Skip to content

Instantly share code, notes, and snippets.

@alanc

alanc/SRU42-man-page-changes.diff

Created February 15, 2022 20:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save alanc/c0cc4b827da7dd3d09d9a15e3688d9bc to your computer and use it in GitHub Desktop.
Save alanc/c0cc4b827da7dd3d09d9a15e3688d9bc to your computer and use it in GitHub Desktop.
Download ZIP
Man page changes in Solaris 11.4.42
Raw
Solaris-11.4-SRU42-man-page-changes.txt
Man page changes between Solaris 11.4.39 & 11.4.42, including changes for:
21464666 nscd.1m typo: Was nscd doesn't refresh after to update or refresh the DNS/client
23756660 split is super-slow due to getc
24434766 rename "idmu" mapping mode to "rfc2307"
25444201 nscd.conf: Disabling hosts caching does not disable ipnodes caching
27999227 update KMIP client library (libkmip) to support KMIP specification 1.4
29213476 EOF of Solaris WIFI framework
31206139 nscd -f configuration-file : displays usage even though its a valid option as shown by that usage.
32425018 zfs get should display property values and sources of resumable datasets
32737604 svcs manpage doesn't state next run property correctly
32955566 zoneadm migrate ignores SSH agent
32972028 zpool status/import -s should also display allocated and allocatable vdev space
33025837 unable to revert coreadm global core pattern to default
33088439 mdb could use a ::print decoder for simple types where an identifying string is readily available
33161938 plimit options don't scale to modern memory/file sizes
33195316 The zonecfg description property rejects some ASCII characters
33211291 Document new Tahoe-specific migration class
33217870 zoneadm list -p and -d shouldn't be mixed together
33264354 sysadm evacuate should provide detailed progress messages
33267223 chgrp(1) & system(5) should stop describing rstchown system option
33272944 vntsd(8) man page: adding a new vntsd smf. property ---escape character
33286284 Add freezero() to zero buffers when freeing them
33329330 More man pages should list privileges or profiles instead of "super user"
33333523 provide a lib scaled_string_to_number() function
33362301 zpool allocunit help and man page should be updated to restrict blocksize between 512-8K
33375380 ptools should use nicenum/nicestr
33376965 Deprecate getpw(3c)
33382338 32074531 fix for ps --scale missed UCB mode
33416593 BAD TRAP in kmemtype_for_mnodeid()
33420776 mdb should be able to abandon the other process after a fork/spawn
33480886 Add $TZ information to sulog(5) man page
33498733 split should use nicestr() and needs a general refresh
33537167 Document new options for ldm unbind
33553358 environ(7) should document default TZ
33559536 mdb should allow truncated options
33606490 fix for 33498733 missed updating -b in manpage synopsis
33616803 zonecfg(8) should say roozpool/zpool resources may create ZFS mirror
33616839 solaris(7) man page should not have SUB-COMMANDS section
33616881 solaris(7) man page does not say rootzpool resource is not live reconfigurable
Copyright (c) 1983, 2022, Oracle and/or its affiliates.
Raw
SRU42-man-page-changes.diff
diff -NurbBw 11.4.39/xman1/calendar.1 11.4.42/xman1/calendar.1
--- 11.4.39/xman1/calendar.1 2022-02-15 11:15:45.471644922 +0000
+++ 11.4.42/xman1/calendar.1 2022-02-15 11:16:10.622151486 +0000
@@ -112,12 +112,12 @@
calendar is no longer in the default root crontab. Because of the net-
work burden calendar - can induce, it is inadvisable in an environment
running LDAP or NIS with a large number of users. If, however, the use-
- fulness of calendar outweighs the network impact, the super-user may
- run crontab -e to edit the root crontab. Otherwise, individual users
- may wish to use crontab -e to edit their own crontabs to have cron
- invoke calendar without the - argument, piping output to mail addressed
- to themselves.
+ fulness of calendar outweighs the network impact, the system adminis-
+ trator may run crontab -e to edit the root crontab. Otherwise, indi-
+ vidual users may wish to use crontab -e to edit their own crontabs to
+ have cron invoke calendar without the - argument, piping output to mail
+ addressed to themselves.
-Oracle Solaris 11.4 18 Sep 2020 calendar(1)
+Oracle Solaris 11.4 3 Nov 2021 calendar(1)
diff -NurbBw 11.4.39/xman1/chgrp.1 11.4.42/xman1/chgrp.1
--- 11.4.39/xman1/chgrp.1 2022-02-15 11:15:45.919770746 +0000
+++ 11.4.42/xman1/chgrp.1 2022-02-15 11:16:11.062312864 +0000
@@ -8,7 +8,8 @@
SYNOPSIS
chgrp [-c | -changes] [--dereference] [ -h | --no-dereference]
[-f | --silent | --quiet] [--help] [-R | --recursive]
- [--no-preserve-root] [--preserve-root] [-v | --verbose] group file...
+ [--no-preserve-root] [--preserve-root] [-v | --verbose]
+ group file...
chgrp -R | --recursive [-c | -changes] [--dereference]
@@ -18,8 +19,8 @@
chgrp [-c | -changes] [--dereference] [ -h | --no-dereference]
- [-f | --silent | --quiet] [--help] [-R | --recursive] [--preserve-root]
- [--no-preserve-root] [-v | --verbose]
+ [-f | --silent | --quiet] [--help] [-R | --recursive]
+ [--no-preserve-root] [--preserve-root] [-v | --verbose]
--reference=RFILE | -s groupsid file...
@@ -46,32 +47,26 @@
- Unless chgrp is invoked by a process with appropriate privileges, the
- set-user-ID and set-group-ID bits of a regular file will be cleared
- upon successful completion; the set-user-ID and set-group-ID bits of
- other file types may be cleared.
-
-
- The operating system has a configuration option
- _POSIX_CHOWN_RESTRICTED, to restrict ownership changes. When this
- option is in effect, the owner of the file may change the group of the
- file only to a group to which the owner belongs. Only the super-user
- can arbitrarily change owner IDs, whether or not this option is in
- effect. To set this configuration option, include the following line in
- /etc/system:
-
- set rstchown = 1
-
-
-
- To disable this option, include the following line in /etc/system:
-
- set rstchown = 0
-
-
-
- _POSIX_CHOWN_RESTRICTED is enabled by default. See system(5) and fpath-
- conf(2).
+ Unless chgrp is invoked with the {PRIV_FILE_SETID} privilege, the set-
+ user-ID and set-group-ID bits of a regular file will be cleared upon
+ successful completion; the set-user-ID and set-group-ID bits of other
+ file types may be cleared.
+
+
+ The file system has a mountpoint option, rstchown, to restrict owner-
+ ship changes. When this option is in effect, the owner of the file may
+ change the group of the file only to a group to which the owner
+ belongs. The _POSIX_CHOWN_RESTRICTED option will be reported as true
+ for paths on filesystems mounted with the rstchown option, when checked
+ with fpathconf(2) or getconf(1).
+
+
+ The privilege {PRIV_FILE_CHOWN_SELF} allows a process to behave as if
+ rstchown is disabled, whether or not the mount option is in effect. The
+ privilege {PRIV_FILE_CHOWN} allows a process to change the group ID of
+ any file to any group, whether or not the file is owned by the effec-
+ tive user id of the process, even if the effective user is not a member
+ of that group.
OPTIONS
The following options are supported for /usr/bin/chgrp:
@@ -233,10 +228,6 @@
>0 An error occurred.
-FILES
- /etc/group group file
-
-
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
@@ -267,12 +258,13 @@
+-----------------------------+-----------------------------+
SEE ALSO
- chmod(1), chown(1), chown(2), fpathconf(2), group(5), passwd(5), sys-
- tem(5), attributes(7), environ(7), standards(7), id(8)
+ chmod(1), chown(1), getconf(1), chown(2), fpathconf(2), group(5),
+ passwd(5), attributes(7), environ(7), privileges(7), standards(7),
+ id(8), mount(8)
NOTES
chgrp is CSI-enabled except for the group name.
-Oracle Solaris 11.4 10 Feb 2020 chgrp(1)
+Oracle Solaris 11.4 3 Nov 2021 chgrp(1)
diff -NurbBw 11.4.39/xman1/chmod.1 11.4.42/xman1/chmod.1
--- 11.4.39/xman1/chmod.1 2022-02-15 11:15:45.947707564 +0000
+++ 11.4.42/xman1/chmod.1 2022-02-15 11:16:11.095870554 +0000
@@ -311,12 +311,13 @@
chmod g+x,+l file
chmod g+s,+l file
- Only the owner of a file or directory (or the super-user) can
- change that file's or directory's mode. Only the super-user can set
- the sticky bit on a non-directory file. If you are not super-user,
- chmod masks the sticky-bit but does not return an error. In order
- to turn on a file's set-group-ID bit, your own group ID must corre-
- spond to the file's and group execution must be set.
+ Only the owner of a file or directory, or a process with the
+ {PRIV_FILE_OWNER} privilege, can change that file's or directory's
+ mode. Only a process with the {PRIV_SYS_CONFIG} privilege can set
+ the sticky bit on a non-directory file. If run without the required
+ privilege, chmod masks the sticky-bit but does not return an error.
+ In order to turn on a file's set-group-ID bit, your own group ID
+ must correspond to the file's and group execution must be set.
ACL Operation
@@ -1882,7 +1871,7 @@
SEE ALSO
ls(1), chmod(2), fgetattr(3C), acl(7), attributes(7), environ(7),
- fsattr(7), standards(7)
+ fsattr(7), privileges(7), standards(7)
Managing ZFS File Systems in Oracle Solaris 11.4
@@ -1916,4 +1905,4 @@
-Oracle Solaris 11.4 1 May 2020 chmod(1)
+Oracle Solaris 11.4 3 Nov 2021 chmod(1)
diff -NurbBw 11.4.39/xman1/chown.1 11.4.42/xman1/chown.1
--- 11.4.39/xman1/chown.1 2022-02-15 11:15:45.956559683 +0000
+++ 11.4.42/xman1/chown.1 2022-02-15 11:16:11.111926561 +0000
@@ -51,19 +51,26 @@
that specified by group.
- If chown is invoked by other than the super-user, the set-user-ID bit
- is cleared.
+ If chown is invoked without the {PRIV_FILE_SETID} privilege, the set-
+ user-ID and set-group-ID bits are cleared.
- Only the owner of a file (or the super-user) can change the owner of
- that file.
+ Changing the owner of a file may require additional privilege. The
+ {PRIV_FILE_CHOWN} privilege allows changing the owner of files owned by
+ other users, but does not allow changing the owner to or from uid 0.
+ The {PRIV_FILE_CHOWN_SELF} privilege allows the file's current owner to
+ change the owner to another uid, except for uid 0. Changing a file's
+ owner to uid 0 requires all privileges.
The file system has a mountpoint option, rstchown, to restrict owner-
ship changes. When this option is in effect the owner of the file is
- prevented from changing the owner ID of the file. Only the super-user
- can arbitrarily change owner IDs, whether or not this option is in
- effect.
+ prevented from changing the owner ID of the file, unless they use the
+ privileges listed above. When this option is not in effect, the owner
+ of the file does not need additional privilege to change the owner to
+ another non-zero uid. The _POSIX_CHOWN_RESTRICTED option will be
+ reported as true for paths on filesystems mounted with the rstchown
+ option, when checked with fpathconf(2) or getconf(1).
chown changes the ownership of each file to owner. owner can be speci-
@@ -230,23 +237,22 @@
The following operands are supported:
owner[:group] A user ID and optional group ID to be assigned to
- file. The owner portion of this operand must be a
- user name from the user database or a numeric user
- ID. Either specifies a user ID to be given to each
- file named by file. If a numeric owner exists in the
- user database as a user name, the user ID number
- associated with that user name is used as the user
- ID. Similarly, if the group portion of this operand
- is present, it must be a group name from the group
- database or a numeric group ID. Either specifies a
- group ID to be given to each file. If a numeric group
- operand exists in the group database as a group name,
- the group ID number associated with that group name
- is used as the group ID.
+ file. The owner portion of this operand must be a user
+ name from the user database or a numeric user ID.
+ Either specifies a user ID to be given to each file
+ named by file. If a numeric owner exists in the user
+ database as a user name, the user ID number associated
+ with that user name is used as the user ID. Similarly,
+ if the group portion of this operand is present, it
+ must be a group name from the group database or a
+ numeric group ID. Either specifies a group ID to be
+ given to each file. If a numeric group operand exists
+ in the group database as a group name, the group ID
+ number associated with that group name is used as the
+ group ID.
- file A path name of a file whose user ID is to be modi-
- fied.
+ file A path name of a file whose user ID is to be modified.
EXAMPLES
@@ -276,10 +282,6 @@
>0 An error occurred.
-FILES
- /etc/passwd System password file
-
-
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
@@ -310,8 +312,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- chgrp(1), chmod(1), chown(2), fpathconf(2), passwd(5), system(5),
- attributes(7), environ(7), standards(7)
+ chgrp(1), chmod(1), getconf(1), chown(2), fpathconf(2), passwd(5),
+ attributes(7), environ(7), privileges(7), standards(7), mount(8)
NOTES
chown is CSI-enabled except for the owner and group names.
@@ -325,4 +327,4 @@
-Oracle Solaris 11.4 4 Feb 2015 chown(1)
+Oracle Solaris 11.4 3 Nov 2021 chown(1)
diff -NurbBw 11.4.39/xman1/cp.1 11.4.42/xman1/cp.1
--- 11.4.39/xman1/cp.1 2022-02-15 11:15:45.964500473 +0000
+++ 11.4.42/xman1/cp.1 2022-02-15 11:16:11.116463062 +0000
@@ -39,13 +39,14 @@
access time of source_file are set to the time the copy was made. If
target_file does not exist, cp creates a new file named target_file
that has the same mode as source_file except that the sticky bit is not
- set unless the user is super-user. In this case, the owner and group of
- target_file are those of the user, unless the setgid bit is set on the
- directory containing the newly created file. If the directory's setgid
- bit is set, the newly created file has the group of the containing
- directory rather than of the creating user. If target_file is a link to
- another file, cp overwrites the link destination with the contents of
- source_file; the link(s) from target_file remains.
+ set unless the user has the {PRIV_SYS_CONFIG} privilege. In this case,
+ the owner and group of target_file are those of the user, unless the
+ setgid bit is set on the directory containing the newly created file.
+ If the directory's setgid bit is set, the newly created file has the
+ group of the containing directory rather than of the creating user. If
+ target_file is a link to another file, cp overwrites the link destina-
+ tion with the contents of source_file; the link(s) from target_file
+ remains.
In the second synopsis form, one or more source_files are copied to the
@@ -342,7 +331,7 @@
SEE ALSO
chmod(1), chown(1), utime(2), fgetattr(3C), attributes(7), environ(7),
- fsattr(7), locale(7), standards(7)
+ fsattr(7), locale(7), privileges(7), standards(7)
NOTES
The permission modes of the source file are preserved in the copy.
@@ -354,4 +343,4 @@
-Oracle Solaris 11.4 5 February 2018 cp(1)
+Oracle Solaris 11.4 3 Nov 2021 cp(1)
diff -NurbBw 11.4.39/xman1/cpio.1 11.4.42/xman1/cpio.1
--- 11.4.39/xman1/cpio.1 2022-02-15 11:15:45.976494830 +0000
+++ 11.4.42/xman1/cpio.1 2022-02-15 11:16:11.132762956 +0000
@@ -283,7 +283,8 @@
-R id Reassigns ownership and group information for each file
to user ID. (ID must be a valid login ID from the passwd
database.) This option is valid only when id is the
- invoking user or the super-user. See NOTES.
+ invoking user or when the command is run with all the
+ privileges available in the current zone. See NOTES.
-s Swaps bytes within each half word.
@@ -485,7 +486,7 @@
SEE ALSO
sh(1), ar(1), cat(1), echo(1), find(1), ls(1), pax(1), tar(1),
chown(2), archives.h(3HEAD), attributes(7), environ(7), fsattr(7),
- standards(7)
+ privileges(7), standards(7)
NOTES
The maximum path name length allowed in a cpio archive is determined by
@@ -514,7 +515,7 @@
that allow all UID or GID values.
- Only the super-user can copy special files.
+ The {PRIV_SYS_DEVICES} privilege is required to copy special files.
Blocks are reported in 512-byte quantities.
@@ -525,7 +526,7 @@
When cpio is invoked in Copy In or Pass Mode by a user with
- {PRIV_FILE_CHOWN_SELF} privilege, and in particular on a system where
+ {PRIV_FILE_CHOWN_SELF} privilege, or is writing to a filesystem where
{_POSIX_CHOWN_RESTRICTED} is not in effect (effectively granting this
privilege to all users where not overridden), extracted or copied files
can end up with owners and groups determined by those of the original
@@ -557,4 +558,4 @@
-Oracle Solaris 11.4 23 Jun 2020 cpio(1)
+Oracle Solaris 11.4 3 Nov 2021 cpio(1)
diff -NurbBw 11.4.39/xman1/date.1 11.4.42/xman1/date.1
--- 11.4.39/xman1/date.1 2022-02-15 11:15:45.981261262 +0000
+++ 11.4.42/xman1/date.1 2022-02-15 11:16:11.136908918 +0000
@@ -55,14 +55,14 @@
Slowly adjust the time by sss.fff seconds (fff represents fractions
of a second). This adjustment can be positive or negative. The sys-
tem's clock is sped up or slowed down until it has drifted by the
- number of seconds specified. Only the super-user may adjust the
- time.
+ number of seconds specified. The {PRIV_SYS_TIME} privilege is
+ required to adjust the time.
-u
- Display (or set) the date in Greenwich Mean Time (GMT--universal
- time), bypassing the normal conversion to (or from) local time.
+ Display (or set) the date in Coordinated Universal Time (UTC),
+ bypassing the normal conversion to (or from) local time.
OPERANDS
@@ -141,17 +141,17 @@
The month, day, year number, and century may be omitted; the current
values are applied as defaults. For example, the following entry:
- example% date 10080045
+ example# date 10080045
sets the date to Oct 8, 12:45 a.m. The current year is the default
- because no year is supplied. The system operates in GMT. date takes
+ because no year is supplied. The system operates in UTC. date takes
care of the conversion to and from local standard and daylight time.
- Only the super-user may change the date. After successfully setting the
- date and time, date displays the new date according to the default for-
- mat. The date command uses TZ to determine the correct time zone infor-
- mation; see environ(7).
+ The {PRIV_SYS_TIME} privilege is required to change the date. After
+ successfully setting the date and time, date displays the new date
+ according to the default format. The date command uses TZ to determine
+ the correct time zone information; see environ(7).
EXAMPLES
Example 1 Generating Output
@@ -181,12 +181,10 @@
The following command sets the current time to 12:34:56:
-
-
example# date 1234.56
- Example 3 Setting Another Time and Date in Greenwich Mean Time
+ Example 3 Setting Another Time and Date in UTC
@@ -250,11 +248,11 @@
+-----------------------------+-----------------------------+
SEE ALSO
- strftime(3C), attributes(7), environ(7), standards(7)
+ strftime(3C), attributes(7), environ(7), privileges(7), standards(7)
DIAGNOSTICS
- no permission You are not the super-user and you tried to change
- the date.
+ no permission You do not have the {PRIV_SYS_TIME} privilege and you
+ tried to change the date.
bad conversion The date set is syntactically incorrect.
@@ -282,6 +280,17 @@
designed to work with values larger than allowed by a signed 32-bit
time_t.
+HISTORY
+ Support for the %N conversion specifier was added to Oracle Solaris in
+ the Solaris 11.0.0 release.
+
+
+ The /usr/xpg4/bin/date command was added in the Solaris 2.5 release.
+
+
+ The date command, with support for the -a and -u options, has been
+ present in all Sun and Oracle releases of Solaris.
+
-Oracle Solaris 11.4 11 May 2021 date(1)
+Oracle Solaris 11.4 3 Nov 2021 date(1)
diff -NurbBw 11.4.39/xman1/du.1 11.4.42/xman1/du.1
--- 11.4.39/xman1/du.1 2022-02-15 11:15:45.986558424 +0000
+++ 11.4.42/xman1/du.1 2022-02-15 11:16:11.141745109 +0000
@@ -7,11 +7,11 @@
SYNOPSIS
/usr/bin/du [-dorx] [-a | -s] [-h | -k | -m] [-H | -L]
- [--scale[=item1,,item2,...]] [file ...]
+ [--scale[=item1,item2,...]] [file ...]
/usr/xpg4/bin/du [-dorx] [-a | -s] [-h | -k | -m] [-H | -L]
- [--scale[=item1,,item2,...]] [file ...]
+ [--scale[=item1,item2,...]] [file ...]
DESCRIPTION
The du utility writes to standard output the size of the file space
@@ -120,7 +120,7 @@
Scaling is done by repetitively dividing by a scale factor of
1024. The use of binary scaling is indicated by the addition of
- an 'i' modifer to the suffix (Ki, Mi, Gi, ...).
+ an 'i' modifier to the suffix (Ki, Mi, Gi, ...).
max
@@ -237,4 +237,4 @@
-Oracle Solaris 11.4 26 August 2020 du(1)
+Oracle Solaris 11.4 22 September 2021 du(1)
diff -NurbBw 11.4.39/xman1/filesync.1 11.4.42/xman1/filesync.1
--- 11.4.39/xman1/filesync.1 2022-02-15 11:15:45.994317225 +0000
+++ 11.4.42/xman1/filesync.1 2022-02-15 11:16:11.165370490 +0000
@@ -373,8 +373,9 @@
If filename is a special file, a special file with the same
major or minor device numbers will be replicated in the
- specified destination directory. (dest-dir). Only super-
- users can use filesync to create special files.
+ specified destination directory (dest-dir). The
+ {PRIV_SYS_DEVICES} privilege is required to create special
+ files.
Files created in the destination directory (dest-dir) will
have the same owner, group and other permissions as the
@@ -473,8 +474,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- packingrules(5), attributes(7)
+ packingrules(5), acl(7), attributes(7), privileges(7)
-Oracle Solaris 11.4 16 Sep 2016 filesync(1)
+Oracle Solaris 11.4 3 Nov 2021 filesync(1)
diff -NurbBw 11.4.39/xman1/geniconvtbl.1 11.4.42/xman1/geniconvtbl.1
--- 11.4.39/xman1/geniconvtbl.1 2022-02-15 11:15:45.998187314 +0000
+++ 11.4.42/xman1/geniconvtbl.1 2022-02-15 11:16:11.171286104 +0000
@@ -179,8 +178,7 @@
To use the binary table created in the first example above as the
- engine of the conversion 'fromcode' ABC to 'tocode' DEF, become super-
- user and then rename it and place it like this:
+ engine of the conversion 'fromcode' ABC to 'tocode' DEF, install it as:
example# mv convertA2B.bt \
@@ -203,13 +201,12 @@
- As super-user, place the generated binary table with a unique name at
- the system directory where iconv_open(3C) can find the binary table:
+ With appropriate privileges, place the generated binary table with a
+ unique name at the system directory where iconv_open(3C) can find the
+ binary table:
- example su
- Password:
- example% cp ISO8859-1_to_UTF-8.bt \
+ example# cp ISO8859-1_to_UTF-8.bt \
/usr/lib/iconv/geniconvtbl/binarytables/my-iso-8859-1%utf-8.bt
@@ -245,8 +241,7 @@
To use the cconv binary tables created in the Example 6 for cconv and
- iconv code conversions, become super-user and then place the files
- under /usr/lib/iconv:
+ iconv code conversions, place the files under /usr/lib/iconv:
example# mv my8859-11+UTF-32.bt UTF-32+my8859-11.bt \
@@ -316,7 +310,7 @@
SEE ALSO
cpp(1), iconv(1), localedef(1), cconv(3C), cconv_close(3C),
cconv_open(3C), cconvctl(3C), iconv(3C), iconv_close(3C),
- iconv_open(3C), iconvctl(3C). geniconvtbl(5), geniconvtbl-cconv(5),
+ iconv_open(3C), iconvctl(3C), geniconvtbl(5), geniconvtbl-cconv(5),
attributes(7), environ(7)
@@ -334,4 +328,4 @@
-Oracle Solaris 11.4 11 Nov 2014 geniconvtbl(1)
+Oracle Solaris 11.4 3 Nov 2021 geniconvtbl(1)
diff -NurbBw 11.4.39/xman1/hostname.1 11.4.42/xman1/hostname.1
--- 11.4.39/xman1/hostname.1 2022-02-15 11:15:46.003560586 +0000
+++ 11.4.42/xman1/hostname.1 2022-02-15 11:16:11.180669657 +0000
@@ -12,10 +12,12 @@
/usr/bin/hostname [-D]
DESCRIPTION
- The hostname command prints the name of the current host, as given
- before the login prompt. The super-user can set the hostname by giving
- an argument. The change of the hostname is permanent unless the -t
- option is specified.
+ When no arguments are given, the hostname command prints the name of
+ the current host, as given before the login prompt. The hostname can be
+ set by giving an argument. The change of the hostname is permanent
+ unless the -t option is specified. The -t option changes the hostname
+ only in the running kernel and does not update the system configuration
+ to make the name persist across a reboot.
By default, any system configured as a DHCP client will use the host-
@@ -27,6 +29,12 @@
future Solaris release and the semantics of the -D option might change
to reflect any such change.
+
+ Setting the hostname temporarily with the -t option requires the
+ {PRIV_SYS_ADMIN} privilege. Setting the hostname permanently, or using
+ the -D option, requires the authorization to set properties of the
+ svc:/system/identity:node SMF service. See smf_security(7).
+
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
@@ -38,8 +46,16 @@
+-----------------------------+-----------------------------+
SEE ALSO
- uname(1), nodename(5), attributes(7)
+ uname(1), nodename(5), attributes(7), privileges(7), smf_security(7)
+
+HISTORY
+ Support for the -t and -D options, and for persistent setting of the
+ hostname, was added in the Oracle Solaris 11.1.0 release.
+
+
+ The hostname command has been present in all Sun and Oracle releases of
+ Solaris.
-Oracle Solaris 11.4 13 Aug 2012 hostname(1)
+Oracle Solaris 11.4 3 Nov 2021 hostname(1)
diff -NurbBw 11.4.39/xman1/kbd.1 11.4.42/xman1/kbd.1
--- 11.4.39/xman1/kbd.1 2022-02-15 11:15:46.007588740 +0000
+++ 11.4.42/xman1/kbd.1 2022-02-15 11:16:11.185025134 +0000
@@ -8,11 +8,11 @@
SYNOPSIS
kbd [-T] [-r] [-t ] [-l] [-a enable | disable | alternate]
- [-c on | off] [-d keyboard device]
- [-D autorepeat delay] [-R autorepeat rate]
+ [-c on | off] [-d keyboard-device]
+ [-D autorepeat-delay] [-R autorepeat-rate]
- kbd [-i] [-d keyboard device]
+ kbd [-i] [-d keyboard-device]
kbd -s [language]
@@ -39,11 +39,11 @@
respond to the -c option.
- The keyboard abort sequence effect can only be changed by a super user
- using the -a option. This sequence is typically Stop-A or L1-A and
- Shift-Pause on the keyboard on SPARC systems, F1-A and Shift-Pause on
- x86 systems, and BREAK on the serial console input device on most sys-
- tems.
+ The keyboard abort sequence effect can be changed by a user with the
+ {PRIV_SYS_CONFIG} privilege using the -a option. This sequence is typi-
+ cally Stop-A or L1-A and Shift-Pause on the keyboard on SPARC systems,
+ F1-A and Shift-Pause on x86 systems, and BREAK on the serial console
+ input device on most systems.
A BREAK condition that originates from an erroneous electrical signal
@@ -89,7 +89,7 @@
Shift-Pause on x86 systems, and BREAK on the serial console device.
The default keyboard behavior can be changed using this option. The
- -a option can only be used by a super user.
+ -a option requires the {PRIV_SYS_CONFIG} privilege.
enable Enables the default effect of the keyboard abort
sequence (suspend the operating system and enter the
@@ -135,13 +135,13 @@
- -d keyboard device
+ -d keyboard-device
Specifies the keyboard device being set. The default setting is
/dev/kbd.
- -D autorepeat delay
+ -D autorepeat-delay
Sets the autorepeat delay in milliseconds.
@@ -149,7 +149,7 @@
-i
Sets keyboard properties from the keymap service. With the excep-
- tion of -d keyboard device, this option cannot be used with any
+ tion of -d keyboard-device, this option cannot be used with any
other option. The -i option instructs the keyboard command to read
and process keyclick and keyboard abort default values from the
keyboard properties in the keymap service. The -i option can only
@@ -170,7 +170,7 @@
Resets the keyboard as if power-up.
- -R autorepeat rate
+ -R autorepeat-rate
Sets the autorepeat rate in milliseconds.
@@ -195,7 +195,7 @@
frequency The frequency value specified to be set in kernel. The
receiver of this value is specified by the -b option. This
value should be between 0 and 32767 otherwise it is
- ejected with EINVAL.
+ rejected with EINVAL.
language The language specified to be set in kernel. If the lan-
@@ -211,10 +211,8 @@
The following example displays the keyboard type:
-
-
example% kbd -t
- Type 4 Sun keyboard
+ USB keyboard
example%
@@ -244,11 +236,9 @@
displays auto repeat delay and rate settings.
-
-
example% kbd -l
- type=4
- layout=43 (0x2b)
+ type=6
+ layout=33 (0x21)
delay(ms)=500
rate(ms)=33
example%
@@ -358,7 +327,8 @@
SEE ALSO
kmdb(1), loadkeys(1), svcs(1), asy(4D), se(4D), virtualkm(4D), kb(4M),
- keytables(5), attributes(7), smf(7), svcadm(8), svccfg(8)
+ keytables(5), attributes(7), privileges(7), smf(7), svcadm(8), svc-
+ cfg(8)
NOTES
Some server systems have key switches with a secure key position that
@@ -374,7 +344,7 @@
setting.
- The kdb service is managed by the service management facility, smf(7),
+ The kbd service is managed by the service management facility, smf(7),
under the service identifier:
svc:/system/keymap:default
@@ -389,4 +359,4 @@
-Oracle Solaris 11.4 23 Jan 2017 kbd(1)
+Oracle Solaris 11.4 3 Nov 2021 kbd(1)
diff -NurbBw 11.4.39/xman1/kill.1 11.4.42/xman1/kill.1
--- 11.4.39/xman1/kill.1 2022-02-15 11:15:46.011764672 +0000
+++ 11.4.42/xman1/kill.1 2022-02-15 11:16:11.190207052 +0000
@@ -35,8 +35,9 @@
- The signaled process must belong to the current user unless the user is
- the super-user.
+ The signaled process must belong to the current user unless kill is run
+ with the {PRIV_PROC_OWNER} privilege, as may be done using the Process
+ Management rights profile.
See NOTES for descriptions of the shell built-in versions of kill.
@@ -231,7 +232,7 @@
SEE ALSO
csh(1), getconf(1), jobs(1), ksh(1), ksh88(1), ps(1), sh(1),
shell_builtins(1), wait(1), kill(2), signal(3C), signal.h(3HEAD),
- attributes(7), environ(7), standards(7)
+ attributes(7), environ(7), privileges(7), standards(7)
NOTES
/usr/bin/kill
@@ -401,4 +394,4 @@
-Oracle Solaris 11.4 11 May 2021 kill(1)
+Oracle Solaris 11.4 3 Nov 2021 kill(1)
diff -NurbBw 11.4.39/xman1/ldd.1 11.4.42/xman1/ldd.1
--- 11.4.39/xman1/ldd.1 2022-02-15 11:15:46.021697174 +0000
+++ 11.4.42/xman1/ldd.1 2022-02-15 11:16:11.195874714 +0000
@@ -89,12 +89,12 @@
-f
Forces ldd to check for an executable file that is not secure. When
- ldd is invoked by a superuser, by default ldd does not process any
- executable that is not secure. An executable is not considered
- secure if the interpreter that the executable specifies does not
- reside under /lib or /usr/lib. An executable is also not considered
- secure if the interpreter cannot be determined. See Security under
- USAGE.
+ ldd is invoked by with an effective uid of 0, by default ldd does
+ not process any executable that is not secure. An executable is not
+ considered secure if the interpreter that the executable specifies
+ does not reside under /lib or /usr/lib. An executable is also not
+ considered secure if the interpreter cannot be determined. See
+ Security under USAGE.
-i
@@ -344,19 +344,20 @@
being inspected.
Security
- A superuser should use the -f option only if the executable to be exam-
- ined is known to be trustworthy. The use of -f on an untrustworthy exe-
- cutable while superuser can compromise system security. If the trust-
- worthiness of an executable is unknown, a superuser should temporarily
- become a regular user. Then invoke ldd as this regular user.
+ A privileged user should use the -f option only if the executable to be
+ examined is known to be trustworthy. The use of -f on an untrustworthy
+ executable while having access to non-basic privileges or authoriza-
+ tions can compromise system security. If the trustworthiness of an exe-
+ cutable is unknown, the user should temporarily become a regular user,
+ then invoke ldd as this regular user.
Untrustworthy objects can be safely examined with dump(1), elfdump(1),
elfedit(1), and with mdb(1), as long as the :r subcommand is not used.
- In addition, a non-superuser can use either the :r subcommand of mdb,
- or truss(1) to examine an untrustworthy executable without too much
- risk of compromise. To minimize risk when using ldd, mdb :r, or truss
- on an untrustworthy executable, use the UID "nobody".
+ In addition, a non-privileged user can use either the :r subcommand of
+ mdb, or truss(1) to examine an untrustworthy executable without too
+ much risk of compromise. To minimize risk when using ldd, mdb :r, or
+ truss on an untrustworthy executable, use the UID "nobody".
Unused Material
ldd can validate dependency use. Only when a symbol reference is bound
@@ -445,4 +446,4 @@
-Oracle Solaris 11.4 19 July 2021 ldd(1)
+Oracle Solaris 11.4 3 Nov 2021 ldd(1)
diff -NurbBw 11.4.39/xman1/ls.1 11.4.42/xman1/ls.1
--- 11.4.39/xman1/ls.1 2022-02-15 11:15:46.041971764 +0000
+++ 11.4.42/xman1/ls.1 2022-02-15 11:16:11.227913117 +0000
@@ -9,21 +9,21 @@
/usr/bin/ls [-aAbcCdeEfFghHiklLmnopqrRsStuUwvVx1@]
[-/ c | -/v] [-% atime | crtime | ctime | mtime | all]
[--block-size size] [--color[=when]] [--file-type]
- [--scale[=item1,,item2,...]] [--si] [--time-style style]
+ [--scale[=item1,item2,...]] [--si] [--time-style style]
[file]...
/usr/xpg4/bin/ls [-aAbcCdeEfFghHiklLmnopqrRsStuUwvVx1@]
[-/ c | -/v] [-% atime | crtime | ctime | mtime | all]
[--block-size size] [--color[=when]] [--file-type]
- [--scale[=item1,,item2,...]] [--si] [--time-style style]
+ [--scale[=item1,item2,...]] [--si] [--time-style style]
[file]...
/usr/xpg6/bin/ls [-aAbcCdeEfFghHiklLmnopqrRsStuUwvVx1@]
[-/ c | -/v] [-% atime | crtime | ctime | mtime | all]
[--block-size size] [--color[=when]] [--file-type]
- [--scale[=item1,,item2,...]] [--si] [--time-style style]
+ [--scale[=item1,item2,...]] [--si] [--time-style style]
[file]...
DESCRIPTION
@@ -983,7 +983,7 @@
Scaling is done by repetitively dividing by a scale factor of
1024. The use of binary scaling is indicated by the addition of
- an 'i' modifer to the suffix (Ki, Mi, Gi, ...).
+ an 'i' modifier to the suffix (Ki, Mi, Gi, ...).
max
@@ -1692,4 +1692,4 @@
-Oracle Solaris 11.4 11 May 2021 ls(1)
+Oracle Solaris 11.4 22 September 2021 ls(1)
diff -NurbBw 11.4.39/xman1/mdb.1 11.4.42/xman1/mdb.1
--- 11.4.39/xman1/mdb.1 2022-02-15 11:15:46.072309584 +0000
+++ 11.4.42/xman1/mdb.1 2022-02-15 11:16:11.261488165 +0000
@@ -2844,7 +2844,7 @@
below for more information.
- address ::print [ -aCdiLptx ] [ -c lim ] [ -l lim ]
+ address ::print [ -AaCdiLptx ] [ -c lim ] [ -l lim ]
[ type [ member ... ] ]
Print the data structure at the specified virtual address using the
@@ -2893,6 +2893,9 @@
the -a option is given, the addresses shown are byte offsets start-
ing at zero.
+ If the -A option is present then ::print will not print any annota-
+ tions for data structures or the members.
+
address ::printf [ -c lim ] [ -t format ... ] format [type] ...
@@ -3640,12 +3643,15 @@
symbol table of all kernel modules during startup.
- -o option
+ +/-o option
- Enables the specified debugger option. If the -o form of the option
- is used, the specified option is disabled. Unless noted below, each
- option is off by default. mdb recognizes the following option argu-
- ments:
+ Enables the specified debugger option. If the +o form of the option
+ is used, the specified option must be boolean and the option is
+ disabled. Options can be truncated, as long as the option remains
+ unique. It is not recommended that options written into aliases or
+ configuration files are truncated as they could be made invalid in
+ future updates. Unless noted below, each boolean option is off by
+ default. mdb recognizes the following option arguments:
adb
@@ -3654,14 +3660,6 @@
is disabled.
- immediate_breakpoints
-
- Forces mdb to not turn breakpoints into symbol+offset but
- always install them at the address specified. Using this option
- will result in incorrect breakpoints if the mapping address of
- any object changes between runs.
-
-
array_mem_limit=limit
Sets the default limit on the number of array members that
@@ -3689,7 +3687,7 @@
the exec() or spawn() system call has returned and then
prompts the user to decide whether to follow the new pro-
gram or stop. If stdout is not a terminal device, the ask
- mode defaults to stop.
+ mode defaults to stop. ask is the default.
follow
@@ -3721,7 +3719,7 @@
the fork() or spawn() system call has returned and then
prompts the user to decide whether to follow the parent or
child. If stdout is not a terminal device, the ask mode
- defaults to parent.
+ defaults to parent. ask is the default.
parent
@@ -3737,6 +3735,14 @@
+ immediate_breakpoints
+
+ Forces mdb to not turn breakpoints into symbol+offset but
+ always install them at the address specified. Using this option
+ will result in incorrect breakpoints if the mapping address of
+ any object changes between runs.
