| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix 'pkg update' usage:
- The function 'nuage:run_pkg_cmd(...)' adds the flag '-y', which
does not make sense with some commands such as 'pkg update',
causing an error when updating the repository catalogs.
- Fix typo 'ssh-authorized-keys -> ssh_authorized_keys' in
'nuageinit(7)' man page.
- Document 'ssh_authorized_keys' parameter.
- Use device configuration ID when no 'match' rule is specified:
- This is the default behavior of cloud-init when no match rule is
specified, so the device is configured anyway (even if it does not
exist). This greatly simplifies things, since in many cases
'if_vtnet(4)' is used, so there is no need to perform a comparison
with the MAC address.
- Document 'network' parameter:
- Add example to 'EXAMPLES' section.
- Set 'gateway[46]' only when 'addresses' is specified:
- To comply with the cloud-init specification, 'gateway4' and 'gateway6'
must only take effect when 'addresses' (or static configuration) is
specified.
- Use a separate function to check 'match' rules:
- This way, we can easily add new logic to new types of rules.
- Implement 'network.ethernets.{id}.match.name' parameter:
- But unlike cloud-init, which works with glob expressions (although it
depends on the network backend), this implementation takes advantage
of Lua pattern-matching expressions.
Also note that previously we were only concerned with one interface
matching, however, to be cloud-init-compliant, we need to configure
the matching interfaces (one or more).
- Set default router only once.
- Implement 'network.ethernets.{id}.wakeonlan' parameter.
- Implement 'network.ethernets.{id}.set-name' parameter.
- Implement 'network.ethernets.{id}.match.driver' parameter:
- Rename 'get_ifaces(...)' function as 'get_ifaces_by_mac(...)'.
- Add get_ifaces_by_driver(...) function.
- Implement 'network.ethernets.{id}.mtu' parameter.
- Implement 'nameservers' parameter.
- Use 'resolvconf(8)' to manipulate 'resolv.conf(5)'.
- Use 'tzsetup(8)' to set time zone.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D51643
|
| |
|
|
|
|
|
|
|
|
|
| |
These two objects are loaded by the kernel not rtld, but adding these
two traces means that UTRACE_LOAD_OBJECT traces now describe the
mappings for all executables and DSOs in a process' address space.
Reviewed by: kib
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D52034
|
| |
|
|
|
|
|
|
|
| |
Compute this while parsing the program headers in parse_rtld_phdr().
Reviewed by: kib
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D52033
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For MIT Kerberos, MK_GSSAPI has no meaning: GSSAPI is a required part of
Kerberos and is always built if MK_KERBEROS is enabled. Backport this
behaviour to Heimdal so it works the same way.
While here, change Heimdal's libcom_err and compile_et to be selected by
MK_KERBEROS, not MK_KERBEROS_SUPPORT, since these are part of Kerberos
and third-party users might need it even if Kerberos support is disabled
in the base system. This means MK_KERBEROS_SUPPORT installs the same
files with both MIT and Heimdal.
Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D51859
|
| |
|
|
|
|
|
|
|
|
| |
Subtracing addr is only appropriate for position-dependent objects,
where vaddrbase would also be the same value. For position-independent
objects, like the VDSO (which we already assume due to setting vaddrbase
to 0), the segments start at 0, not addr.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D51924
|
| |
|
|
|
|
| |
This reverts commit 7ac276298b72982189ac1a5b17461936dc00163e.
Requested by: kib
|
| |
|
|
|
|
|
|
| |
MAP_GUARD was added prior to 12.0. We don't support such old kernels in
userspace so drop the support.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D50731
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following the earlier removal of keyserv, none of this functionality
works since it requires keyserv.
Remove the relevant symbols from libc's Symbol.map. Leave compatibility
symbols for existing applications, but since the functions don't work
without keyserv, stub them out to return an error.
Remove some private symbols that were only used by keyserv; these don't
get compatibility symbols.
Remove the documentation for the old functions.
Remove rpc.ypupdated since it requires DES authentication.
Reviewed by: manu, des, emaste
Differential Revision: https://reviews.freebsd.org/D50442
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Split the Kerberos rc scripts into two sections, one for MIT Kerberos
and one for Heimdal. Don't install Heimdal-specific rc scripts (e.g.,
kfd) for the MIT case.
This does not include an OptionalObsoleteFiles change (even though one
is needed) because that will be fixed later in a different way.
Reviewed by: des (previous version)
Differential Revision: https://reviews.freebsd.org/D51830
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When running an rc.d script outside of boot, ${_localbase} isn't set,
and rc.conf hardcodes the default value to /usr/local. Instead, try
to get the localbase from the user.localbase sysctl, and only fall
back to /usr/local if we can't for some reason.
