If the ZFS key is setup in prompt mode, use zfs to prompt to load the key
during boot to unlock it.
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D36081
Allow Debug{On,Off} to run associated hooks.
This makes it feasible to collect extra debug info at runtime
without needing to modify any potentially verified and hence immutable
scripts.
Like debug.sh, hooks.sh is extremely handy and used extensively
in many parts of Junos and its build environment.
It is provided here in the hope that others may benefit.
We do not dot hooks.sh by default to reduce overhead, but it can
but done from rc.conf et al using
$_HOOKS_SH . /libexec/hooks.sh
to avoid including more than once.
Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D46552
Ensure that run_rc_script returns the true return code of the
rc command and not the return code of DebugOff
Reviewed by: sjg
Approved by: kp
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46626
As of 1b5be7204e we setup parts of IPv6
before IPv4 if configured. For consistency change a case in ifn_start()
calling ipv6_up() before ipv4_up() and reverse in ifn_stop().
MFC after: 10 days
Reviewed by: zlei
Differential Revision: https://reviews.freebsd.org/D33426
As with various other rc scripts, we don't want the output from this
being visible in the boot log.
Fixes: 6437872c1d ("New sysctl to disable NOMATCH until devmatch runs")
MFC after: 1 week
Since we are being paranoid, check that each arg to safe_dot is
actually a file as well as non-empty.
Check for white-space in filenames - these require special handling.
Introduce a new rc.conf option to not wait for ARP resolution within
dhclient. This is plausible on many modern networks where it is possible
to trust the DHCP server to know whether an IP address is available.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
We only need to check kenv for DEBUG_SH once.
We also need to export DEBUG_SH to be useful.
Sponsored by: Juniper Networks, Inc.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D46219
11da791920 switched Leap-seconds source from IANA to IERS, as IERS
is the canonoical source. The problem ist that IERS is not accessible
from IPv6 only networks. To work around this we must add IANA back in
order to provide IPv6-only users a source for leap-seconds fetch.
PR: 279413
Fixes: 11da791920
MFC after: 3 days
Add some sanity checks when service jails are used in jails:
- children.max > 0
- children.max - children.cur > 0
The nesting is too deep at those places to have a sane formatting, so no
line wrapping at the usual column.
If someone has a better idea how to format this: feel free to go ahead.
Clarify that the "sysvipc" svcj option inherits from the host / parent.
Add "sysvipcnew" which creates a new SysV namespace for the service
jail.
Sanity check that only one of them is used.
New variable ${name}_offcmd may be used to supply commands
executed if named service is not enabled. Previously start_precmd
could be used for such a task but now rc.subr(8) does not call it
if a service is not enabled.
Fix devd startup script to use it instead of start_precmd.
PR: 279198
MFC after: 2 weeks
Reported by: Dmitry S. Lukhtionov
Tested by: Dmitry S. Lukhtionov
At the moment, if bootrace profiling is enabled, autoboot is not
exported to the rc scripts. This causes fsck to not check the root
filesystem. To fix this, pass _boot, rc_fast and autoboot to the
boottrace process to mimic what diretly sourcing the rc.d scripts.
PR: 278993
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1261
Reload is used for service reconfiguration as well
and lacks a NAME_prepend-like mechanism so it makes
sense to extend the NAME_reload hook into this
action.
precmd may use configuration checks and blocks setup
from doing its designated work (e.g. nginx). In moving
the invoke of the setup script in front allows us to
provide custom scripts for config file generation and
fixing prior to precmd checking configuration integrity.
Also introduce _run_rc_setup to separate the launcher
from the main one. Let it run correctly in the case
of restart_precmd and block further execution as
would be the case in start due to the internal plumbing
of restart being split into calling stop and start
afterwards.
Differential-Revsiion: https://reviews.freebsd.org/D36259
Signed-off-by: Franco Fichtner <franco@opnsense.org>
Reviewed by: imp, oshogbo
Pull Request: https://github.com/freebsd/freebsd-src/pull/1258
This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.
The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.
The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.
Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision: https://reviews.freebsd.org/D40371
This takes a rc.d-service and starts it in a jail which shares the same
root-path as the host (or parent jail) and may inherit the network from
the host (or parent jail). Per service there is the possibility to
specify some arguments which give more permissions (e.g. netv4, netv6,
sysvipc...).
Reviewed by: bcr (man page)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D40370
Introduce hw.bus.devctl_nomatch_enabled and use it to suppress NOMATCH
until devmatch runs
There's a lot of NOMATCH events generated at boot. We also run devmatch
once during early boot to load unmatched devices. To avoid redundant
work, don't start generating NOMATCH events until after devmatch runs.
Set hw.bus.devctl_nomatch_enabled=1 just before we run devmatch. The
kernel will suppress NOMATCH events until this is set to true.
This saves about 170ms from the boot on aarch64 running atop Apple
M-series processors and the VMWare Fusion hypervisor.
Reviewed by: imp, cperciva
MFC after: 3 days
Sponsored by: Google Summer of Code
Pull Request: https://github.com/freebsd/freebsd-src/pull/1213
Move auditing runtime (auditd, etc.) into the new FreeBSD-audit package.
Also move the runtime OpenBSM manual pages from libbsm into auditd so
they get installed with the right package.
Add an UPDATING entry noting the new packages.
Reviewed by: imp, manu
Pull Request: https://github.com/freebsd/freebsd-src/pull/1197
Add a new kdc_restart rc variable that manages kdc (or krb5kdc) under
daemon(8). This automatically restarts the kdc should it fail, i.e.
when it's configured to use LDAP as a backend and cannot connect to its
LDAP directory.
Set kdc_restart="YES" to auto restart kdc on abnormal termination.
Set kdc_restart_delay="N" to the number of seconds to delay before
restarting the kdc. The daemon(8) default seconds applies when not set.
Reported by: Lexi Winter <lexi.freebsd@le-fay.org>
PR: 278395
Differential Revision: https://reviews.freebsd.org/D44898
This setting causes the NFS server to check that all RPCs are sent from
a privileged (<= 1023) port, rejecting those that are not. This
slightly raises the bar for a user with network access to an
unauthenticated NFS server to access exported NFS filesystems.
Users that use traditional NFS clients (e.g., those provided by FreeBSD
or Linux) should not see any difference, assuming that unprivileged
filesystem mounting is disallowed.
Note that the setting is per-VNET, so may be overridden in VNET jails
without affecting the rest of the system.
Discussed with: freebsd-arch@
Reviewed by: rmacklem, bz, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44906
Commit 99132daf6f prepends /usr/lib32 to
the list of paths in ldconfig32_paths since it is a standard library
path in ld-elf32.so.1. Remove /usr/lib32 from the value in rc.conf so
that it is not listed twice.
Reviewed by: olce, kib
Sponsored by: University of Cambridge, Google, Inc.
Differential Revision: https://reviews.freebsd.org/D44752
Move logic that computes paths passed to ldconfig(8) to a
ldconfig_paths() function that can be called for multiple ABIs.
Reviewed by: olce, kib
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D44751
Re-apply the -S switch to disable soft-updates in memory disks (commit
8b1292ac52). This might be beneficial when tmpfs(5) is not present in
the kernel, as this can cause mdmfs(8)'s auto keyword to fallback to
using md(4).
PR: 85558
MFC after: 1 week
Reviewed by: imp, emaste, brooks
Differential Revision: https://reviews.freebsd.org/D43242
this is a very early script to support cloudinit, it does not intend to
be a full featured cloudinit client, but will support a good enough
subset to be viable in most case.
It support nocloud and openstack config-2 config drive mode (iso9660 or
msdosfs)
The following features are currently supported:
- adding users (including a default user named 'freebsd' with password
'freebsd'
- adding groups
- adding ssh keys
- static ipv4, static ipv6, dynamic ipv4
With this one is able to use the 'bring your own image feature" out of
box.
It is expected that the script grows the support of other clouds
supporting cloud-init, contributions are welcomed.
It is designed to be only run once via the firstboot mecanism.
Sponsored by: OVHCloud
MFC After: 3 weeks
Differential Revision: https://reviews.freebsd.org/D44141
This will load/save the /var/run directories at boot/shutdown if
and only if /var/run/ is a tmpfs mount so it is a win for tmpfs
users and a no-op for everyone else.
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D44097
Sponsored by: Beckhoff Automation GmbH & Co. KG
silent the warning seen at boot:
Mounting late filesystems:.
nextboot: unlink /boot/nextboot.conf: No such file or directory
Sun Feb 18 23:31:52 AKST 2024
FreeBSD/amd64 (main) (ttyv0)
login:
Differential Revision: https://reviews.freebsd.org/D43979
SED=`Exists -x /usr/bin/sed /rescue/sed`
avoids adding /rescure to $PATH, and allows use of sed
before /usr is mounted (if a separate filesystem).
Reviewed by: jlduran_gmail.com
Differential Revision: https://reviews.freebsd.org/D43826
basename, sed and tty are all in /usr/bin and not available
until /usr is mounted.
basename and tty we can replace with a function, but sed is more
important. Fix o_verify to just use shell builtins, and
rc_trace should avoid trying to set RC_LEVEL until sed is available.
Debugging boot issues can be helped by
logging each rc.d script as it is run
and being able to selectively enable/disable set -x
debug.sh provides an elaborate framework for debugging shell scripts.
For secure systems, we want to be paranoid about what we read
during boot.
dot() simply reads (.) arg file if it exists
vdot() if mac_veriexec is active, ignore unverified files
otherwise behaves much the same as dot()
safe_dot() in safe_eval.sh allows reading an untrusted file;
limiting the input to simple variable assignments.
In load_rc_config allow caller to provide an option to indicate how to
handle its arg:
-v use vdot()
-s use sdot() which will try to use vdot() and fallback to safe_dot()
The default is to read using dot()
rc_run_scripts()
encapsulate the running of rc.d scripts
so that we can easily call it more than twice.
We vdot local.rc.subr to pick up extensions (like
run_rc_scripts_final) and overrides.
We also allow rc.subr.local or rc.conf to set rc_config_xtra
eg (rc_config_xtra=XXX for historic compatibility)
rc use set -o verify around the reading in of rc.subr
This has no effect if mac_veriexec is not active, but if it is; ensures
rc.subr has not been tampered with.
Reviewed by: imp
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43671
IERS is the source of truth for leap seconds. Their leapsecond file is
updated most quickly and is always right (unlike the IANA one which
often lags). IERS operates this public service for the express purpose
of random people downloading it. Their terms of service are compatible
with open source (we could include this in our release). Rather than
fighting with questions around this because the IANA one changed
locations or the auto update script broken, just use this.
This is in preference to the NIST ftp copy. NIST is in the process of
retiring their FTP services.
Sponsored by: Netflix
Reviewed by: philip, delphij, cy
Differential Revision: https://reviews.freebsd.org/D43752
Some users wishing to use the MIT krb5kdc have discovered the
kdc script workaround applied to the MIT krb5 ports is insufficient.
Let's build into this rc script the smarts to determine whether
base or ports Hiemdal kdc is being invoked or the MIT krb5kdc.
While at it, remove kdc_start_precmd(). This will simplify a future
jail patch.
Suggested by: netchild
Original patch: netchild
Reviewed by: emaste, netchild
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43523
