New variable ${name}_offcmd may be used to supply commands
executed if named service is not enabled. Previously start_precmd
could be used for such a task but now rc.subr(8) does not call it
if a service is not enabled.
Fix devd startup script to use it instead of start_precmd.
PR: 279198
MFC after: 2 weeks
Reported by: Dmitry S. Lukhtionov
Tested by: Dmitry S. Lukhtionov
At the moment, if bootrace profiling is enabled, autoboot is not
exported to the rc scripts. This causes fsck to not check the root
filesystem. To fix this, pass _boot, rc_fast and autoboot to the
boottrace process to mimic what diretly sourcing the rc.d scripts.
PR: 278993
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1261
Reload is used for service reconfiguration as well
and lacks a NAME_prepend-like mechanism so it makes
sense to extend the NAME_reload hook into this
action.
precmd may use configuration checks and blocks setup
from doing its designated work (e.g. nginx). In moving
the invoke of the setup script in front allows us to
provide custom scripts for config file generation and
fixing prior to precmd checking configuration integrity.
Also introduce _run_rc_setup to separate the launcher
from the main one. Let it run correctly in the case
of restart_precmd and block further execution as
would be the case in start due to the internal plumbing
of restart being split into calling stop and start
afterwards.
Differential-Revsiion: https://reviews.freebsd.org/D36259
Signed-off-by: Franco Fichtner <franco@opnsense.org>
Reviewed by: imp, oshogbo
Pull Request: https://github.com/freebsd/freebsd-src/pull/1258
This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.
The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.
The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.
Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision: https://reviews.freebsd.org/D40371
This takes a rc.d-service and starts it in a jail which shares the same
root-path as the host (or parent jail) and may inherit the network from
the host (or parent jail). Per service there is the possibility to
specify some arguments which give more permissions (e.g. netv4, netv6,
sysvipc...).
Reviewed by: bcr (man page)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D40370
In 3bfbb521 the behaviour of ls was changed such that -g was no longer
a noop for compatibility with BSD 4.3, but instead changed the output
of long mode to exclude the owner of the file and display only the
group.
Update how FTPd invokes ls to restore the previous behaviour
Reported-by: Andrew Fengler <andrew.fengler@scaleengine.com>
Reviewed-by: jrtc27, des, imp
MFC after: 3 days
Sponsored-by: ScaleEngine Inc.
Fixes: 3bfbb521fe ("ls: Improve POSIX compatibility for -g and -n.")
There are two variables set by dynamic tags in the powerpc runtime
linker. Now we have a way to split out architecture-specific dynamic
tags use it to handle these.
Reviewed by: kib, jhibbits
Obtained from: jhibbits (earlier version)
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D45182
When marking a function as variant pcs we can use registers not normally
used in procedure calls. Add a test that uses this and stores all
general purpose registers to a buffer and compare this buffer with the
expected value later.
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D44870
The aarch64 ELF spec has support for a variant of the normal procedure
call standard that doesn't follow the normal register convention, e.g.
using more registers as arguments, or different register state is
preserved.
Add support to rtld to handle this. As we don't know which registers
need to be preserved disable lazy binding for these functions.
Reviewed by: kib
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D44869
This will be used to handle the DT_AARCH64_VARIANT_PCS tag.
Reviewed by: kib
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D45117
Add a macro the architectures can use to add per-arch fields to
Struct_Obj_Entry.
Reviewed by: kib
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D45116
In the future, we will Default to _FORTIFY_SOURCE=2 if SSP is enabled,
otherwise default to _FORTIFY_SOURCE=0. For now we default it to 0
unconditionally to ease bisect across older versions without the new
symbols, and we'll put out a call for testing.
include/*.h include their ssp/*.h equivalents as needed based on the
knob. Programs and users are allowed to override FORTIFY_SOURCE in their
Makefiles or src.conf/make.conf to force it off.
Reviewed by: des, markj
Relnotes: yes
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D32308
GCC 13 complains that we might be writing too much to an on-stack buffer
when createing a filename.
In practice there is a check that filename isn't too long given the
time format and other static characters so GCC is incorrect, but GCC
isn't wrong that we're potentially trying to put a MAXPATHLEN length
string + some other characters into a MAXPATHLEN buffer (if you ignore
the check GCC can't realistically evaluate at compile time).
Switch to snprintf to populate filename to ensure that future logic
errors don't result in a stack overflow.
