revert HBSD changes that need selective testing
This commit is contained in:
parent
faa9e4fcc3
commit
f6894fff31
|
@ -332,12 +332,12 @@ notify 100 {
|
|||
# automated debugging session after the core dump is generated.
|
||||
# Replace action with a proper coredump handler, but be aware that
|
||||
# it will run with elevated privileges.
|
||||
#notify 10 {
|
||||
# match "system" "kernel";
|
||||
# match "subsystem" "signal";
|
||||
# match "type" "coredump";
|
||||
# action "logger $comm $core";
|
||||
#};
|
||||
notify 10 {
|
||||
match "system" "kernel";
|
||||
match "subsystem" "signal";
|
||||
match "type" "coredump";
|
||||
action "logger $comm $core";
|
||||
};
|
||||
|
||||
# Let the init(8) know there's a new USB serial interface it might
|
||||
# want to run getty(8) for. This includes device-side tty created
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
#
|
||||
# If console is marked "insecure", then init will ask for the root password
|
||||
# when going to single-user mode.
|
||||
console none unknown off insecure
|
||||
console none unknown off secure
|
||||
#
|
||||
ttyv0 "/usr/libexec/getty Pc" xterm onifexists secure
|
||||
# Virtual terminals
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
#
|
||||
# If console is marked "insecure", then init will ask for the root password
|
||||
# when going to single-user mode.
|
||||
console none unknown off insecure
|
||||
console none unknown off secure
|
||||
#
|
||||
ttyv0 "/usr/libexec/getty Pc" xterm onifexists secure
|
||||
# Virtual terminals
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
#
|
||||
# If console is marked "insecure", then init will ask for the root password
|
||||
# when going to single-user mode.
|
||||
console none unknown off insecure
|
||||
console none unknown off secure
|
||||
#
|
||||
ttyv0 "/usr/libexec/getty Pc" xterm onifexists secure
|
||||
# Virtual terminals
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
#
|
||||
# If console is marked "insecure", then init will ask for the root password
|
||||
# when going to single-user mode.
|
||||
console none unknown off insecure
|
||||
console none unknown off secure
|
||||
#
|
||||
ttyv0 "/usr/libexec/getty Pc" xterm onifexists secure
|
||||
# Virtual terminals
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
#
|
||||
# If console is marked "insecure", then init will ask for the root password
|
||||
# when going to single-user mode.
|
||||
console none unknown off insecure
|
||||
console none unknown off secure
|
||||
# Serial terminals
|
||||
# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
|
||||
ttyu0 "/usr/libexec/getty 3wire" vt100 onifconsole secure
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
#
|
||||
# If console is marked "insecure", then init will ask for the root password
|
||||
# when going to single-user mode.
|
||||
console none unknown off insecure
|
||||
console none unknown off secure
|
||||
#
|
||||
ttyv0 "/usr/libexec/getty Pc" xterm onifexists secure
|
||||
# Virtual terminals
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
#
|
||||
# If console is marked "insecure", then init will ask for the root password
|
||||
# when going to single-user mode.
|
||||
console none unknown off insecure
|
||||
console none unknown off secure
|
||||
# ofw_console(4)
|
||||
screen "/usr/libexec/getty Pc" vt100 off secure
|
||||
ttya "/usr/libexec/getty 3wire.9600" vt100 off secure
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# $FreeBSD$
|
||||
|
||||
FILES= pkg.freebsd.org.2013102301 pkg.hardenedbsd.org.2014-09-04
|
||||
FILES= pkg.freebsd.org.2013102301 # pkg.hardenedbsd.org.2014-09-04
|
||||
|
||||
FILESDIR= ${SHAREDIR}/keys/pkg/trusted
|
||||
FILESMODE= 644
|
||||
|
|
|
@ -31,8 +31,6 @@
|
|||
* Generic message buffer support routines.
|
||||
*/
|
||||
|
||||
#include "opt_pax.h"
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
#include <sys/lock.h>
|
||||
|
@ -56,11 +54,7 @@ static u_int msgbuf_cksum(struct msgbuf *mbp);
|
|||
* Timestamps in msgbuf are useful when trying to diagnose when core dumps
|
||||
* or other actions occurred.
