mention Challenge M, state that only two electrically distinct slots exist
on Indigo2/Challenge M and inform that a SysAD bug exists, which certain
cards may trigger (though we may mask it with a workaround). Other minor
nits as well.
- Make procfs_control() in procfs_ctl.c static,
- Add an argument to the above, 'pfs', for the pfsnode,
- Add another request type to KAUTH_PROCESS_CANPROCFS named
KAUTH_REQ_PROCESS_CANPROCFS_CTL (and update documentation),
- Use the above combination in a call to kauth_authorize_process().
- makes sysctl_proc_find() just lookup the process,
- use KAUTH_PROCESS_CANSEE requests to determine if the caller is
allowed to view the target process' corename, stop flags, and
rlimits,
- use explicit kauth(9) calls with KAUTH_PROCESS_CORENAME,
KAUTH_REQ_PROCESS_RESOURCE_NICE, KAUTH_REQ_PROCESS_RESOURCE_RLIMIT,
and KAUTH_PROCESS_STOPFLAG when modifying the aforementioned.
- sync man-page and example skeleton secmodel with reality.
okay yamt@
this is a pullup candidate.
where ${MAKEWRAPPERMACHINE} is the suffix XXX on the target's make
wrapper, nbmake-XXX.
Fixes toolchain/30673, "single arch host disklabel isn't enough".
- LOCKPARENT is no longer relevant for lookup(), relookup() or VOP_LOOKUP().
these now always return the parent vnode locked. namei() works as before.
lookup() and various other paths no longer acquire vnode locks in the
wrong order via vrele(). fixes PR 32535.
as a nice side effect, path lookup is also up to 25% faster.
- the above allows us to get rid of PDIRUNLOCK.
- also get rid of WANTPARENT (just use LOCKPARENT and unlock it).
- remove an assumption in layer_node_find() that all file systems implement
a recursive VOP_LOCK() (unionfs doesn't).
- require that all file systems supply vfs_vptofh and vfs_fhtovp routines.
fill in eopnotsupp() for file systems that don't support being exported
and remove the checks for NULL. (layerfs calls these without checking.)
- in union_lookup1(), don't change refcounts in the ISDOTDOT case, just
adjust which vnode is locked. fixes PR 33374.
- apply fixes for ufs_rename() from ufs_vnops.c rev. 1.61 to ext2fs_rename().
found elsewhere. (And which will appear in the NetBSD Internals Guide
soonish).
Submitted by Daniel Sieger <dsieger@TechFak.Uni-Bielefeld.DE>,
OK'd by martin@ and yamt@
sysctl.7. Remove the list of MIBs from sysctl.8 so we don't have to
maintain duplicate information, as proposed by YAMAMOTO Takashi on
tech-userlevel. Also remove references to header files from sysctl.8.
The numeric constants remain documented, they are still needed in some
cases. See the discussion on tech-userlevel. ("mib list in sysctl.8")
OK by YAMAMOTO Takashi.
let one create a tunnel with equal inner and outer destination IP
numbers. Update gre(4) documentation for this change.
Extract subroutine gre_update_route() from gre_compute_route(),
and always call it in gre_output() to freshen the route for
tunnel-encapsulated packets.
set .OBJDIR so 'make -V .OBJDIR' doesn't need to read any makefiles.
Given how much cud-chewing make does in order to read a line, this
speeds things up significantly (the operation in hand).
Obviously, this breaks the already unstable Veriexec ABI, but that's
it. Some cool additions are planned to be introduced, and this just
makes it so that NetBSD 4.0 users will be able to easily use them as
well.
This also removes the fingerprint type name limit, so relevant code
was adjusted.
Thoroughly tested (even uncovered a bug in proplib! thanks for fixing
that cube@!). Documentation updated.
First, remove process_checkioperm() calls from MD code. Similar checks
using kauth(9) routines (on the process scope, using appropriate action)
are done in the callers.
Add secmodel back-end to handle each subsystem.
using both the rawio_spec and passthru actions to detect raw disk
activity. Same for kernel memory policy.
Update documentation (no longer need to expose veriexec_rawchk()) and
remove all Veriexec-related bits from specfs.
Notable changes:
* Fixes PR 34268.
* Separates the code from gif(4) (which is more cleaner).
* Allows the usage of STP (Spanning Tree Protocol).
* Removed EtherIP implementation from gif(4)/tap(4).
Some input from Christos.
make rules, nor reading Makefile.
It is rather a shame we can't stop .depend being parsed as well.
Quite possibly one could argue that nothing in .depend should affect the
output of 'make -V xxxx'.
Add .WAITs after beforeinstall and before afterinstall.
Remove the bogus dependency lines that someone must have added with the
vague hope they would cause the build to happen in the right order!
Since we have 'realinstall: proginstall scriptsinstall' stopping
'realinstall' running never has stopped 'proginstall' running.
Fixing this probably fixes a variety of problems, including, but not
restricted to 'install' in src/sys/arch/atari/stand/bootxx
(NB this particular file is untested due to other local changes)
sftp code to accomplish something close to sshfs. this basically
works, but there are some issues with directory grovelers still,
e.g. so untar won't work. but it works for browsing mailboxes,
transferring large files, etcetc.
a fs hierarchy. This is currently ro, lacking features, and very
much unfinished in every other possible sense. Should investigate
if this can share code with sbin/sysctl so that everything must
not be rewritten.
Also, add ioctls SIOCGIFADDRPREF/SIOCSIFADDRPREF to get/set preference
numbers for addresses. Make ifconfig(8) set/display preference
numbers.
To activate source-address selection policies in your kernel, add
'options IPSELSRC' to your kernel configuration.
Miscellaneous changes in support of source-address selection:
1 Factor out some common code, producing rt_replace_ifa().
2 Abbreviate a for-loop with TAILQ_FOREACH().
3 Add the predicates on IPv4 addresses IN_LINKLOCAL() and
IN_PRIVATE(), that are true for link-local unicast
(169.254/16) and RFC1918 private addresses, respectively.
Add the predicate IN_ANY_LOCAL() that is true for link-local
unicast and multicast.
4 Add IPv4-specific interface attach/detach routines,
in_domifattach and in_domifdetach, which build #ifdef
IPSELSRC.
See in_getifa(9) for a more thorough description of source-address
selection policy.