deea362c80
/etc/security/audit_event to provide a list of audit event-number <-> name mappings. However, this occurs too late for anonymous tracing. With this change, adding 'audit_event_load="YES"' to /boot/loader.conf will cause the boot loader to preload the file, and then the kernel audit code will parse it to register an initial set of audit event-number <-> name mappings. Those mappings can later be updated by auditd(8) if the configuration file changes. Reviewed by: gnn, asomers, markj, allanjude Discussed with: jhb Approved by: re (kib) MFC after: 1 week Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D16589
170 lines
8.5 KiB
Plaintext
170 lines
8.5 KiB
Plaintext
# This is loader.conf - a file full of useful variables that you can
|
|
# set to change the default load behavior of your system. You should
|
|
# not edit this file! Put any overrides into one of the
|
|
# loader_conf_files instead and you will be able to update these
|
|
# defaults later without spamming your local configuration information.
|
|
#
|
|
# All arguments must be in double quotes.
|
|
#
|
|
# $FreeBSD$
|
|
|
|
### Basic configuration options ############################
|
|
exec="echo Loading /boot/defaults/loader.conf"
|
|
|
|
kernel="kernel" # /boot sub-directory containing kernel and modules
|
|
bootfile="kernel" # Kernel name (possibly absolute path)
|
|
kernel_options="" # Flags to be passed to the kernel
|
|
loader_conf_files="/boot/device.hints /boot/loader.conf /boot/loader.conf.local"
|
|
nextboot_conf="/boot/nextboot.conf"
|
|
nextboot_enable="NO"
|
|
verbose_loading="NO" # Set to YES for verbose loader output
|
|
|
|
### Splash screen configuration ############################
|
|
splash_bmp_load="NO" # Set this to YES for bmp splash screen!
|
|
splash_pcx_load="NO" # Set this to YES for pcx splash screen!
|
|
splash_txt_load="NO" # Set this to YES for TheDraw splash screen!
|
|
vesa_load="NO" # Set this to YES to load the vesa module
|
|
bitmap_load="NO" # Set this to YES if you want splash screen!
|
|
bitmap_name="splash.bmp" # Set this to the name of the file
|
|
bitmap_type="splash_image_data" # and place it on the module_path
|
|
|
|
### Screen saver modules ###################################
|
|
# This is best done in rc.conf
|
|
screensave_load="NO" # Set to YES to load a screensaver module
|
|
screensave_name="green_saver" # Set to the name of the screensaver module
|
|
|
|
### Random number generator configuration ##################
|
|
# See rc.conf(5). The entropy_boot_file config variable must agree with the
|
|
# settings below.
|
|
entropy_cache_load="YES" # Set this to NO to disable loading
|
|
# entropy at boot time
|
|
entropy_cache_name="/boot/entropy" # Set this to the name of the file
|
|
entropy_cache_type="boot_entropy_cache" # Required for the kernel to find
|
|
# the boot-time entropy cache. This
|
|
# must not change value even if the
|
|
# _name above does change!
|
|
|
|
### RAM Blacklist configuration ############################
|
|
ram_blacklist_load="NO" # Set this to YES to load a file
|
|
# containing a list of addresses to
|
|
# exclude from the running system.
|
|
ram_blacklist_name="/boot/blacklist.txt" # Set this to the name of the file
|
|
ram_blacklist_type="ram_blacklist" # Required for the kernel to find
|
|
# the blacklist module
|
|
|
|
### Microcode loading configuration ########################
|
|
cpu_microcode_load="NO" # Set this to YES to load and apply a
|
|
# microcode update file during boot.
|
|
cpu_microcode_name="/boot/firmware/ucode.bin" # Set this to the microcode
|
|
# update file path.
|
|
cpu_microcode_type="cpu_microcode" # Required for the kernel to find
|
|
# the microcode update file.
|
|
|
|
### ACPI settings ##########################################
|
|
acpi_dsdt_load="NO" # DSDT Overriding
|
|
acpi_dsdt_type="acpi_dsdt" # Don't change this
|
|
acpi_dsdt_name="/boot/acpi_dsdt.aml"
|
|
# Override DSDT in BIOS by this file
|
|
acpi_video_load="NO" # Load the ACPI video extension driver
|
|
|
|
### Audit settings #########################################
|
|
audit_event_load="NO" # Preload audit_event config
|
|
audit_event_name="/etc/security/audit_event"
|
|
audit_event_type="etc_security_audit_event"
|
|
|
|
### Initial memory disk settings ###########################
|
|
#mdroot_load="YES" # The "mdroot" prefix is arbitrary.
|
|
#mdroot_type="md_image" # Create md(4) disk at boot.
|
|
#mdroot_name="/boot/root.img" # Path to a file containing the image.
|
|
#rootdev="ufs:/dev/md0" # Set the root filesystem to md(4) device.
|
|
|
|
### Loader settings ########################################
|
|
#loader_delay="3" # Delay in seconds before loading anything.