+
+
ignoreeof
The debugger does not exit when an EOF sequence (^D) is entered
@@ -3763,6 +3769,33 @@
The debugger will not enforce the usage restrictions of DCMDs.
+ other_fork_branch_mode=mode
+
+ When the target makes a fork(), vfork(), fork1() or spawn()
+ system call, control how to detach from the process that is not
+ followed. The mode should be one of the following constants:
+
+ ask If stdout is a terminal device, the debugger
+ stops after the fork(), fork1(), vfork() or
+ spawn() system calls have returned and then
+ prompts the user to decide whether to leave
+ the other process stopped. If stdout is not a
+ terminal device, the ask mode defaults to
+ release. ask is the default.
+
+
+ leave_stopped The debugger will leave the other process
+ stopped. If the system call is vfork() the
+ other process is not left stopped until after
+ the child has completed the exec() system call
+ or exited.
+
+
+ release The debugger releases the other process so
+ that it can continue.
+
+
+
pager
Enables the output pager (default).
@@ -4216,4 +4249,4 @@
-Oracle Solaris 11.4 13 July 2021 mdb(1)
+Oracle Solaris 11.4 11 November 2021 mdb(1)
diff -NurbBw 11.4.39/xman1/mkmsgs.1 11.4.42/xman1/mkmsgs.1
--- 11.4.39/xman1/mkmsgs.1 2022-02-15 11:15:46.078873884 +0000
+++ 11.4.42/xman1/mkmsgs.1 2022-02-15 11:16:11.276977119 +0000
@@ -10,13 +10,13 @@
DESCRIPTION
The mkmsgs utility is used to create a file of text strings that can be
- accessed using the text retrieval tools (see gettxt(1), exstr(1), and
- gettxt(3C)). It will take as input a file of text strings for a partic-
- ular geographic locale (see setlocale(3C)) and create a file of text
+ accessed using the text retrieval tools gettxt(1), exstr(1), and
+ gettxt(3C). It will take as input a file of text strings for a particu-
+ lar geographic locale (see setlocale(3C)) and create a file of text
strings in a format that can be retrieved by both gettxt(1) and get-
txt(3C). By using the -i option, you can install the created file under
- the /usr/lib/locale/locale/LC_MESSAGES directory (locale corresponds to
- the language in which the text strings are written).
+ the /usr/lib/locale/locale/LC_MESSAGES directory, where locale corre-
+ sponds to the language in which the text strings are written.
inputstrings is the name of the file that contains the original text
@@ -47,9 +47,10 @@
-i locale Install msgfile in the /usr/lib/locale/locale/LC_MESSAGES
- directory. Only someone who is super user can create or
- overwrite files in this directory. Directories under
- /usr/lib/locale will be created if they do not exist.
+ directory. Only someone with appropriate privileges can
+ create or overwrite files in this directory. Directories
+ under /usr/lib/locale will be created if they do not
+ exist.
EXAMPLES
@@ -106,7 +107,7 @@
FILES
/usr/lib/locale/locale/LC_MESSAGES/*
- message files created by mkmsgs
+ message files created by mkmsgs for the locale locale
ATTRIBUTES
@@ -124,4 +125,4 @@
-Oracle Solaris 11.4 14 Aug 2020 mkmsgs(1)
+Oracle Solaris 11.4 3 Nov 2021 mkmsgs(1)
diff -NurbBw 11.4.39/xman1/mt.1 11.4.42/xman1/mt.1
--- 11.4.39/xman1/mt.1 2022-02-15 11:15:46.090924022 +0000
+++ 11.4.42/xman1/mt.1 2022-02-15 11:16:11.292707726 +0000
@@ -134,7 +134,7 @@
pletes, the drive is not reserved for the
current initiator, but is available for use.
This command can be only be executed by
- those with super-user privileges.
+ those with the {PRIV_SYS_DEVICES} privilege.
offline Rewinds the tape and, if appropriate, takes
@@ -200,7 +200,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- tar(1), tcopy(1), ar.h(3HEAD), st(4D), mtio(4I), attributes(7)
+ tar(1), tcopy(1), ar.h(3HEAD), st(4D), mtio(4I), attributes(7), privi-
+ leges(7)
BUGS
Not all devices support all options. Some options are hardware-depen-
@@ -212,4 +213,4 @@
-Oracle Solaris 11.4 27 Nov 2017 mt(1)
+Oracle Solaris 11.4 3 Nov 2021 mt(1)
diff -NurbBw 11.4.39/xman1/mv.1 11.4.42/xman1/mv.1
--- 11.4.39/xman1/mv.1 2022-02-15 11:15:46.109911197 +0000
+++ 11.4.42/xman1/mv.1 2022-02-15 11:16:11.297459298 +0000
@@ -79,7 +79,8 @@
In order to preserve the source file characteristics, users must have
- the appropriate file access permissions. This includes being super-user
+ the appropriate file access permissions. This includes having the
+ {PRIV_FILE_CHOWN}, {PRIV_FILE_OWNER}, and {PRIV_FILE_SETID} privileges;
or having the same owner id as the destination file.
OPTIONS
@@ -107,7 +108,7 @@
/usr/bin/mv
Specifying both the -f and the -i options is not considered an error.
- The -f option overrides the -i, -n and -u options. The -i option over-
+ The -f option overrides the -i, -n, and -u options. The -i option over-
rides the -n and -u options. The -n option overrides the -u option.
/usr/xpg4/bin/mv
@@ -178,7 +179,7 @@
SEE ALSO
cp(1), cpio(1), ln(1), rm(1), chmod(2), attributes(7), environ(7),
- fsattr(7), standards(7)
+ fsattr(7), privileges(7), standards(7)
NOTES
A -- permits the user to mark explicitly the end of any command line
@@ -186,6 +187,17 @@
-. As an aid to BSD migration, mv accepts - as a synonym for --. This
migration aid might disappear in a future release.
+HISTORY
+ Support for the -n and -u options was added to the mv command in Oracle
+ Solaris 11.4.30.
-Oracle Solaris 11.4 27 Oct 2020 mv(1)
+ The /usr/xpg4/bin/mv command was added in the Solaris 2.5 release.
+
+
+ The mv command, with support for the -f and -i options, has been
+ present in all Sun and Oracle releases of Solaris.
+
+
+
+Oracle Solaris 11.4 3 Nov 2021 mv(1)
diff -NurbBw 11.4.39/xman1/newtask.1 11.4.42/xman1/newtask.1
--- 11.4.39/xman1/newtask.1 2022-02-15 11:15:46.117509816 +0000
+++ 11.4.42/xman1/newtask.1 2022-02-15 11:16:11.301133344 +0000
@@ -32,11 +32,11 @@
-c pid Cause a running process to enter a newly created task. A
project for the new task can also be specified using the -p
option. The invoking user must either own the process or
- have super-user privileges.
+ have the required privileges listed in setproject(3PROJECT).
If the project is being changed, the process owner must be a
member of the specified project, or the invoking user must
- have super-user privileges.
+ have the required privileges listed in setproject(3PROJECT).
When the project is changed for a running process, the
project attributes are applied, potentially updating
@@ -78,12 +78,12 @@
-p Changes the project ID of the new task to that associated
with the given project name. The invoking user must be a
- valid member of the requested project, or must have super-
- user privileges, for the command to succeed. If no project
- name is specified, the new task is started in the project
- user's current project. If -c option is used without -p,
- then the target process starts a new task in its current
- project.
+ valid member of the requested project, or must have the
+ required privileges listed in setproject(3PROJECT), for the
+ command to succeed. If no project name is specified, the new
+ task is started in the project user's current project. If -c
+ option is used without -p, then the target process starts a
+ new task in its current project.
-n Requires -p and -c options. This option avoids creating a
@@ -182,9 +182,9 @@
SEE ALSO
proc(1), execvp(2), setrctl(2), settaskid(2), setproject(3PROJECT),
- nsswitch.conf(5), proc(5), project(5), attributes(7), id(8), pool-
- bind(8)
+ nsswitch.conf(5), proc(5), project(5), attributes(7), privileges(7),
+ id(8), poolbind(8)
-Oracle Solaris 11.4 11 May 2021 newtask(1)
+Oracle Solaris 11.4 3 Nov 2021 newtask(1)
diff -NurbBw 11.4.39/xman1/nice.1 11.4.42/xman1/nice.1
--- 11.4.39/xman1/nice.1 2022-02-15 11:15:46.125258834 +0000
+++ 11.4.42/xman1/nice.1 2022-02-15 11:16:11.312770909 +0000
@@ -29,9 +29,9 @@
ing class that supports nice.
- If the C shell (see csh(1)) is used, the full path of the command must
- be specified. Otherwise, the csh built-in version of nice will be
- invoked. See csh Builtin below.
+ If the C shell (see csh(1)) is used, the csh built-in version of nice
+ will be invoked unless the full path of the nice utility is specified.
+ See csh Builtin below.
/usr/bin/nice
If nice executes commands with arguments, it uses the default shell
@@ -61,9 +61,10 @@
option-argument. See nice(2). nice() errors, other than EINVAL, are
ignored. If not specified, an increment of 10 is assumed.
- The super-user may run commands with priority higher than normal by
- using a negative increment such as -10. A negative increment
- assigned by an unprivileged user is ignored.
+ Running commands with priority higher than normal by using a nega-
+ tive increment such as -10 requires the {PRIV_PROC_PRIOCNTL} privi-
+ lege. A negative increment assigned by an unprivileged user is
+ ignored.
@@ -130,9 +131,22 @@
+-----------------------------+-----------------------------+
SEE ALSO
- csh(1), ksh88(1), nohup(1), priocntl(1), sh(1), shell_builtins(1),
- nice(2), attributes(7), environ(7), standards(7)
+ csh(1), ksh88(1), nohup(1), priocntl(1), renice(1), sh(1),
+ shell_builtins(1), nice(2), attributes(7), environ(7), privileges(7),
+ standards(7)
+HISTORY
+ Support for the --adjustment and --help options, as well as for running
+ nice with no options to print the current level, were added to the
+ Solaris nice command in Oracle Solaris 11.4.0.
-Oracle Solaris 11.4 18 Nov 2014 nice(1)
+ The -n option and /usr/xpg4/bin/nice command were added to Solaris in
+ Solaris 2.5.
+
+
+ The nice command has been included in all versions of SunOS & Solaris.
+
+
+
+Oracle Solaris 11.4 3 Nov 2021 nice(1)
diff -NurbBw 11.4.39/xman1/pargs.1 11.4.42/xman1/pargs.1
--- 11.4.39/xman1/pargs.1 2022-02-15 11:15:46.128452214 +0000
+++ 11.4.42/xman1/pargs.1 2022-02-15 11:16:11.316640932 +0000
@@ -30,23 +30,33 @@
OPTIONS
The following options are supported:
- -a Prints process arguments as contained in argv[] (default).
+ -a
+ Prints process arguments as contained in argv[] (default).
- -c Treats strings in the target process as though they were encoded
- in 7-bit ASCII, regardless of the locale of the target. The use
- of iconv(3C) is suppressed.
+ -c
- -e Prints process environment variables and values as pointed at by
+ Treats strings in the target process as though they were encoded in
+ 7-bit ASCII, regardless of the locale of the target. The use of
+ iconv(3C) is suppressed.
+
+
+ -e
+
+ Prints process environment variables and values as pointed at by
the _environ symbol or by pr_envp in /proc/pid/psinfo.
- -F Force. Grabs the target process even if another process has con-
+ -F
+
+ Force. Grabs the target process even if another process has con-
trol.
- -l Displays the arguments as a single command line. The command line
+ -l
+
+ Displays the arguments as a single command line. The command line
is printed in a manner suitable for interpretation by /bin/sh. If
the arguments contain unprintable characters, or if the target
process is in a different locale, a warning message is displayed.
@@ -54,19 +64,32 @@
/bin/sh.
- -x Prints process auxiliary vector.
+ -x
+
+ Prints process auxiliary vector.
- -C Current. When applied to the -a or -e flags, get the current val-
- ues corresponding to those flags. Fallbacks to lite mode and
- prints a message to stderr if unable to access current data.
+ -C
+ Current. When applied to the -a or -e flags, get the current values
+ corresponding to those flags. Fallbacks to lite mode and prints a
+ message to stderr if unable to access current data.
- -L Lite. When applied to the -a or -e flags, gets the values corre-
+
+ -L
+
+ Lite. When applied to the -a or -e flags, gets the values corre-
sponding to those flags at the point the process executed
(default).
+ -?
+ --help
+
+ Print usage message and immediately exit.
+
+
+
The -C or -L flag can only be used once on the command line.
@@ -119,4 +142,4 @@
-Oracle Solaris 11.4 20 Jun 2016 pargs(1)
+Oracle Solaris 11.4 18 September 2021 pargs(1)
diff -NurbBw 11.4.39/xman1/passwd.1 11.4.42/xman1/passwd.1
--- 11.4.39/xman1/passwd.1 2022-02-15 11:15:46.147325839 +0000
+++ 11.4.42/xman1/passwd.1 2022-02-15 11:16:11.323131870 +0000
@@ -172,23 +172,21 @@
-e
- Changes the login shell. For the files repository, this only works
- for the superuser. Normal users can change the ldap or nis reposi-
- tories. The choice of shell is limited by the requirements of
- getusershell(3C). If the user currently has a shell that is not
- allowed by getusershell, only root can change it.
+ Changes the login shell. The choice of shell is limited by the
+ requirements of getusershell(3C). If the user currently has a shell
+ that is not allowed by getusershell(), usermod -s must be used to
+ change it.
-g
- Changes the gecos (finger) information. For the files repository,
- this only works for the superuser. Normal users can change the ldap
- or nis repositories.
+ Changes the gecos (finger) information.
-h
- Changes the home directory.
+ This option formerly changed the home directory, but now just
+ prints a message to use usermod -d instead.
-r
@@ -820,6 +818,9 @@
argument for the -r option, was removed in Solaris 11.0.0.
+ Support for the -h option was removed in Solaris 11.0.0.
+
+
The -N and -u options; and the properties DICTIONDBDIR, DICTIONLIST,
HISTORY, MAXREPEATS, MINALPHA, MINDIFF, MINDIGIT, MINLOWER, MINNONAL-
PHA, MINSPECIAL, MINUPPER, NAMECHECK, and WHITESPACE; were added to
@@ -853,4 +854,4 @@
-Oracle Solaris 11.4 2 Sep 2021 passwd(1)
+Oracle Solaris 11.4 3 Nov 2021 passwd(1)
diff -NurbBw 11.4.39/xman1/pax.1 11.4.42/xman1/pax.1
--- 11.4.39/xman1/pax.1 2022-02-15 11:15:46.184233722 +0000
+++ 11.4.42/xman1/pax.1 2022-02-15 11:16:11.348103445 +0000
@@ -1035,11 +1035,10 @@
-p e
- Preserve everything. This would be used by the historical supe-
- ruser, someone with all the appropriate privileges, to preserve all
- aspects of the files as they are recorded in the archive. The e
- flag is the sum of o and p, and other implementation-dependent
- attributes.
+ Preserve everything. This would be used by someone with all the
+ appropriate privileges, to preserve all aspects of the files as
+ they are recorded in the archive. The e flag is the sum of o and p,
+ and other implementation-dependent attributes.
-p p
@@ -1081,7 +1080,7 @@
is associated with a file in the archive, those holes are re-created
whenever that file is extracted from the archive. See the SEEK_DATA and
SEEK_HOLE whence values in lseek(2). In all other cases, any NUL (\0)
- characters found in the archive is written to the file when it is
+ characters found in the archive are written to the file when it is
extracted.
Standard Input
@@ -1736,7 +1735,7 @@
mode field:
- Bit Value IEE Std 1003.1-2001 Bit Description
+ Bit Value IEEE Std 1003.1-2001 Bit Description
04000 S_ISUID Set UID on execution
02000 S_ISGID Set GID on execution
01000 reserved Reserved for future standardization
@@ -1896,7 +1895,7 @@
data and hole pairs for a sparse file.
In write or copy modes and when the xustar or pax format (see -x
- format) is specified, pax includes a SUN.holesdate extended header
+ format) is specified, pax includes a SUN.holesdata extended header
record if the underlying file system supports the detection of
files with holes (see fpathconf(2)) and reports that there is at
least one hole in the file being archived. value consists of two or
@@ -2182,4 +2181,4 @@
-Oracle Solaris 11.4 11 May 2021 pax(1)
+Oracle Solaris 11.4 3 Nov 2021 pax(1)
diff -NurbBw 11.4.39/xman1/plgrp.1 11.4.42/xman1/plgrp.1
--- 11.4.39/xman1/plgrp.1 2022-02-15 11:15:46.189216305 +0000
+++ 11.4.42/xman1/plgrp.1 2022-02-15 11:16:11.352483502 +0000
@@ -124,6 +124,12 @@
to set several affinities at once.
+ -e
+
+ Create a new process, apply plgrp to that process, and execute the
+ specified command and arguments.
+
+
-F
Force by grabbing the target process even if another process has
@@ -135,12 +141,6 @@
INGS for more details.
- -e
-
- Create a new process, apply plgrp to that process, and execute the
- specified command and arguments.
-
-
-h
Get home lgroup of specified processes and/or threads. If no
@@ -168,6 +168,13 @@
threads.
+ -?
+ --help
+
+ Print usage message and immediately exit.
+
+
+
OPERANDS
The following operands are supported:
@@ -319,4 +326,4 @@
-Oracle Solaris 11.4 27 Nov 2017 plgrp(1)
+Oracle Solaris 11.4 18 September 2021 plgrp(1)
diff -NurbBw 11.4.39/xman1/plimit.1 11.4.42/xman1/plimit.1
--- 11.4.39/xman1/plimit.1 2022-02-15 11:15:46.206033551 +0000
+++ 11.4.42/xman1/plimit.1 2022-02-15 11:16:11.355975723 +0000
@@ -6,10 +6,10 @@
plimit - get or set the resource limits of running processes
SYNOPSIS
- plimit [-km] pid...
+ plimit [-hkm] [--scale[=item1,,item2,...]] pid...
- plimit {-cdfnstv} soft,hard... pid...
+ plimit {-cdfnstv [soft][,hard]}... pid...
DESCRIPTION
If one or more of the cdfnstv options is specified, plimit sets the
@@ -19,21 +19,95 @@
fied by the process-ID list, pid.
- Only the owner of a process or the super-user is permitted either to
- get or to set the resource limits of a process. Only the super-user can
- increase the hard limit.
+ The owner of a process is permitted to either get or set the resource
+ limits of a process, unless the process has the {PRIV_PROC_SENSITIVE}
+ flag set (see the getpflags(2) man page). The {PRIV_PROC_OWNER} privi-
+ lege is required to get or set the resource limits of a process which
+ is either owned by another uid or has the {PRIV_PROC_SENSITIVE} flag
+ set. The {PRIV_SYS_RESOURCE} privilege is required to increase a hard
+ limit.
OPTIONS
The following options are supported:
- -k On output, show file sizes in kilobytes (1024 bytes) rather than
- in 512-byte blocks.
+ -h
+ On output, file and memory sizes are scaled to a human readable
+ format. The -h option is equivalent to using the --scale=max,1024
+ option.
- -m On output, show file and memory sizes in megabytes (1024*1024
+
+ -k
+
+ On output, show file sizes in kilobytes (1024 bytes) rather than in
+ 512-byte blocks.
+
+
+ -m
+
+ On output, show file and memory sizes in megabytes (1024*1024
bytes).
+ --scale[=item1,item2,...]
+
+ On output, file and memory sizes are scaled to a human readable
+ format, for example, 14K, 234M, 2.7G, or 3.0T. Scaling is done by
+ repetitively dividing by 1024, unless otherwise specified.
+
+ --scale specified without arguments enables default scaled output,
+ and is equivalent to --scale=max,1024.
+
+ --scale can be specified with the following arguments.
+
+ binary
+
+ Scaling is done by repetitively dividing by a scale factor of
+ 1024. The use of binary scaling is indicated by the addition of
+ an 'i' modifier to the suffix (Ki, Mi, Gi, ...).
+
+
+ max
+
+ Values are scaled to the largest unit for which the result
+ retains a non-zero integer part. Up to 2 decimal places of
+ fractional output may be shown.
+
+
+ min
+
+ Values are scaled to the smallest unit capable of showing the
+ full value within the allotted space of 5 columns, and dis-
+ played without the use of fractional output.
+
+
+ minwide
+
+ Values are scaled to the smallest unit capable of showing the
+ full value within the allotted space of 8 columns, and dis-
+ played without the use of fractional output.
+
+
+ 1000
+
+ Scaling is done by repetitively dividing by a scale factor of
+ 1000.
+
+
+ 1024
+
+ Scaling is done by repetitively dividing by a scale factor of
+ 1024.
+
+
+
+ -?
+ --help
+
+ Print usage message and immediately exit.
+
+
+
The remainder of the options are used to change specified resource lim-
its. They each accept an argument of the form:
@@ -45,19 +119,22 @@
where soft specifies the soft (current) limit and hard specifies the
hard (maximum) limit. If the hard limit is not specified, the comma may
be omitted. If the soft limit is an empty string, only the hard limit
- is set. Each limit is either the literal string unlimited, or a number,
- with an optional scaling factor, as follows:
-
- nk n kilobytes
-
+ is set. Each limit can have one of the following forms:
- nm n megabytes (minutes for CPU time)
+ unlimited The literal string unlimited indicates that no limit
+ applies to the given resource.
- nh n hours (for CPU time only)
+ n[.n][scale] A plain number, with an optional fraction and scale
+ factor. When specifying CPU time, the h or m scale fac-
+ tors can be applied, indicating hours or minutes
+ respectively. When specifying file or memory sizes, the
+ k, m, g, t, p, and e scale factors can be specified,
+ denoting kilobytes, megabytes, gigabytes, terabytes,
+ petabytes, or exabytes, respectively.
- mm:ss minutes and seconds (for CPU time only)
+ mm:ss Minutes and seconds (for CPU time only).
@@ -91,7 +168,36 @@
OPERANDS
The following operands are supported.
- pid Process ID list.
+ pid Process ID list. May be specified as a numeric id or /proc/pid.
+
+
+EXAMPLES
+ Example 1 Setting a limit for a single process
+
+
+
+ The following example sets the file descriptor soft limit to 1024 and
+ does not change the hard limit, for process id 5114:
+
+
+ $ plimit -n 1024 5114
+
+
+
+
+ Note that some programs do not check if the number of file descriptors
+ they can use has changed while running and may continue to use to the
+ number they had at startup.
+
+ Example 2 Setting a limit for all running processes
+
+
+
+ The following example sets the maximum core dump size (both soft and
+ hard limits) to zero bytes for all processes running on the system:
+
+
+ # plimit -c 0,0 /proc/*
EXIT STATUS
@@ -113,8 +219,15 @@
+-----------------------------+-----------------------------+
SEE ALSO
- proc(1), ulimit(1), getrlimit(2), setrlimit(2), proc(5), attributes(7),
+ proc(1), ulimit(1), getpflags(2), getrlimit(2), setrlimit(2), proc(5),
+ attributes(7), privileges(7)
+
+HISTORY
+ The -h and --scale options were added in Oracle Solaris 11.4.42.
+
+
+ The plimit command was added in Solaris 7.
-Oracle Solaris 11.4 7 Jun 2011 plimit(1)
+Oracle Solaris 11.4 3 Nov 2021 plimit(1)
diff -NurbBw 11.4.39/xman1/pmadvise.1 11.4.42/xman1/pmadvise.1
--- 11.4.39/xman1/pmadvise.1 2022-02-15 11:15:46.231451899 +0000
+++ 11.4.42/xman1/pmadvise.1 2022-02-15 11:16:11.359632191 +0000
@@ -6,7 +6,8 @@
pmadvise - applies advice about memory to a process
SYNOPSIS
- pmadvise -o option[,option] [-F] [-l] [-v] pid...
+ pmadvise [-Flv] [-o option[,option]
+ [--scale[=item1,item2,...]] pid...
DESCRIPTION
pmadvise applies advice about how memory is used in the specified
@@ -21,17 +22,29 @@
OPTIONS
The following options are supported:
- -F Force by grabbing the target process even if another process has
+ -F
+
+ Force by grabbing the target process even if another process has
control.
- You should exercise caution when using the -F option. See
- proc(1).
+ You should exercise caution when using the -F option. See proc(1).
+
+
+ -h
+
+ On verbose output, memory sizes are scaled to a human readable for-
+ mat. The -h option is equivalent to using the --scale=max,1024
+ option.
+
+ -l
- -l Show unresolved dynamic linker map names.
+ Show unresolved dynamic linker map names.
- -o Specify advice to apply in the following form:
+ -o
+
+ Specify advice to apply in the following form:
@@ -61,21 +74,82 @@
An address and length can be given to specify a subrange to apply
- the advice. The address should be hexadecimal and the length
- should be in bytes by default.
+ the advice. The address should be hexadecimal and the length should
+ be in bytes by default.
If length is not specified and the starting address refers to the
start of a segment, the advice is applied to that segment. length
- can be qualified by K, M, G, T, P, or E to specify kilobytes,
- megabytes, gigabytes, terabytes, or exabytes respectively as the
- unit of measure.
+ can have a fractional part, and can be qualified with a K, M, G, T,
+ P, or E scale factor, denoting kilobytes, megabytes, gigabytes,
+ terabytes, petabytes, or exabytes respectively.
+
+
+ -v
+
+ Print verbose output. Display output as pmap(1) does, showing what
+ advice is being applied where. This can be useful when the advice
+ is being applied to a named region (for example, private, shared,
+ and so forth) to get feedback on exactly where the advice is being
+ applied.
+
+
+ --scale[=item1,item2,...]
+
+ On verbose output, memory sizes are scaled to a human readable for-
+ mat, for example, 14K, 234M, 2.7G, or 3.0T. Scaling is done by
+ repetitively dividing by 1024, unless otherwise specified.
+
+ --scale specified without arguments enables default scaled output,
+ and is equivalent to --scale=max,1024.
+
+ --scale can be specified with the following arguments.
+
+ binary
+
+ Scaling is done by repetitively dividing by a scale factor of
+ 1024. The use of binary scaling is indicated by the addition of
+ an 'i' modifier to the suffix (Ki, Mi, Gi, ...).
+
+
+ max
+
+ Values are scaled to the largest unit for which the result
+ retains a non-zero integer part. Up to 2 decimal places of
+ fractional output may be shown.
+
+
+ min
+
+ Values are scaled to the smallest unit capable of showing the
+ full value within the allotted space of 5 columns, and dis-
+ played without the use of fractional output.
+
+
+ minwide
+
+ Values are scaled to the smallest unit capable of showing the
+ full value within the allotted space of 8 columns, and dis-
+ played without the use of fractional output.
+
+
+ 1000
+
+ Scaling is done by repetitively dividing by a scale factor of
+ 1000.
+
+
+ 1024
+
+ Scaling is done by repetitively dividing by a scale factor of
+ 1024.
+
+
+
+ -?
+ --help
+ Print usage message and immediately exit.
- -v Print verbose output. Display output as pmap(1) does, showing
- what advice is being applied where. This can be useful when the
- advice is being applied to a named region (for example, private,
- shared, and so forth) to get feedback on exactly where the advice
- is being applied.
@@ -196,4 +270,4 @@
-Oracle Solaris 11.4 27 February 2017 pmadvise(1)
+Oracle Solaris 11.4 29 October 2021 pmadvise(1)
diff -NurbBw 11.4.39/xman1/pmap.1 11.4.42/xman1/pmap.1
--- 11.4.39/xman1/pmap.1 2022-02-15 11:15:46.240242848 +0000
+++ 11.4.42/xman1/pmap.1 2022-02-15 11:16:11.369133265 +0000
@@ -6,16 +6,20 @@
pmap - displays information about the address space of a process
SYNOPSIS
- /usr/bin/pmap [-brslF] [-A address_range] [pid | core]...
+ /usr/bin/pmap [-bhrslF] [-A address_range]
+ [--scale[=item1,item2,...]] [pid | core]...
- /usr/bin/pmap -L [-brslF] [-A address_range] [pid] ...
+ /usr/bin/pmap -L [-bhrslF] [-A address_range]
+ [--scale[=item1,item2,...]] [pid] ...
- /usr/bin/pmap -x [-aslF] [-A address_range] [pid]...
+ /usr/bin/pmap -x [-ahslF] [-A address_range]
+ [--scale[=item1,item2,...]] [pid]...
- /usr/bin/pmap -S [-alF] [-A address_range] [pid | core]...
+ /usr/bin/pmap -S [-ahlF] [-A address_range]
+ [--scale[=item1,item2,...]] [pid | core]...
DESCRIPTION
The pmap utility prints information about the address space of a
@@ -82,6 +86,12 @@
For more information, see the Usage section.
+ -h
+
+ On output, memory sizes are scaled to a human readable format. The
+ -h option is equivalent to using the --scale=max,1024 option.
+
+
-l
Shows unresolved dynamic linker map names.
@@ -114,6 +124,65 @@
see the Usage section.
+ --scale[=item1,item2,...]
+
+ On output, memory sizes are scaled to a human readable format, for
+ example, 14K, 234M, 2.7G, or 3.0T. Scaling is done by repetitively
+ dividing by 1024, unless otherwise specified.
+
+ --scale specified without arguments enables default scaled output,
+ and is equivalent to --scale=max,1024.
+
+ --scale can be specified with the following arguments.
+
+ binary
+
+ Scaling is done by repetitively dividing by a scale factor of
+ 1024. The use of binary scaling is indicated by the addition of
+ an 'i' modifier to the suffix (Ki, Mi, Gi, ...).
+
+
+ max
+
+ Values are scaled to the largest unit for which the result
+ retains a non-zero integer part. Up to 2 decimal places of
+ fractional output may be shown.
+
+
+ min
+
+ Values are scaled to the smallest unit capable of showing the
+ full value within the allotted space of 5 columns, and dis-
+ played without the use of fractional output.
+
+
+ minwide
+
+ Values are scaled to the smallest unit capable of showing the
+ full value within the allotted space of 8 columns, and dis-
+ played without the use of fractional output.
+
+
+ 1000
+
+ Scaling is done by repetitively dividing by a scale factor of
+ 1000.
+
+
+ 1024
+
+ Scaling is done by repetitively dividing by a scale factor of
+ 1024.
+
+
+
+ -?
+ --help
+
+ Print usage message and immediately exit.
+
+
+
USAGE
The pmap utility prints information about the address space of a
process.
@@ -149,9 +218,9 @@
memory is located, and whether there should be memory locality for
the thread. The lgrpinfo(1) command can also be useful with this
pmap option. It displays the lgroup hierarchy, contents, and char-
- acteristics which gives more information about the lgroupss that
- the memory is distributed across and their relationship to each
- other and any other lgroupss of interest.
+ acteristics which gives more information about the lgroups that the
+ memory is distributed across and their relationship to each other
+ and any other lgroups of interest.
In addition, the thread and memory placement can be changed by
using plgrp(1), pmadvise(1), or madv.so.1(1).
@@ -203,14 +272,14 @@
Virtual Mapping Size (Kbytes)
- The virtual size in kilobytes of each mapping.
+ The virtual size in kilobytes of each mapping. See --scale.
Resident Physical Memory (RSS)
The amount of physical memory in kilobytes that is resident for
each mapping, including that which is shared with other address
- spaces.
+ spaces. See --scale.
Anonymous Memory (Anon)
@@ -398,8 +467,8 @@
Page Size (Pgsz)
The page size in kilobytes that is used for hardware address trans-
- lation for this mapping. For more information, see the memcntl(2)
- man page.
+ lation for this mapping. See --scale. For more information, see the
+ memcntl(2) man page.
Swap Space (Swap)
@@ -407,7 +476,8 @@
The amount of swap space in kilobytes that is reserved for this
mapping. That is, swap space that is deducted from the total avail-
able pool of reservable swap space that is displayed with the com-
- mand swap -s. For more information, see the swap(8) man page.
+ mand swap -s. See --scale. For more information, see the swap(8)
+ man page.
EXAMPLES
@@ -881,4 +951,4 @@
-Oracle Solaris 11.4 1 Sep 2020 pmap(1)
+Oracle Solaris 11.4 18 Sep 2021 pmap(1)
diff -NurbBw 11.4.39/xman1/ppgsz.1 11.4.42/xman1/ppgsz.1
--- 11.4.39/xman1/ppgsz.1 2022-02-15 11:15:46.244811669 +0000
+++ 11.4.42/xman1/ppgsz.1 2022-02-15 11:16:11.373375927 +0000
@@ -80,7 +80,8 @@
Sets the preferred page size option(s) for the target process(es)
in the process-id (pid) list following the -p option. The pid list
can also consist of names in the /proc directory. Only the process
- owner or the super-user is permitted to set page size.
+ owner or a process with both {PRIV_PROC_OWNER} and at least as many
+ privileges as the target process is permitted to set page size.
cmd is interpreted if -p is not specified. ppgsz launches cmd and
applies page size option(s) to the new process.
@@ -95,6 +96,13 @@
launched or target process(es).
+ -?
+ --help
+
+ Print usage message and immediately exit.
+
+
+
EXAMPLES
Example 1 Setting the preferred heap and stack page size
@@ -162,7 +170,7 @@
SEE ALSO
ld(1), mpss.so.1(1), pagesize(1), pgrep(1), pmap(1), proc(1), brk(2),
exec(2), fork(2), memcntl(2), mmap(2), sbrk(2), getpagesize(3C),
- proc(5), attributes(7)
+ proc(5), attributes(7), privileges(7)
Oracle Solaris 11.4 Linkers and Libraries Guide
@@ -196,5 +204,9 @@
preferred stack and/or heap page sizes.
+ For a more complete description of the privilege requirements to con-
+ trol an existing process, see the Programming Notes section of proc(5).
+
+
-Oracle Solaris 11.4 02 Nov 2017 ppgsz(1)
+Oracle Solaris 11.4 3 Nov 2021 ppgsz(1)
diff -NurbBw 11.4.39/xman1/ppriv.1 11.4.42/xman1/ppriv.1
--- 11.4.39/xman1/ppriv.1 2022-02-15 11:15:46.249032888 +0000
+++ 11.4.42/xman1/ppriv.1 2022-02-15 11:16:11.377649820 +0000
@@ -182,6 +182,13 @@
Verbose. Reports privilege sets using privilege names.
+ -?
+ --help
+
+ Print usage message and immediately exit.
+
+
+
USAGE
The ppriv utility examines processes and core files and prints or
changes their privilege sets.
@@ -424,4 +431,4 @@
-Oracle Solaris 11.4 21 Jun 2021 ppriv(1)
+Oracle Solaris 11.4 18 September 2021 ppriv(1)
diff -NurbBw 11.4.39/xman1/preap.1 11.4.42/xman1/preap.1
--- 11.4.39/xman1/preap.1 2022-02-15 11:15:46.252228258 +0000
+++ 11.4.42/xman1/preap.1 2022-02-15 11:16:11.381653373 +0000
@@ -45,7 +45,12 @@
OPTIONS
The following option is supported:
- -F Forces the parent to reap the child, overriding safety checks.
+ -F Forces the parent to reap the child, overriding safety
+ checks.
+
+
+ -? Print usage message and immediately exit.
+ --help
OPERANDS
@@ -95,4 +100,4 @@
-Oracle Solaris 11.4 16 Sep 2014 preap(1)
+Oracle Solaris 11.4 18 September 2021 preap(1)
diff -NurbBw 11.4.39/xman1/priocntl.1 11.4.42/xman1/priocntl.1
--- 11.4.39/xman1/priocntl.1 2022-02-15 11:15:46.268600778 +0000
+++ 11.4.42/xman1/priocntl.1 2022-02-15 11:16:11.394305824 +0000
@@ -90,8 +90,8 @@
To change the scheduling parameters of a process or LWP using priocntl
the real or effective user ID (respectively, groupID) of the user
invoking priocntl must match the real or effective user ID (respec-
- tively, groupID) of the receiving process or LWP, or the effective user
- ID of the user must be super-user. These are the minimum permission
+ tively, groupID) of the receiving process or LWP, or the command must
+ be run with sufficient privileges. These are the minimum permission
requirements enforced for all classes. An individual class can impose
additional permissions requirements when setting processes to that
class or when setting class-specific scheduling parameters.
@@ -125,9 +125,9 @@
The init process (process ID 1) is a special case. In order for the
priocntl command to change the class or other scheduling parameters of
- the init process, idtype must be pid and idlist must be consist of only
- a 1. The init process can be assigned to any class configured on the
- system, but the time-sharing class is almost always the appropriate
+ the init process, idtype must be pid and idlist must consist of only a
+ 1. The init process can be assigned to any class configured on the sys-
+ tem, but the time-sharing class is almost always the appropriate
choice. Other choices can be highly undesirable.
@@ -460,12 +460,12 @@
In order to change the class of a process to real-time (from any other
- class), the user invoking priocntl must have super-user privilege. In
+ class), the user invoking priocntl must have sufficient privilege. In
order to change the rtpri value or time quantum of a real-time process,
- the user invoking priocntl must either be super-user, or must currently
- be in the real-time class (shell running as a real-time process) with a
- real or effective user ID matching the real or effective user ID of the
- target process.
+ the user invoking priocntl must either have sufficient privileges, or
+ must currently be in the real-time class (shell running as a real-time
+ process) with a real or effective user ID matching the real or effec-
+ tive user ID of the target process.
The real-time priority, time quantum, and time quantum signal are
@@ -524,8 +524,8 @@
Any time-sharing process can lower its own tsuprilim (or that of
another process with the same user ID). Only a time-sharing process
- with super-user privilege can raise a tsuprilim. When changing the
- class of a process to time-sharing from some other class, super-user
+ with sufficient privilege can raise a tsuprilim. When changing the
+ class of a process to time-sharing from some other class, sufficient
privilege is required in order to set the initial tsuprilim to a value
greater than zero.
@@ -637,9 +637,9 @@
Any fixed-priority process can lower its own fxuprilim (or that of
- another process with the same user ID). Only a process with super-user
+ another process with the same user ID). Only a process with sufficient
privilege can raise a fxuprilim. When changing the class of a process
- to fixed-priority from some other class, super-user privilege is
+ to fixed-priority from some other class, sufficient privilege is
required in order to set the initial fxuprilim to a value greater than
zero.
