rename the previous one to indicate that it's not just high, it's
extreme (everything off, secure level raised).
Submitted mostly by: Tony Finch <dot@dotat.at>
Approved by: jkh
Write kern_securelevel_enable variable to rc.conf if user selects
medium or low security in sysinstall. This overrides the case where a
user selects fascist security and then tries to go back to a lower
setting.
appropriate(?) defaults for "low", "medium" and "high" security
environments. Medium is basically what we currently have with a little
seat-belt tightening where it made sense. Low is the same as medium but
without the tightening. High is positively fascist with nothing turned
on by default and an automatic call to 911 if it can find a modem.
Make sysinstall override this on install, so the effective behavioural
change for a newly installed system is null. Overall, this makes a system
with an empty /etc/rc.conf not run any network services, and makes the
FreeBSD-provided network services that are running visible in /etc/rc.conf
(instead of making people look through /etc/defaults/rc.conf to find the
things they need to disable to secure the system.)
Reviewed by: jhb
Discussed with: The usual cabal
does bad things to /etc/make.conf in certain situations. Also
soften the "don't install crypto from the USA!" messages since,
except for RSA (which is still noted), that's not so true anymore.
IPv6 configuration is only done by rtsol. Does someone really
need manual configuration? :-)
You can specify IPv6 DNS server as well.
We have only one server ftp7.jp.freebsd.org that speaks IPv6
in this time. ftp7.jp speaks IPv4 as well and also listed as
Japan #7.
Approved by: jkh
be detected by netscape and such.
PR: bin/17659
Submitted by: Murray Stokelay <murray@cdrom.com>
Approved by: jkh
jkh made updates that conflict with the submitters patch, so I updated
accordingly, any mistakes are mine, not the submitters.
as redoing all the menus to have proper, or at least non-hallucinogenic,
keyboard accelerators.
This requires my recent update to libdialog to work properly and will
probably also exhibit some other "interesting" behavior while the last
few missing screen clears are found (which is why I'm not going to MFC
immediately). At least now, however, sysinstall does not gratuitously
redraw random screens at the drop of a hat and drive serial console
installers out of their minds.
I backed-out the changes in -current and didn't touch stable at all (I
thought I had my patch order reversed, not what actually happened).
AIEEE! I can't even blame the crack for this one since I broke my
crack pipe a few weeks ago. I think sleep deprivation gets the blame
for this one.
Medal for noticing this one goes to: Jim Bloom <bloom@acm.org>
bringing in DHCP support. The only thing I left out were Poul-Henning's
newfs changes since I'm not sure if he's brought the rest of that support
into -stable yet. If it turns out that this is the case, I'll MFC those
changes too.
on CDs and FTP sites.
o Collapse some redundant code.
o Fix typo'd menu.
o Restrict searches properly to packages rather than categories.
o Small tweaks to signal handling.
All RELENG_3 candidates.
feature of packages now so that no version info is embedded.
o Add a default X desktop menu offering afterstep, enlightenment, KDE, GNOME
and Windowmaker desktops instead of the boring twm(1) based one if the
user so chooses. This will require a little testing.
Now we know which variables are internal and which need to be
backed to /etc/rc.conf.site. rc.conf is not touched now.
Also kget kernel change information back properly and set up a loader.rc
file to use it.
Jordan K. Hubbard
Murray Stokely
John W. De Boskey
Eivind Eklund
John Baldwin
Hajimu UMEMOTO
Bill Fumerola
Peter Wemm