src/genhostid
src/getkey
src/initlog
-src/ipcalc
src/loglevel
src/minilogd
src/netreport
AUTHORS/CREDITS
Marcin Krol <hawk@tld-linux.org>
- fixes, scripts for controlling bonding,
- preparation for TLD Linux
+ modified for TLD Linux, fixes, enhancements
Arkadiusz Miśkiewicz <arekm@pld-linux.org>
networking functions, iproute2 support,
Networking options --->
<*/M> The IPv6 protocol (EXPERIMENTAL)
- [*] IPv6: enable EUI-64 token format
- [*] IPv6: disable provider based addresses
+ [*] IPv6: enable EUI-64 token format
+ [*] IPv6: disable provider based addresses
-too.
+too.
Other required or suggested packages:
| What? | Package |
+-------------+-------------------------------+
+ 6to4 ipcalc
IPX ncfps
fourtun fourtun and kernel module
bridge bridge-utils
serial/ppp ppp, dip, wvdial
serial/slip slattach
PPPoE pppd + rp-pppoe (plugin or userspace program)
-
+
Also you should know that format of interface configuration
files is totally different from these used in RedHat/Mandrake
initscripts and even from stable rc-scripts branch.
--
TLD Linux Developers
-
-AC_INIT([rc-scripts], [0.5.2], [tld-devel@lists.tld-linux.org], [rc-scripts])
+AC_INIT([rc-scripts], [0.5.4], [tld-devel@lists.tld-linux.org], [rc-scripts])
dnl Do not require AUTHORS, ChangeLog, NEWS, and README to exist
AM_INIT_AUTOMAKE([foreign])
[ -r /etc/sysconfig/system ] && . /etc/sysconfig/system
[ -r /etc/sysconfig/bootsplash ] && . /etc/sysconfig/bootsplash
-if [ -z "$VSERVER" -o "$VSERVER" = "detect" ]; then
- {
- while read _f _ctx; do
- [ "$_f" = "VxID:" -o "$_f" = "s_context:" ] && break
- done </proc/self/status
- } 2>/dev/null
- if [ -z "$_ctx" -o "$_ctx" = "0" ]; then
- VSERVER=no
- else
- VSERVER=yes
- fi
- unset _f _ctx
-fi
-
-# VSERVER_ISOLATION_NET = isolation only inside of vserver guests
-if [ -z "$VSERVER_ISOLATION_NET" -o "$VSERVER_ISOLATION_NET" = "detect" ]; then
- VSERVER_ISOLATION_NET=no
- if [ "$VSERVER" = "yes" ]; then
- if [ -f /proc/self/nsproxy ]; then
- # older kernels
- {
- while read _t _data; do
- [ "$_t" = "net:" ] && break
- done < /proc/self/nsproxy
- } 2> /dev/null
- if [ "${_data##*\(}" = "I)" ]; then
- VSERVER_ISOLATION_NET=yes
- fi
- elif [ -f /proc/self/ninfo ]; then
- # newer kernels
- {
- while read _t _data; do
- [ "$_t" = "NCaps:" ] && break
- done < /proc/self/ninfo
- } 2> /dev/null
- if [ "${_t}" = "NCaps:" ]; then
- VSERVER_ISOLATION_NET=yes
- fi
- else
- # assume (very?) old kernel mode
- VSERVER_ISOLATION_NET=yes
- fi
- unset _f _data
- fi
-fi
-
# we need to know in functions if we were called from a terminal
if [ -z "$ISATTY" ]; then
[ -t ] && ISATTY=yes || ISATTY=no
# Apply sysctl settings, including files in /etc/sysctl.d
apply_sysctl() {
- local file
- for file in /etc/sysctl.d/*.conf; do
- test -f "$file" && sysctl -q -e -p "$file"
- done
- sysctl -q -e -p /etc/sysctl.conf
+ sysctl -q -e --system
}
if is_yes "$FASTRC" || is_yes "$IN_SHUTDOWN"; then
rc_splash() {
local action="$1"
- if ! is_no "$BOOT_SPLASH" && ! is_yes "$VSERVER"; then
+ if ! is_no "$BOOT_SPLASH"; then
[ -x /bin/splash ] && /bin/splash "$action"
fi
# - inside chroot get only those processes, which are inside chroot.
# - don't filter out pids which do not have corresponding running processes (process died etc)
# (note: some processes like named are chrooted but run outside chroot)
-# - do nothing inside vserver
filter_chroot() {
# no pids, exit early
[ $# -eq 0 ] && return
pids=$(filter_ns "$@") && set -- "$pids"
