[BACK]Return to sysctl.7 CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / share / man / man7

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/share/man/man7/sysctl.7 between version 1.61 and 1.90

version 1.61, 2011/02/02 09:07:32 version 1.90, 2015/07/11 16:47:49
Line 29 
Line 29 
 .\"  .\"
 .\"     @(#)sysctl.3    8.4 (Berkeley) 5/9/95  .\"     @(#)sysctl.3    8.4 (Berkeley) 5/9/95
 .\"  .\"
 .Dd February 1, 2011  .Dd July 11, 2015
 .Dt SYSCTL 7  .Dt SYSCTL 7
 .Os  .Os
 .Sh NAME  .Sh NAME
Line 142  The highest valid file system type numbe
Line 142  The highest valid file system type numbe
 Returns configuration information about the file system type given as a fourth  Returns configuration information about the file system type given as a fourth
 level identifier.  level identifier.
 .It Li vfs.generic.usermount ( VFS_USERMOUNT )  .It Li vfs.generic.usermount ( VFS_USERMOUNT )
 Determines if non superuser mounts are allowed, default to no  Determines if non superuser mounts are allowed, defaults to
 .Dv 0 .  .Dv 0 .
 .It Li vfs.generic.magiclinks ( VFS_MAGICLINKS )  .It Li vfs.generic.magiclinks ( VFS_MAGICLINKS )
 Controls if expansion of variables is going to be performed on pathnames  Controls if expansion of variables is going to be performed on pathnames
Line 164  capabilities with the following third le
Line 164  capabilities with the following third le
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li vfs.wapbl.flush_disk_cache  .It Li vfs.wapbl.flush_disk_cache
 Controls whether to attempt to flush the disk cache on each commit.  Controls whether to attempt to flush the disk cache on each commit.
 It defaults to 1 and it should always be on to ensure data integrity in  It defaults to 1 and it should always be on to ensure integrity
 case of a crash.  of file system metadata in the event of a power loss.
 For slow disks, turning it off can improve performance.  For slow disks, turning it off can improve performance.
 .It Li vfs.wapbl.verbose_commit  .It Li vfs.wapbl.verbose_commit
 For each transaction log commit, print the number of bytes written  For each transaction log commit, print the number of bytes written
Line 198  privilege may change the value.
Line 198  privilege may change the value.
 .It hw.machine_arch     string  no  .It hw.machine_arch     string  no
 .It hw.model    string  no  .It hw.model    string  no
 .It hw.ncpu     integer no  .It hw.ncpu     integer no
   .It hw.ncpuonline       integer no
 .It hw.pagesize integer no  .It hw.pagesize integer no
 .It hw.physmem  integer no  .It hw.physmem  integer no
 .It hw.physmem64        quad    no  .It hw.physmem64        quad    no
 .It hw.usermem  integer no  .It hw.usermem  integer no
 .It hw.usermem64        quad    no  .It hw.usermem64        quad    no
 .El  .El
 .Pp  
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li hw.alignbytes ( HW_ALIGNBYTES )  .It Li hw.alignbytes ( HW_ALIGNBYTES )
 Alignment constraint for all possible data types.  Alignment constraint for all possible data types.
Line 249  The machine CPU class.
Line 249  The machine CPU class.
 .It Li hw.model ( HW_MODEL )  .It Li hw.model ( HW_MODEL )
 The machine model.  The machine model.
 .It Li hw.ncpu ( HW_NCPU )  .It Li hw.ncpu ( HW_NCPU )
 The number of CPUs.  The number of CPUs configured.
   .It Li hw.ncpuonline ( HW_NCPUONLINE )
   The number of CPUs online.
 .It Li hw.pagesize ( HW_PAGESIZE )  .It Li hw.pagesize ( HW_PAGESIZE )
 The software page size.  The software page size.
 .It Li hw.physmem ( HW_PHYSMEM )  .It Li hw.physmem ( HW_PHYSMEM )
Line 277  privilege may change the value.
Line 279  privilege may change the value.
 .It kern.argmax integer no  .It kern.argmax integer no
 .It kern.boothowto      integer no  .It kern.boothowto      integer no
 .It kern.boottime       struct timeval  no  .It kern.boottime       struct timeval  no
   .It kern.buildinfo      string  no
 .\".It kern.bufq        node    not applicable  .\".It kern.bufq        node    not applicable
 .It kern.ccpu   integer no  .It kern.ccpu   integer no
 .It kern.clockrate      struct clockinfo        no  .It kern.clockrate      struct clockinfo        no
Line 306  privilege may change the value.
