| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |\
| |
| |
| |
| |
| | |
currently done by /etc/rc.d/jail.
MFC after: 3 months
|
| | |
| |
| |
| | |
instead of a mount.devfs.ruleset pseudo-parameter.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Document the potential for jail escape.
From r224615:
Always disable mount and unmount for jails with enforce_statfs==2.
From r231267:
A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for
mounting devfs inside jails. A value of -1 disables mounting devfs in
jails, a value of zero means no restrictions. Nested jails can only
have mounting devfs disabled or inherit parent's enforcement as jails are
not allowed to view or manipulate devfs(8) rules.
From r232059:
To improve control over the use of mount(8) inside a jail(8), introduce
a new jail parameter node with the following parameters:
allow.mount.devfs:
allow mounting the devfs filesystem inside a jail
allow.mount.nullfs:
allow mounting the nullfs filesystem inside a jail
From r232186:
allow.mount.zfs:
allow mounting the zfs filesystem inside a jail
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some errors printed the jail name for unnamed (command line) jails.
Attempting to create an already-existing jail from the command line
returned with no error (even for non-root) due to bad logic in
start_state.
Ignore kvm_proc errors, which are typically caused by permission
problems. Instead, stop ignoring permission errors when removing
a jail (but continue to silently ignore other errors, i.e. the
jail no longer existing). This makes non-root attempts at removing
a jail give a clearer error message.
|
| | |
| |
| |
| | |
(but continue to flag when from a config file).
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
as part of jail removal (IP_STOP_TIMEOUT).
Note a jail as "removed" even if it wasn't jail_remove() that did
the deed, e.g. if it already went away because all its processes
were killed.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
finish_command can be processed properly.
Call failed() once in next_command() instead of multiple times in
run_command().
Continue processing commands when a no-wait operation (IP__OP or background
command) succeeds.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Check for IPv4 or IPv6 to be available by the kernel to not
provoke errors trying to query options not available.
Make it possible to compile out INET or INET6 only parts.
|
| | | |
|
| | |
| |
| |
| | |
and the cost of an ugly single-use global variable.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
a single command string to run, and an inner function (run_command) that
runs that single string.
Move the list of start/stop commands to run from a switch statement into
an array, with a new placeholder parameter IP__OP for actually creating
or removing the jail.
When jail creation fails, revert all non-exec commands in reverse order.
|
| | |
| |
| |
| | |
traversed in reverse order.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make the parallelism limit a global instead of always passing it
to run_command and finish_command.
In the case of an empty command string, try to run any other strings
the command may have.
Replace JF_BACKGROUND with its sort-of opposite JF_SLEEPQ.
Change j->comstring earlier to render JF_RUNQ unncessary.
Change the if-else series to a more readable switch statement.
Treat IP_STOP_TIMEOUT like a command, calling run_command which then
calls term_procs.
When the IP_STOP_TIMEOUT "command" finishes, it shouldn't mess with
the parallelism limit.
Make sufficient checks in finish_command and run_command so that
the nonintuitive j->comstring null check isn't necessary to run them.
Rename the "waiting" queue to "depend", because the "sleeping" and
"runnable" queues are also used to wait for something.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
path must be absolute.
mount paths must exist and have no symlinks beyond the jail's path itself.
consolelog must exist (apart from the final component) and have no
symlinks beyond the jail's path itself.
|
| | |
| |
| |
| | |
IP__MOUNT_FROM_FSTAB internal parameter.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
command line.
|
| | |
| |
| |
| | |
enum constants everywhere else.
|
| | |
| |
| |
| |
| | |
cleaning up to do on existing features, but this is pretty much what the
final product will look like.
|
| | |
| |
| |
| | |
by /etc/rc.d/jail.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- eap_xxx.c files have been renamed to eap_server_xxx.c
- additional crypto files are required for some options
- EAP_MD5 and EAP_GTC is now enabled by default to match vendor config
- move each file on its own line to hopefully make further diffs easier
to read
EAP_SERVER is now enabled by default. Fiddling with HOSTAPD_CFLAGS in
src.conf is no longer required to get a basic WPA-EAP/radius setup
running.
Tested by: Johann Hugo <jhugo at meraka.csir.co.za>
MFC after: 2 weeks
|
| | |
| |
| |
| | |
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| | |
allow filtered data to be dumped to a binary file.
