summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* o Remove screen, created by the unnecessary ofw_console(4)marcel2007-01-261-10/+4
| | | | | | | | o Remove ttyyX, created by the obsolete zs(4) o Replace ttydX by ttyuX, which is created by uart(4) o Enable ttyu0 as a console to better support the xserve. MFC after: 1 week
* Add the following knobs for quotas if they are enabled:mpp2007-01-202-3/+6
| | | | | | quotaon_flags - flags for the quotaon command quotaoff_flags - flags for the quotaoff command quotacheck_flags - flags for the quotacheck command
* Fix jail rc.d script privilege escalation via symlink attack againstsimon2007-01-111-12/+116
| | | | | | /var/log/console.log and mount points. Security: FreeBSD-SA-07:01.jail
* Re-work Cx handling to be per-cpu and asymmetrical, fixing support onnjl2007-01-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | modern dual-core systems as well. - Parse the _CST packages for each cpu and track all the states individually, on a per-cpu basis. - Revert to generic FADT/P_BLK based Cx control if the _CST package is not present on all cpus. In that case, the new driver will still support per-cpu Cx state handling. The driver will determine the highest Cx level that can be supported by all the cpus and configure the available Cx state based on that. - Fixed the case where multiple cpus in the system share the same registers for Cx state handling. To do that, added a new flag parameter to the acpi_PkgGas and acpi_bus_alloc_gas functions that enable the caller to add the RF_SHAREABLE flag. This flag could also be useful to other callers (acpi_throttle?) in the tree but this change is not yet made. - For Core Duo cpus, both cores seems to be taken out of C3 state when any one of the cores need to transition out. This broke the short sleep detection logic. It is disabled now if there is more than one cpu in the system for now as it fixed it in my case. This quirk may need to be re-enabled later differently. - Added support to control cx_lowest on a per-cpu basis. There is still a generic cx_lowest to enable changing cx_lowest for all cpus with a single sysctl and for ease of use. Sample output for the new sysctl: dev.cpu.0.cx_supported: C1/1 C2/1 C3/57 dev.cpu.0.cx_lowest: C3 dev.cpu.0.cx_usage: 0.00% 43.16% 56.83% dev.cpu.1.cx_supported: C1/1 C2/1 C3/57 dev.cpu.1.cx_lowest: C3 dev.cpu.1.cx_usage: 0.00% 45.65% 54.34% hw.acpi.cpu.cx_lowest: C3 This work was done by Stephane E. Potvin with some simple reworking by myself. Thank you. Submitted by: Stephane E. Potvin <sepotvin / videotron.ca> MFC after: 2 weeks
* Jail_ip and jail_interface local variables were renamed to _ip and _interfaceflz2007-01-021-2/+2
| | | | | | | | in a previous commit to avoid namespace collisions, unfortunately I missed two of them. This leads to the ip alias being incorrectly removed in some cases when using the stop command. Reported by: Philipp Wuensche <cryx-freebsd@h3q.com>
* o Fix a comment: refer to the write community name by the OID not bymaxim2006-12-311-1/+2
| | | | the line number which is incorrect now and probably will shift in future.
* Allow for /usr/bin/env when parsing the shebang line from anyar2006-12-311-0/+5
| | | | | | | | | | | | | | | interpreted $command. Some "portable" sofware packages use such a line to skip the task of figuring out the absolute pathname of the interpreter at install time, e.g.: #!/usr/bin/env python It is insecure, but a popular book on Python seems to have advised it to a wide audience. Hence a number of such scripts in the ports, mostly written in Python. PR: bin/100287 MFC after: 1 week
* Use $required_modules wherever suitable. Use load_kld() in specialyar2006-12-3121-234/+43
| | | | cases. So we get rid of quite a few lines of duplicated code.
