No user (except nobody) should be a member of the nobody group.
Reported by: rgrimes
Reviewed by: rgrimes
MFC after: 3 days
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D24199
The "kyua about" command assumes these files exist causing tests
supplied devel/kyua to fail.
Fix a bug defining the default KYUA_DOCDIR so the installed files can be
found.
Reported by: jenkins tests
Reviewed by: lwhsu
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D24187
Also mark it as config file so if a user changes this file pkg will attempt
to merge the new file upon an update.
device.hints is neither related to runtime or loader but it make more sense
to have it in loader in case some user delete /boot/ and wants to recreate it,
now only two packages are required FreeBSD-bootloader and the kernel package.
While here change where we override the package for files installed in /boot,
this allow us to keep other tags (such as config).
Reported by: pizzamig
Reviewed by: bapt pizzamig emaste
Differential Revision: https://reviews.freebsd.org/D24159
Having kyua in the base system will simplify automated testing in CI and
eliminates bootstrapping issues on new platforms.
The build of kyua is controlled by WITH(OUT)_TESTS_SUPPORT.
Reviewed by: emaste
Obtained from: CheriBSD
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D24103
Else when WITHOUT_SENDMAIL is set we still create a sendmail package
that contains (only) two directories.
Reviewed by: manu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D24149
As described in Warner's email message[1] to the FreeBSD-arch mailing
list we have reached GCC 4.2.1's retirement date. At this time all
supported architectures either use in-tree Clang, or rely on external
toolchain (i.e., a contemporary GCC version from ports).
GCC 4.2.1 was released July 18, 2007 and was imported into FreeBSD later
that year, in r171825. GCC has served us well, but version 4.2.1 is
obsolete and not used by default on any architecture in FreeBSD. It
does not support modern C and does not support arm64 or RISC-V.
Thanks to everyone responsible for maintaining, updating, and testing
GCC in the FreeBSD base system over the years.
So long, and thanks for all the fish.
[1] https://lists.freebsd.org/pipermail/freebsd-arch/2020-January/019823.html
PR: 228919
Reviewed by: brooks, imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D23124
The original intention for caroot was to be packaged separately, perhaps so
that users can have a more/less conservative upgrade policy for this
separated from the rest of base.
secure/caroot/Makefile doesn't have anything interesting to package, but its
subdirectories might. Move the PACKAGE= to Makefile.inc so both blacklisted
and trusted get packaged consistently into the correct one rather than the
default -utilities. Also tag the directories for package=caroot, as they
could also be empty; blacklisted is empty by default, but trusted is not.
Add a post-install script to do certctl rehash, along with a note should we
eventually come up with a way to detect that files have been added or
removed that requires a rehash.
-caroot gets a dependency on -utilities, as that's where we provide certctl
at the moment. We can perhaps reconsider this and put certctl into this
package in the future, but there are some bits within -utilities that
unconditionally invoke certctl so let's hold off for now.
Reviewed by: manu (earlier version, before -utilities dep added)
Differential Revision: https://reviews.freebsd.org/D23352
POSIX and en_US.US_ASCII are aliases (symlinks) to the C locale. They were
not previously tagged with a pkgbase pacakge. Add the tag so that they are
handled correctly on pkgbase-installed/updated systems.
[This is r356990 reapplied with a corrected commit message.]
Discussed with: manu
POSIX and en_US.US_ASCII are aliases (symlinks) to the C locale. They were
not previously tagged with a pkgbase pacakge. Add the tag so that they are
handled correctly on pkgbase-installed/updated systems.
Discussed with: manu
Add ATF tests for most gmultipath operations. Add some dtrace probes too,
primarily for configuration changes that happen in response to provider
errors.
PR: 178473
MFC after: 2 weeks
Sponsored by: Axcient
Differential Revision: https://reviews.freebsd.org/D22235
Each boot, regenerate /var/run/os-release based on the currently running
system. Create a /etc/os-release symlink pointing to this file (so that this
doesn't create a new reason /etc can not be mounted read-only).