This fixes e.g. /etc/rc.d/ldconfig when localbase has a non-default
value.
Reviewed by: imp, des
Differential Revision: https://reviews.freebsd.org/D51852
|
| |
|
|
|
|
|
|
|
|
|
| |
There is no need to support pre-12.0 (and thus pre-ino64) kernels in a
15.x libc.
Continue to check if the CPU supports these features before using them
and fall back as required.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D50732
|
| |
|
|
|
|
|
|
|
| |
gssd itself is only built when both MK_GSSAPI and MK_KERBEROS_SUPPORT
are enabled, but the init script and OptionalObsoleteFiles entries
only checked MK_GSSAPI. Check both variables everywhere.
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D51812
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exit(3) is implemented by the runtime and performs a number of shutdown
actions before ultimately calling _exit(2) to terminate the program. We
historically named the syscall table entry `exit` rather than `_exit`,
but this requires special handling in libc/libsys to cause the `_exit`
symbol to exist while implementing `exit` in libc.
Declare the syscall as `_exit` and flow that through the system.
Because syscall(SYS_exit, code) is fairly widely used, allow a
configured extra line in syscall.h to define SYS_exit to SYS__exit.
I've found no external uses of __sys_exit() so I've not bothered to
create a compatability version of this private symbol.
Reviewed by: imp, kib, emaste
Differential Revision: https://reviews.freebsd.org/D51672
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we (appropriately, but incorrectly) attempted to depend on
LIBC_NOSSP_PIC and LIBSYS_PIC for rtld_libc.a. Unfortunately,
variables in dependency lists are expanded at parse time and those
variables are defined in bsd.libnames.mk which *must* be included by
bsd.{lib,prog}.mk. As such, they were undefined and thus expanded to
the empty string resulting in no dependency with predictable and highly
confusing results.
Move the declaration of these dependencies to after the include of
bsd.prog.mk and add comments on both side in hopes of keeping any future
dependencies in sync.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D51790
|
| | |
|
| |
|
|
|
|
|
|
| |
These are deprecated, but in the mean time, move them to another
package. routed in particularly doesn't need to be in -runtime.
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D51783
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MD_OBJ_ENTRY is a list of members, possibly empty, to include in
Obj_Entry. By including the semicolon here, in the case that it's empty,
we end up with a duplicate semicolon. In the case that it's not empty,
whether there's a duplicate depends on each architecture's definition,
but they all in fact put a semicolon after every member, so there is
also a duplicate semicolon there. This is invalid C syntax, although
both GCC and Clang accept it, treating it only as a pedantic warning,
but there is no need for us to rely on that, and downstream it masked a
missing semicolon for an added field, but only on architectures where
MD_OBJ_ENTRY is empty, leading to conditional compilation failure for
something that should have been detected as an unconditional error.
Note that PCPU_MD_FIELDS, which this is based on, follows a different
style. There, every architecture defines at least one member, and there
is a semicolon after PCPU_MD_FIELDS in sys/sys/pcpu.h, but every
architecture makes sure to not put a semicolon after the final member in
its definition of the macro. This is not a pattern we can adhere to here
though given not all architectures add members.
Fixes: 06db20ffeca9 ("rtld: Add MD_OBJ_ENTRY to extend Struct_Obj_Entry")
|
| |
|
|
|
|
|
|
|
| |
I added a tag in the correct place in the previous commit, and somehow
managed to miss that there was already one in the wrong place.
Fixes: 7f04c09fe745
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like this function was intended to loop and print an update
whenever at least one of the waited-for processes terminates. However,
the default behavior of pwait is to block until none of the watched
processes exist. Use pwait -o instead so it only blocks until at least
one process terminates, and add a test.
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Reviewed by: siderop1_netapp.com, kevans
Differential Revision: https://reviews.freebsd.org/D51691
|
| |
|
|
|
|
|
| |
Fixes: 91629228e3df
MFC after: 1 week
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D51581
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When processing a notification, instead of accepting any file name
that doesn't begin with a slash, accept only file names that don't
contain any slashes at all. This makes it possible to notify a
user about a mailbox that doesn't bear their name, as long as they
are permitted to read it, but prevents comsat from reading files
outside the mail spool.
PR: 270404
MFC after: 1 week
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D51580
|
| |
|
|
|
| |
Reviewed by: ivy
Differential Revision: https://reviews.freebsd.org/D51530
|
| |
|
|
|
|
|
|
|
| |
While here, install auth.conf into /etc as well.
