diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf index 8692b305e21e..887dc96903d4 100644 --- a/etc/defaults/periodic.conf +++ b/etc/defaults/periodic.conf @@ -1,292 +1,292 @@ #!/bin/sh # # This is defaults/periodic.conf - a file full of useful variables that # you can set to change the default behaviour of periodic jobs on your # system. You should not edit this file! Put any overrides into one of the # $periodic_conf_files instead and you will be able to update these defaults # later without spamming your local configuration information. # # The $periodic_conf_files files should only contain values which override # values set in this file. This eases the upgrade path when defaults # are changed and new features are added. # # For a more detailed explanation of all the periodic.conf variables, please # refer to the periodic.conf(5) manual page. # # $FreeBSD$ # # What files override these defaults ? periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local" # periodic script dirs local_periodic="/usr/local/etc/periodic" # Daily options # These options are used by periodic(8) itself to determine what to do # with the output of the sub-programs that are run, and where to send # that output. $daily_output might be set to /var/log/daily.log if you # wish to log the daily output and have the files rotated by newsyslog(8) # daily_output="root" # user or /file daily_show_success="YES" # scripts returning 0 daily_show_info="YES" # scripts returning 1 daily_show_badconfig="NO" # scripts returning 2 # 100.clean-disks daily_clean_disks_enable="NO" # Delete files daily daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" daily_clean_disks_days=3 # If older than this daily_clean_disks_verbose="YES" # Mention files deleted # 110.clean-tmps daily_clean_tmps_enable="NO" # Delete stuff daily daily_clean_tmps_dirs="/tmp" # Delete under here daily_clean_tmps_days="3" # If not accessed for daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix" daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap" daily_clean_tmps_ignore="$daily_clean_tmps_ignore .sujournal" # Don't delete these daily_clean_tmps_verbose="YES" # Mention files deleted # 120.clean-preserve daily_clean_preserve_enable="YES" # Delete files daily daily_clean_preserve_days=7 # If not modified for daily_clean_preserve_verbose="YES" # Mention files deleted # 130.clean-msgs daily_clean_msgs_enable="YES" # Delete msgs daily daily_clean_msgs_days= # If not modified for # 140.clean-rwho daily_clean_rwho_enable="YES" # Delete rwho daily daily_clean_rwho_days=7 # If not modified for daily_clean_rwho_verbose="YES" # Mention files deleted # 150.clean-hoststat daily_clean_hoststat_enable="YES" # Purge sendmail host # status cache daily # 200.backup-passwd daily_backup_passwd_enable="YES" # Backup passwd & group # 210.backup-aliases daily_backup_aliases_enable="YES" # Backup mail aliases # 220.backup-pkgdb daily_backup_pkgdb_enable="YES" # Backup /var/db/pkg daily_backup_pkgdb_dir="/var/backups" # 300.calendar daily_calendar_enable="NO" # Run calendar -a # 310.accounting daily_accounting_enable="YES" # Rotate acct files daily_accounting_compress="NO" # Gzip rotated files daily_accounting_flags=-q # Flags to /usr/sbin/sa daily_accounting_save=3 # How many files to save # 330.news daily_news_expire_enable="YES" # Run news.expire # 400.status-disks daily_status_disks_enable="YES" # Check disk status daily_status_disks_df_flags="-l -h" # df(1) flags for check # 404.status-zfs daily_status_zfs_enable="NO" # Check ZFS daily_status_zfs_zpool_list_enable="YES" # List ZFS pools # 405.status-ata_raid daily_status_ata_raid_enable="NO" # Check ATA raid status # 406.status-gmirror daily_status_gmirror_enable="NO" # Check gmirror(8) # 407.status-graid3 daily_status_graid3_enable="NO" # Check graid3(8) # 408.status-gstripe daily_status_gstripe_enable="NO" # Check gstripe(8) # 409.status-gconcat daily_status_gconcat_enable="NO" # Check gconcat(8) # 420.status-network daily_status_network_enable="YES" # Check network status daily_status_network_usedns="YES" # DNS lookups are ok # 430.status-rwho daily_status_rwho_enable="YES" # Check system status # 440.status-mailq daily_status_mailq_enable="YES" # Check mail status daily_status_mailq_shorten="NO" # Shorten output daily_status_include_submit_mailq="YES" # Also submit queue # 450.status-security daily_status_security_enable="YES" # Security check # See "Security options" below for more options # 460.status-mail-rejects daily_status_mail_rejects_enable="YES" # Check mail rejects daily_status_mail_rejects_logs=3 # How many logs to check daily_status_mail_rejects_shorten="NO" # Shorten output # 470.status-named daily_status_named_enable="YES" daily_status_named_usedns="YES" # DNS lookups are ok # 480.status-ntpd daily_status_ntpd_enable="NO" # Check NTP status # 490.status-pkg-changes daily_status_pkg_changes_enable="NO" # Show package changes # 500.queuerun daily_queuerun_enable="YES" # Run mail queue daily_submit_queuerun="YES" # Also submit queue # 800.scrub-zfs daily_scrub_zfs_enable="NO" daily_scrub_zfs_pools="" # empty string selects all pools daily_scrub_zfs_default_threshold="35" # days between scrubs #daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold # 999.local daily_local="/etc/daily.local" # Local scripts # Security options # These options are used by the security periodic(8) scripts spawned in # 450.status-security above. daily_status_security_inline="NO" # Run inline ? daily_status_security_output="root" # user or /file daily_status_security_noamd="NO" # Don't check amd mounts daily_status_security_logdir="/var/log" # Directory for logs daily_status_security_diff_flags="-b -u" # flags for diff output # 100.chksetuid daily_status_security_chksetuid_enable="YES" # 110.neggrpperm daily_status_security_neggrpperm_enable="YES" # 200.chkmounts daily_status_security_chkmounts_enable="YES" #daily_status_security_chkmounts_ignore="^amd:" # Don't check matching # FS types # 300.chkuid0 daily_status_security_chkuid0_enable="YES" # 400.passwdless daily_status_security_passwdless_enable="YES" # 410.logincheck daily_status_security_logincheck_enable="YES" # 460.chkportsum daily_status_security_chkportsum_enable="NO" # Check ports w/ wrong checksum # 500.ipfwdenied daily_status_security_ipfwdenied_enable="YES" # 510.ipfdenied daily_status_security_ipfdenied_enable="YES" # 520.pfdenied daily_status_security_pfdenied_enable="YES" # 550.ipfwlimit daily_status_security_ipfwlimit_enable="YES" # 610.ipf6denied daily_status_security_ipf6denied_enable="YES" # 700.kernelmsg daily_status_security_kernelmsg_enable="YES" # 800.loginfail daily_status_security_loginfail_enable="YES" # 900.tcpwrap daily_status_security_tcpwrap_enable="YES" # Weekly options # These options are used by periodic(8) itself to determine what to do # with the output of the sub-programs that are run, and where to send # that output. $weekly_output might be set to /var/log/weekly.log if you # wish to log the weekly output and have the files rotated by newsyslog(8) # weekly_output="root" # user or /file weekly_show_success="YES" # scripts returning 0 weekly_show_info="YES" # scripts returning 1 weekly_show_badconfig="NO" # scripts returning 2 # 310.locate weekly_locate_enable="YES" # Update locate weekly # 320.whatis weekly_whatis_enable="YES" # Update whatis weekly # 330.catman weekly_catman_enable="NO" # Preformat man pages # 340.noid weekly_noid_enable="NO" # Find unowned files weekly_noid_dirs="/" # Look here # 400.status-pkg weekly_status_pkg_enable="NO" # Find out-of-date pkgs pkg_version=pkg_version # Use this program pkg_version_index=/usr/ports/INDEX-9 # Use this index file # 999.local weekly_local="/etc/weekly.local" # Local scripts # Monthly options # These options are used by periodic(8) itself to determine what to do # with the output of the sub-programs that are run, and where to send # that output. $monthly_output might be set to /var/log/monthly.log if you # wish to log the monthly output and have the files rotated by newsyslog(8) # monthly_output="root" # user or /file monthly_show_success="YES" # scripts returning 0 monthly_show_info="YES" # scripts returning 1 monthly_show_badconfig="NO" # scripts returning 2 # 200.accounting monthly_accounting_enable="YES" # Login accounting # 999.local monthly_local="/etc/monthly.local" # Local scripts # Define source_periodic_confs, the mechanism used by /etc/periodic/*/* # scripts to source defaults/periodic.conf overrides safely. if [ -z "${source_periodic_confs_defined}" ]; then source_periodic_confs_defined=yes - source_periodic_confs () { + source_periodic_confs() { local i sourced_files for i in ${periodic_conf_files}; do case ${sourced_files} in *:$i:*) ;; *) sourced_files="${sourced_files}:$i:" [ -r $i ] && . $i ;; esac done } fi diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index c04dab2b21bb..41d1dca7f42a 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -1,731 +1,731 @@ #!/bin/sh # This is rc.conf - a file full of useful variables that you can set # to change the default startup behavior of your system. You should # not edit this file! Put any overrides into one of the ${rc_conf_files} # instead and you will be able to update these defaults later without # spamming your local configuration information. # # The ${rc_conf_files} files should only contain values which override # values set in this file. This eases the upgrade path when defaults # are changed and new features are added. # # All arguments must be in double or single quotes. # # For a more detailed explanation of all the rc.conf variables, please # refer to the rc.conf(5) manual page. # # $FreeBSD$ ############################################################## ### Important initial Boot-time options #################### ############################################################## rc_debug="NO" # Set to YES to enable debugging output from rc.d rc_info="NO" # Enables display of informational messages at boot. rc_startmsgs="YES" # Show "Starting foo:" messages at boot rcshutdown_timeout="90" # Seconds to wait before terminating rc.shutdown early_late_divider="FILESYSTEMS" # Script that separates early/late # stages of the boot process. Make sure you know # the ramifications if you change this. # See rc.conf(5) for more details. always_force_depends="NO" # Set to check that indicated dependencies are # running during boot (can increase boot time). swapfile="NO" # Set to name of swapfile if aux swapfile desired. apm_enable="NO" # Set to YES to enable APM BIOS functions (or NO). apmd_enable="NO" # Run apmd to handle APM event from userland. apmd_flags="" # Flags to apmd (if enabled). ddb_enable="NO" # Set to YES to load ddb scripts at boot. ddb_config="/etc/ddb.conf" # ddb(8) config file. devd_enable="YES" # Run devd, to trigger programs on device tree changes. devd_flags="" # Additional flags for devd(8). #kld_list="" # Kernel modules to load after local disks are mounted kldxref_enable="NO" # Build linker.hints files with kldxref(8). kldxref_clobber="NO" # Overwrite old linker.hints at boot. kldxref_module_path="" # Override kern.module_path. A ';'-delimited list. powerd_enable="NO" # Run powerd to lower our power usage. powerd_flags="" # Flags to powerd (if enabled). tmpmfs="AUTO" # Set to YES to always create an mfs /tmp, NO to never tmpsize="20m" # Size of mfs /tmp if created tmpmfs_flags="-S" # Extra mdmfs options for the mfs /tmp varmfs="AUTO" # Set to YES to always create an mfs /var, NO to never varsize="32m" # Size of mfs /var if created varmfs_flags="-S" # Extra mount options for the mfs /var populate_var="AUTO" # Set to YES to always (re)populate /var, NO to never cleanvar_enable="YES" # Clean the /var directory local_startup="/usr/local/etc/rc.d" # startup script dirs. script_name_sep=" " # Change if your startup scripts' names contain spaces rc_conf_files="/etc/rc.conf /etc/rc.conf.local" # ZFS support zfs_enable="NO" # Set to YES to automatically mount ZFS file systems gptboot_enable="YES" # GPT boot success/failure reporting. # Experimental - test before enabling gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab gbde_devices="NO" # Devices to automatically attach (list, or AUTO) gbde_attach_attempts="3" # Number of times to attempt attaching gbde devices gbde_lockdir="/etc" # Where to look for gbde lockfiles # GELI disk encryption configuration. geli_devices="" # List of devices to automatically attach in addition to # GELI devices listed in /etc/fstab. geli_tries="" # Number of times to attempt attaching geli device. # If empty, kern.geom.eli.tries will be used. geli_default_flags="" # Default flags for geli(8). geli_autodetach="YES" # Automatically detach on last close. # Providers are marked as such when all file systems are # mounted. # Example use. #geli_devices="da1 mirror/home" #geli_da1_flags="-p -k /etc/geli/da1.keys" #geli_da1_autodetach="NO" #geli_mirror_home_flags="-k /etc/geli/home.keys" geli_swap_flags="-e aes -l 256 -s 4096 -d" # Options for GELI-encrypted # swap partitions. root_rw_mount="YES" # Set to NO to inhibit remounting root read-write. fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen fails. fsck_y_flags="" # Additional flags for fsck -y background_fsck="YES" # Attempt to run fsck in the background where possible. background_fsck_delay="60" # Time to wait (seconds) before starting the fsck. netfs_types="nfs:NFS oldnfs:OLDNFS smbfs:SMB portalfs:PORTAL nwfs:NWFS" # Net filesystems. extra_netfs_types="NO" # List of network extra filesystem types for delayed # mount at startup (or NO). ############################################################## ### Network configuration sub-section ###################### ############################################################## ### Basic network and firewall/security options: ### hostname="" # Set this! hostid_enable="YES" # Set host UUID. hostid_file="/etc/hostid" # File with hostuuid. nisdomainname="NO" # Set to NIS domain if using NIS (or NO). dhclient_program="/sbin/dhclient" # Path to dhcp client program. dhclient_flags="" # Extra flags to pass to dhcp