fi
- if is_yes "$VSERVER"; then
- echo $@
- return
- fi
-
if [ $# -lt 1 -o ! -d /proc/1 ]; then
echo $@
return
# Remove pid file if any.
if [ "$notset" = "1" ]; then
- rm -f /var/run/${base}.pid
+ if [ -f "${pidfile}" ] ; then
+ rm -f "$pidfile"
+ else
+ rm -f /var/run/${base}.pid
+ fi
fi
return $result
# module is needed (ie. is requested, is available and isn't loaded already)
is_module() {
+ # fail if /sbin/lsmod does not exists (ex. in containers)
+ [ -x /sbin/lsmod ] || return 1
+
# module name without .o at end
if ! lsmod | grep -q "$1"; then
if ls -1R /lib/modules/$(uname -r)/ 2> /dev/null | grep -q "^${1}.\(\|k\)o\(\|.gz\)"; then
# set handling for bridge
case "$DEVICETYPE" in
- br|atm|lec|irda|vlan)
+ bond|br|atm|lec|irda|vlan)
HANDLING=1
;;
esac
# Add ONLY IPv4 address (IPv6 address is added automaticly)
set_up_loopback()
{
- if is_yes "$IPV4_NETWORKING"; then
+ # test if addr is assigned already as lxd(lxc?) initializes loopback upfront
+ if is_yes "$IPV4_NETWORKING" && ! ip addr show lo | grep -q "127\.0\.0\.1"; then
ip addr add 127.0.0.1/8 dev lo
fi
ip link set dev lo up
setup_ip_param
# forget all addresses
-LC_ALL=C ip addr flush dev ${DEVICE} 2>&1 | grep -v "Nothing to flush"
+LC_ALL=C ip addr flush dev "${DEVICE}" 2>&1 | grep -v "Nothing to flush"
# release slave devices
for SLAVE_DEV in $(cat /sys/class/net/${DEVICE}/bonding/slaves 2>/dev/null); do
- echo "-${SLAVE_DEV}" > /sys/class/net/${DEVICE}/bonding/slaves
+ ip link set "${SLAVE_DEV}" nomaster
done
# bring bonding master down
-ip link set ${DEVICE} down
+ip link set "${DEVICE}" down
# remove bonding master
-if grep -wq "${DEVICE}" /sys/class/net/bonding_masters; then
- echo "-${DEVICE}" > /sys/class/net/bonding_masters
+if [ -d "/sys/class/net/${DEVICE}" ]; then
+ ip link del "${DEVICE}" type bond
if [ $? -ne 0 ]; then
exit 1
fi
fi
if is_yes "$SLAVE" && [ -n "$MASTER" ] ; then
- if ! grep -wq "${DEVICE}" /sys/class/net/${MASTER}/bonding/slaves 2>/dev/null; then
- nls "Enslaving %s to %s" "$DEVICE" "$MASTER"
- ip link set dev ${DEVICE} down
- echo "+${DEVICE}" > /sys/class/net/${MASTER}/bonding/slaves 2>/dev/null
- fi
+ # create master if it doesn't exist yet
+ [ ! -d "/sys/class/net/${MASTER}" ] && ip link add "${MASTER}" type bond
+
+ nls "Enslaving %s to %s" "${DEVICE}" "${MASTER}"
+ ip link set "${DEVICE}" master "${MASTER}"
+ ip link set "${DEVICE}" up
+
exit 0
fi
# IPv6 in use ?
if is_yes "$IPV6_NETWORKING" && [ -n "${IP6ADDR}" ]; then
ip addr add ${IP6ADDR} dev ${DEVICE} ${IP6ADDROPT}
+ timeout=0
+ while [ $timeout -le 20 ] && \
+ if_state="`ip -o addr list dev ${DEVICE} to ${IP6ADDR}`" && \
+ echo "$if_state" | grep -q tentative && \
+ ! echo "$if_state" | grep -q dadfailed ; do
+ usleep 500000
+ timeout=$((timeout+1))
+ done
+ if ip -o addr list dev ${DEVICE} to ${IP6ADDR} | grep -q dadfailed ; then
+ ip addr del ${IP6ADDR} dev ${DEVICE}
+ nls '%s: Duplicated address detected: %s' "$DEVICE" "$IP6ADDR"
+ exit 1
+ fi
if [ -n "${IP6ADDRLABEL}" ]; then
ip addrlabel add prefix ${IP6ADDR} dev ${DEVICE} label ${IP6ADDRLABEL}
fi
if [ ! -f /sys/class/net/bonding_masters ]; then
modprobe -s bonding || exit 1
# delete default bond0
- echo "-bond0" > /sys/class/net/bonding_masters
+ ip link del bond0 type bond
fi
# set all major variables
setup_ip_param
# create bonding master
-if ! grep -wq "${DEVICE}" /sys/class/net/bonding_masters; then
- echo "+${DEVICE}" > /sys/class/net/bonding_masters
- if [ $? -eq 0 ]; then
- ip link set dev ${DEVICE} multicast ${MULTICAST} ${ARP}
- else
- exit 1
- fi
+if [ ! -d "/sys/class/net/${DEVICE}" ]; then
+ ip link add "${DEVICE}" type bond
fi
# add the bits to setup driver parameters here
if [ -n "$NEEDHOSTNAME" -a "${DEVICETYPE}" != "ppp" -a "${DEVICETYPE}" != "slip" ]; then
IPADDR=$(ip -f inet addr show dev ${DEVICE} |
awk '/inet/ { print $2 }' |awk -F"/" '{ print $1 }')
- eval $(/bin/ipcalc --silent --hostname ${IPADDR}) && set_hostname $HOSTNAME
+ if eval $(/bin/ipcalc --silent --hostname ${IPADDR}) ; then
+ [ "${HOSTNAME}" != "${IPADDR}" ] && set_hostname ${HOSTNAME}
+ fi
+
fi
# run tleds software
genhostid.1 \
getkey.1 \
initlog.1 \
- ipcalc.1 \
netreport.1 \
ppp-watch.8 \
usernetctl.8 \
+++ /dev/null
-.TH IPCALC 1 "April 30 2001" "Red Hat, Inc." RH \" -*- nroff -*-
-.SH NAME
-ipcalc \- perform simple manipulation of IP addresses
-.SH SYNOPSIS
-.B ipcalc
-[\fIOPTION\fR]... <\fBIP address\fR>[\fI/prefix\fR] [\fInetmask\fR]
-
-.SH DESCRIPTION
-\fBipcalc\fR provides a simple way to calculate IP information for a host.
-The various options specify what information \fBipcalc\fR should display
-on standard out. Multiple options may be specified. An IP address to
-operate on must always be specified. Most operations also require a
-netmask or a CIDR prefix as well.
-
-.SH OPTIONS
-.TP
-.TP
-\fB\-b\fR, \fB\-\-broadcast\fR
-Display the broadcast address for the given IP address and netmask.
-
-.TP
-\fB\-h\fR, \fB\-\-hostname\fR
-Display the hostname for the given IP address.
-
-.TP
-\fB\-m\fR, \fB\-\-netmask\fR
-Calculate the netmask for the given IP address. It assumes that the IP
-address is in a complete class A, B, or C network. Many networks do
-not use the default netmasks, in which case an inappropriate value will
-be returned.
-
-.TP
-\fB\-p\fR, \fB\-\-prefix\fR
-Show the prefix for the given mask/IP address.
