multiple profiles.
Overrides for ppp mode and nat can go into ppp_$profile_mode
and ppp_$profile_nat variables respectively. If those are
not specified, defaults from ppp_mode and ppp_nat are used.

Submitted by:	Yuri Kurenkov < y dot kurenkov at init dot ru >
Reviewed by:	mtm
MFC after:	1 week
2007-10-12 16:35:36 +00:00
Christian S.J. Peron
4c5ada1230 Add pts/pty to the un-hidden devices for logins. This un-breaks
logins to jailed environments when the system is using PTS style
ptys (kern.pts.enable=1).

Discussed with:	rwatson
MFc after:	1 week
2007-10-12 14:55:41 +00:00
Doug Barton
b5ed5226dd Deprecate use of the early.sh script as advertised when the support for
local rc.d scripts in the overall boot order was added.

Proper rc.d scripts are run by rc.subr in a subshell, whereas scripts that
end in .sh are sourced into rc's shell. The latter has potential to create
serious boot problems, and there is no reason that the same functionality
cannot be added by the user in the form of a proper rc.d script (as
opposed to being added by the user in the form of /etc/rc.early).

This script will be removed prior to the 8.0 branch.

Approved by:	re (kensmith)
2007-10-09 07:30:14 +00:00
Doug Barton
416c130ca1 Remove pre-rc.d compatibility shims that were added before the 5.0 branch
for pre-5.0 variable names.

Remove two dhcp compatibility variables added after the 5.1-RELEASE.

Remove the now-unused support for these shims.

Approved by:	re (kensmith)
2007-10-09 07:20:44 +00:00
Ruslan Ermilov
3c03a2300b Sort as per README.
Approved by:	re (kensmith)
2007-10-03 05:51:20 +00:00
Ruslan Ermilov
51a8a564d5 Removed "tail +5" from the command used to sanity check changes to
mtree files -- the 5-line header is no longer printed when mtree(8)
is run with -n (as of mtree/create.c,v 1.34).

Approved by:	re (kensmith)
2007-10-03 05:44:27 +00:00
Michael Bushkov
1035d0cb65 Removing obsolete cached files after cached->nscd renaming.
Approved by:	re (kensmith), brooks (mentor)
2007-10-02 07:51:43 +00:00
Michael Bushkov
c97fe77db3 Finishing renaming of cached into nscd. etc/rc.d and usr.sbin/Makefile
updated. Note added to UPDATING.

Approved by:	re (kensmith, bmah), brooks (mentor)
2007-09-28 10:38:08 +00:00
Pawel Jakub Dawidek
f854db0bf5 Bring in the GEOM Virtualisation class, which allows to create huge GEOM
providers with limited physical storage and add physical storage as
needed.

Submitted by:	Ivan Voras
Sponsored by:	Google Summer of Code 2006
Approved by:	re (kensmith)
2007-09-23 07:34:23 +00:00
Brooks Davis
65db91329e Use the udp protocol in favor of the nonexistant upd protocol in the
sge_execd entry.

Reported by:	emaste
Pointy hat to:	brooks
Approved by:	re (kensmith)
2007-09-21 01:26:00 +00:00
Michael Reifenberger
fadab45370 Add IANA assigned iscsi-target port as its the default port
according RFC 3720.

Approved by:	re (bmah)
2007-09-08 08:56:01 +00:00
Max Laier
ff72ebb1ba Add the startup script for ftp-proxy(8) to the Makefile as well.
Approved by:	re (bmah - implicit)
Reminded by:	mtm
2007-09-07 15:44:09 +00:00
Max Laier
cb3ab5e31a Add a startup script for ftp-proxy(8) now that it is no longer started as
part of inetd(8).

Approved by:	re (bmah)
Reviewed by:	freebsd-rc (a while back)
Reminded by:	kevlo
2007-09-06 21:00:48 +00:00
Brooks Davis
91c0813e7d Add service entries for Sun Grid Engine's qmaster and execution service
as per IANA assignments to simplify the installation of the sysutils/sge
port.

Approved by:	re (bmah)
2007-09-06 19:04:47 +00:00
Mike Makonnen
5060bcfacd Start lockd after statd.
Approved by:	re (bmah)
Noticed by:	Ted Faber <faber@ISI.EDU>
2007-09-03 02:02:31 +00:00
Matteo Riondato
63f45c4bdf sleep 2 seconds after having loaded g_uzip.ko. We need this because
otherwise the /dev/mdX.uzip won't be created immediately, which is
needed because we issue a mount right afterwards.

Approved by:	re@ (bmah@)
MFC after:	2 days
2007-08-25 00:19:17 +00:00
Mike Makonnen
33eba7d495 My forced commit to note the repo-copy (naturally) changed the $FreeBSD$ keyword line,
so that when I applied the patch to my check-in tree the top half of my patch failed to
apply.  Off course I saw what I *expected* to see (the bottom half succeeded) and
didn't notice that it had failed to apply cleanly.

Approved by: re (bmah)
2007-08-18 04:08:53 +00:00
Mike Makonnen
6ee326fe2f The rc.d/nfslocking file controls two servers: rpc.statd and rpc.lockd. It worked well
in most cases, except one. The 'restart' case was not working as expected. Specifically,
it would stop both lockd and statd, but it would restart only statd (which appears first
in the script). This is because rc.subr(8) contains code to guard against infinite
recursion in the 'restart' casae.

To fix this use the traditional approach of controlling only one server from one script by
breaking out rc.d/nfslocking into its contituent parts: rc.d/lockd and rc.d/statd. Keep
rc.d/nfslocking around but don't include it in the boot rcorder(8)ing.

PR:	     conf/107316
Approved by: re (bmah)
MFC after:   2 weeks
2007-08-17 07:58:26 +00:00
Doug Barton
f183dbca4f 1. Remove root name servers from the list of possible masters in the
commented out example who have either not responded, or specifically
asked not to participate because they do not view AXFR as "a production
service."

2. Add f.root-servers.net to the example after confirmation from
Paul Vixie.

3. Add a warning to the commented out "root zone slave" example to the
effect that it requires more attention than a hints file, and provides
more benefit to larger sites than individual hosts.

4. Correct a typo copied from RFC 2544 which was corrected in a later
errata, and confirmed in RFC 3330. Update the comment to reflect that
RFC 3330 got it right and to avoid confusion down the road. 3330 also
contains a reference back to 2544 for anyone interested in pursuing the
history. [1]

PR:             conf/115573 [1]
Submitted by:   Oliver Fromme <olli@secnetix.de> [1]

Approved by:	re (kensmith)
2007-08-17 04:37:02 +00:00
Olivier Houchard
77912eb26b Use ttyu instead of ttyd for arm, since we will probably never use sio(4).
Approved by:	re (blanket)
2007-08-12 17:13:06 +00:00
Michael Bushkov
db1bdf2b02 - Renaming repocopied cached to nscd
Approved by:	re (kensmith), brooks (mentor)
2007-08-09 13:06:12 +00:00
Doug Barton
1c24b5458d 1. Move the disable-empty-zone stuff down below the first 25 lines so
that the listen-on stuff floats up to the first "page" of text. This
makes it very obvious what's going on so that someone trying to enable
a server for use on a network can easily see how to do that.

2. Change the default behavior back to using a hint zone for the root.

3. Leave the root slave zone config as a commented out example.

4. Remove the B and F root servers from the example at the request of
their operators.

Requested by:	he-who-must-not-be-named [1]
Requested by:	many [2]

Approved by:	re (rwatson)
2007-08-02 09:18:53 +00:00
John Baldwin
f2c789a923 Require 'cleanvar' so that files and sockets created in /var/run by
wpa_supplicant and other programs started by 'netif' don't get erased
by a subsequent 'cleanvar'.

Approved by:	re (bmah)
Reviewed by:	dougb
MFC after:	1 week
2007-07-25 18:08:01 +00:00
Scott Long
039886f83f Fix a whitespace mistake from the last commit.
Submitted by: far too many to list
Approved by: re
2007-07-25 13:37:33 +00:00
Scott Long
c5933b2086 Introduce Danny Braniss' iSCSI initiator, version 2.0.99. Please read the
included man pages on how to use it.  This code is still somewhat experimental
but has been successfully tested on a number of targets.  Many thanks to
Danny for contributing this.

Approved by: re
2007-07-24 15:35:02 +00:00
Robert Watson
2b851aeb63 Disconnect netatm from the build as it is not MPSAFE and relies on
NET_NEEDS_GIANT, which will shortly be removed.  This is done in a
away that it may be easily reattached to the build before 7.1 if
appropriate locking is added.  Specifics:

- Don't install netatm include files
- Disconnect netatm command line management tools
- Don't build libatm
- Don't include ATM parts in rescue or sysinstall
- Don't install sample configuration files and documents
- Don't build kernel support as a module or in NOTES
- Don't build netgraph wrapper nodes for netatm

This removes the last remaining consumer of NET_NEEDS_GIANT.

Reviewed by:	harti
Discussed with:	bz, bms
Approved by:	re (kensmith)
2007-07-14 21:49:24 +00:00
Warner Losh
b906fea63d Arm doesn't have GENERIC.hints, so don't install it if it doesn't exist.
Approved by: re (kensmith)
2007-07-13 14:28:10 +00:00
Bjoern A. Zeeb
9fa28ff687 I4B header files were repo-copied from sys/i386/include to
sys/i4b/include/ so they will be available to all architectures
once I4B compiles on those.

I4B header files are now installed in include/i4b/ and no longer
in include/machine/.

For now we still install the headers for i386 only.

Approved by:	re (kensmith)
2007-07-06 07:20:59 +00:00
Xin LI
c425727e97 Remove reference to the old ftp-proxy implementation,
which was replaced during the pf 4.1 import.

Approved by:	re (mux)
2007-07-05 09:46:53 +00:00
George V. Neville-Neil
8409aedfa6 Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re
2007-07-01 12:08:08 +00:00
Rong-En Fan
534046e301 - Remove UMAP filesystem. It was disconnected from build three years ago,
and it is seriously broken.

Discussed on:   freebsd-arch@
Approved by:	re (mux)
2007-06-25 05:06:57 +00:00
Nate Lawson
00a304487f Update the suspend/resume user API while maintaining backwards compat.
Improvements:
* /etc/rc.suspend,rc.resume are always run, no matter the source of the
  suspend request (user or kernel, apm or acpi)
* suspend now requires positive user acknowledgement.  If a user program
  wants to cancel the suspend, they can.  If one of the user programs
  hangs or doesn't respond within 10 seconds, the system suspends anyway.
* /dev/apm is clonable, allowing multiple listeners for suspend events.
  In the future, xorg-server can use this to be informed about suspend
  even if there are other listeners (i.e. apmd).

