en Copyright 2015 Java http://kernelsources.org:8080/source/history/freebsd/libexec/rc/rc.d/random#f99f0ee14e3af81c23150a6a340259ca8a33d01a rc.d: add a service jails config to all base system servicesThis gives more permissions to services (e.g. network access toservices which require this) when they are started as an automaticservice jail.The sshd patch is important for the sshd-related functionality asdescribed in the man-page in the service jails part.The location of the added env vars is supposed to allow overriding themin rc.conf, and to hard-disable the use of svcj for some parts where itdoesn't make sense or will not work.Only a subset of all of the services are fully tested (I'm running thissince more than a year with various services started as service jails).The untested parts should be most of the time ok, in some edge-casesmore permissions are needed inside the service jail.Differential Revision: https://reviews.freebsd.org/D40371 List of files: /freebsd/libexec/rc/rc.d/random Wed, 22 May 2024 15:31:47 +0200 Alexander Leidinger <netchild@FreeBSD.org> http://kernelsources.org:8080/source/history/freebsd/libexec/rc/rc.d/random#d0b2dbfa0ecf2bbc9709efc5e20baf8e4b44bbbf Remove $FreeBSD$: one-line sh patternRemove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ List of files: /freebsd/libexec/rc/rc.d/random Wed, 16 Aug 2023 19:55:03 +0200 Warner Losh <imp@FreeBSD.org> http://kernelsources.org:8080/source/history/freebsd/libexec/rc/rc.d/random#3bca93e04275045c3d868d09a57f9201999908f0 rc.d/random: add support for zero harvest_maskReplace the check for zero harvest_mask with new check for empty string.This allows one to specify harvest_mask="0" that disables harverstingentropy from all but "pure" sources. Exact bit values for "pure" sourcesdiffer for stable/12 and later branches, so it is handy to use zero.The check for zero pre-dates introduction of "pure" non-maskable sourcesUse empty string to disable altering sysctl kern.random.harvest.mask.Note that notion of "pure" random sources is not documented in user levelmanual pages yet. Still, it helps to extend battery life for hardwarewith embedded "Intel Secure Key RNG" by disabling all other sources.Note that no defaults changed and default behaviour is not affected.Reported by: Dmitry Luhtionov List of files: /freebsd/libexec/rc/rc.d/random Wed, 26 May 2021 13:30:24 +0200 Eugene Grosbein <eugen@FreeBSD.org> http://kernelsources.org:8080/source/history/freebsd/libexec/rc/rc.d/random#0269ae4c19ad779b43b0d6e2416ac7386945d692 MFHead @348740Sponsored by: The FreeBSD Foundation List of files: /freebsd/libexec/rc/rc.d/random Thu, 06 Jun 2019 18:20:50 +0200 Alan Somers <asomers@FreeBSD.org> http://kernelsources.org:8080/source/history/freebsd/libexec/rc/rc.d/random#26c49788438fc002e2b89695210724b9e5ec706e save-entropy(8), rc.d/random: Set nodump flagTag saved entropy files as "nodump," to signal that the files should not bebacked up by dump(8) or other automated backup software that honors the fileflag.Do not produce an error if the target file resides on a filesystem that doesnot support file flags (e.g., msdos /boot).Reviewed by: delphijSponsored by: Dell EMC IsilonDifferential Revision: https://reviews.freebsd.org/D20358 List of files: /freebsd/libexec/rc/rc.d/random Wed, 22 May 2019 23:47:17 +0200 Conrad Meyer <cem@FreeBSD.org> http://kernelsources.org:8080/source/history/freebsd/libexec/rc/rc.d/random#9a696dc6bb0e8e783dfd169c8299e1f33aac2935 MFHead@r345880 List of files: /freebsd/libexec/rc/rc.d/random Thu, 04 Apr 2019 20:26:32 +0200 Alan Somers <asomers@FreeBSD.org> http://kernelsources.org:8080/source/history/freebsd/libexec/rc/rc.d/random#c849485d9061ee5c7e975ba7cef93f3361a8e7ad random(4): Attempt to persist entropy promptlyThe goal of saving entropy in Fortuna is two-fold: (1) to provide earlyavailability of the random device (unblocking) on next boot; and (2), tohave known, high-quality entropy available for that initial seed. We knowit is high quality because it's output taken from Fortuna.The FS&K paper makes it clear that Fortuna unblocks when enough bits havebeen input that the output //may// be safely seeded. But they emphasizethat the quality of various entropy sources is unknown, and a saved entropyfile is essential for both availability and ensuring initialunpredictability.In FreeBSD we persist entropy using two mechanisms:1. The /etc/rc.d/random shutdown() function, which is used for ordinary shutdowns and reboots; and,2. A cron job that runs every dozen minutes or so to persist new entropy, in case the system suffers from power loss or a crash (bypassing the ordinary shutdown path).Filesystems are free to cache dirty data indefinitely, with arbitrary flushpolicy. Fsync must be used to ensure the data is persisted, especially forthe cron job save-entropy, whose entire goal is power loss and crash safeentropy persistence.Ordinary shutdown may not need the fsync because unmount should flush outthe dirty entropy file shortly afterwards. But it is always possible powerloss or crash occurs during the short window after rc.d/random shutdown runsand before the filesystem is unmounted, so the additional fsync there seemsharmless.PR: 230876Reviewed by: delphij, markj, markmApproved by: secteam (delphij)Differential Revision: https://reviews.freebsd.org/D19742 List of files: /freebsd/libexec/rc/rc.d/random Sun, 31 Mar 2019 06:57:50 +0200 Conrad Meyer <cem@FreeBSD.org> http://kernelsources.org:8080/source/history/freebsd/libexec/rc/rc.d/random#c6879c6c14eedbd060ba588a3129a6c60ebbe783 Merge ^/head r339015 through r339669. List of files: /freebsd/libexec/rc/rc.d/random Tue, 23 Oct 2018 23:09:37 +0200 Dimitry Andric <dim@FreeBSD.org> http://kernelsources.org:8080/source/history/freebsd/libexec/rc/rc.d/random#0696600c41600d80bcd993bfd8e675d0ae6951fe Move the rc framework out of sbin/init into libexec/rc.The reasons for this are forward looking to pkgbase: * /sbin/init is a special binary; try not to replace it with every package update because an rc script was touched. (a follow-up commit will make init its own package) * having rc in its own place will allow more easy replacement of the rc framework with alternatives, such as openrc.Discussed with: brd (during BSDCam), kmooreRequested by: cem, bzPR: 231522Approved by: re (gjb) List of files: /freebsd/libexec/rc/rc.d/random Wed, 17 Oct 2018 18:49:11 +0200 Bjoern A. Zeeb <bz@FreeBSD.org>