| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
successful [is spelled] with only one l
NetBSD rev. 1.12
Implement ``one'' prefix to allow a "one shot" operation as if
${rcvar}=yes yet all the other prerequisite tests are still performed.
The existing ``force'' prefix is a sledgehammer that ignores all the
prerequisite checks and always returns a zero exit status; this is a
more gentle approach to the problem of "manipulate this disabled
service without editing rc.conf(5)".
Obtained From: NetBSD
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement ``one'' prefix to allow a "one shot" operation as if
${rcvar}=yes yet all the other prerequisite tests are still performed.
The existing ``force'' prefix is a sledgehammer that ignores all the
prerequisite checks and always returns a zero exit status; this is a
more gentle approach to the problem of "manipulate this disabled
service without editing rc.conf(5)".
Obtained From: NetBSD
# We have a work-around in our version of rc.subr that
# makes force* return a non-zero exit status if the
# command/service could not be acted upon. The work-around
# is no longer necessary and should be removed.
|
| |
|
|
|
| |
business trying to impersonate su(1), and it does not need to be setuid
to function properly when invoked by getty(8) or telnetd(8).
|
| |
|
|
|
|
| |
like tun are naming their modules using the 'if_; prefix and previous version of
the code failed to detect their presence in the kernel, resulting in the same
module being loaded twice.
|
| |
|
|
| |
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function removes all environment variables except
the ones listed on a "whitelist."
The function accepts two whitelist arguments.
If the first is NULL, a built-in default list will be
used. This allows callers to get a variety of behaviors:
* Default screening: provide NULL for both lists
* Custom screening: provide a custom list for the first argument
* Modified default screening: provide NULL for first arg,
list of additional variables to preserve in the second arg
Idea from: Jacques Vidrine
MFC after: 2 weeks
|
| |
|
|
| |
Fix yet another endianess bug in sdpd(8)
|
| |
|
|
|
|
|
| |
are employed in entry points later in the same include file.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Air Force Research Laboratory, McAfee Research
|
| |
|
|
|
| |
it is slightly more efficient since we already have a mutex to protect the
queue. Ktrace originally used a semaphore more as a proof of concept.
|
| |
|
|
| |
Reminded by: bmah
|
| | |
|
| |
|
|
|
|
|
|
|
| |
struct vattr in mac_policy.h. This permits policies not
implementing entry points using these types to compile without
including include files with these types.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Air Force Research Laboratory
|
| |
|
|
|
| |
Updated release notes: OpenSSH 3.8p1 and default configuration
changes.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Add "*,v" to the list of scratch files to skip.
Suggested by Johnny Lam / Alistair Crooks
o Update NetBSD rcsid
Obtained From: NetBSD
|
| |
|
|
|
|
|
|
| |
run_rc_command(): when checking if ${command} exists before executing it,
be sure to check under ${name_chroot} (if set).
Fix from Ed Ravin in [bin/18523]
Obtained From: NetBSD
|
| |
|
|
|
|
|
|
| |
Use more concise shell syntax:
1. for i in $* -> for i
2. foo=$* -> foo="$@"
Obtained From: NetBSD
|
| |
|
|
|
|
|
|
|
|
| |
Change how internal boolean variables are used to:
if ! ${_somevar:-false}; then
_somevar=true
fi
(Consisent, slightly quicker, and slightly cleaner)
Obtained from: NetBSD
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
SIOCGIFCONF.
|
| | |
| |
| |
| |
| | |
correct place if needed and possible. Self-hosted builds can just use
the system default.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
-static to CFLAGS). It just turned rev.1.5 into an obfuscated no-op.
As explained in the log for rev.1.5, testing should be done in the
host environment but there is a problem in cross-compilation environments.
As not explained in the log for rev.1.6, there was apparently a practical
problem with cross-compiling (makeworld should have set -static in
LDFLAGS but apparently didn't). Cross-compilation was especially
complicated because the relevant programs are test programs that were
run at beforeinstall time -- dynamic libraries might or might not exist
depending on the build options. The complications became moot in
rev.1.8 when beforeinstall was renamed "test".
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Makeworld will add -static in the correct place if needed and possible.
Self-hosted builds can just use the system default.
Fixed some nearby style bugs (code unrelated to its comment, and comment
formatting).
|
| | |
| |
| |
| | |
Sorted macros (in build order).
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This enables pf to track dynamic address changes on interfaces (dailup) with
the "on (<ifname>)"-syntax. This also brings hooks in anticipation of
tracking cloned interfaces, which will be in future versions of pf.
Approved by: bms(mentor)
|
| | |
| |
| |
| |
| |
| |
| | |
pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile
(i.e. do not connect it to any (automatic) builds - yet).
Approved by: bms(mentor)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
to a new mac_inet.c. This code is now conditionally compiled based
on inet support being compiled into the kernel.
Move socket related MAC Framework entry points from mac_net.c to a new
mac_socket.c.
To do this, some additional _enforce MIB variables are now non-static.
In addition, mbuf_to_label() is now mac_mbuf_to_label() and non-static.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
for a long time and is run in production use. This is the code present in
portversion 2.03 with some additional tweaks.
The rather extensive diff accounts for:
- locking (to enable pf to work with a giant-free netstack)
- byte order difference between OpenBSD and FreeBSD for ip_len/ip_off
- conversion from pool(9) to zone(9)
- api differences etc.
Approved by: bms(mentor) (in general)
|
| |\ \
| | |
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | /
| |
| |
| | |
Approved by: bms(mentor), core (in general)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Of course, libdialog is still chock-full of similar bugs, but it's been
multiple years and no one has any better suggestions so the bugs will just
be dealt with case-by-case.
PR: 28221
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
ranges.
Add additional credits for contributions to the MAC Framework.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
|
| | |
| |
| |
| |
| |
| |
| |
| | |
created with the multilabel flag from inception. This simply
passes the "-l" flag on to newfs(8).
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
|
| | |
| |
| |
| |
| |
| |
| |
| | |
permits users of newfs to set the multilabel flag on UFS1 and UFS2
file systems from inception without using tunefs.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, McAfee Research
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
the syscall arguments and does the suser() permission check, and
kern_mlock(), which does the resource limit checking and calls
vm_map_wire(). Split munlock() in a similar way.
Enable the RLIMIT_MEMLOCK checking code in kern_mlock().
Replace calls to vslock() and vsunlock() in the sysctl code with
calls to kern_mlock() and kern_munlock() so that the sysctl code
will obey the wired memory limits.
Nuke the vslock() and vsunlock() implementations, which are no
longer used.
Add a member to struct sysctl_req to track the amount of memory
that is wired to handle the request.
Modify sysctl_wire_old_buffer() to return an error if its call to
kern_mlock() fails. Only wire the minimum of the length specified
in the sysctl request and the length specified in its argument list.
It is recommended that sysctl handlers that use sysctl_wire_old_buffer()
should specify reasonable estimates for the amount of data they
want to return so that only the minimum amount of memory is wired
no matter what length has been specified by the request.
Modify the callers of sysctl_wire_old_buffer() to look for the
error return.
Modify sysctl_old_user to obey the wired buffer length and clean up
its implementation.
Reviewed by: bms
|
| | |
| |
| |
| |
| | |
in a non-atomic manner. It appears to always be called with the
mutex (good).
|
| | |
| |
| |
| | |
authentication only) with older versions of FreeBSD's routed.
|
