Robert Watson [Tue, 5 Nov 2002 01:59:56 +0000 (01:59 +0000)]
Remove reference to struct execve_args from struct imgact, which
describes an image activation instance. Instead, make use of the
existing fname structure entry, and introduce two new entries,
userspace_argv, and userspace_envv. With the addition of
mac_execve(), this divorces the image structure from the specifics
of the execve() system call, removes a redundant pointer, etc.
No semantic change from current behavior, but it means that the
structure doesn't depend on syscalls.master-generated includes.
There seems to be some redundant initialization of imgact entries,
which I have maintained, but which could probably use some cleaning
up at some point.
Robert Watson [Mon, 4 Nov 2002 20:52:09 +0000 (20:52 +0000)]
Clarify language relating to ACLs, Capabtilities, and MAC, since the
implementation status of these services has changed substantially
since this man page was last updated.
Nick Sayer [Mon, 4 Nov 2002 19:30:04 +0000 (19:30 +0000)]
After waiting for help with the markup, I finally decided to just patch
the page myself. The new language is more accurate than what was there
before, but the most accurate way of describing the funcionality eludes
me.
Robert Watson [Mon, 4 Nov 2002 17:50:52 +0000 (17:50 +0000)]
Implement mpo_check_system_acct and mpo_check_system_settime() for Biba:
require Biba privilege to configure either, and require that accounting
files be high integrity. Note that this does allow implicit information
flow from low to high integrity, but it also protects the integrity
of accounting data.
Robert Watson [Mon, 4 Nov 2002 15:13:36 +0000 (15:13 +0000)]
Permit MAC policies to instrument the access control decisions for
system accounting configuration and for nfsd server thread attach.
Policies might use this to protect the integrity or confidentiality
of accounting data, limit the ability to turn on or off accounting,
as well as to prevent inappropriately labeled threads from becoming nfs
server threads.
Replace ARC4 with SHA2-512.
Change lock-structure encoding to use random ordering rather for obscurity.
Encrypt lock-structure with AES/256 instead of AES/128.
Change kkey derivation to be MD5 hash based.
Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen.
Remove clause 3 of the license with NAI Labs consent.
Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David
Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and
suggestions.
This code has still not been stared at for 10 years by a gang of
hard-core cryptographers. Discretion advised.
NB: These changes result in the on-disk format changing: dump/restore needed.
Robert Watson [Mon, 4 Nov 2002 02:35:46 +0000 (02:35 +0000)]
Update licenses and wording: NAI has authorized the removal of clause three
of their BSD-style license; also, carry out the NAI Labs -> Network
Associates Laboratories renaming in these files.
Robert Watson [Mon, 4 Nov 2002 01:53:12 +0000 (01:53 +0000)]
License and wording updates: NAI has authorized the removal of clause
three from their BSD-style license. Also, s/NAI Labs/Network Associates
Laboratories/.
Robert Watson [Mon, 4 Nov 2002 01:42:39 +0000 (01:42 +0000)]
License clarification and wording changes: NAI has approved removal of
clause three, and NAI Labs now goes by the name Network Associates
Laboratories.
Add the necessary tweaks for FreeBSD/ia64 releases. Note that this is
in no way final. A typical ia64 wart is that there are no boot blocks.
Instead, we need to create disks with EFI partitions if we want auto
boot to work. All this functionality is not present yet.
Add GPT entry types for partitions we're likely to encounter in the
wild. These include MS partitions and Linux partitions. At this time
there's no evidence that HP-UX uses GPT.
Scott Long [Sun, 3 Nov 2002 23:48:14 +0000 (23:48 +0000)]
Hook the aic7xxx modules up. This requires some extra care since aicasm
is a compiler tool and needs to be compiled by the host compiler. I've
tested this in i386->sparc cross-build, 4.7->current upgrade, normal
buildkernel target, and normal /sys/i386/compile/GENERIC configurations.
Tim J. Robbins [Sun, 3 Nov 2002 23:22:34 +0000 (23:22 +0000)]
- Consistent use of warn() vs. perror().
- Gracefully handle the case where standard input is missing
a newline at EOF.
- Exit with status 1 instead of -1 (really 255) on error.
- Add a Diagnostics section to the manual page documenting
exit status.
Alan Cox [Sun, 3 Nov 2002 22:20:42 +0000 (22:20 +0000)]
- Remove the memory allocation for the object/offset hash table
because it's no longer used. (See revision 1.215.)
- Fix a harmless bug: the number of vm_page structures allocated wasn't
properly adjusted when uma_bootstrap() was introduced. Consequently,
we were allocating 30 unused vm_page structures.
- Wrap a long line.
Mitsuru IWASAKI [Sun, 3 Nov 2002 10:49:24 +0000 (10:49 +0000)]
Add status initialization code for acpi_cmbat and acpi_acad,
acpi_cmbat_init_battery() and acpi_cmbat_init_acline() respectively.
Call acpi_cmbat_init_battery() from acpi_cmbat_resume() too just in
case.
This is a workaround for embedded controller operations which is
unstable for about a minute (typically 30 or 40 sec.) at boot time.
- Added the MenuIPLType menu for selecting pc98 boot IPL.
- Disabled 'Syscons, Font', 'Syscons, Screenmap' and 'Syscons, Ttys' menus
on pc98.
- Fixed the MenuMouseType and MenuMousePort menus for pc98.
- Fixed some comments for pc98.
Scott Long [Sun, 3 Nov 2002 08:54:46 +0000 (08:54 +0000)]
Bring newfs_msdos into the GEOM world. Totally rewrite and simplify
getdiskinfo(). For the fixed-disk case, bpb->hid probably isn't
handled correctly, but I'm not sure if this is a serious problem since
the primary use of this program is to format floppy disks.
Tim J. Robbins [Sun, 3 Nov 2002 07:29:08 +0000 (07:29 +0000)]
Print a `+' character after the standard UNIX permission fields in long
listings if the file has an extended ACL (more than the required 3 entries).
This is what Solaris and IRIX do, and what the withdrawn POSIX.2c standard
required.
Reviewed by: rwatson (an earlier version of the patch)
Initialize d->bios_cyl. We know the media size in sectors, the number
of heads end the number of sectors per track. If there's an obvious
insanity (heads and sectors are both zero or the media size is not
an integral multiple of heads times sector) we set the number of
cylinders to zero.
Robert Watson [Sun, 3 Nov 2002 00:53:03 +0000 (00:53 +0000)]
Change privilege model for mac_partition such that BSD superuser can change
the partition once a partition has been set. This is required for correct
operation of sendmail between partitions.
Warner Losh [Sat, 2 Nov 2002 23:00:28 +0000 (23:00 +0000)]
MFp4:
o Always release the resources on device detach.
o Attach resources the same with driver added as we do we do in the insert
case (maybe this should be a routine).
o signal the wakeup of the thread on resume instead of trying to force an
interrupt.
o Minor debug hacks.
o use 0xffffffff instead of -1 for uint32_t items.
o Don't complain when we're asked to detach no cards. This is normal.
o Eliminate the now worthless second parameter to card_detach_card.
o minor style(9)isms
Some of these patches may be from: iwasaki-san, jhb, iadowse
Warner Losh [Sat, 2 Nov 2002 22:35:24 +0000 (22:35 +0000)]
MFp4:
o It turns out that we always need to try to route the interrupts for
the case where the $PIR tells us there can be only one. Some machines
require this, while others fail when we try to do this (bogusly, imho).
Since we have no apriori way of knowing which is which, we always try to
do the routing and hope for the best if things fail.
o Add some additional comments that state the obvious, but amplify it in
non-obvious ways (judging from the questions I've gotten).
This should un-break older laptops that still have to use PCIBIOS to route
interrupts.