Changes:
* Two new ACPI ioctls:  REQSLPSTATE and ACKSLPSTATE.  Request begins the
  process of suspending by notifying all listeners.  acpi is monitored by
  devd(8) and /dev/apm listener(s) are also counted.  Users register their
  approval or disapproval via Ack.  If anyone disapproves, suspend is vetoed.
* Old user programs or kernel modules that used SETSLPSTATE continue to
  work.  A message is printed once that this interface is deprecated.
* acpiconf gains the -k flag to ack the suspend request.  This flag is
  undocumented on purpose since it's only used by /etc/rc.suspend.  It is
  not intended to be a permanent change and will be removed once a better
  power API is implemented.
* S5 (power off) is no longer supported via acpiconf -s 5 or apm -z/-Z.
  This restores previous behavior of halt/shutdown -p being the interface.
* Miscellaneous improvements to error reporting

Approved by:	re
2007-06-21 22:50:37 +00:00
Doug Barton
e56dafe630 Drop the default zones that are now covered by the new zones that
were added in the last revision.
2007-06-18 06:29:45 +00:00
Doug Barton
1de57a4c76 Bring our default named configuration more in line with current
best practices:

1. The old way of generating the localhost zones was not optimal both
because they did not exist by default, and because they were not really
aligned with BCP. There is no need to have the dynamic data that the
make-localhost script generated, and good reasons to do this more
"by the book."

2. In named.conf
	a. Clean up white space
	b. Add/clarify a few comments
	c. Slave zones from the root servers instead of using a hints
	file. This has several advantages, as described in the comments.
	d. Significantly revamp the default zones, including the
	forward localhost zone, and the reverse zones for IPv4 and IPv6
	loopback addresses. There are extensive comments describing what
	is included and why. Interested readers should take the time to
	review the RFCs mentioned in the comments. There is also relevant
	information about the motivations for hosting these zones in the
	"work in progress" Internet-Draft,
	http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
	or its successor.
	It's also worth noting that a significant number of these
	empty zones are already included by default in the named binary
	without any user configuration.
	e. Because we're including a lot of examples of both local
	forward zones and slave zones in the default configuration,
	eliminate some of those examples.

3. Add new localhost-{forward|reverse} zone files, and an "empty" zone
to support the changes in 2.d. above. The empty zone file isn't really
empty in order to avoid a warning from BIND about a zone file that
doesn't contain any A or AAAA records.
2007-06-18 05:58:23 +00:00
Doug Barton
bc998fd6f4 Add a namedb/master directory for the zone files I'm about to add,
and switch to the more "normal" way of installing files for the
namedb directory so that we can pick up the new subdir.
2007-06-18 05:44:38 +00:00
Yaroslav Tykhiy
997c6eefd8 Add PAM support to cron(8). Now cron(8) will skip commands scheduled
by unavailable accounts, e.g., those locked, expired, not allowed in at
the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
This applies to personal crontabs only, /etc/crontab is unaffected.

In other words, now the account management policy will apply to
commands scheduled by users via crontab(1) so that a user can no
longer use cron(8) to set up a delayed backdoor and run commands
during periods when the admin doesn't want him to.

The PAM check is done just before running a command, not when loading
a crontab, because accounts can get locked, expired, and re-enabled
any time with no changes to their crontabs.  E.g., imagine that you
provide a system with payed access, or better a cluster of such
systems with centralized account management via PAM.  When a user
pays for some days of access, you set his expire field respectively.
If the account expires before its owner pays more, its crontab
commands won't run until the next payment is made.  Then it'll be
enough to set the expire field in future for the commands to run
again.  And so on.

Document this change in the cron(8) manpage, which includes adding
a FILES section and touching the document date.

X-Security: should benefit as users have access to cron(8) by default
2007-06-17 17:25:53 +00:00
Yaroslav Tykhiy
553284d74a Add PAM support to atrun(8). 2007-06-15 12:02:16 +00:00
Yaroslav Tykhiy
b1cf245735 Locked out and expired accounts shouldn't be accessible via remote
mailbox protocols.  Add pam_unix to the `account' function class, too,
for imap and pop3 to actually implement this policy.
2007-06-15 11:33:13 +00:00
Yaroslav Tykhiy
2422857757 Split the FILES list across multiple lines as in rc.d/Makefile
so that the change history stays easily readable as the number
of PAM-aware services grows.
2007-06-15 11:22:10 +00:00
Gregory Neil Shapiro
2bc2025c44 Add a new rc.conf variable, sendmail_rebuild_aliases, which tells
/etc/rc.d/sendmail whether or not to run newaliases if the database
is missing or the aliases text file is newer than aliases.db.

In my opinion, the aliases file should never be automatically rebuilt.
The current text form could represent a work in progress.  Therefore,
in FreeBSD 7.0, this new option will default to "NO".  When this rc.d
change is MFC'ed, it will need to remain "YES" to maintain backward
compatibility.

PR:		conf/86252
Approved by:	re (kensmith)
MFC after:	3 days
2007-06-12 17:33:23 +00:00
Ceri Davies
3213dc8412 Create group ftp by default. This is gid 14 as this is the historical
id used by sysinstall when enabling anonymous FTP.

Change the default group used by sysinstall for setting up anonymous FTP
from operator to ftp; there is no reason to use operator and there are
potential security issues when doing so.

PR:		93284
Approved by:	ru (mentor)
Reviewed by:	simon
2007-06-11 18:36:39 +00:00
Yaroslav Tykhiy
9cd40e64b4 Now pam_nologin(8) will provide an account management function
instead of an authentication function.  There are a design reason
and a practical reason for that.  First, the module belongs in
account management because it checks availability of the account
and does no authentication.  Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.

Document this change in the manpage.

Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.

Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)

PR:		bin/112574
Approved by:	des, re
2007-06-10 18:57:20 +00:00
Yaroslav Tykhiy
039e8df3cf Be robust to a bogus script specification or contents
when figuring out what the real interpreter is for an
interpreted command.  That is, check whether we can read
the script file in the first place and, if so, make sure
we got a valid shebang line from it.
2007-06-04 11:39:35 +00:00
Doug Barton
ab512a8e4d Finish making resolv ordering deterministic by REQUIRE'ing it here. 2007-06-02 05:25:19 +00:00
Doug Barton
36617e509a Add REQUIRE netif to make ordering more deterministic, and to make sure
we have a fighting chance of having useful stuff from DHCP.

Tighten up the code a little, and fix whitespace issues.
2007-06-02 05:24:39 +00:00
Ruslan Ermilov
6969552de1 s/tabs/spaces/ 2007-06-01 18:53:36 +00:00
Doug Barton
9c933e2939 Remove more vestiges of /usr/X11R6, but leave mtree for portmgr. 2007-05-29 06:37:58 +00:00
Doug Barton
2c61a906a5 Remove X11R6 from the default PATH to join the new world order.
While I'm here, make the default PATH match that in the csh profile,
and login.conf.
2007-05-29 06:33:10 +00:00
Doug Barton
95f0e983b6 Now that a separate /usr/X11R6 directory is no longer in fashion,
stop looking there for things like rc.d and periodic. This avoids
duplicating effort when /usr/X11R6 is a symlink to /usr/local,
which it is by default now.

It is not anticipated at this time that we will MFC this change, since
we'd like to avoid breaking legacy systems. However, there is a fix for
/etc/rc.subr in the works to avoid running any rc.d scripts twice which
we should be able to MFC.
2007-05-29 06:22:14 +00:00
Ralf S. Engelschall
f31380b233 Fix indentation. 2007-05-24 06:01:06 +00:00
Ralf S. Engelschall
cc42bdd415 Remove two superfluous trailing semicolons. 2007-05-24 05:58:20 +00:00
Ralf S. Engelschall
b9b38f5d90 Remove two unnecessary and useless sub-shell constructs. 2007-05-24 05:54:37 +00:00
Andrew Thompson
ddf1c6facd Do not attempt to load the kernel module when checking if an interface exists.
This would cause pseudo network modules to be reloaded again when trying to
unload the first time if any cloned interfaces exist.

MFC after:	2 weeks
2007-05-23 00:18:44 +00:00
Ralf S. Engelschall
0d5b72b307 backout filter of Nil UUID as the boot loader code already filters out Nil UUIDs (see src/sys/boot/i386/libi386/smbios.c:smbios_setuuid for details) 2007-05-22 13:53:59 +00:00
Ralf S. Engelschall
dff50af93b Remove the ugly csh(1) based UUID lower-case translation hack from
/etc/rc.d/hostid now that we switched the origin of the UUID (variable
smbios.system.uuid as provided by the i386 BIOS code) to already provide
a standard conforming lower-case UUID text representation.
2007-05-22 10:22:24 +00:00
Ralf S. Engelschall
e3e421bacf Cleanup style by consistently using braces around variable expansion and
apply an addition from Andrew Thompson <thompsa> for filtering out the
special "Nil" UUID (all zeros) which would be a useless host UUID.
2007-05-21 11:57:01 +00:00
Ralf S. Engelschall
3148ce8687 Adjust UUID lower-case translation from straight-forward tr(1)
usage to an equivalent csh(1) usage as tr(1) stays in /usr/bin and
/etc/rc.d/hostid has just the root filesystem (and this way mainly the
tools in /bin) available.

I've chosen csh(1) here as the string manipulation tools available in
/bin is extremely limited and the (only) alternative ed(1) usage would
have been a lot more complicated or even might require a temporary file.
2007-05-21 11:44:13 +00:00
Ralf S. Engelschall
a8698e63bb The standardized textual representation of UUIDs according to RFC 4122
and ISO/IEC-9834-8:2005 is with LOWER-CASE hexadecimal characters only,
so translate the (usually upper-case and this way not conforming)
representation of the BIOS UUID when reading it. Also be more strict
about the valid characters in the textual representation by checking for
just the hexadecimal characters.
2007-05-21 08:22:43 +00:00
Greg Lehey
1c7163a14f Update /etc/protocols with IANA list updated 2007-02-12
Gotcha:  Number 48 (mhrp) is replaced with dsr.

Submitted by:	edwin
PR:		config/112732
MFC after:	2 weeks
2007-05-20 03:55:22 +00:00
Greg Lehey
2dee7077cf White space fixes only: replace spaces with tabs. 2007-05-20 03:41:26 +00:00
Greg Lehey
532e2282f5 Bring the well known ports of /etc/services into sync with the IANA
list.

This is only for the well known known ports (port 1-1023) for tcp and
udp only.

Changes:
- Removed "problems" comments around port 57, 77 and 87
- Removed audionews (port 114)
- Added imap3 (port 220)
- Removed yak-chat (port 258)
- Removed concert (port 786)
- Added a lot of new allocations

Submitted by: edwin
2007-05-20 03:31:52 +00:00
Alexander Kabaev
caea7898ac Add templates for new GCC 4.2 C++ include files hierarchy. 2007-05-19 03:31:39 +00:00
Mike Makonnen
3d03791bb4 o Implement the stop_boot subroutine [1]. This subroutine can be used by
scripts in rc.d to stop rc(8) from booting into multi-user mode when
  a critical or severe error condition is encountered.

o Modify scripts in etc/rc.d that already implemented this functionality
  independently.

o Document it.

[1] - This subroutine was implemented in FreeBSD in rc.d/fsck. I moved it
      to rc.subr(8). Our version differs slightly in that it takes an
      optional argument to stop the boot even if "autoboot" is not set.

Obtained from: NetBSD
MFC after: 2 weeks
2007-05-18 12:04:41 +00:00
Mike Makonnen
9cb24de6ed o Use the --detach option to kdc(8) instead of using the shell
background operator '&'.

