summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* First cut at GEOM based multipath. This is an active/passive{/passive...}mjacob2007-02-271-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | arrangement that has no intrinsic internal knowledge of whether devices it is given are truly multipath devices. As such, this is a simplistic approach, but still a useful one. The basic approach is to (at present- this will change soon) use camcontrol to find likely identical devices and and label the trailing sector of the first one. This label contains both a full UUID and a name. The name is what is presented in /dev/multipath, but the UUID is used as a true distinguishor at g_taste time, thus making sure we don't have chaos on a shared SAN where everyone names their data multipath as "Fred". The first of N identical devices (and N *may* be 1!) becomes the active path until a BIO request is failed with EIO or ENXIO. When this occurs, the active disk is ripped away and the next in a list is picked to (retry and) continue with. During g_taste events new disks that meet the match criteria for existing multipath geoms get added to the tail end of the list. Thus, this active/passive setup actually does work for devices which go away and come back, as do (now) mpt(4) and isp(4) SAN based disks. There is still a lot to do to improve this- like about 5 of the 12 recommendations I've received about it, but it's been functional enough for a while that it deserves a broader test base. Reviewed by: pjd Sponsored by: IronPort Systems MFC: 2 months
* Only match on log messages containing fail,invalid,remko2007-02-231-1/+1
| | | | | | | | | | bad or illegal. This prevents matching on systems that have a name that matches the query. PR: conf/107560 Submitted by: Christian Laursen <cfsl at pil dot dk> MFC after: 3 days Approved by: imp (mentor)
* Move to the preferred syntax for nice (-n) insteadremko2007-02-231-1/+1
| | | | | | | | of the depricated one. PR: conf/108611 Submitted by: TAOKA Fumiyoshi <fmysh at iijmio-mail dot jp> Approved by: imp (mentor)
* fix comment about what pnpinfo is setimp2007-02-151-1/+2
|
* pkill(1) and pgrep(1) have been moved to /bin so that they areyar2007-02-151-3/+3
| | | | available to rc.d scripts early in the boot sequence.
* Don't be paranoid about hostname(1) and order the things logically.yar2007-02-151-1/+1
| | | | Pointed out by: ceri
* Don't nag about unset $hostname if DHCP is in use.yar2007-02-151-1/+6
| | | | Pointed out by: ceri
* Add some entries to log unknown devices, based on the bus they appearjoerg2007-02-141-0/+30
| | | | | | | on. Some things appear to be completely missing though, like the USB vendor and product strings.
* Handle the case when the admin forgot to set $hostname,yar2007-02-101-1/+10
| | | | | which can happen in new installations: advise to set the variable and refer to rc.conf(5).
* Add support for EtherChannel configuration to rc startup scripts.flz2007-02-093-11/+81
| | | | | | | | | | Note: This also deprecates "NO" as a way to specify an empty list of interfaces for gif_interfaces. PR: conf/104884 Submitted by: nork Harassed by: brd Discussed with: brooks, dougb
* Use egrep instead of grep so that reporting of login failures (brokenjdp2007-02-051-1/+1
| | | | | by revision 1.6) works again. This fix is already in RELENG_6, but was never committed to HEAD.
