1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-23 11:18:54 +00:00
Commit Graph

6208 Commits

Author SHA1 Message Date
Ed Maste
f35fbc2982 Restore lib/casper debug directory, reverting r296130
Reported by:	bdrewery
Pointy hat to:	emaste
2016-02-26 22:25:35 +00:00
Ed Maste
0210fa8f75 Remove libexec/casper debug directory missed in r296047 2016-02-26 22:19:39 +00:00
Ed Maste
563a01a1da Add debug /libexec directory for rtld-elf debug files 2016-02-26 19:49:04 +00:00
Mariusz Zaborski
c501d73c7e Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.

Discussed with:		pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by:	drysdale@google.com, bdrewery
Approved by:		pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4277
2016-02-25 18:23:40 +00:00
Marcelo Araujo
3bead71e95 - Add a global option where we can protect processes when swap space
is exhausted.

How to use:

Basically we need to add on rc.conf an another option like:

    If we want to protect only the main processes.
    syslogd_oomprotect="YES"

    If we want to protect all future children of the specified processes.
    syslogd_oomprotect="ALL"

PR:		204741 (based on)
Submitted by:	eugen@grosbein.net
Reviewed by:	jhb, allanjude, rpokala and bapt
MFC after:	4 weeks
Relnotes:	Yes
Sponsored by:	gandi.net
Differential Revision:	https://reviews.freebsd.org/D5176
2016-02-24 01:32:12 +00:00
Devin Teske
4fa10b673c Interpret vnet_interface/vnet.interface as array 2016-02-12 02:50:36 +00:00
Cy Schubert
1041b71deb Update leapsecond file in non-chroot environments.
PR:		207095
Submitted by:	madpilot
MFC after:	3 days
2016-02-11 01:16:57 +00:00
Mark Felder
0ba5cf0e44 Add new rc.conf parameter "jail_reverse_stop"
When a user defines "jail_list" in rc.conf the jails are started in the
order defined. Currently the jails are not are stopped in reverse order
which may break dependencies between jails/services and prevent a clean
shutdown. The new parameter "jail_reverse_stop" will shutdown jails in
"jail_list" in reverse order when set to "YES".

Please note that this does not affect manual invocation of the jail rc
script. If a user runs the command

  # service jail stop jail1 jail2 jail3

the jails will be stopped in exactly the order specified regardless of
jail_reverse_stop being defined in rc.conf.

PR:		196152
Approved by:	jamie
MFC after:	1 week
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D5233
2016-02-10 16:13:59 +00:00
Kurt Lidl
bd5ca94caa Zero pf rule counters so daily reports make sense
Zero pf rule counters so that each daily report lists an absolute
number of rejected packets, not the total since the last time the
machine rebooted (or the counters were manually cleared).

PR:		206467
Submitted by:	Rick Adams
Approved by:	rpaulo (mentor)
Differential Revision:	https://reviews.freebsd.org/D5172
2016-02-09 21:00:38 +00:00
Devin Teske
d62a61608f Fix typo in a comment; s/redined/redefined/
Thanks to:	rpokala
2016-02-06 02:35:52 +00:00
Devin Teske
1ba4612e13 Add comment to explain functionality of code
Thanks to:	rpokala
2016-02-06 02:32:13 +00:00
Devin Teske
a8cb567afb Allow rc_conf_files to be redefined in rc.conf(5)
With this change, it's possible to redefine rc_conf_files (e.g.,
sysrc rc_conf_files+=/etc/rc.conf.other) and have the boot process
pick up settings in extra files. The sysrc(8) tool can be used to
query/enumerate/find/manage extra files configured in this manner.

Relnotes:	yes
2016-02-06 02:16:48 +00:00
Alexander Motin
b1963ead44 Update script for modern zpool status output. 2016-02-05 18:17:37 +00:00
Alexander Motin
b0fcd5fba2 Add error check to not leak logs with syntax errors in case of failed
`zpool history`.

MFC after:	1 month
2016-02-05 17:28:11 +00:00
Devin Teske
b5d189b6b6 Fix grammar in error statement
s/consider to migrate to jail.conf/consider migrating to jail.conf/
2016-02-04 17:09:43 +00:00
Marius Strobl
05ef7ed17b Use '^[>+][^+]' instead of '^[>+]' with grep(1) when filtering the
diff(1) output between two files in "new_only"-mode. Otherwise,
with the default of using unified format a remnant of the header
in the output is the result. This is especially irritating when
the two files differ but the second one is empty, amounting to the
vestige of the header being the only readout.
Reported by: Stefan Haemmerl

MFC after:	3 days
2016-01-29 01:54:32 +00:00
Marcelo Araujo
1cf38d9ef8 Fix regression introduced on r293801.
The UID/GID 93 is in using by jaber on PORTS, we will use
UID/GID 160 for ypldap(8).

