CONTRIBUTING.d/patches: Please provide a git-range-diff(1)

[man-pages.git] / man5 / proc_sys_kernel.5

.\" Copyright (C) 1994, 1995, Daniel Quinlan <quinlan@yggdrasil.com>
.\" Copyright (C) 2002-2008, 2017, Michael Kerrisk <mtk.manpages@gmail.com>
.\" Copyright (C) , Andries Brouwer <aeb@cwi.nl>
.\" Copyright (C) 2023, Alejandro Colomar <alx@kernel.org>
.\"
.\" SPDX-License-Identifier: GPL-3.0-or-later
.\"
.TH proc_sys_kernel 5 (date) "Linux man-pages (unreleased)"
.SH NAME
/proc/sys/kernel/ \- control a range of kernel parameters
.SH DESCRIPTION
.TP
.I /proc/sys/kernel/
This directory contains files controlling a range of kernel parameters,
as described below.
.TP
.I /proc/sys/kernel/acct
This file
contains three numbers:
.IR highwater ,
.IR lowwater ,
and
.IR frequency .
If BSD-style process accounting is enabled, these values control
its behavior.
If free space on filesystem where the log lives goes below
.I lowwater
percent, accounting suspends.
If free space gets above
.I highwater
percent, accounting resumes.
.I frequency
determines
how often the kernel checks the amount of free space (value is in
seconds).
Default values are 4, 2, and 30.
That is, suspend accounting if 2% or less space is free; resume it
if 4% or more space is free; consider information about amount of free space
valid for 30 seconds.
.TP
.IR /proc/sys/kernel/auto_msgmni " (Linux 2.6.27 to Linux 3.18)"
.\" commit 9eefe520c814f6f62c5d36a2ddcd3fb99dfdb30e (introduces feature)
.\" commit 0050ee059f7fc86b1df2527aaa14ed5dc72f9973 (rendered redundant)
From Linux 2.6.27 to Linux 3.18,
this file was used to control recomputing of the value in
.I /proc/sys/kernel/msgmni
upon the addition or removal of memory or upon IPC namespace creation/removal.
Echoing "1" into this file enabled
.I msgmni
automatic recomputing (and triggered a recomputation of
.I msgmni
based on the current amount of available memory and number of IPC namespaces).
Echoing "0" disabled automatic recomputing.
(Automatic recomputing was also disabled if a value was explicitly assigned to
.IR /proc/sys/kernel/msgmni .)
The default value in
.I auto_msgmni
was 1.
.IP
Since Linux 3.19, the content of this file has no effect (because
.I msgmni
.\" FIXME Must document the 3.19 'msgmni' changes.
defaults to near the maximum value possible),
and reads from this file always return the value "0".
.TP
.IR /proc/sys/kernel/cap_last_cap " (since Linux 3.2)"
See
.BR capabilities (7).
.TP
.IR /proc/sys/kernel/cap\-bound " (from Linux 2.2 to Linux 2.6.24)"
This file holds the value of the kernel
.I "capability bounding set"
(expressed as a signed decimal number).
This set is ANDed against the capabilities permitted to a process
during
.BR execve (2).
Starting with Linux 2.6.25,
the system-wide capability bounding set disappeared,
and was replaced by a per-thread bounding set; see
.BR capabilities (7).
.TP
.I /proc/sys/kernel/core_pattern
See
.BR core (5).
.TP
.I /proc/sys/kernel/core_pipe_limit
See
.BR core (5).
.TP
.I /proc/sys/kernel/core_uses_pid
See
.BR core (5).
.TP
.I /proc/sys/kernel/ctrl\-alt\-del
This file
controls the handling of Ctrl-Alt-Del from the keyboard.
When the value in this file is 0, Ctrl-Alt-Del is trapped and
sent to the
.BR init (1)
program to handle a graceful restart.
When the value is greater than zero, Linux's reaction to a Vulcan
Nerve Pinch (tm) will be an immediate reboot, without even
syncing its dirty buffers.
