Linux kernel可设置参数说明(sysctl.conf)

Posted renfengjun

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux kernel可设置参数说明(sysctl.conf)相关的知识,希望对你有一定的参考价值。



kernel 3.8.13 

目录:

/usr/share/doc/kernel-doc-3.8.13/Documentation/sysctl/




abi.txt



Documentation for /proc/sys/abi/* kernel version 2.6.0.test2
     (c) 2003,  Fabian Frederick <ffrederick@users.sourceforge.net>

For general info : README.

==============================================================

This path is binary emulation relevant aka personality types aka abi.
When a process is executed, it's linked to an exec_domain whose
personality is defined using values available from /proc/sys/abi.
You can find further details about abi in include/linux/personality.h.

Here are the files featuring in 2.6 kernel :

- defhandler_coff
- defhandler_elf
- defhandler_lcall7
- defhandler_libcso
- fake_utsname
- trace

===========================================================
defhandler_coff:
defined value :
PER_SCOSVR3
0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE

===========================================================
defhandler_elf:
defined value :
PER_LINUX
0

===========================================================
defhandler_lcall7:
defined value :
PER_SVR4
0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,

===========================================================
defhandler_libsco:
defined value:
PER_SVR4
0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,

===========================================================
fake_utsname:
Unused

===========================================================
trace:
Unused

===========================================================




fs.txt



Documentation for /proc/sys/fs/*     kernel version 2.2.10
     (c) 1998, 1999,  Rik van Riel <riel@nl.linux.org>
     (c) 2009,        Shen Feng<shen@cn.fujitsu.com>

For general info and legal blurb, please look in README.

==============================================================

This file contains documentation for the sysctl files in
/proc/sys/fs/ and is valid for Linux kernel version 2.2.

The files in this directory can be used to tune and monitor
miscellaneous and general things in the operation of the Linux
kernel. Since some of the files _can_ be used to screw up your
system, it is advisable to read both documentation and source
before actually making adjustments.

1. /proc/sys/fs
----------------------------------------------------------

Currently, these files are in /proc/sys/fs:
- aio-max-nr
- aio-nr
- dentry-state
- dquot-max
- dquot-nr
- file-max
- file-nr
- inode-max
- inode-nr
- inode-state
- nr_open
- overflowuid
- overflowgid
- protected_hardlinks
- protected_symlinks
- suid_dumpable
- super-max
- super-nr

==============================================================

aio-nr & aio-max-nr:

aio-nr is the running total of the number of events specified on the
io_setup system call for all currently active aio contexts.  If aio-nr
reaches aio-max-nr then io_setup will fail with EAGAIN.  Note that
raising aio-max-nr does not result in the pre-allocation or re-sizing
of any kernel data structures.

==============================================================

dentry-state:

From linux/fs/dentry.c:
--------------------------------------------------------------
struct
        int nr_dentry;
        int nr_unused;
        int age_limit;         /* age in seconds */
        int want_pages;        /* pages requested by system */
        int dummy[2];
dentry_stat = 0, 0, 45, 0,;
--------------------------------------------------------------

Dentries are dynamically allocated and deallocated, and
nr_dentry seems to be 0 all the time. Hence it's safe to
assume that only nr_unused, age_limit and want_pages are
used. Nr_unused seems to be exactly what its name says.
Age_limit is the age in seconds after which dcache entries
can be reclaimed when memory is short and want_pages is
nonzero when shrink_dcache_pages() has been called and the
dcache isn't pruned yet.

==============================================================

dquot-max & dquot-nr:

The file dquot-max shows the maximum number of cached disk
quota entries.

The file dquot-nr shows the number of allocated disk quota
entries and the number of free disk quota entries.

If the number of free cached disk quotas is very low and
you have some awesome number of simultaneous system users,
you might want to raise the limit.

==============================================================

file-max & file-nr:

The value in file-max denotes the maximum number of file-
handles that the Linux kernel will allocate. When you get lots
of error messages about running out of file handles, you might
want to increase this limit.

Historically,the kernel was able to allocate file handles
dynamically, but not to free them again. The three values in
file-nr denote the number of allocated file handles, the number
of allocated but unused file handles, and the maximum number of
file handles. Linux 2.6 always reports 0 as the number of free
file handles -- this is not an error, it just means that the
number of allocated file handles exactly matches the number of
used file handles.

