1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-17 10:26:15 +00:00
Commit Graph

4152 Commits

Author SHA1 Message Date
Gleb Smirnoff
aed9792fae Don't do setuid checks on file systems mounted with noexec option.
Reviewed by:	brian, ru
MFC after:	1 week
2005-01-13 15:07:35 +00:00
Eric Anholt
b9a9947eca Create three additional X socket directories. Using X applications when another
user owns these directories or the sticky bit is unset may open security holes,
so simply create them at startup with the correct owner/mode.

MFC after:	1 day
2005-01-12 07:18:25 +00:00
Brian Somers
b96d69488c Sed doesn't grok '[ \t]' -- it doesn't expand the \t :(
As there are no tabs in maillog, reduce the expression so that only spaces
are used.

Problem raised by:      Leif Neland root at internet dot dk
2005-01-12 01:31:21 +00:00
Pawel Jakub Dawidek
560cb85703 Connect SHSEC GEOM class to the build. 2005-01-11 18:18:40 +00:00
Brian Somers
b389bf7570 Oops, the < in arg1=< is optional - treat it as such! 2005-01-11 10:54:38 +00:00
Brian Somers
cd3384a7ec Adjust the mail reject output so that it gives an abreviated reason for the
reject.  For example:

Checking for rejected mail hosts:
  48 getherbalnow.info (451... resolve)
  46 absorb.com (451... resolve)
   4 tgmart01.codns.com (553... exist)
   3 kali.com.cn (451... resolve)
   2 genie.com (451... resolve)
   1 zv.qy (553... exist)
   1 zd.hinet.hr (553... exist)
   ....

The bit in parenthesis is the reject code and the last word on the line -
enough to give the admin a better chance of seeing real problems (hopefully!).

While I'm here, remove the "<" at the start of rejects coming from "from"
addresses without a name@ part.

I had to rewrite the patch given by the submitter as this script has been
sed'ified (used to be perl) and I think the reject code is useful....

PR:		17377
Idea from:	root at ns dot internet dot dk
MFC after:	7 days
2005-01-11 02:08:53 +00:00
Brian Somers
ea7e63ea87 Collapse "fgrep | egrep | sed" down to a single sed.
This also trims extraneous commas from domain names.

MFC after:	7 days
2005-01-11 01:47:44 +00:00
Warner Losh
2f145ae9d1 Another prism2 card (not sure what, if anything, is needed for >=5)
Pr: 43805
2005-01-11 00:40:00 +00:00
Ruslan Ermilov
9b28df7fb2 Unbreak the install. 2005-01-10 09:04:13 +00:00
Giorgos Keramidas
2853698951 Cosmetic typo in check_pidfile()
PR:		bin/75946
Submitted by:	zero@gddn.org (Finn)
2005-01-09 23:46:37 +00:00
Brooks Davis
e6da72a102 When ukbd0 arrives, attach to /dev/ukbd0 rather then /dev/kbd1 since
kbd1 might be something else.
2005-01-08 06:00:24 +00:00
Ceri Davies
b7df823a59 Correct syntactical weirdness in a call to /etc/rc.d/dhclient. Fixes:
PR:		bin/75786
Reported by:	Radko Keves <rado at daemon dot sk>
Approved by:	murray
MFC After:	5 days	( to RELENG_5 )
2005-01-04 16:52:15 +00:00
Paul Richards
a97346b68c Ports index file is now INDEX-6 2005-01-04 16:35:30 +00:00
Christian Brueffer
2b79cbbbd2 Changes in comments:
- correct a sentence so it actually has some meaning [1]
- sprinkle some full stops

Spotted by:	markus [1]
MFC after:	3 days
2004-12-25 00:12:27 +00:00
Ruslan Ermilov
a216173556 NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
Ruslan Ermilov
e653b48c80 Start the dreaded NOFOO -> NO_FOO conversion.
OK'ed by:	core
2004-12-21 08:47:35 +00:00
Peter Edwards
2c8de7dd13 Use "KEYWORD: shutdown" so shutdown commands will actually be executed.
Approved by:	 dougb@
2004-12-20 18:34:10 +00:00
Peter Edwards
9bfeaedfa2 When stopping a chrooted named, unmount the devfs filesystem from
the chroot area. This stops "umount -a" failing when dropping to
single user.

Reviewed by:	dougb@
2004-12-20 10:48:48 +00:00
Christian Brueffer
18c7cda54a In the ethernet-nic-regex:
- add udav(4)

In the scsi-controller-regex:

- correct an entry
- move another one to the right place
- add a bunch of missing drivers

Glanced at by:	trhodes (scsi-controller-regex part)
MFC after:	3 days
2004-12-19 00:50:07 +00:00
Poul-Henning Kamp
cb16893698 If /etc/named is a symlink, try to make sure it points the right place. 2004-12-18 15:19:36 +00:00
Pawel Jakub Dawidek
d5a96d8ceb Remove autofs entry from here. 2004-12-15 13:58:28 +00:00
Brian Somers
f6370f2735 Use rc.subr
PR:		72505
Submitted by:	Amir Shalem <amir@active.ath.cx>
2004-12-15 12:39:28 +00:00
Ralf S. Engelschall
62bb1d78fe Improve the RC framework for the clean booting/shutdown of Jails:
1. Feature: for flexibility reasons and as a prerequisite to clean
   shutdowns, allow the configuration of a stop/shutdown command
   via rc.conf variable "jail_<name>_exec_stop" in addition to the
   start/boot command (rc.conf variable "jail_<name>_exec_start"). For
   backward compatibility reasons, rc.conf variable "jail_<name>_exec"
   is still supported, too.