MFC after: 3 days
PR: 288409
Reviewed by: ivy, bapt
Differential Revision: https://reviews.freebsd.org/D51529
|
| |
|
|
|
|
|
|
|
| |
It's reasonable to want to install gssd without the Kerberos utilities
(e.g., if using security/krb5 from ports), so move gssd to its own
package to allow this.
Reviewed by: manu, cy
Differential Revision: https://reviews.freebsd.org/D51486
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tftpd seems to be the last program in base that implicitly relies on
setgroups() to set the egid. This is a security landmine in portable
software as most operating systems don't behave this way, so do an
explicit setgid() in case the kernel doesn't set it already.
While we're here, FreeBSD's setgroups() has supported nominally clearing
all supplemental groups since 1997. It still leaves the egid in our
cr_groups[0] because we don't have an out-of-band way to store the egid,
and on other systems it'll clear the supplemental group entirely as one
would want.
Reviewed by: allanjude (previous version), des, olce
Differential Revision: https://reviews.freebsd.org/D51149
|
| |
|
|
|
|
|
|
| |
This script references variables beloning to the nfsd and zfs services,
therefore it needs to load their configurations.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D51473
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The addend for PT_TLS p_vaddr value should be obj' relocbase and not
mapbase. It does not matter for dso which is linked at the address
zero, but for executables in direct-exec mode with non-zero link
address mapbase is already at the link base. Then, adding mapbase to
phtls->p_vaddr adds twice as much relocbase offset as needed.
PR: 288334
Reported by: Jordan Gordeev <jgopensource@proton.me>
Reviewed by: jrtc27
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D51448
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RANDOM_CACHED is overloaded to refer both to entropy obtained from files
loaded by the boot loader, and entropy obtained via writes to
/dev/random. Introduce a new source, RANDOM_RANDOMDEV, to refer to the
latter. This is to enable treating RANDOM_CACHED as a special case in
the NIST health test implementation.
Update the default harvest_mask in rc.conf to include RANDOM_RANDOMDEV,
preserving the old behaviour of accepting writes to /dev/random.
Bump __FreeBSD_version for modules which register a pure source, since
all of their values have now shifted.
Reviewed by: cem
MFC after: 3 months
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D51155
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setting multiple pf_fallback_rules in /etc/rc.conf as per the
documentation produces invalid pf syntax due to the lack of echo
quoting $pf_fallback_rules in /etc/rc.d/pf. Adding quotes around
the $pf_fallback_rules echo maintains newlines needed for valid
pfctl syntax. Provided patch resolves the issue
Also updating rc.conf(5) to reflect that multi-line pf_fallback_rules
should not include a trailing backslash (\) as line breaks are
needed when passing rules to pfctl via stdin.
PR: 288197
Reviewed by: kp
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test verifies that the rc framework will OOM-protect a process
spawned by rc. It just wraps a 5-second /bin/sleep invocation as part
of this test.
The rc framework uses procctl to set the OOM-protect bit after the
process has started, i.e., it uses procctl -p. So, with a 5 second
timeout, it's possible for the process to exit before procctl actually
runs, if the system is heavily loaded. (I see this failure occasionally
with KMSAN configured and many tests running in parallel.)
Bump the timeout to reduce the risk of this happening. The timeout
value is arbitrary since the test will stop the rc process, i.e., we
don't have to wait for 60 seconds to elapse before the test passes.
MFC after: 1 week
|
| |
|
|
|
| |
MFC after: 3 days
Event: Berlin Hackathon 202507
|
| |
|
|
|
|
|
|
|
| |
PR: 282404
Reviewed by: markj, netchild
Approved by: markj (mentor)
MFC after: 2 weeks
Event: Berlin Hackathon 202507
Differential Revision: https://reviews.freebsd.org/D47329
|
| |
|
|
|
|
| |
This was copied from arm to aarch64 to riscv, but only arm uses it.
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently rtld delegates to libc or libthr to initialise the TCBs for
all existing threads when dlopen is called for a library that is using
static TLS. This creates an odd split where rtld manages all of TLS for
dynamically-linked executables except for this specific case, and is
unnecessarily complex, including having to reason about the locking due
to dropping the bind lock so libthr can take the thread list lock
without deadlocking if any of the code run whilst that lock is held ends
up calling back into rtld (such as for lazy PLT resolution).
The only real reason we call out into libc / libthr is that we don't
have a list of threads in rtld and that's how we find the currently used
TCBs to initialise (and at the same time do the copy in the callee
rather than adding overhead with some kind of callback that provides the
TCB to rtld. If we instead keep a list of allocated TCBs in rtld itself
then we no longer need to do this, and can just copy the data in rtld.