Attempts to allocate more file descriptors than file-max are
reported with printk, look for "VFS: file-max limit <number>
reached".
==============================================================

nr_open:

This denotes the maximum number of file-handles a process can
allocate. Default value is 1024*1024 (1048576) which should be
enough for most machines. Actual limit depends on RLIMIT_NOFILE
resource limit.

==============================================================

inode-max, inode-nr & inode-state:

As with file handles, the kernel allocates the inode structures
dynamically, but can't free them yet.

The value in inode-max denotes the maximum number of inode
handlers. This value should be 3-4 times larger than the value
in file-max, since stdin, stdout and network sockets also
need an inode struct to handle them. When you regularly run
out of inodes, you need to increase this value.

The file inode-nr contains the first two items from
inode-state, so we'll skip to that file...

Inode-state contains three actual numbers and four dummies.
The actual numbers are, in order of appearance, nr_inodes,
nr_free_inodes and preshrink.

Nr_inodes stands for the number of inodes the system has
allocated, this can be slightly more than inode-max because
Linux allocates them one pageful at a time.

Nr_free_inodes represents the number of free inodes (?) and
preshrink is nonzero when the nr_inodes > inode-max and the
system needs to prune the inode list instead of allocating
more.

==============================================================

overflowgid & overflowuid:

Some filesystems only support 16-bit UIDs and GIDs, although in Linux
UIDs and GIDs are 32 bits. When one of these filesystems is mounted
with writes enabled, any UID or GID that would exceed 65535 is translated
to a fixed value before being written to disk.

These sysctls allow you to change the value of the fixed UID and GID.
The default is 65534.

==============================================================

protected_hardlinks:

A long-standing class of security issues is the hardlink-based
time-of-check-time-of-use race, most commonly seen in world-writable
directories like /tmp. The common method of exploitation of this flaw
is to cross privilege boundaries when following a given hardlink (i.e. a
root process follows a hardlink created by another user). Additionally,
on systems without separated partitions, this stops unauthorized users
from "pinning" vulnerable setuid/setgid files against being upgraded by
the administrator, or linking to special files.

When set to "0", hardlink creation behavior is unrestricted.

When set to "1" hardlinks cannot be created by users if they do not
already own the source file, or do not have read/write access to it.

This protection is based on the restrictions in Openwall and grsecurity.

==============================================================

protected_symlinks:

A long-standing class of security issues is the symlink-based
time-of-check-time-of-use race, most commonly seen in world-writable
directories like /tmp. The common method of exploitation of this flaw
is to cross privilege boundaries when following a given symlink (i.e. a
root process follows a symlink belonging to another user). For a likely
incomplete list of hundreds of examples across the years, please see:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp

When set to "0", symlink following behavior is unrestricted.

When set to "1" symlinks are permitted to be followed only when outside
a sticky world-writable directory, or when the uid of the symlink and
follower match, or when the directory owner matches the symlink's owner.

This protection is based on the restrictions in Openwall and grsecurity.

==============================================================

suid_dumpable:

This value can be used to query and set the core dump mode for setuid
or otherwise protected/tainted binaries. The modes are

0 - (default) - traditional behaviour. Any process which has changed
     privilege levels or is execute only will not be dumped.
1 - (debug) - all processes dump core when possible. The core dump is
     owned by the current user and no security is applied. This is
     intended for system debugging situations only. Ptrace is unchecked.
     This is insecure as it allows regular users to examine the memory
     contents of privileged processes.
2 - (suidsafe) - any binary which normally would not be dumped is dumped
     anyway, but only if the "core_pattern" kernel sysctl is set to
     either a pipe handler or a fully qualified path. (For more details
     on this limitation, see CVE-2006-2451.) This mode is appropriate
     when administrators are attempting to debug problems in a normal
     environment, and either have a core dump pipe handler that knows
     to treat privileged core dumps with care, or specific directory
     defined for catching core dumps. If a core dump happens without
     a pipe handler or fully qualifid path, a message will be emitted
     to syslog warning about the lack of a correct setting.

