Re: Gvinum RAID1+0
On 24 February 2010 00:59, Pieter de Goeje pie...@degoeje.nl wrote: On Tuesday 23 February 2010 23:11:37 Andrew Klaassen wrote: From the lack of response, am I correct to conclude that Gvinum can't do RAID1+0 (as opposed to RAID0+1)? I'll bite. Is there a particular reason why you want to use gvinum instead of a combination of gmirror and gstripe? I don't have any experience with vinum and can only come to the same conclusion as you have after reading the docs. It seems vinum does mirrored stripes by design. - Pieter Thanks. Andrew --- On Mon, 2/22/10, Andrew Klaassen claws...@yahoo.com wrote: Hi. Newbie question: I'm trying to figure out how to create a stripe-over-mirrors, aka RAID1+0, with Gvinum. The manual gives an example for a mirror-over-stripes, aka RAID0+1, but I can't for the life of me figure out from that example or others I've feebly Googled how to do a RAID1+0. I'm using 112 drives, so I'd much rather have RAID1+0 than RAID0+1. Does anyone have an example kicking around they could kindly send me? Thanks. Andrew __ Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org __ Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail. Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org i would stay away from gvinum, and use gstripe/gmirror, or zfs if your box can handle it ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
static build of usr.bin/host fails to link
Hi: I am trying to build a custom crunch file for pxeboot/jumpstart. I have taken the make files from rescue as a template adding the extras I need. But I have problem linking usr.bin/host in the crunch file, I can't figure out what libraries to link with and include with CRUNCH_LIBS+= on the system dynamically linked binary I tried, ldd /usr/bin/host /usr/bin/host: libcrypto.so.6 = /lib/libcrypto.so.6 (0x281f4000) libthr.so.3 = /lib/libthr.so.3 (0x2835) libc.so.7 = /lib/libc.so.7 (0x28365000) and looking in the source files doesn't help much either, I can't figure out how to specify libraries en contrib/bind9. The make files I use are here: http://www.locolomo.org/pub/src/jumpstart.tgz How do I build host statically? Thanks, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Netgraph VLan support
Bump
On Tue, Feb 23, 2010 at 3:32 PM, Ross Cameron
ross.came...@linuxpro.co.za wrote:
Hi there all
I've trying to setup nested VLans using netgraph and most of my
googling suggests that this can be done.
But alas it is not working on this side. I'm running a standard
FreeBSD 8.0-RELEASE-p2 AMD64.
The below works just fine and creates a perfectly functional Vlan
interface ngeth0:
ifconfig bge0 10.123.0.1 netmask 255.255.255.0
kldload ng_ether
kldload ng_vlan
ngctl mkpeer bge0: vlan lower downstream
ngctl name bge0:lower vlanL1
ngctl connect bge0: vlanL1: upper nomatch
ngctl mkpeer vlanL1: eiface vlan3555 ether
ngctl msg vlanL1: addfilter '{ vlan=3555 hook=vlan3555 }'
ifconfig ngeth0 link 00:1a:4b:d4:3e:c2
ifconfig ngeth0 10.124.0.1 netmask 255.255.255.0
The below however does not and just throws an error :
-
ngctl mkpeer ngeth0: vlan lower downstream
ngctl name ngeth0:lower vlanL2
ngctl connect ngeth0: vlanL2: upper nomatch
ngctl mkpeer vlanL2: eiface vlan2555 ether
ngctl msg vlanL2: addfilter '{ vlan=2555 hook=vlan2555 }'
ifconfig ngeth1 link 00:1a:4b:d4:3e:c2
ifconfig ngeth1 10.125.0.1 netmask 255.255.255.0
The error is:
ngctl: send msg: Protocol family not supported
ngctl: send msg: No such file or directory
Any advice?
--
Opportunity is most often missed by people because it is dressed in
overalls and looks like work.
Thomas Alva Edison
Inventor of 1093 patents, including:
The light bulb, phonogram and motion pictures.
--
Opportunity is most often missed by people because it is dressed in
overalls and looks like work.
