aboutsummaryrefslogtreecommitdiff
path: root/etc/rc.d
Commit message (Collapse)AuthorAgeFilesLines
* Move rc startup scripts from etc/ to sbin/init/Brad Davis2018-07-28167-11470/+0
| | | | | | | | | | | This keeps most startup scripts as CONFS per discussion on src-committers from back during BSDCan. Approved by: will (mentor) Differential Revision: https://reviews.freebsd.org/D16466 Notes: svn path=/head/; revision=336845
* Revert r336572 and wrap them in machine checks so they are only installed onBrad Davis2018-07-211-0/+3
| | | | | | | | | | i386. Approved by: allanjude (mentor), imp Differential Revision: https://reviews.freebsd.org/D16380 Notes: svn path=/head/; revision=336581
* Purge some old apmd filesBrad Davis2018-07-211-1/+0
| | | | | | | | Approved by: allanjude Differential Revision: https://reviews.freebsd.org/D16373 Notes: svn path=/head/; revision=336572
* Automatically run ntpd as non-root when possible.Ian Lepore2018-07-201-28/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ntpd needs only a subset of full root privileges to do its job. Specifically it needs the ability to manipulate system time, and to re-bind to a privileged UDP port after interface changes. The mac_ntpd(4) policy module (see r336525) can grant these privs. These changes detect the availability of mac_ntpd(4). If enabled, and if the ntpd configuration is fairly vanilla, it automatically runs ntpd as the non-root user 'ntpd' (uid 123). "Vanilla" means the config doesn't include command line or ntp.conf options changing the location of files or using any files/dirs likely to be inaccessible to user ntpd. Ntpd can still run as non-root when using such options, but the admin must ensure all required files and dirs are accessible, and then set ntpd_user=ntpd in rc.conf. Note that these changes also address PR 199127 by using the command_args technique suggested in the patch. They also tangentially address PR 113552, which is primarily about inconsistent filenames in documentation, but some of the inconsistancy was caused by old code in rc.d/ntpd which is leftover from the intial import from netbsd. There was code to do chroot setup which required the use of the netbsd clockctl(4) device; that code never had any effect on freebsd, because we lack that device and don't build ntpd with the options that would allow using it. PR: 113552 199127 Relnotes: yes Differential Revision: https://reviews.freebsd.org/D16050 Notes: svn path=/head/; revision=336547
* When being verbose about various leapfile versions, also mention expiration.Ian Lepore2018-06-281-2/+2
| | | | | | | | | | The expiration date is actually more of a version number than the version date, because expiration changes twice a year, whereas the version only changes when actual leap second events occur (except in USNO leapfiles, which inappropriately bump the version with every expiration date change). Notes: svn path=/head/; revision=335787
* Rename variable ntp_tmp_leapfile to have a leading underbar, to distinguishIan Lepore2018-06-281-6/+6
| | | | | | | | | it from variables with similar names which are set in rc.conf. This will make more sense as the script grows more similar-name local variables in some upcoming changes. Notes: svn path=/head/; revision=335786
* geli attach multiple providersBen Woods2018-06-261-1/+37
| | | | | | | | | | | | | | | | | | | | | | | | | Allow attaching of multiple geli providers at once if they use same passphrase and keyfiles. This is helpful when the providers being attached are not used for boot, and therefore the existing code to first try the cached password when tasting the providers during boot does not apply. Multiple providers with the same passphrase and keyfiles can be attached at the same time during system start-up by adding the following to rc.conf: geli_groups="storage backup" geli_storage_flags="-k /etc/geli/storage.keys" geli_storage_devices="ada0 ada1" geli_backup_flags="-j /etc/geli/backup.passfile -k /etc/geli/backup.keys" geli_backup_devices="ada2 ada3" Reviewed by: wblock, delphij, jilles Approved by: sobomax (src), bcr (doc) Differential Revision: https://reviews.freebsd.org/D12644 Notes: svn path=/head/; revision=335673
* Use 'mv -f' in rc.d/ntpd to avoid spuriously halting the boot.Ian Lepore2018-06-231-1/+2
