]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | Documentation for /proc/sys/kernel/* kernel version 2.2.10 |
2 | (c) 1998, 1999, Rik van Riel <riel@nl.linux.org> | |
760df93e | 3 | (c) 2009, Shen Feng<shen@cn.fujitsu.com> |
1da177e4 LT |
4 | |
5 | For general info and legal blurb, please look in README. | |
6 | ||
7 | ============================================================== | |
8 | ||
9 | This file contains documentation for the sysctl files in | |
10 | /proc/sys/kernel/ and is valid for Linux kernel version 2.2. | |
11 | ||
12 | The files in this directory can be used to tune and monitor | |
13 | miscellaneous and general things in the operation of the Linux | |
14 | kernel. Since some of the files _can_ be used to screw up your | |
15 | system, it is advisable to read both documentation and source | |
16 | before actually making adjustments. | |
17 | ||
18 | Currently, these files might (depending on your configuration) | |
19 | show up in /proc/sys/kernel: | |
c255d844 | 20 | - acpi_video_flags |
1da177e4 | 21 | - acct |
d75757ab PA |
22 | - bootloader_type [ X86 only ] |
23 | - bootloader_version [ X86 only ] | |
c114728a | 24 | - callhome [ S390 only ] |
760df93e | 25 | - auto_msgmni |
1da177e4 | 26 | - core_pattern |
a293980c | 27 | - core_pipe_limit |
1da177e4 LT |
28 | - core_uses_pid |
29 | - ctrl-alt-del | |
30 | - dentry-state | |
eaf06b24 | 31 | - dmesg_restrict |
1da177e4 LT |
32 | - domainname |
33 | - hostname | |
34 | - hotplug | |
35 | - java-appletviewer [ binfmt_java, obsolete ] | |
36 | - java-interpreter [ binfmt_java, obsolete ] | |
455cd5ab | 37 | - kptr_restrict |
0741f4d2 | 38 | - kstack_depth_to_print [ X86 only ] |
1da177e4 | 39 | - l2cr [ PPC only ] |
ac76cff2 | 40 | - modprobe ==> Documentation/debugging-modules.txt |
3d43321b | 41 | - modules_disabled |
1da177e4 LT |
42 | - msgmax |
43 | - msgmnb | |
44 | - msgmni | |
760df93e | 45 | - nmi_watchdog |
1da177e4 LT |
46 | - osrelease |
47 | - ostype | |
48 | - overflowgid | |
49 | - overflowuid | |
50 | - panic | |
51 | - pid_max | |
52 | - powersave-nap [ PPC only ] | |
760df93e | 53 | - panic_on_unrecovered_nmi |
1da177e4 | 54 | - printk |
1ec7fd50 | 55 | - randomize_va_space |
1da177e4 LT |
56 | - real-root-dev ==> Documentation/initrd.txt |
57 | - reboot-cmd [ SPARC only ] | |
58 | - rtsig-max | |
59 | - rtsig-nr | |
60 | - sem | |
61 | - sg-big-buff [ generic SCSI device (sg) ] | |
62 | - shmall | |
63 | - shmmax [ sysv ipc ] | |
64 | - shmmni | |
65 | - stop-a [ SPARC only ] | |
66 | - sysrq ==> Documentation/sysrq.txt | |
67 | - tainted | |
68 | - threads-max | |
760df93e | 69 | - unknown_nmi_panic |
1da177e4 LT |
70 | - version |
71 | ||
72 | ============================================================== | |
73 | ||
c255d844 PM |
74 | acpi_video_flags: |
75 | ||
76 | flags | |
77 | ||
78 | See Doc*/kernel/power/video.txt, it allows mode of video boot to be | |
79 | set during run time. | |
80 | ||
81 | ============================================================== | |
82 | ||
1da177e4 LT |
83 | acct: |
84 | ||
85 | highwater lowwater frequency | |
86 | ||
87 | If BSD-style process accounting is enabled these values control | |
88 | its behaviour. If free space on filesystem where the log lives | |
89 | goes below <lowwater>% accounting suspends. If free space gets | |
90 | above <highwater>% accounting resumes. <Frequency> determines | |
91 | how often do we check the amount of free space (value is in | |
92 | seconds). Default: | |
93 | 4 2 30 | |
94 | That is, suspend accounting if there left <= 2% free; resume it | |
95 | if we got >=4%; consider information about amount of free space | |
96 | valid for 30 seconds. | |
97 | ||
98 | ============================================================== | |
99 | ||
d75757ab PA |
100 | bootloader_type: |
101 | ||
102 | x86 bootloader identification | |
103 | ||
104 | This gives the bootloader type number as indicated by the bootloader, | |
105 | shifted left by 4, and OR'd with the low four bits of the bootloader | |
106 | version. The reason for this encoding is that this used to match the | |
107 | type_of_loader field in the kernel header; the encoding is kept for | |