==============================================================

super-max & super-nr:

These numbers control the maximum number of superblocks, and
thus the maximum number of mounted filesystems the kernel
can have. You only need to increase super-max if you need to
mount more filesystems than the current value in super-max
allows you to.

==============================================================

aio-nr & aio-max-nr:

aio-nr shows the current system-wide number of asynchronous io
requests.  aio-max-nr allows you to change the maximum value
aio-nr can grow to.

==============================================================


2. /proc/sys/fs/binfmt_misc
----------------------------------------------------------

Documentation for the files in /proc/sys/fs/binfmt_misc is
in Documentation/binfmt_misc.txt.


3. /proc/sys/fs/mqueue - POSIX message queues filesystem
----------------------------------------------------------

The "mqueue"  filesystem provides  the necessary kernel features to enable the
creation of a  user space  library that  implements  the  POSIX message queues
API (as noted by the  MSG tag in the  POSIX 1003.1-2001 version  of the System
Interfaces specification.)

The "mqueue" filesystem contains values for determining/setting  the amount of
resources used by the file system.

/proc/sys/fs/mqueue/queues_max is a read/write  file for  setting/getting  the
maximum number of message queues allowed on the system.

/proc/sys/fs/mqueue/msg_max  is  a  read/write file  for  setting/getting  the
maximum number of messages in a queue value.  In fact it is the limiting value
for another (user) limit which is set in mq_open invocation. This attribute of
a queue must be less or equal then msg_max.

/proc/sys/fs/mqueue/msgsize_max is  a read/write  file for setting/getting the
maximum  message size value (it is every  message queue's attribute set during
its creation).

/proc/sys/fs/mqueue/msg_default is  a read/write  file for setting/getting the
default number of messages in a queue value if attr parameter of mq_open(2) is
NULL. If it exceed msg_max, the default value is initialized msg_max.

/proc/sys/fs/mqueue/msgsize_default is a read/write file for setting/getting
the default message size value if attr parameter of mq_open(2) is NULL. If it
exceed msgsize_max, the default value is initialized msgsize_max.

4. /proc/sys/fs/epoll - Configuration options for the epoll interface
--------------------------------------------------------

This directory contains configuration options for the epoll(7) interface.

max_user_watches
----------------

Every epoll file descriptor can store a number of files to be monitored
for event readiness. Each one of these monitored files constitutes a "watch".
This configuration option sets the maximum number of "watches" that are
allowed for each user.
Each "watch" costs roughly 90 bytes on a 32bit kernel, and roughly 160 bytes
on a 64bit one.
The current default value for  max_user_watches  is the 1/32 of the available
low memory, divided for the "watch" cost in bytes.



kernel.txt



Documentation for /proc/sys/kernel/*     kernel version 2.2.10
     (c) 1998, 1999,  Rik van Riel <riel@nl.linux.org>
     (c) 2009,        Shen Feng<shen@cn.fujitsu.com>

For general info and legal blurb, please look in README.

==============================================================

This file contains documentation for the sysctl files in
/proc/sys/kernel/ and is valid for Linux kernel version 2.2.

The files in this directory can be used to tune and monitor
miscellaneous and general things in the operation of the Linux
kernel. Since some of the files _can_ be used to screw up your
system, it is advisable to read both documentation and source
before actually making adjustments.

Currently, these files might (depending on your configuration)
show up in /proc/sys/kernel:

