Table MIB
| Name | Description | Type | Format | Flags | Label | Handler | OID |
|---|---|---|---|---|---|---|---|
| security | Security | node | N | RD, WR, MPSAFE | Undefined | [dyn] | |
| security.audit | TrustedBSD audit controls | node | N | RD, WR, MPSAFE | Undefined | [dyn]. [dyn] | |
| security.bsd | BSD security policy | node | N | RD, WR, MPSAFE | Undefined | [dyn]. [dyn] | |
| security.bsd.allow_ptrace | Deny ptrace(2) use by returning ENOSYS | uint8_t | CU | RD, WR, TUN, MPSAFE, NOFETCH | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.allow_read_dir | Enable read(2) of directory by root for filesystems that support it | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.conservative_signals | Unprivileged processes prevented from sending certain signals to processes whose credentials have changed | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.hardlink_check_gid | Unprivileged processes cannot create hard links to files owned by other groups | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.hardlink_check_uid | Unprivileged processes cannot create hard links to files owned by other users | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.map_at_zero | Permit processes to map an object at virtual address 0. | integer | I | RD, WR, TUN, MPSAFE, NOFETCH | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.see_jail_proc | Unprivileged processes may see subjects/objects with different jail ids | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.see_other_gids | Unprivileged processes may see subjects/objects with different real gid | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.see_other_uids | Unprivileged processes may see subjects/objects with different real uid | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.stack_guard_page | Specifies the number of guard pages for a stack that grows | integer | I | RD, WR, TUN, MPSAFE, NOFETCH | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.suser_enabled | Processes with uid 0 have privilege | integer | I | RD, WR, PRISON, TUN, MPSAFE, NOFETCH | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.unprivileged_chroot | Unprivileged processes can use chroot(2) | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.unprivileged_get_quota | Unprivileged processes may retrieve quotas for other uids and gids | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.unprivileged_idprio | Allow non-root users to set an idle priority (deprecated) | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.unprivileged_mlock | Allow non-root users to call mlock(2) | integer | I | RD, WR, TUN, MPSAFE, NOFETCH | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.unprivileged_proc_debug | Unprivileged processes may use process debugging facilities | integer | I | RD, WR, SECURE, PRISON, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.bsd.unprivileged_read_msgbuf | Unprivileged processes may read the kernel message buffer | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail | Jails | node | N | RD, WR, MPSAFE | Undefined | [dyn]. [dyn] | |
| security.jail.allow_raw_sockets | Prison root can create raw sockets (deprecated) | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.chflags_allowed | Processes in jail can alter system file flags (deprecated) | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.children | Limits and stats of child jails | node | N | RD, WR, MPSAFE | Undefined | [dyn]. [dyn]. [dyn] | |
| security.jail.children.cur | Current number of child jails | integer | I | RD, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.children.max | Maximum number of child jails | integer | I | RD, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.devfs_ruleset | Ruleset for the devfs filesystem in jail (deprecated) | integer | I | RD, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.enforce_statfs | Processes in jail cannot see all mounted file systems (deprecated) | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.env | Meta information provided by parent jail | string | A | RD, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.jail_max_af_ips | Number of IP addresses a jail may have at most per address family (deprecated) | unsigned integer | IU | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.jailed | Process in jail? | integer | I | RD, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.list | List of active jails | opaque | S | RD, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.meta_maxbufsize | Maximum buffer size of each meta and env | uint32_t | IU | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.mlock_allowed | Processes in jail can lock/unlock physical pages in memory | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.mount_allowed | Processes in jail can mount/unmount jail-friendly file systems (deprecated) | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.mount_devfs_allowed | Jail may mount the devfs file system (deprecated) | integer | I | RD, WR, DYN, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.mount_fdescfs_allowed | Jail may mount the fdescfs file system (deprecated) | integer | I | RD, WR, DYN, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.mount_fusefs_allowed | Jail may mount the fusefs file system (deprecated) | integer | I | RD, WR, DYN, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.mount_lindebugfs_allowed | Jail may mount the lindebugfs file system (deprecated) | integer | I | RD, WR, DYN, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.mount_procfs_allowed | Jail may mount the procfs file system (deprecated) | integer | I | RD, WR, DYN, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.mount_tmpfs_allowed | Jail may mount the tmpfs file system (deprecated) | integer | I | RD, WR, DYN, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.param | Jail parameters | node | N | RD, WR, MPSAFE | Undefined | [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow | Jail permission flags | node | N | MPSAFE | Undefined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.adjtime | Jail may adjust system time | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.chflags | Jail may alter system file flags | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.extattr | Jail may set system-level filesystem extended attributes | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.mlock | Jail may lock (unlock) physical pages in memory | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.mount | Jail mount/unmount permission flags | node | N | MPSAFE | Undefined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.mount.