summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* Don't attempt to delete .sujournal in /tmpeadler2012-05-301-0/+1
| | | | | | | PR: conf/163828 Submitted by: Tatsuki Makino <tatsuki_makino@hotmail.com> Approved by: cperciva MFC after: 1 week
* - FreeBSD ships a KDE PAM module in base, but it's missing support for ↵miwi2012-05-302-20/+0
| | | | | | | | | | | passwordless login (kde-np), and it doesn't really belong in base system. PR: misc/167261 Submitted by: avilla@ Approved by: rwatson (mentor) MFC after: 3 days
* Regenerate usb.confhselasky2012-05-211-5/+13
| | | | MFC after: 3 days
* Add support for our own DTrace scripts and those from the DTraceToolkitgnn2012-05-181-0/+4
| | | | | | | | to the build system. FreeBSD written scripts are stored in src/share and the toolkit scripts are brought from the cddl directory into a working tree via install. MFC after: 2 weeks
* Import work done under project/nand (@235533) into head.gber2012-05-171-0/+4
| | | | | | | | | | | | | | The NAND Flash environment consists of several distinct components: - NAND framework (drivers harness for NAND controllers and NAND chips) - NAND simulator (NANDsim) - NAND file system (NAND FS) - Companion tools and utilities - Documentation (manual pages) This work is still experimental. Please use with caution. Obtained from: Semihalf Supported by: FreeBSD Foundation, Juniper Networks
* Submitted by: gavin, pjdeadler2012-05-091-2/+2
| | | | | Approved by: cperciva MFC after: 3 days
* Display dropped transmit packets in the daily network interface output.jhb2012-05-071-2/+2
| | | | | | PR: conf/165956 Submitted by: Jeremy Chadwick MFC after: 1 week
* - Change kfd rc script to be more conformant with rcNG conventions:stas2012-05-062-9/+7
| | | | | | | | | | o change rcname to kfd; o move mandatory options to command_args; o add missing "shutdown" keyword; o fix require line. Kfd doesn't really need to be started before daemons. Suggested by: dougb
* - Don't log messages saying that accounting is being disabled and enabledjhb2012-05-021-3/+1
| | | | | | | | | | if the accounting log file is atomically replaced with a new file (such as during log rotation). - Simplify accounting log rotation a bit. There is no need to re-run accton(8) after renaming the new log file to it's real name. PR: kern/167321 Tested by: Jeremy Chadwick
* Upgrade our copy of llvm/clang to trunk r154661, in preparation of thedim2012-04-161-1/+1
| | | | | | | upcoming 3.1 release (expected in a few weeks). Preliminary release notes can be found at: <http://llvm.org/docs/ReleaseNotes.html> MFC after: 2 weeks
* - remove the length shortening on the patheadler2012-04-111-6/+5
| | | | | | | | | | - make the default prompt a bit more like scp - make the user show as root even when using 'su' instead of 'su -' - the key bindings didn't hurt anything but likely hide a bug - merge history instead of overwriting it Submitted by: gavin, joel Approved by: cperciva
* - Add rc.d script for kfd, kerberos forwarded tickets daemon.stas2012-04-103-0/+22
|
* Add MySQL port 3306ivoras2012-03-261-0/+2
| | | | | Obtained from: http://www.iana.org/assignments/port-numbers MFC after: 1 week
* Fix build by adding new directory to mtree in r233429eadler2012-03-241-0/+2
| | | | | | Submitted by: flo Approved by: cperciva MFC after: 1 week
* - Make the default values for tcsh more user friendlyeadler2012-03-241-6/+18
| | | | | | | | | - Add an examples file with many of the not accepted suggestions from the discussion PR: conf/160689 Reviewed by: many Discussed on: current Approved by: cperciva
* Clean up of fs/fifofs include directory after fifo.h removal.pluknet2012-03-231-2/+0
| | | | Glanced by: kib
* - Update FreeBSD Heimdal distribution to version 1.5.1. This also bringsstas2012-03-221-0/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | several new kerberos related libraries and applications to FreeBSD: o kgetcred(1) allows one to manually get a ticket for a particular service. o kf(1) securily forwards ticket to another host through an authenticated and encrypted stream. o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1) and other user kerberos operations. klist and kswitch are just symlinks to kcc(1) now. o kswitch(1) allows you to easily switch between kerberos credentials if you're running KCM. o hxtool(1) is a certificate management tool to use with PKINIT. o string2key(1) maps a password into key. o kdigest(8) is a userland tool to access the KDC's digest interface. o kimpersonate(8) creates a "fake" ticket for a service. We also now install manpages for some lirbaries that were not installed before, libheimntlm and libhx509. - The new HEIMDAL version no longer supports Kerberos 4. All users are recommended to switch to Kerberos 5. - Weak ciphers are now disabled by default. To enable DES support (used by telnet(8)), use "allow_weak_crypto" option in krb5.conf. - libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings disabled due to the function they use (krb5_get_err_text(3)) being deprecated. I plan to work on this next. - Heimdal's KDC now require sqlite to operate. We use the bundled version and install it as libheimsqlite. If some other FreeBSD components will require it in the future we can rename it to libbsdsqlite and use for these components as well. - This is not a latest Heimdal version, the new one was released while I was working on the update. I will update it to 1.5.2 soon, as it fixes some important bugs and security issues.
| * - Import Heimdal 1.5 distribution.stas2011-10-054-49/+140
| |
| * - Flatten the vendor heimdal tree.stas2011-09-293-0/+692
|
* Rotate auth.log and messages at the beginning of a year. Otherwise,glebius2012-03-191-2/+2
| | | | | daily security checks 800.loginfail and 900.tcpwrap may produce false positive alerts.