Line 309  privilege may change the value.
 .It kern.logsigexit     integer yes  .It kern.logsigexit     integer yes
 .It kern.mapped_files   integer no  .It kern.mapped_files   integer no
 .It kern.maxfiles       integer yes  .It kern.maxfiles       integer yes
   .It kern.maxlwp integer yes
 .It kern.maxpartitions  integer no  .It kern.maxpartitions  integer no
 .It kern.maxphys        integer no  .It kern.maxphys        integer no
 .It kern.maxproc        integer yes  .It kern.maxproc        integer yes
Line 328  privilege may change the value.
Line 332  privilege may change the value.
 .It kern.ostype string  no  .It kern.ostype string  no
 .\".It kern.panic_now   integer yes  .\".It kern.panic_now   integer yes
 .It kern.pipe   node    not applicable  .It kern.pipe   node    not applicable
   .It kern.pool   struct pool_sysctl      no
 .\" .It kern.posix      node    not applicable  .\" .It kern.posix      node    not applicable
 .It kern.posix1version  integer no  .It kern.posix1version  integer no
 .It kern.posix_aio      integer no  .It kern.posix_aio      integer no
Line 356  privilege may change the value.
Line 361  privilege may change the value.
 .It kern.timecounter    node    not applicable  .It kern.timecounter    node    not applicable
 .It kern.timex  struct  no  .It kern.timex  struct  no
 .It kern.tkstat node    not applicable  .It kern.tkstat node    not applicable
   .It kern.tty    node    not applicable
 .It kern.urandom        integer no  .It kern.urandom        integer no
 .It kern.usercrypto     integer yes  .It kern.usercrypto     integer yes
 .It kern.userasymcrypto integer yes  .It kern.userasymcrypto integer yes
Line 392  A
Line 398  A
 .Vt struct timeval  .Vt struct timeval
 structure is returned.  structure is returned.
 This structure contains the time that the system was booted.  This structure contains the time that the system was booted.
   .It Li kern.buildinfo
   When the kernel is built, the build environment may optionally provide
   arbitrary information to be stored in this variable.
 .\" .It Li kern.bufq  .\" .It Li kern.bufq
 .\" XXX: Undocumented.  .\" XXX: Undocumented.
 .It Li kern.ccpu ( KERN_CCPU )  .It Li kern.ccpu ( KERN_CCPU )
Line 595  The fourth level name selects the System
Line 604  The fourth level name selects the System
 .It KERN_SYSVIPC_SEM_INFO       struct sem_sysctl_info  .It KERN_SYSVIPC_SEM_INFO       struct sem_sysctl_info
 .It KERN_SYSVIPC_SHM_INFO       struct shm_sysctl_info  .It KERN_SYSVIPC_SHM_INFO       struct shm_sysctl_info
 .El  .El
 .Pp  
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li KERN_SYSVIPC_MSG_INFO  .It Li KERN_SYSVIPC_MSG_INFO
 Return information on the System V style message facility.  Return information on the System V style message facility.
Line 667  otherwise\ 0.
Line 675  otherwise\ 0.
 The maximum number of open files that may be open in the system.  The maximum number of open files that may be open in the system.
 .It Li kern.maxpartitions ( KERN_MAXPARTITIONS )  .It Li kern.maxpartitions ( KERN_MAXPARTITIONS )
 The maximum number of partitions allowed per disk.  The maximum number of partitions allowed per disk.
   .It Li kern.maxlwp
   The maximum number of Lightweight Processes (threads) the system allows
   per uid.
 .It Li kern.maxphys ( KERN_MAXPHYS )  .It Li kern.maxphys ( KERN_MAXPHYS )
 Maximum raw I/O transfer size.  Maximum raw I/O transfer size.
