mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-22 16:44:32 +01:00
0321b694c7
the logic (true/false) of the matching. - Add "!usbus[0-9]+" to IFNET ATTACH notification handler in the default devd.conf to prevent rc.d/netif from running when usbus[0-9]+ is attached. Reviewed by: imp
327 lines
9.5 KiB
Plaintext
327 lines
9.5 KiB
Plaintext
# $FreeBSD$
|
|
#
|
|
# Refer to devd.conf(5) and devd(8) man pages for the details on how to
|
|
# run and configure devd.
|
|
#
|
|
|
|
# NB: All regular expressions have an implicit ^$ around them.
|
|
# NB: device-name is shorthand for 'match device-name'
|
|
|
|
options {
|
|
# Each "directory" directive adds a directory to the list of
|
|
# directories that we scan for files. Files are loaded in the order
|
|
# that they are returned from readdir(3). The rule-sets are combined
|
|
# to create a DFA that's used to match events to actions.
|
|
directory "/etc/devd";
|
|
directory "/usr/local/etc/devd";
|
|
pid-file "/var/run/devd.pid";
|
|
|
|
# Setup some shorthand for regex that we use later in the file.
|
|
#XXX Yes, these are gross -- imp
|
|
set scsi-controller-regex
|
|
"(aac|adv|adw|aha|ahb|ahc|ahd|aic|amd|amr|asr|bt|ciss|ct|dpt|\
|
|
esp|ida|iir|ips|isp|mlx|mly|mpt|ncr|ncv|nsp|stg|sym|trm|wds)\
|
|
[0-9]+";
|
|
};
|
|
|
|
# Note that the attach/detach with the highest value wins, so that one can
|
|
# override these general rules.
|
|
|
|
#
|
|
# Configure the interface on attach. Due to a historical accident, this
|
|
# script is called pccard_ether.
|
|
#
|
|
# NB: DETACH events are ignored; the kernel should handle all cleanup
|
|
# (routes, arp cache). Beware of races against immediate create
|
|
# of a device with the same name; e.g.
|
|
# ifconfig bridge0 destroy; ifconfig bridge0 create
|
|
#
|
|
notify 0 {
|
|
match "system" "IFNET";
|
|
match "subsystem" "!usbus[0-9]+";
|
|
match "type" "ATTACH";
|
|
action "/etc/pccard_ether $subsystem start";
|
|
};
|
|
|
|
#
|
|
# Try to start dhclient on Ethernet-like interfaces when the link comes
|
|
# up. Only devices that are configured to support DHCP will actually
|
|
# run it. No link down rule exists because dhclient automatically exits
|
|
# when the link goes down.
|
|
#
|
|
notify 0 {
|
|
match "system" "IFNET";
|
|
match "type" "LINK_UP";
|
|
media-type "ethernet";
|
|
action "/etc/rc.d/dhclient quietstart $subsystem";
|
|
};
|
|
|
|
#
|
|
# Like Ethernet devices, but separate because
|
|
# they have a different media type. We may want
|
|
# to exploit this later.
|
|
#
|
|
detach 0 {
|
|
media-type "802.11";
|
|
action "/etc/pccard_ether $device-name stop";
|
|
};
|
|
attach 0 {
|
|
media-type "802.11";
|
|
action "/etc/pccard_ether $device-name start";
|
|
};
|
|
notify 0 {
|
|
match "system" "IFNET";
|
|
match "type" "LINK_UP";
|
|
media-type "802.11";
|
|
action "/etc/rc.d/dhclient quietstart $subsystem";
|
|
};
|
|
|
|
# An entry like this might be in a different file, but is included here
|
|
# as an example of how to override things. Normally 'ed50' would match
|
|
# the above attach/detach stuff, but the value of 100 makes it
|
|
# hard wired to 1.2.3.4.
|
|
attach 100 {
|
|
device-name "ed50";
|
|
action "ifconfig $device-name inet 1.2.3.4 netmask 0xffff0000";
|
|
};
|
|
detach 100 {
|
|
device-name "ed50";
|
|
};
|
|
|
|
# When a USB Bluetooth dongle appears, activate it
|
|
attach 100 {
|
|
device-name "ubt[0-9]+";
|
|
action "/etc/rc.d/bluetooth quietstart $device-name";
|
|
};
|
|
detach 100 {
|
|
device-name "ubt[0-9]+";
|
|
action "/etc/rc.d/bluetooth quietstop $device-name";
|
|
};
|
|
|
|
# Firmware downloader for Atheros AR3011 based USB Bluetooth devices
|
|
#attach 100 {
|
|
# match "vendor" "0x0cf3";
|
|
# match "product" "0x3000";
|
|
# action "sleep 2 && /usr/sbin/ath3kfw -d $device-name -f /usr/local/etc/ath3k-1.fw";
|
|
#};
