From now on rc(8) is going to call these scripts to start them up on boot
in the same order than before.
In addition the inetd and rwhod variables in rc.conf are deprecated so that
inetd_flags and rwhod_flags should be used. The old flags are still going
to be used for some time to allow users to switch.
There are more rc modifications to come later so let's put this in so
we can base more work on this.
It is important to mention that you can still keep using rc.local just
like the way you did before, and we have no intention to remove that either.
I'd also like to thank ajacoutot@, halex@, sthen@ and schwarze@ for working
on this with me.
VAX port. This means, 11/7xx, VAX6000 and VAX8x00 systems, as well as SBI,
CMI, BI, XMI and MASSBUS drivers.
Most of these files were not being compiled or kept in compilable state over
the years anyway.
i386. Stop abusing it on other archs for controling a shutdown by
pressing the soft power button:
* Add a MI sysctl hw.allowpowerdown; if set to 1 (the default) it
allows a power button shutdown.
* Make acpi(4)/acpibtn(4) honor hw.allowpowerdown.
* Switch the various power button intercepts on landisk, sgi, sparc64
and zaurus over to hw.allowpowerdown.
* Garbage collect the machdep.kbdreset sysctl on all archs other than
amd64 and i386.
ok miod@
* Instead of nesting subshells, perform a linear series of operations
and bail out as soon as one of them fails.
* Rename rc_print to rc_exit, let it calculate the exit code itself
and let it exit, considerably simplifying error handling; new name
suggested by sthen@.
OK ajacoutot@ sthen@
disks and scsi id#3 as the boot device, by all means, use DUIDs to mount your
filesystems and it won't matter what sd unit number the boot disk attaches with.
the correct code according whether the daemon did start successfully or
not.
rc_wait()
This function has been extended, first we need to pass in which mode we
are running (start or stop) and second we can pass a number of seconds
to wait (optionnal, will default to 30s).
The function will return the correct code whether we are running during
"rc_cmd start" or "rc_cmd stop".
rc_cmd() start
If we are running in background mode, then we call rc_wait with the
"start" argument.
The sleep(1) is needed to prevent a race condition where the process
will appear in the list before failing and rc_check will see it as
running. Call rc_post() when failing to prevent being left in an
inconsistent state (because rc_pre() would have run successfully)
rc_cmd() stop
We are now calling rc_wait with the "stop" argument.
"looks good" sthen@, ok robert@
to the old /etc/security script because daily sourced it.
Now we fork and exec, so SUIDSKIP must be promoted to the environment.
Problem reported, fix tested and ok weerd@.
By default, rc.{local,shutdown} don't output anything anymore.
original idea from schwarze@
discussed with deraadt@ and no objection from millert@
ok schwarze@ robert@
does not require special permissions. The security(8) scripts hates
group-writeable home directories, so remove the needless permissions.
Issue noticed by Andrew Fresh <andrew at afresh1 dot com>.
If i understand naddy@ correctly, this is unlikely to harm even UUCP users.
"Just remove the group writeable bit" deraadt@.
In effect, this removes the "old" vndX nodes, and renames
the svndX nodes to vndX.
Old svndX nodes will still continue to work though, for now.
Cleanup accordingly.
ok deraadt@, todd@
comments and ok on the man page bits from jmc@
to the new Perl script /usr/libexec/security.
The new script was tested by sthen@ and ajacoutot@.
Committing now due to repeated prodding from deraadt@.
In case problems show up, they will be fixed in tree.
cumbersome to use with compressed files. Idea from ian@ following
a discussion started with a diff to last(1) from by Peter Philipp.
ok martynas@ mk@ millert@
- As noticed by ajacoutot@, re_format(7) does not treat '\t' as a tab,
so some t's got stripped from daemon names.
- The tr(1) failed to sanitize mixtures of blanks and tabs.
ok ajacoutot@
- Use the URL filter to block www.example.com/
- Use "forward to destination" instead of "forward to nat lookup" to use
divert-to instead of rdr-to in PF.
robert