version 1.130, 2018/09/02 17:21:28 |
version 1.137, 2018/12/05 21:15:20 |
|
|
.\" |
.\" |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" |
.\" |
.Dd September 2, 2018 |
.Dd December 5, 2018 |
.Dt SYSCTL 7 |
.Dt SYSCTL 7 |
.Os |
.Os |
.Sh NAME |
.Sh NAME |
Line 278 privilege may change the value. |
|
Line 278 privilege may change the value. |
|
.It kern.arandom integer no |
.It kern.arandom integer no |
.It kern.argmax integer no |
.It kern.argmax integer no |
.It kern.boothowto integer no |
.It kern.boothowto integer no |
.It kern.boottime struct timeval no |
.It kern.boottime struct timespec no |
.It kern.buildinfo string no |
.It kern.buildinfo string no |
.\".It kern.bufq node not applicable |
.\".It kern.bufq node not applicable |
.It kern.ccpu integer no |
.It kern.ccpu integer no |
Line 293 privilege may change the value. |
|
Line 293 privilege may change the value. |
|
.It kern.domainname string yes |
.It kern.domainname string yes |
.It kern.drivers struct kinfo_drivers no |
.It kern.drivers struct kinfo_drivers no |
.It kern.dump_on_panic integer yes |
.It kern.dump_on_panic integer yes |
|
.It kern.expose_address integer yes |
.It kern.file struct file no |
.It kern.file struct file no |
.It kern.forkfsleep integer yes |
.It kern.forkfsleep integer yes |
.It kern.fscale integer no |
.It kern.fscale integer no |
Line 358 privilege may change the value. |
|
Line 359 privilege may change the value. |
|
.It kern.sched node not applicable |
.It kern.sched node not applicable |
.It kern.securelevel integer raise only |
.It kern.securelevel integer raise only |
.It kern.somaxkva integer yes |
.It kern.somaxkva integer yes |
|
.It kern.sooptions integer yes |
.It kern.synchronized_io integer no |
.It kern.synchronized_io integer no |
.It kern.timecounter node not applicable |
.It kern.timecounter node not applicable |
.It kern.timex struct no |
.It kern.timex struct no |
Line 395 Flags passed from the boot loader; see |
|
Line 397 Flags passed from the boot loader; see |
|
for the meanings of the flags. |
for the meanings of the flags. |
.It Li kern.boottime ( Dv KERN_BOOTTIME ) |
.It Li kern.boottime ( Dv KERN_BOOTTIME ) |
A |
A |
.Vt struct timeval |
.Vt struct timespec |
structure is returned. |
structure is returned. |
This structure contains the time that the system was booted. |
This structure contains the time that the system was booted. |
|
That time is defined (for this purpose) to be the time at |
|
which the kernel first started accumulating clock ticks. |
.It Li kern.bufq |
.It Li kern.bufq |
This variable contains information on the |
This variable contains information on the |
.Xr bufq 9 |
.Xr bufq 9 |
Line 513 field is always a NUL terminated string. |
|
Line 517 field is always a NUL terminated string. |
|
The |
The |
.Va d_bmajor |
.Va d_bmajor |
field will be set to \-1 if the driver doesn't have a block device. |
field will be set to \-1 if the driver doesn't have a block device. |
|
.It Li kern.expose_address |
|
Expose kernel addresses in |
|
.Xr sysctl 3 |
|
calls used by |
|
.Xr fstat 1 |
|
and |
|
.Xr sockstat 1 . |
|
If it is set to |
|
.Dv 0 |
|
access is not allowed. |
|
If it is set to |
|
.Dv 1 |
|
then only processes that have opened |
|
.Pa /dev/kmem |
|
can have access. |
|
If it is set to |
|
.Dv 2 |
|
every process is allowed. |
|
Defaults to |
|
.Dv 0 |
|
for |
|
.Dv KASLR |
|
kernels |
|
and |
|
.Dv 1 |
|
otherwise. |
|
Allowing general access renders KASLR ineffective; allowing only kmem |
|
accessing programs weakens KASLR if those programs can be subverted |
|
to leak the addresses. |
.It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC ) |
.It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC ) |
Perform a crash dump on system |
Perform a crash dump on system |
