Re: Wireless Media Modes Identified in Man Page for ifmedia(4)
On 2023/01/21 14:00, Thomas Dunn wrote: > Hello, > > The man page for ifmedia(4) identifies the media modes defined for IEEE802.11 > Wireless LAN under the heading "MEDIA TYPES AND OPTIONS FOR IEEE802.11 > WIRELESS LAN". > > For better consistency, I suggest changing "TYPES" to "MODES" in this heading. > > Also, back on Oct. 3, 2018, the Wi-Fi Alliance announced "Wi-Fi 4" and "Wi-Fi > 5" as alternative nomenclatures for IEEE802.11 ”11n” and ”11ac” respectively. > This alternative generation-based naming convention subsequently gained > relatively widespread use and popularity. For better clarity, I suggest > updating the descriptions of the corresponding media modes by replacing > "[11n]" and "[11ac]" with "[11n (Wi-Fi 4)]" and "[11ac (Wi-Fi 5)]" > respectively. > > Thank you for your assistance. > > Respectfully, > > Thomas Dunn > > Sent from my iPad I'm not convinced the marketing names add enough information to this technical page to make such a hash of the column alignment on a standard width terminal as listing them would cause.
Re: Inconsistent isdigit(3) man page
Am Fri, Jan 20, 2023 at 09:32:38AM -0700 schrieb Bob Beck: > Various spec docs seem all over the place on this, so I am also > paging Dr. Posix in this email... Hi Philip! :) Is isdigit() > safe from being screwed up by locale or not? I think this POSIX.1-2017 (i.e. Open Group Issue 7), locales are required to be based on the Portale Character Set and the digit class is required to map the ASCII code points only. In that sense, isdigit() is locale invariant. Joerg
Re: Move SS_CANTRCVMORE and SS_RCVATMARK bits from `so_state' to `sb_state' of receive buffer
On Sat, Jan 21, 2023 at 04:53:54PM +0300, Vitaliy Makkoveev wrote:
> As it was done for SS_CANTSENDMORE bit. The SS_CANTRCVMORE and
> SS_RCVATMARK definition kept as is, but now these bits belongs to the
> `sb_state' of receive buffer. `sb_state' ored with `so_state' when
> socket data exporting to the userland.
OK bluhm@
> @@ -1632,13 +1634,13 @@ somove(struct socket *so, int wait)
> pru_rcvd(so);
>
> /* Receive buffer did shrink by len bytes, adjust oob. */
> - state = so->so_state;
> - so->so_state &= ~SS_RCVATMARK;
> + state = so->so_rcv.sb_state;
Should we rename this local variable to rcvstate?
> + so->so_rcv.sb_state &= ~SS_RCVATMARK;
> oobmark = so->so_oobmark;
> so->so_oobmark = oobmark > len ? oobmark - len : 0;
> if (oobmark) {
hardclock: don't call statclock(), stathz is always non-zero
All the platforms have switched to clockintr.
Let's start by isolating statclock() from hardclock(). stathz is now
always non-zero: statclock() must be called separately. Update
several of the the stathz users to reflect that the value is always
non-zero.
This is a first step toward making hardclock and statclock into
schedulable entities.
ok?
Index: kern_clock.c
===
RCS file: /cvs/src/sys/kern/kern_clock.c,v
retrieving revision 1.105
diff -u -p -r1.105 kern_clock.c
--- kern_clock.c14 Aug 2022 01:58:27 - 1.105
+++ kern_clock.c21 Jan 2023 22:59:34 -
@@ -98,8 +98,6 @@ volatile unsigned long jiffies; /* XXX
void
initclocks(void)
{
- int i;
-
ticks = INT_MAX - (15 * 60 * hz);
jiffies = ULONG_MAX - (10 * 60 * hz);
@@ -111,12 +109,9 @@ initclocks(void)
cpu_initclocks();
/*
-* Compute profhz/stathz, and fix profhz if needed.
+* Compute profhz/stathz.
*/
- i = stathz ? stathz : hz;
- if (profhz == 0)
- profhz = i;
- psratio = profhz / i;
+ psratio = profhz / stathz;
inittimecounter();
}
@@ -158,12 +153,6 @@ hardclock(struct clockframe *frame)
}
}
- /*
-* If no separate statistics clock is available, run it from here.
