Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/share/man/man7/sysctl.7,v rcsdiff: /ftp/cvs/cvsroot/src/share/man/man7/sysctl.7,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.92 retrieving revision 1.108 diff -u -p -r1.92 -r1.108 --- src/share/man/man7/sysctl.7 2015/07/11 17:36:09 1.92 +++ src/share/man/man7/sysctl.7 2017/01/09 20:08:26 1.108 @@ -1,4 +1,4 @@ -.\" $NetBSD: sysctl.7,v 1.92 2015/07/11 17:36:09 wiz Exp $ +.\" $NetBSD: sysctl.7,v 1.108 2017/01/09 20:08:26 hubertf Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ .\" .\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 .\" -.Dd July 11, 2015 +.Dd November 17, 2016 .Dt SYSCTL 7 .Os .Sh NAME @@ -188,7 +188,7 @@ level is detailed below. The changeable column shows whether a process with appropriate privilege may change the value. .Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent -.It Sy Second level name Sy Type Sy Changeable +.It Sy Second level name Ta Sy Type Ta Sy Changeable .It hw.alignbytes integer no .It hw.byteorder integer no .It hw.cnmagic string yes @@ -272,7 +272,7 @@ The changeable column shows whether a pr privilege may change the value. .Bl -column "kern.posix_reader_writer_locks" \ "struct kinfo_drivers" "not applicable" -.It Sy Second level name Sy Type Sy Changeable +.It Sy Second level name Ta Sy Type Ta Sy Changeable .It kern.aio_listio_max integer yes .It kern.aio_max integer yes .It kern.arandom integer no @@ -315,6 +315,7 @@ privilege may change the value. .It kern.maxproc integer yes .It kern.maxptys integer yes .It kern.maxvnodes integer yes +.It kern.messages integer yes .It kern.mbuf node not applicable .It kern.memlock integer no .It kern.memlock_range integer no @@ -354,7 +355,7 @@ privilege may change the value. .It kern.rtc_offset integer yes .It kern.saved_ids integer no .It kern.sbmax integer yes -.\".It kern.sched node not applicable +.It kern.sched node not applicable .It kern.securelevel integer raise only .It kern.somaxkva integer yes .It kern.synchronized_io integer no @@ -398,11 +399,16 @@ A .Vt struct timeval structure is returned. This structure contains the time that the system was booted. +.It Li kern.bufq +This variable contains information on the +.Xr bufq 9 +subsystem. +Currently, the only third level name implemented is +.Dv kern.bufq.strategies +which provides a list of buffer queue strategies currently available. .It Li kern.buildinfo When the kernel is built, the build environment may optionally provide arbitrary information to be stored in this variable. -.\" .It Li kern.bufq -.\" XXX: Undocumented. .It Li kern.ccpu ( Dv KERN_CCPU ) The scheduler exponential decay value. .It Li kern.clockrate ( Dv KERN_CLOCKRATE ) @@ -428,7 +434,7 @@ The third level name is .Dv kern.coredump.setid and fourth level variables are described below. .Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent -.It Sy Fourth level name Sy Type Sy Changeable +.It Sy Fourth level name Ta Sy Type Ta Sy Changeable .It kern.coredump.setid.dump integer yes .It kern.coredump.setid.group integer yes .It kern.coredump.setid.mode integer yes @@ -456,7 +462,7 @@ Mapping of CPU number to CPU id. .It Li kern.cp_time ( Dv KERN_CP_TIME ) Returns an array of .Dv CPUSTATES -.Vt uint64_t Ns s. +.Vt uint64_t Ns s . This array contains the number of clock ticks spent in different CPU states. On multi-processor systems, the sum across all CPUs is returned unless @@ -541,6 +547,29 @@ otherwise\ 0. Returns the number of .Xr hardclock 9 ticks. +.It Li kern.hist +This variable contains kernel history data if the kernel was +configured for any of the options +.Dv UVHMIST , +.Dv USB_DEBUG , +.Dv BIOHIST , +or +.Dv SCDEBUG . +(See +.Xr options 4 +for more details.) +The third-level names correspond to each available history table. +The values of the history tables are in an internal format, and can be +decoded by the +.Xr vmstat 1 +utility's +.Fl U +and +.Fl u +options; +the +.Fl l +option can be used to see which tables are available. .It Li kern.hostid ( Dv KERN_HOSTID ) Get or set the host identifier. This is aimed to replace the legacy @@ -566,7 +595,7 @@ and Return information about the SysV IPC parameters. The third level names for the ipc variables are detailed below. .Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent -.It Sy Third level name Sy Type Sy Changeable +.It Sy Third level name Ta Sy Type Ta Sy Changeable .It kern.ipc.sysvmsg integer no .It kern.ipc.sysvsem integer no .It kern.ipc.sysvshm integer no @@ -599,7 +628,7 @@ otherwise\ 0. Return System V style IPC configuration and run-time information. The fourth level name selects the System V style IPC facility. .Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent -.It Sy Fourth level name Sy Type +.It Sy Fourth level name Ta Sy Type .It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info .It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info .It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info @@ -700,7 +729,7 @@ The third level names for the mbuf varia The changeable column shows whether a process with appropriate privilege may change the value. .Bl -column "kern.mbuf.nmbclusters" "integer" "Changeable" -offset indent -.It Sy Third level name Sy Type Sy Changeable +.It Sy Third level name Ta Sy Type Ta Sy Changeable .\" XXX Changeable? really? .It kern.mbuf.mblowat integer yes .It kern.mbuf.mclbytes integer yes @@ -739,11 +768,23 @@ Returns 1 if the .St -p1003.1b-93 Memory Protection Option is available on this system, otherwise\ 0. +.It Li kern.messages +Kernel console message verbosity. +See +.Sy \ +.Bl -column "verbosity" "setting" -offset indent +.It Sy Verbosity Setting +.It \ \ \ \ 0 Silent Sy AB_SILENT +.It \ \ \ \ 1 Quiet Sy AB_QUIET +.It \ \ \ \ 2 Normal Sy AB_NORMAL +.It \ \ \ \ 3 Verbose Sy AB_VERBOSE +.It \ \ \ \ 4 Debug Sy AB_DEBUG +.El .It Li kern.module Settings related to kernel modules. The third level names for the settings are described below. .Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent -.It Sy Third level name Sy Type Sy Changeable +.It Sy Third level name Ta Sy Type Ta Sy Changeable .It kern.module.autoload integer yes .It kern.module.autotime integer yes .It kern.module.verbose integer yes @@ -778,7 +819,7 @@ This node is created dynamically when the corresponding kernel module is loaded. The third level names for the settings are described below. .Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent -.It Sy Third level name Sy Type Sy Changeable +.It Sy Third level name Ta Sy Type Ta Sy Changeable .It kern.mqueue.mq_open_max integer yes .It kern.mqueue.mq_prio_max integer yes .It kern.mqueue.mq_max_msgsize integer yes @@ -830,7 +871,7 @@ The third level names for the integer p The changeable column shows whether a process with appropriate privilege may change the value. .Bl -column "kern.pipe.maxbigpipes" "integer" "Changeable" -offset indent -.It Sy Third level name Sy Type Sy Changeable +.It Sy Third level name Ta Sy Type Ta Sy Changeable .It kern.pipe.kvasiz integer yes .It kern.pipe.maxbigpipes integer yes .It kern.pipe.maxkvasz integer yes @@ -923,7 +964,7 @@ structures is returned, whose size depends on the current number of such objects in the system. The third and fourth level numeric names are as follows: .Bl -column "KERN_PROC_SESSION" "Fourth level is:" -offset indent -.It Sy Third level name Sy Fourth level is: +.It Sy Third level name Ta Sy Fourth level is: .It KERN_PROC_ALL None .It KERN_PROC_GID A group ID .It KERN_PROC_PID A process ID @@ -949,11 +990,12 @@ of a process. Multiple strings are returned separated by NUL characters. The third level name is the