|
|
# Default is unset and disabled (no delay).
|
|
#autoboot_delay="10" # Delay in seconds before autobooting,
|
|
# -1 for no user interrupts, NO to disable
|
|
#password="" # Prevent changes to boot options
|
|
#bootlock_password="" # Prevent booting (see check-password.4th(8))
|
|
#geom_eli_passphrase_prompt="NO" # Prompt for geli(8) passphrase to mount root
|
|
bootenv_autolist="YES" # Auto populate the list of ZFS Boot Environments
|
|
#beastie_disable="NO" # Turn the beastie boot menu on and off
|
|
efi_max_resolution="1x1" # Set the max resolution for EFI loader to use:
|
|
# 480p, 720p, 1080p, 2160p/4k, 5k, or specify
|
|
# WidthxHeight (e.g. 1920x1080)
|
|
#kernels="kernel kernel.old" # Kernels to display in the boot menu
|
|
#loader_logo="orbbw" # Desired logo: orbbw, orb, fbsdbw, beastiebw, beastie, none
|
|
#comconsole_speed="9600" # Set the current serial console speed
|
|
#console="vidconsole" # A comma separated list of console(s)
|
|
#currdev="disk1s1a" # Set the current device
|
|
module_path="/boot/modules;/boot/dtb;/boot/dtb/overlays" # Set the module search path
|
|
#prompt="\\${interpret}" # Set the command prompt
|
|
#root_disk_unit="0" # Force the root disk unit number
|
|
#rootdev="disk1s1a" # Set the root filesystem
|
|
#dumpdev="disk1s1b" # Set a dump device early in the boot process
|
|
#tftp.blksize="1428" # Set the RFC 2348 TFTP block size.
|
|
# If the TFTP server does not support RFC 2348,
|
|
# the block size is set to 512. Valid: (8,9007)
|
|
#twiddle_divisor="1" # >1 means slow down the progress indicator.
|
|
|
|
### Kernel settings ########################################
|
|
# The following boot_ variables are enabled by setting them to any value.
|
|
# Their presence in the kernel environment (see kenv(1)) has the same
|
|
# effect as setting the given boot flag (see boot(8)).
|
|
#boot_askname="" # -a: Prompt the user for the name of the root device
|
|
#boot_cdrom="" # -C: Attempt to mount root file system from CD-ROM
|
|
#boot_ddb="" # -d: Instructs the kernel to start in the DDB debugger
|
|
#boot_dfltroot="" # -r: Use the statically configured root file system
|
|
#boot_gdb="" # -g: Selects gdb-remote mode for the kernel debugger
|
|
#boot_multicons="" # -D: Use multiple consoles
|
|
#boot_mute="" # -m: Mute the console
|
|
#boot_pause="" # -p: Pause after each line during device probing
|
|
#boot_serial="" # -h: Use serial console
|
|
#boot_single="" # -s: Start system in single-user mode
|
|
#boot_verbose="" # -v: Causes extra debugging information to be printed
|
|
#init_path="/sbin/init:/sbin/oinit:/sbin/init.bak:/rescue/init"
|
|
# Sets the list of init candidates
|
|
#init_shell="/bin/sh" # The shell binary used by init(8).
|
|
#init_script="" # Initial script to run by init(8) before chrooting.
|
|
#init_chroot="" # Directory for init(8) to chroot into.
|
|
|
|
### Kernel tunables ########################################
|
|
#hw.physmem="1G" # Limit physical memory. See loader(8)
|
|
#kern.dfldsiz="" # Set the initial data size limit
|
|
#kern.dflssiz="" # Set the initial stack size limit
|
|
#kern.hz="100" # Set the kernel interval timer rate
|
|
#kern.maxbcache="" # Set the max buffer cache KVA storage
|
|
#kern.maxdsiz="" # Set the max data size
|
|
#kern.maxfiles="" # Set the sys. wide open files limit
|
|
#kern.maxproc="" # Set the maximum # of processes
|
|
#kern.maxssiz="" # Set the max stack size
|
|
#kern.maxswzone="" # Set the max swmeta KVA storage
|
|
#kern.maxtsiz="" # Set the max text size
|
|
#kern.maxusers="32" # Set size of various static tables
|
|
#kern.msgbufsize="65536" # Set size of kernel message buffer
|
|
#kern.nbuf="" # Set the number of buffer headers
|
|
#kern.ncallout="" # Set the maximum # of timer events
|
|
#kern.ngroups="1023" # Set the maximum # of supplemental groups
|
|
#kern.sgrowsiz="" # Set the amount to grow stack
|
|
#kern.cam.boot_delay="10000" # Delay (in ms) of root mount for CAM bus
|
|
# registration, useful for USB sticks as root
|
|
#kern.cam.scsi_delay="2000" # Delay (in ms) before probing SCSI
|
|
#kern.ipc.maxsockets="" # Set the maximum number of sockets available
|
|
#kern.ipc.nmbclusters="" # Set the number of mbuf clusters
|
|
#kern.ipc.nsfbufs="" # Set the number of sendfile(2) bufs
|
|
#net.inet.tcp.tcbhashsize="" # Set the value of TCBHASHSIZE
|
|
#vfs.root.mountfrom="" # Specify root partition
|
|
#vm.kmem_size="" # Sets the size of kernel memory (bytes)
|
|
#debug.kdb.break_to_debugger="0" # Allow console to break into debugger.
|
|
#debug.ktr.cpumask="0xf" # Bitmask of CPUs to enable KTR on
|
|
#debug.ktr.mask="0x1200" # Bitmask of KTR events to enable
|
|
#debug.ktr.verbose="1" # Enable console dump of KTR events
|
|
|
|
### Module loading syntax example ##########################
|
|
#module_load="YES" # loads module "module"
|
|
#module_name="realname" # uses "realname" instead of "module"
|
|
#module_type="type" # passes "-t type" to load
|
|
#module_flags="flags" # passes "flags" to the module
|
|
#module_before="cmd" # executes "cmd" before loading the module
|
|
#module_after="cmd" # executes "cmd" after loading the module
|
|
#module_error="cmd" # executes "cmd" if load fails
|