This adds a metadata variable, require.kmods, and corresponding functions
or methods in C, C++, and shell, which allow a test to specify that it
requires particular kernel modules to run. If the kernel modules are not
present, the test is skipped. One might want to consider a kyua option
which makes it attempt to load the modules instead.
Differential Revision: https://reviews.freebsd.org/D47470
(cherry picked from commit 83a1ee578c9d1ab7013e997289c7cd470c0e6902)
Reload is used for service reconfiguration as well
and lacks a NAME_prepend-like mechanism so it makes
sense to extend the NAME_reload hook into this
action.
precmd may use configuration checks and blocks setup
from doing its designated work (e.g. nginx). In moving
the invoke of the setup script in front allows us to
provide custom scripts for config file generation and
fixing prior to precmd checking configuration integrity.
Also introduce _run_rc_setup to separate the launcher
from the main one. Let it run correctly in the case
of restart_precmd and block further execution as
would be the case in start due to the internal plumbing
of restart being split into calling stop and start
afterwards.
PR: https://reviews.freebsd.org/D36259
These checks use ps(1) with both the '-p' and '-a' flags, which worked
so far as ps(1)'s '-a' option was buggy. Since the fix in commit
"ps(1): Make '-a' and '-A' always show all processes"
(93a94ce731a89b56), such a command-line always selects all processes,
making the specified '-p' useless and the test wrong. Remove the
useless '-a'.
While here, remove the redundant '-x', as '-p' implies '-x' by default.
MFC after: 1 day
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50201
(cherry picked from commit 646375408742dd5ed9abb174a621a3f8f65a56ef)
(cherry picked from commit a69fe62604021f120206e4064ca7463195aeb3a0)
Approved by: re (cperciva)
Add support for chpasswd, with all possible syntaxes, including
deprecated one: chpasswd.list as a list or as a multiline string
as some providers are still only providing this deprecated form
Approved by: re (cperciva)
Sponsored by: OVHCloud
MFC After: 1 week
Reviewed by: kevans, jlduran
Differential Revision: https://reviews.freebsd.org/D50021
(cherry picked from commit c201a1198ad70e7d096ee32c364d539eed2dfec4)
(cherry picked from commit 6c912470030ba958f2e41a00b44f6430919b1389)
ssh_pwauth sets the value in sshd_config for the password authentication
This implementation tries to avoid touching the file if cloudinit
request for what is already the default value.
MFC After: 3 days
Sponsored by: OVHCloud
Reviewed by: kevans, jlduran
Differential Revision: https://reviews.freebsd.org/D49875
(cherry picked from commit f85d08682782f7ef49aecf2edacd81184561de87)
Using the ntpd -u option to set the credentials ntpd is to run under
while still using rc(8) to invoke causes some FreeBSD installs to fail
to load mac_ntp. The fact that that can_run_nonroot() does not
indicate why failures occur leaves people on the mailing lists
guessing as to why there are failures. Let's revert back to using
the rc(8) provided su. The ntpd rc script will be rewritten when
the ntpd chroot will be implemented.
Reported on: freebsd-stable@
This reverts commit 521f66715afb312b356afafc68cbc044a436a753.
(cherry picked from commit 5ca7754519e8c618968d8acbf54d653b6e968829)
Clean up style and make more consistent.
Replace test with if-then-else to make the script more legible.
Replace the call to dirname with the shell %/* operator avoiding a
fork & exec.
Reorder the test for $var_run_autosave before the test for /var/run on
tmpfs. This avoids gratuitously scanning the mount table for a tmpfs
/var/run.
Initial concept by and in discussion with:
Harry Schmalzbauer <freebsd@omnilan.de>
No functional change intended.
Differnential revision: https://reviews.freebsd.org/D47773
(cherry picked from commit ed9712f8943573136fa92a0e61c8e7c10952eeb0)
Using the rc plumbing to setuid(2) is preferred as it allows the user
to use the -i option in ntpd_flags to chroot ntpd.
Chrooting ntpd by default will be a 2025 project.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D48191
(cherry picked from commit 521f66715afb312b356afafc68cbc044a436a753)
Drivers, including those that support SR-IOV, can be loaded via kld_list
and it makes sense to process iovctl configuration files afer all
drivers have been loaded.