  PR: conf/102722

o No need to include $kerberos5_server_flags in $command_args as
  rc.subr(8) will take care of this.
2007-05-17 11:33:08 +00:00
Mike Makonnen
c76ad7642f The precmd routine does not need to check whether the command should be
"forced". If some pre-condition is not met, it should fail as it normally
does and rc.subr(8) will make the appropriate decision. Incidentally, the
previous behaviour had a bug where the "force" flag was respected only
when checking rc.conf(5) knobs. The flag was ignored when verifying the
rpcbind(8) dependency.

MFC after: 2 weeks
2007-05-17 08:57:14 +00:00
Greg Lehey
6a96c8eef4 Add SIP-related ports.
Obtained from:  IANA list of reserved ports.
Reviewed by:	edwin@
2007-05-16 01:02:16 +00:00
Greg Lehey
a234307899 White space tidy-up. 2007-05-16 00:59:31 +00:00
Maxim Konovalov
f629328d0a o Install 480.status-ntpd.
Pointed out by:	Henrik Brix Anders
2007-05-14 17:34:59 +00:00
Maxim Konovalov
c7cc017f3b o Add a script to check ntpd(8) state. Default is off.
PR:		conf/112604
Submitted by:	Oliver Fromme
MFC after:	1 month
2007-05-13 09:33:35 +00:00
Mike Makonnen
e11cc001a9 Move options that do not have anything to do with routing out of
rc.d/routing and in to rc.d/netoptions. Also instead of saying
"TCP options" say "IP options".
2007-05-02 15:49:30 +00:00
Mike Makonnen
47ba326abe When rc.d/NETWORKING included this script in its REQUIRE line, a circular
dependency was introduced because this script had rc.d/localpkg (which is
*after* rc.d/NETWORKING) in its REQUIRE line.

From an examination of its contents it seems that only the availability of
a local filesystem is necessary for this script to function properly.
2007-05-02 15:32:05 +00:00
Pawel Jakub Dawidek
4d739c23fd When zfs dataset has jailed=on property, it won't be mounted with
'zfs mount -a' from the main system - this is by design, as mountpoint
may be set to dangerous value. This all means, that such file system
has to be mounted from within a jail. To make it easier, reorganize
rc.d/zfs script so it can be used from within a jail.
2007-04-22 20:55:08 +00:00
Tom Rhodes
13c100b0d8 Quick kill posix4 directory.
Submitted by:	rodrigc (BSD.include.dist).
2007-04-18 10:16:43 +00:00
Pawel Jakub Dawidek
2c9c9b9f7f When org.freebsd:swap property is set to 'on' on a ZVOL, use is as a swap
device.

Discussed with:	des
2007-04-15 18:07:14 +00:00
Dag-Erling Smørgrav
7c275b458a Remove the shutdown keyword. It just adds noise to the shutdown process. 2007-04-13 18:46:35 +00:00
Pawel Jakub Dawidek
e21f48c40e - Create an empty /etc/zfs/exports file when zfs_enable="YES" and we don't
NFS-share anything. This way we can safely start mountd with
  /etc/zfs/exports and mountd won't complain.

  Pointed out by:	ceri

- Move 'zfs volinit' before 'zfs mount -a' and 'zfs volfini' after
  'zfs unmount -a'.
2007-04-13 11:02:06 +00:00
Pawel Jakub Dawidek
83ad9fd2d5 mountd(8) was changed to only abort when all given exports files cannot be
open, so we not longer has to check if /etc/zfs/exports exists.
2007-04-13 10:29:25 +00:00
Mike Makonnen
e70b852038 o Look for a zfs(1) exports file only if it exists and is readable. If
we don't do this and the file doesn't exist mountd(8) will abort.
o The mountd(8) daemon creates a pidfile, so use it.
2007-04-13 06:42:25 +00:00
Stanislav Sedov
158bb4cb18 - Add IANA-assigned ports for HP status & services daemon and I/O backend
daemon. The FreeBSD port print/hplip currently provides these services.

PR:		conf/99593
Submitted by:	Anish Mistry <amistry@am-productions.biz>
Approved by:	maxim
MFC after:	1 week
2007-04-11 16:02:04 +00:00
Stanislav Sedov
b6a8b26f35 - Add IANA assigned port for amanda server control over tcp. The
current misc/amanda-server code uses it.

PR:		conf/111050
Submitted by:	Charles Sprickman<spork@bway.net>
Approved by:	maxim
MFC after:	1 week
2007-04-11 15:58:36 +00:00
Stanislav Sedov
2b1d8ce08a - Sync service names with IANA (http://www.iana.org/assignments/port-numbers).
The registration names for 5222(tcp,udp) and 5269(tcp,udp) was changed to
  xmpp-client and xmpp-server correspondingly.

  This inconsistency causes problems to applications developed on other
  systems, as they tries to use port numbers from /etc/services as fallback.

PR:		conf/100606
Submitted by:	Ralph Meijer <freebsd-gnats2@ralphm.ik.nu>
Approved by:	maxim
MFC after:	1 week
2007-04-11 13:06:05 +00:00
Pawel Jakub Dawidek
6f7c3bdd63 If available, take UUID from smbios.system.uuid, if not fall back to
software-generated UUID. Store the result in /etc/hostid and use it in
the future. Perform simple UUID format check, as there is a lot of
hardware with broken UUIDs. The check should be improved to also eliminate
fake UUIDs like 00000000-0000-0000-0000-000000000000.

Requested by:	many
2007-04-11 00:05:25 +00:00
Giorgos Keramidas
671901e973 Add a pfsync_syncpeer option to /etc/defaults/rc.conf and rc.conf(5),
which can be used to turn off multicast pfsync support, and enable
the transmission of directed PFSYNC (IP protocol: 240) packets to
a specific "sync peer" host.

PR:		conf/111225
Submitted by:	Bas van Beek <bas@tobin.nl>
Approved by:	mtm, mlaier
MFC after:	2 weeks
2007-04-10 16:42:14 +00:00
Pawel Jakub Dawidek
d5ec19ea68 Add rc.d/hostid script (turned on by default) which on first boot generates
UUID and stores it in /etc/hostid ($hostid_file) as well as sets kern.hostuuid
and kern.hostid sysctls on every boot.

Hostid can be reset using '/etc/rc.d/hostid reset' command.

Hostid generation and setting can be turned off by setting variable
hostid_enable to "NO" in /etc/rc.conf.

Reviewed by:	mlaier, rink, brooks, rwatson
2007-04-09 19:21:27 +00:00
Dag-Erling Smørgrav
680aa4e3b8 Apply "additional TCP options" earlier.
Requested by:	andre@
MFC after:	1 week
2007-04-09 10:09:40 +00:00
Dag-Erling Smørgrav
255d327cc5 FILESYSTEMS requires root, so requiring both of them is redundant. 2007-04-09 08:53:40 +00:00
Dag-Erling Smørgrav
90f6241a0e Add zfs to REQUIRE. 2007-04-09 08:44:50 +00:00
Pawel Jakub Dawidek
f92cb15e7b Move zpool.cache from /etc/zfs/ to /boot/zfs/, so we can keep it on
dedicated /boot/ file system and use ZFS for the root file system.
2007-04-08 23:59:39 +00:00
Pawel Jakub Dawidek
86e97941c4 There can be many reasons of VDEV failures, so log type as well. 2007-04-08 16:05:23 +00:00
Pawel Jakub Dawidek
3fcdc8c362 Provide sample entries to handle ZFS problem reports.
It'd be nice to send them via e-mail...
2007-04-08 15:56:49 +00:00
Pawel Jakub Dawidek
0daa3e3561 Add ZFS periodic scripts that monitors status of ZFS pools.
Submitted by:	des
2007-04-06 02:33:06 +00:00
Pawel Jakub Dawidek
70cb12f264 - Add ZFS startup script.
Submitted by:	des

- When starting mountd(8) and ZFS is enabled, add /etc/zfs/exports file.
- Update rc.conf(5).
2007-04-06 02:27:02 +00:00
Pawel Jakub Dawidek
ceef0c312c Connect ZFS to the build. 2007-04-06 02:13:30 +00:00
Robert Watson
49718b0c43 s/IPFW(4)/ipfw(4) to match the actual man page name.
Submitted by:	ru
2007-04-05 10:44:25 +00:00
Matteo Riondato
f3636019cb Add rpc_statd_flags and rpc_lockd_flags options to allow options to be
passed to rpc.statd and rpc.lockd

MFC after:	1 week
2007-04-04 13:16:18 +00:00
Andrey A. Chernov
f5e39fd4ae Fix typo FILESYSTEM -> FILESYSTEMS
This bug prevents local scripts to start up
2007-04-04 11:11:33 +00:00
Dag-Erling Smørgrav
7bd5b79de4 Add a dummy script, FILESYSTEMS, which depends on root and mountcritlocal
and takes over mountcritlocal's role as the early / late divider.  This
makes it far easier to add rc scripts which need to run early, such as a
startup script for zfs, which is right around the corner.

This change should be a no-op; I have verified that the only change in
rcorder's output is the insertion of FILESYSTEMS immediately after
mountcritlocal.

MFC after:	3 weeks
2007-04-02 22:53:07 +00:00
Mike Makonnen
1b0a8a3e52 Instead of directly sourcing the firewall script, run it in a separate shell.
If the firewall script is sourced directly from the script, then any
exit statements in it will also terminate the rc.d script prematurely.

PR: conf/78762
MFC-After: 2 weeks
2007-04-02 15:38:53 +00:00
Robert Watson
162637bb13 In rc.firewall, make it clear that this is the setup for IPFW(4), and not
for the sundry other firewalls in the system.

MFC after:	3 days
Submitted by:	Richard dot Clayton at cl dot cam dot ac dot uk
2007-04-02 14:02:06 +00:00
Mike Makonnen
0a9b210037 Make subroutine names more conformant with other scripts in rc.d.
MFC After: 2 weeks
2007-03-31 09:03:38 +00:00
Mike Makonnen
624321b5a8 Record rc.d/nfslocking dependency on rc.d/rpcbind.
PR: conf/105465
Submitted By: ru (with minor cosmetic change)
MFC-After: 1 month
2007-03-30 19:08:58 +00:00
Mike Makonnen
cc164aba90 Some rc.d commands (such as stop|restart etc.) won't automagically work
if we don't explicitly set the name of the executable program.

PR: conf/104408
2007-03-30 18:36:45 +00:00
Andrey A. Chernov
78f66a0f21 Oops wrong line commented out in prev fix 2007-03-29 21:44:23 +00:00
Andrey A. Chernov
e8670c2c4e Back out network.subr :- fix and comment out dhc*_fxp0 examples instead
Submitted by:   jhb
2007-03-29 21:42:19 +00:00
Andrey A. Chernov
2395c8cbfc Fix get_if_var() with 3 args (i.e. with default)
All xxx_<ifname> flags are set to empty strings automatically earlier so
eval echo \${${prefix}${_if}${suffix}-${_default}}
not substitute the default but return just the empty string.
Fix it using
eval echo \${${prefix}${_if}${suffix}:-${_default}}
(i.e. treat empty strings as unset)

The bug manifistates itself with the following warning from checkyesno():
/etc/rc.d/dhclient: WARNING: $background_dhclient is not set properly -
see rc.conf(5)
2007-03-29 10:55:33 +00:00
Brooks Davis
3f857d8115 Use "-ne" instead of "!=" for integer comparison. 2007-03-25 23:58:46 +00:00
Mike Makonnen
bcbff0a86f Having gone to the trouble of setting up a variable, we should use it. 2007-03-25 19:45:20 +00:00
Maxime Henrion
fffe34c5a8 Make "/etc/rc.d/syscons start" correctly reload screensaver settings.
The code looks for all the loaded screensaver modules, tries to
kldunload them, and only loads the new one if kldstat's output shows
that there aren't any left.  However, the regexp looking for modules
to unload was still searching according to the the old naming scheme,
splash_<name>.ko, instead of <name>_saver.ko.

