Home | History | Annotate | Download | only in etc
History log of /src/etc/group
RevisionDateAuthorComments
 1.36  02-Apr-2020  roy Add _dhcpcd user and group
 1.35  27-Oct-2019  maxv Add the "nvmm" group, and make nvmm_init() public. Sent to tech-kern@ a few
days ago.
 1.34  07-Jan-2017  christos branches: 1.34.14; 1.34.16;
add nsd
 1.33  20-Aug-2016  christos unbound additions
 1.32  09-Jul-2013  roy branches: 1.32.10;
Add _rtadvd user and group.
Add a chroot dir for the _rtadvd user.
Drop privs to the user _rtadvd after acquiring our socket.
When rc.d/rtadvd starts or reloads, the rtadvd config file is copied
into the chroot before starting or reloading rtadvd itself.
Create a symlink from /var/run/rtadvd.dump to the chroot

Inital idea from OpenBSD patch rtadvd.c r1.36
 1.31  07-Jun-2013  mbalmer Move _gpio gid below 100 per mrg's request.
 1.30  20-May-2013  mbalmer Rename the 'gpio' group to '_gpio' as new group names should start with an
underscore. While here, fix the awk script to properly expand such group
names.
 1.29  19-May-2013  mbalmer Add a group 'gpio' and create gpio(4) device nodes under /dev with
mode 664 and group ownership set to 'gpio'. This allows controlled access
to specifically enabled gpio pins to members of the gpio group. See
gpioctl(8), and, gpio(4) for details.
 1.28  28-Jan-2012  christos branches: 1.28.6;
- add _tss user for tcsd, and needed directories for TrouSerS.
This is all unused as of now because the trousers is not connected to
the build yet.
 1.27  05-Aug-2011  jmmv branches: 1.27.2;
Rename the _atf user to _tests. The _atf name will get obsoleted if/when
we migrate to Kyua (atf v2), so it's better to use a generic name that does
not depend on the specific implementation. Also, this user has not gone
out yet into any stable release, so we can easily rename it.

Suggested by jruoho@.
 1.26  17-Dec-2010  jruoho Make tcpdump(8) to drop root privileges and chroot(2) by default.
 1.25  07-Nov-2010  jmmv Add the _atf user and group to be able to run unprivileged tests automatically
without having to manually tweak the 'unprivileged-user' setting. Suggested
by pooka@.
 1.24  29-Sep-2009  tsarna Multicast DNS ("Bonjour") support, based on Apple's mDNSResponder.
 1.23  16-Oct-2007  tls Add httpd to the build. Add _httpd to passwd and groups and postinstall.
Add /var/www to mtree, add example line to inetd.conf.
 1.22  18-Mar-2007  plunky branches: 1.22.4;
For sdpd(8), change default user/group from nobody/nobody to _sdpd/_sdpd
 1.21  28-Jan-2007  cbiere Let timedc use the dedicated account "_timedc" for dropping privileges
instead of abusing the account "nobody".
 1.20  07-Oct-2006  rpaulo branches: 1.20.2; 1.20.4;
PR 30870: Add user ``_proxy'' and make pf's ftp-proxy use it.
Initial patch by rivo nurges, thanks!
 1.19  30-May-2006  christos remove some more smmsp for sendmail.
 1.18  12-Sep-2005  tsarna add _rwhod user (and group)
 1.17  05-Apr-2005  peter Add _pflogd group.
 1.16  25-Jun-2004  itojun branches: 1.16.2;
remove "auth" group mistakenly added
 1.15  25-Jun-2004  itojun GID for authpf (72 was picked so that we can NFS-share with openbsd)
 1.14  06-Jul-2002  tron Remove unused user and group "news" as discussed on "tech-userlevel".
 1.13  06-Jun-2002  wiz typo in last
 1.12  05-Jun-2002  itojun uid/gid for sendmail 8.12.x.
disallow chroot priv accounts from being used for ftp.
 1.11  14-May-2002  itojun dig sshd uid/gid, and /var/empty, for sshd privilege separation
 1.10  11-Oct-2001  lukem - add "ntpd" user (homedir: /var/chroot/ntpd) and "ntpd" group, for use by
future work to support a chroot(8)ed ntpd
- move /var/named -> /var/chroot/named for consistency with ntpd
 1.9  26-Feb-2001  lukem remove `ingres' user & group; we have never shipped with ingres in the
base distribution, and packages that need a specific user & group can
create it.
 1.8  26-Feb-2001  lukem add named pseudo-user & group
 1.7  29-Apr-2000  abs useradd defaults to using the 'users' group, so add one.
