From owner-freebsd-rc@FreeBSD.ORG Mon Nov 3 11:06:59 2008 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0450D1065679 for ; Mon, 3 Nov 2008 11:06:59 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id DCE328FC16 for ; Mon, 3 Nov 2008 11:06:58 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mA3B6wM4011026 for ; Mon, 3 Nov 2008 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mA3B6wCv011020 for freebsd-rc@FreeBSD.org; Mon, 3 Nov 2008 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 3 Nov 2008 11:06:58 GMT Message-Id: <200811031106.mA3B6wCv011020@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-rc@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-rc@FreeBSD.org X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2008 11:06:59 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/128299 rc [patch] /etc/rc.d/geli does not mount partitions using o conf/127917 rc [patch] dumpon rejects on start with physmem>swap even o bin/126562 rc rcorder(8) fails to run unrelated startup scripts when f conf/126392 rc rc.conf ifconfig_xx keywords cannot be escaped o bin/126324 rc [patch] rc.d/tmp: Prevent mounting /tmp in second tim o conf/124747 rc [patch] savecore can't create dump from encrypted swap o conf/124248 rc [patch] add support for nice value for rc.d/jail + rc. o conf/123734 rc [patch] Chipset VIA CX700 requires extra initializatio o conf/123222 rc [patch] Add rtprio(1)/idprio(1) support to rc.subr(8). o conf/122477 rc [patch] /etc/rc.d/mdconfig and mdconfig2 are ignoring o conf/122170 rc [patch] [request] New feature: notify admin via page o o conf/122036 rc [rc.d]: Mounting at boot with ZFS causes a halt in boo o kern/121566 rc [nfs] [request] [patch] ethernet iface should be broug o conf/120431 rc [patch] devfs.rules are not initialized under certain o conf/120406 rc [devd] [patch] Handle newly attached pcm devices (eg. o conf/120228 rc [zfs] [patch] Split ZFS volume startup / ease ZFS swap o conf/120194 rc [patch] UFS volumes on ZVOLs cannot be fsck'd at boot o conf/119874 rc [patch] "/etc/rc.d/pf reload" fails if there are macro o conf/119076 rc [patch] [rc] /etc/rc.d/netif tries to remove alias add o bin/118325 rc [patch] [request] new periodic script to test statuses o conf/118255 rc savecore never finding kernel core dumps (rcorder prob o conf/117935 rc [patch] ppp fails to start at boot because of missing o conf/114119 rc [jail] [patch] [request] /etc/rc.d/jail improvements f o conf/113915 rc [patch] ndis wireless driver fails to associate when i o conf/109980 rc /etc/rc.d/netif restart doesn't destroy cloned_interfa o conf/109562 rc [rc.d] [patch] [request] Make rc.d/devfs usable from c o conf/106009 rc [ppp] [patch] [request] Fix pppoed startup script to p o conf/105689 rc [ppp] [request] syslogd starts too late at boot o conf/105568 rc [patch] [request] Add more flexibility to rc.conf, to o conf/105145 rc [ppp] [patch] [request] add redial function to rc.d/pp o conf/104549 rc [patch] rc.d/nfsd needs special _find_processes functi o conf/103489 rc [rc.d] [jail] [patch] named_chroot_autoupdate doesn't o conf/103486 rc [rc.d] [jail] [patch] rc.d/jail: mount fstab after dev o conf/102700 rc [geli] [patch] Add encrypted /tmp support to GELI/GBDE o conf/99721 rc [patch] /etc/rc.initdiskless problem copy dotfile in s o conf/99444 rc [patch] Enhancement: rc.subr could easily support star o conf/98846 rc [jail] [patch] Templatize 'jail_rootdir' in /etc/rc.d/ o conf/98758 rc [jail] [patch] Templatize 'jail_fstab' in /etc/rc.d/ja o conf/96343 rc [patch] rc.d order change to start inet6 before pf o conf/93815 rc [patch] Adds in the ability to save ipfw rules to rc.d o conf/92523 rc [patch] allow rc scripts to kill process after a timeo o conf/89870 rc [patch] [request] make netif verbose rc.conf toggle o conf/89061 rc [patch] IPv6 6to4 auto-configuration enhancement o conf/88913 rc [patch] wrapper support for rc.subr o conf/85819 rc [patch] script allowing multiuser mode in spite of fsc o kern/81006 rc ipnat not working with tunnel interfaces on startup o conf/77663 rc Suggestion: add /etc/rc.d/addnetswap after addcritremo o conf/73677 rc [patch] add support for powernow states to power_profi o conf/58939 rc [patch] dumb little hack for /etc/rc.firewall{,6} o conf/56934 rc [patch] rc.firewall rules for natd expect an interface o conf/45226 rc [patch] Fix for rc.network, ppp-user annoyance o conf/44170 rc [patch] Add ability to run multiple pppoed(8) on start 52 problems total. From owner-freebsd-rc@FreeBSD.ORG Mon Nov 3 12:04:35 2008 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0106A106567C for ; Mon, 3 Nov 2008 12:04:35 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id B74C28FC1B for ; Mon, 3 Nov 2008 12:04:34 +0000 (UTC) (envelope-from des@des.no) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id ECF676D43F; Mon, 3 Nov 2008 11:44:56 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id D605884440; Mon, 3 Nov 2008 12:44:56 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Volker Theile References: <48FE48FD.7010607@gmx.de> Date: Mon, 03 Nov 2008 12:44:56 +0100 In-Reply-To: <48FE48FD.7010607@gmx.de> (Volker Theile's message of "Tue, 21 Oct 2008 23:26:21 +0200") Message-ID: <867i7lf2yv.