Seems changes to pledge have made ntpd abort.
ntpd(67855): syscall 5 "rpath"
ntpd(81479): syscall 5 "rpath"
Jul 7 10:29:23 ianm-openbsd ntpd[76119]: constraint 2404:6800:4006:800::2004;
terminated with signal 6 (Abort trap)
Ian McWilliam
Hi,
The new load_file() feature in libtls allows to simplify the code
to preload the CA cert, server cert and server key in syslogd before
calling chroot(2).
ok?
bluhm
Index: usr.sbin/syslogd/syslogd.c
===
RCS file: /data/mirror/op
Martin Pieuchot wrote:
> Kernel threads are cooperative and yield. I'd argue that preempt()
> should be kept for user processes hogging CPUs. So let's be coherent
> with the rest of the kernel and use sched_pause() here. ok?
Except that uvm_pause is called by user processes.
>
> Index: uvm/uv
> Date: Wed, 6 Jul 2016 18:21:21 +0200
> From: Martin Pieuchot
>
> Kernel threads are cooperative and yield. I'd argue that preempt()
> should be kept for user processes hogging CPUs. So let's be coherent
> with the rest of the kernel and use sched_pause() here. ok?
To be honest, I'd argue th
On Wed, 06 Jul 2016 15:28:33 +0200, Marc Espie wrote:
> Note: it seems strange to have extra checks for VT_CHAR... in tmpfs_mknod
> as well. These should be fs-independent ?...
Do you mean this?
if (vt != VBLK && vt != VCHR && vt != VFIFO) {
vput(dvp);
ret
Please, don't try this diff blindly it won't make your machine faster.
In the past months I've been looking more closely at our scheduler.
At p2k16 I've shown to a handful of developers that when running a
browser on my x220 with HT enable, a typical desktop usage, the per-
CPU runqueues were neve
On 2016/07/06 19:28, Martin Pieuchot wrote:
> On 06/07/16(Wed) 10:20, Todd C. Miller wrote:
> > Slightly off-topic but should we mark RTF_MASK for eventual removal
> > as it is unused?
>
> This should be asked to ports@ people. They cope with what the
> ecosystem consider as the BSD routing table
j...@wxcvbn.org (Jeremie Courreges-Anglas) writes:
> j...@wxcvbn.org (Jeremie Courreges-Anglas) writes:
>
>> Nobody cares about route6d, and it shows: runas as root, not chrooted.
>> Also it uses wide pledge(2) permissions.
>>
>> I have diffs to switch the logging to log.c and use it to support th
On 06/07/16(Wed) 10:20, Todd C. Miller wrote:
> Slightly off-topic but should we mark RTF_MASK for eventual removal
> as it is unused?
This should be asked to ports@ people. They cope with what the
ecosystem consider as the BSD routing table interface.
On 2016/07/06 14:43, Alexander Bluhm wrote:
> On Tue, Jul 05, 2016 at 12:22:36PM +0200, Martin Pieuchot wrote:
> > Fine, new diff doing that.
>
> OK bluhm@
I've been running with this, diff looks sane and no problems noticed yet.
Reading the diff reminded me..if anyone is interested in digging t
2016-07-05 20:17 GMT-03:00 Jeremie Courreges-Anglas :
>
> Nobody cares about route6d, and it shows: runas as root, not chrooted.
> Also it uses wide pledge(2) permissions.
>
> I have diffs to switch the logging to log.c and use it to support the -R
> option and /var/run/route6d_dump. The end goal
Kernel threads are cooperative and yield. I'd argue that preempt()
should be kept for user processes hogging CPUs. So let's be coherent
with the rest of the kernel and use sched_pause() here. ok?
Index: uvm/uvm_glue.c
===
RCS file:
Slightly off-topic but should we mark RTF_MASK for eventual removal
as it is unused?
- todd
KAME people started putting multicast addresses in the routing table.
But since it hasn't been designed for that they used workarounds.
I believe it's time to embrace and consolidate this choice.
. The first reason is that multicast address are not going away from
the routing table, thanks
Todd C. Miller wrote:
> On Wed, 06 Jul 2016 06:53:06 -0600, "Todd C. Miller" wrote:
>
> > Is there any reason to not do the check higher up in domknodat()?
> > A mknod of -1 on ffs results in a device of major 0, minor 0 which
> > is unexpected.