| | | | | | | | | | | | | The final 'mv' to install a fetched leap-list file can fail (due to a readonly fs, or schg flags, for example), and that leads to mv(1) prompting the user, stopping the boot process. Instead, use mv -f to supress the prompting, and if verbose mode is on, emit a warning that the existing file cannot be replaced. PR: 219255 Notes: svn path=/head/; revision=335575
* Add "mountcritremote" to the REQUIRE line for nfsd.Rick Macklem2018-06-221-1/+1
| | | | | | | | | | | | For a pNFS MDS server, there must be mounts done to the DSs before the nfsd is started. Adding the REQUIRE line makes sure these are done. If there are NFS mounts in /etc/fstab that cannot be completed before the nfsd starts, the "bg" mount option can still be used to handle that. I do not believe this should cause problems for non-pNFS NFS servers. (I have requested a review by rc@, but it is still pending.) Notes: svn path=/head/; revision=335566
* devmatch: Address some rc nitsKyle Evans2018-06-141-0/+1
| | | | | | | | | | | | | - devmatch_enable in rc.conf(5) was not gating the start of devmatch - Use quietstart in devd/devmatch to suppress dozens of 'Cannot start' messages and other spurious messages from rc.subr(8) that aren't necessarily helpful. Discussed with: imp Notes: svn path=/head/; revision=335147
* ipfw: fix status if ipfw.ko is not loadedKristof Provost2018-06-071-2/+2
| | | | | | | | | If the ipfw module is not loaded the net.inet.ip.fw.enable OID does not exist, which leads the script to report errors and incorrectly report that ipfw is enabled. Notes: svn path=/head/; revision=334782
* ipfw: fix whitespaceKristof Provost2018-06-071-8/+8
| | | | | | | No functional changes. Notes: svn path=/head/; revision=334781
* pf: Return non-zero from 'status' if pf is not enabledKristof Provost2018-06-061-0/+2
| | | | | | | | | | | | | | | | In the pf rc.d script the output of `/etc/rc.d/pf status` or `/etc/rc.d/pf onestatus` always provided an exit status of zero. This made it fiddly to programmatically determine if pf was running or not. Return a non-zero status if the pf module is not loaded, extend pfctl to have an option to return an error status if pf is not enabled. PR: 228632 Submitted by: James Park-Watt <jimmypw AT gmail.com> MFC after: 1 week Notes: svn path=/head/; revision=334726
* Only create /var/log/sendmail.st if start sendmail.Brad Davis2018-06-061-0/+4
| | | | | | | | | For those of us that never use or start sendmail, it is unneeded. Approved by: bapt (mentor) Notes: svn path=/head/; revision=334700
* Make the cfumass rc script support USB template 10.Edward Tomasz Napierala2018-05-271-14/+37
| | | | | | | | MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=334254
* Set label when setting up USB LUNs, it looks nicer this way.Edward Tomasz Napierala2018-05-161-1/+2
| | | | | | | | MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=333685
* Change the cfumass rc script to stop pretending the USB LUN is a virtualEdward Tomasz Napierala2018-05-161-1/+1
| | | | | | | | | | CD; for some reason OSX can't deal with it. MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Notes: svn path=/head/; revision=333684
* Rename all Unbound binaries and man pages from unbound* to local-unbound*.Dag-Erling Smørgrav2018-05-121-4/+4
| | | | | | | PR: 222902 Notes: svn path=/head/; revision=333573
* Remove the ability to generate long since useless SSH1 RSA keys.Dag-Erling Smørgrav2018-05-121-5/+0
| | | | Notes: svn path=/head/; revision=333520
* Make /etc/rc.d/kldxref not print anything for directories that don'tEdward Tomasz Napierala2018-05-111-2/+3
| | | | | | | | | | | | | contain any kernel modules. This makes the common case completely silent, as it should be. Reviewed by: imp@ MFC after: 2 weeks Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D14694 Notes: svn path=/head/; revision=333491
* Remove "All rights reserved" from my files.Xin LI2018-05-103-4/+1
| | | | | | | | | See r333391 for the rationale. MFC after: 1 week Notes: svn path=/head/; revision=333449
* Use M. Warner Losh everywhere on my copyrights.Warner Losh2018-05-011-2/+1
| | | | | | | Remove 'All Rights Reserved' where I can. Notes: svn path=/head/; revision=333143