[noname] | Jail may mount/unmount jail-friendly file systems in general | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.mount.devfs | Jail may mount the devfs file system | integer | B | RD, WR, DYN, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.mount.fdescfs | Jail may mount the fdescfs file system | integer | B | RD, WR, DYN, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.mount.fusefs | Jail may mount the fusefs file system | integer | B | RD, WR, DYN, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.mount.lindebugfs | Jail may mount the lindebugfs file system | integer | B | RD, WR, DYN, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.mount.procfs | Jail may mount the procfs file system | integer | B | RD, WR, DYN, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.mount.tmpfs | Jail may mount the tmpfs file system | integer | B | RD, WR, DYN, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.nfsd | Mountd/nfsd may run in the jail | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.quotas | Jail may set file quotas | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.raw_sockets | Jail may create raw sockets | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.read_msgbuf | Jail may read the kernel message buffer | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.reserved_ports | Jail may bind sockets to reserved ports | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.set_hostname | Jail may set hostname | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.settime | Jail may set system time | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.socket_af | Jail may create sockets other than just UNIX/IPv4/IPv6/route | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.suser | Processes in jail with uid 0 have privilege | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.sysvipc | Jail may use SYSV IPC | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.allow.unprivileged_proc_debug | Unprivileged processes may use process debugging facilities | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.children | Number of child jails | node | N | MPSAFE | Undefined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.children.cur | Current number of child jails | integer | I | RD, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.children.max | Maximum number of child jails | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.cpuset | Jail cpuset | node | N | MPSAFE | Undefined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.cpuset.id | Jail cpuset ID | integer | I | RD, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.devfs_ruleset | Ruleset for in-jail devfs mounts | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.dying | Jail is in the process of shutting down | integer | B | RD, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.enforce_statfs | Jail cannot see all mounted file systems | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.env | Jail meta information readable by the jail | string | A,keyvalue | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.host | Jail host info | node | N | MPSAFE | Undefined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.host.[noname] | Jail host info | integer | E,jailsys | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.host.domainname | Jail NIS domainname | string | A | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.host.hostid | Jail host ID | unsigned long | LU | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.host.hostname | Jail hostname | string | A | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.host.hostuuid | Jail host UUID | string | A | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.ip4 | Jail IPv4 address virtualization | node | N | MPSAFE | Undefined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.ip4.[noname] | Jail IPv4 address virtualization | integer | E,jailsys | RD, TUN, MPSAFE, NOFETCH | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.ip4.addr | Jail IPv4 addresses | opaque | S,in_addr,a | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.ip4.saddrsel | Do (not) use IPv4 source address selection rather than the primary jail IPv4 address. | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.ip6 | Jail IPv6 address virtualization | node | N | MPSAFE | Undefined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.ip6.[noname] | Jail IPv6 address virtualization | integer | E,jailsys | RD, TUN, MPSAFE, NOFETCH | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.ip6.addr | Jail IPv6 addresses | opaque | S,in6_addr,a | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.ip6.saddrsel | Do (not) use IPv6 source address selection rather than the primary jail IPv6 address. | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.jid | Jail ID | integer | I | RD, TUN, MPSAFE, NOFETCH | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.mac | Jail parameters for MAC policy controls | node | N | MPSAFE | Undefined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.meta | Jail meta information hidden from the jail | string | A,keyvalue | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.name | Jail name | string | A | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.osreldate | Jail value for kern.osreldate and uname -K | integer | I | RD, TUN, MPSAFE, NOFETCH | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.osrelease | Jail value for kern.osrelease and uname -r | string | A | RD, TUN, MPSAFE, NOFETCH | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.parent | Jail parent ID | integer | I | RD, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.path | Jail root path | string | A | RD, TUN, MPSAFE, NOFETCH | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.persist | Jail persistence | integer | B | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.securelevel | Jail secure level | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.sysvmsg | SYSV message queues | node | N | MPSAFE | Undefined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.sysvmsg.[noname] | SYSV message queues | integer | E,jailsys | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.sysvsem | SYSV semaphores | node | N | MPSAFE | Undefined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.sysvsem.[noname] | SYSV semaphores | integer | E,jailsys | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.sysvshm | SYSV shared memory | node | N | MPSAFE | Undefined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.sysvshm.[noname] | SYSV shared memory | integer | E,jailsys | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.param.vnet | Virtual network stack | integer | E,jailsys | RD, TUN, MPSAFE, NOFETCH | Defined | [dyn]. [dyn]. [dyn]. [dyn] | |
| security.jail.set_hostname_allowed | Processes in jail can set their hostnames (deprecated) | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.socket_unixiproute_only | Processes in jail are limited to creating UNIX/IP/route sockets only (deprecated) | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.sysvipc_allowed | Processes in jail can use System V IPC primitives (deprecated) | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.jail.vnet | Jail owns vnet? | integer | I | RD, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.mac | TrustedBSD MAC policy controls | node | N | RD, WR, MPSAFE | Undefined | [dyn]. [dyn] | |
| security.mac.labeled | Mask of object types being labeled | uint64_t | QU | RD, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.mac.max_slots | unsigned integer | IU | RD, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | ||
| security.mac.mmap_revocation | Revoke mmap access to files on subject relabel | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.mac.mmap_revocation_via_cow | Revoke mmap access to files via copy-on-write semantics, or by removing all write access | integer | I | RD, WR, MPSAFE | Defined | [dyn]. [dyn]. [dyn] | |
| security.mac.version | unsigned integer | IU | RD, MPSAFE | Defined | [dyn]. [dyn]. [dyn] |