HardenedBSD/sbin/devd/devd.conf
2023-11-24 06:01:37 -07:00

163 lines
5.2 KiB
Plaintext

#
# Refer to devd.conf(5) and devd(8) man pages for the details on how to
# run and configure devd.
#
# NB: All regular expressions have an implicit ^$ around them.
# NB: device-name is shorthand for 'match device-name'
options {
# Each "directory" directive adds a directory to the list of
# directories that we scan for files. Files are loaded in the order
# that they are returned from readdir(3). The rule-sets are combined
# to create a DFA that's used to match events to actions.
directory "/etc/devd";
directory "/usr/local/etc/devd";
pid-file "/var/run/devd.pid";
# Setup some shorthand for regex that we use later in the file.
#XXX Yes, this is gross -- imp
set wifi-driver-regex
"(ath|ath[0-9]+k|bwi|bwn|ipw|iwlwifi|iwi|iwm|iwn|malo|mwl|mt79|otus|\
ral|rsu|rtw|rtwn|rum|run|uath|upgt|ural|urtw|wpi|wtap|zyd)[0-9]+";
};
# Note that the attach/detach with the highest value wins, so that one can
# override these general rules.
#
# Configure the interface on attach. Due to a historical accident, this
# script is called pccard_ether. We omit the usbus devices because those
# devices are associated with the USB Bus and provide an ifnet device to
# allow usb traffic to be captured with usbdump(8).
#
# NB: DETACH events are ignored; the kernel should handle all cleanup
# (routes, arp cache). Beware of races against immediate create
# of a device with the same name; e.g.
# ifconfig bridge0 destroy; ifconfig bridge0 create
#
notify 0 {
match "system" "IFNET";
match "subsystem" "!(usbus|wlan)[0-9]+";
match "type" "ATTACH";
action "/etc/pccard_ether $subsystem start";
};
#
# Like Ethernet devices, but separate because 802.11 require spawning
# wlan(4) interface.
#
attach 0 {
device-name "$wifi-driver-regex";
action "/etc/pccard_ether $device-name startchildren";
};
detach 0 {
device-name "$wifi-driver-regex";
action "/etc/pccard_ether $device-name stopchildren";
};
# An entry like this might be in a different file, but is included here
# as an example of how to override things. Normally 'ed50' would match
# the above attach/detach stuff, but the value of 100 makes it
# hard wired to 1.2.3.4.
attach 100 {
device-name "ed50";
action "ifconfig $device-name inet 1.2.3.4 netmask 0xffff0000";
};
detach 100 {
device-name "ed50";
};
# Firmware downloader for Atheros AR3011 based USB Bluetooth devices
#attach 100 {
# match "vendor" "0x0cf3";
# match "product" "0x3000";
# action "sleep 2 && /usr/sbin/ath3kfw -d $device-name -f /usr/local/etc/ath3k-1.fw";
#};
# Notify all users before beginning emergency shutdown when we get
# a _CRT or _HOT thermal event and we're going to power down the system
# very soon.
notify 10 {
match "system" "ACPI";
match "subsystem" "Thermal";
match "notify" "0xcc";
action "logger -p kern.emerg WARNING: system temperature too high, shutting down soon!";
};
# User requested suspend, so perform preparation steps and then execute
# the actual suspend process.
notify 10 {
match "system" "ACPI";
match "subsystem" "Suspend";
action "/etc/rc.suspend acpi $notify";
};
notify 10 {
match "system" "ACPI";
match "subsystem" "Resume";
action "/etc/rc.resume acpi $notify";
};
/* EXAMPLES TO END OF FILE
# Examples of notify hooks. A notify is a generic way for a kernel
# subsystem to send event notification to userland.
# Here are some examples of ACPI notify handlers. ACPI subsystems that
# generate notifies include the AC adapter, power/sleep buttons,
# control method batteries, lid switch, and thermal zones.
#
# Information returned is not always the same as the ACPI notify
# events. See the ACPI specification for more information about
# notifies. Here is the information returned for each subsystem:
#
# ACAD: AC line state (0 is offline, 1 is online)
# Button: Button pressed (0 for power, 1 for sleep)
# CMBAT: ACPI battery events
# Lid: Lid state (0 is closed, 1 is open)
# Suspend, Resume: Suspend and resume notification
# Thermal: ACPI thermal zone events
#
# This example calls a script when the AC state changes, passing the
# notify value as the first argument. If the state is 0x00, it might
# call some sysctls to implement economy mode. If 0x01, it might set
# the mode to performance.
notify 10 {
match "system" "ACPI";
match "subsystem" "ACAD";
action "/etc/acpi_ac $notify";
};
# This example works around a memory leak in PostgreSQL, restarting
# it when the "user:postgres:swap:devctl=1G" rctl(8) rule gets triggered.
notify 0 {
match "system" "RCTL";
match "rule" "user:770:swap:.*";
action "service postgresql restart";
};
# Handle userland coredumps.
# This commented out handler makes it possible to run an
# automated debugging session after the core dump is generated.
# Replace action with a proper coredump handler, but be aware that
# it will run with elevated privileges.
#notify 10 {
# match "system" "kernel";
# match "subsystem" "signal";
# match "type" "coredump";
# action "logger $comm $core";
#};
# Let the init(8) know there's a new USB serial interface it might
# want to run getty(8) for. This includes device-side tty created
# by usb_template(4).
notify 100 {
match "system" "DEVFS";
match "subsystem" "CDEV";
match "type" "CREATE";
match "cdev" "ttyU[0-9]+";
action "/sbin/init q";
};
*/