* o Remove screen, created by the unnecessary ofw_console(4)marcel2007-01-261-10/+4
| | | | | | | | o Remove ttyyX, created by the obsolete zs(4) o Replace ttydX by ttyuX, which is created by uart(4) o Enable ttyu0 as a console to better support the xserve. MFC after: 1 week
* Add the following knobs for quotas if they are enabled:mpp2007-01-202-3/+6
| | | | | | quotaon_flags - flags for the quotaon command quotaoff_flags - flags for the quotaoff command quotacheck_flags - flags for the quotacheck command
* Fix jail rc.d script privilege escalation via symlink attack againstsimon2007-01-111-12/+116
| | | | | | /var/log/console.log and mount points. Security: FreeBSD-SA-07:01.jail
* Re-work Cx handling to be per-cpu and asymmetrical, fixing support onnjl2007-01-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | modern dual-core systems as well. - Parse the _CST packages for each cpu and track all the states individually, on a per-cpu basis. - Revert to generic FADT/P_BLK based Cx control if the _CST package is not present on all cpus. In that case, the new driver will still support per-cpu Cx state handling. The driver will determine the highest Cx level that can be supported by all the cpus and configure the available Cx state based on that. - Fixed the case where multiple cpus in the system share the same registers for Cx state handling. To do that, added a new flag parameter to the acpi_PkgGas and acpi_bus_alloc_gas functions that enable the caller to add the RF_SHAREABLE flag. This flag could also be useful to other callers (acpi_throttle?) in the tree but this change is not yet made. - For Core Duo cpus, both cores seems to be taken out of C3 state when any one of the cores need to transition out. This broke the short sleep detection logic. It is disabled now if there is more than one cpu in the system for now as it fixed it in my case. This quirk may need to be re-enabled later differently. - Added support to control cx_lowest on a per-cpu basis. There is still a generic cx_lowest to enable changing cx_lowest for all cpus with a single sysctl and for ease of use. Sample output for the new sysctl: dev.cpu.0.cx_supported: C1/1 C2/1 C3/57 dev.cpu.0.cx_lowest: C3 dev.cpu.0.cx_usage: 0.00% 43.16% 56.83% dev.cpu.1.cx_supported: C1/1 C2/1 C3/57 dev.cpu.1.cx_lowest: C3 dev.cpu.1.cx_usage: 0.00% 45.65% 54.34% hw.acpi.cpu.cx_lowest: C3 This work was done by Stephane E. Potvin with some simple reworking by myself. Thank you. Submitted by: Stephane E. Potvin <sepotvin / videotron.ca> MFC after: 2 weeks
* Jail_ip and jail_interface local variables were renamed to _ip and _interfaceflz2007-01-021-2/+2
| | | | | | | | in a previous commit to avoid namespace collisions, unfortunately I missed two of them. This leads to the ip alias being incorrectly removed in some cases when using the stop command. Reported by: Philipp Wuensche <cryx-freebsd@h3q.com>
* o Fix a comment: refer to the write community name by the OID not bymaxim2006-12-311-1/+2
| | | | the line number which is incorrect now and probably will shift in future.
* Allow for /usr/bin/env when parsing the shebang line from anyar2006-12-311-0/+5
| | | | | | | | | | | | | | | interpreted $command. Some "portable" sofware packages use such a line to skip the task of figuring out the absolute pathname of the interpreter at install time, e.g.: #!/usr/bin/env python It is insecure, but a popular book on Python seems to have advised it to a wide audience. Hence a number of such scripts in the ports, mostly written in Python. PR: bin/100287 MFC after: 1 week
* Use $required_modules wherever suitable. Use load_kld() in specialyar2006-12-3121-234/+43
| | | | cases. So we get rid of quite a few lines of duplicated code.