@@ -848,4 +841,4 @@
-Oracle Solaris 11.4 27 Nov 2017 priocntl(1)
+Oracle Solaris 11.4 3 Nov 2021 priocntl(1)
diff -NurbBw 11.4.39/xman1/proc.1 11.4.42/xman1/proc.1
--- 11.4.39/xman1/proc.1 2022-02-15 11:15:46.273144567 +0000
+++ 11.4.42/xman1/proc.1 2022-02-15 11:16:11.412904206 +0000
@@ -210,6 +210,13 @@
+ -?
+ --help
+
+ Print usage message and immediately exit.
+
+
+
In addition to the general options, pcred supports the following
options:
@@ -410,4 +417,4 @@
-Oracle Solaris 11.4 11 May 2021 proc(1)
+Oracle Solaris 11.4 18 Deptember 2021 proc(1)
diff -NurbBw 11.4.39/xman1/ps.1 11.4.42/xman1/ps.1
--- 11.4.39/xman1/ps.1 2022-02-15 11:15:46.281725673 +0000
+++ 11.4.42/xman1/ps.1 2022-02-15 11:16:11.442693101 +0000
@@ -14,10 +14,10 @@
[--group gidlist] [-G|--Group gidlist] [-z zonelist]
[--columns|--cols|--width columns] [--lines|--rows lines]
[--headers] [--no-headers|--no-heading] [--human-readable]
- [--scale[=item1,,item2,...]] [-?|--help]
+ [--scale[=item1,item2,...]] [-?|--help]
- ps [aceglnrSuUvwx] [-t term] [num]
+ ps [aceglnrSuUvwx] [-t term] [--scale[=item1,item2,...]] [num]
DESCRIPTION
The ps command prints information about active processes. Without
@@ -325,7 +325,7 @@
Scaling is done by repetitively dividing by a scale factor of
1024. The use of binary scaling is indicated by the addition of
- an 'i' modifer to the suffix (Ki, Mi, Gi, ...).
+ an 'i' modifier to the suffix (Ki, Mi, Gi, ...).
max
@@ -1496,4 +1496,4 @@
-Oracle Solaris 11.4 11 May 2021 ps(1)
+Oracle Solaris 11.4 21 September 2021 ps(1)
diff -NurbBw 11.4.39/xman1/ptree.1 11.4.42/xman1/ptree.1
--- 11.4.39/xman1/ptree.1 2022-02-15 11:15:46.292317323 +0000
+++ 11.4.42/xman1/ptree.1 2022-02-15 11:16:11.449187319 +0000
@@ -33,6 +33,10 @@
This option is only useful when executed in the global zone.
+ -? Print usage message and immediately exit.
+ --help
+
+
OPERANDS
The following operands are supported:
@@ -101,4 +105,4 @@
-Oracle Solaris 11.4 29 Mar 2011 ptree(1)
+Oracle Solaris 11.4 19 September 2021 ptree(1)
diff -NurbBw 11.4.39/xman1/renice.1 11.4.42/xman1/renice.1
--- 11.4.39/xman1/renice.1 2022-02-15 11:15:46.309153869 +0000
+++ 11.4.42/xman1/renice.1 2022-02-15 11:16:11.453408380 +0000
@@ -35,15 +35,16 @@
the first synopsis form).
Altering Process Priority
- Users other than the privileged user may only alter the priority of
- processes they own, and can only monotonically increase their "nice
- value" within the range 0 to 19. This prevents overriding administra-
- tive fiats. The privileged user may alter the priority of any process
- and set the priority to any value in the range -20 to 19. Useful prior-
- ities are: 19 (the affected processes will run only when nothing else
- in the system wants to); 0 (the "base" scheduling priority),; and any
- negative value (to make things go very fast). 20 is an acceptable nice
- value, but will be rounded down to 19.
+ Users without the {PRIV_PROC_PRIOCNTL} privilege may only alter the
+ priority of processes they own, and can only monotonically increase
+ their "nice value" within the range 0 to 19. This prevents overriding
+ administrative fiats. Users with the {PRIV_PROC_PRIOCNTL} privilege may
+ alter the priority of any process and set the priority to any value in
+ the range -20 to 19. Useful priorities are: 19 (the affected processes
+ will run only when nothing else in the system wants to); 0 (the "base"
+ scheduling priority),; and any negative value (to make things go very
+ fast). 20 is an accepted as a nice value, but will be rounded down to
+ 19.
OPTIONS
renice supports the following option features:
@@ -166,10 +167,6 @@
>0 An error occurred.
-FILES
- /etc/passwd map user names to user IDs
-
-
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
@@ -185,8 +182,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- nice(1), passwd(1), priocntl(1), attributes(7), environ(7), stan-
- dards(7)
+ nice(1), passwd(1), priocntl(1), attributes(7), environ(7), privi-
+ leges(7), standards(7)
NOTES
The renice syntax
@@ -220,4 +217,4 @@
-Oracle Solaris 11.4 9 Jan 2004 renice(1)
+Oracle Solaris 11.4 3 Nov 2021 renice(1)
diff -NurbBw 11.4.39/xman1/size.1 11.4.42/xman1/size.1
--- 11.4.39/xman1/size.1 2022-02-15 11:15:46.313106425 +0000
+++ 11.4.42/xman1/size.1 2022-02-15 11:16:11.457394354 +0000
@@ -6,7 +6,7 @@
size - print section sizes in bytes of object files
SYNOPSIS
- size [-fFhnoVx] [--scale[=item1,,item2,...]] file...
+ size [-fFhnoVx] [--scale[=item1,item2,...]] file...
DESCRIPTION
The size command produces segment or section size information in bytes
@@ -92,7 +92,7 @@
Scaling is done by repetitively dividing by a scale factor of
1024. The use of binary scaling is indicated by the addition of
- an 'i' modifer to the suffix (Ki, Mi, Gi, ...).
+ an 'i' modifier to the suffix (Ki, Mi, Gi, ...).
max
@@ -187,4 +187,4 @@
-Oracle Solaris 11.4 28 August 2020 size(1)
+Oracle Solaris 11.4 18 September 2021 size(1)
diff -NurbBw 11.4.39/xman1/split.1 11.4.42/xman1/split.1
--- 11.4.39/xman1/split.1 2022-02-15 11:15:46.316576399 +0000
+++ 11.4.42/xman1/split.1 2022-02-15 11:16:11.462754509 +0000
@@ -10,16 +10,14 @@
[file [name]]
- split [-b n | nk | nm] [-a suffixlength] [file [name]]
+ split [-b n] [-a suffixlength] [file [name]]
DESCRIPTION
The split utility reads file and writes it in linecount-line pieces
into a set of output-files. The name of the first output-file is name
with aa appended, and so on lexicographically, up to zz (a maximum of
- 676 files). The maximum length of name is 2 characters less than the
- maximum filename length allowed by the filesystem. See statvfs(2). If
- no output name is given, x is used as the default (output-files will be
- called xaa, xab, and so forth).
+ 676 files). If no output name is given, x is used as the default (out-
+ put-files will be called xaa, xab, and so forth).
OPTIONS
The following options are supported:
@@ -33,26 +31,24 @@
Uses suffixlength letters to form the suffix portion of the file-
names of the split file. If -a is not specified, the default suffix
- length is 2. If the sum of the name operand and the suffixlength
- option-argument would create a filename exceeding NAME_MAX bytes,
- an error will result; split will exit with a diagnostic message and
- no files will be created.
+ length is 2.
-b n
- Splits a file into pieces n bytes in size.
+ Splits a file into pieces n bytes in size. The value n is a plain
+ number, with an optional fraction and scale factor representing
+ multiples of 1024 bytes: k, m, g, t, p, or e, denoting kilobytes,
+ megabytes, gigabytes, terabytes, petabytes, or exabytes respec-
+ tively.
- -b nk
+ -?
+ --help
- Splits a file into pieces n*1024 bytes in size.
+ Print usage message and immediately exit.
- -b nm
-
- Splits a file into pieces n*1048576 bytes in size.
-
OPERANDS
The following operands are supported:
@@ -63,9 +59,7 @@
name The prefix to be used for each of the files resulting from the
split operation. If no name argument is given, x will be used
- as the prefix of the output files. The combined length of the
- basename of prefix and suffixlength cannot exceed NAME_MAX
- bytes. See OPTIONS.
+ as the prefix of the output files.
ENVIRONMENT VARIABLES
@@ -99,8 +93,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- csplit(1), statvfs(2), attributes(7), environ(7), standards(7)
+ csplit(1), attributes(7), environ(7), standards(7)
-Oracle Solaris 11.4 4 Feb 2015 split(1)
+Oracle Solaris 11.4 24 November 2021 split(1)
diff -NurbBw 11.4.39/xman1/svcs.1 11.4.42/xman1/svcs.1
--- 11.4.39/xman1/svcs.1 2022-02-15 11:15:46.322969565 +0000
+++ 11.4.42/xman1/svcs.1 2022-02-15 11:16:11.472149247 +0000
@@ -461,8 +461,8 @@
NRUN
The next time a periodic service instance is scheduled to run. Ser-
- vice instances that are not periodic, and thus have next scheduled
- run, will display a '-' character in this column.
+ vice instances that are not periodic do not have a next scheduled
+ run and will display a '-' character in this column.
See svc.periodicd(8) for an explanation of periodic services.
@@ -639,4 +639,4 @@
-Oracle Solaris 11.4 24 Jun 2020 svcs(1)
+Oracle Solaris 11.4 28 Oct 2021 svcs(1)
diff -NurbBw 11.4.39/xman1/tar.1 11.4.42/xman1/tar.1
--- 11.4.39/xman1/tar.1 2022-02-15 11:15:46.334777123 +0000
+++ 11.4.42/xman1/tar.1 2022-02-15 11:16:11.489541932 +0000
@@ -150,12 +150,16 @@
modification time, and mode are restored, if possible. Otherwise,
to restore owner, you must be the super-user. Character-special and
block-special devices (created by mknod(8)) can only be extracted
- by the super-user. If no file argument is specified, the entire
- content of the tarfile is extracted. If the tarfile contains sev-
- eral files with the same name, each file is written to the appro-
- priate directory, overwriting the previous one. Filename substitu-
- tion wildcards cannot be used for extracting files from the ar-
- chive. Rather, use a command of the form:
+ by the super-user. The Media Backup and Media Restore rights pro-
+ files allow running the tar command as the super-user. See the
+ prof_attr(5) and user_attr(5) man pages for more information.
+
+ If no file argument is specified, the entire content of the tarfile
+ is extracted. If the tarfile contains several files with the same
+ name, each file is written to the appropriate directory, overwrit-
+ ing the previous one. Filename substitution wildcards cannot be
+ used for extracting files from the archive. Rather, use a command
+ of the form:
tar xvf ... /dev/rmt/0 `tar tf ... /dev/rmt/0 | \
grep 'pattern' `
@@ -913,7 +917,7 @@
backspace.
- Since tar has no options, the standard --. argument that is normally
+ Since tar has no options, the standard -- argument that is normally
used in other utilities to terminate recognition of options is not
needed. If used, it is recognized only as the first argument and is
ignored.
@@ -950,4 +954,4 @@
-Oracle Solaris 11.4 15 Jun 2020 tar(1)
+Oracle Solaris 11.4 3 Nov 2021 tar(1)
diff -NurbBw 11.4.39/xman1/telnet.1 11.4.42/xman1/telnet.1
--- 11.4.39/xman1/telnet.1 2022-02-15 11:15:46.344151453 +0000
+++ 11.4.42/xman1/telnet.1 2022-02-15 11:16:11.504477212 +0000
@@ -760,9 +760,8 @@
this toggle is FALSE.
- debug Toggle socket level debugging (only available
- to the super-user). The initial value for this
- toggle is FALSE.
+ debug Toggle socket level debugging. The initial
+ value for this toggle is FALSE.
encdebug Turns on debugging information for the encryp-
@@ -926,4 +925,4 @@
-Oracle Solaris 11.4 20 Jun 2016 telnet(1)
+Oracle Solaris 11.4 3 Nov 2021 telnet(1)
diff -NurbBw 11.4.39/xman1/uname.1 11.4.42/xman1/uname.1
--- 11.4.39/xman1/uname.1 2022-02-15 11:15:46.349539769 +0000
+++ 11.4.42/xman1/uname.1 2022-02-15 11:16:11.513293734 +0000
@@ -8,9 +8,11 @@
SYNOPSIS
uname [-a | --all] [-i | --hardware-platform] [-m | --machine]
[-n | --nodename] [-o | --operating-system] [-p | --processor]
- [-r | --kernel-release] [-s | --kernel-name] [-v | --kernel-version]
- [-V | --virtual-environment]
- [--help] [-X]
+ [-r | --kernel-release] [-s | --kernel-name]
+ [-v | --kernel-version] [-V | --virtual-environment] [-X]
+
+
+ uname --help
uname [-S system_name]
@@ -92,8 +94,10 @@
The nodename may be changed by specifying a system name argument.
The system name argument is restricted to SYS_NMLN characters.
SYS_NMLN is an implementation specific value defined in
- <sys/utsname.h>. Only the super-user is allowed this capability.
- This change does not persist across reboots of the system.
+ <sys/utsname.h>. The {PRIV_SYS_ADMIN} privilege is required.
+
+ This change does not persist across reboots of the system. Use
+ hostname(1) to make persistent changes to the system name.
-v, --kernel-version
@@ -116,7 +120,7 @@
of CPUs.
- o BusType, Serial, and Users (set to unknown in Solaris)
+ o BusType, Serial, and Users (set to <unknown> in Solaris)
o OEM# and Origin# (set to 0 and 1, respectively)
@@ -133,6 +137,7 @@
example% uname -sr
+ SunOS 5.11
ENVIRONMENT VARIABLES
@@ -164,9 +169,9 @@
+-----------------------------+-----------------------------+
SEE ALSO
- arch(1), isainfo(1), isalist(1), sysinfo(2), uname(2), getopt_long(3C),
- nodename(5), attributes(7), environ(7), standards(7), prtconf(8), virt-
- info(8)
+ arch(1), hostname(1), isainfo(1), isalist(1), sysinfo(2), uname(2),
+ getopt_long(3C), nodename(5), attributes(7), environ(7), privileges(7),
+ standards(7), prtconf(8), virtinfo(8)
NOTES
To determine the operating system name and release level, use uname
@@ -194,6 +199,35 @@
machine's Instruction Set Architecture (ISA or processor type), use
uname with the -p option.
+HISTORY
+ Support for the -V and --virtual-environment options was added in the
+ Oracle Solaris 11.4.36 release.
+
+
+ Support for the -o option, and the long options --all, --hardware-plat-
+ form, --kernel-name, --kernel-release, --kernel-version, --machine,
+ --nodename, --processor, and --help was added to Oracle Solaris in the
+ Solaris 11.4.0 release.
+
+
+ Support for providing output in the historical formats used by System V
+ Release 3 systems by setting the SYSV3 environment variable was removed
+ in the Solaris 11.0.0 release.
+
+
+ Support for the -X option and the SYSV3 environment variable was added
+ in the Solaris 2.6 release.
+
+
+ Support for the -i option was added in the Solaris 2.5 release.
+
+
+ Support for the -p option was added in the Solaris 2.0 release.
+
+
+ The uname command, including support for the -a, -m, -n, -r, -s, and -v
+ options, has been included in all Sun and Oracle releases of Solaris.
+
-Oracle Solaris 11.4 18 May 2021 uname(1)
+Oracle Solaris 11.4 3 Nov 2021 uname(1)
diff -NurbBw 11.4.39/xman1/who.1 11.4.42/xman1/who.1
--- 11.4.39/xman1/who.1 2022-02-15 11:15:46.357441704 +0000
+++ 11.4.42/xman1/who.1 2022-02-15 11:16:11.522980606 +0000
@@ -335,10 +335,10 @@
attributes(7), environ(7), standards(7), init(8), su(8)
NOTES
- Superuser: After a shutdown to the single-user state, who returns a
- prompt. Since /var/adm/utmpx is updated at login time and there is no
- login in single-user state, who cannot report accurately on this state.
- The command, who am i, however, returns the correct information.
+ When the system is in the single-user state, who returns no output.
+ Since /var/adm/utmpx is updated at login time and there is no login in
+ single-user state, who cannot report accurately on this state. The com-
+ mand, who am i, however, returns the correct information.
The --lookup option is used to query the configured name services to
@@ -348,4 +348,4 @@
-Oracle Solaris 11.4 29 Mar 2011 who(1)
+Oracle Solaris 11.4 3 Nov 2021 who(1)
diff -NurbBw 11.4.39/xman1/yppasswd.1 11.4.42/xman1/yppasswd.1
--- 11.4.39/xman1/yppasswd.1 2022-02-15 11:15:46.363632230 +0000
+++ 11.4.42/xman1/yppasswd.1 2022-02-15 11:16:11.527620213 +0000
@@ -14,20 +14,12 @@
user has done a keylogin(1), and a publickey/secretkey pair exists for
the user in the NIS publickey.byname map, yppasswd also re-encrypts
the secretkey with the new password. The NIS password may be different
- from the local one on your own machine.
+ from the local one if the account also appears in the passwd(5) file on
+ the machine.
- yppasswd prompts for the old NIS password, and then for the new one.
- You must type in the old password correctly for the change to take
- effect. The new password must be typed twice, to forestall mistakes.
-
-
- New passwords must be at least four characters long, if they use a suf-
- ficiently rich alphabet, and at least six characters long if monocase.
- These rules are relaxed if you are insistent enough. Only the owner of
- the name or the super-user may change a password; superuser on the root
- master will not be prompted for the old password, and does not need to
- follow password construction requirements.
+ yppasswd executes passwd -r nis. Restrictions on the password and who
+ may change it are documented in the passwd(1) manual page.
The NIS password daemon, rpc.yppasswdd must be running on your NIS
@@ -42,6 +34,8 @@
+-----------------------------+-----------------------------+
|Availability |system/network/nis |
+-----------------------------+-----------------------------+
+ |Interface Stability |Obsolete |
+ +-----------------------------+-----------------------------+
SEE ALSO
keylogin(1), login(1), passwd(1), getpwnam(3C), getspnam(3C),
@@ -67,4 +61,4 @@
-Oracle Solaris 11.4 22 Aug 2017 yppasswd(1)
+Oracle Solaris 11.4 3 Nov 2021 yppasswd(1)
diff -NurbBw 11.4.39/xman2/chown.2 11.4.42/xman2/chown.2
--- 11.4.39/xman2/chown.2 2022-02-15 11:15:46.368829178 +0000
+++ 11.4.42/xman2/chown.2 2022-02-15 11:16:11.535883188 +0000
@@ -77,7 +77,9 @@
trol the default chown() behavior of the file system and NFS server. If
rstchown is not in effect, the privilege {PRIV_FILE_CHOWN_SELF} is
implicitly granted to the user when attempting to give away files,
- except for files owned by uid 0.
+ except for files owned by uid 0. The _POSIX_CHOWN_RESTRICTED option
+ will be reported as true for paths on filesystems mounted with the
+ rstchown option, when checked with fpathconf(2) or getconf(1).
Upon successful completion, chown(), fchown(), fchownat(), and lchown()
@@ -224,8 +226,8 @@
+-----------------------+-----------------------------------+
SEE ALSO
- chgrp(1), chown(1), chmod(2), fpathconf(2), system(5), attributes(7),
- privileges(7), standards(7)
+ chgrp(1), chown(1), getconf(1), chmod(2), fpathconf(2), system(5),
+ attributes(7), privileges(7), standards(7)
HISTORY
The chown(), fchown(), and lchown() functions have been included in all
@@ -236,4 +238,4 @@
-Oracle Solaris 11.4 12 Mar 2021 chown(2)
+Oracle Solaris 11.4 3 Nov 2021 chown(2)
diff -NurbBw 11.4.39/xman2/futimens.2 11.4.42/xman2/futimens.2
--- 11.4.39/xman2/futimens.2 2022-02-15 11:15:46.373082811 +0000
+++ 11.4.42/xman2/futimens.2 2022-02-15 11:16:11.539607454 +0000
@@ -54,15 +54,15 @@
Only a process with the effective user ID equal to the user ID of the
- file, or with write access to the file, or with appropriate privileges
- may use futimens() or utimensat() with a null pointer as the times
- argument or with both tv_nsec fields set to the special value
+ file, or with write access to the file, or with the {PRIV_FILE_OWNER}
+ privilege may use futimens() or utimensat() with a null pointer as the
+ times argument or with both tv_nsec fields set to the special value
UTIME_NOW. Only a process with the effective user ID equal to the user
- ID of the file or with appropriate privileges may use futimens() or
- utimensat() with a non-null times argument that does not have both
- tv_nsec fields set to UTIME_NOW and does not have both tv_nsec fields
- set to UTIME_OMIT. If both tv_nsec fields are set to UTIME_OMIT, no
- ownership or permissions check is performed for the file, but other
+ ID of the file or with the {PRIV_FILE_OWNER} privilege may use futi-
+ mens() or utimensat() with a non-null times argument that does not have
+ both tv_nsec fields set to UTIME_NOW and does not have both tv_nsec
+ fields set to UTIME_OMIT. If both tv_nsec fields are set to UTIME_OMIT,
+ no ownership or permissions check is performed for the file, but other
error conditions are still detected (including EACCES errors related to
the path prefix).
@@ -107,8 +107,8 @@
tv_nsec fields set to UTIME_NOW, does not have both tv_nsec
fields set to UTIME_OMIT, the calling process' effective user
ID has write access to the file but does not match the owner
- of the file, and the calling process does not have appropri-
- ate privileges.
+ of the file, and {PRIV_FILE_OWNER} is not asserted in the
+ effective set of the calling process.
EROFS The file system containing the file is read-only.
@@ -182,8 +182,12 @@
+-----------------------------+-----------------------------+
SEE ALSO
- stat(2), utime(2), utimes(2), attributes(7), fsattr(7)
+ stat(2), utime(2), utimes(2), attributes(7), fsattr(7), privileges(7)
+HISTORY
+ The futimens() and utimensat() functions were added to Solaris in
+ Solaris 10 9/10 (Update 9).
-Oracle Solaris 11.4 1 Sep 2009 futimens(2)
+
+Oracle Solaris 11.4 3 Nov 2021 futimens(2)
diff -NurbBw 11.4.39/xman2/getacct.2 11.4.42/xman2/getacct.2
--- 11.4.39/xman2/getacct.2 2022-02-15 11:15:46.381338899 +0000
+++ 11.4.42/xman2/getacct.2 2022-02-15 11:16:11.544803132 +0000
@@ -46,10 +46,10 @@
interval record (EW_INTERVAL) is written.
- These functions require root privilege, as they allow inquiry or
- reporting relevant to system tasks and processes other than the invok-
- ing process. The putacct() and wracct() functions also cause the kernel
- to write records to the system's extended accounting files.
+ These functions require the {PRIV_SYS_ACCT} privilege, as they allow
+ inquiry or reporting relevant to system tasks and processes other than
+ the invoking process. The putacct() and wracct() functions also cause
+ the kernel to write records to the system's extended accounting files.
RETURN VALUES
The getacct() function returns the number of bytes required to repre-
@@ -111,8 +111,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- libexacct(3LIB), ea_pack_object(3EXACCT), attributes(7)
+ libexacct(3LIB), ea_pack_object(3EXACCT), attributes(7), standards(7)
-Oracle Solaris 11.4 14 May 2018 getacct(2)
+Oracle Solaris 11.4 3 Nov 2021 getacct(2)
diff -NurbBw 11.4.39/xman2/getpflags.2 11.4.42/xman2/getpflags.2
--- 11.4.39/xman2/getpflags.2 2022-02-15 11:15:46.385360349 +0000
+++ 11.4.42/xman2/getpflags.2 2022-02-15 11:16:11.551097769 +0000
@@ -147,7 +147,8 @@
flag is set, it is assumed that the process contains sensitive data
and non-privileged users cannot observe it through proc tools, can-
not truss it, and cannot dump its core. Processes can set and unset
- this flag at will. For more information, see the proc(1) man page.
+ this flag at will. For more information, see the proc(1) and
+ ppriv(1) man pages.
This flag can be set automatically for the process, typically when
a privileged process performs setuid or setgid. Unsetting the flag
@@ -202,4 +203,4 @@
-Oracle Solaris 11.4 17 Jan 2017 getpflags(2)
+Oracle Solaris 11.4 3 Nov 2021 getpflags(2)
diff -NurbBw 11.4.39/xman2/Intro.2 11.4.42/xman2/Intro.2
--- 11.4.39/xman2/Intro.2 2022-02-15 11:15:46.402098702 +0000
+++ 11.4.42/xman2/Intro.2 2022-02-15 11:16:11.576606459 +0000
@@ -983,12 +983,17 @@
o The read, write, or execute mode bit is not set but the
process has the discretionary file access override privilege
for the corresponding mode bit: {PRIV_FILE_DAC_READ} for the
- read bit {PRIV_FILE_DAC_WRITE} for the write bit,
+ read bit, {PRIV_FILE_DAC_WRITE} for the write bit,
{PRIV_FILE_DAC_SEARCH} for the execute bit on directories,
and {PRIV_FILE_DAC_EXECUTE} for the executable bit on plain
files.
+ o The file has an Access Control List (ACL) with an entry
+ granting permission to the user or group of the process. See
+ acl(7) for details.
+
+
Otherwise, the corresponding permissions are denied.
@@ -1221,7 +1226,11 @@
Privilege
Having appropriate privileges means having the capability to override
- system restrictions.
+ system restrictions. On Solaris, these are represented as sets of priv-
+ ileges that provide fine-grained control over the actions a process can
+ take. Specific privileges are denoted in man pages as {PRIV_NAME}, and
+ are listed and defined in the privileges(7) man page. When referenced
+ in source code, the braces are not included.
Privileged User
Solaris software implements a set of privileges that provide fine-
@@ -1634,8 +1643,8 @@
This notice shall appear on any product containing this material.
SEE ALSO
- privileges(7), resource-controls(7), standards(7), threads(7)
+ acl(7), privileges(7), resource-controls(7), standards(7), threads(7)
-Oracle Solaris 11.4 18 Sep 2020 Intro(2)
+Oracle Solaris 11.4 3 Nov 2021 Intro(2)
diff -NurbBw 11.4.39/xman3c/gethostname.3c 11.4.42/xman3c/gethostname.3c
--- 11.4.39/xman3c/gethostname.3c 2022-02-15 11:15:46.405735570 +0000
+++ 11.4.42/xman3c/gethostname.3c 2022-02-15 11:16:11.581655925 +0000
@@ -15,14 +15,15 @@
DESCRIPTION
The gethostname() function returns the standard host name for the cur-
- rent processor, as previously set by sethostname(). The namelen argu-
- ment specifies the size of the array pointed to by name. The returned
- name is null-terminated unless insufficient space is provided.
+ rent zone, as previously set by sethostname(). The namelen argument
+ specifies the size of the array pointed to by name. The returned name
+ is null-terminated unless insufficient space is provided.
- The sethostname() function sets the name of the host machine to be
- name, which has length namelen. This call is restricted to the supe-
- ruser and is normally used only when the system is bootstrapped.
+ The sethostname() function sets the host name of the currrent zone to
+ be name, which has length namelen. This call requires the
+ {PRIV_SYS_ADMIN} privilege and is normally used only when the system is
+ booted.
Host names are limited to MAXHOSTNAMELEN characters, currently 256,
@@ -60,8 +61,9 @@
+-----------------------------+-----------------------------+
SEE ALSO
- sysinfo(2), uname(2), gethostid(3C), attributes(7), standards(7)
+ hostname(1), sysinfo(2), uname(2), gethostid(3C), attributes(7), privi-
+ leges(7), standards(7)
-Oracle Solaris 11.4 24 Mar 2011 gethostname(3C)
+Oracle Solaris 11.4 3 Nov 2021 gethostname(3C)
diff -NurbBw 11.4.39/xman3c/getpw.3c 11.4.42/xman3c/getpw.3c
--- 11.4.39/xman3c/getpw.3c 2022-02-15 11:15:46.408753141 +0000
+++ 11.4.42/xman3c/getpw.3c 2022-02-15 11:16:11.585811983 +0000
@@ -11,20 +11,24 @@
int getpw(uid_t uid, char *buf);
DESCRIPTION
- The getpw() function searches the user database for a user id number
- that equals uid, copies the line of the password file in which uid was
- found into the array pointed to by buf, and returns 0. getpw() returns
- non-zero if uid cannot be found.
+ The getpw() function searches the local user database for a user id
+ number that equals uid, copies the line of the password file in which
+ uid was found into the array pointed to by buf, and returns 0. getpw()
+ returns non-zero if uid cannot be found.
USAGE
- This function is included only for compatibility with prior systems and
- should not be used; the functions described on the getpwnam(3C) manual
- page should be used instead.
+ This function is included only for compatibility with legacy systems
+ and should not be used; the functions described on the getpwnam(3C)
+ manual page should be used instead.
- If the /etc/passwd and the /etc/group files have a plus sign (+) for
- the NIS entry, then getpwent() and getgrent() will not return NULL when
- the end of file is reached. See getpwnam(3C).
+ This function does not search any network name services, nor does it
+ use the caching provided by nscd(8).
+
+
+ There is no limit to the length of data which getpw() may write to the
+ provided buffer, making it impossible to use this function without risk
+ of buffer overflow.
RETURN VALUES
The getpw() function returns non-zero on error.
@@ -36,12 +40,24 @@
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
+ |Interface Stability |Obsolete |
+ +-----------------------------+-----------------------------+
|MT-Level |Safe |
+-----------------------------+-----------------------------+
SEE ALSO
getpwnam(3C), passwd(5), attributes(7)
+HISTORY
+ The getpw() function was first documented in Bell Labs Research UNIX
+ Version 4 in 1973. It was documented as deprecated in Bell Labs
+ Research UNIX Version 7 in 1979 when the replacement getpwuid() func-
+ tion was introduced.
+
+
+ The getpw() function has been included for compatibility but deprecated
+ for use by new software in all versions of SunOS and Solaris.
+
-Oracle Solaris 11.4 11 May 2021 getpw(3C)
+Oracle Solaris 11.4 20 Sep 2021 getpw(3C)
diff -NurbBw 11.4.39/xman3c/malloc.3c 11.4.42/xman3c/malloc.3c
--- 11.4.39/xman3c/malloc.3c 2022-02-15 11:15:46.422535743 +0000
+++ 11.4.42/xman3c/malloc.3c 2022-02-15 11:16:11.604493076 +0000
@@ -4,7 +4,7 @@
NAME
malloc, calloc, memalign, realloc, reallocarray, reallocf, valloc,
- free, malloc_usable_size - memory allocator
+ free, freezero, freezeroall, malloc_usable_size - memory allocator
SYNOPSIS
#include <stdlib.h>
@@ -35,6 +35,12 @@
void free(void *ptr);
+
+ void freezero(void *ptr, size_t size);
+
+
+ void freezeroall(void *ptr);
+
DESCRIPTION
These functions provide a simple, general-purpose memory allocation
package. If the space assigned by any of the memory allocation func-
@@ -111,6 +117,13 @@
guaranteed to detect all possible invalid pointers and may return an
incorrect size or cause a program fault.
+
+ The freezero() and freezeroall() functions overwrite the contents of
+ the memory buffer with zeros before passing it to free(), if ptr is not
+ NULL. freezero() writes zeros up to the provided size or the size
+ returned by malloc_usable_size(), whichever is smaller. freezeroall()
+ writes zeros for the entire size returned by malloc_usable_size().
+
ADI INTERACTION
On Oracle SPARC systems with support for the Application Data Integrity
(ADI) feature the default set of malloc() functions support the ADIHEAP
@@ -277,7 +290,9 @@
| | XPG4v2 through XPG5 |
| | |
+-----------------------+-----------------------------------+
- | malloc_usable_size() | None |
+ | freezero() | None |
+ | freezeroall() | |
+ | malloc_usable_size() | |
| memalign() | |
| reallocarray() | |
| reallocf() | |
@@ -383,14 +398,17 @@
Replacements for the following may be optionally provided:
+ freezero()
+ freezeroall()
reallocarray()
reallocf()
valloc()
- If replacements are not provided, the default implementations of real-
- locarray(), reallocf(), and valloc() will call the realloc() and mema-
- lign() functions provided by the active allocation library.
+ If replacements are not provided, the default implementations of
+ freezero(), freezeroall(), reallocarray(), reallocf(), and valloc()
+ will call the free(), malloc_usable_size(), realloc(), and memalign()
+ functions provided by the active allocation library.
Replacements for the functions aligned_alloc(3C) and posix_memalign(3C)
@@ -420,5 +438,13 @@
Oracle Solaris in the Oracle Solaris 11.4.12 release.
+ The freezero() function was defined in OpenBSD 6.2, and was added to
+ Oracle Solaris in the Oracle Solaris 11.4.42 release.
+
+
+ The freezeroall() function was introduced in the Oracle Solaris 11.4.42
+ release.
+
+
-Oracle Solaris 11.4 14 Aug 2021 malloc(3C)
+Oracle Solaris 11.4 21 Oct 2021 malloc(3C)
diff -NurbBw 11.4.39/xman3c/plock.3c 11.4.42/xman3c/plock.3c
--- 11.4.39/xman3c/plock.3c 2022-02-15 11:15:46.427091450 +0000
+++ 11.4.42/xman3c/plock.3c 2022-02-15 11:16:11.609515934 +0000
@@ -14,8 +14,9 @@
The plock() function allows the calling process to lock or unlock into
memory its text segment (text lock), its data segment (data lock), or
both its text and data segments (process lock). Locked segments are
- immune to all routine swapping. The effective user ID of the calling
- process must be super-user to use this call.
+ immune to all routine swapping. The {PRIV_PROC_LOCK_MEMORY} privilege
+ must be asserted in the effective set of the calling process to use
+ this call.
The plock() function performs the function specified by op:
@@ -73,8 +74,8 @@
SEE ALSO
exec(2), exit(2), fork(2), memcntl(2), mlock(3C), mlockall(3C),
- attributes(7)
+ attributes(7), privileges(7)
-Oracle Solaris 11.4 22 Mar 2004 plock(3C)
+Oracle Solaris 11.4 3 Nov 2021 plock(3C)
diff -NurbBw 11.4.39/xman3c/rcmd.3c 11.4.42/xman3c/rcmd.3c
--- 11.4.39/xman3c/rcmd.3c 2022-02-15 11:15:46.431030799 +0000
+++ 11.4.42/xman3c/rcmd.3c 2022-02-15 11:16:11.613920416 +0000
@@ -28,29 +28,16 @@
const char *luser);
DESCRIPTION
- The rcmd() function is used by the superuser to execute a command on a
- remote machine with an authentication scheme based on reserved port
- numbers. An AF_INET socket is returned with rcmd(). The rcmd_af() func-
- tion supports AF_INET, AF_INET6 or AF_UNSPEC for the address family. An
- application can choose which type of socket is returned by passing
- AF_INET or AF_INET6 as the address family. The use of AF_UNSPEC means
- that the caller will accept any address family. Choosing AF_UNSPEC pro-
- vides a socket that best suits the connectivity to the remote host.
-
-
- The rresvport() function returns a descriptor to a socket with an
- address in the privileged port space. The rresvport_af() function is
- the equivalent to rresvport(), except that you can choose AF_INET or
- AF_INET6 as the socket address family to be returned by rresvport_af().
- AF_UNSPEC does not apply to the rresvport() function.
-
-
- The ruserok() function is a routine used by servers to authenticate
- clients that request as service with rcmd.
-
-
- All of these functions are present in the same file and are used by the
- in.rshd(8) server among others.
+ The rcmd() and rcmd_af() functions execute a command on a remote
+ machine with an authentication scheme based on privileged port numbers.
+ The {PRIV_NET_PRIVADDR} privilege is required to use these functions so
+ they can bind a socket to a privileged port number. An AF_INET socket
+ is returned with rcmd(). The rcmd_af() function supports AF_INET,
+ AF_INET6, or AF_UNSPEC for the address family. An application can
+ choose which type of socket is returned by passing AF_INET or AF_INET6
+ as the address family. The use of AF_UNSPEC means that the caller will
+ accept any address family. Choosing AF_UNSPEC provides a socket that
+ best suits the connectivity to the remote host.
The rcmd() and rcmd_af() functions look up the host *ahost using getad-
@@ -77,39 +64,48 @@
The rresvport() and rresvport_af() functions are used to obtain a
- socket bound to a privileged port number. The socket is suitable for
- use by rcmd() and rresvport_af() and several other routines. Privileged
- Internet ports are those in the range 1 to 1023. Only the superuser is
- allowed to bind a socket to a privileged port number. The application
+ socket bound to a privileged port number. Privileged Internet ports are
+ those in the range 1 to 1023. The {PRIV_NET_PRIVADDR} privilege is
+ required to bind a socket to a privileged port number. The application
must pass in port, which must be in the range 512 to 1023. The system
first tries to bind to that port number. If it fails, the system then
tries to bind to another unused privileged port, if one is available.
- The ruserok() function takes a remote host name returned by the geth-
- ostbyaddr() function with two user names and a flag to indicate whether
- the local user's name is that of the superuser. See gethostbyname(3C).
- The ruserok() function then checks the files /etc/hosts.equiv and pos-
- sibly .rhosts in the local user's home directory to see if the request
- for service is allowed. A 0 value is returned if the machine name is
- listed in the /etc/hosts.equiv file, or if the host and remote user
- name are found in the .rhosts file. Otherwise, the ruserok() function
- returns -1. If the superuser flag is 1, the /etc/hosts.equiv is not
- checked.
+ The rresvport() function returns a descriptor to a socket in the Inter-
+ net domain of type SOCK_STREAM with an address in the AF_INET address
+ family. The rresvport_af() function is the equivalent to rresvport(),
+ except that you can choose AF_INET or AF_INET6 as the socket address
+ family to be returned by rresvport_af(). AF_UNSPEC does not apply to
+ the rresvport_af() function.
- The error code EAGAIN is overloaded to mean "All network ports in use."
+ The ruserok() function is a routine used by servers to authenticate
+ clients that request a service with rcmd(). The ruserok() function
+ takes a remote host name returned by the gethostbyaddr() function with
+ two user names and a flag to indicate whether the local user's name is
+ that of the superuser. See gethostbyname(3C). The ruserok() function
+ then checks the files /etc/hosts.equiv and possibly .rhosts in the
+ local user's home directory to see if the request for service is
+ allowed. A 0 value is returned if the machine name is listed in the
+ /etc/hosts.equiv file, or if the host and remote user name are found in
+ the .rhosts file. Otherwise, the ruserok() function returns -1. If the
+ superuser flag is 1, the /etc/hosts.equiv is not checked.
