Skip to content

Instantly share code, notes, and snippets.

@alanc

alanc/SRU63-man-page-changes.diff

Created November 18, 2023 01:17
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save alanc/eb21f572ef0e26332bcb1523016d2d39 to your computer and use it in GitHub Desktop.
Save alanc/eb21f572ef0e26332bcb1523016d2d39 to your computer and use it in GitHub Desktop.
Download ZIP
Changes to core OS man pages in Oracle Solaris 11.4 SRU 63
Raw
Solaris-11.4-SRU63-man-page-changes.txt
15250054 network/service should be able to get DNS resolver search value from DHCP
15723200 Remove P5I from DTD and code
20713868 dhcp client should support dns search
30248481 sxadm should show SMEP as readonly extension
34218894 ZFS setting to block delete of files whose retention has expired (legal hold)
34380991 ZFS setting to automatically delete files whose retention has expired
34595602 Tool to configure for AD as LDAP service
34680891 ZFS setting to allow modifying read/exec permissions of retained files
34714895 zoneadm(8) is missing rad-uri(7) reference
34735734 problem in KERNEL/ARCH-AMD64
34751341 luxadm(8) man page should contain alternative commands
34842697 vmstat performance degraded in non-global zone vs global zone
35093526 zfs_allow man page property list is out of date
35093904 Repackage smbfs and tag legacy
35333151 kernel zones need optional strict memlzr behavior
35358630 'pass all' rule is too paranoid
35386823 solaris-kz man page has merge text in it
35395419 update ucred_get(3C) and audit.log(5) to cover addition of kerberos principal
35435540 provide a mechanism to temporarily disable reboot/halt
35510956 Fix missing, incorrect, or inconsistent Architecture attribute in man pages
35590791 prstat could use sys and usr as additional sort keys
35620634 authpriv missing from syslog.conf(5)
35621815 solaris-kz(7) needs sections on how time is set and synchronized
35621859 rad(8) man page should reference rad-uri(7)
35621924 assorted issues in zones related man pages
35621968 bad formatting in iscsiadm manual page
35622006 kernel(8) man page milestone names should be literals
35622037 suriadm(8) man page SYNOPSIS section does not need all subcommands
35622105 suriadm(8) man page use of literals does not need to put those in <>
35625601 zones related man page have SEE ALSO incorrectly sorted
35648636 savecore should generate a latest link
35655082 Split the legacy network utilities package [PSARC/2023/085]
35686729 zfs_share(8) needs to call out AUTH_DH props as unsupported
35694044 sxadm extensions need to better reflect their hardware capabilities
35728793 Update man page date for smbfs repackaging changes
35740933 killall(8) is not used by shutdown(8), contrary to its manual page
35796682 ieee802.11(7) man page should have been removed with Wifi Framework
35797790 Assorted fixes for Section 7 man pages
PSARC 2023/086 sxadm(1m) update for AMD's BTC_NO and Intel SMEP
PSARC/2022/188 Extend audit record by Kerberos principal
PSARC/2023/028 ZFS Filesystem Retention Changing ACL
PSARC/2023/029 ZFS Filesystem Retention Autodelete and Hold
PSARC/2023/030 ZFS delegatable column for the "zfs help -l properties" command
PSARC/2023/045 Automate LDAP setup for use with an Active Directory domain
PSARC/2023/058 New API functions for v12n
PSARC/2023/068 Ability to temporarily disable system reboot/halt
PSARC/2023/077 DHCP4 search configuration in svc:/network/service
PSARC/2023/078 Repackage SMB1 client and Move to Legacy State
PSARC/2023/082 Strict Mode for Live Memory Reconfiguration for Kernel Zones
PSARC/2023/085 Legacy network utilities package split
Copyright (c) 1983, 2023, Oracle and/or its affiliates.
Raw
SRU63-man-page-changes.diff
diff -NurbBw 11.4.60/man1/dhcpinfo.1 11.4.63/man1/dhcpinfo.1
--- 11.4.60/man1/dhcpinfo.1 2023-11-17 16:41:19.596341251 -0800
+++ 11.4.63/man1/dhcpinfo.1 2023-11-17 16:41:42.818929680 -0800
@@ -57,6 +57,9 @@
name, RFC 1035 format
Classless Route Classless Static Route Iden- CLROUTE
tifier, RFC 3442 format
+ DNSDomSearch An RFC 1035-compressed list FQDN
+ of fully qualified domain
+ names
diff -NurbBw 11.4.60/man1/rcp.1 11.4.63/man1/rcp.1
--- 11.4.60/man1/rcp.1 2023-11-17 16:41:19.632217776 -0800
+++ 11.4.63/man1/rcp.1 2023-11-17 16:41:42.851772268 -0800
@@ -93,15 +93,15 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+--------------------------------+
- | Availability |network/legacy-remote-utilities |
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
+ | Availability |network/legacy-remote-bsd-utilities |
+ +------------------------------+------------------------------------+
| CSI |Enabled |
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
| Interface Stability |Obsolete |
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
SEE ALSO
@@ -169,4 +169,4 @@
The rcp command, including support for the options -p and -r, has been
present since the initial release of Solaris.
-Oracle Solaris 11.4 10 Mar 2023 rcp(1)
+Oracle Solaris 11.4 28 Jun 2023 rcp(1)
diff -NurbBw 11.4.60/man1/rlogin.1 11.4.63/man1/rlogin.1
--- 11.4.60/man1/rlogin.1 2023-11-17 16:41:19.665844909 -0800
+++ 11.4.63/man1/rlogin.1 2023-11-17 16:41:42.890088916 -0800
@@ -141,13 +141,13 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+--------------------------------+
- | Availability |network/legacy-remote-utilities |
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
+ | Availability |network/legacy-remote-bsd-utilities |
+ +------------------------------+------------------------------------+
| Interface Stability |Obsolete |
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
SEE ALSO
@@ -188,4 +188,4 @@
The rlogin command, including support for the options -8, -e, -l, and
-L, has been present since the initial release of Solaris.
-Oracle Solaris 11.4 12 May 2022 rlogin(1)
+Oracle Solaris 11.4 28 Jun 2023 rlogin(1)
diff -NurbBw 11.4.60/man1/rsh.1 11.4.63/man1/rsh.1
--- 11.4.60/man1/rsh.1 2023-11-17 16:41:19.702941478 -0800
+++ 11.4.63/man1/rsh.1 2023-11-17 16:41:42.926315335 -0800
@@ -173,15 +173,15 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+--------------------------------+
- | Availability |network/legacy-remote-utilities |
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
+ | Availability |network/legacy-remote-bsd-utilities |
+ +------------------------------+------------------------------------+
| CSI |Enabled |
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
| Interface Stability |Obsolete |
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
SEE ALSO
@@ -245,4 +245,4 @@
The rsh command, including support for the options -l and -n, has been
present since the initial release of Solaris.
-Oracle Solaris 11.4 12 May 2022 rsh(1)
+Oracle Solaris 11.4 28 Jun 2023 rsh(1)
diff -NurbBw 11.4.60/man1/rup.1 11.4.63/man1/rup.1
--- 11.4.60/man1/rup.1 2023-11-17 16:41:19.734030410 -0800
+++ 11.4.63/man1/rup.1 2023-11-17 16:41:42.961459743 -0800
@@ -45,13 +45,13 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+--------------------------------+
+ +------------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+--------------------------------+
- | Availability |network/legacy-remote-utilities |
- +------------------------------+--------------------------------+
+ +------------------------------+-----------------------------+
+ | Availability |network/legacy-rpc-utilities |
+ +------------------------------+-----------------------------+
| Interface Stability |Committed |
- +------------------------------+--------------------------------+
+ +------------------------------+-----------------------------+
SEE ALSO
@@ -64,4 +64,4 @@
The rup command, including support for the options -h, -l, and -t, has
been present since the initial release of Solaris.
-Oracle Solaris 11.4 12 May 2022 rup(1)
+Oracle Solaris 11.4 28 Jun 2023 rup(1)
diff -NurbBw 11.4.60/man1/ruptime.1 11.4.63/man1/ruptime.1
--- 11.4.60/man1/ruptime.1 2023-11-17 16:41:19.764432267 -0800
+++ 11.4.63/man1/ruptime.1 2023-11-17 16:41:42.997635120 -0800
@@ -50,13 +50,13 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+--------------------------------+
- | Availability |network/legacy-remote-utilities |
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
+ | Availability |network/legacy-remote-bsd-utilities |
+ +------------------------------+------------------------------------+
| Interface Stability |Obsolete |
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
SEE ALSO
@@ -77,4 +77,4 @@
The ruptime command, including support for the options -a, -h, -l, -r,
and -t, has been present since the initial release of Solaris.
-Oracle Solaris 11.4 12 May 2022 ruptime(1)
+Oracle Solaris 11.4 28 Jun 2023 ruptime(1)
diff -NurbBw 11.4.60/man1/rusers.1 11.4.63/man1/rusers.1
--- 11.4.60/man1/rusers.1 2023-11-17 16:41:19.796746355 -0800
+++ 11.4.63/man1/rusers.1 2023-11-17 16:41:43.034607810 -0800
@@ -55,13 +55,13 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+--------------------------------+
+ +------------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+--------------------------------+
- | Availability |network/legacy-remote-utilities |
- +------------------------------+--------------------------------+
+ +------------------------------+-----------------------------+
+ | Availability |network/legacy-rpc-utilities |
+ +------------------------------+-----------------------------+
| Interface Stability |Committed |
- +------------------------------+--------------------------------+
+ +------------------------------+-----------------------------+
SEE ALSO
@@ -71,4 +71,4 @@
The rusers command, including support for the options -a, -h, and -i,
-l, and -u, has been present since the initial release of Solaris.
-Oracle Solaris 11.4 12 May 2022 rusers(1)
+Oracle Solaris 11.4 28 Jun 2023 rusers(1)
diff -NurbBw 11.4.60/man1/rwho.1 11.4.63/man1/rwho.1
--- 11.4.60/man1/rwho.1 2023-11-17 16:41:19.830177191 -0800
+++ 11.4.63/man1/rwho.1 2023-11-17 16:41:43.067523364 -0800
@@ -31,13 +31,13 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+--------------------------------+
- | Availability |network/legacy-remote-utilities |
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
+ | Availability |network/legacy-remote-bsd-utilities |
+ +------------------------------+------------------------------------+
| Interface Stability |Obsolete |
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
SEE ALSO
@@ -66,4 +66,4 @@
The rwho command, including support for the -a option, has been present
since the initial release of Solaris.
-Oracle Solaris 11.4 12 May 2022 rwho(1)
+Oracle Solaris 11.4 28 Jun 2023 rwho(1)
diff -NurbBw 11.4.60/man3c/ucred_get.3c 11.4.63/man3c/ucred_get.3c
--- 11.4.60/man3c/ucred_get.3c 2023-11-17 16:41:19.863650025 -0800
+++ 11.4.63/man3c/ucred_get.3c 2023-11-17 16:41:43.103080526 -0800
@@ -3,8 +3,9 @@
NAME
ucred_get, ucred_free, ucred_geteuid, ucred_getruid, ucred_getsuid,
ucred_getegid, ucred_getrgid, ucred_getsgid, ucred_getgroups,
- ucred_getprivset, ucred_getpid, ucred_getprojid, ucred_getzoneid,
- ucred_getpflags, ucred_getlabel, ucred_size - user credential functions
+ ucred_getprivset, ucred_getpid, ucred_getprinc, ucred_getprojid,
+ ucred_getzoneid, ucred_getpflags, ucred_getlabel, ucred_size - user
+ credential functions
SYNOPSIS
#include <ucred.h>
@@ -95,6 +96,12 @@
ter the original program exited.
+ The ucred_getprinc() returns user's kerberos principal associated with
+ credential. The returned ASCIZZ remains valid until ucred_free() is
+ called on the user credential given as argument. Function returns NULL
+ if there is no kerberos principal associated with credential.
+
+
The ucred_getprojid() function returns the project ID of the process or
-1 if the project ID is not available.
@@ -178,6 +185,11 @@
the specified user credential.
+
+ The ucred_getprinc() returns NULL if there is no kerberos principal as-
+ sociated with credential. Otherwise it returns pointer to ASCIIZ with
+ kerbeos principal.
+
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
@@ -194,4 +206,4 @@
getpflags(2), getppriv(2), door_ucred(3C), getpeerucred(3C),
priv_set(3C), socket.h(3HEAD), attributes(7), labels(7), privileges(7)
-Oracle Solaris 11.4 18 Aug 2014 ucred_get(3C)
+Oracle Solaris 11.4 16 May 2023 ucred_get(3C)
diff -NurbBw 11.4.60/man3ext/v12n.3ext 11.4.63/man3ext/v12n.3ext
--- 11.4.60/man3ext/v12n.3ext 2023-11-17 16:41:19.906160934 -0800
+++ 11.4.63/man3ext/v12n.3ext 2023-11-17 16:41:43.147946102 -0800
@@ -5,8 +5,8 @@
v12n_get_prop_name, v12n_get_parent_env, v12n_list_env_props,
v12n_list_envs, v12n_list_supported_envs, v12n_capabilities, v12n_do-
main_roles, v12n_domain_name, v12n_domain_uuid, v12n_ctrl_domain,
- v12n_chassis_serialno - return virtualization environment domain para-
- meters
+ v12n_chassis_serialno, v12n_get_env_type - return virtualization envi-
+ ronment domain parameters
SYNOPSIS
cc [ flag... ] file... -lv12n [ library... ]
@@ -39,6 +39,16 @@
v12n_env_t *v12n_copy_env(v12n_env_t *environment)
+
+ #include <sys/virt_env.h>
+
+ virt_env_t v12n_get_env_type(void);
+
+
+ #include <sys/virt_env_desc.h>
+
+ static const char *virt_env_str[];
+
DESCRIPTION
v12n_env_t is an opaque type. The supported functions, return values,
and errors are described below:
@@ -89,6 +99,14 @@
v12n_env_t is returned.
+ v12n_get_env_type() Returns an integer which represents the
+ type of the current virtual environment.
+ The integer is a number of the virt_env_t
+ enumeration. The virt_env_desc_t array con-
+ tains name of virtual environment for each
+ constant of the virt_env_t enumeration.
+
+
CLASSES
libv12n knows about the following classes.
@@ -103,16 +121,20 @@
libv12n knows about the following environments. As some are SPARC or
x86 specific, they may not be available on both platforms.
- Type Name Platform
- ------------------------------------------------------------------------
- Unknown unknown Both
- Kernel-based Virtual Machine kvm x86
- Logical Domains logical-domain SPARC
- Non-Global Zone non-global-zone Both
- Kernel Zone kernel-zone Both
- VMware vmware x86
- VirtualBox virtualbox x86
- Xen xen x86
+ Type virt_env_t Name Platform
+ enum constant
+
+ -------------------------------------------------------------------------
+ Unknown VIRT_ENV_UNKNOWN "unknown" Both
+ Bare metal VIRT_ENV_NONE "none" x86
+ Kernel-based VM VIRT_ENV_KVM "kvm" x86
+ Logical Domains VIRT_ENV_LDOM "logical-domain" SPARC
+ Non-Global Zone VIRT_ENV_NGZ "non-global-zone" Both
+ Kernel Zone VIRT_ENV_KZ "kernel-zone" Both
+ VMware VIRT_ENV_VMWARE "vmware" x86
+ VirtualBox VIRT_ENV_VBOX "virtualbox" x86
+ Xen PV VIRT_ENV_XEN_PV "xen" x86
+ Xen HVM VIRT_ENV_XEN_HVM "xen" x86
PROPERTIES
@@ -263,6 +285,12 @@
to hold the full non-terminated string. Otherwise, these functions re-
turn -1 and set errno to indicate the error.
+
+ On successful completion, the v12n_get_env_type() function returns an
+ integer of the virt_env_t enumeration. See the Enviroments section for
+ the list of possible values. Otherwise, the function returns
+ VIRT_ENV_UNKNOWN and sets errno to indicate the error.
+
ERRORS
The v12n_get_current_env() and v12n_get_parent_env() functions fail if:
@@ -428,6 +456,22 @@
within the timeout value.
+
+ The v12n_get_env_type() function will return VIRT_ENV_UNKNOWN if:
+
+ ENOMEM Insufficient memory to complete the operation.
+
+
+ EACCES The calling process has insufficient privilege for accessing
+ device configuration data (x86 only).
+
+
+ ENXIO The devinfo(4D) driver is not installed properly (x86 only).
+
+
+ ENOTSUP Unrecognized or unsupported virtualization environment.
+
+
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
@@ -445,4 +489,4 @@
SEE ALSO
libuuid(3LIB), libv12n(3LIB), attributes(7), virtinfo(8)
-Oracle Solaris 11.4 9 Mar 2022 v12n(3EXT)
+Oracle Solaris 11.4 30 Jun 2023 v12n(3EXT)
diff -NurbBw 11.4.60/man3lib/libv12n.3lib 11.4.63/man3lib/libv12n.3lib
--- 11.4.60/man3lib/libv12n.3lib 2023-11-17 16:41:19.936581834 -0800
+++ 11.4.63/man3lib/libv12n.3lib 2023-11-17 16:41:43.183257032 -0800
@@ -13,21 +13,8 @@
Interfaces
The libv12n.so.1 shared object provides the public interfaces defined
- below. See intro(3) for additional information on shared object inter-
- faces.
-
- v12n_get_current_env v12n_get_env_prop
- v12n_get_prop_name v12n_get_parent_env
- v12n_list_env_props v12n_list_envs
- v12n_list_supported_envs v12n_copy_env
- v12n_free_env v12n_list_unsupported_envs
-
-
- Legacy Interfaces
- v12n_capabilities v12n_chassis_serialno
- v12n_ctrl_domain v12n_domain_name
- v12n_domain_roles v12n_domain_uuid
-
+ in v12n(3EXT). See intro(3) for additional information on shared object
+ interfaces.
FILES
/usr/lib/libv12n.so.1 shared object
@@ -53,6 +40,6 @@
SEE ALSO
- v12n(3EXT), intro(3), attributes(7), virtinfo(8)
+ intro(3), v12n(3EXT), attributes(7), virtinfo(8)
-Oracle Solaris 11.4 15 Dec 2015 libv12n(3LIB)
+Oracle Solaris 11.4 30 Jun 2023 libv12n(3LIB)
diff -NurbBw 11.4.60/man5/ai_manifest.5 11.4.63/man5/ai_manifest.5
--- 11.4.60/man5/ai_manifest.5 2023-11-17 16:41:20.012614698 -0800
+++ 11.4.63/man5/ai_manifest.5 2023-11-17 16:41:43.261657020 -0800
@@ -1533,9 +1533,6 @@
o IPS: IPS package repository
- o P5I: IPS package file
-
-
o SVR4: SVR4 packages
@@ -1552,7 +1549,7 @@
<!-- one or more software elements -->
<software>
<!-- zero or one destination element
- Only used when type is IPS or P5I.
+ Only used when type is IPS.
-->
<destination>
<!-- image properties, optional and
@@ -1562,7 +1559,7 @@
<!-- zero or one source element -->
<source>
<!-- one or more publisher, dir or file elements
- IPS, P5I, and SVR4 types:
+ IPS, and SVR4 types:
one or more publisher/origin elements
CPIO types: one or more dir elements
ARCHIVE types: one file element
@@ -1571,7 +1568,6 @@
<!-- zero or more software_data elements
At least one software_data element must have
an action of install.
- P5I type: zero software_data elements
-->
<software_data>
<!-- one or more name elements
@@ -1833,33 +1829,6 @@
</software_data>
- P5I Installations
- A .p5i file is a file that describes IPS publishers, packages, and pos-
- sibly mirrors.
-
-
- To specify one or more .p5i files to be processed, provide the files as
- origins in the publisher element, as shown in the following example:
-
- <software type="P5I">
- <source>
- <publisher>
- <origin name="/somewhere/image1.p5i"/>
- <origin name="/somewhere/image2.p5i"/>
- </publisher>
- </source>
- </software>
-
-
-
- If this AI manifest does not also have an IPS type software section,
- make sure your .p5i files specify origins.
-
-
- Specification of packages to install is not supported for P5I installa-
- tions. Therefore, software_data elements are not supported in a soft-
- ware element of type P5I.
-
SVR4 Installations
For a SVR4 transfer, a directory containing SVR4 package subdirectories
or a SVR4 package datastream file must be specified using a file direc-
@@ -2065,8 +2034,8 @@
- The destination section only applies to IPS and P5I installation types.
- A destination element can have only one image sub-element.
+ The destination section only applies to IPS installation type. A desti-
+ nation element can have only one image sub-element.
SSL Keys and Certificates
Use attributes of the image element to specify SSL keys and certifi-
@@ -2451,4 +2420,4 @@
When using name_type in a manifest, it is important to use a name that
is unique across all the devices being installed.
