Previously it depended on sysctl, which itself has no dependencies,
so rcorder(8) had a bit too much flexibility when choosing when to run
it. Make sure it runs just between 'fsck' and 'root'.
Reviewed By: jmg, imp
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D29748
(cherry picked from commit b68e656922)
Currently, if the linux service is run twice, mount(8) fails with:
mount: linprocfs: Device busy
mount: linsysfs: Device busy
mount: devfs: Device busy
mount: fdescfs: Device busy
mount: tmpfs: Device busy
It is a bit more user-friendly if before running mount(8) the service
checks if there are any file systems left to be mounted. This patch
implements this behavior.
Also, while here, create mount points directories (as suggested by
otis).
Reviewed by: trasz
Approved by: trasz (src)
Differential Revision: https://reviews.freebsd.org/D32463
(cherry picked from commit 5690261858)
Arno Tuber reported via email that he needed to restart the gssd daemon
after booting, to get his Kerberized NFS mount to work.
Without this patch, rcorder shows that the gssd starts before NETWORKING
and kdc. The gssd will need NETWORKING to connect to the KDC and, if
the kdc is running on the same system, it does not make sense to start it
before the kdc. This fixed the problem for Arno.
While here, I also added a "# BEFORE: mountcritremote".
It does not affect ordering at this time, but I felt
it should be added, since the gssd needs to be running
when remote NFS mounts are done.
PR: 261939
(cherry picked from commit 0f5e9425e7)
This addresses the following boot message:
/etc/rc: WARNING: $zfskeys_enable is not set properly - see rc.conf(5).
Reported by: Mark Millard
Sponsored by: Modirum MDPay
Sponsored by: Klara Inc.
Fixes: bfb7a31b6a ("rc: Hook zfskeys to the build")
Fixes: 33ff39796f ("Add zfskeys rc.d script for auto-loading encryption keys")
(cherry picked from commit 6596f19daa)
This removes a minor annoyance with Linux jails, where you often
want linux_mounts_enable="NO", yet you want those filesystems
available for mounting in jails; normally mount(8) would result
in kernel automatically loading the KLD, but this doesn't work
inside jails or chroots.
PR: 242955
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D29725
(cherry picked from commit 45aec46246)
Support loading a default pf ruleset in case of invalid pf.conf.
If no pf rules are loaded pf will pass/allow all traffic, assuming the
kernel is compiled without PF_DEFAULT_TO_DROP, as is the case in
GENERIC.
In other words: if there's a typo in the main pf_rules we would allow
all traffic. The new default rules minimise the impact of this.
If $pf_program (i.e. pfctl) fails to set $pf_fules and
$pf_fallback_rules_enable is YES we will load $pf_fallback_rules_file if
set, or $pf_fallback_rules.
$pf_fallback_rules can include multiple rules, for example to permit
traffic on a management interface.
$pf_fallback_rules_enable defaults to "NO", preserving historic behaviour.
man page changes by ceri@.
PR: 256410
Reviewed by: donner, kp
Sponsored by: semaphor.dk
Differential Revision: https://reviews.freebsd.org/D30791
(cherry picked from commit 28f47a199c)
When a use sets umask in login.conf(5) to 027 or 077 a subsequently
fetched /var/db/ntpd.leap-seconds.list will inherit the permissions
allowed by the umask, resulting in a file that may not be readable
ntpd running under the ntp account. This patch adds a umask command
to preempt the umask in login.conf(5) prior to fetching a new copy
of the leap-seconds file.
PR: 261298
Reported by: Martin Waschbusch <martin@waschbuesch.de>
(cherry picked from commit c6806434e7)
This fixes a problem where ctld(8) would refuse to start on boot
with a specific IP address to listen on configured in ctl.conf(5).
It also fixes a problem where ctld(8) would fail to start with
some network interfaces which require a sysctl.conf(5) tweak
to configure them, eg to switch them from InfiniBand to IP mode.