 .It Li kern.maxproc ( KERN_MAXPROC )  .It Li kern.maxproc ( KERN_MAXPROC )
Line 734  The third level names for the settings a
Line 745  The third level names for the settings a
 .Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent  .Bl -column "kern.module.autoload" "integer" "Changeable" -offset indent
 .It Sy Third level name Type    Changeable  .It Sy Third level name Type    Changeable
 .It kern.module.autoload        integer yes  .It kern.module.autoload        integer yes
   .It kern.module.autotime        integer yes
 .It kern.module.verbose integer yes  .It kern.module.verbose integer yes
 .El  .El
 .Pp  .Pp
Line 744  A boolean that controls whether kernel m
Line 756  A boolean that controls whether kernel m
 See  See
 .Xr module 7  .Xr module 7
 for additional details.  for additional details.
   .It Li kern.module.autotime
   An integer that controls the delay before an attempt is made to
   automatically unload a module that was auto-loaded.
   Setting this value to zero disables the auto-unload function.
 .It Li kern.module.verbose  .It Li kern.module.verbose
 A boolean that enables or disables verbose  A boolean that enables or disables verbose
 debug messages related to kernel modules.  debug messages related to kernel modules.
Line 839  Number of
Line 855  Number of
 .Dq big  .Dq big
 pipes.  pipes.
 .El  .El
   .It Li kern.pool
   Provides statistics about the
   .Xr pool 9
   and
   .Xr pool_cache 9
   subsystems.
 .\" XXX: Undocumented .It Li kern.posix ( ? )  .\" XXX: Undocumented .It Li kern.posix ( ? )
 .\"      This is a node in which the only variable is semmax.  .\"      This is a node in which the only variable is semmax.
 .It Li kern.posix1version ( KERN_POSIX1 )  .It Li kern.posix1version ( KERN_POSIX1 )
Line 1048  The total number of output characters.
Line 1070  The total number of output characters.
 .It Li kern.tkstat.rawcc ( KERN_TKSTAT_RAWCC )  .It Li kern.tkstat.rawcc ( KERN_TKSTAT_RAWCC )
 The number of raw input characters.  The number of raw input characters.
 .El  .El
   .It Li kern.tty
   The third level names for the tty setup variables are detailed below.
   The changeable column shows whether a process
   with appropriate privilege may change the value.
   .Bl -column "kern.tty.qsize" "int" "Changeable" -offset indent
   .It Sy Third level name Type    Changeable
   .It kern.tty.qsize      int     yes
   .El
   .Pp
   The variables are as follows:
   .Bl -tag -width "123456"
   .It Li kern.tty.qsize
   Control/display the size of the default input and output queues selected
   during tty creation.
   Is converted to a power of two and its range is between
   .Dv 1024
   and
   .Dv 65536 .
   .El
   .It Li kern.uidinfo
   Resource usage for the current user.
   .Bl -column "kern.uidinfo.proccnt" "integer" "Changeable" -offset indent
   .It Sy Third level name Type    Changeable
   .It kern.uidinfo.proccnt        integer no
   .It kern.uidinfo.lwpcnt integer no
   .It kern.uidinfo.lockcnt        integer no
   .It kern.uidinfo.sbsize integer no
   .El
   .Bl -tag -width "123456"
   .It Li kern.uidinfo.proccnt
   Returns the number of active processes for the current user.
   .It Li kern.uidinfo.lwpcnt
   Returns the number of active threads for the current user; the first thread
   of each process is not counted.
   .It Li kern.uidinfo.lockcnt
   Number of locks held by the current user.
   .It Li kern.uidinfo.sbsize
   Number of bytes in socket buffers allocated to the current user.
   .El
 .It Li kern.urandom ( KERN_URND )  .It Li kern.urandom ( KERN_URND )
 Random integer value.  Random integer value.
 .It Li kern.usercrypto  .It Li kern.usercrypto
Line 1085  point, the file system type, and the num
Line 1146  point, the file system type, and the num
 .It Li kern.veriexec.strict  .It Li kern.veriexec.strict
 Controls the strict level of Veriexec.  Controls the strict level of Veriexec.
 See  See
 .Xr security 8  .Xr security 7
 for more information on each level's implications.  for more information on each level's implications.
 .It Li kern.veriexec.verbose  .It Li kern.veriexec.verbose
 Controls the verbosity level of Veriexec.  Controls the verbosity level of Veriexec.
Line 1134  protocol number, though this is not alwa
Line 1195  protocol number, though this is not alwa
 .It net.inet6   IPv6 values     yes  .It net.inet6   IPv6 values     yes
 .It net.key     IPsec key management values     yes  .It net.key     IPsec key management values     yes
 .El  .El
 .Pp  
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li net.route ( PF_ROUTE )  .It Li net.route ( PF_ROUTE )
 .\" XXX really?  .\" XXX really?