-Oracle Solaris 11.4 6 Dec 2019 ai_manifest(5)
+Oracle Solaris 11.4 23 Aug 2023 ai_manifest(5)
diff -NurbBw 11.4.60/man5/audit.log.5 11.4.63/man5/audit.log.5
--- 11.4.60/man5/audit.log.5 2023-11-17 16:41:20.056977496 -0800
+++ 11.4.63/man5/audit.log.5 2023-11-17 16:41:43.300188188 -0800
@@ -447,6 +447,43 @@
+ The subject_principal token consists of:
+
+ token ID 1 byte
+ audit ID 4 bytes
+ effective user ID 4 bytes
+ effective group ID 4 bytes
+ real user ID 4 bytes
+ real group ID 4 bytes
+ process ID 4 bytes
+ session ID 4 bytes
+ terminal ID
+ port ID 4 bytes/8 bytes (32-bit/64-bit value)
+ machine address 4 bytes (IPv4 address)
+ principal length 2 bytes
+ principal princiapal legngth bytes (ASCIIZ)
+
+
+
+ The expanded subject_principal token consists of:
+
+ token ID 1 byte
+ audit ID 4 bytes
+ effective user ID 4 bytes
+ effective group ID 4 bytes
+ real user ID 4 bytes
+ real group ID 4 bytes
+ process ID 4 bytes
+ session ID 4 bytes
+ terminal ID
+ port ID 4 bytes/8 bytes (32-bit/64-bit value)
+ address type/length 4 byte
+ machine address 16 bytes (IPv6 address)
+ principal length 2 bytes
+ principal princiapal legngth bytes (ASCIIZ)
+
+
+
The System V IPC token consists of:
token ID 1 byte
@@ -625,4 +662,4 @@
Managing Auditing in Oracle Solaris 11.4
-Oracle Solaris 11.4 21 Jun 2021 audit.log(5)
+Oracle Solaris 11.4 16 May 2023 audit.log(5)
diff -NurbBw 11.4.60/man5/dhcp_inittab.5 11.4.63/man5/dhcp_inittab.5
--- 11.4.60/man5/dhcp_inittab.5 2023-11-17 16:41:20.105724660 -0800
+++ 11.4.63/man5/dhcp_inittab.5 2023-11-17 16:41:43.344868231 -0800
@@ -177,6 +177,10 @@
Domain An RFC 1035-encoded domain name
+
+ FQDN An RFC 1035-compressed list of fully qualified
+ domain names
+
The data type field describes an indivisible unit of the option
payload, using one of the values listed above.
@@ -300,6 +304,8 @@
AgentOpt 82 Agent circuit ID, OCTET.
FQDN 89 Fully Qualified Domain Name, OCTET.
PXEarch 93 Client system architecture, NUMBER.
+ DNSDomSearch 119 List of FQDN to populate DNS Search,
+ FQDN.
ClasslessRt 121 List of Classless Static Routes,
CLROUTE.
BootFile N/A File to Boot, ASCII.
diff -NurbBw 11.4.60/man5/smb.5 11.4.63/man5/smb.5
--- 11.4.60/man5/smb.5 2023-11-17 16:41:20.149113524 -0800
+++ 11.4.63/man5/smb.5 2023-11-17 16:41:43.388001387 -0800
@@ -455,13 +455,13 @@
See the attributes(7) man page for descriptions of the following at-
tributes:
- +------------------------------+-----------------------------+
+ +------------------------------+------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+-----------------------------+
- | Availability |system/file-system/smb |
- +------------------------------+-----------------------------+
+ +------------------------------+------------------------------+
+ | Availability |system/file-system/smb/common |
+ +------------------------------+------------------------------+
| Interface Stability |Uncommitted |
- +------------------------------+-----------------------------+
+ +------------------------------+------------------------------+
SEE ALSO
@@ -470,4 +470,4 @@
RFC 3007
-Oracle Solaris 11.4 11 May 2021 smb(5)
+Oracle Solaris 11.4 20 July 2023 smb(5)
diff -NurbBw 11.4.60/man5/syslog.conf.5 11.4.63/man5/syslog.conf.5
--- 11.4.60/man5/syslog.conf.5 2023-11-17 16:41:20.187017810 -0800
+++ 11.4.63/man5/syslog.conf.5 2023-11-17 16:41:43.424990947 -0800
@@ -50,6 +50,10 @@
others.
+ authpriv sensitive security/auth messages generated by some subsys-
+ tems.
+
+
lpr The line printer spooling system.
@@ -221,4 +225,4 @@
at(1), crontab(1), logger(1), login(1), m4(1), syslog(3C), hosts(5),
attributes(7), cron(8), getty(8), su(8), syslogd(8)
-Oracle Solaris 11.4 11 Dec 2020 syslog.conf(5)
+Oracle Solaris 11.4 19 Jul 2023 syslog.conf(5)
diff -NurbBw 11.4.60/man7/acl.7 11.4.63/man7/acl.7
--- 11.4.60/man7/acl.7 2023-11-17 16:41:20.226473257 -0800
+++ 11.4.63/man7/acl.7 2023-11-17 16:41:43.468239694 -0800
@@ -52,7 +50,7 @@
Each acl_entry contains one ACL entry. An ACL entry is represented by
two or three colon-separated(:) fields.
- user:[uid]:perms If uid blank, it represents the file owner.
+ user:[uid]:perms If uid is blank, it represents the file owner.
group:[gid]:perms If gid is blank, it represents the owning group.
@@ -68,14 +66,13 @@
For example to give user joe read and write permissions, the ACL entry
is specified as:
-
-
user:joe:rw-
NFSv4 ACLs
- NFSv4 ACL model is based loosely on the Windows NT ACL model. NFSv4
- ACLs provide a much richer ACL model than POSIX-draft ACLs.
+ The NFSv4 ACL model is based loosely on the Windows NT ACL model. The
+ ZFS file system uses the NFSv4 model, and provides richer semantics and
+ finer grained permission capabilities than the POSIX-draft model.
The major differences between NFSv4 and POSIX-draft ACLs are as fol-
@@ -201,8 +198,8 @@
The following inheritance flags are supported by NFSv4:
- file_inherit (f) Inherit to all newly created files in a di-
- rectory.
+ file_inherit (f) Inherit to all newly created files in a direc-
+ tory.
dir_inherit (d) Inherit to all newly created directories in a
@@ -212,17 +209,18 @@
inherit_only (i) Placed on a directory, but does not apply to
the directory itself, only to newly created
created files and directories. This flag re-
- quires file_inherit and or dir_inherit to in-
+ quires file_inherit and/or dir_inherit to in-
dicate what to inherit.
no_propagate (n) Placed on directories and indicates that ACL
entries should only be inherited one level of
- the tree. This flag requires file_inherit and
- or dir_inherit to indicate what to inherit.
+ the tree. This flag requires file_inherit
+ and/or dir_inherit to indicate what to in-
+ herit.
- successful_access (S)) Indicates if an alarm or audit record should
+ successful_access (S) Indicates if an alarm or audit record should
be initiated upon successful accesses. Used
with audit/alarm ACE types.
@@ -318,14 +308,33 @@
The inheritance flags can also be specified in a more compact manner,
as follows:
-
-
user:fred:rwR:f:allow
user:fred:rwR:f------:allow
+ Audit ACE Types
+ Where audit ACE types are supported, processes are required to have the
+ PRIV_FILE_AUDIT privilege in order to view and set audit ACL entries.
+ When retrieving an ACL, audit entries are skipped and not returned to a
+ caller who lacks appropriate privilege.
+
+
+ When an unprivileged process successfully sets a file ACL, existing au-
+ dit ACL entries for the file are preserved, although they are not visi-
+ ble to that process. Attempting to set an ACL which contains audit en-
+ tries will result in an error if the caller lacks appropriate privi-
+ lege.
+
+ ACL size limits
+ Unprivileged processes have a limit of setting a total of MAX_ACL_EN-
+ TRIES combined allow/deny entries in an ACL. Privileged processes may
+ also set up to MAX_ACL_ENTRIES audit entries. Thus a privileged caller
+ will observe a limit of 2 * MAX_ACL_ENTRIES total entries, while un-
+ privileged users will observe a limit of just MAX_ACL_ENTRIES total en-
+ tries.
+
Shell-level Solaris API
The Solaris command interface supports the manipulation of ACLs. The
following Solaris utilities accommodate both ACL models:
@@ -364,10 +373,6 @@
not removed.
- pack When a file is packed, any ACL associated with the original
- file is preserved with the packed file.
-
-
rcp rcp has been enhanced to support copying. A file's ACL is
only preserved when the remote host supports ACLs.
@@ -375,37 +380,15 @@
tar ACLs are preserved when the -p option is specified.
- unpack When a file with an ACL is unpacked, the unpacked file re-
- tains the ACL information.
-
-
Application-level API
The primary interfaces required to access file system ACLs at the pro-
grammatic level are the acl_get() and acl_set() functions. These func-
tions support both POSIX draft ACLs and NFSv4 ACLs.
- Audit ACE Types
- Where audit ACE types are supported, processes are required to have the
- PRIV_FILE_AUDIT privilege in order to view and set audit ACL entries.
-
- When retrieving an ACL, audit entries are skipped and not returned to a
- caller who lacks appropriate privilege.
-
-
- When an unprivileged process successfully sets a file ACL, existing au-
- dit ACL entries for the file are preserved, although they are not visi-
- ble to that process. Attempting to set an ACL which contains audit en-
- tries will result in an error if the caller lacks appropriate privi-
- lege.
-
- ACL size limits
- Unprivileged processes have a limit of setting a total of MAX_ACL_EN-
- TRIES combined allow/deny entries in an ACL. Privileged processes may
- also set up to MAX_ACL_ENTRIES audit entries. Thus a privileged caller
- will observe a limit of 2 * MAX_ACL_ENTRIES total entries, while un-
- privileged users will observe a limit of just MAX_ACL_ENTRIES total en-
- tries.
+ To determine which types of ACL, if any, are supported with a given
+ file, use the pathconf(2) and fpathconf(2) functions with a value of
+ _PC_ACL_ENABLED for their name argument.
Retrieving a file's ACL
int acl_get(const char *path, int flag, acl_t **aclp);
@@ -421,9 +404,7 @@
aclp argument.
Freeing ACL structure
- void acl_free(acl_t *aclp)s;
-
-
+ void acl_free(acl_t *aclp);
@@ -492,12 +473,10 @@
Use the following to retrieve an ACL and set it on another file:
-
-
error = acl_get("file", ACL_NO_TRIVIAL, &aclp);
if (error == 0 && aclp != NULL) {
- error = acl_set("file2", aclp)
+ error = acl_set("file2", aclp);
acl_free(aclp);
}
...
@@ -549,15 +522,23 @@
owner, and group:
-
-
error = acl_strip("file", 10, 100, 0644);
...
SEE ALSO
chgrp(1), chmod(1), chown(1), cp(1), cpio(1), find(1), ls(1), mv(1),
- tar(1), acl(2), chmod(2), stat(2), acl_free(3SEC), acl_fromtext(3SEC),
- acl_get(3SEC), acl_strip(3SEC), acl_trivial(3SEC), aclsort(3SEC)
+ tar(1), acl(2), chmod(2), fpathconf(2), pathconf(2), stat(2),
+ acl_free(3SEC), acl_fromtext(3SEC), acl_get(3SEC), acl_strip(3SEC),
+ acl_trivial(3SEC), aclcheck(3SEC), aclsort(3SEC)
+
+
+ Securing Files and Verifying File Integrity in Oracle Solaris 11.4
+
+HISTORY
+ Support for NFSv4 ACLs was added to Solaris in Solaris 10 3/05.
+
+
+ Support for POSIX-draft ACLs was added to Solaris in Solaris 2.5.
-Oracle Solaris 11.4 15 Apr 2019 acl(7)
+Oracle Solaris 11.4 12 Sep 2023 acl(7)
diff -NurbBw 11.4.60/man7/adi.7 11.4.63/man7/adi.7
--- 11.4.60/man7/adi.7 2023-11-17 16:41:20.263697709 -0800
+++ 11.4.63/man7/adi.7 2023-11-17 16:41:43.505779145 -0800
@@ -185,8 +185,8 @@
page.
- meminfo() Provides the status of ADI for a specified virtual ad-
- dress. For more information, see the meminfo(2) man
+ meminfo() Provides the ADI status of the specified virtual ad-
+ dresses. For more information, see the meminfo(2) man
page.
@@ -194,12 +194,12 @@
the mmap(2) man page.
- pmap() Reports which process mappings have ADI enabled. For
+ pmap Reports which process mappings have ADI enabled. For
more information, see the pmap(1) man page.
- proc() Provides information about the state of a ADI process.
- For more information, see the proc(5) man page.
+ /proc Provides information about the usage of ADI by a
+ process. For more information, see the proc(5) man page.
putmsg() Returns an error value if there is a version mismatch
@@ -212,7 +212,7 @@
information, see the read(2) man page.
- siginfo() Defines signal values for signals raised for ADI excep-
+ siginfo.h Defines signal values for signals raised for ADI excep-
tions. For more information, see the siginfo(3HEAD) man
page.
@@ -242,4 +242,7 @@
adi(2), memcntl(2), meminfo(2), adi(3C), malloc(3C), dax_adi(3DAX), at-
tributes(7), sxadm(8)
-Oracle Solaris 11.4 2 Feb 2019 adi(7)
+HISTORY
+ Support for ADI was introduced in the Oracle Solaris 11.2.8 release.
+
+Oracle Solaris 11.4 12 Sep 2023 adi(7)
diff -NurbBw 11.4.60/man7/audit_syslog.7 11.4.63/man7/audit_syslog.7
--- 11.4.60/man7/audit_syslog.7 2023-11-17 16:41:20.301842256 -0800
+++ 11.4.63/man7/audit_syslog.7 2023-11-17 16:41:43.540775906 -0800
@@ -5,32 +5,32 @@
sages
SYNOPSIS
- /usr/lib/security/audit_syslog.so
+ /usr/lib/security/64/audit_syslog.so
DESCRIPTION
- The audit_syslog plugin module for Solaris audit, /usr/lib/security/au-
- dit_syslog.so, provides realtime conversion of Solaris audit data to
- syslog-formatted (text) data and sends it to a syslog daemon as config-
- ured in the rsyslog.conf. The plugin's path is specified with the au-
- ditconfig(8) utility.
+ The audit_syslog plugin module for Solaris audit, audit_syslog.so, pro-
+ vides realtime conversion of Solaris audit data to syslog-formatted
+ (text) data and sends it to a syslog daemon as configured in the appro-
+ priate syslog configuration file (syslog.conf(5) or rsyslog.conf(5)).
+ The plugin is configured with the auditconfig(8) utility.
Messages to syslog are written if the plugin is configured as active
via auditconfig. Use the auditconfig -setplugin option to change all
the plugin related configuration parameters. Syslog messages are gener-
- ated with the facility code of LOG_AUDIT (audit in rsyslog.conf) and
- severity of LOG_NOTICE. Audit syslog messages contain data selected
- from the tokens described for the binary audit log. (See audit.log(5)).
- As with all syslog messages, each line in a syslog file consists of two
- parts, a syslog header and a message.
+ ated with the facility code of LOG_AUDIT (audit in syslog.conf or rsys-
+ log.conf) and severity of LOG_NOTICE. Audit syslog messages contain
+ data selected from the tokens described for the binary audit log. (See
+ audit.log(5)). As with all syslog messages, each line in a syslog file
+ consists of two parts, a syslog header and a message.
The syslog header contains the date and time the message was generated,
the host name from which it was sent, auditd to indicate that it was
- generated by the audit daemon, an ID field used internally by rsyslogd,
- and audit.notice indicating the syslog facility and severity values.
- The syslog header ends with the characters ], that is, a closing square
- bracket and a space.
+ generated by the audit daemon, an ID field used internally by the sys-
+ log daemon, and audit.notice indicating the syslog facility and sever-
+ ity values. The syslog header ends with the characters "] ", that is, a
+ closing square bracket and a space.
The message part starts with the event type from the header token. All
@@ -57,12 +57,12 @@
by <name> <name> is the audit ID from the subject token.
- as <name>:<group> <name> is the effective user ID and <group> is
- the effective group ID from the subject token.
+ as <name>:<group> <name> is the effective user ID and <group> is the
+ effective group ID from the subject token.
- in <zone name> The zone name. This field is generated only if
- the zonename audit policy is set.
+ in <zone name> The zone name. This field is generated only if the
+ zonename audit policy is set.
from <terminal> <terminal> is the text machine address from the
@@ -70,9 +70,9 @@
obj <path> <path> is the path from the path token The path
- can be truncated from the left if necessary to
- fit it on the line. Truncation is indicated by
- leading ellipsis (...).
+ can be truncated from the left if necessary to fit
+ it on the line. Truncation is indicated by leading
+ ellipsis (...).
proc_uid <owner> <owner> is the effective user ID of the process
@@ -184,13 +184,16 @@
SEE ALSO
audit_class(5), user_attr(5), attributes(7), audit_flags(7), auditcon-
- fig(8), auditd(8), rsyslogd(8)
+ fig(8), auditd(8), rsyslogd(8), syslogd(8)
NOTES
- Activating the audit_syslog plugin requires that /etc/rsyslog.conf is
- configured to store syslog messages of facility audit and severity no-
- tice or above in a file intended for Solaris audit records. An example
- of such a line in rsyslog.conf is:
+ Activating the audit_syslog plugin requires also setting the syslog
+ daemon configuration to process syslog messages of facility audit and
+ severity notice or above, and either store them in a file intended for
+ Solaris audit records, or forward them to another system to do so. The
+ configuration file to modify depends on the syslog daemon in use,
+ /etc/syslog.conf for syslogd(8) or /etc/rsyslog.conf for rsyslogd(8).
+ An example of such a line follows.
audit.notice /var/audit/audit.log
@@ -219,4 +222,7 @@
approximates the time given in the binary audit log. Normally the time
field shows the same whole second or at most a few seconds difference.
-Oracle Solaris 11.4 21 Jun 2021 au...g(7)
+HISTORY
+ The audit_syslog module was introduced in Solaris 10 3/05.
+
+Oracle Solaris 11.4 12 Sep 2023 au...g(7)
diff -NurbBw 11.4.60/man7/brands.7 11.4.63/man7/brands.7
--- 11.4.60/man7/brands.7 2023-11-17 16:41:20.334693531 -0800
+++ 11.4.63/man7/brands.7 2023-11-17 16:41:43.573973112 -0800
@@ -30,12 +30,12 @@
o A brand is an attribute of a zone, set at zone create time.
- o The zonecfg tool (see zonecfg(8)) is used to set a zone's
- brand type and configure the zone.
+ o The zonecfg(8) tool is used to set a zone's brand type and
+ configure the zone.
- o The zoneadm tool (see zoneadm(8)) is used to report a zone's
- brand type and administer the zone.
+ o The zoneadm(8) tool is used to report a zone's brand type
+ and administer the zone.
Brands
@@ -61,7 +61,8 @@
labeled
- Implements Trusted Extensions. See txzonemgr(8).
+ Implements Trusted Extensions, with security labels for each zone.
+ See trusted_extensions(7) and txzonemgr(8).
Device Support
@@ -85,9 +86,8 @@
SEE ALSO
- attributes(7), crgetzoneid(9F), dtrace(8), getzoneid(3C), kill(2),
- mdb(1), priocntl(2), privileges(7), proc(5), solaris(7), solaris-kz(7),
- solaris10(7), sshd(8), txzonemgr(8), ucred_get(3C), zlogin(1),
- zoneadm(8), zonecfg(8), zonename(1), zones(7)
+ zlogin(1), zonename(1), getzoneid(3C), attributes(7), solaris(7), so-
+ laris-kz(7), solaris10(7), trusted_extensions(7), zones(7), tx-
+ zonemgr(8), zoneadm(8), zonecfg(8), crgetzoneid(9F)
-Oracle Solaris 11.4 11 Dec 2020 br...s(7)
+Oracle Solaris 11.4 12 Sep 2023 br...s(7)
diff -NurbBw 11.4.60/man7/cancellation.7 11.4.63/man7/cancellation.7
--- 11.4.60/man7/cancellation.7 2023-11-17 16:41:20.374510363 -0800
+++ 11.4.63/man7/cancellation.7 2023-11-17 16:41:43.612161690 -0800
@@ -237,8 +237,9 @@
POSIX Threads Only
The cancellation functions described in this manual page are available
- for POSIX threads, only (the Solaris threads interfaces do not provide
- cancellation functions).
+ for POSIX threads only, as the Solaris threads interfaces do not pro-
+ vide cancellation functions. See threads(7) for more information about
+ the differences between these thread APIs.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
@@ -251,10 +252,13 @@
SEE ALSO
- read(2), sigwait(2), write(2), pthread_cleanup_pop(3C),
+ read(2), sigwait(2), write(2), Intro(3), pthread_cleanup_pop(3C),
pthread_cleanup_push(3C), pthread_exit(3C), pthread_join(3C),
pthread_setcancelstate(3C), pthread_setcanceltype(3C), pthread_testcan-
- cel(3C), setjmp(3C), intro(3), attributes(7), condition(7), stan-
- dards(7)
+ cel(3C), setjmp(3C), attributes(7), condition(7), standards(7),
+ threads(7)
-Oracle Solaris 11.4 06 Dec 2016 ca...n(7)
+
+ Oracle Solaris 11.4 Multithreaded Programming Guide
+
+Oracle Solaris 11.4 12 Sep 2023 ca...n(7)
diff -NurbBw 11.4.60/man7/crt1.o.7 11.4.63/man7/crt1.o.7
--- 11.4.60/man7/crt1.o.7 2023-11-17 16:41:20.410784537 -0800
+++ 11.4.63/man7/crt1.o.7 2023-11-17 16:41:43.649782987 -0800
@@ -67,10 +67,11 @@
undefined and non-portable behavior. Applications requiring code to
execute at startup have a variety of supported options. The startup
code can be called early in the main() function. Many compilers sup-
- port the #pragma init directive to create init functions that run as
- part of program startup. Alternatively, some languages expose the
- concept of init functions in terms of portable language features,
- such as C++ static constructors.