PR: 232397
(cherry picked from commit 015351de04)
In network6_getladdr() we are iterating over inet6 lines and are not
interested in any others. So tell ifconfig to limit output to "inet6"
as much as possible.
This is probably a micro-optimisation but was noticed while looking
at other IPv6-related boot-time improvements.
(cherry picked from commit e448ff6f0e)
Like wpa_supplicant, hostapd does not automatically UP the interface
when configured. The fix is similar to 5fcdc19a81.
Reported by: avg
Tested by: avg
(cherry picked from commit 0da2c91e64)
This disables the random (between zero and one seconds) delay before
rtsol and rtsold send a a Router Solicitation packet. This delay is
specified as a SHOULD by RFC 4861 for avoidance of network congestion,
but network speeds have increased enough in the 25 years since this
first appeared (in RFC 1970) that it seems unnecessary as a default
at this point.
This speeds up the FreeBSD boot process by an average of 500 ms.
Reviewed by: kp
Relnotes: yes
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D33089
(cherry picked from commit e29711da23)
Variables must be quoted if they contain non-alphanumeric characters.
Warner noted in the review that the lack of quoting causing problems
here is rather an edge case. I believe that it's worth adding the quotes
here anyway because this is what the specification says and there is no
good reason not to follow it.
Reviewed by: imp
Approved by: imp (src)
MFC after: 7 days
(cherry picked from commit 169e06fa78)
Since vfs.nfsd.srvmaxio can only be set when nfsd.ko
is loaded, but nfsd is not running, setting it in
/etc/sysctl.conf is not feasible when "options NFSD"
was not specified for the kernel.
This patch adds a new rc variable nfs_server_maxio,
which sets vfs.nfsd.srvmaxio at the correct time.
rc.conf.5 will be patched separately.
(cherry picked from commit 5509bad74e)
Both rctl and used xargs utility live in /usr/bin
so add REQUIRE: FILESYSTEMS
Reported by: Peter <pmc@citylink.dinoex.sub.org>
(cherry picked from commit 0c54fe172a)
5fcdc19a81 didn't fully resolve the issue. There remains a report
that an ifconfig wlan0 up by itself is insufficient. Ifconfig down
must precede it.
Reported by: Filipe da Silva Santos <contact _ shiori_com_br>
Fixes: 5fcdc19a81
(cherry picked from commit d06d7eb091)
Some installations may experience CTRL-EVENT-SCAN-FAILED when
associating to an AP. Installations that specify
ifconfig_wlan0="WPA ... up" in rc.conf do not experience
the problem whereas those which specify ifconfig_wlan0="WPA" without
the "up" will experience CTRL-EVENT-SCAN_FAILED.
However those that specify "up" in ifconfig_wlan0 will be able to
reproduce this problem by service netif stop wlan0;
service netif start wlan0. Interestingly The service netif stop/start
problem is reproducible on the older wpa 2.9 as well.
Reported by: dhw
Reported by: "Oleg V. Nauman" <oleg _ theweb_org_ua>
Reported by: Filipe da Silva Santos <contact _ shiori_com_br>
Reported by: Jakob Alvermark <jakob _ alvermark_net>
(cherry picked from commit 5fcdc19a81)
Jails with jails is a supported. This change allows the script to run
upon startup with a jail. Without this, jails are not automatically
started within jails.
(cherry picked from commit 35cf9fecbd)
ZFS in 13 supports encryption, but for the use case where keys are
available in plaintext on disk there is no mechanism for automatically
loading keys on startup.
This script will, by default, look for any dataset with encryption and
keylocation prefixed with file://. It will attempt to unlock, timing
out after 10 seconds for each dataset found.
User can optionally specify explicitly which datasets to attempt to
unlock.
Also supports (optionally by force) unmounting filesystems and unloading
associated keys.