|
|
|
|
# When a USB keyboard arrives, attach it as the console keyboard.
|
|
attach 100 {
|
|
device-name "ukbd0";
|
|
action "/etc/rc.d/syscons setkeyboard /dev/ukbd0";
|
|
};
|
|
detach 100 {
|
|
device-name "ukbd0";
|
|
action "/etc/rc.d/syscons setkeyboard /dev/kbd0";
|
|
};
|
|
|
|
attach 100 {
|
|
device-name "ums[0-9]+";
|
|
action "/etc/rc.d/moused quietstart $device-name";
|
|
};
|
|
|
|
detach 100 {
|
|
device-name "ums[0-9]+";
|
|
action "/etc/rc.d/moused stop $device-name";
|
|
};
|
|
|
|
# Firmware download into the ActiveWire board. After the firmware download is
|
|
# done, the device detaches and reappears as something new and shiny
|
|
# automatically.
|
|
attach 100 {
|
|
match "vendor" "0x0854";
|
|
match "product" "0x0100";
|
|
match "release" "0x0000";
|
|
action "/usr/local/bin/ezdownload -f /usr/local/share/usb/firmware/0854.0100.0_01.hex $device-name";
|
|
};
|
|
|
|
# Firmware download for Entrega Serial DB25 adapter.
|
|
attach 100 {
|
|
match "vendor" "0x1645";
|
|
match "product" "0x8001";
|
|
match "release" "0x0101";
|
|
action "if ! kldstat -n usio > /dev/null 2>&1 ; then kldload usio; fi; /usr/sbin/ezdownload -v -f /usr/share/usb/firmware/1645.8001.0101 /dev/$device-name";
|
|
};
|
|
|
|
# This entry starts the ColdSync tool in daemon mode. Make sure you have an up
|
|
# to date /usr/local/etc/palms. We override the 'listen' settings for port and
|
|
# type in /usr/local/etc/coldsync.conf.
|
|
notify 100 {
|
|
match "system" "USB";
|
|
match "subsystem" "DEVICE";
|
|
match "type" "ATTACH";
|
|
match "vendor" "0x082d";
|
|
match "product" "0x0100";
|
|
match "release" "0x0100";
|
|
action "/usr/local/bin/coldsync -md -p /dev/$cdev -t usb";
|
|
};
|
|
|
|
#
|
|
# Rescan scsi device-names on attach, but not detach. However, it is
|
|
# disabled by default due to reports of problems.
|
|
#
|
|
attach 0 {
|
|
device-name "$scsi-controller-regex";
|
|
// action "camcontrol rescan all";
|
|
};
|
|
|
|
# Don't even try to second guess what to do about drivers that don't
|
|
# match here. Instead, pass it off to syslog. Commented out for the
|
|
# moment, as the pnpinfo variable isn't set in devd yet. Individual
|
|
# variables within the bus supplied pnpinfo are set.
|
|
nomatch 0 {
|
|
# action "logger Unknown device: $pnpinfo $location $bus";
|
|
};
|
|
|
|
# Various logging of unknown devices.
|
|
nomatch 10 {
|
|
match "bus" "uhub[0-9]+";
|
|
action "logger Unknown USB device: vendor $vendor product $product \
|
|
bus $bus";
|
|
};
|
|
|
|
# Some PC-CARDs don't offer numerical manufacturer/product IDs, just
|
|
# show the CIS info there.
|
|
nomatch 20 {
|
|
match "bus" "pccard[0-9]+";
|
|
match "manufacturer" "0xffffffff";
|
|
match "product" "0xffffffff";
|
|
action "logger Unknown PCCARD device: CISproduct $cisproduct \
|
|
CIS-vendor $cisvendor bus $bus";
|
|
};
|
|
|
|
nomatch 10 {
|
|
match "bus" "pccard[0-9]+";
|
|
action "logger Unknown PCCARD device: manufacturer $manufacturer \
|
|
product $product CISproduct $cisproduct CIS-vendor \
|
|
$cisvendor bus $bus";
|
|
};
|
|
|
|
nomatch 10 {
|
|
match "bus" "cardbus[0-9]+";
|
|
action "logger Unknown Cardbus device: device $device class $class \
|
|
vendor $vendor bus $bus";
|
|
};
|
|
|
|
# Switch power profiles when the AC line state changes.
|
|
notify 10 {
|
|
match "system" "ACPI";
|
|
match "subsystem" "ACAD";
|
|
action "/etc/rc.d/power_profile $notify";
|
|
};