-
-.TP
-\fB\-n\fR, \fB\-\-network\fR
-Display the network address for the given IP address and netmask.
-
-.TP
-\fB\-s\fR, \fB\-\-silent\fR
-Don't ever display error messages.
-
-.SH AUTHORS
-.nf
-Erik Troan <ewt@redhat.com>
-.nf
-Preston Brown <pbrown@redhat.com>
-.fi
-.SH "REPORTING BUGS"
-Report bugs to our bugtracking system:
-http://bugzilla.redhat.com/bugzilla.
-.SH COPYRIGHT
-Copyright \(co 1997-2001 Red Hat, Inc.
-.br
-This is free software; see the source for copying conditions. There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
-PURPOSE.
continue
fi
- if /sbin/cryptsetup isLuks "$src" 2>/dev/null; then
+ if /sbin/cryptsetup --disable-locks isLuks "$src" 2>/dev/null; then
if key_is_random "$key"; then
nls "%s: LUKS requires non-random key, skipping" "$dst"
ret=1
if [ -n "$params" ]; then
nls "%s: options are invalid for LUKS partitions, ignoring them" "$dst"
fi
- /sbin/cryptsetup ${key:+-d $key} luksOpen "$src" "$dst" <&1
+ /sbin/cryptsetup --disable-locks ${key:+-d $key} luksOpen "$src" "$dst" <&1
fi
rc=$?
if [ $rc -ne 0 ]; then
[ -z "$dst" -o "${dst#\#}" != "$dst" ] && continue
if [ -b "/dev/mapper/$dst" ]; then
if LC_ALL=C /sbin/dmsetup info "$dst" | grep -q '^Open count: *0$'; then
- /sbin/cryptsetup remove "$dst"
+ /sbin/cryptsetup --disable-locks remove "$dst"
else
fnval=1
fi
. /etc/rc.d/init.d/cryptsetup
. /etc/sysconfig/network
-if is_yes "$VSERVER" || [[ "$container" = lxc* ]]; then
+if [[ "$container" = lxc* ]]; then
exit 0
fi
# See how we were called.
case "$1" in
start)
- if is_yes "$VSERVER_ISOLATION_NET"; then
- exit 0
- fi
start
;;
stop)
- if is_yes "$VSERVER_ISOLATION_NET"; then
- exit 0
- fi
stop
;;
restart)
- if is_yes "$VSERVER_ISOLATION_NET"; then
- exit 0
- fi
stop
start
;;
reload)
- if is_yes "$VSERVER_ISOLATION_NET"; then
- exit 0
- fi
start
;;
status)
# See how we were called.
case "$1" in
start)
- if is_yes "$VSERVER_ISOLATION_NET"; then
- touch /var/lock/subsys/network
- else
- start
- fi
+ start
;;
start_init)
network_init
rm -f /var/lock/subsys/network
;;
stop)
- if is_yes "$VSERVER_ISOLATION_NET"; then
- rm -f /var/lock/subsys/network >/dev/null 2>&1
- else
- stop
- fi
+ stop
;;
status)
;;
reload)
- if is_yes "$VSERVER_ISOLATION_NET"; then
- exit 0
- fi
shift
reload ${1:+"$@"}
;;
restart)
- if is_yes "$VSERVER_ISOLATION_NET"; then
- exit 0
- fi
-
stop
start
;;
# Source function library.
. /etc/rc.d/init.d/functions
-# do nothing in vserver
-if is_yes "$VSERVER"; then
- return
-fi
-
random_seed=/var/run/random-seed
poolfile=/proc/sys/kernel/random/poolsize
fi
# sysfs is also needed before any other things (under kernel > 2.5)
if grep -q sysfs /proc/filesystems ; then
- chroot $dir mount -o gid=17 -t sysfs sysfs /sys
+ chroot $dir mount -t sysfs sysfs /sys
fi
# selinux
if grep -q selinuxfs /proc/filesystems ; then
- chroot $dir mount -o gid=17 -t selinuxfs selinuxfs /selinux
+ chroot $dir mount -t selinuxfs selinuxfs /selinux
fi
chroot $dir mount -a
# network
# virtual console, and send messages to /dev/console
# (it can be serial console too)
if [ "$COLUMNS" -gt 0 ]; then
- if [ "$argv2" != "chroot" ] && ! is_yes "$VSERVER" && \
+ if [ "$argv2" != "chroot" ] && \
[ "$runlevel" = "0" -o "$runlevel" = "6" ]; then
CONSOLE=/dev/tty1
[ -x /usr/bin/chvt ] && /usr/bin/chvt 1 && echo > $CONSOLE
# See if we want to be in user confirmation mode
if [ "$previous" = "N" ]; then
- if ! is_yes "$VSERVER" && grep -qi confirm /proc/cmdline >/dev/null 2>/dev/null \
+ if grep -qi confirm /proc/cmdline >/dev/null 2>/dev/null \
|| [ -f /var/run/confirm ]; then
rm -f /var/run/confirm
CONFIRM="yes"
export progress=0
fi
-if is_yes "$VSERVER"; then
- # if runlevel is not 0 (halt) or 6 (reboot) run rc.sysinit
- # BUT only if rc is run standalone (not run by init, as init will run rc.sysinit)
- if [ "$previous" != "N" -a "$runlevel" != "0" -a "$runlevel" != "6" ]; then
- /etc/rc.d/rc.sysinit $runlevel
- fi
-fi
-
# set onlcr to avoid staircase effect and do not lock scrolling
stty onlcr -ixon 0>&1 2>/dev/null
# Write to wtmp file before unmounting /var
halt -w
-if ! is_yes "$VSERVER"; then
- # Turn off swap, then unmount file systems.
- run_cmd "Turning off swap" swapoff -a
+# Turn off swap, then unmount file systems.