Note: when a program (like dosemu) has the keyboard in "raw"
mode, the Ctrl-Alt-Del is intercepted by the program before it
ever reaches the kernel tty layer, and it's up to the program
to decide what to do with it.
.TP
.IR /proc/sys/kernel/dmesg_restrict " (since Linux 2.6.37)"
The value in this file determines who can see kernel syslog contents.
A value of 0 in this file imposes no restrictions.
If the value is 1, only privileged users can read the kernel syslog.
(See
.BR syslog (2)
for more details.)
Since Linux 3.4,
.\" commit 620f6e8e855d6d447688a5f67a4e176944a084e8
only users with the
.B CAP_SYS_ADMIN
capability may change the value in this file.
.TP
.IR /proc/sys/kernel/domainname " and " /proc/sys/kernel/hostname
can be used to set the NIS/YP domainname and the
hostname of your box in exactly the same way as the commands
.BR domainname (1)
and
.BR hostname (1),
that is:
.IP
.in +4n
.EX
.RB "#" " echo \[aq]darkstar\[aq] > /proc/sys/kernel/hostname"
.RB "#" " echo \[aq]mydomain\[aq] > /proc/sys/kernel/domainname"
.EE
.in
.IP
has the same effect as
.IP
.in +4n
.EX
.RB "#" " hostname \[aq]darkstar\[aq]"
.RB "#" " domainname \[aq]mydomain\[aq]"
.EE
.in
.IP
Note, however, that the classic darkstar.frop.org has the
hostname "darkstar" and DNS (Internet Domain Name Server)
domainname "frop.org", not to be confused with the NIS (Network
Information Service) or YP (Yellow Pages) domainname.
These two
domain names are in general different.
For a detailed discussion
see the
.BR hostname (1)
man page.
.TP
.I /proc/sys/kernel/hotplug
This file
contains the pathname for the hotplug policy agent.
The default value in this file is
.IR /sbin/hotplug .
.TP
.\" Removed in commit 87f504e5c78b910b0c1d6ffb89bc95e492322c84 (tglx/history.git)
.IR /proc/sys/kernel/htab\-reclaim " (before Linux 2.4.9.2)"
(PowerPC only) If this file is set to a nonzero value,
the PowerPC htab
.\" removed in commit 1b483a6a7b2998e9c98ad985d7494b9b725bd228, before Linux 2.6.28
(see kernel file
.IR Documentation/powerpc/ppc_htab.txt )
is pruned
each time the system hits the idle loop.
.TP
.I /proc/sys/kernel/keys/
This directory contains various files that define parameters and limits
for the key-management facility.
These files are described in
.BR keyrings (7).
.TP
.IR /proc/sys/kernel/kptr_restrict " (since Linux 2.6.38)"
.\" 455cd5ab305c90ffc422dd2e0fb634730942b257
The value in this file determines whether kernel addresses are exposed via
.I /proc
files and other interfaces.
A value of 0 in this file imposes no restrictions.
If the value is 1, kernel pointers printed using the
.I %pK
format specifier will be replaced with zeros unless the user has the
.B CAP_SYSLOG
capability.
If the value is 2, kernel pointers printed using the
.I %pK
format specifier will be replaced with zeros regardless
of the user's capabilities.
The initial default value for this file was 1,
but the default was changed
.\" commit 411f05f123cbd7f8aa1edcae86970755a6e2a9d9
to 0 in Linux 2.6.39.
Since Linux 3.4,
.\" commit 620f6e8e855d6d447688a5f67a4e176944a084e8
only users with the
.B CAP_SYS_ADMIN
capability can change the value in this file.
.TP
.I /proc/sys/kernel/l2cr
(PowerPC only) This file
contains a flag that controls the L2 cache of G3 processor
boards.
If 0, the cache is disabled.
Enabled if nonzero.
.TP
.I /proc/sys/kernel/modprobe
This file contains the pathname for the kernel module loader.
The default value is
.IR /sbin/modprobe .
