From owner-freebsd-arch@FreeBSD.ORG Sat May 31 16:16:55 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2DEC37B401 for ; Sat, 31 May 2003 16:16:55 -0700 (PDT) Received: from ns1.gnf.org (ns1.gnf.org [63.196.132.67]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0521443F75 for ; Sat, 31 May 2003 16:16:55 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from EXCHCLUSTER01.lj.gnf.org (exch01.lj.gnf.org [172.25.10.19]) by ns1.gnf.org (8.12.8p1/8.12.8) with ESMTP id h4VNGqtF085964 for ; Sat, 31 May 2003 16:16:52 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: from roark.gnf.org ([172.25.24.15]) by EXCHCLUSTER01.lj.gnf.org with Microsoft SMTPSVC(5.0.2195.5329); Sat, 31 May 2003 16:16:54 -0700 Received: from roark.gnf.org (localhost [127.0.0.1]) by roark.gnf.org (8.12.9/8.12.9) with ESMTP id h4VNGsjX097093; Sat, 31 May 2003 16:16:54 -0700 (PDT) (envelope-from gtetlow@gnf.org) Received: (from gtetlow@localhost) by roark.gnf.org (8.12.9/8.12.9/Submit) id h4VNGr9v097092; Sat, 31 May 2003 16:16:53 -0700 (PDT) (envelope-from gtetlow) Date: Sat, 31 May 2003 16:16:53 -0700 From: Gordon Tetlow To: Peter Jeremy , arch@FreeBSD.org Message-ID: <20030531231653.GW87863@roark.gnf.org> References: <20030531193849.GR87863@roark.gnf.org> <20030531202221.GA22056@dragon.nuxi.com> <20030531220957.GA54163@cirb503493.alcatel.com.au> <20030531222747.GA23373@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KCLoHzx0Ylaw/v4x" Content-Disposition: inline In-Reply-To: <20030531222747.GA23373@dragon.nuxi.com> User-Agent: Mutt/1.4i X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-OriginalArrivalTime: 31 May 2003 23:16:54.0537 (UTC) FILETIME=[B97D2790:01C327CA] Subject: Re: Moving some items out of src/sbin to src/usr.sbin X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 May 2003 23:16:56 -0000 --KCLoHzx0Ylaw/v4x Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, May 31, 2003 at 03:27:47PM -0700, David O'Brien wrote: > On Sun, Jun 01, 2003 at 08:09:57AM +1000, Peter Jeremy wrote: > > On Sat, May 31, 2003 at 01:22:21PM -0700, David O'Brien wrote: > > >On Sat, May 31, 2003 at 12:38:49PM -0700, Gordon Tetlow wrote: > > >> To cut down on the size of a dynamically-linked root, I'd like to > > >> repo-copy the following utilities from src/sbin to src/usr.sbin: > > >>=20 > > >> mount_portalfs > > >> mount_nwfs > > >> mount_smbfs > > >> natd > > >> ipnat > > >>=20 > > >> Does anyone have any objections? > > > > > >yes to natd. > >=20 > > David, would you like to go into a bit more detail please. > ... > > NAT is normally used at boundaries between different privilege zones > > (though this isn't its only use) and it would seem unusual to mount > > /usr from a different privilege zone to the local system. Normally, > > natd is started before ipfw rules are loaded, but I don't believe > > there is a requirement for a process to be bound to a divert socket > > before diversion rules are added. >=20 > Not really. Just to say that as a user of natd and one that knows how > fragile ipfw & natd are to passing packets I don't want to disturb things. > I want to see some people (other than me) experiment with this the natd > issue before it is moved. I agree testing needs to take place. I'm doing this sweep from the point of view of wanting to minimize libraries that need to be /lib. libalias (who's only consumer is natd) is only 48k. I can live with it, but I was just trying to clean up some low-hanging fruit. > > IMHO, it's reasonable to assume/require that /usr be a 'native' > > filesystem - so MS-DOS, NTFS, Netware and SMB are not needed - though > ... > > If Gordon is looking for programs to move from /sbin to /usr/sbin, > > mount_msdos, mount_ntfs, mountd, nfsd and maybe ipfstat all seem > > candidates. The first two are covered above. IMHO, there's no point > > a machine becomming a NFS server before it has /usr mounted - which > > covers the next two. Finally, ipfstat is not needed to configure > > IPFilter - just monitor it. >=20 > Native also covers NFS mounted /usr and UFS /, and Gordon didn't mention > that he had carefully looked at /etc/rc.d/* and the implications of > moving things. I didn't look to carefully for natd and ipnat, but I did look at the implications of moving the various mount_* providers. The way the current boot scripts work is they mount local-type filesystems (read not NFS, SMBFS, and PORTALFS (it's a bug that NWFS isn't in this list)) first. Then it mounts NFS filesystems. Finally all other network-type filesystems are mounted. As such, if you have /usr mounted via NFS (and only NFS), your other network filesystems will mount just fine. This is the reason I didn't move things like mount_msdosfs and other local-type filesystems. They will be mounted before any network filesystems (including NFS /usr) has a chance to be mounted. -gordon --KCLoHzx0Ylaw/v4x Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+2TflRu2t9DV9ZfsRAqI/AJ42zB1UpfGbDYjipItNDWVHiVdc2gCgiS5a +A360RjNf3MvUkoyG3l8Fv0= =ZXYi -----END PGP SIGNATURE----- --KCLoHzx0Ylaw/v4x--