+run_cmd "Turning off swap" swapoff -a
- [ -x /etc/rc.d/rc.acct ] && /etc/rc.d/rc.acct stop
+[ -x /etc/rc.d/rc.acct ] && /etc/rc.d/rc.acct stop
- if [ -x /sbin/quotaoff ]; then
- run_cmd "Turning off quotas for local filesystems" /sbin/quotaoff -a
- fi
+if [ -x /sbin/quotaoff ]; then
+ run_cmd "Turning off quotas for local filesystems" /sbin/quotaoff -a
+fi
- # grab kexec_loaded state before we umount /sys
- kexec_loaded=`cat /sys/kernel/kexec_loaded 2>/dev/null`
+# grab kexec_loaded state before we umount /sys
+kexec_loaded=`cat /sys/kernel/kexec_loaded 2>/dev/null`
- # Unmount file systems, killing processes if we have to.
- sig=-15
- retry=3
- force=
- if [ -z "$UMOUNT_IGNORE" ]; then
- UMOUNT_IGNORE="/"
- else
- UMOUNT_IGNORE="/ $UMOUNT_IGNORE"
- fi
- remaining=$(awk -v ig="^($UMOUNT_IGNORE)$" 'BEGIN { gsub(/[\t ]+/, "|", ig); } \
- $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|sysfs|securityfs|squashfs)$/ \
- && $1 !~ /^(none|\/dev\/root)$/ \
- && $2 !~ ig {print $2}' /proc/mounts)
- while [ -n "$remaining" -a "$retry" -gt 0 ]; do
- show "Unmounting file systems"; busy
- ERRORS=$(umount -a $force -t noproc 2>&1); rc=$?
+# Unmount file systems, killing processes if we have to.
+sig=-15
+retry=3
+force=
+if [ -z "$UMOUNT_IGNORE" ]; then
+ UMOUNT_IGNORE="/"
+else
+ UMOUNT_IGNORE="/ $UMOUNT_IGNORE"
+fi
+remaining=$(awk -v ig="^($UMOUNT_IGNORE)$" 'BEGIN { gsub(/[\t ]+/, "|", ig); } \
+ $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|cgroup|cgroup2|sysfs|securityfs|efivarfs|squashfs)$/ \
+ && $1 !~ /^(none|\/dev\/root)$/ \
+ && $2 !~ ig {print $2}' /proc/mounts)
+while [ -n "$remaining" -a "$retry" -gt 0 ]; do
+ for mnt in $remaining; do
+ run_cmd "$(nls 'Umounting file system: %s' $mnt)" umount $force -R $mnt
# we might had unmounted /usr, recheck $TPUT availability
# but well. we need tput only for show() and busy() (ok() and fail() messages are already cached)
# TODO: look ahead the messages?
if is_yes "$TPUT"; then
- TPUT=
- rc_gettext_init
- fi
-
- if [ $rc = 0 ]; then
- ok
- else
- fail
- [ -n "$ERRORS" ] && echo "$ERRORS"
+ TPUT=
+ rc_gettext_init
fi
-
- sleep 2
- remaining=$(awk -v ig="^($UMOUNT_IGNORE)$" 'BEGIN { gsub(/[\t ]+/, "|", ig); } \
- $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|sysfs|securityfs|squashfs)$/ \
- && $1 !~ /^(none|\/dev\/root)$/ \
- && $2 !~ ig {print $2}' /proc/mounts)
- [ -z "$remaining" ] && break
- fuser -k -m $sig $remaining > /dev/null
- sleep 5
- retry=$(($retry-1))
- sig=-9
- force="-f"
done
- run_cmd "Remounting root filesystem in ro mode" mount -n -o remount,ro /
+ show "Unmounting remainging file systems"; busy
+ ERRORS=$(umount -a $force -t noproc,nosysfs,notmpfs,nodevpts,nodevtmpfs 2>&1); rc=$
- if [ -x /sbin/vgchange ]; then
- lvmversion=$(LC_ALL=C /sbin/vgchange --version 2>/dev/null | awk '/LVM version:/{if ($3 >= 2) print "2"}')
- if [ "$lvmversion" = "2" ]; then
- lvmsysinit="--sysinit"
- else
- lvmsysinit=""
- fi
- /sbin/vgchange -a n $lvmsysinit > /dev/null 2>&1
+ # we might had unmounted /usr, recheck $TPUT availability
+ # but well. we need tput only for show() and busy() (ok() and fail() messages are already cached)
+ # TODO: look ahead the messages?
+ if is_yes "$TPUT"; then
+ TPUT=
+ rc_gettext_init
fi
- if [ -x /sbin/mdadm -a -f /etc/mdadm.conf ]; then
- if grep -qE "^([[:blank:]]|)ARRAY[[:blank:]]" /etc/mdadm.conf 2>/dev/null; then
- /sbin/mdadm --stop --scan > /dev/null 2>&1
- rc=$?
+ if [ $rc = 0 ]; then
+ ok
+ else
+ fail
+ if [ -n "$ERRORS" ]; then
+ nls "Umount errors:"
+ echo "$ERRORS"
fi
fi
- show "Remounting remaining filesystems ro mode"; busy
- if mount | awk '/ext2|ext3|reiserfs|xfs|jfs/ { print $3 }' | while read line; do mount -n -o ro,remount $line; done; then
- ok
+ sleep 2
+ remaining=$(awk -v ig="^($UMOUNT_IGNORE)$" 'BEGIN { gsub(/[\t ]+/, "|", ig); } \
+ $3 !~ /^(proc|loopfs|devpts|devtmpfs|shm|iso9660|ramfs|tmpfs|cgroup|cgroup2|sysfs|securityfs|efivarfs|squashfs)$/ \
+ && $1 !~ /^(none|\/dev\/root)$/ \
+ && $2 !~ ig {print $2}' /proc/mounts)
+ [ -z "$remaining" ] && break
+ fuser -k -m $sig $remaining > /dev/null
+ sleep 5
+ retry=$(($retry-1))
+ sig=-9
+ force="-f"
+done
+
+run_cmd "Remounting root filesystem in ro mode" mount -n -o remount,ro /
+
+if [ -x /sbin/vgchange ]; then
+ lvmversion=$(LC_ALL=C /sbin/vgchange --version 2>/dev/null | awk '/LVM version:/{if ($3 >= 2) print "2"}')
+ if [ "$lvmversion" = "2" ]; then
+ lvmsysinit="--sysinit --noudevsync"
else
- fail
+ lvmsysinit=""
fi
- _rebootwhat="system"
+ /sbin/vgchange -a n $lvmsysinit > /dev/null 2>&1
+fi
+
+if [ -x /sbin/mdadm -a -f /etc/mdadm.conf ]; then
+ if grep -qE "^([[:blank:]]|)ARRAY[[:blank:]]" /etc/mdadm.conf 2>/dev/null; then
+ /sbin/mdadm --stop --scan > /dev/null 2>&1
+ rc=$?