+ port the #pragma init directive or the __attribute__(__constructor__)
+ specifier to create init functions that run as part of program
+ startup. Alternatively, some languages expose the concept of init
+ functions in terms of portable language features, such as C++ static
+ constructors.
EXAMPLES
@@ -156,4 +157,4 @@
cal. The CRT objects described here are required by all dynamic ob-
jects.
-Oracle Solaris 11.4 12 October 2016 cr...o(7)
+Oracle Solaris 11.4 12 Sep 2023 cr...o(7)
diff -NurbBw 11.4.60/man7/datasets.7 11.4.63/man7/datasets.7
--- 11.4.60/man7/datasets.7 2023-11-17 16:41:20.446693854 -0800
+++ 11.4.63/man7/datasets.7 2023-11-17 16:41:43.685210203 -0800
@@ -20,8 +20,8 @@
rpool is the default name of the top-level dataset in the bootable ZFS
storage pool and is mounted at /rpool. Bootable ZFS storage pools have
certain restrictions over normal ZFS storage pools. These restrictions
- are discussed in the "Oracle Solaris Administration: ZFS File Systems"
- section of the Oracle Solaris 11 Information Library.
+ are discussed in the book Managing ZFS File Systems in Oracle Solaris
+ 11.4.
Administrators can create datasets anywhere beneath the top-level
@@ -31,9 +31,9 @@
ROOT Dataset
This is a container dataset which is not mounted by Solaris during op-
eration. It collects sets of related datasets, each set forming a ZFS
- Boot Environment (BE). A BE is created on installation. Additional BEs
- are created by pkg(1) and can be modified, created, or destroyed by
- beadm.
+ Boot Environment (BE). A initial BE is created on installation. Addi-
+ tional BEs may be created by pkg(1). BEs can be created, modified, or
+ destroyed by beadm(8).
In the global zone, the ROOT dataset must be stored within a bootable
@@ -54,7 +54,7 @@
The name of the leaf component of this dataset corresponds to the
name of the BE that is associated with it. Any datasets created by
the administrator as children of the 'ROOT/<be-name>' dataset will
- be associated with that BE, and will be created, cloned, destroyed
+ be associated with that BE, and will be created, cloned, destroyed,
and have snapshots taken of them as part of the BE by beadm. New
datasets created beneath 'ROOT/<be-name>' should have the zfs prop-
erty 'canmount=noauto' set so that the datasets are mounted by
@@ -76,8 +76,11 @@
the default dump device for the system crash dump facility. This
dataset is shared across all BEs. The crash dump facility can be man-
aged with dumpadm(8) and the dump device can be resized using zfs(8).
- The rpool/dump dataset is not present on non-global zones. Other de-
- vices can be used instead of rpool/dump.
+ The dumpadm command can be used to configure other devices to be used
+ instead of rpool/dump, including a swap device. As the system crash
+ dump is generated from the kernel running in the global zone, the
+ rpool/dump dataset is not present on non-global zones, and dumpadm can-
+ not be used to change dump configuration in a non-global zone.
Swap Dataset
rpool/swap is a ZFS zvol created during installation and is used as the
@@ -117,4 +120,7 @@
brands(7), filesystem(7), pkg(7), solaris(7), beadm(8), dumpadm(8),
swap(8), useradd(8), zfs(8), zoneadm(8), zpool(8)
-Oracle Solaris 11.4 9 May 2018 da...s(7)
+
+ Managing ZFS File Systems in Oracle Solaris 11.4
+
+Oracle Solaris 11.4 12 Sep 2023 da...s(7)
diff -NurbBw 11.4.60/man7/environ.7 11.4.63/man7/environ.7
--- 11.4.60/man7/environ.7 2023-11-17 16:41:20.486312511 -0800
+++ 11.4.63/man7/environ.7 2023-11-17 16:41:43.724815130 -0800
@@ -228,10 +228,14 @@
PATH
- The sequence of directory prefixes that sh(1), time(1), nice(1),
- nohup(1), and other utilities apply in searching for a file known
- by an incomplete path name. The prefixes are separated by colons
- (:). login(1) sets PATH=/usr/bin. For more detail, see sh(1).
+ A colon (:) separated list of directories. The directories speci-
+ fied by PATH are searched, in the order given, by shells and other
+ utilities, to locate executables, when such executables are speci-
+ fied using just their filename, without any slash (/) characters.
+ The initial PATH is set by login(1), and can be modified by the
+ shell, or other programs. It is common for this to be done within
+ shell startup files. For more detail, see the man page for the
+ shell in use and exec(2).
SEV_LEVEL
@@ -245,7 +249,8 @@
The kind of terminal for which output is to be prepared. This in-
formation is used by commands, such as vi(1), which can exploit
- special capabilities of that terminal.
+ special capabilities of that terminal. See the term(7) man page for
+ terminal naming conventions used with this variable.
TZ
@@ -392,10 +397,10 @@
date(3C), getnetpath(3C), gettext(3C), gettxt(3C), localeconv(3C),
mblen(3C), mktime(3C), printf(3C), setlocale(3C), strcoll(3C), strf-
time(3C), strtod(3C), strxfrm(3C), netconfig(5), passwd(5), profile(5),
- locale_alias(7), nlsadm(8), tzreload(8), zic(8)
+ locale_alias(7), term(7), nlsadm(8), tzreload(8), zic(8)
WARNINGS
The use of a null path name or dot (.) in the shell parameter PATH is
strongly discouraged.
-Oracle Solaris 11.4 9 Nov 2021 en...n(7)
+Oracle Solaris 11.4 12 Sep 2023 en...n(7)
diff -NurbBw 11.4.60/man7/extensions.7 11.4.63/man7/extensions.7
--- 11.4.60/man7/extensions.7 2023-11-17 16:41:20.516380815 -0800
+++ 11.4.63/man7/extensions.7 2023-11-17 16:41:43.756749582 -0800
@@ -10,19 +10,19 @@
The localedef extensions description file provides:
- o EUC code set width information via the cswidth keyword:
- cswidth bc1:sw1,bc2:sw2,bc3:sw3where bc1, bc2, and bc3 indi-
- cate the number of bytes (byte count) per character for EUC
- codesets 1, 2, and 3, respectively. sw1, sw2, and sw3 indi-
- cate screen width for EUC codesets 1, 2, and 3, respec-
- tively.
+ o EUC code set width information taken from the cswidth key-
+ word: cswidth bc1:sw1,bc2:sw2,bc3:sw3 where bc1, bc2, and
+ bc3 indicate the number of bytes (byte count) per character
+ for EUC codesets 1, 2, and 3, respectively. sw1, sw2, and
+ sw3 indicate screen width for EUC codesets 1, 2, and 3, re-
+ spectively.
- o Other extensions which will be documented in a future re-
+ o Other extensions which may be documented in a future re-
lease.
SEE ALSO
locale(1), localedef(1), environ(7), locale(7)
-Oracle Solaris 11.4 20 Dec 1996 ex...s(7)
+Oracle Solaris 11.4 12 Sep 2023 ex...s(7)
diff -NurbBw 11.4.60/man7/filesystem.7 11.4.63/man7/filesystem.7
--- 11.4.60/man7/filesystem.7 2023-11-17 16:41:20.555011351 -0800
+++ 11.4.63/man7/filesystem.7 2023-11-17 16:41:43.795261547 -0800
@@ -1,7 +1,7 @@
fi...m(7Standards, Environments, Macros, Character Sets, and miscellafi...m(7)
NAME
- filesystem - file system organization
+ filesystem, hier - file system organization
SYNOPSIS
/
@@ -14,8 +14,10 @@
within a ZFS root pool and specifically, is a ZFS file system with sep-
arate directories of system-related components, such as etc, usr, and
var, that must be available for the system to function correctly. After
- a system is installed, the root of the Solaris file system is mounted,
- which means files and directories are accessible.
+ a system is installed, the root of the Solaris file system is mounted
+ to make the files and directories within accessible. See the
+ datasets(7) manual page for more information on the ZFS datasets cre-
+ ated when a Solaris system is installed.
All subdirectories of the root file system that are part of the Oracle
@@ -298,16 +300,9 @@
Packages may deliver directories to /var/.migrate, which will be
created automatically beneath /var/share during boot. See pkg(7)
- and the IPS Developer's Guide for a description of how to share
- data across boot environments.
-
- By default, the following directories are shared:
-
-
- /var/share/audit
- /var/share/cores
- /var/share/crash
- /var/share/mail
+ and Packaging and Delivering Software With the Image Packaging Sys-
+ tem in Oracle Solaris 11.4 for a description of how to share data
+ across boot environments.
Symlinks are delivered to /var to point to each shared directory.
@@ -367,8 +361,49 @@
SEE ALSO
isainfo(1), svcs(1), uname(1), mount(2), pam_sm_setcred(3PAM),
- ctfs(4FS), devfs(4FS), objfs(4FS), Intro(5), proc(5), pam_unix_auth(7),
- automount(8), automountd(8), boot(8), init(8), kernel(8), mount(8), sv-
- cadm(8), svccfg(8), useradd(8), zfs(8), zpool(8)
+ ctfs(4FS), devfs(4FS), objfs(4FS), Intro(5), proc(5), datasets(7),
+ pam_unix_auth(7), automount(8), automountd(8), boot(8), init(8), ker-
+ nel(8), mount(8), svcadm(8), svccfg(8), useradd(8), zfs(8), zpool(8)
+
+
+ Packaging and Delivering Software With the Image Packaging System in
+ Oracle Solaris 11.4
+
+HISTORY
+ The various members of the filesystem hierarchy first appeared in the
+ listed release of Solaris:
+
+ +--------------------------------------------------+--------------------+
+ | PATH | RELEASE |
+ +--------------------------------------------------+--------------------+
+ | /tmp/volatile-user, /var/share/user |11.4.0 |
+ +--------------------------------------------------+--------------------+
+ | /system/zones |11.2.0 |
+ +--------------------------------------------------+--------------------+
+ | /var/share |11.1.0 |
+ +--------------------------------------------------+--------------------+
+ | /media, /root, /system/volatile, /usr/gnu, |11.0.0 |
+ | /usr/sunos | |
+ +--------------------------------------------------+--------------------+
+ | /var/logadm |10 1/13 (Update 11) |
+ +--------------------------------------------------+--------------------+
+ | /rpool |10 8/08 (Update 6) |
+ +--------------------------------------------------+--------------------+
+ | /system/contract, /system/object |10 3/05 |
+ +--------------------------------------------------+--------------------+
+ | /var/run |8 |
+ +--------------------------------------------------+--------------------+
+ | /boot |7 |
+ +--------------------------------------------------+--------------------+
+ | /platform |2.5 |
+ +--------------------------------------------------+--------------------+
+ | /devices, /etc/dfs/sharetab, /etc/mnttab, |2.0 |
+ | /kernel, /opt, /proc, /usr/sbin | |
+ +--------------------------------------------------+--------------------+
+ | /, /bin, /dev, /etc, /export/home, /home, /lib, |1.0 |
+ | /mnt, /net, /sbin, /tmp, /usr, /usr/bin, | |
+ | /usr/lib, /var, /var/tmp | |
+ +--------------------------------------------------+--------------------+
+
-Oracle Solaris 11.4 19 Jan 2023 fi...m(7)
+Oracle Solaris 11.4 12 Sep 2023 fi...m(7)
diff -NurbBw 11.4.60/man7/fmri.7 11.4.63/man7/fmri.7
--- 11.4.60/man7/fmri.7 2023-11-17 16:41:20.618954669 -0800
+++ 11.4.63/man7/fmri.7 2023-11-17 16:41:43.857057009 -0800
@@ -25,7 +25,7 @@
All FMRIs include an indication of the FMRI scheme adhered to, and the
version of that FMRI scheme in use. Once the scheme and version are
known, the remainder of the FMRI is interpreted as specified in the
- formal definition of that FMRI scheme version. Schemes exists for svc,
+ formal definition of that FMRI scheme version. Schemes exist for svc,
pkg, cpu, hc (hardware component), dev (device), and a number of oth-
ers.
@@ -1417,9 +1292,12 @@
-------------------------------------
publisher string Committed
+
publisher
- The publisher of this package, such as Oracle Solaris.
+ The publisher of this package, such as solaris for Oracle So-
+ laris.
+
pkg-name
@@ -1572,17 +1434,13 @@
cutables, library objects, and core files. This is a logical FMRI
scheme.
-
-
Member Name Data Type Stability
-----------------------------------------------
scheme string Committed, value "sw"
version uint8 Committed, value 0
- object nvlist See belowPrivate
- [site] nvlist See belowPrivate
- [context] nvlist See belowPrivate
-
-
+ object nvlist See below
+ [site] nvlist See below
+ [context] nvlist See below
@@ -1741,9 +1581,8 @@
characters.
-
SCHEME be VERSION 0
- The be scheme is used to identify a boot environments(BE) or a BE snap-
+ The be scheme is used to identify a boot environment (BE) or a BE snap-
shot in the global zone or non-global zone. The be scheme FMRI is a
logical scheme. So, the FMRI is only interpreted by the BE management
software in the Oracle Solaris instance.
@@ -1773,15 +1610,14 @@
-
beadm(8) allows users to abbreviate the string form of this scheme to
the be-name member only for identifying BEs or BE snapshots residing in
the same zpool as the currently running BE. This abbreviation is a con-
vention of beadm(8) and not part of the formal FMRI definition.
SCHEME zbe VERSION 0
- The zbe scheme is used to identify a non-global zone boot environ-
- ments(ZBE) or a ZBE snapshot in the global zone.
+ The zbe scheme is used to identify a non-global zone boot environment
+ (ZBE) or a ZBE snapshot in the global zone.
The zbe scheme FMRI is a logical scheme. So, the FMRI is only inter-
@@ -1813,13 +1647,13 @@
-
SEE ALSO
- beadm(8), hostid(1), pkginfo(1), svcprop(1), svcs(1), libfmevent(3LIB),
- libnvpair(3LIB), contract(5), attributes(7), pkg(7), smf(7), fmd(8),
- fmdump(8), pkgadd(8), pkgrm(8), psradm(8), svcadm(8), svccfg(8)
+ hostid(1), pkginfo(1), svcprop(1), svcs(1), libfmevent(3LIB), libn-
+ vpair(3LIB), contract(5), attributes(7), pkg(7), smf(7), beadm(8),
+ fmd(8), fmdump(8), pkgadd(8), pkgrm(8), psradm(8), svcadm(8), svccfg(8)
- RFC 2396
+ RFC 2396: Uniform Resource Identifiers (URI): Generic Syntax.
+ https://tools.ietf.org/html/rfc2396
-Oracle Solaris 11.4 11 May 2021 fmri(7)
+Oracle Solaris 11.4 12 Sep 2023 fmri(7)
diff -NurbBw 11.4.60/man7/fnmatch.7 11.4.63/man7/fnmatch.7
--- 11.4.60/man7/fnmatch.7 2023-11-17 16:41:20.656130826 -0800
+++ 11.4.63/man7/fnmatch.7 2023-11-17 16:41:43.892785031 -0800
@@ -44,10 +44,10 @@
The description of basic regular expression bracket expressions on the
regex(7) manual page also applies to the pattern bracket expression,
- except that the exclamation-mark character ( ! ) replaces the circum-
- flex character (^) in its role in a non-matching list in the regular
- expression notation. A bracket expression starting with an unquoted
- circumflex character produces unspecified results.
+ except that the exclamation-mark character (!) replaces the circumflex
+ character (^) in its role in a non-matching list in the regular expres-
+ sion notation. A bracket expression starting with an unquoted circum-
+ flex character produces unspecified results.
The restriction on a circumflex in a bracket expression is to allow im-
@@ -158,9 +160,9 @@
Patterns Used for Filename Expansion
The rules described so far in Patterns Matching Multiple Characters
- and Patterns Matching a Single Character are qualified by the fol-
- lowing rules that apply when pattern matching notation is used for
- filename expansion.
+ and Patterns Matching a Single Character are qualified by the following
+ rules that apply when pattern matching notation is used for filename
+ expansion.
1. The slash character in a pathname must be explicitly matched
by using one or more slashes in the pattern; it cannot be
@@ -226,4 +228,4 @@
SEE ALSO
find(1), ksh(1), fnmatch(3C), regex(7)
-Oracle Solaris 11.4 28 Mar 1995 fn...h(7)
+Oracle Solaris 11.4 12 Sep 2023 fn...h(7)
diff -NurbBw 11.4.60/man7/iconv_extra.7 11.4.63/man7/iconv_extra.7
--- 11.4.60/man7/iconv_extra.7 2023-11-17 16:41:20.704994900 -0800
+++ 11.4.63/man7/iconv_extra.7 2023-11-17 16:41:43.942907327 -0800
@@ -401,7 +401,12 @@
FILES
/usr/lib/iconv/*.so
- iconv conversion modules
+ 32-bit iconv conversion modules
+
+
+ /usr/lib/iconv/{amd64,sparcv9}/*.so
+
+ 64-bit iconv conversion modules
/usr/lib/iconv/*.bt
@@ -448,4 +452,4 @@
Spinellis, D., Greek Character Encoding for Electronic Mail Messages,
RFC 1947, SENA S.A., May 1996.
-Oracle Solaris 11.4 4 Nov 2014 ic...a(7)
+Oracle Solaris 11.4 12 Sep 2023 ic...a(7)
diff -NurbBw 11.4.60/man7/ieee802.11.7 11.4.63/man7/ieee802.11.7
--- 11.4.60/man7/ieee802.11.7 2023-11-17 16:41:20.739163672 -0800
+++ 11.4.63/man7/ieee802.11.7 1969-12-31 16:00:00.000000000 -0800
@@ -1,63 +0,0 @@
-ie...1(7Standards, Environments, Macros, Character Sets, and miscellaie...1(7)
-
-NAME
- ieee802.11 - 802.11 kernel statistics
-
-DESCRIPTION
- This page describes the kernel statistics that can be used to monitor
- attributes specific to the 802.11 physical layer. These statistics can
- be retrieved using kstat(8). Not all 802.11 devices will support all
- statistics.
-
- tx_frags Count of data and management fragments transmitted.
-
-
- rx_frags Count of data and management fragments received.
-
-
- rx_dups Count of duplicate frames received. Duplicates are de-
- termined by the sequence control field.
-
-
- mcast_tx Count of broadcast and multicast frames transmitted.
-
-
- mcast_rx Count of broadcast and multicast frames received.
-
-
- tx_failed Count of frames that could not be transmitted due to
- the retransmission limit being reached.
-
-
- tx_retrans Count of frames successfully retransmitted after one or
- more retransmissions.
-
-
- tx_reretrans Count of frames successfully retransmitted after more
- than one retransmission.
-
-
- rts_success Count of times a CTS was received in response to an
- RTS.
-
-
- rts_failure Count of times a CTS was not received in response to
- an RTS.
-
-
- ack_failure Count of times an ACK was expected but was not re-
- ceived.
-
-
- fcs_errors Count of frames received with FCS errors.
-
-
- wep_errors Count of frames received with the WEP bit set but that
- either should not have been encrypted or that were dis-
- carded due to WEP not being supported.
-
-
-SEE ALSO
- kstat(8)
-
-Oracle Solaris 11.4 28 Nov 2006 ie...1(7)
diff -NurbBw 11.4.60/man7/Intro.7 11.4.63/man7/Intro.7
--- 11.4.60/man7/Intro.7 2023-11-17 16:41:20.771126005 -0800
+++ 11.4.63/man7/Intro.7 2023-11-17 16:41:43.976873606 -0800
@@ -4,28 +4,97 @@
Intro, intro - introduction to miscellany
DESCRIPTION
- Among the topics presented in this section are:
+ Among the topics presented for Oracle Solaris 11.4 in this section are:
- Standards The POSIX (IEEE) Standards and the X/Open Specifica-
- tions are described on the standards page.
+ Features and Frameworks
+ Introductions and overviews are provided for various features and
+ frameworks, including Solaris Analytics and web user interface (an-
+ alytics(7) and webui(7)), Application Data Integrity (adi(7)), Re-
+ source Controls (resource-controls(7)), Resource Management (re-
+ source-management(7)), the Service Management Facility (smf(7)),
+ the Statistics Store (sstore(7)), and Zones (zones(7) and
+ brands(7)).
- Environments The user environment (environ), the subset of the user
- environment that depends on language and cultural con-
- ventions (locale), the large file compilation environ-
- ment (lfcompile), and the transitional compilation en-
- vironment (lfcompile64) are described.
+ Data Storage Layout
- Macros The macros to format Reference Manual pages (man and
- mansun) as well as other text format macros (me, mm,
- and ms) are described.
+ The ZFS datasets (datasets(7)) and key parts of the filesystem hi-
+ erarchy (filesystem(7)) that are created by Oracle Solaris operat-
+ ing system installation are presented. The contents of Oracle So-
+ laris Unified Archives are documented on the uar(7) man page. The
+ fsattr(7) and sysattr(7) man pages describe the extended system at-
+ tributes that may be associated with files in the filesystem.
- Characters Tables of character sets (ascii, charmap, eqnchar, and
- iconv), file format notation (formats), file name pat-
- tern matching (fnmatch), and regular expressions (regex
- and regexp) are presented.
