| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Approved by: dougb@
|
|
|
|
|
|
|
| |
the chroot area. This stops "umount -a" failing when dropping to
single user.
Reviewed by: dougb@
|
| |
|
|
|
|
|
| |
PR: 72505
Submitted by: Amir Shalem <amir@active.ath.cx>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Feature: for flexibility reasons and as a prerequisite to clean
shutdowns, allow the configuration of a stop/shutdown command
via rc.conf variable "jail_<name>_exec_stop" in addition to the
start/boot command (rc.conf variable "jail_<name>_exec_start"). For
backward compatibility reasons, rc.conf variable "jail_<name>_exec"
is still supported, too.
2. Debug: Add the used boot/shutdown commands to the debug output of
the /etc/rc.d/jail script, too.
3. Security: Run the Jail start/boot command in a cleaned environment
to not leak information from the host to the Jail during startup.
4. Feature: Run the Jail stop/shutdown command "jail_<name>_exec_stop" on
"/etc/rc.d/jail stop <name>" to allow a graceful shutdown of the Jail
before its processes are just killed.
5. Bugfix: When killing the remaining Jail processes give the processes
time to actually perform their termination sequence. Without this the
subsequent umount(8) operations usually fail because the resources
are still in use. Additionally, if after trying to TERM-inate the
processes there are still processes hanging around, finally just KILL
them.
6. Bugfix: In rc.shutdown, if running inside a Jail, skip the /etc/rc.d/*
scripts which are flagged with the KEYWORD "nojail" to allow the
correct operation of rc.shutdown under jail_<name>_exec_stop="/bin/sh
/etc/rc.shutdown". This is analogous to what /etc/rc does inside a Jail.
Now the following typical host-configuration for two Jails works as
expected and correctly boots and shutdowns the Jails:
-----------------------------------------------------------
# /etc/rc.conf:
jail_enable="YES"
jail_list="foo bar"
jail_foo_rootdir="/j/foo"
jail_foo_hostname="foo.example.com"
jail_foo_ip="192.168.0.1"
jail_foo_devfs_enable="YES"
jail_foo_mount_enable="YES"
jail_foo_exec_start="/bin/sh /etc/rc"
jail_foo_exec_stop="/bin/sh /etc/rc.shutdown"
jail_bar_rootdir="/j/bar"
jail_bar_hostname="bar.example.com"
jail_bar_ip="192.168.0.2"
jail_bar_devfs_enable="YES"
jail_bar_mount_enable="YES"
jail_bar_exec_start="/path/to/kjailer -v"
jail_bar_exec_stop="/bin/sh -c 'killall kjailer && sleep 60'"
-----------------------------------------------------------
# /etc/fstab.foo
/v/foo /j/foo/v/foo nullfs rw 0 0
-----------------------------------------------------------
# /etc/fstab.bar
/v/bar /j/bar/v/bar nullfs rw 0 0
-----------------------------------------------------------
Reviewed by: freebsd-hackers
MFC after: 2 weeks
|
| |
|
|
|
|
| |
Spotted by: ceri
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this feature for a jail named foo :
jail_foo_mount_enable="YES"
jail_foo_fstab="/etc/fstab.foo"
The second line is actually useless, since the code defaults to
using "/etc/fstab.$jailname" as the fstab file if none is specified.
MFC after: 3 days
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
|
|
|
|
|
| |
Submitted by: Ben Kelly <ben.kelly@ieee.org>
PR: bin/64079
|
| |
|
|
|
|
| |
character for both.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These can be used to pass extra options to the mdmfs(8) utility,
to customize the finer details of the md file system creation
(i.e. to turn on/off softupdates, to specify a default owner for md
filesystem, etc).
Use these two new flags to mount tmpmfs and varmfs without
softupdates, since it doesn't make much sense to use SU on
malloc-backed file systems.
Reviewed by: mtm
Inspired by: J. D. Bronson, jbronson at wixb dot com
|
|
|
|
|
| |
Now gmirror use shutdown hooks to mark mirrors as clean on shutdown,
so this is not needed anymore.
|
|
|
|
|
| |
- The 'before ipfw' directive seems bogus, and should instead
be 'before rcconf'.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
on the system.
To start/stop/check on a specific device give the device name as
the second argument to the script:
# /etc/rc.d/moused start ums0
To use different rc.conf(5) knobs with different mice use the device
name as part of the knob. For example, if the mouse device is ums0, then:
moused_ums0_enable=yes
moused_ums0_flags="-z 4"
moused_ums0_port="/dev/ums0"
Starting rc.d/moused without the device argument will use the standard
moused_* flags. So, this commit should not disrupt or change current usage.
To preserve current behaviour with respect to usb mice, which appear
automatically when inserted, there is a new knob, moused_nondefault_enable,
which will treat any devices without rc.conf knobs as enabled.
To minimize knobs in /etc/rc.conf, the device file and pid file are
auto-computed, so that in the typical case for a usb mouse you don't
need to add anything extra in /etc/rc.conf to get it working.
Additionally, this updates /etc/usbd.conf to use the rc.d/moused script so
people don't have to modify it to configure their usb mouse anymore.
MFC after: 1 month
|
|
|
|
|
|
|
|
|
| |
Now, one should be able to put something like this into /etc/rc.conf:
ifconfig_fxp0_name="net0"
ifconfig_net0="inet 10.0.0.1/16"
Reviewed by: green
|
|
|
|
|
|
| |
- Before flushing rules in 'reload' command, check first if rules are
correct.
- Do not duplicate checking if $pf_rules file exists.
|
|
|
|
|
| |
will show the real device name
- show different error messages for missing dump device and directory
|
|
|
|
|
|
| |
programs may need to use the symlinks and permissions that it sets up.