+ fi
+fi
+
+show "Remounting remaining filesystems ro mode"; busy
+if mount | awk '/ext2|ext3|reiserfs|xfs|jfs/ { print $3 }' | while read line; do mount -n -o ro,remount $line; done; then
+ ok
else
- _rebootwhat="vserver"
+ fail
fi
+_rebootwhat="system"
if [ -f /etc/crypttab ] && ! is_empty_file /etc/crypttab; then
. /etc/rc.d/init.d/cryptsetup
# filter only what is wanted by this script: aliases and options
modprobe_c_cache=$(modprobe -c | grep -E '^(alias|options)')
+ echo "$modprobe_c_cache"
}
# parse kernel cmdline
if ! grep -Fq selinuxfs /proc/filesystems; then
# no support in kernel, no chance
SELINUX=no
- elif ! is_fsmounted selinuxfs /selinux; then
- mount -n -o gid=17 -t selinuxfs selinuxfs /selinux
+ elif ! is_fsmounted selinuxfs $selinuxfsdir; then
+ mount -n -t selinuxfs selinuxfs $selinuxfsdir
fi
# Check SELinux status
is_yes "$AUTOSWAP" && enable_autoswap
}
-# Remove duplicate entries from mtab (for vserver guest use only)
-clean_vserver_mtab() {
- > /etc/mtab.clean
- while read device mountpoint line; do
- grep -qs "$mountpoint" /etc/mtab.clean || \
- echo "$device $mountpoint $line" >> /etc/mtab.clean
- done < /etc/mtab
- cat /etc/mtab.clean > /etc/mtab
- rm -f /etc/mtab.clean
-}
-
# Loads modules from /etc/modules, /etc/modules.X.Y and /etc/modules.X.Y.Z
load_kernel_modules() {
local modules_file=$1
RC_BOOTLOG=
fi
-if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
+if [[ "$container" != lxc* ]]; then
# we need /proc mounted before everything
is_fsmounted proc /proc || mount -n /proc || mount -n -o gid=17,hidepid=2 -t proc /proc /proc
# sysfs is also needed before any other things (under kernel > 2.5)
if ! is_fsmounted sysfs /sys; then
- grep -Fq sysfs /proc/filesystems && mount -n -o gid=17 -t sysfs sysfs /sys
+ grep -Fq sysfs /proc/filesystems && mount -n -t sysfs sysfs /sys
fi
if grep -Fq securityfs /proc/filesystems; then
- mount -n -o gid=17 -t securityfs securityfs /sys/kernel/security
+ mount -n -t securityfs securityfs /sys/kernel/security
+ fi
+ if [ -d /sys/firmware/efi ] && ! is_fsmounted efivarfs /sys/firmware/efi/efivars; then
+ mount -n -o rw -t efivarfs efivarfs /sys/firmware/efi/efivars
fi
- init_selinux
-
- # TLD Linux LiveCD support
- if [ -x /etc/rc.d/rc.live ]; then
- /etc/rc.d/rc.live
+ if [ -d /sys/fs/selinux ]; then
+ # Linux 3.0+
+ selinuxfsdir=/sys/fs/selinux
+ else
+ selinuxfsdir=/selinux
fi
+ init_selinux
# Choose Hardware profile
if ! is_no "$HWPROFILES" && [ -f /etc/sysconfig/hwprof ]; then
domainname ""
fi
-if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
+if [[ "$container" != lxc* ]]; then
# Set console loglevel
if [ -n "$CONSOLE_LOGLEVEL" ]; then
dmesg -n $CONSOLE_LOGLEVEL
IN_INITLOG=""
fi
-if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
+if [[ "$container" != lxc* ]]; then
# Clear mtab
> /etc/mtab
[ -f /etc/cryptomtab ] && > /etc/cryptomtab
if is_fsmounted securityfs /sys/kernel/security ; then
mount -f -t securityfs securityfs /sys/kernel/security 2> /dev/null
fi
+ if [ -d /sys/firmware/efi ] && is_fsmounted efivarfs /sys/firmware/efi/efivars ; then
+ mount -f -t efivarfs efivarfs /sys/firmware/efi/efivars 2> /dev/null
+ fi
fi
- if is_fsmounted selinuxfs /selinux; then
- mount -f -t selinuxfs selinuxfs /selinux 2> /dev/null
+ if is_fsmounted selinuxfs $selinuxfsdir; then
+ mount -f -t selinuxfs selinuxfs $selinuxfsdir 2> /dev/null
fi
if [ ! -f /proc/modules ]; then
killall -IO blogd
fi
- clean_vserver_mtab
fi
is_yes "$SELINUX" && [ -f /.autorelabel ] && relabel_selinux
test -d /var/run/netreport || mkdir -m 770 /var/run/netreport
-if ! is_yes "$VSERVER"; then
- enable_swap
+enable_swap
- # If a SCSI tape has been detected, load the st module unconditionally
- # since many SCSI tapes don't deal well with st being loaded and unloaded
- if [ -f /proc/scsi/scsi ] && grep -q 'Type: Sequential-Access' /proc/scsi/scsi 2>/dev/null ; then
- if grep -qv ' 9 st' /proc/devices 2>/dev/null; then
- if [ -n "$USEMODULES" ] ; then
- # Try to load the module. If it fails, ignore it...
