#
296373 |
|
04-Mar-2016 |
marius |
- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1 builds. - Update newvers.sh to reflect RC1. - Update __FreeBSD_version to reflect 10.3. - Update default pkg(8) configuration to use the quarterly branch.
Approved by: re (implicit) |
#
295461 |
|
10-Feb-2016 |
cy |
MFC r289421, r293037, r294773, and r294884.
ntp leap-leapseconds support.
r289421:
Add default leap-seconds file. This should help ntp networks get the leap second date correct
Updates to the file can be obtained from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/.
r293037:
Update leap-seconds to latest. This will satisfy the ntpd leap-second version check.
r294773:
Add support for automatic leap-second file updates.
The working copy of leapfile resides in /var/dbntpd.leap-seconds.list. /etc/ntp/leap-seconds (periodically updated from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/) contains the master copy should automatic leapfile updates be disabled (default).
Automatic leapfile updates are fetched from $ntp_leapfile_sources, defaulting to https://www.ietf.org/timezones/data/leap-seconds.list, within $ntp_leapfile_expiry_days (default 30 days) from leap-seconds file expiry. Automatic updates can be enabled by setting $daily_ntpd_leapfile_enable="YES" in periodic.conf. To avoid congesting the ntp leapfile source the automatic update randomized by default but can be disabled through daily_ntpd_avoid_congestion="NO" in periodic.conf.
r294884:
Allow specification of fetch options for ntp leap-seconds fetch.
Approved by: re (gjb)
|
#
294680 |
|
24-Jan-2016 |
ian |
MFC r292752:
Enhance rc.d/netwait script to wait for late-attaching interfaces such as USB NICs.
USB network hardware may not be enumerated and available when the rc.d networking scripts run. Eventually the USB attachment completes and devd events cause the network initialization to happen, but by then other rc.d scripts have already failed, because services which depend on NETWORKING (such as mountcritremote) may end up running before the network is actually ready.
There is an existing netwait script, but because it is dependent on NETWORKING it runs too late to prevent failure of some other rc scripts. This change flips the order so that NETWORKING depends on netwait, and netwait now depends on devd and routing (the former is needed to make interfaces appear, and the latter is needed to run the ping tests in netwait).
The netwait script used to be oriented primarily towards "as soon as any host is reachable the network is fully functional", so you gave it a list of IPs to try and you could optionally name an interface and it would wait for carrier on that interface. That functionality still works the same, but now you can provide a list of interfaces to wait for and it waits until each one of them is available. The ping logic still completes as soon as the first IP on the list responds.
These changes were submitted by Brenden Molloy <brendan+freebsd@bbqsrc.net> in PR 205186, and lightly modified by me to allow a list of interfaces instead of just one.
PR: 205186 Relnotes: yes
|
#
292233 |
|
14-Dec-2015 |
rmacklem |
MFC: r291536 Add support for the new "-manage-gids" option for the nfsuserd daemon to the rc scripts. With these changes, setting nfs_server_managegids="YES" in /etc/rc.conf will enable this capability.
Relnotes: yes
|
#
285823 |
|
23-Jul-2015 |
hrs |
MFC r274841
Remove examples of gif_interfaces and gifconfig. These have already been marked as deprecated in rc.conf(5) manual page but these examples were still here.
Approved by: re (gjb)
|
#
284952 |
|
30-Jun-2015 |
des |
MFH (r270391): don't set rc_debug in /etc/defaults/rc.conf
|
#
276504 |
|
01-Jan-2015 |
trasz |
MFC r274965:
Make it possible to specify flags for autofs daemons in rc.conf.
Sponsored by: The FreeBSD Foundation
|
#
272870 |
|
10-Oct-2014 |
hrs |
MFC r271663: Fix a typo; master server for iprop service should be singular.
|
#
272862 |
|
09-Oct-2014 |
hrs |
MFC r270782:
Restructure rc.d scripts for kerberos5 daemons:
- Rename $kerberos5_server_enable with $kdc_enable and rename rc.d/kerberos with rc.d/kdc.
- Rename $kadmin5_server_enable with $kadmind_enable.
- Rename ${kerberos5,kpasswdd}_server with ${kdc,kpasswdd}_program.
- Fix rc.d/{kadmind,kerberos,kpasswdd,kfd} scripts not to change variables after load_rc_config().
- Add rc.d/ipropd_master and rc.d/ipropd_slave scripts. These are for iprop-master(8) and iprop-slave(8). Keytab used for iprop service is defined in ipropd_{master,slave}_keytab (/etc/krb5.keytab by default).
- Add dependency on rc.d/kdc to SERVERS. rc.d/kdc must be invoked as early as possible before scripts divided by rc.d/SERVERS.
Note that changes to rc.d/{kdc,kpasswdd,kadmind} are backward-compatible with the old configuration variables: ${kerberos5,kpasswdd,kadmin5}_server{,_enable,_flags}.
|
#
272861 |
|
09-Oct-2014 |
hrs |
MFC r270780: Fix rc.d/gssd script to define the default values in a standard way.
MFC r270781: - Add a warning message when an IPv6 address is specified with no prefixlen. - Use a parameter argument in jls(8) instead of doing grep.
|
#
272577 |
|
05-Oct-2014 |
bdrewery |
MFC r271424:
- Add $netif_ipexpand_max to specify the upper limit for the number of addresses generated by an address range specification. The default value is 2048. This can be increased by setting $netif_ipexpand_max in rc.conf.
PR: 186841
|
#
272078 |
|
24-Sep-2014 |
peter |
MFC r269392: Add /usr/lib32/compat to the default ld-elf32.so.1 path.
Approved by: re (gjb, delphij)
|
#
271095 |
|
04-Sep-2014 |
se |
MFC r270647: Add references to vt(4) and the configuration files in /usr/sha MFC r270653: Update man-pages to correctly refer to changed pathes and namin MFC r270657: More man pages that need to know about vt in addition to syscon MFC r270659: (by pluknet@) Missed comma. MFC r270660: Back-out the references to vt(4) from this man-page. It appears MFC r270933: Add references to vt(4) to further man-pages. MFC r270934: Final patches to the tools used to convert syscons keymaps for MFC r270935: Add vt(4) support to the console initialisation script, specifi
Second batch of MFCs to add support for Unicode keymaps for use with vt(4).
It contains the following changes:
- Add references to vt(4) to relevant man-pages. - Update comment in defaults/rc.conf to mention vt - Update rc.d/syscons to warn about syscons keymaps used under vt. An attempt is made to identify the vt keymap to load instead. - Minor changes to the conversion tool based on mail comments on keymaps.
Relnotes: yes
|
#
270892 |
|
31-Aug-2014 |
trasz |
MFC r270096:
Bring in the new automounter, similar to what's provided in most other UNIX systems, eg. MacOS X and Solaris. It uses Sun-compatible map format, has proper kernel support, and LDAP integration.
There are still a few outstanding problems; they will be fixed shortly.
Reviewed by: allanjude@, emaste@, kib@, wblock@ (earlier versions) Phabric: D523 Relnotes: yes Sponsored by: The FreeBSD Foundation
|
#
265122 |
|
30-Apr-2014 |
delphij |
Fix devfs rules not applied by default for jails.
Fix OpenSSL use-after-free vulnerability.
Fix TCP reassembly vulnerability.
Security: FreeBSD-SA-14:07.devfs Security: CVE-2014-3001 Security: FreeBSD-SA-14:08.tcp Security: CVE-2014-3000 Security: FreeBSD-SA-14:09.openssl Security: CVE-2010-5298
|
#
262384 |
|
23-Feb-2014 |
bdrewery |
MFC r261931,r261932:
Allow overriding rctl.conf(5) file location for /etc/rc.d/rctl
Approved by: bapt (mentor, implicit)
|
#
262122 |
|
17-Feb-2014 |
mav |
MFC r260486: Remove very low default limit of 4 nfsd threads. nfsd's own default is 8 * hw.ncpu, that sounds more appropriate for these SMP/NCQ/... days.
|
#
258121 |
|
14-Nov-2013 |
glebius |
Merge r257694 from head:
Remove remnants of BIND from /etc, since there is no BIND in base now.
Sorry, that would break users running head and BIND from ports, since ports rely on these scripts. The ports will be fixed soon.
Approved by: re (kib)
|
#
256982 |
|
23-Oct-2013 |
jmg |
MFC r256773: Enable the automatic creation of a certificate (if one does not exists) and enable the usage by sendmail if sendmail is enabled.
Reviewed by: gshapiro Approved by: re (gjb)
|
#
256916 |
|
22-Oct-2013 |
cperciva |
MFC r256775,r256776: Add support for "first boot" rc.d scripts.
Document this new functionality in rc.conf(5) and rc(8).
Bump __FreeBSD_version so that ports can make use of this.
Approved by: re (gjb)
|
#
256381 |
|
12-Oct-2013 |
markm |
Merge from project branch via main. Uninteresting commits are trimmed.
Refactor of /dev/random device. Main points include:
* Userland seeding is no longer used. This auto-seeds at boot time on PC/Desktop setups; this may need some tweeking and intelligence from those folks setting up embedded boxes, but the work is believed to be minimal.
* An entropy cache is written to /entropy (even during installation) and the kernel uses this at next boot.
* An entropy file written to /boot/entropy can be loaded by loader(8)
* Hardware sources such as rdrand are fed into Yarrow, and are no longer available raw.
------------------------------------------------------------------------ r256240 | des | 2013-10-09 21:14:16 +0100 (Wed, 09 Oct 2013) | 4 lines
Add a RANDOM_RWFILE option and hide the entropy cache code behind it. Rename YARROW_RNG and FORTUNA_RNG to RANDOM_YARROW and RANDOM_FORTUNA. Add the RANDOM_* options to LINT.
------------------------------------------------------------------------ r256239 | des | 2013-10-09 21:12:59 +0100 (Wed, 09 Oct 2013) | 2 lines
Define RANDOM_PURE_RNDTEST for rndtest(4).
------------------------------------------------------------------------ r256204 | des | 2013-10-09 18:51:38 +0100 (Wed, 09 Oct 2013) | 2 lines
staticize struct random_hardware_source
------------------------------------------------------------------------ r256203 | markm | 2013-10-09 18:50:36 +0100 (Wed, 09 Oct 2013) | 2 lines
Wrap some policy-rich code in 'if NOTYET' until we can thresh out what it really needs to do.
------------------------------------------------------------------------ r256184 | des | 2013-10-09 10:13:12 +0100 (Wed, 09 Oct 2013) | 2 lines
Re-add /dev/urandom for compatibility purposes.
------------------------------------------------------------------------ r256182 | des | 2013-10-09 10:11:14 +0100 (Wed, 09 Oct 2013) | 3 lines
Add missing include guards and move the existing ones out of the implementation namespace.
------------------------------------------------------------------------ r256168 | markm | 2013-10-08 23:14:07 +0100 (Tue, 08 Oct 2013) | 10 lines
Fix some just-noticed problems:
o Allow this to work with "nodevice random" by fixing where the MALLOC pool is defined.
o Fix the explicit reseed code. This was correct as submitted, but in the project branch doesn't need to set the "seeded" bit as this is done correctly in the "unblock" function.
o Remove some debug ifdeffing.
o Adjust comments.
------------------------------------------------------------------------ r256159 | markm | 2013-10-08 19:48:11 +0100 (Tue, 08 Oct 2013) | 6 lines
Time to eat crow for me.
I replaced the sx_* locks that Arthur used with regular mutexes; this turned out the be the wrong thing to do as the locks need to be sleepable. Revert this folly.
# Submitted by: Arthur Mesh <arthurmesh@gmail.com> (In original diff)
------------------------------------------------------------------------ r256138 | des | 2013-10-08 12:05:26 +0100 (Tue, 08 Oct 2013) | 10 lines
Add YARROW_RNG and FORTUNA_RNG to sys/conf/options.
Add a SYSINIT that forces a reseed during proc0 setup, which happens fairly late in the boot process.
Add a RANDOM_DEBUG option which enables some debugging printf()s.
Add a new RANDOM_ATTACH entropy source which harvests entropy from the get_cyclecount() delta across each call to a device attach method.
------------------------------------------------------------------------ r256135 | markm | 2013-10-08 07:54:52 +0100 (Tue, 08 Oct 2013) | 8 lines
Debugging. My attempt at EVENTHANDLER(multiuser) was a failure; use EVENTHANDLER(mountroot) instead.
This means we can't count on /var being present, so something will need to be done about harvesting /var/db/entropy/... .
Some policy now needs to be sorted out, and a pre-sync cache needs to be written, but apart from that we are now ready to go.
Over to review.
------------------------------------------------------------------------ r256094 | markm | 2013-10-06 23:45:02 +0100 (Sun, 06 Oct 2013) | 8 lines
Snapshot.
Looking pretty good; this mostly works now. New code includes:
* Read cached entropy at startup, both from files and from loader(8) preloaded entropy. Failures are soft, but announced. Untested.
* Use EVENTHANDLER to do above just before we go multiuser. Untested.
------------------------------------------------------------------------ r256088 | markm | 2013-10-06 14:01:42 +0100 (Sun, 06 Oct 2013) | 2 lines
Fix up the man page for random(4). This mainly removes no-longer-relevant details about HW RNGs, reseeding explicitly and user-supplied entropy.
------------------------------------------------------------------------ r256087 | markm | 2013-10-06 13:43:42 +0100 (Sun, 06 Oct 2013) | 6 lines
As userland writing to /dev/random is no more, remove the "better than nothing" bootstrap mode.
Add SWI harvesting to the mix.
My box seeds Yarrow by itself in a few seconds! YMMV; more to follow.
------------------------------------------------------------------------ r256086 | markm | 2013-10-06 13:40:32 +0100 (Sun, 06 Oct 2013) | 11 lines
Debug run. This now works, except that the "live" sources haven't been tested. With all sources turned on, this unlocks itself in a couple of seconds! That is no my box, and there is no guarantee that this will be the case everywhere.
* Cut debug prints.
* Use the same locks/mutexes all the way through.
* Be a tad more conservative about entropy estimates.
------------------------------------------------------------------------ r256084 | markm | 2013-10-06 13:35:29 +0100 (Sun, 06 Oct 2013) | 5 lines
Don't use the "real" assembler mnemonics; older compilers may not understand them (like when building CURRENT on 9.x).
# Submitted by: Konstantin Belousov <kostikbel@gmail.com>
------------------------------------------------------------------------ r256081 | markm | 2013-10-06 10:55:28 +0100 (Sun, 06 Oct 2013) | 12 lines
SNAPSHOT.
Simplify the malloc pools; We only need one for this device.
Simplify the harvest queue.
Marginally improve the entropy pool hashing, making it a bit faster in the process.
Connect up the hardware "live" source harvesting. This is simplistic for now, and will need to be made rate-adaptive.
All of the above passes a compile test but needs to be debugged.
------------------------------------------------------------------------ r256042 | markm | 2013-10-04 07:55:06 +0100 (Fri, 04 Oct 2013) | 25 lines
Snapshot. This passes the build test, but has not yet been finished or debugged.
Contains:
* Refactor the hardware RNG CPU instruction sources to feed into the software mixer. This is unfinished. The actual harvesting needs to be sorted out. Modified by me (see below).
* Remove 'frac' parameter from random_harvest(). This was never used and adds extra code for no good reason.
* Remove device write entropy harvesting. This provided a weak attack vector, was not very good at bootstrapping the device. To follow will be a replacement explicit reseed knob.
* Separate out all the RANDOM_PURE sources into separate harvest entities. This adds some secuity in the case where more than one is present.
* Review all the code and fix anything obviously messy or inconsistent. Address som review concerns while I'm here, like rename the pseudo-rng to 'dummy'.
# Submitted by: Arthur Mesh <arthurmesh@gmail.com> (the first item)
------------------------------------------------------------------------ r255319 | markm | 2013-09-06 18:51:52 +0100 (Fri, 06 Sep 2013) | 4 lines
Yarrow wants entropy estimations to be conservative; the usual idea is that if you are certain you have N bits of entropy, you declare N/2.
------------------------------------------------------------------------ r255075 | markm | 2013-08-30 18:47:53 +0100 (Fri, 30 Aug 2013) | 4 lines
Remove short-lived idea; thread to harvest (eg) RDRAND enropy into the usual harvest queues. It was a nifty idea, but too heavyweight.
# Submitted by: Arthur Mesh <arthurmesh@gmail.com>
------------------------------------------------------------------------ r255071 | markm | 2013-08-30 12:42:57 +0100 (Fri, 30 Aug 2013) | 4 lines
Separate out the Software RNG entropy harvesting queue and thread into its own files.
# Submitted by: Arthur Mesh <arthurmesh@gmail.com>
------------------------------------------------------------------------ r254934 | markm | 2013-08-26 20:07:03 +0100 (Mon, 26 Aug 2013) | 2 lines
Remove the short-lived namei experiment.
------------------------------------------------------------------------ r254928 | markm | 2013-08-26 19:35:21 +0100 (Mon, 26 Aug 2013) | 2 lines
Snapshot; Do some running repairs on entropy harvesting. More needs to follow.
------------------------------------------------------------------------ r254927 | markm | 2013-08-26 19:29:51 +0100 (Mon, 26 Aug 2013) | 15 lines
Snapshot of current work;
1) Clean up namespace; only use "Yarrow" where it is Yarrow-specific or close enough to the Yarrow algorithm. For the rest use a neutral name.
2) Tidy up headers; put private stuff in private places. More could be done here.
3) Streamline the hashing/encryption; no need for a 256-bit counter; 128 bits will last for long enough.
There are bits of debug code lying around; these will be removed at a later stage.
------------------------------------------------------------------------ r254784 | markm | 2013-08-24 14:54:56 +0100 (Sat, 24 Aug 2013) | 39 lines
1) example (partially humorous random_adaptor, that I call "EXAMPLE") * It's not meant to be used in a real system, it's there to show how the basics of how to create interfaces for random_adaptors. Perhaps it should belong in a manual page
2) Move probe.c's functionality in to random_adaptors.c * rename random_ident_hardware() to random_adaptor_choose()
3) Introduce a new way to choose (or select) random_adaptors via tunable "rngs_want" It's a list of comma separated names of adaptors, ordered by preferences. I.e.: rngs_want="yarrow,rdrand"
Such setting would cause yarrow to be preferred to rdrand. If neither of them are available (or registered), then system will default to something reasonable (currently yarrow). If yarrow is not present, then we fall back to the adaptor that's first on the list of registered adaptors.
