| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Update FreeBSD version in:
- UPDATING
- sys/conf/newvers.sh
- Add 11.0 FreeBSD version for manual pages
- Bump __FreeBSD_version to 1100000
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
command line options. The "jail_<jname>_*" rc.conf(5) variables for
per-jail configuration are automatically converted to
/var/run/jail.<jname>.conf before the jail(8) utility is invoked.
This is transparently backward compatible.
- Fix a minor bug in jail(8) which prevented it from returning false
when jail -r failed.
Approved by: re (glebius)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
is ignored except for "rc.d/netif vnet{up,down} ifn" because a jail is
usually created after interface initialization on boot time.
"rc.d/netif vnetup ifn" moves ifn into the specified jail. It is
designed to be used in other scripts like rc.d/jail, not automatically
invoked during the interface initialization.
Approved by: re (kib)
|
| | |
| |
| |
| |
| |
| | |
script to info.
Approved by: re (gjb)
|
| | |
| |
| |
| | |
Approved by: re (kib)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
noafif() is true. The following warning message was displayed when
pflog0 interface existed, for example:
ifconfig: ioctl(SIOCGIFINFO_IN6): Protocol family not supported
Reported by: bz
Approved by: re (gjb)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
as "epair0" in $cloned_interfaces and "epair0[ab]" in the others in
rc.conf like the following:
cloned_interfaces="epair0"
ifconfig_epair0a="inet 192.168.1.1/24"
ifconfig_epair0b="inet 192.168.2.1/24"
/etc/rc.d/netif now accepts both "netif start epair0" and "netif start
epair0a".
Approved by: re (kib)
|
| | |
| |
| |
| |
| |
| | |
Approved by: re (glebius)
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| |
| | |
iterated if present, and remove a stray .endif.
Approved by: re (gjb)
|
| | |
| |
| |
| |
| |
| | |
affect 'make universe'.
Approved by: re (gjb)
|
| | |
| |
| |
| | |
Approved by: re (gjb)
|
| | |
| |
| |
| | |
Approved by: re (gjb)
|
| | |
| |
| |
| |
| |
| |
| | |
add it to the set of INDEX files built by portsnap.
Approved by: re (marius), portmgr (erwin)
MFC after: 3 days
|
| | |
| |
| |
| | |
Approved by: re (blanket)
|
| | |
| |
| |
| | |
Approved by: re (blanket)
|
| | |
| |
| |
| | |
Approved by: re (blanket)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
generates a configuration suitable for running unbound as a caching
forwarding resolver, and configures resolvconf(8) to update unbound's
list of forwarders in addition to /etc/resolv.conf. The initial list
is taken from the existing resolv.conf, which is rewritten to point to
localhost. Alternatively, a list of forwarders can be provided on the
command line.
To assist this script, add an rc.subr command called "enabled" which
does nothing except return 0 if the service is enabled and 1 if it is
not, without going through the usual checks. We should consider doing
the same for "status", which is currently pointless.
Add an rc script for unbound, called local_unbound. If there is no
configuration file, the rc script runs local-unbound-setup to generate
one.
Note that these scripts place the unbound configuration files in
/var/unbound rather than /etc/unbound. This is necessary so that
unbound can reload its configuration while chrooted. We should
probably provide symlinks in /etc.
Approved by: re (blanket)
|
| | |
| |
| |
| | |
Approved by: re (blanket)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Add config variables to enable / disable individual host key algorithms.
Clean up the host key generation code.
Approved by: re (gjb)
MFC after: 3 weeks
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
and multiple instances were invoked by start/stop cycles.
- Remove redundant start_cmd rewrite.
Approved by: re (gjb)
Tested by: jmg
|
| | |
| |
| |
| |
| |
| | |
inet and inet6.
Approved by: re (delphij)
|
| | |
| |
| |
| | |
Approved by: re (blanket)
|
| | |
| |
| |
| |
| |
| | |
Reviewed by: ken (parts)
Approved by: re (delphij)
Sponsored by: FreeBSD Foundation
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| | |
available (the kernel module is loaded or compiled into the kernel).
Approved by: glebius (mentor)
Approved by: re (blanket)
|
| | |
| |
| |
| | |
Approved by: re (blanket)
|
| | |
| |
| |
| |
| |
| |
| | |
install it on powerpc64 in addition to amd64.
Reviewed by: kib
Approved by: re (blanket)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
except to document the hardcoded standard library search path for 32-bit
binaries. The third line performs the equivalent substitution for the
private library directory.