108 | backwards compatibility. That is, if the full bootloader type number | |
109 | is 0x15 and the full version number is 0x234, this file will contain | |
110 | the value 340 = 0x154. | |
111 | ||
112 | See the type_of_loader and ext_loader_type fields in | |
113 | Documentation/x86/boot.txt for additional information. | |
114 | ||
115 | ============================================================== | |
116 | ||
117 | bootloader_version: | |
118 | ||
119 | x86 bootloader version | |
120 | ||
121 | The complete bootloader version number. In the example above, this | |
122 | file will contain the value 564 = 0x234. | |
123 | ||
124 | See the type_of_loader and ext_loader_ver fields in | |
125 | Documentation/x86/boot.txt for additional information. | |
126 | ||
127 | ============================================================== | |
128 | ||
c114728a HJP |
129 | callhome: |
130 | ||
131 | Controls the kernel's callhome behavior in case of a kernel panic. | |
132 | ||
133 | The s390 hardware allows an operating system to send a notification | |
134 | to a service organization (callhome) in case of an operating system panic. | |
135 | ||
136 | When the value in this file is 0 (which is the default behavior) | |
137 | nothing happens in case of a kernel panic. If this value is set to "1" | |
138 | the complete kernel oops message is send to the IBM customer service | |
139 | organization in case the mainframe the Linux operating system is running | |
140 | on has a service contract with IBM. | |
141 | ||
142 | ============================================================== | |
143 | ||
1da177e4 LT |
144 | core_pattern: |
145 | ||
146 | core_pattern is used to specify a core dumpfile pattern name. | |
cd081041 | 147 | . max length 128 characters; default value is "core" |
1da177e4 LT |
148 | . core_pattern is used as a pattern template for the output filename; |
149 | certain string patterns (beginning with '%') are substituted with | |
150 | their actual values. | |
151 | . backward compatibility with core_uses_pid: | |
152 | If core_pattern does not include "%p" (default does not) | |
153 | and core_uses_pid is set, then .PID will be appended to | |
154 | the filename. | |
155 | . corename format specifiers: | |
156 | %<NUL> '%' is dropped | |
157 | %% output one '%' | |
158 | %p pid | |
159 | %u uid | |
160 | %g gid | |
161 | %s signal number | |
162 | %t UNIX time of dump | |
163 | %h hostname | |
164 | %e executable filename | |
165 | %<OTHER> both are dropped | |
cd081041 MU |
166 | . If the first character of the pattern is a '|', the kernel will treat |
167 | the rest of the pattern as a command to run. The core dump will be | |
168 | written to the standard input of that program instead of to a file. | |
1da177e4 LT |
169 | |
170 | ============================================================== | |
171 | ||
a293980c NH |
172 | core_pipe_limit: |
173 | ||
174 | This sysctl is only applicable when core_pattern is configured to pipe core | |
7beeec88 | 175 | files to a user space helper (when the first character of core_pattern is a '|', |
a293980c | 176 | see above). When collecting cores via a pipe to an application, it is |
7beeec88 | 177 | occasionally useful for the collecting application to gather data about the |
a293980c NH |
178 | crashing process from its /proc/pid directory. In order to do this safely, the |
179 | kernel must wait for the collecting process to exit, so as not to remove the | |
180 | crashing processes proc files prematurely. This in turn creates the possibility | |
181 | that a misbehaving userspace collecting process can block the reaping of a | |
182 | crashed process simply by never exiting. This sysctl defends against that. It | |
183 | defines how many concurrent crashing processes may be piped to user space | |
184 | applications in parallel. If this value is exceeded, then those crashing | |
185 | processes above that value are noted via the kernel log and their cores are | |
186 | skipped. 0 is a special value, indicating that unlimited processes may be | |
187 | captured in parallel, but that no waiting will take place (i.e. the collecting | |