4) Introduce a way where RNGs can play a role of entropy source. This is mostly useful for HW rngs.
The way I envision this is that every HW RNG will use this functionality by default. Functionality to disable this is also present. I have an example of how to use this in random_adaptor_example.c (see modload event, and init function)
5) fix kern.random.adaptors from kern.random.adaptors: yarrowpanicblock to kern.random.adaptors: yarrow,panic,block
6) add kern.random.active_adaptor to indicate currently selected adaptor: root@freebsd04:~ # sysctl kern.random.active_adaptor kern.random.active_adaptor: yarrow
# Submitted by: Arthur Mesh <arthurmesh@gmail.com>
Submitted by: Dag-Erling Smørgrav <des@FreeBSD.org>, Arthur Mesh <arthurmesh@gmail.com> Reviewed by: des@FreeBSD.org Approved by: re (delphij) Approved by: secteam (des,delphij)
|
#
256283 |
|
10-Oct-2013 |
gjb |
- Remove debugging from GENERIC* kernel configurations - Enable MALLOC_PRODUCTION - Default dumpdev=NO - Remove UPDATING entry regarding debugging features - Bump __FreeBSD_version to 1000500
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
256256 |
|
10-Oct-2013 |
hrs |
- Update rc.d/jail to use a jail(8) configuration file instead of command line options. The "jail_<jname>_*" rc.conf(5) variables for per-jail configuration are automatically converted to /var/run/jail.<jname>.conf before the jail(8) utility is invoked. This is transparently backward compatible.
- Fix a minor bug in jail(8) which prevented it from returning false when jail -r failed.
Approved by: re (glebius)
|
#
255809 |
|
23-Sep-2013 |
des |
Add a setup script for unbound(8) called local-unbound-setup. It generates a configuration suitable for running unbound as a caching forwarding resolver, and configures resolvconf(8) to update unbound's list of forwarders in addition to /etc/resolv.conf. The initial list is taken from the existing resolv.conf, which is rewritten to point to localhost. Alternatively, a list of forwarders can be provided on the command line.
To assist this script, add an rc.subr command called "enabled" which does nothing except return 0 if the service is enabled and 1 if it is not, without going through the usual checks. We should consider doing the same for "status", which is currently pointless.
Add an rc script for unbound, called local_unbound. If there is no configuration file, the rc script runs local-unbound-setup to generate one.
Note that these scripts place the unbound configuration files in /var/unbound rather than /etc/unbound. This is necessary so that unbound can reload its configuration while chrooted. We should probably provide symlinks in /etc.
Approved by: re (blanket)
|
#
255570 |
|
14-Sep-2013 |
trasz |
Bring in the new iSCSI target and initiator.
Reviewed by: ken (parts) Approved by: re (delphij) Sponsored by: FreeBSD Foundation
|
#
252356 |
|
28-Jun-2013 |
davide |
- Trim an unused and bogus Makefile for mount_smbfs. - Reconnect with some minor modifications, in particular now selsocket() internals are adapted to use sbintime units after recent'ish calloutng switch.
|
#
252310 |
|
27-Jun-2013 |
hrs |
- Add vnode-backed swap space specification support. This is enabled when device names "md" or "md[0-9]*" and a "file" option are specified in /etc/fstab like this:
md none swap sw,file=/swap.bin 0 0
- Add GBDE/GELI encrypted swap space specification support, which rc.d/encswap supported. The /etc/fstab lines are like the following:
/dev/ada1p1.bde none swap sw 0 0 /dev/ada1p2.eli none swap sw 0 0
.eli devices accepts aalgo, ealgo, keylen, and sectorsize as options.
swapctl(8) can understand an encrypted device in the command line like this:
# swapctl -a /dev/ada2p1.bde
- "-L" flag is added to support "late" option to defer swapon until rc.d/mountlate runs.
- rc.d script change:
rc.d/encswap -> removed rc.d/addswap -> just display a warning message if $swapfile is defined rc.d/swap1 -> renamed to rc.d/swap rc.d/swaplate -> newly added to support "late" option
These changes alleviate a race condition between device creation/removal and swapon/swapoff.
MFC after: 1 week Reviewed by: wblock (manual page)
|
#
251660 |
|
12-Jun-2013 |
crees |
Clean up swapfile memory disk on shutdown
Make the md unit number configurable so that it can be predicted
PR: bin/168544 Submitted by: wblock (based on) Approved by: kevlo
|
#
244323 |
|
16-Dec-2012 |
pjd |
Use new savecore(8) option and limit number of kernel dumps that will be kept around to the 10 most recent ones.
Add UPDATING entry with info how to return to the previous behaviour (no limits).
Obtained from: WHEEL Systems
|
#
243752 |
|
01-Dec-2012 |
rwatson |
Merge a number of changes required to hook up OpenBSM 1.2-alpha2's auditdistd (distributed audit daemon) to the build:
- Manual cross references - Makefile for auditdistd - rc.d script, rc.conf entrie - New group and user for auditdistd; associated aliases, etc.
The audit trail distribution daemon provides reliable, cryptographically protected (and sandboxed) delivery of audit tails from live clients to audit server hosts in order to both allow centralised analysis, and improve resilience in the event of client compromises: clients are not permitted to change trail contents after submission.
Submitted by: pjd Sponsored by: The FreeBSD Foundation (auditdistd)
|
#
241680 |
|
18-Oct-2012 |
attilio |
Disconnect non-MPSAFE SMBFS from the build in preparation for dropping GIANT from VFS. In addition, disconnect also netsmb, which is a base requirement for SMBFS.
In the while SMBFS regular users can use FUSE interface and smbnetfs port to work with their SMBFS partitions.
Also, there are ongoing efforts by vendor to support in-kernel smbfs, so there are good chances that it will get relinked once properly locked.
This is not targeted for MFC.
|
#
241629 |
|
17-Oct-2012 |
attilio |
Disconnect non-MPSAFE NWFS from the build in preparation for dropping GIANT from VFS. In addition, disconnect also netncp, which is a base requirement for NWFS.
In the possibility of a future maintenance of the code and later readd to the FreeBSD base, maybe we should think about a better location for netncp. I'm not entirely sure the / top location is actually right, however I will let network people to comment on that more specifically.
This is not targeted for MFC.
|
#
241606 |
|
16-Oct-2012 |
attilio |
Disconnect non-MPSAFE PORTALFS from the build in preparation for dropping GIANT from VFS.
This is not targeted for MFC.
|
#
239382 |
|
19-Aug-2012 |
kuriyama |
- Allow to pass extra parameters for each jails. - To achieve above, convert jail(8) invocation to use new style command line "-c" flag.
Reviewed at: freebsd-jail@
|
#
238416 |
|
13-Jul-2012 |
kevlo |
Whitespace nit
|
#
238277 |
|
09-Jul-2012 |
hrs |
Make ipfw0 logging pseudo-interface clonable. It can be created automatically by $firewall_logif rc.conf(5) variable at boot time or manually by ifconfig(8) after a boot.
Discussed on: freebsd-ipfw@
|
#
235107 |
|
06-May-2012 |
stas |
- Change kfd rc script to be more conformant with rcNG conventions: o change rcname to kfd; o move mandatory options to command_args; o add missing "shutdown" keyword; o fix require line. Kfd doesn't really need to be started before daemons.
Suggested by: dougb
|
#
234093 |
|
10-Apr-2012 |
stas |
- Add rc.d script for kfd, kerberos forwarded tickets daemon.
|
#
231862 |
|
17-Feb-2012 |
dougb |
Increase the default shutdown timer to 90 seconds. This will allow certain systems that take a long time to shut down, without adversely affecting things that shut down quickly. It's also 30 seconds less than the default hard limit of 120 seconds in kern.init_shutdown_timeout.
PR: conf/109272 Submitted by: Radim Kolar SF.NET <hsn@sendmail.cz>
|
#
231667 |
|
14-Feb-2012 |
dougb |
Fix various issues with the NFS and RPC related scripts:
1. Add new functionality to the force_depend method to incorporate the tests for whether the service is enabled and/or already running. 2. Add a new option to bypass checking only that the service is enabled at boot time, and always check if it is running. 3. Use this new functionality to greatly simplify the rc.d scripts that use force_depend. 4. Add a force_depend for statd in lockd 5. Remove the check that either nfs_server or nfs_client is _enable'd from statd and lockd. This was always overkill, and prevented using the {one|force}start options, as well as stop'ing on the command line. 6. The yp* scripts had some of their arguments in various weird orders. Bring them into line with the model. 7. If mountd fails to create /var/db/mountdtab, err out.
Ideas, suggestions, and/or review from delphij and jilles. Pointy hats are completely my responsibility however.
|
#
231194 |
|
08-Feb-2012 |
dougb |
As it stands right now, the default devfs rulesets are only loaded as a side effect of something else using them. If they haven't been loaded already but you want to use them, say for configuring a jail, you're out of luck.
So add a knob to always load the default rulesets. While I'm here document the other devfs_ knobs in rc.conf.5.
|
#
226654 |
|
23-Oct-2011 |
mm |
Add etc/rc.d/static_ndp, analogous to etc/rc.d/static_arp. Make sure that static ARP and NDP bindings are set before NETWORKING.
As static_ndp is based on static_arp, pass copyright to the project with permission of the original author (delphij@).
Reviewed by: delphij@FreeBSD.org MFC after: 3 days
|
#
225574 |
|
15-Sep-2011 |
dougb |
Correct the RFC number for the description of IPv6 privacy addressing
Reviewed by: bz Approved by: re (kib)
|
#
225521 |
|
13-Sep-2011 |
hrs |
Add $ipv6_cpe_wanif to enable functionality required for IPv6 CPE (r225485). When setting an interface name to it, the following configurations will be enabled:
1. "no_radr" is set to all IPv6 interfaces automatically.
2. "-no_radr accept_rtadv" will be set only for $ipv6_cpe_wanif. This is done just before evaluating $ifconfig_IF_ipv6 in the rc.d scripts (this means you can manually supersede this configuration if necessary).
3. The node will add RA-sending routers to the default router list even if net.inet6.ip6.forwarding=1.
This mode is added to conform to RFC 6204 (a router which connects the end-user network to a service provider network). To enable packet forwarding, you still need to set ipv6_gateway_enable=YES.
Note that accepting router entries into the default router list when packet forwarding capability and a routing daemon are enabled can result in messing up the routing table. To minimize such unexpected behaviors, "no_radr" is set on all interfaces but $ipv6_cpe_wanif.
Approved by: re (bz)
|
#
223310 |
|
19-Jun-2011 |
dougb |
Add the netwait rc.d script. It waits for the specified period for the network to become active.
PR: conf/151063 Submitted by: Jeremy Chadwick <freebsd@jdc.parodius.com>
|
#
223264 |
|
18-Jun-2011 |
dougb |
Add rc.d/kld to load kernel modules after local disks are up. This method is many times faster than doing it in /boot/loader.conf.
|
#
222993 |
|
11-Jun-2011 |
rmacklem |
Make three one line changes to the rc scripts so that they work with the new NFS client being the default, since the new NFS client's module name is nfscl and not nfsclient.
|
#
222515 |
|
31-May-2011 |
bz |
No logner set an IPv4 loopback address by default in defaults/rc.conf. If not specified, network.subr will add it automatically if we have INET support (1).
In network.subr only call the address family up/down functions if the respective AF is available.
Switch to new kern.features variables for inet and inet6 as the inet sysctl tree is also available for IPv6-only kernels leading to unexpected results.
Suggested by: hrs (1) Reviewed by: hrs Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems MFC after: 20 days
|
#
221046 |
|
26-Apr-2011 |
rmacklem |
Update the /etc/rc.d scripts for mountd and nfsd so they can use the "-o" option to force the old NFS server to run. Running the old NFS server is enabled by setting oldnfs_server_enable="YES". The scripts will only enable providing service for NFSv4 if nfsv4_server_enable="YES" is set.
Reviewed by: dougb (rc)
|
#
220962 |
|
23-Apr-2011 |
dougb |
Introduce to rc.subr get_pidfile_from_conf(). It does just what it sounds like, determines the path to a pid file as it is specified in a conf file.
Use the new feature for rc.d/named and rc.d/devd, the 2 services in the base that list their pid files in their conf files.
Remove the now-obsolete named_pidfile, and warn users if they have it set.
|
#
219820 |
|
21-Mar-2011 |
jeff |
- Merge in OFED 1.5.3 from projects/ofed/head
|
#
217187 |
|
09-Jan-2011 |
jh |
Replace nfs4 with newnfs in netfs_types. nfs4 was removed in r192578 and mount(8) has supported newnfs since r192930.
PR: conf/153655 Submitted by: Anonymous <swell.k@gmail.com> MFC after: 3 weeks
|
#
215799 |
|
24-Nov-2010 |
pjd |
Add gptboot_enable rc variable, which allows to turn gptboot reporting off in case user wants to implement his own actions and doesn't want the attributes to vanish.
Obtained from: Wheel Systems Sp. z o.o. http://www.wheelsystems.com MFC after: 3 days
|
#
213285 |
|
29-Sep-2010 |
emaste |
Commit the rest of r213270.
Thanks to Anonymous <swell dot k at gmail.com> for spotting this.
|
#
212579 |
|
13-Sep-2010 |
hrs |
Split $ipv6_prefer into $ip6addrctl_policy and $ipv6_activate_all_interfaces.
The $ip6addrctl_policy is a variable to choose a pre-defined address selection policy set by ip6addrctl(8). The keyword "ipv4_prefer" sets IPv4-preferred one described in Section 10.3, the keyword "ipv6_prefer" sets IPv6-preferred one in Section 2.1 in RFC 3484, respectively. When "AUTO" is specified, it attempts to read /etc/ip6addrctl.conf first. If it is found, it reads and installs it as a policy table. If not, either of the two pre-defined policy tables is chosen automatically according to $ipv6_activate_all_interfaces.
When $ipv6_activate_all_interfaces=NO, interfaces which have no corresponding $ifconfig_IF_ipv6 is marked as IFDISABLED for security reason.
The default values are ip6addrctl_policy=AUTO and ipv6_activate_all_interfaces=NO.
Discussed with: ume and bz
|
#
212576 |
|
13-Sep-2010 |
hrs |
Add $ipv6_privacy to support net.inet6.ip6.use_tempaddr. Note that this will be replaced with a per-IF version later.
Based on: changes in r206408 by dougb
|
#
212575 |
|
13-Sep-2010 |
hrs |
Fix $ipv6_network_interfaces and set it as AUTO by default.
Based on: changes in r206408 by dougb
|
#
212574 |
|
13-Sep-2010 |
hrs |
Revert changes in r206408.
Discussed with: dougb, core.5, and core.6
|
#
211801 |
|
25-Aug-2010 |
maxim |
o Correct typo.
Submitted by: Bojidara Marinchovska via -stable MFC after: 1 week
|
#
208060 |
|
14-May-2010 |
dougb |
Remove trailing white space. No functional changes.
|
#
207225 |
|
26-Apr-2010 |
ume |
Better handling of ipv6_default_interface using net.inet6.ip6.use_defaultzone=1. Now, it works IPv6 link-local unicast addresses as well as IPv6 link-local multicast addresses.
MFC after: 1 week
|
#
206771 |
|
17-Apr-2010 |
rpaulo |
Use ubthidhci_enable="NO" to avoid the bootup warning.
Submitted by: Jilles Tjoelker <jilles@stack.nl> MFC after: 3 days
|
#
206769 |
|
17-Apr-2010 |
dougb |
In case a user wants to configure only an IPv6 link-local address add an example that shows how to do it.
|
#
206427 |
|
09-Apr-2010 |
rpaulo |
Add rc.d/ubthidhci. This small script calls usbconfig(1) to change a USB Bluetooth controller from HID mode to HCI mode.
MFC after: 1 week
|
#
206408 |
|
09-Apr-2010 |
dougb |
Improve the handling of IPv6 configuration in rc.d. The ipv6_enable and ipv6_ifconfig_<interface> options have already been deprecated, these changes do not alter that.
With these changes any value set for ipv6_enable will emit a warning. In order to avoid a POLA violation for the deprecation of the option ipv6_enable=NO will still disable configuration for all interfaces other than lo0. ipv6_enable=YES will not have any effect, but will emit an additional warning. Support and warnings for this option will be removed in FreeBSD 10.x.
Consistent with the current code, in order for IPv6 to be configured on an interface (other than lo0) an ifconfig_<interface>_ipv6 option will have to be added to /etc/rc.conf[.local].
1. Clean up and minor optimizations for the following functions: ifconfig_up (the ipv6 elements) ipv6if ipv6_autoconfif get_if_var _ifconfig_getargs The cleanups generally were to move the "easy" tests earlier in the functions, and consolidate duplicate code.
2. Stop overloading ipv6_prefer with the ability to disable IPv6 configuration.
3. Remove noafif() which was only ever called from ipv6_autoconfif. Instead, simplify and integrate the tests into that function, and convert the test to use is_wired_interface() instead of listing wireless interfaces explicitly.
4. Integrate backwards compatibility for ipv6_ifconfig_<interface> into _ifconfig_getargs. This dramatically simplifies the code in all of the callers, and avoids a lot of other code duplication.
5. In rc.d/netoptions, add code for an ipv6_privacy option to use RFC 4193 style pseudo-random addresses (this is what windows does by default, FYI).
6. Add support for the [NO]RTADV options in ifconfig_getargs() and ipv6_autoconfif(). In the latter, include support for the explicit addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done in the current code.
7. In rc.d/netif add a warning if $ipv6_enable is set, and remove the set_rcvar_obsolete for it. Also remove the latter from rc.d/ip6addrctl.
8. In /etc/defaults/rc.conf:
Add an example for RTADV configuration.
Set ipv6_network_interfaces to AUTO.
Switch ipv6_prefer to YES. If ipv6_enable is not set this will have no effect.
Add a default for ipv6_privacy (NO).