* bthidd(8): Add evdev protocol support for bluetooth keyboards and mousesVladimir Kondratyev2018-04-301-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | User-visible changes: "-u" is added to to list of command line options supported by bthidd. Use it to enable evdev support. uinput and evdev modules should be kld-loaded or compiled into the kernel in that case. bthidd_evdev_support rc.conf variable is added to control enabling of evdev support in bthidd startup script. Possible values are: "YES", "NO", "AUTO"(default). Setting bthidd_evdev_support to "AUTO" inserts "-u" option if kernel is compiled with EVDEV_SUPPORT option enabled. Support for consumer HID usage page keyboard events is implemented. Most of them are available only through evdev protocol. kern.evdev.rcpt_mask sysctl is checked, so "sysctl kern.evdev.rcpt_mask=12" should be executed if EVDEV_SUPPORT is compiled into kernel. It is recommended to regenerate bthidd.conf entries with bthidcontrol(8) "Query" command to set user-friendly names of bluetooth devices. Reviewed by: emax, gonzo, wblock (docs), bcr (docs, early version) Differential Revision: https://reviews.freebsd.org/D13456 Notes: svn path=/head/; revision=333113
* Add cfumass rc script, to create a LUN for cfumass(4).Edward Tomasz Napierala2018-04-212-0/+126
| | | | | | | | | | MFC after: 2 weeks Relnotes: yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D14844 Notes: svn path=/head/; revision=332857
* Fix ddb rc scriptKyle Evans2018-04-191-0/+6
| | | | | | | | | | | | | | | | | | r288291 added a call to limits(1), which isn't available before partitions are mounted. This broke the ddb rc script, which does not provide its own start_cmd. Alleviate the situation here by providing a start_cmd. We still have other problems with diskless setups that need to be considered, but this is a start. PR: 206291 Submitted by: cy Discussed with: rgrimes MFC after: 3 days Notes: svn path=/head/; revision=332773
* pf: reload and resync do the same thingKristof Provost2018-03-261-2/+2
| | | | | | | | | | The reload and resync commands for the startup script do exactly the same thing, so implement one as a call to the other. MFC after: 3 weeks Notes: svn path=/head/; revision=331546
* Modify rc.d/fsck to handle new status from fsck/fsck_ffsDavid Bright2018-03-151-1/+1
| | | | | | | | | | | | | | | | | | | r328013 introduced a new error code from fsck_ffs that indicates that it could not completely fix the file system; this happens when it prints the message PLEASE RERUN FSCK. However, this status can happen when fsck is run in "preen" mode and the rc.d/fsck script does not handle that error code. Modify rc.d/fsck so that if "fsck -p" ("preen") returns the new status code (16) it will run "fsck -y", as it currently does for a status code of 8 (the "standard error exit"). Reported by: markj Reviewed by: mckusick, markj, ian, rgrimes MFC after: 3 days Sponsored by: Dell EMC Differential Revision: https://reviews.freebsd.org/D14679 Notes: svn path=/head/; revision=331015
* Don't warn when the "hostname" rc variable is unset, but the hostnameJamie Gritton2018-03-101-2/+4
| | | | | | | is already non-empty (common in jails). Notes: svn path=/head/; revision=330743
* rc.d/jail: avoid misinterpreting expr argumentsEd Maste2018-02-281-3/+3
| | | | | | | | | | | | | | | | (Due to some misconfiguration) I ended up with _mask set to "-v<something>", and /etc/rc.d/jail then failed with "expr: illegal option -- v". Use "expr --" so that variable content is never interpreted as an option. Reviewed by: jamie Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D14535 Notes: svn path=/head/; revision=330122
* pf: Apply $pf_flags when verifying the pf.conf fileKristof Provost2018-02-281-2/+2
| | | | | | | | | | | | | When checking the validity of the pf.conf file also include the user supplied pf_flags. These flags might overrule macros or specify anchors, which we will apply when actually applying the pf.conf file, so we must also take them into account when verifying the validity. Submitted by: Andreas Longwitz <longwitz at incore.de> MFC after: 3 weeks Notes: svn path=/head/; revision=330108
* pf: Do not flush on reloadKristof Provost2018-02-281-3/+0
