| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was prompted by noticing that '/var/db/portsnap' still exists on
newly-installed machines.
With this change, all mentions of portsnap(8) in the tree are gone,
except for the historical note in the AUTHORS section of manpage
phttpget(8).
locate(1) will thus start indexing again '/var/db/portsnap' on machines
where this directory still exists, which may be a good way to push
administrators to delete it.
Reviewed by: cperciva
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45023
|
| |
|
|
| |
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
| |
|
|
| |
Differential Revision: https://reviews.freebsd.org/D36592
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Users with a tmpfs /var/run will lose the directory tree state of
/var/run at reboot. This rc script will optionally (by default)
capture the state of the directory structure in /var/run prior to
shutdown and recreate it at system boot.
Alternatively a user can save the state of the /var/run directories
manually using service var_run save and disable the autosaving of
/var/run state using the var_run_autosave variable, for those
paranoid SSD users.
PR: 259585, 259699
Reported by: freebsd@walstatt-de.de,
Reviewed by: philip, gbe (previous version)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36386
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add /var/run/bhyve/ to BSD.var.dist so we don't have to call mkdir when
creating the unix domain socket for a given bhyve vm.
The path to the unix domain socket for a bhyve vm will now be
/var/run/bhyve/vmname instead of /var/run/bhyve/checkpoint/vmname
Move BHYVE_RUN_DIR from snapshot.c to snapshot.h so it can be shared
to bhyvectl(8).
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D28783
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Else when WITHOUT_SENDMAIL is set we still create a sendmail package
that contains (only) two directories.
Reviewed by: manu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D24149
Notes:
svn path=/head/; revision=359215
|
| |
|
|
|
|
|
|
|
| |
The rc.d/account script contains code to create the /var/account dir, so
it hadn't occurred to me that it is normally created via mtree; thanks to
jilles@ for pointing it out.
Notes:
svn path=/head/; revision=350445
|
| |
|
|
|
|
|
| |
Reported by: zeising
Notes:
svn path=/head/; revision=349120
|
| |
|
|
|
|
|
|
|
|
|
| |
mode was dropped unintentionally in r348981 for those two directories.
Reviewed by: rgrimes
MFC after: 1 month
X-MFC-With: r348981
Notes:
svn path=/head/; revision=348990
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This way every directory is at least present in packages.
While here tag some directory from being in sendmail or dma
Reviewed by: bapt
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D20605
Notes:
svn path=/head/; revision=348981
|
| |
|
|
|
|
|
|
|
|
|
| |
When using pkgbase those empty directories aren't packaged otherwise.
Reviewed by: bapt
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D20056
Notes:
svn path=/head/; revision=346682
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The main dhclient process is Capsicumized but also chroots to
restrict filesystem access. With r322369, pidfile(3) maintains a
directory descriptor for the pidfile, which can cause the chroot
to fail in certain cases. To minimize the problem, only chroot
if we fail to enter capability mode, and store dhclient pidfiles
in a subdirectory of /var/run, thus restricting access via
pidfile(3)'s directory descriptor.
PR: 223327
Reviewed by: cem, oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D16584
Notes:
svn path=/head/; revision=337382
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.
This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.
Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.
Differential Revision: https://reviews.freebsd.org/D16281
Notes:
svn path=/head/; revision=336525
|
| |
|
|
|
|
|
| |
MFC after: 4 weeks
Notes:
svn path=/head/; revision=311349
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add zfsd, which deals with hard drive faults in ZFS pools. It manages
hotspares and replements in drive slots that publish physical paths.
cddl/usr.sbin/zfsd
Add zfsd(8) and its unit tests
cddl/usr.sbin/Makefile
Add zfsd to the build
lib/libdevdctl
A C++ library that helps devd clients process events
lib/Makefile
share/mk/bsd.libnames.mk
share/mk/src.libnames.mk
Add libdevdctl to the build. It's a private library, unusable by
out-of-tree software.
etc/defaults/rc.conf
By default, set zfsd_enable to NO
etc/mtree/BSD.include.dist
Add a directory for libdevdctl's include files
etc/mtree/BSD.tests.dist
Add a directory for zfsd's unit tests
etc/mtree/BSD.var.dist
Add /var/db/zfsd/cases, where zfsd stores case files while it's shut
down.
etc/rc.d/Makefile
etc/rc.d/zfsd
Add zfsd's rc script
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev.c
Fix the resource.fs.zfs.statechange message. It had a number of
problems:
It was only being emitted on a transition to the HEALTHY state.