-*/
- if (stathz == 0)
- statclock(frame);
-
if (--ci->ci_schedstate.spc_rrticks <= 0)
roundrobin(ci);
@@ -268,7 +257,7 @@ startprofclock(struct process *pr)
if ((pr->ps_flags & PS_PROFIL) == 0) {
atomic_setbits_int(>ps_flags, PS_PROFIL);
- if (++profprocs == 1 && stathz != 0) {
+ if (++profprocs == 1) {
s = splstatclock();
psdiv = pscnt = psratio;
setstatclockrate(profhz);
@@ -287,7 +276,7 @@ stopprofclock(struct process *pr)
if (pr->ps_flags & PS_PROFIL) {
atomic_clearbits_int(>ps_flags, PS_PROFIL);
- if (--profprocs == 0 && stathz != 0) {
+ if (--profprocs == 0) {
s = splstatclock();
psdiv = pscnt = 1;
setstatclockrate(stathz);
@@ -415,6 +404,6 @@ sysctl_clockrate(char *where, size_t *si
clkinfo.tick = tick;
clkinfo.hz = hz;
clkinfo.profhz = profhz;
- clkinfo.stathz = stathz ? stathz : hz;
+ clkinfo.stathz = stathz;
return (sysctl_rdstruct(where, sizep, newp, , sizeof(clkinfo)));
}
Index: kern_time.c
===
RCS file: /cvs/src/sys/kern/kern_time.c,v
retrieving revision 1.161
diff -u -p -r1.161 kern_time.c
--- kern_time.c 2 Jan 2023 23:09:48 - 1.161
+++ kern_time.c 21 Jan 2023 22:59:34 -
@@ -218,10 +218,9 @@ sys_clock_getres(struct proc *p, void *v
struct timespec ts;
struct proc *q;
u_int64_t scale;
- int error = 0, realstathz;
+ int error = 0;
memset(, 0, sizeof(ts));
- realstathz = (stathz == 0) ? hz : stathz;
clock_id = SCARG(uap, clock_id);
switch (clock_id) {
@@ -238,7 +237,7 @@ sys_clock_getres(struct proc *p, void *v
break;
case CLOCK_PROCESS_CPUTIME_ID:
case CLOCK_THREAD_CPUTIME_ID:
- ts.tv_nsec = 10 / realstathz;
+ ts.tv_nsec = 10 / stathz;
break;
default:
/* check for clock from pthread_getcpuclockid() */
@@ -248,7 +247,7 @@ sys_clock_getres(struct proc *p, void *v
if (q == NULL)
error = ESRCH;
else
- ts.tv_nsec = 10 / realstathz;
+ ts.tv_nsec = 10 / stathz;
KERNEL_UNLOCK();
} else
error = EINVAL;
Wireless Media Modes Identified in Man Page for ifmedia(4)
Hello, The man page for ifmedia(4) identifies the media modes defined for IEEE802.11 Wireless LAN under the heading "MEDIA TYPES AND OPTIONS FOR IEEE802.11 WIRELESS LAN". For better consistency, I suggest changing "TYPES" to "MODES" in this heading. Also, back on Oct. 3, 2018, the Wi-Fi Alliance announced "Wi-Fi 4" and "Wi-Fi 5" as alternative nomenclatures for IEEE802.11 ”11n” and ”11ac” respectively. This alternative generation-based naming convention subsequently gained relatively widespread use and popularity. For better clarity, I suggest updating the descriptions of the corresponding media modes by replacing "[11n]" and "[11ac]" with "[11n (Wi-Fi 4)]" and "[11ac (Wi-Fi 5)]" respectively. Thank you for your assistance. Respectfully, Thomas Dunn Sent from my iPad
OpenBSD Errata: January 21, 2023 (vmm vmd)
Errata patches for vmm(4) and vmd(8) have been released for OpenBSD 7.1 and 7.2. Binary updates for the amd64 platform are available via the syspatch utility. Source code patches can be found on the respective errata page: https://www.openbsd.org/errata71.html https://www.openbsd.org/errata72.html
Re: don't remove known vmd vm's on failure
*bump*... Anyone able to test or review? Other than bikeshedding some
function naming, this isn't a dramatic change.
Dave Voutila writes:
> Dave Voutila writes:
>
>> It turns out not only does vmd have numerous error paths for handling
>> when something is amiss with a guest, most of the paths don't check if
>> it's a known vm defined in vm.conf.