MFC after:	3 days
2007-03-12 22:35:43 +00:00
Brooks Davis
0b45d130bf Allow background_fsck_delay to be set to a negative value which delays
the background fsck indefinitely.  This allows the administrator to run
it at a convenient time.  To support running it from cron, the
forcestart argument now causes the fsck to start with no delay and all
output to be suppressed.
2007-03-11 06:53:07 +00:00
Yaroslav Tykhiy
b5af060613 Prepend ${_chroot} to a pathname in a consistent and robust way:
insert a slash between ${_chroot} and the pathname if and only if
${_chroot} is set to a non-empty string.  Now the pathname is very
likely to be absolute, but we shouldn't take that for granted.
2007-03-10 13:37:44 +00:00
Yaroslav Tykhiy
15240ba819 As suggested more than once in the lists, drop -M from flags to mfs
for /tmp and /var.  This makes the memory discs swap-backed instead
of malloc-backed.  A swap-backed memory disc should not be worse
than a malloc-backed one in any scenario because it will start
touching swap only when needed.  OTOH, a malloc-backed disc can
starve limited kernel resources and evenually crash the system.

Reflect the change in the rc.conf(5) manpage.  Also stop telling
lies there about softupdates: it does not waste disc space, it
just can delay its freeing.

Suggested by:	many
PR:		kern/87255
MFC after:	1 week
2007-03-06 13:13:53 +00:00
Nate Lawson
4fce38ec78 Get rid of chatter for failed commands if the filesystem is read-only.
Include /var/db/entropy-file in the reseeding if present.  It is used for
last-ditch efforts to save entropy and thus should also be used to seed
the RNG when starting.  Print a warning instead of an error if writing the
file fails -- err() exits, preventing the umask from being restored.
Also, since there's not much that can be done about it, notifying the user
is all that's needed.

MFC after:	2 weeks
2007-03-03 06:39:06 +00:00
Hajimu UMEMOTO
d7f16299fc Turn default address selection on by default. Now, when
ipv6_enable="NO", an IPv4 address is preferred for a
destination address.

MFC after:	1 month
2007-03-03 06:36:32 +00:00
Brooks Davis
a9e1dd9098 Use get_if_var() to retrieve interface specific values of dhclient_flags
and background_dhclient.  This allows interfaces who's names are not
valid parts of shell variables and shortens the code.

MFC after:	1 week
2007-03-02 20:48:35 +00:00
Florent Thoumie
d08ec00718 - Add missing subdirectories in BSD.usr.dist mtree file.
- Update hier(7) to reflect latest changes in mtree file.
- Add UPDATING entry following Intel firmwares inclusion.

Submitted by:	mlaier
MFC after:	1 month
2007-03-02 14:56:15 +00:00
Florent Thoumie
7bd6fde395 - Add Intel firmwares for Intel PRO/Wireless LAN 2100/2200/2915 cards in a
uuencoded format along with their respective LICENSE files.
- Add new share/doc/legal directory to BSD.usr.dist mtree file. This is the
place we install LICENSE files for restricted firmwares.
- Teach firmware(9) and kmod.mk about licensed firmwares. Restricted firmwares
won't load properly unless legal.<name>.license_ack is set to 1, either
via kenv(1) or /boot/loader.conf.

Reviewed by:	mlaier, sam
Permitted by:	Intel (via Andrew Wilson)
MFC after:	1 month
2007-03-02 11:42:56 +00:00
Matt Jacob
e770bc6bf5 First cut at GEOM based multipath. This is an active/passive{/passive...}
arrangement that has no intrinsic internal knowledge of whether devices
it is given are truly multipath devices. As such, this is a simplistic
approach, but still a useful one.

The basic approach is to (at present- this will change soon) use camcontrol
to find likely identical devices and and label the trailing sector of the
first one. This label contains both a full UUID and a name. The name is
what is presented in /dev/multipath, but the UUID is used as a true
distinguishor at g_taste time, thus making sure we don't have chaos
on a shared SAN where everyone names their data multipath as "Fred".

The first of N identical devices (and N *may* be 1!) becomes the active
path until a BIO request is failed with EIO or ENXIO. When this occurs,
the active disk is ripped away and the next in a list is picked to
(retry and) continue with.

During g_taste events new disks that meet the match criteria for existing
multipath geoms get added to the tail end of the list.

Thus, this active/passive setup actually does work for devices which
go away and come back, as do (now) mpt(4) and isp(4) SAN based disks.

There is still a lot to do to improve this- like about 5 of the 12
recommendations I've received about it,  but it's been functional enough
for a while that it deserves a broader test base.

Reviewed by: pjd
Sponsored by: IronPort Systems
MFC: 2 months
2007-02-27 04:01:58 +00:00
Remko Lodder
217d9e4862 Only match on log messages containing fail,invalid,
bad or illegal. This prevents matching on systems that
have a name that matches the query.

PR:		conf/107560
Submitted by:	Christian Laursen <cfsl at pil dot dk>
MFC after:	3 days
Approved by:	imp (mentor)
2007-02-23 21:42:54 +00:00
Remko Lodder
4ee46876eb Move to the preferred syntax for nice (-n) instead
of the depricated one.

PR:		conf/108611
Submitted by:	TAOKA Fumiyoshi <fmysh at iijmio-mail dot jp>
Approved by:	imp (mentor)
2007-02-23 18:44:20 +00:00
Warner Losh
1a5f5dc097 fix comment about what pnpinfo is set 2007-02-15 16:38:10 +00:00
Yaroslav Tykhiy
d798671ba8 pkill(1) and pgrep(1) have been moved to /bin so that they are
available to rc.d scripts early in the boot sequence.
2007-02-15 06:51:31 +00:00
Yaroslav Tykhiy
5f9af361f4 Don't be paranoid about hostname(1) and order the things logically.
Pointed out by:	ceri
2007-02-15 06:46:33 +00:00
Yaroslav Tykhiy
01b777f4cb Don't nag about unset $hostname if DHCP is in use.
Pointed out by:	ceri
2007-02-15 06:42:42 +00:00
Joerg Wunsch
0411582e87 Add some entries to log unknown devices, based on the bus they appear
on.

Some things appear to be completely missing though, like the USB vendor
and product strings.
2007-02-14 08:13:54 +00:00
Yaroslav Tykhiy
aad85353cc Handle the case when the admin forgot to set $hostname,
which can happen in new installations: advise to set the
variable and refer to rc.conf(5).
2007-02-10 13:13:32 +00:00
Florent Thoumie
2d69b43eb2 Add support for EtherChannel configuration to rc startup scripts.
Note: This also deprecates "NO" as a way to specify an empty list of
interfaces for gif_interfaces.

PR:		conf/104884
Submitted by:	nork
Harassed by:	brd
Discussed with:	brooks, dougb
2007-02-09 12:11:27 +00:00
John Polstra
bd4dbd7879 Use egrep instead of grep so that reporting of login failures (broken
by revision 1.6) works again.  This fix is already in RELENG_6, but was
never committed to HEAD.
2007-02-05 16:36:25 +00:00
Marcel Moolenaar
d62866b236 o Remove screen, created by the unnecessary ofw_console(4)
o  Remove ttyyX, created by the obsolete zs(4)
o  Replace ttydX by ttyuX, which is created by uart(4)
o  Enable ttyu0 as a console to better support the xserve.

MFC after: 1 week
2007-01-26 06:22:34 +00:00
Mike Pritchard
a0072eda86 Add the following knobs for quotas if they are enabled:
quotaon_flags - flags for the quotaon command
quotaoff_flags - flags for the quotaoff command
quotacheck_flags - flags for the quotacheck command
2007-01-20 04:24:20 +00:00
Simon L. B. Nielsen
26d67ea70f Fix jail rc.d script privilege escalation via symlink attack against
/var/log/console.log and mount points.

Security:	FreeBSD-SA-07:01.jail
2007-01-11 18:18:57 +00:00
Nate Lawson
907b6777c1 Re-work Cx handling to be per-cpu and asymmetrical, fixing support on
modern dual-core systems as well.

- Parse the _CST packages for each cpu and track all the states individually,
on a per-cpu basis.

- Revert to generic FADT/P_BLK based Cx control if the _CST package
is not present on all cpus. In that case, the new driver will
still support per-cpu Cx state handling. The driver will determine the
highest Cx level that can be supported by all the cpus and configure the
available Cx state based on that.

- Fixed the case where multiple cpus in the system share the same
registers for Cx state handling. To do that, added a new flag
parameter to the acpi_PkgGas and acpi_bus_alloc_gas functions that
enable the caller to add the RF_SHAREABLE flag.  This flag could also be
useful to other callers (acpi_throttle?) in the tree but this change is
not yet made.

- For Core Duo cpus, both cores seems to be taken out of C3 state when
any one of the cores need to transition out. This broke the short sleep
detection logic.  It is disabled now if there is more than one cpu in
the system for now as it fixed it in my case.  This quirk may need to
be re-enabled later differently.

- Added support to control cx_lowest on a per-cpu basis. There is still
a generic cx_lowest to enable changing cx_lowest for all cpus with a single
sysctl and for ease of use.  Sample output for the new sysctl:

dev.cpu.0.cx_supported: C1/1 C2/1 C3/57
dev.cpu.0.cx_lowest: C3
dev.cpu.0.cx_usage: 0.00% 43.16% 56.83%
dev.cpu.1.cx_supported: C1/1 C2/1 C3/57
dev.cpu.1.cx_lowest: C3
dev.cpu.1.cx_usage: 0.00% 45.65% 54.34%
hw.acpi.cpu.cx_lowest: C3

This work was done by Stephane E. Potvin with some simple reworking by
myself.  Thank you.

Submitted by:	Stephane E. Potvin <sepotvin / videotron.ca>
MFC after:	2 weeks
2007-01-07 21:53:42 +00:00
Florent Thoumie
eacc7cde7d Jail_ip and jail_interface local variables were renamed to _ip and _interface
in a previous commit to avoid namespace collisions, unfortunately I missed two
of them. This leads to the ip alias being incorrectly removed in some cases
when using the stop command.

Reported by:	Philipp Wuensche <cryx-freebsd@h3q.com>
2007-01-02 11:07:13 +00:00
Maxim Konovalov
65e1af96f6 o Fix a comment: refer to the write community name by the OID not by
the line number which is incorrect now and probably will shift in future.
2006-12-31 11:19:48 +00:00
Yaroslav Tykhiy
c7be7e20f6 Allow for /usr/bin/env when parsing the shebang line from an
interpreted $command.  Some "portable" sofware packages use such a
line to skip the task of figuring out the absolute pathname of the
interpreter at install time, e.g.:

	#!/usr/bin/env python

It is insecure, but a popular book on Python seems to have advised
it to a wide audience.  Hence a number of such scripts in the ports,
mostly written in Python.