This is compatible with what other systems do and is what the sysutil/os-release
port attempted to do, but in an incomplete way. Linux, Solaris and DragonFly all
implement this natively as well. The complete standard can be found at
https://www.freedesktop.org/software/systemd/man/os-release.html
Moving this to the base solves both the non-standard location problem with the
port, as well as the lack of update of this file on system update.
Bump __FreeBSD_version to 1300060
PR: 238953
Differential Revision: https://reviews.freebsd.org/D22271
Mount the UEFI ESP on /boot/efi. No current system uses this by default, but
there are many ad-hoc schemes that do this in /efi or /esp or /uefi and adding a
new directory at the top-level would have a much higher likelihood of
collision. Document this in /etc/mtree/BSD.root.mtree and create EFIDIR and
related variables in bsd.own.mk.
Differential Revision: https://reviews.freebsd.org/D21344
In order to ensure that changing the frag6 code does not change behaviour
or break code a set of test cases were implemented.
Like some other test cases these use Scapy to generate packets and possibly
wait for expected answers. In most cases we do check the global and
per interface (netstat) statistics output using the libxo output and grep
to validate fields and numbers. This is a bit hackish but we currently have
no better way to match a selected number of stats only (we have to ignore
some of the ND6 variables; otherwise we could use the entire list).
Test cases include atomic fragments, single fragments, multi-fragments,
and try to cover most error cases in the code currently.
In addition vnet teardown is tested to not panic.
A separate set (not in-tree currently) of probes were used in order to
make sure that the test cases actually test what they should.
The "sniffer" code was copied and adjusted from the netpfil version
as we sometimes will not get packets or have longer timeouts to deal with.
Sponsored by: Netflix
This setup will add the trusted certificates from the Mozilla NSS bundle
to base.
This commit includes:
- CAROOT option to opt out of installation of certs
- mtree amendments for final destinations
- infrastructure to fetch/update certs, along with instructions
A follow-up commit will add a certctl(8) utility to give the user control
over trust specifics. Another follow-up commit will actually commit the
initial result of updatecerts.
This work was done primarily by allanjude@, with minor contributions by
myself.
No objection from: secteam
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D16856
This commit fixes bug: command "jail -r" didn't trigger pre/post stop
commands (and others) defined in config file if jid is specified insted of
name. Also it adds basic tests for usr.sbin/jail to avoid regression.
Reviewed by: jamie, kevans, ray
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D21328
All of these are defined as mandatory by POSIX.
While here, mark all non-standard ones as FreeBSD-only as
other systems (at least, GNU/Linux and illumos) do not handle
them, so we should not encourage their use.
PR: 237752
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D21490
Summary:
- basic: test application of patches created by diff -u at the
beginning/middle/end of file, which have differing amounts of context
before and after chunks being added
- limited_ctx: stems from PR 74127 in which a rogue line was getting added
when the patch should have been rejected. Similar behavior was
reproducible with larger contexts near the beginning/end of a file. See
r326084 for details
- file_creation: patch sourced from /dev/null should create the file
- file_nodupe: said patch sourced from /dev/null shouldn't dupe the contents
when re-applied (personal vendetta, WIP, see comment)
- file_removal: this follows from nodupe; the reverse of a patch sourced
from /dev/null is most naturally deleting the file, as is expected based
on GNU patch behavior (WIP)
This patch fixes a bug that made the mixer command enter
an infinite loop when instructed to set the value of a device
to an empty string (e.g., `mixer vol ""`).
Additionally, some tests for mixer(8) are being added.