client. #dhclient_flags_fxp0="" # Extra dhclient flags for fxp0 only background_dhclient="NO" # Start dhcp client in the background. #background_dhclient_fxp0="YES" # Start dhcp client on fxp0 in the background. synchronous_dhclient="NO" # Start dhclient directly on configured # interfaces during startup. defaultroute_delay="30" # Time to wait for a default route on a DHCP interface. defaultroute_carrier_delay="5" # Time to wait for carrier while waiting for a default route. wpa_supplicant_program="/usr/sbin/wpa_supplicant" wpa_supplicant_flags="-s" # Extra flags to pass to wpa_supplicant wpa_supplicant_conf_file="/etc/wpa_supplicant.conf" # firewall_enable="NO" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="NO" # Set to YES to enable events logging firewall_logif="NO" # Set to YES to create logging-pseudo interface firewall_flags="" # Flags passed to ipfw when type is a file firewall_coscripts="" # List of executables/scripts to run after # firewall starts/stops firewall_client_net="192.0.2.0/24" # IPv4 Network address for "client" # firewall. #firewall_client_net_ipv6="2001:db8:2:1::/64" # IPv6 network prefix for # "client" firewall. firewall_simple_iif="ed1" # Inside network interface for "simple" # firewall. firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple" # firewall. firewall_simple_oif="ed0" # Outside network interface for "simple" # firewall. firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple" # firewall. #firewall_simple_iif_ipv6="ed1" # Inside IPv6 network interface for "simple" # firewall. #firewall_simple_inet_ipv6="2001:db8:2:800::/56" # Inside IPv6 network prefix # for "simple" firewall. #firewall_simple_oif_ipv6="ed0" # Outside IPv6 network interface for "simple" # firewall. #firewall_simple_onet_ipv6="2001:db8:2:0::/56" # Outside IPv6 network prefix # for "simple" firewall. firewall_myservices="" # List of TCP ports on which this host # offers services for "workstation" firewall. firewall_allowservices="" # List of IPs which have access to # $firewall_myservices for "workstation" # firewall. firewall_trusted="" # List of IPs which have full access to this # host for "workstation" firewall. firewall_logdeny="NO" # Set to YES to log default denied incoming # packets for "workstation" firewall. firewall_nologports="135-139,445 1026,1027 1433,1434" # List of TCP/UDP ports # for which denied incoming packets are not # logged for "workstation" firewall. firewall_nat_enable="NO" # Enable kernel NAT (if firewall_enable == YES) firewall_nat_interface="" # Public interface or IPaddress to use firewall_nat_flags="" # Additional configuration parameters dummynet_enable="NO" # Load the dummynet(4) module ip_portrange_first="NO" # Set first dynamically allocated port ip_portrange_last="NO" # Set last dynamically allocated port ike_enable="NO" # Enable IKE daemon (usually racoon or isakmpd) ike_program="/usr/local/sbin/isakmpd" # Path to IKE daemon ike_flags="" # Additional flags for IKE daemon ipsec_enable="NO" # Set to YES to run setkey on ipsec_file ipsec_file="/etc/ipsec.conf" # Name of config file for setkey natd_program="/sbin/natd" # path to natd, if you want a different one. natd_enable="NO" # Enable natd (if firewall_enable == YES). natd_interface="" # Public interface or IPaddress to use. natd_flags="" # Additional flags for natd. ipfilter_enable="NO" # Set to YES to enable ipfilter functionality ipfilter_program="/sbin/ipf" # where the ipfilter program lives ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see # /usr/src/contrib/ipfilter/rules for examples ipfilter_flags="" # additional flags for ipfilter ipnat_enable="NO" # Set to YES to enable ipnat functionality ipnat_program="/sbin/ipnat" # where the ipnat program lives ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat ipnat_flags="" # additional flags for ipnat ipmon_enable="NO" # Set to YES for ipmon; needs ipfilter or ipnat ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog" ipfs_enable="NO" # Set to YES to enable saving and restoring # of state tables at shutdown and boot ipfs_program="/sbin/ipfs" # where the ipfs program lives ipfs_flags="" # additional flags for ipfs pf_enable="NO" # Set to YES to enable packet filter (pf) pf_rules="/etc/pf.conf" # rules definition file for pf pf_program="/sbin/pfctl" # where the pfctl program lives pf_flags="" # additional flags for pfctl pflog_enable="NO" # Set to YES to enable packet filter logging pflog_logfile="/var/log/pflog" # where pflogd should store the logfile pflog_program="/sbin/pflogd" # where the pflogd program lives pflog_flags="" # additional flags for pflogd ftpproxy_enable="NO" # Set to YES to enable ftp-proxy(8) for pf ftpproxy_flags="" # additional flags for ftp-proxy(8) pfsync_enable="NO" # Expose pf state to other hosts for syncing pfsync_syncdev="" # Interface for pfsync to work through pfsync_syncpeer="" # IP address of pfsync peer host pfsync_ifconfig="" # Additional options to ifconfig(8) for pfsync tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions. log_in_vain="0" # >=1 to log connects to ports w/o listeners. tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO). tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN # NOTE: this violates the TCP specification icmp_drop_redirect="NO" # Set to YES to ignore ICMP REDIRECT packets icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets network_interfaces="auto" # List of network interfaces (or "auto"). cloned_interfaces="" # List of cloned network interfaces to create. #cloned_interfaces="gif0 gif1 gif2 gif3" # Pre-cloning GENERIC config. #ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. #ifconfig_ed0_ipx="ipx 0x00010010" # Sample IPX address family entry. #ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry #ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias #ifconfig_fxp0_name="net0" # Change interface name from fxp0 to net0. #vlans_fxp0="101 vlan0" # vlan(4) interfaces for fxp0 device #create_args_vlan0="vlan 102" # vlan tag for vlan0 device #wlans_ath0="wlan0" # wlan(4) interfaces for ath0 device #wlandebug_wlan0="scan+auth+assoc" # Set debug flags with wlanddebug(8) #ipv4_addrs_fxp0="192.168.0.1/24 192.168.1.1-5/28" # example IPv4 address entry. # #autobridge_interfaces="bridge0" # List of bridges to check #autobridge_bridge0="tap* vlan0" # Interface glob to automatically add to the bridge # # If you have any sppp(4) interfaces above, you might also want to set # the following parameters. Refer to spppcontrol(8) for their meaning. sppp_interfaces="" # List of sppp interfaces. #sppp_interfaces="...0" # example: sppp over ... #spppconfig_...0="authproto=chap myauthname=foo myauthsecret='top secret' hisauthname=some-gw hisauthsecret='another secret'" gif_interfaces="" # List of GIF tunnels. #gif_interfaces="gif0 gif1" # Examples typically for a router. # Choose correct tunnel addrs. #gifconfig_gif0="10.1.1.1 10.1.2.1" # Examples typically for a router. #gifconfig_gif1="10.1.1.2 10.1.2.2" # Examples typically for a router. fec_interfaces="" # List of Fast EtherChannels. #fec_interfaces="fec0 fec1" #fecconfig_fec0="fxp0 dc0" # Examples typically for two NICs #fecconfig_fec1="em0 em1 bge0 bge1" # Examples typically for four NICs # User ppp configuration. ppp_enable="NO" # Start user-ppp (or NO). ppp_program="/usr/sbin/ppp" # Path to user-ppp program. ppp_mode="auto" # Choice of "auto", "ddial", "direct" or "dedicated". # For details see man page for ppp(8). Default is auto. ppp_nat="YES" # Use PPP's internal network address translation or NO. ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf. ppp_user="root" # Which user to run ppp as # Start multiple instances of ppp at boot time #ppp_profile="profile1 profile2 profile3" # Which profiles to use #ppp_profile1_mode="ddial" # Override ppp mode for profile1 #ppp_profile2_nat="NO" # Override nat mode for profile2 # profile3 uses default ppp_mode and ppp_nat ### Network daemon (miscellaneous) ### hostapd_enable="NO" # Run hostap daemon. syslogd_enable="YES" # Run syslog daemon (or NO). syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a different one. syslogd_flags="-s" # Flags to syslogd (if enabled). inetd_enable="NO" # Run the network daemon dispatcher (YES/NO). inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different one. inetd_flags="-wW -C 60" # Optional flags to inetd hastd_enable="NO" # Run the HAST daemon (YES/NO). hastd_program="/sbin/hastd" # path to hastd, if you want a different one. hastd_flags="" # Optional flags to hastd. # # named. It may be possible to run named in a sandbox, man security for # details. # named_enable="NO" # Run named, the DNS server (or NO). named_program="/usr/sbin/named" # Path to named, if you want a different one. named_conf="/etc/namedb/named.conf" # Path to the configuration file #named_flags="" # Use this for flags OTHER than -u and -c named_uid="bind" # User to run named as named_chrootdir="/var/named" # Chroot directory (or "" not to auto-chroot it) named_chroot_autoupdate="YES" # Automatically install/update chrooted # components of named. See /etc/rc.d/named. named_symlink_enable="YES" # Symlink the chrooted pid file named_wait="NO" # Wait for working name service before exiting named_wait_host="localhost" # Hostname to check if named_wait is enabled named_auto_forward="NO" # Set up forwarders from /etc/resolv.conf named_auto_forward_only="NO" # Do "forward only" instead of "forward first" # # kerberos. Do not run the admin daemons on slave servers # kerberos5_server_enable="NO" # Run a kerberos 5 master server (or NO). kerberos5_server="/usr/libexec/kdc" # path to kerberos 5 KDC kerberos5_server_flags="--detach" # Additional flags to the kerberos 5 server kadmind5_server_enable="NO" # Run kadmind (or NO) kadmind5_server="/usr/libexec/kadmind" # path to kerberos 5 admin daemon kpasswdd_server_enable="NO" # Run kpasswdd (or NO) kpasswdd_server="/usr/libexec/kpasswdd" # path to kerberos 5 passwd daemon kfd_enable="NO" # Run kfd (or NO) kfd_program="/usr/libexec/kfd" # path to kerberos 5 kfd daemon gssd_enable="NO" # Run the gssd daemon (or NO). gssd_flags="" # Flags for gssd. rwhod_enable="NO" # Run the rwho daemon (or NO). rwhod_flags="" # Flags for rwhod rarpd_enable="NO" # Run rarpd (or NO). rarpd_flags="-a" # Flags to rarpd. bootparamd_enable="NO" # Run bootparamd (or NO). bootparamd_flags="" # Flags to bootparamd pppoed_enable="NO" # Run the PPP over Ethernet daemon. pppoed_provider="*" # Provider and ppp(8) config file entry. pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled). pppoed_interface="fxp0" # The interface that pppoed runs on. sshd_enable="NO" # Enable sshd sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. sshd_flags="" # Additional flags for sshd. ftpd_enable="NO" # Enable stand-alone ftpd. ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one. ftpd_flags="" # Additional flags to stand-alone ftpd. ### Network daemon (NFS): All need rpcbind_enable="YES" ### amd_enable="NO" # Run amd service with $amd_flags (or NO). amd_program="/usr/sbin/amd" # path to amd, if you want a different one. amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map" amd_map_program="NO" # Can be set to "ypcat -k amd.master" nfs_client_enable="NO" # This host is an NFS client (or NO). nfs_access_cache="60" # Client cache timeout in seconds nfs_server_enable="NO" # This host is an NFS server (or NO). oldnfs_server_enable="NO" # Run the old NFS server (YES/NO). nfs_server_flags="-u -t -n 4" # Flags to nfsd (if enabled). mountd_enable="NO" # Run mountd (or NO). mountd_flags="-r" # Flags to mountd (if NFS server enabled). weak_mountd_authentication="NO" # Allow non-root mount requests to be served. nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO). nfs_bufpackets="" # bufspace (in packets) for client rpc_lockd_enable="NO" # Run NFS rpc.lockd needed for client/server. rpc_lockd_flags="" # Flags to rpc.lockd (if enabled). rpc_statd_enable="NO" # Run NFS rpc.statd needed for client/server. rpc_statd_flags="" # Flags to rpc.statd (if enabled). rpcbind_enable="NO" # Run the portmapper service (YES/NO). rpcbind_program="/usr/sbin/rpcbind" # path to rpcbind, if you want a different one. rpcbind_flags="" # Flags to rpcbind (if enabled). rpc_ypupdated_enable="NO" # Run if NIS master and SecureRPC (or NO). keyserv_enable="NO" # Run the SecureRPC keyserver (or NO). keyserv_flags="" # Flags to keyserv (if enabled). nfsv4_server_enable="NO" # Enable support for NFSv4 nfscbd_enable="NO" # NFSv4 client side callback daemon nfscbd_flags="" # Flags for nfscbd nfsuserd_enable="NO" # NFSv4 user/group name mapping daemon nfsuserd_flags="" # Flags for nfsuserd ### Network Time Services options: ### timed_enable="NO" # Run the time daemon (or NO). timed_flags="" # Flags to timed (if enabled). ntpdate_enable="NO" # Run ntpdate to sync time on boot (or NO). ntpdate_program="/usr/sbin/ntpdate" # path to ntpdate, if you want a different one. ntpdate_flags="-b" # Flags to ntpdate (if enabled). ntpdate_config="/etc/ntp.conf" # ntpdate(8) configuration file ntpdate_hosts="" # Whitespace-separated list of ntpdate(8) servers. ntpd_enable="NO" # Run ntpd Network Time Protocol (or NO). ntpd_program="/usr/sbin/ntpd" # path to ntpd, if you want a different one. ntpd_config="/etc/ntp.conf" # ntpd(8) configuration file ntpd_sync_on_start="NO" # Sync time on ntpd startup, even if offset is high ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift" # Flags to ntpd (if enabled). # Network Information Services (NIS) options: All need rpcbind_enable="YES" ### nis_client_enable="NO" # We're an NIS client (or NO). nis_client_flags="" # Flags to ypbind (if enabled). nis_ypset_enable="NO" # Run ypset at boot time (or NO). nis_ypset_flags="" # Flags to ypset (if enabled). nis_server_enable="NO" # We're an NIS server (or NO). nis_server_flags="" # Flags to ypserv (if enabled). nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO). nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled). nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO). nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled). ### SNMP daemon ### # Be sure to understand the security implications of running SNMP v1/v2 # in your network. bsnmpd_enable="NO" # Run the SNMP daemon (or NO). bsnmpd_flags="" # Flags for bsnmpd. ### Network routing options: ### defaultrouter="NO" # Set to default gateway (or NO). static_arp_pairs="" # Set to static ARP list (or leave empty). static_ndp_pairs="" # Set to static NDP list (or leave empty). static_routes="" # Set to static route list (or leave empty). natm_static_routes="" # Set to static route list for NATM (or leave empty). gateway_enable="NO" # Set to YES if this host will be a gateway. routed_enable="NO" # Set to YES to enable a routing daemon. routed_program="/sbin/routed" # Name of routing daemon to use if enabled. routed_flags="-q" # Flags for routing daemon. mrouted_enable="NO" # Do IPv4 multicast routing. mrouted_program="/usr/local/sbin/mrouted" # Name of IPv4 multicast # routing daemon. You need to # install it from package or # port. mrouted_flags="" # Flags for multicast routing daemon. ipxgateway_enable="NO" # Set to YES to enable IPX routing. ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon. ipxrouted_flags="" # Flags for IPX routing daemon. arpproxy_all="NO" # replaces obsolete kernel option ARP_PROXYALL. forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES") accept_sourceroute="NO" # accept source routed packets to us ### ATM interface options: ### atm_enable="NO" # Configure ATM interfaces (or NO). #atm_netif_hea0="atm 1" # Network interfaces for physical interface. #atm_sigmgr_hea0="uni31" # Signalling manager for physical interface. #atm_prefix_hea0="ILMI" # NSAP prefix (UNI interfaces only) (or ILMI). #atm_macaddr_hea0="NO" # Override physical MAC address (or NO). #atm_arpserver_atm0="0x47.0005.80.999999.9999.9999.9999.999999999999.00" # ATMARP server address (or local). #atm_scsparp_atm0="NO" # Run SCSP/ATMARP on network interface (or NO). atm_pvcs="" # Set to PVC list (or leave empty). atm_arps="" # Set to permanent ARP list (or leave empty). ### Bluetooth ### hcsecd_enable="NO" # Enable hcsecd(8) (or NO) hcsecd_config="/etc/bluetooth/hcsecd.conf" # hcsecd(8) configuration file sdpd_enable="NO" # Enable sdpd(8) (or NO) sdpd_control="/var/run/sdp" # sdpd(8) control socket sdpd_groupname="nobody" # set spdp(8) user/group to run as after sdpd_username="nobody" # it initializes bthidd_enable="NO" # Enable bthidd(8) (or NO) bthidd_config="/etc/bluetooth/bthidd.conf" # bthidd(8) configuration file bthidd_hids="/var/db/bthidd.hids" # bthidd(8) known HID devices file rfcomm_pppd_server_enable="NO" # Enable rfcomm_pppd(8) in server mode (or NO) rfcomm_pppd_server_profile="one two" # Profile to use from /etc/ppp/ppp.conf # #rfcomm_pppd_server_one_bdaddr="" # Override local bdaddr for 'one' rfcomm_pppd_server_one_channel="1" # Override local channel for 'one' #rfcomm_pppd_server_one_register_sp="NO" # Override SP and DUN register #rfcomm_pppd_server_one_register_dun="NO" # for 'one' # #rfcomm_pppd_server_two_bdaddr="" # Override local bdaddr for 'two' rfcomm_pppd_server_two_channel="3" # Override local channel for 'two' #rfcomm_pppd_server_two_register_sp="NO" # Override SP and DUN register #rfcomm_pppd_server_two_register_dun="NO" # for 'two' ubthidhci_enable="NO" # Switch an USB BT controller present on #ubthidhci_busnum="3" # bus 3 and addr 2 from HID mode to HCI mode. #ubthidhci_addr="2" # Check usbconfig list to find the correct # numbers for your system. ### Network link/usability verification options netwait_enable="NO" # Enable rc.d/netwait (or NO) #netwait_ip="" # IP addresses to be pinged by netwait. netwait_timeout="60" # Total number of seconds to perform pings. #netwait_if="" # Interface name to watch link state on. netwait_if_timeout="30" # Total number of seconds to monitor link state. ### Miscellaneous network options: ### icmp_bmcastecho="NO" # respond to broadcast ping packets ### IPv6 options: ### ipv6_network_interfaces="auto" # List of IPv6 network interfaces # (or "auto" or "none"). ipv6_activate_all_interfaces="NO" # If NO, interfaces which have no # corresponding $ifconfig_IF_ipv6 is # marked as IFDISABLED for security # reason. ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO). #ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068) ipv6_static_routes="" # Set to static route list (or leave empty). #ipv6_static_routes="xxx" # An example to set fec0:0000:0000:0006::/64 # route toward loopback interface. #ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1" ipv6_gateway_enable="NO" # Set to YES if this host will be a gateway. ipv6_cpe_wanif="NO" # Set to the upstram interface name if this # node will work as a router to forward IPv6 # packets not explicitly addressed to itself. ipv6_privacy="NO" # Use privacy address on RA-receiving IFs # (RFC 4941) route6d_enable="NO" # Set to YES to enable an IPv6 routing daemon. route6d_program="/usr/sbin/route6d" # Name of IPv6 routing daemon. route6d_flags="" # Flags to IPv6 routing daemon. #route6d_flags="-l" # Example for route6d with only IPv6 site local # addrs. #route6d_flags="-q" # If you want to run a routing daemon on an end # node, you should stop advertisement. #ipv6_network_interfaces="ed0 ep0" # Examples for router # or static configuration for end node. # Choose correct prefix value. #ipv6_prefix_ed0="fec0:0000:0000:0001 fec0:0000:0000:0002" # Examples for rtr. #ipv6_prefix_ep0="fec0:0000:0000:0003 fec0:0000:0000:0004" # Examples for rtr. ipv6_default_interface="NO" # Default output interface for scoped addrs. # This works only with # ipv6_gateway_enable="NO". rtsol_flags="" # Flags to IPv6 router solicitation. rtsold_enable="NO" # Set to YES to enable an IPv6 router # solicitation daemon. rtsold_flags="-a" # Flags to an IPv6 router solicitation # daemon. rtadvd_enable="NO" # Set to YES to enable an IPv6 router # advertisement daemon. If set to YES, # this router becomes a possible candidate # IPv6 default router for local subnets. rtadvd_interfaces="" # Interfaces rtadvd sends RA packets. mroute6d_enable="NO" # Do IPv6 multicast routing. mroute6d_program="/usr/local/sbin/pim6dd" # Name of IPv6 multicast # routing daemon. You need to # install it from package or # port. mroute6d_flags="" # Flags to IPv6 multicast routing daemon. stf_interface_ipv4addr="" # Local IPv4 addr for 6to4 IPv6 over IPv4 # tunneling interface. Specify this entry # to enable 6to4 interface. stf_interface_ipv4plen="0" # Prefix length for 6to4 IPv4 addr, # to limit peer addr range. Effective value # is 0-31. stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface id for stf0. # If you like, you can set "AUTO" for this. stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0 ipv6_faith_prefix="NO" # Set faith prefix to enable a FAITH # IPv6-to-IPv4 TCP translator. You also need # faithd(8) setup. ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr # communication. (like ::ffff:a.b.c.d) ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter, # see /usr/src/contrib/ipfilter/rules # for examples ip6addrctl_enable="YES" # Set to YES to enable default address selection ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages ip6addrctl_policy="AUTO" # A pre-defined address selection policy # (ipv4_prefer, ipv6_prefer, or AUTO) ############################################################## ### System console options ################################# ############################################################## keyboard="" # keyboard device to use (default /dev/kbd0). keymap="NO" # keymap in /usr/share/syscons/keymaps/* (or NO). keyrate="NO" # keyboard rate to: slow, normal, fast (or NO). keybell="NO" # See kbdcontrol(1) for options. Use "off" to disable. keychange="NO" # function keys default values (or NO). cursor="NO" # cursor type {normal|blink|destructive} (or NO). scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO). font8x16="NO" # font 8x16 from /usr/share/syscons/fonts/* (or NO). font8x14="NO" # font 8x14 from /usr/share/syscons/fonts/* (or NO). font8x8="NO" # font 8x8 from /usr/share/syscons/fonts/* (or NO). blanktime="300" # blank time (in seconds) or "NO" to turn it off. saver="NO" # screen saver: Uses /boot/kernel/${saver}_saver.ko moused_nondefault_enable="YES" # Treat non-default mice as enabled unless # specifically overriden in rc.conf(5). moused_enable="NO" # Run the mouse daemon. moused_type="auto" # See man page for rc.conf(5) for available settings. moused_port="/dev/psm0" # Set to your mouse port. moused_flags="" # Any additional flags to moused. mousechar_start="NO" # if 0xd0-0xd3 default range is occupied in your # language code table, specify alternative range # start like mousechar_start=3, see vidcontrol(1) allscreens_flags="" # Set this vidcontrol mode for all virtual screens allscreens_kbdflags="" # Set this kbdcontrol mode for all virtual screens ############################################################## ### Mail Transfer Agent (MTA) options ###################### ############################################################## mta_start_script="/etc/rc.sendmail" # Script to start your chosen MTA, called by /etc/rc. # Settings for /etc/rc.sendmail and /etc/rc.d/sendmail: sendmail_enable="NO" # Run the sendmail inbound daemon (YES/NO). sendmail_pidfile="/var/run/sendmail.pid" # sendmail pid file sendmail_procname="/usr/sbin/sendmail" # sendmail process name sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server) sendmail_submit_enable="YES" # Start a localhost-only MTA for mail submission sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost" # Flags for localhost-only MTA sendmail_outbound_enable="YES" # Dequeue stuck mail (YES/NO). sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail (outbound only) sendmail_msp_queue_enable="YES" # Dequeue stuck clientmqueue mail (YES/NO). sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m" # Flags for sendmail_msp_queue daemon. sendmail_rebuild_aliases="NO" # Run newaliases if necessary (YES/NO). ############################################################## ### Miscellaneous administrative options ################### ############################################################## auditd_enable="NO" # Run the audit daemon. auditd_program="/usr/sbin/auditd" # Path to the audit daemon. auditd_flags="" # Which options to pass to the audit daemon. cron_enable="YES" # Run the periodic job daemon. cron_program="/usr/sbin/cron" # Which cron executable to run (if enabled). cron_dst="YES" # Handle DST transitions intelligently (YES/NO) cron_flags="" # Which options to pass to the cron daemon. lpd_enable="NO" # Run the line printer daemon. lpd_program="/usr/sbin/lpd" # path to lpd, if you want a different one. lpd_flags="" # Flags to lpd (if enabled). nscd_enable="NO" # Run the nsswitch caching daemon. chkprintcap_enable="NO" # Run chkprintcap(8) before running lpd. chkprintcap_flags="-d" # Create missing directories by default. dumpdev="AUTO" # Device to crashdump to (device name, AUTO, or NO). dumpdir="/var/crash" # Directory where crash dumps are to be stored savecore_flags="" # Used if dumpdev is enabled above, and present. crashinfo_enable="YES" # Automatically generate crash dump summary. crashinfo_program="/usr/sbin/crashinfo" # Script to generate crash dump summary. quota_enable="NO" # turn on quotas on startup (or NO). check_quotas="YES" # Check quotas on startup (or NO). quotaon_flags="-a" # Turn quotas on for all file systems (if enabled) quotaoff_flags="-a" # Turn quotas off for all file systems at shutdown quotacheck_flags="-a" # Check all file system quotas (if enabled) accounting_enable="NO" # Turn on process accounting (or NO). ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO). ibcs2_loaders="coff" # List of additional Ibcs2 loaders (or NO). # Emulation/compatibility services provided by /etc/rc.d/abi sysvipc_enable="NO" # Load System V IPC primitives at startup (or NO). linux_enable="NO" # Linux binary compatibility loaded at startup (or NO). svr4_enable="NO" # SysVR4 emulation loaded at startup (or NO). clear_tmp_enable="NO" # Clear /tmp at startup. clear_tmp_X="YES" # Clear and recreate X11-related directories in /tmp ldconfig_insecure="NO" # Set to YES to disable ldconfig security checks ldconfig_paths="/usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg" # shared library search paths ldconfig32_paths="/usr/lib32" # 32-bit compatibility shared library search paths ldconfig_paths_aout="/usr/lib/compat/aout /usr/local/lib/aout" # a.out shared library search paths ldconfig_local_dirs="/usr/local/libdata/ldconfig" # Local directories with ldconfig configuration files. ldconfig_local32_dirs="/usr/local/libdata/ldconfig32" # Local directories with 32-bit compatibility ldconfig # configuration files. kern_securelevel_enable="NO" # kernel security level (see security(7)) kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure # Note that setting securelevel to 0 will result # in the system booting with securelevel set to 1, as # init(8) will raise the level when rc(8) completes. update_motd="YES" # update version info in /etc/motd (or NO) entropy_file="/entropy" # Set to NO to disable caching entropy through reboots. # /var/db/entropy-file is preferred if / is not avail. entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron. entropy_save_sz="2048" # Size of the entropy cache files. entropy_save_num="8" # Number of entropy cache files to save. harvest_interrupt="YES" # Entropy device harvests interrupt randomness harvest_ethernet="YES" # Entropy device harvests ethernet randomness harvest_p_to_p="YES" # Entropy device harvests point-to-point randomness dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot watchdogd_enable="NO" # Start the software watchdog daemon watchdogd_flags="" # Flags to watchdogd (if enabled) devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules" # Files containing # devfs(8) rules. devfs_system_ruleset="" # The name (NOT number) of a ruleset to apply to /dev devfs_set_rulesets="" # A list of /mount/dev=ruleset_name settings to # apply (must be mounted already, i.e. fstab(5)) devfs_load_rulesets="NO" # Enable