EC2: Don't enable firstboot_pkgs in small flavour
The EC2 "base" flavour installs the devel/py-awscli package at boot
time by default; we don't do this in the "small" flavour, so the
default behaviour was to update the FreeBSD-ports repository and
then do nothing with it.
Turn off firstboot_pkgs by default; if someone is using the "small"
flavour of AMIs and wants to install packages at instance launch
time, they simply need to add 'firstboot_pkgs_enable="YES"' to
/etc/rc.conf (which they must already be editing via user-data, in
order to provide the list of packages they want installed).
Approved by: re (cperciva)
Sponsored by: Amazon
MFC after: 3 days
MFC to: stable/15
Relnotes: EC2 "small" images now have firstboot_pkgs_enable="NO".
[2 lines not shown]
ipfw: fix checksum after NAT
When checksum offloading is used, IPFW needs to fix the checksum
after libalias has done NAT. The ipfw_nat() function does so, but
only for mbufs without a receiving interface. However, if, for example,
the packet was sent inside a jail that used checksum offloading over
an epair, ipfw still needs to fix the checksum even though the mbuf
has set a receiving interface (epair).
This patch just removes the check whether a receiving interface is set.
Approved by: re (cperciva)
PR: 295057
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D57091
(cherry picked from commit 81b47a7c604f1d563283759572fa7a1f9d4dc56f)
(cherry picked from commit 198379d2c29fae7300b650a96199e51a66b87364)
mac_do.4: Jail parameter takes 'new', not 'enable'; uid_t/gid_t are 32-bit
Approved by: re (cperciva)
MFC after: 1 minute
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 21df76d01fce35b0398cf38c31928c6f47111d55)
linuxulator: fix SO_PEERCRED emulation after 1d24638d3e8
For Linux binaries, sopt->sopt_td may be null. And there's also no
need to check it, since struct l_ucred has the same layout on 32-bit
systems as on 64-bit ones.
Approved by: re (cperciva)
PR: 295333
Reported by: Miguel Gomes <miguel.dias.gomes at protonmail.com>
Fixes: 1d24638d3e8 ("Fix LOCAL_PEERCRED in 32-bit compat mode")
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D57032
(cherry picked from commit 4cee16d471d47f4673e4d2c66f7a96d4e6d86ee9)
(cherry picked from commit 57fb48f8e2fca5f069e9bc3cf080608f602919a9)
fwget: update realtek and intel pci entries
For Realtek we only add new entries.
For Intel the old way of extracting IDs from the driver no longer
works. The new list is shortened as we drop more specific entries
which were already covered by wildcard entries. The new lists are
also sorted within the groups.
There are 4 entries the new driver no longer carries but are still
present in older versions, so we keep them manually.
Approved by: re (cperciva)
Sponsored by: The FreeBSD Foundation
(cherry picked from commit ca67cfa5237f7ac537ca8611054b5af2098e2d86)
(cherry picked from commit 3f702b299aa1d7625ee0e520c827e73e355775c9)
man: iwlwifi/rtw88/rtw89: update man pages for Linux v7.0 based updates
For all:
- harmonize Copyright/license section according to style.9 and used
SPDX only.
- mention that the current generation of the driver is based on
Linux version 7.0.
- make linuxkpi.4 and linuxkpi_wlan.4 .Xr as the man pages do exist
these days.
iwlwifi: update the card/chipset names supported (while we still can)
iwlwififw: leave a comment only that we can no longer update the
man page and it will be removed in the future.
rtw88: update supported chipsets and add note to BUGS sections
rtw89: update supported chipsets and add note to BUGS sections
Approved by: re (cperciva)
Sponsored by: The FreeBSD Foundation
Reviewed by: ziaee
[4 lines not shown]
pf: switch to getmicro(up)time()
It is reported that micro(up)time() performs poorly in certain
virtualisation scenarios. Absolute accuracy isn't required here, so
switch to the slightly less accurate (as per the man page) get-variants.
PR: 295043
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
pf: fix incorrect table decoding in netlink
We used nla_p_table for pfr_table structures, but this netlink decoder
was intended for pfioc_table and decoded an extra field, outside
of pfr_table. This allowed userspace to write (slightly) outside of
pfr_table.
Use a separate nlattr_parser for pfr_table.
PR: 295218
Reported by: Robert Morris <rtm at lcs.mit.edu>
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
BSD.tests.dist: Add the new sys/mac/do directory
Without that, 'make distributeworld' fails ('make buildworld' and 'make
installworld' do not need it).
Fixes: cba191e291c1 ("MAC/do: Add basic tests on setting rules")
MFC after: 1 minute
Sponsored by: The FreeBSD Foundation
(cherry picked from commit ad3d7666e00bb0261dd2b80f5f2d56ceeb84aba7)
BSD.tests.dist: Add the new sys/mac/do directory
Without that, 'make distributeworld' fails ('make buildworld' and 'make
installworld' do not need it).
Fixes: cba191e291c1 ("MAC/do: Add basic tests on setting rules")
MFC after: 1 minute
Sponsored by: The FreeBSD Foundation
vfs_domount(): handle the case when vn_lock_pair() only locked once
Reviewed by: jah, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57035
vn_lock_pair(): handle the case of vp1->v_vnlock == vp2->v_vnlock
It is not enough to check vp1 == vp2 to detect lock recursion, since
vnodes might share the locks. This might happen for e.g. stacked
filesystems (nullfs and other), and for FFS snapshots.
Switch from checking vnode equiality to check v_vnlock equiality, and
recheck the condition after vnode relock since reclamation or otner
parallel operation might change the vnode locks under us.
Return a value (not really an error) indicating the case that vnodes
share the lock, to simplify the unlock in caller.
Reviewed by: jah, markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57035
mac_do.4: Jail parameter takes 'new', not 'enable'; uid_t/gid_t are 32-bit
MFC after: 1 minute
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 21df76d01fce35b0398cf38c31928c6f47111d55)
rc: virtual_oss: Create a loopback device in the default configuration
The loopback device allows us to record desktop sound by reading from
it, or even use it as an input device, for example during a call.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: emaste
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/16
virtual_oss(8): Create loopback devices with GID_AUDIO
Make sure the user is part of the audio group to avoid unintended
snooping of loopback audio by unprivileged users.
While here, retire voss_dsp_perm, since we don't use the same value
everywhere now.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: emaste
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/26
