summaryrefslogtreecommitdiffstats
path: root/etc/rc.d
Commit message (Collapse)AuthorAgeFilesLines
* Make the pf and ipfw firewalls start before netif, just like ipfilterdougb2009-06-0110-11/+7
| | | | | already does. This eliminates a logical inconsistency, and a small window where the system is open after the network comes up.
* Substitute ypset for ypbind in REQUIRE lines. If you use ypset it has todougb2009-06-015-5/+5
| | | | | | | | happen right after ypbind, and before anything that uses NIS. The only change in rcorder accomplished by this patch is make that happen. PR: conf/117555 Submitted by: John Marshall <john@rwsrv05.mby.riverwillow.net.au>
* Small cleanup, add (spurious) quotation marks around the valuedougb2009-05-304-4/+4
| | | | for name= to make these scripts consistent with the rest.
* As previously advertised, remove this script prior to the 8.0 branch.dougb2009-05-302-19/+1
|
* Further idmapd garbage collection -- remove rc.d Makefile reference andrwatson2009-05-221-1/+1
| | | | | | default settings. Submitted by: Pawel Worach <pawel.worach at gmail.com>
* Remove the unmaintained University of Michigan NFSv4 client from 8.xrwatson2009-05-221-18/+0
| | | | | | | prior to 8.0-RELEASE. Rick Macklem's new and more feature-rich NFSv234 client and server are replacing it. Discussed with: rmacklem
* - do not create and mount new file systems on top of the old ones on everydanger2009-05-171-2/+4
| | | | | | | invocation of this script once we already have one (in case tmpmfs="YES"). Reviewed by: dougb
* 1. New feature; option to have the script loop until a specified hostnamedougb2009-05-161-1/+97
| | | | | | | | | | | | (localhost by default) can be successfully looked up. Off by default. 2. New feature: option to create a forwarder configuration file based on the contents of /etc/resolv.conf. This allows you to utilize a local resolver for better performance, less network traffic, custom zones, etc. while still relying on the benefits of your local network resolver. Off by default. 3. Add named-checkconf into the startup routine. This will prevent named from trying to start in a situation where it would not be possible to do so.
* Trim trailing whitespace from the end of a linedougb2009-05-161-1/+1
|
* Added (pre|post)(start|stop) jail hooks. These can be used to runru2009-04-281-2/+108
| | | | | | | | arbitrary commands (outside the jail) associated with said events, e.g. to bring up/down CARP interfaces representing services run in jails. Reviewed by: simon
* - Add ipfw_nat to the list of required modules if "firewall_nat_enable"emax2009-03-301-2/+12
| | | | | | | | | | is set and "natd_enable" is NOT set; - Accept and pass firewall type to the external firewall script. Submitted by: Yuri Kurenkov < y -dot- kurenkov -at- init -dot- ru > MFC after: 3 days No response from: freebsd-rc
* Backout previous commit due to PEBKACguido2009-03-111-1/+1
|
* When swap resides on a mirror and it is not stopped, the mirrorguido2009-03-101-1/+1
| | | | | is degraded upon the next reboot and will have to be rebuild. Thus call swapoff when rebooting (read: when stopping swap1)
* Rename the rc.conf(5) knob if_up_delay to defaultroute_delay to bettermtm2009-02-171-3/+3
| | | | reflect its purpose.
* Reword informational message by rc.d/defaultroute.mtm2009-02-111-1/+1
| | | | PR: conf/131458
* Named normally cannot be started chrooted inside a jail. Thus treatbz2009-02-071-5/+23
| | | | | | | | | | the jail case specifically. In case we find a proper pre-seeded devfs in the chroot path (mounted from the base system) permit starting chrooted else give proper warn/error messages. PR: conf/103489 Reviewed by: dougb MFC after: 5 days
* The 30 second wait for network interfaces to show up effectively makes themtm2009-02-021-4/+15
| | | | | | time to boot an unplugged system 30 sec. longer for no good reason. Therefore, add a check to make sure that any DHCP interfaces are plugged in before waiting.
* Spawn one fewer shells on startup. We don't use dhcp_interfaces atimp2009-01-301-1/+0
| | | | | | all in this function, and grep shows no other instances of it (besides, this is a function, and in a sub-shell, so all changes are local).
