| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Reviewed by: imp, manu
Pull Request: https://github.com/freebsd/freebsd-src/pull/1193
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D45026
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was prompted by noticing that '/var/db/portsnap' still exists on
newly-installed machines.
With this change, all mentions of portsnap(8) in the tree are gone,
except for the historical note in the AUTHORS section of manpage
phttpget(8).
locate(1) will thus start indexing again '/var/db/portsnap' on machines
where this directory still exists, which may be a good way to push
administrators to delete it.
Reviewed by: cperciva
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45023
|
| |
|
|
|
| |
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
Instead of only ignoring insecure env vars, clear them all.
Reviewed by: emaste, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44999
|
| |
|
|
|
|
|
|
|
|
|
| |
allowing to set any known LD_ parameter for the current rtld invocation,
but without polluting the activated' binary environment. In other
words, the set parameter is not exported into the environment.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44988
|
| |
|
|
|
|
|
|
|
|
|
| |
Move auditing runtime (auditd, etc.) into the new FreeBSD-audit package.
Also move the runtime OpenBSM manual pages from libbsm into auditd so
they get installed with the right package.
Add an UPDATING entry noting the new packages.
Reviewed by: imp, manu
Pull Request: https://github.com/freebsd/freebsd-src/pull/1197
|
| |
|
|
|
|
|
| |
Reviewed by: emaste, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44987
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44957
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* In the setup phase, wait for the server to start (or fail to start)
before proceeding with the test. This makes it possible to write test
cases that don't expect a response from the server without ending up
in a race over the server PID file.
* After running each test, wait up to 30 seconds for the server to exit
and check that the exit status matches what the test case says to
expect (usually 0).
* We still kill and collect the server in the cleanup phase, in case the
test ended early.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44956
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44955
|
| |
|
|
|
|
|
|
|
|
| |
* Limit the use of `ssize_t` to only where it's needed.
* Correct one case of `int` being used for a length.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44954
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new kdc_restart rc variable that manages kdc (or krb5kdc) under
daemon(8). This automatically restarts the kdc should it fail, i.e.
when it's configured to use LDAP as a backend and cannot connect to its
LDAP directory.
Set kdc_restart="YES" to auto restart kdc on abnormal termination.
Set kdc_restart_delay="N" to the number of seconds to delay before
restarting the kdc. The daemon(8) default seconds applies when not set.
Reported by: Lexi Winter <lexi.freebsd@le-fay.org>
PR: 278395
Differential Revision: https://reviews.freebsd.org/D44898
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This setting causes the NFS server to check that all RPCs are sent from
a privileged (<= 1023) port, rejecting those that are not. This
slightly raises the bar for a user with network access to an
unauthenticated NFS server to access exported NFS filesystems.
Users that use traditional NFS clients (e.g., those provided by FreeBSD
or Linux) should not see any difference, assuming that unprivileged
filesystem mounting is disallowed.
Note that the setting is per-VNET, so may be overridden in VNET jails
without affecting the rest of the system.
Discussed with: freebsd-arch@
Reviewed by: rmacklem, bz, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44906
|
| |
|
|
|
| |
Reviewed by: imp, manu, Mina Galic
Pull Request: https://github.com/freebsd/freebsd-src/pull/1172
|
| |
|
|
|
|
|
| |
Also properly style the paragraph.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
|
| |
|
|
|
| |
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1171
|
| |
|
|
|
| |
It prevents the home directory for the new users to be hidden
by late mount of the home directory
|
| |
|
|
|
|
|
|
|
|
|
| |
Commit 99132daf6f70cb0cc969c555d3612547fa3cf1db prepends /usr/lib32 to
the list of paths in ldconfig32_paths since it is a standard library
path in ld-elf32.so.1. Remove /usr/lib32 from the value in rc.conf so
that it is not listed twice.
Reviewed by: olce, kib
Sponsored by: University of Cambridge, Google, Inc.
Differential Revision: https://reviews.freebsd.org/D44752
|
| |
|
|
|
|
|
|
|
| |
Move logic that computes paths passed to ldconfig(8) to a
ldconfig_paths() function that can be called for multiple ABIs.
Reviewed by: olce, kib
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D44751
|
| |
|
|
|
|
|
|
|
| |
Read the elf note to decide when to set the guard page on arm64.
Reviewed by: kib
Sponsored by: Arm Ltd
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39452
|
| |
|
|
| |
Pull Request: https://github.com/freebsd/freebsd-src/pull/1150
|
| |
|
|
|
|
|
| |
Remove a debug message that had been added to support the debugging
of a mis-detection of the hint files endianness on powerpc64.