Line 1164  The currently defined protocols and name
Line 1224  The currently defined protocols and name
 .It Sy Protocol name    Variable name   Type    Changeable  .It Sy Protocol name    Variable name   Type    Changeable
 .It arp down    integer yes  .It arp down    integer yes
 .It arp keep    integer yes  .It arp keep    integer yes
   .It arp log_movements   integer yes
   .It arp log_permanent_modify    integer yes
   .It arp log_unknown_network     integer yes
   .It arp log_wrong_iface integer yes
 .It arp prune   integer yes  .It arp prune   integer yes
 .It arp refresh integer yes  .It arp refresh integer yes
 .It carp        allow   integer yes  .It carp        allow   integer yes
Line 1176  The currently defined protocols and name
Line 1240  The currently defined protocols and name
 .It icmp        redirtimeout    integer yes  .It icmp        redirtimeout    integer yes
 .It icmp        bmcastecho      integer yes  .It icmp        bmcastecho      integer yes
 .It ip  allowsrcrt      integer yes  .It ip  allowsrcrt      integer yes
   .It ip  anonportalgo.selected   string  yes
   .It ip  anonportalgo.available  string  yes
   .It ip  anonportalgo.reserve    struct  yes
 .It ip  anonportmax     integer yes  .It ip  anonportmax     integer yes
 .It ip  anonportmin     integer yes  .It ip  anonportmin     integer yes
 .It ip  checkinterface  integer yes  .It ip  checkinterface  integer yes
Line 1278  believes it can send advertisements more
Line 1345  believes it can send advertisements more
 Disabled by default.  Disabled by default.
 .It Li ip.allowsrcrt  .It Li ip.allowsrcrt
 If set to 1, the host accepts source routed packets.  If set to 1, the host accepts source routed packets.
   .It Li ip.anonportalgo.available
   The available RFC 6056 port randomization algorithms.
   .It Li ip.anonportalgo.reserve
   A bitmask of ports that will not be used during anonymous or privileged
   port selection.
   .It Li ip.anonportalgo.selected
   The currently selected RFC 6056 port randomization algorithm.
 .It Li ip.anonportmax  .It Li ip.anonportmax
 The highest port number to use for TCP and UDP ephemeral port allocation.  The highest port number to use for TCP and UDP ephemeral port allocation.
 This cannot be set to less than 1024 or greater than 65535, and must  This cannot be set to less than 1024 or greater than 65535, and must
Line 1415  Number of ticks to delay sending an ACK.
Line 1489  Number of ticks to delay sending an ACK.
 Perform TCP checksum on loopback.  Perform TCP checksum on loopback.
 .It Li tcp.init_win  .It Li tcp.init_win
 A value indicating the TCP initial congestion window.  A value indicating the TCP initial congestion window.
 If this value is 0, an auto-tuning algorithm designed to use an initial  The valid range
 window of approximately 4K bytes is in use.  is 0 to 10 (maximum specified by RFC6928),
 Otherwise, this value indicates a fixed number of packets.  with a default of 4 (approximately 4K per RFC3390).
 .It Li tcp.init_win_local  .It Li tcp.init_win_local
 Like  Like
 .Li tcp.init_win ,  .Li tcp.init_win ,
Line 1514  It has no effect unless tcp.abc.enable i
Line 1588  It has no effect unless tcp.abc.enable i
 If set to 1, UDP checksums are being computed.  If set to 1, UDP checksums are being computed.
 Received non-zero UDP checksums are always checked.  Received non-zero UDP checksums are always checked.
 Disabling UDP checksums is strongly discouraged.  Disabling UDP checksums is strongly discouraged.
 .It Li udp.sendspace  
 The default UDP send buffer size.  
 .It Li udp.recvspace  .It Li udp.recvspace
 The default UDP receive buffer size.  The default UDP receive buffer size.
   .It Li udp.sendspace
   The default UDP send buffer size.