* Regenerate usb.conf to use new -n option when doing kldload.hselasky2012-03-181-539/+539
| | | | MFC after: 1 week
* Unhide /dev/zfs in devfsrules_jail.mm2012-03-161-0/+1
| | | | | | | The /dev/zfs device is required for managing jailed ZFS datasets. Discussed with: pjd, jamie MFC after: 1 week
* Make init(8) slightly more robust when /dev/console is missing.ed2012-03-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | If the environment doesn't offer a working /dev/console, the existing version of init(8) will simply refuse running rc(8) scripts. This means you'll only have a system running init(8) and nothing else. Change the code to do the following: - Open /dev/console like we used to do, but make it more robust to use O_NONBLOCK to prevent blocking on a carrier. - If this fails, use /dev/null as stdin and /var/log/init.log as stdout and stderr. - If even this fails, use /dev/null as stdin, stdout and stderr. So why us this useful? Well, if you remove the `getpid() == 1' check in main(), you can now use init(8) inside jails to properly execute rc(8). It still requires some polishing, as existing tools assume init(8) has PID 1. Also it is now possible to use use init(8) on `headless' devices that don't even have a serial boot console.
* Hide stty(1) errors.ed2012-03-142-2/+2
| | | | | | | | | | | | If rc(8) is executed without using a TTY, this error appears at the beginning: stty: stdin isn't a terminal Because this is to be expected and of course not harmful, it is better to simply hide the error message. MFC after: 1 week
* Rather than printing the output from route add for all FIBs just print thembz2012-03-041-16/+30
| | | | | | | | | for the default FIB followed by a statement with a list of FIB numbers for all the other FIBs we install the routes for. Request by: kib (to make it less noisy) Tested by: kib MFC after: 3 days
* Reapply 227753 (xlocale cleanup), plus some fixes so that it passes buildtheraven2012-03-041-0/+2
| | | | | | universe with gcc. Approved by: dim (mentor)
* Add backlight control to ATI-graphics PowerBooks and iBooks.jhibbits2012-02-261-0/+20
| | | | | Approved by: nwhitehorn (mentor) MFC after: 1 week
* Put the signal trap output to standard error instead of standard output.delphij2012-02-181-3/+3
| | | | | | | | | | | Without this change, pressing ^T could result in rc.d script putting junk strings like: Script <filename> running in configuration files when redirecting standard output to these files. MFC after: 2 weeks
* Increase the default shutdown timer to 90 seconds. This will allowdougb2012-02-171-1/+1
| | | | | | | | | certain systems that take a long time to shut down, without adversely affecting things that shut down quickly. It's also 30 seconds less than the default hard limit of 120 seconds in kern.init_shutdown_timeout. PR: conf/109272 Submitted by: Radim Kolar SF.NET <hsn@sendmail.cz>
* Merge multi-FIB IPv6 support from projects/multi-fibv6/head/:bz2012-02-171-5/+21
| | | | | | | | | | | | Extend the so far IPv4-only support for multiple routing tables (FIBs) introduced in r178888 to IPv6 providing feature parity. This includes an extended rtalloc(9) KPI for IPv6, the necessary adjustments to the network stack, and user land support as in netstat. Sponsored by: Cisco Systems, Inc. Reviewed by: melifaro (basically) MFC after: 10 days
* Style: prefer the use of line continuations to +=eadler2012-02-171-42/+42
| | | | | | Requested by: marcel, dougb, bde Approved by: cperciva MFC after: 3 days
* Revert r231673 and r231682 for now, until we can run a full makedim2012-02-141-2/+0
| | | | | | universe with them. Sorry for the breakage. Pointy hat to: me and brooks
* Cleanup of xlocale:theraven2012-02-141-0/+2
| | | | | | | | | | | | | | | | - Address performance regressions encountered by das@ by caching per-thread data in TLS where available. - Add a __NO_TLS flag to cdefs.h to indicate where not available. - Reorganise the xlocale.h definitions into xlocale/*.h so that they can be included from multiple places. - Export the POSIX2008 subset of xlocale when POSIX2008 says it should be exported, independently of whether xlocale.h is included. - Fix the bug where programs using ctype functions always assumed ASCII unless recompiled. - Fix some style(9) violations. Reviewed by: brooks (mentor) Approved by: dim (mentor)
* Fix various issues with the NFS and RPC related scripts:dougb2012-02-1415-148/+68
| | | | | | | | | | | | | | | | | | | 1. Add new functionality to the force_depend method to incorporate the tests for whether the service is enabled and/or already running. 2. Add a new option to bypass checking only that the service is enabled at boot time, and always check if it is running. 3. Use this new functionality to greatly simplify the rc.d scripts that use force_depend. 4. Add a force_depend for statd in lockd 5. Remove the check that either nfs_server or nfs_client is _enable'd from statd and lockd. This was always overkill, and prevented using the {one|force}start options, as well as stop'ing on the command line. 6. The yp* scripts had some of their arguments in various weird orders. Bring them into line with the model. 7. If mountd fails to create /var/db/mountdtab, err out. Ideas, suggestions, and/or review from delphij and jilles. Pointy hats are completely my responsibility however.