RETURN VALUES
The rcmd() and rcmd_af() functions return a valid socket descriptor
- upon success. The functions returns -1 upon error and print a diagnos-
- tic message to standard error.
+ upon success. The functions return -1 upon error and print a diagnostic
+ message to standard error.
The rresvport() and rresvport_af() functions return a valid, bound
socket descriptor upon success. The functions return -1 upon error with
the global value errno set according to the reason for failure.
+
+ The error code EAGAIN is overloaded to mean "All privileged network
+ ports in use."
+
FILES
/etc/hosts.equiv system trusted hosts and users
@@ -125,6 +121,11 @@
recommended instead, and a programming interface to it is available via
the libssh2 library.
+
+ The range of privileged ports used by these functions does not take
+ into account changes to the smallest-nonpriv-port and extra-priv-ports
+ properties by ipadm(8).
+
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
@@ -143,7 +144,7 @@
SEE ALSO
rlogin(1), rsh(1), Intro(2), getaddrinfo(3C), gethostbyname(3C),
- rexec(3C), attributes(7), in.rexecd(8), in.rshd(8)
+ rexec(3C), attributes(7), privileges(7), in.rexecd(8), in.rshd(8)
HISTORY
The rcmd_af() and rresvport_af() functions were added to Oracle Solaris
@@ -155,4 +156,4 @@
-Oracle Solaris 11.4 2 Feb 2021 rcmd(3C)
+Oracle Solaris 11.4 3 Nov 2021 rcmd(3C)
diff -NurbBw 11.4.39/xman3kstat/kstat_read.3kstat 11.4.42/xman3kstat/kstat_read.3kstat
--- 11.4.39/xman3kstat/kstat_read.3kstat 2022-02-15 11:15:46.434471560 +0000
+++ 11.4.42/xman3kstat/kstat_read.3kstat 2022-02-15 11:16:11.629189285 +0000
@@ -26,8 +26,9 @@
The kstat_write() function writes data from buf, or from ksp->ks_data
- if buf is NULL, to the corresponding kstat in the kernel. Only the
- superuser can use the kstat_write() function.
+ if buf is NULL, to the corresponding kstat in the kernel. The
+ {PRIV_SYS_CONFIG} privilege is required to use the kstat_write() func-
+ tion.
RETURN VALUES
Upon successful completion, the kstat_read() and kstat_write() func-
@@ -86,20 +87,20 @@
tion is left to the application.
SEE ALSO
- kstat_chain_update(3KSTAT), kstat(3KSTAT), kstat_lookup(3KSTAT),
- kstat_open(3KSTAT), attributes(7), privileges(7), kstat2(3KSTAT2),
- kstat2_open(3KSTAT2), kstat2_close(3KSTAT2),
- kstat2_lookup_map(3KSTAT2), kstat2_map_get(3KSTAT2)
+ kstat(3KSTAT), kstat_chain_update(3KSTAT), kstat_lookup(3KSTAT),
+ kstat_open(3KSTAT), kstat2(3KSTAT2), kstat2_open(3KSTAT2),
+ kstat2_close(3KSTAT2), kstat2_lookup_map(3KSTAT2),
+ kstat2_map_get(3KSTAT2), attributes(7), privileges(7)
NOTES
The kstat_read() and kstat_write() functions are deprecated. They may
be removed in a future release of Oracle Solaris. Use the
- kstat2_lookup_map() and kstat2_map_get() to read a statistic. There
- will be no functional replacement for the kstat_write() function.
+ kstat2_lookup_map() and kstat2_map_get() functions to read a statistic.
+ There will be no functional replacement for the kstat_write() function.
Kstats v2 does not support writing data-values into kstats. For more
information, see the kstat2_lookup_map(3KSTAT2) and
kstat2_map_get(3KSTAT2) man pages.
-Oracle Solaris 11.4 19 Aug 2016 kstat_read(3KSTAT)
+Oracle Solaris 11.4 3 Nov 2021 kstat_read(3KSTAT)
diff -NurbBw 11.4.39/xman3lgrp/lgrp_init.3lgrp 11.4.42/xman3lgrp/lgrp_init.3lgrp
--- 11.4.39/xman3lgrp/lgrp_init.3lgrp 2022-02-15 11:15:46.438758117 +0000
+++ 11.4.42/xman3lgrp/lgrp_init.3lgrp 2022-02-15 11:16:11.633025953 +0000
@@ -64,9 +64,9 @@
lgroup hierarchy.
- EAGAIN There is not enough memory available to allocate the snapshot
- of the lgroup hierarchy, but the application could try again
- later.
+ EAGAIN The lgroup hierarchy is being updated, or there is not enough
+ memory available to allocate the snapshot of the lgroup hier-
+ archy. But the application could try again later.
diff -NurbBw 11.4.39/xman3lib/libadimalloc.3lib 11.4.42/xman3lib/libadimalloc.3lib
--- 11.4.39/xman3lib/libadimalloc.3lib 2022-02-15 11:15:46.441954753 +0000
+++ 11.4.42/xman3lib/libadimalloc.3lib 2022-02-15 11:16:11.636455741 +0000
@@ -40,9 +40,9 @@
calloc free
- malloc malloc_usable_size
- memalign realloc
- valloc
+ freezero malloc
+ malloc_usable_size memalign
+ realloc valloc
@@ -69,8 +68,8 @@
The attribute type and attribute values for the functions calloc(),
- free(), malloc(), malloc_usable_size(), memalign(), realloc(), and val-
- loc() are as follows:
+ free(), freezero(), malloc(), malloc_usable_size(), memalign(), real-
+ loc(), and valloc() are as follows:
+-----------------------------+-----------------------------+
@@ -107,4 +106,4 @@
-Oracle Solaris 11.4 7 Feb 2019 libadimalloc(3LIB)
+Oracle Solaris 11.4 21 Oct 2021 libadimalloc(3LIB)
diff -NurbBw 11.4.39/xman3lib/libc.3lib 11.4.42/xman3lib/libc.3lib
--- 11.4.39/xman3lib/libc.3lib 2022-02-15 11:15:46.462684453 +0000
+++ 11.4.42/xman3lib/libc.3lib 2022-02-15 11:16:11.655773242 +0000
@@ -352,8 +352,9 @@
free_proflist free_userattr
freeaddrinfo freehostent
freeifaddrs freeipsecalgent
- freelocale
- freenetconfigent freopen
+ freelocale freenetconfigent
+ freezero freezeroall
+ freopen
frexp fscanf
fseek fseeko
fsetattr fsetpos
@@ -392,8 +393,8 @@
getextmntent getgid
getgrent getgrent_r
getgrgid getgrgid_r
- getgrnam getgrnam_r
+ getgrnam getgrnam_r
getgrouplist getgroups
gethomelgroup gethostbyaddr
gethostbyaddr_r gethostbyname
@@ -458,8 +459,8 @@
getutmpx getutxent
getutxid getutxline
getvfsany getvfsent
- getvfsfile getvfsspec
+ getvfsfile getvfsspec
getw getwc
getwchar getwd
getwidth getws
@@ -524,8 +525,8 @@
killpg kva_match
l64a labs
ladd lchown
- lckpwdf lcong48
+ lckpwdf lcong48
lcong48_r ldexp
ldiv ldivide
lexp10 lfind
@@ -590,8 +591,8 @@
mutex_init mutex_lock
mutex_trylock mutex_unlock
nanosleep nc_perror
- nc_sperror netdir_free
+ nc_sperror netdir_free
netdir_getbyaddr netdir_getbyname
netdir_options netdir_perror
netdir_sperror netname2host
@@ -656,8 +657,8 @@
priv_isemptyset priv_isequalset
priv_isfullset priv_ismember
priv_issubset priv_set
- priv_set_to_str priv_str_to_set
+ priv_set_to_str priv_str_to_set
priv_union proc_thr_kill
proc_thr_sigqueue proc_thr_sigqueue_wait
processor_affinity processor_bind
@@ -722,8 +723,8 @@
pthread_setname_np
pthread_setschedparam pthread_setschedprio
pthread_setspecific pthread_sigmask
- pthread_sigqueue pthread_sigqueue_wait
+ pthread_sigqueue pthread_sigqueue_wait
pthread_spin_destroy pthread_spin_init
pthread_spin_lock pthread_spin_trylock
pthread_spin_unlock pthread_testcancel
@@ -788,8 +789,8 @@
rpcb_gettime rpcb_rmtcall
rpcb_set rpcb_unset
rresvport rresvport_af
- ruserok rw_rdlock
+ ruserok rw_rdlock
rw_read_held rw_tryrdlock
rw_trywrlock rw_unlock
rw_write_held rw_wrlock
@@ -854,8 +855,8 @@
shmctl shmdt
shmget shmget_osm
shmids
- shutdown sig2str
+ shutdown sig2str
sigaction sigaddset
sigaltstack sigdelset
sigemptyset sigfillset
@@ -920,8 +921,8 @@
svc_get_local_cred svc_getargs
svc_getreq svc_getreq_common
svc_getreq_poll svc_getreqset
- svc_getrpccaller svc_max_pollfd
+ svc_getrpccaller svc_max_pollfd
svc_pollfd svc_raw_create
svc_reg svc_register
svc_run svc_sendreply
@@ -986,8 +987,8 @@
times timespec_get
timespecadd timespecclear
timespeccompare timespecfix
- timespecisset timespecsub
+ timespecisset timespecsub
timezone timingsafe_bcmp
timingsafe_memcmp tmpfile
tmpnam tmpnam_r
@@ -1052,8 +1053,8 @@
wcrtomb wcscasecmp
wcscasecmp_l wcscat
wcschr wcscmp
- wcscoll_l wcscoll
+ wcscoll_l wcscoll
wcscpy wcscspn
wcsdup wcsftime
wcslen wcsncasecmp
@@ -1118,8 +1119,8 @@
xdr_vector xdr_void
xdr_wrapstring xdrmem_create
xdrrec_create xdrrec_endofrecord
- xdrrec_eof xdrrec_readbytes
+ xdrrec_eof xdrrec_readbytes
xdrrec_skiprecord xdrstdio_create
xprt_register xprt_unregister
yield yp_all
@@ -1184,8 +1185,8 @@
_Q_dtoq _Q_feq
_Q_fge _Q_fgt
_Q_fle _Q_flt
- _Q_fne _Q_itoq
+ _Q_fne _Q_itoq
_Q_lltoq _Q_mul
_Q_neg _Q_qtod
_Q_qtoi _Q_qtoll
@@ -1250,8 +1251,8 @@
asctime_s bsearch_s
ctime_s fopen_s
fprintf_s freopen_s
- fscanf_s fwprintf_s
+ fscanf_s fwprintf_s
fwscanf_s getenv_s
gets_s gmtime_s
localtime_s mbsrtowcs_s
@@ -1377,4 +1378,4 @@
-Oracle Solaris 11.4 29 Jul 2021 libc(3LIB)
+Oracle Solaris 11.4 21 Oct 2021 libc(3LIB)
diff -NurbBw 11.4.39/xman3lib/libumem.3lib 11.4.42/xman3lib/libumem.3lib
--- 11.4.39/xman3lib/libumem.3lib 2022-02-15 11:15:46.466572795 +0000
+++ 11.4.42/xman3lib/libumem.3lib 2022-02-15 11:16:11.659708205 +0000
@@ -29,13 +29,13 @@
calloc free
- malloc malloc_usable_size
- memalign realloc
- umem_alloc umem_cache_alloc
- umem_cache_create umem_cache_destroy
- umem_cache_free umem_free
- umem_nofail_callback umem_zalloc
- valloc
+ freezero malloc
+ malloc_usable_size memalign
+ realloc umem_alloc
+ umem_cache_alloc umem_cache_create
+ umem_cache_destroy umem_cache_free
+ umem_free umem_nofail_callback
+ umem_zalloc valloc
FILES
@@ -69,4 +69,4 @@
-Oracle Solaris 11.4 7 Feb 2019 libumem(3LIB)
+Oracle Solaris 11.4 21 Oct 2021 libumem(3LIB)
diff -NurbBw 11.4.39/xman3pam/pam_acct_mgmt.3pam 11.4.42/xman3pam/pam_acct_mgmt.3pam
--- 11.4.39/xman3pam/pam_acct_mgmt.3pam 2022-02-15 11:15:46.469812891 +0000
+++ 11.4.42/xman3pam/pam_acct_mgmt.3pam 2022-02-15 11:16:11.663114588 +0000
@@ -31,8 +31,9 @@
o If the account is locked
- o The /etc/nologin file is not present for non-root users (see
- nologin(5))
+ o The /etc/nologin file is not present, unless the user has a
+ uid of 0, has the root role, or is assigned the solaris.sys-
+ tem.maintenance authorization (see nologin(5))
@@ -67,15 +68,15 @@
PAM_NEW_AUTHTOK_REQD New authentication token required. This is nor-
mally returned if the machine security policies
require that the password should be changed
- because the password is NULL or has aged.
+ because the password is null or has aged.
PAM_ACCT_EXPIRED User account has expired.
- PAM_LOGINS_DISABLED Logins for non-root users are disabled due to
- the presence of the /etc/nologin file. See
- nologin(5)
+ PAM_LOGINS_DISABLED Logins for non-root/maintenance users are dis-
+ abled due to the presence of the /etc/nologin
+ file. See nologin(5)
ATTRIBUTES
@@ -91,8 +92,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_start(3PAM),
- attributes(7)
+ libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_start(3PAM), nolo-
+ gin(5), attributes(7)
NOTES
The interfaces in libpam are MT-Safe only if each thread within the
@@ -100,4 +101,4 @@
-Oracle Solaris 11.4 13 Oct 1998 pam_acct_mgmt(3PAM)
+Oracle Solaris 11.4 3 Nov 2021 pam_acct_mgmt(3PAM)
diff -NurbBw 11.4.39/xman3pam/pam_sm_acct_mgmt.3pam 11.4.42/xman3pam/pam_sm_acct_mgmt.3pam
--- 11.4.39/xman3pam/pam_sm_acct_mgmt.3pam 2022-02-15 11:15:46.473079117 +0000
+++ 11.4.42/xman3pam/pam_sm_acct_mgmt.3pam 2022-02-15 11:16:11.666483687 +0000
@@ -35,8 +35,9 @@
o The user's account has not been inactive for too long
- o The /etc/nologin file is not present for non-root users (see
- nologin(5))
+ o The /etc/nologin file is not present, unless the user has a
+ uid of 0, has the root role, or is assigned the solaris.sys-
+ tem.maintenance authorization (see nologin(5))
@@ -49,9 +50,9 @@
generate any messages.
- PAM_LOGINS_DISABLED Logins for non-root users are disabled due
- to the presence of the /etc/nologin file.
- See nologin(5).
+ PAM_LOGINS_DISABLED Logins for non-root/maintenance users are
+ disabled due to the presence of the
+ /etc/nologin file. See nologin(5).
PAM_DISALLOW_NULL_AUTHTOK The account management service should
@@ -92,7 +93,7 @@
PAM_IGNORE Ignore underlying account module regardless of
- whether the control flag is required, optional
+ whether the control flag is required, optional,
or sufficient.
@@ -110,7 +111,8 @@
SEE ALSO
syslog(3C), libpam(3LIB), pam(3PAM), pam_acct_mgmt(3PAM),
- pam_set_data(3PAM), pam_start(3PAM), pam.conf(5), attributes(7)
+ pam_set_data(3PAM), pam_start(3PAM), nologin(5), pam.conf(5),
+ attributes(7)
NOTES
The interfaces in libpam are MT-Safe only if each thread within the
@@ -124,4 +126,4 @@
-Oracle Solaris 11.4 25 October 2012 pam_sm_acct_mgmt(3PAM)
+Oracle Solaris 11.4 3 Nov 2021 pam_sm_acct_mgmt(3PAM)
diff -NurbBw 11.4.39/xman3project/setproject.3project 11.4.42/xman3project/setproject.3project
--- 11.4.39/xman3project/setproject.3project 2022-02-15 11:15:46.486570939 +0000
+++ 11.4.42/xman3project/setproject.3project 2022-02-15 11:16:11.671359848 +0000
@@ -18,9 +21,11 @@
int setproject_byname_pid(const char *proj_byname, pid_t pid,
uint_t flags, char **msgs);
+
int project_update_byname(const char * project_byname, uint_t flags);
- void project_msgs_free(char *);
+
+ void project_msgs_free(char *msgs);
DESCRIPTION
The setproject() function provides a simplified method for the associa-
@@ -68,10 +73,9 @@
The setproject() function verifies that user is a valid member of the
- specified project, as determined by inproj(). If user is a name of the
- superuser (user with UID equal to 0), the setproject() function skips
- the inproj() check described above and allows the superuser to join any
- project.
+ specified project, as determined by inproj(3PROJECT). If user is a user
+ with UID equal to 0, the setproject() function skips the inproj() check
+ described above and allows the user to join any project.
For backward compatibility, the setproject() function always implies
@@ -207,13 +208,14 @@
not exist the behavior is governed by the vale of pool property
system.project-fallback-to-default.
+ true (default value)
+
+ A warning will returned via msg and the target process or pro-
+ cesses will be bound to the default pool for the global zone.
- true (default value):
- A warning will returned via msg and the target process or
- processes will be bound to the default pool for the global
- zone.
false
+
setproject will fail.
@@ -406,8 +393,8 @@
assertive control values on a project's per-process CPU time, specify
process.max-cpu-time=(PRIVILEGED,1000s,signal=SIGXRES), \
- (PRIVILEGED,1250, signal=SIGTERM),(PRIVILEGED,1500,
- signal=SIGKILL)
+ (PRIVILEGED,1250,signal=SIGTERM), \
+ (PRIVILEGED,1500,signal=SIGKILL)
@@ -493,16 +478,23 @@
tions:
- setproject() Committed
- setproject_byname() Volatile
- setproject_byname_pid() Volatile
- project_update_byname() Volatile
-
+ +-----------------------------+-----------------------------+
+ | FUNCTION | INTERFACE STABILITY |
+ +-----------------------------+-----------------------------+
+ |setproject() |Committed |
+ +-----------------------------+-----------------------------+
+ |setproject_byname() |Volatile |
+ +-----------------------------+-----------------------------+
+ |setproject_byname_pid() |Volatile |
+ +-----------------------------+-----------------------------+
+ |project_update_byname() |Volatile |
+ +-----------------------------+-----------------------------+
SEE ALSO
setrctl(2), settaskid(2), libproject(3LIB), pool_error(3POOL),
- pool_set_binding(3POOL), passwd(5), project(5), attributes(7), privi-
- leges(7), resource-management(7), pooladm(8), psrinfo(8)
+ pool_set_binding(3POOL), inproj(3PROJECT), passwd(5), project(5),
+ attributes(7), privileges(7), resource-management(7), pooladm(8),
+ psrinfo(8)
NOTES
The project.mcb.sockets property will be removed in a future release of
@@ -510,4 +502,4 @@
-Oracle Solaris 11.4 11 May 2021 setproject(3PROJECT)
+Oracle Solaris 11.4 3 Nov 2021 setproject(3PROJECT)
diff -NurbBw 11.4.39/xman4d/sd.4d 11.4.42/xman4d/sd.4d
--- 11.4.39/xman4d/sd.4d 2022-02-15 11:15:46.493907475 +0000
+++ 11.4.42/xman4d/sd.4d 2022-02-15 11:16:11.678086836 +0000
@@ -245,8 +245,9 @@
- Both these utilities need to be run as root. The following table lists
- some example usage of these utilities:
+ Both these utilities need to be run with specific authorizations or
+ rights profiles - see their manual pages for details. The following ta-
+ ble lists some example usage of these utilities:
+---------------------------+-----------------------------------------+
@@ -927,4 +919,4 @@
-Oracle Solaris 11.4 29 Aug 2019 sd(4D)
+Oracle Solaris 11.4 3 Nov 2021 sd(4D)
diff -NurbBw 11.4.39/xman4i/mhd.4i 11.4.42/xman4i/mhd.4i
--- 11.4.39/xman4i/mhd.4i 2022-02-15 11:15:46.499121449 +0000
+++ 11.4.42/xman4i/mhd.4i 2022-02-15 11:16:11.687030252 +0000
@@ -9,13 +9,8 @@
#include <sys/mhd.h>
DESCRIPTION
- The mhd ioctl(2) control access rights of a multihost disk, using disk
- reservations on the disk device.
-
-
- The stability level of this interface is evolving. As a result, the
- interface is subject to change and you should limit your use of it. For
- more information, see the attributes(7) man page.
+ The mhd ioctl(2) calls control access rights of a multihost disk,
+ using disk reservations on the disk device.
The mhd ioctls fall into two major categories, ioctls for non-shared
@@ -26,7 +21,7 @@
multihost disks. It is described after the first two categories.
- All the ioctls require root privilege.
+ All the ioctls require the {PRIV_SYS_DEVICES} privilege.
For all of the ioctls, the caller should obtain the file descriptor for
@@ -78,8 +73,8 @@
MHIOCTKOWN
- Forcefully acquires exclusive access rights to the multihost disk
- for the local host. Revokes all access rights to the multihost disk
+ Forcibly acquires exclusive access rights to the multihost disk for
+ the local host. Revokes all access rights to the multihost disk
from remote hosts. Causes the disk to enter the exclusive access
state.
@@ -269,7 +264,7 @@
Each request returns -1 on failure and sets errno to indicate the
error.
- EPERM Caller is not root.
+ EPERM Caller does not have sufficient privileges.
EACCES Access rights were denied.
@@ -297,8 +292,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- ioctl(2), open(2), attributes(7)
+ ioctl(2), open(2), attributes(7), privileges(7)
-Oracle Solaris 11.4 27 Nov 2017 mhd(4I)
+Oracle Solaris 11.4 3 Nov 2021 mhd(4I)
diff -NurbBw 11.4.39/xman4i/mtio.4i 11.4.42/xman4i/mtio.4i
--- 11.4.39/xman4i/mtio.4i 2022-02-15 11:15:46.514046731 +0000
+++ 11.4.42/xman4i/mtio.4i 2022-02-15 11:16:11.697397593 +0000
@@ -81,10 +81,10 @@
Persistent Error Handling
Persistent error handling is a modification of the current error han-
dling behaviors, BSD and SVR4. With persistent error handling enabled,
- all tape operations after an error or exception returns immediately
- with an error. Persistent error handling can be most useful with asyn-
- chronous tape operations that use the aioread(3C) and aiowrite(3C)
- functions.
+ all tape operations after an error or exception return immediately with
+ an error. Persistent error handling can be most useful with asynchro-
+ nous tape operations that use the aioread(3C) and aiowrite(3C) func-
+ tions.
To enable persistent error handling, the ioctl MTIOCPERSISTENT must be
@@ -94,12 +94,12 @@
With persistent error handling enabled, all tape operations after an
- exception or error returns with the same error as the first command
- that failed; the operations is not executed. An exception is some event
- that might stop normal tape operations, such as an End Of File (EOF)
- mark or an End Of Tape (EOT) mark. An example of an error is a media
- error. The MTIOCLRERR ioctl must be issued to allow normal tape opera-
- tions to continue and to clear the error.
+ exception or error return with the same error as the first command that
+ failed; the operations is not executed. An exception is some event that
+ might stop normal tape operations, such as an End Of File (EOF) mark or
+ an End Of Tape (EOT) mark. An example of an error is a media error. The
+ MTIOCLRERR ioctl must be issued to allow normal tape operations to con-
+ tinue and to clear the error.
Disabling persistent error handling returns the error behavior to nor-
@@ -111,21 +111,21 @@
The Read Operation and Write Operation subsections contain more perti-
- nent information reguarding persistent error handling.
+ nent information regarding persistent error handling.
Read Operation
The read(2) function reads the next record on the tape. The record size
is passed back as the number of bytes read, provided it is not greater
than the number requested. When a tape mark or end of data is read, a
zero byte count is returned; all successive reads after the zero read
- returns an error and errno is set to EIO. To move to the next file, an
+ return an error and errno is set to EIO. To move to the next file, an
MTFSF ioctl can be issued before or after the read causing the error.
This error handling behavior is different from the older BSD behavior,
where another read fetches the first record of the next tape file. If
the BSD behavior is required, device names containing the letter b (for
BSD behavior) in the final component should be used. If persistent
error handling was enabled with either the BSD or SVR4 tape device
- behavior, all operations after this read error returns EIO errors until
+ behavior, all operations after this read error return EIO errors until
the MTIOCLRERR ioctl is issued. An MTFSF ioctl can then be issued.
@@ -483,15 +483,13 @@
};
-
-
/* structure for MTIOCGETPOS and MTIOCRESTPOS - get/set tape position */
/*
* eof/eot/eom codes.
*/
typedef enum {
ST_NO_EOF,
- ST_EOF_PENDING, /* filemrk pending */
+ ST_EOF_PENDING, /* filemark pending */
ST_EOF, /* at filemark */
ST_EOT_PENDING, /* logical eot pend. */
ST_EOT, /* at logical eot */
@@ -742,10 +739,10 @@
enum mtio_state {
- MTIO_NONE /* Return tape's current state */
- MTIO_EJECTED /* Tape state is "ejected" */
+ MTIO_NONE, /* Return tape's current state */
+ MTIO_EJECTED, /* Tape state is "ejected" */
MTIO_INSERTED /* Tape state is "inserted" */
- ;
+ };
@@ -783,12 +779,13 @@
ioctl(fd, MTIOCRELEASE);
+
The MTIOCFORCERESERVE ioctl breaks a reservation held by another host,
interrupting any I/O in progress by that other host, and then reserves
- the tape unit. This ioctl can be executed only with super-user privi-
- leges. It is recommended to open the tape device in O_NDELAY mode when
- this ioctl needs to be executed, otherwise the open fails if another
- host indeed has it reserved. For example,
+ the tape unit. This ioctl can be executed only with the
+ {PRIV_SYS_DEVICES} privilege. It is recommended to open the tape device
+ in O_NDELAY mode when this ioctl needs to be executed, otherwise the
+ open fails if another host indeed has it reserved. For example,
ioctl(fd, MTIOCFORCERESERVE);
@@ -942,11 +939,11 @@
SEE ALSO
mt(1), tar(1), write(2), open(2), read(2), aioread(3C), aiowrite(3C),
- ar.h(3HEAD), st(4D), scsi(5), dd(8)
+ ar.h(3HEAD), st(4D), scsi(5), privileges(7), dd(8)
1/4 Inch Tape Drive Tutorial
-Oracle Solaris 11.4 11 May 2021 mtio(4I)
+Oracle Solaris 11.4 3 Nov 2021 mtio(4I)
diff -NurbBw 11.4.39/xman4i/quotactl.4i 11.4.42/xman4i/quotactl.4i
--- 11.4.39/xman4i/quotactl.4i 2022-02-15 11:15:46.517956840 +0000
+++ 11.4.42/xman4i/quotactl.4i 2022-02-15 11:16:11.701223369 +0000
@@ -7,7 +7,8 @@
SYNOPSIS
#include <sys/fs/ufs_quota.h>
- int ioctl(int fd, Q_QUOTACTL, struct quotcl *qp)
+
+ int ioctl(int fd, Q_QUOTACTL, struct quotcl *qp);
DESCRIPTION
This ioctl() call manipulates disk quotas. fd is the file descriptor
@@ -31,32 +32,32 @@
Q_QUOTAON Turn on quotas for a file system. addr points to the full
pathname of the quotas file. uid is ignored. It is recom-
- mended that uid have the value of 0. This call is
- restricted to the super-user.
+ mended that uid have the value of 0. This call requires
+ the {PRIV_SYS_MOUNT} privilege.
Q_QUOTAOFF Turn off quotas for a file system. addr and uid are
ignored. It is recommended that addr have the value of
- NULL and uid have the value of 0. This call is restricted
- to the super-user.
+ NULL and uid have the value of 0. This call requires the
+ {PRIV_SYS_MOUNT} privilege.
Q_GETQUOTA Get disk quota limits and current usage for user uid.
addr is a pointer to a dqblk structure (defined in
<sys/fs/ufs_quota.h>). All users may get their own quota
- information, only the super-user may get the quota infor-
- mation for another user.
+ information, the {PRIV_SYS_MOUNT} privilege is required
+ to get the quota information for another user.
Q_SETQUOTA Set disk quota limits and current usage for user uid.
addr is a pointer to a dqblk structure (defined in
- sys/fs/ufs_quota.h). This call is restricted to the
- super-user.
+ sys/fs/ufs_quota.h). This call requires the
+ {PRIV_SYS_MOUNT} privilege.
Q_SETQLIM Set disk quota limits for user uid. addr is a pointer to
a dqblk structure (defined in sys/fs/ufs_quota.h). This
- call is restricted to the super-user.
+ call requires the {PRIV_SYS_MOUNT} privilege.
Q_SYNC Update the on-disk copy of quota usages for this file
@@ -117,15 +118,13 @@
SEE ALSO
- getrlimit(2), mount(2), quota(8), quotacheck(8), quotaon(8)
+ getrlimit(2), mount(2), privileges(7), quota(8), quotacheck(8), quo-
+ taon(8)
BUGS
There should be some way to integrate this call with the resource limit
interface provided by setrlimit() and getrlimit(2).
- This call is incompatible with Melbourne quotas.
-
-
-Oracle Solaris 11.4 11 May 2021 quotactl(4I)
+Oracle Solaris 11.4 3 Nov 2021 quotactl(4I)
diff -NurbBw 11.4.39/xman4i/unvme.4i 11.4.42/xman4i/unvme.4i
--- 11.4.39/xman4i/unvme.4i 2022-02-15 11:15:46.521525867 +0000
+++ 11.4.42/xman4i/unvme.4i 2022-02-15 11:16:11.704742112 +0000
@@ -159,15 +159,15 @@
WARNINGS
The unvme command is very powerful, but somewhat dangerous, so its use
- is restricted to processes running as root, regardless of the file per-
- missions on the device node. The device driver code expects to own the
- device state, and unvme commands can change the state of the device and
- confuse the device driver. It is best to send unvme commands only with
- no side effects, and avoid commands such as Create/Delete Submis-
- sion/Completion Queue, Format, Set Feature, Asynchronous Event, etc. as
- they may cause damage to data stored on the drive or system panics.
- Also, as the commands are not checked in any way by the device driver,
- any block may be overwritten.
+ is restricted to processes running with all privileges, regardless of
+ the file permissions on the device node. The device driver code expects
+ to own the device state, and unvme commands can change the state of the
+ device and confuse the device driver. It is best to send unvme commands
+ only with no side effects, and avoid commands such as Create/Delete
+ Submission/Completion Queue, Format, Set Feature, Asynchronous Event,
+ etc. as they may cause damage to data stored on the drive or system
+ panics. Also, as the commands are not checked in any way by the device
+ driver, any block may be overwritten.
The unvme interface is not recommended for very large data transfers
@@ -178,4 +178,4 @@
-Oracle Solaris 11.4 11 May 2021 unvme(4I)
+Oracle Solaris 11.4 3 Nov 2021 unvme(4I)
diff -NurbBw 11.4.39/xman4i/uscsi.4i 11.4.42/xman4i/uscsi.4i
--- 11.4.39/xman4i/uscsi.4i 2022-02-15 11:15:46.525953714 +0000
+++ 11.4.42/xman4i/uscsi.4i 2022-02-15 11:16:11.709739970 +0000
@@ -236,8 +236,8 @@
EIO An error occurred during the execution of the command.
- EPERM A process without root credentials tried to execute the USC-
- SICMD ioctl.
+ EPERM A process without sufficient privileges tried to execute the
+ USCSICMD ioctl.
EFAULT The uscsi_cmd itself, the uscsi_cdb, the uscsi_buf, or the
@@ -257,22 +257,23 @@
+-----------------------------+-----------------------------+
SEE ALSO
- ioctl(2), sd(4D), st(4D), attributes(7)
+ ioctl(2), sd(4D), st(4D), attributes(7), privileges(7)
ANSI Small Computer System Interface-2 (SCSI-2)
WARNINGS
The uscsi command is very powerful, but somewhat dangerous, and so its
- use is restricted to processes running as root, regardless of the file
- permissions on the device node. The device driver code expects to own
- the device state, and uscsi commands can change the state of the device
- and confuse the device driver. It is best to use uscsi commands only
- with no side effects, and avoid commands such as Mode Select, as they
- may cause damage to data stored on the drive or system panics. Also, as
- the commands are not checked in any way by the device driver, any block
- may be overwritten, and the block numbers are absolute block numbers on
- the drive regardless of which slice number is used to send the command.
+ use is restricted to processes running with the {PRIV_SYS_DEVICES}
+ privilege, regardless of the file permissions on the device node. The
+ device driver code expects to own the device state, and uscsi commands
+ can change the state of the device and confuse the device driver. It is
+ best to use uscsi commands only with no side effects, and avoid com-
+ mands such as Mode Select, as they may cause damage to data stored on
+ the drive or system panics. Also, as the commands are not checked in
+ any way by the device driver, any block may be overwritten, and the
+ block numbers are absolute block numbers on the drive regardless of
+ which slice number is used to send the command.
The uscsi interface is not recommended for very large data transfers
@@ -288,4 +289,4 @@
-Oracle Solaris 11.4 11 May 2021 uscsi(4I)
+Oracle Solaris 11.4 3 Nov 2021 uscsi(4I)
diff -NurbBw 11.4.39/xman4m/kb.4m 11.4.42/xman4m/kb.4m
--- 11.4.39/xman4m/kb.4m 2022-02-15 11:15:46.542998506 +0000
+++ 11.4.42/xman4m/kb.4m 2022-02-15 11:16:11.719547048 +0000
@@ -402,13 +392,14 @@
ioctl() requests for changing and retrieving entries from the keyboard
translation table use the kiockeymap structure:
+ #define KIOCABORT1 -1 /* Special "mask": abort1 keystation */
+ #define KIOCABORT2 -2 /* Special "mask": abort2 keystation */
+
struct kiockeymap {
int kio_tablemask; /* Translation table (one of: 0, CAPSMASK,
* SHIFTMASK, CTRLMASK, UPMASK,
* ALTGRAPHMASK, NUMLOCKMASK)
*/
- #define KIOCABORT1 -1 /* Special "mask": abort1 keystation */
- #define KIOCABORT2 -2 /* Special "mask": abort2 keystation */
uchar_t kio_station; /* Physical keyboard key station (0-127) */
ushort_t kio_entry; /* Translation table station's entry */
char kio_string[10]; /* Value for STRING entries-null terminated */
@@ -467,12 +458,13 @@
Special values of kio_tablemask can affect the two step "break to the
- PROM monitor" sequence. The usual sequence is L1-a or Stop-. If
+ PROM monitor" sequence. The usual sequence is L1-a or Stop-a. If
kio_tablemask is KIOCABORT1, then the value of kio_station is set to be
the first keystation in the sequence. If kio_tablemask, is KIOCABORT2
then the value of kio_station is set to be the second keystation in the
sequence. An attempt to change the "break to the PROM monitor" sequence
- without having superuser permission results in an EPERM error.
+ without having the {PRIV_SYS_CONFIG} privilege results in an EPERM
+ error.
KIOCGKEY
@@ -495,14 +487,14 @@
board
- KB_USB USB standard HID keyboard, including Sun Type 6 USB
- keyboards
+ KB_USB USB standard HID keyboard, including Sun Type 6 & 7
+ USB keyboards
KB_ASCII ASCII terminal masquerading as keyboard
- KB_PC Type 101 PC keyboard
+ KB_PC PC keyboard
KB_DEFAULT Stored in the int pointed to by the argument if the
@@ -624,7 +616,7 @@
on server systems with key switches in the 'secure' position. On
these systems, the effect is always disabled when the key switch is
in the 'secure' position. This ioctl()returns EPERM if the caller
- is not the superuser.
+ does not have the {PRIV_SYS_CONFIG} privilege.
@@ -679,12 +671,16 @@
SEE ALSO
kbd(1), kmdb(1), loadkeys(1), asy(4D), se(4D), virtualkm(4D),
- termio(4I), usbkbm(4M), keytables(5), attributes(7)
+ termio(4I), usbkbm(4M), keytables(5), attributes(7), privileges(7)
NOTES
- Many keyboards released after Sun Type 4 keyboard also report them-
- selves as Sun Type 4 keyboards.
+ Many non-USB keyboards released after Sun Type 4 keyboard also report
+ themselves as Sun Type 4 keyboards.
+
+
+ Only USB and PC keyboards are supported on Oracle Solaris 11.4, see
+ virtualkm(4D) for further details.
-Oracle Solaris 11.4 11 May 2021 kb(4M)
+Oracle Solaris 11.4 3 Nov 2021 kb(4M)
diff -NurbBw 11.4.39/xman4p/pf_key.4p 11.4.42/xman4p/pf_key.4p
--- 11.4.39/xman4p/pf_key.4p 2022-02-15 11:15:46.549664356 +0000
+++ 11.4.42/xman4p/pf_key.4p 2022-02-15 11:16:11.726958382 +0000
@@ -22,8 +20,8 @@
A user process (or possibly multiple cooperating processes) maintains
SADBs by sending messages over a special kind of socket. This is analo-
- gous to the method described in route(4P). Only a superuser may access
- an SADB.
+ gous to the method described in route(4P). The {PRIV_SYS_IP_CONFIG}
+ privilege is required to access an SADB.
Oracle Solaris applications that use PF_KEY include ipseckey(8) and
@@ -790,8 +768,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- ipsec(4P), ipsecah(4P), ipsecesp(4P), route(4P), udp(4P), in.iked(8),
- ipseckey(8)
+ ipsec(4P), ipsecah(4P), ipsecesp(4P), route(4P), udp(4P), privi-
+ leges(7), in.iked(8), ipseckey(8)
McDonald, D.L., Metz, C.W., and Phan, B.G., RFC 2367, PF_KEY Key Man-
@@ -803,4 +781,4 @@
-Oracle Solaris 11.4 11 May 2021 pf_key(4P)
+Oracle Solaris 11.4 3 Nov 2021 pf_key(4P)
diff -NurbBw 11.4.39/xman4p/route.4p 11.4.42/xman4p/route.4p
--- 11.4.39/xman4p/route.4p 2022-02-15 11:15:46.558295690 +0000
+++ 11.4.42/xman4p/route.4p 2022-02-15 11:16:11.732187629 +0000
@@ -22,7 +22,7 @@
A user process (or possibly multiple cooperating processes) maintains
this database by sending messages over a special kind of socket. This
supplants fixed size ioctl(2)'s specified in routing(4P). Routing table
- changes can only be carried out by the superuser.