2. Debug: Add the used boot/shutdown commands to the debug output of
   the /etc/rc.d/jail script, too.

3. Security: Run the Jail start/boot command in a cleaned environment
   to not leak information from the host to the Jail during startup.

4. Feature: Run the Jail stop/shutdown command "jail_<name>_exec_stop" on
   "/etc/rc.d/jail stop <name>" to allow a graceful shutdown of the Jail
   before its processes are just killed.

5. Bugfix: When killing the remaining Jail processes give the processes
   time to actually perform their termination sequence. Without this the
   subsequent umount(8) operations usually fail because the resources
   are still in use. Additionally, if after trying to TERM-inate the
   processes there are still processes hanging around, finally just KILL
   them.

6. Bugfix: In rc.shutdown, if running inside a Jail, skip the /etc/rc.d/*
   scripts which are flagged with the KEYWORD "nojail" to allow the
   correct operation of rc.shutdown under jail_<name>_exec_stop="/bin/sh
   /etc/rc.shutdown". This is analogous to what /etc/rc does inside a Jail.

Now the following typical host-configuration for two Jails works as
expected and correctly boots and shutdowns the Jails:

-----------------------------------------------------------
#  /etc/rc.conf:
jail_enable="YES"
jail_list="foo bar"
jail_foo_rootdir="/j/foo"
jail_foo_hostname="foo.example.com"
jail_foo_ip="192.168.0.1"
jail_foo_devfs_enable="YES"
jail_foo_mount_enable="YES"
jail_foo_exec_start="/bin/sh /etc/rc"
jail_foo_exec_stop="/bin/sh /etc/rc.shutdown"
jail_bar_rootdir="/j/bar"
jail_bar_hostname="bar.example.com"
jail_bar_ip="192.168.0.2"
jail_bar_devfs_enable="YES"
jail_bar_mount_enable="YES"
jail_bar_exec_start="/path/to/kjailer -v"
jail_bar_exec_stop="/bin/sh -c 'killall kjailer && sleep 60'"
-----------------------------------------------------------
#  /etc/fstab.foo
/v/foo /j/foo/v/foo nullfs rw 0 0
-----------------------------------------------------------
#  /etc/fstab.bar
/v/bar /j/bar/v/bar nullfs rw 0 0
-----------------------------------------------------------

Reviewed by:	freebsd-hackers
MFC after:	2 weeks
2004-12-14 14:36:35 +00:00
David E. O'Brien
32e7342827 Use utils from /rescue vs. /stand. Also use pax rather than cpio & gzip. 2004-12-12 08:04:26 +00:00
Scott Mitchell
98a3c37bd8 Add Ethernet part of Intel EtherExpress PRO/100 LAN/Modem card. This is a
rebadged Xircom REM56 RealPort card.  Short MFC timeout to beat the 4.11
code freeze.

PR:		53027
Submitted by:	John Merryweather Cooper <coop9211 at uidaho dot edu>
Approved by:	imp (mentor)
MFC after:	2 days
2004-12-09 22:27:11 +00:00
Pawel Jakub Dawidek
bb28d112bb 'all' argument for list_net_interfaces() is now unused, remove it. 2004-12-05 21:45:36 +00:00
Ralf S. Engelschall
18c3f40e94 Use "ifconfig -l" instead of "list_network_interfaces all" in
ifnet_rename() to support situations where rc.conf's $network_interfaces
variable is set to an explicit list of network interfaces (instead of
the default "auto").

Using "list_network_interfaces all" resulted in using
$network_interfaces for both interface _renaming_ and interface
_configuration_ which obviously cannot work either before (if the
new name is in $network_interfaces) or after (if the old name is in
$network_interfaces) renaming the interface.
2004-12-05 09:51:48 +00:00
Ralf S. Engelschall
9edbeba781 fix typo: s/intefraces/interfaces/ 2004-12-05 09:01:20 +00:00
Kris Kennaway
062a5b33f3 Add more frequently-used locale directories. This is in preparation
for cleanup of pkg-plist files with respect to handling of the share/locale
subdirectories.