+ Security Mechanisms
+
+ Access control lists for files and directories (acl(7)), firewall
+ configuration for network connections (firewall(7)), information
+ classification labels for mandatory access controls (labels(7) and
+ clearance(7)), process privileges (privileges(7)), and role based
+ access controls (rbac(7)), among others, are described. Man pages
+ with information about each loadable module and its configuration
+ are also provided for the Solaris audit log, pluggable crypt(), and
+ Pluggable Authentication Module (PAM) frameworks.
+
+
+ Standards
+
+ The POSIX (IEEE) Standards and the Single Unix Specification from
+ The Open Group are described on the standards(7) page.
+
+
+ Environments
+
+ The user environment (environ(7)), the subset of the user environ-
+ ment that depends on language and cultural conventions (locale(7)),
+ the large file compilation environment (lfcompile(7)), and the
+ transitional compilation environment (lfcompile64(7)) are de-
+ scribed.
+
+
+ Schemas
+
+ Schemas describing the formats of Fault Management Resource Identi-
+ fiers (fmri(7)), Remote Administration Daemon (RAD) URIs (rad-
+ uri(7)), Statistics Store Identifiers (ssid(7)), and storage URIs
+ (suri(7)) are documented.
+
+
+ Name Service Repositories
+
+ Information about how Solaris obtains user information from LDAP
+ (ldap(7)), Active Directory (ad(7)), and NIS (nis(7)) is presented.
+
+
+ Transition Guides
+
+ Guidance is provided for what commands replace the obsolete ifcon-
+ fig and luxadm commands on the ifconfig(7) and luxadm(7) man pages.
+
+
+ Parallel Programming Constructs
+
+ The concepts and overviews of related APIs are presented for
+ threads (threads(7)), cancellation points (cancellation(7)), condi-
+ tion variables (condition(7)), and mutual exclusion locks (mu-
+ tex(7)).
+
+
+ Text Processing Macros
+
+ The troff and nroff macros to format Reference Manual pages
+ (man(7)), as well as other text format macros (me(7), mm(7), and
+ ms(7)) are described.
+
+
+ Characters
+
+ Information about character sets and mappings (ascii(7),
+ charmap(7), eucJP(7), and iconv_unicode(7)), file format notation
+ (formats(7)), file name pattern matching (fnmatch(7)), and regular
+ expressions (regex(7) and regexp(7)) are presented.
ACKNOWLEDGMENTS
@@ -58,4 +127,4 @@
This notice shall appear on any product containing this material.
-Oracle Solaris 11.4 31 Jan 2018 In...o(7)
+Oracle Solaris 11.4 12 Sep 2023 In...o(7)
diff -NurbBw 11.4.60/man7/lfcompile.7 11.4.63/man7/lfcompile.7
--- 11.4.60/man7/lfcompile.7 2023-11-17 16:41:20.809020393 -0800
+++ 11.4.63/man7/lfcompile.7 2023-11-17 16:41:44.014676089 -0800
@@ -84,8 +84,8 @@
command within parentheses preceded by a dollar sign can be executed
only in a POSIX-conforming shell such as the Korn Shell (see ksh(1)).
In a shell that is not POSIX-conforming, such as the Bourne Shell (see
- sh(1)) and the C Shell (see csh(1)), the getconf calls must be enclosed
- within grave accent marks, as shown in the second example.
+ sh(1s)) and the C Shell (see csh(1)), the getconf calls must be en-
+ closed within grave accent marks, as shown in the second example.
Example 1 Compile a program with a "large" off_t that uses fseeko(),
ftello(), and yacc.
@@ -96,7 +96,7 @@
fseeko(), ftello(), and yacc(1).
- $ c89 -D_LARGEFILE_SOURCE \
+ $ cc -D_LARGEFILE_SOURCE \
-D_FILE_OFFSET_BITS=64 -o foo \
$(getconf LFS_CFLAGS) y.tab.c b.o \
$(getconf LFS_LDFLAGS) \
@@ -107,17 +107,17 @@
fseeko() and ftello() and has no application specific libraries.
- % c89 -D_FILE_OFFSET_BITS=64 \
+ % cc -D_FILE_OFFSET_BITS=64 \
`getconf LFS_CFLAGS` a.c \
`getconf LFS_LDFLAGS` \
- `getconf LFS_LIBS` \
+ `getconf LFS_LIBS`
Example 3 Compile a program with a "default" off_t that uses fseeko()
and ftello().
- $ c89 -D_LARGEFILE_SOURCE a.c
+ $ cc -D_LARGEFILE_SOURCE a.c
SEE ALSO
@@ -172,4 +172,8 @@
exist for printing or scanning variables of the types that are rede-
fined in the large file compilation environment.
-Oracle Solaris 11.4 24 Aug 2009 lf...e(7)
+HISTORY
+ Support for large files and the large file compilation environment was
+ added to Solaris in Solaris 2.6.
+
+Oracle Solaris 11.4 12 Sep 2023 lf...e(7)
diff -NurbBw 11.4.60/man7/lfcompile64.7 11.4.63/man7/lfcompile64.7
--- 11.4.60/man7/lfcompile64.7 2023-11-17 16:41:20.845608247 -0800
+++ 11.4.63/man7/lfcompile64.7 2023-11-17 16:41:44.049604380 -0800
@@ -82,14 +82,14 @@
command within parentheses preceded by a dollar sign can be executed
only in a POSIX-conforming shell such as the Korn Shell (see ksh(1)).
In a shell that is not POSIX-conforming, such as the Bourne Shell (see
- sh(1)) and the C Shell (see csh(1)), the command must be enclosed
+ sh(1s)) and the C Shell (see csh(1)), the command must be enclosed
within grave accent marks.
Example 1 An example of compiling a program using transitional inter-
faces such as lseek64() and fopen64():
- $ c89 -D_LARGEFILE64_SOURCE \
+ $ cc -D_LARGEFILE64_SOURCE \
$(getconf LFS64_CFLAGS) a.c \
$(getconf LFS64_LDFLAGS) \
$(getconf LFS64_LIBS)
@@ -105,6 +105,10 @@
SEE ALSO
- getconf(1), lseek(2), fopen(3C), standards(7), lf64(7)
+ getconf(1), lseek(2), fopen(3C), standards(7), lf64(7), lfcompile(7)
-Oracle Solaris 11.4 27 Jun 2012 lf...4(7)
+HISTORY
+ Support for large files and the transitional compilation environment
+ was added to Solaris in Solaris 2.6.
+
+Oracle Solaris 11.4 12 Sep 2023 lf...4(7)
diff -NurbBw 11.4.60/man7/luxadm.7 11.4.63/man7/luxadm.7
--- 11.4.60/man7/luxadm.7 1969-12-31 16:00:00.000000000 -0800
+++ 11.4.63/man7/luxadm.7 2023-11-17 16:41:44.084386025 -0800
@@ -0,0 +1,93 @@
+lu...m(7Standards, Environments, Macros, Character Sets, and miscellalu...m(7)
+
+NAME
+ luxadm - mapping of luxadm sub-commands to fcinfo, fcadm, mpathadm and
+ cfgadm utilities
+
+DESCRIPTION
+ luxadm has been marked as obsolete in Solaris version 11.4
+
+
+ The luxadm(8) command has largely been replaced by fcinfo(8), fcadm(8),
+ mpathadm(8), cfgadm(8) and a few other commands.
+
+
+ To aid in the transition from luxadm to the new commands, the following
+ table provides translations from luxadm options and sub-commands to the
+ appropriate fcinfo, fcadm mpathadm and cfgadm sub-commands.
+
+ Note -
+
+
+
+ The syntax given in the table is not complete. Full syntax of alter-
+ nate commands can be found in their corresponding man pages.
+
+
+
+ +==================+=====================+=============================+
+ | luxadm | Description | Alternate command(s) |
+ +==================+=====================+=============================+
+ | luxadm display | Displays device | fcinfo lu -v [path] |
+ | [path] | specific data. | mpathadm show lu [path] |
+ +------------------+---------------------+-----------------------------+
+ | luxadm failover | Specify primary or | mpathadm failover |
+ | | secondary controller| |
+ | | to access a given | |
+ | | logical volume. | |
+ +------------------+---------------------+-----------------------------+
+ | luxadm inquiry | Display the inquiry | sg_inq |
+ | | info for the device | format -e # then select scsi|
+ | | specified by | /inquiry |
+ | | enclosure / pathname| |
+ +------------------+---------------------+-----------------------------+
+ | luxadm probe | Display the detailed| fcinfo lu |
+ | | lun information. | mpathadm list lu |
+ +------------------+---------------------+-----------------------------+
+ | luxadm | Set the boot-device | eeprom boot-device |
+ | set_boot_dev | variable in the | |
+ | | system PROM. | |
+ +------------------+---------------------+-----------------------------+
+ | luxadm start | Spin up the | sg_start --start |
+ | | specified disk(s). | |
+ +------------------+---------------------+-----------------------------+
+ | luxadm stop | Spin down the | sg_start --stop --immed |
+ | | specified disk(s). | |
+ +------------------+---------------------+-----------------------------+
+ | luxadm -e | Device map dump. | fcinfo remote-port |
+ | dump_map | | |
+ +------------------+---------------------+-----------------------------+
+ | luxadm -e | Force the link to | fcadm force-lip |
+ | forcelip | reinitialize. | |
+ +------------------+---------------------+-----------------------------+
+ | luxadm -e offline| Take the specified | mpathadm disable [path] |
+ | [path] | device offline | |
+ +------------------+---------------------+-----------------------------+
+ | luxadm -e online | Put the specified | mpathadm enable [path] |
+ | [path] | device online | |
+ +------------------+---------------------+-----------------------------+
+ | luxadm -e port | Display all FC ports| fcinfo hba-port |
+ | | and state info on a | cfgadm -v | grep fp |
+ | | host. | ls -l /dev/fc |
+ +------------------+---------------------+-----------------------------+
+ | luxadm -e rdls | Read and display the| fcinfo remote-port -sl -p |
+ | | link error status | [wwn] |
+ | | for all available | |
+ | | devices | |
+ +------------------+---------------------+-----------------------------+
+
+
+
+ Note -
+
+
+
+ Some of the luxadm sub-commands which are specific to SENA and Sun
+ Fire 880 are not included in the above mapping table as they are ob-
+ solete.
+
+
+SEE ALSO
+ fcinfo(8), luxadm(8), fcadm(8), mpathadm(8), cfgadm(8)
+
+Oracle Solaris 11.4 30 June 2023 lu...m(7)
diff -NurbBw 11.4.60/man7/nfssec.7 11.4.63/man7/nfssec.7
--- 11.4.60/man7/nfssec.7 2023-11-17 16:41:20.880751153 -0800
+++ 11.4.63/man7/nfssec.7 2023-11-17 16:41:44.121064428 -0800
@@ -15,20 +15,24 @@
The sec=mode option on the share_nfs(8) command line establishes the
security mode of NFS servers. If the NFS connection uses the NFS Ver-
- sion 3 protocol, the NFS clients must query the server for the appro-
- priate mode to use. If the NFS connection uses the NFS Version 2 proto-
- col, then the NFS client uses the default security mode, which is cur-
- rently sys. NFS clients may force the use of a specific security mode
- by specifying the sec=mode option on the command line. However, if the
- file system on the server is not shared with that security mode, the
- client may be denied access.
-
-
- If the NFS client wants to authenticate the NFS server using a particu-
- lar (stronger) security mode, the client wants to specify the security
- mode to be used, even if the connection uses the NFS Version 3 proto-
- col. This guarantees that an attacker masquerading as the server does
- not compromise the client.
+ sion 2 protocol, then the NFS client uses the default security mode,
+ which is currently sys. NFS clients may force the use of a specific se-
+ curity mode by specifying the sec=mode option on the command line. How-
+ ever, if the file system on the server is not shared with that security
+ mode, the client may be denied access.
+
+
+ If the NFS connection uses the NFS Version 3 or NFS Version 4 protocol,
+ the server can tell the client what security modes are allowed, letting
+ the client choose a security mode from the list. This choice can be
+ overridden at mount time with the sec=mode option (though as with
+ NFSv2, if the file system is not shared with the requested security
+ mode, the client may be denied access). See mount_nfs(8) for details.
+
+
+ Specifying a stronger security mode in the mount options on the client,
+ such as krb5i, helps prevent an attacker from masquerading as the
+ server.
The NFS security modes are described below. Of these, the krb5, krb5i,
@@ -81,7 +85,7 @@
sec=mode[:mode]... Sharing uses one or more of the specified se-
curity modes. The mode in the sec=mode option
- must be a node name supported on the client.
+ must be a mode name supported on the client.
If the sec= option is not specified, the de-
fault security mode used is AUTH_SYS. Multi-
ple sec= options can be specified on the com-
@@ -92,8 +96,8 @@
to any subsequent root= options that are pro-
vided before another sec=option. Each addi-
tional sec= resets the security mode context,
- so that more rw, ro, rw=, ro= and root=
- options can be supplied for additional modes.
+ so that more rw, ro, rw=, ro=, and root= op-
+ tions can be supplied for additional modes.
@@ -194,10 +182,11 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------------------------------------+
- | ATTRIBUTE TYPE ATTRIBUTE VALUE |
- | Availability system/file-system/nfs |
- +------------------------------------------------------------+
+ +------------------------------+-----------------------------+
+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+ +------------------------------+-----------------------------+
+ | Availability |system/file-system/nfs |
+ +------------------------------+-----------------------------+
SEE ALSO
@@ -205,10 +194,11 @@
mount(8), kclient(8), mount_nfs(8), share_nfs(8)
- RFC 2695: Authentication Mechanisms for ONC RPC
+ RFC 2695: Authentication Mechanisms for ONC RPC.
+ https://tools.ietf.org/html/rfc2695
NOTES
/etc/nfssec.conf lists the NFS security services. Do not edit this
file. It is not intended to be user-configurable. See kclient(8).
-Oracle Solaris 11.4 04 May 2016 nf...c(7)
+Oracle Solaris 11.4 12 Sep 2023 nf...c(7)
diff -NurbBw 11.4.60/man7/pam_authtok_check.7 11.4.63/man7/pam_authtok_check.7
--- 11.4.60/man7/pam_authtok_check.7 2023-11-17 16:41:20.915131456 -0800
+++ 11.4.63/man7/pam_authtok_check.7 2023-11-17 16:41:44.157725428 -0800
@@ -8,15 +8,15 @@
DESCRIPTION
pam_authtok_check provides functionality to the Password Management
- stack. The implementation of pam_sm_chauthtok() performs a number of
- checks on the construction of the newly entered password. pam_sm_chau-
- thtok() is invoked twice by the PAM framework, once with flags set to
- PAM_PRELIM_CHECK, and once with flags set to PAM_UPDATE_AUTHTOK. This
- module only performs its checks during the first invocation. This mod-
- ule expects the current authentication token in the PAM_OLDAUTHTOK
- item, the new (to be checked) password in the PAM_AUTHTOK item, and the
- login name in the PAM_USER item. The checks performed by this module
- are:
+ stack. The implementation of pam_sm_chauthtok(3PAM) performs a number
+ of checks on the construction of the newly entered password.
+ pam_sm_chauthtok() is invoked twice by the PAM framework, once with
+ flags set to PAM_PRELIM_CHECK, and a second time with flags set to
+ PAM_UPDATE_AUTHTOK. This module only performs its checks during the
+ first invocation. This module expects the current authentication token
+ in the PAM_OLDAUTHTOK item, the new (to be checked) password in the
+ PAM_AUTHTOK item, and the login name in the PAM_USER item. The checks
+ performed by this module are:
length The password length should not be less than the
minimum specified in /etc/default/passwd.
@@ -118,9 +118,10 @@
SEE ALSO
passwd(1), syslog(3C), libpam(3LIB), pam(3PAM), pam_chauthtok(3PAM),
- pam.conf(5), passwd(5), shadow(5), attributes(7), pam_authtok_get(7),
- pam_authtok_store(7), pam_dhkeys(7), pam_passwd_auth(7), pam_unix_ac-
- count(7), pam_unix_auth(7), pam_unix_session(7), mkpwdict(8)
+ pam_sm_chauthtok(3PAM), pam.conf(5), passwd(5), shadow(5), attrib-
+ utes(7), pam_authtok_get(7), pam_authtok_store(7), pam_dhkeys(7),
+ pam_passwd_auth(7), pam_unix_account(7), pam_unix_auth(7),
+ pam_unix_session(7), mkpwdict(8)
HISTORY
Support for the force_check option was added in Oracle Solaris 10 8/11
@@ -139,4 +140,4 @@
See the History section of the passwd(1) man page for the history of
the /etc/default/passwd configuration settings.
-Oracle Solaris 11.4 15 Mar 2023 pa...k(7)
+Oracle Solaris 11.4 12 Sep 2023 pa...k(7)
diff -NurbBw 11.4.60/man7/pam_authtok_get.7 11.4.63/man7/pam_authtok_get.7
--- 11.4.60/man7/pam_authtok_get.7 2023-11-17 16:41:20.948292353 -0800
+++ 11.4.63/man7/pam_authtok_get.7 2023-11-17 16:41:44.191655011 -0800
@@ -8,9 +8,9 @@
DESCRIPTION
The pam_authtok_get service module provides password prompting func-
- tionality to the PAM stack. It implements pam_sm_authenticate() and
- pam_sm_chauthtok(), providing functionality to both the Authentication
- stack and the Password Management stack.
+ tionality to the PAM stack. It implements pam_sm_authenticate(3PAM) and
+ pam_sm_chauthtok(3PAM), providing functionality to both the Authentica-
+ tion stack and the Password Management stack.
Authentication Service
The implementation of pam_sm_authenticate(3PAM) prompts for the user
@@ -79,14 +79,15 @@
SEE ALSO
- syslog(3C), libpam(3LIB), pam(3PAM), pam_authenticate(3PAM),
- pam.conf(5), attributes(7), pam_authtok_check(7), pam_authtok_store(7),
- pam_dhkeys(7), pam_passwd_auth(7), pam_unix_account(7),
- pam_unix_auth(7), pam_unix_session(7)
+ syslog(3C), libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_sm_au-
+ thenticate(3PAM), pam_sm_chauthtok(3PAM), pam.conf(5), attributes(7),
+ pam_authtok_check(7), pam_authtok_store(7), pam_dhkeys(7),
+ pam_passwd_auth(7), pam_unix_account(7), pam_unix_auth(7),
+ pam_unix_session(7)
HISTORY
The pam_authtok_get module was introduced in Solaris 9, and later back-
ported to patches for Solaris 8. This included support for the debug
option. Prior to that, this work was performed in the pam_unix module.
-Oracle Solaris 11.4 15 Mar 2023 pa...t(7)
+Oracle Solaris 11.4 12 Sep 2023 pa...t(7)
diff -NurbBw 11.4.60/man7/pam_dhkeys.7 11.4.63/man7/pam_dhkeys.7
--- 11.4.60/man7/pam_dhkeys.7 2023-11-17 16:41:20.981792913 -0800
+++ 11.4.63/man7/pam_dhkeys.7 2023-11-17 16:41:44.226737060 -0800
@@ -25,16 +25,16 @@
Authentication Services
- If the user has Diffie-Hellman keys, pam_sm_authenticate() establishes
- secret keys for the user specified by the PAM_USER (equivalent to run-
- ning keylogin(1)), using the authentication token found in the PAM_AU-
- THTOK item. If pam_sm_setcred() is called with PAM_ESTABLISH_CRED and
- the user's secure RPC credentials need to be established, these creden-
- tials are set. This is equivalent to running keylogin(1).
+ If the user has Diffie-Hellman keys, pam_sm_authenticate(3PAM) estab-
+ lishes secret keys for the user specified by the PAM_USER (equivalent
+ to running keylogin(1)), using the authentication token found in the
+ PAM_AUTHTOK item. If pam_sm_setcred(3PAM) is called with PAM_ESTAB-
+ LISH_CRED and the user's secure RPC credentials need to be established,
+ these credentials are set. This is equivalent to running keylogin(1).
If the credentials could not be set and PAM_SILENT is not specified, a
- diagnostic message is displayed. If pam_setcred() is called with
+ diagnostic message is displayed. If pam_sm_setcred(3PAM) is called with
PAM_DELETE_CRED, the user's secure RPC credentials are unset. This is
equivalent to running keylogout(1).
@@ -43,7 +43,7 @@
PAM_IGNORE.
Authentication Token Management
- The pam_sm_chauthtok() implementation checks whether the old login
+ The pam_sm_chauthtok(3PAM) implementation checks whether the old login
password decrypts the users secret keys. If it doesn't this module
prompts the user for an old Secure RPC password and stores it in a pam
data item called SUNW_OLDRPCPASS. This data item can be used by the
@@ -101,10 +101,11 @@
SEE ALSO
keylogin(1), keylogout(1), syslog(3C), libpam(3LIB), pam(3PAM), pam_au-
thenticate(3PAM), pam_chauthtok(3PAM), pam_get_data(3PAM),
- pam_get_item(3PAM), pam_set_data(3PAM), pam_setcred(3PAM), pam.conf(5),
- attributes(7), pam_authtok_check(7), pam_authtok_get(7), pam_auth-
- tok_store(7), pam_passwd_auth(7), pam_gss_s4u(7), pam_unix_account(7),
- pam_unix_auth(7), pam_unix_session(7)
+ pam_get_item(3PAM), pam_set_data(3PAM), pam_setcred(3PAM), pam_sm_au-
+ thenticate(3PAM), pam_sm_chauthtok(3PAM), pam_sm_setcred(3PAM),
+ pam.conf(5), attributes(7), pam_authtok_check(7), pam_authtok_get(7),
+ pam_authtok_store(7), pam_passwd_auth(7), pam_gss_s4u(7), pam_unix_ac-
+ count(7), pam_unix_auth(7), pam_unix_session(7)
NOTES
The AUTH_DES authentication method used by pam_dhkeys is obsolete and
@@ -125,4 +126,4 @@
to patches for Solaris 8. This included support for the debug and
nowarn options.