7beeec88 | 188 | process is not guaranteed access to /proc/<crashing pid>/). This value defaults |
a293980c NH |
189 | to 0. |
190 | ||
191 | ============================================================== | |
192 | ||
1da177e4 LT |
193 | core_uses_pid: |
194 | ||
195 | The default coredump filename is "core". By setting | |
196 | core_uses_pid to 1, the coredump filename becomes core.PID. | |
197 | If core_pattern does not include "%p" (default does not) | |
198 | and core_uses_pid is set, then .PID will be appended to | |
199 | the filename. | |
200 | ||
201 | ============================================================== | |
202 | ||
203 | ctrl-alt-del: | |
204 | ||
205 | When the value in this file is 0, ctrl-alt-del is trapped and | |
206 | sent to the init(1) program to handle a graceful restart. | |
207 | When, however, the value is > 0, Linux's reaction to a Vulcan | |
208 | Nerve Pinch (tm) will be an immediate reboot, without even | |
209 | syncing its dirty buffers. | |
210 | ||
211 | Note: when a program (like dosemu) has the keyboard in 'raw' | |
212 | mode, the ctrl-alt-del is intercepted by the program before it | |
213 | ever reaches the kernel tty layer, and it's up to the program | |
214 | to decide what to do with it. | |
215 | ||
216 | ============================================================== | |
217 | ||
eaf06b24 DR |
218 | dmesg_restrict: |
219 | ||
220 | This toggle indicates whether unprivileged users are prevented from using | |
221 | dmesg(8) to view messages from the kernel's log buffer. When | |
222 | dmesg_restrict is set to (0) there are no restrictions. When | |
38ef4c2e | 223 | dmesg_restrict is set set to (1), users must have CAP_SYSLOG to use |
eaf06b24 DR |
224 | dmesg(8). |
225 | ||
226 | The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the default | |
227 | value of dmesg_restrict. | |
228 | ||
229 | ============================================================== | |
230 | ||
1da177e4 LT |
231 | domainname & hostname: |
232 | ||
233 | These files can be used to set the NIS/YP domainname and the | |
234 | hostname of your box in exactly the same way as the commands | |
235 | domainname and hostname, i.e.: | |
236 | # echo "darkstar" > /proc/sys/kernel/hostname | |
237 | # echo "mydomain" > /proc/sys/kernel/domainname | |
238 | has the same effect as | |
239 | # hostname "darkstar" | |
240 | # domainname "mydomain" | |
241 | ||
242 | Note, however, that the classic darkstar.frop.org has the | |
243 | hostname "darkstar" and DNS (Internet Domain Name Server) | |
244 | domainname "frop.org", not to be confused with the NIS (Network | |
245 | Information Service) or YP (Yellow Pages) domainname. These two | |
246 | domain names are in general different. For a detailed discussion | |
247 | see the hostname(1) man page. | |
248 | ||
249 | ============================================================== | |
250 | ||
251 | hotplug: | |
252 | ||
253 | Path for the hotplug policy agent. | |
254 | Default value is "/sbin/hotplug". | |
255 | ||
256 | ============================================================== | |
257 | ||
258 | l2cr: (PPC only) | |
259 | ||
260 | This flag controls the L2 cache of G3 processor boards. If | |
261 | 0, the cache is disabled. Enabled if nonzero. | |
262 | ||
263 | ============================================================== | |
264 | ||
455cd5ab DR |
265 | kptr_restrict: |
266 | ||
267 | This toggle indicates whether restrictions are placed on | |
268 | exposing kernel addresses via /proc and other interfaces. When | |
269 | kptr_restrict is set to (0), there are no restrictions. When | |
270 | kptr_restrict is set to (1), the default, kernel pointers | |
271 | printed using the %pK format specifier will be replaced with 0's | |
272 | unless the user has CAP_SYSLOG. When kptr_restrict is set to | |
273 | (2), kernel pointers printed using %pK will be replaced with 0's | |
274 | regardless of privileges. | |
275 | ||
276 | ============================================================== | |
277 | ||
0741f4d2 CE |
278 | kstack_depth_to_print: (X86 only) |
279 | ||
280 | Controls the number of words to print when dumping the raw | |