to always load the default rulesets performance_cx_lowest="HIGH" # Online CPU idle state performance_cpu_freq="NONE" # Online CPU frequency economy_cx_lowest="HIGH" # Offline CPU idle state economy_cpu_freq="NONE" # Offline CPU frequency virecover_enable="YES" # Perform housekeeping for the vi(1) editor ugidfw_enable="NO" # Load mac_bsdextended(4) rules on boot bsdextended_script="/etc/rc.bsdextended" # Default mac_bsdextended(4) # ruleset file. newsyslog_enable="YES" # Run newsyslog at startup. newsyslog_flags="-CN" # Newsyslog flags to create marked files mixer_enable="YES" # Run the sound mixer. opensm_enable="NO" # Opensm(8) for infiniband devices defaults to off ############################################################## ### Jail Configuration ####################################### ############################################################## jail_enable="NO" # Set to NO to disable starting of any jails jail_parallel_start="NO" # Start jails in the background jail_list="" # Space separated list of names of jails jail_set_hostname_allow="YES" # Allow root user in a jail to change its hostname jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail jail_sysvipc_allow="NO" # Allow SystemV IPC use from within a jail # # To use rc's built-in jail infrastructure create entries for # each jail, specified in jail_list, with the following variables. # NOTES: # - replace 'example' with the jail's name. # - except rootdir, hostname, ip and the _multi addresses, # all of the following variables may be made global jail variables # if you don't specify a jail name (ie. jail_interface, jail_devfs_ruleset). # #jail_example_rootdir="/usr/jail/default" # Jail's root directory #jail_example_hostname="default.domain.com" # Jail's hostname #jail_example_interface="" # Jail's interface variable to create IP aliases on #jail_example_fib="0" # Routing table for setfib(1) #jail_example_ip="192.0.2.10,2001:db8::17" # Jail's primary IPv4 and IPv6 address #jail_example_ip_multi0="2001:db8::10" # and another IPv6 address #jail_example_exec_start="/bin/sh /etc/rc" # command to execute in jail for starting #jail_example_exec_afterstart0="/bin/sh command" # command to execute after the one for # starting the jail. More than one can be # specified using a trailing number #jail_example_exec_stop="/bin/sh /etc/rc.shutdown" # command to execute in jail for stopping #jail_example_devfs_enable="NO" # mount devfs in the jail #jail_example_devfs_ruleset="ruleset_name" # devfs ruleset to apply to jail - # usually you want "devfsrules_jail". #jail_example_fdescfs_enable="NO" # mount fdescfs in the jail #jail_example_procfs_enable="NO" # mount procfs in jail #jail_example_mount_enable="NO" # mount/umount jail's fs #jail_example_fstab="" # fstab(5) for mount/umount #jail_example_flags="-l -U root" # flags for jail(8) ############################################################## ### Define source_rc_confs, the mechanism used by /etc/rc.* ## ### scripts to source rc_conf_files overrides safely. ## ############################################################## if [ -z "${source_rc_confs_defined}" ]; then source_rc_confs_defined=yes - source_rc_confs () { + source_rc_confs() { local i sourced_files for i in ${rc_conf_files}; do case ${sourced_files} in *:$i:*) ;; *) sourced_files="${sourced_files}:$i:" if [ -r $i ]; then . $i fi ;; esac done } fi diff --git a/etc/rc.d/bgfsck b/etc/rc.d/bgfsck index 77b8bedc053c..18468f5aa883 100755 --- a/etc/rc.d/bgfsck +++ b/etc/rc.d/bgfsck @@ -1,42 +1,42 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: bgfsck # REQUIRE: cron devfs syslogd # KEYWORD: nojail . /etc/rc.subr name="background-fsck" rcvar="background_fsck" start_cmd="bgfsck_start" stop_cmd=":" -bgfsck_start () +bgfsck_start() { if [ -z "${rc_force}" ]; then background_fsck_delay=${background_fsck_delay:=0} else background_fsck_delay=0 fi if [ ${background_fsck_delay} -lt 0 ]; then echo "Background file system checks delayed indefinitely" return 0 fi bgfsck_msg='Starting background file system checks' if [ "${background_fsck_delay}" -gt 0 ]; then bgfsck_msg="${bgfsck_msg} in ${background_fsck_delay} seconds" fi if [ -z "${rc_force}" ]; then check_startmsgs && echo "${bgfsck_msg}." fi (sleep ${background_fsck_delay}; nice -4 fsck -B -p) 2>&1 | \ logger -p daemon.notice -t fsck & } load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/bridge b/etc/rc.d/bridge index 2c3bfd0de7ec..4c3b34021d8c 100755 --- a/etc/rc.d/bridge +++ b/etc/rc.d/bridge @@ -1,93 +1,93 @@ #!/bin/sh # # Copyright (c) 2006 The FreeBSD Project. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE PROJECT ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # $FreeBSD$ # # PROVIDE: bridge # REQUIRE: netif faith ppp stf # KEYWORD: nojail . /etc/rc.subr . /etc/network.subr name="bridge" start_cmd="bridge_start" stop_cmd="bridge_stop" cmd="" -glob_int () { +glob_int() { case "$1" in $2 ) true ;; * ) false ;; esac } -bridge_test () { +bridge_test() { bridge=$1 iface=$2 eval interfaces=\$autobridge_${bridge} if [ -n "${interfaces}" ]; then for i in ${interfaces}; do if glob_int $iface $i ; then ifconfig $bridge $cmd $iface > /dev/null 2>&1 return fi done fi } autobridge() { if [ -n "${autobridge_interfaces}" ]; then if [ -z "$iflist" ]; then # We're operating as a general network start routine. iflist="`list_net_interfaces`" fi for br in ${autobridge_interfaces}; do for i in $iflist; do bridge_test $br $i done done fi } bridge_start() { cmd="addm" autobridge } bridge_stop() { cmd="deletem" autobridge } iflist=$2 load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/cleanvar b/etc/rc.d/cleanvar index dade4a21bcc2..95dc77e051f1 100755 --- a/etc/rc.d/cleanvar +++ b/etc/rc.d/cleanvar @@ -1,71 +1,71 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: cleanvar # REQUIRE: FILESYSTEMS var . /etc/rc.subr name="cleanvar" rcvar="cleanvar_enable" start_precmd="${name}_prestart" start_cmd="${name}_start" stop_cmd=":" extra_commands="reload" reload_cmd="${name}_start" purgedir() { local dir file if [ $# -eq 0 ]; then purgedir . else for dir do ( cd "$dir" && for file in .* * do # Skip over logging sockets [ -S "$file" -a "$file" = "log" ] && continue [ -S "$file" -a "$file" = "logpriv" ] && continue [ ."$file" = .. -o ."$file" = ... ] && continue if [ -d "$file" -a ! -L "$file" ] then purgedir "$file" else rm -f -- "$file" fi done ) done fi } cleanvar_prestart() { # These files must be removed only the first time this script is run # on boot. # rm -f /var/run/clean_var /var/spool/lock/clean_var } -cleanvar_start () +cleanvar_start() { if [ -d /var/run -a ! -f /var/run/clean_var ]; then purgedir /var/run >/var/run/clean_var fi if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then purgedir /var/spool/lock >/var/spool/lock/clean_var fi rm -rf /var/spool/uucp/.Temp/* } load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/devd b/etc/rc.d/devd index 7a956842c684..597697937135 100755 --- a/etc/rc.d/devd +++ b/etc/rc.d/devd @@ -1,40 +1,40 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: devd # REQUIRE: netif # BEFORE: NETWORKING mountcritremote # KEYWORD: nojail shutdown . /etc/rc.subr name="devd" rcvar="devd_enable" command="/sbin/${name}" start_precmd=${name}_prestart stop_precmd=find_pidfile find_pidfile() { if get_pidfile_from_conf pid-file /etc/devd.conf; then pidfile="$_pidfile_from_conf" else pidfile="/var/run/${name}.pid" fi } -devd_prestart () +devd_prestart() { find_pidfile # If devd is disabled, turn it off in the kernel to avoid memory leaks. if ! checkyesno ${rcvar}; then $SYSCTL hw.bus.devctl_disable=1 fi } load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/kldxref b/etc/rc.d/kldxref index 40140cc092fe..744036f523d3 100755 --- a/etc/rc.d/kldxref +++ b/etc/rc.d/kldxref @@ -1,35 +1,35 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: kldxref # REQUIRE: FILESYSTEMS # BEFORE: netif # KEYWORD: nojail . /etc/rc.subr rcvar="kldxref_enable" name="kldxref" stop_cmd=":" start_cmd="kldxref_start" -kldxref_start () { +kldxref_start() { if [ -n "$kldxref_module_path" ]; then MODULE_PATHS="$kldxref_module_path" else MODULE_PATHS=`sysctl -n kern.module_path` fi IFS=';' for MODULE_DIR in $MODULE_PATHS; do if [ ! -f "$MODULE_DIR/linker.hints" ] || checkyesno kldxref_clobber; then echo "Building $MODULE_DIR/linker.hints" kldxref "$MODULE_DIR" fi done } load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/named b/etc/rc.d/named index 676de7667415..31743283d85c 100755 --- a/etc/rc.d/named +++ b/etc/rc.d/named @@ -1,301 +1,301 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: named # REQUIRE: SERVERS cleanvar # KEYWORD: shutdown . /etc/rc.subr name="named" rcvar=named_enable extra_commands="reload" start_precmd="named_prestart" start_postcmd="named_poststart" reload_cmd="named_reload" stop_cmd="named_stop" stop_postcmd="named_poststop" # If running in a chroot cage, ensure that the appropriate files # exist inside the cage, as well as helper symlinks into the cage # from outside. # # As this is called after the is_running and required_dir checks # are made in run_rc_command(), we can safely assume ${named_chrootdir} # exists and named isn't running at this point (unless forcestart # is used). # chroot_autoupdate() { local file # Create (or update) the chroot directory structure # if [ -r /etc/mtree/BIND.chroot.dist ]; then mtree -deU -f /etc/mtree/BIND.chroot.dist \ -p ${named_chrootdir} else warn "/etc/mtree/BIND.chroot.dist missing," warn "chroot directory structure not updated" fi # Create (or update) the configuration directory symlink # if [ ! -L "${named_conf%/*}" ]; then if [ -d "${named_conf%/*}" ]; then warn "named chroot: ${named_conf%/*} is a directory!" elif [ -e "${named_conf%/*}" ]; then warn "named chroot: ${named_conf%/*} exists!" else ln -s ${named_confdir} ${named_conf%/*} fi else # Make sure it points to the right place. ln -shf ${named_confdir} ${named_conf%/*} fi # Mount a devfs in the chroot directory if needed # if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then umount ${named_chrootdir}/dev 2>/dev/null devfs_domount ${named_chrootdir}/dev devfsrules_hide_all devfs -m ${named_chrootdir}/dev rule apply path null unhide devfs -m ${named_chrootdir}/dev rule apply path random unhide else if [ -c ${named_chrootdir}/dev/null -a \ -c ${named_chrootdir}/dev/random ]; then info "named chroot: using pre-mounted devfs." else err 1 "named chroot: devfs cannot be mounted from" \ "within a jail. Thus a chrooted named cannot" \ "be run from within a jail." \ "To run named without chrooting it, set" \ "named_chrootdir=\"\" in /etc/rc.conf." fi fi # Copy and/or update key files to the chroot /etc # for file in localtime protocols services; do if [ -r /etc/$file ]; then cmp -s /etc/$file "${named_chrootdir}/etc/$file" || cp -p /etc/$file "${named_chrootdir}/etc/$file" fi done } # Make symlinks to the correct pid file # make_symlinks() { checkyesno named_symlink_enable && ln -fs "${named_chrootdir}${pidfile}" ${pidfile} } -named_poststart () { +named_poststart() { make_symlinks if checkyesno named_wait; then until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do echo " Waiting for nameserver to resolve $named_wait_host" sleep 1 done fi } named_reload() { ${command%/named}/rndc reload } find_pidfile() { if get_pidfile_from_conf pid-file $named_conf; then pidfile="$_pidfile_from_conf" else pidfile="/var/run/named/pid" fi } named_stop() { find_pidfile # This duplicates an undesirably large amount of code from the stop # routine in rc.subr in order to use rndc to shut down the process, # and to give it a second chance in case rndc fails. rc_pid=$(check_pidfile $pidfile $command) if [ -z "$rc_pid" ]; then [ -n "$rc_fast" ] && return 0 _run_rc_notrunning return 1 fi echo 'Stopping named.' if ${command%/named}/rndc stop 2>/dev/null; then wait_for_pids $rc_pid else echo -n 'rndc failed, trying kill: ' kill -TERM $rc_pid wait_for_pids $rc_pid fi } named_poststop() { if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then umount ${named_chrootdir}/dev 2>/dev/null || true else warn "named chroot:" \ "cannot unmount devfs from inside jail!" fi fi } -create_file () { +create_file() { if [ -e "$1" ]; then unlink $1 fi > $1 chown root:wheel $1 chmod 644 $1 } named_prestart() { find_pidfile if [ -n "$named_pidfile" ]; then warn 'named_pidfile: now determined from the conf file' fi command_args="-u ${named_uid:=root}" if [ ! "$named_conf" = '/etc/namedb/named.conf' ]; then case "$named_flags" in -c*|*' -c'*) ;; # No need to add it *) command_args="-c $named_conf $command_args" ;; esac fi local line nsip firstns # Is the user using a sandbox? # if [ -n "$named_chrootdir" ]; then rc_flags="$rc_flags -t $named_chrootdir" checkyesno named_chroot_autoupdate && chroot_autoupdate else named_symlink_enable=NO fi # Create an rndc.key file for the user if none exists # confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \ -c ${named_confdir}/rndc.key" if [ -s "${named_confdir}/rndc.conf" ]; then unset confgen_command fi if [ -s "${named_confdir}/rndc.key" ]; then case `stat -f%Su ${named_confdir}/rndc.key` in root|$named_uid) ;; *) $confgen_command ;; esac else $confgen_command fi local checkconf checkconf="${command%/named}/named-checkconf" if ! checkyesno named_chroot_autoupdate && [ -n "$named_chrootdir" ]; then checkconf="$checkconf -t $named_chrootdir" fi # Create a forwarder configuration based on /etc/resolv.conf if checkyesno named_auto_forward; then if [ ! -s /etc/resolv.conf ]; then warn "named_auto_forward enabled, but no /etc/resolv.conf" # Empty the file in case it is included in named.conf [ -s "${named_confdir}/auto_forward.conf" ] && create_file ${named_confdir}/auto_forward.conf $checkconf $named_conf || err 3 'named-checkconf for $named_conf failed' return fi create_file /var/run/naf-resolv.conf create_file /var/run/auto_forward.conf echo ' forwarders {' > /var/run/auto_forward.conf while read line; do case "$line" in 'nameserver '*|'nameserver '*) nsip=${line##nameserver[ ]} if [ -z "$firstns" ]; then if [ ! "$nsip" = '127.0.0.1' ]; then echo 'nameserver 127.0.0.1' echo " ${nsip};" >> /var/run/auto_forward.conf fi firstns=1 else [ "$nsip" = '127.0.0.1' ] && continue echo " ${nsip};" >> /var/run/auto_forward.conf fi ;; esac echo $line done < /etc/resolv.conf > /var/run/naf-resolv.conf echo ' };' >> /var/run/auto_forward.conf echo '' >> /var/run/auto_forward.conf if checkyesno named_auto_forward_only; then echo " forward only;" >> /var/run/auto_forward.conf else echo " forward first;" >> /var/run/auto_forward.conf fi if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then unlink /var/run/naf-resolv.conf else [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf mv /var/run/naf-resolv.conf /etc/resolv.conf fi if cmp -s ${named_confdir}/auto_forward.conf \ /var/run/auto_forward.conf; then unlink /var/run/auto_forward.conf else [ -e "${named_confdir}/auto_forward.conf" ] && unlink ${named_confdir}/auto_forward.conf mv /var/run/auto_forward.conf \ ${named_confdir}/auto_forward.conf fi else # Empty the file in case it is included in named.conf [ -s "${named_confdir}/auto_forward.conf" ] && create_file ${named_confdir}/auto_forward.conf fi $checkconf $named_conf || err 3 'named-checkconf for $named_conf failed' } load_rc_config $name # Updating the following variables requires that rc.conf be loaded first # required_dirs="$named_chrootdir" # if it is set, it must exist named_confdir="${named_chrootdir}${named_conf%/*}" run_rc_command "$1" diff --git a/etc/rc.d/power_profile b/etc/rc.d/power_profile index 03d36be5b380..581e861ea40f 100755 --- a/etc/rc.d/power_profile +++ b/etc/rc.d/power_profile @@ -1,97 +1,97 @@ #!