| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
Instead of sleeping while constructing the list of PIDs to wait for,
sleep briefly after pwait to give init a chance to reap the processes
that just terminated before we loop around and start probing them.
PR: 289630
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D52619
|
| |
|
|
|
|
|
| |
This fixes "usage: basename string [suffix]" message.
Reported by: cy
MFC after: 1 day
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is appeared that currently starting of moused does not depend on
moused_enable variable value in rc.conf. That leads to missing USB mice
support in default configuration. Start moused in traditional per
device mode with devd to follow POLA.
One daemon per system mode still can be enabled with setting of
moused_port="auto"
moused_nondefault_enable="NO"
variables in /etc/rc.conf
To revert to sysmouse mode add moused_type="sysmouse" to /etc/rc.conf
Reported by: many
Requested by: glebius
Reviewed by: glebius
MFC after: 1 day
Differential Revision: https://reviews.freebsd.org/D52430
|
| |
|
|
|
|
|
|
|
| |
to evdev or sysmouse. It is required to avoid receiving of double events
on hybrid devices supporting both interfaces like ums (4).
MFC after: 1 day
Reviewed by: glebius (via private chat)
Differential Revision: https://reviews.freebsd.org/D52647
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't want a tests-dev package, because this means set-devel depends
on tests-dev, which transitively depends on tests, which means you can't
install set-devel without also getting tests.
The only real "dev" files in tests-dev are from ATF (libprivateatf),
so move that to its own package and add a dependency from tests.
Also move Kyua to its own package, since this might be useful for
running tests even when the user doesn't want the whole set of base
tests installed.
Add a dependency from -tests to both -atf and -kyua, and a dependency
on -set-base, since the tests won't work without the full base system
installed.
The remaining "dev" files in tests are actually test artifacts, not real
development libraries. Add a new NO_DEV_PACKAGE option to bsd.lib.mk,
which causes dev files to be installed in the base package instead of
creating a -dev package, and set this option for everything that
installs test libraries.
While here, add a slightly more informative description for the tests
package.
MFC after: 3 seconds
Reviewed by: bapt, emaste
Differential Revision: https://reviews.freebsd.org/D52597
|
| |
|
|
| |
Approved by: bapt@
|
| |
|
|
|
|
|
|
|
|
|
| |
* Set mode of etc directory to 0755.
* Use user.localbase sysctl instead of /usr/local.
* Add test case for doas.
* Set ${LOCALBASE} instead of /usr/local in nuageinit(7) man page.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D52437
|
| |
|
|
|
|
|
|
|
|
| |
To better comply with the cloud-init specification, we need to
support the configuration of network-related parameters from
the network-config file, which is common in most deployments.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D52419
|
| |
|
|
|
|
|
|
| |
* Set mode of sudoers to 0440.
Reviewed by: bapt@, jlduran@
Approved by: bapt@, jlduran@
Differential Revision: https://reviews.freebsd.org/D52438
|
| |
|
|
|
|
| |
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D52436
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new daemon have following properties as compared with previous
incarnation:
- evdev protocol support for mices and touchpads. Additionally to
relative PS/2 and USB devices it enables console support for I2C/USB
touchpads and bluetooth mices.
- Other aged protocols like COM, raw PS/2 and X10 are dropped with only
exception of sysmouse. For those who still use them there is an
utility called msconvd(8).
- single daemon per system where hotplug is processed via devd socket.
Per device mode still supported too.
- Configuration and quirks files in libinput-compatible format.
Actually, the new moused config parser is taken from libinput.
The moused(8) can work in 2 modes:
1. Evdev support mode. It enables all previously mentioned devices.
It is enabled by deault.
2. Sysmouse support mode. All should work as before.
No new devices supported. To enable it add following lines to
/etc/rc.conf:
moused_port="/dev/psm0"
moused_nondefault_enable="YES"
One may add hw.usb.usbhid.enable=0 to /boot/loader.conf to enable
ums(4) driver which supports sysmouse protocol.
Differential Revision: https://reviews.freebsd.org/D52164
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The dtrwait wait functionality was dropped in the TTY MPSAFE rewrite for
FreeBSD 8. Remove referneces to it here. Also, the sysctl was renamed
for drainwait, so use the new name. Given the 16 years between this
event and somebody noticing, I strongly suspect this file can just be
removed.
Sponsored by: Netflix
Reviewed by: kevans, emaste
Differential Revision: https://reviews.freebsd.org/D52316
|
| |
|
|
|
|
|
|
|
| |
Cyclades and digiboard drivers were removed in 2017 and 2016
respectively. There's no need for these anymore.
