Age | Commit message (Collapse) | Author |
|
|
|
|
|
to the old /etc/security script because daily sourced it.
Now we fork and exec, so SUIDSKIP must be promoted to the environment.
Problem reported, fix tested and ok weerd@.
|
|
Also pointed out by Mattieu Baptiste <mattieu dot b at gmail dot com>, thanks.
|
|
By default, rc.{local,shutdown} don't output anything anymore.
original idea from schwarze@
discussed with deraadt@ and no objection from millert@
ok schwarze@ robert@
|
|
|
|
"no objection" drahn@
|
|
so stop it from trying to check itself for changes;
noticed by Mattieu Baptiste <mattieu dot b at gmail dot com>.
|
|
does not require special permissions. The security(8) scripts hates
group-writeable home directories, so remove the needless permissions.
Issue noticed by Andrew Fresh <andrew at afresh1 dot com>.
If i understand naddy@ correctly, this is unlikely to harm even UUCP users.
"Just remove the group writeable bit" deraadt@.
|
|
asked by/ok deraadt@, ajacoutot@
|
|
In effect, this removes the "old" vndX nodes, and renames
the svndX nodes to vndX.
Old svndX nodes will still continue to work though, for now.
Cleanup accordingly.
ok deraadt@, todd@
comments and ok on the man page bits from jmc@
|
|
deraadt@ suggests to remove the old file right away.
|
|
to the new Perl script /usr/libexec/security.
The new script was tested by sthen@ and ajacoutot@.
Committing now due to repeated prodding from deraadt@.
In case problems show up, they will be fixed in tree.
|
|
ok deraadt@
|
|
ok phessler@ sthen@
|
|
|
|
cumbersome to use with compressed files. Idea from ian@ following
a discussion started with a diff to last(1) from by Peter Philipp.
ok martynas@ mk@ millert@
|
|
ok dcoppa@ phessler@ jasper@ landry@ rpointel@ giovanni@ ajacoutot@ henning@
no problem jmc@
|
|
in install image creation and no longer required.
ok deraadt@
|
|
the boot cd image.
ok deraadt@
|
|
- As noticed by ajacoutot@, re_format(7) does not treat '\t' as a tab,
so some t's got stripped from daemon names.
- The tr(1) failed to sanitize mixtures of blanks and tabs.
ok ajacoutot@
|
|
- Use the URL filter to block www.example.com/
- Use "forward to destination" instead of "forward to nat lookup" to use
divert-to instead of rdr-to in PF.
|
|
- (ok) is only printed while in interactive mode, but (failed) stays
even for rc if the command fails
ok ajacoutot@
|
|
ok schwarze@
|
|
While it is a terribly cool idea, it's just awful and since noone has stepped
up to the plate to keep it up with the current vop state, retire it to the
attic.
ok krw@, deraadt@, guenther@, miod@.
comments from jmc@
|
|
Pointed out by aja@
|
|
ok otto@, aja@
|
|
from Piotr Sikora
ok robert@
|
|
ARPSEND, ARPCHECK. Drop support for 'media', 'medium' and 'alias'
specifications in dhclient.conf. Old leases still parse but these
options now have no effect.
Be more polite and decline all offers we don't accept. Fix a IMSG
length check.
Many expressions of support at various bars.
ok henning@ deraadt@ beck@
|
|
|
|
ok robert@
|
|
ok ajacoutot@
|
|
|
|
After discussion with bluhm@, fgsch@, sthen@ and deraadt@
claudio@ and sthen@ ok.
|
|
so remove that test condition. Commented by schwarze@, OK ajacoutot@
|
|
gets called from rc.local or rc.shutdown
- notify the user if a given operation was successfull or not by appending
the (ok) or (failed) strings to the end of the daemon name
- hide stdout and stdin unless RC_DEBUG=1 is set, otherwise all the function
names will be printed out and all output sent to stdin or stdout
- since from now on rc.subr is taking care of printing out the daemon names
on startup, we don't need to do this from rc.{local,shutdown} anymore
brainkilling work done by me and ajacoutot@, ok ajacoutot@
|
|
don't rc_post if rc_stop failed.
"I agree with the direction" sthen@
ok robert@
|
|
Use $() constructs as it's safer than ``.
Both req. by deraadt@
Use pkill instead of pgrep in rc_check so that we don't need to fiddle
with redirections in reload.
prodded by schwarze@
ok robert@
|
|
ok robert@
|
|
rc_stop so scripts don't need to set it.
ok sthen@ (on a much bigger diff) robert@
|
|
rc_cmd start/stop actions. This way when rc.d(8) scripts override these
functions, we don't loose rc_{pre,post}.
Add a max 5 secs loop after rc_stop in the rc_cmd top action. This seems
to be a good default for returning to command line only after the daemon
has really stopped. This fixes "restart" for some daemons and allows to
properly stop some others at shutdown time.
Note that this is just a best-effort default, some daemons may need a
lot more time to shutdown but this case is usually handled in the
rc.d(8) script itself and we obviously do not want to hang the shutdown
process.
Call rc_cmd start/stop in restart and _not_ rc_start/rc_stop which can
get overriden in a script.
discussed with and inputs from sthen@ and schwarze@
ok sthen@ robert@
|
|
a daemon in the background.
man page tweaks from schwarze@
discussed with an ok schwarze@ robert@
|
|
ok robert@ espie@ miod@
|
|
by default, adjust comments in sysctl.conf; ok markus, tedu, djm, miod
|
|
prodded by espie@
ok miod@
|
|
in a better place to make it more readable.
ok jmc@ and miod@
|
|
|
|
|
|
|
|
non-routeable prefixes. While there sort list.
Diff provided by Andre Keller.
|