PR:		bin/100287
MFC after:	1 week
2006-12-31 11:07:29 +00:00
Yaroslav Tykhiy
0c30639059 Use $required_modules wherever suitable. Use load_kld() in special
cases.  So we get rid of quite a few lines of duplicated code.
2006-12-31 10:37:18 +00:00
Yaroslav Tykhiy
619a36fa66 Fix a typo in a warning message. 2006-12-31 10:12:53 +00:00
Yaroslav Tykhiy
45da9952e5 Eliminate global symbols starting with an underscore from rc.d
scripts, except for mdconfig* and jail.  Such symbols are reserved
for the rc.subr internals.  Most scripts can be fixed by just
declaring _foo symbols as local: few scripts actually need them to
be global.

Discussed with:	dougb in freebsd-rc
2006-12-30 22:53:20 +00:00
Paolo Pisati
ff2f6fe80f Summer of Code 2005: improve libalias - part 2 of 2
With the second (and last) part of my previous Summer of Code work, we get:

-ipfw's in kernel nat

-redirect_* and LSNAT support

General information about nat syntax and some examples are available
in the ipfw (8) man page. The redirect and LSNAT syntax are identical
to natd, so please refer to natd (8) man page.

To enable in kernel nat in rc.conf, two options were added:

o firewall_nat_enable: equivalent to natd_enable

o firewall_nat_interface: equivalent to natd_interface

Remember to set net.inet.ip.fw.one_pass to 0, if you want the packet
to continue being checked by the firewall ruleset after being
(de)aliased.

NOTA BENE: due to some problems with libalias architecture, in kernel
nat won't work with TSO enabled nic, thus you have to disable TSO via
ifconfig (ifconfig foo0 -tso).

Approved by: glebius (mentor)
2006-12-29 21:59:17 +00:00
Hiroki Sato
fc61bfebd0 Add "nojail" keyword to prevent spurious error messages.
Spotted by:	Keve Nagy
PR:		conf/107083
2006-12-29 15:56:21 +00:00
Yaroslav Tykhiy
c89572720c MFp4:
Implement the checks for required_* objects as two functions, one
to be run before precmd and the other after it.  They get the current
rc command as an argument so they can choose what requirement tests
to perform.  As of now, only "start" needs such tests.

Implement a new requirement variable, required_modules.  It can
list kernel modules that need to be loaded after start_precmd
indicated success.  Each name in the list can be just "file", or
"file:module", or "file~regex".  This will allow us to remove a lot
of duplicated code from rc.d scripts.

Perform the checks not only for the default start method, but for
any method.  This allows for more flexibility and fixes a few rc.d
scripts (namely newsyslog, pf, sendmail) that rely on a required_*
variable while providing a non-default start method.

To be able to call the new check_required* functions naturally,
remove lots of crufty duplicated code pieces from run_rc_command
and replace each of them by a call to the helper function providing
a single corrected instance of the respective code snippet.  Now
run_rc_command isn't as scary as it used to be, and it even appears
to have quite a nice logic that was obscured by the old crufty code.

In the default handler for restart, run start from a subshell to
protect global varibles, e.g., _postcmd, from modification by the
start handler.  This enables using restart_postcmd. [x]

PR:		conf/98734 [x]
Submitted by:	Rick van der Zwet <rick@wzoeterwoude.net> [x]
Reviewed by:	freebsd-rc (silence for an older version)
MFC after:	1 month
2006-12-27 13:15:33 +00:00
Shteryana Shopova
fd0e516eda Add a (disabled) configuration line to enable snmp_bridge(3) module.
Approved by:	bz (mentor)
2006-12-20 22:10:34 +00:00
Yaroslav Tykhiy
a9e42d31b7 Syscons cannot be stopped, so provide a no-op stop method.
The default stop method from rc.subr isn't suited for this
case and produces a bogus warning: "syscons not running".

Suggested by:	matteo
2006-12-20 12:59:50 +00:00
Yaroslav Tykhiy
51f1dbba96 Improve rc.d conformance:
- don't play a needless trick with prestart, just use start method;
- provide no-op stop method so that we don't get bogus "abi not running" error.
2006-12-20 11:37:15 +00:00
Hiroki Sato
2c615e1a64 Disable IPv6 configuration for interfaces in pccard_ether_start().
After a change of devd.conf, devd(8) handles NIC attach/detach event
by using /etc/pccard_ether with the interface name as the argument.
This model does not work properly with IPv6 configuration because the
implementation of IPv6 stateless auto-configuration in the FreeBSD
rc.d scripts depends on whether there are any explicit configurations
for interfaces or not.  It works this way: if no manual configuration,
it will perform auto-configuration, but otherwise no
auto-configuration will be performed.  So, this behavior can only be
determined by all of the interfaces on a system, not a single one.
For this reason, the network6_interface_setup() function called from
the pccard_ether_start() does not work with a single interface name.
And what is worse, this combination of devd.conf and
pccard_ether_start() caused a bad side-effect that when
ipv6_enable=YES, all of interfaces marked as DOWN would be UP
unconditionally (and router solicitation was sent) just after devd(8)
was invoked.  This should be fixed in a more sophisticated way.
2006-12-08 15:48:42 +00:00
Hiroki Sato
6027060830 Add a link-local address to the lo0 even when ipv6_enable="NO".
A kernel with INET6 always has ::1 on lo0, so in the case of
ipv6_enable="NO" the lo0 can have ::1 with no link-local address.
This is a violation of the IPv6 specification.  As a workaround for
this situation, fe80::1 is added in rc.d/auto_linklocal when lo0 has
no link-local address.  This should not be harmful for IPv4-only users.
2006-12-08 06:34:06 +00:00
Ruslan Ermilov
6b45faf0a4 Move npe.4 to a machine specific manpage subdirectory. 2006-12-05 16:57:10 +00:00
Luigi Rizzo
9b96fa2da3 - put some common code in a function handle_remount();
- add better checks on non-existing directories to prevent error
  messages at run time;
- introduce a function log() to help debugging diskless booting
  when things don't work;
- modify the parsing of diskless_remount so you can add mount_nfs
  options after the pathname. You could use 'remount' to do something
  similar, but this way is more convenient because you don't have to
  hardwire the server name in the command.
- document the above.

I have been running the above in a diskless lab since february on RELENG_6.

MFC after: 1 week
2006-12-03 23:50:29 +00:00
Florent Thoumie
80301cdc8e Teach find_processes() to use ${name}_chroot.
Obtained from:	NetBSD
X-MFC after:	6.2-RELEASE
2006-11-26 22:02:09 +00:00
Florent Thoumie
e1ad9834a0 Remove leading dollar sign in rcvar command output.
There's no dollar use in variable assignment in sh.
Assuming this is can be expected behavior for some
people, this change won't be MFC'ed to RELENG_6.

Discussed with:	yar on -rc
2006-11-26 19:03:19 +00:00
Andrey A. Chernov
bcb0669391 Back out 1.120, it was premature. 2006-11-12 12:02:34 +00:00
Dag-Erling Smørgrav
bb43b6d5b6 Back out 1.122, it was poorly thought out. 2006-11-11 23:26:08 +00:00
Dag-Erling Smørgrav
d898531a74 Back out 1.121, it was premature. 2006-11-11 22:23:49 +00:00
Ceri Davies
8495277664 Ensure that the load of rules into the alternate ruleset worked before
loading them into the live one too.

PR:		conf/97311
Submitted by:	David Bushong
Reviewed by:	silence on rc@
Approved by:	ru (mentor)
MFC after:	10 days
2006-11-11 10:48:34 +00:00
Dag-Erling Smørgrav
330cdc3318 Add share/xsl.
MFC after:	1 week
2006-11-10 22:57:39 +00:00
Dag-Erling Smørgrav
a05bf06920 Add locales for nb_NO and nn_NO.
Reviewed by:	philip
2006-11-09 18:10:34 +00:00
Robert Watson
850cb5f8db Add auditd_program variable to defaults, in order to make it more clear
how to change the auditd instance.  When using a port/package-based
OpenBSM, changing the auditd pointer may be desirable.

Obtained from:	TrustedBSD Project
MFC after:	3 weeks
2006-11-06 15:11:24 +00:00
David E. O'Brien
821cd5328a Switch default proto to TCP. 2006-11-06 01:42:11 +00:00
Pawel Jakub Dawidek
f348204c94 Hook up gjournal bits to the build.
Sponsored by:	home.pl
2006-10-31 22:22:30 +00:00
Hartmut Brandt
57a8709500 Bind to INADDR_ANY in the default configuration. This makes bsnmpd(1)
automatically work on multi-homed hosts and without explicite specification
of the hostname in the config file.

Submitted by:	jmg
2006-10-31 10:23:28 +00:00
Max Laier
51769ee611 Do not try to rtsol on pflog or pfsync devices. 2006-10-29 13:29:49 +00:00
Poul-Henning Kamp
891cf3ad81 Give rc.firewall a polish and a new method.
Factor out the loopback setup

Use "me" instead of hardcoded $ip where possible.

Add "workstation" which protects just this machine with stateful
    firewalling.  Put the variables for this in rc.conf.

Submitted by:	Flemming Jacobsen <fj@batmule.dk>
Reviewed by:	cperciva
2006-10-28 20:08:12 +00:00
Tai-hwa Liang
7e75ef1374 Re-sync'ing pf rules in post command as we already did for ipfilter.
With this patch, pf rules with dynamically created devices such like tun0
works without further intervention.

Reviewed by:	mlaier
MFC after:	3 days
2006-10-26 00:29:43 +00:00
Xin LI
fc4958a7b2 Synchronize pf.os with OpenBSD.
Obtained from:	OpenBSD
MFC After:	3 days
Approved by:	mlaier (maintainer)
2006-10-23 05:09:44 +00:00
Hiroki Sato
e7bf82055f Suppress a spurious warning message when a kernel without INET6 is
used.

Spotted by:	ru
Reviewed by:	ume
MFC after:	3 days
2006-10-22 17:21:03 +00:00
Florent Thoumie
8dcd83aa8f Add 'reload' to the list of available commands for the amd rc.d script.
PR:		conf/104507
Submitted by:	Douglas K. Rand <rand@meridian-enviro.com>
MFC after:	3 days
2006-10-18 15:56:11 +00:00
Yaroslav Tykhiy
7d0ed28d3b Improve cleartmp in a number of aspects:
+ Use rc.subr(8) features properly.
+ Do the whole job of obliterating /tmp contents in find(1).
+ Leave lost+found and quota.{user,group} in /tmp only if root-owned.
+ Make the overall structure clearer by first removing the X dirs
  (perhaps along with the rest of /tmp) and then re-creating them.
+ Use "find -exec rm -rf {} +" for efficiency: each rm instance gets
  a chance to kill as much files in /tmp as ARG_MAX permits.

