aboutsummaryrefslogtreecommitdiff
path: root/sbin/sysctl/sysctl.8
diff options
context:
space:
mode:
Diffstat (limited to 'sbin/sysctl/sysctl.8')
-rw-r--r--sbin/sysctl/sysctl.8202
1 files changed, 115 insertions, 87 deletions
diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8
index bd4000697552..e0e35f075a78 100644
--- a/sbin/sysctl/sysctl.8
+++ b/sbin/sysctl/sysctl.8
@@ -1,3 +1,6 @@
+.\"-
+.\" SPDX-License-Identifier: BSD-3-Clause
+.\"
.\" Copyright (c) 1993
.\" The Regents of the University of California. All rights reserved.
.\"
@@ -25,10 +28,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" From: @(#)sysctl.8 8.1 (Berkeley) 6/6/93
-.\" $FreeBSD$
-.\"
-.Dd June 30, 2022
+.Dd January 31, 2025
.Dt SYSCTL 8
.Os
.Sh NAME
@@ -36,13 +36,15 @@
.Nd get or set kernel state
.Sh SYNOPSIS
.Nm
-.Op Fl bdehiNnoTtqWx
+.Op Fl j Ar jail
+.Op Fl bdeFhiJlNnoqTtVWx
.Op Fl B Ar bufsize
.Op Fl f Ar filename
.Ar name Ns Op = Ns Ar value Ns Op , Ns Ar value
.Ar ...
.Nm
-.Op Fl bdehNnoTtqWx
+.Op Fl j Ar jail
+.Op Fl bdeFhJlNnoqTtVWx
.Op Fl B Ar bufsize
.Fl a
.Sh DESCRIPTION
@@ -53,11 +55,10 @@ privilege to set kernel state.
The state to be retrieved or set is described using a
.Dq Management Information Base
.Pq Dq MIB
-style name, described as a dotted set of
-components.
+style name, described as a dotted set of components.
.Pp
The following options are available:
-.Bl -tag -width indent
+.Bl -tag -width "-f filename"
.It Fl A
Equivalent to
.Fl o a
@@ -69,10 +70,6 @@ opaque or excluded from listing via the
flag.
This option is ignored if one or more variable names are specified on
the command line.
-.It Fl b
-Force the value of the variable(s) to be output in raw, binary format.
-No names are printed and no terminating newlines are output.
-This is mostly useful with a single variable.
.It Fl B Ar bufsize
Set the buffer size to read from the
.Nm
@@ -82,6 +79,10 @@ This is necessary for a
.Nm
that has variable length, and the probe value of 0 is a valid length, such as
.Va kern.arandom .
+.It Fl b
+Force the value of the variable(s) to be output in raw, binary format.
+No names are printed and no terminating newlines are output.
+This is mostly useful with a single variable.
.It Fl d
Print the description of the variable instead of its value.
.It Fl e
@@ -95,11 +96,19 @@ This option is ignored if either
or
.Fl n
is specified, or a variable is being set.
+.It Fl F
+Print the format of the variable.
+This is additional information to describe the type of the variable and
+most useful with struct types such as clockinfo, timeval, and loadavg.
.It Fl f Ar filename
Specify a file which contains a pair of name and value in each line.
.Nm
reads and processes the specified file first and then processes the name
and value pairs in the command line argument.
+Note that when the
+.Fl j Ar jail
+option is specified, the file will be opened before attaching to the jail and
+then be processed inside the jail.
.It Fl h
Format output for human, rather than machine, readability.
.It Fl i
@@ -108,6 +117,17 @@ The purpose is to make use of
.Nm
for collecting data from a variety of machines (not all of which
are necessarily running exactly the same software) easier.
+.It Fl J
+Display only jail prision sysctl variables (CTLFLAG_PRISON).
+.It Fl j Ar jail
+Perform the actions inside the
+.Ar jail
+(by jail id or jail name).
+.It Fl l
+Show the length of variables along with their values.
+This option cannot be combined with the
+.Fl N
+option.
.It Fl N
Show only variable names, not their values.
This is particularly useful with shells that offer programmable
@@ -145,6 +165,8 @@ to standard error.
Display only variables that are settable via loader (CTLFLAG_TUN).
.It Fl t
Print the type of the variable.