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
Don't check if the elf hints file is in host byte order, but check
if it is in little endian by looking at the magic number.
This fixes rtld on big endian platforms.
Reviewed by: se, kib (prior version of the patch)
Fixes: 7b77d37a561b ("rtld-elf: support either byte-order of hints")
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D44472
|
| |
|
|
|
|
| |
The byte-order independent code has been reported to fail on powerpc64.
Add some more debug statements to help identify the parametrs used and
to verify the correct operation of the byte-swap macros used..
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Re-apply the -S switch to disable soft-updates in memory disks (commit
8b1292ac5219). This might be beneficial when tmpfs(5) is not present in
the kernel, as this can cause mdmfs(8)'s auto keyword to fallback to
using md(4).
PR: 85558
MFC after: 1 week
Reviewed by: imp, emaste, brooks
Differential Revision: https://reviews.freebsd.org/D43242
|
| |
|
|
| |
Reported by: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this is a very early script to support cloudinit, it does not intend to
be a full featured cloudinit client, but will support a good enough
subset to be viable in most case.
It support nocloud and openstack config-2 config drive mode (iso9660 or
msdosfs)
The following features are currently supported:
- adding users (including a default user named 'freebsd' with password
'freebsd'
- adding groups
- adding ssh keys
- static ipv4, static ipv6, dynamic ipv4
With this one is able to use the 'bring your own image feature" out of
box.
It is expected that the script grows the support of other clouds
supporting cloud-init, contributions are welcomed.
It is designed to be only run once via the firstboot mecanism.
Sponsored by: OVHCloud
MFC After: 3 weeks
Differential Revision: https://reviews.freebsd.org/D44141
|
| |
|
|
|
|
|
| |
Reviewed by: brooks, emaste (previous version)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44136
|
| |
|
|
|
|
|
|
|
|
|
| |
It is needed at least to ensure that undesirable code is not linked into
rtld from libsys/libc, and adding the map file option each time is not
productive.
Reviewed by: brooks, emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44136
|
| |
|
|
|
|
|
|
|
|
| |
This will load/save the /var/run directories at boot/shutdown if
and only if /var/run/ is a tmpfs mount so it is a win for tmpfs
users and a no-op for everyone else.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D44097
Sponsored by: Beckhoff Automation GmbH & Co. KG
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Accept either little-endian or big-endian representation of the ELF
hints magic number in the header of a hints file and convert the
parameters to the native byte-order of the repsective system.
This is a pre-requisite for a planned change to always write the byte
order in little-endian format on all architectures. The only relvant
architecture that uses big-endian data is powerpc64, and it is not
likely that new architectures will choose that representation of data
in memory.
When all supported architectures use little-endian data in the hints
file, the byte swap logic can be enabled for big-endian CPUs at
compile time. Up to that point, there is a very small run-time penalty
that is paid on all systems to check the byte-order of the hints file
and to provide the option to byte-swap the parameters read from the
hints file header.
This commit contains the changes from review D44080 (which had been
split off from this patch for easier review),
Reviewed by: kib
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D44053
|
| |
|
|
|
|
|
|
|
|
| |
This is expected behavior for both dlopen(3) and fdlopen(3).
PR: 277169
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44019
|
| |
|
|
|
|
| |
This reverts commit 4cea0cbcc9d3a6583e5325ca081c09c8a9423172.
Requested by: imp
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
silent the warning seen at boot:
Mounting late filesystems:.
nextboot: unlink /boot/nextboot.conf: No such file or directory
Sun Feb 18 23:31:52 AKST 2024
FreeBSD/amd64 (main) (ttyv0)
login:
Differential Revision: https://reviews.freebsd.org/D43979
|
| |
|
|
|
|
| |
Reviewed by: brooks, imp
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D43985
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dlopen_basic just tests that libthr.so can be dlopen()ed, which will
just serve as a sanity check that "libthr.so" is a thing that can be
dlopened in case we get a weird failure in dlopen_recursing.
dlopen_recursing tests a regression reported after the libsys split,
where some dlopen() may cause infinite recursion and a resulting crash.
This case is inspired by bdrewery's description of what seemed to be
causing his issue.
The corresponding fix landed in commit
968a18975ad ("rtld: ignore load_filtees() calls if we already [...]")
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43859
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in addition to avoiding it for already loaded filtees. Issue is that
during load, rtld needs to resolve some special ABI symbols, like
executable stack fixer and static TLS initializer, which might trigger
recursion.