process ID. The fourth level name is as follows: -.Bl -column "KERN_PROG_NARGV" "The number of environ strings" -offset indent +.Bl -column "KERN_PROG_PATHNAME" "The full pathname of the executable" -offset indent .It Dv KERN_PROC_ARGV The argv strings .It Dv KERN_PROC_ENV The environ strings .It Dv KERN_PROC_NARGV The number of argv strings .It Dv KERN_PROC_NENV The number of environ strings +.It Dv KERN_PROC_PATHNAME The full pathname of the executable .El .It Li kern.profiling ( Dv KERN_PROF ) Return profiling information about the kernel. @@ -967,7 +1009,7 @@ is detailed below. The changeable column shows whether a process with appropriate privilege may change the value. .Bl -column "kern.profiling.gmonparam" "struct gmonparam" "Changeable" -offset indent -.It Sy Third level name Sy Type Sy Changeable +.It Sy Third level name Ta Sy Type Ta Sy Changeable .It kern.profiling.count u_short[\|] yes .It kern.profiling.froms u_short[\|] yes .It kern.profiling.gmonparam struct gmonparam no @@ -1015,8 +1057,104 @@ Maximum socket buffer size. .It Li kern.securelevel ( Dv KERN_SECURELVL ) See .Xr secmodel_securelevel 9 . -.\" .It Li kern.sched -.\" XXX: Undocumented. +.It Li kern.sched ( dynamic ) +Influence the scheduling of LWPs, their priorisation and how they are +distributed on and moved between CPUs. +.Bl -column "kern.sched.balance_period" "integer" "Changeable" -offset indent +.It Sy Third level name Sy Type Sy Changeable +.It kern.sched.cacheht_time integer yes +.It kern.sched.balance_period integer yes +.It kern.sched.average_weight integer yes +.It kern.sched.min_catch integer yes +.It kern.sched.timesoftints integer yes +.It kern.sched.kpreempt_pri integer yes +.It kern.sched.upreempt_pri integer yes +.It kern.sched.maxts integer yes +.It kern.sched.mints integer yes +.It kern.sched.name string no +.It kern.sched.rtts integer no +.It kern.sched.pri_min integer no +.It kern.sched.pri_max integer no +.El +.Pp +The variables are as follows: +.Bl -tag -width "123456" +.It Li kern.sched.cacheht_time ( dynamic ) +Cache hotness time in which a LWP is kept on one particular CPU +and not moved to another CPU. This reduces the overhead of flushing +and reloading caches. +Defaults to 3ms. +Needs to be given in +.Dq hz +units, see +.Xr mstohz 9 . +.It Li kern.sched.balance_period ( dynamic ) +Interval at which the CPU queues are checked for re-balancing. +Defaults to 300ms. +Needs to be given in +.Dq hz +units, see +.Xr mstohz 9 . +.It Li kern.sched.average_weight ( dynamic ) +Can be used to influence how likely LWPs are to be migrated from +one CPU's queue of LWPs that are ready to run to a different, idle CPU. +The value gives the percentage for weighting the average count of +migratable threads from the past against the current number of +migratable threads. +A small value gives more weight to the past, a larger values more weight +on the current situation. +Defaults to 50 and must be between 0 and 100. +.It Li kern.sched.min_catch ( dynamic ) +Minimum count of migratable (runable) threads for catching (stealing) +from another CPU. +Defaults to 1 but can be increased to decrease chance of thread +migration between CPUs. +.It Li kern.sched.timesoftints ( dynamic ) +Enable tracking of CPU time for soft interrupts +as part of a LWP's real execution time. +Set to a non-zero value to enable, +and see +.Xr ps 1 +for printing CPU times. +.It Li kern.sched.kpreempt_pri ( dynamic ) +Minimum priority to trigger kernel preemption. +.It Li kern.sched.upreempt_pri ( dynamic ) +Minimum priority to trigger user preemption. +.It Li kern.sched.maxts ( dynamic ) +Scheduler specific maximal time quantum (in milliseconds). +Must be set to a value larger than +.Dq mints +and between 10 and +.Dq hz +as given by the +.Dv kern.clockrate +sysctl. +Provided by the M2 scheduler. +.It