 1.6  27-Mar-1999  perry branches: 1.6.2;
add postfix uid/gid, maildrop gid
 1.5  18-Mar-1998  mikel add a mail group with no members for anyone who wants to try setgid mail
 1.4  18-Jun-1994  cgd add two new groups in Lite's
 1.3  25-Feb-1994  cgd don't forget the trailing ':'. pointed out by Andreas Schulz
<ats@g386bsd.first.gmd.de> via rgrimes
 1.2  02-Apr-1993  cgd removed bill and lynne from wheel
 1.1  21-Mar-1993  cgd branches: 1.1.1;
Initial revision
 1.1.1.2  15-Feb-1997  mikel import 4.4BSD-Lite
 1.1.1.1  21-Mar-1993  cgd initial import of 386bsd-0.1 sources
 1.6.2.1  22-May-2000  he Pull up revision 1.7 (requested by abs):
Create ``users'' group for the benefit of useradd.
 1.16.2.2  22-Feb-2008  bouyer Pull up following revision(s) (requested by jnemeth in ticket #1898):
etc/master.passwd: revision 1.34, 1.35 via patch
etc/group: revision 1.20
dist/pf/libexec/ftp-proxy/ftp-proxy.c: revision 1.12 via patch
distrib/notes/common/main: patch
PR 30870: Add user ``_proxy'' and make pf's ftp-proxy use it.
Initial patch by rivo nurges, thanks!
add all the proper fields to _proxy
 1.16.2.1  13-Apr-2005  tron Pull up revision 1.17 (requested by peter in ticket #134):
Add _pflogd group.
 1.20.4.1  29-Oct-2007  wrstuden Catch up with 4.0 RC3
 1.20.2.1  14-Oct-2007  riz Pull up following revision(s) (requested by xtraeme in ticket #930):
etc/group: revision 1.22
etc/defaults/rc.conf: revision 1.85
etc/master.passwd: revision 1.38
usr.sbin/sdpd/sdpd.8: revision 1.2
usr.sbin/sdpd/sdpd.8: revision 1.3
share/man/man5/rc.conf.5: revision 1.113
etc/rc.d/sdpd: revision 1.2
usr.sbin/sdpd/server.c: revision 1.3
usr.sbin/postinstall/postinstall: revision 1.38
usr.sbin/sdpd/server.h: revision 1.2
usr.sbin/sdpd/main.c: revision 1.2
usr.sbin/sdpd/main.c: revision 1.3
Add an option to permit members of a specific group to register services, in
order to lower the barrier for users of bluetooth devices which may need to
query services on the local host.
change default user/group from nobody/nobody to _sdpd/_sdpd
 1.22.4.1  06-Nov-2007  matt sync with HEAD
 1.27.2.2  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.27.2.1  17-Apr-2012  yamt sync with head
 1.28.6.2  19-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.28.6.1  23-Jun-2013  tls resync from head
 1.32.10.1  20-Mar-2017  pgoyette Sync with HEAD
 1.34.16.1  10-Nov-2019  martin Pull up following revision(s) (requested by maxv in ticket #405):

usr.sbin/nvmmctl/nvmmctl.8: revision 1.2
lib/libnvmm/libnvmm.3: revision 1.24
sys/dev/nvmm/nvmm.h: revision 1.11
lib/libnvmm/libnvmm.3: revision 1.25
sys/dev/nvmm/x86/nvmm_x86.h: revision 1.16
sys/dev/nvmm/nvmm.h: revision 1.12
sys/dev/nvmm/x86/nvmm_x86.h: revision 1.17
tests/lib/libnvmm/h_mem_assist.c: revision 1.12
sys/dev/nvmm/x86/nvmm_x86.h: revision 1.18
share/mk/bsd.hostprog.mk: revision 1.82
lib/libnvmm/libnvmm.c: revision 1.15
distrib/sets/lists/base/md.amd64: revision 1.281
tests/lib/libnvmm/h_mem_assist.c: revision 1.13
lib/libnvmm/libnvmm.c: revision 1.16
tests/lib/libnvmm/h_mem_assist.c: revision 1.14
lib/libnvmm/libnvmm_x86.c: revision 1.32
lib/libnvmm/libnvmm.c: revision 1.17
tests/lib/libnvmm/h_mem_assist.c: revision 1.15
lib/libnvmm/libnvmm_x86.c: revision 1.33
lib/libnvmm/libnvmm.c: revision 1.18
