Colin Percival | 1 Apr 01:55 2005
Picon

Re: MNT_NOEXEC on root filesystem with diskless PXE boot?

Tom Alsberg wrote:
> Perhaps this should go to -STABLE, I just couldn't be sure.

It will get more attention on freebsd-stable <at> , so I'm CCing that list.

> We are trying out FreeBSD 5.4-PRERELEASE on diskless clients.  I
> noticed one problem, being that when setting the LD_LIBRARY_PATH
> (or for that matter, LD_PRELOAD, and LD_LIBMAP_DISABLE) environment
> variables, nothing will run, as /libexec/ld-elf.so.1 complains:
> 
> Cannot execute objects on /
> 
> According to the sources, this was added in 5.4, and will happen
> if / is mounted noexec.

Yes, that's quite correct -- although I can't imagine how a bug which
caused / to be labelled as "noexec" managed to avoid causing major
problems until now.

I don't know anything about NFS, but hopefully someone on -stable
will be able to work out what's going on from the rest of your
email (quoted below).

Colin Percival

> In this case, / is mounted by the BTX PXE loader over NFS (from a
> FreeBSD 5.3 server, right now).  "mount" does not show the noexec
> flag.  However, with the attached little C program I verified that
> statfs really returns this flag (0x00000006).
> 
(Continue reading)

Doug White | 1 Apr 02:03 2005

Re: buggy ATA controller: I can install 4.11, but not 5.3 !?!

On Thu, 31 Mar 2005, Rob wrote:

>
> --- Doug White <dwhite <at> gumbysoft.com> wrote:
> > On Thu, 31 Mar 2005, Rob wrote:
> >
> >> No, not at the moment. I may try 5.3 (or probably
> >> 5.4) later once again. What part of the output
> >> would be particularly interesting?
> >> I ask, because I am managing this PC at the other
> >> end of the world, giving instructions to a
> >> non-Unix, non-FreeBSD user overthere :).
> >
> > Ugh. That will make this really hard to debug then.
> > To get the verbose output you want to use a serial
> > console.  That output will say why it won't attach
> > the ata controller.
>
> OK, I will certainly try that then, giving the proper
> insturctions, since this Pentium1 FreeBSD PC will
> soon have a Windows PC next to it.
>
> However, I need a little advice/help: the handbook
> is still out-of-date for making serial console
> install floppies. Chapter 2.12 of the handbook talks
> about kern.flp and mfsroot.flp, whereas we have three
> floppies with 5.X install. Which one(s) of the three
> floppies of 5.X needs to be modified by the procedure
> of chapter 2.12 ?
>
(Continue reading)

Dave Knight | 1 Apr 04:32 2005

Re: RELENG_5, snapshots and disk lock time

 >On Mon, Mar 07, 2005 at 11:58:02AM -0500, Paul Mather wrote:
 >>On Mon, 2005-03-07 at 15:21 +0300, Dmitry Morozovsky wrote:
 >>> Dear colleagues,
 >>>
 >>> dumping the snapshot of 140G ufs2 fyle system under contemporary
 >>> RELENG_5 I found that during mksnap_ffs file system is 
unresponsible >>> even for reading for more than 3 minutes (it's on 
modern SATA disk
 >>> with 50+ MBps linear transfer).
 >>> Is it normal?
 >>
 >> Oddly enough, this happened to me last night on a RELENG_5 system. In
 >> my case, things were so bad that mksnap_ffs appeared to wedge
 >> everything, meaning I'll have to make a trek in to where the machine
 >> is located and press the ol' reset button to get things going again. 
 >> :-(

I am investigating using snapshots for backup purposes and am running 
into similar difficulties, on a 1TB FS it takes over an hour to create
a snapshot, during which time an errant ls or two can lock up the 
system. Reading through list archives suggests that the the amount of 
time it takes to create the snapshot is not something that is going to 
go away and that the issue of an ls in the .snap directory during 
snapshot creation lacks a fix and that best current practise is 'try to 
avoid that'.

 > Yes, this is normal.  See the documentation about the snapshots
 > implementation (a README in the kernel source tree, I think, and paper
 > written by Kirk).

(Continue reading)

Andrey V. Elsukov | 1 Apr 07:16 2005
Picon

Re: make release fails

Hi, Michael Lednev,

Tuesday, March 29, 2005, 4:41:55 PM:
ML> what to change in my make command or in system to build release? host
ML> system is 5.3-STABLE

You can try the following:
1. Change /etc/make.conf
   OSVERSION=491102   # st this to kern.osreldate value in RELENG_4
   OSREL=4.11
2. make buildworld
3. make release ....
   after done release.2 break it, and put into ${CHROOTDIR}/etc/make.conf
   OSVERSION and OSREL variables like /etc/make.conf
4. make rerelase with RELEASENOUPDATE=yes
5. After done release.7 release fail in doFS.sh. You must build
   mdconfig without shared libraries. Go in source code tree of
   current 5.3 system, into src/sbin/mdconfig and "make -DNOSHARED
   depend all". Copy mdconfig from  obj/usr/src/sbin/mdconfig into
   ${CHROOTDIR}/sbin/
6. Mount devfs:
   mount_devfs devfs ${CHROOTDIR}/dev
7. make rerelease ....

--
WBR, Andrey V. Elsukov

_______________________________________________
freebsd-stable <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
(Continue reading)

Chris | 1 Apr 10:25 2005
Picon

ipoptions sysctl option

Hi I read the pdf detailing new changes in 5.3 networking and noticed
a new sysctl variable is added 'net.inet.ip.process_options'

Here is the description.