| | | | | | | | | | | | | | | | | | pfctl only takes the last '-F' argument into account, so this never did what was intended. Moreover, there is no reason to flush rules before reloading, because pf keeps track of the rule which created a given state. That means that existing connections will keep being processed according to the rule which originally created them. Simply reloading the (new) rules suffices. The new rules will apply to new connections. PR: 127814 Submitted by: Andreas Longwitz <longwitz at incore.de> MFC after: 3 weeks Notes: svn path=/head/; revision=330105
* The firewall_type is ignored if not set in rc.conf or rc.conf.local,Marcelo Araujo2018-02-221-1/+5
| | | | | | | | | | | | | after r190575 there is an option to call rc.firewall with the firewall_type passed in as an argument. Submitted by: David P. Discher <dpd@dpdtech.com> MFC after: 3 weeks. Sponsored by: iXsystems Inc. Differential Revision: https://reviews.freebsd.org/D14286 Notes: svn path=/head/; revision=329817
* Fix handling of "one_nomatch" shell variable to preserve its contentsHans Petter Selasky2018-02-171-3/+7
| | | | | | | | | | | | appearing as a single argument passed to devmatch(8). Don't depend on "sort" utility from usr/bin which might not be available when devd is started. Sponsored by: Mellanox Technologies Notes: svn path=/head/; revision=329456
* If we're passed an argument, then treat it as a single NOMATCH eventWarner Losh2018-02-171-2/+11
| | | | | | | | | | | | | | | | to parse rather than searching for all events. Pass with new -p arg to devmatch. devmatch will use that one event rather than walking the entire tree. kldload will stop at the first failure. So we need to loop. Also, symbolic links may confused kldload into trying (and failing) to load multiple modules at once, so guard against that. Noticed by: hps (with similar patch) Sponsored by: Netflix Notes: svn path=/head/; revision=329441
* Fix resolv to run when it should and not when it should not..Brad Davis2018-02-131-2/+3
| | | | | | | | | Approved by: manu Reported by: manu Pointy hat to: brd Notes: svn path=/head/; revision=329218
* Install devmatch int /etc/rc.d and echo modules being installed.Warner Losh2018-02-122-2/+3
| | | | Notes: svn path=/head/; revision=329149
* Add devmatch rc.d integrationWarner Losh2018-02-121-0/+54
| | | | | | | | | | Create simple script to load modules on demand based on the device identifying information. Sponsored by: Netflix Notes: svn path=/head/; revision=329147
* Refactor cleanvar to remove shell expansion vulnerabilityMark Felder2018-02-061-31/+6
| | | | | | | | | | | | | | If any process creates a directory named "-P" in /var/run or /var/spool/lock it will cause the purgedir function to start to rm -r /. Simplify a lot of complicated shell logic by leveraging find(1). Reviewed by: allanjude MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D13778 Notes: svn path=/head/; revision=328951
* Teach the resolv startup script to respect its enable flag.Brad Davis2018-01-181-12/+16
| | | | | | | | Reviewed by: will, imp Approved by: imp Notes: svn path=/head/; revision=328136
* USNO and possibly others have misinterpreted the maining of theCy Schubert2018-01-091-3/+3
| | | | | | | | | | | | | | | | | leapseconds last-update field and incorrectly increment it when changing the file even though the leapsecond data has not changed. For instance, if a leapsecond file is obtained from USNO, when it expires it will not be replaced by a newer file from other sources because it has an incorrect later last-update (version). This corrects r304780. PR: 225029 Submitted by: ian MFC after: 3 days Notes: svn path=/head/; revision=327737
* Add soft float abi caching form armv7, it would allow people with oldKevin Lo2017-12-221-1/+1
| | | | | | | | | binaries to run them. Reviewed by: imp Notes: svn path=/head/; revision=327075
* Fix fetching ntp leapfile after 325256Alan Somers2017-11-281-3/+3
| | | | | | | | | | Submitted by: Ronald Klop <ronald-lists@klop.ws> Reviewed by: asomers MFC after: 3 days X-MFC-With: 325256 Notes: svn path=/head/; revision=326343
* growfs: Commit the changes after expanding the partitionEmmanuel Vadot2017-11-271-0/+1
| | | | | | | | This fix the problem in arm snapshot present since at least 6 months where growfs was failing at firstboot and dropped you in a single user shell. Notes: svn path=/head/; revision=326278
* Make autofs(5) rc scripts run earlier, matching those for amd(8).Edward Tomasz Napierala2017-11-043-2/+5