PR: 240039
Reviewed by: hselasky, mav
Approved by: src (hselasky, mav)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D21409
This commit imports the new fusefs driver. It raises the protocol level
from 7.8 to 7.23, fixes many bugs, adds a test suite for the driver, and
adds many new features. New features include:
* Optional kernel-side permissions checks (-o default_permissions)
* Implement VOP_MKNOD, VOP_BMAP, and VOP_ADVLOCK
* Allow interrupting FUSE operations
* Support named pipes and unix-domain sockets in fusefs file systems
* Forward UTIME_NOW during utimensat(2) to the daemon
* kqueue support for /dev/fuse
* Allow updating mounts with "mount -u"
* Allow exporting fusefs file systems over NFS
* Server-initiated invalidation of the name cache or data cache
* Respect RLIMIT_FSIZE
* Try to support servers as old as protocol 7.4
Performance enhancements include:
* Implement FUSE's FOPEN_KEEP_CACHE and FUSE_ASYNC_READ flags
* Cache file attributes
* Cache lookup entries, both positive and negative
* Server-selectable cache modes: writethrough, writeback, or uncached
* Write clustering
* Readahead
* Use counter(9) for statistical reporting
PR: 199934 216391 233783 234581 235773 235774 235775
PR: 236226 236231 236236 236291 236329 236381 236405
PR: 236327 236466 236472 236473 236474 236530 236557
PR: 236560 236844 237052 237181 237588 238565
Reviewed by: bcr (man pages)
Reviewed by: cem, ngie, rpokala, glebius, kib, bde, emaste (post-commit
review on project branch)
MFC after: 3 weeks
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Pull Request: https://reviews.freebsd.org/D21110
Add a common test suite for the firewalls included in the base system. The test
suite allows common test infrastructure to test pf, ipfw and ipf firewalls from
test files containing the setup for all three firewalls.
Add the pass block test for pf, ipfw and ipf. The pass block test checks the
allow/deny functionality of the firewalls tested.
Submitted by: Ahsan Barkati
Sponsored by: Google, Inc. (GSoC 2019)
Reviewed by: kp
Approved by: bz (co-mentor)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D21065
The rc.d/account script contains code to create the /var/account dir, so
it hadn't occurred to me that it is normally created via mtree; thanks to
jilles@ for pointing it out.
NANDFS has been broken for years. Remove it. The NAND drivers that
remain are for ancient parts that are no longer relevant. They are
polled, have terrible performance and just for ancient arm
hardware. NAND parts have evolved significantly from this early work
and little to none of it would be relevant should someone need to
update to support raw nand. This code has been off by default for
years and has violated the vnode protocol leading to panics since it
was committed.
Numerous posts to arch@ and other locations have found no actual users
for this software.
Relnotes: Yes
No Objection From: arch@
Differential Revision: https://reviews.freebsd.org/D20745
Add some basic regression tests to verify behavior of both uint128
implementations at typical boundary conditions, to run on all architectures.
Test uint128 increment behavior of Chacha in keystream mode, as used by
'kern.random.use_chacha20_cipher=1' (r344913) to verify assumptions at edge
cases. These assumptions are critical to the safety of using Chacha as a
PRF in Fortuna (as implemented).
(Chacha's use in arc4random is safe regardless of these tests, as it is
limited to far less than 4 billion blocks of output in that API.)
Reviewed by: markm
Approved by: secteam(gordon)
Differential Revision: https://reviews.freebsd.org/D20392
ioctl definitions and related datatypes that allow userland control of pwm
hardware via the pwmc device. The new name and location better reflects its
assocation with a single device driver.
libunwind and openmp to the upstream release_80 branch r363030
(effectively, 8.0.1 rc2). The 8.0.1 release should follow this within a
week or so.
MFC after: 2 weeks
Add the MK_MAIL dependant file to the runtime package as well as the
MK_KERBEROS ones the empty locate database, the FreeBSD copyright file
and the GENERIC.hints.
Tag the unbound link from /etc to /var to belong in the unbound package.
Reviewed by: bapt
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D20607
This way every directory is at least present in packages.
While here tag some directory from being in sendmail or dma
Reviewed by: bapt
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D20605
Create two tests checking if we can read urgs registers and if the
rax register returns a correct number.
