Move auditing runtime (auditd, etc.) into the new FreeBSD-audit package.
Also move the runtime OpenBSM manual pages from libbsm into auditd so
they get installed with the right package.
Add an UPDATING entry noting the new packages.
Reviewed by: imp, manu
Pull Request: https://github.com/freebsd/freebsd-src/pull/1197
Add a new kdc_restart rc variable that manages kdc (or krb5kdc) under
daemon(8). This automatically restarts the kdc should it fail, i.e.
when it's configured to use LDAP as a backend and cannot connect to its
LDAP directory.
Set kdc_restart="YES" to auto restart kdc on abnormal termination.
Set kdc_restart_delay="N" to the number of seconds to delay before
restarting the kdc. The daemon(8) default seconds applies when not set.
Reported by: Lexi Winter <lexi.freebsd@le-fay.org>
PR: 278395
Differential Revision: https://reviews.freebsd.org/D44898
This setting causes the NFS server to check that all RPCs are sent from
a privileged (<= 1023) port, rejecting those that are not. This
slightly raises the bar for a user with network access to an
unauthenticated NFS server to access exported NFS filesystems.
Users that use traditional NFS clients (e.g., those provided by FreeBSD
or Linux) should not see any difference, assuming that unprivileged
filesystem mounting is disallowed.
Note that the setting is per-VNET, so may be overridden in VNET jails
without affecting the rest of the system.
Discussed with: freebsd-arch@
Reviewed by: rmacklem, bz, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44906
Commit 99132daf6f prepends /usr/lib32 to
the list of paths in ldconfig32_paths since it is a standard library
path in ld-elf32.so.1. Remove /usr/lib32 from the value in rc.conf so
that it is not listed twice.
Reviewed by: olce, kib
Sponsored by: University of Cambridge, Google, Inc.
Differential Revision: https://reviews.freebsd.org/D44752
Move logic that computes paths passed to ldconfig(8) to a
ldconfig_paths() function that can be called for multiple ABIs.
Reviewed by: olce, kib
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D44751
Re-apply the -S switch to disable soft-updates in memory disks (commit
8b1292ac52). This might be beneficial when tmpfs(5) is not present in
the kernel, as this can cause mdmfs(8)'s auto keyword to fallback to
using md(4).
PR: 85558
MFC after: 1 week
Reviewed by: imp, emaste, brooks
Differential Revision: https://reviews.freebsd.org/D43242
this is a very early script to support cloudinit, it does not intend to
be a full featured cloudinit client, but will support a good enough
subset to be viable in most case.
It support nocloud and openstack config-2 config drive mode (iso9660 or
msdosfs)
The following features are currently supported:
- adding users (including a default user named 'freebsd' with password
'freebsd'
- adding groups
- adding ssh keys
- static ipv4, static ipv6, dynamic ipv4
With this one is able to use the 'bring your own image feature" out of
box.
It is expected that the script grows the support of other clouds
supporting cloud-init, contributions are welcomed.
It is designed to be only run once via the firstboot mecanism.
Sponsored by: OVHCloud
MFC After: 3 weeks
Differential Revision: https://reviews.freebsd.org/D44141
This will load/save the /var/run directories at boot/shutdown if
and only if /var/run/ is a tmpfs mount so it is a win for tmpfs
users and a no-op for everyone else.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D44097
Sponsored by: Beckhoff Automation GmbH & Co. KG
silent the warning seen at boot:
Mounting late filesystems:.
nextboot: unlink /boot/nextboot.conf: No such file or directory
Sun Feb 18 23:31:52 AKST 2024
FreeBSD/amd64 (main) (ttyv0)
login:
Differential Revision: https://reviews.freebsd.org/D43979
SED=`Exists -x /usr/bin/sed /rescue/sed`
avoids adding /rescure to $PATH, and allows use of sed
before /usr is mounted (if a separate filesystem).
Reviewed by: jlduran_gmail.com
Differential Revision: https://reviews.freebsd.org/D43826
basename, sed and tty are all in /usr/bin and not available
until /usr is mounted.
basename and tty we can replace with a function, but sed is more
important. Fix o_verify to just use shell builtins, and
rc_trace should avoid trying to set RC_LEVEL until sed is available.
Debugging boot issues can be helped by
logging each rc.d script as it is run
and being able to selectively enable/disable set -x
debug.sh provides an elaborate framework for debugging shell scripts.
For secure systems, we want to be paranoid about what we read
during boot.
dot() simply reads (.) arg file if it exists
vdot() if mac_veriexec is active, ignore unverified files
otherwise behaves much the same as dot()
safe_dot() in safe_eval.sh allows reading an untrusted file;
limiting the input to simple variable assignments.