* Re-generate /etc/devd/usb.confhselasky2012-02-131-6/+15
| | | | MFC after: 1 day
* start watchdogd before most of other daemons/serversavg2012-02-122-2/+2
| | | | | | | | | The main benefit is that watchdogd would shutdown after most of other daemons/servers and thus, for example, would remedy a system hang caused by unlucky X server shutdown. Reviewed by: dougb (earlier version) MFC after: 2 weeks
* Avoid using BEFORE in the utx rc script.ed2012-02-122-2/+1
| | | | Requested by: dougb
* Move utmpx handling out of init(8).ed2012-02-113-2/+23
| | | | | | | | | | | | | | | | | This has the following advantages: - During boot, the BOOT_TIME record is now written right after the file systems become writable, but before users are allowed to log in. This means that they can't cause `hidden logins' by logging in right before init(8) kicks in. - The pututxline(3) function may potentially block on file locking, though this is very rare to occur. By placing it in an rc script, the user can still kill it with ^C if needed. - Most importantly: jails don't use init(8). This means that a force reboot of a system running jails will leave stale entries in the accounting database of the jails individually.
* In the days before r208307 addswap was running early in the second stagedougb2012-02-112-2/+2
| | | | | | | | of rcorder. Somehow in the intervening period addswap got moved to the very end, which is almost certainly not what we want. This change moves it to right after kld so that for users who need it, they'll get it ASAP.
* Make etc/Makefile more conflict resistanteadler2012-02-091-12/+42
| | | | | | | PR: conf/163789 Submitted by: gcooper (iXsystems) Approved by: cperciva MFC after: 3 days
* Revert r211288 and move the logic to the acpi_timer itself.jkim2012-02-082-18/+0
|
* As it stands right now, the default devfs rulesets are only loaded as adougb2012-02-082-1/+3
| | | | | | | | | side effect of something else using them. If they haven't been loaded already but you want to use them, say for configuring a jail, you're out of luck. So add a knob to always load the default rulesets. While I'm here document the other devfs_ knobs in rc.conf.5.
* Add an option to 404.status-zfs (enabled by default) to list allgjb2012-02-082-4/+14
| | | | | | | | | | | | | zfs pools on the system. While here, document daily_status_zfs_enable in periodic.conf(5). Discussed on: -fs [1] Reviewed by: netchild [1] Approved by: jhb MFC after: 1 week [1] - http://lists.freebsd.org/pipermail/freebsd-fs/2011-June/011869.html
* Fix $ipv6_network_interfaces handling in rc.d/routing. It could fail whenhrs2012-02-041-2/+4
| | | | | | it was set to "auto", for example. MFC after: 3 days
* Perform IPv6 DAD only in ifn_start.hrs2012-01-291-2/+4
|
* Remove the notify match from a couple devd apple events, the events don'tjhibbits2012-01-281-2/+0
| | | | | | | include notify tags. Approved by: nwhitehorn (mentor) MFC after: 3 days
* Fix several glitches in IPv6-related knobs:hrs2012-01-222-6/+28
| | | | | | | | | | | | | | - ipv6_enable + ipv6_gateway_enable should unset ACCEPT_RTADV by default for backward compatibility. - Configurations in ipv6_prefix_IF should be recognized even if there is no ifconfig_IF_ipv6. - DAD wait should be performed at once, not on a per-interface basis, if possible. This fixes an issue that a system with a lot of IPv6-capable interfaces takes too long for booting. MFC after: 1 week
* When creating the jails /dev/log symlink, do it by full path to avoidbrooks2012-01-201-4/+1
| | | | | | | | | | creating stray "log" symlinks if the mount fails. That apparently happens in some ezjail configs. PR: conf/143084 Submitted by: Dirk Engling <erdgeist at erdgeist.org> Reviewed by: simon MFC after: 2 weeks
* /etc/netstart: remove invocation of dhclientrea2012-01-201-1/+0
| | | | | | | | dhclient is no longer a real service, it is a helper script for /etc/rc.d/netif and devd. Its direct invocation isn't needed to bring the network up. Approved by: jhb
* dhclient: don't use syslog for logging non-DHCP interface errorsrea2012-01-201-2/+2
| | | | | | We should show the error to user, but it doesn't deserve syslog. Approved by: jhb
OpenPOWER on IntegriCloud