9. Document all of this in rc.conf.5.
|
#
204759 |
|
05-Mar-2010 |
netchild |
Redirect stdin from /dev/null when starting a jail: At least in RELENG_7 this fixes some start problems for some programs from the ports. It is also more correct, as a jail shall not expect input (interactivity) from the jail-host.
Revert the current behavior of starting jails in the background and make it optional only for the start of jails (jail_parallell_start=YES in rc.conf): - The stop can not be done in the background, the system needs to wait until everything is stopped correctly before it can reboot or power down. - The start should not be done in parallel by default, this not only breaks POLA for people comming from RELENG_x, it may also break a dependency chain with other scripts in the jail-host, which need to do some stuff after the jails are up and running (e.g. hardlinking a mysql socket from one jail into another one).
Discussed on: freebsd-jails@
|
#
204076 |
|
18-Feb-2010 |
pjd |
Please welcome HAST - Highly Avalable Storage.
HAST allows to transparently store data on two physically separated machines connected over the TCP/IP network. HAST works in Primary-Secondary (Master-Backup, Master-Slave) configuration, which means that only one of the cluster nodes can be active at any given time. Only Primary node is able to handle I/O requests to HAST-managed devices. Currently HAST is limited to two cluster nodes in total.
HAST operates on block level - it provides disk-like devices in /dev/hast/ directory for use by file systems and/or applications. Working on block level makes it transparent for file systems and applications. There in no difference between using HAST-provided device and raw disk, partition, etc. All of them are just regular GEOM providers in FreeBSD.
For more information please consult hastd(8), hastctl(8) and hast.conf(5) manual pages, as well as http://wiki.FreeBSD.org/HAST.
Sponsored by: FreeBSD Foundation Sponsored by: OMCnet Internet Service GmbH Sponsored by: TransIP BV
|
#
203676 |
|
08-Feb-2010 |
emax |
Introduce new rc.conf variable firewall_coscripts. It can be used to specify list of executables and/or rc scripts that should be executed after firewall starts/stops.
Submitted by: Yuri Kurenkov <y dot kurenkov at init dot ru> Reviewed by: rhodes, rc@ MFC after: 1 week
|
#
203433 |
|
03-Feb-2010 |
ume |
Add rc.d script for the rtsold(8) daemon.
The rtsol(8) handles just one RA then exit. So, the OtherConfig flag may not be handled well by rtsol(8) in the environment where there are multiple RA servers on the segment. In such case, rtsold(8) will be your friend.
Reviewed by: hrs MFC after: 2 weeks
|
#
202460 |
|
17-Jan-2010 |
ume |
Remove the rules using 'me6'. Now, 'me' matches both any IPv6 address and any IPv4 address configured on an interface in the system.
Reviewed by: David Horn <dhorn2000__at__gmail.com>, luigi, qingli MFC after: 2 weeks
|
#
201368 |
|
01-Jan-2010 |
dougb |
With the introduction of named_conf the -c example in named_flags is no longer necessary or desirable. Update the comment to indicate that _flags should be used for options other than -u and -c.
|
#
201215 |
|
29-Dec-2009 |
jhb |
Add support for configuring vlan(4) interfaces as child devices similar to wlan(4) interfaces. vlan(4) interfaces are listed via a new 'vlans_<IF>' variable. If a vlan interface is a number, then that number is treated as the vlan tag for the interface and the interface will be named '<IF>.<tag>'. Otherwise, the vlan tag must be provided via a vlan parameter in a 'create_args_<vlan>' variable.
While I'm here, fix a few nits in rc.conf(5) and mention create_args_<IF> in the description of cloned_interfaces.
Reviewed by: brooks MFC after: 2 weeks
|
#
200028 |
|
02-Dec-2009 |
ume |
Unify rc.firewall and rc.firewall6, and obsolete rc.firewall6 and rc.d/ip6fw.
Reviewed by: dougb, jhb MFC after: 1 month
|
#
198314 |
|
21-Oct-2009 |
brueffer |
Add empty watchdogd_flags.
PR: 136620 Submitted by: amdmi3 MFC after: 3 days
|
#
197619 |
|
29-Sep-2009 |
dougb |
By popular acclaim, enable "Starting foo:" messages by default
|
#
197297 |
|
17-Sep-2009 |
dougb |
Add a knob to show 'Starting foo:' messages when faststart is used, such as at boot time.
|
#
197145 |
|
12-Sep-2009 |
hrs |
The following changes are added because of network_ipv6->rc.d/netif integration:
- $ipv6_enable is now obsolete. Instead, IPv6 is enabled by default if the kernel supports it, and $ipv6_network_interfaces is "none" by default. If you want to use IPv6, define $ipv6_network_interfaces and $ifconfig_xxx_ipv6.
An interface which is in $network_interfaces and not in $ipv6_network_interfaces will be marked as "inet6 -auto_linklocal ifdisabled" (see ifconfig(8)).
- $ipv6_ifconfig_xxx is renamed to ifconfig_xxx_ipv6 for consistency with other address families. The old variables still work but can be removed in the future. Note that ipv6_ifconfig_xxx="..." should be replaced with ifconfig_xxx_ipv6="inet6 ...".
- Receiving ICMPv6 Router Advertisement is not automatically enabled even if there is no manual configuration of IPv6 in rc.conf. If you want it, define ifconfig_xxx_ipv6="inet6 ... accept_rtadv".
- The rc.d/ip6addrctl now chooses address selection policy based on $ipv6_prefer, not $ipv6_enable. The default is ipv6_prefer=NO.
- $router* and $ipv6_router* are replaced with $routed_* and $route6d_* for consistency. The old variables still work but can be removed in the future.
MFC after: 3 days
|
#
196550 |
|
25-Aug-2009 |
delphij |
Add a new rc.d script, static_arp, which enables the administrator to statically bind IPv4 <-> MAC address at boot time.
In order to use this, the administrator needs to configure the following rc.conf(5) variable:
- static_arp_pairs: A list of names for static bind pairs, and, - a series of static_arp_(name): the arguments that is being passed to ``arp -S'' operation.
Example: static_arp_pairs="gw" static_arp_gw="192.168.1.1 00:01:02:03:04:05"
See the rc.conf(5) manual page for more details.
Reviewed by: -rc@ MFC after: 2 weeks
|
#
193944 |
|
10-Jun-2009 |
avg |
rc.d/fsck: allow additional options for fsck_y_enable via fsck_y_flags
Primary intention is to allow to pass -C option to avoid (re-)checking clean filesystems when preening fails and fsck -y kicks in.
Submitted by: marck Reviewed by: current@ Approved by: jhb (mentor) MFC after: 1 week
|
#
193354 |
|
02-Jun-2009 |
rmacklem |
Add support for the experimental nfs subsystem to the scripts in /etc/rc.d. They use the following new rc variables: nfsv4_server_enable - set to "YES" to run the experimental server nfsuserd_enable - set to "YES" to run nfsuserd for NFSv4 client and server nfsuserd_flags - command line flags for nfsuserd nfscbd_enable - set to "YES" to run the experimental nfs client's NFSv4 callback daemon nfscbd_flags - command line flags for nfscbd
Reviewed by: dougb Approved by: kib (mentor)
|
#
192579 |
|
22-May-2009 |
rwatson |
Further idmapd garbage collection -- remove rc.d Makefile reference and default settings.
Submitted by: Pawel Worach <pawel.worach at gmail.com>
|
#
192215 |
|
16-May-2009 |
dougb |
1. New feature; option to have the script loop until a specified hostname (localhost by default) can be successfully looked up. Off by default. 2. New feature: option to create a forwarder configuration file based on the contents of /etc/resolv.conf. This allows you to utilize a local resolver for better performance, less network traffic, custom zones, etc. while still relying on the benefits of your local network resolver. Off by default. 3. Add named-checkconf into the startup routine. This will prevent named from trying to start in a situation where it would not be possible to do so.
|
#
192089 |
|
14-May-2009 |
rodrigc |
Set crashinfo_enable to "YES" by default. During bootup, if /etc/rc.d/savecore detects a core dump file on the dump device, the core file will be saved, and the crashinfo script will be run to generate a human-readable report.
This will make it easier for end-users to provide feedback to developers about kernel crashes.
Reviewed by: jhb
|
#
190031 |
|
19-Mar-2009 |
des |
Revert r188010. When dhclient is backgrounded, services such as ntpdate, sendmail / postfix etc. may fail to start because DNS is unavailable and / or the server is unreachable. In the worst case, the machine may become unusable.
Debugging this issue was far more difficult than it should have been, due to earlier changes to the rc framework to hide almost all useful information about the boot process.
Approved by: silence
|
#
189759 |
|
13-Mar-2009 |
brooks |
Add support for setting the debug flags on wlan interfaces after the are created using wlandebug_<ifn> variables.
|
#
188710 |
|
17-Feb-2009 |
mtm |
Rename the rc.conf(5) knob if_up_delay to defaultroute_delay to better reflect its purpose.
|
#
188010 |
|
02-Feb-2009 |
mtm |
Since, rc.d/defaultroute has the ability to wait for a default route to show up we can turn this knob back on without screwing subsequent daemons that expect to be able to talk to the outside world.
|
#
187708 |
|
26-Jan-2009 |
bz |
Update jail startup script for multi-IPv4/v6/no-IP jails.
Note: this is only really necessary because of the ifconfig logic to add/remove the jail IPs upon start/stop. Consensus among simon and I is that the logic should really be factored out from the startup script and put into a proper management solution.
- We now support starting of no-IP jails. - Remove the global jail_<jname>_netmask option as it is only helpful to set netmasks/prefixes for the right address family and per address. - Implement jail_<jname>_ip options to support both address familes with regard to ifconfig logic. - Implement _multi<n> support suffix to the jail_<jname>_ip option to configure additional addresses to avoid overlong, unreadbale jail_<jname>_ip lines with lots of addresses.
Submitted by: initial work from Ruben van Staveren Discussed on: freebsd-jail in Nov 2008. Reviewed by: simon, ru (partial, older version) MFC after: 1 week
|
#
186916 |
|
08-Jan-2009 |
keramida |
The description of the various securelevels has moved to the security.7 manpage a while ago.
MFC after: 1 week
|
#
186841 |
|
06-Jan-2009 |
bz |
Put the devfs ruleset next to devfs enable, add a comment about the suggested ruleset[1].
While here use an IP from the 'test-net' prefix for docs.
PR: kern/130102 ([1] different problem in the end) Reviewed by: simon MFC after: 2 weeks
|
#
184675 |
|
05-Nov-2008 |
keramida |
Add defaults for /etc/rc.d/gssd
Approved by: dfr
|
#
183100 |
|
16-Sep-2008 |
thompsa |
Allow a jail to be started with a specific route fib.
Reviewed by: secteam (simon) Reviewed by: brooks, bz
|
#
182460 |
|
29-Aug-2008 |
jhb |
Add the ability to run /usr/sbin/crashinfo on a new core dump automatically during boot. Right now this is disabled by default, but it can be enabled by setting 'crashinfo_enable=YES' in rc.conf.
MFC after: 2 weeks
|
#
182164 |
|
25-Aug-2008 |
des |
Make obrien happy #2
|
#
181872 |
|
19-Aug-2008 |
obrien |
Rename the RCng 'kernel' script to 'kernel_symlink'.
Requested by: many
|
#
181762 |
|
15-Aug-2008 |
jhb |
Allow the network addresses and interface names for the "client" and "workstation" firewall types to be set from rc.conf so that rc.firewall no longer needs local patching to be usable for those types. For now I've set the variables in /etc/defaults/rc.conf to the previous defaults in /etc/rc.firewall.
PR: bin/65258 Submitted by: Valentin Nechayev netch of netch.kiev.ua Silence from: net MFC after: 2 weeks
|
#
181759 |
|
15-Aug-2008 |
jhb |
For the firewall_* variables that are specific to the "workstation" firewall type, note that property in their description.
MFC after: 1 week
|
#
181445 |
|
09-Aug-2008 |
obrien |
Only symlink booted kernel directory to /boot/kernel if user has explicitly requested it. This is too dangerous to just do behind the admin's back.
|
#
181113 |
|
01-Aug-2008 |
dougb |
Add the -c option for named_flags (still commented out) that is relevant for ports users, and change the comment to match.
While I'm here fix the capitalization of the named_program comment.
|
#
179872 |
|
19-Jun-2008 |
mtm |
Make quota knob conform to other rc(8) knobs. Keep older knob for compatibility.
Requested by: Volker <volker@vwsoft.com>
|
#
179315 |
|
26-May-2008 |
bz |
Remove ISDN4BSD (I4B) from HEAD as it is not MPSAFE and parts relied on the now removed NET_NEEDS_GIANT. Most of I4B has been disconnected from the build since July 2007 in HEAD/RELENG_7.
This is what was removed: - configuration in /etc/isdn - examples - man pages - kernel configuration - sys/i4b (drivers, layers, include files) - user space tools - i4b support from ppp - further documentation
Discussed with: rwatson, re
|
#
179003 |
|
15-May-2008 |
brooks |
Change the default value of synchronous_dhclient to NO.
To preserve the existing behavior of etc/rc.d/netif, add code to wait up to if_up_delay seconds (30 seconds by default) for a default route to be configured if there are any dhcp interfaces. This should be extended to test that the interface is actually up.
X-MFC after:
|
#
178738 |
|
03-May-2008 |
brooks |
Replace a couple mentions of the soon to be removed vaps_<ifn> variable form with wlans_<ifn>.
|
#
178450 |
|
23-Apr-2008 |
brooks |
Revert rev 1.332 and keep ddb scripts off by default for now. Minidumps are more flexable and much text-dump like output can be produced from them so there's a good argument they are a better default.
|
#
178381 |
|
21-Apr-2008 |
brooks |
Change the default of ddb_enable to YES so we default to generating textdumps on panic. This means you get a potentially useful dump even if your system is running X when you panic.
X-MFC after: never
|
#
178356 |
|
20-Apr-2008 |
sam |
rc support for vaps
|
#
178024 |
|
08-Apr-2008 |
emax |
Set defaults for the rfcomm_pppd_server rc script
MFC after: 1 week
|
#
178022 |
|
08-Apr-2008 |
sam |
o add rc.conf knobs to set the wpa_supplicant program, logging flags, and config file o change default logging options from -q to -s (log to syslog); this is currently broken for boot-time startup as syslogd is started too late but that'll be dealt with separately
MFC after: 2 weeks
|
#
176871 |
|
06-Mar-2008 |
mtm |
The rarpd(8) daemon must be instructed to start on all interfaces or a specific one. Instruct it to listen on all interfaces so that enabling it in rc.conf(5) works "out of the box."
PR: conf/121406 Submited by: trasz MFC after: 1 week
|
#
176835 |
|
05-Mar-2008 |
brooks |
Use the new command file feature of ddb(8) to support setting ddb(4) scripts at boot. This is currently disabled by default. /etc/ddb.conf contains some potentially reasonable default scripts.
PR: conf/119995 Submitted by: Scot Hetzel <swhetzel at gmail dot com> (Earlier version) X-MFC after: textdumps
|
#
175722 |
|
27-Jan-2008 |
mtm |
Add a dummynet_enable knob to go with firewall_enable. If this knob is enabled dummynet(4) is added to the list of required modules.
Discussed on: #freebsd-bugbusters (rwatson, trhodes) PR: conf/79196 MFC after: 1 week
|
#
175720 |
|
27-Jan-2008 |
mtm |
Clarify that devfs_system_ruleset should contain a name, not a number. Prompted by PR conf/85363
MFC after: 3 days
|
#
175656 |
|
25-Jan-2008 |
mtm |
Rev. 1.6 made it impossible to use rc.d/kerberos with the krb5 port. Re-implement the change so that the script once again works with the krb5 port.
Submitted by: kensmith (slightly modified) MFC after: 3 days
|
#
175522 |
|
21-Jan-2008 |
rafan |
Improve kernel NAT support in rc.firewall
- Allow IP in firewall_nat_interface, just like natd_interface - Allow additional configuration parameters passed to ipfw via firewall_nat_flags - Document firewall_nat_* in defaults/rc.conf
Tested by: Albert B. Wang <abwang at gmail.com> MFC after: 1 month
|
#
175251 |
|
12-Jan-2008 |
maxim |
o From the Problem Report: the TCP_DROP_SYNFIN kernel option is now included in the kernel by default. Remove reference to this option from defaults/rc.conf and rc.conf(5).
PR: conf/119098 Submitted by: Beat Gaetzi MFC after: 1 week
|
#
172674 |
|
15-Oct-2007 |
netchild |
Backout sensors framework.
Requested by: phk Discussed on: cvs-all
|
#
172631 |
|
14-Oct-2007 |
netchild |
Import OpenBSD's sysctl hardware sensors framework.
This commit includes the following core components:
* sample configuration file for sensorsd * rc(8) script and glue code for sensorsd(8) * sysctl(3) doc fixes for CTL_HW tree * sysctl(3) documentation for hardware sensors * sysctl(8) documentation for hardware sensors * support for the sensor structure for sysctl(8) * rc.conf(5) documentation for starting sensorsd(8) * sensor_attach(9) et al documentation * /sys/kern/kern_sensors.c o sensor_attach(9) API for drivers to register ksensors o sensor_task_register(9) API for the update task o sysctl(3) glue code o hw.sensors shadow tree for sysctl(8) internal magic * <sys/sensors.h> * HW_SENSORS definition for <sys/sysctl.h> * sensors display for systat(1), including documentation * sensorsd(8) and all applicable documentation
The userland part of the framework is entirely source-code compatible with OpenBSD 4.1, 4.2 and -current as of today.
All sensor readings can be viewed with `sysctl hw.sensors`, monitored in semi-realtime with `systat -sensors` and also logged with `sensorsd`.
Submitted by: Constantine A. Murenin <cnst@FreeBSD.org> Sponsored by: Google Summer of Code 2007 (GSoC2007/cnst-sensors) Mentored by: syrinx Tested by: many OKed by: kensmith Obtained from: OpenBSD (parts)
|
#
172586 |
|
12-Oct-2007 |
emax |
Teach /etc/rc.d/ppp to start multiple instances of ppp.
ppp_profile variable can now contain multiple profiles. Overrides for ppp mode and nat can go into ppp_$profile_mode and ppp_$profile_nat variables respectively. If those are not specified, defaults from ppp_mode and ppp_nat are used.