>>
>> As a result, vmd often removes the vm from the SLIST of vm's meaning
>> one can't easily attempt to start it again or see it in vmctl's status
>> output.
>>
>> A simple reproduction:
>>
>> 1. define a vm with memory > 4gb in vm.conf
>> 2. run vmd in the foreground (doas vmd -d) so it's not started by rc.d
>> 3. try to start with `vmctl start -c ${vm_name}`, you should trigger
>> an ENOMEM and get the "Cannot allocate memory" message from vmctl.
>> 4. try to start the same vm again...now you get EPERM!
>> 5. the vm is no longer visible in the output from `vmctl status` :(
>>
>> The problem is most of the error paths call vm_remove, which not only
>> tears down the vm via vm_stop, but also removes it from the vm list and
>> frees it. Only clean stops or restarts seem to perform this check
>> currently.
>>
>> Below diff refactors into checking if the vm is defined in the global
>> config before deciding to call vm_stop or vm_remove.
>
> Slight tweak... __func__->caller to actually pass the correct name to
> vm_{stop,remove}() from vm_terminate()
>
>
> diff refs/heads/master refs/heads/vmd-accounting
> commit - d4e23fe7544b01187ebf3ac8ae32e955445ee666
> commit + 46503195403bfab50cd34bd8682f35a17d54d03d
> blob - 6bffb2519a31464836aa573dbccb7aa14ea97722
> blob + f30dc14de1ff9d5cf121cbc08b6db183a06d0c07
> --- usr.sbin/vmd/vmd.c
> +++ usr.sbin/vmd/vmd.c
> @@ -67,6 +67,8 @@ struct vmd *env;
> int vm_claimid(const char *, int, uint32_t *);
> void start_vm_batch(int, short, void*);
>
> +static inline void vm_terminate(struct vmd_vm *, const char *);
> +
> struct vmd *env;
>
> static struct privsep_proc procs[] = {
> @@ -395,14 +397,14 @@ vmd_dispatch_vmm(int fd, struct privsep_proc *p, struc
> errno = vmr.vmr_result;
> log_warn("%s: failed to forward vm result",
> vcp->vcp_name);
> - vm_remove(vm, __func__);
> + vm_terminate(vm, __func__);
> return (-1);
> }
> }
>
> if (vmr.vmr_result) {
> log_warnx("%s: failed to start vm", vcp->vcp_name);
> - vm_remove(vm, __func__);
> + vm_terminate(vm, __func__);
> errno = vmr.vmr_result;
> break;
> }
> @@ -410,7 +412,7 @@ vmd_dispatch_vmm(int fd, struct privsep_proc *p, struc
> /* Now configure all the interfaces */
> if (vm_priv_ifconfig(ps, vm) == -1) {
> log_warn("%s: failed to configure vm", vcp->vcp_name);
> - vm_remove(vm, __func__);
> + vm_terminate(vm, __func__);
> break;
> }
>
> @@ -441,10 +443,7 @@ vmd_dispatch_vmm(int fd, struct privsep_proc *p, struc
> log_info("%s: sent vm %d successfully.",
> vm->vm_params.vmc_params.vcp_name,
> vm->vm_vmid);
> - if (vm->vm_from_config)
> - vm_stop(vm, 0, __func__);
> - else
> - vm_remove(vm, __func__);
> + vm_terminate(vm, __func__);
> }
>
> /* Send a response if a control client is waiting for it */
> @@ -470,10 +469,7 @@ vmd_dispatch_vmm(int fd, struct privsep_proc *p, struc
> }
> if (vmr.vmr_result != EAGAIN ||
> vm->vm_params.vmc_bootdevice) {
> - if (vm->vm_from_config)
> - vm_stop(vm, 0, __func__);
> - else
> - vm_remove(vm, __func__);
> + vm_terminate(vm, __func__);
> } else {
> /* Stop VM instance but keep the tty open */
> vm_stop(vm, 1, __func__);
> @@ -509,7 +505,7 @@ vmd_dispatch_vmm(int fd, struct privsep_proc *p, struc
> imsg->hdr.peerid, -1, , sizeof(vir)) == -1) {
> log_debug("%s: GET_INFO_VM failed for vm %d, removing",
> __func__, vm->vm_vmid);
> - vm_remove(vm, __func__);
> + vm_terminate(vm, __func__);
> return (-1);
> }
> break;
> @@ -545,7 +541,7 @@ vmd_dispatch_vmm(int fd, struct privsep_proc *p, struc
> sizeof(vir)) == -1) {
>
wire in efi_reset on MSFT Surface systems to rix reboots
I've long moaned about how my Go3 can't reboot. Woe is me. Now that
kettenis@ landed some scaffolding for efi(4), I would love to get my Go3
working in the reboot department.