usr.sbin/nvmmctl/Makefile: revision 1.1
tests/lib/libnvmm/h_mem_assist_asm.S: revision 1.7
tests/lib/libnvmm/h_mem_assist.c: revision 1.16
lib/libnvmm/libnvmm_x86.c: revision 1.34
usr.sbin/nvmmctl/Makefile: revision 1.2
tests/lib/libnvmm/h_mem_assist_asm.S: revision 1.8
tests/lib/libnvmm/h_mem_assist.c: revision 1.17
sys/dev/nvmm/nvmm_internal.h: revision 1.13
lib/libnvmm/libnvmm_x86.c: revision 1.35
lib/libnvmm/libnvmm_x86.c: revision 1.36
usr.sbin/postinstall/postinstall.in: revision 1.8
lib/libnvmm/libnvmm_x86.c: revision 1.37
lib/libnvmm/libnvmm_x86.c: revision 1.38
lib/libnvmm/libnvmm_x86.c: revision 1.39
usr.sbin/Makefile: revision 1.282
lib/libnvmm/nvmm.h: revision 1.13
lib/libnvmm/nvmm.h: revision 1.14
lib/libnvmm/nvmm.h: revision 1.15
sys/dev/nvmm/nvmm.c: revision 1.23
lib/libnvmm/nvmm.h: revision 1.16
sys/dev/nvmm/nvmm.c: revision 1.24
lib/libnvmm/nvmm.h: revision 1.17
sys/dev/nvmm/nvmm.c: revision 1.25
tests/lib/libnvmm/h_io_assist.c: revision 1.9
etc/MAKEDEV.tmpl: revision 1.209
tests/lib/libnvmm/h_io_assist.c: revision 1.10
tests/lib/libnvmm/h_io_assist.c: revision 1.11
etc/group: revision 1.35
distrib/sets/lists/man/mi: revision 1.1660
sys/dev/nvmm/x86/nvmm_x86_vmx.c: revision 1.40
sys/dev/nvmm/x86/nvmm_x86_vmx.c: revision 1.41
sys/dev/nvmm/x86/nvmm_x86_vmx.c: revision 1.42
sys/dev/nvmm/x86/nvmm_x86_vmx.c: revision 1.43
sys/dev/nvmm/x86/nvmm_x86_vmx.c: revision 1.44
sys/dev/nvmm/x86/nvmm_x86_svm.c: revision 1.51
sys/dev/nvmm/nvmm_ioctl.h: revision 1.8
sys/dev/nvmm/x86/nvmm_x86_svm.c: revision 1.52
sys/dev/nvmm/nvmm_ioctl.h: revision 1.9
sys/dev/nvmm/x86/nvmm_x86_svm.c: revision 1.53
usr.sbin/nvmmctl/nvmmctl.c: revision 1.1
lib/libnvmm/libnvmm.3: revision 1.20
distrib/sets/lists/debug/md.amd64: revision 1.106
lib/libnvmm/libnvmm.3: revision 1.21
lib/libnvmm/libnvmm.3: revision 1.22
usr.sbin/nvmmctl/nvmmctl.8: revision 1.1
lib/libnvmm/libnvmm.3: revision 1.23

Fix incorrect parsing: the R/M field uses a special GPR map when the
address size is 16 bits, regardless of the actual operating mode. With
this special map there can be two registers referenced at once, and
also disp16-only.
Implement this special behavior, and add associated tests. While here
simplify a few things.
With this in place, the Windows 95 installer initializes correctly.
Part of PR/54611.
add missing initializer
Implement XCHG, add associated tests, and add comments to explain. With
this in place the Windows 95 installer completes successfuly.
Part of PR/54611.
Improve nvmm_vcpu_dump().
Put back 'default', because llvm apparently doesn't realize that all cases
are covered in the switch.
Miscellaneous changes in NVMM, to address several inconsistencies and
issues in the libnvmm API.
- Rename NVMM_CAPABILITY_VERSION to NVMM_KERN_VERSION, and check it in
libnvmm. Introduce NVMM_USER_VERSION, for future use.
- In libnvmm, open "/dev/nvmm" as read-only and with O_CLOEXEC. This is to
avoid sharing the VMs with the children if the process forks. In the
NVMM driver, force O_CLOEXEC on open().
- Rename the following things for consistency:
nvmm_exit* -> nvmm_vcpu_exit*
nvmm_event* -> nvmm_vcpu_event*
NVMM_EXIT_* -> NVMM_VCPU_EXIT_*
NVMM_EVENT_INTERRUPT_HW -> NVMM_VCPU_EVENT_INTR
NVMM_EVENT_EXCEPTION -> NVMM_VCPU_EVENT_EXCP
Delete NVMM_EVENT_INTERRUPT_SW, unused already.