Li kern.sched.mints ( dynamic ) +Scheduler specific minimal time quantum (in milliseconds). +Must be set to a value smaller than +.Dq maxts +and between 1 and +.Dq hz +as given by the +.Dq kern.clockrate +sysctl. +Provided by the M2 scheduler. +.It Li kern.sched.name ( dynamic ) +Scheduler name. +Provided both by the M2 and the 4BSD scheduler. +.It Li kern.sched.rtts ( dynamic ) +Fixed scheduler specific round-robin time quantum in milliseconds. +Provided both by the M2 and the 4BSD scheduler. +.It Li kern.sched.pri_min ( dynamic ) +Minimal POSIX real-time priority. +See +.Xr sched 3 . +.It Li kern.sched.pri_max ( dynamic ) +Maximal POSIX real-time priority. +See +.Xr sched 3 . +.El .It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) Maximum amount of kernel memory to be used for socket buffers. .\" XXX units? @@ -1028,7 +1166,7 @@ otherwise\ 0. .It Li kern.timecounter ( dynamic ) Display and control the timecounter source of the system. .Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent -.It Sy Third level name Sy Type Sy Changeable +.It Sy Third level name Ta Sy Type Ta Sy Changeable .It kern.timecounter.choice string no .It kern.timecounter.hardware string yes .It kern.timecounter.timestepwarnings integer yes @@ -1052,7 +1190,7 @@ The third level names for the tty statis The changeable column shows whether a process with appropriate privilege may change the value. .Bl -column "kern.tkstat.cancc" "quad" "Changeable" -offset indent -.It Sy Third level name Sy Type Sy Changeable +.It Sy Third level name Ta Sy Type Ta Sy Changeable .It kern.tkstat.cancc quad no .It kern.tkstat.nin quad no .It kern.tkstat.nout quad no @@ -1075,7 +1213,7 @@ The third level names for the tty setup The changeable column shows whether a process with appropriate privilege may change the value. .Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent -.It Sy Third level name Sy Type Sy Changeable +.It Sy Third level name Ta Sy Type Ta Sy Changeable .It kern.tty.qsize int yes .El .Pp @@ -1092,7 +1230,7 @@ and .It Li kern.uidinfo Resource usage for the current user. .Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent -.It Sy Third level name Sy Type Sy Changeable +.It Sy Third level name Ta Sy Type Ta Sy Changeable .It kern.uidinfo.proccnt integer no .It kern.uidinfo.lwpcnt integer no .It kern.uidinfo.lockcnt integer no @@ -1127,7 +1265,7 @@ system. Runtime information for .Xr veriexec 8 . .Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent -.It Sy Third level name Sy Type Sy Changeable +.It Sy Third level name Ta Sy Type Ta Sy Changeable .It kern.veriexec.algorithms string no .It kern.veriexec.count node not applicable .It kern.veriexec.strict integer yes @@ -1176,7 +1314,7 @@ followed by the vnode itself The set of variables defined is architecture dependent. Most architectures define at least the following variables. .Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent -.It Sy Second level name Sy Type Sy Changeable +.It Sy Second level name Ta Sy Type Ta Sy Changeable .It Li machdep.booted_kernel string no .El .\" XXX: Document the above. @@ -1189,7 +1327,7 @@ privilege may change the value. The second and third levels are typically the protocol family and protocol number, though this is not always the case. .Bl -column "Second level name" "IPsec key management values" "Changeable" -offset indent -.It Sy Second level name Sy Type Sy Changeable +.It Sy Second level name Ta Sy Type Ta Sy Changeable .It net.route routing messages no .It net.inet IPv4 values yes .It net.inet6 IPv6 values yes @@ -1209,7 +1347,7 @@ The fourth level name is an address fami select all address families. The fifth and sixth level names are as follows: .Bl -column "Fifth level name" "Sixth level is:" -offset indent -.It Sy Fifth level name Sy Sixth level is: +.It Sy Fifth level name Ta Sy Sixth level is: .It NET_RT_FLAGS rtflags .It NET_RT_DUMP None .It NET_RT_IFLIST None @@ -1221,15 +1359,13 @@ The third level name is the protocol. The fourth level name is the variable name. The currently defined protocols and names are: .Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent -.It Sy Protocol Variable Sy Type Sy Changeable +.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable .It arp down integer yes .It arp keep integer yes .It arp log_movements integer yes .It arp log_permanent_modify integer yes .It arp log_unknown_network integer yes .It arp log_wrong_iface integer yes -.It arp prune integer yes -.It arp refresh integer yes .It carp allow integer yes .It carp preempt integer yes .It carp log integer yes @@ -1246,6 +1382,7 @@ The currently defined protocols and name .It ip anonportmax integer yes .It ip anonportmin integer yes .It ip checkinterface integer yes +.It ip dad_count integer yes .It ip directed-broadcast integer yes .It ip do_loopback_cksum integer yes .It ip forwarding integer yes @@ -1311,10 +1448,6 @@ The variables are as follows: Failed ARP entry lifetime. .It Li arp.keep Valid ARP entry lifetime. -.It Li arp.prune -ARP cache pruning interval. -.It Li arp.refresh -ARP entry refresh interval. .It Li carp.allow If set to 0, incoming .Xr carp 4 @@ -1367,6 +1500,11 @@ Currently, this must be disabled if ipna destination address to another local interface, or if addresses are added to the loopback interface instead of the interface where the packets for those packets are received. +.It Li ip.dad_count +The number of +.Xr arp 4 +probes sent for Address Conflict Detection. +Set to 0 to disable this. .It Li ip.directed-broadcast If set to 1, enables directed broadcast behavior for the host. .It Li ip.do_loopback_cksum @@ -1603,7 +1741,7 @@ The third level name is the protocol. The fourth level name is the variable name. The currently defined protocols and names are: .Bl -column "Protocol" "anonportalgo.available" "integer" "Changeable" -offset indent -.It Sy Protocol Variable Sy Type Sy Changeable +.It Sy Protocol Variable Ta Sy Type Ta Sy Changeable .It icmp6 errppslimit integer yes .It icmp6 mtudisc_hiwat integer yes .It icmp6 mtudisc_lowat integer yes @@ -1618,6 +1756,7 @@ The currently defined protocols and name .It icmp6 rediraccept integer yes .It icmp6 redirtimeout integer yes .It ip6 accept_rtadv integer yes +.It ip6 addctlpolicy struct in6_addrpolicy no .It ip6 anonportalgo.selected string yes .It ip6 anonportalgo.available string yes .It ip6 anonportalgo.reserve struct yes @@ -1773,7 +1912,7 @@ The maximum number of fragments the node \-1 means that the node will accept as many fragments as it receives. The flag is provided basically for avoiding possible DoS attacks. .It Li ip6.neighborgcthresh -Maximum number of entries in neighbor cache. +Maximum number of entries in neighbor cache per interface. Set to negative to disable. The default value is 2048. .It Li ip6.redirect @@ -1899,7 +2038,7 @@ Get or set various global information ab The third level name is the variable name. The currently defined variable and names are: .Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent -.It Sy Variable Type Sy Changeable +.It Sy Variable Type Ta Sy Changeable .It debug integer yes .It enabled integer yes .It used integer no @@ -1979,7 +2118,7 @@ value of PROC_PID_CORENAME is reset to t The second level name is either the magic value PROC_CURPROC, which points to the current process, or the PID of the target process. .Bl -column "proc.pid.corename" "string" "not applicable" -offset indent -.It Sy Third level name Sy Type Sy Changeable +.It Sy Third level name Ta Sy Type Ta Sy Changeable .It proc.pid.corename string yes .It proc.pid.rlimit node not applicable .It proc.pid.stopfork int yes @@ -2113,7 +2252,7 @@ level is detailed below. The changeable column shows whether a process with appropriate privilege may change the value. .Bl -column "user.coll_weights_max" "integer" "Changeable" -offset indent -.It Sy Second level name Sy Type Sy Changeable +.It Sy Second level name Ta Sy Type Ta Sy Changeable .It user.atexit_max integer no .It user.bc_base_max integer no .It user.bc_dim_max integer no @@ -2218,7 +2357,7 @@ level is detailed below. The changeable column shows whether a process with appropriate privilege may change the value. .Bl -column "Second level name" "struct uvmexp_sysctl" "Changeable" -offset indent -.It Sy Second level name Sy Type Sy Changeable +.It Sy Second level name Ta Sy Type Ta Sy Changeable .It vm.anonmax int yes .It vm.anonmin int yes .It vm.bufcache int yes @@ -2236,6 +2375,7 @@ privilege may change the value. .It vm.uvmexp struct uvmexp no .It vm.uvmexp2 struct uvmexp_sysctl no .It vm.vmmeter struct vmtotal no +.It vm.proc.map struct kinfo_vmentry no .El .Bl -tag -width "123456" .It Li vm.anonmax ( Dv VM_ANONMAX ) @@ -2279,6 +2419,15 @@ The returned data consists of a .Vt struct vmtotal . .It vm.user_va0_disable A flag which controls whether user processes can map virtual address\ 0. +.It Li vm.proc.map ( Dv VM_PROC ) +The third level is +.dv VM_PROC_MAP , +the fourth is the pid of the process to display the vm object entries for, and +the fifth is the size of +.Vt struct kinfo_vmentry . +Returns an array of +.Vt struct kinfo_vmentry +objects. .It Li vm.uspace ( Dv VM_USPACE ) The number of bytes allocated for each kernel stack. .It Li vm.uvmexp ( Dv VM_UVMEXP ) @@ -2299,7 +2448,7 @@ The changeable column shows whether a pr privilege may change the value. .\" XXX sort .Bl -column "Second level name" "integer" "Changeable" -offset indent -.It Sy Second level name Sy Type Sy Changeable +.It Sy Second level name Ta Sy Type Ta Sy Changeable .It ddb.radix integer yes .It ddb.maxoff integer yes .It ddb.maxwidth integer yes @@ -2354,7 +2503,7 @@ level contains various security-related the system. The available second level names are: .Bl -column "Second level name" "integer" "Changeable" -offset indent -.It Sy Second level name Sy Type Sy Changeable +.It Sy Second level name Ta Sy Type Ta Sy Changeable .It Li security.curtain integer yes .It Li security.models node not applicable .It Li security.pax node not applicable @@ -2365,8 +2514,8 @@ Available settings are detailed below. .It Li security.curtain If non-zero, will filter return objects according to the user .Tn ID -requesting information about them, preventing from users any -access to objects they do not own. +requesting information about them, preventing users from +accessing any objects they do not own. .Pp At the moment, it affects .Xr ps 1 , @@ -2408,6 +2557,7 @@ The available third and fourth level nam .\".It Li security.pax.aslr.stack_len integer yes .It Li security.pax.mprotect.enabled integer yes .It Li security.pax.mprotect.global integer yes +.It Li security.pax.mprotect.ptrace integer yes .It Li security.pax.segvguard.enabled integer yes .It Li security.pax.segvguard.expiry_timeout integer yes .It Li security.pax.segvguard.global integer yes @@ -2455,6 +2605,19 @@ except those exempted with Otherwise, all programs will not get the PaX MPROTECT restrictions, except those specifically marked as such with .Xr paxctl 8 . +.It Li security.pax.mprotect.ptrace +This variable allows +.Xr ptrace 2 +to override PaX MPROTECT permissions. +It can have the following values: +.Bl -tag -width XX -compact +.It 0 +Does not let override any permissions. +.It 1 +Disables PaX MPROTECT from processes that start executing while traced (default). +.It 2 +Bypasses PaX MPROTECT for all processes being traced. +.El .It Li security.pax.segvguard.enabled Enable PaX Segvguard. .Pp