Sponsored by: Netflix
Reviewed by: kevans, emaste
Differential Revision: https://reviews.freebsd.org/D52315
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A VM had no virtual terminals and emitted a warning on boot
`eval: cannot open /dev/ttyv*: No such file or directory`.
Break the loop in this case to avoid the warning.
PR: 289173
Reviewed by: jlduran
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52344
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a redirect of stderr to stdout which is going to /dev/null.
A '&' got missing in the original rewrite from the review that
I took and committed. Seems no one had noticed during testing
or review. People may have ended up with a "/1" file in their
root file system.
Fixes: 40652f86b5ef
Reported by: Vladyslav Movchan (vladislav.movchan gmail.com)
MFX after: 3 days
X-MFC: squash
|
| |
|
|
|
|
|
|
|
|
| |
During startup hccontrol reset needs to be run multiple times
for iwbt to work more reliably. Add a loop trying up to
three times.
Tested by: various (original version; I changed test to -eq)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D44861
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix 'pkg update' usage:
- The function 'nuage:run_pkg_cmd(...)' adds the flag '-y', which
does not make sense with some commands such as 'pkg update',
causing an error when updating the repository catalogs.
- Fix typo 'ssh-authorized-keys -> ssh_authorized_keys' in
'nuageinit(7)' man page.
- Document 'ssh_authorized_keys' parameter.
- Use device configuration ID when no 'match' rule is specified:
- This is the default behavior of cloud-init when no match rule is
specified, so the device is configured anyway (even if it does not
exist). This greatly simplifies things, since in many cases
'if_vtnet(4)' is used, so there is no need to perform a comparison
with the MAC address.
- Document 'network' parameter:
- Add example to 'EXAMPLES' section.
- Set 'gateway[46]' only when 'addresses' is specified:
- To comply with the cloud-init specification, 'gateway4' and 'gateway6'
must only take effect when 'addresses' (or static configuration) is
specified.
- Use a separate function to check 'match' rules:
- This way, we can easily add new logic to new types of rules.
- Implement 'network.ethernets.{id}.match.name' parameter:
- But unlike cloud-init, which works with glob expressions (although it
depends on the network backend), this implementation takes advantage
of Lua pattern-matching expressions.
Also note that previously we were only concerned with one interface
matching, however, to be cloud-init-compliant, we need to configure
the matching interfaces (one or more).
- Set default router only once.
- Implement 'network.ethernets.{id}.wakeonlan' parameter.
- Implement 'network.ethernets.{id}.set-name' parameter.
- Implement 'network.ethernets.{id}.match.driver' parameter:
- Rename 'get_ifaces(...)' function as 'get_ifaces_by_mac(...)'.
- Add get_ifaces_by_driver(...) function.
- Implement 'network.ethernets.{id}.mtu' parameter.
- Implement 'nameservers' parameter.
- Use 'resolvconf(8)' to manipulate 'resolv.conf(5)'.
- Use 'tzsetup(8)' to set time zone.
Reviewed by: bapt@
Approved by: bapt@
Differential Revision: https://reviews.freebsd.org/D51643
|
| |
|
|
|
|
|
|
|
|
|
| |
These two objects are loaded by the kernel not rtld, but adding these
two traces means that UTRACE_LOAD_OBJECT traces now describe the
mappings for all executables and DSOs in a process' address space.
Reviewed by: kib
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D52034
|
| |
|
|
|
|
|
|
|
| |
Compute this while parsing the program headers in parse_rtld_phdr().
Reviewed by: kib
Obtained from: CheriBSD
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D52033
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For MIT Kerberos, MK_GSSAPI has no meaning: GSSAPI is a required part of
Kerberos and is always built if MK_KERBEROS is enabled. Backport this
behaviour to Heimdal so it works the same way.
While here, change Heimdal's libcom_err and compile_et to be selected by
MK_KERBEROS, not MK_KERBEROS_SUPPORT, since these are part of Kerberos
and third-party users might need it even if Kerberos support is disabled
in the base system. This means MK_KERBEROS_SUPPORT installs the same
files with both MIT and Heimdal.
Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D51859
|
| |
|
|
|
|
|
|
|
|
| |
Subtracing addr is only appropriate for position-dependent objects,
where vaddrbase would also be the same value. For position-independent
objects, like the VDSO (which we already assume due to setting vaddrbase
to 0), the segments start at 0, not addr.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D51924
|
| |
|
|
|
|
| |
This reverts commit 7ac276298b72982189ac1a5b17461936dc00163e.
Requested by: kib
|
| |
|
|
|
|
|
|
| |
MAP_GUARD was added prior to 12.0. We don't support such old kernels in
userspace so drop the support.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D50731
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following the earlier removal of keyserv, none of this functionality
works since it requires keyserv.