PR:		bin/104044
Submitted by:	Andrey Simonenko <see PR for email>
Hacked by:	yar
MFC after:	1 month
2006-10-16 13:01:45 +00:00
Ceri Davies
d7862beb32 Add idmapd_flags to defaults/rc.conf.
Document it and idmapd_enable.
2006-10-15 15:55:00 +00:00
Ceri Davies
715e675c5f RC script for idmapd(8), defaulting to off. 2006-10-15 14:19:06 +00:00
Ruslan Ermilov
c263eae028 Replace duplicate and not quite accurate capabilities
description with a reference to the disktab(5) manpage.

PR:		doc/48105
2006-10-14 16:39:03 +00:00
Hajimu UMEMOTO
f5c04409eb Revert the default value of net.inet6.ip6.auto_linklocal to 1.
If ipv6_enable is not set to "YES", net.inet6.ip6.auto_linklocal
is turned to 0 at boot.

Discussed with:	re@, gnn@
MFC after:	3 days
2006-10-13 12:41:36 +00:00
Paolo Pisati
bb894bc9e6 Fix a regression: let natd load libalias modules before /usr is mounted
renaming /lib/libalias_*.so.4 to /lib/libalias_*.so.

Approved by: glebius
Reviewed by: glebius, ru
2006-10-08 14:02:00 +00:00
Hajimu UMEMOTO
639b2c8e5a Restore the behavior that net.inet6.ip6.auto_linklocal=0 could
be coexist with ipv6_enable="YES".

MFC after:	3 days
2006-10-07 15:45:56 +00:00
Florent Thoumie
2440a169c5 Introduce mixer_enable (default: YES).
PR:		conf/101268
Submitted by:	Eugene Grosbein <eugen@grosbein.pp.ru>
Approved by:	cperciva (mentor)
X-MFC after:	6.2-RELEASE
Sponsored by:	FreeBSD Test-Bugathon
2006-10-06 23:22:13 +00:00
Ruslan Ermilov
04c7da702f A GEOM cache can speed up read performance by sending fixed size
read requests to its consumer.  It has been developed to address
the problem of a horrible read performance of a 64k blocksize FS
residing on a RAID3 array with 8 data components, where a single
disk component would only get 8k read requests, thus effectively
killing disk performance under high load.  Documentation will be
provided later.  I'd like to thank Vsevolod Lobko for his bright
ideas, and Pawel Jakub Dawidek for helping me fix the nasty bug.
2006-10-06 08:27:07 +00:00
Brooks Davis
12d828393a Pull in /etc/rc.conf.d/network so that ifconfig_<if> variables can be
set there.  This is required for consistency with /etc/rc.d/netif.

PR:		conf/103893
Submitted by:	Nick Hibma <nick at anywi.com>
MFC after:	3 days
2006-10-02 18:50:58 +00:00
George V. Neville-Neil
90ce6fa1c8 Turn off automatic link local address if ipv6_enable is not set to YES
in rc.conf

Reviewed by:    KAME core team, cperciva
MFC after:      3 days
2006-10-02 10:13:30 +00:00
Yaroslav Tykhiy
4af42c2cb1 debug() shouldn't misidentify itself to logger(1).
Noticed by:	David Thompson <dat1965 yahoo com>
2006-10-02 08:20:37 +00:00
Andrey A. Chernov
8a7dcaf4f9 Add mn_MN.UTF-8 2006-10-02 00:23:14 +00:00
Ruslan Ermilov
ebfbcb8bec Create section 8 man subdirectories for PowerPC. 2006-09-30 09:02:38 +00:00
Bruce M Simpson
2d20d32344 Push removal of mrouted down to the rest of the tree. 2006-09-29 15:45:11 +00:00
Paolo Pisati
be4f3cd0d9 Summer of Code 2005: improve libalias - part 1 of 2
With the first part of my previous Summer of Code work, we get:

-made libalias modular:

 -support for 'particular' protocols (like ftp/irc/etcetc) is no more
  hardcoded inside libalias, but it's available through external
  modules loadable at runtime

 -modules are available both in kernel (/boot/kernel/alias_*.ko) and
  user land (/lib/libalias_*)

 -protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
  skinny and smedia

-added logging support for kernel side

-cleanup

After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.

During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.

User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.

The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).

General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.

NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.

Approved by: glebius
Reviewed by: glebius, ru
2006-09-26 23:26:53 +00:00
Robert Watson
9b2b93002d Sleep for one second after calling audit -t to give the audit daemon a
chance to actually terminate the audit service and exit.  Otherwise, on
an rc.d/auditd restart, the new audit daemon instance may try to start
auditing while the previous session is still running.  Likewise, this
ensures a chance for auditd to terminate the audit trail at system
shutdown.

Perhaps more ideally, the script would wait synchronously for auditd to
exit rather than for an arbitrary but short period of time.

MFC after:	3 days
Obtained from:	TrustedBSD Project
2006-09-24 17:31:04 +00:00
Brooks Davis
cf81114dc4 network_ipv6 also does some interface configuration so require it to run
before starting devd so they don't trip over each other.

PR:		conf/103428
2006-09-21 14:29:32 +00:00
Brooks Davis
6da9aa1452 Introduce a new method ipv6if which attemptes to figure out if an
interface is an IPv6 interface.

Use this method to decide if we should attempt to configure an interface
with an IPv6 address in pccard_ether.  The mechanism pccard_ether uses
to do this is unsuited to the task because it assumes the list of
interfaces it is passed is the full list of IPv6 interfaces and makes
decissions based on that.  This is at least a step in the right
direction and is probably about as much as we can MFC safely.

PR:		conf/103428
MFC after:	3 days
2006-09-21 01:44:52 +00:00
Brooks Davis
cea6851cd0 Flushing all IPv4 routes when an interface is removed or unconfigured
makes no sense.  Remove the undocumented removable_route_flush feature
from pccard_ether.

X-MFC after:	never
2006-09-20 19:48:31 +00:00
Brooks Davis
0e409e4b42 Search the list of up interfaces provided by "ifconfig -ul" instead of
greping for UP in "ifconfig $ifn".  This eliminates a dependancy on
/usr.
2006-09-20 19:45:30 +00:00
Maksim Yevmenkin
e6c8f242ae Add bthidd(8) rc(8) script
MFC after:	1 month
2006-09-07 22:25:08 +00:00
Maksim Yevmenkin
1cda541cf5 Prepare for upcoming bthidd(8) update. Install vkbd(4) header into dev/vkbd.
MFC after:	1 month
2006-09-07 18:24:24 +00:00
Marcel Moolenaar
d3867f934d Unbreak PowerPC build after addition of powermac_nvram(4powerpc). 2006-09-02 20:58:37 +00:00
Brooks Davis
401bae3d6b - Document /conf/diskless_remount in the list of special files.
- Note that diskless_remount files may use ".." to support mounts above
  the root path.
- Copy dot files when populating directories from /conf. [1]

PR:		misc/102724 [1]
Submitted by:	Attila Nagy <bra at fsn.hu> [1]
2006-09-01 16:33:15 +00:00
Ruslan Ermilov
2752b41267 Kill the default phone numbers.
Obtained from:	OpenBSD
2006-08-31 21:13:12 +00:00
David E. O'Brien
aec047da48 Re-add lukemftpd. It has: PAM, MAC, per-class nologin files,
login.conf resource limits and features.
2006-08-31 17:15:10 +00:00
Colin Percival
48ffe56ac5 Add FreeBSD Update 2.0 client code. The build code is in the projects
repository.

Sponsored by:	FreeBSD security development fundraiser
2006-08-31 09:51:34 +00:00
Ruslan Ermilov
98374c9c79 Comment out lines that use example addresses and example.com names so
that local changes can be made more easily (without having to comment
these lines, and making the diff more readable).
2006-08-29 09:20:48 +00:00
Ruslan Ermilov
ca7f20f57f The kvm_mkdb(8) is long dead. 2006-08-29 08:49:58 +00:00
Colin Percival
1dcb6ad173 When stopping powerd, set the CPU frequency back to its maximum value
(i.e., what it was almost certainly at before powerd was started).

Submitted by:	R.B. Riddick
MFC after:	3 days
2006-08-27 11:04:39 +00:00
Doug Barton
40972c762e Use ports INDEX-7 instead of INDEX-6
Submitted by:	Niclas Zeising <lothrandil@n00b.apagnu.se>
2006-08-27 08:12:53 +00:00
Tom Rhodes
b5aea37f80 Add login.conf checking to periodic security scripts. If the login.conf file
is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.

Head nod:	ru, rwatson
2006-08-25 07:34:36 +00:00
Tom Rhodes
c24e5339e5 Send more Alpha bits to the bin. 2006-08-25 00:36:59 +00:00
Ruslan Ermilov
fb7e6ed3e6 Fix example:
/conf/base/diskless_remount -> /conf/base/etc/diskless_remount

MFC after:	3 days
2006-08-22 16:21:16 +00:00
Florent Thoumie
1ff6181777 - Add ypserv to the REQUIRE list.
Reported by:	David Thompson <dat1965@yahoo.com>
Discussed on:	-rc (brooks)
Approved by:	cperciva (mentor, implicit)
MFC after:	3 days
2006-08-22 14:58:23 +00:00
Florent Thoumie
3081bf98bf Backout this commit since it breaks startup and some scripts in
certain conditions. I haven't been able to find a better solution yet:

    - Set a two read-only variables (${prefix} and ${etcdir}). This is
    especially useful when using /etc/rc.d scripts with third-party
    software installed from ports.
    - Fix rc.d/sshd to work with openssh from ports using ${etcdir}
    instead of hardcoded /etc.
    - Reflect prefix/etcdir changes in rc.subr.8.

        src/etc/rc.d/sshd: rev 1.9 -> 1.10
        src/etc/rc.subr: rev 1.51 -> 1.52
        src/share/man/man8/rc.subr.8: rev 1.11 -> 1.12

Approved by:	cperciva (mentor)
2006-08-22 11:17:29 +00:00
Florent Thoumie
94733fef16 - Remove ramdisk rc.d scripts since they've been replaced by mdconfig{,2}.
- Update ObsoleteFiles.inc.

Approved by:	cperciva (mentor)
2006-08-22 11:12:09 +00:00
Brooks Davis
fed4d6b394 Don't try to start interfaces that don't exist.
Reported by:    Dominique Goncalves <dominique.goncalves at gmail.com>
2006-08-18 13:19:45 +00:00
Yaroslav Tykhiy
7293852835 Eliminate header line(s) from ps(1) output instead of skipping over them. 2006-08-18 13:07:38 +00:00
Yaroslav Tykhiy
a9a6b38f96 The ps(1) command is unfriendly to scripts by default because
it limits the width of its output to the value of $COLUMNS, or
what TIOCGWINSZ reports, or 79 columns.  We should specify -ww
to ps(1) so that it removes the limit and prints lines in full.
Otherwise very long command pathnames could be mishandled, e.g.,
by _find_processes().

MFC after:	1 week
2006-08-18 12:10:18 +00:00
Brian Somers
02e079a2c3 Make it a little clearer that interface-specific flags aren't additional
to specified dhclient flags.

Mention background_dhclient_iface.

Suggested by: ru
2006-08-17 20:13:24 +00:00
Brian Somers
5f9d14bd5f Add a missing quote
Spotted by: ru
2006-08-17 19:57:10 +00:00
Brian Somers
9341e8dd88 Add a -p switch to dhclient. The switch tells dhclient to persist
despite the interface link status.