Ironically, these entries rely on functionality which is only available
in the COMPAT_32BIT version of rtld-elf.
Approved by: re (blanket)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
we don't want to expose but which can't or shouldn't be static.
To mark a library as private, define PRIVATELIB in its Makefile. It
will be installed in LIBPRIVATEDIR, which is normally /usr/lib/private
(or /usr/lib32/private for 32-bit libraries on 64-bit platforms).
To indicate that a program or library depends on a private library,
define USEPRIVATELIB in its Makefile. The correct version of
LIBPRIVATEDIR will be added to its run-time library search path.
Approved by: re (blanket)
|
| |\ \
| |/ |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
headrs.
Lots of third-party code expects to find C++03 headers under tr1 because that's
where GNU decided to hide them. This should fix ports that expect them there.
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| | |
independently. There is no reason to leave their options
with the daily ones, so move them to their own section.
Move periodic scripts' options into their own section. Since r254974,
|
| | |
| |
| |
| |
| |
| |
| |
| | |
interface route for default routes, which seems to be common
among many dedicated hosting providers.
Reviewed by: hrs
MFC after: 2 weeks
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These are included unconditionally for now because bsdconfig
is currently installed unconditionally.
This fixes 'make -j 17 installworld' caused by a race
condition.
MFC candidate.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If we panic again shortly after boot (say, within 30 seconds), any core
dump we wrote out may be lost on reboot. In this situation, we really
want to keep that core file, as it may be the only way to have the issue
resolved. Call sync(8) after writing out the core file and running
crashinfo(8), in the hope that these will not be lost if we panic
again. sync(8) is only called in the case where there is a core dump
to be written out, so won't be called during normal boots.
Discovered by: Trying to debug an IPSEC panic
MFC after: 1 week
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There are now six additional variables
weekly_status_security_enable
weekly_status_security_inline
weekly_status_security_output
monthly_status_security_enable
monthly_status_security_inline
monthly_status_security_output
alongside their existing daily counterparts. They all have the same
default values.
All other "daily_status_security_${scriptname}_${whatever}"
variables have been renamed to "security_status_${name}_${whatever}".
A compatibility shim has been introduced for the old variable names,
which we will be able to remove in 11.0-RELEASE.
"security_status_${name}_enable" is still a boolean but a new
"security_status_${name}_period" allows to define the period of
each script. The value is one of "daily" (the default for backward
compatibility), "weekly", "monthly" and "NO".
Note that when the security periodic scripts are run directly from
crontab(5) (as opposed to being called by daily or weekly periodic
scripts), they will run unless the test is explicitely disabled with a
"NO", either for in the "_enable" or the "_period" variable.
When the security output is not inlined, the mail subject has been
changed from "$host $arg run output" to "$host $arg $period run output".
For instance:
myfbsd security run output -> myfbsd security daily run output
I don't think this is considered as a stable API, but feel free to
correct me if I'm wrong.
Finally, I will rearrange periodic.conf(5) and default/periodic.conf
to put the security options in their own section. I left them in
place for this commit to make reviewing easier.
Reviewed by: hackers@
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
"/etc/rc.d/netif stop XXX". The old globbing pattern failed to account for the
possibility of a tab occuring before "inet".
Reviewed by: will
Approved by: ken (mentor, implicit)
MFC after: Never (bug affects head only)
Sponsored by: Spectra Logic
|
| | |
| |
| |
| | |
rc.d/rarpd and rc.d/wpa_supplicant)
|
| | | |
|
| | |
| |
| |
| | |
Obtained from: Antique freebsd.org cluster archive images
|
| | |
| |
| |
| |
| |
| | |
Approved by: delphij (mentor)
MFC after: 3 days
Sponsored by: DK Hostmaster A/S
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Newly-configured systems should use $cloned_interfaces.
- Call clone_{up,down}() and ifnet_rename() in rc.d/netif {start,stop}.
ifnet_rename() now accepts an interface name list as its argument.
- Add rc.d/netif clear. The "clear" subcommand is basically equivalent to
"stop" but it does not call clone_down().
- Add "ifname:sticky" keyword into $cloned_interfaces. If :sticky is
specified, the interface will not be destroyed in rc.d/netif stop.
- Add cloned_interfaces_sticky={YES,NO}. This variable globally sets
:sticky keyword above for all interfaces. The default value is NO.
When cloned_interfaces_sticky=YES, :nosticky keyword can be used to
override it on per interface basis.
|