- acct
- acpi_video_flags
- auto_msgmni
- bootloader_type          [ X86 only ]
- bootloader_version          [ X86 only ]
- callhome               [ S390 only ]
- cap_last_cap
- core_pattern
- core_pipe_limit
- core_uses_pid
- ctrl-alt-del
- dmesg_restrict
- domainname
- hostname
- hotplug
- kptr_restrict
- kstack_depth_to_print       [ X86 only ]
- l2cr                        [ PPC only ]
- modprobe                    ==> Documentation/debugging-modules.txt
- modules_disabled
- msg_next_id                [ sysv ipc ]
- msgmax
- msgmnb
- msgmni
- nmi_watchdog
- osrelease
- ostype
- overflowgid
- overflowuid
- panic
- panic_on_oops
- panic_on_unrecovered_nmi
- panic_on_stackoverflow
- pid_max
- powersave-nap               [ PPC only ]
- printk
- printk_delay
- printk_ratelimit
- printk_ratelimit_burst
- randomize_va_space
- real-root-dev               ==> Documentation/initrd.txt
- reboot-cmd                  [ SPARC only ]
- rtsig-max
- rtsig-nr
- sem
- sem_next_id                [ sysv ipc ]
- sg-big-buff                 [ generic SCSI device (sg) ]
- shm_next_id                [ sysv ipc ]
- shm_rmid_forced
- shmall
- shmmax                      [ sysv ipc ]
- shmmni
- softlockup_thresh
- stop-a                      [ SPARC only ]
- sysrq                       ==> Documentation/sysrq.txt
- tainted
- threads-max
- unknown_nmi_panic
- version

==============================================================

acct:

highwater lowwater frequency

If BSD-style process accounting is enabled these values control
its behaviour. If free space on filesystem where the log lives
goes below <lowwater>% accounting suspends. If free space gets
above <highwater>% accounting resumes. <Frequency> determines
how often do we check the amount of free space (value is in
seconds). Default:
4 2 30
That is, suspend accounting if there left <= 2% free; resume it
if we got >=4%; consider information about amount of free space
valid for 30 seconds.

==============================================================

acpi_video_flags:

flags

See Doc*/kernel/power/video.txt, it allows mode of video boot to be
set during run time.

==============================================================

auto_msgmni:

Enables/Disables automatic recomputing of msgmni upon memory add/remove
or upon ipc namespace creation/removal (see the msgmni description
above). Echoing "1" into this file enables msgmni automatic recomputing.
Echoing "0" turns it off. auto_msgmni default value is 1.


==============================================================

bootloader_type:

x86 bootloader identification

This gives the bootloader type number as indicated by the bootloader,
shifted left by 4, and OR'd with the low four bits of the bootloader
version.  The reason for this encoding is that this used to match the
type_of_loader field in the kernel header; the encoding is kept for
backwards compatibility.  That is, if the full bootloader type number
is 0x15 and the full version number is 0x234, this file will contain
the value 340 = 0x154.

See the type_of_loader and ext_loader_type fields in
Documentation/x86/boot.txt for additional information.

==============================================================

bootloader_version:

x86 bootloader version

The complete bootloader version number.  In the example above, this
file will contain the value 564 = 0x234.

See the type_of_loader and ext_loader_ver fields in
Documentation/x86/boot.txt for additional information.

==============================================================

callhome:

Controls the kernel's callhome behavior in case of a kernel panic.

The s390 hardware allows an operating system to send a notification
to a service organization (callhome) in case of an operating system panic.

When the value in this file is 0 (which is the default behavior)
nothing happens in case of a kernel panic. If this value is set to "1"
the complete kernel oops message is send to the IBM customer service
organization in case the mainframe the Linux operating system is running
on has a service contract with IBM.

==============================================================

cap_last_cap

Highest valid capability of the running kernel.  Exports
CAP_LAST_CAP from the kernel.

==============================================================

core_pattern:

core_pattern is used to specify a core dumpfile pattern name.
. max length 128 characters; default value is "core"
. core_pattern is used as a pattern template for the output filename;
  certain string patterns (beginning with '%') are substituted with
  their actual values.
. backward compatibility with core_uses_pid:
     If core_pattern does not include "%p" (default does not)
     and core_uses_pid is set, then .PID will be appended to
     the filename.
. corename format specifiers:
     %<NUL>     '%' is dropped
     %%     output one '%'
     %p     pid
     %u     uid
     %g     gid
     %d     dump mode, matches PR_SET_DUMPABLE and
          /proc/sys/fs/suid_dumpable
     %s     signal number
     %t     UNIX time of dump
     %h     hostname
     %e     executable filename (may be shortened)
     %E     executable path
     %<OTHER> both are dropped
. If the first character of the pattern is a '|', the kernel will treat
  the rest of the pattern as a command to run.  The core dump will be
  written to the standard input of that program instead of to a file.