Reported by:	antoine
Approved by:	bapt (mentor)
Differential Revision:	https://reviews.freebsd.org/D5062
2016-01-27 06:28:56 +00:00
Cy Schubert
f9ddb2af5f Allow specification of fetch options for ntp leap-seconds fetch.
MFC after:	1 week
X-MFC with:	r289421, r293037, r294773
2016-01-27 02:25:25 +00:00
Cy Schubert
b5bdbd0461 Add support for automatic leap-second file updates.
The working copy of leapfile resides in /var/dbntpd.leap-seconds.list.
/etc/ntp/leap-seconds (periodically updated from ftp://time.nist.gov/pub/
or ftp://tycho.usno.navy.mil/pub/ntp/) contains the master copy should
automatic leapfile updates be disabled (default).

Automatic leapfile updates are fetched from $ntp_leapfile_sources,
defaulting to https://www.ietf.org/timezones/data/leap-seconds.list,
within $ntp_leapfile_expiry_days (default 30 days) from leap-seconds
file expiry. Automatic updates can be enabled by setting
$daily_ntpd_leapfile_enable="YES" in periodic.conf. To avoid congesting
the ntp leapfile source the automatic update randomized by default but
can be disabled through daily_ntpd_avoid_congestion="NO" in
periodic.conf.

Suggested by:	des
Reviewed by:	des, roberto, dwmalone, ian, cperciva, glebius, gjb
MFC after:	1 week
X-MFC with:	r289421, r293037
2016-01-26 07:06:44 +00:00
Jamie Gritton
0e00d580ff Allow the (old rc-style) exec_afterstart jail parameters to start numbering
at 0, like exec_prestart and the others do.  Make param0 optional, i.e.
still look for param1.

PR:		142973
MFC after:	3 days
2016-01-25 22:14:31 +00:00
Dag-Erling Smørgrav
a65e87276e Do not generate RSA1 or DSA keys by default. 2016-01-22 12:14:08 +00:00
Gleb Smirnoff
d519cedbad Provide new socket option TCP_CCALGOOPT, which stands for TCP congestion
control algorithm options.  The argument is variable length and is opaque
to TCP, forwarded directly to the algorithm's ctl_output method.

Provide new includes directory netinet/cc, where algorithm specific
headers can be installed.

The new API doesn't yet have any in tree consumers.

The original code written by lstewart.
Reviewed by:	rrs, emax
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D711
2016-01-22 02:07:48 +00:00
Warner Losh
4153c21113 Add ldconfig -soft to process the soft float abi libraries and put it
into startup scripts for armv6. It acts much like ldconfig -32 does.
2016-01-18 21:40:18 +00:00
Baptiste Daroussin
2b774394cc Update mandoc to 20160116 2016-01-15 23:28:12 +00:00
Edward Tomasz Napierala
a9a9fa410d Wrap overlong comment lines.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-01-14 16:55:07 +00:00
Edward Tomasz Napierala
0851a9b1a1 Fix the code to retry mount attempt in mountcritlocal if there are
any root mount holds.  The previous one used a wrong conditional - the
"err=$?" assignment resets "$?" to 0.

Submitted by:	jilles@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2016-01-14 16:53:17 +00:00
Gleb Smirnoff
dc5f4fa86e Install /etc/snmpd.config with 0600 permissions.
Noticed by:	Pierre Kim
Security:	SA-16:06.snmpd
Pointy hat to:	glebius in 2005
2016-01-14 10:25:18 +00:00
Enji Cooper
09d986419d Integrate
tools/regression/geom_{concat,eli,gate,mirror,nop,raid3,shsec,stripe,uzip}
in to the FreeBSD test suite as
tests/sys/geom/class/{concat,eli,gate,mirror,nop,raid3,shsec,stripe,uzip}

The tools/regression/geom and tools/regression/geom_part testcases are being
left alone because both test sets are both currently broken.

The majority of this work was done on ^/user/ngie/more-tests2 . The differences
are as follows:
- tests/sys/geom/class/Makefile.inc is not present; it was
  inlined into the class's Makefiles for explicitness.
- The testcases officially require root via kyua
- The geom_gate(4) tests don't use the pidfile changes proposed in
  https://reviews.freebsd.org/D4836 .

MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division
2016-01-13 09:14:27 +00:00
Marcelo Araujo
3bf7d9a6eb ypldap(8) is a feature ready to be used to translate nis(8) database to ldap(3).
This commit, fix a core dump on ypldap(8) related with memory allocation.
Also an example of how to set the ypldap.conf(5) properly is added to
examples files.