Sponsored by: Chelsio Communications
Reviewed by: 0mp, jhb
Differential Revision: https://reviews.freebsd.org/D47937
(cherry picked from commit 41594021fa8bf02468407e8fc48c2e7a13de1a2f)
using echo in a sh(1) command line, requires many escaping to be done
right, using io.popen we don't need to do this escaping anymore.
(cherry picked from commit 3e502866073f8d922eecb9016920a56b90c35e38)
The sendmail startup script can run 4 daemons: sendmail, sendmail_submit,
sendmail_outbound, and sendmail_msp_queue. Of the first 3 at most one
can be enabled. There's a run_rc_command call for each and the ones for
sendmail and sendmail_msp_queue run unconditionally. For some rc
commands this triggers warnings or errors when sendmail_enable="NO" or
sendmail_msp_queue_enable="NO". Since d2e7bb630b83 these errors are
propagated and the whole script fails.
Fix this by first determining which daemons are enabled, setting ${name}
and ${rcvar} accordingly, and then always calling run_rc_command
conditionally.
Also replace ${name}.cf with sendmail.cf because ${name} isn't always
sendmail.
PR: 282585
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D47757
(cherry picked from commit 6b17d944a1d448dbb797c5fa5b0778242ba02e52)
It's good to reduce privilege as early as possible.
Suggested by: jlduran
Reviewed by: jlduran
Obtained from: NetBSD
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47869
(cherry picked from commit 91629228e3df14997df12ffc6e7be6b9964e5463)
Just return from jkfprintf if either (a) user lookup fails (that is,
getpwnam fails) or (b) setuid() to the user's uid fails. If comsat is
invoked from inetd using the default of tty:tty we will now return due
to setuid() failing rather than fopen() failing.
PR: 270404
Reviewed by: kevans
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47823
(cherry picked from commit 062b69ba045dc0fef3d9b8d73365d2798c05a480)
Other atf components are guarded by WITH_TESTS_SUPPORT already.
WITH_TESTS is for actual tests.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47660
(cherry picked from commit 43e045c1733d50fad79f3a53e05140b8dc0d7fa6)
Some sanitizers need to be able to use dl_iterate_phdr() after stopping
the rest of the process, but it's very hard to do so reliably as a
non-participant in the main logic of the program.
Introduce _dl_iterate_phdr_locked to bypass the locking that's normally
required for dl_iterate_phdr() and slap some scary warning on it. It
will remain undocumented and probably shouldn't be used for anything
else.
Reviewed by: kib
(cherry picked from commit 1426fd6cff0603f0ee275b99f2ba35dc36f3d0c2)
net/frr[89] revealed an interesting edge-case on arm when dynamically
linking a shared library that declares more than one static TLS variable
with at least one using the "initial-exec" TLS model. In the case
of frr[89], this library was libfrr.so which essentially does the
following:
#include <stdio.h>
#include "lib.h"
static __thread int *a
__attribute__((tls_model("initial-exec")));
void lib_test()
{
static __thread int b = -1;
printf("&a = %p\n", &a);
printf(" a = %p\n", a);
printf("\n");
printf("&b = %p\n", &b);
printf(" b = %d\n", b);
}
Allocates a file scoped `static __thread` pointer with
tls_model("initial-exec") and later a block scoped TLS int. Notice in
the above minimal reproducer, `b == -1`. The relocation process does
the wrong thing and ends up pointing both `a` and `b` at the same place
in memory.
The output of the above in the broken state is:
&a = 0x4009c018
a = 0xffffffff
&b = 0x4009c018
b = -1
With the patch applied, the output becomes:
&a = 0x4009c01c
a = 0x0
&b = 0x4009c018
b = -1
Reviewed by: kib
Approved by: kp (mentor)
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42415/
(cherry picked from commit 98fd69f0090da73d9d0451bd769d7752468284c6)
The tftpd tests all follow the same pattern:
1. open a UDP socket,
2. fork a child to exec tftpd, which subsequently handles requests on
the socket,
3. use a client socket to send some message to the tftpd daemon.
However, tftpd's first action is to mark its socket as non-blocking and
then read a request from it. If no data is present in the socket, tftpd
exits immediately with an error. So, there is a race; we often see
tftpd test timeouts when running tests in parallel. These timeouts also
arise periodically in CI runs.
One solution is to restructure each test to create the server socket,
then write the request to the client socket, then fork tftpd. This
closes the race. However, this involves a lot of churn.