Submitted by: Yuri Kurenkov < y dot kurenkov at init dot ru > Reviewed by: mtm MFC after: 1 week
|
#
172377 |
|
28-Sep-2007 |
bushman |
Finishing renaming of cached into nscd. etc/rc.d and usr.sbin/Makefile updated. Note added to UPDATING.
Approved by: re (kensmith, bmah), brooks (mentor)
|
#
172070 |
|
06-Sep-2007 |
mlaier |
Add a startup script for ftp-proxy(8) now that it is no longer started as part of inetd(8).
Approved by: re (bmah) Reviewed by: freebsd-rc (a while back) Reminded by: kevlo
|
#
170618 |
|
12-Jun-2007 |
gshapiro |
Add a new rc.conf variable, sendmail_rebuild_aliases, which tells /etc/rc.d/sendmail whether or not to run newaliases if the database is missing or the aliases text file is newer than aliases.db.
In my opinion, the aliases file should never be automatically rebuilt. The current text form could represent a work in progress. Therefore, in FreeBSD 7.0, this new option will default to "NO". When this rc.d change is MFC'ed, it will need to remain "YES" to maintain backward compatibility.
PR: conf/86252 Approved by: re (kensmith) MFC after: 3 days
|
#
170085 |
|
29-May-2007 |
dougb |
Now that a separate /usr/X11R6 directory is no longer in fashion, stop looking there for things like rc.d and periodic. This avoids duplicating effort when /usr/X11R6 is a symlink to /usr/local, which it is by default now.
It is not anticipated at this time that we will MFC this change, since we'd like to avoid breaking legacy systems. However, there is a fix for /etc/rc.subr in the works to avoid running any rc.d scripts twice which we should be able to MFC.
|
#
168593 |
|
10-Apr-2007 |
keramida |
Add a pfsync_syncpeer option to /etc/defaults/rc.conf and rc.conf(5), which can be used to turn off multicast pfsync support, and enable the transmission of directed PFSYNC (IP protocol: 240) packets to a specific "sync peer" host.
PR: conf/111225 Submitted by: Bas van Beek <bas@tobin.nl> Approved by: mtm, mlaier MFC after: 2 weeks
|
#
168546 |
|
09-Apr-2007 |
pjd |
Add rc.d/hostid script (turned on by default) which on first boot generates UUID and stores it in /etc/hostid ($hostid_file) as well as sets kern.hostuuid and kern.hostid sysctls on every boot.
Hostid can be reset using '/etc/rc.d/hostid reset' command.
Hostid generation and setting can be turned off by setting variable hostid_enable to "NO" in /etc/rc.conf.
Reviewed by: mlaier, rink, brooks, rwatson
|
#
168410 |
|
06-Apr-2007 |
pjd |
- Add ZFS startup script.
Submitted by: des
- When starting mountd(8) and ZFS is enabled, add /etc/zfs/exports file. - Update rc.conf(5).
|
#
168360 |
|
04-Apr-2007 |
matteo |
Add rpc_statd_flags and rpc_lockd_flags options to allow options to be passed to rpc.statd and rpc.lockd
MFC after: 1 week
|
#
168358 |
|
04-Apr-2007 |
ache |
Fix typo FILESYSTEM -> FILESYSTEMS This bug prevents local scripts to start up
|
#
168283 |
|
02-Apr-2007 |
des |
Add a dummy script, FILESYSTEMS, which depends on root and mountcritlocal and takes over mountcritlocal's role as the early / late divider. This makes it far easier to add rc scripts which need to run early, such as a startup script for zfs, which is right around the corner.
This change should be a no-op; I have verified that the only change in rcorder's output is the insertion of FILESYSTEMS immediately after mountcritlocal.
MFC after: 3 weeks
|
#
168034 |
|
29-Mar-2007 |
ache |
Oops wrong line commented out in prev fix
|
#
168033 |
|
29-Mar-2007 |
ache |
Back out network.subr :- fix and comment out dhc*_fxp0 examples instead
Submitted by: jhb
|
#
167268 |
|
06-Mar-2007 |
yar |
As suggested more than once in the lists, drop -M from flags to mfs for /tmp and /var. This makes the memory discs swap-backed instead of malloc-backed. A swap-backed memory disc should not be worse than a malloc-backed one in any scenario because it will start touching swap only when needed. OTOH, a malloc-backed disc can starve limited kernel resources and evenually crash the system.
Reflect the change in the rc.conf(5) manpage. Also stop telling lies there about softupdates: it does not waste disc space, it just can delay its freeing.
Suggested by: many PR: kern/87255 MFC after: 1 week
|
#
167184 |
|
03-Mar-2007 |
ume |
Turn default address selection on by default. Now, when ipv6_enable="NO", an IPv4 address is preferred for a destination address.
MFC after: 1 month
|
#
166583 |
|
09-Feb-2007 |
flz |
Add support for EtherChannel configuration to rc startup scripts.
Note: This also deprecates "NO" as a way to specify an empty list of interfaces for gif_interfaces.
PR: conf/104884 Submitted by: nork Harassed by: brd Discussed with: brooks, dougb
|
#
166121 |
|
20-Jan-2007 |
mpp |
Add the following knobs for quotas if they are enabled:
quotaon_flags - flags for the quotaon command quotaoff_flags - flags for the quotaoff command quotacheck_flags - flags for the quotacheck command
|
#
164042 |
|
06-Nov-2006 |
rwatson |
Add auditd_program variable to defaults, in order to make it more clear how to change the auditd instance. When using a port/package-based OpenBSM, changing the auditd pointer may be desirable.
Obtained from: TrustedBSD Project MFC after: 3 weeks
|
#
163749 |
|
28-Oct-2006 |
phk |
Give rc.firewall a polish and a new method.
Factor out the loopback setup
Use "me" instead of hardcoded $ip where possible.
Add "workstation" which protects just this machine with stateful firewalling. Put the variables for this in rc.conf.
Submitted by: Flemming Jacobsen <fj@batmule.dk> Reviewed by: cperciva
|
#
163382 |
|
15-Oct-2006 |
ceri |
Add idmapd_flags to defaults/rc.conf. Document it and idmapd_enable.
|
#
163378 |
|
15-Oct-2006 |
ceri |
RC script for idmapd(8), defaulting to off.
|
#
163063 |
|
06-Oct-2006 |
flz |
Introduce mixer_enable (default: YES).
PR: conf/101268 Submitted by: Eugene Grosbein <eugen@grosbein.pp.ru> Approved by: cperciva (mentor) X-MFC after: 6.2-RELEASE Sponsored by: FreeBSD Test-Bugathon
|
#
162794 |
|
29-Sep-2006 |
bms |
Push removal of mrouted down to the rest of the tree.
|
#
162481 |
|
20-Sep-2006 |
brooks |
Flushing all IPv4 routes when an interface is removed or unconfigured makes no sense. Remove the undocumented removable_route_flush feature from pccard_ether.
X-MFC after: never
|
#
162131 |
|
07-Sep-2006 |
emax |
Add bthidd(8) rc(8) script
MFC after: 1 month
|
#
161418 |
|
17-Aug-2006 |
brian |
Make it a little clearer that interface-specific flags aren't additional to specified dhclient flags.
Mention background_dhclient_iface.
Suggested by: ru
|
#
161410 |
|
17-Aug-2006 |
brian |
Add a -p switch to dhclient. The switch tells dhclient to persist despite the interface link status.
Add dhclient_flags_iface and background_dhclient_iface rc.conf options. (where iface is a specific interface). These can be used to give interface specific flags to dhclient.
Reviewed by: brooks@
|
#
161363 |
|
16-Aug-2006 |
brooks |
Set removable_route_flush to NO be default. It's clearly the wrong thing to do in most (all?) cases and certainly should not be the default now that we're running pccard_ether on all interface creates and destroys.
MFC after: 3 days
|
#
161007 |
|
05-Aug-2006 |
njl |
Back out 1.272. The LAPIC timer conflicts with C2/3 on various systems, and so users get hangs until interrupts are generated another way. We'll have to find a way to make the 2 work together before re-enabling this by default.
|
#
160547 |
|
21-Jul-2006 |
yar |
Since Alpha support isn't in HEAD anymore, remove Alpha-specific rc.conf(5) knobs, too: osf1_enable, unaligned_print.
|
#
160524 |
|
20-Jul-2006 |
flz |
- Remove hardcoded /etc/ntp.conf configuration file from ntpdate rc.d script and replace it with a new ntpdate_config variable. - Document it in defaults/rc.conf and rc.conf.5. - Document ntpdate_hosts in defaults/rc.conf.
Requested by: Chris Timmons <cwt@networks.cwu.edu> Approved by: cperciva (mentor, implicit) MFC after: 1 week
|
#
159377 |
|
07-Jun-2006 |
brueffer |
Update geli_swap_flags, -e is now used to specify the encryption algorithm.
|
#
159138 |
|
01-Jun-2006 |
thompsa |
Add rc.d/bridge which is invoked when a new interface arrives and can automaticly add it to an Ethernet bridge. This is intended for applications such as qemu, vmware, openvpn, ... which open tap interfaces and need them bridged with the hosts network adapter, the user can set up a glob for interfaces to be automatically added (eg tap*).
|
#
159072 |
|
30-May-2006 |
matteo |
Add jail_<jname>_exec_afterstart<N> rc.conf variable, where <N> is 1,2 and so on. It specifies the command to be run as Nth after jail startup.
sh(1)-fu by: Dario Freni PR: conf/97697 MFC after: 2 weeks Reviewed by: ru@ (man page)
|
#
158866 |
|
24-May-2006 |
kris |
Increase the nfs access cache timeout from 2 to 60. The latter is a more appropriate value and is also the default set by the kernel. I could not find a justification of why rc.conf began overriding it back in 1998.
This dramatically cuts NFS traffic on e.g. a busy system with NFS root.
Reviewed by: mohans MFC After: 2 weeks
|
#
158687 |
|
17-May-2006 |
phk |
Send the pcvt(4) driver off to retirement.
|
#
158431 |
|
11-May-2006 |
flz |
- Change the "jail_" prefix for internal script variables. This fixes an issue where some global jail_* variables were overriden in the script. [1] - Change "jid" to "jname" in rc.conf(5), since it's more a jail name than a jail id. [1] - Update examples and comments in defaults/rc.conf to advertise new variables and the fact that some of the jail-specific variables may be made jail-global. [2]
Reported by: pjd [1], clsung [2] Approved by: cperciva X-MFC after: i got sufficient testing from people using rc.d/jail
|
#
158115 |
|
28-Apr-2006 |
ume |
- Extend the nsswitch to support Services, Protocols and Rpc databases. - Make nsswitch support caching.
Submitted by: Michael Bushkov <bushman__at__rsu.ru> Sponsored by: Google Summer of Code 2005
|
#
157840 |
|
18-Apr-2006 |
flz |
- Add new ntpd_config variable so that people can override it in rc.conf. - Add default value in /etc/defaults/rc.conf. - Add documentation bits to rc.conf(5).
Approved by: cperciva (mentor) MFC after: 1 week
|
#
157737 |
|
13-Apr-2006 |
brooks |
Spell synchronous with required silent 'h'.
Reported by: ru, ceri Pointy hat: brooks
|
#
157706 |
|
13-Apr-2006 |
brooks |
Commit the various network interface configutation updates I've been working on. 1) Make it possible to configure interfaces with certain characters in their names that aren't valid in shell variables. Currently supported characters are ".-/+". They are converted into '_' characters. 2) Replace nearly all eval statements in network.subr with a new function get_if_var which substitues an interface name (after the translations above) for "IF" in a variable name. 3) Fix list_net_interfaces() in the nodhcp case. 4) Allow the administrator to specify if dhclient should be started when /etc/rc.d/netif configures the interface or only by devd. This can be set on both a per interface and system wide basis.
PR: conf/88974 [1,2], conf/92433 [1,2]
|
#
157654 |
|
11-Apr-2006 |
flz |
- Fix amd startup when amd is installed from ports. - Add the according amd_program default value in defaults.
PR: conf/82738 Submitted by: TAOKA Fumiyoshi <fmysh@iijmio-mail.jp> Approved by: cperciva (mentor) MFC after: 3 days
|
#
155655 |
|
14-Feb-2006 |
imp |
Remove vestiges of OLDCARD.
|
#
155617 |
|
13-Feb-2006 |
matteo |
Add a default ldconfig32_paths entry in default/rc.conf for 32-bit compatability shared libraries. It is used by the ldconfig rc.d scripts. Document this variable in the man page
PR: amd64/91571 Approved by: philip (mentor) MFC after: 3
|
#
155595 |
|
13-Feb-2006 |
dougb |
Overhaul the named boot script:
1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work 2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named 3. Replace the call to set rcvar with what that function would output, and generally reduce indirection ($name -> named) since it's highly unlikely the name of the named process or service will change any time soon. 4. Resort the order the variables at the top of the file to a more traditional format, and remove a spurious required_dirs from the top, as it works better after load_rc_config. 5. We do not want the default reload method with named, so define a simple but appropriate substitute using rndc. If I were writing this script for the first time I would not include this at all, since it's preferable to control a running daemon with rndc to start with, but given that this is already here, let's do it right. I hope that future generations will however resist the tempation to add reconfig to extra_commands. 6. By the same token, we want to use rndc to shut down named, but given that by defining a stop function we lose the "find the process by its pid file in an emergency" goodness of rc.subr, try to do something useful in the event that rndc is not available, and keep the user informed. 7. Replace some "test -f" with "test -r" to handle the unlikely event that the relevant file exists, but is unreadable. 8. Twiddle whitespace in a few areas, remove a spurious blank line, a bogus double space, and try to do better indenting. 9. Improve generation of the rndc.key file significantly a. If for some reason a user has an rndc.conf file, assume that they did that on purpose, and hence know what they are doing, so leave them alone. b. Introduce a named_uid configuration variable so that the user which owns the rndc.key file and the user named runs as always match, and is more easily configurable. This should dramatically reduce problems with rndc. c. Also test that the rndc.key file size is greater than zero, rather than simply that the file exists. I have seen at least one user report this exact problem, and although neither of us is sure where the empty file came from, the fix is simple, so include it. d. Rather than try to create an rndc.key file in both /etc/namedb and the chroot'ed /etc/namedb, assume that they are be the same (which they should be), and only create the file in the chroot'ed version of the directory. This partially addresses the problem described in conf/73929, but I have not yet finished thinking about the PREFIX issue that PR also raises.
As a result of introducing the named_uid knob, the default named_flags are now empty.
Update defaults/rc.conf and rc.conf(5) to reflect these changes.
|
#
155236 |
|
03-Feb-2006 |
flz |
- Add a startup script for hostapd. - Document associated variable in rc.conf(5).
Approved by: dougb MFC after: 1 week
|
#
155208 |
|
02-Feb-2006 |
rwatson |
Add auditd_enable and auditd_flags rc.d scripts.
Obtained from: TrustedBSD Project
|
#
154976 |
|
29-Jan-2006 |
njl |
Enable the lowest Cx state by default. This will save power and we have had enough testing of acpi_cpu to know this is stable now.
|
#
154645 |
|
21-Jan-2006 |
yar |
Add an rc.d script for stand-alone ftpd.
Document the script's controls on the rc.conf(5) manpage and touch its Dd.
PR: conf/90893 MFC after: 5 days
|
#
154114 |
|
08-Jan-2006 |
dougb |
Add a mechanism to include files added by ports which contain the names of directories to include in the base ldconfig script. This will eliminate the need for each port to install its own boot script which does nothing but ldocnfig a given directory.
This code was developed by flz (ports committer), discussed on freebsd-rc@, and modified slightly by me.
Submitted by: flz Reviewed by: brooks
|
#
153564 |
|
20-Dec-2005 |
dougb |
Brooks pointed out a potential problem with disabling the X cleaning by default, so add a new knob that is on by default, and check that knob in start_precmd so that it can run even if cleaning /tmp is not enabled. This has the advantage of not violating POLA, while still allowing the user to disable this behavior if they wish (for example on a server that will never run X).
|
#
153537 |
|
19-Dec-2005 |
dougb |
Clear up problems with /etc/rc.d/{abi|cleanvar|cleartmp} brought to light by the PR. Specifically, convert these three scripts into good rc.d citizens, making sure that their functionality is preserved, but the rc.d framework rules are not broken.
Add support for cleanvar as a regular rc.d script in the default rc.conf, and document this in the man page.
Add a descriptive comment to rc.conf that regarding the three emulation/compatibility services provided by abi so users will not be confused by these services not having their own startup scripts.
PR: conf/84574 Submitted by: Alexander Botero-Lowry
|
#
153430 |
|
15-Dec-2005 |
iedowse |
Remove usbd(8) and all references to it. It is no longer necessary since devd(8) now provides the same functionality.
Submitted by: Anish Mistry
|
#
153298 |
|
10-Dec-2005 |
dougb |
Remove rcconf.sh from /etc/rc.d, and instead load the configuration as part of rc. Doing this, and the sourcing of rc.subr after we have determined if we are booting diskless (and correspondingly run rc.initdiskless if necessary) are safe, and actually allow fewer files to be needed on the diskless box. This also allows variables from the configuration to be available to rc itself, such as ...
Add a variable to rc.conf, early_late_divider, which designates the script which separates the early and late stages of the boot process. Default this to mountcritlocal, and add text to etc/defaults/rc.conf, rc.conf(5) and diskless(8) which describes how and why one might want to change this.
Reviewed by: brooks
|
#
152770 |
|
24-Nov-2005 |
jkoshy |
Add a -f configfile option to devd(8), based on a patch submitted by Wojciech A. Koszek.