-Oracle Solaris 11.4 15 Mar 2023 pa...s(7)
+Oracle Solaris 11.4 12 Sep 2023 pa...s(7)
diff -NurbBw 11.4.60/man7/pam_krb5.7 11.4.63/man7/pam_krb5.7
--- 11.4.60/man7/pam_krb5.7 2023-11-17 16:41:21.029086513 -0800
+++ 11.4.63/man7/pam_krb5.7 2023-11-17 16:41:44.278028235 -0800
@@ -16,8 +16,8 @@
Kerberos Authentication Module
The Kerberos V5 authentication component provides functions to verify
- the identity of a user, pam_sm_authenticate(), and to manage the Ker-
- beros credentials cache, pam_sm_setcred().
+ the identity of a user, pam_sm_authenticate(3PAM), and to manage the
+ Kerberos credentials cache, pam_sm_setcred(3PAM).
pam_sm_authenticate() authenticates a user principal through the Ker-
@@ -203,7 +203,7 @@
Kerberos V5 Session Management Module
The Kerberos V5 session management component provides pam_sm_open_ses-
sion() to initiate, and pam_sm_close_session() to terminate Kerberos
- sessions. For Kerberos V5, both pam_sm_open_session and
+ sessions. For Kerberos V5, both pam_sm_open_session() and
pam_sm_close_session() are null functions, returning PAM_IGNORE.
Kerberos V5 Password Management Module
@@ -805,4 +805,4 @@
HISTORY
The pam_krb5 module was introduced in Solaris 8.
-Oracle Solaris 11.4 15 Mar 2023 pa...5(7)
+Oracle Solaris 11.4 12 Sep 2023 pa...5(7)
diff -NurbBw 11.4.60/man7/pam_list.7 11.4.63/man7/pam_list.7
--- 11.4.60/man7/pam_list.7 2023-11-17 16:41:21.065926607 -0800
+++ 11.4.63/man7/pam_list.7 2023-11-17 16:41:44.316807116 -0800
@@ -229,4 +229,4 @@
cluding support for the allow, deny, user, nouser, host, nohost, and
user_host_exact options.
-Oracle Solaris 11.4 15 Mar 2023 pa...t(7)
+Oracle Solaris 11.4 12 Sep 2023 pa...t(7)
diff -NurbBw 11.4.60/man7/pam_rhosts_auth.7 11.4.63/man7/pam_rhosts_auth.7
--- 11.4.60/man7/pam_rhosts_auth.7 2023-11-17 16:41:21.098184336 -0800
+++ 11.4.63/man7/pam_rhosts_auth.7 2023-11-17 16:41:44.351320885 -0800
@@ -7,11 +7,11 @@
pam_rhosts_auth.so.1 [debug]
DESCRIPTION
- The rhosts PAM module, /usr/lib/security/pam_rhosts_auth.so.1, authen-
- ticates a user via the rlogin authentication protocol. Only pam_sm_au-
- thenticate() is implemented within this module. pam_sm_authenticate()
- uses the ruserok(3C) library function to authenticate the rlogin or rsh
- user. pam_sm_setcred() always returns PAM_IGNORE.
+ The rhosts PAM module, pam_rhosts_auth.so.1, authenticates a user via
+ the rlogin authentication protocol. Only pam_sm_authenticate(3PAM) is
+ implemented within this module. pam_sm_authenticate() uses the
+ ruserok(3C) library function to authenticate the rlogin or rsh user.
+ pam_sm_setcred(3PAM) always returns PAM_IGNORE.
The pam_rhosts_auth.so.1 module is designed to be stacked on top of the
@@ -37,10 +37,11 @@
SEE ALSO
ruserok(3C), syslog(3C), libpam(3LIB), pam(3PAM), pam_authenti-
- cate(3PAM), pam.conf(5), attributes(7), pam_unix_auth(7)
+ cate(3PAM), pam_sm_authenticate(3PAM), pam_sm_setcred(3PAM),
+ pam.conf(5), attributes(7), pam_unix_auth(7)
HISTORY
The pam_rhosts_auth module was introduced in Solaris 2.6. This included
support for the debug option.
-Oracle Solaris 11.4 15 Mar 2023 pa...h(7)
+Oracle Solaris 11.4 12 Sep 2023 pa...h(7)
diff -NurbBw 11.4.60/man7/pam_tsol_account.7 11.4.63/man7/pam_tsol_account.7
--- 11.4.60/man7/pam_tsol_account.7 2023-11-17 16:41:21.132060129 -0800
+++ 11.4.63/man7/pam_tsol_account.7 2023-11-17 16:41:44.384084329 -0800
@@ -7,15 +7,15 @@
pam_tsol_account.so.1 [allow_unlabeled] [debug]
DESCRIPTION
- The Solaris Trusted Extensions service module for PAM, /usr/lib/secu-
- rity/pam_tsol_account.so.1, checks account limitations that are related
- to labels. The pam_tsol_account.so.1 module is a shared object that can
- be dynamically loaded to provide the necessary functionality upon de-
- mand, as specified in the PAM configuration files.
+ The Solaris Trusted Extensions service module for PAM, pam_tsol_ac-
+ count.so.1, checks account limitations that are related to labels. The
+ pam_tsol_account.so.1 module is a shared object that can be dynamically
+ loaded to provide the necessary functionality upon demand, as specified
+ in the PAM configuration files.
- pam_tsol_account.so.1 contains a function to perform account manage-
- ment, pam_sm_acct_mgmt(). The function checks for the allowed label
+ pam_tsol_account.so.1 implements the pam_sm_acct_mgmt(3PAM) function to
+ perform account management. The function checks for the allowed label
range for the user. The allowable label range is set by the defaults in
the label_encodings(5) file. These defaults can be overridden by en-
tries in the user_attr(5) database.
@@ -90,4 +90,4 @@
(Update 5). Prior to that it was included in the Trusted Extensions
add-on for Solaris 10.
-Oracle Solaris 11.4 15 Mar 2023 pa...t(7)
+Oracle Solaris 11.4 12 Sep 2023 pa...t(7)
diff -NurbBw 11.4.60/man7/pam_unix_account.7 11.4.63/man7/pam_unix_account.7
--- 11.4.60/man7/pam_unix_account.7 2023-11-17 16:41:21.166110703 -0800
+++ 11.4.63/man7/pam_unix_account.7 2023-11-17 16:41:44.419154619 -0800
@@ -7,8 +7,8 @@
pam_unix_account.so.1 [debug] [nowarn] [server_policy]
DESCRIPTION
- The pam_unix_account module implements pam_sm_acct_mgmt(), which pro-
- vides functionality to the PAM account management stack. This module
+ The pam_unix_account module implements pam_sm_acct_mgmt(3PAM), which
+ provides functionality to the PAM account management stack. This module
provides functions to:
o Validate that an authenticated user is allowed to log in to
@@ -129,4 +129,4 @@
bug and nowarn options. Prior to that, these checks were performed in
the pam_unix module.
-Oracle Solaris 11.4 15 Mar 2023 pa...t(7)
+Oracle Solaris 11.4 12 Sep 2023 pa...t(7)
diff -NurbBw 11.4.60/man7/pam_unix_auth.7 11.4.63/man7/pam_unix_auth.7
--- 11.4.60/man7/pam_unix_auth.7 2023-11-17 16:41:21.199589254 -0800
+++ 11.4.63/man7/pam_unix_auth.7 2023-11-17 16:41:44.455823975 -0800
@@ -7,11 +7,11 @@
pam_unix_auth.so.1 [debug] [nolock] [nowarn] [server_policy]
DESCRIPTION
- The pam_unix_auth module implements pam_sm_authenticate(), which pro-
- vides functionality to the PAM authentication stack. It provides func-
- tions that use crypt(3C) to verify that the password contained in the
- PAM item PAM_AUTHTOK is the correct password for the user specified in
- the item PAM_USER.
+ The pam_unix_auth module implements pam_sm_authenticate(3PAM), which
+ provides functionality to the PAM authentication stack. It provides
+ functions that use crypt(3C) to verify that the password contained in
+ the PAM item PAM_AUTHTOK is the correct password for the user specified
+ in the item PAM_USER.
If PAM_AUSER and PAM_USER are both specified and PAM_USER is a role,
@@ -40,9 +40,9 @@
Authentication service modules must implement both pam_sm_authenti-
- cate() and pam_sm_setcred(). To allow the authentication portion of
- UNIX authentication to be replaced, pam_sm_setcred() in this module al-
- ways returns PAM_IGNORE. This module should be stacked with
+ cate(3PAM) and pam_sm_setcred(3PAM). To allow the authentication por-
+ tion of UNIX authentication to be replaced, pam_sm_setcred() in this
+ module always returns PAM_IGNORE. This module should be stacked with
pam_unix_cred(7) to ensure a successful return from pam_setcred(3PAM).
@@ -138,10 +138,11 @@
SEE ALSO
login(1), passwd(1), crypt(3C), syslog(3C), libpam(3LIB), pam(3PAM),
- pam_authenticate(3PAM), pam_setcred(3PAM), nsswitch.conf(5),
- pam.conf(5), passwd(5), policy.conf(5), shadow(5), user_attr(5), at-
- tributes(7), pam_authtok_check(7), pam_authtok_get(7), pam_auth-
- tok_store(7), pam_dhkeys(7), pam_passwd_auth(7), pam_unix_account(7),
+ pam_authenticate(3PAM), pam_setcred(3PAM), pam_sm_authenticate(3PAM),
+ pam_sm_setcred(3PAM), nsswitch.conf(5), pam.conf(5), passwd(5), pol-
+ icy.conf(5), shadow(5), user_attr(5), attributes(7), pam_auth-
+ tok_check(7), pam_authtok_get(7), pam_authtok_store(7), pam_dhkeys(7),
+ pam_passwd_auth(7), pam_unix_account(7), pam_unix_cred(7),
pam_unix_session(7), ldapclient(8), roleadd(8), rolemod(8), useradd(8),
usermod(8)
@@ -174,4 +175,4 @@
bug and nowarn options. Prior to that, these checks were performed in
the pam_unix module.
-Oracle Solaris 11.4 15 Mar 2023 pa...h(7)
+Oracle Solaris 11.4 12 Sep 2023 pa...h(7)
diff -NurbBw 11.4.60/man7/pam_unix_cred.7 11.4.63/man7/pam_unix_cred.7
--- 11.4.60/man7/pam_unix_cred.7 2023-11-17 16:41:21.236012171 -0800
+++ 11.4.63/man7/pam_unix_cred.7 2023-11-17 16:41:44.491194349 -0800
@@ -1,7 +1,7 @@
pa...d(7Standards, Environments, Macros, Character Sets, and miscellapa...d(7)
NAME
- pam_unix_cred - PAM user credential authentication module for UNIX
+ pam_unix_cred - PAM user credential management module for UNIX
SYNOPSIS
pam_unix_cred.so.1 [debug] [nowarn]
@@ -157,12 +157,12 @@
SEE ALSO
ssh(1), settaskid(2), syslog(3C), libpam(3LIB), pam(3PAM),
- pam_set_item(3PAM), pam_sm_authenticate(3PAM), setproject(3PROJECT),
- getprojent(3PROJECT), nsswitch.conf(5), pam.conf(5), project(5),
- user_attr(5), attributes(7), labels(7), pam_authtok_check(7), pam_auth-
- tok_get(7), pam_authtok_store(7), pam_dhkeys(7), pam_passwd_auth(7),
- pam_unix_account(7), pam_unix_auth(7), pam_unix_session(7), privi-
- leges(7), su(8)
+ pam_set_item(3PAM), pam_sm_authenticate(3PAM), pam_sm_setcred(3PAM),
+ setproject(3PROJECT), getprojent(3PROJECT), nsswitch.conf(5),
+ pam.conf(5), project(5), user_attr(5), attributes(7), labels(7),
+ pam_authtok_check(7), pam_authtok_get(7), pam_authtok_store(7),
+ pam_dhkeys(7), pam_passwd_auth(7), pam_unix_account(7),
+ pam_unix_auth(7), pam_unix_session(7), privileges(7), su(8)
NOTES
If this module is replaced, the audit context and credential may not be
@@ -199,4 +199,4 @@
and nowarn options. Prior to that, this work was performed in the
pam_unix module.
-Oracle Solaris 11.4 15 Mar 2023 pa...d(7)
+Oracle Solaris 11.4 12 Sep 2023 pa...d(7)
diff -NurbBw 11.4.60/man7/pam_unix_session.7 11.4.63/man7/pam_unix_session.7
--- 11.4.60/man7/pam_unix_session.7 2023-11-17 16:41:21.272223865 -0800
+++ 11.4.63/man7/pam_unix_session.7 2023-11-17 16:41:44.526378961 -0800
@@ -66,11 +66,11 @@
SEE ALSO
- syslog(3C), libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), nss-
- witch.conf(5), pam.conf(5), attributes(7), pam_authtok_check(7),
- pam_authtok_get(7), pam_authtok_store(7), pam_dhkeys(7),
- pam_passwd_auth(7), pam_unix_account(7), pam_unix_auth(7),
- pam_unix_cred(7)
+ syslog(3C), libpam(3LIB), pam(3PAM), pam_sm_open_session(3PAM),
+ pam_sm_close_session(3PAM), nsswitch.conf(5), pam.conf(5), attrib-
+ utes(7), pam_authtok_check(7), pam_authtok_get(7), pam_auth-
+ tok_store(7), pam_dhkeys(7), pam_passwd_auth(7), pam_unix_account(7),
+ pam_unix_auth(7), pam_unix_cred(7)
HISTORY
The display of last login time was moved from the individual programs
@@ -83,4 +83,4 @@
bug option. Prior to that, this work was performed in the pam_unix mod-
ule.
-Oracle Solaris 11.4 15 Mar 2023 pa...n(7)
+Oracle Solaris 11.4 12 Sep 2023 pa...n(7)
diff -NurbBw 11.4.60/man7/pf.conf.7 11.4.63/man7/pf.conf.7
--- 11.4.60/man7/pf.conf.7 2023-11-17 16:41:21.348022370 -0800
+++ 11.4.63/man7/pf.conf.7 2023-11-17 16:41:44.605756893 -0800
@@ -270,13 +270,14 @@
allow-opts
- By default, IPv4 packets with IP options or IPv6 packets with rout-
- ing extension headers are blocked. When allow-opts is specified for
+ By default, packets with IPv4 options or IPv6 hop-by-hop or desti-
+ nation options header are blocked. When allow-opts is specified for
a pass rule, packets that pass the filter based on that rule (last
- matching) do so even if they contain IP options or routing exten-
- sion headers. For packets that match state, the rule that initially
- created the state is used. The implicit pass rule that is used when
- a packet does not match any rules does not allow IP options.
+ matching) do so even if they contain options. For packets that
+ match state, the rule that initially created the state is used. The
+ implicit pass rule that is used when a packet does not match any
+ rules, does not allow IP options or option headers. Note that IPv6
+ packets with type 0 routing headers are always dropped.
flags <a> /<b> | any
@@ -2116,4 +2117,4 @@
set found on Solaris Operating System. The PF version is derived from
OpenBSD 5.5 release.
-Oracle Solaris 11.4 6 Oct 2022 pf...f(7)
+Oracle Solaris 11.4 4 Aug 2023 pf...f(7)
diff -NurbBw 11.4.60/man7/pkcs11_kms.7 11.4.63/man7/pkcs11_kms.7
--- 11.4.60/man7/pkcs11_kms.7 2023-11-17 16:41:21.382610800 -0800
+++ 11.4.63/man7/pkcs11_kms.7 2023-11-17 16:41:44.643747865 -0800
@@ -208,4 +208,4 @@
Refer to theOracle Key Manager (OKM) Administration Guide for assis-
tance in assigning key groups to agents.
-Oracle Solaris 11.4 13 Nov 2020 pk...s(7)
+Oracle Solaris 11.4 12 Sep 2023 pk...s(7)
diff -NurbBw 11.4.60/man7/prof.7 11.4.63/man7/prof.7
--- 11.4.60/man7/prof.7 2023-11-17 16:41:21.415454012 -0800
+++ 11.4.63/man7/prof.7 2023-11-17 16:41:44.676433839 -0800
@@ -26,8 +26,8 @@
header prof.h is included, either by a preprocessor directive as in the
synopsis, or by a command line argument:
+ % cc -p -DMARK work.c
- cc-p -DMARK work.c
If MARK is not defined, the MARK(name) statements may be left in the
@@ -62,4 +62,4 @@
The MARK() facility is obsolete and may be removed in future releases
of Oracle Solaris.
-Oracle Solaris 11.4 9 Jul 2014 prof(7)
+Oracle Solaris 11.4 12 Sep 2023 prof(7)
diff -NurbBw 11.4.60/man7/rad-uri.7 11.4.63/man7/rad-uri.7
--- 11.4.60/man7/rad-uri.7 2023-11-17 16:41:21.455014503 -0800
+++ 11.4.63/man7/rad-uri.7 2023-11-17 16:41:44.711611561 -0800
@@ -57,9 +57,8 @@
The rads scheme uses PAM authentication and therefore typically re-
- quires the user's login password. Utilities such as zoneadm
- migrate interactively prompts for the password in
- these cases.
+ quires the user's login password. Utilities such as zoneadm migrate in-
+ teractively prompts for the password in these cases.
Connecting Using the RAD Scheme (TLS)
When connecting to a remote system using TLS, the RAD client will vali-
@@ -121,6 +120,6 @@
see the ssh-agent(1) man page.
SEE ALSO
- zoneadm(8), etraced(8), sysadm(8), rad(8), ssh(1), ssh-keygen(1)
+ ssh(1), ssh-keygen(1), etraced(8), sysadm(8), rad(8), zoneadm(8)
-Oracle Solaris 11.4 02 May 2017 ra...i(7)
+Oracle Solaris 11.4 12 Sep 2023 ra...i(7)
diff -NurbBw 11.4.60/man7/regex.7 11.4.63/man7/regex.7
--- 11.4.60/man7/regex.7 2023-11-17 16:41:21.506009712 -0800
+++ 11.4.63/man7/regex.7 2023-11-17 16:41:44.768011913 -0800
@@ -22,10 +22,10 @@
scribed in the BASIC REGULAR EXPRESSIONS section apply to most utili-
ties supporting regular expressions. Some utilities, instead, support
the Extended Regular Expressions (ERE) described in the EXTENDED REGU-
- LAR EXPRESSIONS section; any exceptions for both cases are noted in
- the descriptions of the specific utilities using regular expressions.
- Both BREs and EREs are supported by the Regular Expression Matching in-
- terfaces regcomp(3C) and regexec(3C).
+ LAR EXPRESSIONS section; any exceptions for both cases are noted in the
+ descriptions of the specific utilities using regular expressions. Both
+ BREs and EREs are supported by the Regular Expression Matching inter-
+ faces regcomp(3C) and regexec(3C).
BASIC REGULAR EXPRESSIONS
BREs Matching a Single Character
@@ -154,9 +154,9 @@
element except for the expressions represented in the list
after the leading circumflex. For example, [^abc] is an RE
that matches any character or collating element except the
- characters a, b, or c. The circumflex will have this spe-
- cial meaning only when it occurs first in the list, immedi-
- ately following the left-bracket.
+ characters a, b, or c. The circumflex will have this special
+ meaning only when it occurs first in the list, immediately
+ following the left-bracket.
4. A collating symbol is a collating element enclosed within
@@ -347,8 +347,8 @@
- The behavior of multiple adjacent duplication symbols ( * and inter-
- vals) produces undefined results.
+ The behavior of multiple adjacent duplication symbols (* and intervals)
+ produces undefined results.
BRE Precedence
The order of precedence is as shown in the following table:
@@ -373,11 +373,11 @@
is called anchoring. The circumflex and dollar sign special characters
will be considered BRE anchors in the following contexts:
- 1. A circumflex ( ^ ) is an anchor when used as the first
- character of an entire BRE. The implementation may treat
- circumflex as an anchor when used as the first character of
- a subexpression. The circumflex will anchor the expression
- to the beginning of a string; only sequences starting at the
+ 1. A circumflex ( ^ ) is an anchor when used as the first char-
+ acter of an entire BRE. The implementation may treat circum-
+ flex as an anchor when used as the first character of a
+ subexpression. The circumflex will anchor the expression to
+ the beginning of a string; only sequences starting at the
first character of a string will be matched by the BRE. For
example, the BRE ^ab matches ab in the string abcdef, but
fails to match in the string cdefab. A portable BRE must es-
@@ -385,13 +385,13 @@
eral circumflex.
- 2. A dollar sign ( $ ) is an anchor when used as the last
- character of an entire BRE. The implementation may treat a
- dollar sign as an anchor when used as the last character of
- a subexpression. The dollar sign will anchor the expression
- to the end of the string being matched; the dollar sign can
- be said to match the end-of-string following the last char-
- acter.