+ changes require the {PRIV_SYS_IP_CONFIG} privilege.
The operating system might spontaneously emit routing messages in
@@ -283,7 +283,7 @@
SEE ALSO
- ioctl(2), setsockopt(3C), shutdown(3C), routing(4P)
+ ioctl(2), setsockopt(3C), shutdown(3C), routing(4P), privileges(7)
NOTES
Some of the metrics might not be implemented and return zero. The
@@ -306,4 +306,4 @@
-Oracle Solaris 11.4 11 May 2021 route(4P)
+Oracle Solaris 11.4 3 Nov 2021 route(4P)
diff -NurbBw 11.4.39/xman4p/udp.4p 11.4.42/xman4p/udp.4p
--- 11.4.39/xman4p/udp.4p 2022-02-15 11:15:46.565439442 +0000
+++ 11.4.42/xman4p/udp.4p 2022-02-15 11:16:11.740446134 +0000
@@ -40,18 +40,17 @@
UDP address formats are identical to those used by the Transmission
Control Protocol ("TCP"). Like TCP, UDP uses a port number along with
- an IPor IPv6 address to identify the endpoint of communication. The UDP
- port number space is separate from the TCP port number space, that is,
- a UDP port may not be "connected" to a TCP port. The bind(3C) call can
- be used to set the local address and port number of a UDP socket. The
- local IP or IPv6 address may be left unspecified in the bind() call by
- using the special value INADDR_ANY for IP, or the unspecified address
- (all zeroes) for IPv6. If the bind() call is not done, a local IP or
- IPv6 address and port number will be assigned to the endpoint when the
- first packet is sent. Broadcast packets may be sent, assuming the
- underlying network supports this, by using a reserved "broadcast
- address" This address is network interface dependent. Broadcasts may
- only be sent by the privileged user.
+ an IP or IPv6 address to identify the endpoint of communication. The
+ UDP port number space is separate from the TCP port number space, that
+ is, a UDP port may not be "connected" to a TCP port. The bind(3C) call
+ can be used to set the local address and port number of a UDP socket.
+ The local IP or IPv6 address may be left unspecified in the bind() call
+ by using the special value INADDR_ANY for IP, or the unspecified
+ address (all zeroes) for IPv6. If the bind() call is not done, a local
+ IP or IPv6 address and port number will be assigned to the endpoint
+ when the first packet is sent. Broadcast packets may be sent, assuming
+ the underlying network supports this, by using a reserved "broadcast
+ address." This address is network interface dependent.
Note that no two UDP sockets can be bound to the same port unless the
@@ -131,12 +130,12 @@
Postel, Jon, RFC 768, User Datagram Protocol, Network Information Cen-
- ter, SRI International, Menlo Park, Calif., August 1980
+ ter, August 1980. https://tools.ietf.org/html/rfc768.
Huttunen, A., Swander, B., Volpe, V., DiBurro, L., Stenberg, M., RFC
3948, UDP Encapsulation of IPsec ESP Packets, The Internet Society,
- 2005.
+ 2005. https://tools.ietf.org/html/rfc3948.
DIAGNOSTICS
A socket operation may fail if:
@@ -184,4 +183,4 @@
-Oracle Solaris 11.4 14 May 2018 udp(4P)
+Oracle Solaris 11.4 3 Nov 2021 udp(4P)
diff -NurbBw 11.4.39/xman5/autofs.5 11.4.42/xman5/autofs.5
--- 11.4.39/xman5/autofs.5 2022-02-15 11:15:46.572042573 +0000
+++ 11.4.42/xman5/autofs.5 2022-02-15 11:16:11.748639436 +0000
@@ -27,16 +27,16 @@
- As shipped, the parameters in the autofs file are commented out. As
- root, you must uncomment a keyword-value line to make the value for
- that parameter take effect.
+ As shipped, the parameters in the autofs file are commented out. You
+ must uncomment a keyword-value line to make the value for that parame-
+ ter take effect.
Administrators can make changes to the startup parameters for auto-
- mountd by logging in as root and editing the autofs file. Changes made
- to autofs values on an automount or automountd command line override
- values in /etc/default/autofs. The /etc/default/autofs file is pre-
- served across operating system upgrades.
+ mountd by editing the autofs file. Changes made to autofs values on an
+ automount or automountd command line override values in
+ /etc/default/autofs. The /etc/default/autofs file is preserved across
+ operating system upgrades.
The following parameters are currently supported in the autofs file:
@@ -90,4 +90,4 @@
-Oracle Solaris 11.4 18 Aug 2010 autofs(5)
+Oracle Solaris 11.4 3 Nov 2021 autofs(5)
diff -NurbBw 11.4.39/xman5/d_passwd.5 11.4.42/xman5/d_passwd.5
--- 11.4.39/xman5/d_passwd.5 2022-02-15 11:15:46.576571132 +0000
+++ 11.4.42/xman5/d_passwd.5 2022-02-15 11:16:11.753186086 +0000
@@ -17,8 +17,8 @@
d_passwd is an ASCII file which contains a list of executable programs
(typically shells) that require a dial-up password and the associated
encrypted passwords. When a user attempts to log in on any of the ports
- listed in the dialups file (see dialups(5)), the login program looks at
- the user's login entry stored in the passwd file (see passwd(5)), and
+ listed in the dialups(5) file, the pam_dial_auth(7) service module
+ looks at the user's login entry stored in the passwd(5) repository, and
compares the login shell field to the entries in d_passwd. These
entries determine whether the user will be required to supply a dial-up
password.
@@ -39,7 +39,8 @@
password An encrypted password. Users accessing the computer
through a dial-up port or modem using login-shell will
be required to enter this password before gaining access
- to the computer.
+ to the computer. These are in the same format as the
+ password field described in shadow(5).
@@ -68,46 +69,14 @@
Here is a sample d_passwd file:
- /usr/lib/uucp/uucico:q.mJzTnu8icF0:
/usr/bin/csh:6k/7KCFRPNVXg:
/usr/bin/ksh:9df/FDf.4jkRt:
/usr/bin/sh:41FuGVzGcDJlw:
- .SS "Generating An Encrypted Password"
- The passwd (see passwd(1)) utility can be used to generate the
- encrypted password for each login program. passwd generates encrypted
- passwords for users and places the password in the shadow (see
- shadow(5)) file. Passwords for the d_passwd file will need to be gener-
- ated by first adding a temporary user id using useradd (see user-
- add(8)), and then using passwd(1) to generate the desired password in
- the shadow file. Once the encrypted version of the password has been
- created, it can be copied to the d_passwd file.
-
- For example:
-
- 1. Type useradd tempuser and press Return. This creates a user
- named tempuser.
-
-
- 2. Type passwd tempuser and press Return. This creates an
- encrypted password for tempuser and places it in the shadow
- file.
-
-
- 3. Find the entry for tempuser in the shadow file and copy the
- encrypted password to the desired entry in the d_passwd
- file.
-
-
- 4. Type userdel tempuser and press Return to delete tempuser.
-
-
-
-
- These steps must be executed as the root user.
+ The password fields may be generated using the pwhash(1) command.
FILES
/etc/d_passwd dial-up password file
@@ -116,14 +85,8 @@
/etc/dialups list of dial-up ports requiring dial-up passwords
- /etc/passwd password file
-
-
- /etc/shadow shadow password file
-
-
SEE ALSO
- passwd(1), dialups(5), passwd(5), shadow(5), useradd(8)
+ pwhash(1), dialups(5), passwd(5), shadow(5), pam_dial_auth(7)
WARNINGS
When creating a new dial-up password, be sure to remain logged in on at
@@ -133,4 +96,4 @@
-Oracle Solaris 11.4 2 Sep 2004 d_passwd(5)
+Oracle Solaris 11.4 3 Nov 2021 d_passwd(5)
diff -NurbBw 11.4.39/xman5/nscd.conf.5 11.4.42/xman5/nscd.conf.5
--- 11.4.39/xman5/nscd.conf.5 2022-02-15 11:15:46.581079147 +0000
+++ 11.4.42/xman5/nscd.conf.5 2022-02-15 11:16:11.758262567 +0000
@@ -13,127 +13,217 @@
DESCRIPTION
The SMF service svc:/system/name-service/cache contains the configura-
- tion information for nscd(8). The nscd.conf file is considered obso-
- lete.
+ tion information for nscd(8).
- The following nscd properties are supported:
+ Do not edit the /etc/nscd.conf file as it is private.
+
+
+ Service configuration is applied from built-in defaults or from the
+ config property group. Provide Individual Cache configuration proper-
+ ties from within their specific property group, or when unspecified by
+ the default property group.
+
+ Service Configuration Properties
+ The following table shows the service configuration properties that are
+ in the config property group:
PROPERTY USAGE
---------------------------------------------------------------------
- config Property Group
config/enable_per_user_lookup Enable per-user lookups
- config/per_user_nscd_time_to_live Per-user Nscd time to live
+ config/per_user_nscd_time_to_live Per-user nscd time to live
config/logfile Log file location
config/debug_level Debugging/Log level flags
- config/debug_components subsystem debugging
+ config/debug_components Subsystem debugging
config/global_check_smf_state_interval SMF status check interval
enable_per_user_lookup value
- Enables or disables the ability of nscd to create a per-user nscd.
- A per-user nscd performs per-user lookups and manages the per-user
- cache. The per-user lookups might not be possible if the corre-
- sponding name service switch backends do not support it or are not
- configured to do so. The value of this attribute can be true or
- false.
+ Explicitly enable or disable nscd per-user mode, see nscd(8). By
+ default, the value is unset in SMF, which causes nscd to determine
+ whether the following conditions are true at startup:
- per_user_nscd_time_to_live value
+ o ldap is configured in nsswitch.conf(5)
- Sets the time-to-live value for a per-user nscd based on the last
- time the per-user nscd was active. value is an integer that speci-
- fies a number of seconds.
+ o svc:/network/ldap/client (ldap_cachemgr(8)) is enabled
- logfile
- Specifies name of the file to which debug info should be written.
- Use /dev/tty for standard output.
+ o ldapclient(8) has credentialLevel set to self.
+ Valid values for this property are true and false.
- debug_level value
+ When enabled, multiple nscd processes exist. Two nscd processes
+ that have a UID of 0 (the parent and a forker) are always running,
+ while other per-user nscd processes that have a non-0 UID only run
+ as needed.
- Sets the debug level desired. Note the configuration values and
- output of the debugging command is not likely to remain the same
- from release-to-release. Use the svccfg describe command to see the
- available levels. Debugging output formats should not be depended
- upon in scripts. Use the svccfg describe command to see release
- specific values.
+ Using per-user lookups might not be possible if the corresponding
+ name service switch backends do not support those lookups or if the
+ backends are not configured to do so. Currently, ldap(7) is the
+ only applicable backend, see ldapclient(8) for information about
+ the credentialLevel and the authenticationMethod properties.
- debug_components value
+ per_user_nscd_time_to_live value
+
+ Sets the idle time-to-live value for the non-0 UID per-user nscd
+ processes. The value, in seconds, is based on the last time the
+ per-user nscd was active. The default value is 120 seconds.
+
+
+ logfile filename
+
+ Specifies name of the file in which to write debug information. By
+ default, the file is /dev/null. Logging depends on the debug_level
+ and debug_components settings. Note that the log file can grow to
+ multiple gigabytes very quickly.
+
+
+ global_check_smf_state_interval value
+
+ Interval between checking the status of dependent SMF services such
+ as ldap(7), nis(7) and mdns(8). The default value is 120 seconds.
- Sets the nscd components to generate debugs messages. The configu-
- ration values and output of the debugging command is not likely to
- remain the same from release-to-release. Use the svccfg describe
- command to see the available levels. Debugging output formats
- should not be depended upon in scripts. Use the svccfg describe
- command to see release specific values.
+ debug_level value
+ Specifies the desired debug level. The default value is "None". Use
+ the svccfg describe command to list available levels. Note that the
+ configuration values and the debug level output can change at any
+ time, so do not depend upon this information in scripts.
- Additionally the following set of property groups share the same set of
- properties and manage the individual caches for each of the name ser-
- vice switch databases. The default property group contains any common
- configuration values for all caches. Additionally the following prop-
- erty groups can contain cache specific configuration:
- host, password, group, network, protocol, rpc, ether, netmask,
- bootparam, publickey, netgroup, service, printer, project,
- auth_attr, prof_attr, tnrhtp, tnrhdb
+ debug_components value
+ Specifies the nscd components that should generate debug messages.
+ The default value is "None". Use the svccfg describe command to
+ view the available components and a brief description of each. Note
+ that the configuration values and the component output can change
+ at any time, so do not depend upon this information in scripts.
+
+
+ Cache Configuration Groups
+ You can configure a specific cache in its individual property group.
+ The following table summarizes the supported databases, their respec-
+ tive SMF service property group names, and the entities that use them.
+ The Database column shows the form used by nscd usage output, while the
+ Group column shows the name used for the SMF property group.
+
+
+ Database Group Used By
+ --------------------------------------------------------------
+ auth_attr auth_attr getauthnam(3C)
+ automount automount automount(8)
+ bootparams bootparam rpc.bootparamd(8)
+ ethers ether ethers(3C)
+ exec_attr exec_attr exec_attr(5)
+ group group getgrnam(3C)
+ hosts host getaddrinfo(3C), getnameinfo(3C),
+ gethostent(3C).
+ ipnodes host getaddrinfo(3C), getnameinfo(3C),
+ getipnodebyaddr(3C).
+ netgroup netgroup innetgr(3C)
+ netmasks netmask ipadm(8)
+ networks network getnetbyname(3C)
+
+ passwd password getpwnam(3C), getspnam(3C)
+ prof_attr prof_attr getprofnam(3C), getexecprof(3C)
+ project project getprojent(3PROJECT), getdefault-
+ proj(3PROJECT), inproj(3PROJECT),
+ newtask(1), setproject(3PROJECT)
+ protocols protocol getprotobyname(3C)
+ rpc rpc getrpcbyname(3C)
+ services service getservbyname(3C)
+ tnrhtp tnrhtp tnctl(8)
+ tnrhdb tnrhdb tnctl(8)
+ user_attr user_attr getuserattr(3C)
+ Note that the ipnodes cache uses host group properties while being
+ cached independently.
+
+ Cache Configuration Properties
+ The following cache configuration properties are available within a
+ Group or the default property group:
+
+ check_file_interval value
+
+ Specifies an interval, in seconds, for the minimum time between
+ check_files checks. The default value is 0, which performs a check
+ each time the associated database is queried.
- The following properties are common to all the above property groups:
check_files value
- Enables or disables checking the file belonging to the specified
- cachename for changes. If enabled (which is the default), changes
- in the corresponding file cause the cache to be invalidated within
- 10 seconds. Can be disabled if files are never modified for a
- slight performance boost, particularly over NFS. value can be
- either true or false.
+ Enables or disables the periodic checking of the corresponding
+ cache file. The time period is based on the number of seconds spec-
+ ified by the check_file_interval property. By default, the periodic
+ check is enabled. The checks include the file's modified date,
+ size, and inode number. In addition, the check invalidates the
+ cache if any of the checked values differ from when the file was
+ last read. If you disable these checks you might experience a
+ slight performance boost. Disable these checks when you do not mod-
+ ify the file and run the nscd -i cachename command as needed. Valid
+ values are true and false.
enable_cache value
- Enables or disables the specified cache. value can be either true
- or false.
+ Enables or disables the specified cache. The value can be either
+ true or false.
keep_hot_count value
- This attribute allows the administrator to set the number of
- entries nscd(8) is to keep current in the specified cache. value is
- an integer number which should approximate the number of entries
- frequently used during the day.
+ Use this attribute to specify the number of entries that nscd(8)
+ keeps current in the specified cache. The value is an integer that
+ approximates the number of entries that are used frequently during
+ the day.
negative_time_to_live value
- Sets the time-to-live for negative entries (unsuccessful queries)
- in the specified cache. value is in integer seconds. Can result in
- significant performance improvements if there are several files
- owned by uids (user IDs) not in system databases. Should be kept
- small to reduce cache coherency problems.
+ Specifies the time-to-live, in seconds, for unsuccessful queries
+ (negative entries) of the specified cache. Keep this value small to
+ reduce cache coherency issues.
positive_time_to_live value
- Sets the time-to-live for positive entries (successful queries) in
- the specified cache. value is in integer seconds. Larger values
- increase cache hit rates and reduce mean response times, but
- increase problems with cache coherence. Sites that push (update)
- NIS maps nightly can set value to be the equivalent of 12 hours or
- more with very good performance implications.
+ Specifies the time-to-live, in seconds, for successful queries
+ (positive entries) of the specified cache. Larger values increase
+ cache hit rates and reduce mean response times and might increase
+ problems with cache coherence. Set the value to at least 43200 sec-
+ onds (12 hours) to improve performance for sites that update NIS
+ maps nightly. When DNS is the source, use the DNS-returned TTL
+ value unless it is greater than the positive_time_to_live property
+ value. See nsswitch.conf(5).
+
+
+EXAMPLES
+ Example 1 Setting the passwd Cache's negative_time_to_live Property
+ Value to Ten Seconds.
+
+
+ Specifying a larger value might result in significant performance
+ improvements if several files are owned by user IDs (UIDs) that are not
+ in system databases.
+
+ example# svccfg -s name-service/cache
+ svc:/system/name-service/cache> addpg password application
+ svc:/system/name-service/cache> setprop password/negative_time_to_live = 10
+ svc:/system/name-service/cache> refresh
+
+ Note that you must add a property group before you can set the group's
+ properties.
+
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
@@ -148,10 +238,27 @@
SEE ALSO
auth_attr(5), bootparams(5), ethers(5), exec_attr(5), group(5),
- hosts(5), netmasks(5), networks(5), passwd(5), prof_attr(5),
- project(5), protocols(5), rpc(5), services(5), user_attr(5),
- attributes(7), nscd(8)
+ hosts(5), netmasks(5), networks(5), nsswitch.conf(5), passwd(5),
+ prof_attr(5), project(5), protocols(5), rpc(5), services(5),
+ user_attr(5), attributes(7), ldap(7), nis(7), ldap_cachemgr(8),
+ mdns(8), nscd(8), svccfg(8)
+
+HISTORY
+ The Solaris 2.5 OS introduced the /etc/nscd.conf file as the nscd
+ administrative configuration file.
+
+
+ The Oracle Solaris 10 OS introduced the svc:/system/name-service-cache
+ service. Having this service enabled has been recommended since Solaris
+ 10 8/07.
+
+
+ The Oracle Solaris 11.0 OS introduced the svc:/system/name-ser-
+ vice/cache service and replaced the /etc/nscd.conf administrative con-
+ figuration file. Starting with Oracle Solaris 11.4, the service must be
+ enabled and be online with the nscd daemon running for certain configu-
+ rations to function correctly.
-Oracle Solaris 11.4 28 Mar 2020 nscd.conf(5)
+Oracle Solaris 11.4 5 Nov 2021 nscd.conf(5)
diff -NurbBw 11.4.39/xman5/proc.5 11.4.42/xman5/proc.5
--- 11.4.39/xman5/proc.5 2022-02-15 11:15:46.608674335 +0000
+++ 11.4.42/xman5/proc.5 2022-02-15 11:16:11.784240736 +0000
@@ -1031,9 +1031,9 @@
root
A symbolic link to the process's root directory. /proc/pid/root can
differ from the system root directory if the process or one of its
- ancestors executed chroot(2) as super user. It has the same semantics
- as /proc/pid/cwd. Note that /proc/pid/path/root provides the same
- information, and properly implements readlink(2).
+ ancestors executed chroot(2) with the {PRIV_PROC_CHROOT} privilege. It
+ has the same semantics as /proc/pid/cwd. Note that /proc/pid/path/root
+ provides the same information, and properly implements readlink(2).
fd
A directory containing references to the open files of the process.
@@ -2617,4 +2615,4 @@
-Oracle Solaris 11.4 11 May 2021 proc(5)
+Oracle Solaris 11.4 3 Nov 2021 proc(5)
diff -NurbBw 11.4.39/xman5/prof_attr.5 11.4.42/xman5/prof_attr.5
--- 11.4.39/xman5/prof_attr.5 2022-02-15 11:15:46.614620462 +0000
+++ 11.4.42/xman5/prof_attr.5 2022-02-15 11:16:11.788798100 +0000
@@ -128,6 +128,20 @@
prof_attr: files nis
+ Example 3 Displaying prof_attr entries
+
+
+
+ The getent(8) command can be used to print the definitions used for a
+ profile following the search path configured via nsswitch.conf:
+
+
+ % getent prof_attr "Media Backup" "Media Restore"
+ Media Backup:RO::Backup files and file systems:profiles=NDMP Management
+ Media Restore:RO::Restore files and file systems from backups:
+ auths=solaris.media.extract;profiles=NDMP Management
+
+
FILES
/etc/security/prof_attr
@@ -223,7 +237,7 @@
SEE ALSO
auths(1), pfexec(1), profiles(1), getauthattr(3C), getprofattr(3C),
getuserattr(3C), auth_attr(5), exec_attr(5), priv_names(5),
- user_attr(5), audit_flags(7), pam_user_policy(7), rbac(7)
+ user_attr(5), audit_flags(7), pam_user_policy(7), rbac(7), getent(8)
HISTORY
Support for /etc/security/prof_attr.d/ files was added in Oracle
@@ -234,4 +248,4 @@
-Oracle Solaris 11.4 21 Jun 2021 prof_attr(5)
+Oracle Solaris 11.4 3 Nov 2021 prof_attr(5)
diff -NurbBw 11.4.39/xman5/rcmscript.5 11.4.42/xman5/rcmscript.5
--- 11.4.39/xman5/rcmscript.5 2022-02-15 11:15:46.633059528 +0000
+++ 11.4.42/xman5/rcmscript.5 2022-02-15 11:16:11.806659388 +0000
@@ -179,8 +179,7 @@
level. Logging is discussed below.
- o
- The following environment variables are also set where pos-
+ o The following environment variables are also set where pos-
sible:
@@ -450,9 +449,6 @@
represents.
- You must be a superuser (root) to install or remove an RCM script.
-
-
Select one of the following directories where you want to place the
script:
@@ -682,9 +672,8 @@
NOTES
RCM scripts are expected to properly handle all RCM commands that the
- script implements and to log all errors. Only root has permission to
- add or remove an RCM script. An ill-behaved RCM script can cause unex-
- pected DR failures.
+ script implements and to log all errors. An ill-behaved RCM script can
+ cause unexpected DR failures.
RCM commands are invoked only for the resources whose subsystems par-
@@ -693,4 +682,4 @@
-Oracle Solaris 11.4 18 Feb 2003 rcmscript(5)
+Oracle Solaris 11.4 3 Nov 2021 rcmscript(5)
diff -NurbBw 11.4.39/xman5/resolv.conf.5 11.4.42/xman5/resolv.conf.5
--- 11.4.39/xman5/resolv.conf.5 2022-02-15 11:15:46.639897802 +0000
+++ 11.4.42/xman5/resolv.conf.5 2022-02-15 11:16:11.814209541 +0000
@@ -28,9 +28,6 @@
figuration the first time they are invoked by a process.
- If the service is not enabled then DNS will refuse to perform lookups.
-
-
The resolv.conf file is regenerated from the SMF properties when the
service is started or refreshed.
@@ -291,4 +288,4 @@
-Oracle Solaris 11.4 11 May 2021 resolv.conf(5)
+Oracle Solaris 11.4 19 Oct 2021 resolv.conf(5)
diff -NurbBw 11.4.39/xman5/sulog.5 11.4.42/xman5/sulog.5
--- 11.4.39/xman5/sulog.5 2022-02-15 11:15:46.644206165 +0000
+++ 11.4.42/xman5/sulog.5 2022-02-15 11:16:11.817548338 +0000
@@ -28,8 +28,11 @@
time The time su(8) was executed. time is displayed in the form
- HH/MM where HH is the hour number (24 hour system) and MM is
- the minute number.
+ HH:MM where HH is the hour number (24 hour system) and MM is
+ the minute number. The time zone for this timestamp depends
+ on the TZ variable in the environment used to start su,
+ which may differ from the system time zone or the time zones
+ used by other invocations of the su command.
result The result of the su(8) command. A '+' sign is displayed in
@@ -47,6 +50,12 @@
newuser The user id being switched to with su(8).
+USAGE
+ The sulog file is maintained for historical usage, but is not recom-
+ mended for auditing purposes due to its limited content and reliance on
+ the caller's time zone. Instead it is recommended to rely on the system
+ audit.log(5) files, which may be viewed with admhist(8) or praudit(8).
+
EXAMPLES
Example 1 A sample sulog file.
@@ -65,6 +74,10 @@
SU 03/14 08:31 + pts/4 user1-root
+ENVIRONMENT VARIABLES
+ See environ(7) for descriptions of the following environment variables
+ that affect the data recorded in sulog: TZ.
+
FILES
/var/adm/sulog Default location of su log file
@@ -73,8 +86,8 @@
SEE ALSO
- su(8)
+ audit.log(5), environ(7), admhist(8), praudit(8), su(8)
-Oracle Solaris 11.4 21 Jun 2021 sulog(5)
+Oracle Solaris 11.4 9 Nov 2021 sulog(5)
diff -NurbBw 11.4.39/xman5/system.5 11.4.42/xman5/system.5
--- 11.4.39/xman5/system.5 2022-02-15 11:15:46.648767423 +0000
+++ 11.4.42/xman5/system.5 2022-02-15 11:16:11.821330241 +0000
@@ -189,11 +189,8 @@
* Note that you can delimit your module pathnames using
* colons instead of spaces: moddir:/newmodules:/kernel/modules
moddir:/usr/phil/mod_test /kernel/modules.
- * Set the configuration option {_POSIX_CHOWN_RESTRICTED} :
- * This configuration option is enabled by default.
- set rstchown = 1
- * Disable the configuration option {_POSIX_CHOWN_RESTRICTED} :
- set rstchown = 0
+ * Set the default soft limit for file descriptors per process.
+ set rlim_fd_cur = 1023
* Turn on debugging messages in the modules mydriver. This is useful
* during driver development.
set mydriver:debug = 1
@@ -207,10 +204,12 @@
set moddebug | 0x40
-
SEE ALSO
boot(8), bootadm(8), init(8), kernel(8)
+
+ Oracle Solaris 11.4 Tunable Parameters Reference Manual
+
WARNINGS
Use care when modifying the system file; it modifies the operation of
the kernel. If you preserved the original system file, you can boot
@@ -225,4 +224,4 @@
-Oracle Solaris 11.4 19 Apr 2019 system(5)
+Oracle Solaris 11.4 3 Nov 2021 system(5)
diff -NurbBw 11.4.39/xman7/environ.7 11.4.42/xman7/environ.7
--- 11.4.39/xman7/environ.7 2022-02-15 11:15:46.654802128 +0000
+++ 11.4.42/xman7/environ.7 2022-02-15 11:16:11.826049831 +0000
@@ -255,8 +255,26 @@
Time zone information. The contents of this environment variable
are used by the functions ctime(3C), localtime(3C), strftime(3C),
- and mktime(3C) to override the default time zone. The value of TZ
- has one of the two formats (spaces inserted for clarity):
+ and mktime(3C) to override the default time zone.
+
+ By default, this variable is not set. When not set, the system
+ default time zone of localtime is used. The data for this time zone
+ can be set by either of the commands:
+
+
+ zic -l timezone
+
+ or
+
+
+ nlsadmin set-timezone timezone
+
+ When run, those commands will update the time zone of all programs
+ relying on the localtime time zone. For more information, see
+ tzreload(8).
+
+ If set, the value of TZ has one of the two formats (spaces inserted
+ for clarity):
:characters
@@ -377,7 +395,7 @@
date(3C), getnetpath(3C), gettext(3C), gettxt(3C), localeconv(3C),
mblen(3C), mktime(3C), printf(3C), setlocale(3C), strcoll(3C), strf-
time(3C), strtod(3C), strxfrm(3C), netconfig(5), passwd(5), profile(5),
- locale_alias(7)
+ locale_alias(7), nlsadm(8), tzreload(8), zic(8)
WARNINGS
The use of a null path name or dot (.) in the shell parameter PATH is
@@ -385,4 +403,4 @@
-Oracle Solaris 11.4 11 May 2021 environ(7)
+Oracle Solaris 11.4 9 Nov 2021 environ(7)
diff -NurbBw 11.4.39/xman7/resource-controls.7 11.4.42/xman7/resource-controls.7
--- 11.4.39/xman7/resource-controls.7 2022-02-15 11:15:46.667947121 +0000
+++ 11.4.42/xman7/resource-controls.7 2022-02-15 11:16:11.843346008 +0000
@@ -47,12 +47,11 @@
Total amount of memory for storing ADI metadata of pages that may
be written to backing store, expressed as a number of bytes. The
maximum amount of metadata needed for each ADI page is determined
- by sysconf() (_SC_ADI_METADATA_MAX). Metadata memory is not
- reserved for pages which are never written to backing store such as
- shared memory pages created with the SHM_SHARE_MMU flag. Whether or
- not metadata is reserved for mlock() pages is implementation depen-
- dent. For more information, see the sysconf(3C) and mlock(3C) man
- pages.
+ by sysconf(_SC_ADI_METADATA_MAX). Metadata memory is not reserved
+ for pages which are never written to backing store such as shared
+ memory pages created with the SHM_SHARE_MMU flag. Whether or not
+ metadata is reserved for mlock() pages is implementation dependent.
+ For more information, see the sysconf(3C) and mlock(3C) man pages.
process.max-core-size
@@ -266,12 +265,11 @@
Total amount of memory for storing ADI metadata of pages that may
be written to backing store, expressed as a number of bytes. The
maximum amount of metadata needed for each ADI page is determined
- by sysconf() (_SC_ADI_METADATA_MAX). Metadata memory is not
- reserved for pages which are never written to backing store such as
- shared memory pages created with the SHM_SHARE_MMU flag. Whether or
- not metadata is reserved formlock() pages is implementation depen-
- dent. For more information, see the sysconf(3C) and mlock(3C) man
- pages.
+ by sysconf(_SC_ADI_METADATA_MAX). Metadata memory is not reserved
+ for pages which are never written to backing store such as shared
+ memory pages created with the SHM_SHARE_MMU flag. Whether or not
+ metadata is reserved formlock() pages is implementation dependent.
+ For more information, see the sysconf(3C) and mlock(3C) man pages.
zone.cpu-cap
@@ -458,10 +456,10 @@
The privilege level for a resource control value is defined in the
- privilege field of the resource control block as RCTL_BASIC ,
- RCTL_PRIVILEGED, or RCTL_SYSTEM. See setrctl(2) for more information.
- You can use the prctl command to modify values that are associated with
- basic and privileged levels.
+ privilege field of the resource control block as RCTL_BASIC, RCTL_PRIV-
+ ILEGED, or RCTL_SYSTEM. See setrctl(2) for more information. You can
+ use the prctl command to modify values that are associated with basic
+ and privileged levels.
In specifying the privilege level of privileged, you can use the abbre-
@@ -651,8 +649,10 @@
lowerable
- Superuser privileges are not required to lower the privileged val-
- ues for this control.
+ The {PRIV_SYS_RESOURCE} privilege is not required to lower the
+ privileged values for this control. If this flag is not present,
+ then the {PRIV_SYS_RESOURCE} privilege is required to lower the
+ privileged values for this control.
no-deny
@@ -713,8 +713,8 @@
SEE ALSO
prctl(1), memcntl(2), setrctl(2), rctlblk_set_value(3C), libpool(3LIB),
- lofi(4D), FSS(4), project(5), attributes(7), pooladm(8), poolcfg(8),
- projadd(8), projmod(8), rctladm(8)
+ lofi(4D), FSS(4), project(5), attributes(7), privileges(7), pooladm(8),
+ poolcfg(8), projadd(8), projmod(8), rctladm(8)
Administering Resource Management in Oracle Solaris 11.4
@@ -731,4 +731,4 @@
-Oracle Solaris 11.4 3 May 2021 resource-controls(7)
+Oracle Solaris 11.4 3 Nov 2021 resource-controls(7)
diff -NurbBw 11.4.39/xman7/solaris.7 11.4.42/xman7/solaris.7
--- 11.4.39/xman7/solaris.7 2022-02-15 11:15:46.673848407 +0000
+++ 11.4.42/xman7/solaris.7 2022-02-15 11:16:11.848000864 +0000
@@ -54,27 +54,8 @@
link-protection mac-nospoof
- Cold Migration
- solaris branded zones can be cold migrated to compatible hosts by using
- the zoneadm migrate command, as described in the zoneadm(8) man page.
-
-
- For cold migration to work, the same services and packages must be con-
- figured as for the solaris-kz(7) brand cold migration.
-
- Only zones on shared storage may be migrated. Supported storage URI
- types for migration are iscsi and lu.
- Auxiliary State
- The following auxiliary state (as shown by zoneadm list -is) is defined
- for this brand:
-
- no-config The zone is known to the system but its configuration is
- missing. State of the zone is always incomplete.
-
-
-SUB-COMMANDS
The following zonecfg(8) resources and properties are supported by the
live zone reconfiguration for solaris brand:
@@ -111,6 +92,7 @@
net:configure-allowed-address
net:defrouter
npiv
+ rootzpool
tenant
zpool
@@ -129,6 +111,26 @@
For the list of solaris brand-specific subcommand options, see
zoneadm(8).
+ Cold Migration
+ solaris branded zones can be cold migrated to compatible hosts by using
+ the zoneadm migrate command, as described in the zoneadm(8) man page.
+
+
+ For cold migration to work, the same services and packages must be con-
+ figured as for the solaris-kz(7) brand cold migration.
+
+
+ Only zones on shared storage may be migrated. Supported storage URI
+ types for migration are iscsi and lu.
+
+ Auxiliary State
+ The following auxiliary state (as shown by zoneadm list -is) is defined
+ for this brand:
+
+ no-config The zone is known to the system but its configuration is
+ missing. State of the zone is always incomplete.
+
+
EXAMPLES
Example 1 Conversion of a Global Zone to a solaris Zone
@@ -267,4 +269,4 @@
-Oracle Solaris 11.4 6 Mar 2020 solaris(7)
+Oracle Solaris 11.4 29 Nov 2021 solaris(7)
diff -NurbBw 11.4.39/xman8/busstat.8 11.4.42/xman8/busstat.8
--- 11.4.39/xman8/busstat.8 2022-02-15 11:15:46.680940398 +0000
+++ 11.4.42/xman8/busstat.8 2022-02-15 11:16:11.853068224 +0000
@@ -32,9 +30,9 @@
count times.
- Only root users can program these counters. Non-root users have the
- option of reading the counters that have been programmed by a root
- user.
+ The {PRIV_SYS_CONFIG} privilege is required to program these counters.
+ Non-privileged users have the option of reading the counters that have
+ been programmed by a privileged user.
The default value for the interval argument is 1 second, and the
@@ -82,30 +80,26 @@
titles.
- -r device-inst [-c
- column_list]]
+ -r device-inst [-c column_list]]
Read and display all pic values for the specified device
- Specify device-inst as device (name) followed by instance
- number, if specifying an
- instance number of a device whose counters are to be read and dis-
- played. If all instances of this device are to be read, use device
- (name) without an instance number. All pic values will be sampled
- when using the -r option. When the -c option is used, only the
- specified event and pic columns will be displayed. The default is
- to display all the event and pic columns for the device. The col-
- umn_list is a comma-separated list of integers or ranges of inte-
- gers such as 1, 4 to 7 and 35.
+ Specify device-inst as device (name) followed by instance number,
+ if specifying an instance number of a device whose counters are to
+ be read and displayed. If all instances of this device are to be
+ read, use device (name) without an instance number. All pic values
+ will be sampled when using the -r option. When the -c option is
+ used, only the specified event and pic columns will be displayed.
+ The default is to display all the event and pic columns for the
+ device. The column_list is a comma-separated list of integers or
+ ranges of integers such as 1, 4 to 7 and 35.
- -w device-inst
- [,pic0=event] [,picn=event]
- [-c column_list]]
+ -w device-inst[,pic0=event][,picn=event] [-c column_list]]
Program (write) the specified devices to count the specified
- events. Write access to the counters is restricted to root users
- only. Non-root users can use -r option.
+ events. Write access to the counters requires the {PRIV_SYS_CONFIG}
+ privilege. Non-privileged users can use -r option.
Specify device-inst as device (name) followed by an optional
instance number. If specifying an instance number of a device to
@@ -205,19 +192,14 @@
...
-
-
-
Example 3 Monitoring the events being counted
This example monitors the events that are being counted on the sbus1
- device, 100 times at 1 second intervals. It suggests that a root user
- has changed the events that sbus1 was counting to be dvma_tlb_misses
- and interrupts instead of pio_cycles.
-
-
+ device, 100 times at 1 second intervals. It suggests that a privileged
+ user has changed the events that sbus1 was counting to be
+ dvma_tlb_misses and interrupts instead of pio_cycles.
# busstat -r sbus0 1 100
@@ -246,12 +225,10 @@
- It shows the expected output of the above busstat command. Another root
- user on the machine has changed the events that this user had pro-
- grammed and busstat has detected this and terminates the command with a
- message.
-
-
+ It shows the expected output of the above busstat command. Another
+ privileged user on the machine has changed the events that this user
+ had programmed and busstat has detected this and terminates the command
+ with a message.
# busstat -w ac0,pic0=clock_cycles,pic1=mem_bank0_rds \
@@ -308,8 +281,9 @@
+-----------------------------+-----------------------------+
SEE ALSO
- strtol(3C), attributes(7), vmstat(8), iostat(8), mpstat(8)
+ strtol(3C), attributes(7), privileges(7), vmstat(8), iostat(8),
+ mpstat(8)
-Oracle Solaris 11.4 23 May 2017 busstat(8)
+Oracle Solaris 11.4 3 Nov 2021 busstat(8)
diff -NurbBw 11.4.39/xman8/chroot.8 11.4.42/xman8/chroot.8
--- 11.4.39/xman8/chroot.8 2022-02-15 11:15:46.685627539 +0000
+++ 11.4.42/xman8/chroot.8 2022-02-15 11:16:11.857740140 +0000
@@ -30,7 +30,7 @@
the current root of the running process.