==============================================================

core_pipe_limit:

This sysctl is only applicable when core_pattern is configured to pipe
core files to a user space helper (when the first character of
core_pattern is a '|', see above).  When collecting cores via a pipe
to an application, it is occasionally useful for the collecting
application to gather data about the crashing process from its
/proc/pid directory.  In order to do this safely, the kernel must wait
for the collecting process to exit, so as not to remove the crashing
processes proc files prematurely.  This in turn creates the
possibility that a misbehaving userspace collecting process can block
the reaping of a crashed process simply by never exiting.  This sysctl
defends against that.  It defines how many concurrent crashing
processes may be piped to user space applications in parallel.  If
this value is exceeded, then those crashing processes above that value
are noted via the kernel log and their cores are skipped.  0 is a
special value, indicating that unlimited processes may be captured in
parallel, but that no waiting will take place (i.e. the collecting
process is not guaranteed access to /proc/<crashing pid>/).  This
value defaults to 0.

==============================================================

core_uses_pid:

The default coredump filename is "core".  By setting
core_uses_pid to 1, the coredump filename becomes core.PID.
If core_pattern does not include "%p" (default does not)
and core_uses_pid is set, then .PID will be appended to
the filename.

==============================================================

ctrl-alt-del:

When the value in this file is 0, ctrl-alt-del is trapped and
sent to the init(1) program to handle a graceful restart.
When, however, the value is > 0, Linux's reaction to a Vulcan
Nerve Pinch (tm) will be an immediate reboot, without even
syncing its dirty buffers.

Note: when a program (like dosemu) has the keyboard in 'raw'
mode, the ctrl-alt-del is intercepted by the program before it
ever reaches the kernel tty layer, and it's up to the program
to decide what to do with it.

==============================================================

dmesg_restrict:

This toggle indicates whether unprivileged users are prevented
from using dmesg(8) to view messages from the kernel's log buffer.
When dmesg_restrict is set to (0) there are no restrictions. When
dmesg_restrict is set set to (1), users must have CAP_SYSLOG to use
dmesg(8).

The kernel config option CONFIG_SECURITY_DMESG_RESTRICT sets the
default value of dmesg_restrict.

==============================================================

domainname & hostname:

These files can be used to set the NIS/YP domainname and the
hostname of your box in exactly the same way as the commands
domainname and hostname, i.e.:
# echo "darkstar" > /proc/sys/kernel/hostname
# echo "mydomain" > /proc/sys/kernel/domainname
has the same effect as
# hostname "darkstar"
# domainname "mydomain"

Note, however, that the classic darkstar.frop.org has the
hostname "darkstar" and DNS (Internet Domain Name Server)
domainname "frop.org", not to be confused with the NIS (Network
Information Service) or YP (Yellow Pages) domainname. These two
domain names are in general different. For a detailed discussion
see the hostname(1) man page.

==============================================================

hotplug:

Path for the hotplug policy agent.
Default value is "/sbin/hotplug".

==============================================================

kptr_restrict:

This toggle indicates whether restrictions are placed on
exposing kernel addresses via /proc and other interfaces.  When
kptr_restrict is set to (0), there are no restrictions.  When
kptr_restrict is set to (1), the default, kernel pointers
printed using the %pK format specifier will be replaced with 0's
unless the user has CAP_SYSLOG.  When kptr_restrict is set to
(2), kernel pointers printed using %pK will be replaced with 0's
regardless of privileges.

==============================================================

kstack_depth_to_print: (X86 only)

Controls the number of words to print when dumping the raw
kernel stack.

==============================================================

l2cr: (PPC only)

This flag controls the L2 cache of G3 processor boards. If
0, the cache is disabled. Enabled if nonzero.

==============================================================

modules_disabled:

A toggle value indicating if modules are allowed to be loaded
in an otherwise modular kernel.  This toggle defaults to off
(0), but can be set true (1).  Once true, modules can be
neither loaded nor unloaded, and the toggle cannot be set back
to false.

==============================================================

msg_next_id, sem_next_id, and shm_next_id:

These three toggles allows to specify desired id for next allocated IPC
object: message, semaphore or shared memory respectively.

By default they are equal to -1, which means generic allocation logic.
Possible values to set are in range 0..INT_MAX.