/bin/sh # # Modify the power profile based on AC line state. This script is # usually called from devd(8). # # Arguments: 0x00 (AC offline, economy) or 0x01 (AC online, performance) # # $FreeBSD$ # # PROVIDE: power_profile # REQUIRE: FILESYSTEMS syslogd # KEYWORD: nojail nostart . /etc/rc.subr name="power_profile" stop_cmd=':' LOGGER="logger -t power_profile -p daemon.notice" # Set a given sysctl node to a value. # # Variables: # $node: sysctl node to set with the new value # $value: HIGH for the highest performance value, LOW for the best # economy value, or the value itself. # $highest_value: maximum value for this sysctl, when $value is "HIGH" # $lowest_value: minimum value for this sysctl, when $value is "LOW" # -sysctl_set () +sysctl_set() { # Check if the node exists if [ -z "$(sysctl -n ${node} 2> /dev/null)" ]; then return fi # Get the new value, checking for special types HIGH or LOW case ${value} in [Hh][Ii][Gg][Hh]) value=${highest_value} ;; [Ll][Oo][Ww]) value=${lowest_value} ;; [Nn][Oo][Nn][Ee]) return ;; *) ;; esac # Set the desired value if [ -n "${value}" ]; then if ! sysctl ${node}=${value} > /dev/null 2>&1; then warn "unable to set ${node}=${value}" fi fi } if [ $# -ne 1 ]; then err 1 "Usage: $0 [0x00|0x01]" fi load_rc_config $name # Find the next state (performance or economy). state=$1 case ${state} in 0x01 | '') ${LOGGER} "changed to 'performance'" profile="performance" ;; 0x00) ${LOGGER} "changed to 'economy'" profile="economy" ;; *) echo "Usage: $0 [0x00|0x01]" exit 1 esac # Set the various sysctls based on the profile's values. node="hw.acpi.cpu.cx_lowest" highest_value="C1" lowest_value="`(sysctl -n dev.cpu.0.cx_supported | \ awk '{ print "C" split($0, a) }' -) 2> /dev/null`" eval value=\$${profile}_cx_lowest sysctl_set node="dev.cpu.0.freq" highest_value="`(sysctl -n dev.cpu.0.freq_levels | \ awk '{ split($0, a, "[/ ]"); print a[1] }' -) 2> /dev/null`" lowest_value="`(sysctl -n dev.cpu.0.freq_levels | \ awk '{ split($0, a, "[/ ]"); print a[length(a) - 1] }' -) 2> /dev/null`" eval value=\$${profile}_cpu_freq sysctl_set exit 0 diff --git a/etc/rc.d/tmp b/etc/rc.d/tmp index dfb439e21706..837259889095 100755 --- a/etc/rc.d/tmp +++ b/etc/rc.d/tmp @@ -1,71 +1,71 @@ #!/bin/sh # # Copyright (c) 1999 Matt Dillon # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # PROVIDE: tmp # REQUIRE: mountcritremote . /etc/rc.subr name="tmp" stop_cmd=':' load_rc_config $name -mount_tmpmfs () +mount_tmpmfs() { if ! /bin/df /tmp | grep -q "^/dev/md[0-9]"; then mount_md ${tmpsize} /tmp "${tmpmfs_flags}" chmod 01777 /tmp fi } # If we do not have a writable /tmp, create a memory # filesystem for /tmp. If /tmp is a symlink (e.g. to /var/tmp, # then it should already be writable). # case "${tmpmfs}" in [Aa][Uu][Tt][Oo]) if _tmpdir=$(mktemp -d -q /tmp/.diskless.XXXXXX); then rmdir ${_tmpdir} else if [ -h /tmp ]; then echo "*** /tmp is a symlink to a non-writable area!" echo "dropping into shell, ^D to continue anyway." /bin/sh else mount_tmpmfs fi fi ;; *) if checkyesno tmpmfs; then mount_tmpmfs fi ;; esac diff --git a/etc/rc.firewall b/etc/rc.firewall index d5f2dbeba25e..d8a3f6ca5508 100644 --- a/etc/rc.firewall +++ b/etc/rc.firewall @@ -1,539 +1,539 @@ #!/bin/sh - # Copyright (c) 1996 Poul-Henning Kamp # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # # Setup system for ipfw(4) firewall service. # # Suck in the configuration variables. if [ -z "${source_rc_confs_defined}" ]; then if [ -r /etc/defaults/rc.conf ]; then . /etc/defaults/rc.conf source_rc_confs elif [ -r /etc/rc.conf ]; then . /etc/rc.conf fi fi ############ # Define the firewall type in /etc/rc.conf. Valid values are: # open - will allow anyone in # client - will try to protect just this machine # simple - will try to protect a whole network # closed - totally disables IP services except via lo0 interface # workstation - will try to protect just this machine using stateful # firewalling. See below for rc.conf variables used # UNKNOWN - disables the loading of firewall rules. # filename - will load the rules in the given filename (full path required) # # For ``client'' and ``simple'' the entries below should be customized # appropriately. ############ # # If you don't know enough about packet filtering, we suggest that you # take time to read this book: # # Building Internet Firewalls, 2nd Edition # Brent Chapman and Elizabeth Zwicky # # O'Reilly & Associates, Inc # ISBN 1-56592-871-7 # http://www.ora.com/ # http://www.oreilly.com/catalog/fire2/ # # For a more advanced treatment of Internet Security read: # # Firewalls and Internet Security: Repelling the Wily Hacker, 2nd Edition # William R. Cheswick, Steven M. Bellowin, Aviel D. Rubin # # Addison-Wesley / Prentice Hall # ISBN 0-201-63466-X # http://www.pearsonhighered.com/ # http://www.pearsonhighered.com/educator/academic/product/0,3110,020163466X,00.html # -setup_loopback () { +setup_loopback() { ############ # Only in rare cases do you want to change these rules # ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any if [ $ipv6_available -eq 0 ]; then ${fwcmd} add 400 deny all from any to ::1 ${fwcmd} add 500 deny all from ::1 to any fi } -setup_ipv6_mandatory () { +setup_ipv6_mandatory() { [ $ipv6_available -eq 0 ] || return 0 ############ # Only in rare cases do you want to change these rules # # ND # # DAD ${fwcmd} add pass ipv6-icmp from :: to ff02::/16 # RS, RA, NS, NA, redirect... ${fwcmd} add pass ipv6-icmp from fe80::/10 to fe80::/10 ${fwcmd} add pass ipv6-icmp from fe80::/10 to ff02::/16 # Allow ICMPv6 destination unreachable ${fwcmd} add pass ipv6-icmp from any to any icmp6types 1 # Allow NS/NA/toobig (don't filter it out) ${fwcmd} add pass ipv6-icmp from any to any icmp6types 2,135,136 } if [ -n "${1}" ]; then firewall_type="${1}" fi . /etc/rc.subr . /etc/network.subr afexists inet6 ipv6_available=$? ############ # Set quiet mode if requested # case ${firewall_quiet} in [Yy][Ee][Ss]) fwcmd="/sbin/ipfw -q" ;; *) fwcmd="/sbin/ipfw" ;; esac ############ # Flush out the list before we begin. # ${fwcmd} -f flush setup_loopback setup_ipv6_mandatory ############ # Network Address Translation. All packets are passed to natd(8) # before they encounter your remaining rules. The firewall rules # will then be run again on each packet after translation by natd # starting at the rule number following the divert rule. # # For ``simple'' firewall type the divert rule should be put to a # different place to not interfere with address-checking rules. # case ${firewall_type} in [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add 50 divert natd ip4 from any to any via ${natd_interface} fi ;; esac case ${firewall_nat_enable} in [Yy][Ee][Ss]) if [ -n "${firewall_nat_interface}" ]; then if echo "${firewall_nat_interface}" | \ grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}" else firewall_nat_flags="if ${firewall_nat_interface} ${firewall_nat_flags}" fi ${fwcmd} nat 123 config log ${firewall_nat_flags} ${fwcmd} add 50 nat 123 ip4 from any to any via ${firewall_nat_interface} fi ;; esac esac ############ # If you just configured ipfw in the kernel as a tool to solve network # problems or you just want to disallow some particular kinds of traffic # then you will want to change the default policy to open. You can also # do this as your only action by setting the firewall_type to ``open''. # # ${fwcmd} add 65000 pass all from any to any # Prototype setups. # case ${firewall_type} in [Oo][Pp][Ee][Nn]) ${fwcmd} add 65000 pass all from any to any ;; [Cc][Ll][Ii][Ee][Nn][Tt]) ############ # This is a prototype setup that will protect your system somewhat # against people from outside your own network. # # Configuration: # firewall_client_net: Network address of local IPv4 network. # firewall_client_net_ipv6: Network address of local IPv6 network. ############ # set this to your local network net="$firewall_client_net" net6="$firewall_client_net_ipv6" # Allow limited broadcast traffic from my own net. ${fwcmd} add pass all from ${net} to 255.255.255.255 # Allow any traffic to or from my own net. ${fwcmd} add pass all from me to ${net} ${fwcmd} add pass all from ${net} to me if [ -n "$net6" ]; then ${fwcmd} add pass all from me to ${net6} ${fwcmd} add pass all from ${net6} to me fi if [ -n "$net6" ]; then # Allow any link-local multicast traffic ${fwcmd} add pass all from fe80::/10 to ff02::/16 ${fwcmd} add pass all from ${net6} to ff02::/16 # Allow DHCPv6 ${fwcmd} add pass udp from fe80::/10 to me 546 fi # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established # Allow IP fragments to pass through ${fwcmd} add pass all from any to any frag # Allow setup of incoming email ${fwcmd} add pass tcp from any to me 25 setup # Allow setup of outgoing TCP connections only ${fwcmd} add pass tcp from me to any setup # Disallow setup of all other TCP connections ${fwcmd} add deny tcp from any to any setup # Allow DNS queries out in the world ${fwcmd} add pass udp from me to any 53 keep-state # Allow NTP queries out in the world ${fwcmd} add pass udp from me to any 123 keep-state # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel # config file. ;; [Ss][Ii][Mm][Pp][Ll][Ee]) ############ # This is a prototype setup for a simple firewall. Configure this # machine as a DNS and NTP server, and point all the machines # on the inside at this machine for those services. # # Configuration: # firewall_simple_iif: Inside IPv4 network interface. # firewall_simple_inet: Inside IPv4 network address. # firewall_simple_oif: Outside IPv4 network interface. # firewall_simple_onet: Outside IPv4 network address. # firewall_simple_iif_ipv6: Inside IPv6 network interface. # firewall_simple_inet_ipv6: Inside IPv6 network prefix. # firewall_simple_oif_ipv6: Outside IPv6 network interface. # firewall_simple_onet_ipv6: Outside IPv6 network prefix. ############ # set these to your outside interface network oif="$firewall_simple_oif" onet="$firewall_simple_onet" oif6="${firewall_simple_oif_ipv6:-$firewall_simple_oif}" onet6="$firewall_simple_onet_ipv6" # set these to your inside interface network iif="$firewall_simple_iif" inet="$firewall_simple_inet" iif6="${firewall_simple_iif_ipv6:-$firewall_simple_iif}" inet6="$firewall_simple_inet_ipv6" # Stop spoofing ${fwcmd} add deny all from ${inet} to any in via ${oif} ${fwcmd} add deny all from ${onet} to any in via ${iif} if [ -n "$inet6" ]; then ${fwcmd} add deny all from ${inet6} to any in via ${oif6} if [ -n "$onet6" ]; then ${fwcmd} add deny all from ${onet6} to any in \ via ${iif6} fi fi # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif} ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) # on the outside interface ${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif} ${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif} ${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif} ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif} ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif} # Network Address Translation. This rule is placed here deliberately # so that it does not interfere with the surrounding address-checking # rules. If for example one of your internal LAN machines had its IP # address set to 192.0.2.1 then an incoming packet for it after being # translated by natd(8) would match the `deny' rule above. Similarly # an outgoing packet originated from it before being translated would # match the `deny' rule below. case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add divert natd ip4 from any to any via ${natd_interface} fi ;; esac # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif} ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) # on the outside interface ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif} ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif} ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif} ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif} if [ -n "$inet6" ]; then # Stop unique local unicast address on the outside interface ${fwcmd} add deny all from fc00::/7 to any via ${oif6} ${fwcmd} add deny all from any to fc00::/7 via ${oif6} # Stop site-local on the outside interface ${fwcmd} add deny all from fec0::/10 to any via ${oif6} ${fwcmd} add deny all from any to fec0::/10 via ${oif6} # Disallow "internal" addresses to appear on the wire. ${fwcmd} add deny all from ::ffff:0.0.0.0/96 to any \ via ${oif6} ${fwcmd} add deny all from any to ::ffff:0.0.0.0/96 \ via ${oif6} # Disallow packets to malicious IPv4 compatible