- This command can be run only by the super-user.
+ This command requires the {PRIV_PROC_CHROOT} privilege.
RETURN VALUES
The exit status of chroot is the return value of command.
@@ -46,7 +46,7 @@
+-----------------------------+-----------------------------+
SEE ALSO
- cd(1), tar(1), chroot(2), ttyname(3C), attributes(7)
+ cd(1), tar(1), chroot(2), ttyname(3C), attributes(7), privileges(7)
NOTES
Exercise extreme caution when referencing device files in the new root
@@ -59,4 +59,4 @@
-Oracle Solaris 11.4 21 Jun 2021 chroot(8)
+Oracle Solaris 11.4 3 Nov 2021 chroot(8)
diff -NurbBw 11.4.39/xman8/coreadm.8 11.4.42/xman8/coreadm.8
--- 11.4.39/xman8/coreadm.8 2022-02-15 11:15:46.692023002 +0000
+++ 11.4.42/xman8/coreadm.8 2022-02-15 11:16:11.863355994 +0000
@@ -335,9 +335,15 @@
-g pattern
- Set the global core file name pattern to pattern. The pattern must
- start with a / and can contain any of the special % variables that
- are described in the DESCRIPTION.
+ Set the global core file name pattern to pattern. The pattern rep-
+ resents a file system location and should start with a /. It can
+ contain any of the special % variables that are described in the
+ DESCRIPTION.
+
+ If the pattern is default or a blank string (eg. -g ""), the global
+ core file pattern is returned to the system default.
+
+ The system default is /var/cores/core.%z.%f.%u.%p
Only users and roles belonging to the "Maintenance and Repair" RBAC
profile can use this option.
@@ -442,8 +448,14 @@
-k pattern
Set the kernel zone core file name pattern to pattern. The pattern
- must start with a / and can contain any of the special % variables
- that are described in the DESCRIPTION section.
+ represents a files system location and should start with a /. It
+ can contain any of the special % variables that are described in
+ the DESCRIPTION section.
+
+ If the pattern is default or a blank string (eg. -k ""), the kernel
+ zone core file pattern is returned to the system default.
+
+ The system default is /var/cores/%z/kzcore.%t
Only users and roles belonging to the Maintenance and Repair RBAC
profile can use this option.
diff -NurbBw 11.4.39/xman8/cpustat.8 11.4.42/xman8/cpustat.8
--- 11.4.39/xman8/cpustat.8 2022-02-15 11:15:46.727731547 +0000
+++ 11.4.42/xman8/cpustat.8 2022-02-15 11:16:11.868259488 +0000
@@ -109,7 +109,7 @@
The -I option is incompatible with an interval and count specifica-
tion.
- Read from the standard input if the file name is -- (hyphen).
+ Read from the standard input if the file name is - (hyphen).
-k key1,...
@@ -148,7 +148,7 @@
Save all data to statfile. This data may be replayed at a later
time using -I.
- Write to the standard output if the file name is -- (hyphen).
+ Write to the standard output if the file name is - (hyphen).
The purpose of -O is to capture all available data. It is incompat-
ible with the data reduction options: -A, -k, -m and -o.
@@ -197,10 +197,12 @@
other activities on the system.
- The cpustat utility must be run by the super-user, as there is an
- intrinsic conflict between the use of the CPU performance counters sys-
- tem-wide by cpustat and the use of the CPU performance counters to mon-
- itor an individual process (for example, by cputrack.)
+ The cpustat utility must be run with privileges including
+ {PRIV_CPC_CPU} and {PRIV_SYS_RESOURCE}, as there is an intrinsic con-
+ flict between the use of the CPU performance counters system-wide by
+ cpustat and the use of the CPU performance counters to monitor an indi-
+ vidual process (for example, by cputrack.) The System Observability
+ profile includes the necessary privileges to run cpustat.
Once any instance of this utility has started, no further per-process
@@ -229,7 +231,7 @@
than 4 billion clock cycles can occur between samples.
- The output of cpustat is designed to be readily parsable by nawk(1) and
+ The output of cpustat is designed to be readily parsable by awk(1) and
perl(1), thereby allowing performance tools to be composed by embedding
cpustat in scripts. Alternatively, tools can be constructed directly
using the same APIs that cpustat is built upon using the facilities of
@@ -402,7 +404,7 @@
WARNINGS
- By running the cpustat command, the super-user forcibly invalidates all
+ By running the cpustat command, the user forcibly invalidates all
existing performance counter context. This can in turn cause all invo-
cations of the cputrack command, and other users of performance counter
context, to exit prematurely with unspecified errors.
@@ -439,9 +441,10 @@
+-----------------------------+-----------------------------+
SEE ALSO
- cputrack(1), nawk(1), perl(1), cpc(3CPC), cpc_bind_cpu(3CPC),
+ cputrack(1), awk(1), perl(1), cpc(3CPC), cpc_bind_cpu(3CPC),
cpc_open(3CPC), gethrtime(3C), strtoll(3C), libcpc(3LIB),
- attributes(7), iostat(8), prstat(8), psrset(8), vmstat(8)
+ attributes(7), privileges(7), iostat(8), prstat(8), psrset(8),
+ vmstat(8)
NOTES
When cpustat is run on a Pentium 4 with HyperThreading enabled, a CPC
@@ -450,4 +453,4 @@
-Oracle Solaris 11.4 11 Feb 2021 cpustat(8)
+Oracle Solaris 11.4 3 Nov 2021 cpustat(8)
diff -NurbBw 11.4.39/xman8/cryptoadm.8 11.4.42/xman8/cryptoadm.8
--- 11.4.39/xman8/cryptoadm.8 2022-02-15 11:15:46.734426444 +0000
+++ 11.4.42/xman8/cryptoadm.8 2022-02-15 11:16:11.874702391 +0000
@@ -83,7 +83,8 @@
With the exception of the subcommands or options listed below, the
- cryptoadm command needs to be run by a privileged user.
+ cryptoadm command needs to be run by a privileged user. The Crypto Man-
+ agement rights profile provides the necessary privileges.
o subcommand list, any options
@@ -553,4 +554,4 @@
-Oracle Solaris 11.4 21 Jun 2021 cryptoadm(8)
+Oracle Solaris 11.4 3 Nov 2021 cryptoadm(8)
diff -NurbBw 11.4.39/xman8/devinfo.8 11.4.42/xman8/devinfo.8
--- 11.4.39/xman8/devinfo.8 2022-02-15 11:15:46.737752288 +0000
+++ 11.4.42/xman8/devinfo.8 2022-02-15 11:16:11.878077945 +0000
@@ -13,8 +13,9 @@
DESCRIPTION
The devinfo command is used to print device specific information about
- disk devices on standard out. The command can only be used by the supe-
- ruser.
+ disk devices on standard out. The command can only be used by a user
+ which has either read permission on the disk device file or the File
+ System Management profile.
OPTIONS
-i Prints the following device information:
@@ -92,4 +93,4 @@
-Oracle Solaris 11.4 8 May 1997 devinfo(8)
+Oracle Solaris 11.4 3 Nov 2021 devinfo(8)
diff -NurbBw 11.4.39/xman8/df.8 11.4.42/xman8/df.8
--- 11.4.39/xman8/df.8 2022-02-15 11:15:46.742180643 +0000
+++ 11.4.42/xman8/df.8 2022-02-15 11:16:11.882367410 +0000
@@ -156,7 +156,7 @@
Scaling is done by repetitively dividing by a scale factor of
1024. The use of binary scaling is indicated by the addition of
- an 'i' modifer to the suffix (Ki, Mi, Gi, ...).
+ an 'i' modifier to the suffix (Ki, Mi, Gi, ...).
max
@@ -409,4 +409,4 @@
-Oracle Solaris 11.4 26 July 2020 df(8)
+Oracle Solaris 11.4 23 August 2021 df(8)
diff -NurbBw 11.4.39/xman8/dladm.8 11.4.42/xman8/dladm.8
--- 11.4.39/xman8/dladm.8 2022-02-15 11:15:46.794018437 +0000
+++ 11.4.42/xman8/dladm.8 2022-02-15 11:16:11.953456330 +0000
@@ -7008,8 +7008,8 @@
dlpi(4P), attributes(7), ieee802.3(7), acctadm(8), autopush(8),
datalink-management(5), dlstat(8), evsadm(8), ibadm(8), ifconfig(8),
in.dlmpd(8), ipadm(8), ipsecconf(8), lldpadm(8), ndd(8), netadm(8),
- netcfg(8), pooladm(8), poolcfg(8), psrset(8), vrrpadm(8), wpad(8),
- zonecfg(8), dhcpagent(8)
+ netcfg(8), pooladm(8), poolcfg(8), psrset(8), vrrpadm(8), zonecfg(8),
+ dhcpagent(8)
Configuring and Managing Network Components in Oracle Solaris 11.4
diff -NurbBw 11.4.39/xman8/dminfo.8 11.4.42/xman8/dminfo.8
--- 11.4.39/xman8/dminfo.8 2022-02-15 11:15:46.798607466 +0000
+++ 11.4.42/xman8/dminfo.8 2022-02-15 11:16:11.969873516 +0000
@@ -24,7 +24,7 @@
dminfo reports and updates information about the device_maps(5) file.
OPTIONS
- The following options are supported
+ The following options are supported:
-a Succeed if any of the requested entries are found. If
used with -v, all entries that match the requested
@@ -58,9 +58,7 @@
file. It uses the colon (:) as a field separator, and
white space as the device_list subfield separators.
The dm-entry is not made if any fields are missing,
- or if the dm-entry would be a duplicate. The default
- device maps file can be updated only by the super
- user.
+ or if the dm-entry would be a duplicate.
-v Verbose. Print the requested entry or entries, one
@@ -96,4 +94,4 @@
-Oracle Solaris 11.4 21 Jun 2021 dminfo(8)
+Oracle Solaris 11.4 3 Nov 2021 dminfo(8)
diff -NurbBw 11.4.39/xman8/domainname.8 11.4.42/xman8/domainname.8
--- 11.4.39/xman8/domainname.8 2022-02-15 11:15:46.802735458 +0000
+++ 11.4.42/xman8/domainname.8 2022-02-15 11:16:11.973955401 +0000
@@ -28,12 +28,16 @@
If not yet enabled, the nis/domain service is enabled.
- The super-user can temporary set the domain name using:
+ A user with the {PRIV_SYS_ADMIN} privilege can temporarily set the
+ domain name using:
# domainname -t nisdomain.example.com
+ but it will reset to the default when the system next boots.
+
+
The domain name for various naming services can also be set by other
means. DNS ignores the domain name set by domainname and LDAP uses it
as a last resort.
@@ -89,8 +93,9 @@
SEE ALSO
svcs(1), aliases(5), defaultdomain(5), hosts(5), nsswitch.conf(5),
- passwd(5), attributes(7), rbac(7), smf(7), check-hostname(8), hostcon-
- fig(8), named(8), sendmail(8), svcadm(8), svccfg(8), ypinit(8)
+ passwd(5), attributes(7), rbac(7), privileges(7), smf(7), check-host-
+ name(8), hostconfig(8), named(8), sendmail(8), svcadm(8), svccfg(8),
+ ypinit(8)
NOTES
The domainname service is managed by the service management facility,
@@ -106,4 +111,4 @@
-Oracle Solaris 11.4 11 May 2021 domainname(8)
+Oracle Solaris 11.4 3 Nov 2021 domainname(8)
diff -NurbBw 11.4.39/xman8/eeprom.8 11.4.42/xman8/eeprom.8
--- 11.4.39/xman8/eeprom.8 2022-02-15 11:15:46.820756024 +0000
+++ 11.4.42/xman8/eeprom.8 2022-02-15 11:16:11.982217258 +0000
@@ -25,7 +25,9 @@
line).
- Only the super-user may alter the EEPROM contents.
+ An effective uid of 0 is required to alter the EEPROM contents. This is
+ provided by the Device Security rights profile or the Maintenance and
+ Repair rights profile.
eeprom verifies the EEPROM checksums and complains if they are incor-
@@ -957,4 +959,4 @@
-Oracle Solaris 11.4 14 Apr 2020 eeprom(8)
+Oracle Solaris 11.4 3 Nov 2021 eeprom(8)
diff -NurbBw 11.4.39/xman8/fuser.8 11.4.42/xman8/fuser.8
--- 11.4.39/xman8/fuser.8 2022-02-15 11:15:46.827005804 +0000
+++ 11.4.42/xman8/fuser.8 2022-02-15 11:16:11.986481148 +0000
@@ -78,8 +74,8 @@
newline, is written on standard error.
- Any user can run fuser, but only the superuser can terminate another
- user's process.
+ Any user can run fuser, but the {PRIV_PROC_OWNER} privilege is required
+ to send a signal to another user's process.
OPTIONS
The following options are supported:
@@ -91,18 +87,14 @@
-d Report device usage information for all minor nodes bound to
the same device node as the specified minor node. This option
does not report file usage for files within a mounted file
- system
+ system.
-f Prints a report for the named file, not for files within a
mounted file system
- -k Sends the SIGKILL signal to each process. Since this option
- spawns kills for each process, the kill messages may not show
- up immediately. No signals will be sent to kernel file con-
- sumers or file event monitors. For more information, see the
- kill(2) man page
+ -k Equivalent to -s KILL or -s 9.
-l Prevents resolving the symlinks to target file
@@ -116,9 +108,9 @@
ifies one of the symbolic names defined in the <signal.h>
header, or a decimal integer signal number. If sig is a sym-
bolic name, it is recognized in a case-independent fashion,
- without the SIG prefix. The -k option is equivalent to -s
- KILL or -s 9. No signals will be sent to kernel file con-
- sumers
+ without the SIG prefix. No signals will be sent to kernel
+ file consumers or file event monitors. For more information,
+ see the kill(2) and signal.h(3HEAD) man pages.
-u Displays the user login name in parentheses following the
@@ -164,10 +154,9 @@
example% fuser -fn -s term /export/foo/my_file
-
ENVIRONMENT VARIABLES
See environ(7) for descriptions of the following environment variables
- that affect the execution of fuser: LANG, LC_ALL LC_CTYPE, LC_MES-
+ that affect the execution of fuser: LANG, LC_ALL, LC_CTYPE, LC_MES-
SAGES, and NLSPATH.
ATTRIBUTES
@@ -185,7 +174,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- ps(1), kill(2), mmap(2), signal(3C), attributes(7), environ(7), stan-
+ pfiles(1), ps(1), kill(2), mmap(2), port_associate(3C), signal(3C),
+ signal.h(3HEAD), attributes(7), environ(7), privileges(7), stan-
dards(7), mount(8)
NOTES
@@ -196,4 +186,4 @@
-Oracle Solaris 11.4 23 Jan 2017 fuser(8)
+Oracle Solaris 11.4 3 Nov 2021 fuser(8)
diff -NurbBw 11.4.39/xman8/idmap.8 11.4.42/xman8/idmap.8
--- 11.4.39/xman8/idmap.8 2022-02-15 11:15:46.834775699 +0000
+++ 11.4.42/xman8/idmap.8 2022-02-15 11:16:11.999497215 +0000
@@ -308,11 +308,14 @@
name enables name-based mapping using the properties described
above.
- idmu enables mapping using Microsoft's Identity Management for UNIX
- (IDMU). This Windows component allows the administrator to specify
- a UNIX user ID for each Windows user, mapping the Windows identity
- to the corresponding UNIX identity. Only IDMU data from the domain
- the Solaris system is a member of is used.
+ rfc2307 enables mapping using the uidNumber and gidNumber
+ attributes defined in RFC 2307 LDAP schema. The attributes allow
+ the administrator to specify a UNIX user ID or group ID for each
+ Windows user or group, mapping Windows identity to Unix identity.
+ Only data from the domain the Solaris system is a member of is
+ used.
+
+ idmu is an alias for rfc2307.
@@ -1022,4 +1025,4 @@
-Oracle Solaris 11.4 11 May 2021 idmap(8)
+Oracle Solaris 11.4 2 June 2021 idmap(8)
diff -NurbBw 11.4.39/xman8/ipadm.8 11.4.42/xman8/ipadm.8
--- 11.4.39/xman8/ipadm.8 2022-02-15 11:15:46.894681694 +0000
+++ 11.4.42/xman8/ipadm.8 2022-02-15 11:16:12.034605637 +0000
@@ -127,8 +127,8 @@
PLES, below, for more information.
Required Authorization and Privilege
- The following subcommands require solaris.network.interface.config
- authorization and PRIV_SYS_IP_CONFIG privilege.
+ The following subcommands require the solaris.network.interface.config
+ authorization and {PRIV_SYS_IP_CONFIG} privilege.
create-ip create-addr
delete-ip up-addr
@@ -147,7 +147,11 @@
In addition to the authorization and privilege specified above, the
ipadm subcommands create-ip, create-vni, create-ipmp, and enable-if
- need PRIV_NET_RAWACCESS privilege.
+ need {PRIV_NET_RAWACCESS} privilege.
+
+
+ The Network Management rights profile provides all of the needed privi-
+ leges and authorizations to use all features of all ipadm subcommands.
SUB-COMMANDS
The following subcommands are supported:
@@ -240,7 +244,7 @@
The operation affects only the active configuration.
- -i, ---interface interface,[...]
+ -i, --interface interface,[...]
A comma-separated list of interfaces to be added as underlying
interfaces to the IPMP interface. The specified interfaces must
@@ -1836,8 +1840,8 @@
This option define additional privileged ports outside of the
1-1023 range. Any program that attempts to bind the ports listed
- here must run as root. This prevents normal users from starting
- server processes on specific ports.
+ here must have the {PRIV_NET_PRIVADDR} privilege. This prevents
+ normal users from starting server processes on specific ports.
These ports can be added, removed, or assigned using the set-prop
subcommand and the modifiers +, -, and =. See EXAMPLES below on
@@ -1982,8 +1986,8 @@
This option define the start of non-privileged ports. The non-priv-
ileged port range normally starts at 1024. Any program that
- attempts to bind a non-privileged port does not have to run as
- root.
+ attempts to bind a non-privileged port does not have to run with
+ the {PRIV_NET_PRIVADDR} privilege.
send-redirects (IPv4), send-redirects (IPv6)
@@ -2980,10 +2984,10 @@
+-----------------------------+-----------------------------+
SEE ALSO
- read(1), vni(4D), nsswitch.conf(5), attributes(7), dhcp(7), arp(8),
- cfgadm(8), dhcpagent(8), dladm(8), if_mpadm(8), ifconfig(8),
- in.ndpd(8), in.mpathd(8), ip-interface-management(5), ndd(8), nwamd(8),
- zonecfg(8)
+ read(1), vni(4D), nsswitch.conf(5), attributes(7), dhcp(7), privi-
+ leges(7), arp(8), cfgadm(8), dhcpagent(8), dladm(8), if_mpadm(8),
+ ifconfig(8), in.ndpd(8), in.mpathd(8), ip-interface-management(5),
+ ndd(8), nwamd(8), zonecfg(8)
Oracle Solaris 11.4 Tunable Parameters Reference Manual
@@ -3021,4 +3025,4 @@
-Oracle Solaris 11.4 11 Sep 2020 ipadm(8)
+Oracle Solaris 11.4 3 Nov 2021 ipadm(8)
diff -NurbBw 11.4.39/xman8/ipqosconf.8 11.4.42/xman8/ipqosconf.8
--- 11.4.39/xman8/ipqosconf.8 2022-02-15 11:15:46.901771580 +0000
+++ 11.4.42/xman8/ipqosconf.8 2022-02-15 11:16:12.041024834 +0000
@@ -25,7 +25,8 @@
DESCRIPTION
The ipqosconf utility configures the Quality of Service facility of the
- Internet Protocol (IP). Only superusers can use this command.
+ Internet Protocol (IP). Users with the Network Management rights pro-
+ file can use this command.
Without arguments, ipqosconf displays the actual IPQoS configuration.
@@ -809,4 +776,4 @@
-Oracle Solaris 11.4 11 May 2021 ipqosconf(8)
+Oracle Solaris 11.4 3 Nov 2021 ipqosconf(8)
diff -NurbBw 11.4.39/xman8/ipsecconf.8 11.4.42/xman8/ipsecconf.8
--- 11.4.39/xman8/ipsecconf.8 2022-02-15 11:15:46.925659792 +0000
+++ 11.4.42/xman8/ipsecconf.8 2022-02-15 11:16:12.063540079 +0000
@@ -50,7 +50,8 @@
the policy entry, a specific action will be taken.
- This command can be run only by superuser.
+ Users with the Network IPSec Management rights profile can run this
+ command.
Each entry can protect traffic in either one direction (requiring a
@@ -1726,4 +1727,4 @@
-Oracle Solaris 11.4 21 Jun 2021 ipsecconf(8)
+Oracle Solaris 11.4 3 Nov 2021 ipsecconf(8)
diff -NurbBw 11.4.39/xman8/ipseckey.8 11.4.42/xman8/ipseckey.8
--- 11.4.39/xman8/ipseckey.8 2022-02-15 11:15:46.941248323 +0000
+++ 11.4.42/xman8/ipseckey.8 2022-02-15 11:16:12.071313045 +0000
@@ -54,7 +54,8 @@
ipseckey uses a PF_KEY socket and the message types SADB_ADD,
SADB_DELETE, SADB_GET, SADB_UPDATE, SADB_FLUSH, and SADB_X_PROMISC.
- Thus, you must be a superuser to use this command.
+ Thus, you must have the {PRIV_SYS_IP_CONFIG} privilege or Network IPSec
+ Management rights profile to use this command.
ipseckey handles sensitive cryptographic keying information. Please
@@ -1148,4 +1149,4 @@
-Oracle Solaris 11.4 21 Jun 2021 ipseckey(8)
+Oracle Solaris 11.4 3 Nov 2021 ipseckey(8)
diff -NurbBw 11.4.39/xman8/kmipcfg.8 11.4.42/xman8/kmipcfg.8
--- 11.4.39/xman8/kmipcfg.8 2022-02-15 11:15:46.947633559 +0000
+++ 11.4.42/xman8/kmipcfg.8 2022-02-15 11:16:12.077886472 +0000
@@ -131,6 +131,12 @@
5696 is used.
+ version=auto | 1.1 | 1.2 | 1.3 | 1.4
+
+ Required KMIP protocol version. If auto is set the best match
+ with the server is applied. Default value is auto.
+
+
connection_timeout=connection_timeout
The optional number of seconds after which connection to the
@@ -535,6 +541,7 @@
KMIP server: kmip-server-2.example.com
KMIP port [5696]: 5697
Add another KMIP server [y|N]:
+ Required version [auto]:
Connection timeout [5]:
Cache object time to live [300]:
Encode type [TTLV]: TTLV
@@ -574,6 +581,7 @@
Server group: KMIP_server
State: enabled
Hosts: kmip-server-1.example.com:5696
+ Required version: auto
Connection timeout: 5
Cache object time to live: 300
Encode type: TTLV
@@ -587,6 +595,7 @@
State: enabled
Hosts: kmip-server-1.example.com:5696
kmip-server-2.example.com:5697
+ Required version: 1.4
Connection timeout: 5
Cache object time to live: 300
Encode type: TTLV
@@ -612,6 +621,7 @@
State: enabled
Hosts: kmip-server-1.example.com:5696
kmip-server-2.example.com:5697
+ Required version: 1.4
Connection timeout: 5
Cache object time to live: 300
Encode type: TTLV
@@ -707,6 +717,7 @@
KMIP server: kmip-server-1.example.com
KMIP port [5696]:
Add another KMIP server [y|N]:
+ Required version [auto]:
Connection timeout [5]:
Cache object time to live [300]:
Encode type [TTLV]:
@@ -742,16 +753,33 @@
# kmipcfg info kmip_vbox
- Server group: kmip_vbox
Enter PIN for kmip_vbox:
- Supported versions: 1.4, 1.3, 1.2, 1.1, 1.0
- Server info: Gemalto, Inc.
- Operations: Create, Create Keypair, Register, Locate, Get,
+ Server group:
+ kmip_vbox
+ Supported versions:
+ 1.4, 1.3, 1.2, 1.1, 1.0
+ Server info:
+ Gemalto, Inc.
+ Operations:
+ Create, Create Keypair, Register, Locate, Get,
Get Attributes, Get Attribute List, Add Attribute, Modify
Attribute, Delete Attribute, Activate, Revoke, Destroy, Query,
Rekey, Rekey Keypair, Check, Discover Versions
Object types: Symmetric Key, Public Key, Private Key, Secret Data,
Opaque
+ Attestation types:
+ NONE
+ Rng params:
+ NONE
+ Profiles:
+ NONE
+ Validations:
+ NONE
+ Capabilities:
+ NONE
+ Client registration methods:
+ NONE
+
ATTRIBUTES
@@ -783,4 +811,4 @@
-Oracle Solaris 11.4 21 Jun 2021 kmipcfg(8)
+Oracle Solaris 11.4 14 Sep 2021 kmipcfg(8)
diff -NurbBw 11.4.39/xman8/ldapclient.8 11.4.42/xman8/ldapclient.8
--- 11.4.39/xman8/ldapclient.8 2022-02-15 11:15:46.964077780 +0000
+++ 11.4.42/xman8/ldapclient.8 2022-02-15 11:16:12.095383688 +0000
@@ -16,7 +16,7 @@
[-a adminPassword=adminPassword]
[-a certificatePath=path] [-d bindDN] [-w bindPassword]
[-j passwdFile] [-y passwdFile]
- [-z adminrPasswdFile] LDAP_server[:port_number]
+ [-z adminPasswdFile] LDAP_server[:port_number]
/usr/sbin/ldapclient [-v | -q] manual [-a attrName=attrVal]
@@ -48,16 +48,15 @@
- The init form of the ldapclient utility is used to initialize an LDAP
- client machine, using a profile stored on an LDAP server specified by
- LDAP_server. The LDAP client will use the attributes in the specified
+ The init form of the ldapclient utility initializes an LDAP client
+ machine by using a profile that is stored on the specified LDAP server
+ (LDAP_server). The LDAP client uses the attributes in the specified
profile to determine the configuration of the LDAP client. Using a con-
- figuration profile allows for easy installation of LDAP client and
- propagation of configuration changes to LDAP clients. The
- ldap_cachemgr(8) utility will update the LDAP client configuration when
- its cache expires by reading the profile. For more information on the
- configuration profile refer to IETF document A Configuration Schema for
- LDAP Based Directory User
+ figuration profile enables you to easily install the LDAP client and
+ propagate the configuration changes to LDAP clients. The ldap_cachemgr
+ daemon updates the LDAP client configuration when its cache expires by
+ reading the profile. For more information about the configuration pro-
+ file, see IETF's A Configuration Schema for LDAP Based Directory User
Agents.
@@ -145,8 +144,8 @@
permitted.
- You must have superuser privileges to run the ldapclient command,
- except with the genprofile option.
+ You must have the Name Service Management rights profile to run the
+ ldapclient command, except with the genprofile option.
To access the information stored in the directory, clients can either
@@ -306,6 +305,23 @@
adminPassword values must be set. If a self credential level is
specified, the authenticationMethod must be sasl/GSSAPI.
+ When the credentialLevel property is set to proxy and the authenti-
+ cationMethod property is set to sasl/GSSAPI, all lookups use the
+ host's Kerberos principal.
+
+ When the credentialLevel property is set to self, the authentica-
+ tionMethod property is set to sasl/GSSAPI, and nscd is in per-user
+ mode, a separate nscd process runs for each user who performs all
+ the user's lookups. These lookups all use the user's Kerberos prin-
+ cipal. See the enable_per_user_lookup property of nscd.conf(5).
+
+ Note that in self mode, users with a UID of 0 use the host princi-
+ pal. All other users must define and initialize their respective
+ Kerberos principal. Defining and initializing the Kerberos princi-
+ pal applies to every user that is defined in any of the configured
+ naming repositories, including /etc/passwd, if those users perform
+ naming lookups.
+
defaultSearchBase
@@ -447,7 +463,7 @@
Specify the TTL value in seconds for the client information. This
is only relevant if the machine was initialized with a client pro-
- file. If you do not want ldap_cachemgr(8) to attempt to refresh the
+ file. If you do not want ldap_cachemgr to attempt to refresh the
LDAP client configuration from the LDAP server, set profileTTL to 0
(zero). Valid values are either zero 0 (for no expiration) or a
positive integer in seconds. The default value is 12 hours.
@@ -583,7 +599,7 @@
Password option.
- -z adminrPasswdFile
+ -z adminPasswdFile
Specify a file containing the password for the adminDN. To protect
the password, use this option in scripts and place the password in
@@ -630,7 +645,7 @@
example# ldapclient init -a profileName=simple \
-a domainName=xyz.example.com \
- -a proxyDN=cn=proxyagent,ou=profile,dc=xyz,dc=mycompany,dc=com \
+ -a proxyDN=cn=proxyagent,ou=profile,dc=xyz,dc=example,dc=com \
-a proxyPassword=secret '['fe80::a00:20ff:fea3:388']':386
@@ -634,18 +649,17 @@
-a proxyPassword=secret '['fe80::a00:20ff:fea3:388']':386
-
Example 3 Setting Up a Client Using Only One Server
The following example shows how to set up a client using only one
server. The authentication method is set to none, and the search base
- is dc=mycompany,dc=com.
+ is dc=example,dc=com.
example# ldapclient manual -a authenticationMethod=none \
- -a defaultSearchBase=dc=mycompany,dc=com \
+ -a defaultSearchBase=dc=example,dc=com \
-a defaultServerList=172.16.100.1
@@ -666,8 +679,8 @@
-a credentialLevel=proxy \
-a authenticationMethod=sasl/CRAM-MD5 \
-a proxyPassword=secret \
- -a proxyDN=cn=proxyagent,ou=profile,dc=xyz,dc=mycompany,dc=com \
- -a defaultSearchBase=dc=xyz,dc=mycompany,dc=com \
+ -a proxyDN=cn=proxyagent,ou=profile,dc=xyz,dc=example,dc=com \
+ -a defaultSearchBase=dc=xyz,dc=example,dc=com \
-a domainName=xyz.example.com \
-a followReferrals=false \
-a defaultServerList=172.16.100.1:386
@@ -728,8 +738,8 @@
-a objectclassMap=passwd:posixAccount=unixAccount \
-a followReferrals=false -a profileTTL=6000 \
-a preferredServerList=172.16.100.30 -a searchTimeLimit=30 \
- -a "defaultServerList=172.16.200.1 172.16.100.1 192.168.5.6" > eng.ldif
-
+ -a "defaultServerList=172.16.200.1 172.16.100.1 192.168.5.6" \
+ > eng.ldif
EXIT STATUS
@@ -786,9 +796,9 @@
+-----------------------------+-----------------------------+
SEE ALSO
- chkey(1), ldaplist(1), defaultdomain(5), nsswitch.conf(5),
- resolv.conf(5), attributes(7), idsconfig(8), ldap_cachemgr(8), ldapad-
- dent(8)
+ chkey(1), ldaplist(1), defaultdomain(5), nscd.conf(5), nss-
+ witch.conf(5), resolv.conf(5), attributes(7), kerberos(7), ldap(7),
+ idsconfig(8), ldap_cachemgr(8), ldapaddent(8), nscd(8)
CAUTION
The CRAM-MD5 and DIGEST-MD5 mechanisms are considered weak, obsolete,
@@ -880,5 +890,21 @@
or groups.
+ Ensure that the svc:/system/name-service/cache service is enabled and
+ online for the ldap(7) services to function correctly. Note that the
+ nscd service is enabled by default. See the nscd(8) man page.
+
+HISTORY
+ The Solaris 8 OS introduced the ldapclient command.
+
+
+ The Oracle Solaris 10 OS introduced the svc:/network/ldap/client ser-
+ vice.
+
+
+ Starting with Oracle Solaris 11.4, nscd daemon must be running for
+ ldap(7) services to function correctly.
+
+
-Oracle Solaris 11.4 1 Apr 2020 ldapclient(8)
+Oracle Solaris 11.4 5 Nov 2021 ldapclient(8)
diff -NurbBw 11.4.39/xman8/ldm.8 11.4.42/xman8/ldm.8
--- 11.4.39/xman8/ldm.8 2022-02-15 11:15:47.007163416 +0000
+++ 11.4.42/xman8/ldm.8 2022-02-15 11:16:12.133030371 +0000
@@ -447,7 +447,7 @@
ldm add-domain -i file
- ldm add-domain [cpu-arch=generic|native|migration-class1|sparc64-class1] [hostid=num]
+ ldm add-domain [cpu-arch=generic|native|migration-class1|migration-class2|sparc64-class1] [hostid=num]
[mac-addr=MAC-address] [failure-policy=ignore|panic|reset|stop] [extended-mapin-space=off]
[boot-policy=enforce|none|warning] [master=master-ldom1,...,master-ldom4]
[max-cores=[num|unlimited]] [uuid=uuid] [shutdown-group=num] [rc-add-policy=[iov]]
@@ -464,8 +464,8 @@
ating the logical domain.
- o cpu-arch=generic|native|migration-class1|sparc64-class1
- specifies one of the following values:
+ o cpu-arch=generic|native|migration-class1|migration-
+ class2|sparc64-class1 specifies one of the following values:
o generic configures a guest domain for a CPU-type-inde-
pendent migration.
@@ -504,6 +504,16 @@
and Fujitsu SPARC M12 servers.
+ o migration-class2 is a cross-CPU migration family for
+ SPARC T7, SPARC M7, SPARC S7, SPARC T8 and SPARC M8
+ series servers. These platforms support 16GB pagesizes
+ and the DAX co-processor, which this migration class
+ preserves.
+
+ This value is not compatible with Fujitsu M10 servers
+ and Fujitsu SPARC M12 servers.
+
+
o sparc64-class1 is a cross-CPU migration family for
SPARC64 platforms. The sparc64-class1 value is based on
SPARC64 instructions, so it has a greater number of
@@ -727,7 +737,7 @@
ldm set-domain -i file
- ldm set-domain [cpu-arch=generic|native|migration-class1|sparc64-class1] [hostid=num]
+ ldm set-domain [cpu-arch=generic|native|migration-class1|migration-class2|sparc64-class1] [hostid=num]
[mac-addr=MAC-address] [failure-policy=ignore|panic|reset|stop]
[extended-mapin-space=[on|off]] [boot-policy=enforce|none|warning]
[master=[master-ldom1,...,master-ldom4]] [max-cores=[num|unlimited]] [shutdown-group=num]
@@ -757,8 +767,8 @@
hostid entry from the XML file.
- o cpu-arch=generic|native|migration-class1|sparc64-class1
- specifies one of the following values:
+ o cpu-arch=generic|native|migration-class1|migration-
+ class2|sparc64-class1 specifies one of the following values:
o generic configures a guest domain for a CPU-type-inde-
pendent migration.
@@ -797,6 +807,16 @@
and Fujitsu SPARC M12 servers.
+ o migration-class2 is a cross-CPU migration family for
+ SPARC T7, SPARC M7, SPARC S7, SPARC T8 and SPARC M8
+ series servers. These platforms support 16GB pagesizes
+ and the DAX co-processor, which this migration class
+ preserves.
+
+ This value is not compatible with Fujitsu M10 servers
+ and Fujitsu SPARC M12 servers.
+
+
o sparc64-class1 is a cross-CPU migration family for
SPARC64 platforms. The sparc64-class1 value is based on
SPARC64 instructions, so it has a greater number of
@@ -4328,12 +4348,20 @@
Syntax:
- ldm unbind-domain domain-name
+ ldm unbind-domain [-a]
+ ldm unbind-domain domain-name...
- domain-name specifies the logical domain from which to unbind
- resources.
+
+ where:
+
+ o -a unbinds all domains in bound state.
+
+
+ o domain-name specifies one or more logical domains from which
+ to unbind resources.
+
SP Configuration Operations
Add an SP Configuration
@@ -7174,4 +7202,4 @@
-Oracle Solaris 11.4 11 May 2021 ldm(8)
+Oracle Solaris 11.4 03 Nov 2021 ldm(8)
diff -NurbBw 11.4.39/xman8/lockd.8 11.4.42/xman8/lockd.8
--- 11.4.39/xman8/lockd.8 2022-02-15 11:15:47.011262037 +0000
+++ 11.4.42/xman8/lockd.8 2022-02-15 11:16:12.142330677 +0000
@@ -36,7 +36,7 @@
Administrators can make changes to the startup parameters for lockd by
- logging in as root and using the sharectl(8) command.
+ using the sharectl(8) command.
SMF Management
The lockd service is managed by the service management facility,
@@ -178,4 +178,4 @@
-Oracle Solaris 11.4 7 Feb 2012 lockd(8)
+Oracle Solaris 11.4 3 Nov 2021 lockd(8)
diff -NurbBw 11.4.39/xman8/lockfs.8 11.4.42/xman8/lockfs.8
--- 11.4.39/xman8/lockfs.8 2022-02-15 11:15:47.015146347 +0000
+++ 11.4.42/xman8/lockfs.8 2022-02-15 11:16:12.149709115 +0000
@@ -3,15 +3,15 @@
NAME
- lockfs - change or report file system locks
+ lockfs - change or report UFS file system locks
SYNOPSIS
/usr/sbin/lockfs [-adefhnuw] [-c string] [file-system]...
DESCRIPTION
- lockfs is used to change and report the status of file system locks.
- lockfs reports the lock status and unlocks the file systems that were
- improperly left locked.
+ lockfs is used to change and report the status of file system locks on
+ UFS file systems. lockfs reports the lock status and unlocks the file
+ systems that were improperly left locked.
Using lockfs to lock a file system is discouraged because this requires
@@ -32,8 +32,8 @@
flush, so the -f is superfluous when specifying a lock.
- You must be super-user to use any of the following options, with the
- exception of -a, -f and -v.
+ You must have the {PRIV_SYS_MOUNT} privilege to use any of the follow-
+ ing options, with the exception of -a, -f and -v.
The following options are supported.
@@ -132,8 +132,8 @@
In the following examples, filesystem is the pathname of the mounted-on
- directory (mount point). Locktype is one of "write," "name," "delete,"
- "hard," or "unlock". When enclosed in parenthesis, the lock is being
+ directory (mount point). Locktype is one of "write", "name", "delete",
+ "hard", or "unlock". When enclosed in parenthesis, the lock is being
set. Comment is a string set by the process that last issued a lock
command.
