otto
3eeb2e7bb1
stray tab
8 years ago
otto
2c67f40d2b
Beter implementation of chunk canaries: store size in chunk meta data
instead of chunk itself; does not change actual allocated size; ok tedu@
8 years ago
otto
bc56bde8af
first set -max limit, then -cur, otherwise if -cur si higher than the current
max, it won't be set. noted by Evgeny Grin; ok millert@
8 years ago
reyk
42edcd1a3c
Add _switchd
8 years ago
reyk
9e0f589208
Add switchd
OK deraadt@
8 years ago
reyk
b2bce7db2b
Move vmd down as VMs might need the host's dhcpd, httpd etc. on startup.
OK mlarkin@ deraadt@
8 years ago
natano
78234d860d
Print the root check error message to stderr. While there add the name
of the target to the message to be more descriptive.
ok deraadt tb
8 years ago
natano
c2efbb75c6
Build kernels as root for now. Otherwise we run into permission issues
when the source tree is not owned by ${BUILDUSER}.
ok deraadt
8 years ago
deraadt
3ed076289c
conditionally create obj & xobj same way that src is handled
ok natano
8 years ago
reyk
609593cdaf
Change switch "wireless" to another example - bridging from VM to
wireless in station mode is not supported.
8 years ago
natano
e46707e627
De-escalate to an unprivileged users during 'make build' and 'make release'.
- If you start make build as root, everything will be run as root.
Nothing new here. New is, that you can set BUILDUSER=somebody and the
unprived parts will be run as somebody.
- If you start make build with sudo, the unprived parts will be run as
the real user (meaning YOU). You can still set BUILDUSER=somebody and
the uprived parts will run as somebody.
- If you start make build as a normal user it will error out. "I'm sorry
Dave."
Note that DESTDIR must be on partition with the noperm flag set for make
release to work correctly as an unprivileged user.
idea and ok deraadt
input and ok tb ratchov millert
rpe, halex and probably others where part of the conversation to make
this happen, thanks!
8 years ago
reyk
3cf60d9933
Add support for enhanced networking configuration and virtual switches.
See vm.conf(5) for more details.
OK mlarkin@
8 years ago
deraadt
6e7bb827b6
stop supporting SUDO builds. Something better is coming, so let's
align everyone who is using SUDO builds towards the new strategy.
ok natano
8 years ago
rzalamena
c82eb97e2b
Fix a possible bug that will happen with dup2() when oldd == newd. In that
case the dup2() would fail silently and the descriptor would remain with
the CLOEXEC flag causing the exec*()d child process to have unexpected
behavior.
ok guenther@
8 years ago
rpe
a74bbb4921
Run acpidump(8) at system startup and store ACPI tables in the
/var/db/acpi directory. Later sendbug(1) will use this data in
bug reports. That directory is created by mtree.
idea from and OK deraadt
OK kettenis
8 years ago
rzalamena
fde1b1ebfa
Delay switch(4) interface start up so it can attach virtual interfaces
like vether(4).
nits from and ok benno@, phessler@
8 years ago
florian
b0402396e0
Add unprivileged user for traceroute.
Input deraadt@
OK benno@, sthen@
8 years ago
otto
d5dc0eab45
+ _ping
8 years ago
rzalamena
4c66ab656c
Teach ntpd(8) constraint process to use exec*() instead of just forking,
with this change we get the pledge() ability back to the parent process.
some tweaks from and ok reyk@
8 years ago
rzalamena
4e462f2ebb
Teach ntpd(8) how to use socket status to shutdown the daemon. While at
it, remove some verbose shutdown messages that we had before with pipe
close.
ok reyk@
8 years ago
florian
2334a0c4bb
Add _ping user/group.
OK natano on a previous diff which used a different uid/gid.
naddy@ pointed out that uid/gid was already taken on "important" systems.
Turns out we cannot easily recycle freed up uids/gids so settle on 51.
8 years ago
ajacoutot
602fe81286
Add /etc/acme-client.conf to mtree/special and changelist.
ok deraadt@ sthen@ florian@
8 years ago
sthen
aec1cfb695
Unhook sqlite3.
8 years ago
florian
3a32ce7c2e
the account key(s) live in /etc/acme; OK benno@
8 years ago
guenther
1a1f277cca
Delete casts to off_t and size_t that are implied by assignments
or prototypes. Ditto for some of the char* and void* casts too.
verified no change to instructions on ILP32 (i386) and LP64 (amd64)
ok natano@ abluhm@ deraadt@ millert@
8 years ago
fcambus
813db82ee8
Remove duplicated includes in stdlib.h and termios.h
OK guenther@
8 years ago
kettenis
4309688d40
Add dl_unwind_find_exidx prototype.
ok guenther@
8 years ago
deraadt
b52328de7e
fix build
8 years ago
benno
98c570899b
add a config file parser to acme-client (unused at the moment, so that
it can be worked on in the tree).
ok florian@ deraadt@
8 years ago
otto
814803d97e
move page junking tp unmap(), right before we stick the region in the cache;
ok tedu@
8 years ago
tj
8ce39310c5
pathnames for cert and key files need to be quoted.
reported by brynet
8 years ago
tj
487822ca09
add example certificate and key files generated with acme-client.
ok florian
8 years ago
rpe
3a5d0b50bb
Do the same with less code.
OK halex
8 years ago
rzalamena
1305c0d5de
Teach ntpd(8) how to fork+exec.
ok reyk@, bcook@
8 years ago
reyk
5ec8dcba4c
Add clarifications ("comments") to three places where it wasn't
obvious why it is implemented this way. The whole idea of constraints
is to isolate them as much as possible, in a semi-paranoid way.
OK rzalamena@
8 years ago
reyk
d7b0c49beb
Fix copyright disclaimer in util.c.
OK from the original author Alexander Guy
8 years ago
deraadt
06d7c247a7
proxy uid/gid was split up for seperate purposes; it can go away now.
8 years ago
guenther
8d9d32898a
Don't declare select() in <unistd.h>
ok deraadt@ millert@
8 years ago
guenther
11f3477fd6
Change the (unused) restimespec member of __res_state from a timespec
to a local equivalent to eliminate a dependency on <sys/time.h> being
included
ok deraadt@ millert@
8 years ago
deraadt
9bcab78028
sync
8 years ago
deraadt
fdcee9a45a
cua/tty nodes only need group dialer, the initial uid does not
matter much -- and "uucp" is just stupid in 2016.
ok rpe
8 years ago
natano
544096f84b
Set owner for /etc/{passwd,pwd.db,spwd.db} and /var/sysmerge/etcsum.
from rpe
8 years ago
matthieu
d91cf0ef18
Add a few directories missed in the past
8 years ago
natano
6b2e1028fe
The /etc/{localtime,rmt}, /var/tmp and /sys symlinks and the etc tarball
should be owned by root.
ok deraadt
8 years ago
deraadt
619a6f195c
sync
8 years ago
deraadt
843be9ae0a
extra spaces
8 years ago
rpe
a730e307f5
Unbreak ksh.kshrc by using a MI way of finding out the console device name.
Found by landry
OK deraadt
8 years ago
rpe
28d5c57ffe
Simplify setting the USER and UID variables.
While here, convert `` to $().
OK halex
8 years ago
rpe
f9cc010b3f
Remove remnants of rlogin, it's long gone (2002).
OK halex
8 years ago
rpe
bd8116bbf7
Identation
OK halex, krw
8 years ago