281 | kernel stack. | |
282 | ||
283 | ============================================================== | |
284 | ||
3d43321b KC |
285 | modules_disabled: |
286 | ||
287 | A toggle value indicating if modules are allowed to be loaded | |
288 | in an otherwise modular kernel. This toggle defaults to off | |
289 | (0), but can be set true (1). Once true, modules can be | |
290 | neither loaded nor unloaded, and the toggle cannot be set back | |
291 | to false. | |
292 | ||
293 | ============================================================== | |
294 | ||
1da177e4 LT |
295 | osrelease, ostype & version: |
296 | ||
297 | # cat osrelease | |
298 | 2.1.88 | |
299 | # cat ostype | |
300 | Linux | |
301 | # cat version | |
302 | #5 Wed Feb 25 21:49:24 MET 1998 | |
303 | ||
304 | The files osrelease and ostype should be clear enough. Version | |
305 | needs a little more clarification however. The '#5' means that | |
306 | this is the fifth kernel built from this source base and the | |
307 | date behind it indicates the time the kernel was built. | |
308 | The only way to tune these values is to rebuild the kernel :-) | |
309 | ||
310 | ============================================================== | |
311 | ||
312 | overflowgid & overflowuid: | |
313 | ||
314 | if your architecture did not always support 32-bit UIDs (i.e. arm, i386, | |
315 | m68k, sh, and sparc32), a fixed UID and GID will be returned to | |
316 | applications that use the old 16-bit UID/GID system calls, if the actual | |
317 | UID or GID would exceed 65535. | |
318 | ||
319 | These sysctls allow you to change the value of the fixed UID and GID. | |
320 | The default is 65534. | |
321 | ||
322 | ============================================================== | |
323 | ||
324 | panic: | |
325 | ||
326 | The value in this file represents the number of seconds the | |
327 | kernel waits before rebooting on a panic. When you use the | |
328 | software watchdog, the recommended setting is 60. | |
329 | ||
330 | ============================================================== | |
331 | ||
332 | panic_on_oops: | |
333 | ||
334 | Controls the kernel's behaviour when an oops or BUG is encountered. | |
335 | ||
336 | 0: try to continue operation | |
337 | ||
a982ac06 | 338 | 1: panic immediately. If the `panic' sysctl is also non-zero then the |
8b23d04d | 339 | machine will be rebooted. |
1da177e4 LT |
340 | |
341 | ============================================================== | |
342 | ||
343 | pid_max: | |
344 | ||
beb7dd86 | 345 | PID allocation wrap value. When the kernel's next PID value |
1da177e4 LT |
346 | reaches this value, it wraps back to a minimum PID value. |
347 | PIDs of value pid_max or larger are not allocated. | |
348 | ||
349 | ============================================================== | |
350 | ||
351 | powersave-nap: (PPC only) | |
352 | ||
353 | If set, Linux-PPC will use the 'nap' mode of powersaving, | |
354 | otherwise the 'doze' mode will be used. | |
355 | ||
356 | ============================================================== | |
357 | ||
358 | printk: | |
359 | ||
360 | The four values in printk denote: console_loglevel, | |
361 | default_message_loglevel, minimum_console_loglevel and | |
362 | default_console_loglevel respectively. | |
363 | ||
364 | These values influence printk() behavior when printing or | |
365 | logging error messages. See 'man 2 syslog' for more info on | |
366 | the different loglevels. | |
367 | ||
368 | - console_loglevel: messages with a higher priority than | |
369 | this will be printed to the console | |
370 | - default_message_level: messages without an explicit priority | |
371 | will be printed with this priority | |
372 | - minimum_console_loglevel: minimum (highest) value to which | |
373 | console_loglevel can be set | |
374 | - default_console_loglevel: default value for console_loglevel | |
375 | ||
376 | ============================================================== | |
377 | ||
378 | printk_ratelimit: | |
379 | ||
380 | Some warning messages are rate limited. printk_ratelimit specifies | |
381 | the minimum length of time between these messages (in jiffies), by | |
