Check the length of the hook name when copying it into the sockaddr.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D55258
* Replace fgets(3) with getline(3)
* Replace select(2) with poll(2)
* Avoid needlessly copying text around
* Correct use of getopt(3)
* Pick some style and whitespace nits
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D55257
pw.8 structure is quite different from usual manual page, especially in
describing -o option usage. Specifically, these paragraphs do not
contain "uid/gid" terms, and have "user id"/"group id" instead,
making searching for "override duplicate safety belt" difficult.
Try to simplify such searches.
Also, clarify uid/gid space between 100 and 1000 as "somewhat special",
as it actually is.
Discussed on: russian telegram FreeBSD group
Reviewed by: eugen, novel
MFC after: 1 week
freebsd-update sets the currently running release from UNAME -r, which
can be overridden via the --currently-running commandline option (or by
setting UNAME_r in the environment). This may be invalid if -b is used
to specify a basedir other than /, so error out if -b is specified
without setting the currently running version.
PR: 283229
Reviewed by: cperciva
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48016
Currentlu, the traceroute[6] utility does not check
for possible networking errors while talking to as_server
in case of "traceroute -a". Meantime, there is a common case
when trace is long and it has many non-responding hops
(shown as '* * *'), so as_server aborts our connection,
hence no AS numbers shown for the rest of trace.
Somewhat artifical way to reproduce the problem:
traceroute to 57.144.244.1 (57.144.244.1), 80 hops max, 48 byte packets
5 [AS174] be2950.ccr42.fra05.atlas.cogentco.com (154.54.72.42) 74.277 ms 9.605 ms 9.599 ms
6 [AS174] 149.11.228.19 (149.11.228.19) 9.506 ms 9.466 ms 9.420 ms
7 [AS33182] po172.asw02.fra5.tfbnw.net (129.134.108.146) 9.725 ms 9.874 ms 9.696 ms
8 [AS32934] psw04.fra5.tfbnw.net (157.240.59.85) 8.718 ms 8.691 ms 8.618 ms
9 * * *
10 [AS0] edge-star-mini-shv-01-fra5.facebook.com (57.144.244.1) 9.747 ms 9.815 ms 9.699 ms
Note what due to increased timeout (-w10) we get [AS0] for 10th hop
because as_server closed our connection. Same problem occurs
with default -w3 when there are lots of '* * *' hops in a trace.
Fix it with some additional error checking and a reconnection.
This patch was in my use for many years and after traceroute(8) moved
from contrib/ to usr.sbin/ it's nice to have it in the tree.
MFC after: 2 weeks
The VM image creation scripts have a copy of this list of datasets which
should be kept in sync, which can otherwise be easily missed, as was the
case in the now-reverted 3e8619e535 ("bsdinstall: Create separate
datasets for directories in /usr/ports").
This reverts commit 3e8619e535.
While it's generally a good idea to have separate datasets for things
like this, it breaks git clone with:
fatal: destination path 'ports' already exists and is not an empty directory.
Signed-off-by: Ricardo Branco <rbranco@suse.de>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2006
The daemon utility has always created its output file with a fixed mode
of 0600. This causes issues for log collection setups where the collector
does not run as root but instead relies on group access to the watched
daemon’s log file.
Introduce a new option that allows specifying the output file mode using
install(1)-style semantics. This enables non-root log collectors to access
the file as intended and improves compatibility with log rotation tools.
Reviewed by: kevans
MFC after: 1 week
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D54930
It can use the passthru_mmio_map() helper function. Make that change,
and also make passthru_mmio_map() use EPRINTLN to fix formatting when
the guest console is stdio.
Reviewed by: corvink, jhb
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D55067
The old default of 2 for max_sectors limits performance significantly
with guest systems where the virtio-scsi driver actually honors this
value.
As CTL doesn't seem to have any limit of the maximum size of a single
transfer, set this to INT32_MAX by default.
Reviewed by: corvink
Differential Revision: https://reviews.freebsd.org/D53466
Support for indirect registers is actually part of the common virtio code,
the virtio-scsi code doesn't actually care or even know anything about it.
Advertising the features greatly improves performance with some guest
operating systems.
Reviewed by: corvink
Differential Revision: https://reviews.freebsd.org/D53467
vq_getchain() erroneously checked vc_hv_caps for indirect descriptor
support when it encountered an indirect descriptor. vc_hv_caps is used
in feature negotiation to advertise what features our device emulation
supports, but we should really check what features we have negotiated
with the driver.
Reviewed by: corvink
Differential Revision: https://reviews.freebsd.org/D53465
It links fine with newer binutils 2.44 (and GCC 15), so the workaround
can be dropped.
Reviewed by: emaste
PR: 242109
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55083
The `eachresult` argument is documented to take a function pointer of
type:
bool_t (*)(caddr_t, struct sockaddr_in *)
It was declared to take a resultproc_t which has historically been
declared to be:
bool_t (*resultproc_t)(caddr_t, ...);
This overlapped well enough for currently supported ABIs where variadic
arguments are passed in registers, but this declaration is misaligned
with the documentation (resultproc_t takes three arguments) and will be
fixed in a followup commit.
Fix the type to be non-variadic, matching callbacks, and define a
convenience type of as most callbacks take something other than a char *
as their first argument and need to be cast.
Effort: CHERI upstreaming
Reviewed by: ngie, glebius, jhb
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D54940
No functional change, but downstream in CheriBSD this was causing a
link error as the Makefile was overriding CFLAGS set via a side effect
of bsd.compiler.mk.
Reviewed by: bz, brooks, emaste
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D54894
Avoid truncating 32-bit values. This would have saved me a bit of time
when I was looking at a cpuid leaf on my system and typed 0x80000001f
instead of 0x8000001f.
Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54919
pci_host_read_config() requires write access to /dev/pci so cannot be
used with unprivileged bhyve. The lpc init code uses it to find the
host system's LPC bridge device and so was generating warnings with
bhyve running as a non-root user.
Refactor the implementation to use PCIOCGETCONF instead, which doesn't
require any special privileges. This isn't formally necessary, as we
only care about copying the host system's identifiers in order to
support Intel GPU passthrough (see commit f4ceaff56d), but it's
straightforward and lets an unprivileged user run bhyve without seeing
warnings about failing to open /dev/pci with write permissions.
Reviewed by: corvink, rew
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54851
Most of these tests create a md(4) device backed by a makefs-generated
image, then import the pool, using the md device as a pool vdev. When
a test finishes, it destroys the pool, then destroys the md device.
Once in a while md device destruction fails with EBUSY. This happens
when a GEOM consumer is holding the device open; kern_mddetach_locked()
simply fails if any consumers are present. zpool destruction is
synchronous so ZFS is innocent, rather, the problem seems to be that
GEOM re-tastes the device after the zpool reference goes away. This
operation creates a transient reference that causes the spurious
failure.
Use "mdconfig -o force" to work around this.
MFC after: 2 weeks
syslogd_start() waits for the local log socket to appear before
returning, to ensure that the daemon is ready to handle log messages.
Some tests start two daemons, so by default the socket already exists
when the second daemon is started, so syslogd_start() returns early.
The test subsequently sends a message to this second daemon, which
sometimes isn't ready.
Define a separate log socket for the second daemon. Add a check to
syslogd_start() to help catch this type of bug.
Reviewed by: jlduran
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54800
- In syslogd_start(), assign the lo0 address in the specified jail.
- Use the correct netmask.
Reviewed by: jlduran
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54799
I occasionally see failures in the syslogd test suite. The problem is
that the tests are racy: they send a message using logger(1), then
immediately check whether the message was logged to a log file. If the
syslogd instance under test doesn't get a chance to run before the
second step, the test fails.
This change reworks things to avoid the race while minimizing the amount
of time sleeping.
1) Each test uses a single logfile, so have them use a new common
variable, SYSLOGD_LOGFILE, instead of something test-specific.
2) In syslogd_start(), if the configuration references SYSLOGD_LOGFILE,
wait for it to be created by syslogd before returning.
3) Add a helper syslogd_check_log(), to check for a given log entry in
the last line of SYSLOGD_LOGFILE, instead of using atf_check
directly.
4) In syslogd_check_log(), poll the logfile until the desired log entry
appears, or the test times out.
With this change, I was able to run the tests 1000 times in a loop with
4-way parallelism without seeing any test failures. Without the change
I usually get a failure within 10 loops.
Reviewed by: jlduran
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54779
This is just for consistency with all other logger(1) invocations, which
happen from the syslogd_log() function.
No functional change intended.
Reviewed by: jlduran
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54778
Extend PAM integration beyond account checks to include credential
establishment and session management, allowing PAM modules to configure
the execution environment for user cron jobs.
Previously, cron only called pam_acct_mgmt() to verify account validity
but immediately terminated the PAM handle before job execution. This
prevented PAM modules from establishing sessions, setting credentials
(e.g., Kerberos tickets), or exporting environment variables needed by
jobs.
The PAM handle now persists in the intermediate process throughout the
job execution, enabling proper session open/close pairing. Credentials
are established and sessions opened while still running as root, before
dropping privileges in the grandchild. PAM environment variables are
exported in the job process with user crontab variables taking precedence.
A session rule (pam_permit.so) is added to /etc/pam.d/cron to enable
session support without changing default behavior. Administrators can
replace this with other modules as needed.
System crontab entries continue to bypass all PAM operations.
PR: bin/244844
Reviewed by: des
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54415
This is based on an initial implementation by michaelo in
https://reviews.freebsd.org/D54361.
PR: 270497
Reported by: michaelo
Reviewed by: michaelo
Tested by: michaelo
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54606
created to allow addressable leds to be driven by abusing spi bus as waveform generator. this might have other uses for similar "permanent" spi transfers
Differential Revision: https://reviews.freebsd.org/D54734
Reviewed by: adrian
Add a function to all nodes under a config option node. This allows
parsing an arbitrary number of similarly structured configuration
options in a config option group.
Reviewed by: corvink, markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D51551
general:
- find libsamplerate's headers in the temporary sysroot instead of
digging in the source tree.
- use LIBADD where possible
lib/virtual_oss:
- centralize SHLIBDIR define
- centralize include path for internal headers
- don't try to find libsamplerate directly in .OBJDIR
No functional changes.
Reviewed by: christos
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D54704
In particular, we should provide a hint about mac.conf(5), since libjail
will just use the mac_prepare_type(3) API to provide a reasonably sane
interface for system administrators. Progammers wanting to fetch an
arbitrary MAC label would need to bypass libjail and use jail_get(2)
directly with their own prepared `struct mac`.
Differential Revision: https://reviews.freebsd.org/D54067
Currently, to define a new environment variable or modify an existing
one, we need to use env(1), which may or may not be available inside
the jail, especially in OCI containers created with the scratch
layer (i.e., those containers that are only a single static binary,
plus configuration files and related stuff). With this option, we
can specify environment variables of arbitrary length for the
specified process running inside the jail.
Reviewed by: jamie@
Approved by: jamie@
Differential Revision: https://reviews.freebsd.org/D54660
And refer to dist sets as "legacy." This matches our expectation for
FreeBSD 16.0.
Reviewed by: cperciva
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54156
Pipe actions spawn a process based on the command provided in the
syslogd configuration file. When a HUP signal is received, enter
the process into the deadq instead of immediately killing it.
This matches the behavior of syslogd prior to it being Capsicumized.
Fixes: d2d180fb77