MFC after: 1 week
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- more style(9) fixes
- some refactoring
- better error detection
- Add the DPADD to Makefile
Submitted by: Garrett Cooper <yanegomi@gmail.com>
Approved by: des (mentor)
|
| | |
| |
| |
| |
| | |
Submitted by: marius
Approved by: des (mentor)
|
| | |
| |
| |
| |
| |
| |
| | |
style(9) says for (;;) not while (1)
Reported by: culot
Approved by: des
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
it respects PACKAGESITE, PACKAGEROOT, and a new environment variable ABI (if a user want to use a different API from the base one for its packages)
it has no man page on purpose to avoid hidding the pkg(8) man page from the pkgng package.
for now uses pkgbeta.FreeBSD.org as default mirror to find its package
it respects MK_PKGTOOLS
Approved by: des (mentor)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
int (*compar)(const struct dirent **, const struct dirent **)
The current code defines sortq() to accept two void *, then cast them
to const struct dirent **. Because the code does not really need this
cast, we can eliminate the casts by changing the function prototype
to match scandir(3) expectation.
MFC after: 1 month
|
| | |
| |
| |
| | |
Reviewed by: njl, acpi
|
| | |
| |
| |
| |
| |
| |
| | |
quotation. Also make sure we have the same amount of columns in each row as
the number of columns we specify in the head arguments.
Reviewed by: brueffer
|
| | |
| |
| |
| |
| | |
Submitted by: pawel dot worach at gmail dot com
MFC after: 3 days
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Fill the needed pmPartStatus flags. At least the OpenBIOS
implementation relies on these flags.
This commit fixes the panic seen on OS-X when inserting a FreeBSD/ppc disc.
Additionally OpenBIOS recognizes the partition where the boot code is located.
This lets us load a FreeBSD/ppc PowerMac kernel inside qemu.
PR: powerpc/162091
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
about to add, and failed if it exist and had invalid data
link type.
Later on, in r201282, this check morphed to other code, but
message "proxy entry exists for non 802 device" still left,
and now it is printed in a case if route prefix found is
equal to current address being added. In other words, when
we are trying to add ARP entry for a network address. The
message is absolutely unrelated and disappointing in this
case.
I don't see anything bad with setting ARP entries for
network addresses. While useless in usual network,
in a /31 RFC3021 it may be necessary. This, remove this code.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove the magic mfi_array is 288 bytes and just use the
sizeof the array since it is not 288 bytes.
Change reporting of a "SYSTEM" disk to "JBOD" to match
LSI MegaCli and firmware reporting.
This means that fiutil command to "create jbod" is now a
little confusing since a RAID per drive is not really what
LSI defines JBOD to be. This should be fixed in the future
and support added to really create LSI JBOD and enable that
feature on cards that support it.
|
| | |
| |
| |
| |
| |
| |
| | |
Disussed with: gavin
No objection from: doc
Approved by: joel
MFC after: 3 days
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes our naming scheme more closely match other systems and the
expectations of much third-party software. MIPS builds which are little-endian
should require and exhibit no changes. Big-endian TARGET_ARCHes must be
changed:
From: To:
mipseb mips
mipsn32eb mipsn32
mips64eb mips64
An entry has been added to UPDATING and some foot-shooting protection (complete
with warnings which should become errors in the near future) to the top-level
base system Makefile.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
New kernel events can be added at various location for sampling or counting.
This will for example allow easy system profiling whatever the processor is
with known tools like pmcstat(8).
Simultaneous usage of software PMC and hardware PMC is possible, for example
looking at the lock acquire failure, page fault while sampling on
instructions.
Sponsored by: NETASQ
MFC after: 1 month
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In case of multiple level of inlining all the locations are flattened.
Require recent binutils/addr2line (head works or binutils from ports
with the right $PATH order).
- Multiple fixes in the calltree output (recursion case, ...)
- Fix the calltree top view that previously hide some shared nodes.
Tested with Kcachegrind(kdesdk4)/qcachegrind(head).
Sponsored by: NETASQ
|
| | |
| |
| |
| | |
Reviewed by: brueffer
|
| | | |
|
| | |
| |
| |
| | |
Reviewed by: brueffer
|
| | | |
|
| | | |
|
| | | |
|