* Fix a typo in a warning message.yar2006-12-311-1/+1
|
* Eliminate global symbols starting with an underscore from rc.dyar2006-12-3020-41/+74
| | | | | | | | | scripts, except for mdconfig* and jail. Such symbols are reserved for the rc.subr internals. Most scripts can be fixed by just declaring _foo symbols as local: few scripts actually need them to be global. Discussed with: dougb in freebsd-rc
* Summer of Code 2005: improve libalias - part 2 of 2piso2006-12-291-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | With the second (and last) part of my previous Summer of Code work, we get: -ipfw's in kernel nat -redirect_* and LSNAT support General information about nat syntax and some examples are available in the ipfw (8) man page. The redirect and LSNAT syntax are identical to natd, so please refer to natd (8) man page. To enable in kernel nat in rc.conf, two options were added: o firewall_nat_enable: equivalent to natd_enable o firewall_nat_interface: equivalent to natd_interface Remember to set net.inet.ip.fw.one_pass to 0, if you want the packet to continue being checked by the firewall ruleset after being (de)aliased. NOTA BENE: due to some problems with libalias architecture, in kernel nat won't work with TSO enabled nic, thus you have to disable TSO via ifconfig (ifconfig foo0 -tso). Approved by: glebius (mentor)
* Add "nojail" keyword to prevent spurious error messages.hrs2006-12-291-0/+1
| | | | | Spotted by: Keve Nagy PR: conf/107083
* MFp4:yar2006-12-271-146/+198
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement the checks for required_* objects as two functions, one to be run before precmd and the other after it. They get the current rc command as an argument so they can choose what requirement tests to perform. As of now, only "start" needs such tests. Implement a new requirement variable, required_modules. It can list kernel modules that need to be loaded after start_precmd indicated success. Each name in the list can be just "file", or "file:module", or "file~regex". This will allow us to remove a lot of duplicated code from rc.d scripts. Perform the checks not only for the default start method, but for any method. This allows for more flexibility and fixes a few rc.d scripts (namely newsyslog, pf, sendmail) that rely on a required_* variable while providing a non-default start method. To be able to call the new check_required* functions naturally, remove lots of crufty duplicated code pieces from run_rc_command and replace each of them by a call to the helper function providing a single corrected instance of the respective code snippet. Now run_rc_command isn't as scary as it used to be, and it even appears to have quite a nice logic that was obscured by the old crufty code. In the default handler for restart, run start from a subshell to protect global varibles, e.g., _postcmd, from modification by the start handler. This enables using restart_postcmd. [x] PR: conf/98734 [x] Submitted by: Rick van der Zwet <rick@wzoeterwoude.net> [x] Reviewed by: freebsd-rc (silence for an older version) MFC after: 1 month
* Add a (disabled) configuration line to enable snmp_bridge(3) module.syrinx2006-12-201-0/+6
| | | | Approved by: bz (mentor)
* Syscons cannot be stopped, so provide a no-op stop method.yar2006-12-201-0/+1
| | | | | | | The default stop method from rc.subr isn't suited for this case and produces a bogus warning: "syscons not running". Suggested by: matteo
* Improve rc.d conformance:yar2006-12-201-3/+3
| | | | | - don't play a needless trick with prestart, just use start method; - provide no-op stop method so that we don't get bogus "abi not running" error.
* Disable IPv6 configuration for interfaces in pccard_ether_start().hrs2006-12-081-8/+1
| | | | | | | | | | | | | | | | | | | After a change of devd.conf, devd(8) handles NIC attach/detach event by using /etc/pccard_ether with the interface name as the argument. This model does not work properly with IPv6 configuration because the implementation of IPv6 stateless auto-configuration in the FreeBSD rc.d scripts depends on whether there are any explicit configurations for interfaces or not. It works this way: if no manual configuration, it will perform auto-configuration, but otherwise no auto-configuration will be performed. So, this behavior can only be determined by all of the interfaces on a system, not a single one. For this reason, the network6_interface_setup() function called from the pccard_ether_start() does not work with a single interface name. And what is worse, this combination of devd.conf and pccard_ether_start() caused a bad side-effect that when ipv6_enable=YES, all of interfaces marked as DOWN would be UP unconditionally (and router solicitation was sent) just after devd(8) was invoked. This should be fixed in a more sophisticated way.