Thomas Alva Edison
Inventor of 1093 patents, including:
The light bulb, phonogram and motion pictures.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Will this work with AMD64?
http://processorfinder.intel.com/details.aspx?sSpec=SLANP CPU: Intel(R) Xeon(R) CPU X5460 @ 3.16GHz (3158.77-MHz 686-class CPU) I am just reading this (the marked as 5xx numbers has me confused): # Intel 64-bit Xeon™ (“Nacona”). This processor is fabricated on 90nm process technology, and operates with 2.80 to 3.60 GHz (FSB 800MHz) and Intel E7520/E7525/E7320 chipsets. # Intel Pentium® 4 Processor supporting Intel EM64T (“Prescott”). This is fabricated on 90nm process technology, uses FC-LGA775 package, and operates with 3.20F/3.40F/3.60F GHz and Intel 925X Express chipsets. The corresponding S-Spec numbers are SL7L9, SL7L8, SL7LA, SL7NZ, SL7PZ, and SL7PX. Note that processors marked as 5xx numbers do not support EM64T. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
install.cfg for Documentation Installation Menu on 8.0-RELEASE
Hi, What come up with 8.0-RELEASE is the new FreeBSD Documentation Installation Menu in sysinstall. I would like to know what command for install.cfg to configure my installation with, say, English Documentation. i've found this question already posted to this forum but it's still unanswered. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Syncing disks takes forever
I often experience long shutdown times on my laptop due to the syncing of disks. Usually I just leave it and the pc will shutdown eventually. Today I saw a new message that I think is related. ACPI error cannot release mutex [ECMX] synclevel mismatch: mutex 1 current 0 20090521 emutex-529 . . . . . . . Evaluation of query method -Q66 failed AE_... PC shutdown so I did not have time to write everything down. I have a photo of the screen if anyone is interested. My question is: Can anything be done to minimize the shutdown time or do I have to accept it? Thanks /Leslie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NFSv4 and setfacl?
I managed to get NFSv4 working this weekend. Then I went to try to try setting and ACL with setfacl and it wouldn't work. ACL's were the reason I was interested in NFSv4. And I can't google the problem as I keep getting pages refering to NFSv4 style ACL's. So does NFSv4 on freebsd support ACL's or not yet? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Will this work with AMD64?
On Feb 24, 2010, at 7:02 AM, Paul Halliday wrote: http://processorfinder.intel.com/details.aspx?sSpec=SLANP CPU: Intel(R) Xeon(R) CPU X5460 @ 3.16GHz (3158.77-MHz 686-class CPU) I am just reading this (the marked as 5xx numbers has me confused): The CPU you are looking up is a modern Bloomfield Xeon which supports 64-bit mode fine. The footnote is in reference to earlier P4/Xeons (around Prescott / Gallatin). http://en.wikipedia.org/wiki/Xeon Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
kde4/python26 and pth help.
On a freshly installed 8-STABLE box (4 days old) and up to date ports,
KDE4 will not install for me, always the same errors. I've even removed
all ports and reinstalled from scratch and hit the same errors. I have
no /etc/make.conf. I'm at a loss here, I have no idea why this is happening.
I even did a portupgrade -fRru python26 and tried portmaster, and
plain old make in the ports that fail.
This is a script from a portinstall x11/kde4 1.7. includes pkg_info and
ls /var/db/pkgs (for some reason google does wont display it, sorry)
https://docs.google.com/leaf?id=0B73zNsVpyWo_ZDgwZDY4OGYtYmY2MC00ZjYzLTgyMmMtNGE4NDA2MDAwYmEzhl=en
Any suggestions, ideas?
Examples of errors:
checking whether Python support is requested... checking whether
/usr/local/bin/
python2.6 version = 2.5... yes
checking for /usr/local/bin/python2.6 version... 2.6
checking for /usr/local/bin/python2.6 platform... freebsd8
checking for /usr/local/bin/python2.6 script directory...
${prefix}/lib/python2.
6/site-packages
checking for /usr/local/bin/python2.6 extension module directory...
${exec_prefi
x}/lib/python2.6/site-packages
checking for headers required to compile python extensions... not found
configure: error: Python headers not found
=== Script configure failed unexpectedly.
Please run the gnomelogalyzer, available from
http://www.freebsd.org/gnome/gnomelogalyzer.sh;, which will diagnose the
problem and suggest a solution. If - and only if - the gnomelogalyzer cannot
solve the problem, report the build failure to the FreeBSD GNOME team at
gn...@freebsd.org, and attach (a)
/usr/ports/devel/gobject-introspection/work/gobject-introspection-0.6.7/config.
log,
(b) the output of the failed make command, and (c) the gnomelogalyzer
output.
and (c) the gnomelogalyzer output.
Also, it might be a good idea to provide an overview of all packages
installed
on your system (i.e. an `ls /var/db/pkg`). Put your attachment up on any
website, copy-and-paste into http://freebsd-gnome.pastebin.com, or use
send-pr(1) with the attachment. Try to avoid sending any attachments to the
mailing list (gn...@freebsd.org), because attachments sent to FreeBSD
mailing
lists are usually discarded by the mailing list software.