|
||||
*/
|
||||
#ifdef PAX_HARDENING
|
||||
static int msgbuf_show_timestamp = 1;
|
||||
#else
|
||||
static int msgbuf_show_timestamp = 0;
|
||||
#endif
|
||||
SYSCTL_INT(_kern, OID_AUTO, msgbuf_show_timestamp, CTLFLAG_RWTUN,
|
||||
&msgbuf_show_timestamp, 0, "Show timestamp in msgbuf");
|
||||
|
||||
|
|
|
@ -68,7 +68,6 @@ __FBSDID("$FreeBSD$");
|
|||
#include "opt_inet.h"
|
||||
#include "opt_inet6.h"
|
||||
#include "opt_mpath.h"
|
||||
#include "opt_pax.h"
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
|
@ -131,11 +130,7 @@ static struct sx addrsel_sxlock;
|
|||
VNET_DEFINE_STATIC(struct in6_addrpolicy, defaultaddrpolicy);
|
||||
#define V_defaultaddrpolicy VNET(defaultaddrpolicy)
|
||||
|
||||
#ifdef PAX_HARDENING
|
||||
VNET_DEFINE(int, ip6_prefer_tempaddr) = 1;
|
||||
#else
|
||||
VNET_DEFINE(int, ip6_prefer_tempaddr) = 0;
|
||||
#endif
|
||||
|
||||
static int selectroute(struct sockaddr_in6 *, struct ip6_pktopts *,
|
||||
struct ip6_moptions *, struct route_in6 *, struct ifnet **,
|
||||
|
|
|
@ -36,7 +36,6 @@ __FBSDID("$FreeBSD$");
|
|||
|
||||
#include "opt_inet.h"
|
||||
#include "opt_inet6.h"
|
||||
#include "opt_pax.h"
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
|
@ -99,11 +98,7 @@ VNET_DEFINE_STATIC(struct ifnet *, nd6_defifp);
|
|||
VNET_DEFINE(int, nd6_defifindex);
|
||||
#define V_nd6_defifp VNET(nd6_defifp)
|
||||
|
||||
#ifdef PAX_HARDENING
|
||||
VNET_DEFINE(int, ip6_use_tempaddr) = 1;
|
||||
#else
|
||||
VNET_DEFINE(int, ip6_use_tempaddr) = 0;
|
||||
#endif
|
||||
|
||||
VNET_DEFINE(int, ip6_desync_factor);
|
||||
VNET_DEFINE(u_int32_t, ip6_temp_preferred_lifetime) = DEF_TEMP_PREFERRED_LIFETIME;
|
||||
|
|
|
@ -32,7 +32,6 @@ __FBSDID("$FreeBSD$");
|
|||
#endif
|
||||
#include "opt_cpu.h"
|
||||
#include "opt_kstack_pages.h"
|
||||
#include "opt_pax.h"
|
||||
#include "opt_pmap.h"
|
||||
#include "opt_sched.h"
|
||||
#include "opt_smp.h"
|
||||
|
@ -144,11 +143,7 @@ volatile u_int cpu_ipi_pending[MAXCPU];
|
|||
static void release_aps(void *dummy);
|
||||
static void cpustop_handler_post(u_int cpu);
|
||||
|
||||
#ifdef PAX_HARDENING
|
||||
static int hyperthreading_allowed;
|
||||
#else
|
||||
static int hyperthreading_allowed = 1;
|
||||
#endif
|
||||
SYSCTL_INT(_machdep, OID_AUTO, hyperthreading_allowed, CTLFLAG_RDTUN,
|
||||
&hyperthreading_allowed, 0, "Use Intel HTT logical CPUs");
|
||||
|
||||
|
|
|
@ -12,5 +12,5 @@ FreeBSD: {
|
|||
mirror_type: "srv",
|
||||
signature_type: "fingerprints",
|
||||
fingerprints: "/usr/share/keys/pkg",
|
||||
enabled: no
|
||||
enabled: yes
|
||||
}
|
||||
|
|
|
@ -12,5 +12,5 @@ FreeBSD: {
|
|||
mirror_type: "srv",
|
||||
signature_type: "fingerprints",
|
||||
fingerprints: "/usr/share/keys/pkg",
|
||||
enabled: no
|
||||
enabled: yes
|
||||
}
|
||||
|
|
|
@ -15,7 +15,7 @@ PKGCONFBRANCH?= latest
|
|||
. endif
|
||||
. endif
|
||||
.endif
|
||||
CONFS= FreeBSD.conf.${PKGCONFBRANCH} HardenedBSD.conf
|
||||
CONFS= FreeBSD.conf.${PKGCONFBRANCH} # HardenedBSD.conf
|
||||
CONFSNAME= FreeBSD.conf
|
||||
CONFSDIR= /etc/pkg
|
||||
CONFSMODE= 644
|
||||
|
|
Loading…
Reference in New Issue