The file is present only if the kernel is built with the
.B CONFIG_MODULES
.RB ( CONFIG_KMOD
in Linux 2.6.26 and earlier)
option enabled.
It is described by the Linux kernel source file
.I Documentation/kmod.txt
(present only in Linux 2.4 and earlier).
.TP
.IR /proc/sys/kernel/modules_disabled " (since Linux 2.6.31)"
.\" 3d43321b7015387cfebbe26436d0e9d299162ea1
.\" From Documentation/sysctl/kernel.txt
A toggle value indicating if modules are allowed to be loaded
in an otherwise modular kernel.
This toggle defaults to off (0), but can be set true (1).
Once true, modules can be neither loaded nor unloaded,
and the toggle cannot be set back to false.
The file is present only if the kernel is built with the
.B CONFIG_MODULES
option enabled.
.TP
.IR /proc/sys/kernel/msgmax " (since Linux 2.2)"
This file defines
a system-wide limit specifying the maximum number of bytes in
a single message written on a System V message queue.
.TP
.IR /proc/sys/kernel/msgmni " (since Linux 2.4)"
This file defines the system-wide limit on the number of
message queue identifiers.
See also
.IR /proc/sys/kernel/auto_msgmni .
.TP
.IR /proc/sys/kernel/msgmnb " (since Linux 2.2)"
This file defines a system-wide parameter used to initialize the
.I msg_qbytes
setting for subsequently created message queues.
The
.I msg_qbytes
setting specifies the maximum number of bytes that may be written to the
message queue.
.TP
.IR /proc/sys/kernel/ngroups_max " (since Linux 2.6.4)"
This is a read-only file that displays the upper limit on the
number of a process's group memberships.
.TP
.IR /proc/sys/kernel/ns_last_pid " (since Linux 3.3)"
See
.BR pid_namespaces (7).
.TP
.IR /proc/sys/kernel/ostype " and " /proc/sys/kernel/osrelease
These files
give substrings of
.IR /proc/version .
.TP
.IR /proc/sys/kernel/overflowgid " and " /proc/sys/kernel/overflowuid
These files duplicate the files
.I /proc/sys/fs/overflowgid
and
.IR /proc/sys/fs/overflowuid .
.TP
.I /proc/sys/kernel/panic
This file gives read/write access to the kernel variable
.IR panic_timeout .
If this is zero, the kernel will loop on a panic; if nonzero,
it indicates that the kernel should autoreboot after this number
of seconds.
When you use the
software watchdog device driver, the recommended setting is 60.
.TP
.IR /proc/sys/kernel/panic_on_oops " (since Linux 2.5.68)"
This file controls the kernel's behavior when an oops
or BUG is encountered.
If this file contains 0, then the system
tries to continue operation.
If it contains 1, then the system
delays a few seconds (to give klogd time to record the oops output)
and then panics.
If the
.I /proc/sys/kernel/panic
file is also nonzero, then the machine will be rebooted.
.TP
.IR /proc/sys/kernel/pid_max " (since Linux 2.5.34)"
This file specifies the value at which PIDs wrap around
(i.e., the value in this file is one greater than the maximum PID).
PIDs greater than this value are not allocated;
thus, the value in this file also acts as a system-wide limit
on the total number of processes and threads.
The default value for this file, 32768,
results in the same range of PIDs as on earlier kernels.
On 32-bit platforms, 32768 is the maximum value for
.IR pid_max .
On 64-bit systems,
.I pid_max
can be set to any value up to 2\[ha]22
.RB ( PID_MAX_LIMIT ,
approximately 4 million).
.\" Prior to Linux 2.6.10, pid_max could also be raised above 32768 on 32-bit
.\" platforms, but this broke /proc/[pid]
.\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=109513010926152&w=2
.TP
.IR /proc/sys/kernel/powersave\-nap " (PowerPC only)"
This file contains a flag.
If set, Linux-PPC will use the "nap" mode of
powersaving,
otherwise the "doze" mode will be used.