*** Error code 1
Stop in /usr/ports/devel/gobject-introspection.
*** Error code 1
checking python2.6/Python.h usability... no
checking python2.6/Python.h presence... no
checking for python2.6/Python.h... no
configure: error: Can't find python header files
=== Script configure failed unexpectedly.
/bin/sh ../libtool --tag=CC --mode=link cc -O2 -pipe
-fno-strict-aliasing -pe
dantic -W -Wformat -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment
-Wtrigra
phs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow
-Wpointer-
arith -Wcast-align -Wwrite-strings -Waggregate-return
-Wstrict-prototypes -Wmiss
ing-prototypes -Wnested-externs -Winline -Wredundant-decls -module
-avoid-versio
n -L/usr/local/lib -o libxml2mod.la -rpath
/usr/local/lib/python2.6/site-packag
es libxml.lo types.lo libxml2-py.lo -lxml2 -lpth -lutil -lm -lpython2.6
libtool: link: cc -shared .libs/libxml.o .libs/types.o
.libs/libxml2-py.o -Wl
,-rpath -Wl,/usr/local/lib -Wl,-rpath -Wl,/usr/local/lib
-L/usr/local/lib /usr/l
ocal/lib/libxml2.so -lz /usr/local/lib/libiconv.so -lpth -lutil -lm
-lpython2.6
-Wl,-soname -Wl,libxml2mod.so -o .libs/libxml2mod.so
/usr/bin/ld: cannot find -lpth
gmake[1]: *** [libxml2mod.la] Error 1
gmake[1]: Leaving directory
`/usr/ports/textproc/py-libxml2/work/libxml2-2.7.6/p
ython'
gmake: *** [all-recursive] Error 1
*** Error code 1
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Any generic way to fix problem that configure doesn't find libraries in /usr/local/lib?
Every time I run configure script it fails to find libraries in /usr/local/lib because it has some hard-coded paths not including /usr/local/lib and /usr/local/lib. Every time I need to edit configure to fix it up. Is there any generic tool or way that fixes this problem more easily? Yuri ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Any generic way to fix problem that configure doesn't find libraries in /usr/local/lib?
On Wed 24 Feb 2010 at 12:05:10 PST Yuri wrote:
Every time I run configure script it fails to find libraries in
/usr/local/lib because it has some hard-coded paths not including
/usr/local/lib and /usr/local/lib.
Every time I need to edit configure to fix it up.
Is there any generic tool or way that fixes this problem more easily?
With most configure scripts I've seen, ./configure --help tells me
that the environment variable LDFLAGS is respected.
So why not set that before invoking configure?
If you look, you'll find that the Makefiles for many ports do exactly
this, by setting CONFIGURE_ENV+= LDFLAGS=-L${LOCALBASE}/lib ${LDFLAGS}
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
nvidia: link_elf: symbol KPTmap undefined
uname: FreeBSD 7.3-PRERELEASE #1: Sun Feb 14 12:07:05 CET 2010 pciconf: vgap...@pci0:64:0:0:class=0x03 card=0x020d10de chip=0x014e10de rev=0xa2 hdr=0x00 vendor = 'Nvidia Corp' device = 'NVIDIA Quadro FX 540 (NV43)' class = display subclass = VGA Rebuilt system at the above date, and updated ports. kldload nvidia link_elf: symbol KPTmap undefined kldload: can't load nvidia: No such file or directory ls -l /boot/modules/nvidia.ko -r-xr-xr-x 1 root wheel 10541338 Feb 24 22:19 /boot/modules/nvidia.ko Does not matter which version of the driver I try, from what I gather the card should be supported by the current unified driver. Is it a bug or me? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
how to disable loadable kernel moduels?
I'm building custom kernels for use in 'hostile' environments -- where I need
to enforce restricted capabilities, even in the event of malicious 'root'
access. (if the bad guy has *physical* access to the machine, I know I'm
toast, so I don't try to protect against _that_ in software -- beyond the
usual access-control mechnisms, that is.)
To accomplish this, I need to (among other things) *completely* disable
kernel 'loadable module' functionality. Building the required monolithic
kernel is no problem, and by booting from _physical_ read-only media, I
can protect against bootloader/kernel/application substitution. I just
need to make it impossible to add modules to the running system.
I don't see anything in the kernel configuration file options (e.g.,
something like an 'options NO_MODULES') that would do this 'painlessly',
so I'm looking at the 'brute force' solution of actually modifying the
kernel code myself.
Can somebody point me towrads the source module(s) that contain the
syscall 'dispatch' code and/or the loadable module implementation.
