git: f63da9704585 - stable/13 - sysctl(8): Mention more security.bsd knobs; Refer to security(7)

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Olivier Certner <olce_at_FreeBSD.org>
Date: Thu, 21 Dec 2023 13:43:45 UTC

The branch stable/13 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=f63da970458592f7488796da4e8c07f9e5314b31

commit f63da970458592f7488796da4e8c07f9e5314b31
Author:     Olivier Certner <olce.freebsd@certner.fr>
AuthorDate: 2023-08-17 23:54:49 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2023-12-21 13:38:39 +0000

    sysctl(8): Mention more security.bsd knobs; Refer to security(7)
    
    Reviewed by:            mhorne, pauamma_gundo.com, emaste
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D41113
    
    (cherry picked from commit 8d7a48d367ffde2a29419ef943c4099984e3af4d)
    
    Approved by:    markj (mentor)
---
 sbin/sysctl/sysctl.8 | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8
index e404763c5003..11ed75270e28 100644
--- a/sbin/sysctl/sysctl.8
+++ b/sbin/sysctl/sysctl.8
@@ -27,7 +27,7 @@
 .\"
 .\"	From: @(#)sysctl.8	8.1 (Berkeley) 6/6/93
 .\"
-.Dd June 30, 2022
+.Dd August 18, 2023
 .Dt SYSCTL 8
 .Os
 .Sh NAME
@@ -184,8 +184,10 @@ Please refer to
 for more information on which tunables are available and how to set them.
 .Pp
 The string and integer information is summarized below.
-For a detailed description of these variable see
-.Xr sysctl 3 .
+For a detailed description of these variables see
+.Xr sysctl 3
+and
+.Xr security 7 .
 .Pp
 The changeable column indicates whether a process with appropriate
 privilege can change the value.
@@ -222,6 +224,8 @@ String and integer values can be set using
 .It "kern.logsigexit	integer	yes"
 .It "security.bsd.suser_enabled	integer	yes"
 .It "security.bsd.see_other_uids	integer	yes"
+.It "security.bsd.see_other_gids	integer	yes"
+.It "security.bsd.see_jail_proc	integer	yes"
 .It "security.bsd.unprivileged_proc_debug	integer	yes"
 .It "security.bsd.unprivileged_read_msgbuf	integer	yes"
 .It "vm.loadavg	struct	no"
@@ -311,6 +315,7 @@ option has been deprecated and is silently ignored.
 .Xr sysctl 3 ,
 .Xr loader.conf 5 ,
 .Xr sysctl.conf 5 ,
+.Xr security 7,
 .Xr loader 8
 .Sh HISTORY
 A