Add dhclient_flags_iface and background_dhclient_iface rc.conf options.
(where iface is a specific interface).  These can be used to give
interface specific flags to dhclient.

Reviewed by:	brooks@
2006-08-17 17:12:27 +00:00
Yaroslav Tykhiy
ae44d27bfd Allow for setting negative priority (niceness) when $foo_user is non-root.
The order in _doit must be "nice su", not "su nice", for that.
In addition, don't ignore the exit status from "cd $foo_chdir".

Reviewed by:	freebsd-rc (silence)
MFC after:	1 week
2006-08-17 08:04:20 +00:00
Brooks Davis
4e7ff69a4c Introduce a new function, ifexists and use it to avoid attempting to
touch interfaces that don't actually exist in the stop case.  In the
process move some IPv4 specific code from ifconfig_down to ipv4_down.

This should solve problems with ifconfig: error messages on boot when
interfaces are renamed.
2006-08-17 03:03:38 +00:00
Brooks Davis
0d1fe37a04 Set removable_route_flush to NO be default. It's clearly the wrong
thing to do in most (all?) cases and certainly should not be the default
now that we're running pccard_ether on all interface creates and
destroys.

MFC after:	3 days
2006-08-16 17:14:52 +00:00
Nate Lawson
d7df8235b0 Back out 1.272. The LAPIC timer conflicts with C2/3 on various systems,
and so users get hangs until interrupts are generated another way.  We'll
have to find a way to make the 2 work together before re-enabling this by
default.
2006-08-05 20:28:50 +00:00
Dag-Erling Smørgrav
7f113673df Forgot to add mountlate to the Makefile. 2006-08-04 18:37:03 +00:00
John Birrell
f955a17eed Not allowed to use tabs. The rule that proves the rule. Heh. 2006-08-03 05:44:51 +00:00
John Birrell
3e6a93dd95 Alphabetical order is probably better. 2006-08-03 03:30:53 +00:00
John Birrell
3a3c4c86a8 Add the library directory where DTrace library scripts live. 2006-08-03 03:28:03 +00:00
Marcel Moolenaar
2765132216 Remove remnants of Alpha. 2006-08-02 17:22:30 +00:00
Maxim Sobolev
e5d34218fb Add device to access and modify Open Firmware NVRAM settings in
PowerPC-based Apple's machines and small utility to do it from
userland modelled after the similar utility in Darwin/OSX.

Only tested on 1.25GHz G4 Mac Mini.

MFC after:	1 month
2006-08-01 22:19:01 +00:00
Stephen McKay
55fd436b5f This script should probably have an enabling variable since it can produce
surprising results.  For now, at least make it safe to boot the default
kernel when /boot/kernel is already a symlink.
2006-07-30 12:54:37 +00:00
Simon L. B. Nielsen
31c9ecbf46 Add /usr/lib/engines for OpenSSL engines. 2006-07-29 19:47:09 +00:00
Yaroslav Tykhiy
d1b4fdece5 Back out rev. 1.63. It was a poor idea because
test(1) is built in sh(1) and it always evaluates
both sides of -a or -o, unlike && or || in sh(1).

Requested by:	dougb
2006-07-26 08:03:24 +00:00
Yaroslav Tykhiy
e8a49a350c De-uglify messages from the ipfw script. 2006-07-25 17:28:18 +00:00
Yaroslav Tykhiy
53ec689458 Use more rc.subr(8) features.
Skip useless work when ${natd_interface} is unset.
Double quote user-supplied vars unless there is a reason not to.
2006-07-25 17:25:44 +00:00
Yaroslav Tykhiy
58138bc77d Avoid extra runs of test(1) by using its built-in logical operations. 2006-07-25 17:20:22 +00:00
Pawel Jakub Dawidek
77ed5b08c5 Don't load geom_md.ko if there is no need to. 2006-07-25 17:19:00 +00:00
Yaroslav Tykhiy
ed1f20ba5c Sync comments around _doit with the code. 2006-07-25 17:16:48 +00:00
Yaroslav Tykhiy
417ae47d51 We notify of failures with err or warn.
Messages should end in full stop unless
that can lead to confusion.
2006-07-25 17:14:38 +00:00
Yaroslav Tykhiy
e59cb1e6d4 Add diagnostics to load_kld(). 2006-07-25 17:10:35 +00:00
Yaroslav Tykhiy
9f8b57f078 Since Alpha support isn't in HEAD anymore, remove Alpha-specific
rc.conf(5) knobs, too: osf1_enable, unaligned_print.
2006-07-21 15:55:18 +00:00
Florent Thoumie
ca3a4056ad - Remove hardcoded /etc/ntp.conf configuration file from ntpdate rc.d script
and replace it with a new ntpdate_config variable.
- Document it in defaults/rc.conf and rc.conf.5.
- Document ntpdate_hosts in defaults/rc.conf.

Requested by:	Chris Timmons <cwt@networks.cwu.edu>
Approved by:	cperciva (mentor, implicit)
MFC after:	1 week
2006-07-20 10:07:34 +00:00
Dag-Erling Smørgrav
4b4f91707c Teach mount(8) about a 'late' keyword, which means the file system should
not be mounted unless the -l flag was specified.

Add an rc script, mountlate, which basically runs 'mount -a -l'.  It runs
after DAEMON but before LOGIN.

This is useful for things like loopback mounts, because mountcritremote
runs before mountd  / nfsd (since /usr might be a remote file system), so
an attempt to mount a loopback network file system in mountcritremote will
fail.

Also add a progress message to mountcritlocal, for the sake of symmetry
with similar messages in mountcritremote and mountlate.

Reviewed by:	freebsd-rc
MFC after:	3 weeks
2006-07-12 16:05:51 +00:00
Stefan Farfeleder
3177f91ed1 Fix spelling in a comment. 2006-07-09 06:54:24 +00:00
Florent Thoumie
99762b28b6 Since INSTALLS_SHLIB has been superseded by USE_LDCONFIG in bsd.port.mk, I
expect to see quite a few files appearing in libdata/ldconfig directories.
This change avoids the screen to be filled with the names of those ldconfig
files and replace them by the actual non-default directories they contain.
Most of them will be ${PREFIX}/lib so, 'sort -u' will help reducing the
output.

Approved by:	cperciva (implicit)
MFC after:	1 week
2006-06-21 10:22:44 +00:00
Yaroslav Tykhiy
78004009df Set an example of using load_kld() from rc.subr. 2006-06-21 09:53:25 +00:00
Yaroslav Tykhiy
1679c7f4f4 Quite a number of rc.d scripts try to load kernel modules. Many
of them do that conditionally depending on kldstat.  The code is
duplicated all over, but bugs can be uniqie.

To make the things more consistent, introduce a new rc.subr function,
load_kld, which takes care of loading a kernel module conditionally.

(Found this lying for a while in my p4 branch for various hacks.)
2006-06-21 09:42:55 +00:00
Maxim Konovalov
e64917677e o Add missed $start variable in the grep statement back.
PR:		conf/96658
Submitted by:	James Snow
MFC after:	1 week
2006-06-11 20:39:12 +00:00
Christian Brueffer
94a5f43620 Update geli_swap_flags, -e is now used to specify the encryption algorithm. 2006-06-07 17:14:27 +00:00
Tom Rhodes
b546d0bbc1 Sync to p4:
o Add shutdown KEYWORD;
o Remove PID check;
o Stop auditd with '-t'
o General cleanup.
2006-06-06 17:22:55 +00:00
Hajimu UMEMOTO
5f467a3bb6 flush' is appropriate than reload'.
Requested by:	ceri
2006-06-06 15:34:50 +00:00
Hajimu UMEMOTO
84f03df02c Add `reload' which invalidates the cache for every user. 2006-06-06 12:55:58 +00:00
David E. O'Brien
991d907d3e Use an option form better matching the manual. 2006-06-05 03:47:14 +00:00
Christian S.J. Peron
0f7163d304 Since NIS is an RPC based service, add a note that when adjusting access
controls in NIS, similar access controls should be considered for the
rpcbind as well.
2006-06-01 14:14:58 +00:00
Andrew Thompson
55ba40bfe2 Add rc.d/bridge which is invoked when a new interface arrives and can
automaticly add it to an Ethernet bridge. This is intended for applications
such as qemu, vmware, openvpn, ... which open tap interfaces and need them
bridged with the hosts network adapter, the user can set up a glob for
interfaces to be automatically added (eg tap*).
2006-06-01 11:01:54 +00:00
Andrew Thompson
f3b90d48bb Announce all interfaces to devd on attach/detach. This adds a new devctl
notification so all interfaces including pseudo are reported. When netif
creates the clones at startup devctl_disable has not been turned off yet so the
interfaces will not be initialised twice, enforce this by adding an explicit
order between rc.d/netif and rc.d/devd.

This change allows actions to taken in userland when an interface is cloned
and the pseudo interface will be automatically configured if a ifconfig_<int>=""
line exists in rc.conf.

Reviewed by:		brooks
No objections on:	net
2006-06-01 00:41:07 +00:00
Matteo Riondato
ce5c66f0b2 Add jail_<jname>_exec_afterstart<N> rc.conf variable, where <N> is
1,2 and so on.
It specifies the command to be run as Nth after jail startup.

sh(1)-fu by: Dario Freni
PR: 	conf/97697
MFC after: 2 weeks
Reviewed by: ru@ (man page)
2006-05-30 16:20:48 +00:00
Matteo Riondato
200ea54812 style(9) 2006-05-30 16:07:59 +00:00
Brooks Davis
26e3bd3e37 Remove reference to no longer existant /etc/rc.d/pccard.
PR:		conf/98055
Submitted by:	thierry herbelot <thierry at herbelot dot com>
2006-05-30 02:10:01 +00:00
Gleb Smirnoff
996e95d306 Quote the parameter to sysctl(1), allowing to use whitespaces in
sysctl values.

PR:		conf/96509
Submitted by:	Gregory Bond <gnb itga.com.au>
2006-05-24 11:36:48 +00:00
Kris Kennaway
8f8d013769 Increase the nfs access cache timeout from 2 to 60. The latter is a
more appropriate value and is also the default set by the kernel.  I
could not find a justification of why rc.conf began overriding it back
in 1998.

This dramatically cuts NFS traffic on e.g. a busy system with NFS root.

Reviewed by:	mohans
MFC After:	2 weeks
2006-05-24 00:06:14 +00:00
Maksim Yevmenkin
41566915c3 Correct BD_ADDR entry for "Dummy" device in the default hcsecd.conf.
Each byte in BD_ADDR should exactly two nibbles, i.e
"1:2:3:4:5:6" is NOT valid and "01:02:03:04:05:06" is valid BD_ADDR.

MFC after:	1 day
2006-05-18 17:53:49 +00:00
Florent Thoumie
0e5c8f9a0f Remove the require_kld function I just committed and replace with a nicer solution.
Reported by:	pjd
Approved by:	cperciva
2006-05-18 16:04:56 +00:00
Florent Thoumie
01b19d7852 Add two new scripts (mdconfig/mdconfig2) to replace old ramdisk{,-own}
scripts. These scripts handle vnode backed md(4) devices.

Old ramdisk{,-own} scripts will stay a bit in CVS to allow some time for
migration since variable names have changed (ramdisk_* -> mdconfig_*).