 .El  .El
 .Pp  .Pp
 For variables net.*.ipsec, please refer to  For variables net.*.ipsec, please refer to
Line 1544  The currently defined protocols and name
Line 1618  The currently defined protocols and name
 .It icmp6       rediraccept     integer yes  .It icmp6       rediraccept     integer yes
 .It icmp6       redirtimeout    integer yes  .It icmp6       redirtimeout    integer yes
 .It ip6 accept_rtadv    integer yes  .It ip6 accept_rtadv    integer yes
   .It ip6 anonportalgo.selected   string  yes
   .It ip6 anonportalgo.available  string  yes
   .It ip6 anonportalgo.reserve    struct  yes
 .It ip6 anonportmax     integer yes  .It ip6 anonportmax     integer yes
 .It ip6 anonportmin     integer yes  .It ip6 anonportmin     integer yes
 .It ip6 auto_flowlabel  integer yes  .It ip6 auto_flowlabel  integer yes
Line 1559  The currently defined protocols and name
Line 1636  The currently defined protocols and name
 .It ip6 log_interval    integer yes  .It ip6 log_interval    integer yes
 .It ip6 lowportmax      integer yes  .It ip6 lowportmax      integer yes
 .It ip6 lowportmin      integer yes  .It ip6 lowportmin      integer yes
   .It ip6 maxdynroutes    integer yes
   .It ip6 maxifprefixes   integer yes
   .It ip6 maxifdefrouters integer yes
 .It ip6 maxflows        integer yes  .It ip6 maxflows        integer yes
 .It ip6 maxfragpackets  integer yes  .It ip6 maxfragpackets  integer yes
 .It ip6 maxfrags        integer yes  .It ip6 maxfrags        integer yes
   .It ip6 neighborgcthresh        integer yes
 .It ip6 redirect        integer yes  .It ip6 redirect        integer yes
 .It ip6 rr_prune        integer yes  .It ip6 rr_prune        integer yes
 .It ip6 use_deprecated  integer yes  .It ip6 use_deprecated  integer yes
Line 1579  and autoconfigures address prefixes and 
Line 1660  and autoconfigures address prefixes and 
 The node must be a host  The node must be a host
 .Pq not a router  .Pq not a router
 for the option to be meaningful.  for the option to be meaningful.
   .It Li ip6.anonportalgo.available
   The available RFC 6056 port randomization algorithms.
   .It Li ip6.anonportalgo.reserve
   A bitmask of ports that will not be used during anonymous or privileged
   port selection.
   .It Li ip6.anonportalgo.selected
   The currently selected RFC 6056 port randomization algorithm.
 .It Li ip6.anonportmax  .It Li ip6.anonportmax
 The highest port number to use for TCP and UDP ephemeral port allocation.  The highest port number to use for TCP and UDP ephemeral port allocation.
 This cannot be set to less than 1024 or greater than 65535, and must  This cannot be set to less than 1024 or greater than 65535, and must
Line 1656  The lowest port number to use for TCP an
Line 1744  The lowest port number to use for TCP an
 This cannot be set to less than 0 or greater than 1024, and must  This cannot be set to less than 0 or greater than 1024, and must
 be smaller than  be smaller than
 .Li ip6.lowportmax .  .Li ip6.lowportmax .
   .It Li ip6.maxdynroutes
   Maximum number of routes created by redirect.
   Set it to negative to disable.
   The default value is 4096.
   .It Li ip6.maxifprefixes
   Maximum number of prefixes created by route advertisements per interface.
   Set it to negative to disable.
   The default value is 16.
   .It Li ip6.maxifdefrouters 16
   Maximum number of default routers created by route advertisements per interface.
   Set it to negative to disable.
   The default value is 16.
 .It Li ip6.maxflows  .It Li ip6.maxflows
 IPv6 Fast Forwarding is enabled by default.  IPv6 Fast Forwarding is enabled by default.
 If set to 0, IPv6 Fast Forwarding is disabled.  If set to 0, IPv6 Fast Forwarding is disabled.
Line 1672  The maximum number of fragments the node
Line 1772  The maximum number of fragments the node
 0 means that the node will not accept any fragments.  0 means that the node will not accept any fragments.
 \-1 means that the node will accept as many fragments as it receives.  \-1 means that the node will accept as many fragments as it receives.
 The flag is provided basically for avoiding possible DoS attacks.  The flag is provided basically for avoiding possible DoS attacks.
   .It Li ip6.neighborgcthresh
   Maximum number of entries in neighbor cache.
   Set to negative to disable.
   The default value is 2048.