Submitted by: Wojciech A. Koszek <dunstan@freebsd.czest.pl>
|
#
152688 |
|
22-Nov-2005 |
emax |
Revise hcsecd(8) and sdpd(8) rc.d scripts one more time
- Use _prestart rc.d method to automatically kldload ng_btsocket(4) if needed;
- Rename "sdpd_user" to "sdpd_username" and "sdpd_group" to "sdpd_groupname" to avoid collision with "magic" variables;
Inspired by: yar MFC after: 3 days
|
#
152441 |
|
14-Nov-2005 |
brooks |
Add a new configuration variable, ipv4_addrs_<ifn>, which adds one or more IPv4 address from a ranged list in CIRD notation:
ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"
In the process move alias processing into new ipv4_up/down functions to more toward a less IPv4 centric world.
Submitted by: Philipp Wuensche <cryx dash freebsd at h3q dot com>
|
#
151240 |
|
11-Oct-2005 |
emax |
Add rc.d scripts for the hcsecd(8) and sdpd(8) daemons. Put defaults into /etc/defaults/rc.conf. Both daemons can run even if no Bluetooth devices are attached to the system. Both daemons depend on Bluetooth socket layer and thus disabled by default. Bluetooth sockets layer must be either loaded as a module or compiled into kernel before the daemons can run.
MFC after: 1 month
|
#
150835 |
|
02-Oct-2005 |
yar |
Add an rc.d script to start pfsync at the right moment of the system boot, and hook it up in the system.
The separate script is needed because in the presence of various interface lists in rc.conf ($network_interfaces, $cloned_interfaces, $sppp_interfaces, $gif_interfaces, more to come) it is hard to start them orderly, so that pfsync is brought up after its syncdev, which is required for the proper startup of pfsync.
Discussed with: mlaier on -pf MFC after: 5 days
|
#
150372 |
|
20-Sep-2005 |
rwatson |
Add a new rc.conf entry, kerberos5_server_flags, which allows the administrator to specify additional start-up flags to the Kerberos 5 Authentication Server.
MFC after: 3 days
|
#
149421 |
|
24-Aug-2005 |
yar |
Stop hard-coding an -M flag to mdmfs(8) in /etc/rc.subr. Now this flag can be set, or not set, for memory-backed file systems on individual basis, as illustrated by the rc.conf(5) variables tmpmfs_flags and varmfs_flags. The flag is set for those FS'en by default, in /etc/defaults/rc.conf, in order to stay compatible with the old rc.subr behaviour.
Submitted by: marck MFC after: 3 days
|
#
149401 |
|
24-Aug-2005 |
brooks |
- Remove the removable_interfaces variable. /etc/pccard_ether will now run on any interface. - Add a new ifconfig_<ifn> keyword, NOAUTO which prevents configuration of an interface at boot or via /etc/pccard_ether. This allows /etc/rc.d/netif to be used to start and stop an interface on a purely manual basis. The decision to affect pccard_ether may be revisited at a later date.
Requested by: imp, gallatin (removable_interfaces) Discussed with: sam, Randy Bush (NOAUTO)
|
#
149050 |
|
14-Aug-2005 |
pjd |
Add scripts for GELI device configuration on boot.
rc.d/geli - configures encryption (ask for passphrases, etc.); rc.d/geli2 - is called after file systems are mounted and mark devices for detach on last close.
Sponsored by: Wheel Sp. z o.o. http://www.wheel.pl MFC after: 3 days
|
#
148765 |
|
05-Aug-2005 |
pjd |
Teach rc.d/encswap script how to use geli(8) for swap encryption.
MFC after: 3 days
|
#
148689 |
|
04-Aug-2005 |
pjd |
Remove gbde_swap_enable option which doesn't work and doesn't really have to work, as one still needs to put <device>.bde into /etc/fstab.
|
#
148272 |
|
22-Jul-2005 |
obrien |
Minor comment re-alignment.
|
#
148243 |
|
21-Jul-2005 |
pav |
- Mention special behaviour of init(8) when kern_securelevel="0"
Suggested by: Miroslav Lachman <000.fbsd@quip.cz> Approved by: cperciva (src hat)
|
#
147610 |
|
26-Jun-2005 |
pjd |
Introduce new per-jail variable jail_<name>_flags, which allows to specify jail(8) flags (before the change we had hardcoded "-l -U root").
Submitted by: Frank Behrens <frank@pinky.sax.de> PR: conf/80244 Approved by: re (scottl) MFC after: 1 week
|
#
147122 |
|
08-Jun-2005 |
brooks |
Remove default and documenation for pccard_ether_delay since I removed it from /etc/pccard_ether.
Submitted by: Jeremie Le Hen <jeremie at le-hen dot org>
|
#
147108 |
|
07-Jun-2005 |
des |
Change the default for dumpdev to "AUTO". It should be reverted to "NO" on RELENG_* branches.
|
#
147088 |
|
07-Jun-2005 |
brooks |
Support code for the OpenBSD dhclient. This significantly changes the way interfaces are configured. Some key points:
- At startup, all interfaces are configured through /etc/rc.d/netif. - ifconfig_<if> variables my now mix real ifconfig commands the with DHCP and WPA directives. For example, this allows media configuration prior to running dhclient. - /etc/rc.d/dhclient is not run at startup except by netif to start dhclient on specific interfaces. - /etc/pccard_ether calls "/etc/rc.d/netif start <if>" to do most of it's work. - /etc/pccard_ether no longer takes additional arguments to pass to ifconfig. Instead, ifconfig_<if> variables are now honored in favor of pccard_ifconfig when available. - /etc/pccard_ether will only run on interfaces specified in removable_interfaces, even if pccard_ifconfig is set.
|
#
145184 |
|
17-Apr-2005 |
glebius |
Add startup script and default configuration file for bsnmpd.
Reviewed by: harti
|
#
144953 |
|
12-Apr-2005 |
thomas |
Document that dumpdev may be set to AUTO to dump to the first appropriate swap device listed in /etc/fstab.
|
#
144891 |
|
11-Apr-2005 |
dougb |
The alternative suggested for /entropy as a shutdown save file was /var/db/entropy, which also happens to be the directory where the individual entropy files created by /usr/libexec/save-entropy are stored. Change the suggestion to be /var/db/entropy-file instead.
In an error condition where the shutdown file is not created, the error message accessed a variable that doesn't exist.
PR: conf/75722 Submitted by: Nicolas Rachinsky <list@rachinsky.de>
|
#
144882 |
|
10-Apr-2005 |
njl |
Set CPU speed to 100% in acpi_throttle attach. This is needed for some systems that boot with this value at the lowest setting. Change the default boot config back to "leave frequency as BIOS set it". Also, fix buglet where acpi_throttle wouldn't be used if p4tcc was present but disabled by the user.
MFC after: 1 week
|
#
144608 |
|
03-Apr-2005 |
njl |
Instead of leaving the current frequency setting at whatever the BIOS set on boot, force it to HIGH. This is needed for some systems which appear to boot with a low acpi_throttle setting by default. Thanks to Christian Brueffer for tracking this down on his system.
MFC after: 1 day
|
#
143474 |
|
12-Mar-2005 |
trhodes |
Remove mac_lomac(4) functionality. The proper way is to use loader.conf or build the policy into a kernel.
Approved by: rwatson
|
#
142969 |
|
02-Mar-2005 |
brooks |
Allow chkprintcap(8) to be run before lpd is started. Disabled by default for now. Default flags create missing directories.
Remove comment about doing this in etc/rc.d/var.
Unlike in the PR, I chose to do this in the lpd script where we reliably have /usr available.
PR: conf/71488 Submitted by: RZ-FreeBSD0904 at fh-karlsruhe dot de
|
#
142962 |
|
02-Mar-2005 |
brooks |
- Update etc/rc.d/newsyslog to FreeBSD standards and install it. - Enable it by default, running newsyslog with -CN which creates files that have the C flag specified in /etc/newsyslog.conf. - Remove the "newsyslog -CC" call from etc/rc.d/var and the check for newsyslog. - Add the C flag to entries in /etc/newsyslog.conf that are currently installed as part of the base system.
There are two effects from this change: - Users who delete default syslog files to stop logging to them will need to set newsyslog_enable=NO in rc.conf or remove the C flag from those file in /etc/newsyslog.conf or they will come back on the next boot. - Diskless systems now create the same set of files that ordinary systems have by default instead of every file in newsyslog.conf.
|
#
142632 |
|
27-Feb-2005 |
njl |
Due to a couple complaints about C3 failing on an old Compaq Armada and a mobile Celeron, disable it by default for the release. We'll have to nail the last few cases later.
|
#
142580 |
|
26-Feb-2005 |
njl |
Add rc.conf options for powerd (disabled by default) and hook the script up to the build.
|
#
142576 |
|
26-Feb-2005 |
njl |
Make power_profile not touch cpufreq by default.
|
#
141417 |
|
06-Feb-2005 |
njl |
Add support for cpufreq to power_profile(8). Values for on/offline cpu frequencies are specified with performance_cpu_freq and economy_cpu_freq. Of course, special values LOW and HIGH are also supported. Also, remove old throttling support.
|
#
140769 |
|
24-Jan-2005 |
keramida |
Add a reference to rc.conf(5).
PR: docs/35648 Submitted by: Gary W. Swearingen
|
#
138889 |
|
15-Dec-2004 |
brian |
Use rc.subr
PR: 72505 Submitted by: Amir Shalem <amir@active.ath.cx>
|
#
138847 |
|
14-Dec-2004 |
rse |
Improve the RC framework for the clean booting/shutdown of Jails:
1. Feature: for flexibility reasons and as a prerequisite to clean shutdowns, allow the configuration of a stop/shutdown command via rc.conf variable "jail_<name>_exec_stop" in addition to the start/boot command (rc.conf variable "jail_<name>_exec_start"). For backward compatibility reasons, rc.conf variable "jail_<name>_exec" is still supported, too.
2. Debug: Add the used boot/shutdown commands to the debug output of the /etc/rc.d/jail script, too.
3. Security: Run the Jail start/boot command in a cleaned environment to not leak information from the host to the Jail during startup.
4. Feature: Run the Jail stop/shutdown command "jail_<name>_exec_stop" on "/etc/rc.d/jail stop <name>" to allow a graceful shutdown of the Jail before its processes are just killed.
5. Bugfix: When killing the remaining Jail processes give the processes time to actually perform their termination sequence. Without this the subsequent umount(8) operations usually fail because the resources are still in use. Additionally, if after trying to TERM-inate the processes there are still processes hanging around, finally just KILL them.
6. Bugfix: In rc.shutdown, if running inside a Jail, skip the /etc/rc.d/* scripts which are flagged with the KEYWORD "nojail" to allow the correct operation of rc.shutdown under jail_<name>_exec_stop="/bin/sh /etc/rc.shutdown". This is analogous to what /etc/rc does inside a Jail.
Now the following typical host-configuration for two Jails works as expected and correctly boots and shutdowns the Jails:
----------------------------------------------------------- # /etc/rc.conf: jail_enable="YES" jail_list="foo bar" jail_foo_rootdir="/j/foo" jail_foo_hostname="foo.example.com" jail_foo_ip="192.168.0.1" jail_foo_devfs_enable="YES" jail_foo_mount_enable="YES" jail_foo_exec_start="/bin/sh /etc/rc" jail_foo_exec_stop="/bin/sh /etc/rc.shutdown" jail_bar_rootdir="/j/bar" jail_bar_hostname="bar.example.com" jail_bar_ip="192.168.0.2" jail_bar_devfs_enable="YES" jail_bar_mount_enable="YES" jail_bar_exec_start="/path/to/kjailer -v" jail_bar_exec_stop="/bin/sh -c 'killall kjailer && sleep 60'" ----------------------------------------------------------- # /etc/fstab.foo /v/foo /j/foo/v/foo nullfs rw 0 0 ----------------------------------------------------------- # /etc/fstab.bar /v/bar /j/bar/v/bar nullfs rw 0 0 -----------------------------------------------------------
Reviewed by: freebsd-hackers MFC after: 2 weeks
|
#
138286 |
|
01-Dec-2004 |
rees |
Add nfs4 to list of net filesystems.
Approved by: alfred
|
#
138027 |
|
23-Nov-2004 |
mux |
Implement per-jail fstab(5) files. Here's a rc.conf sample using this feature for a jail named foo :
jail_foo_mount_enable="YES" jail_foo_fstab="/etc/fstab.foo"
The second line is actually useless, since the code defaults to using "/etc/fstab.$jailname" as the fstab file if none is specified.
MFC after: 3 days Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
|
#
137477 |
|
09-Nov-2004 |
keramida |
Revert the noexec,nosuid,nodev options for md /tmp file systems, since the change in the default behavior may break existing, working setups.
Requested by: brooks
|
#
137451 |
|
09-Nov-2004 |
keramida |
Add two new rc.conf options: tmpmfs_flags and varmfs_flags.
These can be used to pass extra options to the mdmfs(8) utility, to customize the finer details of the md file system creation (i.e. to turn on/off softupdates, to specify a default owner for md filesystem, etc).
Use these two new flags to mount tmpmfs and varmfs without softupdates, since it doesn't make much sense to use SU on malloc-backed file systems.
Reviewed by: mtm Inspired by: J. D. Bronson, jbronson at wixb dot com
|
#
137205 |
|
04-Nov-2004 |
ru |
Sync up with vinum(8) and rc.d/vinum removal.
OK'ed by: phk
|
#
137112 |
|
01-Nov-2004 |
mtm |
Do a better job of supporting more than one mouse device on the system.
To start/stop/check on a specific device give the device name as the second argument to the script: # /etc/rc.d/moused start ums0
To use different rc.conf(5) knobs with different mice use the device name as part of the knob. For example, if the mouse device is ums0, then: moused_ums0_enable=yes moused_ums0_flags="-z 4" moused_ums0_port="/dev/ums0"
Starting rc.d/moused without the device argument will use the standard moused_* flags. So, this commit should not disrupt or change current usage.
To preserve current behaviour with respect to usb mice, which appear automatically when inserted, there is a new knob, moused_nondefault_enable, which will treat any devices without rc.conf knobs as enabled.
To minimize knobs in /etc/rc.conf, the device file and pid file are auto-computed, so that in the typical case for a usb mouse you don't need to add anything extra in /etc/rc.conf to get it working.
Additionally, this updates /etc/usbd.conf to use the rc.d/moused script so people don't have to modify it to configure their usb mouse anymore.
MFC after: 1 month
|
#
137070 |
|
30-Oct-2004 |
pjd |
Allow to change interfaces name on boot time. Now, one should be able to put something like this into /etc/rc.conf:
ifconfig_fxp0_name="net0" ifconfig_net0="inet 10.0.0.1/16"
Reviewed by: green
|
#
136730 |
|
20-Oct-2004 |
keramida |
Introduce root_rw_mount as a new variable in defaults/rc.conf to unbreak /etc/rc.d/root for diskless systems that get their root filesystem from a read-only NFS mount.
PR: conf/72927 Submitted by: Ralf Wenk <RZ-FreeBSD1004@fh-karlsruhe.de> Reviewed by: brooks
|
#
136474 |
|
13-Oct-2004 |
ru |
Accidentally removed the last component of the pathname when committing.
|
#
136471 |
|
13-Oct-2004 |
ru |
Fix a botched rev. 1.221 commit. Also, a number of people have pointed out that /usr/local/etc/rc.d/000.pkgtools.sh installed with the portupgrade does an equivalent thing, so I personally would like to see the change reverted, but let David handle it.
|
#
136447 |
|
12-Oct-2004 |
des |
Remove hcsecd line which was inadvertantly included in the previous commit.
|
#
136446 |
|
12-Oct-2004 |
des |
Remove a pointless syslogd_flags example.
MFC after: 2 weeks
|
#
136406 |
|
11-Oct-2004 |
obrien |
'portupgrade' places obsoleted shared libraries in /usr/local/lib/compat/pkg, so add this the list of directories ldconfig'ed.
|
#
135927 |
|
29-Sep-2004 |
trhodes |
Correct a trivial typo.
|
#
135912 |
|
29-Sep-2004 |
trhodes |
Give users the ability to load a mac_bsdextended(4) ruleset on boot (defaults to NO of course). Provide a basic ruleset file, rc.bsdextended, but allow the filename to be overridden through rc.conf.
Discussed with: rwatson (awhile ago)
|
#
135875 |
|
28-Sep-2004 |
dougb |
Create a named chroot directory structure in /var/named, and use it by default when named is enabled. Also, improve our default directory layout by creating /var/named/etc/namedb/{master|slave} directories, and use the former for the generated localhost* files.
Rather than using pax to copy device entries, mount devfs in the chroot directory.
There may be some corner cases where things need to be adjusted, but overall this structure has been well tested on a production network, and should serve the needs of the vast majority of users.
UPDATING has instructions on how to do the conversion for those with existing configurations.
|
#
135775 |
|
24-Sep-2004 |
dougb |
For the default FreeBSD install, the file path actually is /var/run/named/pid. This is done so that named can start with -u bind and still dump a pid file in that directory, which is chowned to user bind.
|
#
135757 |
|
24-Sep-2004 |
des |
It's named.pid, not named/pid.
Pointy hat to: dougb@
|
#
135701 |
|
24-Sep-2004 |
dougb |
Add a note to indicate that the path set in named_pidfile must also be set in named.conf. Our default named.conf has this already.
Update the note for named_symlink_enable to indicate that ndc is gone.
|
#
135252 |
|
15-Sep-2004 |
seanc |
Bring back etc/rc.d/ntpdate as requested by scads of people. This isn't a complete backout as the ntpd_sync_on_start etc/rc.conf tunable is still present, though the default is now NO (was YES). Since we're no longer syncing time at startup by default when ntpd is enabled (as was the case 24hrs ago), remove UPDATING entry pointing out that ntpd(1) -g is slower than ntpdate(1).
Hopefully ntpd_sync_on_start="YES" can be made the default for -CURRENT after 5.3 is cut. At the very least, this should be set to YES when a user requests to have ntpd enabled via sysinstall(1).
Requested by: many
|
#
135194 |
|
14-Sep-2004 |
seanc |
Stop using ntpdate(1) in our startup proceedure. Replace ntpdate(1) with calls to ntpd -g. ntpd is noticably slower than ntpdate, but is also more accurate. This removes the nasty hackery in rc.d/ntpdate that would parse out ntp servers from /etc/ntp.conf (ntpd knows how to read its own config file). By default, ntpd *will* sync with its listed time servers. To turn this off so that ntpd does not sync, ntpd_sync_on_start="NO" can be added to /etc/rc.conf. If ntpd is not enabled (the default), then time is not synced on startup. ntpdate's use has been depreciated by the ntpd authors for quite some time so this change shouldn't be unexpected.