Discussed on: -current
|
|
|
|
| |
and natd_enable is true.
|
|
|
|
|
| |
create a symbolic link /dev/dumpdev designating that device so
savecore can find and save a previous kernel dump.
|
|
|
|
| |
Reviewed by: des
|
|
|
|
| |
Skipped by: mtm (/me glares at mtm) :)
|
|
|
|
|
|
|
| |
makes any sense.
Discussed with: dougb, brooks
MFC after: 3 days
|
|
|
|
|
|
|
|
|
|
|
| |
device
device.bde
/dev/device
/dev/device.bde
- Fix stop routine:
+ There don't have to be file system mounted on gbde device,
so ignore errors from umount(8).
+ Only detach existing gbde devices.
|
|
|
|
|
|
|
| |
I used ugly "/dev/${parent}" instead of "${parentdev}", because "/dev/"
prefix for devices listed in gbde_devices variable is optional.
Reported by: Sean McNeil <sean@mcneil.com>
|
| |
|
| |
|
|
|
|
|
|
|
| |
to NO of course). Provide a basic ruleset file, rc.bsdextended, but allow
the filename to be overridden through rc.conf.
Discussed with: rwatson (awhile ago)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
by default when named is enabled. Also, improve our default directory
layout by creating /var/named/etc/namedb/{master|slave} directories,
and use the former for the generated localhost* files.
Rather than using pax to copy device entries, mount devfs in the
chroot directory.
There may be some corner cases where things need to be adjusted,
but overall this structure has been well tested on a production
network, and should serve the needs of the vast majority of users.
UPDATING has instructions on how to do the conversion for those
with existing configurations.
|
|
|
|
|
|
| |
has an rndc.conf file.
Submitted by: Sergey Mokryshev <mokr@mokr.net>
|
|
|
|
|
|
|
|
| |
chrooted the pid symlink code should not fire. Also, remove the quotes
around the chroot variable in the rndc-confgen invocation so that if
not chrooted the command will still succeed.
Pointed out by: Sean McNeil <sean@mcneil.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Making the pid symlink now has to happen after named starts, otherwise
it can generate a fatal error.
2. named-xfer is not part of the BIND 9 world.
3. BIND 9 needs a /dev/random in the chroot directory if chrooted.
4. Only the pid file is symlinked now, the ndc socket is BIND 8 only.
5. Create an rndc.key file for the user if one does not exist.
This (generally) allows a BIND 8 config file to be used in a BIND 9
world with little or no modification.
|
|
|
|
|
|
| |
in /etc/fstab, or print an error message if no suitable device was found.
MFC after: 4 weeks
|
|
|
|
|
|
| |
Without this change, if one had a swap-on-mirror configuration, gmirror
will rebuild mirror component(s) on boot, because they are dirty (they
were open on shutdown).
|
|
|
|
|
|
| |
dependency to it from our rc.d scripts.
Approved by: mtm
|
|
|
|
|
|
| |
provided by any rc.d script.
Approved by: mtm
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
complete backout as the ntpd_sync_on_start etc/rc.conf tunable is still
present, though the default is now NO (was YES). Since we're no longer
syncing time at startup by default when ntpd is enabled (as was the case
24hrs ago), remove UPDATING entry pointing out that ntpd(1) -g is slower
than ntpdate(1).
Hopefully ntpd_sync_on_start="YES" can be made the default for -CURRENT
after 5.3 is cut. At the very least, this should be set to YES when a
user requests to have ntpd enabled via sysinstall(1).
Requested by: many
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
calls to ntpd -g. ntpd is noticeably slower than ntpdate, but is also more
accurate. This removes the nasty hackery in rc.d/ntpdate that would parse
out ntp servers from /etc/ntp.conf (ntpd knows how to read its own config
file). By default, ntpd *will* sync with its listed time servers. To
turn this off so that ntpd does not sync, ntpd_sync_on_start="NO" can be
added to /etc/rc.conf. If ntpd is not enabled (the default), then time is
not synced on startup. ntpdate has been depreciated by the ntpd authors
for quite some time so this change shouldn't be unexpected.
Suggested by: des
Approved by: roberto (resident ntp guru)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
calls to ntpd -g. ntpd is noticably slower than ntpdate, but is also more
accurate. This removes the nasty hackery in rc.d/ntpdate that would parse
out ntp servers from /etc/ntp.conf (ntpd knows how to read its own config
file). By default, ntpd *will* sync with its listed time servers. To
turn this off so that ntpd does not sync, ntpd_sync_on_start="NO" can be
added to /etc/rc.conf. If ntpd is not enabled (the default), then time is
not synced on startup. ntpdate's use has been depreciated by the ntpd
authors for quite some time so this change shouldn't be unexpected.
Suggested by: des
Approved by: roberto (resident ntp guru)
|
|
|
|
|
| |
on my system, and since then my /var was always created as
MFS which was very surprising. Fix this for /tmp and /var.
|
|
|
|
| |
Submitted by: delphij@beastie.frontfree.net
|
|
|
|
|
|
|
|
|
| |
part of the pf module.
While here fix a comment that was c'n'ped from rc.d/pf
PR: bin/71096 (partly)
Submitted by: Ville-Pertti Keinonen
MFC after: 2 days
|
|
|
|
|
|
|
|
| |
more than one word, adding some quotes.
Advice from: mtm (my first attempt wasn't quite right)
Reviewed by: mtm
MFC after: 3 days
|
|
|
|
|
|
| |
they are empty or undefined.
MFC after: 3 days
|
|
|
|
| |
Reviewed by: des
|