+ 2. A dollar sign ( $ ) is an anchor when used as the last char-
+ acter of an entire BRE. The implementation may treat a dol-
+ lar sign as an anchor when used as the last character of a
+ subexpression. The dollar sign will anchor the expression to
+ the end of the string being matched; the dollar sign can be
+ said to match the end-of-string following the last charac-
+ ter.
3. A BRE anchored by both ^ and $ matches only an entire
@@ -436,8 +436,8 @@
ERE Ordinary Characters
An ordinary character is an ERE that matches itself. An ordinary char-
acter is any character in the supported character set, except for the
- ERE special characters listed in ERE Special Characters below. The
- interpretation of an ordinary character preceded by a backslash (\) is
+ ERE special characters listed in ERE Special Characters below. The in-
+ terpretation of an ordinary character preceded by a backslash (\) is
undefined.
ERE Special Characters
@@ -610,10 +610,10 @@
expression ^b from matching starting at the first character.
- 2. A dollar sign ( $ ) outside a bracket expression anchors
- the expression or subexpression it ends to the end of a
- string; such an expression or subexpression can match only a
- sequence ending at the last character of a string. For exam-
+ 2. A dollar sign ( $ ) outside a bracket expression anchors the
+ expression or subexpression it ends, to the end of a string.
+ Such an expression or subexpression can match only a se-
+ quence ending at the last character of a string. For exam-
ple, the EREs ef$ and (ef$) match ef in the string abcdef,
but fail to match in the string cdefab, and the ERE e$f is
valid, but can never match because the f prevents the ex-
@@ -625,4 +625,4 @@
localedef(1), regcomp(3C), locale(7), attributes(7), environ(7), reg-
exp(7)
-Oracle Solaris 11.4 17 Mar 2016 re...x(7)
+Oracle Solaris 11.4 12 Sep 2023 re...x(7)
diff -NurbBw 11.4.60/man7/regexp.7 11.4.63/man7/regexp.7
--- 11.4.60/man7/regexp.7 2023-11-17 16:41:21.547880176 -0800
+++ 11.4.63/man7/regexp.7 2023-11-17 16:41:44.809549466 -0800
@@ -277,34 +277,33 @@
GETC This macro returns the value of the next character
(byte) in the regular expression pattern. Successive
- calls to GETC should return successive characters of
- the regular expression.
+ calls to GETC should return successive characters of the
+ regular expression.
- PEEKC This macro returns the next character (byte) in the
- regular expression. Immediately successive calls to
- PEEKC should return the same character, which should
- also be the next character returned by GETC.
+ PEEKC This macro returns the next character (byte) in the reg-
+ ular expression. Immediately successive calls to PEEKC
+ should return the same character, which should also be
+ the next character returned by GETC.
UNGETC This macro causes the argument c to be returned by the
next call to GETC and PEEKC. No more than one character
- of pushback is ever needed and this character is guar-
- anteed to be the last character read by GETC. The re-
- turn value of the macro UNGETC(c) is always ignored.
+ of pushback is ever needed and this character is guaran-
+ teed to be the last character read by GETC. The return
+ value of the macro UNGETC(c) is always ignored.
RETURN(ptr) This macro is used on normal exit of the compile() rou-
tine. The value of the argument ptr is a pointer to the
- character after the last character of the compiled reg-
- ular expression. This is useful to programs which have
+ character after the last character of the compiled regu-
+ lar expression. This is useful to programs which have
memory allocation to manage.
ERROR(val) This macro is the abnormal return from the compile()
- routine. The argument val is an error number (see ER-
- RORS below for meanings). This call should never re-
- turn.
+ routine. The argument val is an error number (see ERRORS
+ below for meanings). This call should never return.
compile()
@@ -455,4 +454,4 @@
SEE ALSO
regex(7)
-Oracle Solaris 11.4 11 May 2021 re...p(7)
+Oracle Solaris 11.4 12 Sep 2023 re...p(7)
diff -NurbBw 11.4.60/man7/smf.7 11.4.63/man7/smf.7
--- 11.4.60/man7/smf.7 2023-11-17 16:41:21.595870891 -0800
+++ 11.4.63/man7/smf.7 2023-11-17 16:41:44.862028820 -0800
@@ -302,19 +298,17 @@
-
-
events is a comma separated list of SMF state transition sets or a
comma separated list of FMA event classes. events cannot have a mix of
SMF state transition sets and FMA event classes.
- For convenience, the tags problem- {diagnosed,updated,repaired,re-
- solved} describe the life cycle of a problem diagnosed by the FMA sub-
- system - from initial diagnosis to interim updates and finally problem
- closure. These tags are aliases for underlying FMA protocol event
- classes (all in the list.* hierarchy), but the latter should not be
- used in configuring notification preferences.
+ For convenience, the tags problem-{diagnosed,updated,repaired,resolved}
+ describe the life cycle of a problem diagnosed by the FMA subsystem,
+ from initial diagnosis to interim updates and finally problem closure.
+ These tags are aliases for underlying FMA protocol event classes (all
+ in the list.* hierarchy), but the latter should not be used in config-
+ uring notification preferences.
problem-diagnosed
@@ -679,4 +673,4 @@
tify(8), snmp-notify(8), svc.configd(8), svc.startd(8), svcadm(8), svc-
cfg(8), solaris(7), solaris-kz(7), zoneadm(8)
-Oracle Solaris 11.4 7 Mar 2023 smf(7)
+Oracle Solaris 11.4 12 Sep 2023 smf(7)
diff -NurbBw 11.4.60/man7/solaris-kz.7 11.4.63/man7/solaris-kz.7
--- 11.4.60/man7/solaris-kz.7 2023-11-17 16:41:21.655375783 -0800
+++ 11.4.63/man7/solaris-kz.7 2023-11-17 16:41:44.924756382 -0800
@@ -1,8 +1,5 @@
so...z(7Standards, Environments, Macros, Character Sets, and miscellaso...z(7)
->>>>>>> source
-
-
NAME
solaris-kz - solaris kernel zone
@@ -502,6 +499,40 @@
+
+ The zoneadm apply command performs a live zone reconfiguration (LZR) of
+ a running kernel zone, which might include a request to change the mem-
+ ory size.
+
+
+ A memory LZR operation uses either a best-effort method or a strict
+ method to determine the success or failure of the operation.
+
+ o Best-effort method: A memory LZR operation succeeds when it
+ completely or partially fulfills the memory size request. A
+ partial success frees or allocates enough memory to get as
+ close as possible to the requested size. This is the default
+ method.
+
+ The zoneadm apply command returns an exit value of 0 when it
+ completely or partially fulfills a memory request. This com-
+ mand returns an exit value of 1 if no memory is added or
+ freed, or if the memory LZR operation fails for another rea-
+ son.
+
+
+ o Strict method: A memory LZR operation succeeeds only if the
+ exact memory size request is fulfilled and the zoneadm apply
+ command returns an exit value of 0.
+
+ When the memory LZR operation cannot fulfill the exact re-
+ quest, the zoneadm apply command restores the original size
+ of the kernel zone's memory and returns an exit value of 1.
+
+ To enable the strict method, set the memlzr property value
+ of the capped-memory resource to strict.
+
+
CPU Configuration
As described in zonecfg(8), virtual CPU and dedicated CPU resources,
and the resource pool property can be used to define the CPUs available
@@ -868,6 +899,26 @@
the root ZFS pool. See zoneadm(8) move subcommand for more informa-
tion.
+ Time Synchronization
+ A kernel zone periodically synchronizes its time with the host TOD
+ (time of day). That happens only with a granularity of seconds, and a
+ guest's time can drift from the host TOD by a couple of seconds before
+ the next synchronization triggers. For that reason, if precise time is
+ required within a kernel zone guest then its svc:/network/ntp:default
+ service instance must be enabled even when the host time itself is syn-
+ chronized via NTP. See ntpd(8) for more information.
+
+ Virtual Time
+ A kernel zone may set its own time. That is implemented as a relative
+ offset from the kernel zone host time and is in granularity of seconds.
+ As documented in the Time Synchronization section, the actual offset
+ from the host time may further drift off by another couple of seconds.
+ For that reason, setting kernel zone time other than by running an NTP
+ daemon is mostly intended for testing and debugging. The time offset is
+ stored in Host Data, see Host Data section. As the offset is relative
+ to the host time, if the host time changes, the kernel zone time is
+ changed accordingly, with the presently configured offset applied.
+
Auxiliary State
The following auxiliary states (as shown by zoneadm list -is) are de-
fined for this brand:
@@ -1100,9 +1151,9 @@
SEE ALSO
- ai_manifest(5), archiveadm(8), brands(7), zfs(8), zlogin(1),
- zoneadm(8), zonecfg(8), zones(7), resource-management(7), memory-re-
- serve(8s), psrset(8), poolcfg(8)
+ zlogin(1), ai_manifest(5), brands(7), resource-management(7), zones(7),
+ archiveadm(8), ntpd(8), poolcfg(8), psrset(8), zfs(8), zoneadm(8),
+ zonecfg(8), memory-reserve(8s)
NOTES
VirtualBox can be used on the same host as kernel zones, but must be
@@ -1125,4 +1176,4 @@
this will only succeed if coreadm(8) has configured a location for and
enabled kernel zone core dumps.
-Oracle Solaris 11.4 1 Jan 2023 so...z(7)
+Oracle Solaris 11.4 12 Sep 2023 so...z(7)
diff -NurbBw 11.4.60/man7/sstore-authorized-user.7 11.4.63/man7/sstore-authorized-user.7
--- 11.4.60/man7/sstore-authorized-user.7 2023-11-17 16:41:21.690021155 -0800
+++ 11.4.63/man7/sstore-authorized-user.7 2023-11-17 16:41:44.959005454 -0800
@@ -4,12 +4,12 @@
sstore-authorized-user - Statistics Store authorized user
DESCRIPTION
- An sstore-authorized user is authorized for a given namespace node and
+ An sstore authorized user is authorized for a given namespace node and
a privileged operation. This authorization permits the user to perform
the privileged operation on the namespace node or on any of its non-
topological descendant nodes without having the RBAC authorization re-
quired to perform that operation. For more information about RBAC au-
- thorization, see the sstore-security(7)) man page.
+ thorization, see the sstore-security(7) man page.
For example, if the user foo is an authorized user for the read_sensi-
@@ -97,4 +97,4 @@
auths(1), sstore(1), libsstore(3LIB), sstore.json(5), ssid(7), ssid-
metadata(7), sstore(7), sstore-security(7), sstoreadm(1)
-Oracle Solaris 11.4 29 Apr 2016 ss...r(7)
+Oracle Solaris 11.4 12 Sep 2023 ss...r(7)
diff -NurbBw 11.4.60/man7/standards.7 11.4.63/man7/standards.7
--- 11.4.60/man7/standards.7 2023-11-17 16:41:21.738907454 -0800
+++ 11.4.63/man7/standards.7 2023-11-17 16:41:45.005453253 -0800
@@ -458,7 +454,7 @@
SVID3 specification was written before the C standard was completed.
SEE ALSO
- csh(1), ksh(1), sh(1), exec(2), sysconf(3C), system(3C), environ(7),
- lf64(7)
+ csh(1), getconf(1), ksh(1), sh(1), exec(2), sysconf(3C), system(3C),
+ environ(7), lf64(7)
-Oracle Solaris 11.4 28 Jan 2019 st...s(7)
+Oracle Solaris 11.4 12 Sep 2023 st...s(7)
diff -NurbBw 11.4.60/man7/sticky.7 11.4.63/man7/sticky.7
--- 11.4.60/man7/sticky.7 2023-11-17 16:41:21.770980729 -0800
+++ 11.4.63/man7/sticky.7 2023-11-17 16:41:45.041124288 -0800
@@ -9,10 +9,10 @@
which the sticky bit is set restricts deletion of files it contains. A
file in a sticky directory can only be removed or renamed by a user who
has write permission on the directory, and either owns the file, owns
- the directory, has write permission on the file, or is a privileged
- user. Setting the sticky bit is useful for directories such as /tmp,
- which must be publicly writable but should deny users permission to ar-
- bitrarily delete or rename the files of others.
+ the directory, has write permission on the file, or has the
+ {PRIV_FILE_OWNER} privilege. Setting the sticky bit is useful for di-
+ rectories such as /tmp, which must be publicly writable but should deny
+ users permission to arbitrarily delete or rename the files of others.
If the sticky bit is set on a regular file and no execute bits are set,
@@ -24,8 +24,8 @@
nent storage.
- Any user may create a sticky directory. See chmod for details about
- modifying file modes.
+ Any user may create a sticky directory. See chmod(1) and chmod(2) for
+ details about modifying file modes.
SEE ALSO
chmod(1), chmod(2), chown(2), mkdir(2), rename(2), unlink(2)
@@ -34,4 +34,4 @@
The mkdir(2) function will not create a directory with the sticky bit
set.
-Oracle Solaris 11.4 1 Aug 2002 st...y(7)
+Oracle Solaris 11.4 12 Sep 2023 st...y(7)
diff -NurbBw 11.4.60/man7/term.7 11.4.63/man7/term.7
--- 11.4.60/man7/term.7 2023-11-17 16:41:21.810350573 -0800
+++ 11.4.63/man7/term.7 2023-11-17 16:41:45.079666667 -0800
@@ -5,9 +5,9 @@
DESCRIPTION
Terminal names are maintained as part of the shell environment in the
- environment variable TERM. See sh(1), profile(5), and environ(7).
- These names are used by certain commands (for example, tabs, tput, and
- vi) and certain functions (for example, see curses(3CURSES)).
+ environment variable TERM. See sh(1), profile(5), and environ(7). These
+ names are used by certain commands (for example, tabs, tput, and vi)
+ and certain functions (for example, see curses(3CURSES)).
Files under /usr/share/lib/terminfo are used to name terminals and de-
@@ -42,6 +42,7 @@
ble:
Suffix Meaning Example
+ --------------------------------------------------------------
-w Wide mode (more than 80 columns) att4425-w
-am With auto. margins (usually default) vt100-am
-nam Without automatic margins vt100-nam
@@ -149,6 +150,35 @@
+ Modern systems are typically accessed with terminal emulation software,
+ rather than dedicated physical terminal hardware. Some emulators pro-
+ vide additional capabilities not found in the original hardware being
+ emulated. To allow these additional abilities to be used, such emula-
+ tors use a distinct terminal name, different from the name of the orig-
+ inal hardware. They may also offer additional user preferences via suf-
+ fixes to the terminal name, such as specifying how many colors programs
+ can use to output text in. Some such programs use terminal names asso-
+ ciated with well known software, for instance tmux(1) often uses screen
+ as its terminal name, and gnome-terminal(1) typically uses the
+ xterm-256color terminal name. Here are some of the known terminal names
+ for terminal emulation software:
+
+ sun Solaris kernel or OpenBoot PROM text console
+ (monochrome)
+ sun-color Solaris kernel text console (8 colors)
+ screen screen(1) (monochrome)
+ screen-256color screen(1) (256 colors)
+ xterm xterm(1) (monochrome)
+ xterm-color xterm(1) (8 colors)
+ xterm-256color xterm(1) (256 colors)
+
+
+
+ Note that the sun terminal types only apply to configurations in which
+ the kernel or OpenBoot PROM are emulating a text terminal on a graphics
+ device, and not to serial port connections to the system console.
+
+
Commands whose behavior depends on the type of terminal should accept
arguments of the form -Tterm where term is one of the names given
above; if no such argument is present, such commands should obtain the
@@ -165,4 +195,4 @@
sh(1), stty(1), tabs(1), tput(1), vi(1), curses(3CURSES), profile(5),
terminfo(5), environ(7), infocmp(8)
-Oracle Solaris 11.4 3 Jul 1990 term(7)
+Oracle Solaris 11.4 12 Sep 2023 term(7)
diff -NurbBw 11.4.60/man7/threads.7 11.4.63/man7/threads.7
--- 11.4.60/man7/threads.7 2023-11-17 16:41:21.855150985 -0800
+++ 11.4.63/man7/threads.7 2023-11-17 16:41:45.124453664 -0800
@@ -34,6 +34,12 @@
o POSIX threads are more portable.
+ o POSIX threads have had more features added and may be ex-
+ tended to support newer abilities over time. Solaris threads
+ are maintained for backwards compatibility, and do not re-
+ ceive such enhancements.
+
+
o POSIX threads establish characteristics for each thread ac-
cording to configurable attribute objects.
@@ -81,7 +87,7 @@
pthread_attr_getguardsize() -
pthread_attr_setguardsize() -
pthread_attr_destroy() -
- - pthread_getattr_np()
+ pthread_getattr_np() -
- thr_min_stack()
@@ -300,10 +306,19 @@
SEE ALSO
crle(1), fork(2), priocntl(2), pthread_atfork(3C), pthread_create(3C),
- libpthread(3LIB), librt(3LIB), libthread(3LIB), attributes(7), privi-
- leges(7), standards(7)
+ libpthread(3LIB), librt(3LIB), libthread(3LIB), attributes(7), cancel-
+ lation(7), privileges(7), standards(7)
Oracle Solaris 11.4 Linkers and Libraries Guide
-Oracle Solaris 11.4 12 May 2017 th...s(7)
+
+ Oracle Solaris 11.4 Multithreaded Programming Guide
+
+HISTORY
+ Support for POSIX threads was added to Solaris in Solaris 2.5.
+
+
+ Support for Solaris threads was added to Solaris in Solaris 2.2.
+
+Oracle Solaris 11.4 12 Sep 2023 th...s(7)
diff -NurbBw 11.4.60/man7/trusted_extensions.7 11.4.63/man7/trusted_extensions.7
--- 11.4.60/man7/trusted_extensions.7 2023-11-17 16:41:21.886233174 -0800
+++ 11.4.63/man7/trusted_extensions.7 2023-11-17 16:41:45.156510625 -0800
@@ -22,7 +22,7 @@
SEE ALSO
- label_encodings(5), labels(7), labeladm(8), labeld(8)
+ label_encodings(5), labels(7), labeladm(8), labeld(8), txzonemgr(8)
Trusted Extensions Configuration and Administration
@@ -47,4 +47,4 @@
Support for a multilevel, labeled desktop environment was removed from
Solaris in Oracle Solaris 11.4.0.
-Oracle Solaris 11.4 21 Jun 2021 tr...s(7)
+Oracle Solaris 11.4 12 Sep 2023 tr...s(7)
diff -NurbBw 11.4.60/man7/zones.7 11.4.63/man7/zones.7
--- 11.4.60/man7/zones.7 2023-11-17 16:41:21.924704421 -0800
+++ 11.4.63/man7/zones.7 2023-11-17 16:41:45.200182458 -0800
@@ -74,7 +74,7 @@
READY
- Indicates that the "virtual platform" for the zone has been estab-
+ Indicates that the virtual platform for the zone has been estab-
lished. For instance, file systems have been mounted, devices have
been configured, but no processes associated with the zone have
been started.
@@ -325,10 +325,10 @@
SEE ALSO
- attributes(7), beadm(8), brands(7), crgetzoneid(9F), gethostid(3C),
- getzoneid(3C), hostid(1), in.rlogind(8), kill(2), logadm(8), prioc-
- ntl(2), privileges(7), proc(5), solaris-kz(7), sshd(8), svc.zones(8),
- sysdef(8), sysinfo(2), ucred_get(3C), zfs(8), zlogin(1), zoneadm(8),
- zonecfg(8), zonename(1)
+ hostid(1), zlogin(1), zonename(1), kill(2), priocntl(2), sysinfo(2),
+ gethostid(3C), getzoneid(3C), ucred_get(3C), proc(5), attributes(7),
+ brands(7), privileges(7), solaris-kz(7), beadm(8), in.rlogind(8), lo-
+ gadm(8), sshd(8), svc.zones(8), sysdef(8), zfs(8), zoneadm(8),
+ zonecfg(8), crgetzoneid(9F)
-Oracle Solaris 11.4 5 Dec 2022 zo...s(7)
+Oracle Solaris 11.4 19 Jul 2023 zo...s(7)
diff -NurbBw 11.4.60/man8/halt.8 11.4.63/man8/halt.8
--- 11.4.60/man8/halt.8 2023-11-17 16:41:21.959561823 -0800
+++ 11.4.63/man8/halt.8 2023-11-17 16:41:45.231669790 -0800
@@ -62,7 +62,7 @@
SEE ALSO
inittab(5), attributes(7), smf(7), reboot(8), dumpadm(8), init(8),
- shutdown(8), sync(8), syslogd(8)
+ shutdown(8), sync(8), syslogd(8) sysadm(8)
NOTES
The halt and poweroff utilities do not cleanly shutdown smf(7) ser-
@@ -70,4 +70,4 @@
in inittab(5). To ensure a complete shutdown of system services, use
shutdown(8) or init(8) to reboot a Solaris system.
-Oracle Solaris 11.4 16 Dec 2022 halt(8)
+Oracle Solaris 11.4 25 Jul 2023 halt(8)
diff -NurbBw 11.4.60/man8/idmap.8 11.4.63/man8/idmap.8
--- 11.4.60/man8/idmap.8 2023-11-17 16:41:22.012430380 -0800
+++ 11.4.63/man8/idmap.8 2023-11-17 16:41:45.282959565 -0800
@@ -965,13 +965,13 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+-----------------------------+
+ +------------------------------+------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+-----------------------------+
- | Availability |system/file-system/smb |
- +------------------------------+-----------------------------+
+ +------------------------------+------------------------------+
+ | Availability |system/file-system/smb/common |
+ +------------------------------+------------------------------+
| Interface Stability |Uncommitted |
- +------------------------------+-----------------------------+
+ +------------------------------+------------------------------+
SEE ALSO
@@ -1020,4 +1020,4 @@
and Display Specifiers, which you can find at their technet website,
https://technet.microsoft.com/ .