In load_rc_config allow caller to provide an option to indicate how to
handle its arg:
-v use vdot()
-s use sdot() which will try to use vdot() and fallback to safe_dot()
The default is to read using dot()
rc_run_scripts()
encapsulate the running of rc.d scripts
so that we can easily call it more than twice.
We vdot local.rc.subr to pick up extensions (like
run_rc_scripts_final) and overrides.
We also allow rc.subr.local or rc.conf to set rc_config_xtra
eg (rc_config_xtra=XXX for historic compatibility)
rc use set -o verify around the reading in of rc.subr
This has no effect if mac_veriexec is not active, but if it is; ensures
rc.subr has not been tampered with.
Reviewed by: imp
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43671
IERS is the source of truth for leap seconds. Their leapsecond file is
updated most quickly and is always right (unlike the IANA one which
often lags). IERS operates this public service for the express purpose
of random people downloading it. Their terms of service are compatible
with open source (we could include this in our release). Rather than
fighting with questions around this because the IANA one changed
locations or the auto update script broken, just use this.
This is in preference to the NIST ftp copy. NIST is in the process of
retiring their FTP services.
Sponsored by: Netflix
Reviewed by: philip, delphij, cy
Differential Revision: https://reviews.freebsd.org/D43752
Some users wishing to use the MIT krb5kdc have discovered the
kdc script workaround applied to the MIT krb5 ports is insufficient.
Let's build into this rc script the smarts to determine whether
base or ports Hiemdal kdc is being invoked or the MIT krb5kdc.
While at it, remove kdc_start_precmd(). This will simplify a future
jail patch.
Suggested by: netchild
Original patch: netchild
Reviewed by: emaste, netchild
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43523
Evaluate the jail_${jailname}_zfs_dataset variable for legacy
jail managers.
This variable can take a space separated list of datasets.
The singular was used specially to allow unmaintained jail
managers like ezjail to use this (simply rename
jail_${jailname}_zfs_datasets in the ezjail config to
jail_${jailname}_zfs_dataset).
Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.
Sponsored by: Netflix
This is done only for ld-elf32.so.1, where /lib32 is kept in the path
due to the way STANDARD_LIBRARY_PATH is defined in rtld_paths.h.
This change fixes innocent warning appearing after
99132daf6f
Reviewed by: dim, emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D42626
Ensure that ldconfig-managed elf and elf32 hints always include
the standard library paths that are known independently to rtld.
PR: 275031
Reviewed by: kib
MFC after: 2 weeks
Sponsored by: Saltant Solutions LLC
Differential Revision: https://reviews.freebsd.org/D42557
Add sshd and local_unbound to the oom protected services.
syslogd is protected by default already, document it.
This was discussed on arch@, see
https://lists.freebsd.org/archives/freebsd-arch/2023-November/000543.html
sshd is protected to be able to investigate and fix oom issues on systems
which don't have out-of-band console access.
local_unbound is protected as it may be enabled for local use and without
DNS a lot grinds to a halt (including sshd).
Relnotes: yes
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D42544
Since 13.1, /etc/rc.d/jail has looked for a per-jail config file in
/etc/jail.conf.d. For RELENG 14, the ".include" directive was added to
jail(8), with a sample line in the jail.conf(5) man page that includes
"/etc/jail.conf.d/*.conf".
These two use cases don't work together. When the jail.conf.d files
are included from a master jail.conf, the files in jail.conf.d are
likely to hold only partial configurations, and shouldn't be directly
loaded by rc.d/jail. But there are existing configurations that depend
on the current rc.d behavior. While users could be advised not to
include from /etc/jail.conf.d, it's the natural choice even if not
mentioned in jail.conf.5.
The workaround is for rc.d/jail to continue to load the individual
files, but only when /etc/jail.conf doesn't include from that
directory (via a simple grep test), This allows the current use
while not breaking the previous use.
Reported by: antranigv at freebsd.am
Differential Revision: https://reviews.freebsd.org/D41962
For a service that sets an rcvar, there is a check whether it has been
enabled before the actual command is executed. If the check fails, one
gets a message to enable it and the returned exit status is 0.
However, this is usually undesirable for the status command, which is
a) supposed to check whether the service is running anyway and
b) returns a non-zero exit code if that is not the case.
Thus, skip the check for the status command.
PR: 272282
Reviewed by: emaste
MFC after: 3 days
9600 was a standard baud rate decades ago, but 115200 is now more common
so choose defaults that are useful to the largest number of users.
Note that boot0sio does not support rates above 9600 so it remains
unchanged.