The approach I'm thinking, in the diff below, is to hook in via
comparing the FirmwareVendor "string" to make sure we're doing this on
amd64-based Microsoft EFI systems.
The last time we went down this route, we found reports of arbitrarily
switching EFI systems over to efi_reset caused reboots to break on
machines that had been happily using acpi_reset. The struggle is real.
I only have access to my Go3, so would appreciate someone else with a
Surface brand device check for regression before I ask for OK. Feedback
from kettenis@ also welcome.
If your Surface has the same problem as mine, what you experience is
having to do a powerdown (e.g. halt -p) in order to reset the machine. A
reboot causes the machine to reset, but get stuck bringing itself back
up and you stare at the MSFT logo splash until your battery runs out or
you die of boredom.
-dv
diff refs/heads/master refs/heads/efi-powerdown
commit - 009dd187d54193e7f98e87ccd11c616924278c5e
commit + c6f9dc35c81aa79313b1ad12bfcdacfb6074803d
blob - 502bd70a7eddbb271ee54b567c4ffd7a8426
blob + c53604d2c38321bd3151a9008560ce52d3034fec
--- sys/arch/amd64/amd64/acpi_machdep.c
+++ sys/arch/amd64/amd64/acpi_machdep.c
@@ -334,7 +334,8 @@ acpi_attach_machdep(struct acpi_softc *sc)
sc->sc_interrupt = isa_intr_establish(NULL, sc->sc_fadt->sci_int,
IST_LEVEL, IPL_BIO, acpi_interrupt, sc, sc->sc_dev.dv_xname);
- cpuresetfn = acpi_reset;
+ if (!cpuresetfn)
+ cpuresetfn = acpi_reset;
#ifndef SMALL_KERNEL
/*
blob - a5f4563ce7d54e53c9aaadf2823b35d36cd3b1e9
blob + 88aa3f343f059136b1cfd842717ac1ff1fcec3c0
--- sys/arch/amd64/amd64/efi_machdep.c
+++ sys/arch/amd64/amd64/efi_machdep.c
@@ -39,12 +39,18 @@ voidefi_map_runtime(struct efi_softc *);
sizeof(struct efi_softc), efi_match, efi_attach
};
+extern struct cfdriver efi_cd;
+
void efi_map_runtime(struct efi_softc *);
intefi_gettime(struct todr_chip_handle *, struct timeval *);
intefi_settime(struct todr_chip_handle *, struct timeval *);
+void efi_reset(void);
label_t efi_jmpbuf;
+const CHAR16 fv_msft[5] = { 'M', 'S', 'F', 'T', 0 };
+extern void (*cpuresetfn)(void);
+
int
efi_match(struct device *parent, void *match, void *aux)
{
@@ -119,6 +125,9 @@ efi_attach(struct device *parent, struct device *self,
for (i = 0; st->FirmwareVendor[i]; i++)
printf("%c", st->FirmwareVendor[i]);
printf(" rev 0x%x\n", st->FirmwareRevision);
+
+ if (memcmp(st->FirmwareVendor, fv_msft, sizeof(fv_msft)) == 0)
+ cpuresetfn = efi_reset;
}
efi_leave(sc);
@@ -305,3 +314,14 @@ efi_settime(struct todr_chip_handle *handle, struct ti
return EIO;
return 0;
}
+
+void
+efi_reset(void)
+{
+ struct efi_softc *sc = efi_cd.cd_devs[0];
+
+ printf("%s\n", __func__);
+ efi_enter(sc);
+ sc->sc_rs->ResetSystem(EfiResetCold, EFI_SUCCESS, 0, NULL);
+ efi_leave(sc);
+}
Move SS_CANTRCVMORE and SS_RCVATMARK bits from `so_state' to `sb_state' of receive buffer
As it was done for SS_CANTSENDMORE bit. The SS_CANTRCVMORE and
SS_RCVATMARK definition kept as is, but now these bits belongs to the
`sb_state' of receive buffer. `sb_state' ored with `so_state' when
socket data exporting to the userland.