Example is libthr which is filter for libsys, and which exports
__pthread_distribute_static_tls.
Tested by: kevans, krion
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D43858
|
| |
|
|
|
|
|
| |
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D43858
|
| |
|
|
|
|
|
| |
Revieved by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D43858
|
| |
|
|
|
|
|
|
|
|
| |
SED=`Exists -x /usr/bin/sed /rescue/sed`
avoids adding /rescure to $PATH, and allows use of sed
before /usr is mounted (if a separate filesystem).
Reviewed by: jlduran_gmail.com
Differential Revision: https://reviews.freebsd.org/D43826
|
| |
|
|
|
|
|
|
|
| |
basename, sed and tty are all in /usr/bin and not available
until /usr is mounted.
basename and tty we can replace with a function, but sed is more
important. Fix o_verify to just use shell builtins, and
rc_trace should avoid trying to set RC_LEVEL until sed is available.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Debugging boot issues can be helped by
logging each rc.d script as it is run
and being able to selectively enable/disable set -x
debug.sh provides an elaborate framework for debugging shell scripts.
For secure systems, we want to be paranoid about what we read
during boot.
dot() simply reads (.) arg file if it exists
vdot() if mac_veriexec is active, ignore unverified files
otherwise behaves much the same as dot()
safe_dot() in safe_eval.sh allows reading an untrusted file;
limiting the input to simple variable assignments.
In load_rc_config allow caller to provide an option to indicate how to
handle its arg:
-v use vdot()
-s use sdot() which will try to use vdot() and fallback to safe_dot()
The default is to read using dot()
rc_run_scripts()
encapsulate the running of rc.d scripts
so that we can easily call it more than twice.
We vdot local.rc.subr to pick up extensions (like
run_rc_scripts_final) and overrides.
We also allow rc.subr.local or rc.conf to set rc_config_xtra
eg (rc_config_xtra=XXX for historic compatibility)
rc use set -o verify around the reading in of rc.subr
This has no effect if mac_veriexec is not active, but if it is; ensures
rc.subr has not been tampered with.
Reviewed by: imp
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43671
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IERS is the source of truth for leap seconds. Their leapsecond file is
updated most quickly and is always right (unlike the IANA one which
often lags). IERS operates this public service for the express purpose
of random people downloading it. Their terms of service are compatible
with open source (we could include this in our release). Rather than
fighting with questions around this because the IANA one changed
locations or the auto update script broken, just use this.
This is in preference to the NIST ftp copy. NIST is in the process of
retiring their FTP services.
Sponsored by: Netflix
Reviewed by: philip, delphij, cy
Differential Revision: https://reviews.freebsd.org/D43752
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to atomically upgrade the rtld bind lock, load_filtees() may
trigger a longjmp back to _rtld_bind() so that the binding can be done
with the write lock held. However, the write lock is only needed when
filtee objects haven't already been loaded, so move the
lock_restart_for_upgrade() call to avoid unnecessary lock upgrades when
a filtee is defined.
Reviewed by: kib
Tested by: brooks
MFC after: 1 week
Sponsored by: Innovate UK
|
| |
|
|
|
|
| |
- s/adddress/address/
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some users wishing to use the MIT krb5kdc have discovered the
kdc script workaround applied to the MIT krb5 ports is insufficient.
Let's build into this rc script the smarts to determine whether
base or ports Hiemdal kdc is being invoked or the MIT krb5kdc.
While at it, remove kdc_start_precmd(). This will simplify a future
jail patch.
Suggested by: netchild
Original patch: netchild
Reviewed by: emaste, netchild
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43523
|
| |
|
|
|
|
|
|
|
|
|
| |
Evaluate the jail_${jailname}_zfs_dataset variable for legacy
jail managers.
This variable can take a space separated list of datasets.
The singular was used specially to allow unmaintained jail
managers like ezjail to use this (simply rename
jail_${jailname}_zfs_datasets in the ezjail config to
jail_${jailname}_zfs_dataset).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a python script which implements the bulk of this functionality.
Over time, this would ideally evolve into a library of python routines
which can be used to inspect kernel data structures and automate some
debugging tasks, similar to jhb's out-of-tree scripts, but written in a
somewhat nicer language and with better integration into the kgdb
command prompt.
Note that kgdb currently won't auto-load scripts in this directory.
This should perhaps change in the future. It probably also makes more
sense to have a crashinfo.py which provides all the kgdb output that we
want to include in core.txt, rather than having crashinfo.sh pipe in
several commands.
Reviewed by: avg, imp
Discussed with: jhb
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33817
|
| |
|
|
|
|
| |
Reviewed by: kp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D43316
|
