KAUTH_REQ_NETWORK_NFS_EXPORT and KAUTH_REQ_NETWORK_NFS_SVC, and use them
to replace two KAUTH_GENERIC_ISSUSER calls in the NFS code.
Also replace two more with KAUTH_SYSTEM_MKNOD, where appropriate.
Documetnation and examples updated. More to come.
Make the FreeBSD and Linux compat code convert the parameters to their
native representation and call the native routines.
Remove KAUTH_PROCESS_SCHEDULER_GET/SET.
Update documentation and examples.
XXX: For now, only the Linux compat code does the priority conversion
XXX: right.
Linux priority conversion code from yamt@, thanks!
Okay yamt@.
- Document the signatures file format in a veriexec(5) man-page,
- Document the strict levels and a general Veriexec intro in veriexec(8)
instead of security(8).
Okay blymn@.
words, don't pass an action and a request, and just use a single action to
indicate what is the operation in question.
This is the first step in fixing PR/37986, which calls for policy/priority
checking in the secmodel code. Right now we're lacking room for another
parameter required to make a decision, and this change makes room for such.
Don't hand all the argv options to fuse_main() - it's only interested
in the ones we haven't parsed ourselves.
These changes make the initiator compile and perform discovery successfully
on FreeBSD 6.3. Full login doesn't work yet due to a KSE related bug.
contents of the generated scripts may change (as will happen with ATF 0.4),
so this dependency is important to have. Dunno how to deal with the
non-tools case other than adding an entry in UPDATING, but if you are not
using tools, you can expect all kinds of breakage.
it is deprecated, no longer required, and will be removed in a future
release of NetBSD.
Dramatically reduce the size of the session structure by removing an
IOV_MAX array of iovecs where only the first was use. Saves an 8k
bzero on each session creation.
Convert fixed-size allocations in cryptodev.c to pools.
OpenSSL:
1) Fix extremely misleading text in crypto.4 manual page so it does not
appear to claim that a new cloned file descriptor is required for every
session.
2) Fix severe performance problem (and fd leak!) in openssl cryptodev
engine resulting from misunderstanding probably caused by said manual
page text.
3) Check for session-ID wraparound in kernel cryptodev provider. Also,
start allocating sessions at 1, not 0 -- this will be necessary when
we add ioctls for the creation of multiple sessions at once, so we
can tell which if any creations failed.
- Add a KAUTH_PROCESS_SCHEDULER action, to handle scheduler related
requests, and add specific requests for set/get scheduler policy and
set/get scheduler parameters.
- Add a KAUTH_PROCESS_KEVENT_FILTER action, to handle kevent(2) related
requests.
- Add a KAUTH_DEVICE_TTY_STI action to handle requests to TIOCSTI.
- Add requests for the KAUTH_PROCESS_CANSEE action, indicating what
process information is being looked at (entry itself, args, env,
open files).
- Add requests for the KAUTH_PROCESS_RLIMIT action indicating set/get.
- Add requests for the KAUTH_PROCESS_CORENAME action indicating set/get.
- Make bsd44 secmodel code handle the newly added rqeuests appropriately.
All of the above make it possible to issue finer-grained kauth(9) calls in
many places, removing some KAUTH_GENERIC_ISSUSER requests.
- Remove the "CAN" from KAUTH_PROCESS_CAN{KTRACE,PROCFS,PTRACE,SIGNAL}.
Discussed with christos@ and yamt@.
PR/37692 from Yojiro UO
---
uhmodem: device driver for huawei 3G wireless modem
* what it is?
A device driver for huawei 3G wireless modem, E220 and its valiations.
The devices are very simuler to ubsa device, but they need special care
to use as modem device.
This patch introduce "uhmodem (USB Huawei modem)" for the devices.
A uhmodem device has two com devices and one USB mass strage device.
The driver enable to use all of them.
* dmesg:
uhmodem0 at uhub0 port 1 configuration 1 interface 0
uhmodem0: HUAWEI Technologies HUAWEI Mobile, rev 1.10/0.00, addr 2
uhmodem0: mass storage only mode, reattach to enable modem
uhmodem0: at uhub0 port 1 (addr 2) disconnected
uhmodem0 detached
uhmodem0 at uhub0 port 1 configuration 1 interface 0
uhmodem0: HUAWEI Technologies HUAWEI Mobile, rev 1.10/0.00, addr 2
ucom0 at uhmodem0 portno 0: modem
ucom1 at uhmodem0 portno 1: monitor
umass0 at uhub0 port 1 configuration 1 interface 2
umass0: HUAWEI Technologies HUAWEI Mobile, rev 1.10/0.00, addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, 1 lun per target
cd0 at scsibus0 target 0 lun 0: <HUAWEI, Mass Storage, 2.31> cdrom removable
that acts as PCI-ISA bridge and supports a Timecounter, Watchdog Timer
and GPIO.