That made it impossible for zfsd to take actions based on drives
getting sicker.
It compared the new state to vdev_prevstate, which is the state that
the vdev had the last time it was opened. That doesn't make sense,
because a vdev can change state multiple times without being
reopened.
vdev_set_state contains logic that will change the device's new
state based on various conditions. However, the statechange event
was being posted _before_ that logic took effect. Now it's being
posted after.
Submitted by: gibbs, asomers, mav, allanjude
Reviewed by: mav, delphij
Relnotes: yes
Sponsored by: Spectra Logic Corp, iX Systems
Differential Revision: https://reviews.freebsd.org/D6564
Notes:
svn path=/head/; revision=300906
|
| |\
| |
| |
| |
| |
| |
| | |
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/projects/release-pkg/; revision=293172
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
leap second date correct
Updates to the file can be obtained from ftp://time.nist.gov/pub/ or
ftp://tycho.usno.navy.mil/pub/ntp/.
Suggested by: dwmalone
Reviewed by: roberto, dwmalone, delphij
Approved by: roberto
MFC after: 1 week
Notes:
svn path=/head/; revision=289421
|
| | |
| |
| |
| | |
Notes:
svn path=/projects/release-pkg/; revision=279664
|
| |/
|
|
|
|
|
| |
Ensure we keep all tags from mtrees when creating the METALOG
Notes:
svn path=/projects/release-pkg/; revision=279656
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
many thanks for their continued support of FreeBSD.
While I'm there, also implement a new build knob, WITHOUT_HYPERV to
disable building and installing of the HyperV utilities when necessary.
The HyperV utilities are only built for i386 and amd64 targets.
This is a stable/10 candidate for inclusion with 10.1-RELEASE.
Submitted by: Wei Hu <weh microsoft com>
MFC after: 1 week
Notes:
svn path=/head/; revision=271493
|
| |
|
|
|
|
|
|
|
| |
Ensure that it is used if present.
MFH: 3 weeks
Notes:
svn path=/head/; revision=266863
|
| |
|
|
| |
Notes:
svn path=/head/; revision=262292
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is a small and lightweight Mail Transport Agent.
It accepts mails from locally installed Mail User Agents (MUA) and delivers the
mails either locally or to a remote destination. Remote delivery includes
several features like TLS/SSL support, SMTP authentication and NULLCLIENT.
Make dma conditional to new WITHOUT_DMA option and make it respect WITHOUT_MAIL
Reviewed by: peter
Discussed with: emaste, bz, peter
Notes:
svn path=/head/; revision=262282
|
| |
|
|
|
|
|
|
|
|
| |
This directory is used by many third party applications and having
permission 0750 makes it impossible to drop group privileges.
MFC after: 3 days
Notes:
svn path=/head/; revision=258664
|
| |
|
|
|
|
|
| |
Approved by: re (gjb)
Notes:
svn path=/head/; revision=255949
|
| |
|
|
|
|
|
| |
Approved by: re (blanket)
Notes:
svn path=/head/; revision=255794
|
| |
|
|
|
|
|
| |
Approved by: re (blanket)
Notes:
svn path=/head/; revision=255597
|
| |
|
|
| |
Notes:
svn path=/head/; revision=255243
|
| |
|
|
|
|
|
|
|
|
| |
Note that those who did installworld after r243752 should
remove wrongly created /var/dist and /var/remote.
Reviewed by: pjd
Notes:
svn path=/head/; revision=244770
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
auditdistd (distributed audit daemon) to the build:
- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.
The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.
Submitted by: pjd
Sponsored by: The FreeBSD Foundation (auditdistd)
Notes:
svn path=/head/; revision=243752
|
| |
|
|
| |
Notes:
svn path=/head/; revision=219820
|
| |
|
|
|
|
|
|
|
| |
RC script wants to save a pidfile for each interface.