Index: sys/kern/kern_sysctl.c
===
RCS file: /cvs/src/sys/kern/kern_sysctl.c,v
retrieving revision 1.410
diff -u -p -r1.410 kern_sysctl.c
--- sys/kern/kern_sysctl.c 21 Jan 2023 11:23:23 - 1.410
+++ sys/kern/kern_sysctl.c 21 Jan 2023 12:55:38 -
@@ -1184,7 +1184,8 @@ fill_file(struct kinfo_file *kf, struct
}
kf->so_type = so->so_type;
- kf->so_state = so->so_state | so->so_snd.sb_state;
+ kf->so_state = so->so_state | so->so_snd.sb_state |
+ so->so_rcv.sb_state;
if (show_pointers)
kf->so_pcb = PTRTOINT64(so->so_pcb);
else
Index: sys/kern/sys_socket.c
===
RCS file: /cvs/src/sys/kern/sys_socket.c,v
retrieving revision 1.59
diff -u -p -r1.59 sys_socket.c
--- sys/kern/sys_socket.c 21 Jan 2023 11:23:23 - 1.59
+++ sys/kern/sys_socket.c 21 Jan 2023 12:55:38 -
@@ -119,7 +119,7 @@ soo_ioctl(struct file *fp, u_long cmd, c
break;
case SIOCATMARK:
- *(int *)data = (so->so_state_RCVATMARK) != 0;
+ *(int *)data = (so->so_rcv.sb_state & SS_RCVATMARK) != 0;
break;
default:
@@ -149,7 +149,8 @@ soo_stat(struct file *fp, struct stat *u
memset(ub, 0, sizeof (*ub));
ub->st_mode = S_IFSOCK;
solock(so);
- if ((so->so_state & SS_CANTRCVMORE) == 0 || so->so_rcv.sb_cc != 0)
+ if ((so->so_rcv.sb_state & SS_CANTRCVMORE) == 0 ||
+ so->so_rcv.sb_cc != 0)
ub->st_mode |= S_IRUSR | S_IRGRP | S_IROTH;
if ((so->so_snd.sb_state & SS_CANTSENDMORE) == 0)
ub->st_mode |= S_IWUSR | S_IWGRP | S_IWOTH;
Index: sys/kern/uipc_socket.c
===
RCS file: /cvs/src/sys/kern/uipc_socket.c,v
retrieving revision 1.294
diff -u -p -r1.294 uipc_socket.c
--- sys/kern/uipc_socket.c 21 Jan 2023 11:23:23 - 1.294
+++ sys/kern/uipc_socket.c 21 Jan 2023 12:55:38 -
@@ -867,7 +867,7 @@ restart:
so->so_error = 0;
goto release;
}
- if (so->so_state & SS_CANTRCVMORE) {
+ if (so->so_rcv.sb_state & SS_CANTRCVMORE) {
if (m)
goto dontblock;
else if (so->so_rcv.sb_cc == 0)
@@ -1023,7 +1023,7 @@ dontblock:
so, so->so_type, m, m->m_type);
#endif
}
- so->so_state &= ~SS_RCVATMARK;
+ so->so_rcv.sb_state &= ~SS_RCVATMARK;
len = uio->uio_resid;
if (so->so_oobmark && len > so->so_oobmark - offset)
len = so->so_oobmark - offset;
@@ -1100,7 +1100,7 @@ dontblock:
if ((flags & MSG_PEEK) == 0) {
so->so_oobmark -= len;
if (so->so_oobmark == 0) {
- so->so_state |= SS_RCVATMARK;
+ so->so_rcv.sb_state |= SS_RCVATMARK;
break;
}
} else {
@@ -1120,7 +1120,8 @@ dontblock:
*/
while (flags & MSG_WAITALL && m == NULL && uio->uio_resid > 0 &&
!sosendallatonce(so) && !nextrecord) {
- if (so->so_error || so->so_state & SS_CANTRCVMORE)
+ if (so->so_rcv.sb_state & SS_CANTRCVMORE ||
+ so->so_error)
break;
SBLASTRECORDCHK(>so_rcv, "soreceive sbwait 2");
SBLASTMBUFCHK(>so_rcv, "soreceive sbwait 2");
@@ -1160,7 +1161,8 @@ dontblock:
pru_rcvd(so);
}
if (orig_resid == uio->uio_resid && orig_resid &&
- (flags & MSG_EOR) == 0 && (so->so_state & SS_CANTRCVMORE) == 0) {
+ (flags & MSG_EOR) == 0 &&
+ (so->so_rcv.sb_state & SS_CANTRCVMORE) == 0) {
sbunlock(so, >so_rcv);
goto restart;
}
@@ -1632,13 +1634,13 @@ somove(struct socket *so, int wait)
pru_rcvd(so);
/* Receive buffer did shrink by len bytes, adjust oob. */
- state = so->so_state;
- so->so_state &= ~SS_RCVATMARK;
+ state = so->so_rcv.sb_state;
+ so->so_rcv.sb_state &= ~SS_RCVATMARK;
oobmark = so->so_oobmark;
so->so_oobmark = oobmark > len ?