Suggested by: des Approved by: roberto (resident ntp guru)
|
#
132678 |
|
27-Jul-2004 |
mlaier |
Fix typo in description of pflog_logfile.
Submitted by: Mike Jakubik
|
#
132356 |
|
18-Jul-2004 |
simon |
For the gbde attach script: - Ask the user up to X times (3 by default) for the pass-phrase, if it is incorrect the first time. - Add support for storing the lockfiles in another other directory than /etc. - Document that it is possible to override the location of each single lockfile.
Approved by: pjd
|
#
131338 |
|
30-Jun-2004 |
imp |
devd is now on by default
Reviewed by: dfr,njr (not nate!)
|
#
130699 |
|
18-Jun-2004 |
green |
Allow setting the system console keyboard via the ${keyboard} rc.conf directive.
|
#
129995 |
|
02-Jun-2004 |
ume |
fix typo in comment in my previous commit.
|
#
129994 |
|
02-Jun-2004 |
ume |
Add ip6addrctl_enable and ip6_addrctl_verbose option. If ip6addrctl_enable is set to YES, address selection policy is installed into kernel. If there is /etc/ip6addrctl.conf, it is used for address selection policy. Even if there is no /etc/ip6addrctl.conf, we install default policy. In this case, if ipv6_enable is set to YES, we use address selection policy described in RFC 3484 as default. Otherwise, we install priority policy for IPv4 address. The default of ip6addrctl_enable is NO for now. However, it may better to enable it by default.
|
#
129830 |
|
29-May-2004 |
njl |
Throw the switch and enable use of the lowest idle states while online in addition to offline. This can be overridden in /etc/rc.conf if it causes trouble although this has been stable since 2003/12.
|
#
128096 |
|
10-Apr-2004 |
green |
Document devfs_set_rulesets a little.
|
#
127895 |
|
05-Apr-2004 |
fjoe |
Document sendmail_pidfile variable. Add sendmail_procname variable.
|
#
127759 |
|
02-Apr-2004 |
mlaier |
Add rc.d script to start pflogd and add rcvars etc. Also document vars in rc.conf(5) and put a sample entry to newsyslog.conf
Reviewed by: -current Approved by: bms(mentor)
|
#
127345 |
|
23-Mar-2004 |
brooks |
Overhaul the /etc/rc.d/diskless script by splitting it out into hostname, resolve, tmp, and var scripts. The latter three are new and were repo copied. These scripts no longer depend on being booted with and NFS root instead attempt to automaticly create mfs /tmp and /var volumes if the they are not writable. This behavior can be overridden in /etc/rc.conf.
Reviewed by: luigi, pjd
|
#
127342 |
|
23-Mar-2004 |
mlaier |
Add rc.d script for pf(4) (more to come once pflogd(8) works as well). Update defaults and write some lines for rc.conf(5) also. Mostly dup'ed from ipf
Reviewed by: -current Approved by: bms(mentor)
|
#
126978 |
|
14-Mar-2004 |
dougb |
1. Remove the named_rcng variable. Mike's caution in this area was a good thing, but we're ready to move on.
2. Remove the -g default argument in named_flags. It doesn't actually do what most users think it does, and what most users want it to do is already accomplished with a proper default group for the bind user, which we have. Also, the -g knob does something entirely different in BIND 9, which leads to a lot of needless confusion/aggravation.
3. In the rc.d script, don't bogusly override $command, or $rc_flags. Both are adequately handled in rc.conf[.local].
4. DO properly override $rc_flags if user has named_chrootdir set. This may need to be revisited, but should be ok for now.
5. Protect all chrootdir-related bits under that variable, instead of named_rcng.
There is more work to be done here, especially in the area of BIND 9 compatibility, but this is a start at least.
Prompted in part by (legitmate) grousing from: kuriyama, Randy Bush
|
#
126554 |
|
03-Mar-2004 |
mtm |
From the PR: Certain MTA configurations mean that the notifications from virecover keep bouncing; so here's a patch to allow administrators to turn them off.
PR: conf/54910 Submitted by: bms (with a minor cleanup)
|
#
125388 |
|
03-Feb-2004 |
des |
Add support for initializing swap devices with random one-shot keys. Note that the keys are currently generated by computing the MD5 checksum of 512 bytes read from /dev/random, and are passed to gbde on the command line.
Sponsored by: Teleplan AS
|
#
125324 |
|
02-Feb-2004 |
mtm |
Ruleset numbers are not allowed in devfs_* knobs. Noticed by someone on -current.
|
#
125323 |
|
02-Feb-2004 |
mtm |
Support starting/stoping of jails individually.
This commit also removes the support for the sysutils/jailer port. This is inline with the general policy to keep ports related knobs out of the base system's configuration mechanism.
Submitted by: Juergen Unger <j.unger@addict.de>
|
#
123841 |
|
25-Dec-2003 |
babkin |
Added support for intelligent handling of DST transitions in cron.
reviewed by: imp
|
#
123626 |
|
18-Dec-2003 |
njl |
Add power_profile, a script that changes the ACPI CPU Cx idle state and/or the throttling state in response to line transitions. Future plans include adding support for CPU frequency changes.
Add a devd.conf entry for calling this script.
The default values for this are: performance_cx_lowest="HIGH" # Use HLT (C0) online performance_throttle_state="HIGH" # 100% (no throttling) economy_cx_lowest="LOW" # Use the lowest Cx state possible economy_throttle_state="HIGH" # 100% (no throttling)
|
#
123533 |
|
14-Dec-2003 |
seanc |
Backout ataraid rcng script. I must have missed ar0 in my scan of /dev after my first reboot because sure enough, I'm seeing it there now and ata(4) is doing the right thing(TM).
Pointed out by: des
|
#
123532 |
|
14-Dec-2003 |
seanc |
Add a script that allows software RAID sets to be created before file systems are mounted. An example set of entries for /etc/rc.conf:
ataraid_enable="YES" ataraid_devices="ar0" ataraid_ar0_set="ad2 ad3" ataraid_ar0_type="RAID1"
Because there is no "correct" way of doing ATA raid (ie, geom vs. atacontrol vs. vinum) that is bikeshed proof, this rcng script stays within the bounds of atacontrol and assumes that other RAID solutions for GEOM or vinum will end up in a different rcNG script.
Reviewed by: green
|
#
123029 |
|
28-Nov-2003 |
bms |
Add a means of starting an IKE daemon from the rc system at an appropriate time during the boot process. This is needed in the case where NFS mounts from servers reachable only via IPSEC are in /etc/fstab.
PR: conf/42497 Submitted by: Volker Stolz Approved by: re (rwatson)
|
#
120719 |
|
03-Oct-2003 |
phk |
Default ntpd to write a "driftfile" in /var/db/ntpd.drift.
A "driftfile" caches the oscillator offset estimate from boot to boot, having this means faster and less bumpy time synchronization. Will be overridden by any value in the config file.
|
#
120195 |
|
18-Sep-2003 |
dougb |
Add a default setting of NO for the gbde auto attach script, and document the options.
|
#
120095 |
|
15-Sep-2003 |
nectar |
Add `-C 60' to the default flags for inetd, so that it is less vulnerable to run-of-the-mill DoS attacks in the default installation.
|
#
119397 |
|
24-Aug-2003 |
mtm |
Enhance the jail start/stop script. o The following additional configuration attributes of a jail can be controlled from rc.conf: - mounting devfs(5) - mounting fdescfs(5) - mounting procfs(5) - custom devfs(8) ruleset If no ruleset is specified, the default jail ruleset is used.
o The output of executing /etc/rc in the jail is now redirected to /dev/null. Instead, the hostname of the jail is echoed if the jail(8) command exited successfully. If the output is wanted it can probably be redirected to a file (/var/run/$jail maybe) instead of /dev/null.
Submitted by: Scot W. Hetzel <hetzels@westbend.net> with modifications by Jens Rehsack <rehsack@liwing.de> and me.
|
#
119170 |
|
20-Aug-2003 |
mtm |
o Reduce rc(8) startup clutter by turning the informational messages off by default. o Apparently the routine displaying the informational messages wasn't checking its knob in rc.conf, so fix that as well.
Requested by: obrien
|
#
119166 |
|
20-Aug-2003 |
mtm |
Add a general mechanism for creating and applying devfs(8) rules in rc(8). It is most useful for applying rules to devfs(5) mount points in /dev or inside jails. The following line of script is sufficient to mount a relatively useful+secure devfs(5) in a jail:
devfs_mount_jail /some/jail/dev
Some new shell routines available to scripts that source rc.subr(5): o devfs_link - Makes it a little easier to create symlinks o devfs_init_rulesets - Create devfs(8) rulesets from devfs.rules o devfs_set_ruleset - Set a ruleset to a devfs(5) mount o devfs_apply_ruleset - Apply a ruleset to a devfs(5) mount o devfs_domount - Mount devfs(5) and apply some ruleset o devfs_mount_jail - Mount devfs(5) and apply a ruleset appropriate to jails.
Additional rulesets can be specified in /etc/devfs.rules. If the devfs_system_ruleset variable is defined in rc.conf and it contains the name of a ruleset defined in /etc/defaults/devfs.rules or user supplied rulesets in /etc/devfs.rules then that ruleset will be applied to /dev at startup by the /etc/rc.d/devfs script. It can also be applied post-startup:
/etc/rc.d/devfs start
This is a more flexible mechanism than the previous method of using /etc/devfs.conf. However, that method is still available.
Note: since devfs(8) doesn't provide any way for creating symlinks as part of a ruleset, anyone wishing to create symlinks in a devfs(5) as part of the bootup sequence will still have to rely on /etc/devfs.conf.
|
#
118908 |
|
14-Aug-2003 |
harti |
Now that routes for IP over ATM may look much more complex than before, use the atmconfig(8) utility instead of route(8) to install those routes. For this we need a new rc.conf variable natm_static_routes that works just like static_routes except that the referenced routes use the syntax of atmconfig(8).
Okay'ed by: mtm
|
#
118666 |
|
08-Aug-2003 |
ume |
add rtsol_flags.
MFC after: 1 week
|
#
118121 |
|
28-Jul-2003 |
mbr |
Change the default for background_dhclient back to NO. It can cause to much troubles with applications.
|
#
118108 |
|
28-Jul-2003 |
mbr |
Always start dhclient in the background.
Reviewed by: mtm
|
#
116874 |
|
26-Jun-2003 |
smkelly |
- Add a software watchdog facility.
This commit has two pieces. One half is the watchdog kernel code which lives primarily in hardclock() in sys/kern/kern_clock.c. The other half is a userland daemon which, when run, will keep the watchdog from firing while the userland is intact and functioning.
Approved by: jeff (mentor)
|
#
116352 |
|
14-Jun-2003 |
mtm |
Update a comment about symlinking named's pid file to correctly reflect the code.
Suggested by: maxim
|
#
115950 |
|
07-Jun-2003 |
mtm |
The dhcp_program and dhcp_flags variables have to be renamed to take advantage of the rc.subr(8) glue. They are renamed dhclient_program and dhclient_flags. o Rename them in rc.conf(5) o Rename them in /etc/defaults/rc.conf o Add the deprecated variables to /etc/rc.subr o Isolate the use of the 'command' variable to the NetBSD specific parts in /etc/rc.d/dhclient. o Now that dhcp_flags has also been renamed it will be applied properly by rc.subr(8) glue code.
Reported by: John Nielsen <john@jnielsen.net>
|
#
115585 |
|
01-Jun-2003 |
gordon |
Move networkfs_types from mountcritlocal into defaults/rc.conf as netfs_types. Also add logic into mountcritremote to add extra_netfs_types to the list.
This unbreaks putting smbfs, portalfs and now nwfs in fstab.
|
#
114492 |
|
02-May-2003 |
dougb |
Per previous announcement, remove the old version of the rc system.
All functionality from the previous system has been preserved, and users should still customize their system boot with the familiar methods, rc.conf, rc.conf.local, rc.firewall, sysctl.conf, etc.
Users who have customized versions of scripts that have been removed should take great care when upgrading, since the compatibility code that used those old scripts has also been removed.
|
#
114328 |
|
30-Apr-2003 |
markm |
Make the defaults for Kerberos 5 a little more up-to-date.
|
#
114326 |
|
30-Apr-2003 |
markm |
Change the name of the kadmind binary to match reality, now that KerberosIV is no longer an issue.
|
#
114115 |
|
27-Apr-2003 |
imp |
xten isn't needed after tw is gone.
Approved by: re@ (scottl)
|
#
113569 |
|
16-Apr-2003 |
mtm |
Add new knobs for controlling jails in rc.d and document them.
Approved by: makrm (mentor)
|
#
112354 |
|
17-Mar-2003 |
cjc |
A new rc-ng script to build linker.hints files with kldxref(8) automatically at boot time. Associated rc.conf(5) knobs and documentation are included.
|
#
112255 |
|
15-Mar-2003 |
dougb |
Make it more clear how to disable keybell, and where its options are found.
PR: conf/41772
|
#
111982 |
|
08-Mar-2003 |
markm |
Initiate KerberosIV de-orbit burn. Disconnect the /etc configs.
|
#
110570 |
|
08-Feb-2003 |
gshapiro |
/etc/rc.network isn't built to handle a value of "DEFAULT" (nor should it be). Using that string leads rc.network to execute:
# sysctl -w vfs.nfs.bufpackets=DEFAULT vfs.nfs.bufpackets: 4 -> 0
Which isn't what was intended.
PR: conf/31280 MFC after: 3 days
|
#
109233 |
|
14-Jan-2003 |
mtm |
Add rc_debug knob to rc.conf. The code for it has been in rc.subr for some time now. Document all knobs introduced by rc.d
Approved by: markm (mentor) Reviewd by: gordon (earlier revision)
|
#
109127 |
|
12-Jan-2003 |
mtm |
Fix the named script to find the correct pid file for the named(8) daemon by providing a new rc.conf knob: named_pidfile that defaults to the path specified in the system-installed named.conf(5).
Approved by: markm (mentor) Reviewed by: dougb Noticed by : Galen Sampson <galen_sampson@yahoo.com> Dan Pelleg <daniel+bsd@pelleg.org> PR: conf/46402 MFC: 2 weeks (with re@ approval)
|
#
108018 |
|
18-Dec-2002 |
mckusick |
Delay an optional amount of time after booting before starting a background fsck. The delay defaults to sixty seconds to allow large applications such as the X server to start before disk I/O bandwidth is monopolized by fsck.
Submitted by: Brooks Davis <brooks@one-eyed-alien.net> Sponsored by: DARPA & NAI Labs.
|
#
107655 |
|
06-Dec-2002 |
imp |
Make pccardd have -z by default. This fixes a few startup problems where people want to have the cards configured. Lack of -z is a speed optimization.
Submitted by: many voices on mobile@ Approved by: re@ (rwatson) MFC after: 3 days
|
#
106946 |
|
15-Nov-2002 |
ru |
Fixed two typos in comments.
|
#
106797 |
|
12-Nov-2002 |
imp |
Turn off devd until I have a devd.conf file that I can install one that does no harm.
|
#
106723 |
|
10-Nov-2002 |
imp |
Add devd_enable
Submitted by: dougb
|
#
106333 |
|
02-Nov-2002 |
ume |
Add IPv6 setup for ipfilter. `ipv6_ipfilter_rules' was added to specify rules definition file for ipfilter. The default is /etc/ipf6.rules. If there is a file which is specified by 'ipv6_ipfilter_rules', IPv6 rule is installed.
Reviewed by: Ronald van der Pol <Ronald.vanderPol@rvdp.org> MFC after: 1 week
|
#
102982 |
|
05-Sep-2002 |
gordon |
Introduce bootparamd into the boot scripts. Add a bootparamd_enable and _flags to rc.conf
Submitted by: John Hay <jhay@zibbi.icomtek.csir.co.za>
|
#
102915 |
|
03-Sep-2002 |
gshapiro |
Deprecate the use of sendmail_enable="NONE" as it adversely affects the new rcNG effort.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
|
#
102856 |
|
02-Sep-2002 |
gordon |
Turn rc_ng on by default now, it's time has come. While we are at it, I'd like to thank Mike Makonnen for all his work on rcNG. Without him, none of this would have been possible.
|
#
102617 |
|
30-Aug-2002 |
hm |
establish default values for /etc/rc.d/pcvt script
|
#
101850 |
|
14-Aug-2002 |
gordon |
Clean up some variables that should have been done before: xntpd_* -> ntpd_* portmap_* -> rpcbind_*
Also change single_mountd_enable to mountd_enable.
We also include shims for all the old variable names.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
|
#
100676 |
|
25-Jul-2002 |
ume |
Change the default setting of an IPv4-mapped IPv6 address to off.
Requested by: many people
|
#
100279 |
|
18-Jul-2002 |
ume |
be able to configure to run an IPv6 routing daemon even on an end node.
Requested by: Masachika ISHIZUKA <ishizuka@ish.org> MFC after: 1 week
|
#
98188 |
|
13-Jun-2002 |
gordon |
Add a couple of variables for rc.d
Submitted by: Mike Makonnen
|
#
97838 |
|
04-Jun-2002 |
obrien |
We want to play osterage and stick our heads in the sand and ignore things.
Requested by: jhb
|
#
97835 |
|
04-Jun-2002 |
obrien |
ntpdate(1) is depreciated.
|
#
96971 |
|
20-May-2002 |
gordon |
Explictly set kerberos_stash to NO instead of blank. While we are at it, fix a comment that suggested setting ipv6_ipv4mapping to blank. This will aid in merging with rcng which requires all veriables to be explicitly set.
Submitted by: Mike Makonnen MFC after: 1 week
|
#
95547 |
|
27-Apr-2002 |
dougb |
Remove reference to the TCP_RESTRICT_RST option, which was removed over a year ago.
Small ws twiddle while I'm here.
|
#
95189 |
|
21-Apr-2002 |
cjc |
Consistently use full pathnames for files, especially executables.
