Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/share/man/man7/sysctl.7,v rcsdiff: /ftp/cvs/cvsroot/src/share/man/man7/sysctl.7,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.134 retrieving revision 1.139 diff -u -p -r1.134 -r1.139 --- src/share/man/man7/sysctl.7 2018/10/30 19:41:21 1.134 +++ src/share/man/man7/sysctl.7 2019/06/01 19:54:34 1.139 @@ -1,4 +1,4 @@ -.\" $NetBSD: sysctl.7,v 1.134 2018/10/30 19:41:21 kre Exp $ +.\" $NetBSD: sysctl.7,v 1.139 2019/06/01 19:54:34 kamil Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. @@ -29,7 +29,7 @@ .\" .\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 .\" -.Dd October 30, 2018 +.Dd June 1, 2019 .Dt SYSCTL 7 .Os .Sh NAME @@ -359,6 +359,7 @@ privilege may change the value. .It kern.sched node not applicable .It kern.securelevel integer raise only .It kern.somaxkva integer yes +.It kern.sooptions integer yes .It kern.synchronized_io integer no .It kern.timecounter node not applicable .It kern.timex struct no @@ -523,9 +524,28 @@ calls used by .Xr fstat 1 and .Xr sockstat 1 . +If it is set to +.Dv 0 +access is not allowed. +If it is set to +.Dv 1 +then only processes that have opened +.Pa /dev/kmem +can have access. +If it is set to +.Dv 2 +every process is allowed. Defaults to -.Dv 0 . -Turning it on renders KASLR ineffective. +.Dv 0 +for +.Dv KASLR +kernels +and +.Dv 1 +otherwise. +Allowing general access renders KASLR ineffective; allowing only kmem +accessing programs weakens KASLR if those programs can be subverted +to leak the addresses. .It Li kern.dump_on_panic ( Dv KERN_DUMP_ON_PANIC ) Perform a crash dump on system .Xr panic 9 . @@ -1006,6 +1026,7 @@ The fourth level name is as follows: .It Dv KERN_PROC_NARGV The number of argv strings .It Dv KERN_PROC_NENV The number of environ strings .It Dv KERN_PROC_PATHNAME The full pathname of the executable +.It Dv KERN_PROC_CWD The current working directory .El .It Li kern.profiling ( Dv KERN_PROF ) Return profiling information about the kernel. @@ -1062,8 +1083,7 @@ Return the offset of real time clock fro .It Li kern.saved_ids ( Dv KERN_SAVED_IDS ) Returns 1 if saved set-group and saved set-user ID is available. .It Li kern.sbmax ( Dv KERN_SBMAX ) -Maximum socket buffer size. -.\" XXX units? +Maximum socket buffer size in bytes. .It Li kern.securelevel ( Dv KERN_SECURELVL ) See .Xr secmodel_securelevel 9 . @@ -1166,8 +1186,14 @@ See .Xr sched 3 . .El .It Li kern.somaxkva ( Dv KERN_SOMAXKVA ) -Maximum amount of kernel memory to be used for socket buffers. -.\" XXX units? +Maximum amount of kernel memory to be used for socket buffers in bytes. +.It Li kern.sooptions +Set the default socket option flags for +.Xr socket 2 +creation. +See +.Xr setsockopt 2 +for a list of supported flags. .It Li kern.synchronized_io ( Dv KERN_SYNCHRONIZED_IO ) Returns 1 if the .St -p1003.1b-93 @@ -1244,6 +1270,7 @@ Resource usage for the current user. .It kern.uidinfo.proccnt integer no .It kern.uidinfo.lwpcnt integer no .It kern.uidinfo.lockcnt integer no +.It kern.uidinfo.semcnt integer no .It kern.uidinfo.sbsize integer no .El .Bl -tag -width "123456" @@ -1254,6 +1281,8 @@ Returns the number of active threads for of each process is not counted. .It Li kern.uidinfo.lockcnt Number of locks held by the current user. +.It Li kern.uidinfo.semcnt +Number of semaphores held by the current user. .It Li kern.uidinfo.sbsize Number of bytes in socket buffers allocated to the current user. .El