* Add a link-local address to the lo0 even when ipv6_enable="NO".hrs2006-12-081-0/+5
| | | | | | | | A kernel with INET6 always has ::1 on lo0, so in the case of ipv6_enable="NO" the lo0 can have ::1 with no link-local address. This is a violation of the IPv6 specification. As a workaround for this situation, fe80::1 is added in rc.d/auto_linklocal when lo0 has no link-local address. This should not be harmful for IPv4-only users.
* Move npe.4 to a machine specific manpage subdirectory.ru2006-12-051-0/+6
|
* - put some common code in a function handle_remount();luigi2006-12-031-38/+43
| | | | | | | | | | | | | | | | - add better checks on non-existing directories to prevent error messages at run time; - introduce a function log() to help debugging diskless booting when things don't work; - modify the parsing of diskless_remount so you can add mount_nfs options after the pathname. You could use 'remount' to do something similar, but this way is more convenient because you don't have to hardwire the server name in the command. - document the above. I have been running the above in a diskless lab since february on RELENG_6. MFC after: 1 week
* Teach find_processes() to use ${name}_chroot.flz2006-11-261-2/+2
| | | | | Obtained from: NetBSD X-MFC after: 6.2-RELEASE
* Remove leading dollar sign in rcvar command output.flz2006-11-261-2/+2
| | | | | | | | There's no dollar use in variable assignment in sh. Assuming this is can be expected behavior for some people, this change won't be MFC'ed to RELENG_6. Discussed with: yar on -rc
* Back out 1.120, it was premature.ache2006-11-121-2/+0
|
* Back out 1.122, it was poorly thought out.des2006-11-111-2/+0
|
* Back out 1.121, it was premature.des2006-11-111-12/+0
|
* Ensure that the load of rules into the alternate ruleset worked beforeceri2006-11-111-0/+6
| | | | | | | | | | loading them into the live one too. PR: conf/97311 Submitted by: David Bushong Reviewed by: silence on rc@ Approved by: ru (mentor) MFC after: 10 days
* Add share/xsl.des2006-11-101-0/+2
| | | | MFC after: 1 week
* Add locales for nb_NO and nn_NO.des2006-11-092-0/+24
| | | | Reviewed by: philip
* Add auditd_program variable to defaults, in order to make it more clearrwatson2006-11-061-0/+1
| | | | | | | | how to change the auditd instance. When using a port/package-based OpenBSM, changing the auditd pointer may be desirable. Obtained from: TrustedBSD Project MFC after: 3 weeks
* Switch default proto to TCP.obrien2006-11-061-1/+1
|
* Hook up gjournal bits to the build.pjd2006-10-311-0/+2
| | | | Sponsored by: home.pl
* Bind to INADDR_ANY in the default configuration. This makes bsnmpd(1)harti2006-10-311-3/+1
| | | | | | | automatically work on multi-homed hosts and without explicite specification of the hostname in the config file. Submitted by: jmg
* Do not try to rtsol on pflog or pfsync devices.mlaier2006-10-291-1/+1
|
* Give rc.firewall a polish and a new method.phk2006-10-282-16/+117
| | | | | | | | | | | | Factor out the loopback setup Use "me" instead of hardcoded $ip where possible. Add "workstation" which protects just this machine with stateful firewalling. Put the variables for this in rc.conf. Submitted by: Flemming Jacobsen <fj@batmule.dk> Reviewed by: cperciva
* Re-sync'ing pf rules in post command as we already did for ipfilter.avatar2006-10-261-1/+2
| | | | | | | | With this patch, pf rules with dynamically created devices such like tun0 works without further intervention. Reviewed by: mlaier MFC after: 3 days