I'm looking to either disable the kernel function ENTIRELY, *or* (in
the spirit of 'making life difficult for the bad guys') letting it
do everything it normally does, *except* actually installing the module
_functionality_ -- i.e., kldload executes w/o error, kldstat shows that
the module is loaded, etc.; but any attempt to _use_ the functionality
therein is a no-op.
Peripherally related, is there tutorial/reference, anywhere, on how the
kernel configuration/build process _works_? _NOT_ a how to make a custom
kernel, but the _mechnics_ of what goes on behinds the scenes during
'config' execution. e.g. stuff like where 'options {foo}' etc. is defined,
what files it causes to be included, what symbols it 'defines', and what
must be (conditionally) re-compiled when it is present, or it's value is
changed.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
about incoming and outgoing trafficc
I have 2 lines to reach to the internet. I use 2 gateway. one of 2 gateway is a freebsd7.2 gateway. I activated pf on freebsd7.2. I have a fileserver which has a real ip. the fileserver's default gateway is other gateway server. When a traffic comes from internet via freebsd gateway towards the fileserver, if I try to upload a file which has about 10Mbyte from a remote pc to the file server, file transfer performance will be very bad. if I try to download a file from the file server, the file transfer performance will be very well. it is no problem. Or if I disable pf, the problem 's gone and upload/download transfer speed is very well. Or incoming and outgoing trafficc via my pf server , there is no problem. How can I correct this problem ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to disable loadable kernel moduels?
On Wed, 24 Feb 2010 16:47:25 -0600 (CST) Robert Bonomi bon...@mail.r-bonomi.com wrote: I'm building custom kernels for use in 'hostile' environments -- where I need to enforce restricted capabilities, even in the event of malicious 'root' access. (if the bad guy has *physical* access to the machine, I know I'm toast, so I don't try to protect against _that_ in software -- beyond the usual access-control mechnisms, that is.) See security(7) - http://www.freebsd.org/cgi/man.cgi?query=securitysektion=7 Securelevel 1 disables the loading of kernel modules; the manual page has far more details of how to secure the system further. -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
boot loaders and USB devices
My PC does not have the BIOS option to boot from USB. I use an USB cabled external hard drive for taking backups. It has FreeBSD installed on it which I want to boot from so the motherboard cabled hard drive file systems are un-mounted during the dump. This USB drive will only be attached to do backups. I also have a USB stick containing a Freebsd install used to clone itself to the motherboard cabled hard drive. Since the BIOS will only boot from the motherboard cabled hard drive can I install a boot loader to gain boot access to my seldom connected USB devices? I reviewed the grub port but with no joy. What do you recommend? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to disable loadable kernel moduels?
On Wed, 24 Feb 2010, Robert Bonomi wrote: I'm building custom kernels for use in 'hostile' environments -- where I need to enforce restricted capabilities, even in the event of malicious 'root' access. (if the bad guy has *physical* access to the machine, I know I'm toast, so I don't try to protect against _that_ in software -- beyond the usual access-control mechnisms, that is.) To accomplish this, I need to (among other things) *completely* disable kernel 'loadable module' functionality. Building the required monolithic kernel is no problem, and by booting from _physical_ read-only media, I can protect against bootloader/kernel/application substitution. I just need to make it impossible to add modules to the running system. I don't see how this is really bullet-proof possible. Anyone with root access can edit loader.conf and force a reboot --- or wait until a power interuption or something causes a reboot. You pretty much have to be able to reboot the machine, soo... It seems to me you could replace kldload (the command, not the system call) with a dummy script which would raise the bar a bit. You could remove (I think) the modules you are afraid of, but someone with root priviledges could replace them with trojans. -- Lars Eighner http://www.larseighner.com/index.html 8800 N IH35 APT 1191 AUSTIN TX 78753-5266 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to disable loadable kernel moduels?
If you do not want to change the secure level you can compile a static kernel: # static kernel makeoptions NO_MODULES=yes put the above inside the kernel config file. On Wed, Feb 24, 2010 at 8:19 PM, Bruce Cran br...@cran.org.uk wrote: On Wed, 24 Feb 2010 16:47:25 -0600 (CST) Robert Bonomi bon...@mail.r-bonomi.com wrote: I'm building custom kernels for use in 'hostile' environments -- where I need to enforce restricted capabilities, even in the event of malicious 'root' access. (if the bad guy has *physical* access to the machine, I know I'm toast, so I don't try to protect against _that_ in software -- beyond the usual access-control mechnisms, that is.) See security(7) - http://www.freebsd.org/cgi/man.cgi?query=securitysektion=7 Securelevel 1 disables the loading of kernel modules; the manual page has far more details of how to secure the system further. -- Bruce Cran ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: can I do away with most things-java?