PR: conf/37292 Submitted by: Helge Oldach <send-pr@oldach.net> MFC after: 3 days
|
#
94407 |
|
11-Apr-2002 |
peter |
Back out /etc/rc.d addition. I'd like to see something come of what has already been imported. It would have been nice to get it out there in DP1, but that is too late now.
|
#
94392 |
|
10-Apr-2002 |
peter |
<peril sensitive sunglasses on> Add /etc/rc.d to the startup dirs list. It is a convenient place to put custom startup scripts instead of hacking a shared rc.local. eg: ftpd in listener mode, or maybe even sendmail or another mailer, etc. <peril sensitive sunglasses off>
|
#
93977 |
|
06-Apr-2002 |
asmodai |
Correct path for saver to reflect reality.
Submitted by: Martin Faxer <gmh003532@brfmasthugget.se>
|
#
93953 |
|
06-Apr-2002 |
dd |
Correct grammar(?) in comments.
PR: 36808 Submitted by: Andrew Boothman <andrew@cream.org>
|
#
93853 |
|
05-Apr-2002 |
gshapiro |
Quoting Peter Wemm, "At great personal risk, touch the sendmail startup again."
As an alternative to sendmail_enable=NONE, solve the boot time problem for non-sendmail users completely by moving all of the sendmail startup code from /etc/rc to /etc/rc.sendmail. The source for that script will be kept in src/etc/sendmail/rc.sendmail so make.conf's NO_SENDMAIL will prevent it from being installed. A new rc.conf variable, mta_start_script specifies the script to run to start the user's preferred MTA. For backward compatibility, it will default to /etc/rc.sendmail. The specified script is called out of /etc/rc after checking to make sure it exists. A new rc.sendmail.8 man page has also been added which now houses the sendmail_* variable descriptions formerly in rc.conf.5.
Use /etc/rc.sendmail in /etc/mail/Makefile to reduce code duplication.
Reviewed by: -current, -stable, obrien, peter, ru MFC after: 1 week
|
#
93314 |
|
28-Mar-2002 |
gshapiro |
Provide a way for users to completely prevent sendmail from trying to start at boot time.
Instead of rc.conf's sendmail_enable only accepting YES or NO, it can now also accept NONE. If set to NONE, none of the other sendmail related startup items will be done.
Remove an extra queue running daemon might be started that wasn't necessary (it didn't hurt anything but it wasn't needed).
The new logic is:
# MTA if ${sendmail_enable} == NONE # Do nothing else if ${sendmail_enable} == YES start sendmail with ${sendmail_flags} else if ${sendmail_submit_enable} == YES start sendmail with ${sendmail_submit_flags} else if ${sendmail_outbound_enable} == YES start sendmail with ${sendmail_outbound_flags} endif # MSP Queue Runner if ${sendmail_enable} != NONE && [ -r /etc/mail/submit.cf] && ${sendmail_msp_queue_enable} == YES start sendmail with ${sendmail_msp_queue_flags} endif
Discussed with: Thomas Quinot <Thomas.Quinot@Cuivre.FR.EU.ORG>, Christopher Schulte <schulte+freebsd@nospam.schulte.org> MFC after: 1 week
|
#
92192 |
|
12-Mar-2002 |
rwatson |
Allow LOMAC to be loaded as part of the boot scripts using "lomac_enable" setting in rc.conf.
Extracted from the still clammy hands of: green Sponsored by: DARPA, NAI Labs
|
#
90957 |
|
20-Feb-2002 |
cjc |
There is no reason to demand the administrator set 'natd_interface' when running natd(8) out of the rc-files. It is perfectly valid for the interface or alias address to be set in a natd(8) configuration file, not on the command line. Also, loosen up the restrictions on identifying an IP address argument in 'natd_interface.'
Fix the documentation, rc.conf(5), to reflect this change.
Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf.
MFC after: 3 days
|
#
90808 |
|
17-Feb-2002 |
gshapiro |
Add infrastructure for sendmail 8.12. If users are not starting a daemon at boot (sendmail_enable=NO), a localhost-only daemon may started (sendmail_submit_enable) as it is needed to accept mail from command line submissions. If this isn't desired, see etc/mail/README for more hints.
Optionally (sendmail_msp_queue_enable) start a queue runner for the submission queue in case a daemon isn't available to accept command line submitted mail at submission time.
Note that the syslog labels for all of these sendmail processes have been uniquified for easier log parsing.
|
#
89808 |
|
26-Jan-2002 |
cjc |
Make the rc.conf(5) 'log_in_vain' knob an integer.
Try this out in -CURRENT, MFC, and then consider dropping the 'log_in_vain' knob all together. It really is something for sysctl.conf(5).
PR: bin/32953 Reviewed by: -bugs discussion MFC after: 1 week
|
#
88676 |
|
29-Dec-2001 |
sheldonh |
Don't require operators to override the list of network filesystem types (networkfs_types) with a version that includes the original list.
This increases the scope for user error and also means that systems with networkfs_types set in /etc/rc.conf will not benefit from changes to the list in /etc/defaults/rc.conf on upgrade.
Instead, store the default list in /etc/rc itself and allow the operator to append to that list by specifying her own list in networkfs_types.
Rename networkfs_types to extra_netfs_types accordingly, as the new name better describes the purpose of the variable. Default the value to 'NO'.
|
#
88531 |
|
27-Dec-2001 |
sheldonh |
Re-introduce the fix that delays mounting of network filesystems until the network is initialized. This was first implemented in rev 1.268 of src/etc/rc, but was backed out at wollman's request.
The objection was that the right place for the fix is in mount(8). Having looked at that problem, I find it hard to believe that the hoops one would have to jump through can be justified by the desire for purity alone.
Note that there are reported issues surrounding nfsclient kernel support and mount_nfs(8), which currently make NFS an ugly exception to the general case.
With this change, systems with non-NFS network filesystems configured for mounting on startup in /etc/fstab are no longer guaranteed to fail on startup.
|
#
87464 |
|
06-Dec-2001 |
nsayer |
Add a commented-out defaultrouter entry for 6to4 users. See RFC-3068
|
#
87047 |
|
28-Nov-2001 |
ru |
Whitespace police.
Submitted by: cjc, ru
|
#
86856 |
|
24-Nov-2001 |
darrenr |
second part of the patches to complete ipf changes to rc
PR: multiple Submitted by: Arjan de Vet <devet@devet.org>
|
#
85219 |
|
20-Oct-2001 |
darrenr |
Put in place for using ipfs use on shutdown and startup.
PR: 27070
|
#
85114 |
|
18-Oct-2001 |
alfred |
Update to note that rpc.statd and rpc.lockd are now needed for client side NFS mounts.
Stumbled upon by: rwatson
|
#
84780 |
|
10-Oct-2001 |
jhb |
Remove references to nfsiod and nfs_client_flags now that they are obsolete.
Submitted by: Gordon Tetlow <gordont@gnf.org>
|
#
84730 |
|
09-Oct-2001 |
des |
Add a dumpdir variable that determines where savecore stores crash dumps. I've had this on my development box for ages...
|
#
84537 |
|
05-Oct-2001 |
sheldonh |
Quote the value of pccard_ether_delay, the only unquoted value in the entire file.
|
#
84421 |
|
03-Oct-2001 |
ume |
We don't ship pim6dd/pim6sd any more.
MFC after: 1 week
|
#
83677 |
|
19-Sep-2001 |
brooks |
Add a new rc.conf variable, cloned_interfaces, to create cloned interfaces at boot.
|
#
83389 |
|
13-Sep-2001 |
imp |
Due to a bug in the ed driver, which leads to hangs when using it with dhclient and pccard_ether, introduce the concept of a "settle time" to pccard_ether with the new pccard_ether_delay variable. Defaults to 5 seconds, which is enough time for the ed driver to finish its autoconfiguration for newer Linksys based cards. This also can eliminate the ed0: timeout messages that happen at startup as well.
MFC: after RE says OK.
|
#
82831 |
|
02-Sep-2001 |
rwatson |
o Add sample syslogd_flags for "-ss" which causes syslogd not to bind an inet socket.
|
#
82482 |
|
29-Aug-2001 |
obrien |
Remove more vestages of diskcheckd, which is now in ports/sysutils.
|
#
82191 |
|
23-Aug-2001 |
kuriyama |
Invoke named with privilege of bind:bind. Change pidfile location to /var/run/named/pid.
|
#
80515 |
|
28-Jul-2001 |
markm |
Upgraded launchpad for kerberos. Noe kerberos IV OR kerberos 5 may be started at boot for kerberos servers.
|
#
80209 |
|
23-Jul-2001 |
hm |
change the default for isdn_fsdev to NO. specifying a device here results in a potential conflict with a getty running on that device. PR: 26818 Submitted by: Clement Ballabriga <clement@asso.ups-tlse.fr>
|
#
79825 |
|
17-Jul-2001 |
roam |
Add a script_name_sep rc.conf knob to specify the IFS character for separating the startup scripts' list into individual filenames.
Run the shutdown scripts in reverse alphabetical order, so dependent services are stopped before the services they depend upon.
Reviewed by: -arch, -audit MFC after: 3 weeks
|
#
78935 |
|
28-Jun-2001 |
ume |
Change default of ipv6_default_interface to NO. This is meaningless in most cases and rather harmful.
Reported by: Kevin Oberman <oberman@es.net> MFC after: 1 week
|
#
78905 |
|
28-Jun-2001 |
dd |
Introduce syslogd_program and inetd_program variables in case somebody wants to replace one of those programs.
PR: 13609 Submitted by: Goran Lowkrantz <goran.lowkrantz@infologigruppen.se>
|
#
78493 |
|
20-Jun-2001 |
ume |
Change default value of rtadvd_enable to NO to be compatible with the following description in RFC2461:
AdvSendAdvertisements A flag indicating whether or not the router sends periodic Router Advertisements and responds to Router Solicitations.
Default: FALSE
Note that AdvSendAdvertisements MUST be FALSE by default so that a node will not accidentally start acting as a router unless it is explicitly configured by system management to send Router Advertisements.
Submitted by: JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp> MFC after: 1 week
|
#
78475 |
|
19-Jun-2001 |
ume |
Add configuration for a FAITH IPv6-to-IPv4 TCP translator. To use a FAITH actually, you also need faithd(8) setup. Please consult faithd(8) manpage.
|
#
78318 |
|
16-Jun-2001 |
dd |
Explicitly set arpproxy_all and start_vinum to "NO" for consistency.
PR: 28185 Submitted by: Gordon Tetlow <gordont@bluemtn.net>
|
#
78069 |
|
11-Jun-2001 |
ume |
prefixcmd_enable was obsoleted by syncing recent KAME. New prefix(8) is just a shell script for backward compatibility. Now, we always use ifconfig(8) instead of prefix(8).
MFC after: 3 weeks
|
#
77662 |
|
03-Jun-2001 |
phk |
Add diskcheckd to /etc/rc with a knob in rc.conf.
Make the default setting YES for now to get some experience with it.
Note: If people starts seeing disk errors because of this then it should not be backed.
|
#
77651 |
|
03-Jun-2001 |
brian |
Move gif_interfaces from an IP6 option to a regular IP option.
PR: 26543 Submitted by: Brooks Davis <brooks@one-eyed-alien.net> MFC after: 3 weeks
|
#
77154 |
|
25-May-2001 |
obrien |
I didn't fix the comment in rev 1.107.
|
#
77153 |
|
25-May-2001 |
obrien |
Turn on TCP_EXTENSIONS (rfc1323) by defualt.
|
#
76946 |
|
22-May-2001 |
dd |
Introduce a background_fsck rc.conf option which allows the user to enable or disable background fsck'ing all in one shot. Default is currently 'YES'.
Reviewed by: jkh
|
#
76592 |
|
14-May-2001 |
schweikh |
New option isdn_screenflags to set the syscons screen params for isdnd, plus documentation.
Submitted by: Alexander Leidinger <Alexander@Leidinger.net> Not objected to by: hm MFC after: 1 week
|
#
76331 |
|
07-May-2001 |
schweikh |
Use foo () instead of foo ( ) for function definition, so zsh can parse this file as well.
|
#
76110 |
|
28-Apr-2001 |
dd |
Add an allscreens_kbdflags option. Same thing as allscreens_flags, but runs kbdcontrol instead of vidcontrol.
Reviewed by: ru
|
#
75920 |
|
24-Apr-2001 |
schweikh |
Add isdn_ttype (moved to rc.conf from rc.isdn) PR: conf/24865 Submitted by: schweikh Reviewed by: hm
|
#
75796 |
|
21-Apr-2001 |
ache |
Fix typo in mouse_char range
|
#
75708 |
|
19-Apr-2001 |
ache |
Add mousechar_start hook
Reviewed by: Nick Hibma <n_hibma@qubesoft.com>
|
#
75181 |
|
04-Apr-2001 |
bmah |
Add removable_interfaces to /etc/defaults/rc.conf. It is used (undocumented until now) by /etc/pccard_ether.
MFC candidate.
Pointed out by: Dave Crane <dave@trig.net> Reviewed by: -mobile
|
#
74949 |
|
28-Mar-2001 |
phk |
Change ntp_flags to "-b" to inspire people to set it right.
Note that "right" in this case is not universally recognized, but NTP-practittioners as opposed to theoretians generally agree that getting "inside the window" using ntpdate is TRTTD on PC hardware.
PR: 25514 Submitted by: Chris Johnson <cjohnson-pr@palomine.net>
|
#
74493 |
|
19-Mar-2001 |
des |
Axe TCP_RESTRICT_RST. It was never a particularly good idea except for a few very specific scenarios, and now that we have had net.inet.tcp.blackhole for quite some time there is really no reason to use it any more.
(second of three commits)
|
#
74462 |
|
19-Mar-2001 |
alfred |
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the 1999 release.
Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface.
Many userland updates were done to bring the code up to par with the recent RPC API.
There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library.
While we're at it, bring in NetBSD's lockd, it's been far too long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
|
#
74418 |
|
18-Mar-2001 |
ume |
Add `ipv6_ifconfig_IFN_aliasN' directive to allow multiple aliases.
PR: conf/24239
|
#
74198 |
|
13-Mar-2001 |
peter |
At great personal risk, touch the sendmail startup again. This adds easy seperate knobs for inbound (accepting SMTP connections) and outbound (just occasionally dequeueing) sendmail daemon startup.
|
#
74140 |
|
12-Mar-2001 |
dougb |
Add flags option for savecore.
Submitted by: David A. Panariti <davep@who.net>
|
#
74063 |
|
10-Mar-2001 |
dougb |
Avoid complicated tests of whether devices are present or not, and enable all harvesting options by default since having them on for devices not present doesn't hurt anything. Leave them on by default since for the most part they are not producing noticable slowdown, and are about to get a lot more efficient.
Re-order part of the cheesy entropy process in preparation for its complete removal.
|
#
73277 |
|
01-Mar-2001 |
dougb |
Add code to turn on the entropy harvesting sysctl's as early as possible during the boot process. We're turning it on by default, based on the actual presence of a configured ethernet card, and/or ppp/tun devices. Of course, it's easy to disable in rc.conf.
|
#
73242 |
|
28-Feb-2001 |
jkh |
Have coff be a default ibcs2 loader if we have ibcs2 support enabled.
|
#
72031 |
|
05-Feb-2001 |
dougb |
Introduce the option of running fsck -y if the initial preen fails. Defaults to off.
Obtained from: Yahoo!
|
#
71632 |
|
25-Jan-2001 |
ume |
Mention about rtadvd_interfaces. It should be specified if you want use rtadvd.
|
#
71340 |
|
21-Jan-2001 |
dougb |
Add the options of which cron program to run, and specifying flags to it.
PR: conf/24358 Submitted by: Gerhard Sittig <Gerhard.Sittig@gmx.net>
|
#
71121 |
|
16-Jan-2001 |
des |
Add a sysvipc_enable variable that causes the SysV IPC modules to be loaded.
Reviewed by: dougb
|
#
71014 |
|
14-Jan-2001 |
dougb |
Move the process of storing entropy from /dev/random and reseeding with it at boot time closer to the way we want it to be in the final version.
* Move the default directory to /var/db/entropy * Run the entropy saving cron job every 11 minutes. This seems to be a better default, although still bikeshed material. * Feed /dev/random some cheesy "entropy" from various commands and files before the disks are mounted. This gives /dev/random a better chance of running without blocking early. * Move the reseeding with previously stored entropy to the point immediately after the disks are mounted. * Make the harvesting script a little safer in regards to the possibility of accidentally overwriting something other than a regular file.
|
#
70922 |
|
11-Jan-2001 |
dougb |
Add a system to save entropy from /dev/random periodically so that it can be used to reseed at boot time. This will greatly increase the chances that there will be sufficient entropy available at boot time to prevent long delays.
For /etc/rc, remove the vmstat and iostat runs from the attempt to provide some cheesy randomness if the files fail, since those programs are dynamically linked, and ldd seems to want some randomness to do its magic.
Guidance and parameters for this project were provided by Mark Murray, based on the requirements of the Yarrow algorithm. Some helpful suggestions for implementation (including the tip about iostat and vmstat) were provided by Sheldon Hearn. All blame for problems or mistakes is mine of course.
|
#
67906 |
|
29-Oct-2000 |
ume |
- ipv6_prefix_* and ipv6_ifconfig_* work for end node - rtsol should be work for only one interface - new variable ipv6_defaultrouter is added - option name of rtadvd in comment are corrected - ipv6_firewall_enable, ipv6_firewall_type, ipv6_firewall_script, ipv6_firewall_logging are added to introduce rc.firewall6.
IPv6 firewall rule is just starting point and should be brushed up. This commit includes PR18621, PR21694, PR22051.
PR: conf/18621, conf/21694, conf/22051 Reviewed by: asmodai
|
#
67793 |
|
28-Oct-2000 |
sanpei |
add PC-Card melody beep(PC Card bus, kludge version)
Original idea from: PAO3
|
#
67180 |
|
16-Oct-2000 |
jwd |
Set new default: entropy_file="/entropy"
with /var/db/entropy being a hardcoded backup.