Reviewed by: markj
Discussed with: lwhsu
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D20364
the followup stopgap change, because I don't think it's a correct. I still
need to figure out where to stick it in. In cannot be in Makefile.inc1
and it cannot be in etc/Makefile from the looks of it to avoid
chicken-and-egg problem.
install -> ${INSTALL}
mtree -> ${MTREE_CMD}
services_mkdb -> ${SERVICES_MKDB_CMD}
cap_mkdb -> ${CAP_MKDB_CMD}
pwd_mkdb -> ${PWD_MKDB_CMD}
kldxref -> ${KLDXREF_CMD}
If you do custom FreeBSD builds you may want to override those
in some cases.
Sponsored by: Sippy Software, Inc.
Use the .PATH mechanism instead so keep installing them from lib/libc/gen
While here revert 347961 and 347893 which are no longer needed
Discussed with: manu
Tested by: manu
ok manu@
libc was picked as the destination location for these because of the syscalls
that use these files as the lowest level place they are referenced.
Approved by: will (mentor), rgrimes, manu
Differential Revision: https://reviews.freebsd.org/D16728
passwd related files need to be tagged as config file so pkg update
will attempt merging them when we install a new package.
We should use CONFS for that.
Revert for now until I come up with a better version of this patch as
it breaks pkgbase for users.
It only tests the kernel portion of fuse, not the userspace portion (which
comes from sysutils/fusefs-libs). The kernel-userspace interface is
de-facto standardized, and this test suite seeks to validate FreeBSD's
implementation.
It uses GoogleMock to substitute for a userspace daemon and validate the
kernel's behavior in response to filesystem access. GoogleMock is
convenient because it can validate the order, number, and arguments of each
operation, and return canned responses.
But that also means that the test suite must use GoogleTest, since
GoogleMock is incompatible with atf-c++ and atf.test.mk does not allow C++
programs to use atf-c.
This commit adds the first 10 test cases out of an estimated 130 total.
PR: 235775, 235773
Sponsored by: The FreeBSD Foundation
Summary:
Now that mpc85xx can boot via ubldr, move ubldr to a separate
filesystem, mounted on /boot/uboot, so that a fresh install can boot correctly.
Reviewed By: nwhitehorn
Differential Revision: https://reviews.freebsd.org/D18709
Import the unit tests from upstream (https://github.com/luigirizzo/netmap
ba02539859d46d33), and make them ready for use with Kyua.
There are currently 38 regression tests, which test the kernel control ABI
exposed by netmap to userspace applications:
1: test for port info get
2-5: tests for basic port registration
6-9: tests for VALE
10-11: tests for getting netmap allocator info
12-15: tests for netmap pipes
16: test on polling mode
17-18: tests on options
19-27: tests for sync-kloop subsystem
28-39: tests for null ports
31-38: tests for the legacy NIOCREGIF registers
Reviewed by: ngie
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D18490
iBCS2 was disconnected from the build in 2015 (see r291419)
bsdconfig parts submitted by dteske.
Reviewed by: kib (previous version)
Sponsored by: The FreeBSD Foundation
o Dynamically load all the .so files found in /libexec/nvmecontrol and
/usr/local/libexec/nvmecontrol.
o Link nvmecontrol -rdynamic so that its symbols are visible to the
libraries we load.
o Create concatinated linker sets that we dynamically expand.
o Add the linked-in top and logpage linker sets to the mirrors for them
and add those sets to the mirrors when we load a new .so.
o Add some macros to help hide the names of the linker sets.
o Update the man page.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D18455
fold
These tests operate on a file-backed zpool that gets created in the kyua
temp dir. root and ZFS support are both required for these tests. Current
tests cover create, destroy, export/import, jail, list (kind of), mount,
rename, and jail.
List tests should later be extended to cover formatting and the different
list flags, but for now only covers basic "are create/destroy actually
reflected properly"
MFC after: 3 days
then runs these from the base test programs. With this we can check
crtbeginS.o and crtendS.o are working as expected.
MFC with: r339738
Sponsored by: DARPA, AFRL
This leverages CONFS to handle the install.