+.It Fl V
+Display only VNET sysctl variables (CTLFLAG_VNET).
.It Fl W
Display only writable variables that are not statistical.
Useful for determining the set of runtime tunable sysctls.
@@ -185,8 +207,10 @@ Please refer to
for more information on which tunables are available and how to set them.
.Pp
The string and integer information is summarized below.
-For a detailed description of these variable see
-.Xr sysctl 3 .
+For a detailed description of these variables see
+.Xr sysctl 3
+and
+.Xr security 7 .
.Pp
The changeable column indicates whether a process with appropriate
privilege can change the value.
@@ -194,75 +218,77 @@ String and integer values can be set using
.Nm .
.Bl -column security.bsd.unprivileged_read_msgbuf integerxxx
.It Sy "Name Type Changeable"
-.It "kern.ostype string no"
-.It "kern.osrelease string no"
-.It "kern.osrevision integer no"
-.It "kern.version string no"
-.It "kern.maxvnodes integer yes"
-.It "kern.maxproc integer no"
-.It "kern.maxprocperuid integer yes"
-.It "kern.maxfiles integer yes"
-.It "kern.maxfilesperproc integer yes"
-.It "kern.argmax integer no"
-.It "kern.securelevel integer raise only"
-.It "kern.hostname string yes"
-.It "kern.hostid integer yes"
-.It "kern.clockrate struct no"
-.It "kern.posix1version integer no"
-.It "kern.ngroups integer no"
-.It "kern.job_control integer no"
-.It "kern.saved_ids integer no"
-.It "kern.boottime struct no"
-.It "kern.domainname string yes"
-.It "kern.filedelay integer yes"
-.It "kern.dirdelay integer yes"
-.It "kern.metadelay integer yes"
-.It "kern.osreldate integer no"
-.It "kern.bootfile string yes"
-.It "kern.corefile string yes"
-.It "kern.logsigexit integer yes"
-.It "security.bsd.suser_enabled integer yes"
-.It "security.bsd.see_other_uids integer yes"
-.It "security.bsd.unprivileged_proc_debug integer yes"
-.It "security.bsd.unprivileged_read_msgbuf integer yes"
-.It "vm.loadavg struct no"
-.It "hw.machine string no"
-.It "hw.model string no"
-.It "hw.ncpu integer no"
-.It "hw.byteorder integer no"
-.It "hw.physmem integer no"
-.It "hw.usermem integer no"
-.It "hw.pagesize integer no"
-.It "hw.floatingpoint integer no"
-.It "hw.machine_arch string no"
-.It "hw.realmem integer no"
-.It "machdep.adjkerntz integer yes"
-.It "machdep.disable_rtc_set integer yes"
-.It "machdep.guessed_bootdev string no"
-.It "user.cs_path string no"
-.It "user.bc_base_max integer no"
-.It "user.bc_dim_max integer no"
-.It "user.bc_scale_max integer no"
-.It "user.bc_string_max integer no"
-.It "user.coll_weights_max integer no"
-.It "user.expr_nest_max integer no"
-.It "user.line_max integer no"
-.It "user.re_dup_max integer no"
-.It "user.posix2_version integer no"
-.It "user.posix2_c_bind integer no"
-.It "user.posix2_c_dev integer no"
-.It "user.posix2_char_term integer no"
-.It "user.posix2_fort_dev integer no"
-.It "user.posix2_fort_run integer no"
-.It "user.posix2_localedef integer no"
-.It "user.posix2_sw_dev integer no"
-.It "user.posix2_upe integer no"
-.It "user.stream_max integer no"
-.It "user.tzname_max integer no"
-.It "user.localbase string no"
+.It Va "kern.ostype string no"
+.It Va "kern.osrelease string no"
+.It Va "kern.osrevision integer no"
+.It Va "kern.version string no"
+.It Va "kern.maxvnodes integer yes"
+.It Va "kern.maxproc integer no"
+.It Va "kern.maxprocperuid integer yes"
+.It Va "kern.maxfiles integer yes"
+.It Va "kern.maxfilesperproc integer yes"
+.It Va "kern.argmax integer no"
+.It Va "kern.securelevel integer raise only"
+.It Va "kern.hostname string yes"
