| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
|
|
| |
Reviewed by: rpaulo
Approved by: rpaulo
Relnotes: YES
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D5913
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.
Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by: drysdale@google.com, bdrewery
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4277
|
| |
|
|
|
|
|
|
| |
The wrapper script has moved to libexec/makewhatis.local since it is not
directlry related to the older makewhatis(1) utility that has been replaced
by the usr.bin/mandoc version.
Reported by: vangyzen
|
| |
|
|
|
|
|
| |
Simplifying maintainance and options (only one place to deal with MK_DMAGENT)
This also makes packaging base less intrusive by getting a single point where
to add tags.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
WITHOUT_BOOTPARAMD - bootparamd
WITHOUT_BOOTPD - bootpd
WITHOUT_FINGER - finger, fingerd
WITHOUT_FTP - ftp, ftpd
WITHOUT_INETD - inetd
WITHOUT_RBOOTD - rbootd
WITHOUT_TCP_WRAPPERS - tcpd, et al
WITHOUT_TFTP - tftp, tftp-server
WITHOUT_TIMED - timed
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
| |
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
|
| |
|
|
|
|
|
|
| |
for i386/amd64. Rather, it only works on i386/amd64 and should only be
built there. Rather than change the default based on which
architecutre, do things more directly by only building it on
i386/amd64 and having it always on. This is how we handle other
options that are relevant only for a few architectures.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
many thanks for their continued support of FreeBSD.
While I'm there, also implement a new build knob, WITHOUT_HYPERV to
disable building and installing of the HyperV utilities when necessary.
The HyperV utilities are only built for i386 and amd64 targets.
This is a stable/10 candidate for inclusion with 10.1-RELEASE.
Submitted by: Wei Hu <weh microsoft com>
MFC after: 1 week
|
| |
|
|
| |
from the latter.
|
| |
|
|
| |
Requested by: ian
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It is a small and lightweight Mail Transport Agent.
It accepts mails from locally installed Mail User Agents (MUA) and delivers the
mails either locally or to a remote destination. Remote delivery includes
several features like TLS/SSL support, SMTP authentication and NULLCLIENT.
Make dma conditional to new WITHOUT_DMA option and make it respect WITHOUT_MAIL
Reviewed by: peter
Discussed with: emaste, bz, peter
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
giving access to functionality that is not available in capability mode
sandbox. The functionality can be precisely restricted.
Start with the following services:
- system.dns - provides API compatible to:
- gethostbyname(3),
- gethostbyname2(3),
- gethostbyaddr(3),
- getaddrinfo(3),
- getnameinfo(3),
- system.grp - provides getgrent(3)-compatible API,
- system.pwd - provides getpwent(3)-compatible API,
- system.random - allows to obtain entropy from /dev/random,
- system.sysctl - provides sysctlbyname(3-compatible API.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Reviewed by: freebsd-testing
Approved by: rpaulo (mentor)
|
| |
|
|
|
|
|
|
|
|
| |
There is no reason to keep the two knobs separate: if tests are
enabled, the ATF libraries are required; and if tests are disabled,
the ATF libraries are not necessary. Keeping the two just serves
to complicate the build.
Reviewed by: freebsd-testing
Approved by: rpaulo (mentor)
|
| |
|
|
| |
Approved by: re (gjb)
|
| |
|
|
|
|
|
|
|
|
| |
used by auditing tools to determine the userland patch level when it
differs from what `uname -r` reports. This can happen when the system
is kept up-to-date using freebsd-update and the last SA did not touch
the kernel, or when a new kernel has been installed but the system has
not yet rebooted.
Approved by: re (glebius)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
but committing it helps to get everyone on the same page and makes
sure we make progress.
Tinderbox breakages that are the result of this commit are entirely
the committer's fault -- in other words: buildworld testing on amd64
only.
Credits follow:
Submitted by: Garrett Cooper <yanegomi@gmail.com>
Sponsored by: Isilon Systems
Based on work by: keramida@
Thanks to: gnn@, mdf@, mlaier@, sjg@
Special thanks to: keramida@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
One of the things I really want to do, is to get rid of the limitations
of our current utmp(5) mechanism:
- It only allows 8 byte TTY device names.
- The hostname only allows 16 bytes of storage.
I'm not a big fan of <utmpx.h>, but I think we should at least try to
add parts of it. Unfortunately we cannot implement <utmpx.h>, because we
miss various fields, such as ut_id, ut_pid, etc. The API provided by
libulog shares some similarities with <utmpx.h>, so it shouldn't be too
hard to port these applications eventually. In most simple cases, it
should just be a matter of removing the ulog_ prefix everywhere.
As a bonus, it also implements a function called ulog_login_pseudo(),
which allows unprivileged applications to write log entries, provided
they have a valid file descriptor to a pseudo-terminal master device.
libulog will allow a smoother transition to a new file format by adding
a library interface to deal with utmp/wtmp/lastlog files. I initially
thought about adding the functionality to libutil, but because I'm not
planning on keeping this library around forever, we'd better keep it
separated.
Next items on the todo list:
1. Port applications in the base system (and ports) to libulog, instead
of letting them use <utmp.h>.
2. Remove <utmp.h>, implement <utmpx.h> and reimplement this library on
top.
