diff options
author | Giorgos Keramidas <keramida@FreeBSD.org> | 2006-11-29 21:22:35 +0000 |
---|---|---|
committer | Giorgos Keramidas <keramida@FreeBSD.org> | 2006-11-29 21:22:35 +0000 |
commit | 2f185406048453bc571cb58489cce2449fc2e256 (patch) | |
tree | 33c8bda495278e326c1ed681d40c2d8cf0052b30 | |
parent | a1b483e2cce82ca84391fcce438b3c7878090587 (diff) | |
download | doc-2f185406048453bc571cb58489cce2449fc2e256.tar.gz doc-2f185406048453bc571cb58489cce2449fc2e256.zip |
Remove a reference to the `compat.linux.osrelease' sysctl.
As Alexander Leidinger has pointed out:
"glibc behaves differently based upon the value of it. It may refuse to
do anything if it doesn't understand the value. Changing the value of
osrelease is only advised in experimental situations (like in
http://wiki.freebsd.org/linux-kernel) and may result even in kernel
panics."
I've replaced a reference to `compat.linux.osrelease' with a safer
example, for setting `security.bsd.see_other_uids=0', which we already
use as a sample /etc/sysctl.conf entry anyway.
Notes
Notes:
svn path=/head/; revision=29145
-rw-r--r-- | en_US.ISO8859-1/books/handbook/config/chapter.sgml | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/en_US.ISO8859-1/books/handbook/config/chapter.sgml b/en_US.ISO8859-1/books/handbook/config/chapter.sgml index 80af1fb62d..e72760a680 100644 --- a/en_US.ISO8859-1/books/handbook/config/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/config/chapter.sgml @@ -1686,13 +1686,16 @@ cron.* /var/log/cron form. The specified values are set after the system goes into multi-user mode. Not all variables are settable in this mode.</para> - <para>To turn off logging of fatal signal exits and let Linux - programs know they are really running under &os;, the following - tunables can be set in <filename>sysctl.conf</filename>:</para> + <para>To turn off logging of fatal signal exits and prevent users from + seeing processes started from other users, the following tunables can + be set in <filename>sysctl.conf</filename>:</para> - <programlisting>kern.logsigexit=0 # Do not log fatal signal exits (e.g. sig 11) -compat.linux.osname=&os; -compat.linux.osrelease=4.3-STABLE</programlisting> + <programlisting># Do not log fatal signal exits (e.g. sig 11) +kern.logsigexit=0 + +# Prevent users from seeing information about processes that +# are being run under another UID. +security.bsd.see_other_uids=0</programlisting> </sect2> </sect1> |