| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
| |
r128060 for "hardware-supplied entropy" reversed this without reason,
seems a typo.
* Isolate "better than nothing" implementation to a function.
Submitted by: obrien & Arthur Mesh <arthurmesh@gmail.com>
Sponsored by: Juniper Networks
|
| | |
|
| |
|
|
| |
possible to specify a gptid in geli_devices.
|
| |
|
|
| |
Submitted by: kargl
|
| |
|
|
|
| |
We need to limit the amount of time between consuming the entropy seeds
and removing it in case of a kernel panic.
|
| |
|
|
|
|
|
| |
Not doing so opens us up to replay attacks.
Submitted by: Arthur Mesh <arthurmesh@gmail.com>
Sponsored by: Juniper Networks
|
| | |
|
| |
|
|
|
|
|
| |
- To achieve above, convert jail(8) invocation to use new style
command line "-c" flag.
Reviewed at: freebsd-jail@
|
| | |
|
| |
|
|
|
|
| |
Reviewed by: emaste (mentor)
Approved by: emaste (mentor)
MFC after: 3 days
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
| |
will override ours instead of the other way around.
|
| |
|
|
|
|
|
| |
Tighten the regular expression that checks for an md /tmp such that
no /tmp mount and an md / isn't improperly matched.
Sponsored by: DARPA/AFRL
|
| | |
|
| |
|
|
|
|
| |
- Add -P option to support PID file. When -a is specified /var/run/rarpd.pid
is used, and when an interface is specified /var/run/rarpd.<ifname>.pid is
used by default.
|
| |
|
|
|
|
|
| |
by $firewall_logif rc.conf(5) variable at boot time or manually by ifconfig(8)
after a boot.
Discussed on: freebsd-ipfw@
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
| |
on how to best proceed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adjust power_profile script to handle the new world order as well.
Some vendors are opting out of a C2 state and only defining C1 & C3. This
leads the acpi_cpu display to indicate that the machine supports C1 & C2
which is caused by the (mis)use of the index of the cx_state array as the
ACPI_STATE_CX value.
e.g. the code was pretending that cx_state[i] would
always convert to i by subtracting 1.
cx_state[2] == ACPI_STATE_C3
cx_state[1] == ACPI_STATE_C2
cx_state[0] == ACPI_STATE_C1
however, on certain machines this would lead to
cx_state[1] == ACPI_STATE_C3
cx_state[0] == ACPI_STATE_C1
This didn't break anything but led to a display of:
* dev.cpu.0.cx_supported: C1/1 C2/96
Instead of
* dev.cpu.0.cx_supported: C1/1 C3/96
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
| |
o change rcname to kfd;
o move mandatory options to command_args;
o add missing "shutdown" keyword;
o fix require line. Kfd doesn't really need to be started before
daemons.
Suggested by: dougb
|
| |
|
|
|
|
|
|
|
|
| |
if the accounting log file is atomically replaced with a new file
(such as during log rotation).
- Simplify accounting log rotation a bit. There is no need to re-run
accton(8) after renaming the new log file to it's real name.
PR: kern/167321
Tested by: Jeremy Chadwick
|
| | |
|
| |
|
|
|
|
|
|
|
| |
for the default FIB followed by a statement with a list of FIB numbers for
all the other FIBs we install the routes for.
Request by: kib (to make it less noisy)
Tested by: kib
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Extend the so far IPv4-only support for multiple routing tables (FIBs)
introduced in r178888 to IPv6 providing feature parity.
This includes an extended rtalloc(9) KPI for IPv6, the necessary
adjustments to the network stack, and user land support as in netstat.
Sponsored by: Cisco Systems, Inc.
Reviewed by: melifaro (basically)
MFC after: 10 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Add new functionality to the force_depend method to incorporate the
tests for whether the service is enabled and/or already running.
2. Add a new option to bypass checking only that the service is enabled
at boot time, and always check if it is running.
3. Use this new functionality to greatly simplify the rc.d scripts that
use force_depend.
4. Add a force_depend for statd in lockd
5. Remove the check that either nfs_server or nfs_client is _enable'd
from statd and lockd. This was always overkill, and prevented using
the {one|force}start options, as well as stop'ing on the command line.
6. The yp* scripts had some of their arguments in various weird orders.
Bring them into line with the model.
7. If mountd fails to create /var/db/mountdtab, err out.
Ideas, suggestions, and/or review from delphij and jilles.
Pointy hats are completely my responsibility however.
|
| |
|
|
|
|
|
|
|
| |
The main benefit is that watchdogd would shutdown after most of other
daemons/servers and thus, for example, would remedy a system hang caused
by unlucky X server shutdown.
Reviewed by: dougb (earlier version)
MFC after: 2 weeks
|
| |
|
|
| |
Requested by: dougb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This has the following advantages:
- During boot, the BOOT_TIME record is now written right after the file
systems become writable, but before users are allowed to log in. This
means that they can't cause `hidden logins' by logging in right before
init(8) kicks in.
- The pututxline(3) function may potentially block on file locking,
though this is very rare to occur. By placing it in an rc script, the
user can still kill it with ^C if needed.
- Most importantly: jails don't use init(8). This means that a force
reboot of a system running jails will leave stale entries in the
accounting database of the jails individually.
|
| |
|
|
|
|
|
|
| |
of rcorder. Somehow in the intervening period addswap got moved to the
very end, which is almost certainly not what we want.