This patch fixes the problem a different way, by adding a new -b flag to
tftpd which makes it block to read the initial request. Each test is
modified to use -b, closing the race.
Reviewed by: imp, asomers
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D47404
(cherry picked from commit 79c342aaf86feb4efbd15383f54e4fe7bdc9da7b)
There is no easy way to set ipfilter optionlist variables during boot.
Add plumbing to the rc script to support this.
PR: 130555
Reviewed by: jlduran
Differential Revision: https://reviews.freebsd.org/D47346
(cherry picked from commit 8d6feaaaa26f444abb209360e52b993e39cb81bb)
It was originally /usr/src/contrib/ipfilter/rules and moved to
/usr/src/share/examples/ipfilter/rules in 41edb306f0.
Point to users to /usr/src/share/examples/ipfilter instead, as the base
directory also contains example rules.
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47392
(cherry picked from commit 8934526be1843ba033e1423f6ecd8b3b3f2a9c23)
Some kernel modules will print informative messages when they are
loaded, making the output confusing. Print everything up front instead.
Fixes: 152382e6613d ("rc.d/kld: Print the kernel modules being loaded")
(cherry picked from commit 3e55170e0fa2695f6d662e3ab67201138a6f8698)
Add naive support for openstack network config.
if no config driver have been found, try to detect that we are running a
VM on openstack via the smbios information, use the first iface
available and temporary activate dhcp on it, to be able to fetch the
necessary informations for cloudinit.
While here make the rc script execute after devmatch, some ethernet
device might be attached via devmatch and may be needed for cloudinit.
Tested on OVHCloud Public Cloud.
MFC after: 3 weeks
Sponsored by: OVHCloud
(cherry picked from commit 2775b9b0bcc278dd4183b57784953c26a3fcdc89)
These were reported by `mandoc -T lint ...` as warnings.
Signed-off-by: Graham Percival <gperciva@tarsnap.com>
Reviewed by: mhorne
MFC after: 3 days
Sponsored by: Tarsnap Backup Inc.
Pull Request: https://github.com/freebsd/freebsd-src/pull/1475
(cherry picked from commit b74aaa1a2199261f9078247d29481a994b6b5e42)
If you have a mail server that is running sendmail daemon
(sendmail_enable=YES) and sendmail queue runner (sendmail_msp_queue=YES)
and the sendmail daemon dies, /etc/rc.d/sendmail status does see the
daemon is not running but returns 0 as the exit code. This prevents
other programs (like puppet) from restarting sendmail to fix the issue.
Make sure that the exit code is propagated towards the end of the script
if any of the sendmail services fail.
This patch does not call exit directly but instead just sets the exit
status code by calling exit in a subshell. This way we do not exit the
current shell in case the service script is sourced (e.g., when
rc_fast_and_loose is active).
PR: 223132
MFC after: 2 weeks
Reported by: pirzyk
Discussed with: jilles, eugen
Reviewed by: christos, gshapiro (previous version), markj
Approved by: christos (mentor), markj (mentor)
Differential Revision: https://reviews.freebsd.org/D46862
Co-authored-by: Jim Pirzyk <pirzyk@FreeBSD.org>
(cherry picked from commit d2e7bb630b83848a774d8213014a9e0747775019)
The sendmail service script needs to be stopped during shutdown
to ensure a clean shutdown of active SMTP connections (and writing
any in memory queue files).
rcorder(8) requires the rcorder block to be an uninterrupted sequence of
REQUIRE, PROVIDE, BEFORE, and KEYWORD lines. Having a comment in between
REQUIRE and KEYWORD makes rcorder stop parsing the block when it reaches
the comment.
Fix that by moving the comment out from the rcorder block.
Reviewed by: bnovkov, christos, gshapiro, markj
Approved by: bnovkov (mentor), christos (mentor), markj (mentor)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D46924
(cherry picked from commit 8751fbe36ff02ed695f02132ee6eac723d2bbe3f)
- Export NUAGE_FAKE_ROOTDIR only once
- Use the header section of the test to require the root user
- Use the PWD environment variable
- Set the root/sys shell as /bin/sh
- Use RFC 5737 reserved IP addresses
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
(cherry picked from commit e72457c4f5166eef2a27249e02f3c1e9a1cf852d)
