| #
ffbaa453 |
| 08-May-2024 |
Mark Johnston <markj@FreeBSD.org> |
bsdinstall: Stop loading cryptodev for ZFS installations
- zfs depends on the crypto module, not cryptodev, and most arm64 kernel
configs include std.dev, which includes "device crypto" anyway.
-
bsdinstall: Stop loading cryptodev for ZFS installations
- zfs depends on the crypto module, not cryptodev, and most arm64 kernel
configs include std.dev, which includes "device crypto" anyway.
- This config works around a problem with kldxref lacking cross-target
support, but that has since been fixed.
- Loading cryptodev creates /dev/crypto, which gives unprivileged users
access to the kernel's opencrypto framework. Very few applications
need it, so we're needlessly increasing the kernel's surface area.
Thus, stop auto-loading cryptodev.
Reviewed by: kevans, allanjude, des
Differential Revision: https://reviews.freebsd.org/D45127
show more ...
|
|
Revision tags: release/13.3.0, release/14.0.0 |
|
| #
d0b2dbfa |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0, release/13.0.0, release/12.2.0 |
|
| #
9ed05409 |
| 17-Sep-2020 |
Kyle Evans <kevans@FreeBSD.org> |
Revert r361257: bsdinstall: do a `certctl rehash` upon installation [...]
As of r365829, any given base distribution set will now include the /etc/ssl
symlinks that this rehash would've otherwise in
Revert r361257: bsdinstall: do a `certctl rehash` upon installation [...]
As of r365829, any given base distribution set will now include the /etc/ssl
symlinks that this rehash would've otherwise installed. This extra step is
no longer required.
MFC after: 1 week
X-MFC-With: r365837
show more ...
|
| #
e2515283 |
| 27-Aug-2020 |
Glen Barber <gjb@FreeBSD.org> |
MFH
Sponsored by: Rubicon Communications, LLC (netgate.com)
|
| #
60403b98 |
| 25-Aug-2020 |
Ryan Moeller <freqlabs@FreeBSD.org> |
bsdinstall: Update loader.conf for new OpenZFS deps
zfs.ko now includes the SPL but relies on cryptodev instead.
Reported by: D Scott Phillips
Sponsored by: iXsystems, Inc.
|
|
Revision tags: release/11.4.0 |
|
| #
1840a4fa |
| 19-May-2020 |
Kyle Evans <kevans@FreeBSD.org> |
bsdinstall: do a `certctl rehash` upon installation of configuration
If certctl is installed on the system we're configuring, do a certctl
rehash.
Note that certctl may not be present if the world
bsdinstall: do a `certctl rehash` upon installation of configuration
If certctl is installed on the system we're configuring, do a certctl
rehash.
Note that certctl may not be present if the world we've installed was built
either WITHOUT_OPENSSL or WITHOUT_CAROOT. In this scenario, we don't
currently see if the host has a certctl as this may be an indication that
the system *shouldn't* have certs installed into /etc/ssl.
Reviewed by: allanjude, dteske
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D24640
show more ...
|
|
Revision tags: release/12.1.0 |
|
| #
8b3bc70a |
| 08-Oct-2019 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r352764 through r353315.
|
| #
e7a71e6d |
| 02-Oct-2019 |
Glen Barber <gjb@FreeBSD.org> |
Add a comment explaining why the opensolaris_load line in loader.conf
is explicitly added.
Requested by: rgrimes
MFC after: 3 days
MFC with: r353004
Sponsored by: Rubicon Communications, LLC (Netgat
Add a comment explaining why the opensolaris_load line in loader.conf
is explicitly added.
Requested by: rgrimes
MFC after: 3 days
MFC with: r353004
Sponsored by: Rubicon Communications, LLC (Netgate)
show more ...
|
| #
8cdae52e |
| 02-Oct-2019 |
Glen Barber <gjb@FreeBSD.org> |
Explicitly add opensolaris_load="YES" to loader.conf through the
installer when installing the system on a ZFS root filesystem.
For arm64, zfs_load="YES" does not add opensolaris.ko as a kld
depende
Explicitly add opensolaris_load="YES" to loader.conf through the
installer when installing the system on a ZFS root filesystem.
For arm64, zfs_load="YES" does not add opensolaris.ko as a kld
dependency, so add it explicitly to prevent boot-time failures
out-of-box.
PR: 240478
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC (Netgate)
show more ...
|
|
Revision tags: release/11.3.0, release/12.0.0 |
|
| #
01d4e214 |
| 05-Oct-2018 |
Glen Barber <gjb@FreeBSD.org> |
MFH r338661 through r339200.