MFC after: 2 weeks
Notes:
svn path=/head/; revision=212411
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
protocol flaw. [09:15]
Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]
Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]
Approved by: so (cperciva)
Security: FreeBSD-SA-09:15.ssl
Security: FreeBSD-SA-09:16.rtld
Security: FreeBSD-SA-09:17.freebsd-udpate
Notes:
svn path=/head/; revision=200054
|
| |
|
|
|
|
|
|
|
| |
repository.
Sponsored by: FreeBSD security development fundraiser
Notes:
svn path=/head/; revision=161748
|
| |
|
|
|
|
|
|
|
| |
delegated to non-administrators.
Obtained from: TrustedBSD Project
Notes:
svn path=/head/; revision=155345
|
| |
|
|
|
|
|
| |
Obtained from: TrustedBSD Project
Notes:
svn path=/head/; revision=155197
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fast, lightweight, and generally good way for users to keep their
ports trees up to date.
This is version 0.9.4 from the ports tree (sysutils/portsnap) with
the following changes:
1. The experimental pipelined http code is enabled. No seatbelts
in -CURRENT. (^_^)
2. The working directory has moved from /usr/local/portsnap to
/var/db/portsnap (as discussed on -arch two days ago).
3. Portsnap now fetches a list of mirrors (distributed as DNS SRV
records) and selects one randomly. This should help to avoid the
uneven loading which plagues the cvsup mirror network.
4. The license is now 2-clause BSD instead of 3-clause BSD.
5. Various incidental changes to make portsnap fit into the base
system's build mechanics.
X-MFC-After: 6.0-RELEASE
X-MFC-Before: 5.5-RELEASE
X-MFC-To: RELENG_6, RELENG_5, ports
discussed on: -arch and several other places
"yes please" from: simon, remko, flz, Diane Bruce
thinks this is a great idea: bsdimp
Hopes he didn't forget any files: cperciva
Notes:
svn path=/head/; revision=148871
|
| |
|
|
|
|
|
| |
Forgotten by: dougb
Notes:
svn path=/head/; revision=136552
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
by default when named is enabled. Also, improve our default directory
layout by creating /var/named/etc/namedb/{master|slave} directories,
and use the former for the generated localhost* files.
Rather than using pax to copy device entries, mount devfs in the
chroot directory.
There may be some corner cases where things need to be adjusted,
but overall this structure has been well tested on a production
network, and should serve the needs of the vast majority of users.
UPDATING has instructions on how to do the conversion for those
with existing configurations.
Notes:
svn path=/head/; revision=135875
|
| |
|
|
|
|
|
| |
ports that use the new OPTIONS infrastructure)
Notes:
svn path=/head/; revision=124753
|
| |
|
|
|
|
|
| |
Approved by: re (rwatson)
Notes:
svn path=/head/; revision=123051
|
| |
|
|
| |
Notes:
svn path=/head/; revision=106403
|
| |
|
|
|
|
|
| |
"utility-like" games and everyone's favourite, fortune(6).
Notes:
svn path=/head/; revision=105515
|
| |
|
|
|
|
|
|
| |
instead of the user immutable flag, now that mergemaster handles
schg directories in its /var/tmp/temproot.
Notes:
svn path=/head/; revision=98883
|
| |
|
|
|
|
|
|
| |
/var/empty, because it makes it difficult for mergemaster(8) to remove
/var/tmp/temproot/var.
Notes:
svn path=/head/; revision=98873
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
which needs an empty directory into which to chroot(2).
Hint to the operator that this directory really _should_ be empty
by creating it with mode 0555 and the system immutable flag (schg)
set.
Reviewed by: des
Notes:
svn path=/head/; revision=98772
|
| |
|
|
| |
Notes:
svn path=/head/; revision=98699
|
| |
|
|
|
|
|
|
|
|
|
| |
the creation of /var/spool/clientmqueue and therefore the need for the
smmsp user and group if NO_SENDMAIL is defined. This required breaking out
the creation of the directory into a new BSD.sendmail.dist mtree file.
MFC after: 1 week
Notes:
svn path=/head/; revision=95144
|