Adapted by Yojiro UO and minor tweaks by me from OpenBSD. Tested on
CS5535 and CS5536. This closes PR kern/37577.
Been running in my tree for over a month at least.
Reviewed and okay yamt@, and special thanks to him as well as rittera@
for making this possible through fixing NDIS to not call fork1() with
l1 != curlwp.
name the directory "02.config" as it historically was, name it config, so
that if we ever want to update this book for the modern age, we can move
chapters around, delete them, etc, without mass confusion.
* Add a nooutput function to be used instead of redirecting to /dev/null,
because /dev/null might not exist early in the boot sequence. This
should fix a bug in which the pax autodetection failed when used from
init(8) with a read-only root file system without a /dev/null.
* Move most of the main program into a new makedev_main function,
to allow reuse by MAKEDEV.local.
In MAKEDEV.local:
* Use the new makedev_main function defined in MAKEDEV. This allows
MAKEDEV.local to support all the options understood by MAKEDEV, instead
of only a subset. This should fix a bug in which the setup() function
could try to use pax mode even though that was previously not supported.
In MAKEDEV.local man page:
* Update list of command line options.
* Don't explain all the options, just refer to MAKEDEV(8) man page.
* Remove BUGS section now that all MAKEDEV options are supported
by MAKEDEV.local.
man8/man8.i386/dosboot.8, and man8/man8.i386/pxeboot.8.
* In all:
- First few lines of each man page should be .Dd, .Os, .Dt, .Nm;
- Use Nx; new sentence, new line; serial comma;
- Update comments about which files to keep in sync.
* In MI boot(8):
- add reference to architecture-specific boot(8);
- add commented-out reference to boot.cfg(5);
- reinstate BUGS heading that was lost when the MI boot.8 was
created from i386 boot.8.
* In i386 boot.8:
- mention -x and -z flags;
- we can boot from media other than floppy, or from the network;
- remove first paragraph in BUGS section now that an MI boot(8)
man page exists.
* In i386 dosboot.8 and pxeboot.8:
- mention -c, -x, and -z flags.
can find.
If the initiator discovers too many targets for it to handle
(currently more than 16), then truncate to the maximum with a loud
warning message, rather than aborting.
In practice, this means that multiple targets can now be used with the
NetBSD iSCSI initiator.
% ls -laR /mnt/inspiron1300.wherever.co.uk/
total 192
drwxr-xr-x 2 agc agc 512 Dec 11 08:53 .
drwxr-xr-x 2 root wheel 0 Jan 1 1970 ..
drwxr-xr-x 2 agc agc 512 Dec 11 08:53 target0
drwxr-xr-x 2 agc agc 512 Dec 11 08:53 target1
/mnt/inspiron1300.wherever.co.uk/target0:
total 576
drwxr-xr-x 2 agc agc 512 Dec 11 08:53 .
drwxr-xr-x 2 agc agc 512 Dec 11 08:53 ..
lrw-r--r-- 1 agc agc 44 Dec 11 08:53 hostname -> inspiron1300.wherever.co.uk
lrw-r--r-- 1 agc agc 9 Dec 11 08:53 ip -> 10.4.0.42
lrw-r--r-- 1 agc agc 16 Dec 11 08:53 product -> NetBSD iSCSI
-rw-r--r-- 1 agc agc 104857600 Dec 11 08:53 storage
lrw-r--r-- 1 agc agc 43 Dec 11 08:53 targetname -> iqn.1994-04.org.netbsd.iscsi-target:target0
lrw-r--r-- 1 agc agc 8 Dec 11 08:53 vendor -> NetBSD
lrw-r--r-- 1 agc agc 4 Dec 11 08:53 version -> 0
/mnt/inspiron1300.wherever.co.uk/target1:
total 576
drwxr-xr-x 2 agc agc 512 Dec 11 08:53 .
drwxr-xr-x 2 agc agc 512 Dec 11 08:53 ..
lrw-r--r-- 1 agc agc 44 Dec 11 08:53 hostname -> inspiron1300.wherever.co.uk
lrw-r--r-- 1 agc agc 0 Dec 11 08:53 ip ->
lrw-r--r-- 1 agc agc 16 Dec 11 08:53 product -> NetBSD iSCSI
-rw-r--r-- 1 agc agc 52428800 Dec 11 08:53 storage
lrw-r--r-- 1 agc agc 43 Dec 11 08:53 targetname -> iqn.1994-04.org.netbsd.iscsi-target:target1
lrw-r--r-- 1 agc agc 8 Dec 11 08:53 vendor -> NetBSD
lrw-r--r-- 1 agc agc 4 Dec 11 08:53 version -> 0
%
Improve the documentation around that.
* The "-p pax", "-m mknod", and "-s" (mtree specfile) options should
always have been mutually exclusive. Now enforce that.