Sponsored by: The FreeBSD Foundation
|
| #
ce44d808 |
| 27-Sep-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r338731 through r338987.
|
| #
33a5ef35 |
| 20-Sep-2018 |
Mark Johnston <markj@FreeBSD.org> |
Fix variable name typo in the bsdinstall ttys hardening code.
Submitted by: Jörg Pernfuß <code.jpe@gmail.com>
Reviewed by: allanjude, dab, emaste
Approved by: re (gjb)
Differential Revision: https:/
Fix variable name typo in the bsdinstall ttys hardening code.
Submitted by: Jörg Pernfuß <code.jpe@gmail.com>
Reviewed by: allanjude, dab, emaste
Approved by: re (gjb)
Differential Revision: https://reviews.freebsd.org/D12476
show more ...
|
|
Revision tags: release/11.2.0, release/10.4.0 |
|
| #
8fcbcc2d |
| 16-Sep-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r323635
|
| #
b754c279 |
| 13-Sep-2017 |
Navdeep Parhar <np@FreeBSD.org> |
MFH @ r323558.
|
| #
c12530ca |
| 11-Sep-2017 |
Ed Maste <emaste@FreeBSD.org> |
Ignore error return from newaliases(1)
This was originally added as "exit $SUCCESS" but with nothing to set the
SUCCESS variable. Thus it became an exit with no argument, which just
exits with the s
Ignore error return from newaliases(1)
This was originally added as "exit $SUCCESS" but with nothing to set the
SUCCESS variable. Thus it became an exit with no argument, which just
exits with the status of the preceding command.
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
show more ...
|
| #
531c2d7a |
| 24-Jul-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r320180
|
| #
bca9d05f |
| 23-Jul-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r319973 through 321382.
|
|
Revision tags: release/11.1.0 |
|
| #
d2043ca3 |
| 14-Jul-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r320573 through r320970.
|
| #
82ec242f |
| 05-Jul-2017 |
Bartek Rutkowski <robak@FreeBSD.org> |
Add option to bsdinstall to disable insecure console, update stack guard option
This patch adds new bsdinstall option to hardening section that allows users
to change this behaviour to secure one an
Add option to bsdinstall to disable insecure console, update stack guard option
This patch adds new bsdinstall option to hardening section that allows users
to change this behaviour to secure one and updates stack guard option so it
would set the value of relevant sysctl to 512 (2MB)
Submitted by: Bartek Rutkowski
Reviewed by: adrian, bapt, emaste
Approved by: bapt, emaste
MFC after: 1 day
Sponsored by: Pixeware LTD
Differential Revision: https://reviews.freebsd.org/D9700
show more ...
|
| #
a3604b95 |
| 27-Jun-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r320042 through r320397.
|
| #
98b9d384 |
| 20-Jun-2017 |
Steven Hartland <smh@FreeBSD.org> |
Fixed bsdinstall location of vfs.zfs.min_auto_ashift
vfs.zfs.min_auto_ashift is a sysctl only not a tunable so updated bsdinstall
to use the correct location /etc/sysctl.conf instead of /boot/loader
Fixed bsdinstall location of vfs.zfs.min_auto_ashift
vfs.zfs.min_auto_ashift is a sysctl only not a tunable so updated bsdinstall
to use the correct location /etc/sysctl.conf instead of /boot/loader.conf
Reported by: Aaron Caza
Reviewed by: allanjude
MFC after: 2 days
Sponsored by: Multiplay
Differential Revision: https://reviews.freebsd.org/D11278
show more ...
|
|
Revision tags: release/11.0.1, release/11.0.0 |
|
| #
0e3f233f |
| 15-Jul-2016 |
Bartek Rutkowski <robak@FreeBSD.org> |
Add new System Hardening menu and options to bsdinstall.
This patch add new 'hardening' file responsible for new bsdinstall
'System Hardening' menu allowing users to set some sane and carefully
pick
Add new System Hardening menu and options to bsdinstall.
This patch add new 'hardening' file responsible for new bsdinstall
'System Hardening' menu allowing users to set some sane and carefully
picked system security options (like random process id's, hiding
other users/groups processes and others).
All options are OFF by default in this patch due to POLA principle
with intention to turn change some of them to ON by default in future.
Reviewed by: adrian, allanjude, bdrewery, nwhitehorn
Approved by: adrian, allanjude
MFC after: 7 days
show more ...
|
|
Revision tags: release/10.3.0 |
|
| #
11d38a57 |
| 28-Oct-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Merge from head
Sponsored by: Gandi.net
|
| #
becbad1f |
| 13-Oct-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Merge from head
|
| #
0f405ee7 |
| 28-Sep-2015 |
Navdeep Parhar <np@FreeBSD.org> |
Sync up with head (up to r288341).
|