Replace "ifconfig -ul" with "ifconfig -n" because netlink-enabled
/sbin/ifconfig utility has sub-optimal performance for listing.
Combined with the commit b1b17432aa,
these changes mostly eliminate performance regression of the command
"service devd start" for a system having hundreds of network interfaces
created before devd starts, after FreeBSD 14+ switched
/sbin/ifconfig to netlink(4)
PR: 287872
MFC-after: 2 weeks
At least nuageinit is broken after this commit, breaking some downstream
CI systems. It also disables globbing for rc.local scripts, which is
likely to break users in surprising ways.
This reverts commit 4deb9760a9.
Check for a "#" at the start of the line regardless whether it is its
own token or not. We avoid unecessary calls to rc.d/zpool.
Suggested by: ivy
Fixes: b6e33f0cd5
refactor nuageinit to allow a 3rd execution point during boot:
1. nuageinit is invoked before NETWORKING with a minimalistic network setup
for openstrack and potentially other network config setup. it tries
to configure everything which is not requiring any network.
2. nuageinit is invoked again post NETWORKING but pre SERVERS, in the
phase it does all that requires network, like dealing with packages.
Note that creating users have been moved to this phase to allow the
installation of shells like bash or zsh prior the creation of the
users, before that the user creation was failing if a non installed
shell was requested.
3. nuageinit will execute at the rc.local time all the specified scripts
and commands.
MFC After: 1 week
MIT KRB5 krb5kdc differs from the Heimdal kdc.
- The MIT kdc is named krb5kdc while the Heimdal one is named kdc.
- krb5kdc -d flag has a different meaning. krb5kdc -d specifies a
database name. While the Heimdal kdc uses the -d flag to daemonize
it. krb5kdc automaticially daemonizes itself unless the -n flag is
specified.
We do this by looking at the name of the kdc program to determine if
we assume it's a Heimdal kdc or the MIT krb5kdc.
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D50813
Legacy ZFS uses fstab to mount its datasets. In an attempt to fix
another problem 900bc02063 broke legacy ZFS in fstab(5). This
comit works around the problem by mountcritlocal scanning /etc/fstab
for zfs mountpoint and if any are found invoke /etc/rc.d/zpool start.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D50844
In cases where the `/boot` directory is mounted from a different disk,
`/boot/zfs/zpool.cache` will not be found during a `rc.d/zpool`
run. This is because `/etc/fstab` mounts are mounted in
`rc.d/mountcritlocal`, which currently runs AFTER (i.e. `REQUIRE:`)
`rc.d/zpool`.
This change swaps the `rcorder` of `rc.d/zpool`'s dependency on
`mountcritlocal` from `BEFORE:` to `REQUIRE:`. This will ensure that
`/boot` (or even `/etc/` in some configurations) to be visible while
searching for `zpool.cache`.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1614
Closes: https://github.com/freebsd/freebsd-src/pull/1614
Variables for command-line options like $foo_flags can contain characters
that perform pathname expansions, such as '[', ']', and '*'. They were
passed without escaping, and the matched entries in the working directory
affected the command-line options. This change turns off the expansion
when run_rc_command() is called.
While this changes the current behavior, an invocation of a service
program should not depend on entries in the working directory.
Differential Revision: https://reviews.freebsd.org/D45855
In official cloudinit, when a user_data file starts with '#!' it
should be execute late in the boot process. To respect this nuageinit
now copy the user_data script into a /var/cache/nuageinit/user_data if
found and a new "firsboot" rcscript anchored to the 'local' rc script is
responsible to execute it if found.
Note by doing this, we fix another issue we had with nuageinit, if the
cloudinit provider provides the user_data scriptout with the executable
permission, previous implementation was not working, like apparently
what Digital Ocean is doing.
PR: 287183
Reported by: olgeni@
These are no longer specific to iSCSI; always build them.
Reviewed by: kevans, jhb
Approved by: kevans (mentor)
Differential Revision: https://reviews.freebsd.org/D50625
If either INET or INET6 is not enabled in the kernel, then the jail(8)
options ip4=<new|inherit> resp. ip6=<new|inherit> are not available.
Detect this case and don't try to provide those options, otherwise
svcjs will not start.
Do this automatically (without a warning) so that net_basic, which
includes both netv4 and netv6, continues to work as expected.
If _svcj_ipaddrs is explicitly configured with an address for an IP
version not supported by the kernel, issue a warning but continue to
start the service. This can result in the service being started with
fewer addresses than expected, but never more.
Reviewed by: netchild, des
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D49976
This leaves the iscsi package for the iSCSI initiator, and the new
package provides the CAM target layer (including the iSCSI target).
Reviewed by: manu, des, jhb
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50287
This daemon has been removed; also remove things which reference it.
Reviewed by: manu, des, emaste
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50441
rc.subr uses sysrc(8) for the 'enable' and 'disable' commands, which
means the entire rc(8) stack depends on bsdconfig. Instead, provide a
minimal amount of rc.conf-editing functionality in rc.subr and use it to
implement these commands.
Reviewed by: des, bapt
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50325
"routing" enables the jail allow.routing permission, which allows the jail to
modify the system routing table. this can be used to run routing daemons
(e.g., BIRD) in a service jail.
Reviewed by: jamie, des
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D49844
These checks use ps(1) with both the '-p' and '-a' flags, which worked
so far as ps(1)'s '-a' option was buggy. Since the fix in commit
"ps(1): Make '-a' and '-A' always show all processes"
(93a94ce731), such a command-line always selects all processes,
making the specified '-p' useless and the test wrong. Remove the
useless '-a'.