@@ -216,7 +216,7 @@
+-----------------------------+-----------------------------+
SEE ALSO
- kill(1), ufs(4FS), attributes(7), mount_ufs(8), sync(8)
+ kill(1), ufs(4FS), attributes(7), privileges(7), mount_ufs(8), sync(8)
DIAGNOSTICS
file system: Insufficient privileges
@@ -236,4 +236,4 @@
-Oracle Solaris 11.4 18 August 2020 lockfs(8)
+Oracle Solaris 11.4 3 Nov 2021 lockfs(8)
diff -NurbBw 11.4.39/xman8/mknod.8 11.4.42/xman8/mknod.8
--- 11.4.39/xman8/mknod.8 2022-02-15 11:15:47.018822927 +0000
+++ 11.4.42/xman8/mknod.8 2022-02-15 11:16:12.154257566 +0000
@@ -17,6 +17,10 @@
DESCRIPTION
mknod makes a directory entry for a special file.
+
+ The {PRIV_SYS_DEVICES} privilege is required to create a block-type or
+ character-type special file.
+
OPTIONS
The following options are supported:
@@ -37,7 +41,6 @@
minor The minor device number; can be either decimal or octal. The
assignment of major device numbers is specific to each system.
- You must be the super-user to use this form of the command.
name A special file to be created.
@@ -54,7 +57,7 @@
+-----------------------------+-----------------------------+
SEE ALSO
- ftp(1), mknod(2), symlink(2), attributes(7)
+ ftp(1), mknod(2), symlink(2), attributes(7), privileges(7)
NOTES
If mknod(2) is used to create a device, the major and minor device num-
@@ -67,4 +70,4 @@
-Oracle Solaris 11.4 4 Feb 2015 mknod(8)
+Oracle Solaris 11.4 3 Nov 2021 mknod(8)
diff -NurbBw 11.4.39/xman8/mount_udfs.8 11.4.42/xman8/mount_udfs.8
--- 11.4.39/xman8/mount_udfs.8 2022-02-15 11:15:47.023158276 +0000
+++ 11.4.42/xman8/mount_udfs.8 2022-02-15 11:16:12.159168651 +0000
@@ -94,13 +94,14 @@
+-----------------------------+-----------------------------+
SEE ALSO
- mount(2), mnttab(5), vfstab(5), attributes(7), fsck(8), fsck_udfs(8),
- lofiadm(8), mount(8), mountall(8)
+ mount(2), mnttab(5), vfstab(5), attributes(7), privileges(7), fsck(8),
+ fsck_udfs(8), lofiadm(8), mount(8), mountall(8)
DIAGNOSTICS
- not super user
+ insufficient privileges
- The command is run by a non-root user. Run as root.
+ The command was run without the {PRIV_SYS_MOUNT} privilege. Run as
+ root or a user with the File System Management rights profile.
no such device
@@ -150,4 +151,4 @@
-Oracle Solaris 11.4 12 May 2008 mount_udfs(8)
+Oracle Solaris 11.4 3 Nov 2021 mount_udfs(8)
diff -NurbBw 11.4.39/xman8/mountd.8 11.4.42/xman8/mountd.8
--- 11.4.39/xman8/mountd.8 2022-02-15 11:15:47.026357727 +0000
+++ 11.4.42/xman8/mountd.8 2022-02-15 11:16:12.165700138 +0000
@@ -28,7 +28,9 @@
The mountd daemon is automatically invoked by share(8).
- Only super user can run the mountd daemon.
+ The mountd daemon requires several non-basic privileges to run, includ-
+ ing {PRIV_FILE_DAC_SEARCH}, {PRIV_PROC_AUDIT}, {PRIV_SYS_NFS}, and (if
+ Trusted Extensions is in use) {PRIV_NET_BINDMLP}.
SMF Management
Since mountd must be running for nfsd to function properly, mountd is
@@ -104,8 +106,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- sharetab(5), attributes(7), mount_nfs(8), nfsd(8), share(8),
- share_nfs(8), sharectl(8), showmount(8)
+ sharetab(5), attributes(7), privileges(7), mount_nfs(8), nfsd(8),
+ share(8), share_nfs(8), sharectl(8), showmount(8)
NOTES
Some routines that compare hostnames use case-sensitive string compar-
@@ -115,4 +117,4 @@
-Oracle Solaris 11.4 26 Jun 2012 mountd(8)
+Oracle Solaris 11.4 3 Nov 2021 mountd(8)
diff -NurbBw 11.4.39/xman8/nscd.8 11.4.42/xman8/nscd.8
--- 11.4.39/xman8/nscd.8 2022-02-15 11:15:47.030262361 +0000
+++ 11.4.42/xman8/nscd.8 2022-02-15 11:16:12.170205195 +0000
@@ -6,72 +6,111 @@
nscd - name service cache daemon
SYNOPSIS
- /usr/sbin/nscd [-f configuration-file] [-g] [-e cachename,yes|no]
- [-i cachename] [-C component(s)] [-D debuglevel] [-L log file]
+ /usr/sbin/nscd [-L logfile] [-C component[,component...]]
+ [-D debuglevel[,debuglevel...]]
+
+
+ /usr/sbin/nscd [-g] [-c cachename,yes|no] [-e cachename,yes|no]
+ [-h cachename,keep_hot_count]
+ [-i cachename][,cachename...]]
+ [-n cachename,negative_time_to_live]
+ [-p cachename,positive_time_to_live]
+ [-C component[,component...]]
+ [-D debuglevel[,debuglevel...]]
+ [-L newlogfile]
DESCRIPTION
- The nscd daemon is a process that provides a cache for most name ser-
- vice requests.
+ The nscd daemon provides caching for most name service requests to
+ improve performance. nscd provides a consistent dynamic name service
+ configuration to all processes.
+
+
+ nscd is also an administrative tool that transparently passes options
+ to the running daemon (see the second command synopsis).
+
+
+ The nscd daemon starts at system boot by the svc:/system/name-ser-
+ vice/cache SMF service and requires no administrative interaction. To
+ manually start the daemon, see the first nscd command synopsis.
+
+
+ The service's properties define the behavior of the cache daemon as
+ shown in the nscd.conf(5) man page.
- The service properties of the svc:/system/name-service/cache SMF ser-
- vice determine the behavior of the cache daemon. See nscd.conf(5).
+ Ensure that the nscd daemon is running for ldap(7) services to function
+ correctly.
- nscd provides caching for the passwd(5), group(5), hosts(5),
- ipnodes(5), exec_attr(5), prof_attr(5), user_attr(5), ethers(5),
- rpc(5), protocols(5), networks(5), bootparams(5), auth_attr(5),
- services(5), netmasks(5), and project(5) databases through standard
- libc interfaces, such as getaddrinfo(3C), getnameinfo(3C),
- getpwnam(3C), and others. The shadow file is specifically not cached.
- getspnam(3C) calls remain uncached as a result.
+ nscd provides caching for the auth_attr, bootparams, ethers, exec_attr,
+ group, hosts, ipnodes, netmasks, networks, passwd, prof_attr, project
+ protocols, rpc, services, and user_attr, databases by using standard
+ libc interfaces, such as getaddrinfo(), getnameinfo(), getpwnam(), and
+ others. The shadow file is purposefully not cached. As a result, getsp-
+ nam() calls are not cached.
- Each cache has a separate time-to-live for its data. By default, modi-
- fying the local database (/etc/hosts, /etc/passwd, and so forth) causes
- that cache to become invalidated upon the next call to nscd.
+ Each cache has a separate time-to-live (TTL) for its data. By default,
+ when you modify the local files database (see FILES), that cache is
+ invalidated upon the next call to nscd.
- The updating and refreshing of any of the services that svc:/sys-
- tem/name-service/cache is optionally dependent upon (listed below)
- causes nscd to restart, which effectively clears all caches.
+ The nscd restarts when you update or refresh any of the following ser-
+ vices that nscd optionally depends. When nscd restarts, the caches are
+ effectively cleared.
- o svc:/network/dns/client, see resolv.conf(5)
+ o svc:/network/nis/client:default, see ypbind(8) and
+ ypfiles(5)
- o svc:/network/nis/client, see ypbind(8) and ypfiles(5)
+ o svc:/network/ldap/client:default, see ldapclient(8)
- o svc:/network/ldap/client, see ldapclient(8)
+ o svc:/network/dns/multicast:default, see mdns(8)
- o svc:/system/name-service/switch, see nsswitch.conf(5)
+ The files and services monitoring provide a consistent dynamic name
+ service configuration to all processes as all standard libc interfaces
+ interact with nscd. So, when you commit a configuration change, nscd
+ causes all subsequent calls to use that configuration. So, it is best
+ to ensure that nscd is always running.
- nscd also acts as its own administration tool. If an instance of nscd
- is already running, commands are passed to the running version trans-
- parently.
+ For comparison, when nscd is not used, processes only gather configura-
+ tion information upon their initial relevant libc call. Subsequent
+ calls use that same configuration until those processes are restarted.
- When running with per-user lookups enabled (see nscd.conf(5)), nscd
- forks one and only one child process (that is, a per-user nscd) on
- behalf of the user making the request. The per-user nscd will use the
+ For example, consider a system that does not have nscd running. Updat-
+ ing that system to use LDAP or NIS, nsswitch.conf(5) is updated to add
+ those sources. As nscd is not running, processes already started before
+ the configuration change (such as svc.startd and svc.configd) would not
+ use the new source. In that instance, you should start the nscd service
+ (svcadm enable name-service/cache) so that all processes benefit from
+ the change, or you should reboot the system to ensure that a consistent
+ configuration is used by all processes.
+
+
+ When running with per-user lookups enabled (enable_per_user_lookup in
+ nscd.conf(5)), nscd forks exactly one child process (a per-user nscd)
+ on behalf of the user who makes the request. The per-user nscd uses the
credentials of the user to open a per-user connection to the name
- repository configured for the per-user style of lookups. The lookup
- will be performed in the child process. The results are cached in the
- process and are available only to the same user. The caches are managed
- exactly the same as the main nscd daemon manages its own caches. Subse-
- quent requests from the user will be handled by that per-user nscd
- until it terminates. The per-user nscd uses a configurable inactivity
- time-to-live (TTL) value and terminates itself after the inactivity TTL
- expires.
+ repository that is configured for the per-user style of lookups. The
+ lookup will be performed in the child process. The results are cached
+ in the process and are available only to the same user. The caches are
+ managed exactly the same as the main nscd daemon manages its own
+ caches. Subsequent requests from the user will be handled by that per-
+ user nscd until it terminates. The per-user nscd uses a configurable
+ inactivity time-to-live (TTL) value and terminates itself after the
+ inactivity TTL expires.
The maximum number of per-user nscd processes that can be created by
the main nscd is configurable (see nscd.conf(5)). After the maximum
- number of them are created, the main nscd will use an LRU algorithm to
- terminate less active child nscd processes as needed.
+ number of them are created, the main nscd will use a Least Recently
+ Used (LRU) algorithm to terminate less active child nscd processes as
+ needed.
The main nscd daemon creates, monitors, and manages all the child nscd
@@ -83,70 +122,165 @@
Per-user nscd processes use the same configuration as the main nscd.
- They read and use the same default configuration file or the one speci-
- fied with the -f command line option. Once the configuration is read,
- the per-user nscd will use it for its entire lifetime.
+ Once the configuration is read, the per-user nscd will use it for its
+ entire lifetime.
OPTIONS
Several of the options described below require a cachename specifica-
- tion. Supported values for cachename are: passwd, group, hosts,
- ipnodes, exec_attr, prof_attr, user_attr, ethers, rpc, protocols,
- networks, bootparams, auth_attr, services, netmasks, project,
- automount, tnrhtp, and tnrhdb.
+ tion. Supported values for cachename are: auth_attr, automount, boot-
+ params, ethers, exec_attr, group, hosts, ipnodes, netmasks, networks,
+ passwd, prof_attr, project, protocols, rpc, services, tnrhdb. tnrhtp,
+ user_attr,
- -f configuration-file
- Causes nscd to read its configuration data from the specified file.
- This option is obsolete and will be removed in a future release.
+ Options that dynamically update the running nscd daemon do so on a tem-
+ porary basis until the daemon is restarted.
+ -c cachename,yes|no
- -g
-
- Prints current configuration and statistics to standard output.
- This is the only option executable by non-root users.
+ Temporarily enables or disables the ongoing check of the specified
+ cache. The check invalidates the cache if the database file is mod-
+ ified. To set permanently see check_files in nscd.conf(5).
-e cachename,yes|no
- Enables or disables the specified cache.
+ Temporarily enables or disables the specified cache. The data is
+ retrieved, but the results are not cached. To set permanently see
+ enable_cache in nscd.conf(5).
+
+
+ -g
+
+ Prints the current configuration and statistics to standard output.
+ This is the only option executable by users without the effective
+ UID of 0 and who have not been assigned the Name Service Management
+ rights profile. The configuration shown is the current configura-
+ tion before processing any other command-line options.
+
+
+ -h cachename,keep_hot_count
+
+ Temporarily updates the number of entries to keep current in the
+ specified cache. value is an integer that approximates the number
+ of entries that are frequently used during the day. To set perma-
+ nently, see keep_hot_count in nscd.conf(5).
-i cachename
- Invalidate the specified cache.
+ Invalidate the specified cache of an active nscd daemon.
+
+
+ -l filename
+
+ Specifies the debug log file at startup. For backward compatibil-
+ ity, use the -L option.
+
+ -n cachename,negative_ttl
- -C component(s)
+ Temporarily updates time-to-live for negative entries (queries that
+ return a not found response) in the specified cache. negative_ttl
+ is the TTL in seconds. To set permanently, see nega-
+ tive_time_to_live in nscd.conf(5).
- Comma separated list of debug components to enable. The value all
- enables all components. All of the components are listed in the
- svc:/system/name-service/cache SMF service describe option.
+ -p cachename,positive_ttl
- -D debuglevel
+ Temporarily updates time-to-live for successful queries (positive
+ entries) in the specified cache. positive_ttl is the TTL in sec-
+ onds. To set permanently, see positive_time_to_live in
+ nscd.conf(5).
- Comma separated list of debug logging levels to enable. The value
- all enables all debug levels. All of the debug levels are listed in
- the svc:/system/name-service/cache SMF service describe option.
+ -C debug_component_list
- -L log file
+ Temporarily sets the list of components to log debug messages, as
+ specified by the debug_level_list property value. The list is a
+ comma-separated list of names. Valid values are shown in usage out-
+ put (nscd -?) and are subject to change. The none value disables
+ all component values, while the all value enables all values. To
+ set permanently, see debug_components in nscd.conf(5).
- Log file name to store debugging output.
+
+ -D debug_level_list
+
+ Temporarily sets the list of debug levels for which to generate
+ debug messages. The list is a comma-separated list of debug levels.
+ Valid values are shown in usage output (nscd -?) and are subject to
+ change. The none value disables all debug levels, while the all
+ value enables all debug levels. To set permanently, see debug_level
+ in nscd.conf(5).
+
+
+ -L log_filename
+
+ Temporarily sets the file in which to store debug output. See con-
+ fig/logfile in nscd.conf(5).
EXAMPLES
- Example 1 Stopping and Restarting the nscd Daemon.
+ Example 1 Invalidate the Host Cache of an Active Daemon
+
+
+ Use the following command when you know that a host's address has been
+ changed in DNS.
- example# svcadm disable system/name-service/cache
+ example# nscd -i hosts,ipnodes
- example# svcadm enable system/name-service/cache
+
+ Example 2 Enable Debugging for an Active nscd Daemon
+
+
+
+ The following command enables debugging on all components at all levels
+ and writes debug messages to the specified log file.
+
+ example# nscd -g | egrep '(debug|log)'
+ 0 server debug level
+ 0 server debug components
+ "/dev/null" is the server log file
+ example# /usr/sbin/nscd -D all -C all -L /var/tmp/nscd.log
+ example# nscd -g | egrep '(debug|log)'
+ 32767 server debug level
+ 8191 server debug components
+ "/var/tmp/nscd.log" is the server log file
+
+
+ Example 3 Disable Debugging for an Active nscd Daemon
+
+
+
+ The following commands disables debugging and resets the location of
+ the debug log to /dev/null.
+
+ example# /usr/sbin/nscd -D none -C none -L ""
FILES
- /etc/nscd.conf Obsolete. Formerly determined the behavior of the
- cache daemon
+ /etc/nscd.conf
+
+ Private configuration file that is automatically generated by
+ svc:/system/name-service/cache, see nscd.conf(5).
+
+
+ /etc/nsswitch.conf, /etc/resolv.conf
+
+ Monitored. Modifying the file causes nscd to restart and flush all
+ caches. See nsswitch.conf(5) and resolv.conf(5).
+
+
+ /etc/bootparams, /etc/ethers, /etc/group, /etc/inet/hosts,
+ /etc/inet/ipnodes, /etc/inet/netmasks, /etc/inet/networks,
+ /etc/inet/protocols, /etc/passwd, /etc/project, /etc/rpc, /etc/secu-
+ rity/auth_attr.d, /etc/security/exec_attr.d, /etc/security/prof_attr.d,
+ /etc/security/tsol/tnrhdb, /etc/security/tsol/tnrhtp, /etc/services,
+ /etc/user_attr.d
+
+ Monitored by default. Monitors the relevant cache based on the
+ check_files property value, see nscd.conf(5).
ATTRIBUTES
@@ -164,24 +298,15 @@
auth_attr(5), bootparams(5), ethers(5), exec_attr(5), group(5),
hosts(5), netmasks(5), networks(5), nscd.conf(5), nsswitch.conf(5),
passwd(5), prof_attr(5), project(5), protocols(5), resolv.conf(5),
- rpc(5), services(5), user_attr(5), attributes(7), getent(8), svcadm(8),
- svccfg(8), ypbind(8)
+ rpc(5), services(5), user_attr(5), ypfiles(5), attributes(7), ldap(7),
+ getent(8), ldapclient(8), mdns(8), svcadm(8), svccfg(8), ypbind(8)
NOTES
- The output from the -g option to nscd is subject to change. Do not rely
- upon it as a programming interface.
-
-
- The nscd service is managed by the service management facility, smf(7),
- under the service identifier:
-
- svc:/system/name-service/cache
-
-
-
- Administrative actions on this service, such as enabling, disabling, or
- requesting restart, can be performed using svcadm(8). The service's
- status can be queried using the svcs(1) command.
+ You can use the svcadm command to perform administrative actions on
+ svc:/system/name-service/cache, such as enabling, or requesting
+ restart. You can use the svcs command to query the service's status.
+ You can use the svccfg command to configure this service. See
+ nscd.conf(5).
The obsolete service svc:/system/name-service-cache has been retained
@@ -190,6 +315,20 @@
svc:/system/name-service/cache. The obsolete service name will be
removed in a future release.
+HISTORY
+ The Solaris 2.5 OS introduced the /usr/sbin/nscd command that provides
+ cached lookups for the passwd, group, and hosts databases for a limited
+ set of API calls.
+
+
+ The Oracle Solaris 10 8/07 release enhanced nscd to handle additional
+ databases and API calls. The enhancements also include monitoring for
+ runtime changes to name service configuration.
+
+
+ Starting with Oracle Solaris 11.4, the nscd daemon must be running for
+ ldap(7) services to function correctly.
+
-Oracle Solaris 11.4 11 May 2021 nscd(8)
+Oracle Solaris 11.4 4 Nov 2021 nscd(8)
diff -NurbBw 11.4.39/xman8/pbind.8 11.4.42/xman8/pbind.8
--- 11.4.39/xman8/pbind.8 2022-02-15 11:15:47.034968404 +0000
+++ 11.4.42/xman8/pbind.8 2022-02-15 11:16:12.177040541 +0000
@@ -72,10 +72,13 @@
given CPU and will need to be reset once the conditions are restored.
- Superusers may bind or unbind any process or LWP, while other users can
- bind or unbind any process or LWP for which they have permission to
- signal, that is, any process that has the same effective user ID as the
- user.
+ Users can bind or unbind any process or LWP for which they have permis-
+ sion to signal. For users with basic privileges, that is any process
+ that has the same effective user ID as the user. For users with the
+ {PRIV_PROC_OWNER} privilege, that is any process in the same zone (or
+ in any non-global zone when run from the global zone). Users who also
+ have the {PRIV_PROC_ZONE} privilege may affect processes in other zones
+ as well.
OPTIONS
The following options are supported:
@@ -525,9 +528,9 @@
+-----------------------------+-----------------------------+
SEE ALSO
- attributes(7), processor_bind(2), processor_info(2), psradm(8),
- psrinfo(8), psrset(8), resource-management(7), sysconf(3C)
+ processor_bind(2), processor_info(2), sysconf(3C), attributes(7), priv-
+ ileges(7), resource-management(7), psradm(8), psrinfo(8), psrset(8)
-Oracle Solaris 11.4 Fri 17 2020 pbind(8)
+Oracle Solaris 11.4 3 Nov 2021 pbind(8)
diff -NurbBw 11.4.39/xman8/prstat.8 11.4.42/xman8/prstat.8
--- 11.4.39/xman8/prstat.8 2022-02-15 11:15:47.039786073 +0000
+++ 11.4.42/xman8/prstat.8 2022-02-15 11:16:12.186838363 +0000
@@ -169,7 +169,7 @@
Put prstat in the real time scheduling class. When this option is
used, prstat is given priority over time-sharing and interactive
- processes. This option is available only for superuser.
+ processes. This option requires the {PRIV_PROC_PRIOCNTL} privilege.
-r
@@ -233,7 +233,7 @@
Scaling is done by repetitively dividing by a scale factor of
1024. The use of binary scaling is indicated by the addition of
- an 'i' modifer to the suffix (Ki, Mi, Gi, ...).
+ an 'i' modifier to the suffix (Ki, Mi, Gi, ...).
max
@@ -635,8 +624,8 @@
SEE ALSO
date(1), lgrpinfo(1), plgrp(1), proc(1), ps(1), time(2), pset_getload-
- avg(3C), proc(5), project(5), attributes(7), resource-controls(7),
- zones(7), psrinfo(8), psrset(8), sar(8)
+ avg(3C), proc(5), project(5), attributes(7), privileges(7), resource-
+ controls(7), zones(7), psrinfo(8), psrset(8), sar(8)
NOTES
The snapshot of system usage displayed by prstat is true only for a
@@ -651,6 +640,35 @@
of processes can sometimes overestimate the actual amount of memory
used by processes with shared memory segments.
+HISTORY
+ The --scale option was added to the prstat command in Oracle Solaris
+ 11.4.30.
+
+
+ The -x option was added to the prstat command in Oracle Solaris
+ 11.4.12.
+
+
+ The -D and -N options were added to the prstat command in Oracle
+ Solaris 11.3.26.
+
+
+ The -d, -h, -H, and -r options were added to the prstat command in Ora-
+ cle Solaris 11.0.0.
+
+
+ The -z and -Z options were added to the prstat command in Solaris 10
+ 3/05.
+
+
+ The -j, -J, -k, and -T options were added to the prstat command Solaris
+ 9.
+
+
+ The prstat command; with support for the -a, -c, -C, -L, -m, -n, -p,
+ -P, -R, -s, -S, -t, -u, -U, and -v options; was introduced in the
+ Solaris 8 release.
+
-Oracle Solaris 11.4 26 July 2020 prstat(8)
+Oracle Solaris 11.4 3 Nov 2021 prstat(8)
diff -NurbBw 11.4.39/xman8/prtvtoc.8 11.4.42/xman8/prtvtoc.8
--- 11.4.39/xman8/prtvtoc.8 2022-02-15 11:15:47.048860449 +0000
+++ 11.4.42/xman8/prtvtoc.8 2022-02-15 11:16:12.195748827 +0000
@@ -9,13 +9,14 @@
prtvtoc [-fhs] [-t vfstab] [-m mnttab] device
DESCRIPTION
- The prtvtoc command allows the contents of the label to be viewed. The
- command can be used only by the super-user.
+ The prtvtoc command allows the contents of the disk label to be viewed.
The device name can be the file name of a raw device in the form of
/dev/rdsk/c?t?d?s2 or can be the file name of a block device in the
- form of /dev/dsk/c?t?d?s2.
+ form of /dev/dsk/c?t?d?s2. The command must be run by a user with read
+ access to the given device file, which is normally limited to the root
+ user.
OPTIONS
The following options are supported:
@@ -187,4 +179,4 @@
-Oracle Solaris 11.4 17 Jun 2020 prtvtoc(8)
+Oracle Solaris 11.4 3 Nov 2021 prtvtoc(8)
diff -NurbBw 11.4.39/xman8/quot.8 11.4.42/xman8/quot.8
--- 11.4.39/xman8/quot.8 2022-02-15 11:15:47.052291401 +0000
+++ 11.4.42/xman8/quot.8 2022-02-15 11:16:12.199284014 +0000
@@ -3,7 +3,7 @@
NAME
- quot - summarize file system ownership
+ quot - summarize UFS file system ownership
SYNOPSIS
quot [-acfhnv] filesystem...
@@ -12,15 +12,15 @@
quot -a [-cfhnv]
DESCRIPTION
- quot displays the number of blocks (1024 bytes) in the named filesystem
- (one or more) currently owned by each user. There is a limit of 2048
- blocks. Files larger than this will be counted as a 2048 block file,
- but the total block count will be correct.
+ quot displays the number of blocks (1024 bytes) in the named UFS
+ filesystem (one or more) currently owned by each user. There is a limit
+ of 2048 blocks. Files larger than this will be counted as a 2048 block
+ file, but the total block count will be correct.
OPTIONS
The following options are supported:
- -a Generate a report for all mounted file systems.
+ -a Generate a report for all mounted UFS file systems.
-c Display three columns giving a file size in blocks, the number of
@@ -68,9 +68,6 @@
/etc/mnttab Lists mounted file systems.
- /etc/passwd Used to obtain user names
-
-
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
@@ -82,11 +79,13 @@
+-----------------------------+-----------------------------+
SEE ALSO
- du(1), mnttab(5), passwd(5), attributes(7)
+ du(1), mnttab(5), passwd(5), attributes(7), repquota(8)
NOTES
- This command can only be used by the super-user.
+ This command must be run by a user with read access to the raw disk
+ device file for each filesystem, which is normally limited to the root
+ user.
-Oracle Solaris 11.4 4 Feb 2015 quot(8)
+Oracle Solaris 11.4 3 Nov 2021 quot(8)
diff -NurbBw 11.4.39/xman8/quota.8 11.4.42/xman8/quota.8
--- 11.4.39/xman8/quota.8 2022-02-15 11:15:47.065128149 +0000
+++ 11.4.42/xman8/quota.8 2022-02-15 11:16:12.203091139 +0000
@@ -9,9 +9,9 @@
quota [-v] [username]
DESCRIPTION
- quota displays users' UFS or ZFS disk usage and limits. Only the super-
- user may use the optional username argument to view the limits of other
- users.
+ quota displays users' UFS or ZFS disk usage and limits. The
+ {PRIV_SYS_MOUNT} privilege is required to use the optional username
+ argument to view the usage and limits of other users.
quota without options only display warnings about mounted file systems
@@ -41,8 +41,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- attributes(7), zones(7), edquota(8), quotacheck(8), quotaon(8),
- repquota(8), rquotad(8)
+ attributes(7), privileges(7), zones(7), edquota(8), quotacheck(8), quo-
+ taon(8), repquota(8), rquotad(8)
NOTES
quota displays quotas for NFS mounted UFS- or ZFS-based file systems if
@@ -63,4 +63,4 @@
-Oracle Solaris 11.4 4 Feb 2015 quota(8)
+Oracle Solaris 11.4 3 Nov 2021 quota(8)
diff -NurbBw 11.4.39/xman8/reboot.8 11.4.42/xman8/reboot.8
--- 11.4.39/xman8/reboot.8 2022-02-15 11:15:47.070308503 +0000
+++ 11.4.42/xman8/reboot.8 2022-02-15 11:16:12.207477299 +0000
@@ -16,21 +16,20 @@
ory by the PROM monitor, which transfers control to the loaded kernel.
- On x86 systems, when the -f flag is specified, the running kernel will
- load the next kernel into memory, then transfer control to the newly
- loaded kernel. This form of reboot is shown in the second synopsis,
- above.
+ When the -f flag is specified, the running kernel will load the next
+ kernel into memory, then transfer control to the newly loaded kernel.
+ This form of reboot is shown in the second synopsis, above.
- Although reboot can be run by the super-user at any time, shutdown(8)
- is normally used first to warn all users logged in of the impending
- loss of service. See shutdown(8) for details.
+ Although reboot can be run at any time, shutdown(8) is normally used
+ instead to warn all users logged in of the impending loss of service
+ and to cleanly stop running services. See shutdown(8) for details.
The reboot utility performs a sync(8) operation on the disks, and then
- a multi-user reboot is initiated. See init(8) for details. On x86 sys-
- tems, reboot may also update the boot archive as needed to ensure a
- successful reboot.
+ a multi-user reboot is initiated. See init(8) for details. The reboot
+ utility may also update the boot archive as needed to ensure a success-
+ ful reboot.
The reboot utility normally logs the reboot to the system log daemon,
@@ -41,6 +40,10 @@
Normally, the system reboots itself at power-up or after crashes.
+
+ The reboot utility must be run with an effective uid of 0, which may be
+ provided by the Maintenance and Repair rights profile.
+
OPTIONS
The following options are supported:
@@ -264,9 +255,9 @@
+-----------------------------+-----------------------------+
SEE ALSO
- mdb(1), sync(2), uadmin(2), reboot(3C), attributes(7), grub(7),
- boot(8), dumpadm(8), fsck(8), halt(8), init(8), kernel(8), shutdown(8),
- svcadm(8), svccfg(8), sync(8), syslogd(8)
+ mdb(1), sync(2), uadmin(2), reboot(3C), wtmpx(5), attributes(7),
+ grub(7), boot(8), bootadm(8), dumpadm(8), halt(8), init(8), kernel(8),
+ shutdown(8), svcadm(8), svccfg(8), sync(8), syslogd(8)
NOTES
The reboot utility does not execute the scripts in /etc/rcnum.d or exe-
@@ -280,4 +271,4 @@
-Oracle Solaris 11.4 18 May 2017 reboot(8)
+Oracle Solaris 11.4 3 Nov 2021 reboot(8)
diff -NurbBw 11.4.39/xman8/repquota.8 11.4.42/xman8/repquota.8
--- 11.4.39/xman8/repquota.8 2022-02-15 11:15:47.074561383 +0000
+++ 11.4.42/xman8/repquota.8 2022-02-15 11:16:12.212345562 +0000
@@ -3,7 +3,7 @@
NAME
- repquota - summarize quotas for a ufs file system
+ repquota - summarize quotas for a UFS file system
SYNOPSIS
repquota [-v] filesystem...
@@ -13,24 +13,23 @@
DESCRIPTION
repquota prints a summary of the disk usage and quotas for the speci-
- fied ufs file systems. The current number of files and amount of space
+ fied UFS file systems. The current number of files and amount of space
(in kilobytes) is printed for each user along with any quotas created
with edquota(8).
- The filesystem must have the file quotas in its root directory.
-
-
- Only the super-user may view quotas which are not their own.
+ The filesystem must have the file quotas in its root directory, and the
+ repquota must be run by a user with read access to the quotas file,
+ which is normally restricted to root.
OPTIONS
The following options are supported:
- -a Report on all mounted ufs file systems that have rq in the
+ -a Report on all mounted UFS file systems that have rq in the
mntopts field of the /etc/vfstab file.
- -v Report quotas for all users, even those who do not consume
+ -v Report quotas for all user IDs, even those who do not consume
resources.
@@ -50,4 +49,4 @@
-Oracle Solaris 11.4 4 Feb 2015 repquota(8)
+Oracle Solaris 11.4 3 Nov 2021 repquota(8)
diff -NurbBw 11.4.39/xman8/route.8 11.4.42/xman8/route.8
--- 11.4.39/xman8/route.8 2022-02-15 11:15:47.084329017 +0000
+++ 11.4.42/xman8/route.8 2022-02-15 11:16:12.223631360 +0000
@@ -40,10 +40,11 @@
by means of the programmatic interface discussed in route(4P).
- route uses a routing socket and the new message types RTM_ADD,
- RTM_DELETE, RTM_GET, and RTM_CHANGE. While only superusers can modify
- routing tables, the RTM_GET operation is allowed for non-privileged
- users.
+ route uses a routing socket and the message types RTM_ADD, RTM_DELETE,
+ RTM_GET, and RTM_CHANGE. While the {PRIV_SYS_IP_CONFIG} privilege is
+ required to modify routing tables, the RTM_GET operation is allowed for
+ non-privileged users. The Network Management rights profile allows run-
+ ning route with the {PRIV_SYS_IP_CONFIG} privilege.
Persistent static route configuration can also be specified at install
@@ -225,8 +214,8 @@
Two modifiers avoid confusion between addresses and keywords (for exam-
- ple., host used as a symbolic host name). You can distinguish a desti-
- nation by preceding it with the -dst modifier. You can distinguish a
+ ple, host used as a symbolic host name). You can distinguish a destina-
+ tion by preceding it with the -dst modifier. You can distinguish a
gateway address by using the -gateway modifier. If the destination is
directly reachable by way of an interface requiring no intermediary IP
router to act as a gateway, this can be indicated by using the -inter-
@@ -492,8 +468,8 @@
SEE ALSO
uname(1), ioctl(2), getipnodebyname(3C), getnetbyname(3C),
inet_addr(3C), arp(4P), ip(4P), route(4P), routing(4P), ip-interface-
- management(5), hosts(5), networks(5), attributes(7), in.ripngd(8),
- in.routed(8), netstat(8), routed(8)
+ management(5), hosts(5), networks(5), attributes(7), privileges(7),
+ in.ripngd(8), in.routed(8), netstat(8), routed(8)
DIAGNOSTICS
add [ host| network] destination:gateway flags
@@ -564,4 +540,4 @@
-Oracle Solaris 11.4 25 Mar 2020 route(8)
+Oracle Solaris 11.4 3 Nov 2021 route(8)
diff -NurbBw 11.4.39/xman8/rpcbind.8 11.4.42/xman8/rpcbind.8
--- 11.4.39/xman8/rpcbind.8 2022-02-15 11:15:47.091547559 +0000
+++ 11.4.42/xman8/rpcbind.8 2022-02-15 11:16:12.230397929 +0000
@@ -36,6 +36,11 @@
for indirect calls. This is the UDP port on most systems.
+ The rpcbind daemon requires several non-basic privileges to run,
+ including {PRIV_NET_PRIVADDR}, {PRIV_SYS_NFS}, and (if Trusted Exten-
+ sions is in use) {PRIV_NET_BINDMLP}.
+
+
The rpcbind service is managed by the service management facility,
smf(7), under the service identifier:
@@ -44,8 +49,7 @@
Administrative actions on this service, such as enabling, disabling, or
- requesting restart, can be performed using svcadm(8). rpcbind can only
- be started by the superuser.
+ requesting restart, can be performed using svcadm(8).
The configuration properties of this service can be modified with svc-
@@ -182,8 +186,8 @@
TCP wrappers is Volatile.
SEE ALSO
- rpcbind(3C), syslog.conf(5), attributes(7), smf(7), smf(7), rpcinfo(8),
- svcadm(8), svccfg(8)
+ rpcbind(3C), syslog.conf(5), attributes(7), privileges(7), smf(7),
+ rpcinfo(8), svcadm(8), svccfg(8)
For information on the TCP wrappers facility, see the hosts_access(5)
@@ -201,4 +205,4 @@
-Oracle Solaris 11.4 2 July 2018 rpcbind(8)
+Oracle Solaris 11.4 3 Nov 2021 rpcbind(8)
diff -NurbBw 11.4.39/xman8/shutdown.8 11.4.42/xman8/shutdown.8
--- 11.4.39/xman8/shutdown.8 2022-02-15 11:15:47.102140023 +0000
+++ 11.4.42/xman8/shutdown.8 2022-02-15 11:16:12.236558566 +0000
@@ -10,9 +10,13 @@
[message]
DESCRIPTION
- shutdown is executed by the super user to change the state of the
- machine. In most cases, it is used to change from the multi-user state
- (state 2) to another state.
+ shutdown is executed by a system administrator to change the run level
+ of the machine. In most cases, it is used to change from the multi-user
+ state to another state.
+
+
+ shutdown must be run with an effective uid of 0, which may be provided
+ by the Maintenance and Repair rights profile.
By default, shutdown brings the system to a state where only the con-
@@ -71,6 +75,10 @@
dure is called to perform this task.
+
+ See init(8) for more information on the system run levels corresponding
+ to these states.
+
OPTIONS
-y
@@ -80,14 +88,15 @@
-g grace-period
- Allows the super user to change the number of seconds from the
- 60-second default.
+ Specify the number of seconds to wait and warn users before switch-
+ ing states. If this option is not used, the default is 60 seconds.
-i init-state
- If there are warnings, init-state specifies the state init is to be
- in. By default, system state 's' is used.
+ Specify the init-state to change to at the end of the grace period,
+ as if 'init init-state' was run. By default, system state 's' is
+ used.
-r
@@ -146,8 +154,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- init.d(5), inittab(5), nologin(5), attributes(7), boot(8), halt(8),
- init(8), killall(8), reboot(8), ufsdump(8)
+ init.d(5), inittab(5), nologin(5), attributes(7), smf(7), boot(8),
+ bootadm(8), halt(8), init(8), killall(8), reboot(8)
NOTES
When a system transitions down to run level 1 or single user (run level
@@ -161,4 +169,4 @@
-Oracle Solaris 11.4 14 Sept 2016 shutdown(8)
+Oracle Solaris 11.4 3 Nov 2021 shutdown(8)
diff -NurbBw 11.4.39/xman8/swap.8 11.4.42/xman8/swap.8
--- 11.4.39/xman8/swap.8 2022-02-15 11:15:47.107814081 +0000
+++ 11.4.42/xman8/swap.8 2022-02-15 11:16:12.242288394 +0000
@@ -12,10 +12,10 @@
/usr/sbin/swap -d swapname [swaplow]
- /usr/sbin/swap -l [-h | -k | --scale[=item1,,item2,...]]
+ /usr/sbin/swap -l [-h | -k | --scale[=item1,item2,...]]
- /usr/sbin/swap -s [-h | --scale[=item1,,item2,...]]
+ /usr/sbin/swap -s [-h | --scale[=item1,item2,...]]
