[BACK]Return to sysctl.7 CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / share / man / man7

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/share/man/man7/sysctl.7 between version 1.33 and 1.49

version 1.33, 2010/03/22 18:58:32 version 1.49, 2010/07/31 02:00:49
Line 29 
Line 29 
 .\"  .\"
 .\"     @(#)sysctl.3    8.4 (Berkeley) 5/9/95  .\"     @(#)sysctl.3    8.4 (Berkeley) 5/9/95
 .\"  .\"
 .Dd February 21, 2010  .Dd July 31, 2010
 .Dt SYSCTL 7  .Dt SYSCTL 7
 .Os  .Os
 .Sh NAME  .Sh NAME
Line 112  if a variable is initialized in more tha
Line 112  if a variable is initialized in more tha
 For example, to export the variable  For example, to export the variable
 .Dv dospecialcheck  .Dv dospecialcheck
 as a debugging variable, the following declaration would be used:  as a debugging variable, the following declaration would be used:
   .Pp
 .Bd -literal -offset indent -compact  .Bd -literal -offset indent -compact
 int dospecialcheck = 1;  int dospecialcheck = 1;
 struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck };  struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck };
Line 154  The string and integer information avail
Line 155  The string and integer information avail
 level is detailed below.  level is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 .Bl -column "hw.acpi.supported_states" "integer" "Changeable" -offset indent  .Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent
 .It Sy Second level name        Type    Changeable  .It Sy Second level name        Type    Changeable
 .It hw.acpi.supported_states    string  no  
 .It hw.alignbytes       integer no  .It hw.alignbytes       integer no
 .It hw.byteorder        integer no  .It hw.byteorder        integer no
 .It hw.cnmagic  string  yes  .It hw.cnmagic  string  yes
Line 174  privilege may change the value.
Line 174  privilege may change the value.
 .El  .El
 .Pp  .Pp
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li hw.acpi.supported_states  
 List of possible  
 .Tn ACPI  
 sleep states.  
 The list can contain the following values:  
 .Bl -tag -width XS1X  
 .It S0  
 fully running  
 .It S1  
 power on suspend (CPU and hard disks are off)  
 .It S2  
 similar to S3, usually not implemented  
 .It S3  
 suspend-to-RAM  
 .It S4  
 suspend-to-disk (needs BIOS support)  
 .It S5  
 power off  
 .El  
 .It Li hw.alignbytes ( HW_ALIGNBYTES )  .It Li hw.alignbytes ( HW_ALIGNBYTES )
 Alignment constraint for all possible data types.  Alignment constraint for all possible data types.
 This shows the value  This shows the value
Line 249  The bytes of non-kernel memory as a 32-b
Line 230  The bytes of non-kernel memory as a 32-b
 The bytes of non-kernel memory as a 64-bit integer.  The bytes of non-kernel memory as a 64-bit integer.
 .El  .El
 .Sh The kern.* subtree  .Sh The kern.* subtree
   This subtree includes data generally related to the kernel.
 The string and integer information available for the  The string and integer information available for the
 .Li kern  .Li kern
 level is detailed below.  level is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
 privilege may change the value.  privilege may change the value.
 The types of data currently available are process information,  .Bl -column "kern.posix_reader_writer_locks" \
 system vnodes, the open file entries, routing table entries,  "struct kinfo_drivers" "not applicable"
 virtual memory statistics, load average history, and clock rate  
 information.  
 .Bl -column "kern.posix_reader_writer_locks" "struct kinfo_drivers" "not applicable"  
 .It Sy Second level name        Type    Changeable  .It Sy Second level name        Type    Changeable
   .It kern.arandom        integer no
 .It kern.argmax integer no  .It kern.argmax integer no
 .It kern.autonicetime   integer yes  .It kern.boothowto      integer no
 .It kern.autoniceval    integer yes  
 .It kern.boottime       struct timeval  no  .It kern.boottime       struct timeval  no
 .It kern.bufq   node    not applicable  .\".It kern.bufq        node    not applicable
 .It kern.ccpu   integer no  .It kern.ccpu   integer no
 .It kern.clockrate      struct clockinfo        no  .It kern.clockrate      struct clockinfo        no
 .It kern.consdev        integer no  .It kern.consdev        integer no
   .It kern.coredump       node    not applicable
 .It kern.cp_id  struct  no  .It kern.cp_id  struct  no
 .It kern.cp_time        uint64_t[\|]    no  .It kern.cp_time        uint64_t[\|]    no
   .It kern.cryptodevallowsoft     integer yes
 .It kern.defcorename    string  yes  .It kern.defcorename    string  yes
   .It kern.detachall      integer yes
 .It kern.domainname     string  yes  .It kern.domainname     string  yes
 .It kern.drivers        struct kinfo_drivers    no  .It kern.drivers        struct kinfo_drivers    no
   .It kern.dump_on_panic  integer yes
 .It kern.file   struct file     no  .It kern.file   struct file     no
 .It kern.forkfsleep     integer yes  .It kern.forkfsleep     integer yes
 .It kern.fscale integer no  .It kern.fscale integer no
Line 281  information.
Line 264  information.
 .It kern.hostid integer yes  .It kern.hostid integer yes
 .It kern.hostname       string  yes  .It kern.hostname       string  yes
 .It kern.iov_max        integer no  .It kern.iov_max        integer no
   .It kern.ipc    node    not applicable
 .It kern.job_control    integer no  .It kern.job_control    integer no
 .It kern.labeloffset    integer no  .It kern.labeloffset    integer no
 .It kern.labelsector    integer no  .It kern.labelsector    integer no
Line 297  information.