|
|
|
|
# Notify all users before beginning emergency shutdown when we get
|
|
# a _CRT or _HOT thermal event and we're going to power down the system
|
|
# very soon.
|
|
notify 10 {
|
|
match "system" "ACPI";
|
|
match "subsystem" "Thermal";
|
|
match "notify" "0xcc";
|
|
action "logger -p kern.emerg 'WARNING: system temperature too high, shutting down soon!'";
|
|
};
|
|
|
|
# Sample ZFS problem reports handling.
|
|
notify 10 {
|
|
match "system" "ZFS";
|
|
match "type" "zpool";
|
|
action "logger -p kern.err 'ZFS: failed to load zpool $pool'";
|
|
};
|
|
|
|
notify 10 {
|
|
match "system" "ZFS";
|
|
match "type" "vdev";
|
|
action "logger -p kern.err 'ZFS: vdev failure, zpool=$pool type=$type'";
|
|
};
|
|
|
|
notify 10 {
|
|
match "system" "ZFS";
|
|
match "type" "data";
|
|
action "logger -p kern.warn 'ZFS: zpool I/O failure, zpool=$pool error=$zio_err'";
|
|
};
|
|
|
|
notify 10 {
|
|
match "system" "ZFS";
|
|
match "type" "io";
|
|
action "logger -p kern.warn 'ZFS: vdev I/O failure, zpool=$pool path=$vdev_path offset=$zio_offset size=$zio_size error=$zio_err'";
|
|
};
|
|
|
|
notify 10 {
|
|
match "system" "ZFS";
|
|
match "type" "checksum";
|
|
action "logger -p kern.warn 'ZFS: checksum mismatch, zpool=$pool path=$vdev_path offset=$zio_offset size=$zio_size'";
|
|
};
|
|
|
|
# User requested suspend, so perform preparation steps and then execute
|
|
# the actual suspend process.
|
|
notify 10 {
|
|
match "system" "ACPI";
|
|
match "subsystem" "Suspend";
|
|
action "/etc/rc.suspend acpi $notify";
|
|
};
|
|
notify 10 {
|
|
match "system" "ACPI";
|
|
match "subsystem" "Resume";
|
|
action "/etc/rc.resume acpi $notify";
|
|
};
|
|
|
|
/* EXAMPLES TO END OF FILE
|
|
|
|
# An example of something that a vendor might install if you were to
|
|
# add their device. This might reside in /usr/local/etc/devd/deqna.conf.
|
|
# A deqna is, in this hypothetical example, a pccard ethernet-like device.
|
|
# Students of history may know other devices by this name, and will get
|
|
# the in-jokes in this entry.
|
|
nomatch 10 {
|
|
match "bus" "pccard[0-9]+";
|
|
match "manufacturer" "0x1234";
|
|
match "product" "0x2323";
|
|
action "kldload if_deqna";
|
|
};
|
|
attach 10 {
|
|
device-name "deqna[0-9]+";
|
|
action "/etc/pccard_ether $device-name start";
|
|
};
|
|
detach 10 {
|
|
device-name "deqna[0-9]+";
|
|
action "/etc/pccard_ether $device-name stop";
|
|
};
|
|
|
|
# Examples of notify hooks. A notify is a generic way for a kernel
|
|
# subsystem to send event notification to userland.
|
|
|
|
# Here are some examples of ACPI notify handlers. ACPI subsystems that
|
|
# generate notifies include the AC adapter, power/sleep buttons,
|
|
# control method batteries, lid switch, and thermal zones.
|
|
#
|
|
# Information returned is not always the same as the ACPI notify
|
|
# events. See the ACPI specification for more information about
|
|
# notifies. Here is the information returned for each subsystem:
|
|
#
|
|
# ACAD: AC line state (0 is offline, 1 is online)
|
|
# Button: Button pressed (0 for power, 1 for sleep)
|
|
# CMBAT: ACPI battery events
|
|
# Lid: Lid state (0 is closed, 1 is open)
|
|
# RCTL: Resource limits
|
|
# Suspend, Resume: Suspend and resume notification
|
|
# Thermal: ACPI thermal zone events
|
|
#
|
|
# This example calls a script when the AC state changes, passing the
|
|
# notify value as the first argument. If the state is 0x00, it might
|
|
# call some sysctls to implement economy mode. If 0x01, it might set
|
|
# the mode to performance.
|
|
notify 10 {
|
|
match "system" "ACPI";
|
|
match "subsystem" "ACAD";
|
|
action "/etc/acpi_ac $notify";
|
|
};
|
|
|
|
# This example works around a memory leak in PostgreSQL, restarting
|
|
# it when the "user:pgsql:swap:devctl=1G" rctl(8) rule gets triggered.
|
|
notify 0 {
|
|
match "system" "RCTL";
|
|
match "rule" "user:70:swap:.*";
|
|
action "/usr/local/etc/rc.d/postgresql restart"
|
|
};
|
|
|
|
*/
|