>
> The following should be sufficient and not inte
Otto Moerbeek wrote:
> On Sun, Jul 03, 2016 at 09:31:11AM +0200, Otto Moerbeek wrote:
>
> > On Sat, Jul 02, 2016 at 01:17:10PM -0400, Ted Unangst wrote:
> >
> > > Otto Moerbeek wrote:
> > > > Hi,
> > > >
> > > > J/j is actually a three valued var. So document that and make it
> > > > possible to
On Wed, Jul 06, 2016 at 07:18:14AM -0600, Bob Beck wrote:
> ok beck@
>
> On Wednesday, 6 July 2016, Todd C. Miller wrote:
>
> > On Wed, 06 Jul 2016 06:53:06 -0600, "Todd C. Miller" wrote:
> >
> > > Is there any reason to not do the check higher up in domknodat()?
> > > A mknod of -1 on ffs resul
ok beck@
On Wednesday, 6 July 2016, Todd C. Miller wrote:
> On Wed, 06 Jul 2016 06:53:06 -0600, "Todd C. Miller" wrote:
>
> > Is there any reason to not do the check higher up in domknodat()?
> > A mknod of -1 on ffs results in a device of major 0, minor 0 which
> > is unexpected.
>
> The follow
On Tue, Jul 05, 2016 at 03:44:17PM +0200, Simon Mages wrote:
> Thats true, i found also another bug in this diff, the new one follows.
OK bluhm@
> Index: netinet/tcp_usrreq.c
> ===
> RCS file: /cvs/src/sys/netinet/tcp_usrreq.c,v
> re
On Wed, 06 Jul 2016 06:53:06 -0600, "Todd C. Miller" wrote:
> Is there any reason to not do the check higher up in domknodat()?
> A mknod of -1 on ffs results in a device of major 0, minor 0 which
> is unexpected.
The following should be sufficient and not interfere with creating
FIFOs or badsect
ok
Jeremie Courreges-Anglas(j...@wxcvbn.org) on 2016.07.06 13:48:51 +0200:
> j...@wxcvbn.org (Jeremie Courreges-Anglas) writes:
>
> > Nobody cares about route6d, and it shows: runas as root, not chrooted.
> > Also it uses wide pledge(2) permissions.
> >
> > I have diffs to switch the logging to l
Is there any reason to not do the check higher up in domknodat()?
A mknod of -1 on ffs results in a device of major 0, minor 0 which
is unexpected.
- todd
On Tue, Jul 05, 2016 at 12:22:36PM +0200, Martin Pieuchot wrote:
> Fine, new diff doing that.
OK bluhm@
> Index: netinet6/ip6_input.c
> ===
> RCS file: /cvs/src/sys/netinet6/ip6_input.c,v
> retrieving revision 1.161
> diff -u -p -r1.
On Wed, 06 Jul 2016 13:48:51 +0200, Jeremie Courreges-Anglas wrote:
> > - nuke util.h, not needed since pidfile(3) went away
> > - nuke the rrt_same member of struct riprt, "future use" since import
> > - mark rtdexit as __dead
> > - nuke progname handling
> > - fix pid handling: cache the pid *af
j...@wxcvbn.org (Jeremie Courreges-Anglas) writes:
> Nobody cares about route6d, and it shows: runas as root, not chrooted.
> Also it uses wide pledge(2) permissions.
>
> I have diffs to switch the logging to log.c and use it to support the -R
> option and /var/run/route6d_dump. The end goal is t
Hi, I have 2 questions about this implementation.
1) Can the OCSP client put multiple certificates to check in the request ?
like this.
$ openssl ocsp -reqin ocsp_req.der -req_text
OCSP Request Data:
Version: 1 (0x0)
Reque
On Wed, 6 Jul 2016, Ian Sutton wrote:
> * tipru comes disabled by default. Attempts to enable tipru, and
> following modification of the instruction/data/shared memory
> spaces, are only allowed when the system's securelevel(7) is equal
> or lesser than zero. When the system's secure
I have revised tipru(4) according to advice given in this thread:
On Mon, Jul 4, 2016 at 10:30 PM, Jonathan Gray wrote:
> There aren't any suser checks either.
On Tue, Jul 5, 2016 at 12:56 AM, Jonathan Gray wrote:
> Perhaps it could only permit access at a particular securelevel
> like gpio or
E.g., this should be equivalent.
Index: tmpfs_vnops.c
===
RCS file: /build/data/openbsd/cvs/src/sys/tmpfs/tmpfs_vnops.c,v
retrieving revision 1.27
diff -u -p -r1.27 tmpfs_vnops.c
--- tmpfs_vnops.c 19 Jun 2016 11:54:33 -
29 matches
Mail list logo
