| Age | Commit message (Collapse) | Author |
|---|
|
zap some trailing whitespace while here;
|
|
that. Problem introduced since tftp-proxy and ftp-proxy have separate
nonpriv users.
OK deraadt@
|
|
until daemonized and syslog as well. make logerr() work more like err().
|
|
error message
|
|
console after startup. This calls 'cu -l $TTY -s 9600' internally -
a "safe mode" for cu is proposed by tedu@.
Requested by mlarkin@
OK tedu@ on the execl/cu chunk
|
|
recvfd inet"
ok reyk@
|
|
|
|
|
|
|
|
|
|
definitely don't want to receive it unexpectedly.
|
|
ok jmc@
|
|
- add a bit more detail about config alternative file
and add -d while here.
manpage help from jmc@ schwarze@ thanks a lot!
OK tedu jmc schwarze
|
|
the configuration in vmctl directly, it now sends a (re)load request
to vmd. The reload also resets the existing configuration status -
this doesn't do much difference yet but a future change will compare
if a specified VM is already running. "load" will allow to add
configuration, while "reload" resets the state before loading.
|
|
|
|
|
|
As discussed with mlarkin@ and deraadt@
|
|
|
|
original diff from Renaud Allard
ok gilles
|
|
ok claudio
|
|
|
|
|
|
if the host fails the SLA check. patch from Brian S. Vangsgaard.
ok reyk@
|
|
vmm.conf(5) in vmmctl. For a short time, both vmd and vmmctl will
support a configuration file, but vmmctl will be changed to send
"load" requests to vmd instead of loading and parsing the file
directly.
|
|
|
|
restrict write operations (start/stop/terminate/load) to root for now,
but allow others to obtain the status. A more sophisticated model will
follow later, but this change prevents non-root users, even if in the wheel
group, to start vms and thus to open any files read-writable as disks.
|
|
From Jan Schreiber
|
|
|
|
This is in the way for ospfd pledge so in it goes. OK benno@
|
|
he is right.
ok claudio@
|
|
|
|
|
|
from localhost, but then fail to forward them. this causes the resolver
to stall waiting for timeouts in situations where it would otherwise fail
quickly. we don't know this happens until it's too late, but we can push
the resolver forward by sending back empty replies.
ok deraadt
|
|
from Gregor Best, discussed with florian
|
|
|
|
"vmm" with reduced privileges:
- the "parent" opens fds (disks, ifs, etc.) but runs as root but pledged as
"stdio rpath wpath proc tty sendfd".
- the "vmm" process handles the creation and supervision of vm processes,
and the primary communication with the vmm(4) subsystem. It runs as _vmd
in the chroot but does not use pledge, as the vmm ioctls are not allowed
by any pledge model yet.
With this change, vmd starts to track the configuration state of VMs
in vmd and will allow other things later (like terminating a vm by
name, moving the configuration parser to vmd, ...). More incremental
changes will follow.
|
|
with a hash generated from different data and calculate modulo
rlt->rlt_nhosts to find the host the session should go to. If this
host is down, the current algorithm simply selects the next host that
is up, obviously not ideal, because this puts heavier load on this
next host.
this changes the algorithm: if the chosen host is not available, the
hash value is recalculated and and retried until a host that is usable
is found or a maximum of retires is reached (in that case the old
method is used).
ok and nice input on my original idea bluhm@
|
|
|
|
|
|
|
|
so add a shortcut proc_compose*() that skips all of them. Only use the
full argument list if needed. The functions with full argument lists can
eventually be replaced with a nicer transaction-based approach later.
OK benno@
|
|
ok tedu
|
|
initially left it out because I didn't have a need for it. But it is
actually quite useful to carry a reference to the imsg data context
across processes.
|
|
adding a missing bit.
|
|
process into multiple parts and adopting the "proc.c"-style from other
daemons. This allows to further reduce the privileges, to give better
pledge(2), and to add some upcoming changes.
"please do" mlarkin@, deraadt@
|
|
|
|
|
|
ok tedu@
|
|
|
|
ok reyk@
|