.TP
.I /proc/sys/kernel/printk
See
.BR syslog (2).
.TP
.IR /proc/sys/kernel/pty " (since Linux 2.6.4)"
This directory contains two files relating to the number of UNIX 98
pseudoterminals (see
.BR pts (4))
on the system.
.TP
.I /proc/sys/kernel/pty/max
This file defines the maximum number of pseudoterminals.
.\" FIXME Document /proc/sys/kernel/pty/reserve
.\"     New in Linux 3.3
.\"     commit e9aba5158a80098447ff207a452a3418ae7ee386
.TP
.I /proc/sys/kernel/pty/nr
This read-only file
indicates how many pseudoterminals are currently in use.
.TP
.I /proc/sys/kernel/random/
This directory
contains various parameters controlling the operation of the file
.IR /dev/random .
See
.BR random (4)
for further information.
.TP
.IR /proc/sys/kernel/random/uuid " (since Linux 2.4)"
Each read from this read-only file returns a randomly generated 128-bit UUID,
as a string in the standard UUID format.
.TP
.IR /proc/sys/kernel/randomize_va_space " (since Linux 2.6.12)"
.\" Some further details can be found in Documentation/sysctl/kernel.txt
Select the address space layout randomization (ASLR) policy for the system
(on architectures that support ASLR).
Three values are supported for this file:
.RS
.TP
.B 0
Turn ASLR off.
This is the default for architectures that don't support ASLR,
and when the kernel is booted with the
.I norandmaps
parameter.
.TP
.B 1
Make the addresses of
.BR mmap (2)
allocations, the stack, and the VDSO page randomized.
Among other things, this means that shared libraries will be
loaded at randomized addresses.
The text segment of PIE-linked binaries will also be loaded
at a randomized address.
This value is the default if the kernel was configured with
.BR CONFIG_COMPAT_BRK .
.TP
.B 2
(Since Linux 2.6.25)
.\" commit c1d171a002942ea2d93b4fbd0c9583c56fce0772
Also support heap randomization.
This value is the default if the kernel was not configured with
.BR CONFIG_COMPAT_BRK .
.RE
.TP
.I /proc/sys/kernel/real\-root\-dev
This file is documented in the Linux kernel source file
.I Documentation/admin\-guide/initrd.rst
.\" commit 9d85025b0418163fae079c9ba8f8445212de8568
(or
.I Documentation/initrd.txt
before Linux 4.10).
.TP
.IR /proc/sys/kernel/reboot\-cmd " (Sparc only)"
This file seems to be a way to give an argument to the SPARC
ROM/Flash boot loader.
Maybe to tell it what to do after
rebooting?
.TP
.I /proc/sys/kernel/rtsig\-max
(Up to and including Linux 2.6.7; see
.BR setrlimit (2))
This file can be used to tune the maximum number
of POSIX real-time (queued) signals that can be outstanding
in the system.
.TP
.I /proc/sys/kernel/rtsig\-nr
(Up to and including Linux 2.6.7.)
This file shows the number of POSIX real-time signals currently queued.
.TP
.IR /proc/ pid /sched_autogroup_enabled " (since Linux 2.6.38)"
.\" commit 5091faa449ee0b7d73bc296a93bca9540fc51d0a
See
.BR sched (7).
.TP
.IR /proc/sys/kernel/sched_child_runs_first " (since Linux 2.6.23)"
If this file contains the value zero, then, after a
.BR fork (2),
the parent is first scheduled on the CPU.
If the file contains a nonzero value,
then the child is scheduled first on the CPU.
(Of course, on a multiprocessor system,
the parent and the child might both immediately be scheduled on a CPU.)
.TP
.IR /proc/sys/kernel/sched_rr_timeslice_ms " (since Linux 3.9)"
See
.BR sched_rr_get_interval (2).
.TP
.IR /proc/sys/kernel/sched_rt_period_us " (since Linux 2.6.25)"
See
.BR sched (7).