* The "-f" option didn't ever work with pax or mtree mode; document that,
and make it an error to try something that won't work.
* Make pax mode the default, if no other options prevent this, and if
"pax -w -M" appears to be usable.
* Add missing options to a usage message.
volumes that are migrating such as when you change the stripe size.
While I'm here use the same string than we had in the old framework to
report status "online" vs "drive is online", because the sensor might be
a RAID volume and not just a drive.
Buffers run through copy-on-write are marked B_COWDONE. This condition
is valid until the buffer has run through bwrite() and gets cleared from
biodone().
Welcome to 4.99.39.
Reviewed by: YAMAMOTO Takashi <yamt@netbsd.org>
Ok, ok, a few more words about it: stop holding puffs_cc as a holy
value and passing it around to almost every possible place (popquiz:
which kernel variable does this remind you of?). Instead, pass
the natural choice, puffs_usermount, and fetch puffs_cc via
puffs_cc_getcc() only in routines which actually need it. This
not only simplifies code, but (thanks to the introduction of
puffs_cc_getcc()) enables constructs which weren't previously sanely
possible, say layering as a curious example.
There's still a little to do on this front, but this was the major
fs interface blast.
to remove the frobbing that drivers must do in the hci_unit structure.
- driver provides a static const interface descriptor
- hci_unit is allocated by hci_attach() rather than part of softc
- statistics are compiled by driver and provided on request
- driver provides output methods and is responsible for output queue
- stack provides input methods and is responsible for input queue
- mutex is used to arbitrate device queue access
active development and its ABI (and possibly API) may change between
NetBSD versions.
This is critical to, for example, LKMs, where there might be a case of them
being built using one version of the ABI and used on system with another.
The main concern for "ABI" here is the set of KAUTH_* actions and requests
that is (for now) an enum. This note is likely to be removed as kauth(9)
is stablized -- hopefully before NetBSD 5.0.
okay christos@
While it's true that it's part of the traditional 4.4BSD security model,
there may come a time where a different "primary" security model used for
fine-grained privileges (ie., splitting root's responsibilities to various
privileges that can be assigned) may want to still have a securelevel
setting.
Idea from Daniel Carosone:
http://mail-index.netbsd.org/tech-security/2006/08/25/0001.html
The location of the removed files, for reference, was:
src/secmodel/bsd44/secmodel_bsd44_securelevel.c
src/secmodel/bsd44/securelevel.h
will be extended to other appropriate ports in future. Note as such in the
bugs section.
This is an MI man page, so should not be flagged as i386 in the header.
This allows easy configuration of banner text, console device and timeout
as well as allowing menus of commands to be displayed. If /boot.cfg
is not present, then the existing behaviour does not change.
The sections in the boot loader source are surrounded by #ifdef SMALL
allowing this functionality to be removed if space is at a premium.
and we need to add 1 to it to get the size of the LUN.
Revert Max LBA calculation when returning the Maximum LBA from the target
to the iinitiator, following an email conversation with Jonathan Kollasch,
who points out a number of things:
+ the NetBSD scsipi driver reads the value returned by the drive and adds
one to it, so that standard SCSI drives return the 0-based Max LBA in a
READ CAPACITY command.
+ it is up to the initiator to add 1 to the Max LBA to find out the size
of the LUN (Jonathan verified this by using the UNH iSCSI initiator on
to a NetBSD target)
+ an analogous change to the NetBSD target (revision 1.34 of
disk.c) is needed.
http://mail-index.netbsd.org/tech-kern/2007/11/09/0001.html
sysmon_envsys_create() and sysmon_envsys_destroy() were added to
create/destroy sysmon_envsys objects (and its TAILQ/LIST for sensors/events).
sysmon_envsys_sensor_attach() and sysmon_envsys_sensor_detach() were
added to attach/detach sensors to a specified sysmon_envsys device.
The events framework is now per device and configurable via the
ENVSYS_SETDICTIONARY ioctl or /etc/envsys.conf and envstat(8).
Update all users and documentation to reflect these changes.
- The driver now uses the Super I/O address port as port argument in
the configuration file. The Environmental Controller base address is
fetched by the Super I/O EC LDN configuration registers.
- Invalidate voltage sensors if data returned is 0xff.
- Use the Super I/O Global Configuration Registers Chip ID[12] and Device
Revision to store/print the correct information.
- Use only the Fan Extended Tachometer registers on IT871[68]F for now;
this gives us correct data for IT8705/IT8712F again.
Inspired by the smsc(4) driver. The UPDATING file has been updated to
reflect the rename.
Modify the afterboot(8) manual page to explain how to run the tests
installed alongside the system. This is something the user should do
after configuring it to ensure that it works and that it is stable on
his hardware.
This adds a new tests.tgz set to releases which includes all the tests
for the system. It is important to note that this set does not rely on
comp.tgz: a user of the system can run the tests without having the
development tools installed, which can be useful in a production machine.
This file simplifies the build of test programs, either written in C++
or in sh. It hides the internals of atf, e.g. by silently linking
against -latf or calling atf-compile.
It also takes care of installing an Atffile for each new test directory.
This adds support for a new set of variables, PROGS and PROGS_CXX, that
allow the developer to build multiple different programs from a single
source directory.
This change adds the ATF manual pages that are not tied to any specific
tool nor library. It also adds some distribution documentation to the
system, as this is linked to by the manual pages (plus we have to install
the license text to comply with its terms).
This adds reachover Makefiles to build the libatf library and enables it in
the parent Makefile.
Things to review in this change:
* Add proper version numbers in the shlib_version files.
* Is libatf properly listed in lib/Makefile? It theoretically needs
libstdc++, but the resulting binary library is not linked against it.
the code. This provides 14 voltage sensors in addition to the previous
3 temperature sensors supported in the TMS logical device.
Adapted from OpenBSD, tested by dyoung.
libpuffs.
With a round of applause to Antti Kantee for helping out with puffs
debugging, and a huge thank you to Greg Oster, who has fixed numerous
bugs over the last week (unfortunately, the bugs are all mine), and
provided enthusiasm and drive.
Right now, the initiator is fulling working for only a single target,
and should be considered to be in a state of flux. Having said that,
Greg completed a run of build.sh with the storage on the iSCSI target,
and found times to be within 0.5% of direct attached storage. Cache
effects apply.
The initiator should be portable to everything that uses the FUSE
interface. That's right - a portable iSCSI initiator.
Storage (LUNs exported by the target) is, at the present time,
presented as a regular file called "storage". This will likely
change in the future.
% priv obj/iscsifs -u agc inspiron1300 /mnt &
[1] 13158
inspiron1300.wherever.co.uk: 10.4.0.42:3260,1 iqn.1994-04.org.netbsd.iscsi-target:target0
inspiron1300.wherever.co.uk: 10.4.0.42:3260,1 iqn.1994-04.org.netbsd.iscsi-target:target1
% ls -al /mnt/inspiron1300.wherever.co.uk/target0/
total 576
drwxr-xr-x 2 agc agc 512 Nov 8 21:07 .
drwxr-xr-x 2 agc agc 512 Nov 8 21:07 ..
lrw-r--r-- 1 agc agc 44 Nov 8 21:07 hostname -> inspiron1300.wherever.co.uk
lrw-r--r-- 1 agc agc 9 Nov 8 21:07 ip -> 10.4.0.42
lrw-r--r-- 1 agc agc 16 Nov 8 21:07 product -> NetBSD iSCSI
-rw-r--r-- 1 agc agc 104857088 Nov 8 21:07 storage
lrw-r--r-- 1 agc agc 43 Nov 8 21:07 targetname -> iqn.1994-04.org.netbsd.iscsi-target:target0
lrw-r--r-- 1 agc agc 8 Nov 8 21:07 vendor -> NetBSD
lrw-r--r-- 1 agc agc 4 Nov 8 21:07 version -> 0
FFS needs a block device, and so vnconfig can be used to sit on top of
the regular file.
% mount -vv | grep iscsifs
/dev/puffs on /mnt type puffs|refuse:iscsifs (nosuid, nodev, fsid: 0xcb04/0x6acb, reads: sync 0 async 0, writes: sync 0 async 0)
% priv vnconfig vnd0 /mnt/inspiron1300.wherever.co.uk/target0/storage
% priv mount /dev/vnd0a /iscsi
% df
Filesystem 1K-blocks Used Avail %Cap Mounted on
/dev/dk0 28101396 21491182 5205146 80% /
kernfs 1 1 0 100% /kern
procfs 4 4 0 100% /proc
ptyfs 1 1 0 100% /dev/pts
/dev/puffs 0 0 0 100% /mnt
/dev/vnd0a 99214 8209 86045 8% /iscsi
% mount -vv | grep iscsi
/dev/puffs on /mnt type puffs|refuse:iscsifs (nosuid, nodev, fsid: 0xcb04/0x6acb, reads: sync 0 async 0, writes: sync 0 async 0)
/dev/vnd0a on /iscsi type ffs (local, fsid: 0xe00/0x78b, reads: sync 1 async 0, writes: sync 2 async 0)
servers. Calling daemon() (i.e. fork()ing) inside a library can
cause nice surprises for e.g. threaded programs. As discussed with
Greg Oster & others.
directories and Makefiles from src/usr.sbin/bind to src/lib; make
BIND libraries build shared. Saves about 1MB-1.5MB per installed
executable, about 5MB for a base+etc minimal installation of NetBSD.