3. Port as many applications as possible back to <utmpx.h>.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
it from the build.
If you are using the FTP daemon, please consider using the port ftp/tnftpd
which is the same FTP server, but newer and might have more/better
functionality.
This results in us providing only one ftp daemon by default.
Reviewed by: bz
Approved by: imp (mentor, implicit)
MFC after: 3 days
Silence from: obrien
|
| |
|
|
|
|
|
|
|
| |
The makekey utility has been deprecated and will be removed in a future
release of FreeBSD.
Actually removing it was approved back on 10/29/2007 by re (kensmith) but
I dropped the ball on actually removing it. It's doubtful that it's become
more relevant/useful in the intervening time.
|
| |
|
|
|
|
|
|
| |
control over the result of buildworld and installworld; this especially
helps packaging systems such as nanobsd
Reviewed by: various (posted to arch)
MFC after: 1 month
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before we had a posix_openpt() that allocated PTY's with proper
permissions in place, we used this set-uid utility to change the
ownership of PTY slave devices to the real user ID of the process. This
utility was used to implement grantpt().
In my first designs of the MPSAFE TTY layer, I replaced this by adding
an ioctl() called TIOCGRANTPT, which was used to change the ownership.
I left the pt_chown utility, because older C libraries needed it to work
properly.
After some discussions back in June I changed the PTY code to set
permissions properly upon creation. Fortunately the previous grantpt()
implementation changed permissions by hand when pt_chown is not
installed, which always succeeds. This means grantpt() still works
properly, even though the set-uid utility is missing.
I've done tests with FreeBSD 5.2.1, FreeBSD 6.3 and FreeBSD 7.0 jails.
All of them still work if I remove pt_chown.
Reviewed by: philip (ex-mentor)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/Makefile.inc1 rev. 1.590, it can allow installing a world
cross-built for a different arch over the live system. The procedure
is more or less as follows:
cp -R /rescue /rescue.old
make installkernel TARGET_ARCH=foo
make -DNO_RTLD installworld TARGET_ARCH=foo
^^^^^^^^^
PATH=/rescue.old
chflags noschg /libexec/ld-elf.so.1
cp /usr/obj/foo/usr/src/libexec/rtld/ld-elf.so.1 /libexec
chflags schg /libexec/ld-elf.so.1
<ditto for ld-elf32.so.1 if installing for amd64>
reboot
|
| |
|
|
|
|
|
|
| |
- move ftp-proxy from libexec to usr.sbin
- add tftp-proxy
- new altq mtag link
Approved by: re (kensmith)
|
| |
|
|
|
|
|
|
| |
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
| |
|
|
|
|
|
| |
method of executing commands remotely. There are no rexec clients in
the FreeBSD tree, and the client function rexec(3) is present only in
libcompat. It has been documented as "obsolete" since 4.3BSD, and its
use has been discouraged in the man page for over 10 years.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Change NO_RCMDNS to NO_RCMDS and do the switch in bsd.compat.mk.
Discussed with: ru, nectar
|
| | |
|
| |
|
|
|
|
|
|
| |
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE
|
| |
|
|
|
|
|
|
|
|
|
| |
If turned on no NIS support and related programs will be built.
Lost parts rediscovered by: Danny Braniss <danny at cs.huji.ac.il>
PR: bin/68303
No objections: des, gshapiro, nectar
Reviewed by: ru
Approved by: rwatson (mentor)
MFC after: 2 weeks
|
| |
|
|
|
|
| |
Submitted by: (in part) dougb@, trhodes@
Reviewed by: dougb@, trhodes@, re@
MFC after: 5 days
|
| |
|
|
|
|
| |
stable ld.so. We need to revisit the rtld-elf/sparc64/rtld_start.S
rev. 1.5 and rtld-elf/sparc64/rtld_machdep.h rev. 1.5, which was
suppose to allow stock Binutils 2.13 (and later) to be used.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.
This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.
For those who want to go without pf; it provides a NO_PF knob to make.conf.
__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.
Approved by: bms(mentor)
|
| |
|
|
|
|
|
|
|
|
| |
- Unify the conditional assignments section so that architectural
exclusions come first, then options and !options, sorted by the
option name, also in directory order, then architecture specific
sections, sorted by the architecture name, with i386 being a
traditional exception.
Prodded by: bde
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".
As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).
Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
|
| |
|
|
| |
Approved by: re (safe amd64 support commits)
|
| |
|
|
| |
Approved by: re (scottl)
|
| |
|
|
| |
OK'ed by: re(scottl)
|
| |
|
|
| |
Approved by: re (scottl)
|
| |
|
|
|
| |
cleanups were necessary in release/Makefile, and the tinderbox code
was syntax checked, not run checked.
|
| |
|
|
| |
Submitted by: Marius Strobl <marius@alchemy.franken.de>
|
| | |
|
| | |
|
| |
|
|
| |
Approved by: re@ (scottl)
|
| |
|
|
|
|
|
|
| |
to Solaris, it is in /usr/libexec) to perform the handing over of tty nodes
to the user being granted the pty.
Submitted by: Ryan Younce <ryany@pobox.com>
Reviewed by: security-officer@, standards@, mike@
|
| |
|
|
| |
Head off what I think is an abuse of the TRB, and disable lukemftpd.
|
