Functional: Do not add a missing period or a version number to
directories, since that doesn't fit the standard (thanks
Daniel Watt).
Add RRIP PX records (POSIX meta-information) to '.'
and '..' entries. Quiets kernel complaint, when we
mount a cd9660 filesystem, that there is a missing PX
entry.
Cosmetic: Reduce height of staircases. Remove an unused member
from struct _cd9660node. Extract a subroutine. KNF.
Use a TAILQ macros for lists of both SUSP/RRIP attributes
and directory entries.
XXX
XXX The new RRIP PX entries are not quite right.
XXX
- Remove all NFS related stuff from file system specific code.
- Drop the vfs_checkexp hook and generalize it in the new nfs_check_export
function, thus removing redundancy from all file systems.
- Move all NFS export-related stuff from kern/vfs_subr.c to the new
file sys/nfs/nfs_export.c. The former was becoming large and its code
is always compiled, regardless of the build options. Using the latter,
the code is only compiled in when NFSSERVER is enabled. While doing this,
also make some functions in nfs_subs.c conditional to NFSSERVER.
- Add a new command in nfssvc(2), called NFSSVC_SETEXPORTSLIST, that takes a
path and a set of export entries. At the moment it can only clear the
exports list or append entries, one by one, but it is done in a way that
allows setting the whole set of entries atomically in the future (see the
comment in mountd_set_exports_list or in doc/TODO).
- Change mountd(8) to use the nfssvc(2) system call instead of mount(2) so
that it becomes file system agnostic. In fact, all this whole thing was
done to remove a 'XXX' block from this utility!
- Change the mount*, newfs and fsck* userland utilities to not deal with NFS
exports initialization; done internally by the kernel when initializing
the NFS support for each file system.
- Implement an interface for VFS (called VFS hooks) so that several kernel
subsystems can run arbitrary code upon receipt of specific VFS events.
At the moment, this only provides support for unmount and is used to
destroy NFS exports lists from the file systems being unmounted, though it
has room for extension.
Thanks go to yamt@, chs@, thorpej@, wrstuden@ and others for their comments
and advice in the development of this patch.
- Correct lenght for the username
- First character in the login name cannot be '-' (OpenBSD)
- Remove some #ifdef EXTENSIONS. find_group_info is always needed
- When printing change, if it's -1, place a correct string.
backing file per attribute type indexed by inode number to hold the extended
attributes.
This is working pretty well on my test systems, except for the "autostart"
feature. I need someone with a better handle on the VFS locking protocol
to go over that.
This is a work-in-progress. There are parts of this that could be re-factored
allowing this approach to be used on other types of file systems.
Adapted from FreeBSD.
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
Alan Perez-Rathke and Ram Vedam.
Prototyping, KNF, WARNS=3 by me.
Note that this is marked experimental for now. It works well enough to
make NetBSD/i386 bootable images, but does need more work.
*tp > LONG_MAX is never true, so replace that check with a test
for strtol() setting errno == ERANGE (oddly, some ports' build
swallowed this without warning).
There's no guarantee that a time_t stores the same number of bits
as a long, so check for an overflow there as well, and pass any
error up.
Discussed with christos, martin and mrg.
- cast more returns to void.
- use waitpid instead of wait() to wait for our process, not accidentally
wait for other children.
- return exitstatus only if exited, and return the termination signal otherwise.
- Add new -C option to 'usermod'. This allows a quick way to temporary
lock a users account. This is similar to how FreeBSD do it using
'adduser'. This function can be very handy to administrators!
- Import a function to check if the inputted class actually exists. It
contains my modifications to test whether /etc/login.conf exists
in the first place. -OpenBSD
- Add new -C option to 'usermod'. This allows a quick way to temporary
lock a users account. This is similar to how FreeBSD do it using
'adduser'. This function can be very handy to administrators!
- Import a function to check if the inputted class actually exists. It
contains my modifications to test whether /etc/login.conf exists
in the first place. -OpenBSD
While I am there:
- KNF (long wrapped lines, and spaces after void casts).
- Factor out some common code.
- Fix error messages.
1. Consistently capitalize them.
2. Fix err->errx and warn->warnx inappropriate uses.
3. Use regerror where appropriate.
4. Don't call warn()/err() to report errors after you trashed errno
by calling other syscalls. Save and restore the errno instead,
or in the warn() case, call warn() first.
- Fix size_t - int, uid_t - int confusion.
- Pass lint
and plain file images too. If no TOC can be read, a single track is
assumed which spans the whole thing.
The disklabel will be updated if supported by the device. If not, just
the ISO volume label information will be printed.
- system(), rmdir() sets errno, use it
- Use warnx() if strchr failed, not warn()
- Constify some arguments
- Fix cases when errx()/warnx() should be used instead of err()/warn()
due to errno not being set.
Group code:
------------
- List members in a neat fashion, separated by commas
- groupmod(): Use find_group_info - consistency
appeared and whether it's really part of pf or not is still unclear. Looking
at the other *BSDs it seems that they have left out spamd when importing pf,
and now we do that too. Also, the name conflicted with another more popular
used tool, after the rename to pfspamd it was left with completely unusable
documentation which apparently no-one wanted to fix.
A port of the latest spamd will be imported into pkgsrc soon.
Suggested by several people, no objections on last proposal on tech-userlevel.