Remove the relevant symbols from libc's Symbol.map. Leave compatibility
symbols for existing applications, but since the functions don't work
without keyserv, stub them out to return an error.
Remove some private symbols that were only used by keyserv; these don't
get compatibility symbols.
Remove the documentation for the old functions.
Remove rpc.ypupdated since it requires DES authentication.
Reviewed by: manu, des, emaste
Differential Revision: https://reviews.freebsd.org/D50442
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Split the Kerberos rc scripts into two sections, one for MIT Kerberos
and one for Heimdal. Don't install Heimdal-specific rc scripts (e.g.,
kfd) for the MIT case.
This does not include an OptionalObsoleteFiles change (even though one
is needed) because that will be fixed later in a different way.
Reviewed by: des (previous version)
Differential Revision: https://reviews.freebsd.org/D51830
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When running an rc.d script outside of boot, ${_localbase} isn't set,
and rc.conf hardcodes the default value to /usr/local. Instead, try
to get the localbase from the user.localbase sysctl, and only fall
back to /usr/local if we can't for some reason.
This fixes e.g. /etc/rc.d/ldconfig when localbase has a non-default
value.
Reviewed by: imp, des
Differential Revision: https://reviews.freebsd.org/D51852
|
| |
|
|
|
|
|
|
|
|
|
| |
There is no need to support pre-12.0 (and thus pre-ino64) kernels in a
15.x libc.
Continue to check if the CPU supports these features before using them
and fall back as required.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D50732
|
| |
|
|
|
|
|
|
|
| |
gssd itself is only built when both MK_GSSAPI and MK_KERBEROS_SUPPORT
are enabled, but the init script and OptionalObsoleteFiles entries
only checked MK_GSSAPI. Check both variables everywhere.
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D51812
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exit(3) is implemented by the runtime and performs a number of shutdown
actions before ultimately calling _exit(2) to terminate the program. We
historically named the syscall table entry `exit` rather than `_exit`,
but this requires special handling in libc/libsys to cause the `_exit`
symbol to exist while implementing `exit` in libc.
Declare the syscall as `_exit` and flow that through the system.
Because syscall(SYS_exit, code) is fairly widely used, allow a
configured extra line in syscall.h to define SYS_exit to SYS__exit.
I've found no external uses of __sys_exit() so I've not bothered to
create a compatability version of this private symbol.
Reviewed by: imp, kib, emaste
Differential Revision: https://reviews.freebsd.org/D51672
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we (appropriately, but incorrectly) attempted to depend on
LIBC_NOSSP_PIC and LIBSYS_PIC for rtld_libc.a. Unfortunately,
variables in dependency lists are expanded at parse time and those
variables are defined in bsd.libnames.mk which *must* be included by
bsd.{lib,prog}.mk. As such, they were undefined and thus expanded to
the empty string resulting in no dependency with predictable and highly
confusing results.
Move the declaration of these dependencies to after the include of
bsd.prog.mk and add comments on both side in hopes of keeping any future
dependencies in sync.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D51790
|
| | |
|
| |
|
|
|
|
|
|
| |
These are deprecated, but in the mean time, move them to another
package. routed in particularly doesn't need to be in -runtime.
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D51783
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MD_OBJ_ENTRY is a list of members, possibly empty, to include in
Obj_Entry. By including the semicolon here, in the case that it's empty,
we end up with a duplicate semicolon. In the case that it's not empty,
whether there's a duplicate depends on each architecture's definition,
but they all in fact put a semicolon after every member, so there is
also a duplicate semicolon there. This is invalid C syntax, although
both GCC and Clang accept it, treating it only as a pedantic warning,
but there is no need for us to rely on that, and downstream it masked a
missing semicolon for an added field, but only on architectures where
MD_OBJ_ENTRY is empty, leading to conditional compilation failure for
something that should have been detected as an unconditional error.
Note that PCPU_MD_FIELDS, which this is based on, follows a different
style. There, every architecture defines at least one member, and there
is a semicolon after PCPU_MD_FIELDS in sys/sys/pcpu.h, but every
architecture makes sure to not put a semicolon after the final member in
its definition of the macro. This is not a pattern we can adhere to here
though given not all architectures add members.
Fixes: 06db20ffeca9 ("rtld: Add MD_OBJ_ENTRY to extend Struct_Obj_Entry")
|
| |
|
|
|
|
|
|
|
| |
I added a tag in the correct place in the previous commit, and somehow
managed to miss that there was already one in the wrong place.
Fixes: 7f04c09fe745
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like this function was intended to loop and print an update
whenever at least one of the waited-for processes terminates. However,
the default behavior of pwait is to block until none of the watched
processes exist. Use pwait -o instead so it only blocks until at least
one process terminates, and add a test.