prefix. ${fwcmd} add deny all from ::224.0.0.0/100 to any via ${oif6} ${fwcmd} add deny all from any to ::224.0.0.0/100 via ${oif6} ${fwcmd} add deny all from ::127.0.0.0/104 to any via ${oif6} ${fwcmd} add deny all from any to ::127.0.0.0/104 via ${oif6} ${fwcmd} add deny all from ::0.0.0.0/104 to any via ${oif6} ${fwcmd} add deny all from any to ::0.0.0.0/104 via ${oif6} ${fwcmd} add deny all from ::255.0.0.0/104 to any via ${oif6} ${fwcmd} add deny all from any to ::255.0.0.0/104 via ${oif6} ${fwcmd} add deny all from ::0.0.0.0/96 to any via ${oif6} ${fwcmd} add deny all from any to ::0.0.0.0/96 via ${oif6} # Disallow packets to malicious 6to4 prefix. ${fwcmd} add deny all from 2002:e000::/20 to any via ${oif6} ${fwcmd} add deny all from any to 2002:e000::/20 via ${oif6} ${fwcmd} add deny all from 2002:7f00::/24 to any via ${oif6} ${fwcmd} add deny all from any to 2002:7f00::/24 via ${oif6} ${fwcmd} add deny all from 2002:0000::/24 to any via ${oif6} ${fwcmd} add deny all from any to 2002:0000::/24 via ${oif6} ${fwcmd} add deny all from 2002:ff00::/24 to any via ${oif6} ${fwcmd} add deny all from any to 2002:ff00::/24 via ${oif6} ${fwcmd} add deny all from 2002:0a00::/24 to any via ${oif6} ${fwcmd} add deny all from any to 2002:0a00::/24 via ${oif6} ${fwcmd} add deny all from 2002:ac10::/28 to any via ${oif6} ${fwcmd} add deny all from any to 2002:ac10::/28 via ${oif6} ${fwcmd} add deny all from 2002:c0a8::/32 to any via ${oif6} ${fwcmd} add deny all from any to 2002:c0a8::/32 via ${oif6} ${fwcmd} add deny all from ff05::/16 to any via ${oif6} ${fwcmd} add deny all from any to ff05::/16 via ${oif6} fi # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established # Allow IP fragments to pass through ${fwcmd} add pass all from any to any frag # Allow setup of incoming email ${fwcmd} add pass tcp from any to me 25 setup # Allow access to our DNS ${fwcmd} add pass tcp from any to me 53 setup ${fwcmd} add pass udp from any to me 53 ${fwcmd} add pass udp from me 53 to any # Allow access to our WWW ${fwcmd} add pass tcp from any to me 80 setup # Reject&Log all setup of incoming connections from the outside ${fwcmd} add deny log ip4 from any to any in via ${oif} setup proto tcp if [ -n "$inet6" ]; then ${fwcmd} add deny log ip6 from any to any in via ${oif6} \ setup proto tcp fi # Allow setup of any other TCP connection ${fwcmd} add pass tcp from any to any setup # Allow DNS queries out in the world ${fwcmd} add pass udp from me to any 53 keep-state # Allow NTP queries out in the world ${fwcmd} add pass udp from me to any 123 keep-state # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel # config file. ;; [Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn]) # Configuration: # firewall_myservices: List of TCP ports on which this host # offers services. # firewall_allowservices: List of IPv4 and/or IPv6 addresses # that have access to # $firewall_myservices. # firewall_trusted: List of IPv4 and/or IPv6 addresses # that have full access to this host. # Be very careful when setting this. # This option can seriously degrade # the level of protection provided by # the firewall. # firewall_logdeny: Boolean (YES/NO) specifying if the # default denied packets should be # logged (in /var/log/security). # firewall_nologports: List of TCP/UDP ports for which # denied incoming packets are not # logged. # Allow packets for which a state has been built. ${fwcmd} add check-state # For services permitted below. ${fwcmd} add pass tcp from me to any established # Allow any connection out, adding state for each. ${fwcmd} add pass tcp from me to any setup keep-state ${fwcmd} add pass udp from me to any keep-state ${fwcmd} add pass icmp from me to any keep-state if [ $ipv6_available -eq 0 ]; then ${fwcmd} add pass ipv6-icmp from me to any keep-state fi # Allow DHCP. ${fwcmd} add pass udp from 0.0.0.0 68 to 255.255.255.255 67 out ${fwcmd} add pass udp from any 67 to me 68 in ${fwcmd} add pass udp from any 67 to 255.255.255.255 68 in if [ $ipv6_available -eq 0 ]; then ${fwcmd} add pass udp from fe80::/10 to me 546 in fi # Some servers will ping the IP while trying to decide if it's # still in use. ${fwcmd} add pass icmp from any to any icmptype 8 if [ $ipv6_available -eq 0 ]; then ${fwcmd} add pass ipv6-icmp from any to any icmp6type 128,129 fi # Allow "mandatory" ICMP in. ${fwcmd} add pass icmp from any to any icmptype 3,4,11 if [ $ipv6_available -eq 0 ]; then ${fwcmd} add pass ipv6-icmp from any to any icmp6type 3 fi # Add permits for this workstations published services below # Only IPs and nets in firewall_allowservices is allowed in. # If you really wish to let anyone use services on your # workstation, then set "firewall_allowservices='any'" in /etc/rc.conf # # Note: We don't use keep-state as that would allow DoS of # our statetable. # You can add 'keep-state' to the lines for slightly # better performance if you fell that DoS of your # workstation won't be a problem. # for i in ${firewall_allowservices} ; do for j in ${firewall_myservices} ; do ${fwcmd} add pass tcp from $i to me $j done done # Allow all connections from trusted IPs. # Playing with the content of firewall_trusted could seriously # degrade the level of protection provided by the firewall. for i in ${firewall_trusted} ; do ${fwcmd} add pass ip from $i to me done ${fwcmd} add 65000 count ip from any to any # Drop packets to ports where we don't want logging for i in ${firewall_nologports} ; do ${fwcmd} add deny { tcp or udp } from any to any $i in done # Broadcasts and multicasts ${fwcmd} add deny ip from any to 255.255.255.255 ${fwcmd} add deny ip from any to 224.0.0.0/24 in # XXX # Noise from routers ${fwcmd} add deny udp from any to any 520 in # Noise from webbrowsing. # The stateful filter is a bit aggressive, and will cause some # connection teardowns to be logged. ${fwcmd} add deny tcp from any 80,443 to any 1024-65535 in # Deny and (if wanted) log the rest unconditionally. log="" if [ ${firewall_logdeny:-x} = "YES" -o ${firewall_logdeny:-x} = "yes" ] ; then log="log logamount 500" # The default of 100 is too low. sysctl net.inet.ip.fw.verbose=1 >/dev/null fi ${fwcmd} add deny $log ip from any to any ;; [Cc][Ll][Oo][Ss][Ee][Dd]) ${fwcmd} add 65000 deny ip from any to any ;; [Uu][Nn][Kk][Nn][Oo][Ww][Nn]) ;; *) if [ -r "${firewall_type}" ]; then ${fwcmd} ${firewall_flags} ${firewall_type} fi ;; esac diff --git a/etc/rc.subr b/etc/rc.subr index 4c445a0c3235..86442d460074 100644 --- a/etc/rc.subr +++ b/etc/rc.subr @@ -1,1743 +1,1743 @@ # $NetBSD: rc.subr,v 1.67 2006/10/07 11:25:15 elad Exp $ # $FreeBSD$ # # Copyright (c) 1997-2004 The NetBSD Foundation, Inc. # All rights reserved. # # This code is derived from software contributed to The NetBSD Foundation # by Luke Mewburn. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # rc.subr # functions used by various rc scripts # : ${RC_PID:=$$}; export RC_PID # # Operating System dependent/independent variables # if [ -z "${_rc_subr_loaded}" ]; then _rc_subr_loaded="YES" SYSCTL="/sbin/sysctl" SYSCTL_N="${SYSCTL} -n" SYSCTL_W="${SYSCTL}" ID="/usr/bin/id" IDCMD="if [ -x $ID ]; then $ID -un; fi" PS="/bin/ps -ww" JID=`$PS -p $$ -o jid=` # # functions # --------- # set_rcvar_obsolete oldvar [newvar] [msg] # Define obsolete variable. # Global variable $rcvars_obsolete is used. # set_rcvar_obsolete() { local _var _var=$1 debug "rcvar_obsolete: \$$1(old) -> \$$2(new) is defined" rcvars_obsolete="${rcvars_obsolete# } $1" eval ${1}_newvar=\"$2\" shift 2 eval ${_var}_obsolete_msg=\"$*\" } # # force_depend script [rcvar] # Force a service to start. Intended for use by services # to resolve dependency issues. # $1 - filename of script, in /etc/rc.d, to run # $2 - name of the script's rcvar (minus the _enable) # force_depend() { local _depend _dep_rcvar _depend="$1" _dep_rcvar="${2:-$1}_enable" [ -n "$rc_fast" ] && ! checkyesno always_force_depends && checkyesno $_dep_rcvar && return 0 /etc/rc.d/${_depend} forcestatus >/dev/null 2>&1 && return 0 info "${name} depends on ${_depend}, which will be forced to start." if ! /etc/rc.d/${_depend} forcestart; then warn "Unable to force ${_depend}. It may already be running." return 1 fi } # # checkyesno var # Test $1 variable, and warn if not set to YES or NO. # Return 0 if it's "yes" (et al), nonzero otherwise. # checkyesno() { eval _value=\$${1} debug "checkyesno: $1 is set to $_value." case $_value in # "yes", "true", "on", or "1" [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) return 0 ;; # "no", "false", "off", or "0" [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) return 1 ;; *) warn "\$${1} is not set properly - see rc.conf(5)." return 1 ;; esac } # # reverse_list list # print the list in reverse order # reverse_list() { _revlist= for _revfile; do _revlist="$_revfile $_revlist" done echo $_revlist } # stop_boot always # If booting directly to multiuser or $always is enabled, # send SIGTERM to the parent (/etc/rc) to abort the boot. # Otherwise just exit. # stop_boot() { local always case $1 in # "yes", "true", "on", or "1" [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) always=true ;; *) always=false ;; esac if [ "$autoboot" = yes -o "$always" = true ]; then echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" kill -TERM ${RC_PID} fi exit 1 } # # mount_critical_filesystems type # Go through the list of critical filesystems as provided in # the rc.conf(5) variable $critical_filesystems_${type}, checking # each one to see if it is mounted, and if it is not, mounting it. # mount_critical_filesystems() { eval _fslist=\$critical_filesystems_${1} for _fs in $_fslist; do mount | ( _ismounted=false while read what _on on _type type; do if [ $on = $_fs ]; then _ismounted=true fi done if $_ismounted; then : else mount $_fs >/dev/null 2>&1 fi ) done } # # check_pidfile pidfile procname [interpreter] # Parses the first line of pidfile for a PID, and ensures # that the process is running and matches procname. # Prints the matching PID upon success, nothing otherwise. # interpreter is optional; see _find_processes() for details. # check_pidfile() { _pidfile=$1 _procname=$2 _interpreter=$3 if [ -z "$_pidfile" -o -z "$_procname" ]; then err 3 'USAGE: check_pidfile pidfile procname [interpreter]' fi if [ ! -f $_pidfile ]; then debug "pid file ($_pidfile): not readable." return fi read _pid _junk < $_pidfile if [ -z "$_pid" ]; then debug "pid file ($_pidfile): no pid in file." return fi _find_processes $_procname ${_interpreter:-.} '-p '"$_pid" } # # check_process procname [interpreter] # Ensures that a process (or processes) named procname is running. # Prints a list of matching PIDs. # interpreter is optional; see _find_processes() for details. # check_process() { _procname=$1 _interpreter=$2 if [ -z "$_procname" ]; then err 3 'USAGE: check_process procname [interpreter]' fi _find_processes $_procname ${_interpreter:-.} '-ax' } # # _find_processes procname interpreter psargs # Search for procname in the output of ps generated by psargs. # Prints the PIDs of any matching processes, space separated. # # If interpreter == ".", check the following variations of procname # against the first word of each command: # procname # `basename procname` # `basename procname` + ":" # "(" + `basename procname` + ")" # "[" + `basename procname` + "]" # # If interpreter != ".", read the first line of procname, remove the # leading #!, normalise whitespace, append procname, and attempt to # match that against each command, either as is, or with extra words # at the end. As an alternative, to deal with interpreted daemons # using perl, the basename of the interpreter plus a colon is also # tried as the prefix to procname. # _find_processes() { if [ $# -ne 3 ]; then err 3 'USAGE: _find_processes procname interpreter psargs' fi _procname=$1 _interpreter=$2 _psargs=$3 _pref= if [ $_interpreter != "." ]; then # an interpreted script _script=${_chroot}${_chroot:+"/"}$_procname if [ -r $_script ]; then read _interp < $_script # read interpreter name case "$_interp" in \#!*) _interp=${_interp#\#!