Line 281  information.
 .It kern.memlock        integer no  .It kern.memlock        integer no
 .It kern.memlock_range  integer no  .It kern.memlock_range  integer no
 .It kern.memory_protection      integer no  .It kern.memory_protection      integer no
   .It kern.module node    not applicable
 .It kern.monotonic_clock        integer no  .It kern.monotonic_clock        integer no
   .It kern.mqueue node    not applicable
 .It kern.msgbuf integer no  .It kern.msgbuf integer no
 .It kern.msgbufsize     integer no  .It kern.msgbufsize     integer no
 .It kern.ngroups        integer no  .It kern.ngroups        integer no
   .\".It kern.no_sa_support       integer yes
 .It kern.ntptime        struct ntptimeval       no  .It kern.ntptime        struct ntptimeval       no
 .It kern.osrelease      string  no  .It kern.osrelease      string  no
 .It kern.osrev  integer no  .It kern.osrevision     integer no
 .It kern.ostype string  no  .It kern.ostype string  no
   .\".It kern.panic_now   integer yes
 .It kern.pipe   node    not applicable  .It kern.pipe   node    not applicable
 .It kern.posix1 integer no  .\" .It kern.posix      node    not applicable
   .It kern.posix1version  integer no
 .It kern.posix_barriers integer no  .It kern.posix_barriers integer no
 .It kern.posix_reader_writer_locks      integer no  .It kern.posix_reader_writer_locks      integer no
   .\".It kern.posix_sched integer yes
 .It kern.posix_semaphores       integer no  .It kern.posix_semaphores       integer no
 .It kern.posix_spin_locks       integer no  .It kern.posix_spin_locks       integer no
 .It kern.posix_threads  integer no  .It kern.posix_threads  integer no
Line 316  information.
Line 306  information.
 .It kern.proc   struct kinfo_proc       no  .It kern.proc   struct kinfo_proc       no
 .It kern.proc2  struct kinfo_proc2      no  .It kern.proc2  struct kinfo_proc2      no
 .It kern.proc_args      string  no  .It kern.proc_args      string  no
 .It kern.prof   node    not applicable  .It kern.profiling      node    not applicable
   .\".It kern.pset        node    not applicable
 .It kern.rawpartition   integer no  .It kern.rawpartition   integer no
 .It kern.root_device    string  no  .It kern.root_device    string  no
 .It kern.root_partition integer no  .It kern.root_partition integer no
 .It kern.rtc_offset     integer yes  .It kern.rtc_offset     integer yes
 .It kern.saved_ids      integer no  .It kern.saved_ids      integer no
   .It kern.sbmax  integer yes
   .\".It kern.sched       node    not applicable
 .It kern.securelevel    integer raise only  .It kern.securelevel    integer raise only
   .It kern.somaxkva       integer yes
 .It kern.synchronized_io        integer no  .It kern.synchronized_io        integer no
 .It kern.ipc    node    not applicable  
 .It kern.timecounter    node    not applicable  .It kern.timecounter    node    not applicable
 .It kern.timex  struct  no  .It kern.timex  struct  no
 .It kern.tkstat node    not applicable  .It kern.tkstat node    not applicable
 .It kern.urandom        integer no  .It kern.urandom        integer no
   .It kern.usercrypto     integer yes
   .It kern.userasymcrypto integer yes
   .It kern.veriexec       node    not applicable
 .It kern.version        string  no  .It kern.version        string  no
 .It kern.vnode  struct vnode    no  .It kern.vnode  struct vnode    no
 .El  .El
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
   .It Li kern.arandom
   This variable picks a random number each time it is queried.
   The used random number generator
   .Pq Tn RNG
   is based on
   .Xr arc4random 3 .
 .It Li kern.argmax ( KERN_ARGMAX )  .It Li kern.argmax ( KERN_ARGMAX )
 The maximum bytes of argument to  The maximum bytes of argument to
 .Xr execve 2 .  .Xr execve 2 .
 .It Li kern.autonicetime ( KERN_AUTONICETIME )  
 The number of seconds of CPU-time a non-root process may accumulate before  
 having its priority lowered from the default to the value of KERN_AUTONICEVAL.  
 If set to 0, automatic lowering of priority is not performed, and if set to \-1  
 all non-root processes are immediately lowered.  
 .It Li kern.autoniceval ( KERN_AUTONICEVAL )  
 The priority assigned for automatically niced processes.  
 .It Li kern.boothowto  .It Li kern.boothowto
 Flags passed from the boot loader; see  Flags passed from the boot loader; see
 .Xr reboot 2  .Xr reboot 2
Line 352  A
Line 347  A
 .Va struct timeval  .Va struct timeval
 structure is returned.  structure is returned.
 This structure contains the time that the system was booted.  This structure contains the time that the system was booted.
   .\" .It Li kern.bufq
   .\" XXX: Undocumented.
 .It Li kern.ccpu ( KERN_CCPU )  .It Li kern.ccpu ( KERN_CCPU )
 The scheduler exponential decay value.  The scheduler exponential decay value.
 .It Li kern.clockrate ( KERN_CLOCKRATE )  .It Li kern.clockrate ( KERN_CLOCKRATE )
Line 361  structure is returned.
Line 358  structure is returned.
 This structure contains the clock, statistics clock and profiling clock  This structure contains the clock, statistics clock and profiling clock
 frequencies, the number of micro-seconds per hz tick, and the clock  frequencies, the number of micro-seconds per hz tick, and the clock
 skew rate.  skew rate.
   Refer to
   .Xr hz 9
   for additional details.
 .It Li kern.consdev ( KERN_CONSDEV )  .It Li kern.consdev ( KERN_CONSDEV )
 Console device.  Console device.
   .It Li kern.coredump
   Settings related to set-id processes coredumps.
   By default, set-id processes do not dump core in situations where
   other processes would.
   The settings in this node allows an administrator to change this
   behavior.
   .Pp
   The third level name is
   .Dv kern.coredump.setid
   and fourth level variables are described below.
   .Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent
   .It Sy Fourth level name        Type    Changeable
   .It kern.coredump.setid.dump    integer yes
   .It kern.coredump.setid.group   integer yes
   .It kern.coredump.setid.mode    integer yes
   .It kern.coredump.setid.owner   integer yes
   .It kern.coredump.setid.path    string  yes
   .El
   .Bl -tag -width "123456"
   .It Li kern.coredump.setid.dump
   If non-zero, set-id processes will dump core.
   .It Li kern.coredump.setid.group
   The group-id for the set-id processes' coredump.
   .It Li kern.coredump.setid.mode
   The mode for the set-id processes' coredump.
   See
   .Xr chmod 1 .
   .It Li kern.coredump.setid.owner
   The user-id that will be used as the owner of the set-id processes'
   coredump.
   .It Li kern.coredump.setid.path
   The path to which set-id processes' coredumps will be saved to.
   Same syntax as kern.defcorename.
   .El
 .It Li kern.cp_id ( KERN_CP_ID )  .It Li kern.cp_id ( KERN_CP_ID )
 Mapping of CPU number to CPU id.  Mapping of CPU number to CPU id.
 .It Li kern.cp_time ( KERN_CP_TIME )  .It Li kern.cp_time ( KERN_CP_TIME )
Line 373  On multi-processor systems, the sum acro
Line 407  On multi-processor systems, the sum acro
 appropriate space is given for one data set for each CPU.  appropriate space is given for one data set for each CPU.
 Data for a specific CPU can also be obtained by adding the number of the  Data for a specific CPU can also be obtained by adding the number of the
 CPU at the end of the MIB, enlarging it by one.  CPU at the end of the MIB, enlarging it by one.
   .It Li kern.cryptodevallowsoft
   This variable controls userland access to hardware versus software transforms
   in the
   .Xr crypto 4
   system.
   The available values are as follows:
   .Bl -tag -width XX0 -offset indent
   .It Dv \*[Lt] 0
   Always force userlevel requests to use software transforms.
   .It Dv = 0
   If present, use hardware and grant userlevel requests for
   non-accelerated transforms (handling the latter in software).
   .It Dv \*[Gt] 0
   Allow user requests only for transforms which are hardware-accelerated.
   .El
 .It Li kern.defcorename ( KERN_DEFCORENAME )  .It Li kern.defcorename ( KERN_DEFCORENAME )
 Default template for the name of core dump files (see also  Default template for the name of core dump files (see also
 .Li proc.pid.corename  .Li proc.pid.corename
Line 388  and can be changed with the kernel confi
Line 437  and can be changed with the kernel confi
 (see  (see
 .Xr options 4  .Xr options 4
 ).  ).
   .It Li kern.detachall
   Detach all devices at shutdown.
 .It Li kern.domainname ( KERN_DOMAINNAME )  .It Li kern.domainname ( KERN_DOMAINNAME )
 Get or set the YP domain name.  Get or set the YP domain name.
 .It Li kern.dump_on_panic ( KERN_DUMP_ON_PANIC )  
 Perform a crash dump on system panic.  
 .It Li kern.drivers ( KERN_DRIVERS )  .It Li kern.drivers ( KERN_DRIVERS )
 Return an array of  Return an array of
 .Va struct kinfo_drivers  .Va struct kinfo_drivers
Line 403  field is always a NUL terminated string.
Line 452  field is always a NUL terminated string.
 The  The
 .Va d_bmajor  .Va d_bmajor
 field will be set to \-1 if the driver doesn't have a block device.  field will be set to \-1 if the driver doesn't have a block device.
   .It Li kern.dump_on_panic ( KERN_DUMP_ON_PANIC )
   Perform a crash dump on system
   .Xr panic 9 .
 .It Li kern.file ( KERN_FILE )  .It Li kern.file ( KERN_FILE )
 Return the entire file table.  Return the entire file table.
 The returned data consists of a single  The returned data consists of a single
Line 432  Returns the number of
Line 484  Returns the number of
 .Xr hardclock 9  .Xr hardclock 9
 ticks.  ticks.
 .It Li kern.hostid ( KERN_HOSTID )  .It Li kern.hostid ( KERN_HOSTID )
 Get or set the host id.  Get or set the host identifier.
   This is aimed to replace the legacy
   .Xr gethostid 3
   and
   .Xr sethostid 3
   system calls.
 .It Li kern.hostname ( KERN_HOSTNAME )  .It Li kern.hostname ( KERN_HOSTNAME )
 Get or set the hostname.  Get or set the
   .Xr hostname 1 .
 .It Li kern.iov_max ( KERN_IOV_MAX )  .It Li kern.iov_max ( KERN_IOV_MAX )
 Return the maximum number of  Return the maximum number of
 .Va iovec  .Va iovec
Line 446  structures that a process has available 
Line 504  structures that a process has available 
 .Xr sendmsg 2  .Xr sendmsg 2
 and  and
 .Xr writev 2 .  .Xr writev 2 .
   .It Li kern.ipc ( KERN_SYSVIPC )
   Return information about the SysV IPC parameters.
   The third level names for the ipc variables are detailed below.
   .Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent
   .It Sy Third level name Type    Changeable
   .It kern.ipc.sysvmsg    integer no
   .It kern.ipc.sysvsem    integer no
   .It kern.ipc.sysvshm    integer no
   .It kern.ipc.sysvipc_info       struct  no
   .It kern.ipc.shmmax     integer yes
   .It kern.ipc.shmmni     integer yes
   .It kern.ipc.shmseg     integer yes
   .It kern.ipc.shmmaxpgs  integer yes
   .It kern.ipc.shm_use_phys       integer yes
   .It kern.ipc.msgmni     integer yes
   .It kern.ipc.msgseg     integer yes
   .It kern.ipc.semmni     integer yes
   .It kern.ipc.semmns     integer yes
   .It kern.ipc.semmnu     integer yes
   .El
   .Bl -tag -width "123456"
   .It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG )
   Returns 1 if System V style message queue functionality is available
   on this system,
   otherwise 0.
   .It Li kern.ipc.sysvsem ( KERN_SYSVIPC_SEM )
   Returns 1 if System V style semaphore functionality is available
   on this system,
   otherwise 0.
   .It Li kern.ipc.sysvshm ( KERN_SYSVIPC_SHM )
   Returns 1 if System V style share memory functionality is available
   on this system,
   otherwise 0.
   .It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO )
   Return System V style IPC configuration and run-time information.
   The fourth level name selects the System V style IPC facility.
   .Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent
   .It Sy Fourth level name        Type
   .It KERN_SYSVIPC_MSG_INFO       struct msg_sysctl_info
   .It KERN_SYSVIPC_SEM_INFO       struct sem_sysctl_info
   .It KERN_SYSVIPC_SHM_INFO       struct shm_sysctl_info
   .El
   .Pp
   .Bl -tag -width "123456"
   .It Li KERN_SYSVIPC_MSG_INFO
   Return information on the System V style message facility.
   The
   .Sy msg_sysctl_info
   structure is defined in
   .In sys/msg.h .
   .It Li KERN_SYSVIPC_SEM_INFO
   Return information on the System V style semaphore facility.
   The
   .Sy sem_sysctl_info
   structure is defined in
   .In sys/sem.h .
   .It Li KERN_SYSVIPC_SHM_INFO
   Return information on the System V style shared memory facility.
   The
   .Sy shm_sysctl_info
   structure is defined in
   .In sys/shm.h .
   .El
   .It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX )
   Max shared memory segment size in bytes.
   .It Li kern.ipc.shmmni ( KERN_SYSVIPC_SHMMNI )
   Max number of shared memory identifiers.
   .It Li kern.ipc.shmseg ( KERN_SYSVIPC_SHMSEG )
   Max shared memory segments per process.
   .It Li kern.ipc.shmmaxpgs ( KERN_SYSVIPC_SHMMAXPGS )
   Max amount of shared memory in pages.
   .It Li kern.ipc.shm_use_phys ( KERN_SYSVIPC_SHMUSEPHYS )
   Locking of shared memory in physical memory.
   If 0, memory can be swapped
   out, otherwise it will be locked in physical memory.
   .It Li kern.ipc.msgmni
   Max number of message queue identifiers.
   .It Li kern.ipc.msgseg
   Max number of number of message segments.
   .It Li kern.ipc.semmni
   Max number of number of semaphore identifiers.
   .It Li kern.ipc.semmns
   Max number of number of semaphores in system.
   .It Li kern.ipc.semmnu
   Max number of undo structures in system.
   .El
 .It Li kern.job_control ( KERN_JOB_CONTROL )  .It Li kern.job_control ( KERN_JOB_CONTROL )
 Return 1 if job control is available on this system, otherwise 0.  Return 1 if job control is available on this system, otherwise 0.
 .It Li kern.labeloffset ( KERN_LABELOFFSET )  .It Li kern.labeloffset ( KERN_LABELOFFSET )
Line 529  otherwise 0.
Line 673  otherwise 0.
 Returns 1 if the POSIX 1003.1b Memory Protection Option is available  Returns 1 if the POSIX 1003.1b Memory Protection Option is available
 on this system,  on this system,
 otherwise 0.  otherwise 0.
   .It Li kern.module
   Settings related to kernel modules.
   The third level names for the settings are described below.
   .Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent
   .It Sy Third level name Type    Changeable
   .It kern.module.autoload        integer yes
   .It kern.module.verbose integer yes
   .El
   .Pp
   The variables are as follows:
   .Bl -tag -width "123456"
   .It Li kern.module.autoload
   A boolean that controls whether kernel modules are loaded automatically.
   See for example
   .Xr modstat 8
   for additional details.
   .It Li kern.module.verbose
   A boolean that enables or disables verbose
   debug messages related to kernel modules.
   .El
 .It Li kern.monotonic_clock ( KERN_MONOTONIC_CLOCK )  .It Li kern.monotonic_clock ( KERN_MONOTONIC_CLOCK )
 Returns the standard version the implementation of the POSIX 1003.1b  Returns the standard version the implementation of the POSIX 1003.1b
 Monotonic Clock Option conforms to,  Monotonic Clock Option conforms to,
 otherwise 0.  otherwise 0.
   .It Li kern.mqueue
   Settings related to
   .Tn POSIX
   message queues; see
   .Xr mqueue 3 .
   This node is created dynamically when
   the corresponding kernel module is loaded.
   The third level names for the settings are described below.
   .Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent
   .It Sy Third level name Type    Changeable
   .It kern.mqueue.mq_open_max     integer yes
   .It kern.mqueue.mq_prio_max     integer yes
   .It kern.mqueue.mq_max_msgsize  integer yes
   .It kern.mqueue.mq_def_maxmsg   integer yes
   .It kern.mqueue.mq_max_maxmsg   integer yes
   .El
   .Pp
   The variables are:
   .Bl -tag -width "123456"
   .It Li kern.mqueue.mq_open_max
   The maximum number of message queue descriptors any single process can open.
   .It Li kern.mqueue.mq_prio_max
   The maximum priority of a message.
   .It Li kern.mqueue.mq_max_msgsize
   The maximum size of a message in a message queue.
   .It Li kern.mqueue.mq_def_maxmsg
   The default maximum message count.
   .It Li kern.mqueue.mq_max_maxmsg
   The maximum number of messages in a message queue.
   .El
 .It Li kern.msgbuf ( KERN_MSGBUF )  .It Li kern.msgbuf ( KERN_MSGBUF )
 The kernel message buffer, rotated so that the head of the circular kernel  The kernel message buffer, rotated so that the head of the circular kernel
 message buffer is at the start of the returned data.  message buffer is at the start of the returned data.
Line 541  The returned data may contain NUL bytes.
Line 735  The returned data may contain NUL bytes.
 The maximum number of characters that the kernel message buffer can hold.  The maximum number of characters that the kernel message buffer can hold.
 .It Li kern.ngroups ( KERN_NGROUPS )  .It Li kern.ngroups ( KERN_NGROUPS )
 The maximum number of supplemental groups.  The maximum number of supplemental groups.
   .\" .It Li kern.no_sa_support
   .\" XXX: Undocumented.
 .It Li kern.ntptime ( KERN_NTPTIME )  .It Li kern.ntptime ( KERN_NTPTIME )
 A  A
 .Va struct ntptimeval  .Va struct ntptimeval
Line 554  The system release string.
Line 750  The system release string.
 The system revision string.  The system revision string.
 .It Li kern.ostype ( KERN_OSTYPE )  .It Li kern.ostype ( KERN_OSTYPE )
 The system type string.  The system type string.
   .\".It Li kern.panic_now
   .\" XXX: Undocumented.
 .It Li kern.pipe ( KERN_PIPE )  .It Li kern.pipe ( KERN_PIPE )
 Pipe settings.  Pipe settings.
 The third level names for the  integer pipe settings is detailed below.  The third level names for the  integer pipe settings is detailed below.
Line 581  Limit for direct transfers via page loan
Line 779  Limit for direct transfers via page loan
 .It Li kern.pipe.nbigpipes ( KERN_PIPE_NBIGPIPES )  .It Li kern.pipe.nbigpipes ( KERN_PIPE_NBIGPIPES )
 Number of "big" pipes.  Number of "big" pipes.
 .El  .El
   .\" XXX: Undocumented .It Li kern.posix ( ? )
   .\"      This is a node in which the only variable is semmax.
 .It Li kern.posix1version ( KERN_POSIX1 )  .It Li kern.posix1version ( KERN_POSIX1 )
 The version of ISO/IEC 9945 (POSIX 1003.1) with which the system  The version of ISO/IEC 9945 (POSIX 1003.1) with which the system
 attempts to comply.  attempts to comply.
Line 598  and its
Line 798  and its
 Read-Write Locks  Read-Write Locks
 option to which the system attempts to conform,  option to which the system attempts to conform,
 otherwise 0.  otherwise 0.
   .\".It Li kern.posix_sched
   .\" XXX: Undocumented.
 .It Li kern.posix_semaphores ( KERN_POSIX_SEMAPHORES )  .It Li kern.posix_semaphores ( KERN_POSIX_SEMAPHORES )
 The version of  The version of
 .St -p1003.1  .St -p1003.1
Line 700  Array of
Line 902  Array of
 .Va struct tostruct  .Va struct tostruct
 describing destination of calls and their counts.  describing destination of calls and their counts.
 .El  .El
   .\" .It Li kern.pset
   .\" XXX: Undocumented.
 .It Li kern.rawpartition ( KERN_RAWPARTITION )  .It Li kern.rawpartition ( KERN_RAWPARTITION )
 The raw partition of a disk (a == 0).  The raw partition of a disk (a == 0).
 .It Li kern.root_device ( KERN_ROOT_DEVICE )  .It Li kern.root_device ( KERN_ROOT_DEVICE )
Line 717  Maximum socket buffer size.
Line 921  Maximum socket buffer size.
 .It Li kern.securelevel ( KERN_SECURELVL )  .It Li kern.securelevel ( KERN_SECURELVL )
 See  See
 .Xr secmodel_securelevel 9 .  .Xr secmodel_securelevel 9 .
   .\" .It Li kern.sched
   .\" XXX: Undocumented.
 .It Li kern.somaxkva ( KERN_SOMAXKVA )  .It Li kern.somaxkva ( KERN_SOMAXKVA )
 Maximum amount of kernel memory to be used for socket buffers.  Maximum amount of kernel memory to be used for socket buffers.
 .\" XXX units?  .\" XXX units?
Line 724  Maximum amount of kernel memory to be us
Line 930  Maximum amount of kernel memory to be us
 Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available  Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available
 on this system,  on this system,
 otherwise 0.  otherwise 0.
 .It Li kern.ipc ( KERN_SYSVIPC )  
 Return information about the SysV IPC parameters.  
 The third level names for the ipc variables are detailed below.  
 .Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent  
 .It Sy Third level name Type    Changeable  
 .It kern.ipc.sysvmsg    integer no  
 .It kern.ipc.sysvsem    integer no  
 .It kern.ipc.sysvshm    integer no  
 .It kern.ipc.sysvipc_info       struct  no  
 .It kern.ipc.shmmax     integer yes  
 .It kern.ipc.shmmni     integer yes  
 .It kern.ipc.shmseg     integer yes  
 .It kern.ipc.shmmaxpgs  integer yes  
 .It kern.ipc.shm_use_phys       integer yes  
 .It kern.ipc.msgmni     integer yes  
 .It kern.ipc.msgseg     integer yes  
 .It kern.ipc.semmni     integer yes  
 .It kern.ipc.semmns     integer yes  
 .It kern.ipc.semmnu     integer yes  
 .El  
 .Bl -tag -width "123456"  
 .It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG )  
 Returns 1 if System V style message queue functionality is available  
 on this system,  
 otherwise 0.  
 .It Li kern.ipc.sysvsem ( KERN_SYSVIPC_SEM )  
 Returns 1 if System V style semaphore functionality is available  
 on this system,  
 otherwise 0.  
 .It Li kern.ipc.sysvshm ( KERN_SYSVIPC_SHM )  
 Returns 1 if System V style share memory functionality is available  
 on this system,  
 otherwise 0.  
 .It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO )  
 Return System V style IPC configuration and run-time information.  
 The fourth level name selects the System V style IPC facility.  
 .Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent  
 .It Sy Fourth level name        Type  
 .It KERN_SYSVIPC_MSG_INFO       struct msg_sysctl_info  
 .It KERN_SYSVIPC_SEM_INFO       struct sem_sysctl_info  
 .It KERN_SYSVIPC_SHM_INFO       struct shm_sysctl_info  
 .El  
 .Pp  
 .Bl -tag -width "123456"  
 .It Li KERN_SYSVIPC_MSG_INFO  
 Return information on the System V style message facility.  
 The  
 .Sy msg_sysctl_info  
 structure is defined in  
 .In sys/msg.h .  
 .It Li KERN_SYSVIPC_SEM_INFO  
 Return information on the System V style semaphore facility.  
 The  
 .Sy sem_sysctl_info  
 structure is defined in  
 .In sys/sem.h .  
 .It Li KERN_SYSVIPC_SHM_INFO  
 Return information on the System V style shared memory facility.  
 The  
 .Sy shm_sysctl_info  
 structure is defined in  
 .In sys/shm.h .  
 .El  
 .It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX )  
 Max shared memory segment size in bytes.  
 .It Li kern.ipc.shmmni ( KERN_SYSVIPC_SHMMNI )  
 Max number of shared memory identifiers.  
 .It Li kern.ipc.shmseg ( KERN_SYSVIPC_SHMSEG )  
 Max shared memory segments per process.  
 .It Li kern.ipc.shmmaxpgs ( KERN_SYSVIPC_SHMMAXPGS )  
 Max amount of shared memory in pages.  
 .It Li kern.ipc.shm_use_phys ( KERN_SYSVIPC_SHMUSEPHYS )  
 Locking of shared memory in physical memory.  
 If 0, memory can be swapped  
 out, otherwise it will be locked in physical memory.  
 .It Li kern.ipc.msgmni  
 Max number of message queue identifiers.  
 .It Li kern.ipc.msgseg  
 Max number of number of message segments.  
 .It Li kern.ipc.semmni  
 Max number of number of semaphore identifiers.  
 .It Li kern.ipc.semmns  
 Max number of number of semaphores in system.  
 .It Li kern.ipc.semmnu  
 Max number of undo structures in system.  
 .El  
 .It Li kern.timecounter ( dynamic )  .It Li kern.timecounter ( dynamic )
 Display and control the timecounter source of the system.  Display and control the timecounter source of the system.
 .Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent  .Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent
Line 857  The number of raw input characters.
Line 977  The number of raw input characters.
 .El  .El
 .It Li kern.urandom ( KERN_URND )  .It Li kern.urandom ( KERN_URND )
 Random integer value.  Random integer value.
   .It Li kern.usercrypto
   When enabled, allows userland to
   .Xr open 2
   the
   .Pa /dev/crypto
   special device, used by the
   .Xr crypto 4
   system.
   .It Li kern.userasymcrypto
   Enables or disables the use of software asymmetric crypto support in the
   .Xr crypto 4
   system.
 .It Li kern.veriexec  .It Li kern.veriexec
 Tunings for Verixec.  Runtime information for
   .Xr veriexec 8 .
   .Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent
   .It Sy Third level name Type    Changeable
   .It kern.veriexec.algorithms    string  no
   .It kern.veriexec.count node    not applicable
   .It kern.veriexec.strict        integer yes
   .It kern.veriexec.verbose       integer yes
   .El
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li kern.veriexec.algorithms  .It Li kern.veriexec.algorithms
 Returns a string with the supported algorithms in Veriexec.  Returns a string with the supported algorithms in Veriexec.
Line 896  Each element of the array contains the k
Line 1036  Each element of the array contains the k
 .Va struct vnode *  .Va struct vnode *
 followed by the vnode itself  followed by the vnode itself
 .Va struct vnode .  .Va struct vnode .
 .It Li kern.coredump.setid  .\" XXX: Undocumented: kern.lwp: no children?
 Settings related to set-id processes coredumps.  
 By default, set-id processes do not dump core in situations where  
 other processes would.  
 The settings in this node allows an administrator to change this  
 behavior.  
 .Pp  
 .Bl -tag -width "123456"  
 .It Li kern.coredump.setid.dump  
 If non-zero, set-id processes will dump core.  
 .It Li kern.coredump.setid.group  
 The group-id for the set-id processes' coredump.  
 .It Li kern.coredump.setid.mode  
 The mode for the set-id processes' coredump.  
 See  
 .Xr chmod 1 .  
 .It Li kern.coredump.setid.owner  
 The user-id that will be used as the owner of the set-id processes'  
 coredump.  
 .It Li kern.coredump.setid.path  
 The path to which set-id processes' coredumps will be saved to.  
 Same syntax as kern.defcorename.  
 .El  
 .\" XXX kern.lwp  
 .El  .El
 .Sh The machdep.* subtree  .Sh The machdep.* subtree
 The set of variables defined is architecture dependent.  The set of variables defined is architecture dependent.
 Most architectures define at least the following variables.  Most architectures define at least the following variables.
 .Bl -column "Second level name" "Type" "Changeable" -offset indent  .Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent
 .It Sy Second level name        Type    Changeable  .It Sy Second level name        Type    Changeable
 .It Li CPU_CONSDEV      dev_t   no  .It Li machdep.booted_kernel    string  no
 .El  .El
   .\" XXX: Document the above.
 .Sh The net.* subtree  .Sh The net.* subtree
 The string and integer information available for the  The string and integer information available for the
 .Li net  .Li net
Line 1968  The returned data consists of a
Line 2086  The returned data consists of a
 .\" XXX vm.idlezero  .\" XXX vm.idlezero
 .El  .El
 .Sh The ddb.* subtree ( CTL_DDB )  .Sh The ddb.* subtree ( CTL_DDB )
 The integer information available for the  The information available for the
 .Li ddb  .Li ddb
 level is detailed below.  level is detailed below.
 The changeable column shows whether a process with appropriate  The changeable column shows whether a process with appropriate
Line 1978  privilege may change the value.
Line 2096  privilege may change the value.
 .It Sy Second level name        Type    Changeable  .It Sy Second level name        Type    Changeable
 .It ddb.radix   integer yes  .It ddb.radix   integer yes
 .It ddb.maxoff  integer yes  .It ddb.maxoff  integer yes
   .It ddb.maxwidth        integer yes
 .It ddb.lines   integer yes  .It ddb.lines   integer yes
 .It ddb.tabstops        integer yes  .It ddb.tabstops        integer yes
 .It ddb.onpanic integer yes  .It ddb.onpanic integer yes
 .It ddb.fromconsole     integer yes  .It ddb.fromconsole     integer yes
   .It ddb.tee_msgbuf      integer yes
   .It ddb.commandonenter  string  yes
 .El  .El
 .Pp  .Pp
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li ddb.radix ( DBCTL_RADIX )  .It Li ddb.radix ( DDBCTL_RADIX )
 The input and output radix.  The input and output radix.
 .It Li ddb.maxoff ( DBCTL_MAXOFF )  .It Li ddb.maxoff ( DDBCTL_MAXOFF )
 The maximum symbol offset.  The maximum symbol offset.
 .It Li ddb.lines ( DBCTL_LINES )  .It Li ddb.maxwidth ( DDBCTL_MAXWIDTH )
   The maximum output line width.
   .It Li ddb.lines ( DDBCTL_LINES )
 Number of display lines.  Number of display lines.
 .It Li ddb.tabstops ( DBCTL_TABSTOPS )  .It Li ddb.tabstops ( DDBCTL_TABSTOPS )
 Tab width.  Tab width.
 .It Li ddb.onpanic ( DBCTL_ONPANIC )  .It Li ddb.onpanic ( DDBCTL_ONPANIC )
 If non-zero, DDB will be entered if the kernel panics.  If non-zero, DDB will be entered if the kernel panics.
 .It Li ddb.fromconsole ( DBCTL_FROMCONSOLE )  .It Li ddb.fromconsole ( DDBCTL_FROMCONSOLE )
 If not zero, DDB may be entered by sending a break on a serial  If not zero, DDB may be entered by sending a break on a serial
 console or by a special key sequence on a graphics console.  console or by a special key sequence on a graphics console.
 .\" XXX tee_msgbuf maxwidth commandonenter  .It Li ddb.tee_msgbuf
   If not zero, DDB will output also to the kernel message buffer.
   .It Li ddb.commandonenter
   If not empty, a command to be executed on each enter to the
   .Tn DDB .
   .\"
   .\" XXX: (a) ddb.commandonenter is missing in ddb(4);
   .\"      (b) No DDBCTL definitions for tee_msgbuf and commandonenter.
 .El  .El
 .Pp  .Pp
 These MIB nodes are also available as variables from within the DDB.  Some of these
   .Tn MIB
   nodes are also available as variables from within the debugger.
 See  See
 .Xr ddb 4  .Xr ddb 4
 for more details.  for more details.
Line 2010  The
Line 2142  The
 .Li security  .Li security
 level contains various security-related settings for  level contains various security-related settings for
 the system.  the system.
   The available second level names are:
   .Bl -column "Second level name" "integer" "Changeable" -offset indent
   .It Sy Second level name        Type    Changeable
   .It Li security.curtain integer yes
   .It Li security.models  node    not applicable
   .It Li security.pax     node    not applicable
   .El
   .Pp
 Available settings are detailed below.  Available settings are detailed below.
 .Pp  .Pp
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li security.curtain  .It Li security.curtain
 If non-zero, will filter return objects according to the user-id  If non-zero, will filter return objects according to the user
   .Tn ID
 requesting information about them, preventing from users any  requesting information about them, preventing from users any
 access to objects they don't own.  access to objects they do not own.
 .Pp  .Pp
 At the moment, it affects  At the moment, it affects
 .Xr ps 1 ,  .Xr ps 1 ,
Line 2047  For more information on any of the PaX f
Line 2188  For more information on any of the PaX f
 .Xr paxctl 8  .Xr paxctl 8
 and  and
 .Xr security 8 .  .Xr security 8 .
   The available third and fourth level names are:
   .Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \
   -offset 2n
   .It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable
   .It Li security.pax.aslr.enabled        integer yes
   .\".It Li security.pax.aslr.exec_len    integer yes
   .It Li security.pax.aslr.global integer yes
   .\".It Li security.pax.aslr.mmap_len    integer yes
   .\".It Li security.pax.aslr.stack_len   integer yes
   .It Li security.pax.mprotect.enabled    integer yes
   .It Li security.pax.mprotect.global     integer yes
   .It Li security.pax.segvguard.enabled   integer yes
   .It Li security.pax.segvguard.expiry_timeout    integer yes
   .It Li security.pax.segvguard.global    integer yes
   .It Li security.pax.segvguard.max_crashes       integer yes
   .It Li security.pax.segvguard.suspend_timeout   integer yes
   .El
 .Pp  .Pp
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li security.pax.aslr.enable  .It Li security.pax.aslr.enabled
 Enable PaX ASLR (Address Space Layout Randomization).  Enable PaX ASLR (Address Space Layout Randomization).
 .Pp  .Pp
 The value of this  The value of this
 knob must be non-zero for PaX ASLR to be enabled, even if a program is set to  knob must be non-zero for PaX ASLR to be enabled, even if a program is set to
 explicit enable.  explicit enable.
   .\".It Li security.pax.aslr.exec_len
   .\" XXX: Undocumented.
 .It Li security.pax.aslr.global  .It Li security.pax.aslr.global
 Specifies the default global policy for programs without an  Specifies the default global policy for programs without an
 explicit enable/disable flag.  explicit enable/disable flag.
Line 2064  When non-zero, all programs will get PaX
Line 2224  When non-zero, all programs will get PaX
 Otherwise, all programs will not get PaX ASLR, except those specifically  Otherwise, all programs will not get PaX ASLR, except those specifically
 marked as such with  marked as such with
 .Xr paxctl 8 .  .Xr paxctl 8 .
 .It Li security.pax.mprotect.enable  .\".It Li security.pax.aslr.mmap_len
   .\" XXX: Undocumented.
   .\" .It Li security.pax.aslr.stack_len
   .\" XXX: Undocumented.
   .It Li security.pax.mprotect.enabled
 Enable PaX MPROTECT restrictions.  Enable PaX MPROTECT restrictions.
 .Pp  .Pp
 These are  These are
Line 2083  except those exempted with
Line 2247  except those exempted with
 Otherwise, all programs will not get the PaX MPROTECT restrictions,  Otherwise, all programs will not get the PaX MPROTECT restrictions,
 except those specifically marked as such with  except those specifically marked as such with
 .Xr paxctl 8 .  .Xr paxctl 8 .
 .It Li security.pax.segvguard.enable  .It Li security.pax.segvguard.enabled
 Enable PaX Segvguard.  Enable PaX Segvguard.
 .Pp  .Pp
 PaX Segvguard can detect and prevent certain exploitation attempts, where  PaX Segvguard can detect and prevent certain exploitation attempts, where
Line 2095  The
Line 2259  The
 .Nx  .Nx
 interface and implementation of the Segvguard is still experimental, and may  interface and implementation of the Segvguard is still experimental, and may
 change in future releases.  change in future releases.
   .It Li security.pax.segvguard.expiry_timeout
   If the max number was not reached within this timeout (in seconds), the entry
   will expire.
 .It Li security.pax.segvguard.global  .It Li security.pax.segvguard.global
 Specifies the default global policy for programs without an  Specifies the default global policy for programs without an
 explicit enable/disable flag.  explicit enable/disable flag.
Line 2105  except those exempted with
Line 2272  except those exempted with
 Otherwise, no program will get the PaX Segvguard restrictions,  Otherwise, no program will get the PaX Segvguard restrictions,
 except those specifically marked as such with  except those specifically marked as such with
 .Xr paxctl 8 .  .Xr paxctl 8 .
 .It Li security.pax.segvguard.expiry_timeout  .It Li security.pax.segvguard.max_crashes
 If the max number was not reached within this timeout (in seconds), the entry  The maximum number of segfaults a program can receive before suspension.
 will expire.  
 .It Li security.pax.segvguard.suspend_timeout  .It Li security.pax.segvguard.suspend_timeout
 Number of seconds to suspend a user from running a faulting program when the  Number of seconds to suspend a user from running a faulting program when the
 limit was exceeded.  limit was exceeded.
 .It Li security.pax.segvguard.max_crashes  
 Max number of segfaults a program can receive before suspension.  
 .El  .El
 .El  .El
 .Sh The vendor.* subtree ( CTL_VENDOR )  .Sh The vendor.* subtree ( CTL_VENDOR )

Legend:
Removed from v.1.33  
changed lines
  Added in v.1.49

CVSweb <webmaster@jp.NetBSD.org>