382 | default we allow one every 5 seconds. | |
383 | ||
384 | A value of 0 will disable rate limiting. | |
385 | ||
386 | ============================================================== | |
387 | ||
388 | printk_ratelimit_burst: | |
389 | ||
390 | While long term we enforce one message per printk_ratelimit | |
391 | seconds, we do allow a burst of messages to pass through. | |
392 | printk_ratelimit_burst specifies the number of messages we can | |
393 | send before ratelimiting kicks in. | |
394 | ||
395 | ============================================================== | |
396 | ||
af91322e DY |
397 | printk_delay: |
398 | ||
399 | Delay each printk message in printk_delay milliseconds | |
400 | ||
401 | Value from 0 - 10000 is allowed. | |
402 | ||
403 | ============================================================== | |
404 | ||
1ec7fd50 JK |
405 | randomize-va-space: |
406 | ||
407 | This option can be used to select the type of process address | |
408 | space randomization that is used in the system, for architectures | |
409 | that support this feature. | |
410 | ||
b7f5ab6f HS |
411 | 0 - Turn the process address space randomization off. This is the |
412 | default for architectures that do not support this feature anyways, | |
413 | and kernels that are booted with the "norandmaps" parameter. | |
1ec7fd50 JK |
414 | |
415 | 1 - Make the addresses of mmap base, stack and VDSO page randomized. | |
416 | This, among other things, implies that shared libraries will be | |
b7f5ab6f HS |
417 | loaded to random addresses. Also for PIE-linked binaries, the |
418 | location of code start is randomized. This is the default if the | |
419 | CONFIG_COMPAT_BRK option is enabled. | |
1ec7fd50 | 420 | |
b7f5ab6f HS |
421 | 2 - Additionally enable heap randomization. This is the default if |
422 | CONFIG_COMPAT_BRK is disabled. | |
423 | ||
424 | There are a few legacy applications out there (such as some ancient | |
1ec7fd50 | 425 | versions of libc.so.5 from 1996) that assume that brk area starts |
b7f5ab6f HS |
426 | just after the end of the code+bss. These applications break when |
427 | start of the brk area is randomized. There are however no known | |
1ec7fd50 | 428 | non-legacy applications that would be broken this way, so for most |
b7f5ab6f HS |
429 | systems it is safe to choose full randomization. |
430 | ||
431 | Systems with ancient and/or broken binaries should be configured | |
432 | with CONFIG_COMPAT_BRK enabled, which excludes the heap from process | |
433 | address space randomization. | |
1ec7fd50 JK |
434 | |
435 | ============================================================== | |
436 | ||
1da177e4 LT |
437 | reboot-cmd: (Sparc only) |
438 | ||
439 | ??? This seems to be a way to give an argument to the Sparc | |
440 | ROM/Flash boot loader. Maybe to tell it what to do after | |
441 | rebooting. ??? | |
442 | ||
443 | ============================================================== | |
444 | ||
445 | rtsig-max & rtsig-nr: | |
446 | ||
447 | The file rtsig-max can be used to tune the maximum number | |
448 | of POSIX realtime (queued) signals that can be outstanding | |
449 | in the system. | |
450 | ||
451 | rtsig-nr shows the number of RT signals currently queued. | |
452 | ||
453 | ============================================================== | |
454 | ||
455 | sg-big-buff: | |
456 | ||
457 | This file shows the size of the generic SCSI (sg) buffer. | |
458 | You can't tune it just yet, but you could change it on | |
459 | compile time by editing include/scsi/sg.h and changing | |
460 | the value of SG_BIG_BUFF. | |
461 | ||
462 | There shouldn't be any reason to change this value. If | |
463 | you can come up with one, you probably know what you | |
464 | are doing anyway :) | |
465 | ||
466 | ============================================================== | |
467 | ||
468 | shmmax: | |
469 | ||
470 | This value can be used to query and set the run time limit | |
471 | on the maximum shared memory segment size that can be created. | |
472 | Shared memory segments up to 1Gb are now supported in the | |
473 | kernel. This value defaults to SHMMAX. | |