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Reviewed by: siderop1_netapp.com, kevans
Differential Revision: https://reviews.freebsd.org/D51691
|
| |
|
|
|
|
|
| |
Fixes: 91629228e3df
MFC after: 1 week
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D51581
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When processing a notification, instead of accepting any file name
that doesn't begin with a slash, accept only file names that don't
contain any slashes at all. This makes it possible to notify a
user about a mailbox that doesn't bear their name, as long as they
are permitted to read it, but prevents comsat from reading files
outside the mail spool.
PR: 270404
MFC after: 1 week
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D51580
|
| |
|
|
|
| |
Reviewed by: ivy
Differential Revision: https://reviews.freebsd.org/D51530
|
| |
|
|
|
|
|
|
|
| |
While here, install auth.conf into /etc as well.
MFC after: 3 days
PR: 288409
Reviewed by: ivy, bapt
Differential Revision: https://reviews.freebsd.org/D51529
|
| |
|
|
|
|
|
|
|
| |
It's reasonable to want to install gssd without the Kerberos utilities
(e.g., if using security/krb5 from ports), so move gssd to its own
package to allow this.
Reviewed by: manu, cy
Differential Revision: https://reviews.freebsd.org/D51486
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tftpd seems to be the last program in base that implicitly relies on
setgroups() to set the egid. This is a security landmine in portable
software as most operating systems don't behave this way, so do an
explicit setgid() in case the kernel doesn't set it already.
While we're here, FreeBSD's setgroups() has supported nominally clearing
all supplemental groups since 1997. It still leaves the egid in our
cr_groups[0] because we don't have an out-of-band way to store the egid,
and on other systems it'll clear the supplemental group entirely as one
would want.
Reviewed by: allanjude (previous version), des, olce
Differential Revision: https://reviews.freebsd.org/D51149
|
| |
|
|
|
|
|
|
| |
This script references variables beloning to the nfsd and zfs services,
therefore it needs to load their configurations.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D51473
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The addend for PT_TLS p_vaddr value should be obj' relocbase and not
mapbase. It does not matter for dso which is linked at the address
zero, but for executables in direct-exec mode with non-zero link
address mapbase is already at the link base. Then, adding mapbase to
phtls->p_vaddr adds twice as much relocbase offset as needed.
PR: 288334
Reported by: Jordan Gordeev <jgopensource@proton.me>
Reviewed by: jrtc27
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D51448
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RANDOM_CACHED is overloaded to refer both to entropy obtained from files
loaded by the boot loader, and entropy obtained via writes to
/dev/random. Introduce a new source, RANDOM_RANDOMDEV, to refer to the
latter. This is to enable treating RANDOM_CACHED as a special case in
the NIST health test implementation.
Update the default harvest_mask in rc.conf to include RANDOM_RANDOMDEV,
preserving the old behaviour of accepting writes to /dev/random.
Bump __FreeBSD_version for modules which register a pure source, since
all of their values have now shifted.
Reviewed by: cem
MFC after: 3 months
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D51155
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setting multiple pf_fallback_rules in /etc/rc.conf as per the
documentation produces invalid pf syntax due to the lack of echo
quoting $pf_fallback_rules in /etc/rc.d/pf. Adding quotes around
the $pf_fallback_rules echo maintains newlines needed for valid
pfctl syntax. Provided patch resolves the issue
Also updating rc.conf(5) to reflect that multi-line pf_fallback_rules
should not include a trailing backslash (\) as line breaks are
needed when passing rules to pfctl via stdin.
PR: 288197
Reviewed by: kp
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test verifies that the rc framework will OOM-protect a process
spawned by rc. It just wraps a 5-second /bin/sleep invocation as part
of this test.
The rc framework uses procctl to set the OOM-protect bit after the
process has started, i.e., it uses procctl -p. So, with a 5 second
timeout, it's possible for the process to exit before procctl actually
runs, if the system is heavily loaded. (I see this failure occasionally
with KMSAN configured and many tests running in parallel.)
Bump the timeout to reduce the risk of this happening. The timeout
value is arbitrary since the test will stop the rc process, i.e., we
don't have to wait for 60 seconds to elapse before the test passes.
MFC after: 1 week
|
| |
|
|
|
| |
MFC after: 3 days
Event: Berlin Hackathon 202507
|
| |
|
|
|
|
|
|
|
| |
PR: 282404
Reviewed by: markj, netchild
Approved by: markj (mentor)
MFC after: 2 weeks
Event: Berlin Hackathon 202507
Differential Revision: https://reviews.freebsd.org/D47329
|