On Tue, Feb 23, 2010 at 11:56:18PM +0100, Torgeir Hoffmann wrote: Hi Gary, On 23 February 2010 23:28, Gary Kline kl...@thought.org wrote: Some years ago I thought that future java tools would have BSD ports that did not demand that we fetch them ourselves? Now, among the few things left to rebuild/update is diablo-jdk16. The makefile sez to fetch tzupdater-1_3_25-2009u.zip. Can somebody please give me the exact URL that points to this file? More to the point, will a java port like openjdk free me from any Sun ports? Right now, a test pkg_delete of d-jdk16 gave me: t...@tao:/var/db/pkg# pkg_delete diablo-jdk-1.6.0.07.02_7/ pkg_delete: package 'diablo-jdk-1.6.0.07.02_7' is required by these other packages and may not be deinstalled: apache-ant-1.7.1 freemind-0.8.1_1,1 swt-3.5.1 Anybody? I simply use the package for 7 with compatibility. I have no idea what is going on with FreeBSD Foundation and why no new packages for 8-RELEASE have been built. OpenJDK will partially free you. I tried it too, but I recall correctly you cannot build it without bootstrapping it with the Diablo the first time (subsequently, it can be built with the old version of OpenJDK on each update - please correct me if this is wrong). However, I never succeeded in making any browser plugin for openjdk work. If you have a problem with 'tzupdater', download the latest one from Sun's site and alter the checksums in /usr/ports/java/diablo-jdk16/distinfo with the correct checksums and size. Hope this helps, It does help to the extent that I successfully built openjdk7. What I need to know, if you or anyone else know is, can I now pkg_delete diablo-jdk16 --- and still have tools like swt and freemind work? Still cannot find the Latest tzupdater; it's like 90 links to find the bloody thing. Aaarrrgh. Regards, //T -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.79a release of Jottings: http://jottings.thought.org/index.php ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to disable loadable kernel moduels?
On Wed, Feb 24, 2010 at 11:47 PM, Robert Bonomi
bon...@mail.r-bonomi.com wrote:
Can somebody point me towrads the source module(s) that contain the
syscall 'dispatch' code and/or the loadable module implementation.
According to /usr/src/sys/kern/syscalls.master, the kldload() syscall
ID is 304:
304 AUE_MODLOAD STD { int kldload(const char *file); }
You may also want to look at /usr/src/sys/kern/kern_linker.c
which contains kern_kldload(), kldload() and others. You could
try to short-circuit one of them, by returning immediately some
appropriate E* error code, as in:
int
kern_kldload(struct thread *td, const char *file, int *fileid)
{
#ifdef DISABLE_KLDLOAD_ALWAYS
return ENOSYS;
#endif
/* the remaining of kern_kldload() goes here... */
}
Maybe this would be enough to disable KLD loading entirely?
I'm looking to either disable the kernel function ENTIRELY, *or* (in
the spirit of 'making life difficult for the bad guys') letting it
do everything it normally does, *except* actually installing the module
_functionality_ -- i.e., kldload executes w/o error, kldstat shows that
the module is loaded, etc.; but any attempt to _use_ the functionality
therein is a no-op.
Regards,
-cpghost.
--
Cordula's Web. http://www.cordula.ws/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: can I do away with most things-java?
On Wed, 24 Feb 2010, Gary Kline wrote: Still cannot find the Latest tzupdater; it's like 90 links to find the bloody thing. Aaarrrgh. cd /usr/ports/java/jdk16 make config turn off TZUPDATE -Warren Block * Rapid City, South Dakota USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
left over restore file restoresymtable
The man for restore says this. Note that restore leaves a file restoresymtable in the root directory to pass information between incremental restore passes. This file should be removed when the last incremental has been restored. What root directory is this talking about? If system is booted from cd or dvd then this file can not be written to /root of the booted system. Does this message really mean its written to /root of the just restored file system / ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to disable loadable kernel moduels?