Shorten the questionably named yyyymmdd buffer enough to slience the
warning (checking the snprintf return value isn't sufficent) while
preserving maximum flexibility for admins who use the -F option.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: brooks
Differential Revision: https://reviews.freebsd.org/D45086
* Replace `random()` with `arc4random()`.
* Change some variable types.
* Drop some unused assignments.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: imp, markj
Differential Revision: https://reviews.freebsd.org/D45132
This went unnoticed due to namespace pollution in our headers.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D45131
Introduce hw.bus.devctl_nomatch_enabled and use it to suppress NOMATCH
until devmatch runs
There's a lot of NOMATCH events generated at boot. We also run devmatch
once during early boot to load unmatched devices. To avoid redundant
work, don't start generating NOMATCH events until after devmatch runs.
Set hw.bus.devctl_nomatch_enabled=1 just before we run devmatch. The
kernel will suppress NOMATCH events until this is set to true.
This saves about 170ms from the boot on aarch64 running atop Apple
M-series processors and the VMWare Fusion hypervisor.
Reviewed by: imp, cperciva
MFC after: 3 days
Sponsored by: Google Summer of Code
Pull Request: https://github.com/freebsd/freebsd-src/pull/1213
This was prompted by noticing that '/var/db/portsnap' still exists on
newly-installed machines.
With this change, all mentions of portsnap(8) in the tree are gone,
except for the historical note in the AUTHORS section of manpage
phttpget(8).
locate(1) will thus start indexing again '/var/db/portsnap' on machines
where this directory still exists, which may be a good way to push
administrators to delete it.
Reviewed by: cperciva
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45023
Instead of only ignoring insecure env vars, clear them all.
Reviewed by: emaste, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44999
allowing to set any known LD_ parameter for the current rtld invocation,
but without polluting the activated' binary environment. In other
words, the set parameter is not exported into the environment.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D44988
Move auditing runtime (auditd, etc.) into the new FreeBSD-audit package.
Also move the runtime OpenBSM manual pages from libbsm into auditd so
they get installed with the right package.
Add an UPDATING entry noting the new packages.
Reviewed by: imp, manu
Pull Request: https://github.com/freebsd/freebsd-src/pull/1197
* In the setup phase, wait for the server to start (or fail to start)
before proceeding with the test. This makes it possible to write test
cases that don't expect a response from the server without ending up
in a race over the server PID file.
* After running each test, wait up to 30 seconds for the server to exit
and check that the exit status matches what the test case says to
expect (usually 0).
* We still kill and collect the server in the cleanup phase, in case the
test ended early.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44956
* Limit the use of `ssize_t` to only where it's needed.
* Correct one case of `int` being used for a length.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D44954
Add a new kdc_restart rc variable that manages kdc (or krb5kdc) under
daemon(8). This automatically restarts the kdc should it fail, i.e.
when it's configured to use LDAP as a backend and cannot connect to its
LDAP directory.
Set kdc_restart="YES" to auto restart kdc on abnormal termination.
Set kdc_restart_delay="N" to the number of seconds to delay before
restarting the kdc. The daemon(8) default seconds applies when not set.
Reported by: Lexi Winter <lexi.freebsd@le-fay.org>
PR: 278395
Differential Revision: https://reviews.freebsd.org/D44898
This setting causes the NFS server to check that all RPCs are sent from
a privileged (<= 1023) port, rejecting those that are not. This
slightly raises the bar for a user with network access to an
unauthenticated NFS server to access exported NFS filesystems.
Users that use traditional NFS clients (e.g., those provided by FreeBSD
or Linux) should not see any difference, assuming that unprivileged
filesystem mounting is disallowed.
Note that the setting is per-VNET, so may be overridden in VNET jails
without affecting the rest of the system.
Discussed with: freebsd-arch@
Reviewed by: rmacklem, bz, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44906
Commit 99132daf6f prepends /usr/lib32 to
the list of paths in ldconfig32_paths since it is a standard library
path in ld-elf32.so.1. Remove /usr/lib32 from the value in rc.conf so
that it is not listed twice.
Reviewed by: olce, kib
Sponsored by: University of Cambridge, Google, Inc.
Differential Revision: https://reviews.freebsd.org/D44752
Move logic that computes paths passed to ldconfig(8) to a
ldconfig_paths() function that can be called for multiple ABIs.
Reviewed by: olce, kib
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D44751
Read the elf note to decide when to set the guard page on arm64.
Reviewed by: kib
Sponsored by: Arm Ltd
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39452