474 | ||
475 | ============================================================== | |
476 | ||
c4f3b63f RT |
477 | softlockup_thresh: |
478 | ||
b4d19cc8 AM |
479 | This value can be used to lower the softlockup tolerance threshold. The |
480 | default threshold is 60 seconds. If a cpu is locked up for 60 seconds, | |
481 | the kernel complains. Valid values are 1-60 seconds. Setting this | |
482 | tunable to zero will disable the softlockup detection altogether. | |
c4f3b63f RT |
483 | |
484 | ============================================================== | |
485 | ||
1da177e4 LT |
486 | tainted: |
487 | ||
488 | Non-zero if the kernel has been tainted. Numeric values, which | |
489 | can be ORed together: | |
490 | ||
bb20698d GKH |
491 | 1 - A module with a non-GPL license has been loaded, this |
492 | includes modules with no license. | |
493 | Set by modutils >= 2.4.9 and module-init-tools. | |
494 | 2 - A module was force loaded by insmod -f. | |
495 | Set by modutils >= 2.4.9 and module-init-tools. | |
496 | 4 - Unsafe SMP processors: SMP with CPUs not designed for SMP. | |
497 | 8 - A module was forcibly unloaded from the system by rmmod -f. | |
498 | 16 - A hardware machine check error occurred on the system. | |
499 | 32 - A bad page was discovered on the system. | |
500 | 64 - The user has asked that the system be marked "tainted". This | |
501 | could be because they are running software that directly modifies | |
502 | the hardware, or for other reasons. | |
503 | 128 - The system has died. | |
504 | 256 - The ACPI DSDT has been overridden with one supplied by the user | |
505 | instead of using the one provided by the hardware. | |
506 | 512 - A kernel warning has occurred. | |
507 | 1024 - A module from drivers/staging was loaded. | |
1da177e4 | 508 | |
760df93e SF |
509 | ============================================================== |
510 | ||
511 | auto_msgmni: | |
512 | ||
513 | Enables/Disables automatic recomputing of msgmni upon memory add/remove or | |
514 | upon ipc namespace creation/removal (see the msgmni description above). | |
515 | Echoing "1" into this file enables msgmni automatic recomputing. | |
516 | Echoing "0" turns it off. | |
517 | auto_msgmni default value is 1. | |
518 | ||
519 | ============================================================== | |
520 | ||
521 | nmi_watchdog: | |
522 | ||
523 | Enables/Disables the NMI watchdog on x86 systems. When the value is non-zero | |
524 | the NMI watchdog is enabled and will continuously test all online cpus to | |
525 | determine whether or not they are still functioning properly. Currently, | |
526 | passing "nmi_watchdog=" parameter at boot time is required for this function | |
527 | to work. | |
528 | ||
529 | If LAPIC NMI watchdog method is in use (nmi_watchdog=2 kernel parameter), the | |
530 | NMI watchdog shares registers with oprofile. By disabling the NMI watchdog, | |
531 | oprofile may have more registers to utilize. | |
532 | ||
533 | ============================================================== | |
534 | ||
535 | unknown_nmi_panic: | |
536 | ||
537 | The value in this file affects behavior of handling NMI. When the value is | |
538 | non-zero, unknown NMI is trapped and then panic occurs. At that time, kernel | |
539 | debugging information is displayed on console. | |
540 | ||
541 | NMI switch that most IA32 servers have fires unknown NMI up, for example. | |
542 | If a system hangs up, try pressing the NMI switch. | |
543 | ||
544 | ============================================================== | |
545 | ||
546 | panic_on_unrecovered_nmi: | |
547 | ||
548 | The default Linux behaviour on an NMI of either memory or unknown is to continue | |
549 | operation. For many environments such as scientific computing it is preferable | |
550 | that the box is taken out and the error dealt with than an uncorrected | |
551 | parity/ECC error get propogated. | |
552 | ||
553 | A small number of systems do generate NMI's for bizarre random reasons such as | |
554 | power management so the default is off. That sysctl works like the existing | |
555 | panic controls already in that directory. | |
556 |