DESCRIPTION
The swap utility provides a method of adding, deleting, and monitoring
@@ -101,14 +99,15 @@
-d swapname
- Delete the specified swap area. This option can only be used by the
- super-user. swapname is the name of the swap file: for example,
- /dev/dsk/c0t0d0s1 or a regular file. swaplow is the offset in
- 512-byte blocks into the swap area to be deleted. If swaplow is not
- specified, the area will be deleted starting at the second page.
- When the command completes, swap blocks can no longer be allocated
- from this area and all swap blocks previously in use in this swap
- area have been moved to other swap areas.
+ Delete the specified swap area. This option can only be used by an
+ administrator who is assigned the File System Management rights
+ profile or by root. swapname is the name of the swap file: for
+ example, /dev/dsk/c0t0d0s1 or a regular file. swaplow is the offset
+ in 512-byte blocks into the swap area to be deleted. If swaplow is
+ not specified, the area will be deleted starting at the second
+ page. When the command completes, swap blocks can no longer be
+ allocated from this area and all swap blocks previously in use in
+ this swap area have been moved to other swap areas.
-h
@@ -124,7 +123,8 @@
-l
- List the status of all the swap areas. The output has five columns:
+ List the status of all the swap areas. The output has these col-
+ umns:
path
@@ -162,8 +162,8 @@
because this space is not associated with a particular swap area.
If swap -l is run while swapname is in the process of being
- deleted (by swap-d), the string INDEL will appear in a seventh col-
- umn of the swap stats.
+ deleted (by swap -d), the string INDEL will appear in a seventh
+ column of the swap stats.
-s
@@ -196,8 +196,8 @@
future reservation and allocation.
These numbers include swap space from all configured swap areas as
- listed by the -l option, as well swap space in the form of physical
- memory.
+ listed by the -l option, as well as swap space in the form of phys-
+ ical memory.
--scale[=item1,item2,...]
@@ -214,7 +214,7 @@
Scaling is done by repetitively dividing by a scale factor of
1024. The use of binary scaling is indicated by the addition of
- an 'i' modifer to the suffix (Ki, Mi, Gi, ...).
+ an 'i' modifier to the suffix (Ki, Mi, Gi, ...).
max
@@ -271,16 +271,34 @@
SEE ALSO
pagesize(1), getpagesize(3C), vfstab(5), attributes(7), mkfile(8),
- shareall(8), zfs(8) zfs_encrypt(8)
+ shareall(8), zfs(8), zfs_encrypt(8)
NOTES
- For information about setting up a swap area with ZFS, see the Managing
- ZFS File Systems in Oracle Solaris 11.4.
+ For information about setting up a swap area with ZFS, see the book
+ Managing ZFS File Systems in Oracle Solaris 11.4.
WARNINGS
No check is done to determine if a swap area being added overlaps with
an existing file system.
+HISTORY
+ Support for the --scale option was added to the swap command in Oracle
+ Solaris 11.4.30.
+
+
+ The encrypted column was added to the output of the -l option in Oracle
+ Solaris 11.4.24.
+
+
+ The -h and -k options were added to the swap command in Oracle Solaris
+ 11.0, thanks to a contribution by Yann Poupet to the OpenSolaris
+ project.
+
+
+ The swap command; with support for the -a, -d, -l, and -s options; was
+ added to Solaris in the Solaris 2.0 release, replacing the swapon com-
+ mand used in SunOS 4.
+
-Oracle Solaris 11.4 26 August 2020 swap(8)
+Oracle Solaris 11.4 3 Nov 2021 swap(8)
diff -NurbBw 11.4.39/xman8/sysadm.8 11.4.42/xman8/sysadm.8
--- 11.4.39/xman8/sysadm.8 2022-02-15 11:15:47.114378616 +0000
+++ 11.4.42/xman8/sysadm.8 2022-02-15 11:16:12.246632164 +0000
@@ -160,28 +160,35 @@
more information.
- -a Evacuates both non-running zones as well as running zones.
+ -a Evacuates both non-running zones as well as running
+ zones.
- -v Reports evacuation progress verbosely.
+ -v [-v] Reports evacuation progress verbosely to the standard
+ output. Each output line has a timestamp.
+
+ When the -v option is doubled, the detailed per zone
+ migration progress is reported too.
-q Only reports errors.
-n Dry-run evacuation. Migration is planned, and a dry-run
- migration to the destination host is performed for each zone.
+ migration to the destination host is performed for each
+ zone.
- -r Returns zones. Each evacuated zone is migrated from its des-
- tination, if it is still running there, back to the source
- host. If the -a option is specified, it is cold migrated back
- if not running.
+ -r Returns zones. Each evacuated zone is migrated from its
+ destination, if it is still running there, back to the
+ source host. If the -a option is specified, it is cold
+ migrated back if not running.
- -w Overwrite zone configuration for each evacuated zone on the
- destination host with the respective configurations from the
- source host. This is mutually exclusive with the -n option.
+ -w Overwrite zone configuration for each evacuated zone on
+ the destination host with the respective configurations
+ from the source host. This is mutually exclusive with
+ the -n option.
@@ -255,6 +262,45 @@
+ Example 4 Getting the detailed evacuation progress messages.
+
+
+
+ # sysadm evacuate -vv
+ 2021-09-09 10:38:26.844 sysadm: preparing 2 zone(s) for evacuation ...
+ 2021-09-09 10:38:27.555 sysadm: initializing migration of kzone1 to desthost ...
+ 2021-09-09 10:38:28.209 sysadm: initializing migration of kzone2 to desthost ...
+ 2021-09-09 10:38:44.773 sysadm: evacuating 2 zone(s) ...
+ 2021-09-09 10:38:44.773 sysadm: migrating kzone2 to desthost ...
+ 2021-09-09 10:38:44.774 sysadm: migrating kzone1 to desthost ...
+ 2021-09-09 10:38:44.792 sysadm: kzone2: Performing initial copy (total 4096MB).
+ 2021-09-09 10:38:44.792 sysadm: kzone1: Performing initial copy (total 4096MB).
+ 2021-09-09 10:38:44.847 sysadm: kzone2: 0.00% done: 0MB copied @ 0.0MB/s, skipped 0MB
+ 2021-09-09 10:38:44.861 sysadm: kzone1: 0.00% done: 0MB copied @ 0.0MB/s, skipped 0MB
+ 2021-09-09 10:38:49.848 sysadm: kzone2: 37.30% done: 768MB copied @ 153.6MB/s, skipped 759MB
+ 2021-09-09 10:38:49.862 sysadm: kzone1: 49.11% done: 704MB copied @ 140.8MB/s, skipped 1307MB
+ 2021-09-09 10:38:54.848 sysadm: kzone2: 63.48% done: 1600MB copied @ 166.4MB/s, skipped 1000MB
+ 2021-09-09 10:38:54.863 sysadm: kzone1: 97.53% done: 1415MB copied @ 142.2MB/s, skipped 2578MB
+ 2021-09-09 10:38:59.849 sysadm: kzone2: 96.73% done: 2342MB copied @ 148.4MB/s, skipped 1619MB
+ 2021-09-09 10:38:59.864 sysadm: kzone1: 100.00% done: 1508MB copied @ 18.4MB/s, skipped 2587MB
+ 2021-09-09 10:38:59.867 sysadm: kzone1: Performing copy of recently modified memory.
+ 2021-09-09 10:38:59.883 sysadm: kzone1: Suspending zone on source host.
+ 2021-09-09 10:39:00.509 sysadm: kzone1: Waiting for migration to complete.
+ 2021-09-09 10:39:00.510 sysadm: kzone1: Halting and detaching zone on source host.
+ 2021-09-09 10:39:00.512 sysadm: kzone1: Migration successful.
+ 2021-09-09 10:39:04.850 sysadm: kzone2: 100.00% done: 2465MB copied @ 24.6MB/s, skipped 1630MB
+ 2021-09-09 10:39:04.852 sysadm: kzone2: Performing copy of recently modified memory.
+ 2021-09-09 10:39:04.862 sysadm: kzone2: Suspending zone on source host.
+ 2021-09-09 10:39:05.284 sysadm: kzone2: Waiting for migration to complete.
+ 2021-09-09 10:39:06.286 sysadm: kzone2: Migration successful.
+ 2021-09-09 10:39:06.287 sysadm: kzone2: Halting and detaching zone on source host.
+ 2021-09-09 10:39:07.124 sysadm: kzone1: evacuated to ssh://desthost/
+ 2021-09-09 10:39:07.124 sysadm: kzone2: evacuated to ssh://desthost/
+ 2021-09-09 10:39:07.124 sysadm: evacuation completed successfully.
+
+
+
+
EXIT STATUS
The following exit values are returned:
@@ -270,21 +316,33 @@
+CAVEATS
+ When SSH transport is used, the sysadm utility requires the SSH keys to
+ have empty passphrase to ensure non-interactive evacuation of the zones
+ and their eventual returning. Unlike zoneadm(8), the sysadm utility
+ ignores the SSH_AUTH_SOCK environment variable.
+
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +-----------------------------+-----------------------------+
+ +----------------------------------------+-----------------------------+
|ATTRIBUTE TYPE |ATTRIBUTE VALUE |
- +-----------------------------+-----------------------------+
- |Interface Stability |Committed |
- +-----------------------------+-----------------------------+
+ +----------------------------------------+-----------------------------+
+ |Interface Stability | See below. |
+ +----------------------------------------+-----------------------------+
+ |- CLI options | Committed |
+ +----------------------------------------+-----------------------------+
+ |- Parsable output of sysadm evacuate -l | Committed |
+ +----------------------------------------+-----------------------------+
+ |- Human readable and verbose output | Not-an-Interface |
+ +----------------------------------------+-----------------------------+
|Availability |system/zones |
- +-----------------------------+-----------------------------+
+ +----------------------------------------+-----------------------------+
SEE ALSO
zones(7), solaris-kz(7), solaris(7), rad(8), beadm(8), svc.zones(8)
-Oracle Solaris 11.4 28 Aug 2020 sysadm(8)
+Oracle Solaris 11.4 8 Oct 2021 sysadm(8)
diff -NurbBw 11.4.39/xman8/syseventadm.8 11.4.42/xman8/syseventadm.8
--- 11.4.39/xman8/syseventadm.8 2022-02-15 11:15:47.127326688 +0000
+++ 11.4.42/xman8/syseventadm.8 2022-02-15 11:16:12.251298438 +0000
@@ -23,8 +23,8 @@
DESCRIPTION
The syseventadm command is an administrative front-end to add, remove
and list sysevent event handlers. You can also restart the sysevent
- daemon by use of the restart command. syseventadm can only be run by
- root.
+ daemon by use of the restart command. syseventadm can only be run by a
+ user with a uid of 0 or the System Event Management rights profile.
The syseventadm add command adds a handler for a sysevent event speci-
@@ -341,4 +313,4 @@
-Oracle Solaris 11.4 12 Aug 2014 syseventadm(8)
+Oracle Solaris 11.4 3 Nov 2021 syseventadm(8)
diff -NurbBw 11.4.39/xman8/tcpkey.8 11.4.42/xman8/tcpkey.8
--- 11.4.39/xman8/tcpkey.8 2022-02-15 11:15:47.137725339 +0000
+++ 11.4.42/xman8/tcpkey.8 2022-02-15 11:16:12.254712774 +0000
@@ -27,13 +27,14 @@
tcpkey [-nv] -s filename
DESCRIPTION
- The tcpkey command is used to manually manipulate the tcp(4P) MD5 secu-
- rity association database.
+ The tcpkey command is used to manually manipulate the tcp(4P) security
+ association database.
tcpkey uses a PF_KEY socket and the message types SADB_ADD,
- SADB_DELETE, SADB_GET, SADB_UPDATE, and SADB_FLUSH. You must be a supe-
- ruser to use this command.
+ SADB_DELETE, SADB_GET, SADB_UPDATE, and SADB_FLUSH. Thus, you must have
+ the {PRIV_SYS_IP_CONFIG} privilege or Network TCP Key Management rights
+ profile to use this command.
OPTIONS
The following options are supported:
@@ -195,4 +196,4 @@
-Oracle Solaris 11.4 27 Nov 2017 tcpkey(8)
+Oracle Solaris 11.4 3 Nov 2021 tcpkey(8)
diff -NurbBw 11.4.39/xman8/trapstat.8 11.4.42/xman8/trapstat.8
--- 11.4.39/xman8/trapstat.8 2022-02-15 11:15:47.167479540 +0000
+++ 11.4.42/xman8/trapstat.8 2022-02-15 11:16:12.270507210 +0000
@@ -674,13 +650,19 @@
See attributes(7) for descriptions of the following attributes:
- +-----------------------------------------------------------+
- | ATTRIBUTE TYPE ATTRIBUTE VALUE |
- |Availability system/core-os |
- |Interface Stability |
- | Human Readable Output Uncommitted |
- | Parsable Output Committed |
- +-----------------------------------------------------------+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Architecture |SPARC |
+ +-----------------------------+-----------------------------+
+ |Availability |system/core-os |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |See below |
+ +-----------------------------+-----------------------------+
+
+
+ The human readable output has a stability level of Uncommitted. The
+ parsable output has a stability level of Committed.
SEE ALSO
pmap(1), ppgsz(1), getpagesizes(3C), lockstat(8), pbind(8), psrinfo(8),
@@ -734,8 +716,9 @@
miss traps.
- Due to the potential system wide degradation induced, only the super-
- user can run trapstat.
+ Due to the potential system wide degradation induced, higher access
+ levels are required to run trapstat, including access to the /dev/trap-
+ stat device file, and the {PRIV_PROC_CLOCK_HIGHRES} privilege.
Due to the limitation of the underlying statistics gathering methodol-
@@ -758,4 +741,4 @@
-Oracle Solaris 11.4 11 May 2021 trapstat(8)
+Oracle Solaris 11.4 3 Nov 2021 trapstat(8)
diff -NurbBw 11.4.39/xman8/uadmin.8 11.4.42/xman8/uadmin.8
--- 11.4.39/xman8/uadmin.8 2022-02-15 11:15:47.171260566 +0000
+++ 11.4.42/xman8/uadmin.8 2022-02-15 11:16:12.280865915 +0000
@@ -11,8 +11,8 @@
DESCRIPTION
The uadmin command provides control for basic administrative functions.
This command is tightly coupled to the system administration procedures
- and is not intended for general use. It may be invoked only by the
- super-user.
+ and is not intended for general use. It may be invoked only by a user
+ with the {PRIV_SYS_CONFIG} privilege.
Both the cmd (command) and fcn (function) arguments are converted to
@@ -42,7 +40,7 @@
+-----------------------------+-----------------------------+
SEE ALSO
- uadmin(2), attributes(7), halt(8), reboot(8)
+ uadmin(2), attributes(7), privileges(7), halt(8), reboot(8)
NOTES
If the SMF property config/uadmin_boot_archive_sync on the service
@@ -51,4 +49,4 @@
-Oracle Solaris 11.4 26 Mar 2020 uadmin(8)
+Oracle Solaris 11.4 3 Nov 2021 uadmin(8)
diff -NurbBw 11.4.39/xman8/vntsd.8 11.4.42/xman8/vntsd.8
--- 11.4.39/xman8/vntsd.8 2022-02-15 11:15:47.175277724 +0000
+++ 11.4.42/xman8/vntsd.8 2022-02-15 11:16:12.285179458 +0000
@@ -128,9 +128,11 @@
Special Console Commands
A tilde (~) appearing as the first character of a line is an escape
- signal that directs vntsd to perform a special console command. The
- tilde-tilde (~~) sequence outputs a tilde. In conjunction with the ini-
- tial tilde, vntsd accepts the following special console commands:
+ signal that directs vntsd to perform a special console command. You can
+ specify an alternate escape character by assigning a value to the
+ vntsd/escape_char property. The tilde-tilde (~~) sequence outputs a
+ tilde. In conjunction with the initial tilde, vntsd accepts the follow-
+ ing special console commands:
~.
@@ -215,40 +217,16 @@
You can change the following properties using the svccfg(8) command:
- vntsd/vcc_device
-
- Set an instance of the virtual console concentrator (vcc) driver to
- which vntsd is connected.
-
-
- vntsd/listen_addr
-
- Set the IP address to which vntsd listens, using the following syn-
- tax:
-
-
- vntsd/listen_addr:"xxx.xxx.xxx.xxx"
-
- ...where xxx.xxx.xxx.xxx is a valid IP address. The default value
- of this property is to listen on IP address 127.0.0.1. Users can
- connect to a guest console over a network if the value is set to
- the IP address of the control domain.
-
- Note -
-
-
-
- Enabling network access to a console has security implications.
- Any user can connect to a console and for this reason it is dis-
- abled by default.
-
+ custom_vntsd/console_log_path
- vntsd/timeout_minutes
+ Specify the full path name of the guest domain console log. The
+ default location of the log is /var/log/vntsd/domain-name/console-
+ log.
- Set timeout in minutes. vntsd will timeout (close) telnet connec-
- tion if there is no activity (input or output) on the console. The
- default value is 0, which disables timeout.
+ Virtual console logging is enabled by default. For information
+ about enabling and disabling virtual console logging, see the log
+ property of the ldm set-vcons command in the ldm(8) man page.
vntsd/authorization
@@ -298,18 +276,60 @@
- custom_vntsd/console_log_path
+ vntsd/escape_char
- Specify the full path name of the guest domain console log. The
- default location of the log is /var/log/vntsd/domain-name/console-
- log.
+ Specify an alternate escape character for disconnecting from a con-
+ sole or a console group. The default escape character is ~.
+
+ You can use the following SMF commands to set the alternate escape
+ character:
+
+ # svccfg
+ svc:> select vntsd
+ svc:/ldoms/vntsd> setprop vntsd/escape_char="%"
+ svc:/ldoms/vntsd> refresh
+ svc:/ldoms/vntsd> end
+ # svcadm disable vntsd
+ # svcadm enable vntsd
- Virtual console logging is enabled by default. For information
- about enabling and disabling virtual console logging, see the log
- property of the ldm set-vcons command in the ldm(8) man page.
+ vntsd/listen_addr
+
+ Set the IP address to which vntsd listens, using the following syn-
+ tax:
+
+
+ vntsd/listen_addr:"xxx.xxx.xxx.xxx"
+
+ ...where xxx.xxx.xxx.xxx is a valid IP address. The default value
+ of this property is to listen on IP address 127.0.0.1. Users can
+ connect to a guest console over a network if the value is set to
+ the IP address of the control domain.
+
+ Note -
+
+
+
+ Enabling network access to a console has security implications.
+ Any user can connect to a console and for this reason it is dis-
+ abled by default.
+
+
+
+ vntsd/timeout_minutes
+
+ Set timeout in minutes. vntsd will timeout (close) telnet connec-
+ tion if there is no activity (input or output) on the console. The
+ default value is 0, which disables timeout.
+
+
+ vntsd/vcc_device
+
+ Set an instance of the virtual console concentrator (vcc) driver to
+ which vntsd is connected.
+
-Oracle Solaris 11.4 22 Feb 2018 vntsd(8)
+Oracle Solaris 11.4 24 Sept 2021 vntsd(8)
diff -NurbBw 11.4.39/xman8/wall.8 11.4.42/xman8/wall.8
--- 11.4.39/xman8/wall.8 2022-02-15 11:15:47.180302604 +0000
+++ 11.4.42/xman8/wall.8 2022-02-15 11:16:12.288441503 +0000
@@ -16,19 +16,18 @@
- If filename is given, then the message is read in from that file. Nor-
- mally, pseudo-terminals that do not correspond to rlogin sessions are
- ignored. Thus, when using a window system, the message appears only on
- the console window. However, -a will send the message even to such
- pseudo-terminals.
+ If filename is given, then the message is read in from that file.
It is used to warn all users, typically prior to shutting down the sys-
- tem.
+ tem. Normally, pseudo-terminals that do not correspond to login ses-
+ sions are ignored. Thus, when using a window system, the message
+ appears only on the console window. However, -a will send the message
+ even to such pseudo-terminals.
- The sender must be superuser to override any protections the users may
- have invoked. See mesg(1).
+ The sender must have all privileges to override any protections the
+ users may have invoked. See mesg(1).
wall runs setgid() to the group ID tty, in order to have write permis-
@@ -77,9 +76,9 @@
mesg(1), write(1), setuid(2), attributes(7), environ(7)
NOTES
- wall displays "Cannot send to ..." when the open on a user's tty file
- fails.
+ wall displays "Cannot send to ..." when it fails to open a user's tty
+ file.
-Oracle Solaris 11.4 5 Aug 2014 wall(8)
+Oracle Solaris 11.4 3 Nov 2021 wall(8)
diff -NurbBw 11.4.39/xman8/wpad.8 11.4.42/xman8/wpad.8
--- 11.4.39/xman8/wpad.8 2022-02-15 11:15:47.184316591 +0000
+++ 11.4.42/xman8/wpad.8 1969-12-31 16:00:00.000000000 +0000
@@ -1,116 +0,0 @@
-System Administration Commands wpad(8)
-
-
-
-NAME
- wpad - WPA and WPA2 protocol daemon
-
-SYNOPSIS
- /usr/lib/inet/wpad [-i interface] [-k pre_shared_key_name]
-
-DESCRIPTION
- The wpad daemon provides common client functionality for the WiFi Pro-
- tected Access (WPA) versions 1 and 2, as defined by IEEE802.11i stan-
- dard. WPA was created by the WiFi Alliance, an industry trade group.
- WPA implements the majority of the IEEE 802.11i standard, and was
- intended as an intermediate measure to take the place of Wired Equiva-
- lent Privacy (WEP) while 802.11i was prepared. WPA2 implements the full
- standard.
-
-
- wpad provides the following WPA/IEEE 802.11i features:
-
- o WPA-PSK ("WPA-Personal")
-
-
- o Key management for CCMP, TKIP, WEP104, WEP40
-
-
-
- Stop and start the wpad daemon using dladm(8). Use:
-
- # dladm connect-wifi
-
-
-
- ...to start the wpad daemon. Use:
-
- # dladm disconnect-wifi
-
-
-
- ...to stop the daemon.
-
-OPTIONS
- The following options are supported:
-
- -i interface
-
- Specify a WiFi Link interface to start the wpad daemon.
-
-
- -k pre_shared_key_name
-
- Specify the pre-shared key used for the WiFi Link.
-
-
-EXAMPLES
- Example 1 Starting the wpad Daemon on Specific WiFi Link
-
-
-
- To create the WPA key psk, enter the following command:
-
-
- # dladm create-secobj -c wpa psk
-
-
-
-
- To use key psk to connect to ESSID wlan on link ath0, enter the follow-
- ing command:
-
-
- # dladm connect-wifi -k psk -e wlan ath0
-
-
- Example 2 Stopping the wpad Daemon on Specific WiFi Link
-
-
-
- To stop the daemon on the link ath0, enter:
-
-
- # dladm disconnect-wifi ath0
-
-
-ATTRIBUTES
- See attributes(7) for descriptions of the following attributes:
-
-
- +-----------------------------+-----------------------------+
- | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +-----------------------------+-----------------------------+
- |Availability |service/network/wpa |
- +-----------------------------+-----------------------------+
- |Interface Stability |Uncommitted |
- +-----------------------------+-----------------------------+
-
-SEE ALSO
- svcs(1), attributes(7), smf(7), dladm(8), svcadm(8)
-
-NOTES
- The wpad service is managed by the service management facility, smf(7),
- under the service identifier:
-
- svc:/network/wpa:<link>
-
-
-
- Administrative actions on this service, such as enabling, disabling, or
- requesting restart, can be performed using svcadm(8). The service's
- status can be queried using the svcadm(8) command.
-
-
-
-Oracle Solaris 11.4 11 Mar 2008 wpad(8)
diff -NurbBw 11.4.39/xman8/ypinit.8 11.4.42/xman8/ypinit.8
--- 11.4.39/xman8/ypinit.8 2022-02-15 11:15:47.188140364 +0000
+++ 11.4.42/xman8/ypinit.8 2022-02-15 11:16:12.292116520 +0000
@@ -9,8 +9,9 @@
/usr/sbin/ypinit [-c] [-m] [-s master_server]
DESCRIPTION
- ypinit can be used to set up an NIS client system. You must be the
- superuser to run this command. This script need not be used at all if
+ ypinit can be used to set up an NIS client system. This command must be
+ run with superuser privileges, which may be provided by the Name Ser-
+ vice Management rights profile. This script need not be used at all if
ypbind(8) is started with the -broadcast option (it is invoked with
this option from the svc:/network/nis/client:default service).
@@ -72,8 +73,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- svcs(1), ypwhich(1), sysinfo(2), hosts(5), attributes(7), smf(7),
- svcadm(8), ypbind(8)
+ svcs(1), ypwhich(1), sysinfo(2), hosts(5), nsswitch.conf(5),
+ attributes(7), smf(7), domainname(8), svcadm(8), ypbind(8)
NOTES
The NIS client service is managed by the service management facility,
@@ -95,4 +96,4 @@
-Oracle Solaris 11.4 11 May 2021 ypinit(8)
+Oracle Solaris 11.4 3 Nov 2021 ypinit(8)
diff -NurbBw 11.4.39/xman8/zfs.8 11.4.42/xman8/zfs.8
--- 11.4.39/xman8/zfs.8 2022-02-15 11:15:47.246232113 +0000
+++ 11.4.42/xman8/zfs.8 2022-02-15 11:16:12.337589234 +0000
@@ -56,7 +56,8 @@
zfs get [-rHpe|-d max][-o all | field[,...]] [-s source[,...]]
- all | property[,...] filesystem|volume|snapshot|share ...
+ [-I state,...] all | property[,...]
+ filesystem|volume|snapshot|share ...
zfs get share [filesystem]
@@ -1759,8 +1760,8 @@
- zfs get [-rHpe|-d max] [-o all | field[,...] [-s source[,...]] all |
- property[,...] filesystem|volume|snapshot|share ...
+ zfs get [-rHpe|-d max] [-o all | field[,...]] [-s source[,...]] [-I
+ state,...] all | property[,...] filesystem|volume|snapshot|share ...
Displays properties for the given datasets. If no datasets are
specified, then the command displays properties for all datasets on
@@ -1839,6 +1840,17 @@
The default value is all sources.
+ -I state
+
+ A comma-separated list of dataset states to display instead of
+ the 'normal' datasets that are usually displayed. The state
+ parameter can include the following non-normal states: receiv-
+ ing, resumable, hidden, or all. For instance, specifying -I
+ resumable will display only resumable datasets. The state value
+ 'all' will display datasets with receiving, resumable or hidden
+ states.
+
+
zfs groupspace [-hniHp] [-o field[,...]] [-sS field]... [-t type
[,...]] filesystem | snapshot
@@ -3241,4 +3253,4 @@
-Oracle Solaris 11.4 11 May 2021 zfs(8)
+Oracle Solaris 11.4 23 Sep 2021 zfs(8)
diff -NurbBw 11.4.39/xman8/zoneadm.8 11.4.42/xman8/zoneadm.8
--- 11.4.39/xman8/zoneadm.8 2022-02-15 11:15:47.261315482 +0000
+++ 11.4.42/xman8/zoneadm.8 2022-02-15 11:16:12.365446500 +0000
@@ -474,6 +474,9 @@
The -s, -v, and -p options are mutually exclusive. If neither
-v, -p nor -d is used, just the zone name is listed.
+ The -p and -d options cannot be used together as -p implies
+ printing the description.
+
-s
@@ -504,6 +507,9 @@
The -s and -d options are mutually exclusive.
+ The -p and -d options cannot be used together as -p implies
+ printing the description.
+
-b brand[,brand]
@@ -617,6 +623,10 @@
port defaults to the standard RAD port. Supported values for scheme
are rads, rad, and ssh.
+ When ssh scheme is used, zoneadm migrate observes the SSH_AUTH_SOCK
+ environment variable pointing to a UNIX-domain socket created by
+ ssh-agent(1).
+
To receive migrating zones, the RAD service mentioned must be run-
ning. In addition, the 'kz-migr' service under inetd must be
enabled for live migration. With the default configuration, there-
@@ -1794,4 +1804,4 @@
-Oracle Solaris 11.4 11 May 2021 zoneadm(8)
+Oracle Solaris 11.4 8 Oct 2021 zoneadm(8)
diff -NurbBw 11.4.39/xman8/zonecfg.8 11.4.42/xman8/zonecfg.8
--- 11.4.39/xman8/zonecfg.8 2022-02-15 11:15:47.287849559 +0000
+++ 11.4.42/xman8/zonecfg.8 2022-02-15 11:16:12.390161826 +0000
@@ -537,9 +537,9 @@
global: description
- An optional description of the zone. A string of up to 255 US-ASCII
- characters. Enclose the value in double quotes for a description
- with spaces.
+ An optional description of the zone. A string of up to 255 print-
+ able US-ASCII characters. Enclose the value in double quotes for a
+ description with spaces.
global: zonepath
@@ -1789,7 +1789,7 @@
- dedicated-cpu: cpus, cores, sockets ncpus, importance
+ dedicated-cpu: cpus, cores, sockets, ncpus, importance
This resource will create a pool and processor set for exclusive
use by the zone when it boots. These processors are not available
@@ -1976,24 +1976,31 @@
rootzpool: storage
- Defines one or more storage resources to be used exclusively for a
- dedicated ZFS pool containing the zone installation. The allowed
- values for storage are defined in suri(7).
+ Defines one or more storage URIs to be used exclusively for a dedi-
+ cated ZFS pool containing the zone installation. The allowed values
+ for storage are defined in suri(7).
+
+ If multiple storage properties are present during installation, a
+ mirrored ZFS pool will be created.
zpool: storage, name
- Defines one or more storage resources to be used exclusively for a
- zpool delegated to the zone. The allowed values for storage are
- defined in suri(7) man page. The allowed values for name are
- defined in zpool(8) man page. The name rpool is not permitted.
+ Defines one or more storage URIs to be used exclusively for a zpool
+ delegated to the zone. The allowed values for storage are defined
+ in suri(7) man page. The allowed values for name are defined in
+ zpool(8) man page. The name rpool is not permitted.
+
+ If multiple storage properties are present during installation, a
+ mirrored ZFS pool will be created.
npiv: virtual-port-wwn, over-hba
- Sets an unique 64bit port world wide name to an npiv with virtual-
- port-wwn, which is optional and will be set with an automatically
- generated wwn. users can still override this generated wwn.
+ Sets an unique 64bit port World Wide Name (WWN) to an NPIV port
+ with virtual-port-wwn, which is optional and will be set with an
+ automatically generated WWN. Users can still override this gener-
+ ated WWN.
Property over-hba is optional as well and it could be an empty
string, which means physical HBA ports are chosen in a round-robin
@@ -3802,4 +3809,4 @@
-Oracle Solaris 11.4 11 May 2021 zonecfg(8)
+Oracle Solaris 11.4 29 Nov 2021 zonecfg(8)
diff -NurbBw 11.4.39/xman8/zpool.8 11.4.42/xman8/zpool.8
--- 11.4.39/xman8/zpool.8 2022-02-15 11:15:47.313728994 +0000
+++ 11.4.42/xman8/zpool.8 2022-02-15 11:16:12.441335371 +0000
@@ -572,9 +572,9 @@
This sets the allocation unit ZFS will use to read and write from
and to the vdev. In general this property should not need to be set
by hand. The value for 'allocunit' must be a power of 2 number
- between 512 and 16384(16K). If an invalid or unsupported 'allocu-
- nit' is specified (for example a smaller 'allocunit' than the logi-
- cal sectorsize of the device), an error will be returned.
+ between 512 and 8192(8K). If an invalid or unsupported 'allocunit'
+ is specified (for example a smaller 'allocunit' than the logical
+ sectorsize of the device), an error will be returned.
Please note that the allocunit is used by zfs to do allocations and
that has a consequence that allocated blocks that zfs write and
@@ -847,6 +847,21 @@
Aliases: aunit
+ alloc
+
+ Total allocated space on a vdev or a disk.
+
+
+ free
+
+ Total allocatable space on a vdev or a disk.
+
+
+ pctfull
+
+ Percentage of allocated space on a vdev or a disk.
+
+
lsize
Logical sector size reported by a disk.
@@ -1283,8 +1298,8 @@
A comma-separated list of device status property fields to dis-
play. The list of status fields available are: name, state,
read, write, checksum, repair, resilver, slow, allocunit,
- psize, lsize. See 'Device status properties' section for more
- details.
+ psize, lsize, alloc, free and pctfull. See 'Device status prop-
+ erties' section for more details.
When used in combination with -S, 'config' section is implic-
itly included in the sections displayed.
@@ -1867,8 +1882,8 @@
A comma-separated list of device status property fields to dis-
play. The list of status fields available are: name, state,
read, write, checksum, repair, resilver, slow, allocunit,
- psize, lsize. See 'Device status properties' section for more
- details.
+ psize, lsize, alloc, free and pctfull. See 'Device status prop-
+ erties' section for more details.
When used in combination with -S, 'config' section is implic-
itly included in the sections displayed.
diff -NurbBw 11.4.39/xman9e/aread.9e 11.4.42/xman9e/aread.9e
--- 11.4.39/xman9e/aread.9e 2022-02-15 11:15:47.319542631 +0000
+++ 11.4.42/xman9e/aread.9e 2022-02-15 11:16:12.445387653 +0000
@@ -11,9 +11,8 @@
#include <sys/cred.h>
#include <sys/ddi.h>
#include <sys/sunddi.h>
- intprefix
- aread(dev_t dev, struct aio_req *aio_reqp, cred_t *cred_p);
+ int prefixaread(dev_t dev, struct aio_req *aio_reqp, cred_t *cred_p);
INTERFACE LEVEL
Solaris DDI specific (Solaris DDI). This entry point is optional. Driv-
@@ -34,7 +33,7 @@
The driver's aread() routine is called to perform an asynchronous read.
getminor(9F) can be used to access the minor number component of the
dev argument. aread() may use the credential structure pointed to by
- cred_p to check for superuser access by calling drv_priv(9F). The
+ cred_p to check for required privileges by calling drv_priv(9F). The
aread() routine may also examine the uio(9S) structure through the
aio_req structure pointer, aio_reqp. aread() must call aphysio(9F) with
the aio_req pointer and a pointer to the driver's strategy(9E) routine.
@@ -84,4 +82,4 @@
-Oracle Solaris 11.4 28 Mar 1997 aread(9E)
+Oracle Solaris 11.4 3 Nov 2021 aread(9E)
diff -NurbBw 11.4.39/xman9e/awrite.9e 11.4.42/xman9e/awrite.9e
--- 11.4.39/xman9e/awrite.9e 2022-02-15 11:15:47.322698428 +0000
+++ 11.4.42/xman9e/awrite.9e 2022-02-15 11:16:12.450202790 +0000
@@ -34,7 +34,7 @@
The driver's awrite() routine is called to perform an asynchronous
write. getminor(9F) can be used to access the minor number component of
the dev argument. awrite() may use the credential structure pointed to
- by cred_p to check for superuser access by calling drv_priv(9F). The
+ by cred_p to check for required privileges by calling drv_priv(9F). The
awrite() routine may also examine the uio(9S) structure through the
aio_req structure pointer, aio_reqp. awrite() must call aphysio(9F)
with the aio_req pointer and a pointer to the driver's strategy(9E)
@@ -90,4 +89,4 @@
-Oracle Solaris 11.4 20 Aug 2019 awrite(9E)
+Oracle Solaris 11.4 3 Nov 2021 awrite(9E)
diff -NurbBw 11.4.39/xman9f/kstat_create.9f 11.4.42/xman9f/kstat_create.9f
--- 11.4.39/xman9f/kstat_create.9f 2022-02-15 11:15:47.326131168 +0000
+++ 11.4.42/xman9f/kstat_create.9f 2022-02-15 11:16:12.456126802 +0000
@@ -78,7 +78,8 @@
KSTAT_FLAG_WRITABLE
- Makes the kstat data section writable by root.
+ Makes the kstat data section writable by processes with the
+ {PRIV_SYS_CONFIG} privilege.
KSTAT_FLAG_PERSISTENT
@@ -142,8 +143,18 @@
}
+ATTRIBUTES
+ See attributes(7) for descriptions of the following attributes:
+
+
+ +-----------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +-----------------------------+-----------------------------+
+ |Interface Stability |Obsolete |
+ +-----------------------------+-----------------------------+
+
SEE ALSO
- kstat(3KSTAT), ddi_get_instance(9F), kstat_delete(9F),
+ kstat(3KSTAT), privileges(7), ddi_get_instance(9F), kstat_delete(9F),
kstat_install(9F), kstat_named_init(9F), kstat(9S), kstat_named(9S),
kstat2_create(9F), kstat2_delete(9F), kstat2_install(9F)
@@ -158,4 +169,4 @@
-Oracle Solaris 11.4 27 Nov 2017 kstat_create(9F)
+Oracle Solaris 11.4 3 Nov 2021 kstat_create(9F)
diff -NurbBw 11.4.39/xman9f/net_kstat_create.9f 11.4.42/xman9f/net_kstat_create.9f
--- 11.4.39/xman9f/net_kstat_create.9f 2022-02-15 11:15:47.329417947 +0000
+++ 11.4.42/xman9f/net_kstat_create.9f 2022-02-15 11:16:12.460898785 +0000
@@ -12,7 +12,7 @@
#include <sys/neti.h>
kstat_t *net_kstat_create(netid_t netid, char *module,
- int instance, char *name, char *class, uchar_type type,
+ int instance, char *name, char *class, uchar_t type,
ulong_t ndata, uchar_t ks_flag);
INTERFACE LEVEL
@@ -76,7 +76,8 @@
KSTAT_FLAG_WRITABLE
- Makes the kstat data section writable by root.
+ Makes the kstat data section writable by processes with
+ the {PRIV_SYS_CONFIG} privilege.
KSTAT_FLAG_PERSISTENT
@@ -120,8 +121,8 @@
+-----------------------------+-----------------------------+
SEE ALSO
- ddi_get_instance(9F), kstat_create(9F), kstat_delete(9F),
- net_kstat_delete(9F), hook_t(9S), kstat_named(9S),
+ privileges(7), ddi_get_instance(9F), kstat_create(9F),
+ kstat_delete(9F), net_kstat_delete(9F), hook_t(9S), kstat_named(9S),
net_kstat2_delete(9F), net_kstat2_create(9F), kstat2_create(9F)
NOTES
@@ -132,4 +133,4 @@
-Oracle Solaris 11.4 14 May 2018 net_kstat_create(9F)
+Oracle Solaris 11.4 3 Nov 2021 net_kstat_create(9F)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment