- Remove all NFS related stuff from file system specific code.
- Drop the vfs_checkexp hook and generalize it in the new nfs_check_export
function, thus removing redundancy from all file systems.
- Move all NFS export-related stuff from kern/vfs_subr.c to the new
file sys/nfs/nfs_export.c. The former was becoming large and its code
is always compiled, regardless of the build options. Using the latter,
the code is only compiled in when NFSSERVER is enabled. While doing this,
also make some functions in nfs_subs.c conditional to NFSSERVER.
- Add a new command in nfssvc(2), called NFSSVC_SETEXPORTSLIST, that takes a
path and a set of export entries. At the moment it can only clear the
exports list or append entries, one by one, but it is done in a way that
allows setting the whole set of entries atomically in the future (see the
comment in mountd_set_exports_list or in doc/TODO).
- Change mountd(8) to use the nfssvc(2) system call instead of mount(2) so
that it becomes file system agnostic. In fact, all this whole thing was
done to remove a 'XXX' block from this utility!
- Change the mount*, newfs and fsck* userland utilities to not deal with NFS
exports initialization; done internally by the kernel when initializing
the NFS support for each file system.
- Implement an interface for VFS (called VFS hooks) so that several kernel
subsystems can run arbitrary code upon receipt of specific VFS events.
At the moment, this only provides support for unmount and is used to
destroy NFS exports lists from the file systems being unmounted, though it
has room for extension.
Thanks go to yamt@, chs@, thorpej@, wrstuden@ and others for their comments
and advice in the development of this patch.
SCHED_OTHER happens to be 0, so this assignment to "int *" succeeds,
and becomes a no-op.
Fix by dereferencing "policy" to do the assignment, thus filling the
return buffer with 0.
Fixes first part of PR#31184. addrsort() was not exposed to the rest of
libc as it turns out not to be usable for getaddrinfo(), so a different
sorter will be implemented for that.
policies and enforcing them in programs.
Man-page written with much help and tips from David Maxwell, Hubert
Feyrer, and Thomas Klausner.
This bumps libutil minor to 7.
XXX: Need default policy to go in /etc/passwd.conf, and integration
into local/yp/PAM password changing code.
PR/10206.
The cause of this is that in the re-entrant case we block all signals until
we timeout. Convert this to use pollts and then grab the pending signals
and sigsuspend them.
XXX: We should really convert this to use kqueue, like FreeBSD did.
was done and that this behavior is not supposed to be portable. Filling
under the security considerations section because code not following the
guidelines given here can be "less secure".
- Merge 4.4BSD strerror.3 man page changes that summarize information
for all the error printing functions. This makes the perror(3) page
obsolete.
- Implement all error functions in terms of strerror_r(), including
__strerror() which is not used internally. Can it be removed?
- Bump version for strerror_r
XXX: All this is done backwards, and is a mess. Really the _foo.c files should
include the _foo function definition, not the foo.c files, like everywhere
else.
The current code resolves paths like `/foo/bar/', `/foo/bar/./', and
`/foo/bar/../', even if `bar' is a regular file and not a directory.
Reviewed by cube@.
system-specific values. Submitted by Chris Demetriou in Nov 1995 (!)
in PR kern/1781, modified only slighly by me.
This is enabled on a per-mount basis with the MNT_MAGICLINKS mount
flag. It can be enabled at mountroot() time by building the kernel
with the ROOTFS_MAGICLINKS option.
The following magic strings are supported by the implementation:
@machine value of MACHINE for the system
@machine_arch value of MACHINE_ARCH for the system
@hostname the system host name, as set with sethostname()
@domainname the system domain name, as set with setdomainname()
@kernel_ident the kernel config file name
@osrelease the releaes number of the OS
@ostype the name of the OS (always "NetBSD" for NetBSD)
Example usage:
mkdir /arch/i386/bin
mkdir /arch/sparc/bin
ln -s /arch/@machine_arch/bin /bin
under HAVE_NBTOOL_CONFIG_H for disktab.h as well. This means
disktab.h has to be installed in the nbinclude include directory.
(Failure mode: with TOOLDIR as a subdirectory of /usr, the host's disktab.h
got picked up, and not the in-tree copy.)
Reviewed by dyoung.
This is a workaround to make gcc's behavior consistent, since gcc can
transform:
printf("%s\n", s) -> puts(s)
fprintf(fp, "%s", s) -> fputs(s, fp)
as an optimization.
I've left the _DIAGASSERT's that make sure that s != NULL alone because we
should really still abort in a debugging environment.
- Change #ifdef VERIFIED_EXEC_VERBOSE to another verbose level, 2. Add
sysctl(3) bits.
- Simplify access type conflict handling during load. This depends on
the values of access type defines to be ordered from least to most
'strict'.
- Better organize strict level. Now we have 4 levels:
- Level 0, learning mode: Warnings only about anything that might've
resulted in 'access denied' or similar in a higher strict level.
- Level 1, IDS mode:
- Deny access on fingerprint mismatch.
- Deny modification of veriexec tables.
- Level 2, IPS mode:
- All implications of strict level 1.
- Deny write access to monitored files.
- Prevent removal of monitored files.
- Enforce access type - 'direct', 'indirect', or 'file'.
- Level 3, lockdown mode:
- All implications of strict level 2.
- Prevent creation of new files.
- Deny access to non-monitored files.
- Update sysctl(3) man-page with above. (date bumped too :)
- Remove FINGERPRINT_INDIRECT from possible fp_status values; it's no
longer needed.
- Simplify veriexec_removechk() in light of new strict level policies.
- Eliminate use of 'securelevel'; veriexec now behaves according to
its strict level only.
not correct since, as far as reading the source, it is impossible for
cgetset() to set such errno. I guess `seq' is not a typo of `set' but
abbreviation of `sequen...'.
and install ${TOOLDIR}/bin/${MACHINE_GNU_PLATFORM}-disklabel,
${TOOLDIR}/bin/${MACHINE_GNU_PLATFORM}-fdisk by "reaching over" to
the sources in ${NETBSDSRCDIR}/sbin/{disklabel fdisk}/.
To avoid clashes with a build-host's header files, especially on
*BSD, the host-tools versions of fdisk and disklabel search for
#includes such as disklabel.h, disklabel_acorn.h, disklabel_gpt.h,
and bootinfo.h in a new #includes namespace, nbinclude/. That is,
they #include <nbinclude/sys/disklabel.h>, <nbinclude/machine/disklabel.h>,
<nbinclude/sparc64/disklabel.h>, instead of <sys/disklabel.h> and
such. I have also updated the system headers to #include from
nbinclude/-space when HAVE_NBTOOL_CONFIG_H is #defined.
Provide a layer of indirection between the readline compatibility functions
and our internal implementation, so that we have the freedom to change the
function signature.
The place to change the completion_append_character is
usually somewhere in the `rl_completion_entry_function'
callback which is where one usually can distinguish between
file- or dir-like entries to append a slash for dirs etc.
This does no longer work since `fn_complete()' takes the
`append_character' as argument before the callback is executed,
so that changes to the variable `rl_completion_append_character'
have in fact no effect for the current completion.
Fix by adding a function that returns the rl_completion_append_character,
when it gets passed in a filename in readline emulation.
location so that an uninitialized `in' won't be used if net_i == BYADDR.
Detected with gcc -Wuninitialized, confirmed by diffing against BIND 4.9.11.
(The bug was introduced in rev 1.26. Hi Itojun! :)