 .It Li ip6.redirect  .It Li ip6.redirect
 If set to 1, ICMPv6 redirects may be sent by the node.  If set to 1, ICMPv6 redirects may be sent by the node.
 This option is ignored unless the node is routing IP packets,  This option is ignored unless the node is routing IP packets,
Line 1797  The currently defined variable and names
Line 1901  The currently defined variable and names
 .Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent  .Bl -column "blockacq_lifetime" "integer" "Changeable" -offset indent
 .It Sy Variable name    Type    Changeable  .It Sy Variable name    Type    Changeable
 .It debug       integer yes  .It debug       integer yes
   .It enabled     integer yes
   .It used        integer no
 .It spi_try     integer yes  .It spi_try     integer yes
 .It spi_min_value       integer yes  .It spi_min_value       integer yes
 .It spi_max_value       integer yes  .It spi_max_value       integer yes
Line 1814  The variables are as follows:
Line 1920  The variables are as follows:
 Turn on debugging message from within the kernel.  Turn on debugging message from within the kernel.
 The value is a bitmap, as defined in  The value is a bitmap, as defined in
 .In netkey/key_debug.h .  .In netkey/key_debug.h .
   .It Li enabled
   Control processing of IPsec control messages.
   .Bl -tag -width indent
   .It 0
   Never allow IPsec processing
   .It 1
   Allow IPsec processing when SPD policies are present.
   .It 2
   Force IPsec processing even when SPD policies are not present.
   .El
   .It Li used
   Based on if IPsec is enabled, and SPD rule existance, show if
   IPsec is being used.
   Note that currenly once IPsec is being used, it cannot be disabled.
 .It Li spi_try  .It Li spi_try
 The number of times the kernel will try to obtain an unique SPI  The number of times the kernel will try to obtain an unique SPI
 when it generates it from random number generator.  when it generates it from random number generator.
Line 1926  set by the
Line 2046  set by the
 and  and
 .Dv SO_SNDBUF  .Dv SO_SNDBUF
 options.  options.
   .It Li proc.pid.rlimit.vmemoryuse ( PROC_PID_LIMIT_AS )
   The maximum size (in bytes) which a process can obtain.
   .It Li proc.pid.rlimit.maxlwp ( PROC_PID_LIMIT_NTHR )
   The maximum number of threads that cen be created and running at one time in
   the process.
   The first thread of each process is not counted against this.
 .El  .El
 .Pp  .Pp
 The fifth level name is one of  The fifth level name is one of
Line 2111  privilege may change the value.
Line 2237  privilege may change the value.
 .It vm.uvmexp2  struct uvmexp_sysctl    no  .It vm.uvmexp2  struct uvmexp_sysctl    no
 .It vm.vmmeter  struct vmtotal  no  .It vm.vmmeter  struct vmtotal  no
 .El  .El
 .Pp  
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li vm.anonmax ( VM_ANONMAX )  .It Li vm.anonmax ( VM_ANONMAX )
 The percentage of physical memory which will be reclaimed  The percentage of physical memory which will be reclaimed
Line 2185  privilege may change the value.
Line 2310  privilege may change the value.
 .It ddb.tee_msgbuf      integer yes  .It ddb.tee_msgbuf      integer yes
 .It ddb.commandonenter  string  yes  .It ddb.commandonenter  string  yes
 .El  .El
 .Pp  
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li ddb.radix ( DDBCTL_RADIX )  .It Li ddb.radix ( DDBCTL_RADIX )
 The input and output radix.  The input and output radix.
Line 2198  Number of display lines.
Line 2322  Number of display lines.
 .It Li ddb.tabstops ( DDBCTL_TABSTOPS )  .It Li ddb.tabstops ( DDBCTL_TABSTOPS )
 Tab width.  Tab width.
 .It Li ddb.onpanic ( DDBCTL_ONPANIC )  .It Li ddb.onpanic ( DDBCTL_ONPANIC )
 If non-zero, DDB will be entered if the kernel panics.  If greater than zero, DDB will be entered if the kernel panics.
   A value of 1 causes the system to enter DDB on panic, while a value of 2
   causes the kernel to attempt to print out a stack trace before entering DDB.
   A value of 0 causes the kernel to attempt to print a stack trace, then
   reboot, while a value of \-1 means neither a stack trace will be printed
   nor DDB entered.
