| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
PR: conf/131458
|
| |
|
|
|
|
|
|
|
|
| |
the jail case specifically. In case we find a proper pre-seeded
devfs in the chroot path (mounted from the base system) permit
starting chrooted else give proper warn/error messages.
PR: conf/103489
Reviewed by: dougb
MFC after: 5 days
|
| |
|
|
|
|
| |
time to boot an unplugged system 30 sec. longer for no good reason. Therefore,
add a check to make sure that any DHCP interfaces are plugged in before
waiting.
|
| |
|
|
|
|
| |
all in this function, and grep shows no other instances of it
(besides, this is a function, and in a sub-shell, so all changes are
local).
|
| |
|
|
|
|
| |
when ntpd_sync_on_start is set.
Noticed by: rafan
|
| |
|
|
|
|
|
|
|
| |
the -g and -q options. They do a slightly different thing and
both are necessary when the time difference is large.
Noticed by: danger, in the forums
Approved by: roberto
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note: this is only really necessary because of the ifconfig
logic to add/remove the jail IPs upon start/stop.
Consensus among simon and I is that the logic should
really be factored out from the startup script and put
into a proper management solution.
- We now support starting of no-IP jails.
- Remove the global jail_<jname>_netmask option as it is only
helpful to set netmasks/prefixes for the right address
family and per address.
- Implement jail_<jname>_ip options to support both
address familes with regard to ifconfig logic.
- Implement _multi<n> support suffix to the jail_<jname>_ip
option to configure additional addresses to avoid overlong,
unreadbale jail_<jname>_ip lines with lots of addresses.
Submitted by: initial work from Ruben van Staveren
Discussed on: freebsd-jail in Nov 2008.
Reviewed by: simon, ru (partial, older version)
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
newline when it fails to obtain an address via DHCP. This made the next
rc script begin its output on the same line.
PR: conf
Submitted by: Bruce Cran <bruce at cran dot org dot uk>
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
|
| | |
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
| |
Reviewed by: secteam (simon)
Reviewed by: brooks, bz
|
| |
|
|
|
|
|
| |
during boot. Right now this is disabled by default, but it can be enabled
by setting 'crashinfo_enable=YES' in rc.conf.
MFC after: 2 weeks
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Requested by: many
|
| |
|
|
| |
requested it. This is too dangerous to just do behind the admin's back.
|
| |
|
|
|
|
|
| |
chroot /etc directory.
PR: conf/121101
Submitted by: Stefan `Sec` Zehl <sec@42.org>
|
| | |
|
| |
|
|
|
|
|
|
| |
if it exists. This mirrors similar behavior for /boot/loader.conf and
/etc/rc.conf.
Obtained from: Yahoo!
MFC after: 1 week
|
| |
|
|
| |
sio# to uart# so that out-of-the-box FreeBSD is consistent.
|
| |
|
|
| |
sio# to uart# so that out-of-the-box FreeBSD is consistent.
|
| |
|
|
|
|
|
|
|
|
|
| |
to allow them to do a "clean" shutdown.
I purposely avoided making changes to network-related stuff since the
system shutting down is pretty conclusive, and there may be complicated
dependencies on the network that I would rather not try to unravel.
I also skipped kerberos-related stuff for the reasons above, and
because I have no way to test it.
|
| | |
|
| |
|
|
| |
information in quiet mode.
|
| |
|
|
| |
script uses $dumpdir directly.
|
| |
|
|
|
|
| |
that $dumpdev is not set to "AUTO".
Reported by: Paul B. Mahol <onemda@gmail.com>
|
| |
|
|
| |
successfull. Issue a warning if it fails, however.
|
| |
|
|
|
| |
running in quiet mode since if we fail to mount any of them the boot
process gets interrupted.
|
| |
|
|
| |
issue a warning of it fails to set the sysctls.
|
| |
|
|
|
|
|
| |
double-checked my setup before commiting.
Noticed by: Florian Smeets
Pointy hat to: mtm
|
| | |
|
| |
|
|
|
| |
rc.d.
Note: errors are not affected by this flag.
|
| |
|
|
|
|
|
|
|
| |
others. In the case where it displayed warnings it would still return
succesfully. Modify it so that it returns the number of sysctls that
it was not able to set.
Make use of this in rc.d to display only *unsuccessfull* attempts to
set sysctls.
|
| |
|
|
| |
no core dump hide the message to that effect behind $rc_quiet.
|
| |
|
|
|
|
|
|
|
| |
the interface name of interfaces that were configured.
This change has the added benefit that ifn_start() and
ifn_stop() in network.subr no longer write to standard output.
Whether to output and what to output is now handled entirely
in rc.d/netif.
|
| |
|
|
|
| |
causing calls to netoptions_init() to not properly set a global variable,
which ended up being in the parent shell.
|
| |
|
|
| |
implement their own start command.
|
| |
|
|
| |
diagnostics). Instead, move output behind $rc_quiet.
|
| |
|
|
| |
diagnostic ouput only if the command fails.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
enabled.
|
| |
|
|
| |
initialization doesn't get printed unless ibcs2_enable is set.
|
| |
|
|
| |
there actually are filesystems of that type to mount.
|
| |
|
|
| |
are local (pre rc.d) scripts to run.
|
| |
|
|
|
|
| |
compatibility.
Requested by: Volker <volker@vwsoft.com>
|