Notes:
1) kernel doesn't guarantee, that new object will have desired id. So,
it's up to userspace, how to handle an object with "wrong" id.
2) Toggle with non-default value will be set back to -1 by kernel after
successful IPC object allocation.

==============================================================

nmi_watchdog:

Enables/Disables the NMI watchdog on x86 systems. When the value is
non-zero the NMI watchdog is enabled and will continuously test all
online cpus to determine whether or not they are still functioning
properly. Currently, passing "nmi_watchdog=" parameter at boot time is
required for this function to work.

If LAPIC NMI watchdog method is in use (nmi_watchdog=2 kernel
parameter), the NMI watchdog shares registers with oprofile. By
disabling the NMI watchdog, oprofile may have more registers to
utilize.

==============================================================

osrelease, ostype & version:

# cat osrelease
2.1.88
# cat ostype
Linux
# cat version
#5 Wed Feb 25 21:49:24 MET 1998

The files osrelease and ostype should be clear enough. Version
needs a little more clarification however. The '#5' means that
this is the fifth kernel built from this source base and the
date behind it indicates the time the kernel was built.
The only way to tune these values is to rebuild the kernel :-)

==============================================================

overflowgid & overflowuid:

if your architecture did not always support 32-bit UIDs (i.e. arm,
i386, m68k, sh, and sparc32), a fixed UID and GID will be returned to
applications that use the old 16-bit UID/GID system calls, if the
actual UID or GID would exceed 65535.

These sysctls allow you to change the value of the fixed UID and GID.
The default is 65534.

==============================================================

panic:

The value in this file represents the number of seconds the kernel
waits before rebooting on a panic. When you use the software watchdog,
the recommended setting is 60.

==============================================================

panic_on_unrecovered_nmi:

The default Linux behaviour on an NMI of either memory or unknown is
to continue operation. For many environments such as scientific
computing it is preferable that the box is taken out and the error
dealt with than an uncorrected parity/ECC error get propagated.

A small number of systems do generate NMI's for bizarre random reasons
such as power management so the default is off. That sysctl works like
the existing panic controls already in that directory.

==============================================================

panic_on_oops:

Controls the kernel's behaviour when an oops or BUG is encountered.

0: try to continue operation

1: panic immediately.  If the `panic' sysctl is also non-zero then the
   machine will be rebooted.

==============================================================

panic_on_stackoverflow:

Controls the kernel's behavior when detecting the overflows of
kernel, IRQ and exception stacks except a user stack.
This file shows up if CONFIG_DEBUG_STACKOVERFLOW is enabled.

0: try to continue operation.

1: panic immediately.

==============================================================


pid_max:

PID allocation wrap value.  When the kernel's next PID value
reaches this value, it wraps back to a minimum PID value.
PIDs of value pid_max or larger are not allocated.

==============================================================

ns_last_pid:

The last pid allocated in the current (the one task using this sysctl
lives in) pid namespace. When selecting a pid for a next task on fork
kernel tries to allocate a number starting from this one.

==============================================================

powersave-nap: (PPC only)

If set, Linux-PPC will use the 'nap' mode of powersaving,
otherwise the 'doze' mode will be used.

==============================================================

printk:

The four values in printk denote: console_loglevel,
default_message_loglevel, minimum_console_loglevel and
default_console_loglevel respectively.

These values influence printk() behavior when printing or
logging error messages. See 'man 2 syslog' for more info on
the different loglevels.

- console_loglevel: messages with a higher priority than
  this will be printed to the console
- default_message_loglevel: messages without an explicit priority
  will be printed with this priority
- minimum_console_loglevel: minimum (highest) value to which
  console_loglevel can be set
- default_console_loglevel: default value for console_loglevel

==============================================================

printk_delay:

Delay each printk message in printk_delay milliseconds

Value from 0 - 10000 is allowed.

==============================================================

printk_ratelimit:

Some warning messages are rate limited. printk_ratelimit specifies
the minimum length of time between these messages (in jiffies), by
default we allow one every 5 seconds.

A value of 0 will disable rate limiting.

