From owner-freebsd-arch@FreeBSD.ORG Sun Dec 1 12:34:46 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4D23463C; Sun, 1 Dec 2013 12:34:46 +0000 (UTC) Received: from mx1.stack.nl (relay04.stack.nl [IPv6:2001:610:1108:5010::107]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 031321231; Sun, 1 Dec 2013 12:34:46 +0000 (UTC) Received: from turtle.stack.nl (turtle.stack.nl [IPv6:2001:610:1108:5010::132]) by mx1.stack.nl (Postfix) with ESMTP id 44A0FB80CF; Sun, 1 Dec 2013 13:34:43 +0100 (CET) Received: by turtle.stack.nl (Postfix, from userid 1677) id 31371CB4E; Sun, 1 Dec 2013 13:34:43 +0100 (CET) Date: Sun, 1 Dec 2013 13:34:43 +0100 From: Jilles Tjoelker To: Nathan Whitehorn Subject: Re: [CFT] bsdinstall and zfsboot enhancements Message-ID: <20131201123442.GA6818@stack.nl> References: <5275C597.6070702@freebsd.org> <97944047-D575-4E2E-B687-9871DFE058E3@fisglobal.com> <52769CFE.5080707@freebsd.org> <5281340E.8080009@callfortesting.org> <52813E53.20403@freebsd.org> <5281441E.7060806@freebsd.org> <529A6862.7060308@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <529A6862.7060308@freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: "Teske, Devin" , Current Current , "freebsd-arch@freebsd.org" , Devin Teske , Peter Grehan , Michael Dexter X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Dec 2013 12:34:46 -0000 On Sat, Nov 30, 2013 at 04:36:18PM -0600, Nathan Whitehorn wrote: > This took much longer than I'd anticipated, but the patch to init is > attached. I chose not to make the changes to init rather than > getttyent() and friends in libc, which I am open to revisiting. lib/libpam/modules/pam_securetty/pam_securetty.c calls getttynam(3) and will not allow root login on a "fake" TTY that getttynam() does not know. This module is enabled by default for the "login" service. So it is probably better to patch libc rather than init. > The behavior changes are as follows: > If the "console" device in /etc/ttys in marked "on", instead of opening > /dev/console, init will loop through the active kernel console devices, > and for each will: > 1. If the kernel console device is in /etc/ttys and marked "on", it > already has a terminal and will be ignored. > 2. If marked "off", that is an explicit statement that a console is not > wanted and so it will be ignored. > 3. If not present in /etc/ttys, init will run getty with whatever > parameters "console" has. This seems to make sense. > (3) is the main behavioral change. No changes in behavior will occur if > /etc/ttys is not modified. If we turn on "console" by default, it will > usually have no effect instead of trying to run multiple gettys, which > is new. If we then also comment out the ttyu0 line, instead of marking > it "off", the result will be the conditional presence of a login prompt > on the first serial port depending on whether it is an active console > device for the kernel. I believe this is the behavior we are going for. The terminal type for the console entry should probably be changed to something other than "unknown" to reduce annoyance. > Comments and test results would be appreciated. As a preparatory patch, you could remove se_index and session_index from init. They are only used to warn about a changed slot number in utmp(5) which is irrelevant with utmpx. This noise warning would also appear in most cases when changing from a "fake" console entry to a real line in /etc/ttys. Also, if you do decide to fake ttys entries in init rather than libc, the patch to init will be simpler. -- Jilles Tjoelker