Re: mem.4: be more accurate about securelevel
On Sat, Jan 21, 2023 at 10:43:08AM +, Stuart Henderson wrote: > Test machines are less of a problem, because they're test machines. Sure, we're talking about two different scenarios. > Machines where things have been enabled to debug a problem and then > forgotten are a bigger issue. > I'm not convinced that something visible only on a monitor help much. > How about security(8) though? But surely for securelevel < 1, we need some kind of indication that nags continuously rather than a notification that can take up to 24 hours before it's reported? Adding: if [ `sysctl -n kern.securelevel` -lt 1 ] ; then export PS1='!!\h\$!!'; fi to root's .profile gives an on-going reminder that is visible on a remote, (I.E. non-monitor), session, but then people who change their shell prompt, will lose it, and obviously with that simple solution the notification will stay after setting securelevel >= 1 until you log out and in again.
Re: mem.4: be more accurate about securelevel
On 2023/01/20 18:14, Crystal Kolipe wrote:
> On Fri, Jan 20, 2023 at 01:15:29PM -0700, Theo de Raadt wrote:
> > Todd C. Miller wrote:
> > > I wonder if it makes sense to have a version of sysctl.conf that
> > > only gets used for the next reboot and then is removed, kind of
> > > like /etc/rc.firsttime. Maybe call it /etc/sysctl.once.
> >
> > Well you are shown the change at boot, and it is visible in dmesg -s,
> > which should be good enough.
>
> Otherwise, something like this might be useful for test machines:
Test machines are less of a problem, because they're test machines.
Machines where things have been enabled to debug a problem and then
forgotten are a bigger issue.
I'm not convinced that something visible only on a monitor help much.
How about security(8) though?
Index: share/man/man8/security.8
===
RCS file: /cvs/src/share/man/man8/security.8,v
retrieving revision 1.26
diff -u -p -r1.26 security.8
--- share/man/man8/security.8 13 Jul 2017 19:16:33 - 1.26
+++ share/man/man8/security.8 21 Jan 2023 10:40:37 -
@@ -79,6 +79,10 @@ to protect the programs in
# chown root:wheel /etc/mtree/bin.secure
# chmod 600 /etc/mtree/bin.secure
.Ed
+.It
+Check for insecure
+.Xr sysctl 2
+values.
.Pp
.Sy Note:
These checks do not provide complete protection against
Index: libexec/security/security
===
RCS file: /cvs/src/libexec/security/security,v
retrieving revision 1.41
diff -u -p -r1.41 security
--- libexec/security/security 11 Oct 2020 18:28:17 - 1.41
+++ libexec/security/security 21 Jan 2023 10:40:37 -
@@ -299,6 +299,18 @@ sub check_ksh {
}
}
+sub check_sysctl {
+ $check_title = "Checking sysctl values:";
+ my $securelevel = `sysctl -n kern.securelevel`;
+ chomp $securelevel;
+ nag $securelevel le 0,
+ "kern.securelevel=$securelevel (not secure).";
+ my $allowkmem = `sysctl -n kern.allowkmem`;
+ chomp $allowkmem;
+ nag $allowkmem ge 1,
+ "kern.allowkmem=$allowkmem (userland can access kernel memory).";
+}
+
# Uudecode should not be in the /etc/mail/aliases file.
sub check_mail_aliases {
my $filename = '/etc/mail/aliases';
@@ -910,6 +922,7 @@ backup_passwd;
check_group;
check_csh;
check_ksh(check_sh);
+check_sysctl;
$check_title = "Checking configuration files:";
check_mail_aliases;
check_hostname_if;