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-rc@freebsd.org Subject: Re: User to run ${command} as, using su(1) does not work for all reasons X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2008 12:04:35 -0000 Volker Theile writes: > i came across the following problem while trying to run > transmission-daemon using user 'transmission'. When i modify the > transmission rc-script to use another user than root for execution i > added: > > transmission_user=3D${transmission_user:-"transmission"} > > Because there is not done a full login the transmission daemon tries > to create its config dir in /root/.config/transmission_daemon which > fails due missing permissions. There's another, bigger issue with _user and _group. A daemon that needs to, say, open a privileged port can't use _user and _group, because it will start as that user / group instead of starting as root and then dropping privileges on its own. This affects named in base and varnishd (and probably others) in ports. There should be a way to tell rc.subr that the daemon will handle _user and _group itself. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-rc@FreeBSD.ORG Thu Nov 6 13:12:29 2008 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C4C541065674; Thu, 6 Nov 2008 13:12:29 +0000 (UTC) (envelope-from gert@kirk.greenie.muc.de) Received: from kirk.greenie.muc.de (kirk.greenie.muc.de [193.149.48.167]) by mx1.freebsd.org (Postfix) with ESMTP id 490D28FC21; Thu, 6 Nov 2008 13:12:28 +0000 (UTC) (envelope-from gert@kirk.greenie.muc.de) Received: from kirk.greenie.muc.de (localhost [127.0.0.1]) by kirk.greenie.muc.de (8.14.1/8.12.11) with ESMTP id mA6CuiSG002143 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 6 Nov 2008 13:56:44 +0100 (CET) Received: (from gert@localhost) by kirk.greenie.muc.de (8.14.1/8.12.10/Submit) id mA6CuiiM025230; Thu, 6 Nov 2008 13:56:44 +0100 (CET) Date: Thu, 6 Nov 2008 13:56:44 +0100 From: Gert Doering To: freebsd-rc@freebsd.org Message-ID: <20081106125643.GG8535@greenie.muc.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-mgetty-docs: http://mgetty.greenie.net/ X-Greylist: Sender is SPF-compliant, not delayed by milter-greylist-4.0 (kirk.greenie.muc.de [127.0.0.1]); Thu, 06 Nov 2008 13:56:45 +0100 (CET) Cc: bz@freebsd.org, gert@space.net Subject: rcorder pf vs. network_ipv6 on 6.3-RELEASE X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2008 13:12:29 -0000 Hi, (bear with me, I'm normally not working on that part of the system, and I'm normally not subscribed to this list - so if I violate any sort of netiquette, I'm sorry for it). I ran into a problem with one of our FreeBSD 6.3-RELEASE machines today, and checking 7.0-RELEASE, the problem is similar over there. The issue I have is that /etc/rc.d/pf is run *before* /etc/rc.d/network_ipv6 (because network_ipv6 demands so). pf: # PROVIDE: pf # REQUIRE: root FILESYSTEMS netif pflog pfsync # BEFORE: routing network_ipv6: # PROVIDE: network_ipv6 # REQUIRE: routing The problem comes up if you have pf(4) IPv6 rules that tack to an interface, as in: pass in on $ext_if proto tcp from any to $ext_if port 443 keep state if that rule is loaded *before* the interface gets configured, pf will not re-sync afterwards, so the firewall rule is ignored. It can be worked around by putting "to ($ext_if)" into the pf(4) rules, but there might be circumstances where this is not desirable ("if the address changes, this is exceptional circumstances and we want to know!"), and the current boot order takes away the decision from the user how to write his pf(4) rules. I tried to change the PROVIDE/REQUIRE/BEFORE statements in "pf" and "network_ipv6" to force execution of network_ipv6 before pf, but failed (rcorder complains about circular dependencies and I can't see why). So I'm handing this problem to you guys - please consider whether this should be changed (execute all IP configuration before all firewall stuff), and if yes, how to do it "right". thanks, gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert@greenie.muc.de fax: +49-89-35655025 gert@net.informatik.tu-muenchen.de