Warner Losh [Sat, 2 Nov 2002 22:32:04 +0000 (22:32 +0000)]
Use 0xffffffff instead of -1 for id to compare against.
Use exact width types, since this is a MD file and won't be used elsewhere.
Fix a couple of resulting printf breakages
Shamelessly copy the files over from the sparc64 port. Since there
was no history to speak of, a repocopy would not have bought us
anything. Versions copied:
../sparc64/boot_crunch.conf,v 1.3 2002/11/01 15:29:35 jhb
../sparc64/dokern.sh,v 1.1 2002/10/13 18:36:06 jake
../sparc64/mkisoimages.sh,v 1.1 2002/10/13 18:36:06 jake
Peter Wemm [Sat, 2 Nov 2002 20:16:55 +0000 (20:16 +0000)]
Unbreak MNT_UPDATE when running with cd as root. Detect mountroot by
checking for "path == NULL" (like ffs) rather than MNT_ROOT. Otherwise
when you try and do an update or mountd does an NFS export, the remount
fails because the code tries to mount a fresh rootfs and gets an EBUSY.
The same bug is in 4.x (which is where I found it).
Maxime Henrion [Sat, 2 Nov 2002 20:16:35 +0000 (20:16 +0000)]
Fix some warnings on 64 bit architectures. The vn_extattr_get()
function takes an int * parameter, not a size_t * parameter.
Arguably, it should rather take a size_t *, but that would
require changing the uio_resid field of struct uio to be a size_t
instead of an int, which I don't want to do that close to
5.0-RELEASE.
Add support for GPT:
1. When the parition type is not an integer, try to parse the type
as an UUID. If that succeeds, map the UUID to chunk_e.
2. For GPT partitions, pass the type constructed in point 1 above
to Add_Chunk.
While here, fix the MBREXT case by only checking if the first 3
characters are MBR. This avoids duplication.
Add support for ia64. This is almost identical to i386, except that
with GPT chunks of type "part" do not necessarily live under chunks
of type "freebsd". We don't necessarily have a disklabel.
Remove the GEOM_GPT hack. We now check for partition type 0xEE and
skip those. This handles the Protective MBR (PMBR) which consists
of a single partition of type 0xEE that covers the whole disk and
as such protects the GPT partitioning. We allow other partitions to
be present besides partitions of type 0xEE and as such interpret
partition type 0xEE as a "hands-off" partition only.
While here, fix g_mbrext_dumpconf to test if indent is NULL and
dump the data in a form that libdisk can grok. Change the logic
in g_mbr_dumpconf to match that of g_mbrext_dumpconf. This does
not change the output, but prevents a NULL-pointer dereference
when indent == NULL && pp == NULL.
malloc(9) with M_NOWAIT seems to return NULL a lot more than I would have
expected under -current. This is a problem for GEOM because the up/down
threads cannot sleep waiting for memory to become free. The reason they
cannot sleep is that paging things out to disk may be the only way we can
clear up some RAM. Nice catch-22 there.
Implement a rudimentary ENOMEM recovery strategy: If an I/O request
fails with an error code of ENOMEM, schedule it for a retry, and
tell the down-thread to sleep hz/10 to get other parts of the system
a chance to free up some memory, in particular the up-path in GEOM.
All caches should probably start to monitor malloc(9) failures using the new
malloc_last_fail() function, and release when it indicates congestion.
Hajimu UMEMOTO [Sat, 2 Nov 2002 08:21:26 +0000 (08:21 +0000)]
Add IPv6 setup for ipfilter. `ipv6_ipfilter_rules' was added
to specify rules definition file for ipfilter. The default is
/etc/ipf6.rules. If there is a file which is specified by
'ipv6_ipfilter_rules', IPv6 rule is installed.
Reviewed by: Ronald van der Pol <Ronald.vanderPol@rvdp.org>
MFC after: 1 week