+.It Va "kern.hostid integer yes"
+.It Va "kern.clockrate struct no"
+.It Va "kern.posix1version integer no"
+.It Va "kern.ngroups integer no"
+.It Va "kern.job_control integer no"
+.It Va "kern.saved_ids integer no"
+.It Va "kern.boottime struct no"
+.It Va "kern.domainname string yes"
+.It Va "kern.filedelay integer yes"
+.It Va "kern.dirdelay integer yes"
+.It Va "kern.metadelay integer yes"
+.It Va "kern.osreldate integer no"
+.It Va "kern.bootfile string yes"
+.It Va "kern.corefile string yes"
+.It Va "kern.logsigexit integer yes"
+.It Va "security.bsd.suser_enabled integer yes"
+.It Va "security.bsd.see_other_uids integer yes"
+.It Va "security.bsd.see_other_gids integer yes"
+.It Va "security.bsd.see_jail_proc integer yes"
+.It Va "security.bsd.unprivileged_proc_debug integer yes"
+.It Va "security.bsd.unprivileged_read_msgbuf integer yes"
+.It Va "vm.loadavg struct no"
+.It Va "hw.machine string no"
+.It Va "hw.model string no"
+.It Va "hw.ncpu integer no"
+.It Va "hw.byteorder integer no"
+.It Va "hw.physmem integer no"
+.It Va "hw.usermem integer no"
+.It Va "hw.pagesize integer no"
+.It Va "hw.floatingpoint integer no"
+.It Va "hw.machine_arch string no"
+.It Va "hw.realmem integer no"
+.It Va "machdep.adjkerntz integer yes"
+.It Va "machdep.disable_rtc_set integer yes"
+.It Va "machdep.guessed_bootdev string no"
+.It Va "user.cs_path string no"
+.It Va "user.bc_base_max integer no"
+.It Va "user.bc_dim_max integer no"
+.It Va "user.bc_scale_max integer no"
+.It Va "user.bc_string_max integer no"
+.It Va "user.coll_weights_max integer no"
+.It Va "user.expr_nest_max integer no"
+.It Va "user.line_max integer no"
+.It Va "user.re_dup_max integer no"
+.It Va "user.posix2_version integer no"
+.It Va "user.posix2_c_bind integer no"
+.It Va "user.posix2_c_dev integer no"
+.It Va "user.posix2_char_term integer no"
+.It Va "user.posix2_fort_dev integer no"
+.It Va "user.posix2_fort_run integer no"
+.It Va "user.posix2_localedef integer no"
+.It Va "user.posix2_sw_dev integer no"
+.It Va "user.posix2_upe integer no"
+.It Va "user.stream_max integer no"
+.It Va "user.tzname_max integer no"
+.It Va "user.localbase string no"
.El
.Sh FILES
-.Bl -tag -width ".In netinet/icmp_var.h" -compact
+.Bl -tag -width "<netinet/icmp_var.h>" -compact
.It In sys/sysctl.h
definitions for top level identifiers, second level kernel and hardware
identifiers, and user level identifiers
@@ -286,20 +312,20 @@ definitions for fourth level UDP identifiers
For example, to retrieve the maximum number of processes allowed
in the system, one would use the following request:
.Pp
-.Dl "sysctl kern.maxproc"
+.Dl Va "sysctl kern.maxproc"
.Pp
To set the maximum number of processes allowed
per uid to 1000, one would use the following request:
.Pp
-.Dl "sysctl kern.maxprocperuid=1000"
+.Dl Va "sysctl kern.maxprocperuid=1000"
.Pp
Information about the system clock rate may be obtained with:
.Pp
-.Dl "sysctl kern.clockrate"
+.Dl Va "sysctl kern.clockrate"
.Pp
Information about the load average history may be obtained with:
.Pp
-.Dl "sysctl vm.loadavg"
+.Dl Va "sysctl vm.loadavg"
.Pp
More variables than these exist, and the best and likely only place
to search for their deeper meaning is undoubtedly the source where
@@ -312,7 +338,9 @@ option has been deprecated and is silently ignored.
.Xr sysctl 3 ,
.Xr loader.conf 5 ,
.Xr sysctl.conf 5 ,
-.Xr loader 8
+.Xr security 7 ,
+.Xr loader 8 ,
+.Xr jail 8
.Sh HISTORY
A
.Nm
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-06 19:26:19 +0000