MFC after: 3 days
2004-12-04 23:30:36 +00:00
Marius Strobl
3420a6e5f1 Catch up with the new device name of sab(4). The entries for tty[a,b]
can't be removed as ofw_console(4) and zs(4) use them so one has to
live with some complaints about non-existent devices at boot time and
remove the respective entries locally for now.
2004-12-04 14:03:45 +00:00
Jim Rees
d4eb51a87a Add nfs4 to list of net filesystems.
Approved by:	alfred
2004-12-01 22:05:50 +00:00
Ian Dowse
6d2e81866e Move the purely device-name based entries for mice and ethernet
adapters from usbd.conf to devd.conf. USB ethernet devices were
already handled in devd.conf so this just removes their usbd.conf
entry.

PR:	conf/73799
2004-11-28 23:16:00 +00:00
Ian Dowse
efe39f955c Add axe(4) devices to the USB ethernet regular expression.
MFC after:	1 week
PR:		conf/73239
Submitted by:	Daan Vreeken
2004-11-28 20:44:28 +00:00
Max Laier
66754ab3f1 Teach periodic(8) security output to display information about blocked
packet counts by pf(4).

This adds a ``daily_status_security_pfdenied_enable'' variable to
periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.

The output will look like this (line wrapped):

  pf denied packets:
  > block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0
    Bytes: 0 States: 0 ]
  > block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578
    States: 0 ]

Submitted by:	clive (thanks a lot!)
MFC after:	2 weeks
2004-11-24 18:41:53 +00:00
Maxime Henrion
f89336da41 Fix a typo in an error message.
Spotted by:	ceri
2004-11-24 10:44:39 +00:00
Maxime Henrion
d4d8b79704 Implement per-jail fstab(5) files. Here's a rc.conf sample using
this feature for a jail named foo :

jail_foo_mount_enable="YES"
jail_foo_fstab="/etc/fstab.foo"

The second line is actually useless, since the code defaults to
using "/etc/fstab.$jailname" as the fstab file if none is specified.

MFC after:	3 days
Submitted by:	Jeremie Le Hen <jeremie@le-hen.org>
2004-11-23 20:09:58 +00:00
David E. O'Brien
671e1584d6 Catch up with PHK's sio(4) cuaa->cuad rework [sys/dev/sio/sio.c rev. 1.456]. 2004-11-19 17:12:56 +00:00
David E. O'Brien
6949461a18 Catch up with PHK's sio(4) cuaa->cuad rework [sys/dev/sio/sio.c rev. 1.456]. 2004-11-19 03:51:12 +00:00
Wes Peters
e5624708b1 Convince mergemaster to maintain/merge ramdisk scripts too.
Submitted by:	Ben Kelly <ben.kelly@ieee.org>
PR:		bin/64079
2004-11-16 04:20:09 +00:00
Wes Peters
c1c740a8b1 Shutup debugging output. 2004-11-16 04:14:28 +00:00
David E. O'Brien
38b8d3c441 Unify the ci/co variables now that the the tty drivers now use the same
character for both.
2004-11-14 19:51:34 +00:00
David E. O'Brien
1538d04b82 Catch up with PHK's sio(4) rework [sys/dev/sio/sio.c rev. 1.456]. 2004-11-14 19:42:13 +00:00
Giorgos Keramidas
16c2bf8bfb Revert the noexec,nosuid,nodev options for md /tmp file systems, since
the change in the default behavior may break existing, working setups.

Requested by:	brooks
2004-11-09 21:33:19 +00:00
Giorgos Keramidas
8cfaa2f1f1 Add two new rc.conf options: tmpmfs_flags and varmfs_flags.
These can be used to pass extra options to the mdmfs(8) utility,
to customize the finer details of the md file system creation
(i.e. to turn on/off softupdates, to specify a default owner for md
filesystem, etc).

Use these two new flags to mount tmpmfs and varmfs without
softupdates, since it doesn't make much sense to use SU on
malloc-backed file systems.

Reviewed by:	mtm
Inspired by:	J. D. Bronson, jbronson at wixb dot com
2004-11-09 10:03:17 +00:00
Ruslan Ermilov
9528cdfa6e Removed the remnants of gx(4). 2004-11-08 20:24:52 +00:00
Warner Losh
be9a7a2249 Someone (sanpei-san?) sent me this entry some time ago. Add COREGA
FEtherII PCC-TXD to the FEther PCC-TXD entry (since they appear to be
handled the same).
2004-11-08 16:59:01 +00:00
Pawel Jakub Dawidek
d04ecb5f44 Stop method for swap1 script was introduced, because gmirror needed it.
Now gmirror use shutdown hooks to mark mirrors as clean on shutdown,
so this is not needed anymore.
2004-11-05 12:38:27 +00:00
Mike Makonnen
b18cb583f6 - Make the header conform to standard rc.d style.
- The 'before ipfw' directive seems bogus, and should instead
  be 'before rcconf'.
2004-11-05 07:35:31 +00:00
Ruslan Ermilov
371e19faf6 Sync up with vinum(8) and rc.d/vinum removal.
OK'ed by:	phk
2004-11-04 13:33:29 +00:00
Poul-Henning Kamp
13e1e760df remove vinum startup script. 2004-11-04 12:59:16 +00:00