"IP Options do not have any practical use today. The only useful
application is RR
(Record Route) where it remembers the last 8 hops the packet traversed through.
That allows you to check parts of the path back to you. IP options
processing is rather
expensive because the packet header has to be modified and expanded. In addition
the only other use is to circumvent or trick firewalls thus it is
normally blocked there.
The options are these: (By: andre)
# sysctl net.inet.ip.process_options=0
Possible Modes:
net.inet.ip.process_options=0 Ignore IP options and pass pkts unmodfied
net.inet.ip.process_options=1 Process all IP options (default)
net.inet.ip.process_options=2 Reject all pkts with IP options with ICMP
IPv4 Processing"

As it says above mine is set to 1 the default, would setting it to 0
help with things like DDOS attacks because it is processing less and
what side affects if any could I expect from ignoring ip options?

thanks

Chris
_______________________________________________
freebsd-stable <at> freebsd.org mailing list
(Continue reading)

Uzi Klein | 1 Apr 12:17 2005

apache+mod_ssl signal 4

Hi

I Installed a fresh apache-moddssl port
(using portinstall www/apache13-modssl)

When i start apache using "apachectl start" everything works just fine,
but when i try "apachectl startssl" i have some errors i have no idea 
what to do with

httpd-error log gives me :

[Fri Apr  1 11:40:24 2005] [info] mod_unique_id: using ip addr 127.0.0.1
[Fri Apr  1 11:40:25 2005] [info] (2)No such file or directory: 
make_sock: for port 443, setsockopt: (SO_ACCEPTFILTER)
[Fri Apr  1 11:40:25 2005] [info] (2)No such file or directory: 
make_sock: for port 80, setsockopt: (SO_ACCEPTFILTER)

system logs gives me :

pid 62364 (httpd), uid 0: exited on signal 4 (core dumped)
Apr  1 11:48:45 www kernel: pid 62364 (httpd), uid 0: exited on signal 4 
(core dumped)

i run "gdb httpd httpd.core" in /usar/local ang got :

...

Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x28474fe5 in RSA_new_method () from /lib/libcrypto.so.3
(Continue reading)

Phil Brennan | 1 Apr 12:20 2005
Picon

updating from 5.2.1 to RELENG_5

As per subject, I need to do this urgently, but with minimum downtime.
Will it be ok just to cvsup, rebuild kernel and world, mergemaster,
(etc) like any normal update? Or do I have to do a reinstall? Any help
appreciated.

Regards,
Philip Brennan
_______________________________________________
freebsd-stable <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe <at> freebsd.org"

Peter Jeremy | 1 Apr 12:45 2005
Picon

Kernel NTP flipping between FLL and PLL modes

My 5.x machines are regularly reporting that the kernel is flipping
between FLL and PLL mode (as shown by STA_MODE in syslog messages).
This isn't occuring on my 4.x machines (they typically report 2040
then 2041 and stay indefinitely in that mode).

Any suggestions as to why this is happening?  (And how I can stop
it regularly flipping)

A fairly typical set of syslog entries looks like:
Apr  1 00:15:16 fwall2 ntpd[407]: kernel time sync enabled 6001
Apr  1 00:32:22 fwall2 ntpd[407]: kernel time sync enabled 2001
Apr  1 01:23:36 fwall2 ntpd[407]: kernel time sync enabled 6001
Apr  1 01:40:42 fwall2 ntpd[407]: kernel time sync enabled 2001
Apr  1 10:09:10 fwall2 ntpd[407]: kernel time sync enabled 6001
Apr  1 10:26:14 fwall2 ntpd[407]: kernel time sync enabled 2001
Apr  1 12:59:58 fwall2 ntpd[407]: kernel time sync enabled 6001
Apr  1 13:51:14 fwall2 ntpd[407]: kernel time sync enabled 2001
Apr  1 16:07:48 fwall2 ntpd[407]: kernel time sync enabled 6001
Apr  1 16:59:06 fwall2 ntpd[407]: kernel time sync enabled 2001
Apr  1 19:15:42 fwall2 ntpd[407]: kernel time sync enabled 6001
Apr  1 19:49:48 fwall2 ntpd[407]: kernel time sync enabled 2001

--

-- 
Peter Jeremy
_______________________________________________
freebsd-stable <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe <at> freebsd.org"

(Continue reading)

freeze | 1 Apr 12:57 2005
Picon

USB-BT sockets error

Hello
When I try to use "rfcomm_sppd -a Mts-freeze -t /dev/ttyp6", I receive
an error: Could not connect socket. Connection refused.

What that mean?

FreeBSD Release 5.3

_______________________________________________
freebsd-stable <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe <at> freebsd.org"

Joan Picanyol i Puig | 1 Apr 13:49 2005

Re: updating from 5.2.1 to RELENG_5

* Phil Brennan <phil.brennan <at> gmail.com> [20050401 12:19]:
> Will it be ok just to cvsup, rebuild kernel and world, mergemaster,
> (etc) like any normal update? Or do I have to do a reinstall?

Read UPDATING (all of it).
Read UPDATING (all of it).

Did you notice the 20041001 entry? You should be able to use libmap.conf
to work around it until you recompile all your ports.

qvb
--

-- 
pica
_______________________________________________
freebsd-stable <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe <at> freebsd.org"


Gmane