-Oracle Solaris 11.4 2 June 2021 idmap(8)
+Oracle Solaris 11.4 20 July 2023 idmap(8)
diff -NurbBw 11.4.60/man8/idmapd.8 11.4.63/man8/idmapd.8
--- 11.4.60/man8/idmapd.8 2023-11-17 16:41:22.047765174 -0800
+++ 11.4.63/man8/idmapd.8 2023-11-17 16:41:45.319273030 -0800
@@ -32,13 +32,13 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+-----------------------------+
+ +------------------------------+------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+-----------------------------+
- | Availability |system/file-system/smb |
- +------------------------------+-----------------------------+
+ +------------------------------+------------------------------+
+ | Availability |system/file-system/smb/common |
+ +------------------------------+------------------------------+
| Interface Stability |See below. |
- +------------------------------+-----------------------------+
+ +------------------------------+------------------------------+
@@ -78,4 +78,4 @@
The functionality of this daemon might change in a future release of
the Solaris operating system.
-Oracle Solaris 11.4 7 Jan 2019 idmapd(8)
+Oracle Solaris 11.4 20 July 2023 idmapd(8)
diff -NurbBw 11.4.60/man8/in.rexecd.8 11.4.63/man8/in.rexecd.8
--- 11.4.60/man8/in.rexecd.8 2023-11-17 16:41:22.083183819 -0800
+++ 11.4.63/man8/in.rexecd.8 2023-11-17 16:41:45.353884989 -0800
@@ -83,13 +83,14 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+----------------------------------------+
+ +------------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+----------------------------------------+
- | Availability |service/network/legacy-remote-utilities |
- +------------------------------+----------------------------------------+
+ +------------------------------+-----------------------------+
+ | Availability |service/network/legacy-re- |
+ | |mote-bsd-services |
+ +------------------------------+-----------------------------+
| Interface Stability |Obsolete |
- +------------------------------+----------------------------------------+
+ +------------------------------+-----------------------------+
SEE ALSO
@@ -156,4 +157,4 @@
laris 9, but has been disabled by default since the Solaris 10 3/05 re-
lease.
-Oracle Solaris 11.4 10 Mar 2023 in.rexecd(8)
+Oracle Solaris 11.4 28 Jun 2023 in.rexecd(8)
diff -NurbBw 11.4.60/man8/in.rlogind.8 11.4.63/man8/in.rlogind.8
--- 11.4.60/man8/in.rlogind.8 2023-11-17 16:41:22.122578937 -0800
+++ 11.4.63/man8/in.rlogind.8 2023-11-17 16:41:45.390455477 -0800
@@ -123,13 +123,14 @@
See the attributes(7) man page for descriptions of the following at-
tributes:
- +------------------------------+----------------------------------------+
+ +------------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+----------------------------------------+
- | Availability |service/network/legacy-remote-utilities |
- +------------------------------+----------------------------------------+
+ +------------------------------+-----------------------------+
+ | Availability |service/network/legacy-re- |
+ | |mote-bsd-services |
+ +------------------------------+-----------------------------+
| Interface Stability |Obsolete |
- +------------------------------+----------------------------------------+
+ +------------------------------+-----------------------------+
SEE ALSO
@@ -213,4 +214,4 @@
the generic_limited_net.xml service profile. In Oracle Solaris 11.4, it
is disabled by default.
-Oracle Solaris 11.4 6 Oct 2022 in.rlogind(8)
+Oracle Solaris 11.4 28 Jun 2023 in.rlogind(8)
diff -NurbBw 11.4.60/man8/in.rshd.8 11.4.63/man8/in.rshd.8
--- 11.4.60/man8/in.rshd.8 2023-11-17 16:41:22.163089574 -0800
+++ 11.4.63/man8/in.rshd.8 2023-11-17 16:41:45.429981904 -0800
@@ -140,13 +140,14 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+----------------------------------------+
+ +------------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+----------------------------------------+
- | Availability |service/network/legacy-remote-utilities |
- +------------------------------+----------------------------------------+
+ +------------------------------+-----------------------------+
+ | Availability |service/network/legacy-re- |
+ | |mote-bsd-services |
+ +------------------------------+-----------------------------+
| Interface Stability |Obsolete |
- +------------------------------+----------------------------------------+
+ +------------------------------+-----------------------------+
SEE ALSO
@@ -259,4 +260,4 @@
the generic_limited_net.xml service profile. In Oracle Solaris 11.4, it
is disabled by default.
-Oracle Solaris 11.4 12 May 2022 in.rshd(8)
+Oracle Solaris 11.4 28 Jun 2023 in.rshd(8)
diff -NurbBw 11.4.60/man8/in.rwhod.8 11.4.63/man8/in.rwhod.8
--- 11.4.60/man8/in.rwhod.8 2023-11-17 16:41:22.198150702 -0800
+++ 11.4.63/man8/in.rwhod.8 2023-11-17 16:41:45.465972303 -0800
@@ -90,13 +90,14 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+----------------------------------------+
+ +------------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+----------------------------------------+
- | Availability |service/network/legacy-remote-utilities |
- +------------------------------+----------------------------------------+
+ +------------------------------+-----------------------------+
+ | Availability |service/network/legacy-re- |
+ | |mote-bsd-services |
+ +------------------------------+-----------------------------+
| Interface Stability |Obsolete |
- +------------------------------+----------------------------------------+
+ +------------------------------+-----------------------------+
SEE ALSO
@@ -134,4 +135,4 @@
Support for multicast and the -m option was added in Solaris 2.0.
-Oracle Solaris 11.4 12 May 2022 in.rwhod(8)
+Oracle Solaris 11.4 28 Jun 2023 in.rwhod(8)
diff -NurbBw 11.4.60/man8/init.8 11.4.63/man8/init.8
--- 11.4.60/man8/init.8 2023-11-17 16:41:22.238735038 -0800
+++ 11.4.63/man8/init.8 2023-11-17 16:41:45.508853989 -0800
@@ -4,7 +4,7 @@
init - process control initialization
SYNOPSIS
- /usr/sbin/init [0123456abcQqSs]
+ /usr/sbin/init [-c comment] [0123456abcQqSs]
DESCRIPTION
init is the default primordial user process. (Options given to the ker-
@@ -159,6 +159,13 @@
/etc/pam.d/other will be used.
OPTIONS
+ -c comment
+
+ Include the supplied comment in any messages logged and as much of
+ the comment as will fit into the wtmpx record. The comment needs to
+ be quoted according to the shell's quoting rules.
+
+
0
Go into firmware.
@@ -373,7 +380,7 @@
login(1), sh(1), stty(1), who(1), ioctl(2), kill(2), ctime(3C),
pam(3PAM), termio(4I), environ(7), init.d(5), inittab(5), pam.conf(5),
utmpx(5), attributes(7), pam_unix_session(7), smf(7), kernel(8), shut-
- down(8), su(8), svc.configd(8), svc.startd(8), ttymon(8)
+ down(8), su(8), svc.configd(8), svc.startd(8), sysadm(8), ttymon(8)
DIAGNOSTICS
If init finds that it is respawning an entry from /etc/inittab more
@@ -417,4 +424,4 @@
When you shut down an image, services are shut down in reverse depen-
dency order.
-Oracle Solaris 11.4 11 May 2021 init(8)
+Oracle Solaris 11.4 25 Jul 2023 init(8)
diff -NurbBw 11.4.60/man8/iscsiadm.8 11.4.63/man8/iscsiadm.8
--- 11.4.60/man8/iscsiadm.8 2023-11-17 16:41:22.289499133 -0800
+++ 11.4.63/man8/iscsiadm.8 2023-11-17 16:41:45.559464122 -0800
@@ -537,9 +537,7 @@
to declare its max receive segment
length. This parameter setting can be
displayed by the iscsiadm list target-
- param -v
- tar-
- get command.
+ param -v target command.
@@ -1020,4 +1018,4 @@
command. You can query the status of this service by using the svcs
command.
-Oracle Solaris 11.4 29 Jun 2020 iscsiadm(8)
+Oracle Solaris 11.4 19 Jul 2023 iscsiadm(8)
diff -NurbBw 11.4.60/man8/kernel.8 11.4.63/man8/kernel.8
--- 11.4.60/man8/kernel.8 2023-11-17 16:41:22.326014046 -0800
+++ 11.4.63/man8/kernel.8 2023-11-17 16:41:45.597155325 -0800
@@ -96,9 +96,9 @@
milestone=[milestone]
Boot with some SMF services temporarily disabled, as indicated
- by milestone. milestone can be "none", "single-user", "multi-
- user", "multi-user-server", or "all". See the milestone subcom-
- mand of svcadm(8).
+ by milestone. milestone can be none, single-user, multi-user,
+ multi-user-server, or all. See the milestone subcommand of sv-
+ cadm(8).
Messages options
@@ -263,4 +263,4 @@
Reconfiguration boot will, by design, not remove /dev entries for some
classes of devices that have been physically removed from the system.
-Oracle Solaris 11.4 25 Mar 2020 kernel(8)
+Oracle Solaris 11.4 19 Jul 2023 kernel(8)
diff -NurbBw 11.4.60/man8/killall.8 11.4.63/man8/killall.8
--- 11.4.60/man8/killall.8 2023-11-17 16:41:22.357327308 -0800
+++ 11.4.63/man8/killall.8 2023-11-17 16:41:45.629376516 -0800
@@ -7,20 +7,24 @@
/usr/sbin/killall [signal]
DESCRIPTION
- killall is used by shutdown(8) to kill all active processes not di-
- rectly related to the shutdown procedure.
+ killall is used by svc.startd(8) to kill all user sessions as part of a
+ system shutdown or reboot.
- killall terminates all processes with open files so that the mounted
- file systems will be unbusied and can be unmounted.
-
-
- killall sends signal (see kill(1)) to the active processes. If no sig-
- nal is specified, a default of 15 is used.
+ killall sends signal, which may be specified by name or number, as in
+ kill(1), to the active processes listed in utmpx(5) with a ut_type of
+ USER_PROCESS or LOGIN_PROCESS. If no signal is specified, a default of
+ TERM is used.
The killall command can be run only by the super-user.
+USAGE
+ This command is primarily used by the Service Management Framework
+ (SMF). For an equivalent to the killall command found on other systems
+ that allows specifying criteria to determine which processes to signal,
+ see pkill(1).
+
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
@@ -32,6 +36,7 @@
SEE ALSO
- kill(1), ps(1), signal(3C), attributes(7), fuser(8), shutdown(8)
+ kill(1), pkill(1), ps(1), signal(3C), signal.h(3HEAD), utmpx(5), at-
+ tributes(7), svc.startd(8)
-Oracle Solaris 11.4 14 Sep 1992 killall(8)
+Oracle Solaris 11.4 25 Aug 2023 killall(8)
diff -NurbBw 11.4.60/man8/luxadm.8 11.4.63/man8/luxadm.8
--- 11.4.60/man8/luxadm.8 2023-11-17 16:41:22.405135691 -0800
+++ 11.4.63/man8/luxadm.8 2023-11-17 16:41:45.677929429 -0800
@@ -1,24 +1,24 @@
luxadm(8) System Administration Commands luxadm(8)
NAME
- luxadm - administer Sun Fire 880 storage subsystem and FC_AL devices
- (obsolete)
+ luxadm - administer fiber channel devices
SYNOPSIS
luxadm [options]... subcommand [options]... enclosure
[,dev] | pathname...
DESCRIPTION
- The luxadm program is an administrative command that manages the SENA,
- Sun Fire 880 internal storage subsystem, and individual Fiber Channel
- Arbitrated Loop (FC_AL) devices. luxadm performs a variety of control
- and query tasks depending on the command line arguments and options
- used.
-
-
luxadm is obsolete and may be removed in a future release of Solaris.
For administration of modern FC fabrics and multipathing, see fcinfo(8)
- and mpathadm(8).
+ and mpathadm(8). Refer to luxadm(7) for information on alternate com-
+ mands.
+
+
+ The luxadm program is an administrative command that manages fiber
+ channel devices. Historically, it used to support the SENA, Sun Fire
+ 880 internal storage subsystem and individual Fiber Channel Arbitrated
+ Loop (FC_AL) devices. luxadm performs a variety of control and query
+ tasks depending on the command line arguments and options used.
The command line must contain a subcommand. The command line may also
@@ -884,8 +884,8 @@
SEE ALSO
- fcinfo(8), mpathadm(8), ses(4D), attributes(7), environ(7), de-
- vlinks(8), disks(8)
+ luxadm(7), fcinfo(8), mpathadm(8), ses(4D), attributes(7), environ(7),
+ devlinks(8), disks(8)
Managing SAN Devices and I/O Multipathing in Oracle Solaris 11.4
@@ -912,4 +912,4 @@
/usr filesystems or any swap data. If you do quiesce such a bus a dead-
lock can result, requiring a system reboot.
-Oracle Solaris 11.4 11 May 2021 luxadm(8)
+Oracle Solaris 11.4 16 May 2023 luxadm(8)
diff -NurbBw 11.4.60/man8/nscfg.8 11.4.63/man8/nscfg.8
--- 11.4.60/man8/nscfg.8 2023-11-17 16:41:22.440435647 -0800
+++ 11.4.63/man8/nscfg.8 2023-11-17 16:41:45.717193146 -0800
@@ -19,6 +19,9 @@
/usr/sbin/nscfg validate [-vq] FMRI]
+ /usr/sbin/nscfg adldap [-nvqu]
+
+
/usr/sbin/nscfg help
DESCRIPTION
@@ -147,6 +150,47 @@
quested operation.
+ adldap [-nvqu]
+
+ Configure LDAP naming services using the domain configuration sup-
+ plied by the smbadm join command. This option requires the previous
+ configuration of the system to use Kerberos and an Active Directory
+ domain prior to executing this operation. If the system is not
+ properly configured using the smbadm then an error will be issued
+ and this operation will not proceed with LDAP naming services con-
+ figuration.
+
+ Using the active Domain configuration, this operation inspects the
+ Active Directory LDAP server to verify the required LDAP schema
+ that can support users and groups for Solaris. Then if all pre-req-
+ uisites are met, this operation will configure the system into LDAP
+ "manual mode" with "proxy" authentication using sasl/GSSAPI (Ker-
+ beros) credentials to the LDAP server and the Kerberos host princi-
+ pal is used as the credential that connects to the AD LDAP server.
+
+ The configuration will include "service search descriptors" and
+ proper configuration for both the user password and group data-
+ bases. The SMF service configuration for the LDAP service svc:/net-
+ work/ldap/client:default will be updated and that service will au-
+ tomatically be started.
+
+ Additionally the name service/switch configuration svc:/sys-
+ tem/name-service/switch:default will be updated and both the name
+ service switch service and the name service cache service svc:/sys-
+ tem/name-service/cache:default will automatically be restarted.
+
+ With -v, issue verbose progress messages during the requested oper-
+ ation. With -q, issue no error or other messages during the re-
+ quested operation. With -n, perform all the AD LDAP server inspec-
+ tion and pre-requisite checks, but do not change the configuration.
+ Exit after the checks are performed.
+
+ With -u, unconfigure the LDAP client service svc:/net-
+ work/ldap/client:default, unconfigure LDAP from the name switch
+ service svc:/system/name-service/switch:default and restore the all
+ the switch databases except the host database back to "files only".
+
+
EXAMPLES
Example 1 Importing DNS Client Configuration
diff -NurbBw 11.4.60/man8/prstat.8 11.4.63/man8/prstat.8
--- 11.4.60/man8/prstat.8 2023-11-17 16:41:22.481830747 -0800
+++ 11.4.63/man8/prstat.8 2023-11-17 16:41:45.760055719 -0800
@@ -181,13 +181,25 @@
Sort output lines (that is, processes, lwps, or users) by key in
descending order. Only one key can be used as an argument.
- There are five possible key values:
+ There are seven possible key values:
cpu
Sort by process CPU usage. This is the default.
+ sys
+
+ Sort by process SYS usage. This can be used with the -m or -v
+ options only.
+
+
+ usr
+
+ Sort by process USR usage. This can be used with the -m or -v
+ options only.
+
+
pri
Sort by process priority.
@@ -596,6 +608,10 @@
used by processes with shared memory segments.
HISTORY
+ The sort keys sys and usr were added to the prstat command in Oracle
+ Solaris 11.4.63.
+
+
The --scale option was added to the prstat command in Oracle Solaris
11.4.30.
@@ -624,4 +640,4 @@
-P, -R, -s, -S, -t, -u, -U, and -v options; was introduced in the So-
laris 8 release.
-Oracle Solaris 11.4 23 August 2022 prstat(8)
+Oracle Solaris 11.4 10 August 2023 prstat(8)
diff -NurbBw 11.4.60/man8/rad.8 11.4.63/man8/rad.8
--- 11.4.60/man8/rad.8 2023-11-17 16:41:22.528607768 -0800
+++ 11.4.63/man8/rad.8 2023-11-17 16:41:45.803829515 -0800
@@ -536,8 +536,8 @@
SEE ALSO
usermgr-1(3rad), radadrgen(1), pipe(2), getpeerucred(3C), pam(3PAM),
- scf_handle_create(3SCF), attributes(7), smf(7), smf_method(7),
- svc.startd(8)
+ scf_handle_create(3SCF), attributes(7), rad-uri(7), smf(7),
+ smf_method(7), svc.startd(8)
Managing User Accounts and User Environments in Oracle Solaris 11.4
@@ -578,4 +578,4 @@
Other system components, including some desktop administrative user in-
terfaces, rely on the local instance of rad (svc:/system/rad:local).
-Oracle Solaris 11.4 11 May 2021 rad(8)
+Oracle Solaris 11.4 19 Jul 2023 rad(8)
diff -NurbBw 11.4.60/man8/rdate.8 11.4.63/man8/rdate.8
--- 11.4.60/man8/rdate.8 2023-11-17 16:41:22.562245463 -0800
+++ 11.4.63/man8/rdate.8 2023-11-17 16:41:45.837806829 -0800
@@ -37,13 +37,13 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+--------------------------------+
- | Availability |network/legacy-remote-utilities |
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
+ | Availability |network/legacy-remote-bsd-utilities |
+ +------------------------------+------------------------------------+
| Interface Stability |Obsolete |
- +------------------------------+--------------------------------+
+ +------------------------------+------------------------------------+
SEE ALSO
@@ -56,4 +56,4 @@
The rdate command has been present since the initial release of So-
laris.
-Oracle Solaris 11.4 12 May 2022 rdate(8)
+Oracle Solaris 11.4 28 Jun 2023 rdate(8)
diff -NurbBw 11.4.60/man8/rpc.rstatd.8 11.4.63/man8/rpc.rstatd.8
--- 11.4.60/man8/rpc.rstatd.8 2023-11-17 16:41:22.594659714 -0800
+++ 11.4.63/man8/rpc.rstatd.8 2023-11-17 16:41:45.869376286 -0800
@@ -17,13 +17,13 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+----------------------------------------+
+ +------------------------------+------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+----------------------------------------+
- | Availability |service/network/legacy-remote-utilities |
- +------------------------------+----------------------------------------+
+ +------------------------------+------------------------------------+
+ | Availability |service/network/legacy-rpc-services |
+ +------------------------------+------------------------------------+
| Interface Stability |Committed |
- +------------------------------+----------------------------------------+
+ +------------------------------+------------------------------------+
SEE ALSO
@@ -61,4 +61,4 @@
also used to provide load average data to the OpenWindows and CDE per-
formance meter tools.
-Oracle Solaris 11.4 12 May 2022 rpc.rstatd(8)
+Oracle Solaris 11.4 28 Jun 2023 rpc.rstatd(8)
diff -NurbBw 11.4.60/man8/rpc.rusersd.8 11.4.63/man8/rpc.rusersd.8
--- 11.4.60/man8/rpc.rusersd.8 2023-11-17 16:41:22.628016702 -0800
+++ 11.4.63/man8/rpc.rusersd.8 2023-11-17 16:41:45.904089994 -0800
@@ -17,13 +17,13 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+----------------------------------------+
+ +------------------------------+------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+----------------------------------------+
- | Availability |service/network/legacy-remote-utilities |
- +------------------------------+----------------------------------------+
+ +------------------------------+------------------------------------+
+ | Availability |service/network/legacy-rpc-services |
+ +------------------------------+------------------------------------+
| Interface Stability |Commmitted |
- +------------------------------+----------------------------------------+
+ +------------------------------+------------------------------------+
SEE ALSO
@@ -55,4 +55,4 @@
the generic_limited_net.xml service profile. In Oracle Solaris 11.4, it
is disabled by default.
-Oracle Solaris 11.4 12 May 2022 rpc.rusersd(8)
+Oracle Solaris 11.4 28 Jun 2023 rpc.rusersd(8)
diff -NurbBw 11.4.60/man8/rpc.rwalld.8 11.4.63/man8/rpc.rwalld.8
--- 11.4.60/man8/rpc.rwalld.8 2023-11-17 16:41:22.660167768 -0800
+++ 11.4.63/man8/rpc.rwalld.8 2023-11-17 16:41:45.936722228 -0800
@@ -17,13 +17,13 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+----------------------------------------+
+ +------------------------------+------------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+----------------------------------------+
- | Availability |service/network/legacy-remote-utilities |
- +------------------------------+----------------------------------------+
+ +------------------------------+------------------------------------+
+ | Availability |service/network/legacy-rpc-services |
+ +------------------------------+------------------------------------+
| Interface Stability |Committed |
- +------------------------------+----------------------------------------+
+ +------------------------------+------------------------------------+
SEE ALSO
@@ -53,4 +53,4 @@
The rpc.rwalld service was enabled by default in releases up through
Solaris 9. In Solaris 10 and later, it is disabled by default.