- insmod -p st >/dev/null 2>&1 && modprobe -s st
- fi
+# If a SCSI tape has been detected, load the st module unconditionally
+# since many SCSI tapes don't deal well with st being loaded and unloaded
+if [ -f /proc/scsi/scsi ] && grep -q 'Type: Sequential-Access' /proc/scsi/scsi 2>/dev/null ; then
+ if grep -qv ' 9 st' /proc/devices 2>/dev/null; then
+ if [ -n "$USEMODULES" ] ; then
+ # Try to load the module. If it fails, ignore it...
+ insmod -p st >/dev/null 2>&1 && modprobe -s st
fi
fi
+fi
- # Now that we have all of our basic modules loaded and the kernel going,
- # let's dump the syslog ring somewhere so we can find it later
- mode=0600
- if [ "$(cat /proc/sys/kernel/dmesg_restrict)" = 0 ]; then
- mode=0644
- fi
- dmesg --raw > /var/log/dmesg
- chmod $mode /var/log/dmesg
- i=5
- while [ $i -ge 0 ]; do
- if [ -f /var/log/dmesg.$i ]; then
- mv -f /var/log/dmesg.$i /var/log/dmesg.$(($i+1))
- fi
- i=$(($i-1))
- done
- cp -pf /var/log/dmesg /var/log/dmesg.0
+# Now that we have all of our basic modules loaded and the kernel going,
+# let's dump the syslog ring somewhere so we can find it later
+mode=0600
+if [ "$(cat /proc/sys/kernel/dmesg_restrict)" = 0 ]; then
+ mode=0644
fi
+dmesg --raw > /var/log/dmesg
+chmod $mode /var/log/dmesg
+i=5
+while [ $i -ge 0 ]; do
+ if [ -f /var/log/dmesg.$i ]; then
+ mv -f /var/log/dmesg.$i /var/log/dmesg.$(($i+1))
+ fi
+ i=$(($i-1))
+done
+cp -pf /var/log/dmesg /var/log/dmesg.0
if ! is_no "$RC_PROMPT"; then
while :; do
fi
} &
-# /proc extra check if the background process we just spawned is still running,
-# as in case of vserver bootup it finishes quite instantly.
+# /proc extra check if the background process we just spawned is still running
+# as it may finish quite instantly.
if ! is_no "$RC_PROMPT" && [ -d /proc/$! ]; then
/sbin/getkey i && touch /var/run/confirm
touch /var/run/getkey_done
bin_PROGRAMS = \
doexec \
- ipcalc \
usleep \
run-parts \
resolvesymlink
resolvesymlink_SOURCES = resolvesymlink.c
-ipcalc_SOURCES = ipcalc.c
-ipcalc_LDADD = -lpopt
-
genhostid_SOURCES = genhostid.c
netreport_SOURCES = netreport.c
+++ /dev/null
-/*
- * Copyright (c) 1997-2003 Red Hat, Inc. All rights reserved.
- *
- * This software may be freely redistributed under the terms of the GNU
- * public license.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * Authors:
- * Erik Troan <ewt@redhat.com>
- * Preston Brown <pbrown@redhat.com>
- */
-
-
-#include <ctype.h>
-#include <popt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-
-/*!
- \def IPBITS
- \brief the number of bits in an IP address.
-*/
-#define IPBITS (sizeof(u_int32_t) * 8)
-/*!
- \def IPBYTES
- \brief the number of bytes in an IP address.
-*/
-#define IPBYTES (sizeof(u_int32_t))
-
-
-/*!
- \file ipcalc.c
- \brief provides utilities for manipulating IP addresses.
-
- ipcalc provides utilities and a front-end command line interface for
- manipulating IP addresses, and calculating various aspects of an ip
- address/netmask/network address/prefix/etc.
-
- Functionality can be accessed from other languages from the library
- interface, documented here. To use ipcalc from the shell, read the
- ipcalc(1) manual page.
-
- When passing parameters to the various functions, take note of whether they
- take host byte order or network byte order. Most take host byte order, and
- return host byte order, but there are some exceptions.
-
-*/
-
-/*!
- \fn u_int32_t prefix2mask(int bits)
- \brief creates a netmask from a specified number of bits
-
- This function converts a prefix length to a netmask. As CIDR (classless
- internet domain internet domain routing) has taken off, more an more IP
- addresses are being specified in the format address/prefix
- (i.e. 192.168.2.3/24, with a corresponding netmask 255.255.255.0). If you
- need to see what netmask corresponds to the prefix part of the address, this
- is the function. See also \ref mask2prefix.
-
- \param prefix is the number of bits to create a mask for.
- \return a network mask, in network byte order.
-*/
-u_int32_t prefix2mask(int prefix) {
- return htonl(~((1 << (32 - prefix)) - 1));
-}
-
-/*!
- \fn int mask2prefix(u_int32_t mask)
- \brief calculates the number of bits masked off by a netmask.
-
- This function calculates the significant bits in an IP address as specified by
- a netmask. See also \ref prefix2mask.
-
- \param mask is the netmask, specified as an u_int32_teger in network byte order.
- \return the number of significant bits. */
-int mask2prefix(u_int32_t mask)
-{
- int i;
- int count = IPBITS;
-
- for (i = 0; i < IPBITS; i++) {
- if (!(ntohl(mask) & ((2 << i) - 1)))
- count--;
- }
-
- return count;
-}
-
-/*!
- \fn u_int32_t default_netmask(u_int32_t addr)
-
- \brief returns the default (canonical) netmask associated with specified IP
- address.
-
- When the Internet was originally set up, various ranges of IP addresses were
- segmented into three network classes: A, B, and C. This function will return
- a netmask that is associated with the IP address specified defining where it
- falls in the predefined classes.
-
- \param addr an IP address in network byte order.