* Synchronize pf.os with OpenBSD.delphij2006-10-231-27/+71
| | | | | | Obtained from: OpenBSD MFC After: 3 days Approved by: mlaier (maintainer)
* Suppress a spurious warning message when a kernel without INET6 ishrs2006-10-221-1/+1
| | | | | | | | used. Spotted by: ru Reviewed by: ume MFC after: 3 days
* Add 'reload' to the list of available commands for the amd rc.d script.flz2006-10-181-0/+1
| | | | | | PR: conf/104507 Submitted by: Douglas K. Rand <rand@meridian-enviro.com> MFC after: 3 days
* Improve cleartmp in a number of aspects:yar2006-10-161-36/+37
| | | | | | | | | | | | | | | + Use rc.subr(8) features properly. + Do the whole job of obliterating /tmp contents in find(1). + Leave lost+found and quota.{user,group} in /tmp only if root-owned. + Make the overall structure clearer by first removing the X dirs (perhaps along with the rest of /tmp) and then re-creating them. + Use "find -exec rm -rf {} +" for efficiency: each rm instance gets a chance to kill as much files in /tmp as ARG_MAX permits. PR: bin/104044 Submitted by: Andrey Simonenko <see PR for email> Hacked by: yar MFC after: 1 month
* Add idmapd_flags to defaults/rc.conf.ceri2006-10-151-0/+1
| | | | Document it and idmapd_enable.
* RC script for idmapd(8), defaulting to off.ceri2006-10-153-1/+20
|
* Replace duplicate and not quite accurate capabilitiesru2006-10-141-27/+1
| | | | | | description with a reference to the disktab(5) manpage. PR: doc/48105
* Revert the default value of net.inet6.ip6.auto_linklocal to 1.ume2006-10-131-2/+8
| | | | | | | | If ipv6_enable is not set to "YES", net.inet6.ip6.auto_linklocal is turned to 0 at boot. Discussed with: re@, gnn@ MFC after: 3 days
* Fix a regression: let natd load libalias modules before /usr is mountedpiso2006-10-081-7/+7
| | | | | | | renaming /lib/libalias_*.so.4 to /lib/libalias_*.so. Approved by: glebius Reviewed by: glebius, ru
* Restore the behavior that net.inet6.ip6.auto_linklocal=0 couldume2006-10-073-5/+19
| | | | | | be coexist with ipv6_enable="YES". MFC after: 3 days
* Introduce mixer_enable (default: YES).flz2006-10-062-0/+2
| | | | | | | | PR: conf/101268 Submitted by: Eugene Grosbein <eugen@grosbein.pp.ru> Approved by: cperciva (mentor) X-MFC after: 6.2-RELEASE Sponsored by: FreeBSD Test-Bugathon
* A GEOM cache can speed up read performance by sending fixed sizeru2006-10-061-0/+2
| | | | | | | | | | read requests to its consumer. It has been developed to address the problem of a horrible read performance of a 64k blocksize FS residing on a RAID3 array with 8 data components, where a single disk component would only get 8k read requests, thus effectively killing disk performance under high load. Documentation will be provided later. I'd like to thank Vsevolod Lobko for his bright ideas, and Pawel Jakub Dawidek for helping me fix the nasty bug.
* Pull in /etc/rc.conf.d/network so that ifconfig_<if> variables can bebrooks2006-10-021-0/+1
| | | | | | | | set there. This is required for consistency with /etc/rc.d/netif. PR: conf/103893 Submitted by: Nick Hibma <nick at anywi.com> MFC after: 3 days
* Turn off automatic link local address if ipv6_enable is not set to YESgnn2006-10-021-0/+4
| | | | | | | in rc.conf Reviewed by: KAME core team, cperciva MFC after: 3 days
* debug() shouldn't misidentify itself to logger(1).yar2006-10-021-1/+1
| | | | Noticed by: David Thompson <dat1965 yahoo com>
OpenPOWER on IntegriCloud