==============================================================

printk_ratelimit_burst:

While long term we enforce one message per printk_ratelimit
seconds, we do allow a burst of messages to pass through.
printk_ratelimit_burst specifies the number of messages we can
send before ratelimiting kicks in.

==============================================================

randomize_va_space:

This option can be used to select the type of process address
space randomization that is used in the system, for architectures
that support this feature.

0 - Turn the process address space randomization off.  This is the
    default for architectures that do not support this feature anyways,
    and kernels that are booted with the "norandmaps" parameter.

1 - Make the addresses of mmap base, stack and VDSO page randomized.
    This, among other things, implies that shared libraries will be
    loaded to random addresses.  Also for PIE-linked binaries, the
    location of code start is randomized.  This is the default if the
    CONFIG_COMPAT_BRK option is enabled.

2 - Additionally enable heap randomization.  This is the default if
    CONFIG_COMPAT_BRK is disabled.

    There are a few legacy applications out there (such as some ancient
    versions of libc.so.5 from 1996) that assume that brk area starts
    just after the end of the code+bss.  These applications break when
    start of the brk area is randomized.  There are however no known
    non-legacy applications that would be broken this way, so for most
    systems it is safe to choose full randomization.

    Systems with ancient and/or broken binaries should be configured
    with CONFIG_COMPAT_BRK enabled, which excludes the heap from process
    address space randomization.

==============================================================

reboot-cmd: (Sparc only)

??? This seems to be a way to give an argument to the Sparc
ROM/Flash boot loader. Maybe to tell it what to do after
rebooting. ???

==============================================================

rtsig-max & rtsig-nr:

The file rtsig-max can be used to tune the maximum number
of POSIX realtime (queued) signals that can be outstanding
in the system.

rtsig-nr shows the number of RT signals currently queued.

==============================================================

sg-big-buff:

This file shows the size of the generic SCSI (sg) buffer.
You can't tune it just yet, but you could change it on
compile time by editing include/scsi/sg.h and changing
the value of SG_BIG_BUFF.

There shouldn't be any reason to change this value. If
you can come up with one, you probably know what you
are doing anyway :)

==============================================================

shmall:

This parameter sets the total amount of shared memory pages that
can be used system wide. Hence, SHMALL should always be at least
ceil(shmmax/PAGE_SIZE).

If you are not sure what the default PAGE_SIZE is on your Linux
system, you can run the following command:

# getconf PAGE_SIZE

==============================================================

shmmax:

This value can be used to query and set the run time limit
on the maximum shared memory segment size that can be created.
Shared memory segments up to 1Gb are now supported in the
kernel.  This value defaults to SHMMAX.

==============================================================

shm_rmid_forced:

Linux lets you set resource limits, including how much memory one
process can consume, via setrlimit(2).  Unfortunately, shared memory
segments are allowed to exist without association with any process, and
thus might not be counted against any resource limits.  If enabled,
shared memory segments are automatically destroyed when their attach
count becomes zero after a detach or a process termination.  It will
also destroy segments that were created, but never attached to, on exit
from the process.  The only use left for IPC_RMID is to immediately
destroy an unattached segment.  Of course, this breaks the way things are
defined, so some applications might stop working.  Note that this
feature will do you no good unless you also configure your resource
limits (in particular, RLIMIT_AS and RLIMIT_NPROC).  Most systems don't
need this.

Note that if you change this from 0 to 1, already created segments
without users and with a dead originative process will be destroyed.

==============================================================

softlockup_thresh:

This value can be used to lower the softlockup tolerance threshold.  The
default threshold is 60 seconds.  If a cpu is locked up for 60 seconds,
the kernel complains.  Valid values are 1-60 seconds.  Setting this
tunable to zero will disable the softlockup detection altogether.