- \return a netmask in network byte order. */
-u_int32_t default_netmask(u_int32_t addr)
-{
- if (((ntohl(addr) & 0xFF000000) >> 24) <= 127)
- return htonl(0xFF000000);
- else if (((ntohl(addr) & 0xFF000000) >> 24) <= 191)
- return htonl(0xFFFF0000);
- else
- return htonl(0xFFFFFF00);
-}
-
-/*!
- \fn u_int32_t calc_broadcast(u_int32_t addr, int prefix)
-
- \brief calculate broadcast address given an IP address and a prefix length.
-
- \param addr an IP address in network byte order.
- \param prefix a prefix length.
-
- \return the calculated broadcast address for the network, in network byte
- order.
-*/
-u_int32_t calc_broadcast(u_int32_t addr,
- int prefix)
-{
- return (addr & prefix2mask(prefix)) | ~prefix2mask(prefix);
-}
-
-/*!
- \fn u_int32_t calc_network(u_int32_t addr, int prefix)
- \brief calculates the network address for a specified address and prefix.
-
- \param addr an IP address, in network byte order
- \param prefix the network prefix
- \return the base address of the network that addr is associated with, in
- network byte order.
-*/
-u_int32_t calc_network(u_int32_t addr, int prefix)
-{
- return (addr & prefix2mask(prefix));
-}
-
-/*!
- \fn const char *get_hostname(u_int32_t addr)
- \brief returns the hostname associated with the specified IP address
-
- \param addr an IP address to find a hostname for, in network byte order
-
- \return a hostname, or NULL if one cannot be determined. Hostname is stored
- in a static buffer that may disappear at any time, the caller should copy the
- data if it needs permanent storage.
-*/
-const char *get_hostname(u_int32_t addr)
-{
- struct hostent * hostinfo;
- int x;
-
- hostinfo = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET);
- if (!hostinfo)
- return NULL;
-
- for (x=0; hostinfo->h_name[x]; x++) {
- hostinfo->h_name[x] = tolower(hostinfo->h_name[x]);
- }
- return hostinfo->h_name;
-}
-
-/*!
- \fn main(int argc, const char **argv)
- \brief wrapper program for ipcalc functions.
-
- This is a wrapper program for the functions that the ipcalc library provides.
- It can be used from shell scripts or directly from the command line.
-
- For more information, please see the ipcalc(1) man page.
-*/
-int main(int argc, const char **argv) {
- int showBroadcast = 0, showPrefix = 0, showNetwork = 0;
- int showHostname = 0, showNetmask = 0;
- int beSilent = 0;
- int rc;
- poptContext optCon;
- char *ipStr, *prefixStr, *netmaskStr, *hostName, *chptr;
- struct in_addr ip, netmask, network, broadcast;
- int prefix = 0;
- char errBuf[250];
- struct poptOption optionsTable[] = {
- { "broadcast", 'b', 0, &showBroadcast, 0,
- "Display calculated broadcast address", },
- { "hostname", 'h', 0, &showHostname, 0,
- "Show hostname determined via DNS" },
- { "netmask", 'm', 0, &showNetmask, 0,
- "Display default netmask for IP (class A, B, or C)" },
- { "network", 'n', 0, &showNetwork, 0,
- "Display network address", },
- { "prefix", 'p', 0, &showPrefix, 0,
- "Display network prefix", },
- { "silent", 's', 0, &beSilent, 0,
- "Don't ever display error messages " },
- POPT_AUTOHELP
- { NULL, '\0', 0, 0, 0, NULL, NULL }
- };
-
- optCon = poptGetContext("ipcalc", argc, argv, optionsTable, 0);
- poptReadDefaultConfig(optCon, 1);
-
- if ((rc = poptGetNextOpt(optCon)) < -1) {
- if (!beSilent) {
- fprintf(stderr, "ipcalc: bad argument %s: %s\n",
- poptBadOption(optCon, POPT_BADOPTION_NOALIAS),
- poptStrerror(rc));
- poptPrintHelp(optCon, stderr, 0);
- }
- return 1;
- }
-
- if (!(ipStr = (char *) poptGetArg(optCon))) {
- if (!beSilent) {
- fprintf(stderr, "ipcalc: ip address expected\n");
- poptPrintHelp(optCon, stderr, 0);
- }
- return 1;
- }
-
- if (strchr(ipStr,'/') != NULL) {
- prefixStr = strchr(ipStr, '/') + 1;
- prefixStr--;
- *prefixStr = '\0'; /* fix up ipStr */
- prefixStr++;
- } else
- prefixStr = NULL;
-
- if (prefixStr != NULL) {
- prefix = atoi(prefixStr);
- if (prefix == 0) {
- if (!beSilent)
- fprintf(stderr, "ipcalc: bad prefix: %s\n",
- prefixStr);
- return 1;
- }
- }
-
- if (showBroadcast || showNetwork || showPrefix) {
- if (!(netmaskStr = (char *) poptGetArg(optCon)) &&
- (prefix == 0)) {
- if (!beSilent) {
- fprintf(stderr, "ipcalc: netmask or prefix expected\n");
- poptPrintHelp(optCon, stderr, 0);
- }
- return 1;
- } else if (netmaskStr && prefix != 0) {
- if (!beSilent) {
- fprintf(stderr, "ipcalc: both netmask and prefix specified\n");
- poptPrintHelp(optCon, stderr, 0);
- }
- return 1;
- } else if (netmaskStr) {
- if (!inet_aton(netmaskStr, &netmask)) {
- if (!beSilent)
- fprintf(stderr, "ipcalc: bad netmask: %s\n",
- netmaskStr);
- return 1;
- }
- prefix = mask2prefix(netmask.s_addr);
- }
- }
-
- if ((chptr = (char *) poptGetArg(optCon))) {
