There are two "Vagrant" images right now: "Vagrant Image for VirtualBox"
and "Vagrant Image for VMWare". Rather than listing these separately in
a CLOUDWARE list, place "VAGRANT" into a CLOUDWARE_TYPES list and then
use a VAGRANT_FLAVOURS variable to identify the two versions. Add make
logic to allow defaults (in this case, image format and filesystem) to
be specified once for VAGRANT and inherited by both flavours.
This will make future work to add flavoured EC2 images simpler.
releng/14.0 candidate.
Discussed with: gjb
Reviewed by: imp
MFC after: 5 days
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D41790
The cw*-package targets were introduced in February 2015 as part of
adding support for building GCE images; but GCE support was reworked
in June 2015 and the cw*-package targets were in fact never used.
Remove them.
The *_DISK variables were introduced in February 2015 as part of
adding the cloudware-install target; this was removed in May 2016 as
the cloudware images are published via the respective cloud systems
and not published as disk images via the FreeBSD FTP site. As such,
the *_DISK variables are not unused; remove them.
releng/14.0 candidate.
Discussed with: gjb
Reviewed by: imp
MFC after: 5 days
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D41789
MSI (not MSI-X) interrupt vectors must be allocated in groups that are
powers of 2, and the block of IDT vectors must be aligned to the size
of the request.
The code in native_apic_alloc_vectors() does an alignment check in the loop:
if ((vector & (align - 1)) != 0)
continue;
first = vector;
But it adds APIC_IO_INTS to the value it returns:
return (first + APIC_IO_INTS);
The problem is that APIC_IO_INTS is not a multiple of 32. It is 48:
As a result, a request for 32 vectors (the max supported by MSI), was
not always aligned. To fix, check the alignment of
'vector + APIC_IO_INTS' in the loop.
PR: 274074
Reviewed by: jhb
The point of CFLAGS_LAST is to be the last thing in CFLAGS
so add it last.
For DIRDEPS_BUILD this can best be done via local.dirdeps-build.mk
which is guaranteed to be the last makefile read, but that does nothing
for non-DIRDEPS_BUILD
bsd.sys.mk is close enough to the end.
Reviewed by: obrien
Differential Revision: https://reviews.freebsd.org/D42001
When copying a file's contents into the pool, a loop copies blocks of
the maximum size (128KB), allocating space from the vdev for each block.
The space allocator rounds up to the nearest block size, but for files
larger than the maximum size, this can result in the last block having a
smaller logical size than the rest of the blocks belonging to that
dnode. This violates some ZFS invariants when appending to that file.
Modify fs_populate_file() to use the same block size for the final
block.
Reported by: cperciva
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
* Like GNU split, turn autoextend back on if given -a0.
* Add a test case that verifies that -a<non-zero> turns autoextend off.
* Add a test case that verifies that -a0 turns autoextend back on.
Sponsored by: Klara, Inc.
Reviewed by: christos, kevans
Differential Revision: https://reviews.freebsd.org/D42011
* Whenever possible, use strtonum() to parse numeric arguments.
* Improve usefulness and consistency of error messages.
* While here, fix some type and style issues.
Sponsored by: Klara, Inc.
Reviewed by: christos, kevans
Differential Revision: https://reviews.freebsd.org/D42010
If syslogd is in secure mode, all INET sockets are shutdown. Do not
add these to the kqueue because we can't read from them.
Also, remove the listen() call when setting up sockets. Syslogd
exclusively uses SOCK_DGRAM sockets, so calling listen() is useless.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41526
Previously, syslogd's daemon process would signal that it had finished
initialization using SIGALRM. In capability mode, signal delivery is not
allowed, so use a pipe to indicate that it is ready to accept messages.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41459
Instead of blocking signals in sigcatch[], just ignore them. This frees
up some space on the proc's sigqueue.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41433
Open _PATH_DEVNULL before entering capability mode. Access to /dev/null
is needed for dup2() when piping commands.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41381
Setup consfile filed for logging while Initialized is false, but do not
bother opening the console. Close console/tty descriptors after parsing,
as well. The ttymsg() function will re-open these descriptors for us.
Also, remove references to the ctty global variable since it will always
be _PATH_CONSOLE.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41380
Save basename and dirname for use in unlinkat() when removing UNIX
sockets from fs.
Reviewed by: markj, emaste
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41379
The closelogfiles() function completely disassembles the global filed
list by freeing all filed components and removing them from the list.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41388
Use parentheses when applying sizeof() per style(9).
Reviewed by: markj, emaste
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41376
Clean up the cfline() function by moving action parsing into its own
function.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41375
Clean up the cfline() function by moving selector parsing into its
own function.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41374
Clean up the cfline() function by moving the prop_filter memory
allocation into the prop_filter_compile() function.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41373
If errno is zero, then buf is never filled and we're printing
uninitialized data. Print the msg buffer instead to mitigate this.
Reviewed by: markj, emaste
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41371
Merge the two loops that traverse the global filed queue. Both loops'
actions are not dependent on the other, so combining them is safe.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41370
Use the SA_NOCLDWAIT sigaction() flag to disable the creation of
zombie processes. This leaves no reason to wait() on children, so
remove the reaping routine.
Previously, deadq entries were removed in reapchild(). Move deadq
removal into markit() after SIGKILL is sent.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41415
Prepare for program Capsicumization by storing process descriptors
instead of pids. Signal delivery is not permitted in capability mode,
so we can use pdkill(2) to terminate child processes.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41369
* Use enums for property filter properties and comparisons.
* Rename property and comparison values.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41366
Add logging sockets directly to the socklist, unless parsing flags. The
peerlist is still needed to temporarily hold socket information until
the configuration flags have been parsed.
It is tempting to remove the entire peerlist, but addsock() can not
determine if syslogd is in secure mode unless the flags have been
parsed.
Also, call pidfile_open() right after flag parsing so we can terminate
if another syslogd instance is already running.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41364
Use kqueue(2) for socket I/O and signal notification. Previously,
select(2) and traditional signal handlers were being used.
This change centralizes all of the async notification delivery into a
single loop so future Capsicum sandboxing will be easier. It also
simplifies the code by removing boiler-plate cruft that comes with the
older interfaces.
Reviewed by: Slawa Olhovchenkov, markj, emaste
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41363
Many of syslogd's global configuration options are declared as integers
but are treated as booleans. Declare those options as booleans instead.
Reviewed by: markj, emaste
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41362
cfline() already allocates a filed structure on the heap, so we can
avoid redundant memory allocations by skipping a second calloc() inside
addfile().
addfile() can be removed altogether since a simple STAILQ_INSERT_TAIL()
will add the filed to the global filed list.
Reviewed by: markj, emaste
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41359
Move all configuration-file code outside of the initialization loop and
into its own set of functions. Create a readconfigfile() to open the
config and call parseconfigfile() to parse it.
The init() function no longer returns if there was a failure to open the
configuration file. Initialization will be finished, using the backup
logging rules: *.ERR to /dev/console and *.PANIC to all logged in users.
Reviewed by: markj, emaste
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41358
See previous commit that made cr_canseeothergids() use the new
realgroupmember() function, taking into account real group IDs instead
of effective ones.
PR: 272093
Reviewed by: pauamma_gundo.com, mhorne
MFC after: 2 weeks
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40644
Using the effective group and not the real one when testing membership
has the consequence that unprivileged processes cannot see setuid
commands they launch until these have relinquished their privileges.
This is also in contradiction with how the similar cr_canseeotheruids()
works, i.e., by taking into account real user IDs.
Fix this by substituting groupmember() with realgroupmember(). While
here, simplify the code.
PR: 272093
Reviewed by: mhorne
MFC after: 2 weeks
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40642
Like groupmember(), but taking into account the real group instead of
the effective group. Leverages the new supplementary_group_member()
function.
Reviewed by: mhorne
MFC after: 2 weeks
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40641
This is in preparation for the introduction of the new realgroupmember()
function, which does the same search into supplementary groups as
groupmember().
Reviewed by: mhorne
MFC after: 2 weeks
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40640
Mention cr_bsd_visible(9). Remove references to cr_canseeothergids(9)
and cr_canseeotheruids(9), as well as indirect references not
immediately useful.
Fix description of credentials checks to match reality.
Re-order errors to match code's check order.
Reviewed by: bcr, pauamma_gundo.com
MFC after: 2 weeks
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40638
Essentially defer to cr_cansee(9), except for the specifics.
Be more specific on the return codes.
Reviewed by: bcr, pauamma_gundo.com
MFC after: 2 weeks
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40637