==============================================================

tainted:

Non-zero if the kernel has been tainted.  Numeric values, which
can be ORed together:

   1 - A module with a non-GPL license has been loaded, this
       includes modules with no license.
       Set by modutils >= 2.4.9 and module-init-tools.
   2 - A module was force loaded by insmod -f.
       Set by modutils >= 2.4.9 and module-init-tools.
   4 - Unsafe SMP processors: SMP with CPUs not designed for SMP.
   8 - A module was forcibly unloaded from the system by rmmod -f.
  16 - A hardware machine check error occurred on the system.
  32 - A bad page was discovered on the system.
  64 - The user has asked that the system be marked "tainted".  This
       could be because they are running software that directly modifies
       the hardware, or for other reasons.
128 - The system has died.
256 - The ACPI DSDT has been overridden with one supplied by the user
        instead of using the one provided by the hardware.
512 - A kernel warning has occurred.
1024 - A module from drivers/staging was loaded.
2048 - The system is working around a severe firmware bug.
4096 - An out-of-tree module has been loaded.

==============================================================

unknown_nmi_panic:

The value in this file affects behavior of handling NMI. When the
value is non-zero, unknown NMI is trapped and then panic occurs. At
that time, kernel debugging information is displayed on console.

NMI switch that most IA32 servers have fires unknown NMI up, for example.  If a system hangs up, try pressing the NMI switch.



net.txt



Documentation for /proc/sys/net/*     kernel version 2.4.0-test11-pre4
     (c) 1999          Terrehon Bowden <terrehon@pacbell.net>
                    Bodo Bauer <bb@ricochet.net>
     (c) 2000          Jorge Nerin <comandante@zaralinux.com>
     (c) 2009          Shen Feng <shen@cn.fujitsu.com>

For general info and legal blurb, please look in README.

==============================================================

This file contains the documentation for the sysctl files in
/proc/sys/net and is valid for Linux kernel version 2.4.0-test11-pre4.

The interface  to  the  networking  parts  of  the  kernel  is  located  in
/proc/sys/net. The following table shows all possible subdirectories.You may
see only some of them, depending on your kernel's configuration.


Table : Subdirectories in /proc/sys/net
..............................................................................
Directory Content             Directory  Content
core      General parameter   appletalk  Appletalk protocol
unix      Unix domain sockets netrom     NET/ROM
802       E802 protocol       ax25       AX25
ethernet  Ethernet protocol   rose       X.25 PLP layer
ipv4      IP version 4        x25        X.25 protocol
ipx       IPX                 token-ring IBM token ring
bridge    Bridging            decnet     DEC net
ipv6      IP version 6
..............................................................................

1. /proc/sys/net/core - Network core options
-------------------------------------------------------

bpf_jit_enable
--------------

This enables Berkeley Packet Filter Just in Time compiler.
Currently supported on x86_64 architecture, bpf_jit provides a framework
to speed packet filtering, the one used by tcpdump/libpcap for example.
Values :
     0 - disable the JIT (default value)
     1 - enable the JIT
     2 - enable the JIT and ask the compiler to emit traces on kernel log.

dev_weight
--------------

The maximum number of packets that kernel can handle on a NAPI interrupt,
it's a Per-CPU variable.
Default: 64

rmem_default
------------

The default setting of the socket receive buffer in bytes.

rmem_max
--------

The maximum receive socket buffer size in bytes.

wmem_default
------------

The default setting (in bytes) of the socket send buffer.

wmem_max
--------

The maximum send socket buffer size in bytes.

message_burst and message_cost
------------------------------

These parameters  are used to limit the warning messages written to the kernel
log from  the  networking  code.  They  enforce  a  rate  limit  to  make  a
denial-of-service attack  impossible. A higher message_cost factor, results in
fewer messages that will be written. Message_burst controls when messages will
be dropped.  The  default  settings  limit  warning messages to one every five
seconds.

warnings
--------

This controls console messages from the networking stack that can occur because
of problems on the network like duplicate address or bad checksums. Normally,
this should be enabled, but if the problem persists the messages can be
disabled.

netdev_budget
-------------

Maximum number of packets

以上是关于Linux kernel可设置参数说明(sysctl.conf)的主要内容,如果未能解决你的问题,请参考以下文章

GAMETES 软件可设置的各种参数解释

OpenCV中函数imread的参数flags的枚举值(可设置值)及其具体意义

转发 可设置skip_name_resolve参数 会出现 ERROR 2005 (HY000): Unknown MySQL server host _mysql ...

linux内核参数优化

如何实现线程互等,线程2等待线程1结束后才继续执行。(可设置标志位) 求源代码

怎么查找关于内核参数和函数的说明文档