- if (!beSilent) {
- fprintf(stderr, "ipcalc: unexpected argument: %s\n", chptr);
- poptPrintHelp(optCon, stderr, 0);
- }
- return 1;
- }
-
- /* Handle CIDR entries such as 172/8 */
- if (prefix) {
- char *tmp = ipStr;
- int i;
-
- for(i=3; i> 0; i--) {
- tmp = strchr(tmp,'.');
- if (!tmp)
- break;
- else
- tmp++;
- }
- tmp = NULL;
- for (; i>0; i--) {
- tmp = malloc(strlen(ipStr) + 3);
- sprintf(tmp,"%s.0",ipStr);
- ipStr = tmp;
- }
- }
-
- if (!inet_aton(ipStr, (struct in_addr *) &ip)) {
- if (!beSilent)
- fprintf(stderr, "ipcalc: bad ip address: %s\n", ipStr);
- return 1;
- }
-
-
- if (!(showNetmask|showPrefix|showBroadcast|showNetwork|showHostname)) {
- poptPrintHelp(optCon, stderr, 0);
- return 1;
- }
-
- poptFreeContext(optCon);
-
- /* we know what we want to display now, so display it. */
-
- if (showNetmask) {
- if (prefix) {
- netmask.s_addr = prefix2mask(prefix);
- } else {
- netmask.s_addr = default_netmask(ip.s_addr);
- prefix = mask2prefix(netmask.s_addr);
- }
-
- printf("NETMASK=%s\n", inet_ntoa(netmask));
- }
-
- if (showPrefix) {
- if (!prefix)
- prefix = mask2prefix(ip.s_addr);
- printf("PREFIX=%d\n", prefix);
- }
-
- if (showBroadcast) {
- broadcast.s_addr = calc_broadcast(ip.s_addr, prefix);
- printf("BROADCAST=%s\n", inet_ntoa(broadcast));
- }
-
- if (showNetwork) {
- network.s_addr = calc_network(ip.s_addr, prefix);
- printf("NETWORK=%s\n", inet_ntoa(network));
- }
-
- if (showHostname) {
- if ((hostName = (char *) get_hostname(ip.s_addr)) == NULL) {
- if (!beSilent) {
- sprintf(errBuf, "ipcalc: cannot find hostname for %s", ipStr);
- herror(errBuf);
- }
- return 1;
- }
-
- printf("HOSTNAME=%s\n", hostName);
- }
-
- return 0;
-}
# Enable cpusets support?
CPUSETS=no
-# Enable this system as vserver guest (yes/no/detect)
-VSERVER=detect
-
-# Vserver isolation only networking inside of guest (yes/no/detect)
-VSERVER_ISOLATION_NET=detect
-
# Enable selinux support (yes/no/detect)
# 'yes' behaves as 'detect'
SELINUX=detect
# fs.file-max = 8192
# fs.inode-max = 16384
+# Sometimes (read: always) the Linux OOM killer doesnâ\80\99t kill the offending
+# process. Usually, this is because as the system is out of memory, it isnâ\80\99t
+# able to do the memory intensive task of scanning through all the processes.
+# Ironic.
+#vm.oom_kill_allocating_task = 1
+
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
#kernel.core_uses_pid = 1
# 0 - never reboot system (suggested 60)
#kernel.panic = 60
-#
-# GRSECURITY http://www.grsecurity.org
-#
-# WARNING!
-# These values are SET ONCE!
-#
-#kernel.grsecurity.linking_restrictions = 1
-#kernel.grsecurity.fifo_restrictions = 1
-#kernel.grsecurity.destroy_unused_shm = 0
-#kernel.grsecurity.chroot_caps = 0
-#kernel.grsecurity.chroot_deny_chmod = 0
-#kernel.grsecurity.chroot_deny_chroot = 1
-#kernel.grsecurity.chroot_deny_fchdir = 0
-#kernel.grsecurity.chroot_deny_mknod = 1
-#kernel.grsecurity.chroot_deny_mount = 1
-#kernel.grsecurity.chroot_deny_pivot = 1
-#kernel.grsecurity.chroot_deny_shmat = 0
-#kernel.grsecurity.chroot_deny_sysctl = 1
-#kernel.grsecurity.chroot_deny_unix = 0
-#kernel.grsecurity.chroot_enforce_chdir = 0
-#kernel.grsecurity.chroot_execlog = 0
-#kernel.grsecurity.chroot_findtask = 1
-#kernel.grsecurity.chroot_restrict_nice = 0
-
-#kernel.grsecurity.exec_logging = 0
-#kernel.grsecurity.signal_logging = 1
-#kernel.grsecurity.forkfail_logging = 0
-#kernel.grsecurity.timechange_logging = 1
-#kernel.grsecurity.audit_chdir = 0
-#kernel.grsecurity.audit_gid = 65505
-#kernel.grsecurity.audit_group = 0
-#kernel.grsecurity.audit_ipc = 0
-#kernel.grsecurity.audit_mount = 0
-
-#kernel.grsecurity.execve_limiting = 1
-#kernel.grsecurity.dmesg = 1
-#kernel.grsecurity.tpe = 1
-#kernel.grsecurity.tpe_gid = 65500
-#kernel.grsecurity.tpe_glibc = 0
-#kernel.grsecurity.tpe_restrict_all = 0
-
-#kernel.grsecurity.rand_pids = 1
-#kernel.grsecurity.socket_all = 1
-#kernel.grsecurity.socket_all_gid = 65501
-#kernel.grsecurity.socket_client = 1
-#kernel.grsecurity.socket_client_gid = 65502
-#kernel.grsecurity.socket_server = 1
-#kernel.grsecurity.socket_server_gid = 65503
-
-#kernel.grsecurity.disable_modules = 0
-#kernel.grsecurity.grsec_lock = 0
-
-# kernel.randomize_va_space = 2
# 0 - Turn the process address space randomization off by default.
# 1 - Conservative address space randomization makes the addresses of
# mmap base and VDSO page randomized. This, among other things,
# start of the brk area is randomized. There are however no known
# non-legacy applications that would be broken this way, so for most
# systems it is safe to choose Full randomization.
+# kernel.randomize_va_space = 2
# for mplayer
#dev.rtc.max-user-freq = 1024