stuff (for jails) after all, but leave the functionality there just in
case.

rc.route and an rc.ifc *inside* the jail. The rc.ifc does not setup
interfaces, but does call invoke rc.route (constructed from
virt_routes table by talking to tmcd) for each interface (okay, IP
address) the jail has access to. This is how it works outside the
jail, and I keep the structure inside the jail looking just like it
does outside the jail, of possible.

directory unless the "root" directory (where we mount the vnode
filesystem) is empty! If its not, do not try and remove anything,
since it means something went wrong with the teardown. This will make
Russ happy; his homedir won't disappear on a regular basis.

file instead of contacting tmcd directly to find that info.
Basically, cut out 4 places where we contact tmcd on boot. I know, big
whoop.

bunch of jail changes. No matter, no one should be installing any of
this stuff to make a new image until I give the okay.

own script. It was just clutter in that library. Kill delay_update
since its not really used anymore, but give a delaysetup a -u option
to do that, just in case.

Added BESTOWGROUPROOT permission.

More rework on the groups system.

* BESTOWGROUPROOT permission added to dbdefs.

* Permissions criteria for group operations changed in dbdefs
  (consult code for full explanation.)

* Approveuser and Editgroup now check for BESTOWGROUPROOT
  permissions before allowing changes to group_root.

* approveuser_form and editgroup_form do not show "Group Root"
  as an option unless you are allowed to set it (or it is already set.)

* editgroup does not UPDATE rows where trust has not been changed.

* showgroup does a correct check to see whether to show the
  "group options" subpage.

Approveuser now does not allow non-project-owners to approve people as
group_root into the default group.

Modified editgroup form to show only valid trust options for "add users"
table.

* Altered consistency checks to treat any root as equivalent
  (so, if you're project_root in the default group, but group_root in
   a group, that won't be a problem)

* Moved consistency checks, which were done in two different places into
  dbdefs TBCheckGroupTrustConsistency()

* Added preemptive checks, so if 'user' or '*_root' are not valid
  trusts, they aren't displayed as options in editgroup_form and
  approveuser_form (using above function)

* In approveuser, a new approval may now be sent to group_root.

INADDRANY: When 1, jail is allowed to bind to INADDR_ANY. When packet
           comes in, the pchlookup checks the prison IPs.

ROUTING:   Jail gets access to its routing table. This presently implies
           that the jail gets its own private routing table via new
	   jail options.

DEVMEM:    Jail gets a real /dev/mem and /dev/kmem instead of a
           symlink to /dev/null. This pretty much bypasses security so
           its not something to do on widearea nodes, but on local
           nodes that fine.

Added TB_PROJECT_GROUPGRABUSERS to Perl side, for consistency.

Split notion of "EDITGROUP" permission into two:
"EDITGROUP" and "GROUPGRABUSERS".

"EDITGROUP" is easier to obtain;
            it is now given to group_root for the group.
"GROUPGRABUSERS" is how "EDITGROUP" _used_ to be:
                 only given to default-group_root or project_root.

The ability to add users to a group who have not requested membership
now requires "GROUPGRABUSERS".

Removing or editing members still requires only EDITGROUP.

So, the upshot is, now group_root users can edit and remove members from
their own groups.
But they still can't 'grab' users who haven't asked to join the group.
(which would enable them to mount arbitrary users' home dirs as
 root, which would be a Bad Thing.)

Fixed missing '?' in GID link when showing group.

Changed link from now-defunct addusr.php to joingroup.php

Add instructions to use if the ops node is a tip server.

Add a couple other helpful notes.

* Track emulab-ops port version number
* Change the way chmods are done, to work with symlinks
* Change permissions for certain directories
* Fix some formatting in rc.conf
* Fix a case error for ssh
* Add /share to the list of exported filesystems
* Remove -alldirs from exports
* Add creation of an empty rc.capture

Fixed ALLOCSTATE consts.

tree on ops.

A little better than my old (broken) hacks, but not by much.

Added '-x' switch;
when specified, nfreeing a physical node results in
any virtual node sitting on that physical node to be freed as well.

(This should probably be the default behavior.)

New version of unified tbswap in/out.
startexp/endexp/swapexp have been changed to use new script.

tbswapin and tbswapout have been replaced with a script which
spits out a warning message, then calls tbswap appropriately.

The README has also been modified.

remove the toomanylinks test, since that check has been removed from
tbprerun.

existing DB to bring it into compliance with the changes. Its
a text file, but please put in actual sql commands or script.
Mark each change with the CVS revision number of the corresponding
change in database-create.sql.

Specify '0' to exit on success.

make sure it got run as root. Update that to allow running as non root if
you're in a devel tree and you're an admin (in your own copy of the db).
This will let flest run it simply by using 'withadminprivs' with the
startup of stated.

 - fix bad indenting to a uniform 4 spaces (before was 2, 4 and 8 mixed)
 - Move ping-for-isup functionality into a separate script
 - Make sure every transition triggered by stated (directly or indirectly)
   sends an event, instead of taking shortcuts.

This called for a new script, eventping, which just pings until the node
is pingable, then sends an ISUP event. Stated runs this in the background
where necessary, and nothing else should run it.

Adding eventping meant modifying configure and the utils makefile, too.

ispell.