| informationsyndicateUTC clock | event counters The last message was received 8.82 months ago at 20:52 on May 24, 2011 0 messages so far today, 0 messages yesterday 0 messages so far this week, 0 messages last week 0 messages so far this month, 0 messages last month 2123 messages since the first one, 7.2 years ago, for an average of 1.24 days between messages recent messages date | project | content | link |
|---|
| 20:10 on May 24, 2011 | FreeBSD | Commit by pjd :: r 222268 /head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_dir.c: ( link) Don't pass pointer to name buffer which is on the stack to another thread, because the stack might be paged out once the other thread tries to use the data. Instead, just allocate memory.
MFC after: 2 weeks | # | | 20:07 on May 24, 2011 | FreeBSD | Commit by pjd :: r 222267 /head/sys/cddl/ (4 files in 4 dirs): ( link) Don't access task structure once we call task function. The task structure might be no longer available. This also allows to eliminates the need for two tasks in the zio structure.
Submitted by: anonymous MFC after: 2 weeks | # | | 23:18 on May 19, 2011 | FreeBSD | Commit by pjd :: r 222108 /head/sbin/hastd/ (parse.y hastd.c hast.h hast.conf.5): ( link) In preparation for IPv6 support allow to specify multiple addresses to listen on.
MFC after: 3 weeks | # | | 22:43 on May 18, 2011 | FreeBSD | Commit by pjd :: r 222087 /head/sbin/hastd/pjdlog.c: ( link) - Add support for AF_INET6 sockets for %S format character.
- Use inet_ntop(3) instead of reimplementing it.
- Use %hhu for unsigned char instead of casting it to unsigned int and using %u. MFC after: 1 week
| # | | 17:02 on May 14, 2011 | FreeBSD | Commit by pjd :: r 221899 /head/sbin/ (5 files in 2 dirs): ( link) Currently we are unable to use capsicum for the primary worker process, because we need to do ioctl(2)s, which are not permitted in the capability mode. What we do now is to chroot(2) to /var/empty, which restricts access to file system name space and we drop privileges to hast user and hast group.
This still allows to access to other name spaces, like list of processes, network and sysvipc.
To address that, use jail(2) instead of chroot(2). Using jail(2) will restrict access to process table, network (we use ip-less jails) and sysvipc (if security.jail.sysvipc_allowed is turned off). This provides much better separation.
MFC after: 1 week | # | | 16:55 on May 14, 2011 | FreeBSD | Commit by pjd :: r 221898 /head/sbin/hastd/subr.c: ( link) When using capsicum to sanbox, still use other methods first, just in case one of them have some problems. | # | | 11:10 on May 08, 2011 | FreeBSD | Commit by pjd :: r 221643 /head/sbin/hastd/parse.y: ( link) Allow to specify remote as 'none' again which was broken by r219351, where 'none' was defined as a value for checksum.
Reported by: trasz MFC after: 1 week | # | | 09:46 on May 08, 2011 | FreeBSD | Commit by pjd :: r 221633 /head/sbin/geom/class/eli/geli.8: ( link) Document the following sysctls:
kern.geom.eli.version kern.geom.eli.key_cache_limit kern.geom.eli.key_cache_hits kern.geom.eli.key_cache_misses
MFC after: 1 week | # | | 09:29 on May 08, 2011 | FreeBSD | Commit by pjd :: r 221631 /head/sys/geom/eli/g_eli.c: ( link) Export GELI class version via sysctl kern.geom.eli.version.
MFC after: 1 week | # | | 09:25 on May 08, 2011 | FreeBSD | Commit by pjd :: r 221630 /head/sys/geom/eli/g_eli_ctl.c: ( link) Version 6 is compatible with version 5 when it comes to control commands.
MFC after: 1 week | # | | 09:25 on May 08, 2011 | FreeBSD | Commit by pjd :: r 221629 /head/sys/geom/eli/g_eli.h: ( link) Detect and handle metadata of version 6.
MFC after: 1 week | # | | 09:17 on May 08, 2011 | FreeBSD | Commit by pjd :: r 221628 /head/sys/geom/eli/ (g_eli.h g_eli_integrity.c g_eli.c): ( link) When support for multiple encryption keys was committed, GELI integrity mode was not updated to pass CRD_F_KEY_EXPLICIT flag to opencrypto. This resulted in always using first key. We need to support providers created with this bug, so set special G_ELI_FLAG_FIRST_KEY flag for GELI provider in integrity mode with version smaller than 6 and pass the CRD_F_KEY_EXPLICIT flag to opencrypto only if G_ELI_FLAG_FIRST_KEY doesn't exist. Reported by: Anton Yuzhaninov < citrin at citrin dot ru> MFC after: 1 week | # | | 09:11 on May 08, 2011 | FreeBSD | Commit by pjd :: r 221626 /head/sys/geom/eli/g_eli.h: ( link) Remove prototype for a function that no longer exist.
MFC after: 1 week | # | | 09:09 on May 08, 2011 | FreeBSD | Commit by pjd :: r 221625 /head/sys/geom/eli/g_eli_integrity.c: ( link) Drop proper key.
MFC after: 1 week | # | | 09:08 on May 08, 2011 | FreeBSD | Commit by pjd :: r 221624 /head/sys/geom/eli/g_eli_key_cache.c: ( link) Add magic field to the g_eli_key structure to detect if we are really operating on proper structures.
MFC after: 1 week | # | | 10:41 on Apr 24, 2011 | FreeBSD | Commit by pjd :: r 220984 /head/sys/geom/eli/g_eli_key_cache.c: ( link) One key is expected from providers smaller than or equal to (2^20)*sectorsize bytes. Remove bogus assertion and while here remove another too obvious assertion. Reported by: Fabian Keil < freebsd-listen at fabiankeil dot de> MFC after: 2 weeks | # | | 21:15 on Apr 21, 2011 | FreeBSD | Commit by pjd :: r 220930 /head/sys/conf/files: ( link) Add g_eli_key_cache.c to GELI.
MFC after: 2 weeks | # | | 13:35 on Apr 21, 2011 | FreeBSD | Commit by pjd :: r 220923 /head/sys/geom/eli/g_eli_key_cache.c: ( link) If number of keys for the given provider doesn't exceed the limit, allocate all of them at attach time. This allows to avoid moving keys around in the most-recently-used queue and needs no mutex synchronization nor refcounting.
MFC after: 2 weeks | # | | 13:31 on Apr 21, 2011 | FreeBSD | Commit by pjd :: r 220922 /head/sys/ (8 files in 2 dirs): ( link) Instead of allocating memory for all the keys at device attach, create reasonably large cache for the keys that is filled when needed. The previous version was problematic for very large providers (hundreds of terabytes or serval petabytes). Every terabyte of data needs around 256kB for keys. Make the default cache limit big enough to fit all the keys needed for 4TB providers, which will eat at most 1MB of memory.
MFC after: 2 weeks | # | | 18:49 on Apr 20, 2011 | FreeBSD | Commit by pjd :: r 220899 /head/sbin/hastd/hastd.c: ( link) Correct comment.
MFC after: 1 week | # |
|