From owner-freebsd-questi...@freebsd.org Wed Feb 24 18:04:25 2010 Date: Wed, 24 Feb 2010 17:38:45 -0600 (CST) From: Lars Eighner luvbeas...@larseighner.com To: Robert Bonomi bon...@mail.r-bonomi.com Cc: questi...@freebsd.org Subject: Re: how to disable loadable kernel moduels? On Wed, 24 Feb 2010, Robert Bonomi wrote: I'm building custom kernels for use in 'hostile' environments -- where I need to enforce restricted capabilities, even in the event of malicious 'root' access. (if the bad guy has *physical* access to the machine, I know I'm toast, so I don't try to protect against _that_ in software -- beyond the usual access-control mechnisms, that is.) To accomplish this, I need to (among other things) *completely* disable kernel 'loadable module' functionality. Building the required monolithic kernel is no problem, and by booting from _physical_ read-only media, I can protect against bootloader/kernel/application substitution. I just need to make it impossible to add modules to the running system. I don't see how this is really bullet-proof possible. Anyone with root access can edit loader.conf and force a reboot --- or wait until a power interuption or something causes a reboot. You're not thinking 'creatively' enough. grin superuser access _doesn't_ help if things like 'loader.conf' are on _read-only_ media. Not just a mount switch, but -hardware- enforced. Many SCSI disks have a 'write-protect' jumper on them. The _only_ way to defeat =that= requires physical access to the machine. You pretty much have to be able to reboot the machine, soo... It seems to me you could replace kldload (the command, not the system call) with a dummy script which would raise the bar a bit. You could remove (I think) the modules you are afraid of, but someone with root priviledges could replace them with trojans. I *can* ensure a 'trusted' software platform at boot time. I _can't_ ensure that there are no bugs/points of attack. But I can make 'life difficult' for the bad actor that does find an exploit. Protecting 'critical resources' against someone who gains enough access to import his own tools (say his _own_copy_ of kldload) is the threat level I'm looking at. I _want_ the bad guy to waste his time trying things that don't work, and that may set off alarms. Much better chances of catching the perp 'in the act' when he doesn't know that he's triggered something. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: can I do away with most things-java?
On Wed, Feb 24, 2010 at 07:29:22PM -0700, Warren Block wrote: On Wed, 24 Feb 2010, Gary Kline wrote: Still cannot find the Latest tzupdater; it's like 90 links to find the bloody thing. Aaarrrgh. cd /usr/ports/java/jdk16 make config turn off TZUPDATE Thanks very much for the datapoint! It worked. TAhis must be the 7th time I have had to search for that bloody file When the build finished I did a make deinstall and a pkgdb -Fa to straighten out the dependencies ... so I think I'm free of using any of these devel kits. Whoever wrote openjdk7 gets a gold star. -Warren Block * Rapid City, South Dakota USA -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.79a release of Jottings: http://jottings.thought.org/index.php ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kde4/python26 and pth help.
On Wed, Feb 24, 2010 at 12:11 PM, Jimmie James jimmie...@gmail.com wrote:
On a freshly installed 8-STABLE box (4 days old) and up to date ports, KDE4
will not install for me, always the same errors. I've even removed all ports
and reinstalled from scratch and hit the same errors. I have no
/etc/make.conf. I'm at a loss here, I have no idea why this is happening.
I even did a portupgrade -fRru python26 and tried portmaster, and plain
old make in the ports that fail.
My script to install from a clean install is
portsnap fetch update
cd /usr/ports/ports-mgmt/portmaster
make install clean rehash
portmaster -d x11-servers/xorg-server x11-drivers/xf86-input-mouse
x11-drivers/xf86-input-keyboard x11-drivers/{YOUR VIDEO DRIVER PORT}
echo 'dbus_enable=YES\nhald_enable=YES\n' /etc/rc.conf
then you'll have to do whatever is necessary for video driver install eg
kldload nvidia and make it permanent /boot/loader.conf
Once your driver is live, you create xorg.conf file by
Xorg -config xorg.conf.new
cp xorg.conf.new /etc/X11/xorg.conf
then I manually add in this line to /etc/ttys
ttyv8 /usr/local/kde4/bin/kdm -nodaemon xterm on secure
and comment
ttyv8 /usr/local/bin/xdm -nodaemon xterm off secure
Provided you don't have to do anything special for say the nvidia driver,
all's that's do this the hal guys maybe didn't do such a back job after all
As for you error, I don't know what happened. I used to see those happen on
a massive upgrade when using portupgrade. I recommend portmaster. Somehow
python didn't get installed correctly because
/usr/local/include/python2.6/Python.h should exist if python is correctly
installed.
--
Adam Vande More
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: left over restore file restoresymtable
Aiza wrote: The man for restore says this. Note that restore leaves a file restoresymtable in the root directory to pass information between incremental restore passes. This file should be removed when the last incremental has been restored. What root directory is this talking about? If system is booted from cd or dvd then this file can not be written to /root of the booted system. Does this message really mean its written to /root of the just restored file system / This file is written when a backup is restored. In order for restore to operate it must write. The root it is talking about is the root of whatever file system you are restoring. For example, let's say you backed up /usr (or even /dev/ad0s1d, etc). When you restore that /usr the restoresymtable file will be at the root of /usr. Same for any other partition. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kde4/python26 and pth help.