- Slightly reorganize the MI/MD definitions, for internal clarity.
- Split NVMM_VCPU_EXIT_MSR in two: NVMM_VCPU_EXIT_{RD,WR}MSR. Also provide
separate u.rdmsr and u.wrmsr fields. This is more consistent with the
other exit reasons.
- Change the types of several variables:
event.type enum -> u_int
event.vector uint64_t -> uint8_t
exit.u.*msr.msr: uint64_t -> uint32_t
exit.u.io.type: enum -> bool
exit.u.io.seg: int -> int8_t
cap.arch.mxcsr_mask: uint64_t -> uint32_t
cap.arch.conf_cpuid_maxops: uint64_t -> uint32_t
- Delete NVMM_VCPU_EXIT_MWAIT_COND, it is AMD-only and confusing, and we
already intercept 'monitor' so it is never armed.
- Introduce vmx_exit_insn() for NVMM-Intel, similar to svm_exit_insn().
The 'npc' field wasn't getting filled properly during certain VMEXITs.
- Introduce nvmm_vcpu_configure(). Similar to nvmm_machine_configure(),
but as its name indicates, the configuration is per-VCPU and not per-VM.
Migrate and rename NVMM_MACH_CONF_X86_CPUID to NVMM_VCPU_CONF_CPUID.
This becomes per-VCPU, which makes more sense than per-VM.
- Extend the NVMM_VCPU_CONF_CPUID conf to allow triggering VMEXITs on
specific leaves. Until now we could only mask the leaves. An uint32_t
is added in the structure:
uint32_t mask:1;
uint32_t exit:1;
uint32_t rsvd:30;
The two first bits select the desired behavior on the leaf. Specifying
zero on both resets the leaf to the default behavior. The new
NVMM_VCPU_EXIT_CPUID exit reason is added.
Three changes in libnvmm:
- Add 'mach' and 'vcpu' backpointers in the nvmm_io and nvmm_mem
structures.
- Rename 'nvmm_callbacks' to 'nvmm_assist_callbacks'.
- Rename and migrate NVMM_MACH_CONF_CALLBACKS to NVMM_VCPU_CONF_CALLBACKS,
it now becomes per-VCPU.
Update the libnvmm man page:
- Sync the naming with reality.
- Replace "relevant" by "desired" and "virtualizer" by "emulator", closer
to what I meant.
- Add a "VCPU Configuration" section.
- Add a "Machine Ownership" section.
Add the "nvmm" group, and make nvmm_init() public. Sent to tech-kern@ a few
days ago.
Use the new PTE naming, and define CR3_FRAME_* separately. No functional
change.
Add a new VCPU conf option, that allows userland to request VMEXITs after a
TPR change. This is supported on all Intel CPUs, and not-too-old AMD CPUs.
The reason for wanting this option is that certain OSes (like Win10 64bit)
manage interrupt priority in hardware via CR8 directly, and for these OSes,
the emulator may want to sync its internal TPR state on each change.
Add two new fields in cap.arch, to report the conf capabilities. Report TPR
only on Intel for now, not AMD, because I don't have a recent AMD CPU on
which to test.
Mask CPUID leaf 0x0A on Intel, because we don't want the guest to try (and
fail) to probe the PMC MSRs. This avoids "Unexpected WRMSR" warnings in
qemu-nvmm.
Add PCID support in the guests. This speeds up most 64bit guests, because
since Meltdown, everybody uses PCID (including NetBSD).
Change the way root_owner works: consider the calling process as root_owner
not if it has root privileges, but if the /dev/nvmm device was opened with
write permissions. Introduce the undocumented nvmm_root_init() function to
achieve that.
The goal is to simplify the logic and have more granularity, eg if we want
a monitoring agent to access VMs but don't want to give this agent real
root access on the system.
A few changes:
- Use smaller types in struct nvmm_capability.
- Use smaller type for nvmm_io.port.
- Switch exitstate to a compacted structure.
Add nram in struct nvmm_ctl_mach_info.
Add nvmmctl, with two commands for now.
Macro tidyness.
Sort SEE ALSO.
should be fork(2), noticed by wiz
Add debug entry for newly introduced nvmmctl utility.
Annotate a covering switch as such to avoid warnings about missing
returns.
Forgot to put nvmmctl in the "nvmm" group.
Add nvmm group.
 1.34.14.1  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411

RSS XML Feed