Submitted by: Doug Barton <DougB@gorean.org> Approved by: markm
|
#
66745 |
|
06-Oct-2000 |
darrenr |
This brings support for IP Filter into rc.network and rc.conf with the appropriate documentation added to rc.conf(5). If all goes well with this over the next few weeks, the PR will be closed with the pullup of patches back to 4-STABLE.
PR: 20202 Submitted by: Gerhard Sittig <Gerhard.Sittig@gmx.net> Reviewed by: Darren Reed <darrenr@freebsd.org> Approved by: Darren Reed <darrenr@freebsd.org> Obtained from: Gerhard Sittig <Gerhard.Sittig@gmx.net>
|
#
66634 |
|
04-Oct-2000 |
brian |
Add a unaligned_print option (alpha only) Document osf1_enable
Submitted by: Eric D. Futch <efutch@nyct.net> PR: 21649
|
#
65306 |
|
01-Sep-2000 |
obrien |
Remove our override on the default time that a looked up name remains cached when not in use. This changes the FreeBSD default from 30 minutes to 5 minutes. JKH was the one that added the override to amd_flags, but there was no reason given other to serve as an example of what could be done.
|
#
64816 |
|
18-Aug-2000 |
sheldonh |
Document ibcs2_loaders and provide a default for it in etc/defaults/rc.conf .
|
#
64749 |
|
17-Aug-2000 |
jhb |
Mention that basic network options now include firewall/security options as well.
|
#
64677 |
|
15-Aug-2000 |
sheldonh |
Add a sample ifconfig entry for an IPX address family address, to give IPX folks a fighting chance of figuring this out themselves. I can't work out how to document this carefully in rc.conf(5), but this ought to close the PR.
PR: 17904 Reported by: John Gelnaw <jeg@hawk.circa.ufl.edu>
|
#
64520 |
|
11-Aug-2000 |
jdp |
Add an rc.conf knob "ldconfig_insecure" to disable ldconfig's security checks. Set the default to NO, i.e., secure.
Submitted by: Maxime Henrion <mhenrion@cybercable.fr>
|
#
64501 |
|
10-Aug-2000 |
billf |
make sshd follow the pattern of enable, program, flags like every other entry does.
|
#
64471 |
|
10-Aug-2000 |
brian |
Allow a ppp_user specification to run ppp at startup
PR: 20258
|
#
63980 |
|
28-Jul-2000 |
eivind |
Change the defaults for portmap, sendmail and inetd to be not running them. Make sysinstall override this on install, so the effective behavioural change for a newly installed system is null. Overall, this makes a system with an empty /etc/rc.conf not run any network services, and makes the FreeBSD-provided network services that are running visible in /etc/rc.conf (instead of making people look through /etc/defaults/rc.conf to find the things they need to disable to secure the system.)
Reviewed by: jhb Discussed with: The usual cabal
|
#
63773 |
|
23-Jul-2000 |
asmodai |
Add weak_mountd_authentication, which is examined in /etc/rc.network. Setting this to YES instead of its default NO, causes mountd to be passed the -n flag, which allow non-root users mount requests to be served.
|
#
63307 |
|
17-Jul-2000 |
markm |
Add entropy caching. With this, some entropy is cached at shutdown time, and this is used to reseed the random number generator at boot time.
NOTE - this has no hope of working if you halt(); you need to execute rc.shutdown to get the entropy stash.
|
#
62075 |
|
25-Jun-2000 |
markm |
Clean up all the old setup code for the old /dev/random. This will be revisited when the new /dev/random is done.
|
#
61981 |
|
23-Jun-2000 |
brian |
Introduce /etc/defaults/periodic.conf, similar in concept to rc.conf. The only change in the default functionality should be that the output reports are slightly more verbose WRT files deleted.
Not objected to by: freebsd-arch
|
#
61961 |
|
22-Jun-2000 |
dillon |
Add ip_portrange_first and ip_portrange_last rc.conf/rc.network options. This allows you to set the standard dynamic port assignment range prior to any network daemons (like named) starting up, necessary if you are also using a firewall to restrict lower ports. will be MFC'd in a few days
|
#
61867 |
|
20-Jun-2000 |
brian |
Don't include /compat/linux/tmp in $clean_daily_dirs as it's usually a link to /tmp
Pointed out by: des
|
#
61459 |
|
09-Jun-2000 |
brian |
Add clear_daily_* variables
|
#
60977 |
|
27-May-2000 |
wilko |
Add suggested comment for TCP_DROP_SYNFIN and TCP_RESTRICT_RST
PR: conf/18124 Submitted by: Matt Heckaman <matt@arpa.mail.net>
|
#
60685 |
|
18-May-2000 |
wollman |
Fix misleading comment.
|
#
60628 |
|
16-May-2000 |
dillon |
Add ipsec_enable and ipsec_file options to run IPSEC's setkey program with the specified configuration file at the appropriate time.
|
#
60103 |
|
06-May-2000 |
ache |
Add firewall_logging knob to enable/disablle events logging, disabled by default. Needed mainly for ipfw kernel module to enable logging disabled there.
|
#
59674 |
|
27-Apr-2000 |
sheldonh |
Add to defaults/rc.conf a new function source_rc_confs which rc scripts may use to source safely overrides in ${rc_conf_files} files.
This protects users who insist on the bad practice of copying /etc/defaults/rc.conf to /etc/rc.conf from a recursive loop that exhausts available file descriptors.
Several people have expressed interest in breaking this function out into its own shell script. Anyone who wants to embark on such an undertaking would do well to study the attributed PR.
PR: 17595 Reported by: adrian Submitted by: Doug Barton <Doug@gorean.org>
|
#
58979 |
|
03-Apr-2000 |
iwasaki |
Enable etc/defaults/pccard.conf which is default configuration file for pccardd. Please install /etc/defaults/pccard.conf and update /etc/defaults/rc.conf as well. Note that old pccard.conf.sample still remains for while but no longer to be maintained.
Reviewed by: imp, -mobile ML and nomads ML in Japan.
|
#
58791 |
|
29-Mar-2000 |
shin |
Fix english.
Specified by: sheldonh
|
#
58752 |
|
28-Mar-2000 |
shin |
Add a configuration options which enable/disable IPv4 mapped IPv6 addr support.
Suggested and Reviewed by: ume
|
#
58710 |
|
27-Mar-2000 |
dillon |
Add a sysctl to specify the amount of UDP receive space NFS should reserve, in maximal NFS packets. Originally only 2 packets worth of space was reserved. The default is now 4, which appears to greatly improve performance for slow to mid-speed machines on gigabit networks.
Add documentation and correct some prior documentation.
Problem Researched by: Andrew Gallatin <gallatin@cs.duke.edu> Approved by: jkh
|
#
58400 |
|
20-Mar-2000 |
billf |
Make syslogd boot -s by default, which prevents Bad People from filling up your diskspace.
PR: conf/15737 Submitted by: Kevin Day <toasty@dragondata.com> (PR) Nick Johnson <freebsd@spatula.net> (on -current)
|
#
57944 |
|
12-Mar-2000 |
shin |
IPv6 related configuration updates. - 6to4(stf) interface configuration. - Static route configuration. - Comment additions. - Replaced a still existed '@' to '%' in IPv6 scoped addr format. (This became necessary as previous IPv6 scoped addr format change.)
Much thanks to ume, who helped me reviewing, testing, and finding problems with these changes.
Approved by: jkh
Reviewed by: ume
|
#
57860 |
|
09-Mar-2000 |
shin |
Change default of rtadvd to "YES". Also add IPv6 example for "ifconfig_ifname_alias".
Suggested by: bmah@CA.Sandia.GOV
|
#
57458 |
|
24-Feb-2000 |
markm |
Add userland tweakables for OpenSSH and OpenSSL.
|
#
57398 |
|
23-Feb-2000 |
shin |
Add IPv6 configuration scripts.
Initial version created by, and kindly much tested by: bmah@CA.Sandia.GOV (Bruce A. Mah)
Approved by: jkh
Reviewed by: bmah@CA.Sandia.GOV (Bruce A. Mah), Ollivier Robert <roberto@keltia.freenix.fr> Obtained from: KAME project
|
#
57337 |
|
19-Feb-2000 |
jkh |
PS/2 mice are a lot more common than serial mice now; use /dev/psm0 as default rather than /dev/cuaa0
|
#
57014 |
|
06-Feb-2000 |
paul |
Add a firewall_flags option that is used when ipfw processes a file. It allows you to run a preprocessor, such as m4, so that you can use macros in your rules file.
Approved by: jkh
|
#
54949 |
|
21-Dec-1999 |
sheldonh |
Add an explicit warning against copying this file into /etc/, since work-arounds for the ".: Out of file descriptors" problem (see PR 13724) are taking longer than expected to come to fruition.
|
#
54683 |
|
16-Dec-1999 |
roberto |
Bye bye xntpd, enter ntp.
The variable names haven't changed for compapatibility reasons.
|
#
54642 |
|
15-Dec-1999 |
gallatin |
Add an enable_osf1 knob to the alpha startup code
|
#
54041 |
|
02-Dec-1999 |
imp |
Now that pccardc beep actually works, add knob for it in rc.conf/rc.pccard
Submitted by: sanpei@sanpei.org (MIHIRA-san Yoshiro)
|
#
53665 |
|
24-Nov-1999 |
alfred |
we all like to 'Use' ppp, but this should be 'User'
Pointed out by: dcs
|
#
53620 |
|
23-Nov-1999 |
ache |
Remove man_locales - goes to manpath.config
|
#
53611 |
|
23-Nov-1999 |
brian |
Add pppoed startup options
|
#
53158 |
|
14-Nov-1999 |
ache |
Add single_mountd_enable hook to run mountd but not NFS server Needed for machine with CFS but without real NFS
|
#
52283 |
|
16-Oct-1999 |
obrien |
Remove "-k" (kernel-arch) as "i386" is not appropriate on the Alpha. Also remove the "-d" domain option, as if someone is savey enough to want this, they are savey enought to make a custom amd_flags in /etc/rc.conf.
|
#
51827 |
|
01-Oct-1999 |
billf |
If dumpdev exists, it's automatically enabled. Change comment to reflect.
|
#
51535 |
|
22-Sep-1999 |
jkoshy |
Remove the "vinum_drives" rc.conf knob. According to Greg <grog@lemis.com> this is no longer the right way to start Vinum unless you are doing some kind of maintenance, and that's not the sort of thing that would go into rc.conf.
|
#
51290 |
|
15-Sep-1999 |
obrien |
/emulation/binary compatibility/
|
#
51224 |
|
13-Sep-1999 |
des |
Fix disordering introduced in my previous commit.
Pointed out by: bde
|
#
51209 |
|
12-Sep-1999 |
des |
Add the net.inet.tcp.restrict_rst and net.inet.tcp.drop_synfin sysctl variables, conditional on the TCP_RESTRICT_RST and TCP_DROP_SYNFIN kernel options, respectively. See the comments in LINT for details.
|
#
51174 |
|
11-Sep-1999 |
ache |
Add man_locales knob to specify localized man subdirs for makewhatis and catman
|
#
51038 |
|
06-Sep-1999 |
cpiazza |
set check_quotas="YES" as the default.
PR: 13603 Submitted by: Alex Perel <veers@distributed.net> Reviewed by: billf
|
#
50472 |
|
27-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
50193 |
|
22-Aug-1999 |
brian |
ppp_alias -> ppp_nat
Submitted by: Josef L. Karthauser <joe@FreeBSD.org.uk>
|
#
49785 |
|
14-Aug-1999 |
obrien |
s/Yes/YES/g. `tcp_extensions''s comment implied "Yes" was a valid value for turning on the feature. Which is wrong.
Submitted by: bde
|
#
49783 |
|
14-Aug-1999 |
obrien |
Hopefully clarify "log_in_vain" knob's comment.
Reviewed by: bde, sheldonh, andreas
|
#
49704 |
|
14-Aug-1999 |
obrien |
Use proper capitalization.
|
#
49703 |
|
14-Aug-1999 |
obrien |
Use better comment for tcp_keepalive option.
Submitted by: imp
|
#
49603 |
|
10-Aug-1999 |
des |
Add net.inet.icmp.log_redirect and net.inet.icmp.drop_redirect, for respectively logging and dropping ICMP REDIRECT packets.
Note that there is no rate limiting on the log messages, so log_redirect should be used with caution (preferrably only for debugging purposes).
|
#
49393 |
|
03-Aug-1999 |
eivind |
Better comment on ntpdate_enable - if I have misunderstood when ntpdate was run (I thought it was cron'ed), other people probably do too.
|
#
49110 |
|
26-Jul-1999 |
brian |
Add a default ppp.conf (mode 600).
Originally submitted by: Wayne Self <wself@cdrom.com>
Allow a ppp startup option in rc.conf.
Adjust sysinstall so that it appends to the end of ppp.conf and uses the generated profile to start ppp in auto mode on boot.
Submitted by: Josef L. Karthauser <joe@uk.FreeBSD.org>
|
#
48880 |
|
18-Jul-1999 |
jkh |
Use a less annoying default hostname.
|
#
48842 |
|
16-Jul-1999 |
jkh |
Allow DHCP to be used in an ifconfig variable instead of the usual address information, producing the obvious effect (dhcp configuration).
Submitted by: "Sean O'Connell" <sean@stat.Duke.EDU>
|
#
48785 |
|
12-Jul-1999 |
iwasaki |
Refine on explanation for apm stuff. Make it clear that apmd depends on apmconf -e.
Reviewed by: obrien, my friend :-)
|
#
48747 |
|
11-Jul-1999 |
iwasaki |
Add apmd_enable and apmd_flags for the boot-time optinos.
Pointed out by: obrien Forgotten by: iwasaki
|
#
48697 |
|
09-Jul-1999 |
sheldonh |
Allow internal and external wrapping to be enabled independantly of each other. Instead of allowing the -w option to be specified twice, we now take -w (wrap external) and -W (wrap internal).
Discussed with: markm
|
#
48687 |
|
08-Jul-1999 |
peter |
Tweak previous commit. Only sense the configuration if network_interfaces is set to "auto". Any network_interfaces settings will be treated as before.
|
#
48662 |
|
07-Jul-1999 |
peter |
Do away with ${network_interfaces} in rc.conf. Just use `ifconfig -l` to get a list of interfaces, and then automatically configure them if ${ifconfig_${ifn}} or /etc/start_if.${ifn} exists.
This makes it a lot easier to deal with machines that constantly change their network configuration as you can leave ifconfig settings for all the possible cards - just the ones that are present will be configured.
|
#
48648 |
|
07-Jul-1999 |
hosokawa |
Added pccard_conf parameter to /etc/rc.conf, and set it to "/etc/pccard.conf.sample" in /etc/defaults/rc.conf. Perhaps this default value can be inappropriate, but I set to this value for the convenience of PC-card boot.flp users. Please correct it if there are better solutions.
|
#
48554 |
|
04-Jul-1999 |
hosokawa |
Added "pccardd_flags" for rc.conf.
|
#
48296 |
|
28-Jun-1999 |
obrien |
Amd now mounts to "/.amd_mnt" rather than "/net". "/net/<host>" now works in addition to "/host/<host>". This make us consistant with Sun (as we already were with SGI).
|
#
48290 |
|
27-Jun-1999 |
jseger |
Standardize appearance of subsection headers (two spaces for section name)
|
#
48279 |
|
27-Jun-1999 |
sheldonh |
Add command-line option (-w), specified once to enable wrapping and twice to enable wrapping for internal wrapping as well. If the option is not specified wrapping is turned off so that inetd will behave exactly as it used to before TCP Wrappers was imported.
Change etc/defaults/rc.conf so as to encourage wrapping on new systems.
Clarify the use of TCP Wrappers in the IMPLEMENTATION NOTES of the manual page.
Approved by: jkh
|
#
47752 |
|
05-Jun-1999 |
phk |
Add handle to control global TCP keepalives and turn them on as default.
Despite their name it doesn't keep TCP sessions alive, it kills them if the other end has gone AWOL. This happens a lot with clients which use NAT, dynamic IP assignment or which has a 2^32 * 10^-3 seconds upper bound on their uptime.
There is no detectable increase in network trafic because of this: two minimal TCP packets every two hours for a live TCP connection.
Many servers already enable keepalives themselves.
The host requirements RFC is 10 years old, and doesn't know about the loosing clients of todays InterNet.
|
#
47248 |
|
16-May-1999 |
phk |
Change tcp_extension comment.
Submitted by: Studded <Studded@gorean.org> Reviewed by: phk
|
#
45542 |
|
10-Apr-1999 |
des |
Allow the user to specify a different firewall script than /etc/rc.firewall.
|
#
45239 |
|
02-Apr-1999 |
grog |
Add variable start_vinum. If set to YES, it will start vinum and automagically find all the partitions. This is to be preferred to the somewhat emetic usage of vinum_slices and the equally obnoxious 'vinum read' command.
|
#
45096 |
|
28-Mar-1999 |
imp |
Add two features: log_in_vain: log_in_vain turns on logging for packets to ports for which there is no listener. rc.sysctl: A generic way to set sysctl values. It reads /etc/syslog.conf and sets values based on that. No /etc/syslog.conf has been checked in yet, and I've not added this to the makefile yet until I get more feedback.
Reviewed by: -current, -hackers and bde especially
|
#
44990 |
|
24-Mar-1999 |
brian |
Add natd_program and change a comment.
|
#
44818 |
|
17-Mar-1999 |
billf |
Split check_quotas into check_quotas and enable_quotas
enable_quotas - use quotas on your system check_quotas - check for violations on startup
By assuming that a system was neat and without violation before it booted we can skip a long (and at that point needless) process.
Submitted by: Alex Perel <veers@disturbed.net>
|
#
44668 |
|
11-Mar-1999 |
jfitz |
Add ${lpd_program} and ${portmap_program} as variables in rc.conf, with suitable defaults pointing to the FreeBSD-shipped versions. This will allow for easier integration of third-party replacements for these daemons. Reviewed by: Several members of -committers
|
#
44450 |
|
03-Mar-1999 |
phk |
Change the comment to sendmail_flags which has scared so many people from removing -bd to something more sensible.
|
#
43809 |
|
09-Feb-1999 |
jkh |
Move rc.conf into defaults/ directory. This is part of a larger series of commits to deal with the rc.conf.site confusion.
|