| | | | | | | | | | This helps when you have some daemons that need to access automounted shares. PR: 221011 MFC after: 2 weeks Notes: svn path=/head/; revision=325400
* bluetooth: Default to discoverable offConrad Meyer2017-11-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Try to not expose bluetooth devices to external devices unless the user explicitly configures it, like any other radio/network device. Bluetooth has a long history of security problems and it is probably best to keep it disabled if not needed. Users who do use the bluetooth device should enable "discoverable" in bluetooth.device.conf(5) after this change. Keep in mind that bluetooth addresses can be discovered by passive monitoring or whole address-space scans[0], so a safety conscious user should also disable "connectable" in bluetooth.device.conf(5). [0]: https://www.sans.edu/cyber-research/security-laboratory/article/bluetooth Reviewed by: emax, hselasky Security: maybe Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D12831 Notes: svn path=/head/; revision=325287
* Add support for compressed kernel dumps.Mark Johnston2017-10-251-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using a kernel built with the GZIO config option, dumpon -z can be used to configure gzip compression using the in-kernel copy of zlib. This is useful on systems with large amounts of RAM, which require a correspondingly large dump device. Recovery of compressed dumps is also faster since fewer bytes need to be copied from the dump device. Because we have no way of knowing the final size of a compressed dump until it is written, the kernel will always attempt to dump when compression is configured, regardless of the dump device size. If the dump is aborted because we run out of space, an error is reported on the console. savecore(8) is modified to handle compressed dumps and save them to vmcore.<index>.gz, as it does when given the -z option. A new rc.conf variable, dumpon_flags, is added. Its value is added to the boot-time dumpon(8) invocation that occurs when a dump device is configured in rc.conf. Reviewed by: cem (earlier version) Discussed with: def, rgrimes Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D11723 Notes: svn path=/head/; revision=324965
* Anticongestion refinements for ntpd rc script. This reverts r324681Cy Schubert2017-10-191-2/+18
| | | | | | | | | | | | | | and checks if ntp leapfile needs fetching before entering into the anticongestion sleep. Unfortunately some ports still use their own sleeps so, this commit doesn't address the complete problem which is compounded by every port that uses its own anticongestion mechanism. Discussed with: asomers Notes: svn path=/head/; revision=324738
* Unconditionally install rwhod support scripts.John Baldwin2017-08-151-6/+1
| | | | | | | | | | | | | | r322277 moved rwho* and ruptime out of the MK_RCMDS conditional including updating the obsolete files entries to not remove these scripts due to WITHOUT_RCMDS=yes. However, the initial installation was still conditional on MK_RCMDS, so new installs did not include these scripts and upgrades via mergemaster or etcupdate removed them. PR: 220953 MFC after: 1 month Notes: svn path=/head/; revision=322552
* Modify /etc/rc.d/nfsd so it doesn't force a startup of nfsuserd for NFSv4.Rick Macklem2017-07-281-2/+1
| | | | | | | | | | | | | | | | Given that RFC7530 allows uid/gids to be placed in owner/owner_group strings directly, many NFSv4 environments don't need the nfsuserd. This small patch modified /etc/rc.d/nfsd so that it does not force startup of the nfsuserd daemon unless nfs_server_managegids is enabled. This implies that nfsuserd_enable="YES" must be added to /etc/rc.conf for NFSv4 server environments that use Kerberos mounts or clients that do not support the uid/gid in string capability. Since this could be considered a POLA violation, it will not be MFC'd. Discussed on: freebsd-current Notes: svn path=/head/; revision=321665
* ipfw_netflow: Add support for FIBEmmanuel Vadot2017-07-181-1/+1
| | | | | | | | | | | If ipfw_netflow_fib, the ipfw rule will only match packets in that FIB. While here correct some value in rc.conf(5) to be int and not str. Sponsored by: Gandi.net Notes: svn path=/head/; revision=321128
generated by cgit v1.3 (git 2.53.0) at 2026-03-15 06:20:26 +0000