Sponsored by: Modirum
Differential Revision: https://reviews.freebsd.org/D30015
(cherry picked from commit 33ff39796f)
Previously it would try to load linux.ko instead of linux64.ko
and fail. While here, don't try to match 'linuxaout'; even if
implemented, it's the same module as `linuxelf`.
Reviewed By: emaste
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D29288
(cherry picked from commit e026f4243c)
devmatch rc script would announce it was loading a module multiple
times. It used kldload -n so it really wasn't loading it that many
times, but the message is confusing. Use kldstat to see if we need to
load the module before saying we do. This fixes the vast majority of the
problems. It may be possible to race devmatch with a user invocation and
devd, though quite hard. In that case we'll announce things twice, but
still only load it once. No attempt is made to fix this.
PR: 232782
MFC After: 2 weeks
Sponsored by: Netflix
(cherry picked from commit 5549c6a62f)
We document that we did not need .ko on the module names in
devmatch_blocklist, but we really needed them. Keep the documentation
the same, but strip the .ko when we need to use the names so you can
specify either.
PR: 256240
MFC After: 2 weeks
Sponsored by: Netflix
(cherry picked from commit b29ebb9c65)
devmatch loads a number of things automatically. Allow the list of
things to load to happen first in case those drivers affect what would
be loaded. Normally, this will produce the same results, but there's
some special cases that may not when drivers are loaded that report
other drivers missing, like virtio_pci.
PR: 253287
Reviewed by: imp
MFC After: 2 weeks
(cherry picked from commit f68e3ea831)
Currently ipfw has multiple components that are not parts
of GENERIC kernel like dummynet etc. They can bring in important
sysctls if enabled with rc.conf(5) and loaded with ipfw startup script
by means of "required_modules" after initial consult
with /etc/sysctl.conf at boot time. Here is an example of one
increasing limit for dummynet hold queues that defaults to 100:
net.inet.ip.dummynet.pipe_slot_limit=1000
This makes it possible to use ipfw/dummynet rules such as:
ipfw pipe 1 config bw 50Mbit/s queue 1000
Such rule is rejected unless above sysctl is applied.
Another example is a group of net.inet.ip.alias.* sysctls
created after libalias.ko loaded as dependency of ipfw_nat.
This is not a problem if corresponding code compiled in custom kernel
so sysctls exist when sysctl.conf is read early or kernel modules
loaded with a loader. This change makes it work also for GENERIC
and modules loaded by means of rc.conf(5) settings.
(cherry picked from commit f5b5de1a32)
/etc/rc.d/securelevel is supposed to run /etc/rc.d/sysctl lastload
late at boot time to apply /etc/sysctl.conf settings that fail
to apply early. However, this does not work in default configuration
because of kern_securelevel_enable="NO" by default.
Add new script /etc/rc.d/sysctl_lastload that starts unconditionally.
Reported by: Marek Zarychta
(cherry picked from commit f4b38c360e)
Accept the old rc.conf variable if the new one is not present for
compatability.
Approved by: imp
Differential Revision: https://reviews.freebsd.org/D30806
(cherry picked from commit c43b0081fa)
Once the ipfw0 interface has been created, ifconfig(8) create will
throw a warning: "ifconfig: create: bad value" when trying to create
it again.
PR: 241013
Submitted by: Jose Luis Duran
Approved by: kp
Differential Revision: https://reviews.freebsd.org/D30083
(cherry picked from commit 5c4fe2ac81)
Daniel reported that NFSv4 mounts were not working despite having
set "nfsv4_server_enable=YES" in /etc/rc.conf. Mountd was logging a
message that there was no /etc/exports file.
He noted that creating a /etc/exports file with a "V4:" line in it
was needed make NFSv4 mounts work.
At least one "V4:" line in one of the exports(5) file(s) is needed to
make NFSv4 mounts work. This patch fixes mountd.c so that it logs a
message indicting that there is no "V4:" line in any exports(5)
file when NFSv4 mounts are enabled.