* Fix a typo in a warning message.yar2006-12-311-1/+1
|
* Eliminate global symbols starting with an underscore from rc.dyar2006-12-3020-41/+74
| | | | | | | | | scripts, except for mdconfig* and jail. Such symbols are reserved for the rc.subr internals. Most scripts can be fixed by just declaring _foo symbols as local: few scripts actually need them to be global. Discussed with: dougb in freebsd-rc
* Summer of Code 2005: improve libalias - part 2 of 2piso2006-12-291-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | With the second (and last) part of my previous Summer of Code work, we get: -ipfw's in kernel nat -redirect_* and LSNAT support General information about nat syntax and some examples are available in the ipfw (8) man page. The redirect and LSNAT syntax are identical to natd, so please refer to natd (8) man page. To enable in kernel nat in rc.conf, two options were added: o firewall_nat_enable: equivalent to natd_enable o firewall_nat_interface: equivalent to natd_interface Remember to set net.inet.ip.fw.one_pass to 0, if you want the packet to continue being checked by the firewall ruleset after being (de)aliased. NOTA BENE: due to some problems with libalias architecture, in kernel nat won't work with TSO enabled nic, thus you have to disable TSO via ifconfig (ifconfig foo0 -tso). Approved by: glebius (mentor)
* Add "nojail" keyword to prevent spurious error messages.hrs2006-12-291-0/+1
| | | | | Spotted by: Keve Nagy PR: conf/107083
* MFp4:yar2006-12-271-146/+198
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement the checks for required_* objects as two functions, one to be run before precmd and the other after it. They get the current rc command as an argument so they can choose what requirement tests to perform. As of now, only "start" needs such tests. Implement a new requirement variable, required_modules. It can list kernel modules that need to be loaded after start_precmd indicated success. Each name in the list can be just "file", or "file:module", or "file~regex". This will allow us to remove a lot of duplicated code from rc.d scripts. Perform the checks not only for the default start method, but for any method. This allows for more flexibility and fixes a few rc.d scripts (namely newsyslog, pf, sendmail) that rely on a required_* variable while providing a non-default start method. To be able to call the new check_required* functions naturally, remove lots of crufty duplicated code pieces from run_rc_command and replace each of them by a call to the helper function providing a single corrected instance of the respective code snippet. Now run_rc_command isn't as scary as it used to be, and it even appears to have quite a nice logic that was obscured by the old crufty code. In the default handler for restart, run start from a subshell to protect global varibles, e.g., _postcmd, from modification by the start handler. This enables using restart_postcmd. [x] PR: conf/98734 [x] Submitted by: Rick van der Zwet <rick@wzoeterwoude.net> [x] Reviewed by: freebsd-rc (silence for an older version) MFC after: 1 month
* Add a (disabled) configuration line to enable snmp_bridge(3) module.syrinx2006-12-201-0/+6
| | | | Approved by: bz (mentor)
* Syscons cannot be stopped, so provide a no-op stop method.yar2006-12-201-0/+1
| | | | | | | The default stop method from rc.subr isn't suited for this case and produces a bogus warning: "syscons not running". Suggested by: matteo
* Improve rc.d conformance:yar2006-12-201-3/+3
| | | | | - don't play a needless trick with prestart, just use start method; - provide no-op stop method so that we don't get bogus "abi not running" error.
* Disable IPv6 configuration for interfaces in pccard_ether_start().hrs2006-12-081-8/+1
| | | | | | | | | | | | | | | | | | | After a change of devd.conf, devd(8) handles NIC attach/detach event by using /etc/pccard_ether with the interface name as the argument. This model does not work properly with IPv6 configuration because the implementation of IPv6 stateless auto-configuration in the FreeBSD rc.d scripts depends on whether there are any explicit configurations for interfaces or not. It works this way: if no manual configuration, it will perform auto-configuration, but otherwise no auto-configuration will be performed. So, this behavior can only be determined by all of the interfaces on a system, not a single one. For this reason, the network6_interface_setup() function called from the pccard_ether_start() does not work with a single interface name. And what is worse, this combination of devd.conf and pccard_ether_start() caused a bad side-effect that when ipv6_enable=YES, all of interfaces marked as DOWN would be UP unconditionally (and router solicitation was sent) just after devd(8) was invoked. This should be fixed in a more sophisticated way.
* Add a link-local address to the lo0 even when ipv6_enable="NO".hrs2006-12-081-0/+5
| | | | | | | | A kernel with INET6 always has ::1 on lo0, so in the case of ipv6_enable="NO" the lo0 can have ::1 with no link-local address. This is a violation of the IPv6 specification. As a workaround for this situation, fe80::1 is added in rc.d/auto_linklocal when lo0 has no link-local address. This should not be harmful for IPv4-only users.