.TP
.IR /proc/sys/kernel/sched_rt_runtime_us " (since Linux 2.6.25)"
See
.BR sched (7).
.TP
.IR /proc/sys/kernel/seccomp/ " (since Linux 4.14)"
.\" commit 8e5f1ad116df6b0de65eac458d5e7c318d1c05af
This directory provides additional seccomp information and
configuration.
See
.BR seccomp (2)
for further details.
.TP
.IR /proc/sys/kernel/sem " (since Linux 2.4)"
This file contains 4 numbers defining limits for System V IPC semaphores.
These fields are, in order:
.RS
.TP
SEMMSL
The maximum semaphores per semaphore set.
.TP
SEMMNS
A system-wide limit on the number of semaphores in all semaphore sets.
.TP
SEMOPM
The maximum number of operations that may be specified in a
.BR semop (2)
call.
.TP
SEMMNI
A system-wide limit on the maximum number of semaphore identifiers.
.RE
.TP
.I /proc/sys/kernel/sg\-big\-buff
This file
shows the size of the generic SCSI device (sg) buffer.
You can't tune it just yet, but you could change it at
compile time by editing
.I include/scsi/sg.h
and changing
the value of
.BR SG_BIG_BUFF .
However, there shouldn't be any reason to change this value.
.TP
.IR /proc/sys/kernel/shm_rmid_forced " (since Linux 3.1)"
.\" commit b34a6b1da371ed8af1221459a18c67970f7e3d53
.\" See also Documentation/sysctl/kernel.txt
If this file is set to 1, all System V shared memory segments will
be marked for destruction as soon as the number of attached processes
falls to zero;
in other words, it is no longer possible to create shared memory segments
that exist independently of any attached process.
.IP
The effect is as though a
.BR shmctl (2)
.B IPC_RMID
is performed on all existing segments as well as all segments
created in the future (until this file is reset to 0).
Note that existing segments that are attached to no process will be
immediately destroyed when this file is set to 1.
Setting this option will also destroy segments that were created,
but never attached,
upon termination of the process that created the segment with
.BR shmget (2).
.IP
Setting this file to 1 provides a way of ensuring that
all System V shared memory segments are counted against the
resource usage and resource limits (see the description of
.B RLIMIT_AS
in
.BR getrlimit (2))
of at least one process.
.IP
Because setting this file to 1 produces behavior that is nonstandard
and could also break existing applications,
the default value in this file is 0.
Set this file to 1 only if you have a good understanding
of the semantics of the applications using
System V shared memory on your system.
.TP
.IR /proc/sys/kernel/shmall " (since Linux 2.2)"
This file
contains the system-wide limit on the total number of pages of
System V shared memory.
.TP
.IR /proc/sys/kernel/shmmax " (since Linux 2.2)"
This file
can be used to query and set the run-time limit
on the maximum (System V IPC) shared memory segment size that can be
created.
Shared memory segments up to 1 GB are now supported in the
kernel.
This value defaults to
.BR SHMMAX .
.TP
.IR /proc/sys/kernel/shmmni " (since Linux 2.4)"
This file
specifies the system-wide maximum number of System V shared memory
segments that can be created.
.TP
.IR /proc/sys/kernel/sysctl_writes_strict " (since Linux 3.16)"
.\" commit f88083005ab319abba5d0b2e4e997558245493c8
.\" commit 2ca9bb456ada8bcbdc8f77f8fc78207653bbaa92
.\" commit f4aacea2f5d1a5f7e3154e967d70cf3f711bcd61
.\" commit 24fe831c17ab8149413874f2fd4e5c8a41fcd294
The value in this file determines how the file offset affects
the behavior of updating entries in files under
.IR /proc/sys .
The file has three possible values:
.RS
.TP 4
\-1
This provides legacy handling, with no printk warnings.
Each
.BR write (2)
must fully contain the value to be written,
and multiple writes on the same file descriptor
will overwrite the entire value, regardless of the file position.
.TP
0
(default) This provides the same behavior as for \-1,
but printk warnings are written for processes that
perform writes when the file offset is not 0.