On 02/24/10 23:28, Adam Vande More wrote:
On Wed, Feb 24, 2010 at 12:11 PM, Jimmie James jimmie...@gmail.com
mailto:jimmie...@gmail.com wrote:
On a freshly installed 8-STABLE box (4 days old) and up to date
ports, KDE4 will not install for me, always the same errors. I've
even removed all ports and reinstalled from scratch and hit the same
errors. I have no /etc/make.conf. I'm at a loss here, I have no idea
why this is happening.
I even did a portupgrade -fRru python26 and tried portmaster, and
plain old make in the ports that fail.
My script to install from a clean install is
portsnap fetch update
cd /usr/ports/ports-mgmt/portmaster
make install clean rehash
portmaster -d x11-servers/xorg-server x11-drivers/xf86-input-mouse
x11-drivers/xf86-input-keyboard x11-drivers/{YOUR VIDEO DRIVER PORT}
echo 'dbus_enable=YES\nhald_enable=YES\n' /etc/rc.conf
then you'll have to do whatever is necessary for video driver install eg
kldload nvidia and make it permanent /boot/loader.conf
Once your driver is live, you create xorg.conf file by
Xorg -config xorg.conf.new
cp xorg.conf.new /etc/X11/xorg.conf
then I manually add in this line to /etc/ttys
ttyv8 /usr/local/kde4/bin/kdm -nodaemon xterm on secure
and comment
ttyv8 /usr/local/bin/xdm -nodaemon xterm off secure
Provided you don't have to do anything special for say the nvidia
driver, all's that's do this the hal guys maybe didn't do such a back
job after all
As for you error, I don't know what happened. I used to see those
happen on a massive upgrade when using portupgrade. I recommend
portmaster. Somehow python didn't get installed correctly because
/usr/local/include/python2.6/Python.h should exist if python is
correctly installed.
--
Adam Vande More
Thanks for the reply,
Haven't got around to testing X yet, but on 7.2-STABLE it works fine, so
I'm not too worried about that. It's the python and pth errors that are
killing me.
/usr/local/include/python2.6/Python.h is there, seems correctly
installed. Even installing with portmaster and plain old make install
it _still_ hits those errors of not finding the headers.
checking for /usr/local/bin/python2.6 version... 2.6
checking for /usr/local/bin/python2.6 platform... freebsd8
checking for /usr/local/bin/python2.6 script directory...
${prefix}/lib/python2.
6/site-packages
checking for /usr/local/bin/python2.6 extension module directory...
${exec_prefix}/lib/python2.6/site-packages
checking for headers required to compile python extensions... not found
configure: error: Python headers not found
As well as /usr/bin/ld: cannot find -lpth
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kde4/python26 and pth help.
On Wed, Feb 24, 2010 at 10:47 PM, Jimmie James jimmie...@gmail.com wrote:
On 02/24/10 23:28, Adam Vande More wrote:
On Wed, Feb 24, 2010 at 12:11 PM, Jimmie James jimmie...@gmail.com
mailto:jimmie...@gmail.com wrote:
On a freshly installed 8-STABLE box (4 days old) and up to date
ports, KDE4 will not install for me, always the same errors. I've
even removed all ports and reinstalled from scratch and hit the same
errors. I have no /etc/make.conf. I'm at a loss here, I have no idea
why this is happening.
I even did a portupgrade -fRru python26 and tried portmaster, and
plain old make in the ports that fail.
My script to install from a clean install is
portsnap fetch update
cd /usr/ports/ports-mgmt/portmaster
make install clean rehash
portmaster -d x11-servers/xorg-server x11-drivers/xf86-input-mouse
x11-drivers/xf86-input-keyboard x11-drivers/{YOUR VIDEO DRIVER PORT}
echo 'dbus_enable=YES\nhald_enable=YES\n' /etc/rc.conf
then you'll have to do whatever is necessary for video driver install eg
kldload nvidia and make it permanent /boot/loader.conf
Once your driver is live, you create xorg.conf file by
Xorg -config xorg.conf.new
cp xorg.conf.new /etc/X11/xorg.conf
then I manually add in this line to /etc/ttys
ttyv8 /usr/local/kde4/bin/kdm -nodaemon xterm on secure
and comment
ttyv8 /usr/local/bin/xdm -nodaemon xterm off secure
Provided you don't have to do anything special for say the nvidia
driver, all's that's do this the hal guys maybe didn't do such a back
job after all
As for you error, I don't know what happened. I used to see those
happen on a massive upgrade when using portupgrade. I recommend
portmaster. Somehow python didn't get installed correctly because
/usr/local/include/python2.6/Python.h should exist if python is
correctly installed.