} # strip #! set -- $_interp case $1 in */bin/env) shift # drop env to get real name ;; esac if [ $_interpreter != $1 ]; then warn "\$command_interpreter $_interpreter != $1" fi ;; *) warn "no shebang line in $_script" set -- $_interpreter ;; esac else warn "cannot read shebang line from $_script" set -- $_interpreter fi _interp="$* $_procname" # cleanup spaces, add _procname _interpbn=${1##*/} _fp_args='_argv' _fp_match='case "$_argv" in ${_interp}|"${_interp} "*|"${_interpbn}: ${_procname}"*)' else # a normal daemon _procnamebn=${_procname##*/} _fp_args='_arg0 _argv' _fp_match='case "$_arg0" in $_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")' fi _proccheck="\ $PS 2>/dev/null -o pid= -o jid= -o command= $_psargs"' | while read _npid _jid '"$_fp_args"'; do '"$_fp_match"' if [ "$JID" -eq "$_jid" ]; then echo -n "$_pref$_npid"; _pref=" "; fi ;; esac done' # debug "in _find_processes: proccheck is ($_proccheck)." eval $_proccheck } # # wait_for_pids pid [pid ...] # spins until none of the pids exist # wait_for_pids() { local _list _prefix _nlist _j _list="$@" if [ -z "$_list" ]; then return fi _prefix= while true; do _nlist=""; for _j in $_list; do if kill -0 $_j 2>/dev/null; then _nlist="${_nlist}${_nlist:+ }$_j" [ -n "$_prefix" ] && sleep 1 fi done if [ -z "$_nlist" ]; then break fi _list=$_nlist echo -n ${_prefix:-"Waiting for PIDS: "}$_list _prefix=", " pwait $_list 2>/dev/null done if [ -n "$_prefix" ]; then echo "." fi } # # get_pidfile_from_conf string file # # Takes a string to search for in the specified file. # Ignores lines with traditional comment characters. # # Example: # # if get_pidfile_from_conf string file; then # pidfile="$_pidfile_from_conf" # else # pidfile='appropriate default' # fi # get_pidfile_from_conf() { if [ -z "$1" -o -z "$2" ]; then err 3 "USAGE: get_pidfile_from_conf string file ($name)" fi local string file line string="$1" ; file="$2" if [ ! -s "$file" ]; then err 3 "get_pidfile_from_conf: $file does not exist ($name)" fi while read line; do case "$line" in *[#\;]*${string}*) continue ;; *${string}*) break ;; esac done < $file if [ -n "$line" ]; then line=${line#*/} _pidfile_from_conf="/${line%%[\"\;]*}" else return 1 fi } # # check_startmsgs # If rc_quiet is set (usually as a result of using faststart at # boot time) check if rc_startmsgs is enabled. # check_startmsgs() { if [ -n "$rc_quiet" ]; then checkyesno rc_startmsgs else return 0 fi } # # run_rc_command argument # Search for argument in the list of supported commands, which is: # "start stop restart rcvar status poll ${extra_commands}" # If there's a match, run ${argument}_cmd or the default method # (see below). # # If argument has a given prefix, then change the operation as follows: # Prefix Operation # ------ --------- # fast Skip the pid check, and set rc_fast=yes, rc_quiet=yes # force Set ${rcvar} to YES, and set rc_force=yes # one Set ${rcvar} to YES # quiet Don't output some diagnostics, and set rc_quiet=yes # # The following globals are used: # # Name Needed Purpose # ---- ------ ------- # name y Name of script. # # command n Full path to command. # Not needed if ${rc_arg}_cmd is set for # each keyword. # # command_args n Optional args/shell directives for command. # # command_interpreter n If not empty, command is interpreted, so # call check_{pidfile,process}() appropriately. # # desc n Description of script. # # extra_commands n List of extra commands supported. # # pidfile n If set, use check_pidfile $pidfile $command, # otherwise use check_process $command. # In either case, only check if $command is set. # # procname n Process name to check for instead of $command. # # rcvar n This is checked with checkyesno to determine # if the action should be run. # # ${name}_program n Full path to command. # Meant to be used in /etc/rc.conf to override # ${command}. # # ${name}_chroot n Directory to chroot to before running ${command} # Requires /usr to be mounted. # # ${name}_chdir n Directory to cd to before running ${command} # (if not using ${name}_chroot). # # ${name}_flags n Arguments to call ${command} with. # NOTE: $flags from the parent environment # can be used to override this. # # ${name}_nice n Nice level to run ${command} at. # # ${name}_user n User to run ${command} as, using su(1) if not # using ${name}_chroot. # Requires /usr to be mounted. # # ${name}_group n Group to run chrooted ${command} as. # Requires /usr to be mounted. # # ${name}_groups n Comma separated list of supplementary groups # to run the chrooted ${command} with. # Requires /usr to be mounted. # # ${rc_arg}_cmd n If set, use this as the method when invoked; # Otherwise, use default command (see below) # # ${rc_arg}_precmd n If set, run just before performing the # ${rc_arg}_cmd method in the default # operation (i.e, after checking for required # bits and process (non)existence). # If this completes with a non-zero exit code, # don't run ${rc_arg}_cmd. # # ${rc_arg}_postcmd n If set, run just after performing the # ${rc_arg}_cmd method, if that method # returned a zero exit code. # # required_dirs n If set, check for the existence of the given # directories before running a (re)start command. # # required_files n If set, check for the readability of the given # files before running a (re)start command. # # required_modules n If set, ensure the given kernel modules are # loaded before running a (re)start command. # The check and possible loads are actually # done after start_precmd so that the modules # aren't loaded in vain, should the precmd # return a non-zero status to indicate a error. # If a word in the list looks like "foo:bar", # "foo" is the KLD file name and "bar" is the # module name. If a word looks like "foo~bar", # "foo" is the KLD file name and "bar" is a # egrep(1) pattern matching the module name. # Otherwise the module name is assumed to be # the same as the KLD file name, which is most # common. See load_kld(). # # required_vars n If set, perform checkyesno on each of the # listed variables before running the default # (re)start command. # # Default behaviour for a given argument, if no override method is # provided: # # Argument Default behaviour # -------- ----------------- # start if !running && checkyesno ${rcvar} # ${command} # # stop if ${pidfile} # rc_pid=$(check_pidfile $pidfile $command) # else # rc_pid=$(check_process $command) # kill $sig_stop $rc_pid # wait_for_pids $rc_pid # ($sig_stop defaults to TERM.) # # reload Similar to stop, except use $sig_reload instead, # and doesn't wait_for_pids. # $sig_reload defaults to HUP. # Note that `reload' isn't provided by default, # it should be enabled via $extra_commands. # # restart Run `stop' then `start'. # # status Show if ${command} is running, etc. # # poll Wait for ${command} to exit. # # rcvar Display what rc.conf variable is used (if any). # # Variables available to methods, and after run_rc_command() has # completed: # # Variable Purpose # -------- ------- # rc_arg Argument to command, after fast/force/one processing # performed # # rc_flags Flags to start the default command with. # Defaults to ${name}_flags, unless overridden # by $flags from the environment. # This variable may be changed by the precmd method. # # rc_pid PID of command (if appropriate) # # rc_fast Not empty if "fast" was provided (q.v.) # # rc_force Not empty if "force" was provided (q.v.) # # rc_quiet Not empty if "quiet" was provided # # run_rc_command() { _return=0 rc_arg=$1 if [ -z "$name" ]; then err 3 'run_rc_command: $name is not set.' fi # Don't repeat the first argument when passing additional command- # line arguments to the command subroutines. # shift 1 rc_extra_args="$*" _rc_prefix= case "$rc_arg" in fast*) # "fast" prefix; don't check pid rc_arg=${rc_arg#fast} rc_fast=yes rc_quiet=yes ;; force*) # "force" prefix; always run rc_force=yes _rc_prefix=force rc_arg=${rc_arg#${_rc_prefix}} if [ -n "${rcvar}" ]; then eval ${rcvar}=YES fi ;; one*) # "one" prefix; set ${rcvar}=yes _rc_prefix=one rc_arg=${rc_arg#${_rc_prefix}} if [ -n "${rcvar}" ]; then eval ${rcvar}=YES fi ;; quiet*) # "quiet" prefix; omit some messages _rc_prefix=quiet rc_arg=${rc_arg#${_rc_prefix}} rc_quiet=yes ;; esac eval _override_command=\$${name}_program command=${_override_command:-$command} _keywords="start stop restart rcvar $extra_commands" rc_pid= _pidcmd= _procname=${procname:-${command}} # setup pid check command if [ -n "$_procname" ]; then if [ -n "$pidfile" ]; then _pidcmd='rc_pid=$(check_pidfile '"$pidfile $_procname $command_interpreter"')' else _pidcmd='rc_pid=$(check_process '"$_procname $command_interpreter"')' fi if [ -n "$_pidcmd" ]; then _keywords="${_keywords} status poll" fi fi if [ -z "$rc_arg" ]; then rc_usage $_keywords fi if [ -n "$flags" ]; then # allow override from environment rc_flags=$flags else eval rc_flags=\$${name}_flags fi eval _chdir=\$${name}_chdir _chroot=\$${name}_chroot \ _nice=\$${name}_nice _user=\$${name}_user \ _group=\$${name}_group _groups=\$${name}_groups if [ -n "$_user" ]; then # unset $_user if running as that user if [ "$_user" = "$(eval $IDCMD)" ]; then unset _user fi fi [ -z "$autoboot" ] && eval $_pidcmd # determine the pid if necessary for _elem in $_keywords; do if [ "$_elem" != "$rc_arg" ]; then continue fi # if ${rcvar} is set, $1 is not "rcvar" # and ${rc_pid} is not set, then run # checkyesno ${rcvar} # and return if that failed # if [ -n "${rcvar}" -a "$rc_arg" != "rcvar" -a "$rc_arg" != "stop" ] || [ -n "${rcvar}" -a "$rc_arg" = "stop" -a -z "${rc_pid}" ]; then if ! checkyesno ${rcvar}; then if [ -n "${rc_quiet}" ]; then return 0 fi echo -n "Cannot '${rc_arg}' $name. Set ${rcvar} to " echo -n "YES in /etc/rc.conf or use 'one${rc_arg}' " echo "instead of '${rc_arg}'." return 0 fi fi # if there's a custom ${XXX_cmd}, # run that instead of the default # eval _cmd=\$${rc_arg}_cmd \ _precmd=\$${rc_arg}_precmd \ _postcmd=\$${rc_arg}_postcmd if [ -n "$_cmd" ]; then _run_rc_precmd || return 1 _run_rc_doit "$_cmd $rc_extra_args" || return 1 _run_rc_postcmd return $_return fi case "$rc_arg" in # default operations... status) _run_rc_precmd || return 1 if [ -n "$rc_pid" ]; then echo "${name} is running as pid $rc_pid." else echo "${name} is not running." return 1 fi _run_rc_postcmd ;; start) if [ -z "$rc_fast" -a -n "$rc_pid" ]; then echo 1>&2 "${name} already running? (pid=$rc_pid)." return 1 fi if [ ! -x ${_chroot}${_chroot:+"/"}${command} ]; then warn "run_rc_command: cannot run $command" return 1 fi if ! _run_rc_precmd; then warn "failed precmd routine for ${name}" return 1 fi # setup the full command to run # check_startmsgs && echo "Starting ${name}." if [ -n "$_chroot" ]; then _doit="\ ${_nice:+nice -n $_nice }\ chroot ${_user:+-u $_user }${_group:+-g $_group }${_groups:+-G $_groups }\ $_chroot $command $rc_flags $command_args" else _doit="\ ${_chdir:+cd $_chdir && }\ $command $rc_flags $command_args" if [ -n "$_user" ]; then _doit="su -m $_user -c 'sh -c \"$_doit\"'" fi if [ -n "$_nice" ]; then if [ -z "$_user" ]; then _doit="sh -c \"$_doit\"" fi _doit="nice -n $_nice $_doit" fi fi # run the full command # if ! _run_rc_doit "$_doit"; then warn "failed to start ${name}" return 1 fi # finally, run postcmd # _run_rc_postcmd ;; stop) if [ -z "$rc_pid" ]; then [ -n "$rc_fast" ] && return 0 _run_rc_notrunning return 1 fi _run_rc_precmd || return 1 # send the signal to stop # echo "Stopping ${name}." _doit=$(_run_rc_killcmd "${sig_stop:-TERM}") _run_rc_doit "$_doit" || return 1 # wait for the command to exit, # and run postcmd. wait_for_pids $rc_pid _run_rc_postcmd ;; reload) if [ -z "$rc_pid" ]; then _run_rc_notrunning return 1 fi _run_rc_precmd || return 1 _doit=$(_run_rc_killcmd "${sig_reload:-HUP}") _run_rc_doit "$_doit" || return 1 _run_rc_postcmd ;; restart) # prevent restart being called more # than once by any given script # if ${_rc_restart_done:-false}; then return 0 fi _rc_restart_done=true _run_rc_precmd || return 1 # run those in a subshell to keep global variables ( run_rc_command ${_rc_prefix}stop $rc_extra_args ) ( run_rc_command ${_rc_prefix}start $rc_extra_args ) _return=$? [ $_return -ne 0 ] && [ -z "$rc_force" ] && return 1 _run_rc_postcmd ;; poll) _run_rc_precmd || return 1 if [ -n "$rc_pid" ]; then wait_for_pids $rc_pid fi _run_rc_postcmd ;; rcvar) echo -n "# $name" if [ -n "$desc" ]; then echo " : $desc" else echo "" fi echo "#" # Get unique vars in $rcvar for _v in $rcvar; do case $v in $_v\ *|\ *$_v|*\ $_v\ *) ;; *) v="${v# } $_v" ;; esac done # Display variables. for _v in $v; do if [ -z "$_v" ]; then continue fi eval _desc=\$${_v}_desc eval _defval=\$${_v}_defval _h="-" eval echo \"$_v=\\\"\$$_v\\\"\" # decode multiple lines of _desc while [ -n "$_desc" ]; do case $_desc in *^^*) echo "# $_h ${_desc%%^^*}" _desc=${_desc#*^^} _h=" " ;; *) echo "# $_h ${_desc}" break ;; esac done echo "# (default: \"$_defval\")" done echo "" ;; *) rc_usage $_keywords ;; esac return $_return done echo 1>&2 "$0: unknown directive '$rc_arg'." rc_usage $_keywords # not reached } # # Helper functions for run_rc_command: common code. # They use such global variables besides the exported rc_* ones: # # name R/W # ------------------ # _precmd R # _postcmd R # _return W # _run_rc_precmd() { check_required_before "$rc_arg" || return 1 if [ -n "$_precmd" ]; then debug "run_rc_command: ${rc_arg}_precmd: $_precmd $rc_extra_args" eval "$_precmd $rc_extra_args" _return=$? # If precmd failed and force isn't set, request exit. if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then return 1 fi fi check_required_after "$rc_arg" || return 1 return 0 } _run_rc_postcmd() { if [ -n "$_postcmd" ]; then debug "run_rc_command: ${rc_arg}_postcmd: $_postcmd $rc_extra_args" eval "$_postcmd $rc_extra_args" _return=$? fi return 0 } _run_rc_doit() { debug "run_rc_command: doit: $*" eval "$@" _return=$? # If command failed and force isn't set, request exit. if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then return 1 fi return 0 } _run_rc_notrunning() { local _pidmsg if [ -n "$pidfile" ]; then _pidmsg=" (check $pidfile)." else _pidmsg= fi echo 1>&2 "${name} not running?