A new user _ypldap is required to be able to run ypldap(8) as well as
in a chroot mode.

Reviewed by:	rodrigc (mentor), bjk
Approved by:	bapt (mentor)
Relnotes:	Yes
Sponsored by:	gandi.net
Differential Revision:	https://reviews.freebsd.org/D4744
2016-01-13 01:49:35 +00:00
Warner Losh
3e972f4409 Try a little harder to remove firstboot and firstboot-reboot files in
case they accidentally get created as directories or with flags that
prevent their removal. While I wouldn't normally go the extra mile
here and let the normal unix rules prevail, the effects of failure are
large enough that extra care is warranted.
2016-01-06 17:13:40 +00:00
Alan Somers
a85f12322c "source routing" in rpcbind
Fix a bug in rpcbind for multihomed hosts. If the server had interfaces on
two separate subnets, and a client on the first subnet contacted rpcbind at
the address on the second subnet, rpcbind would advertise addresses on the
first subnet. This is a bug, because it should prefer to advertise the
address where it was contacted. The requested service might be firewalled
off from the address on the first subnet, for example.

usr.sbin/rpcbind/check_bound.c
	If the address on which a request was received is known, pass that
	to addrmerge as the clnt_uaddr parameter. That is what addrmerge's
	comment indicates the parameter is supposed to mean. The previous
	behavior is that clnt_uaddr would contain the address from which the
	client sent the request.

usr.sbin/rpcbind/util.c
	Modify addrmerge to prefer to use an IP that is equal to clnt_uaddr,
	if one is found. Refactor the relevant portion of the function for
	clarity, and to reduce the number of ifdefs.

etc/mtree/BSD.tests.dist
usr.sbin/rpcbind/tests/Makefile
usr.sbin/rpcbind/tests/addrmerge_test.c
	Add unit tests for usr.sbin/rpcbind/util.c:addrmerge.

usr.sbin/rpcbind/check_bound.c
usr.sbin/rpcbind/rpcbind.h
usr.sbin/rpcbind/util.c
	Constify some function arguments

Reviewed by:	imp
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D4690
2016-01-06 00:00:11 +00:00
Warner Losh
71b902050d Use the more proper -f. Leave /bin/rm in place since that's what
other rc scripts have, though it isn't strictly necessary.
2016-01-05 21:20:47 +00:00
Warner Losh
d3e4bc1271 Use /bin/rm to remove /firstboot*. Otherwise rm -i alias is picked
up and can cause issues on boot with the prompts. Fix the read-only
root case with horrible kludge of mounting rw removing the files, then
mounting ro. But since that's no more horrible than the kludge of
using marker files in /. With this change, NanoBSD configs can safely
use /firstboot + growfs to produce minimal images that grow to the
size of the card.
2016-01-03 19:18:48 +00:00
Warner Losh
2db56e791f Add libsoft to the tree, just like lib32. 2016-01-03 04:32:05 +00:00
Cy Schubert
72b4a35f34 Update leap-seconds to latest. This will satisfy the ntpd leap-second
version check.

Obtained from:	ftp://tycho.usno.navy.mil/pub/ntp/.
See also:	http://www.iers.org/SharedDocs/News/EN/BulletinC.html
2016-01-01 11:57:32 +00:00
Jamie Gritton
e4e5904ffe Let old-style (shell-based) jail configuration handle jail names that
contain characters not allowed in a shell variable (such as "-").
These will be replaced by an underscore in jail config variables,
e.g. for jail "foo-bar" you would set "jail_foo_bar_hostname".

This is separate from the current code that changes the jail names
if they contain "." or "/".  It also doesn't apply to jails defined
in a jail.conf file.

PR:		191181
MFC after:	5 days
2015-12-26 23:01:34 +00:00
Ian Lepore
630c9dba7a Enhance rc.d/netwait script to wait for late-attaching interfaces such as
USB NICs.

USB network hardware may not be enumerated and available when the rc.d
networking scripts run. Eventually the USB attachment completes and devd
events cause the network initialization to happen, but by then other rc.d
scripts have already failed, because services which depend on NETWORKING
(such as mountcritremote) may end up running before the network is actually
ready.

There is an existing netwait script, but because it is dependent on
NETWORKING it runs too late to prevent failure of some other rc
scripts. This change flips the order so that NETWORKING depends on netwait,
and netwait now depends on devd and routing (the former is needed to make
interfaces appear, and the latter is needed to run the ping tests in
netwait).

The netwait script used to be oriented primarily towards "as soon as any
host is reachable the network is fully functional", so you gave it a list of
IPs to try and you could optionally name an interface and it would wait for
carrier on that interface. That functionality still works the same, but now
you can provide a list of interfaces to wait for and it waits until each one
of them is available. The ping logic still completes as soon as the first IP
on the list responds.

These changes were submitted by Brenden Molloy <brendan+freebsd@bbqsrc.net>
in PR 205186, and lightly modified by me to allow a list of interfaces
instead of just one.

PR:		205186
Differential Revision:	https://reviews.freebsd.org/D4608 (timeout w/o review)
2015-12-26 18:21:32 +00:00
Dimitry Andric
9a4b31181f Upgrade our copies of clang and llvm to 3.7.1 release. This is a
bugfix-only release, with no new features.

Please note that from 3.5.0 onwards, clang and llvm require C++11
support to build; see UPDATING for more information.
2015-12-25 21:39:45 +00:00
Jeremie Le Hen
a8f3e8d264 Replace all whitespaces between port name and number with tabs, 2015-12-24 16:35:28 +00:00
Enji Cooper
870c2f7af9 Integrate tools/regression/mac/mac_bsdextended and
tools/regression/mac/mac_portacl into the FreeBSD test suite as
tests/sys/mac/bsdextended and tests/sys/mac/portacl, respectively

MFC after: 1 month
Sponsored by: EMC / Isilon Storage Division
2015-12-21 21:24:03 +00:00
Jeremie Le Hen
3c62527d03 Add port for IRC over TLS/SSL, as noted in RFC 7194.
PR:		192505
Submitted by:	loic.blot@unix-experience.fr
MFC after:	3 days
2015-12-21 20:14:40 +00:00
Enji Cooper
439006f6d7 Fix whitespace issues in BSD.usr.dist introduced in r291455
Sponsored by: EMC / Isilon Storage Division
2015-12-19 23:02:18 +00:00
Enji Cooper
08ca345cfd Integrate tools/regression/lib/libc/nss into the FreeBSD test suite as
lib/libc/tests/nss

- Convert the testcases to ATF
- Do some style(9) cleanups:
-- Sort headers
-- Apply indentation fixes
-- Remove superfluous parentheses
- Explicitly print out debug printfs for use with `kyua {debug,report}`; for
  items that were overly noisy, they've been put behind #ifdef DEBUG
  conditionals
- Fix some format strings

MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2015-12-16 08:09:03 +00:00
Enji Cooper
9ada6f3369 Integrate tools/regression/lib/libc/resolv into the FreeBSD test suite as
lib/libc/tests/resolv

Convert the testcases to ATF

MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
2015-12-16 05:11:57 +00:00
Kurt Lidl
1c34f9114e Skip unavailable pools when running zfs pool scrubs
Approved by:	rpaulo (mentor)
Differential Revision:	https://reviews.freebsd.org/D4588
2015-12-16 04:32:33 +00:00
Ruslan Bukin
1fdcc5e5c0 Start support for the RISC-V 64-bit architecture developed by UC Berkeley.
RISC-V is a new ISA designed to support computer research and education, and
is now become a standard open architecture for industry implementations.

This is a minimal set of changes required to run 'make kernel-toolchain'
using external (GNU) toolchain.

The FreeBSD/RISC-V project home: https://wiki.freebsd.org/riscv.

Reviewed by:	andrew, bdrewery, emaste, imp
Sponsored by:	DARPA, AFRL
Sponsored by:	HEIF5
Differential Revision:	https://reviews.freebsd.org/D4445
2015-12-11 22:55:23 +00:00
Jilles Tjoelker
80fe6bcf09 rc.subr: Check for running daemons before a custom start_cmd is executed.
Currently rc scripts implementing their own start_cmd do not enjoy the
benefits of rc.subr's own check for rc_pid.

This leads to around a third of ports with such a start_cmd not to check for
the process at all and two thirds of ports to re-implement this check
(sometimes wrongly).

This patch moves the check for rc_pid to before ${rc_arg}_cmd is executed.

Submitted by:	Dirk Engling
Reviewed by:	feld
MFC after:	1 week
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D4156
2015-12-04 16:32:29 +00:00
Hans Petter Selasky
7770ce47bb Regenerate usb.conf .
MFC after:	1 week
2015-12-03 16:54:45 +00:00
Edward Tomasz Napierala
0a2a3753ef Modify the rctl rc script to add multiple rules in a single run.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2015-12-01 16:42:39 +00:00
Dag-Erling Smørgrav
a677ee8beb Load our configuration before setting defaults, so local_unbound_workdir
actually has an effect.

PR:		204931
Submitted by:	Eugene Grosbein <eugen@grosbein.net>
MFC after:	1 week
2015-12-01 13:20:21 +00:00