--
Adam Vande More
Thanks for the reply,
Haven't got around to testing X yet, but on 7.2-STABLE it works fine, so
I'm not too worried about that. It's the python and pth errors that are
killing me.
/usr/local/include/python2.6/Python.h is there, seems correctly
installed. Even installing with portmaster and plain old make install it
_still_ hits those errors of not finding the headers.
checking for /usr/local/bin/python2.6 version... 2.6
checking for /usr/local/bin/python2.6 platform... freebsd8
checking for /usr/local/bin/python2.6 script directory...
${prefix}/lib/python2.
6/site-packages
checking for /usr/local/bin/python2.6 extension module directory...
${exec_prefix}/lib/python2.6/site-packages
checking for headers required to compile python extensions... not found
configure: error: Python headers not found
As well as /usr/bin/ld: cannot find -lpth
it would be looking for /usr/ports/devel/pth. Is it installed? if not,
then there would appear to with a dependency issue.
--
Adam Vande More
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kde4/python26 and pth help.
On Thursday 25 February 2010 14:47:08 Jimmie James wrote:
On 02/24/10 23:28, Adam Vande More wrote:
On Wed, Feb 24, 2010 at 12:11 PM, Jimmie James jimmie...@gmail.com
mailto:jimmie...@gmail.com wrote:
On a freshly installed 8-STABLE box (4 days old) and up to date
ports, KDE4 will not install for me, always the same errors. I've
even removed all ports and reinstalled from scratch and hit the same
errors. I have no /etc/make.conf. I'm at a loss here, I have no idea
why this is happening.
I even did a portupgrade -fRru python26 and tried portmaster, and
plain old make in the ports that fail.
My script to install from a clean install is
portsnap fetch update
cd /usr/ports/ports-mgmt/portmaster
make install clean rehash
portmaster -d x11-servers/xorg-server x11-drivers/xf86-input-mouse
x11-drivers/xf86-input-keyboard x11-drivers/{YOUR VIDEO DRIVER PORT}
echo 'dbus_enable=YES\nhald_enable=YES\n' /etc/rc.conf
then you'll have to do whatever is necessary for video driver install eg
kldload nvidia and make it permanent /boot/loader.conf
Once your driver is live, you create xorg.conf file by
Xorg -config xorg.conf.new
cp xorg.conf.new /etc/X11/xorg.conf
then I manually add in this line to /etc/ttys
ttyv8 /usr/local/kde4/bin/kdm -nodaemon xterm on secure
and comment
ttyv8 /usr/local/bin/xdm -nodaemon xterm off secure
Provided you don't have to do anything special for say the nvidia
driver, all's that's do this the hal guys maybe didn't do such a back
job after all
As for you error, I don't know what happened. I used to see those
happen on a massive upgrade when using portupgrade. I recommend
portmaster. Somehow python didn't get installed correctly because
/usr/local/include/python2.6/Python.h should exist if python is
correctly installed.
--
Adam Vande More
Thanks for the reply,
Haven't got around to testing X yet, but on 7.2-STABLE it works fine, so
I'm not too worried about that. It's the python and pth errors that are
killing me.
/usr/local/include/python2.6/Python.h is there, seems correctly
installed. Even installing with portmaster and plain old make install
it _still_ hits those errors of not finding the headers.
checking for /usr/local/bin/python2.6 version... 2.6
checking for /usr/local/bin/python2.6 platform... freebsd8
checking for /usr/local/bin/python2.6 script directory...
${prefix}/lib/python2.
6/site-packages
checking for /usr/local/bin/python2.6 extension module directory...
${exec_prefix}/lib/python2.6/site-packages
checking for headers required to compile python extensions... not found
configure: error: Python headers not found
As well as /usr/bin/ld: cannot find -lpth
Doh. Please, don't build python againist pth library, it's broken, and off by
default.
--
Dima Red Fox Panov @ Home | C73E 2B72 1FFD 61BD E206 1234 A626 76ED 93E3 B018
Khabarovsk, Russia | 2D30 2CCB 9984 130C 6F87 BAFC FB8B A09D D539 8F29
k...@freebsd Team | FreeBSD committer since 10.08.2009 | FreeBSD since Sept 1995
Twitter.com:fluffy_khv | Skype:dima.panov | Jabber.org:fluffy.khv | ICQ:1745024
signature.asc
Description: This is a digitally signed message part.