${_pidmsg}" } _run_rc_killcmd() { local _cmd _cmd="kill -$1 $rc_pid" if [ -n "$_user" ]; then _cmd="su -m ${_user} -c 'sh -c \"${_cmd}\"'" fi echo "$_cmd" } # # run_rc_script file arg # Start the script `file' with `arg', and correctly handle the # return value from the script. # If `file' ends with `.sh', it's sourced into the current environment # when $rc_fast_and_loose is set, otherwise it is run as a child process. # If `file' appears to be a backup or scratch file, ignore it. # Otherwise if it is executable run as a child process. # run_rc_script() { _file=$1 _arg=$2 if [ -z "$_file" -o -z "$_arg" ]; then err 3 'USAGE: run_rc_script file arg' fi unset name command command_args command_interpreter \ extra_commands pidfile procname \ rcvar rcvars_obsolete required_dirs required_files \ required_vars eval unset ${_arg}_cmd ${_arg}_precmd ${_arg}_postcmd case "$_file" in /etc/rc.d/*.sh) # no longer allowed in the base warn "Ignoring old-style startup script $_file" ;; *[~#]|*.OLD|*.bak|*.orig|*,v) # scratch file; skip warn "Ignoring scratch file $_file" ;; *) # run in subshell if [ -x $_file ]; then if [ -n "$rc_fast_and_loose" ]; then set $_arg; . $_file else ( trap "echo Script $_file interrupted >&2 ; kill -QUIT $$" 3 trap "echo Script $_file interrupted >&2 ; exit 1" 2 trap "echo Script $_file running >&2" 29 set $_arg; . $_file ) fi fi ;; esac } # # load_rc_config name # Source in the configuration file for a given name. # load_rc_config() { local _name _rcvar_val _var _defval _v _msg _new _name=$1 if [ -z "$_name" ]; then err 3 'USAGE: load_rc_config name' fi if ${_rc_conf_loaded:-false}; then : else if [ -r /etc/defaults/rc.conf ]; then debug "Sourcing /etc/defaults/rc.conf" . /etc/defaults/rc.conf source_rc_confs elif [ -r /etc/rc.conf ]; then debug "Sourcing /etc/rc.conf (/etc/defaults/rc.conf doesn't exist)." . /etc/rc.conf fi _rc_conf_loaded=true fi if [ -f /etc/rc.conf.d/"$_name" ]; then debug "Sourcing /etc/rc.conf.d/${_name}" . /etc/rc.conf.d/"$_name" fi # Set defaults if defined. for _var in $rcvar; do eval _defval=\$${_var}_defval if [ -n "$_defval" ]; then eval : \${$_var:=\$${_var}_defval} fi done # check obsolete rc.conf variables for _var in $rcvars_obsolete; do eval _v=\$$_var eval _msg=\$${_var}_obsolete_msg eval _new=\$${_var}_newvar case $_v in "") ;; *) if [ -z "$_new" ]; then _msg="Ignored." else eval $_new=\"\$$_var\" if [ -z "$_msg" ]; then _msg="Use \$$_new instead." fi fi warn "\$$_var is obsolete. $_msg" ;; esac done } # # load_rc_config_var name var # Read the rc.conf(5) var for name and set in the # current shell, using load_rc_config in a subshell to prevent # unwanted side effects from other variable assignments. # load_rc_config_var() { if [ $# -ne 2 ]; then err 3 'USAGE: load_rc_config_var name var' fi eval $(eval '( load_rc_config '$1' >/dev/null; if [ -n "${'$2'}" -o "${'$2'-UNSET}" != "UNSET" ]; then echo '$2'=\'\''${'$2'}\'\''; fi )' ) } # # rc_usage commands # Print a usage string for $0, with `commands' being a list of # valid commands. # rc_usage() { echo -n 1>&2 "Usage: $0 [fast|force|one|quiet](" _sep= for _elem; do echo -n 1>&2 "$_sep$_elem" _sep="|" done echo 1>&2 ")" exit 1 } # # err exitval message # Display message to stderr and log to the syslog, and exit with exitval. # err() { exitval=$1 shift if [ -x /usr/bin/logger ]; then logger "$0: ERROR: $*" fi echo 1>&2 "$0: ERROR: $*" exit $exitval } # # warn message # Display message to stderr and log to the syslog. # warn() { if [ -x /usr/bin/logger ]; then logger "$0: WARNING: $*" fi echo 1>&2 "$0: WARNING: $*" } # # info message # Display informational message to stdout and log to syslog. # info() { case ${rc_info} in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) if [ -x /usr/bin/logger ]; then logger "$0: INFO: $*" fi echo "$0: INFO: $*" ;; esac } # # debug message # If debugging is enabled in rc.conf output message to stderr. # BEWARE that you don't call any subroutine that itself calls this # function. # debug() { case ${rc_debug} in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) if [ -x /usr/bin/logger ]; then logger "$0: DEBUG: $*" fi echo 1>&2 "$0: DEBUG: $*" ;; esac } # # backup_file action file cur backup # Make a backup copy of `file' into `cur', and save the previous # version of `cur' as `backup' or use rcs for archiving. # # This routine checks the value of the backup_uses_rcs variable, # which can be either YES or NO. # # The `action' keyword can be one of the following: # # add `file' is now being backed up (and is possibly # being reentered into the backups system). `cur' # is created and RCS files, if necessary, are # created as well. # # update `file' has changed and needs to be backed up. # If `cur' exists, it is copied to to `back' or # checked into RCS (if the repository file is old), # and then `file' is copied to `cur'. Another RCS # check in done here if RCS is being used. # # remove `file' is no longer being tracked by the backups # system. If RCS is not being used, `cur' is moved # to `back', otherwise an empty file is checked in, # and then `cur' is removed. # # backup_file() { _action=$1 _file=$2 _cur=$3 _back=$4 if checkyesno backup_uses_rcs; then _msg0="backup archive" _msg1="update" # ensure that history file is not locked if [ -f $_cur,v ]; then rcs -q -u -U -M $_cur fi # ensure after switching to rcs that the # current backup is not lost if [ -f $_cur ]; then # no archive, or current newer than archive if [ ! -f $_cur,v -o $_cur -nt $_cur,v ]; then ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur rcs -q -kb -U $_cur co -q -f -u $_cur fi fi case $_action in add|update) cp -p $_file $_cur ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur rcs -q -kb -U $_cur co -q -f -u $_cur chown root:wheel $_cur $_cur,v ;; remove) cp /dev/null $_cur ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur rcs -q -kb -U $_cur chown root:wheel $_cur $_cur,v rm $_cur ;; esac else case $_action in add|update) if [ -f $_cur ]; then cp -p $_cur $_back fi cp -p $_file $_cur chown root:wheel $_cur ;; remove) mv -f $_cur $_back ;; esac fi } # make_symlink src link # Make a symbolic link 'link' to src from basedir. If the # directory in which link is to be created does not exist # a warning will be displayed and an error will be returned. # Returns 0 on success, 1 otherwise. # make_symlink() { local src link linkdir _me src="$1" link="$2" linkdir="`dirname $link`" _me="make_symlink()" if [ -z "$src" -o -z "$link" ]; then warn "$_me: requires two arguments." return 1 fi if [ ! -d "$linkdir" ]; then warn "$_me: the directory $linkdir does not exist." return 1 fi if ! ln -sf $src $link; then warn "$_me: unable to make a symbolic link from $link to $src" return 1 fi return 0 } # devfs_rulesets_from_file file # Reads a set of devfs commands from file, and creates # the specified rulesets with their rules. Returns non-zero # if there was an error. # devfs_rulesets_from_file() { local file _err _me file="$1" _me="devfs_rulesets_from_file" _err=0 if [ -z "$file" ]; then warn "$_me: you must specify a file" return 1 fi if [ ! -e "$file" ]; then debug "$_me: no such file ($file)" return 0 fi debug "reading rulesets from file ($file)" { while read line do case $line in \#*) continue ;; \[*\]*) rulenum=`expr "$line" : "\[.*=\([0-9]*\)\]"` if [ -z "$rulenum" ]; then warn "$_me: cannot extract rule number ($line)" _err=1 break fi rulename=`expr "$line" : "\[\(.*\)=[0-9]*\]"` if [ -z "$rulename" ]; then warn "$_me: cannot extract rule name ($line)" _err=1 break; fi eval $rulename=\$rulenum debug "found ruleset: $rulename=$rulenum" if ! /sbin/devfs rule -s $rulenum delset; then _err=1 break fi ;; *) rulecmd="${line%%"\#*"}" # evaluate the command incase it includes # other rules if [ -n "$rulecmd" ]; then debug "adding rule ($rulecmd)" if ! eval /sbin/devfs rule -s $rulenum $rulecmd then _err=1 break fi fi ;; esac if [ $_err -ne 0 ]; then debug "error in $_me" break fi done } < $file return $_err } # devfs_init_rulesets # Initializes rulesets from configuration files. Returns # non-zero if there was an error. # devfs_init_rulesets() { local file _me _me="devfs_init_rulesets" # Go through this only once if [ -n "$devfs_rulesets_init" ]; then debug "$_me: devfs rulesets already initialized" return fi for file in $devfs_rulesets; do if ! devfs_rulesets_from_file $file; then warn "$_me: could not read rules from $file" return 1 fi done devfs_rulesets_init=1 debug "$_me: devfs rulesets initialized" return 0 } # devfs_set_ruleset ruleset [dir] # Sets the default ruleset of dir to ruleset. The ruleset argument # must be a ruleset name as specified in devfs.rules(5) file. # Returns non-zero if it could not set it successfully. # devfs_set_ruleset() { local devdir rs _me [ -n "$1" ] && eval rs=\$$1 || rs= [ -n "$2" ] && devdir="-m "$2"" || devdir= _me="devfs_set_ruleset" if [ -z "$rs" ]; then warn "$_me: you must specify a ruleset number" return 1 fi debug "$_me: setting ruleset ($rs) on mount-point (${devdir#-m })" if ! /sbin/devfs $devdir ruleset $rs; then warn "$_me: unable to set ruleset $rs to ${devdir#-m }" return 1 fi return 0 } # devfs_apply_ruleset ruleset [dir] # Apply ruleset number $ruleset to the devfs mountpoint $dir. # The ruleset argument must be a ruleset name as specified # in a devfs.rules(5) file. Returns 0 on success or non-zero # if it could not apply the ruleset. # devfs_apply_ruleset() { local devdir rs _me [ -n "$1" ] && eval rs=\$$1 || rs= [ -n "$2" ] && devdir="-m "$2"" || devdir= _me="devfs_apply_ruleset" if [ -z "$rs" ]; then warn "$_me: you must specify a ruleset" return 1 fi debug "$_me: applying ruleset ($rs) to mount-point (${devdir#-m })" if ! /sbin/devfs $devdir rule -s $rs applyset; then warn "$_me: unable to apply ruleset $rs to ${devdir#-m }" return 1 fi return 0 } # devfs_domount dir [ruleset] # Mount devfs on dir. If ruleset is specified it is set # on the mount-point. It must also be a ruleset name as specified # in a devfs.rules(5) file. Returns 0 on success. # devfs_domount() { local devdir rs _me devdir="$1" [ -n "$2" ] && rs=$2 || rs= _me="devfs_domount()" if [ -z "$devdir" ]; then warn "$_me: you must specify a mount-point" return 1 fi debug "$_me: mount-point is ($devdir), ruleset is ($rs)" if ! mount -t devfs dev "$devdir"; then warn "$_me: Unable to mount devfs on $devdir" return 1 fi if [ -n "$rs" ]; then devfs_init_rulesets devfs_set_ruleset $rs $devdir devfs -m $devdir rule applyset fi return 0 } # devfs_mount_jail dir [ruleset] # Mounts a devfs file system appropriate for jails # on the directory dir. If ruleset is specified, the ruleset # it names will be used instead. If present, ruleset must # be the name of a ruleset as defined in a devfs.rules(5) file. # This function returns non-zero if an error occurs. # devfs_mount_jail() { local jdev rs _me jdev="$1" [ -n "$2" ] && rs=$2 || rs="devfsrules_jail" _me="devfs_mount_jail" devfs_init_rulesets if ! devfs_domount "$jdev" $rs; then warn "$_me: devfs was not mounted on $jdev" return 1 fi return 0 } # Provide a function for normalizing the mounting of memory # filesystems. This should allow the rest of the code here to remain # as close as possible between 5-current and 4-stable. # $1 = size # $2 = mount point # $3 = (optional) extra mdmfs flags mount_md() { if [ -n "$3" ]; then flags="$3" fi /sbin/mdmfs $flags -s $1 md $2 } # Code common to scripts that need to load a kernel module # if it isn't in the kernel yet. Syntax: # load_kld [-e regex] [-m module] file # where -e or -m chooses the way to check if the module # is already loaded: # regex is egrep'd in the output from `kldstat -v', # module is passed to `kldstat -m'. # The default way is as though `-m file' were specified. load_kld() { local _loaded _mod _opt _re while getopts "e:m:" _opt; do case "$_opt" in e) _re="$OPTARG" ;; m) _mod="$OPTARG" ;; *) err 3 'USAGE: load_kld [-e regex] [-m module] file' ;; esac done shift $(($OPTIND - 1)) if [ $# -ne 1 ]; then err 3 'USAGE: load_kld [-e regex] [-m module] file' fi _mod=${_mod:-$1} _loaded=false if [ -n "$_re" ]; then if kldstat -v | egrep -q -e "$_re"; then _loaded=true fi else if kldstat -q -m "$_mod"; then _loaded=true fi fi if ! $_loaded; then if ! kldload "$1"; then warn "Unable to load kernel module $1" return 1 else info "$1 kernel module loaded." fi else debug "load_kld: $1 kernel module already loaded." fi return 0 } # ltr str src dst # Change every $src in $str to $dst. # Useful when /usr is not yet mounted and we cannot use tr(1), sed(1) nor # awk(1). ltr() { local _str _src _dst _out _com _str=$1 _src=$2 _dst=$3 _out="" IFS=${_src} for _com in ${_str}; do if [ -z "${_out}" ]; then _out="${_com}" else _out="${_out}${_dst}${_com}" fi done echo "${_out}" } # Creates a list of providers for GELI encryption. geli_make_list() { local devices devices2 local provider mountpoint type options rest # Create list of GELI providers from fstab. while read provider mountpoint type options rest ; do case ":${options}" in :*noauto*) noauto=yes ;; *) noauto=no ;; esac case ":${provider}" in :#*) continue ;; *.eli) # Skip swap devices. if [ "${type}" = "swap" -o "${options}" = "sw" -o "${noauto}" = "yes" ]; then continue fi devices="${devices} ${provider}" ;; esac done < /etc/fstab # Append providers from geli_devices. devices="${devices} ${geli_devices}" for provider in ${devices}; do provider=${provider%.eli} provider=${provider#/dev/} devices2="${devices2} ${provider}" done echo ${devices2} } # Find scripts in local_startup directories that use the old syntax # -find_local_scripts_old () { +find_local_scripts_old() { zlist='' slist='' for dir in ${local_startup}; do if [ -d "${dir}" ]; then for file in ${dir}/[0-9]*.sh; do grep '^# PROVIDE:' $file >/dev/null 2>&1 && continue zlist="$zlist $file" done for file in ${dir}/[!0-9]*.sh; do grep '^# PROVIDE:' $file >/dev/null 2>&1 && continue slist="$slist $file" done fi done } -find_local_scripts_new () { +find_local_scripts_new() { local_rc='' for dir in ${local_startup}; do if [ -d "${dir}" ]; then for file in `grep -l '^# PROVIDE:' ${dir}/* 2>/dev/null`; do case "$file" in *.sample) ;; *) if [ -x "$file" ]; then local_rc="${local_rc} ${file}" fi ;; esac done fi done } # check_required_{before|after} command # Check for things required by the command before and after its precmd, # respectively. The two separate functions are needed because some # conditions should prevent precmd from being run while other things # depend on precmd having already been run. # check_required_before() { local _f case "$1" in start) for _f in $required_vars; do if ! checkyesno $_f; then warn "\$${_f} is not enabled." if [ -z "$rc_force" ]; then return 1 fi fi done for _f in $required_dirs; do if [ ! -d "${_f}/." ]; then warn "${_f} is not a directory." if [ -z "$rc_force" ]; then return 1 fi fi done for _f in $required_files; do if [ ! -r "${_f}" ]; then warn "${_f} is not readable." if [ -z "$rc_force" ]; then return 1 fi fi done ;; esac return 0 } check_required_after() { local _f _args case "$1" in start) for _f in $required_modules; do case "${_f}" in *~*) _args="-e ${_f#*~} ${_f%%~*}" ;; *:*) _args="-m ${_f#*:} ${_f%%:*}" ;; *) _args="${_f}" ;; esac if ! load_kld ${_args}; then if [ -z "$rc_force" ]; then return 1 fi fi done ;; esac return 0 } # check_kern_features mib # Return existence of kern.features.* sysctl MIB as true or # false. The result will be cached in $_rc_cache_kern_features_ # namespace. "0" means the kern.features.X exists. check_kern_features() { local _v [ -n "$1" ] || return 1; eval _v=\$_rc_cache_kern_features_$1 [ -n "$_v" ] && return "$_v"; if ${SYSCTL_N} kern.features.$1 > /dev/null 2>&1; then eval _rc_cache_kern_features_$1=0 return 0 else eval _rc_cache_kern_features_$1=1 return 1 fi } # _echoonce var msg mode # mode=0: Echo $msg if ${$var} is empty. # After doing echo, a string is set to ${$var}. # # mode=1: Echo $msg if ${$var} is a string with non-zero length. # _echoonce() { local _var _msg _mode eval _var=\$$1 _msg=$2 _mode=$3 case $_mode in 1) [ -n "$_var" ] && echo "$_msg" ;; *) [ -z "$_var" ] && echo -n "$_msg" && eval "$1=finished" ;; esac } fi # [ -z "${_rc_subr_loaded}" ] _rc_subr_loaded=: