| version 1.36, 2010/03/25 15:09:05 |
version 1.52, 2010/12/11 19:55:53 |
|
|
| .\" |
.\" |
| .\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
.\" @(#)sysctl.3 8.4 (Berkeley) 5/9/95 |
| .\" |
.\" |
| .Dd February 21, 2010 |
.Dd December 11, 2010 |
| .Dt SYSCTL 7 |
.Dt SYSCTL 7 |
| .Os |
.Os |
| .Sh NAME |
.Sh NAME |
| Line 68 sysctl variable relative to the upper le |
|
| Line 68 sysctl variable relative to the upper le |
|
| See the |
See the |
| .Xr sysctl 3 |
.Xr sysctl 3 |
| manual page for programming examples. |
manual page for programming examples. |
| .Sh Top level names |
.Ss Top level names |
| The top level names are defined with a CTL_ prefix in |
The top level names are defined with a CTL_ prefix in |
| .In sys/sysctl.h , |
.In sys/sysctl.h , |
| and are as follows. |
and are as follows. |
| Line 90 listed here, and described in separate s |
|
| Line 90 listed here, and described in separate s |
|
| .It emul CTL_EMUL sys/sysctl.h Emulation settings |
.It emul CTL_EMUL sys/sysctl.h Emulation settings |
| .It security CTL_SECURITY sys/sysctl.h Security settings |
.It security CTL_SECURITY sys/sysctl.h Security settings |
| .El |
.El |
| .Sh The debug.* subtree |
.Ss The debug.* subtree |
| The debugging variables vary from system to system. |
The debugging variables vary from system to system. |
| A debugging variable may be added or deleted without need to recompile |
A debugging variable may be added or deleted without need to recompile |
| .Nm |
.Nm |
| Line 112 if a variable is initialized in more tha |
|
| Line 112 if a variable is initialized in more tha |
|
| For example, to export the variable |
For example, to export the variable |
| .Dv dospecialcheck |
.Dv dospecialcheck |
| as a debugging variable, the following declaration would be used: |
as a debugging variable, the following declaration would be used: |
| |
.Pp |
| .Bd -literal -offset indent -compact |
.Bd -literal -offset indent -compact |
| int dospecialcheck = 1; |
int dospecialcheck = 1; |
| struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck }; |
struct ctldebug debug5 = { "dospecialcheck", \*[Am]dospecialcheck }; |
|
|
| .\" and |
.\" and |
| .\" .Xr sysctl 9 |
.\" .Xr sysctl 9 |
| for more information. |
for more information. |
| .Sh The vfs.* subtree |
.Ss The vfs.* subtree |
| A distinguished second level name, |
A distinguished second level name, |
| .Li vfs.generic ( VFS_GENERIC ) , |
.Li vfs.generic ( VFS_GENERIC ) , |
| is used to get general information about all filesystems. |
is used to get general information about all filesystems. |
|
|
| The third level identifiers available for each filesystem |
The third level identifiers available for each filesystem |
| are given in the header file that defines the mount |
are given in the header file that defines the mount |
| argument structure for that filesystem. |
argument structure for that filesystem. |
| .Sh The hw.* subtree |
.Ss The hw.* subtree |
| The string and integer information available for the |
The string and integer information available for the |
| .Li hw |
.Li hw |
| level is detailed below. |
level is detailed below. |
| The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
| privilege may change the value. |
privilege may change the value. |
| .Bl -column "hw.acpi.supported_states" "integer" "Changeable" -offset indent |
.Bl -column "hw.machine_arch" "integer" "Changeable" -offset indent |
| .It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
| .It hw.acpi.supported_states string no |
|
| .It hw.alignbytes integer no |
.It hw.alignbytes integer no |
| .It hw.byteorder integer no |
.It hw.byteorder integer no |
| .It hw.cnmagic string yes |
.It hw.cnmagic string yes |
| Line 174 privilege may change the value. |
|
| Line 174 privilege may change the value. |
|
| .El |
.El |
| .Pp |
.Pp |
| .Bl -tag -width "123456" |
.Bl -tag -width "123456" |
| .It Li hw.acpi.supported_states |
|
| List of possible |
|
| .Tn ACPI |
|
| sleep states. |
|
| The list can contain the following values: |
|
| .Bl -tag -width XS1X |
|
| .It S0 |
|
| fully running |
|
| .It S1 |
|
| power on suspend (CPU and hard disks are off) |
|
| .It S2 |
|
| similar to S3, usually not implemented |
|
| .It S3 |
|
| suspend-to-RAM |
|
| .It S4 |
|
| suspend-to-disk (needs BIOS support) |
|
| .It S5 |
|
| power off |
|
| .El |
|
| .It Li hw.alignbytes ( HW_ALIGNBYTES ) |
.It Li hw.alignbytes ( HW_ALIGNBYTES ) |
| Alignment constraint for all possible data types. |
Alignment constraint for all possible data types. |
| This shows the value |
This shows the value |
| Line 248 The bytes of non-kernel memory as a 32-b |
|
| Line 229 The bytes of non-kernel memory as a 32-b |
|
| .It Li hw.usermem64 ( HW_USERMEM64 ) |
.It Li hw.usermem64 ( HW_USERMEM64 ) |
| The bytes of non-kernel memory as a 64-bit integer. |
The bytes of non-kernel memory as a 64-bit integer. |
| .El |
.El |
| .Sh The kern.* subtree |
.Ss The kern.* subtree |
| |
This subtree includes data generally related to the kernel. |
| The string and integer information available for the |
The string and integer information available for the |
| .Li kern |
.Li kern |
| level is detailed below. |
level is detailed below. |
| The changeable column shows whether a process with appropriate |
The changeable column shows whether a process with appropriate |
| privilege may change the value. |
privilege may change the value. |
| The types of data currently available are process information, |
.Bl -column "kern.posix_reader_writer_locks" \ |
| system vnodes, the open file entries, routing table entries, |
"struct kinfo_drivers" "not applicable" |
| virtual memory statistics, load average history, and clock rate |
|
| information. |
|
| .Bl -column "kern.posix_reader_writer_locks" "struct kinfo_drivers" "not applicable" |
|
| .It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
| |
.It kern.aio_listio_max integer yes |
| |
.It kern.aio_max integer yes |
| |
.It kern.arandom integer no |
| .It kern.argmax integer no |
.It kern.argmax integer no |
| .It kern.autonicetime integer yes |
.It kern.boothowto integer no |
| .It kern.autoniceval integer yes |
|
| .It kern.boottime struct timeval no |
.It kern.boottime struct timeval no |
| .It kern.bufq node not applicable |
.\".It kern.bufq node not applicable |
| .It kern.ccpu integer no |
.It kern.ccpu integer no |
| .It kern.clockrate struct clockinfo no |
.It kern.clockrate struct clockinfo no |
| .It kern.consdev integer no |
.It kern.consdev integer no |
| |
.It kern.coredump node not applicable |
| .It kern.cp_id struct no |
.It kern.cp_id struct no |
| .It kern.cp_time uint64_t[\|] no |
.It kern.cp_time uint64_t[\|] no |
| |
.It kern.cryptodevallowsoft integer yes |
| .It kern.defcorename string yes |
.It kern.defcorename string yes |
| |
.It kern.detachall integer yes |
| .It kern.domainname string yes |
.It kern.domainname string yes |
| .It kern.drivers struct kinfo_drivers no |
.It kern.drivers struct kinfo_drivers no |
| |
.It kern.dump_on_panic integer yes |
| .It kern.file struct file no |
.It kern.file struct file no |
| .It kern.forkfsleep integer yes |
.It kern.forkfsleep integer yes |
| .It kern.fscale integer no |
.It kern.fscale integer no |
|
|
| .It kern.hostid integer yes |
.It kern.hostid integer yes |
| .It kern.hostname string yes |
.It kern.hostname string yes |
| .It kern.iov_max integer no |
.It kern.iov_max integer no |
| |
.It kern.ipc node not applicable |
| .It kern.job_control integer no |
.It kern.job_control integer no |
| .It kern.labeloffset integer no |
.It kern.labeloffset integer no |
| .It kern.labelsector integer no |
.It kern.labelsector integer no |
|
|
| .It kern.memlock integer no |
.It kern.memlock integer no |
| .It kern.memlock_range integer no |
.It kern.memlock_range integer no |
| .It kern.memory_protection integer no |
.It kern.memory_protection integer no |
| |
.It kern.module node not applicable |
| .It kern.monotonic_clock integer no |
.It kern.monotonic_clock integer no |
| |
.It kern.mqueue node not applicable |
| .It kern.msgbuf integer no |
.It kern.msgbuf integer no |
| .It kern.msgbufsize integer no |
.It kern.msgbufsize integer no |
| .It kern.ngroups integer no |
.It kern.ngroups integer no |
| |
.\".It kern.no_sa_support integer yes |
| .It kern.ntptime struct ntptimeval no |
.It kern.ntptime struct ntptimeval no |
| .It kern.osrelease string no |
.It kern.osrelease string no |
| .It kern.osrev integer no |
.It kern.osrevision integer no |
| .It kern.ostype string no |
.It kern.ostype string no |
| |
.\".It kern.panic_now integer yes |
| .It kern.pipe node not applicable |
.It kern.pipe node not applicable |
| .It kern.posix1 integer no |
.\" .It kern.posix node not applicable |
| |
.It kern.posix1version integer no |
| |
.It kern.posix_aio integer no |
| .It kern.posix_barriers integer no |
.It kern.posix_barriers integer no |
| .It kern.posix_reader_writer_locks integer no |
.It kern.posix_reader_writer_locks integer no |
| |
.\".It kern.posix_sched integer yes |
| .It kern.posix_semaphores integer no |
.It kern.posix_semaphores integer no |
| .It kern.posix_spin_locks integer no |
.It kern.posix_spin_locks integer no |
| .It kern.posix_threads integer no |
.It kern.posix_threads integer no |
|
|
| .It kern.proc struct kinfo_proc no |
.It kern.proc struct kinfo_proc no |
| .It kern.proc2 struct kinfo_proc2 no |
.It kern.proc2 struct kinfo_proc2 no |
| .It kern.proc_args string no |
.It kern.proc_args string no |
| .It kern.prof node not applicable |
.It kern.profiling node not applicable |
| |
.\".It kern.pset node not applicable |
| .It kern.rawpartition integer no |
.It kern.rawpartition integer no |
| .It kern.root_device string no |
.It kern.root_device string no |
| .It kern.root_partition integer no |
.It kern.root_partition integer no |
| .It kern.rtc_offset integer yes |
.It kern.rtc_offset integer yes |
| .It kern.saved_ids integer no |
.It kern.saved_ids integer no |
| |
.It kern.sbmax integer yes |
| |
.\".It kern.sched node not applicable |
| .It kern.securelevel integer raise only |
.It kern.securelevel integer raise only |
| |
.It kern.somaxkva integer yes |
| .It kern.synchronized_io integer no |
.It kern.synchronized_io integer no |
| .It kern.ipc node not applicable |
|
| .It kern.timecounter node not applicable |
.It kern.timecounter node not applicable |
| .It kern.timex struct no |
.It kern.timex struct no |
| .It kern.tkstat node not applicable |
.It kern.tkstat node not applicable |
| .It kern.urandom integer no |
.It kern.urandom integer no |
| |
.It kern.usercrypto integer yes |
| |
.It kern.userasymcrypto integer yes |
| |
.It kern.veriexec node not applicable |
| .It kern.version string no |
.It kern.version string no |
| .It kern.vnode struct vnode no |
.It kern.vnode struct vnode no |
| .El |
.El |
| .Bl -tag -width "123456" |
.Bl -tag -width "123456" |
| |
.It Li kern.aio_listio_max |
| |
The maximum number of asynchronous |
| |
.Tn I/O |
| |
operations in a single list I/O call. |
| |
Like with all variables related to |
| |
.Xr aio 3 , |
| |
the variable may be created and removed dynamically |
| |
upon loading or unloading the corresponding kernel module. |
| |
.It Li kern.aio_max |
| |
The maximum number of asynchronous I/O operations. |
| |
.It Li kern.arandom |
| |
This variable picks a random number each time it is queried. |
| |
The used random number generator |
| |
.Pq Tn RNG |
| |
is based on |
| |
.Xr arc4random 3 . |
| .It Li kern.argmax ( KERN_ARGMAX ) |
.It Li kern.argmax ( KERN_ARGMAX ) |
| The maximum bytes of argument to |
The maximum bytes of argument to |
| .Xr execve 2 . |
.Xr execve 2 . |
| .It Li kern.autonicetime ( KERN_AUTONICETIME ) |
|
| The number of seconds of CPU-time a non-root process may accumulate before |
|
| having its priority lowered from the default to the value of KERN_AUTONICEVAL. |
|
| If set to 0, automatic lowering of priority is not performed, and if set to \-1 |
|
| all non-root processes are immediately lowered. |
|
| .It Li kern.autoniceval ( KERN_AUTONICEVAL ) |
|
| The priority assigned for automatically niced processes. |
|
| .It Li kern.boothowto |
.It Li kern.boothowto |
| Flags passed from the boot loader; see |
Flags passed from the boot loader; see |
| .Xr reboot 2 |
.Xr reboot 2 |
|
|
| .Va struct timeval |
.Va struct timeval |
| structure is returned. |
structure is returned. |
| This structure contains the time that the system was booted. |
This structure contains the time that the system was booted. |
| |
.\" .It Li kern.bufq |
| |
.\" XXX: Undocumented. |
| .It Li kern.ccpu ( KERN_CCPU ) |
.It Li kern.ccpu ( KERN_CCPU ) |
| The scheduler exponential decay value. |
The scheduler exponential decay value. |
| .It Li kern.clockrate ( KERN_CLOCKRATE ) |
.It Li kern.clockrate ( KERN_CLOCKRATE ) |
|
|
| for additional details. |
for additional details. |
| .It Li kern.consdev ( KERN_CONSDEV ) |
.It Li kern.consdev ( KERN_CONSDEV ) |
| Console device. |
Console device. |
| |
.It Li kern.coredump |
| |
Settings related to set-id processes coredumps. |
| |
By default, set-id processes do not dump core in situations where |
| |
other processes would. |
| |
The settings in this node allows an administrator to change this |
| |
behavior. |
| |
.Pp |
| |
The third level name is |
| |
.Dv kern.coredump.setid |
| |
and fourth level variables are described below. |
| |
.Bl -column "kern.coredump.setid.group" "integer" "Changeable" -offset indent |
| |
.It Sy Fourth level name Type Changeable |
| |
.It kern.coredump.setid.dump integer yes |
| |
.It kern.coredump.setid.group integer yes |
| |
.It kern.coredump.setid.mode integer yes |
| |
.It kern.coredump.setid.owner integer yes |
| |
.It kern.coredump.setid.path string yes |
| |
.El |
| |
.Bl -tag -width "123456" |
| |
.It Li kern.coredump.setid.dump |
| |
If non-zero, set-id processes will dump core. |
| |
.It Li kern.coredump.setid.group |
| |
The group-id for the set-id processes' coredump. |
| |
.It Li kern.coredump.setid.mode |
| |
The mode for the set-id processes' coredump. |
| |
See |
| |
.Xr chmod 1 . |
| |
.It Li kern.coredump.setid.owner |
| |
The user-id that will be used as the owner of the set-id processes' |
| |
coredump. |
| |
.It Li kern.coredump.setid.path |
| |
The path to which set-id processes' coredumps will be saved to. |
| |
Same syntax as kern.defcorename. |
| |
.El |
| .It Li kern.cp_id ( KERN_CP_ID ) |
.It Li kern.cp_id ( KERN_CP_ID ) |
| Mapping of CPU number to CPU id. |
Mapping of CPU number to CPU id. |
| .It Li kern.cp_time ( KERN_CP_TIME ) |
.It Li kern.cp_time ( KERN_CP_TIME ) |
| Line 376 On multi-processor systems, the sum acro |
|
| Line 420 On multi-processor systems, the sum acro |
|
| appropriate space is given for one data set for each CPU. |
appropriate space is given for one data set for each CPU. |
| Data for a specific CPU can also be obtained by adding the number of the |
Data for a specific CPU can also be obtained by adding the number of the |
| CPU at the end of the MIB, enlarging it by one. |
CPU at the end of the MIB, enlarging it by one. |
| |
.It Li kern.cryptodevallowsoft |
| |
This variable controls userland access to hardware versus software transforms |
| |
in the |
| |
.Xr crypto 4 |
| |
system. |
| |
The available values are as follows: |
| |
.Bl -tag -width XX0 -offset indent |
| |
.It Dv \*[Lt] 0 |
| |
Always force userlevel requests to use software transforms. |
| |
.It Dv = 0 |
| |
If present, use hardware and grant userlevel requests for |
| |
non-accelerated transforms (handling the latter in software). |
| |
.It Dv \*[Gt] 0 |
| |
Allow user requests only for transforms which are hardware-accelerated. |
| |
.El |
| .It Li kern.defcorename ( KERN_DEFCORENAME ) |
.It Li kern.defcorename ( KERN_DEFCORENAME ) |
| Default template for the name of core dump files (see also |
Default template for the name of core dump files (see also |
| .Li proc.pid.corename |
.Li proc.pid.corename |
| Line 391 and can be changed with the kernel confi |
|
| Line 450 and can be changed with the kernel confi |
|
| (see |
(see |
| .Xr options 4 |
.Xr options 4 |
| ). |
). |
| |
.It Li kern.detachall |
| |
Detach all devices at shutdown. |
| .It Li kern.domainname ( KERN_DOMAINNAME ) |
.It Li kern.domainname ( KERN_DOMAINNAME ) |
| Get or set the YP domain name. |
Get or set the YP domain name. |
| .It Li kern.dump_on_panic ( KERN_DUMP_ON_PANIC ) |
|
| Perform a crash dump on system panic. |
|
| .It Li kern.drivers ( KERN_DRIVERS ) |
.It Li kern.drivers ( KERN_DRIVERS ) |
| Return an array of |
Return an array of |
| .Va struct kinfo_drivers |
.Va struct kinfo_drivers |
| Line 406 field is always a NUL terminated string. |
|
| Line 465 field is always a NUL terminated string. |
|
| The |
The |
| .Va d_bmajor |
.Va d_bmajor |
| field will be set to \-1 if the driver doesn't have a block device. |
field will be set to \-1 if the driver doesn't have a block device. |
| |
.It Li kern.dump_on_panic ( KERN_DUMP_ON_PANIC ) |
| |
Perform a crash dump on system |
| |
.Xr panic 9 . |
| .It Li kern.file ( KERN_FILE ) |
.It Li kern.file ( KERN_FILE ) |
| Return the entire file table. |
Return the entire file table. |
| The returned data consists of a single |
The returned data consists of a single |
| Line 435 Returns the number of |
|
| Line 497 Returns the number of |
|
| .Xr hardclock 9 |
.Xr hardclock 9 |
| ticks. |
ticks. |
| .It Li kern.hostid ( KERN_HOSTID ) |
.It Li kern.hostid ( KERN_HOSTID ) |
| Get or set the host id. |
Get or set the host identifier. |
| |
This is aimed to replace the legacy |
| |
.Xr gethostid 3 |
| |
and |
| |
.Xr sethostid 3 |
| |
system calls. |
| .It Li kern.hostname ( KERN_HOSTNAME ) |
.It Li kern.hostname ( KERN_HOSTNAME ) |
| Get or set the hostname. |
Get or set the |
| |
.Xr hostname 1 . |
| .It Li kern.iov_max ( KERN_IOV_MAX ) |
.It Li kern.iov_max ( KERN_IOV_MAX ) |
| Return the maximum number of |
Return the maximum number of |
| .Va iovec |
.Va iovec |
| Line 449 structures that a process has available |
|
| Line 517 structures that a process has available |
|
| .Xr sendmsg 2 |
.Xr sendmsg 2 |
| and |
and |
| .Xr writev 2 . |
.Xr writev 2 . |
| |
.It Li kern.ipc ( KERN_SYSVIPC ) |
| |
Return information about the SysV IPC parameters. |
| |
The third level names for the ipc variables are detailed below. |
| |
.Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent |
| |
.It Sy Third level name Type Changeable |
| |
.It kern.ipc.sysvmsg integer no |
| |
.It kern.ipc.sysvsem integer no |
| |
.It kern.ipc.sysvshm integer no |
| |
.It kern.ipc.sysvipc_info struct no |
| |
.It kern.ipc.shmmax integer yes |
| |
.It kern.ipc.shmmni integer yes |
| |
.It kern.ipc.shmseg integer yes |
| |
.It kern.ipc.shmmaxpgs integer yes |
| |
.It kern.ipc.shm_use_phys integer yes |
| |
.It kern.ipc.msgmni integer yes |
| |
.It kern.ipc.msgseg integer yes |
| |
.It kern.ipc.semmni integer yes |
| |
.It kern.ipc.semmns integer yes |
| |
.It kern.ipc.semmnu integer yes |
| |
.El |
| |
.Bl -tag -width "123456" |
| |
.It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG ) |
| |
Returns 1 if System V style message queue functionality is available |
| |
on this system, |
| |
otherwise 0. |
| |
.It Li kern.ipc.sysvsem ( KERN_SYSVIPC_SEM ) |
| |
Returns 1 if System V style semaphore functionality is available |
| |
on this system, |
| |
otherwise 0. |
| |
.It Li kern.ipc.sysvshm ( KERN_SYSVIPC_SHM ) |
| |
Returns 1 if System V style share memory functionality is available |
| |
on this system, |
| |
otherwise 0. |
| |
.It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO ) |
| |
Return System V style IPC configuration and run-time information. |
| |
The fourth level name selects the System V style IPC facility. |
| |
.Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent |
| |
.It Sy Fourth level name Type |
| |
.It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info |
| |
.It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
| |
.It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
| |
.El |
| |
.Pp |
| |
.Bl -tag -width "123456" |
| |
.It Li KERN_SYSVIPC_MSG_INFO |
| |
Return information on the System V style message facility. |
| |
The |
| |
.Sy msg_sysctl_info |
| |
structure is defined in |
| |
.In sys/msg.h . |
| |
.It Li KERN_SYSVIPC_SEM_INFO |
| |
Return information on the System V style semaphore facility. |
| |
The |
| |
.Sy sem_sysctl_info |
| |
structure is defined in |
| |
.In sys/sem.h . |
| |
.It Li KERN_SYSVIPC_SHM_INFO |
| |
Return information on the System V style shared memory facility. |
| |
The |
| |
.Sy shm_sysctl_info |
| |
structure is defined in |
| |
.In sys/shm.h . |
| |
.El |
| |
.It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX ) |
| |
Max shared memory segment size in bytes. |
| |
.It Li kern.ipc.shmmni ( KERN_SYSVIPC_SHMMNI ) |
| |
Max number of shared memory identifiers. |
| |
.It Li kern.ipc.shmseg ( KERN_SYSVIPC_SHMSEG ) |
| |
Max shared memory segments per process. |
| |
.It Li kern.ipc.shmmaxpgs ( KERN_SYSVIPC_SHMMAXPGS ) |
| |
Max amount of shared memory in pages. |
| |
.It Li kern.ipc.shm_use_phys ( KERN_SYSVIPC_SHMUSEPHYS ) |
| |
Locking of shared memory in physical memory. |
| |
If 0, memory can be swapped |
| |
out, otherwise it will be locked in physical memory. |
| |
.It Li kern.ipc.msgmni |
| |
Max number of message queue identifiers. |
| |
.It Li kern.ipc.msgseg |
| |
Max number of number of message segments. |
| |
.It Li kern.ipc.semmni |
| |
Max number of number of semaphore identifiers. |
| |
.It Li kern.ipc.semmns |
| |
Max number of number of semaphores in system. |
| |
.It Li kern.ipc.semmnu |
| |
Max number of undo structures in system. |
| |
.El |
| .It Li kern.job_control ( KERN_JOB_CONTROL ) |
.It Li kern.job_control ( KERN_JOB_CONTROL ) |
| Return 1 if job control is available on this system, otherwise 0. |
Return 1 if job control is available on this system, otherwise 0. |
| .It Li kern.labeloffset ( KERN_LABELOFFSET ) |
.It Li kern.labeloffset ( KERN_LABELOFFSET ) |
|
|
| Returns 1 if the POSIX 1003.1b Memory Protection Option is available |
Returns 1 if the POSIX 1003.1b Memory Protection Option is available |
| on this system, |
on this system, |
| otherwise 0. |
otherwise 0. |
| |
.It Li kern.module |
| |
Settings related to kernel modules. |
| |
The third level names for the settings are described below. |
| |
.Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent |
| |
.It Sy Third level name Type Changeable |
| |
.It kern.module.autoload integer yes |
| |
.It kern.module.verbose integer yes |
| |
.El |
| |
.Pp |
| |
The variables are as follows: |
| |
.Bl -tag -width "123456" |
| |
.It Li kern.module.autoload |
| |
A boolean that controls whether kernel modules are loaded automatically. |
| |
See |
| |
.Xr module 9 |
| |
for additional details. |
| |
.It Li kern.module.verbose |
| |
A boolean that enables or disables verbose |
| |
debug messages related to kernel modules. |
| |
.El |
| .It Li kern.monotonic_clock ( KERN_MONOTONIC_CLOCK ) |
.It Li kern.monotonic_clock ( KERN_MONOTONIC_CLOCK ) |
| Returns the standard version the implementation of the POSIX 1003.1b |
Returns the standard version the implementation of the POSIX 1003.1b |
| Monotonic Clock Option conforms to, |
Monotonic Clock Option conforms to, |
| otherwise 0. |
otherwise 0. |
| |
.It Li kern.mqueue |
| |
Settings related to |
| |
.Tn POSIX |
| |
message queues; see |
| |
.Xr mqueue 3 . |
| |
This node is created dynamically when |
| |
the corresponding kernel module is loaded. |
| |
The third level names for the settings are described below. |
| |
.Bl -column "kern.mqueue.mq_max_msgsize" "integer" "Changeable" -offset indent |
| |
.It Sy Third level name Type Changeable |
| |
.It kern.mqueue.mq_open_max integer yes |
| |
.It kern.mqueue.mq_prio_max integer yes |
| |
.It kern.mqueue.mq_max_msgsize integer yes |
| |
.It kern.mqueue.mq_def_maxmsg integer yes |
| |
.It kern.mqueue.mq_max_maxmsg integer yes |
| |
.El |
| |
.Pp |
| |
The variables are: |
| |
.Bl -tag -width "123456" |
| |
.It Li kern.mqueue.mq_open_max |
| |
The maximum number of message queue descriptors any single process can open. |
| |
.It Li kern.mqueue.mq_prio_max |
| |
The maximum priority of a message. |
| |
.It Li kern.mqueue.mq_max_msgsize |
| |
The maximum size of a message in a message queue. |
| |
.It Li kern.mqueue.mq_def_maxmsg |
| |
The default maximum message count. |
| |
.It Li kern.mqueue.mq_max_maxmsg |
| |
The maximum number of messages in a message queue. |
| |
.El |
| .It Li kern.msgbuf ( KERN_MSGBUF ) |
.It Li kern.msgbuf ( KERN_MSGBUF ) |
| The kernel message buffer, rotated so that the head of the circular kernel |
The kernel message buffer, rotated so that the head of the circular kernel |
| message buffer is at the start of the returned data. |
message buffer is at the start of the returned data. |
| Line 544 The returned data may contain NUL bytes. |
|
| Line 748 The returned data may contain NUL bytes. |
|
| The maximum number of characters that the kernel message buffer can hold. |
The maximum number of characters that the kernel message buffer can hold. |
| .It Li kern.ngroups ( KERN_NGROUPS ) |
.It Li kern.ngroups ( KERN_NGROUPS ) |
| The maximum number of supplemental groups. |
The maximum number of supplemental groups. |
| |
.\" .It Li kern.no_sa_support |
| |
.\" XXX: Undocumented. |
| .It Li kern.ntptime ( KERN_NTPTIME ) |
.It Li kern.ntptime ( KERN_NTPTIME ) |
| A |
A |
| .Va struct ntptimeval |
.Va struct ntptimeval |
| Line 557 The system release string. |
|
| Line 763 The system release string. |
|
| The system revision string. |
The system revision string. |
| .It Li kern.ostype ( KERN_OSTYPE ) |
.It Li kern.ostype ( KERN_OSTYPE ) |
| The system type string. |
The system type string. |
| |
.\".It Li kern.panic_now |
| |
.\" XXX: Undocumented. |
| .It Li kern.pipe ( KERN_PIPE ) |
.It Li kern.pipe ( KERN_PIPE ) |
| Pipe settings. |
Pipe settings. |
| The third level names for the integer pipe settings is detailed below. |
The third level names for the integer pipe settings is detailed below. |
| Line 584 Limit for direct transfers via page loan |
|
| Line 792 Limit for direct transfers via page loan |
|
| .It Li kern.pipe.nbigpipes ( KERN_PIPE_NBIGPIPES ) |
.It Li kern.pipe.nbigpipes ( KERN_PIPE_NBIGPIPES ) |
| Number of "big" pipes. |
Number of "big" pipes. |
| .El |
.El |
| |
.\" XXX: Undocumented .It Li kern.posix ( ? ) |
| |
.\" This is a node in which the only variable is semmax. |
| .It Li kern.posix1version ( KERN_POSIX1 ) |
.It Li kern.posix1version ( KERN_POSIX1 ) |
| The version of ISO/IEC 9945 (POSIX 1003.1) with which the system |
The version of ISO/IEC 9945 (POSIX 1003.1) with which the system |
| attempts to comply. |
attempts to comply. |
| |
.It Li kern.posix_aio |
| |
The version of |
| |
.St -p1003.1 |
| |
and its Asynchronous I/O option to which the system attempts to conform. |
| .It Li kern.posix_barriers ( KERN_POSIX_BARRIERS ) |
.It Li kern.posix_barriers ( KERN_POSIX_BARRIERS ) |
| The version of |
The version of |
| .St -p1003.1 |
.St -p1003.1 |
|
|
| Read-Write Locks |
Read-Write Locks |
| option to which the system attempts to conform, |
option to which the system attempts to conform, |
| otherwise 0. |
otherwise 0. |
| |
.\".It Li kern.posix_sched |
| |
.\" XXX: Undocumented. |
| .It Li kern.posix_semaphores ( KERN_POSIX_SEMAPHORES ) |
.It Li kern.posix_semaphores ( KERN_POSIX_SEMAPHORES ) |
| The version of |
The version of |
| .St -p1003.1 |
.St -p1003.1 |
|
|
| .Va struct tostruct |
.Va struct tostruct |
| describing destination of calls and their counts. |
describing destination of calls and their counts. |
| .El |
.El |
| |
.\" .It Li kern.pset |
| |
.\" XXX: Undocumented. |
| .It Li kern.rawpartition ( KERN_RAWPARTITION ) |
.It Li kern.rawpartition ( KERN_RAWPARTITION ) |
| The raw partition of a disk (a == 0). |
The raw partition of a disk (a == 0). |
| .It Li kern.root_device ( KERN_ROOT_DEVICE ) |
.It Li kern.root_device ( KERN_ROOT_DEVICE ) |
| Line 720 Maximum socket buffer size. |
|
| Line 938 Maximum socket buffer size. |
|
| .It Li kern.securelevel ( KERN_SECURELVL ) |
.It Li kern.securelevel ( KERN_SECURELVL ) |
| See |
See |
| .Xr secmodel_securelevel 9 . |
.Xr secmodel_securelevel 9 . |
| |
.\" .It Li kern.sched |
| |
.\" XXX: Undocumented. |
| .It Li kern.somaxkva ( KERN_SOMAXKVA ) |
.It Li kern.somaxkva ( KERN_SOMAXKVA ) |
| Maximum amount of kernel memory to be used for socket buffers. |
Maximum amount of kernel memory to be used for socket buffers. |
| .\" XXX units? |
.\" XXX units? |
| Line 727 Maximum amount of kernel memory to be us |
|
| Line 947 Maximum amount of kernel memory to be us |
|
| Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available |
Returns 1 if the POSIX 1003.1b Synchronized I/O Option is available |
| on this system, |
on this system, |
| otherwise 0. |
otherwise 0. |
| .It Li kern.ipc ( KERN_SYSVIPC ) |
|
| Return information about the SysV IPC parameters. |
|
| The third level names for the ipc variables are detailed below. |
|
| .Bl -column "kern.ipc.shm_use_phys" "integer" "Changeable" -offset indent |
|
| .It Sy Third level name Type Changeable |
|
| .It kern.ipc.sysvmsg integer no |
|
| .It kern.ipc.sysvsem integer no |
|
| .It kern.ipc.sysvshm integer no |
|
| .It kern.ipc.sysvipc_info struct no |
|
| .It kern.ipc.shmmax integer yes |
|
| .It kern.ipc.shmmni integer yes |
|
| .It kern.ipc.shmseg integer yes |
|
| .It kern.ipc.shmmaxpgs integer yes |
|
| .It kern.ipc.shm_use_phys integer yes |
|
| .It kern.ipc.msgmni integer yes |
|
| .It kern.ipc.msgseg integer yes |
|
| .It kern.ipc.semmni integer yes |
|
| .It kern.ipc.semmns integer yes |
|
| .It kern.ipc.semmnu integer yes |
|
| .El |
|
| .Bl -tag -width "123456" |
|
| .It Li kern.ipc.sysvmsg ( KERN_SYSVIPC_MSG ) |
|
| Returns 1 if System V style message queue functionality is available |
|
| on this system, |
|
| otherwise 0. |
|
| .It Li kern.ipc.sysvsem ( KERN_SYSVIPC_SEM ) |
|
| Returns 1 if System V style semaphore functionality is available |
|
| on this system, |
|
| otherwise 0. |
|
| .It Li kern.ipc.sysvshm ( KERN_SYSVIPC_SHM ) |
|
| Returns 1 if System V style share memory functionality is available |
|
| on this system, |
|
| otherwise 0. |
|
| .It Li kern.ipc.sysvipc_info ( KERN_SYSVIPC_INFO ) |
|
| Return System V style IPC configuration and run-time information. |
|
| The fourth level name selects the System V style IPC facility. |
|
| .Bl -column "KERN_SYSVIPC_MSG_INFO" "struct shm_sysctl_info" -offset indent |
|
| .It Sy Fourth level name Type |
|
| .It KERN_SYSVIPC_MSG_INFO struct msg_sysctl_info |
|
| .It KERN_SYSVIPC_SEM_INFO struct sem_sysctl_info |
|
| .It KERN_SYSVIPC_SHM_INFO struct shm_sysctl_info |
|
| .El |
|
| .Pp |
|
| .Bl -tag -width "123456" |
|
| .It Li KERN_SYSVIPC_MSG_INFO |
|
| Return information on the System V style message facility. |
|
| The |
|
| .Sy msg_sysctl_info |
|
| structure is defined in |
|
| .In sys/msg.h . |
|
| .It Li KERN_SYSVIPC_SEM_INFO |
|
| Return information on the System V style semaphore facility. |
|
| The |
|
| .Sy sem_sysctl_info |
|
| structure is defined in |
|
| .In sys/sem.h . |
|
| .It Li KERN_SYSVIPC_SHM_INFO |
|
| Return information on the System V style shared memory facility. |
|
| The |
|
| .Sy shm_sysctl_info |
|
| structure is defined in |
|
| .In sys/shm.h . |
|
| .El |
|
| .It Li kern.ipc.shmmax ( KERN_SYSVIPC_SHMMAX ) |
|
| Max shared memory segment size in bytes. |
|
| .It Li kern.ipc.shmmni ( KERN_SYSVIPC_SHMMNI ) |
|
| Max number of shared memory identifiers. |
|
| .It Li kern.ipc.shmseg ( KERN_SYSVIPC_SHMSEG ) |
|
| Max shared memory segments per process. |
|
| .It Li kern.ipc.shmmaxpgs ( KERN_SYSVIPC_SHMMAXPGS ) |
|
| Max amount of shared memory in pages. |
|
| .It Li kern.ipc.shm_use_phys ( KERN_SYSVIPC_SHMUSEPHYS ) |
|
| Locking of shared memory in physical memory. |
|
| If 0, memory can be swapped |
|
| out, otherwise it will be locked in physical memory. |
|
| .It Li kern.ipc.msgmni |
|
| Max number of message queue identifiers. |
|
| .It Li kern.ipc.msgseg |
|
| Max number of number of message segments. |
|
| .It Li kern.ipc.semmni |
|
| Max number of number of semaphore identifiers. |
|
| .It Li kern.ipc.semmns |
|
| Max number of number of semaphores in system. |
|
| .It Li kern.ipc.semmnu |
|
| Max number of undo structures in system. |
|
| .El |
|
| .It Li kern.timecounter ( dynamic ) |
.It Li kern.timecounter ( dynamic ) |
| Display and control the timecounter source of the system. |
Display and control the timecounter source of the system. |
| .Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent |
.Bl -column "kern.timecounter.timestepwarnings" "integer" "Changeable" -offset indent |
| Line 860 The number of raw input characters. |
|
| Line 994 The number of raw input characters. |
|
| .El |
.El |
| .It Li kern.urandom ( KERN_URND ) |
.It Li kern.urandom ( KERN_URND ) |
| Random integer value. |
Random integer value. |
| |
.It Li kern.usercrypto |
| |
When enabled, allows userland to |
| |
.Xr open 2 |
| |
the |
| |
.Pa /dev/crypto |
| |
special device, used by the |
| |
.Xr crypto 4 |
| |
system. |
| |
.It Li kern.userasymcrypto |
| |
Enables or disables the use of software asymmetric crypto support in the |
| |
.Xr crypto 4 |
| |
system. |
| .It Li kern.veriexec |
.It Li kern.veriexec |
| Tunings for Verixec. |
Runtime information for |
| |
.Xr veriexec 8 . |
| |
.Bl -column "kern.veriexec.algorithms" "integer" "Changeable" -offset indent |
| |
.It Sy Third level name Type Changeable |
| |
.It kern.veriexec.algorithms string no |
| |
.It kern.veriexec.count node not applicable |
| |
.It kern.veriexec.strict integer yes |
| |
.It kern.veriexec.verbose integer yes |
| |
.El |
| .Bl -tag -width "123456" |
.Bl -tag -width "123456" |
| .It Li kern.veriexec.algorithms |
.It Li kern.veriexec.algorithms |
| Returns a string with the supported algorithms in Veriexec. |
Returns a string with the supported algorithms in Veriexec. |
| Line 899 Each element of the array contains the k |
|
| Line 1053 Each element of the array contains the k |
|
| .Va struct vnode * |
.Va struct vnode * |
| followed by the vnode itself |
followed by the vnode itself |
| .Va struct vnode . |
.Va struct vnode . |
| .It Li kern.coredump.setid |
.\" XXX: Undocumented: kern.lwp: no children? |
| Settings related to set-id processes coredumps. |
|
| By default, set-id processes do not dump core in situations where |
|
| other processes would. |
|
| The settings in this node allows an administrator to change this |
|
| behavior. |
|
| .Pp |
|
| .Bl -tag -width "123456" |
|
| .It Li kern.coredump.setid.dump |
|
| If non-zero, set-id processes will dump core. |
|
| .It Li kern.coredump.setid.group |
|
| The group-id for the set-id processes' coredump. |
|
| .It Li kern.coredump.setid.mode |
|
| The mode for the set-id processes' coredump. |
|
| See |
|
| .Xr chmod 1 . |
|
| .It Li kern.coredump.setid.owner |
|
| The user-id that will be used as the owner of the set-id processes' |
|
| coredump. |
|
| .It Li kern.coredump.setid.path |
|
| The path to which set-id processes' coredumps will be saved to. |
|
| Same syntax as kern.defcorename. |
|
| .El |
|
| .\" XXX kern.lwp |
|
| .El |
.El |
| .Sh The machdep.* subtree |
.Ss The machdep.* subtree |
| The set of variables defined is architecture dependent. |
The set of variables defined is architecture dependent. |
| Most architectures define at least the following variables. |
Most architectures define at least the following variables. |
| .Bl -column "Second level name" "Type" "Changeable" -offset indent |
.Bl -column "machdep.booted_kernel" "Type" "Changeable" -offset indent |
| .It Sy Second level name Type Changeable |
.It Sy Second level name Type Changeable |
| .It Li CPU_CONSDEV dev_t no |
.It Li machdep.booted_kernel string no |
| .El |
.El |
| .Sh The net.* subtree |
.\" XXX: Document the above. |
| |
.Ss The net.* subtree |
| The string and integer information available for the |
The string and integer information available for the |
| .Li net |
.Li net |
| level is detailed below. |
level is detailed below. |
| Line 1656 The value is used when the kernel create |
|
| Line 1788 The value is used when the kernel create |
|
| on ACQUIRE PF_KEY message. |
on ACQUIRE PF_KEY message. |
| .El |
.El |
| .El |
.El |
| .Sh The proc.* subtree |
.Ss The proc.* subtree |
| The string and integer information available for the |
The string and integer information available for the |
| .Li proc |
.Li proc |
| level is detailed below. |
level is detailed below. |
| Line 1788 before it disappears. |
|
| Line 1920 before it disappears. |
|
| .Pp |
.Pp |
| This value is also inherited by the process's children. |
This value is also inherited by the process's children. |
| .El |
.El |
| .Sh The user.* subtree ( CTL_USER ) |
.Ss The user.* subtree ( CTL_USER ) |
| The string and integer information available for the |
The string and integer information available for the |
| .Li user |
.Li user |
| level is detailed below. |
level is detailed below. |
| Line 1889 at any one time. |
|
| Line 2021 at any one time. |
|
| The minimum maximum number of types supported for the name of a |
The minimum maximum number of types supported for the name of a |
| timezone. |
timezone. |
| .El |
.El |
| .Sh The vm.* subtree ( CTL_VM ) |
.Ss The vm.* subtree ( CTL_VM ) |
| The string and integer information available for the |
The string and integer information available for the |
| .Li vm |
.Li vm |
| level is detailed below. |
level is detailed below. |
| Line 1970 The returned data consists of a |
|
| Line 2102 The returned data consists of a |
|
| .Va struct uvmexp_sysctl . |
.Va struct uvmexp_sysctl . |
| .\" XXX vm.idlezero |
.\" XXX vm.idlezero |
| .El |
.El |
| .Sh The ddb.* subtree ( CTL_DDB ) |
.Ss The ddb.* subtree ( CTL_DDB ) |
| The information available for the |
The information available for the |
| .Li ddb |
.Li ddb |
| level is detailed below. |
level is detailed below. |
| Line 2022 nodes are also available as variables fr |
|
| Line 2154 nodes are also available as variables fr |
|
| See |
See |
| .Xr ddb 4 |
.Xr ddb 4 |
| for more details. |
for more details. |
| .Sh The security.* subtree ( CTL_SECURITY ) |
.Ss The security.* subtree ( CTL_SECURITY ) |
| The |
The |
| .Li security |
.Li security |
| level contains various security-related settings for |
level contains various security-related settings for |
| the system. |
the system. |
| |
The available second level names are: |
| |
.Bl -column "Second level name" "integer" "Changeable" -offset indent |
| |
.It Sy Second level name Type Changeable |
| |
.It Li security.curtain integer yes |
| |
.It Li security.models node not applicable |
| |
.It Li security.pax node not applicable |
| |
.El |
| |
.Pp |
| Available settings are detailed below. |
Available settings are detailed below. |
| .Pp |
.Pp |
| .Bl -tag -width "123456" |
.Bl -tag -width "123456" |
| .It Li security.curtain |
.It Li security.curtain |
| If non-zero, will filter return objects according to the user-id |
If non-zero, will filter return objects according to the user |
| |
.Tn ID |
| requesting information about them, preventing from users any |
requesting information about them, preventing from users any |
| access to objects they don't own. |
access to objects they do not own. |
| .Pp |
.Pp |
| At the moment, it affects |
At the moment, it affects |
| .Xr ps 1 , |
.Xr ps 1 , |
| Line 2064 For more information on any of the PaX f |
|
| Line 2205 For more information on any of the PaX f |
|
| .Xr paxctl 8 |
.Xr paxctl 8 |
| and |
and |
| .Xr security 8 . |
.Xr security 8 . |
| |
The available third and fourth level names are: |
| |
.Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \ |
| |
-offset 2n |
| |
.It Sy Third and fourth level names Ta Sy Type Ta Sy Changeable |
| |
.It Li security.pax.aslr.enabled integer yes |
| |
.\".It Li security.pax.aslr.exec_len integer yes |
| |
.It Li security.pax.aslr.global integer yes |
| |
.\".It Li security.pax.aslr.mmap_len integer yes |
| |
.\".It Li security.pax.aslr.stack_len integer yes |
| |
.It Li security.pax.mprotect.enabled integer yes |
| |
.It Li security.pax.mprotect.global integer yes |
| |
.It Li security.pax.segvguard.enabled integer yes |
| |
.It Li security.pax.segvguard.expiry_timeout integer yes |
| |
.It Li security.pax.segvguard.global integer yes |
| |
.It Li security.pax.segvguard.max_crashes integer yes |
| |
.It Li security.pax.segvguard.suspend_timeout integer yes |
| |
.El |
| .Pp |
.Pp |
| .Bl -tag -width "123456" |
.Bl -tag -width "123456" |
| .It Li security.pax.aslr.enable |
.It Li security.pax.aslr.enabled |
| Enable PaX ASLR (Address Space Layout Randomization). |
Enable PaX ASLR (Address Space Layout Randomization). |
| .Pp |
.Pp |
| The value of this |
The value of this |
| knob must be non-zero for PaX ASLR to be enabled, even if a program is set to |
knob must be non-zero for PaX ASLR to be enabled, even if a program is set to |
| explicit enable. |
explicit enable. |
| |
.\".It Li security.pax.aslr.exec_len |
| |
.\" XXX: Undocumented. |
| .It Li security.pax.aslr.global |
.It Li security.pax.aslr.global |
| Specifies the default global policy for programs without an |
Specifies the default global policy for programs without an |
| explicit enable/disable flag. |
explicit enable/disable flag. |
| Line 2081 When non-zero, all programs will get PaX |
|
| Line 2241 When non-zero, all programs will get PaX |
|
| Otherwise, all programs will not get PaX ASLR, except those specifically |
Otherwise, all programs will not get PaX ASLR, except those specifically |
| marked as such with |
marked as such with |
| .Xr paxctl 8 . |
.Xr paxctl 8 . |
| .It Li security.pax.mprotect.enable |
.\".It Li security.pax.aslr.mmap_len |
| |
.\" XXX: Undocumented. |
| |
.\" .It Li security.pax.aslr.stack_len |
| |
.\" XXX: Undocumented. |
| |
.It Li security.pax.mprotect.enabled |
| Enable PaX MPROTECT restrictions. |
Enable PaX MPROTECT restrictions. |
| .Pp |
.Pp |
| These are |
These are |
| Line 2100 except those exempted with |
|
| Line 2264 except those exempted with |
|
| Otherwise, all programs will not get the PaX MPROTECT restrictions, |
Otherwise, all programs will not get the PaX MPROTECT restrictions, |
| except those specifically marked as such with |
except those specifically marked as such with |
| .Xr paxctl 8 . |
.Xr paxctl 8 . |
| .It Li security.pax.segvguard.enable |
.It Li security.pax.segvguard.enabled |
| Enable PaX Segvguard. |
Enable PaX Segvguard. |
| .Pp |
.Pp |
| PaX Segvguard can detect and prevent certain exploitation attempts, where |
PaX Segvguard can detect and prevent certain exploitation attempts, where |
|
|
| .Nx |
.Nx |
| interface and implementation of the Segvguard is still experimental, and may |
interface and implementation of the Segvguard is still experimental, and may |
| change in future releases. |
change in future releases. |
| |
.It Li security.pax.segvguard.expiry_timeout |
| |
If the max number was not reached within this timeout (in seconds), the entry |
| |
will expire. |
| .It Li security.pax.segvguard.global |
.It Li security.pax.segvguard.global |
| Specifies the default global policy for programs without an |
Specifies the default global policy for programs without an |
| explicit enable/disable flag. |
explicit enable/disable flag. |
| Line 2122 except those exempted with |
|
| Line 2289 except those exempted with |
|
| Otherwise, no program will get the PaX Segvguard restrictions, |
Otherwise, no program will get the PaX Segvguard restrictions, |
| except those specifically marked as such with |
except those specifically marked as such with |
| .Xr paxctl 8 . |
.Xr paxctl 8 . |
| .It Li security.pax.segvguard.expiry_timeout |
.It Li security.pax.segvguard.max_crashes |
| If the max number was not reached within this timeout (in seconds), the entry |
The maximum number of segfaults a program can receive before suspension. |
| will expire. |
|
| .It Li security.pax.segvguard.suspend_timeout |
.It Li security.pax.segvguard.suspend_timeout |
| Number of seconds to suspend a user from running a faulting program when the |
Number of seconds to suspend a user from running a faulting program when the |
| limit was exceeded. |
limit was exceeded. |
| .It Li security.pax.segvguard.max_crashes |
|
| Max number of segfaults a program can receive before suspension. |
|
| .El |
.El |
| .El |
.El |
| .Sh The vendor.* subtree ( CTL_VENDOR ) |
.Ss The vendor.* subtree ( CTL_VENDOR ) |
| The |
The |
| .Li vendor |
.Li vendor |
| toplevel name is reserved to be used by vendors who wish to |
toplevel name is reserved to be used by vendors who wish to |
![[BACK]](/icons/back.gif){kind=icon}
Return to sysctl.7 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / share / man / man7