* Backout change 187782. It inhibits ntpd from starting at allkeramida2009-01-291-1/+1
| | | | | | when ntpd_sync_on_start is set. Noticed by: rafan
* When synchronizing the clock at system startup time, use bothkeramida2009-01-271-1/+1
| | | | | | | | | the -g and -q options. They do a slightly different thing and both are necessary when the time difference is large. Noticed by: danger, in the forums Approved by: roberto MFC after: 1 week
* Update jail startup script for multi-IPv4/v6/no-IP jails.bz2009-01-261-16/+208
| | | | | | | | | | | | | | | | | | | | | | | Note: this is only really necessary because of the ifconfig logic to add/remove the jail IPs upon start/stop. Consensus among simon and I is that the logic should really be factored out from the startup script and put into a proper management solution. - We now support starting of no-IP jails. - Remove the global jail_<jname>_netmask option as it is only helpful to set netmasks/prefixes for the right address family and per address. - Implement jail_<jname>_ip options to support both address familes with regard to ifconfig logic. - Implement _multi<n> support suffix to the jail_<jname>_ip option to configure additional addresses to avoid overlong, unreadbale jail_<jname>_ip lines with lots of addresses. Submitted by: initial work from Ruben van Staveren Discussed on: freebsd-jail in Nov 2008. Reviewed by: simon, ru (partial, older version) MFC after: 1 week
* Correct a bug where /etc/rc.d/defaultroute fails to finish by printing abrooks2008-12-171-1/+3
| | | | | | | | | newline when it fails to obtain an address via DHCP. This made the next rc script begin its output on the same line. PR: conf Submitted by: Bruce Cran <bruce at cran dot org dot uk> MFC after: 3 days
* Implement support for RPCSEC_GSS authentication to both the NFS clientdfr2008-11-033-2/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
* ifconfig(8) can take only one interface at a time.pjd2008-10-301-1/+3
|
* Allow a jail's IP alias to be created with an arbitrary netmask.ru2008-09-241-1/+3
| | | | MFC after: 3 days
* Allow a jail to be started with a specific route fib.thompsa2008-09-161-1/+8
| | | | | Reviewed by: secteam (simon) Reviewed by: brooks, bz
* Add the ability to run /usr/sbin/crashinfo on a new core dump automaticallyjhb2008-08-291-0/+3
| | | | | | | during boot. Right now this is disabled by default, but it can be enabled by setting 'crashinfo_enable=YES' in rc.conf. MFC after: 2 weeks
* Make obrien happydes2008-08-252-29/+1
|
* Cope with the file rename by changing rc variables.rpaulo2008-08-211-4/+4
|
* Rename the RCng 'kernel' script to 'kernel_symlink'.obrien2008-08-201-1/+1
|
* Rename the RCng 'kernel' script to 'kernel_symlink'.obrien2008-08-191-0/+0
| | | | Requested by: many
* Only symlink booted kernel directory to /boot/kernel if user has explicitlyobrien2008-08-091-0/+1
| | | | requested it. This is too dangerous to just do behind the admin's back.
* When using SRV records the protocols and services files need to be in thedougb2008-08-011-5/+9
| | | | | | | chroot /etc directory. PR: conf/121101 Submitted by: Stefan `Sec` Zehl <sec@42.org>
* Oops, restore the recent changes to make startup messages quieter.jhb2008-07-311-1/+3
|
* Parse sysctl settings from /etc/sysctl.conf.local after /etc/sysctl.confjhb2008-07-311-10/+15
| | | | | | | | if it exists. This mirrors similar behavior for /boot/loader.conf and /etc/rc.conf. Obtained from: Yahoo! MFC after: 1 week
* With uart(4) default, change /dev/cuad# to /dev/cuau# andmarcel2008-07-191-6/+6
| | | | sio# to uart# so that out-of-the-box FreeBSD is consistent.
* With uart(4) default, change /dev/cuad# to /dev/cuau# andmarcel2008-07-191-7/+7
| | | | sio# to uart# so that out-of-the-box FreeBSD is consistent.
* Add the shutdown KEYWORD to those scripts that start persistent servicesdougb2008-07-1634-19/+34
| | | | | | | | | | | to allow them to do a "clean" shutdown. I purposely avoided making changes to network-related stuff since the system shutting down is pretty conclusive, and there may be complicated dependencies on the network that I would rather not try to unravel. I also skipped kerberos-related stuff for the reasons above, and because I have no way to test it.
* As previously discussed, add the svn:executable property to all scriptsdougb2008-07-1692-0/+0
|
* The pfctl(8) program is already pretty verbose, so don't print extramtm2008-07-111-2/+2
| | | | information in quiet mode.
* Remove the $DUMPDIR variable. It's redundant and the rest of themtm2008-07-061-6/+1
| | | | script uses $dumpdir directly.
* Make checking for the availability of core dumps work in the casemtm2008-07-061-1/+12
| | | | | | that $dumpdev is not set to "AUTO". Reported by: Paul B. Mahol <onemda@gmail.com>
* No need to display the result of enabling the ipfw sysctl if it'smtm2008-07-051-1/+3
| | | | successfull. Issue a warning if it fails, however.
* There's no need to announce that we're mounting local filesystems whenmtm2008-07-051-2/+2
| | | | | running in quiet mode since if we fail to mount any of them the boot process gets interrupted.
* Quiet down rc.d/nfsclient by not printing anything in 'quiet' mode. Insteadmtm2008-07-051-3/+7
| | | | issue a warning of it fails to set the sysctls.
* Backout r179941. The nfsclient knob always confuses me. I should havemtm2008-06-272-4/+4
| | | | | | | double-checked my setup before commiting. Noticed by: Florian Smeets Pointy hat to: mtm
* Quiet rc.d/syscons unless it has something to say.mtm2008-06-241-6/+35
|
* Add a -q flag to swapon(8) to suppress informational messages. Use it inmtm2008-06-231-1/+1
| | | | | rc.d. Note: errors are not affected by this flag.
* The sysctl(8) program exits on some errors and only emits warnings onmtm2008-06-233-3/+12
| | | | | | | | | others. In the case where it displayed warnings it would still return succesfully. Modify it so that it returns the number of sysctls that it was not able to set. Make use of this in rc.d to display only *unsuccessfull* attempts to set sysctls.
* Run savecore(8) only if there is a core dump to save. If there ismtm2008-06-231-2/+5
| | | | no core dump hide the message to that effect behind $rc_quiet.
OpenPOWER on IntegriCloud