Two new variables have been introduced to be able to populate the md(4)
device once it has been mounted (mdconfig_*_files and mdconfig_*_cmd).

Use should be as easy as:

mdconfig_md0="-t malloc -s 10m"
mdconfig_md1="-t vnode -f /var/foo.img"

See rc.conf(5) for more information and description of the additional
variables.

Approved by:	cperciva
2006-05-18 15:29:27 +00:00
Matteo Riondato
a697c38c3d Correctly set moused_$2_enable when moused_nondefault_enable is set to NO
PR:		conf/92654
MFC after:	3
2006-05-17 11:37:09 +00:00
Poul-Henning Kamp
f6ce2a64f7 Send the pcvt(4) driver off to retirement. 2006-05-17 09:33:15 +00:00
Max Laier
9277da52e1 Move etc/rc.firewall6 to ipfw2+v6, update related rc.d and periodic scripts.
Since ipfw2 now does dual-stack, statistics for IPv6 come from the ipfw
scripts as well.
2006-05-12 19:17:34 +00:00
Florent Thoumie
b246e9314d - Change the "jail_" prefix for internal script variables. This fixes an
issue where some global jail_* variables were overriden in the script. [1]
- Change "jid" to "jname" in rc.conf(5), since it's more a jail name than a
jail id. [1]
- Update examples and comments in defaults/rc.conf to advertise new
variables and the fact that some of the jail-specific variables may be made
jail-global. [2]

Reported by:	pjd [1], clsung [2]
Approved by:	cperciva
X-MFC after:	i got sufficient testing from people using rc.d/jail
2006-05-11 14:23:43 +00:00
Matteo Riondato
8fc80fd71f if we fail to start a jail and jail_foobar_*fs_enable or jail_foobar_mount_enable were set, umount those filesystem before exiting. If we set up an alias for jail's IP, remove that alias before exiting.
MFC after:	2 weeks
2006-05-11 13:29:01 +00:00
Joe Marcus Clarke
da1081964c Add a /media to FreeBSD. /media is a directory designed to contain
subdirectories that will be used for removable media mount points (i.e.
mount points for CDs, floppy disks, USB drives, etc.).  While the primary
purpose of /media is to provide a location for HAL
(http://www.freedesktop.org/wiki/Software_2fhal) to mount volumes, it could
be used by any application that needs to manage removable media volumes.

Discussed on:	arch@
Approved by:	mux
MFC after:	1 week
2006-05-10 18:53:15 +00:00
Matteo Riondato
8cf29c0839 if a jail fails to start, don't add its jid to /var/run and print a message with the error.
PR:	conf/97024
MFC after:	1 week
2006-05-09 17:50:16 +00:00
Florent Thoumie
656a2a8738 - Fix quoting.
Reported by:	Dirk Engling <erdgeist@erdgeist.org>
Pointyhat to:	self
2006-05-08 17:32:45 +00:00
Florent Thoumie
46d5426b1b - Check for some mandatory variables.
Approved by:	cperciva (mentor)
MFC after:	1 week
2006-05-07 23:15:39 +00:00
Hajimu UMEMOTO
321000dda1 Install /etc/nsswitch.conf statically rather than generating it at
boot.  Autogeneration of nsswitch.conf doesn't makes sense in 7.0
since it's not permitted to upgrade from a pre-nss release without
passing through an intermediate release.

Suggested by:	brooks
2006-05-03 15:14:47 +00:00
Dag-Erling Smørgrav
f60446ffff Update host.conf every time nsswitch.conf changes, instead of just creating
it if it does not exist.

Submitted by:	Rostislav Krasny <rosti.bsd@gmail.com>
MFC after:	2 weeks
2006-05-01 11:02:48 +00:00
Hajimu UMEMOTO
bda1fb2baf Oops, services should be compat by default for backward compatibility. 2006-04-29 06:39:07 +00:00
Hajimu UMEMOTO
de4bee5922 Add newly supported databases such as services, protocols and rpc
into generated nsswitch.conf.
2006-04-29 04:49:19 +00:00
Hajimu UMEMOTO
06a99fe36f - Extend the nsswitch to support Services, Protocols and Rpc
databases.
- Make nsswitch support caching.

Submitted by:	Michael Bushkov <bushman__at__rsu.ru>
Sponsored by:	Google Summer of Code 2005
2006-04-28 12:03:38 +00:00
Marius Strobl
fa63296aba Remove last vestiges of sab(4). 2006-04-25 19:43:53 +00:00
Christian Brueffer
5bb234b1a6 Correct two typos in comments. 2006-04-22 13:42:49 +00:00
Tom Rhodes
8b4b23668d Clean up, comment out non-base utilities, fix up comments.
Prodded by:	hrs
2006-04-22 11:02:44 +00:00
Xin LI
c1a91869f7 After some discussion we believe that having SERVERS to REQUIRE:
ldconfig would provide necessary protection for named as well,
so remove the dependency here.

Approved by:	flz
2006-04-20 12:30:12 +00:00
Xin LI
85fa745d03 Make ldconfig as SERVER dependency. This makes it possible
for some early starting services from the ports collection
to have their shared objects available before start.

Reviewed by:	freebsd-rc (dougb, brooks)
MFC After:	3 days
2006-04-19 05:10:34 +00:00
Florent Thoumie
d657eeb6bf - Move _rc_subr_loaded=: at the end of the file, to be consistent with NetBSD.
- Sync with latest version from NetBSD.

'In order to handle some perl scripts running as daemons, add a
pattern which also matches "`basename $interpreter`: $command" in the
ps listing.'

Approved by:	cperciva (mentor)
Obtained from:	NetBSD
MFC after:	1 week
2006-04-18 15:16:55 +00:00
Florent Thoumie
455c5d38be - Add new ntpd_config variable so that people can override it in rc.conf.
- Add default value in /etc/defaults/rc.conf.
- Add documentation bits to rc.conf(5).

Approved by:	cperciva (mentor)
MFC after:	1 week
2006-04-18 15:02:24 +00:00
Florent Thoumie
caadf315e9 Add ldconfig to the list of requirements for named, needed to use bind
from ports. The effect is that ldconfig is now started right after
mountcritremote. Everything else is left unchanged.

PR:		conf/68916
Submitted by:	JD Bronson <jd@aurora.org>
Approved by:	cperciva (mentor)
MFC after:	1 week
2006-04-18 10:35:05 +00:00
Brooks Davis
c1ba2105e8 Spell synchronous with required silent 'h'.
Reported by:	ru, ceri
Pointy hat:	brooks
2006-04-13 18:34:14 +00:00
Brooks Davis
ebd1e9136f Add missing _ to $_punct.
Submitted by:	Dmitry Pryanishnikov <dmitry at atlantis.dp.ua>
2006-04-13 18:27:49 +00:00
Florent Thoumie
7b05b2c434 Use ps true power instead of tr/tail which aren't available early enough.
PR:		conf/95654
Submitted by:	Rong-En Fan <rafan@infor.org>
Noticed/Fix by:	many people on freebsd-current@
Approved by:	cperciva (mentor)
2006-04-13 08:30:43 +00:00
Brooks Davis
c4af136d49 Commit the various network interface configutation updates I've been
working on.
  1) Make it possible to configure interfaces with certain characters in
     their names that aren't valid in shell variables.  Currently supported
     characters are ".-/+".  They are converted into '_' characters.
  2) Replace nearly all eval statements in network.subr with a new
     function get_if_var which substitues an interface name (after the
     translations above) for "IF" in a variable name.
  3) Fix list_net_interfaces() in the nodhcp case.
  4) Allow the administrator to specify if dhclient should be started
     when /etc/rc.d/netif configures the interface or only by devd.
     This can be set on both a per interface and system wide basis.

PR:	conf/88974 [1,2], conf/92433 [1,2]
2006-04-13 06:50:46 +00:00
Hajimu UMEMOTO
93dd0fa390 Remove an inappropriate comment which is put into generated
host.conf.  Someone may want to edit it later.

Requested by:	Rostislav Krasny <rosti.bsd__at__gmail.com>
2006-04-12 12:01:53 +00:00
Dag-Erling Smørgrav
4eb4e22f1e Add autologin entries (al.NNN) for higher console speeds.
MFC after:	2 weeks
2006-04-11 09:54:23 +00:00
Florent Thoumie
ef04a10fe9 - If no pidfile has been created at startup, only stop processes
with current jid.

PR:		conf/93287
Submitted by:	anders
Approved by:	cperciva (mentor)
MFC after:	1 month
2006-04-11 09:20:47 +00:00
Florent Thoumie
56f964f063 - Oops, add a missing "then".
Approved by:	cperciva (mentor, implicit)
2006-04-11 09:14:51 +00:00
Florent Thoumie
66643ebe4c - Fix rc.d/sshd test on kern.random.sys.seeded.
PR:		conf/94377
Submitted by:	dwhite
Approved by:	cperciva (mentor)
MFC after:	1 week
2006-04-11 09:08:15 +00:00
Florent Thoumie
4016cfa64c - Fix amd startup when amd is installed from ports.
- Add the according amd_program default value in defaults.

PR:		conf/82738
Submitted by:	TAOKA Fumiyoshi <fmysh@iijmio-mail.jp>
Approved by:	cperciva (mentor)
MFC after:	3 days
2006-04-11 09:02:07 +00:00
Florent Thoumie
f0a4a7a722 - Set a two read-only variables (${prefix} and ${etcdir}). This is
especially useful when using /etc/rc.d scripts with third-party
software installed from ports.
- Fix rc.d/sshd to work with openssh from ports using ${etcdir}
instead of hardcoded /etc.

Reviewed by:	brooks
Approved by:	cperciva (mentor)
MFC after:	1 week
2006-04-11 08:55:27 +00:00
Florent Thoumie
69beb663f5 - Add following global jail options, used if no jail-specific options are
set:
 * jail_mount_enable
 * jail_devfs_ruleset
 * jail_devfs_enable
 * jail_fdescfs_enable
 * jail_procfs_enable
 * jail_fstab
 * jail_flags
- Add a jail_interface / jail_<jid>_interface option. An ip alias will be
created (jail_<jid>_ip) on jail_interface or jail_<jid>_interface if set.
This is not a mandatory option.
- Document all missing jail_* options in rc.conf(5).

Approved by:	cperciva (mentor)
MFC after:	2 weeks
2006-04-08 12:15:36 +00:00
Florent Thoumie
46587ab898 - Sync rc.subr with NetBSD.
- Merge some documentation bits.

Reviewed by:	brooks, simon (doc)
Approved by:	cperciva (mentor)
Obtained from:	NetBSD
MFC after:	3 days
2006-04-04 10:52:15 +00:00
Simon L. B. Nielsen
c83ae5bfc9 Remove redundant ike rc.d script, since we do not have an IPsec IKE
daemon in the base system and all the IKE daemons in the Ports
Collection has their own rc.d script.

OK'ed by:	dougb
Discussed on:	freebsd-rc
MFC after:	1 month
Approved by:	cperciva (mentor)
2006-03-28 18:28:33 +00:00
Florent Thoumie
37b7942cbf Harmless typo (s/overide/override/).
Approved by:	cperciva
MFC after:	3 days
2006-03-23 16:48:32 +00:00