This change moves it to right after kld so that for users who need it,
they'll get it ASAP.
|
| |
|
|
|
|
|
|
|
| |
side effect of something else using them. If they haven't been loaded
already but you want to use them, say for configuring a jail, you're out
of luck.
So add a knob to always load the default rulesets. While I'm here document
the other devfs_ knobs in rc.conf.5.
|
| |
|
|
|
|
| |
it was set to "auto", for example.
MFC after: 3 days
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- ipv6_enable + ipv6_gateway_enable should unset ACCEPT_RTADV by default for
backward compatibility.
- Configurations in ipv6_prefix_IF should be recognized even if there is no
ifconfig_IF_ipv6.
- DAD wait should be performed at once, not on a per-interface basis, if
possible. This fixes an issue that a system with a lot of IPv6-capable
interfaces takes too long for booting.
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
| |
creating stray "log" symlinks if the mount fails. That apparently
happens in some ezjail configs.
PR: conf/143084
Submitted by: Dirk Engling <erdgeist at erdgeist.org>
Reviewed by: simon
MFC after: 2 weeks
|
| |
|
|
|
|
| |
We should show the error to user, but it doesn't deserve syslog.
Approved by: jhb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
assignments to the literal values it would have returned.
The concept of set_rcvar() was nice in theory, but the forks
it creates are a drag on the startup process, which is especially
noticeable on slower systems, such as embedded ones.
During the discussion on freebsd-rc@ a preference was expressed for
using ${name}_enable instead of the literal values. However the
code portability concept doesn't really apply since there are so
many other places where the literal name has to be searched for
and replaced. Also, using the literal value is also a tiny bit
faster than dereferencing the variables, and every little bit helps.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Document the current semantics of the 'quiet' command prefix
in the rc.subr(8).
Fix dhclient rc.d script: it should not call err() for
non-DHCP-enabled interface when it is called from devd, because the
latter just blindly calls 'service dhclient quietstart' on each "link
up" event.
Since the 'quietstart' will silence the message "Cannot 'start' <foo>.
Set <foo>_enable to YES in /etc/rc.conf or use 'onestart' instead of
'start'." and running dhclient on the non-DHCP-enabled interface is
the same thing as running the service <foo> without <foo>_enable set,
such modification is in sync with the current semantics of the 'quiet'
prefix.
Approved by: glebius
Reviewed by: freebsd-rc list
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Make the pfsync.ko actually usable. Before this change loading it
didn't register protosw, so was a nop. However, a module /boot/kernel
did confused users.
o Rewrite the way we are joining multicast group:
- Move multicast initialization/destruction to separate functions.
- Don't allocate memory if we aren't going to join a multicast group.
- Use modern API for joining/leaving multicast group.
- Now the utterly wrong pfsync_ifdetach() isn't needed.
o Move module initialization from SYSINIT(9) to moduledata_t method.
o Refuse to unload module, unless asked forcibly.
o Improve a bit some FreeBSD porting code:
- Use separate malloc type.
- Simplify swi sheduling.
This change is probably wrong from VIMAGE viewpoint, however pfsync
wasn't VIMAGE-correct before this change, too.
Glanced at by: bz
|
| |
|
|
| |
attempting to maintain compatibility with NetBSD for some years now.
|
| | |
|
| |
|
|
|
|
|
| |
inside a jail.
Discussed with: rwatson
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
with FreeBSD easier for vendors.
- For optional files use variables starting with underscore.
Both changes make rc.d/Makefile look similar to sys/modules/Makefile.
Reviewed by: dim
|
| |
|
|
|
|
| |
on "FILESYSTEMS" and 'kld' is being run 8 scripts ahead of 'kldxref'.
Reported by: dhw
|
| |
|
|
|
|
| |
* set - ...
* empty braces
* ^ in character class
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the /etc/rc.d/nfsd script sets vfs.nfsd.server_max_nfsvers to 3.
Then, when you set nfsv4_server_enable=YES in rc.conf, and restart nfsd
via the rc.d script, without rebooting, the sysctl does *not* get reset
to max version 4, so NFSv4 still doesn't work.
Fix this by explicitly setting vfs.nfsd.server_max_nfsvers to 4 when
NFSv4 is requested.
I also added resetting of the nfs_privport sysctls, since this has the
same issue: nfs_reserved_port_only=YES in rc.conf sets the nfs_privport
sysctl to 1, but in the other case, the sysctl doesn't get reset to 0.
Reviewed by: rmacklem
Silence from: rc@
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
Variable 'rc_force' is accessible only at the time of rc_run_command,
so it can't be examined from the script's main code.
Spotted by: hrs
Reviewed by: hrs, des
Approved by: des
MFC after: 2 weeks
|
| |
|
|
|
|
|
| |
as the project itself is no legal entity
Reported by: Joe Dahl <joel@vnode.se>
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
Make sure that static ARP and NDP bindings are set before NETWORKING.
As static_ndp is based on static_arp, pass copyright to the project with
permission of the original author (delphij@).
Reviewed by: delphij@FreeBSD.org
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
| |
for interfaces which were not configured for DHCP *unless* rc_force was set;
the correct logic is to run dhclient for those interfaces *only if* rc_force
is set.
Broken by: des@
Noticed by: everybody and his dog
Submitted by: rea@
PR: bin/161733
|
