Clarify that the "sysvipc" svcj option inherits from the host / parent.
Add "sysvipcnew" which creates a new SysV namespace for the service
jail.
Sanity check that only one of them is used.
This takes a rc.d-service and starts it in a jail which shares the same
root-path as the host (or parent jail) and may inherit the network from
the host (or parent jail). Per service there is the possibility to
specify some arguments which give more permissions (e.g. netv4, netv6,
sysvipc...).
Reviewed by: bcr (man page)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D40370
Link with --no-undefined-version by default. Will detect and prevent
the accidental removal of symbols from versioned libraries.
(cherry picked from commit 4510f2ca91)
This reverts commit b25ceb97ed.
Reviewed by: arichardson, kib, dim, emaste
Differential Revision: https://reviews.freebsd.org/D44216
Loading modules via kld_list is no longer substantially faster than via
loader.conf.
[skip ci]
MFC after: 2 weeks
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D45242
Filesystem manual pages describe drivers, not formats;
except for fs, which describes the structures of ffs/ufs,
not how to use it in the system.
Reported by: emaste
Reviewed by: des, imp, meena (previous version)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1077
It's not 1996 anymore, and we use CIDR nowadays. Update the various
ifconfig_ examples to use CIDR notation instead of netmasks, and also
add an example of a basic ifconfig_ entry that most users will be
interested in.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1217
Link with --no-undefined-version by default. Will detect and prevent
the accidental removal of symbols from versioned libraries.
Reviewed by: arichardson, kib, dim, emaste
Differential Revision: https://reviews.freebsd.org/D44216
Use a more specific description for this man page, and add SDPX tag
while here.
Reviewed by: imp, meena
Signed-off-by: Alexander Ziaee <concussious@runbox.com>
Pull Request: https://github.com/freebsd/freebsd-src/pull/1194
As mentioned in zpoolprops(7), on some SSDs, it may not be desirable to
use ZFS autotrim because a large number of trim requests can degrade
disk performance; instead, the pool should be manually trimmed at
regular intervals.
Add a new daily periodic script for this purpose, 801.trim-zfs. If
enabled (daily_trim_zfs_enable=YES; the default is NO), it will run a
'zpool trim' operation on all online pools, or on the pools listed in
'daily_trim_zfs_pools'.
The trim is not started if the pool is degraded (which matches the
behaviour of the existing 800.scrub-zfs script) or if a trim is already
running on that pool. Having autotrim enabled does not inhibit the
periodic trim; it's sometimes desirable to run periodic trims even with
autotrim enabled, because autotrim can elide trims for very small
regions.
PR: 275965
MFC after: 1 week
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/956
When enabled (current default) link with --undefined-version to allow
symbol maps to contain symbols not defined by libraries. When disabled,
link with --no-undefined-version to disallow these bugs.
WITHOUT_UNDEFINED_VERSION is currently broken. Once it is fixed it
should be made the default and this option should likely be removed.
Reviewed by: dim, emaste
Differential Revision: https://reviews.freebsd.org/D44169
This option will omit all the graphics support, the teken terminal
library, video mode support, etc and support a simple, basic, text-only
video console for the x86 BIOS boot loader. It uses the FreeBSD 12
version of vidconsole.c. It defaults to NO.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D43912
Commit de6feefdb7 limited the amount of debuginfo generated for clang
and other llvm-related executables. This was done to save disk space and
memory during building, but it makes debugging any of these executables
much harder.
Add a new src.conf(5) setting, WITH_LLVM_FULL_DEBUGINFO, to generate
full debuginfo instead. This is off by default, but could for example be
enabled for release builds or snapshots, so llvm executables are easier
to debug.
Reviewed by: emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43839
NetBSD calls "curproc" "self" and "exe" "file" for proc. Reduce
gratuitous differnces by including them as well.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/976
Only generate ipfix/netflow reports (through pflow) for the rules where
this is enabled. Reports can also be enabled globally through 'set
state-default pflow'.
Obtained from: OpenBSD
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43108
Make, by default, daily diff(1) ignore whitespace changes and the unified output
a context of zero (0) lines. This reduces output of unrelated lines in e-mails
delivered to root.
PR: 270266
Approved by: jrm (mentor), karels
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D42762
Make, by default, security diff(1) produce a unified output with a context of
zero (0) lines. This reduces output of unrelated lines in e-mails delivered
to root.
PR: 270266
Approved by: jrm (mentor), karels
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D43071
The tmpfs memory reserve defaulted to 4 MB, and other than that,
all of available memory + swap could be allocated to tmpfs files.
This was dangerous, as the page daemon attempts to keep some memory
free, using up swap, and then resulting in processes being killed.
Increase the reserve to a fraction of available memory + swap at
file system startup time. The limit is expressed as a percentage
of available memory + swap that can be used, and defaults to 95%.
The percentage can be changed via the vfs.tmpfs.memory_percent sysctl,
recomputing the reserve with the new percentage but the initial
available memory + swap. Note that the reserve can also be set
directly with an existing sysctl, ignoring the percentage. The
previous behavior can be specified by setting vfs.tmpfs.memory_percent
to 100.
Add sysctl for vfs.tmpfs.memory_percent and the pre-existing
vfs.tmpfs.memory_reserved to tmpfs(5).
PR: 275436
MFC after: 1 month
Reviewed by: rgrimes
Differential Revision: https://reviews.freebsd.org/D43011
Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.
Sponsored by: Netflix
The option was added to parallel the CLANG_IS_CC which was removed in
commit 20a66ab4bf.
Reviewed by: imp, dim, emaste
Differential Revision: https://reviews.freebsd.org/D42575
Add sshd and local_unbound to the oom protected services.
syslogd is protected by default already, document it.
This was discussed on arch@, see
https://lists.freebsd.org/archives/freebsd-arch/2023-November/000543.html
sshd is protected to be able to investigate and fix oom issues on systems
which don't have out-of-band console access.
local_unbound is protected as it may be enabled for local use and without
DNS a lot grinds to a halt (including sshd).
Relnotes: yes
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D42544
Allow SCTP state timeouts to be configured independently from TCP state
timeouts.
Reviewed by: tuexen
MFC after: 1 week
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D42393
Update pf documentation:
- default behaviour of fragment reassembly
- introduction of scrub option for filter rules
- disadvantages of using the old scrub ruleset
- options supported for match rules
- fix missing list block end
- remove duplicate description of match filter rule
- update example to modern syntax
Reviewed by: kp
Fragments obtained from: OpenBSD
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D42270
While here, drop the EXTRA_TCP_STACKS option, which serves no purpose and
should never have been added. Instead, build bbr and rack as long as
either or both of INET and INET6 is enabled. There is no risk to anyone
who doesn't load one or both and then twiddle the relevant sysctls.
Differential Revision: https://reviews.freebsd.org/D42088