Reviewed by: bz, imp, manu
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36295
Summary:
This change moves /usr/bin/cpuset to /bin/cpuset so it is more readily
available on hosts where the /usr partition might not be mounted at the
time / has been mounted.
Remove some complexity from rc.subr(8) since /bin is assumed to always
be present if/when / is mounted.
MFC after: 2 weeks
MFC with: 0661f93892, 271d552379af
Test Plan:
- Test out rc.subr change.
- Confirm that the installation logic does what's needed.
Relnotes: yes (moving cpuset may impact strict file permissions/mode checking)
Reviewers: kevans
Subscribers: imp
Differential Revision: https://reviews.freebsd.org/D40057
This better reflects the intent that this directory is indexed by kld
name and removes a conflict with D32128 which aims to split sysctl.conf.
Reviewed by: kevans imp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D41043
For kernel modules loaded by scripts in /etc/rc.d and
/usr/local/etc/rc.d, if there is a file in /etc/sysctl.conf.d named <kld
name>.conf, then this will be loaded using the sysctl(8) utility. For
instance, sysctl variable changes for the pf kernel module would be
placed in the file /etc/sysctl.conf.d/pf.conf.
PR: 272129
Reviewed by: imp freebsd_igalic.co
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D40886
In 3693d9140e /etc/rc switched to using
find_system_scripts rather than directly including /etc/rc.d/* in the
list of scripts to run in order to skip .pkgsave files. Follow suit
in etc/rc.d/routing.
Sponsored by: DARPA
We have somewhat twisted logic to determine actions for dumpdev
considering three sources of information:
* kenv "dumpdev" tunnable supposed to point to specific device;
* /etc/defaults/rc.conf "dumpdev" variable;
* /etc/rc.conf that may be unset or set to "NO", "AUTO" or device name.
For CURRENT without any setting in kenv or /etc/rc.conf
the default is "AUTO". For STABLE branches the default is "NO".
Current implementation breaks for STABLE branches if kenv points
to specific device but /etc/rc.conf does not set "dumpdev" at all.
Let us fix it commenting out "dumpdev" in /etc/defaults/rc.conf
for STABLE branches and making the code to consult kenv
if "dumpdev" is not set elsewhere.
MFC-after: 1 month
There was a mistake in the previous commit, it used the incorrect
spelling of the FIB variable name and was not functional
Also corrects an issue with the IPv6 default route variable name.
Fixes: 30659d1dcb ("Add support for adding default routes for other FIBs")
Sponsored-by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D37685
In case of source upgrade path from 12.x proper merge of new /etc
installs /etc/motd.template. Becase of that, the system in left
without symlink /etc/motd -> /var/run/motd but with stale /etc/motd contents.
Fix it creating symlink despite of presence of /etc/motd.template.
MFC after: 1 week
This reverts commit 1dcb6ad173.
As of "8cb16fdbea6b Restore original frequency on exit.", powerd
restores the original frequency itself.
Further, if the original frequency is not the same as the
first frequency found in the frequency list, then the restoration
done by the powerd_poststop will restore the wrong frequency.
This can happen on Intel machines where Turbo is not enabled,
but the turbo frequency is first in the list of frequencies.
In this case, turbo will be enabled when the user did not want
it to be.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D40197
Reviewed by: imp, mav
For symmetry with rc.resume, give rc.suspend the ability to execute
rc-scripts. Use the suspend keyword for that.
Use-case is for setting a wake-up time, e.g. via efiwake.
Reviewed by: christos
Approved by: markj (mentor)
Differential Revision: https://reviews.freebsd.org/D39965
The recent changes to the uname(1) command removed trailing spaces for
better POSIX conformance, but it broke the regular expression used by
the motd script which expected it. This commit addresses this by removing
the requirement, as it is no longer present.
Additionally, a recent change in newvers.sh introduced a new format for
uname -v, which omited the build number and build dates to improve
reproducible build support. This commit adds support for this new format.
Reported-by: Jamie Landeg-Jones <jamie@catflap.org>
Reviewed-by: imp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D40225
The code in rc.d/netif waiting for IPv6 Duplicate Address Detection if
any network interfaces support IPv6. Unfortunately, since lo0 *always*
has IPv6 enabled, this means unconditionally sleeping, even on systems
which have no external IPv6 interfaces.
Since we presume that there is little risk of a duplicate address being
assigned on lo0, amend the test to wait only if there is an interface
*other than lo0* which supports IPv6.
Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D40141
Summary:
The intention of the original author (I assume) was to add this logic
for testing. This removes the debug statement so it no longer shows up
in calls to `status`.
MFC after: 2 weeks
MFC with: 0661f9389
Reviewers: kevans
Subscribers: imp
Differential Revision: https://reviews.freebsd.org/D40055
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix