| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
recent ipfilter import.
Approved by: re (scottl), anholt (mentor)
|
| |
|
|
|
|
| |
at startup. Instead it is called by other scripts.
Approved by: re (network interface startup blanket)
|
| |
|
|
|
|
| |
interface's ifconfig_<ifn> entry in /etc/rc.conf.
Approved by: re (network interface startup blanket)
|
| |
|
|
|
|
|
|
| |
them. Just try to run the given command on them. We need to be able to
run stop functions on interfaces that have been deleted to stop
wpa_supplicant.
Approved by: re (interface startup blanket)
|
| |
|
|
|
|
|
|
|
| |
jail(8) flags (before the change we had hardcoded "-l -U root").
Submitted by: Frank Behrens <frank@pinky.sax.de>
PR: conf/80244
Approved by: re (scottl)
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
| |
for kldstat to ever print "IP Filter" (the module is called "ipfilter"
and modules don't have anything like a description), so this function
would always return false. That would cause prestart to attempt to
load the module even if it's already loaded, which would fail and
prevent the rules from being loaded.
Approved by: re (dwhite)
|
| |
|
|
|
|
| |
variable is set to "AUTO".
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
way interfaces are configured. Some key points:
- At startup, all interfaces are configured through /etc/rc.d/netif.
- ifconfig_<if> variables my now mix real ifconfig commands the with
DHCP and WPA directives. For example, this allows media
configuration prior to running dhclient.
- /etc/rc.d/dhclient is not run at startup except by netif to start
dhclient on specific interfaces.
- /etc/pccard_ether calls "/etc/rc.d/netif start <if>" to do most of
it's work.
- /etc/pccard_ether no longer takes additional arguments to pass to
ifconfig. Instead, ifconfig_<if> variables are now honored in favor
of pccard_ifconfig when available.
- /etc/pccard_ether will only run on interfaces specified in
removable_interfaces, even if pccard_ifconfig is set.
|
| |
|
|
| |
using them (or did and no longer do).
|
| |
|
|
|
|
|
| |
because new devfs entries can show up later and one can access such entires
from inside named chroot.
In rc.d scripts we can use devfs_domount() function with devfsrules_hide_all
policy and unhide 'null' and 'random' manually.
|
| |
|
|
|
|
|
|
|
| |
to see if a prior devfs has been mounted. If no devfs is mounted on
${jail_devdir}/dev then proceed. This will prevent the stack up of
multiple devfs mounts on the same mount point.
Discussed with: pjd
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
to run initdiskless before we run rcorder on /etc/rc.d. To allow this,
move /etc/rc.d/initdiskless to /etc/rc.initdiskless and run it directly
from /etc/rc.
Remove /etc/rc.d/preseedrandom as it is no longer necessicary (we start
with entropy unblocked) and was only used by initdiskless when it
was needed.
Discussed on: freebsd-rc
Repocopy by: peter
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Without this flag, if the symlink existed already a new symlink would
be created in the source directory. While harmless if the two symlinks
were the same, it nonetheless caused pointless confusion.
The pathological case is that when there is an existing /etc/namedb
symlink, but named_chrootdir in rc.conf pointed to a different
directory, it was the symlink in /var/named that was getting
updated, not the one in /etc. This led to some difficult to diagnose
problems for users.
|
| |
|
|
| |
Reviewed by: harti
|
| |
|
|
|
|
|
|
|
| |
sockets placed into prisons from the host environment get clobbered
by the prison's instance of cleanvar. (assuming /etc/rc is run in
the prison).
Discussed with: pjd, green, cperciva
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
save file was /var/db/entropy, which also happens to
be the directory where the individual entropy files
created by /usr/libexec/save-entropy are stored.
Change the suggestion to be /var/db/entropy-file
instead.
In an error condition where the shutdown file is not
created, the error message accessed a variable that
doesn't exist.
PR: conf/75722
Submitted by: Nicolas Rachinsky <list@rachinsky.de>
|
| |
|
|
| |
This gives a better chance of debugging /dev/random related panics.
|
| |
|
|
|
|
|
|
|
| |
entries that way when rules are read in, it doesn't break established
connections.
Approved by: mlaier
Reviewed by: rc
MFC after: 3 weeks
|
| |
|
|
|
|
| |
This will allow better integration with the ports system.
Submitted by: clement
|
| |
|
|
|
|
|
| |
BEFORE instead of REQUIRE.
Probably ok by: jhb
MFC after: 3 days
|
| |
|
|
| |
ipdivert.ko module a chance to load.
|
| |
|
|
| |
Forgotten by: trhodes (the real one)
|
| |
|
|
|
|
| |
or build the policy into a kernel.
Approved by: rwatson
|
| | |
|
| |
|
|
|
| |
Reported by: Tai-hwa Liang <avatar at mmlab dot cse dot yzu dot edu dot tw>
Point hat: brooks
|
| |
|
|
|
|
|
|
|
|
|
|
| |
default for now. Default flags create missing directories.
Remove comment about doing this in etc/rc.d/var.
Unlike in the PR, I chose to do this in the lpd script where we reliably
have /usr available.
PR: conf/71488
Submitted by: RZ-FreeBSD0904 at fh-karlsruhe dot de
|
| |
|
|
|
|
|
| |
to hit this case when /usr is remote and thus hasn't been mounted (since
you're supposed to have /var before mounting remote file systems).
Normal machines that don't have a /var for some reason will have /usr
already available because it's local.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Enable it by default, running newsyslog with -CN which creates files
that have the C flag specified in /etc/newsyslog.conf.
- Remove the "newsyslog -CC" call from etc/rc.d/var and the check for
newsyslog.
- Add the C flag to entries in /etc/newsyslog.conf that are currently
installed as part of the base system.
There are two effects from this change:
- Users who delete default syslog files to stop logging to them
will need to set newsyslog_enable=NO in rc.conf or remove the C
flag from those file in /etc/newsyslog.conf or they will come back
on the next boot.
- Diskless systems now create the same set of files that ordinary
systems have by default instead of every file in newsyslog.conf.
|
| |
|
|
|
|
|
| |
to create /var/log/lastlog.
- Also create /var/log/wtmp if missing.
- Attempt to create these files unless populate_var is NO rather then
only when /var is empty or populate_var=YES.
|
| |
|
|
| |
Submitted by: Pawel Worach
|
| |
|
|
| |
up to the build.
|
| | |
|
| |
|
|
|
|
| |
given power profile.
MFC after: 1 day
|
| |
|
|
| |
MFC after: 1 day
|
| |
|
|
|
|
| |
frequencies are specified with performance_cpu_freq and economy_cpu_freq.
Of course, special values LOW and HIGH are also supported. Also, remove
old throttling support.
|
| |
|
|
| |
tr(1)/sed(1)/awk(1).
|
| |
|
|
|
|
|
|
|
| |
rc.d/mountcritlocal and sed(1) is placed in /usr/bin/. Other useful tools
for this task are also placed in /usr/ (tr(1), awk(1)), so I implemented
local_tr() function which works simlar to tr(1).
Reported by: Amir Shalem <amir@boom.org.il>
MFC after: 1 week
|
| |
|
|
|
| |
Submitted by: Attila Nagy <bra@fsn.hu>
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
/etc/defaults/rc.conf.
PR: conf/76188
Submitted by: Arne Wörner <arne_woerner at yahoo dot com>
Approved by: murray
MFC After: 7 days
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
user owns these directories or the sticky bit is unset may open security holes,
so simply create them at startup with the correct owner/mode.
MFC after: 1 day
|
| |
|
|
| |
Approved by: dougb@
|
| |
|
|
|
|
|
| |
the chroot area. This stops "umount -a" failing when dropping to
single user.
Reviewed by: dougb@
|
| | |
|
| |
|
|
|
| |
PR: 72505
Submitted by: Amir Shalem <amir@active.ath.cx>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Feature: for flexibility reasons and as a prerequisite to clean
shutdowns, allow the configuration of a stop/shutdown command
via rc.conf variable "jail_<name>_exec_stop" in addition to the
start/boot command (rc.conf variable "jail_<name>_exec_start"). For
backward compatibility reasons, rc.conf variable "jail_<name>_exec"
is still supported, too.
2. Debug: Add the used boot/shutdown commands to the debug output of
the /etc/rc.d/jail script, too.
3. Security: Run the Jail start/boot command in a cleaned environment
to not leak information from the host to the Jail during startup.
4. Feature: Run the Jail stop/shutdown command "jail_<name>_exec_stop" on
"/etc/rc.d/jail stop <name>" to allow a graceful shutdown of the Jail
before its processes are just killed.
5. Bugfix: When killing the remaining Jail processes give the processes
time to actually perform their termination sequence. Without this the
subsequent umount(8) operations usually fail because the resources
are still in use. Additionally, if after trying to TERM-inate the
processes there are still processes hanging around, finally just KILL
them.
6. Bugfix: In rc.shutdown, if running inside a Jail, skip the /etc/rc.d/*
scripts which are flagged with the KEYWORD "nojail" to allow the
correct operation of rc.shutdown under jail_<name>_exec_stop="/bin/sh
/etc/rc.shutdown". This is analogous to what /etc/rc does inside a Jail.
Now the following typical host-configuration for two Jails works as
expected and correctly boots and shutdowns the Jails:
-----------------------------------------------------------
# /etc/rc.conf:
jail_enable="YES"
jail_list="foo bar"
jail_foo_rootdir="/j/foo"
jail_foo_hostname="foo.example.com"
jail_foo_ip="192.168.0.1"
jail_foo_devfs_enable="YES"
jail_foo_mount_enable="YES"
jail_foo_exec_start="/bin/sh /etc/rc"
jail_foo_exec_stop="/bin/sh /etc/rc.shutdown"
jail_bar_rootdir="/j/bar"
jail_bar_hostname="bar.example.com"
jail_bar_ip="192.168.0.2"
jail_bar_devfs_enable="YES"
jail_bar_mount_enable="YES"
jail_bar_exec_start="/path/to/kjailer -v"
jail_bar_exec_stop="/bin/sh -c 'killall kjailer && sleep 60'"
-----------------------------------------------------------
# /etc/fstab.foo
/v/foo /j/foo/v/foo nullfs rw 0 0
-----------------------------------------------------------
# /etc/fstab.bar
/v/bar /j/bar/v/bar nullfs rw 0 0
-----------------------------------------------------------
Reviewed by: freebsd-hackers
MFC after: 2 weeks
|
| | |
|
| |
|
|
| |
Spotted by: ceri
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
this feature for a jail named foo :
jail_foo_mount_enable="YES"
jail_foo_fstab="/etc/fstab.foo"
The second line is actually useless, since the code defaults to
using "/etc/fstab.$jailname" as the fstab file if none is specified.
MFC after: 3 days
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
|