How these TCBs are mapped to threads is irrelevant, rtld can just treat
all TCBs equally and ensure that each TCB's static TLS data block
remains in sync with the current set of loaded modules, just as how
_rtld_allocate_tls creates a fresh TCB and associated data without any
embedded threading model assumptions.
As an implementation detail, to avoid a separate allocation for the list
entry and having to find that allocation from the TCB to remove and free
it on deallocation, we allocate a fake TLS offset for it and embed the
list entry there in each TLS block.
This will also make it easier to add a new TLS ABI downstream in
CheriBSD, especially in the presence of library compartmentalisation.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D50920
|
| |
|
|
|
|
|
|
| |
This will be used to allocate additional space for a TAILQ_ENTRY by rtld
at a known offset from the TCB, as if it were TLS data.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D51068
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows us to do things like:
```
local fp = assert(fbsd.exec({"ls", "-l"}, true))
local fpout = assert(fp:stdout())
while true do
local line = fpout:read("l")
if not line then break end
print("Read: " .. line)
end
fp:close()
```
The makeman lua rewrite will use it to capture `make showconfig` output
for processing.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D50539
|
| |
|
|
|
|
|
|
|
|
|
| |
This gives us some way to be able to write to stdin if we want to, or
as a future improvement, will allow us to extract stdout from the
process. The handle is setup to close and waitpid() on close/gc so that
existing users wouldn't necessarily leak for the lifetime of the script
if they weren't adopted to the new model.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D50538
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Additionally, there's no way to get to the end without a valid
stdin_pipe[1] at the moment, so don't check for it. stdin_pipe[0] is
closed earlier, as the parent shouldn't need the read-side of the pipe.
While we're here, also free the file actions earlier and on error --
they're not necessary once posix_spawnp() has returned.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D50537
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The posix module is subdivided according to C headers; for instance,
posix.unistd contains routines available from unistd.h, such as
chown(2).
A quirk of our implementation is that each of the modules is a direct
entry in the global table. That is, there is no "posix" table.
Instead, "posix.foo" and "posix.bar.baz" are both top-level tables.
This is surprising and goes against Lua's shorthand of using "." to
access keys in a table. lua-posix also doesn't work this way.
Rework things so that "posix" and "posix.sys" are proper tables.
Existing flua code which uses require() to bind posix submodules to a
name will be unaffected. Code which accesses them directly using
something like _G["posix.sys.utsname"].uname() will be broken, but I
don't think anything like that exists. In particular, it is now
possible to call posix.sys.utsname.uname() without any require
statements.
Reviewed by: imp, bapt
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D51158
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the wrappers, check for errors and abort if one is raised. At some
point it may be useful to have a mechanism to ignore errors, but I'm not
sure yet how that should look.
For chmod, let the mode be specified as an octal number, otherwise it's
hard to understand what's happening. Note that this must be specified
as a string, otherwise tonumber() will raise an error.
Reviewed by: bapt
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D51159
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The implementation of chown() in the posix module handles user and group
names as well as numeric IDs. When resolving names, be sure to use
reentrant lookup functions rather than assuming it's safe to clobber the
internal buffers used by getpwnam() and getgrnam().
Fix some style nits while here.
Reviewed by: imp, bapt
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D46555
|
| |
|
|
|
|
|
|
| |
This is rather cosmetic correction.
PR: 287872
MFC-after: 2 weeks
X-MFC-With: 6d3bc576abbd84f736d917f5bfec4e3fe7e6c125
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace "ifconfig -ul" with "ifconfig -n" because netlink-enabled
/sbin/ifconfig utility has sub-optimal performance for listing.
Combined with the commit b1b17432aa1be670564161232d110461a5dde4ce,
these changes mostly eliminate performance regression of the command
"service devd start" for a system having hundreds of network interfaces
created before devd starts, after FreeBSD 14+ switched
/sbin/ifconfig to netlink(4)
PR: 287872
MFC-after: 2 weeks
|
| |
|
|
|
|
|
|
| |
At least nuageinit is broken after this commit, breaking some downstream
CI systems. It also disables globbing for rc.local scripts, which is
likely to break users in surprising ways.
This reverts commit 4deb9760a9d84d5861ee45162ffebe83f13503b8.
|
| |
|
|
|
|
| |
The commit which motivated this is being reverted.
This reverts commit 7faddeb395b7976b44393db24f48ec47040eff07.
|
| | |
|
| |
|
|
|
| |
from the cloudinit specification sudo rules can be a string or an
array of string
|
| | |
|
| | |
|