.Xr panic 9 . |
.Xr panic 9 . |
Line 1049 Return the offset of real time clock fro |
|
Line 1082 Return the offset of real time clock fro |
|
.It Li kern.saved_ids ( Dv KERN_SAVED_IDS ) |
.It Li kern.saved_ids ( Dv KERN_SAVED_IDS ) |
Returns 1 if saved set-group and saved set-user ID is available. |
Returns 1 if saved set-group and saved set-user ID is available. |
.It Li kern.sbmax ( Dv KERN_SBMAX ) |
.It Li kern.sbmax ( Dv KERN_SBMAX ) |
Maximum socket buffer size. |
Maximum socket buffer size in bytes. |
.\" XXX units? |
|
.It Li kern.securelevel ( Dv KERN_SECURELVL ) |
.It Li kern.securelevel ( Dv KERN_SECURELVL ) |
See |
See |
.Xr secmodel_securelevel 9 . |
.Xr secmodel_securelevel 9 . |
|
|
.Xr sched 3 . |
.Xr sched 3 . |
.El |
.El |
.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) |
.It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) |
Maximum amount of kernel memory to be used for socket buffers. |
Maximum amount of kernel memory to be used for socket buffers in bytes. |
.\" XXX units? |
.It Li kern.sooptions |
|
Set the default socket option flags for |
|
.Xr socket 2 |
|
creation. |
|
See |
|
.Xr setsockopt 2 |
|
for a list of supported flags. |
.It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO ) |
.It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO ) |
Returns 1 if the |
Returns 1 if the |
.St -p1003.1b-93 |
.St -p1003.1b-93 |
Line 2046 The variables are as follows: |
|
Line 2084 The variables are as follows: |
|
.It Li debug |
.It Li debug |
Turn on debugging message from within the kernel. |
Turn on debugging message from within the kernel. |
The value is a bitmap, as defined in |
The value is a bitmap, as defined in |
.In netkey/key_debug.h . |
.In netipsec/key_debug.h . |
.It Li enabled |
.It Li enabled |
Control processing of IPsec control messages. |
Control processing of IPsec control messages. |
.Bl -tag -width indent |
.Bl -tag -width indent |
Line 2126 The variables are as follows: |
|
Line 2164 The variables are as follows: |
|
.It Li dgram.pcblist |
.It Li dgram.pcblist |
The Protocol Control Block list structure for datagram sockets. |
The Protocol Control Block list structure for datagram sockets. |
Parsed by |
Parsed by |
.Xr netstat 8 |
.Xr netstat 1 |
or |
or |
.Xr sockstat 8 . |
.Xr sockstat 1 . |
.It Li dgram.recvspace |
.It Li dgram.recvspace |
The default datagram receive buffer size. |
The default datagram receive buffer size. |
.It Li dgram.sendspace |
.It Li dgram.sendspace |
Line 2136 The default datagram send buffer size. |
|
Line 2174 The default datagram send buffer size. |
|
.It Li seqpacket.pcblist |
.It Li seqpacket.pcblist |
The Protocol Control Block list structure for Sequential Packet sockets. |
The Protocol Control Block list structure for Sequential Packet sockets. |
Parsed by |
Parsed by |
.Xr netstat 8 |
.Xr netstat 1 |
or |
or |
.Xr sockstat 8 . |
.Xr sockstat 1 . |
.It Li stream.pcblist |
.It Li stream.pcblist |
The Protocol Control Block list structure for stream sockets. |
The Protocol Control Block list structure for stream sockets. |
Parsed by |
Parsed by |
.Xr netstat 8 |
.Xr netstat 1 |
or |
or |
.Xr sockstat 8 . |
.Xr sockstat 1 . |
.It Li stream.recvspace |
.It Li stream.recvspace |
The default stream receive buffer size. |
The default stream receive buffer size. |
.It Li stream.sendspace |
.It Li stream.sendspace |
|
|
.Xr secmodel 9 |
.Xr secmodel 9 |
for more information. |
for more information. |
.It Li security.pax |
.It Li security.pax |
Settings for PaX -- exploit mitigation features. |
Settings for PaX \(em exploit mitigation features. |
For more information on any of the PaX features, please see |
For more information on any of the PaX features, please see |
.Xr paxctl 8 |
.Xr paxctl 8 |
and |
and |