Date: Sun, 1 Dec 2013 13:34:43 +0100 From: Jilles Tjoelker <jilles@stack.nl> To: Nathan Whitehorn <nwhitehorn@freebsd.org> Cc: "Teske, Devin" <Devin.Teske@fisglobal.com>, Current Current <freebsd-current@freebsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>, Devin Teske <dteske@freebsd.org>, Peter Grehan <grehan@freebsd.org>, Michael Dexter <editor@callfortesting.org> Subject: Re: [CFT] bsdinstall and zfsboot enhancements Message-ID: <20131201123442.GA6818@stack.nl> In-Reply-To: <529A6862.7060308@freebsd.org> References: <5275C597.6070702@freebsd.org> <97944047-D575-4E2E-B687-9871DFE058E3@fisglobal.com> <ABD90FE2-1540-410A-959E-D91D0BE811E3@freebsd.org> <52769CFE.5080707@freebsd.org> <5281340E.8080009@callfortesting.org> <F3512B82-7B2E-40D9-A513-C4C2430F9255@fisglobal.com> <52813E53.20403@freebsd.org> <5281441E.7060806@freebsd.org> <D81082F2-8273-449F-A2EB-DAA12779CAE7@fisglobal.com> <529A6862.7060308@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Nov 30, 2013 at 04:36:18PM -0600, Nathan Whitehorn wrote: > This took much longer than I'd anticipated, but the patch to init is > attached. I chose not to make the changes to init rather than > getttyent() and friends in libc, which I am open to revisiting. lib/libpam/modules/pam_securetty/pam_securetty.c calls getttynam(3) and will not allow root login on a "fake" TTY that getttynam() does not know. This module is enabled by default for the "login" service. So it is probably better to patch libc rather than init. > The behavior changes are as follows: > If the "console" device in /etc/ttys in marked "on", instead of opening > /dev/console, init will loop through the active kernel console devices, > and for each will: > 1. If the kernel console device is in /etc/ttys and marked "on", it > already has a terminal and will be ignored. > 2. If marked "off", that is an explicit statement that a console is not > wanted and so it will be ignored. > 3. If not present in /etc/ttys, init will run getty with whatever > parameters "console" has. This seems to make sense. > (3) is the main behavioral change. No changes in behavior will occur if > /etc/ttys is not modified. If we turn on "console" by default, it will > usually have no effect instead of trying to run multiple gettys, which > is new. If we then also comment out the ttyu0 line, instead of marking > it "off", the result will be the conditional presence of a login prompt > on the first serial port depending on whether it is an active console > device for the kernel. I believe this is the behavior we are going for. The terminal type for the console entry should probably be changed to something other than "unknown" to reduce annoyance. > Comments and test results would be appreciated. As a preparatory patch, you could remove se_index and session_index from init. They are only used to warn about a changed slot number in utmp(5) which is irrelevant with utmpx. This noise warning would also appear in most cases when changing from a "fake" console entry to a real line in /etc/ttys. Also, if you do decide to fake ttys entries in init rather than libc, the patch to init will be simpler. -- Jilles Tjoelker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131201123442.GA6818>