.TP
1
Respect the file offset when writing strings into
.I /proc/sys
files.
Multiple writes will
.I append
to the value buffer.
Anything written beyond the maximum length
of the value buffer will be ignored.
Writes to numeric
.I /proc/sys
entries must always be at file offset 0 and the value must be
fully contained in the buffer provided to
.BR write (2).
.\" FIXME .
.\"     With /proc/sys/kernel/sysctl_writes_strict==1, writes at an
.\"     offset other than 0 do not generate an error. Instead, the
.\"     write() succeeds, but the file is left unmodified.
.\"     This is surprising. The behavior may change in the future.
.\"     See thread.gmane.org/gmane.linux.man/9197
.\"             From: Michael Kerrisk (man-pages <mtk.manpages@...>
.\"             Subject: sysctl_writes_strict documentation + an oddity?
.\"             Newsgroups: gmane.linux.man, gmane.linux.kernel
.\"             Date: 2015-05-09 08:54:11 GMT
.RE
.TP
.I /proc/sys/kernel/sysrq
This file controls the functions allowed to be invoked by the SysRq key.
By default,
the file contains 1 meaning that every possible SysRq request is allowed
(in older kernel versions, SysRq was disabled by default,
and you were required to specifically enable it at run-time,
but this is not the case any more).
Possible values in this file are:
.RS
.TP 5
0
Disable sysrq completely
.TP
1
Enable all functions of sysrq
.TP
> 1
Bit mask of allowed sysrq functions, as follows:
.PD 0
.RS
.TP 5
\ \ 2
Enable control of console logging level
.TP
\ \ 4
Enable control of keyboard (SAK, unraw)
.TP
\ \ 8
Enable debugging dumps of processes etc.
.TP
\ 16
Enable sync command
.TP
\ 32
Enable remount read-only
.TP
\ 64
Enable signaling of processes (term, kill, oom-kill)
.TP
128
Allow reboot/poweroff
.TP
256
Allow nicing of all real-time tasks
.RE
.PD
.RE
.IP
This file is present only if the
.B CONFIG_MAGIC_SYSRQ
kernel configuration option is enabled.
For further details see the Linux kernel source file
.I Documentation/admin\-guide/sysrq.rst
.\" commit 9d85025b0418163fae079c9ba8f8445212de8568
(or
.I Documentation/sysrq.txt
before Linux 4.10).
.TP
.I /proc/sys/kernel/version
This file contains a string such as:
.IP
.in +4n
.EX
#5 Wed Feb 25 21:49:24 MET 1998
.EE
.in
.IP
The "#5" means that
this is the fifth kernel built from this source base and the
date following it indicates the time the kernel was built.
.TP
.IR /proc/sys/kernel/threads\-max " (since Linux 2.3.11)"
.\" The following is based on Documentation/sysctl/kernel.txt
This file specifies the system-wide limit on the number of
threads (tasks) that can be created on the system.
.IP
Since Linux 4.1,
.\" commit 230633d109e35b0a24277498e773edeb79b4a331
the value that can be written to
.I threads\-max
is bounded.
The minimum value that can be written is 20.
The maximum value that can be written is given by the
constant
.B FUTEX_TID_MASK
(0x3fffffff).
If a value outside of this range is written to
.IR threads\-max ,
the error
.B EINVAL
occurs.
.IP
The value written is checked against the available RAM pages.
If the thread structures would occupy too much (more than 1/8th)
of the available RAM pages,
.I threads\-max
is reduced accordingly.
.TP
.IR /proc/sys/kernel/yama/ptrace_scope " (since Linux 3.5)"
See
.BR ptrace (2).
.TP
.IR /proc/sys/kernel/zero\-paged " (PowerPC only)"
This file
contains a flag.
When enabled (nonzero), Linux-PPC will pre-zero pages in
the idle loop, possibly speeding up get_free_pages.
.SH SEE ALSO
.BR proc (5),
.BR proc_sys (5)