 .It Li ddb.fromconsole ( DDBCTL_FROMCONSOLE )  .It Li ddb.fromconsole ( DDBCTL_FROMCONSOLE )
 If not zero, DDB may be entered by sending a break on a serial  If not zero, DDB may be entered by sending a break on a serial
 console or by a special key sequence on a graphics console.  console or by a special key sequence on a graphics console.
Line 2232  The available second level names are:
Line 2361  The available second level names are:
 .El  .El
 .Pp  .Pp
 Available settings are detailed below.  Available settings are detailed below.
 .Pp  
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li security.curtain  .It Li security.curtain
 If non-zero, will filter return objects according to the user  If non-zero, will filter return objects according to the user
Line 2268  Settings for PaX -- exploit mitigation f
Line 2396  Settings for PaX -- exploit mitigation f
 For more information on any of the PaX features, please see  For more information on any of the PaX features, please see
 .Xr paxctl 8  .Xr paxctl 8
 and  and
 .Xr security 8 .  .Xr security 7 .
 The available third and fourth level names are:  The available third and fourth level names are:
 .Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \  .Bl -column "security.pax.segvguard.suspend_timeout" "integer" "Changeable" \
 -offset 2n  -offset 2n
Line 2286  The available third and fourth level nam
Line 2414  The available third and fourth level nam
 .It Li security.pax.segvguard.max_crashes       integer yes  .It Li security.pax.segvguard.max_crashes       integer yes
 .It Li security.pax.segvguard.suspend_timeout   integer yes  .It Li security.pax.segvguard.suspend_timeout   integer yes
 .El  .El
 .Pp  
 .Bl -tag -width "123456"  .Bl -tag -width "123456"
 .It Li security.pax.aslr.enabled  .It Li security.pax.aslr.enabled
 Enable PaX ASLR (Address Space Layout Randomization).  Enable PaX ASLR (Address Space Layout Randomization).
Line 2301  Specifies the default global policy for 
Line 2428  Specifies the default global policy for 
 explicit enable/disable flag.  explicit enable/disable flag.
 .Pp  .Pp
 When non-zero, all programs will get PaX ASLR, except those exempted with  When non-zero, all programs will get PaX ASLR, except those exempted with
 .Xr paxctl 8  .  .Xr paxctl 8 .
 Otherwise, all programs will not get PaX ASLR, except those specifically  Otherwise, all programs will not get PaX ASLR, except those specifically
 marked as such with  marked as such with
 .Xr paxctl 8 .  .Xr paxctl 8 .
Line 2324  explicit enable/disable flag.
Line 2451  explicit enable/disable flag.
 .Pp  .Pp
 When non-zero, all programs will get the PaX MPROTECT restrictions,  When non-zero, all programs will get the PaX MPROTECT restrictions,
 except those exempted with  except those exempted with
 .Xr paxctl 8  .  .Xr paxctl 8 .
 Otherwise, all programs will not get the PaX MPROTECT restrictions,  Otherwise, all programs will not get the PaX MPROTECT restrictions,
 except those specifically marked as such with  except those specifically marked as such with
 .Xr paxctl 8 .  .Xr paxctl 8 .
Line 2349  explicit enable/disable flag.
Line 2476  explicit enable/disable flag.
 .Pp  .Pp
 When non-zero, all programs will get the PaX Segvguard,  When non-zero, all programs will get the PaX Segvguard,
 except those exempted with  except those exempted with
 .Xr paxctl 8  .  .Xr paxctl 8 .
 Otherwise, no program will get the PaX Segvguard restrictions,  Otherwise, no program will get the PaX Segvguard restrictions,
 except those specifically marked as such with  except those specifically marked as such with
 .Xr paxctl 8 .  .Xr paxctl 8 .
Line 2371  Intended use is to store values under
Line 2498  Intended use is to store values under
 .Xr sysctl 3 ,  .Xr sysctl 3 ,
 .Xr ipsec 4 ,  .Xr ipsec 4 ,
 .Xr tcp 4 ,  .Xr tcp 4 ,
 .Xr security 8 ,  .Xr security 7 ,
 .Xr sysctl 8  .Xr sysctl 8
 .Sh HISTORY  .Sh HISTORY
 The  The

Legend:
Removed from v.1.61  
changed lines
  Added in v.1.90

CVSweb <webmaster@jp.NetBSD.org>