To avoid this message being generated erroneously, /etc/rc.d/mountd
is updated to make sure vfs.nfsd.server_max_nfsvers is properly set
before mountd(8) is started.
PR: 253901
(cherry picked from commit 09673fc0f3)
auditd creates a pidfile so we should use it for status checks.
This also seems to speed up the frequent onestatus checks used in
tests/sys/audit.
Reviewed By: asomers
Differential Revision: https://reviews.freebsd.org/D28389
(cherry picked from commit bcc5b24456)
Fix e40787f900 to make libexec/rc/rc.d/linux retrieve the sysctl
after loading the kernel module which provides it, not before.
Reported By: jkim
Sponsored By: The FreeBSD Foundation
(cherry picked from commit 07cac176fb)
In /etc/rc.d/linux the mounting paths of procfs, sysfs and devfs
are hardcoded to "/compat/linux". Switching to the content of
compat.linux.emul_path sysctl would allow to switch linuxulator
to different place.
Submitted by: freebsdnewbie_freenet.de
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D27807
(cherry picked from commit e40787f900)
- Upgrading from older FreeBSD versions can result in errors
- /var/run can be a tmpfs, and this should be handled correctly
Approved by: markj
Differential: https://reviews.freebsd.org/D28843
MFC after: 2 weeks
In order to reduce the pre-requisites of this file, implement the
pattern matching and creation of a temporary test directory without
use of grep respectively mktemp.
The new version makes it possible to provide a writable /tmp in any
case and independently of other local or remote file systems (except /
and /dev) being mounted.
The use of "dd if=/dev/random" has the same dependency on /dev/random
being operational as the previous version that used "mktemp". If this
is found to be an issue on platforms that do not have gathered
sufficient entropy at the time when this scriot is run, I suggest to
replace the "dd" command with "ps lauxww" to get a somewhat random
test directory name.
Approved by: rgrimes, glebius, cy
MFC after: 4 weeks
Differential Revision: https://reviews.freebsd.org/D28209
depend on FILESYSTEMS run mktemp(1). For systems that have read-only
root this is broken until memory disk based /tmp is instantiated. At
least 'os-release' and 'motd' are subject to this problem.
Reviewed by: ngie
Differential Revision: https://reviews.freebsd.org/D28097
remote filesystems. Discussed this with Brooks and he can't find
evidence that provoked the change in 2005. If anything gets broken
I will fix it in a different way, not via rc sequence change.
Discussed with: brooks
Reviewed by: ngie
Differential Revision: https://reviews.freebsd.org/D28097
the following warning printed at boot time:
rcorder: requirement `ipfs' in file `/etc/rc.d/netif' has no providers.
Close that using BEFORE rather than REQUIRE for writing down
dependencies of optional components.
Although it is not often needed, the nfscbd(8) should be running when
NFSv4 mounts are done if callback functionality is required.
Callback functionality is required for the NFSv4 server to issue
delegations or pNFS layouts.
This patch adds nfscbd to the mountcritremote's REQUIRED line
to ensure it is started before NFS mounts specified in /etc/fstab
are done.
Reviewed by: 0mp
Differential Revision: https://reviews.freebsd.org/D27506
r366857 created a number of problems, tearing down interfaces too
early in shutdown. This resulted in:
- hung ssh sessions when shutting down or rebooting remotely using
shutdown (I've used exec shutdown, for years, as apposed to simply
shutdown).
- NFS mounted filesystems "disappear" prior to unmount.
- dhclient attached to a VLAN on an interface who's parent interface
has already shut down prints errors.
The path forward is to teach lagg(4) and vlan(4) about WOL.
PR: 251531, 251540
PR: 158734, 109980 are broken again
Reported by: jhb, emaste, jtl, Helge Oldach<freebsd_oldach.net>
Martin Birgmeier <d8zNeCFG_aon.at>
MFC after: Immediately
Discussion at: https://reviews.freebsd.org/D27459