Approved by: re (blanket, pkgbase), bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D17240
This leverages CONFS to handle the install. lib80211 was picked because it is
where this file is actually used from.
Approved by: re (blanket, pkgbase), will (mentor)
Differential Revision: https://reviews.freebsd.org/D17229
This leverages CONFS to handle the install.
Approved by: re (blanket, pkgbase), will (mentor)
Differential Revision: https://reviews.freebsd.org/D17217
This leverages CONFS to handle the install and purges an old comment.
Approved by: re (blanket, pkgbase), bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D17215
This leverages CONFS to handle the install of the config file.
Approved by: re (blanket, pkgbase), will (mentor)
Differential Revision: https://reviews.freebsd.org/D17162
This leverages CONFS to handle the install of the config file.
Approved by: re (gjb), will (mentor)
Differential Revision: https://reviews.freebsd.org/D17159
This uses relative paths to make it more specific to avoid any potential
future problems with .PATH and leverages CONFS.
libc was picked as the destination location for these because of the syscalls
that use these files as the lowest level place they are referenced.
Approved by: re (gjb), will (mentor)
Differential Revision: https://reviews.freebsd.org/D17163
This uses relative paths to make it more specific to avoid any potential
future problems with .PATH and leverages CONFS.
libc was picked as the destination location for these because of the syscalls
that use these files as the lowest level place they are referenced.
Approved by: re (gjb), will (mentor)
Differential Revision: https://reviews.freebsd.org/D17164
Restore the original behavior of unlink(1), passing the provided filename
directly to unlink(2), handling the first argument being "--" correctly.
This fixes "unlink -foo", broken in r97533.
PR: 228448
Submitted by: Brennan Vincent <brennan@umanwizard.com> (original version)
Submitted by: Yuri Pankov
Reported by: Brennan Vincent <brennan@umanwizard.com>
Reviewed by: emaste, kevans, vangyzen, 0mp
Approved by: re (delphij)
Differential Revision: https://reviews.freebsd.org/D17132
And simplify this a little by flattening the directory structure.
Approved by: re (gjb), will (mentor)
Differential Revision: https://reviews.freebsd.org/D16955
This is pkgbase related as it switches to CONFS to properly tag this as a
config file.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16848
This is related to pkgbase as it uses CONFS to properly tag these as config
files.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16785
This helps with pkgbase by switching to CONFS so they are properly tagged as
config files.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16833
Thsi helps with pkgbase by switching to CONFS so that ftpusers will be
properly tagged as a config file.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16787
This helps with pkgbase as it switches these to use CONFS which properly tags
them as config files.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16783
This helps with pkgbase as it switches these to using CONFS so they are
properly tagged as config files.
Approved by: will (mentor), imp
Differential Revision: https://reviews.freebsd.org/D16781
This fixes the build and I will redo these changes as part of a future review
that organizes them differently. The way I tried to do it here could be done
better. Sorry for the noise.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16737
This moves the symlink creation to after where the files are installed.
This also inverts the shell change so that it only happens if MK_TCSH is on.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16725
This helps with pkgbase by using CONFS and tagging these as config files.
Approved by: allanjude (mentor), des
Differential Revision: https://reviews.freebsd.org/D16678
This simplifies pkgbase by migrating these to CONFS so they are properly
tagged as config files.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16708
This program is currently failing, and has been for >6 months on HEAD.
Ideally, this should be run 24x7 in CI, to discover hard-to-find bugs that
only manifest with concurrent i/o.
Requested by: lwhsu, mmacy
This is pkgbase related as it uses CONFS to tag the file as a config file
Approved by: AllanJude (mentor)
Sponsored by: Essen Hackathon
Differential Revision: https://reviews.freebsd.org/D16693
This is related to pkgbase and changes these to use CONFS so that these are
tagged as config files.
Approved by: AllanJude (mentor)
Sponsored by: Essen Hackathon
Differential Revision: https://reviews.freebsd.org/D16694
This helps with pkgbase by using CONFS to tag these as config files.