* Move npe.4 to a machine specific manpage subdirectory.ru2006-12-051-0/+6
|
* - put some common code in a function handle_remount();luigi2006-12-031-38/+43
| | | | | | | | | | | | | | | | - add better checks on non-existing directories to prevent error messages at run time; - introduce a function log() to help debugging diskless booting when things don't work; - modify the parsing of diskless_remount so you can add mount_nfs options after the pathname. You could use 'remount' to do something similar, but this way is more convenient because you don't have to hardwire the server name in the command. - document the above. I have been running the above in a diskless lab since february on RELENG_6. MFC after: 1 week
* Teach find_processes() to use ${name}_chroot.flz2006-11-261-2/+2
| | | | | Obtained from: NetBSD X-MFC after: 6.2-RELEASE
* Remove leading dollar sign in rcvar command output.flz2006-11-261-2/+2
| | | | | | | | There's no dollar use in variable assignment in sh. Assuming this is can be expected behavior for some people, this change won't be MFC'ed to RELENG_6. Discussed with: yar on -rc
* Back out 1.120, it was premature.ache2006-11-121-2/+0
|
* Back out 1.122, it was poorly thought out.des2006-11-111-2/+0
|
* Back out 1.121, it was premature.des2006-11-111-12/+0
|
* Ensure that the load of rules into the alternate ruleset worked beforeceri2006-11-111-0/+6
| | | | | | | | | | loading them into the live one too. PR: conf/97311 Submitted by: David Bushong Reviewed by: silence on rc@ Approved by: ru (mentor) MFC after: 10 days
* Add share/xsl.des2006-11-101-0/+2
| | | | MFC after: 1 week
* Add locales for nb_NO and nn_NO.des2006-11-092-0/+24
| | | | Reviewed by: philip
* Add auditd_program variable to defaults, in order to make it more clearrwatson2006-11-061-0/+1
| | | | | | | | how to change the auditd instance. When using a port/package-based OpenBSM, changing the auditd pointer may be desirable. Obtained from: TrustedBSD Project MFC after: 3 weeks
* Switch default proto to TCP.obrien2006-11-061-1/+1
|
* Hook up gjournal bits to the build.pjd2006-10-311-0/+2
| | | | Sponsored by: home.pl
* Bind to INADDR_ANY in the default configuration. This makes bsnmpd(1)harti2006-10-311-3/+1
| | | | | | | automatically work on multi-homed hosts and without explicite specification of the hostname in the config file. Submitted by: jmg
* Do not try to rtsol on pflog or pfsync devices.mlaier2006-10-291-1/+1
|
* Give rc.firewall a polish and a new method.phk2006-10-282-16/+117
| | | | | | | | | | | | Factor out the loopback setup Use "me" instead of hardcoded $ip where possible. Add "workstation" which protects just this machine with stateful firewalling. Put the variables for this in rc.conf. Submitted by: Flemming Jacobsen <fj@batmule.dk> Reviewed by: cperciva
* Re-sync'ing pf rules in post command as we already did for ipfilter.avatar2006-10-261-1/+2
| | | | | | | | With this patch, pf rules with dynamically created devices such like tun0 works without further intervention. Reviewed by: mlaier MFC after: 3 days
* Synchronize pf.os with OpenBSD.delphij2006-10-231-27/+71
| | | | | | Obtained from: OpenBSD MFC After: 3 days Approved by: mlaier (maintainer)
* Suppress a spurious warning message when a kernel without INET6 ishrs2006-10-221-1/+1
| | | | | | | | used. Spotted by: ru Reviewed by: ume MFC after: 3 days
* Add 'reload' to the list of available commands for the amd rc.d script.flz2006-10-181-0/+1
| | | | | | PR: conf/104507 Submitted by: Douglas K. Rand <rand@meridian-enviro.com> MFC after: 3 days
* Improve cleartmp in a number of aspects:yar2006-10-161-36/+37
| | | | | | | | | | | | | | | + Use rc.subr(8) features properly. + Do the whole job of obliterating /tmp contents in find(1). + Leave lost+found and quota.{user,group} in /tmp only if root-owned. + Make the overall structure clearer by first removing the X dirs (perhaps along with the rest of /tmp) and then re-creating them. + Use "find -exec rm -rf {} +" for efficiency: each rm instance gets a chance to kill as much files in /tmp as ARG_MAX permits. PR: bin/104044 Submitted by: Andrey Simonenko <see PR for email> Hacked by: yar MFC after: 1 month
OpenPOWER on IntegriCloud