While here, remove the redundant '-x', as '-p' implies '-x' by default.
MFC after: 1 day
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50201
rpc.statd is not technically specific to NFS, but NFS is the only thing
which has ever actually used it, so this is the most appropriate place
to put it.
Reviewed by: rmacklem, des, bapt, emaste
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50162
several rc.d scripts are installed by the FreeBSD-rc package, but they
don't work without their respective packages installed. move these rc
scripts into the appropriate packages so they're installed along with
the services they start.
this should be undisruptive to users since the scripts don't work
without those packages installed anyway. (for this reason, do not move
the Kerberos scripts, because the MIT Kerberos port uses the base rc.d
scripts.)
PR: 282324
Reviewed by: manu, des, bapt
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50137
<svc>_svcj_options="settime" enables the jail allow.settime privilege,
which allows to set and slew the system clock. this allows NTP daemons
to run in a service jail.
Reviewed by: jamie, kevans, des, #jails, #manpages
Approved by: kevans (mentor)
Differential Revision: https://reviews.freebsd.org/D49845
setting ${svc}_svcj_ipaddrs to a list of IP addresses causes rc.subr to
set ip6.addr and/or ip4.addr when starting the jail, restricting it to
those IP addresses rather than inheriting all IP addresses.
for example:
inetd_enable=YES
inetd_svcj=YES
inetd_svcj_options="net_basic"
inetd_svcj_ipaddrs="::1 127.0.0.1 2001:db8::1"
if not specified, the default value is unchanged (inherit all addresses
if networking is enabled).
Reviewed by: netchild
Add wlan_gcmp as a module to check for before starting hostapd/wpa_supplicant.
Differential Revision: https://reviews.freebsd.org/D49344
Reviewed by: bz, cy
This check was in place to aid the transition from sendmail pre-8.10.
8.10 was released in 2000. It's not possible to upgrade directly from
such as system (Freebsd 3?) to FreeBSD 15 so we can drop this.
Reviewed by: gshapiro, jhb
Differential Revision: https://reviews.freebsd.org/D49308
Using the ntpd -u option to set the credentials ntpd is to run under
while still using rc(8) to invoke causes some FreeBSD installs to fail
to load mac_ntp. The fact that that can_run_nonroot() does not
indicate why failures occur leaves people on the mailing lists
guessing as to why there are failures. Let's revert back to using
the rc(8) provided su. The ntpd rc script will be rewritten when
the ntpd chroot will be implemented.
Reported on: freebsd-stable@
MFC after: immediately
This reverts commit 521f66715a.
Clean up style and make more consistent.
Replace test with if-then-else to make the script more legible.
Replace the call to dirname with the shell %/* operator avoiding a
fork & exec.
Reorder the test for $var_run_autosave before the test for /var/run on
tmpfs. This avoids gratuitously scanning the mount table for a tmpfs
/var/run.
Initial concept by and in discussion with:
Harry Schmalzbauer <freebsd@omnilan.de>
No functional change intended.
MFC after: 2 weeks
Differnential revision: https://reviews.freebsd.org/D47773
Using the rc plumbing to setuid(2) is preferred as it allows the user
to use the -i option in ntpd_flags to chroot ntpd.
Chrooting ntpd by default will be a 2025 project.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D48191
Since we now have sdot, use it to get RC_LEVEL from rc.conf.d/rc_trace
also avoid logging execution of ':' when RC_LEVEL > 0
Reviewed by: stevek
Differential Revision: https://reviews.freebsd.org/D48856
Drivers, including those that support SR-IOV, can be loaded via kld_list
and it makes sense to process iovctl configuration files afer all
drivers have been loaded.
MFC after: 1 week
Sponsored by: Chelsio Communications
Reviewed by: 0mp, jhb
Differential Revision: https://reviews.freebsd.org/D47937
This reverts commit 2d17f44a5a. It hangs
the boot. It turns out I installed my test on the wrong machine and
rebooted the other one...
Sponsored by: Netflix
chkerr() ignores the exit code of a preceding mount command in case a
file ```remount_optional``` exists. The check is performed and a
subshell is launched to log the informational message and return. The
return is executed in the context of the subshell, not the context of
the chkerr() function, hence is a NOP. The remount_optional check is
hence ineffective.
Change the code to if/then/fi, so the return is evaluated in the context
of the chkerr function, to make the check effective.
Reviewed by: imp, emaste
Pull Request: https://github.com/freebsd/freebsd-src/pull/1497
Safe mode may be enabled because of some problem discovered with a kmod,
thus wanting to avoid devmatch. Honor it and let the user deal with
the fallout of not autoloading modules. We've at least made it to
userland and the user demonstrably has a local console as they selected
safe mode in the first place, so this shouldn't be fatal if we don't,
e.g., load a necessary NIC driver.
The sendmail startup script can run 4 daemons: sendmail, sendmail_submit,
sendmail_outbound, and sendmail_msp_queue. Of the first 3 at most one
can be enabled. There's a run_rc_command call for each and the ones for
sendmail and sendmail_msp_queue run unconditionally. For some rc
commands this triggers warnings or errors when sendmail_enable="NO" or
sendmail_msp_queue_enable="NO". Since d2e7bb630b these errors are
propagated and the whole script fails.
Fix this by first determining which daemons are enabled, setting ${name}
and ${rcvar} accordingly, and then always calling run_rc_command
conditionally.
Also replace ${name}.cf with sendmail.cf because ${name} isn't always
sendmail.
PR: 282585
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D47757