Approved by: allanjude (mentor), ian, cy
Sponsored by: Essen Hackathon
Differential Revision: https://reviews.freebsd.org/D16661
This makes pkgbase easier by tagging these as CONFS so they are properly
tagged as config files.
Approved by: will (mentor)
Sponsored by: Essen Hackathon
Differential Revision: https://reviews.freebsd.org/D16553
This helps with pkgbase as it tags this as a config file so it is handled as
such
Approved by: allanjude (mentor)
Sponsored by: Essen Hackathon
Differential Revision: https://reviews.freebsd.org/D16673
This helps with pkgbase as this config file will now be tagged as a config
file
Approved by: allanjude (mentor)
Sponsored by: Essen Hackathon
Differential Revision: https://reviews.freebsd.org/D16674
This helps with pkgbase to tag this config file as a config file.
Approved by: allanjude (mentor), will (mentor)
Differential Revision: https://reviews.freebsd.org/D16559
This helps pkgbase as this config file will now be tagged as a config file.
Approved by: allanjude (mentor)
Differential Revision: https://reviews.freebsd.org/D16675
This helps with pkgbase as these config files will be properly tagged as
config files.
Approved by: allanjude (mentor), oshogbo
Differential Revision: https://reviews.freebsd.org/D16679
The main dhclient process is Capsicumized but also chroots to
restrict filesystem access. With r322369, pidfile(3) maintains a
directory descriptor for the pidfile, which can cause the chroot
to fail in certain cases. To minimize the problem, only chroot
if we fail to enter capability mode, and store dhclient pidfiles
in a subdirectory of /var/run, thus restricting access via
pidfile(3)'s directory descriptor.
PR: 223327
Reviewed by: cem, oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D16584
This is prep for pkging base and helps tag and install config files with the
correct packages.
Approved by: bapt (mentor)
Differential Revision: https://reviews.freebsd.org/D16493
This keeps most startup scripts as CONFS per discussion on src-committers from
back during BSDCan.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16466
Ntpd needs only a subset of full root privileges to do its job. Specifically
it needs the ability to manipulate system time, and to re-bind to a
privileged UDP port after interface changes. The mac_ntpd(4) policy module
(see r336525) can grant these privs.
These changes detect the availability of mac_ntpd(4). If enabled, and if the
ntpd configuration is fairly vanilla, it automatically runs ntpd as the
non-root user 'ntpd' (uid 123). "Vanilla" means the config doesn't include
command line or ntp.conf options changing the location of files or using any
files/dirs likely to be inaccessible to user ntpd. Ntpd can still run as
non-root when using such options, but the admin must ensure all required
files and dirs are accessible, and then set ntpd_user=ntpd in rc.conf.
Note that these changes also address PR 199127 by using the command_args
technique suggested in the patch. They also tangentially address PR 113552,
which is primarily about inconsistent filenames in documentation, but some
of the inconsistancy was caused by old code in rc.d/ntpd which is leftover
from the intial import from netbsd. There was code to do chroot setup which
required the use of the netbsd clockctl(4) device; that code never had any
effect on freebsd, because we lack that device and don't build ntpd with the
options that would allow using it.
PR: 113552 199127
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D16050
Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.
This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.
Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.
Differential Revision: https://reviews.freebsd.org/D16281
Add src.conf knob to disable the installation of /var/db/services.db
Default to leaving services.db in place, but allow the removal of the
file and its creation with a src.conf knob.
This file ends up being 2MB in size. For small systems this is a waste
of space but its a tradeoff.
Reviewed by: bdrewery
Differential Revision: https://reviews.freebsd.org/D9655
By using INSTALL_LINK instead of calling ln during install the files
end up in the METALOG file as well if we use -DNO_ROOT and will be
included in a disk image when using makefs with METALOG as the input.
The other file that was not included in METALOG was /var/db/services.db
which is now also included for -DNO_ROOT.
Approved By: brooks (mentor)
Differential Revision: https://reviews.freebsd.org/D15665