-Oracle Solaris 11.4 12 May 2022 rpc.rwalld(8)
+Oracle Solaris 11.4 28 Jun 2023 rpc.rwalld(8)
diff -NurbBw 11.4.60/man8/rwall.8 11.4.63/man8/rwall.8
--- 11.4.60/man8/rwall.8 2023-11-17 16:41:22.692354266 -0800
+++ 11.4.63/man8/rwall.8 2023-11-17 16:41:45.968484939 -0800
@@ -44,13 +44,13 @@
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
- +------------------------------+--------------------------------+
+ +------------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+--------------------------------+
- | Availability |network/legacy-remote-utilities |
- +------------------------------+--------------------------------+
+ +------------------------------+-----------------------------+
+ | Availability |network/legacy-rpc-utilities |
+ +------------------------------+-----------------------------+
| Interface Stability |Committed |
- +------------------------------+--------------------------------+
+ +------------------------------+-----------------------------+
SEE ALSO
@@ -65,4 +65,4 @@
The rwall command has been present since the initial release of So-
laris.
-Oracle Solaris 11.4 12 May 2022 rwall(8)
+Oracle Solaris 11.4 28 Jun 2023 rwall(8)
diff -NurbBw 11.4.60/man8/savecore.8 11.4.63/man8/savecore.8
--- 11.4.60/man8/savecore.8 2023-11-17 16:41:22.731196300 -0800
+++ 11.4.63/man8/savecore.8 2023-11-17 16:41:46.008238209 -0800
@@ -245,6 +245,10 @@
o <directory>/data/<uuid>/unix.N (kernel binary)
+ o <directory>/latest (symlink to <directory>/data/<uuid> of
+ the most recent crash dump to be collected)
+
+
o <directory>/N (symlink to <directory>/data/<uuid>)
@@ -297,4 +301,4 @@
savecore process and wait for it to complete. In the latter case, re-
move the partial file and re-create it by running savecore -d.
-Oracle Solaris 11.4 14 September 2022 savecore(8)
+Oracle Solaris 11.4 28 July 2023 savecore(8)
diff -NurbBw 11.4.60/man8/share_smb.8 11.4.63/man8/share_smb.8
--- 11.4.60/man8/share_smb.8 2023-11-17 16:41:22.771389287 -0800
+++ 11.4.63/man8/share_smb.8 2023-11-17 16:41:46.051353568 -0800
@@ -443,7 +443,7 @@
+------------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+------------------------------+-----------------------------+
- | Availability |system/file-system/smb |
+ | Availability |service/file-system/smb |
+------------------------------+-----------------------------+
| Interface Stability |Committed |
+------------------------------+-----------------------------+
@@ -453,4 +453,4 @@
getnetbyname(3C), netgroup(5), attributes(7), idmap(8), share(8),
zfs(8), zfs_share(8)
-Oracle Solaris 11.4 6 Oct 2022 share_smb(8)
+Oracle Solaris 11.4 20 July 2023 share_smb(8)
diff -NurbBw 11.4.60/man8/shutdown.8 11.4.63/man8/shutdown.8
--- 11.4.60/man8/shutdown.8 2023-11-17 16:41:22.806104770 -0800
+++ 11.4.63/man8/shutdown.8 2023-11-17 16:41:46.087905469 -0800
@@ -37,7 +37,8 @@
The warning message and the user provided message are output when there
are 7200, 3600, 1800, 1200, 600, 300, 120, 60, and 30 seconds remaining
- before shutdown begins. See EXAMPLES.
+ before shutdown begins. The user provided message (as much as will fit)
+ is added to the wtmpx record generated init(8). See EXAMPLES.
System state definitions are:
@@ -153,7 +154,7 @@
SEE ALSO
init.d(5), inittab(5), nologin(5), attributes(7), smf(7), boot(8),
- bootadm(8), halt(8), init(8), killall(8), reboot(8)
+ bootadm(8), halt(8), init(8), reboot(8), sysadm(8)
NOTES
When a system transitions down to run level 1 or single user (run level
@@ -165,4 +166,4 @@
When you shut down an image, services are shut down in reverse depen-
dency order.
-Oracle Solaris 11.4 3 Nov 2021 shutdown(8)
+Oracle Solaris 11.4 25 Aug 2023 shutdown(8)
diff -NurbBw 11.4.60/man8/smbadm.8 11.4.63/man8/smbadm.8
--- 11.4.60/man8/smbadm.8 2023-11-17 16:41:22.854374857 -0800
+++ 11.4.63/man8/smbadm.8 2023-11-17 16:41:46.133068727 -0800
@@ -595,17 +595,17 @@
See the attributes(7) man page for descriptions of the following at-
tributes:
- +------------------------------+-----------------------------+
+ +------------------------------+------------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
- +------------------------------+-----------------------------+
- | Availability |system/file-system/smb |
- +------------------------------+-----------------------------+
+ +------------------------------+------------------------------+
+ | Availability |system/file-system/smb/common |
+ +------------------------------+------------------------------+
| Utility Name and Options |Uncommitted |
- +------------------------------+-----------------------------+
+ +------------------------------+------------------------------+
| Utility Output Format |Not-An-Interface |
- +------------------------------+-----------------------------+
+ +------------------------------+------------------------------+
| smbadm join |Obsolete |
- +------------------------------+-----------------------------+
+ +------------------------------+------------------------------+
SEE ALSO
@@ -613,4 +613,4 @@
smf(7), groupadd(8), idmap(8), idmapd(8), kclient(8), mount_smbfs(8),
share(8), sharectl(8), smbd(8), smbstat(8)
-Oracle Solaris 11.4 27 Nov 2017 smbadm(8)
+Oracle Solaris 11.4 20 July 2023 smbadm(8)
diff -NurbBw 11.4.60/man8/suriadm.8 11.4.63/man8/suriadm.8
--- 11.4.60/man8/suriadm.8 2023-11-17 16:41:22.897810455 -0800
+++ 11.4.63/man8/suriadm.8 2023-11-17 16:41:46.178556451 -0800
@@ -6,22 +6,6 @@
SYNOPSIS
/usr/sbin/suriadm command [options] [operands]
-
- /usr/sbin/suriadm parse [-H] [-o <p>,<p>,...] <URI>
- /usr/sbin/suriadm normalize <URI>
- /usr/sbin/suriadm map [-H] [-o <p>,<p>,...] [-p <prop>=<value>] <URI>
- /usr/sbin/suriadm lookup-mapping [-H] [-o <p>,<p>,...]
- [-p <prop>=<value>] <URI>
- /usr/sbin/suriadm unmap [-p <prop>=<value>] <URI>
- /usr/sbin/suriadm create [-H] [-o <p>,<p>,...] [-p <prop>=<value>] <URI>
- /usr/sbin/suriadm destroy [-p <prop>=<value>] <URI>
- /usr/sbin/suriadm lookup-uri [-t <uri-type>] <device-path>
- /usr/sbin/suriadm lookup-uri [-t <uri-type>]
- -p mapped-dev=<device-path>
- /usr/sbin/suriadm lookup-uri [-t <uri-type>] -p luname=<luname>
- /usr/sbin/suriadm lookup-uri [-t <uri-type>] -p target=<target>
- -p lun=<LUN>
-
DESCRIPTION
The suriadm command line administration tool allows system users to
manage storage objects via storage URIs. The command allows to parse,
@@ -33,7 +17,7 @@
SUB-COMMANDS
The following subcommands are supported:
- parse [-H] [-o <p>,<p>,...] <URI>
+ parse [-H] [-o p,p,...] URI
Parses a given URI and displays a default list of properties. With
-H, a header is omitted from the output. With -o, only properties
@@ -48,7 +32,7 @@
ported, uri, uri-type, and user.
- normalize <URI>
+ normalize URI
Parses and normalizes a storage URI string based on normalization
specifications for the URI type. Displays the normalized URI and
@@ -71,7 +55,7 @@
from numeric user/group IDs.
- map [-H] [-o p,p,...] [-p <prop>=<value>] URI
+ map [-H] [-o p,p,...] [-p prop=value] URI
Parses a storage URI, configures the storage subsystem if necessary
to instantiate all devices corresponding to the URI provided, and
@@ -97,8 +81,7 @@
mountpoint-prefix, and removable.
- lookup-mapping [-H] [-o <p>,<p>,...]
- [-p <prop>=<value>] <URI>
+ lookup-mapping [-H] [-o p,p,...] [-p prop=value] URI
Parses a URI and looks up for existing mappings between a storage
URI and the objects represented by local system device paths. De-
@@ -108,8 +91,7 @@
subcommand.
-
- create [-H] [-o <p>,<p>,...] [-p <prop>=<value>] <URI>
+ create [-H] [-o p,p,...] [-p prop=value] URI
Creates the backing store for the storage URI then maps it. Option
-p has the same meaning as for the map subcommand.
@@ -118,13 +100,14 @@
file-permissions.
- destroy [-p <prop>=<value>] <URI>
+ destroy [-p prop=value] URI
Unmaps the storage URI then destroys the backing store. Option -p
- has the same meaning as for the map subcommand.
+ has the same meaning as for the map subcommand. The object repre-
+ sented by the URI must be mapped.
- unmap [-p <prop>=<value>] <URI>
+ unmap [-p prop=value] URI
Parses and unmaps an object presumably mapped before. Option -p has
the same meaning as for the map subcommand.
@@ -136,8 +119,8 @@
on system configuration.
- lookup-uri [-t <uri-type>] <device-path>
- lookup-uri [-t <uri-type>] -p mapped-dev=<device-path>
+ lookup-uri [-t uri-type] device-path
+ lookup-uri [-t uri-type] -p mapped-dev=device-path
Looks up and displays URIs based on a local system device path. Al-
lowed URI types for -t are dev, lu, and iscsi. If the -t option is
@@ -147,7 +130,7 @@
- lookup-uri [-t <uri-type>] -p luname=<luname>
+ lookup-uri [-t uri-type] -p luname=luname
Looks up and displays LU and iSCSI URIs based on a logical unit
name. Allowed URI types for -t are lu and iscsi. If the -t option
@@ -159,7 +142,7 @@
PLES.
- lookup-uri [-t <uri-type>] -p target=<target> -p lun=<LUN>
+ lookup-uri [-t uri-type] -p target=target -p lun=LUN
Looks up and displays URIs based on a target port and LUN. Allowed
URI types for -t are lu and iscsi. If the -t option is not speci-
@@ -507,7 +490,7 @@
SEE ALSO
- attributes(7), libsuri(3LIB), scsi_vhci(4D), stmsboot(8), suri(7), sv-
+ libsuri(3LIB), scsi_vhci(4D), attributes(7), suri(7), stmsboot(8), sv-
cadm(8)
@@ -527,4 +510,4 @@
URI is being processed, the service will be automatically enabled tem-
porarily. The service is never disabled through the suriadm command.
-Oracle Solaris 11.4 6 Mar 2020 suriadm(8)
+Oracle Solaris 11.4 19 Jul 2023 suriadm(8)
diff -NurbBw 11.4.60/man8/sxadm.8 11.4.63/man8/sxadm.8
--- 11.4.60/man8/sxadm.8 2023-11-17 16:41:22.947353221 -0800
+++ 11.4.63/man8/sxadm.8 2023-11-17 16:41:46.228147640 -0800
@@ -130,6 +130,13 @@
position-independent executable are also randomized under ASLR.
+ BTC_NO - Branch Type Confusion Mitigation
+
+ BTC_NO is a readonly extension that is only enabled on CPUs that
+ are not vulnerable to the Branch Type Confusion vulnerabilities in
+ CVE-2022-23825.
+
+
FB_CLEAR - Fill Buffer Clear Mitigation
FB_CLEAR is a mitigation that explicitly overwrites fill buffers to
@@ -208,8 +215,8 @@
IF_PSCHANGE_MC_NO - Machine Check Error on Page Size Change Mitigation
IF_PSCHANGE_MC_NO is a readonly extension that is enabled only if
- the CPU includes a hardware mitigation for the Machine Check Error
- on Page Size Change (aka IFU) vulnerability (CVE-2018-12207).
+ the CPU is not vulnerable to the Machine Check Error on Page Size
+ Change (aka IFU) vulnerability (CVE-2018-12207).
KADI - ADI based protections for kernel heap
@@ -293,7 +300,7 @@
changes to take effect.
- MDS_NO - Microarchitectural Data Sampling Hardware Avoidance Mitigation
+ MDS_NO - Microarchitectural Data Sampling Avoidance Mitigation
MDS_NO is a readonly extension that is only enabled if the CPU is
not vulnerable to the Microarchitectural Data Sampling (MDS) series
@@ -366,7 +373,7 @@
SMAP - Supervisor Mode Access Prevention
- SMAP is mechanism to disallow supervisor mode execution of text
+ SMAP is a mechanism to disallow supervisor mode execution of text
mapped only in userland on x86 CPUs. It is enabled by default when
it is supported by the hardware. Certain applications or drivers
can fail when SMAP is enabled.
@@ -375,6 +382,14 @@
changes to take effect.
+ SMEP - Supervisor Mode Execution Prevention
+
+ SMEP is a mechanism on supported x86 CPUs to prevent code from user
+ accessible memory pages from being executed by the kernel. It is a
+ readonly extension that is only enabled if it is supported by the
+ hardware.
+
+
SSBD - Speculative Store Bypass Disable
SSBD is a mitigation for CVE-2018-3639. It restricts loads from
@@ -406,28 +421,36 @@
nerabilities.
- TAA_NO - Intel TSX Asynchronous Abort (TAA) Hardware Avoidance Mitiga-
- tion
+ TAA_NO - TSX Asynchronous Abort (TAA) Avoidance Mitigation
+
+ TAA_NO is a readonly extension that is only enabled if the CPU is
+ not vulnerable to the TSX Asynchronous Abort (TAA) vulnerability
+ (CVE-2019-11135).
+
+ Note -
- TAA_NO is a readonly extension that has a status of enabled if and
- only if the CPU supports the Intel TSX feature and is not vulnera-
- ble to the TSX Asynchronous Abort (TAA) vulnerability
- (CVE-2019-11135) due to a hardware mitigation provided by the CPU.
- Otherwise, it has a status of not supported.
-
-
- TSX_DISABLE - Intel TSX Asynchronous Abort (TAA) Avoidance Mitigation
- by disabling TSX
-
- TSX_DISABLE is a readonly extension that has a status of enabled if
- the kernel has disabled TSX via an available control register. If
- both TAA_NO and TSX_DISABLE have a status of not supported, and
- MDS_NO also has a status of not supported, TAA may be mitigated by
- enabling the MD_CLEAR extension and rebooting if not already en-
- abled. If MDS_NO has a status of enabled, then if both TAA_NO and
- TSX_DISABLE have a status of not supported, TAA can not be miti-
- gated and a microcode update is necessary before TAA can be miti-
- gated.
+
+
+ Only some Intel CPUs are vulnerable to the TAA vulnerability. On
+ those CPUs TAA may be mitigated by a couple of different methods.
+ TSX can be disabled automatically by the kernel via an available
+ control register if available. See the TSX_DISABLE extension be-
+ low for more information. If the extensions TAA_NO and TSX_DIS-
+ ABLE have a status of not supported, and MDS_NO also has a status
+ of not supported, TAA may be mitigated by enabling the MD_CLEAR
+ extension and rebooting. If MDS_NO has a status of enabled, then
+ if both TAA_NO and TSX_DISABLE have a status of not supported,
+ TAA can not be mitigated and a microcode update is necessary be-
+ fore TAA can be mitigated.
+
+
+
+ TSX_DISABLE - TSX Asynchronous Abort (TAA) Avoidance Mitigation by dis-
+ abling TSX
+
+ TSX_DISABLE is a readonly extension only for Intel CPUs that is
+ only enabled if the kernel has a control register available to dis-
+ able TSX and TSX has been disabled by this control register.
UMIP - User-Mode Instruction Prevention
@@ -845,6 +868,8 @@
+--------------------------------------------------+---------+
| EXTENSION |RELEASE |
+--------------------------------------------------+---------+
+ | BTC_NO, SMEP (see below) |11.4.63 |
+ +--------------------------------------------------+---------+
| FB_CLEAR, FBSDP_NO, PSDP_NO, SBDR_SSDP_NO |11.4.57 |
+--------------------------------------------------+---------+
| UMIP |11.4.30 |
@@ -878,8 +903,13 @@
11.4.18.
- The security extensions IBPB, IBRS, SMAP and UMIP that were previously
- only available for Intel CPUs are also available for supported AMD CPUs
- as of Solaris 11.4.59.
+ The SMEP security feature was originally delivered in Oracle Solaris
+ 11.1 for supported Intel CPUs but its status was not reported by sxadm
+ until Oracle Solaris 11.4.63.
+
+
+ The security extensions IBPB, IBRS, SMAP, SMEP and UMIP that were pre-
+ viously only available for Intel CPUs are also available for supported
+ AMD CPUs as of Oracle Solaris 11.4.60.
-Oracle Solaris 11.4 24 Apr 2023 sxadm(8)
+Oracle Solaris 11.4 31 July 2023 sxadm(8)
diff -NurbBw 11.4.60/man8/sysadm.8 11.4.63/man8/sysadm.8
--- 11.4.60/man8/sysadm.8 2023-11-17 16:41:22.985161157 -0800
+++ 11.4.63/man8/sysadm.8 2023-11-17 16:41:46.271027778 -0800
@@ -4,11 +4,11 @@
sysadm - maintain host
SYNOPSIS
- sysadm maintain -s [ -t software|admin ] [ -m message ]
+ sysadm maintain -s [ -t admin|noreboot|software ] [ -m message ]
sysadm maintain -l [-p] [-o field1,...]
- sysadm maintain -e [ -t software|admin ]
+ sysadm maintain -e [ -t admin|noreboot|software ]
sysadm evacuate [-arnvqw]
@@ -24,8 +24,8 @@
Starting maintenance mode will log an audit record and put the system
- in to a mode where either admin or software maintenance type is being
- performed.
+ in to a mode where either admin, noreboot, or software maintenance type
+ is being performed.
By default, or when admin type is specified, subsequent zone attach,
@@ -38,6 +38,16 @@
Service Requests (ASR) is prevented for software defects and alerts.
+ A noreboot maintenance prevents the system being rebooted by any use of
+ the halt, reboot, uadmin, shutdown commands; but does not prevent sys-
+ tem panic or cluster failover. A noreboot maintenance state in a zone
+ does not prevent reboot of the host. If the system reboots due to panic
+ or power loss then the noreboot maintenance will be reapplied on next
+ boot. The system can be automatically placed in a noreboot maintenance
+ state by setting the config/noreboot = true property on the svc:/sys-
+ tem/boot-config SMF service.
+
+
Maintenance state is held across host reboots and changes between dif-
ferent boot environments.
@@ -100,7 +110,7 @@
TYPE The type of maintenance mode. Valid values are admin
- (default), and software.
+ (default), noreboot, and software.
USER The user who sets the maintenance mode.
@@ -122,7 +132,7 @@
- sysadm maintain -e [ -t software|admin ]
+ sysadm maintain -e [ -t admin|noreboot|software ]
Ends maintenance mode.
@@ -382,6 +392,6 @@
SEE ALSO
- zones(7), solaris-kz(7), solaris(7), rad(8), beadm(8), svc.zones(8)
+ solaris(7), solaris-kz(7), zones(7), beadm(8), rad(8), svc.zones(8)
-Oracle Solaris 11.4 29 Mar 2023 sysadm(8)
+Oracle Solaris 11.4 25 Jul 2023 sysadm(8)
diff -NurbBw 11.4.60/man8/zfs_allow.8 11.4.63/man8/zfs_allow.8
--- 11.4.60/man8/zfs_allow.8 2023-11-17 16:41:23.025542557 -0800
+++ 11.4.63/man8/zfs_allow.8 2023-11-17 16:41:46.312072606 -0800
@@ -53,54 +53,55 @@
The following delegated permissions are supported:
NAME TYPE NOTES
- allow subcommand Must also have the permission that is being
- allowed
- clone subcommand Must also have the 'create' ability and 'mount'
- ability in the origin file system
+ allow subcommand Must also have the permission that is
+ being allowed
+ clone subcommand Must also have the 'create' ability and
+ 'mount' ability in the origin file
+ system
create subcommand Must also have the 'mount' ability
destroy subcommand May also need the 'mount' ability
- diff subcommand Allows lookup of paths within a dataset,
- given an object number. Ordinary users need this
- in order to use zfs diff
+ diff subcommand Allows lookup of paths within a
+ dataset, given an object number.
+ Ordinary users need this in order to
+ use zfs diff
hold subcommand Allows adding a user hold to a snapshot
mount subcommand Allows mount/umount of ZFS datasets
- promote subcommand Must also have the 'mount'
- and 'promote' ability in the origin file system
- receive subcommand Must also have the 'mount' and 'create' ability
+ promote subcommand Must also have the 'mount' and
+ 'promote' ability in the origin file
+ system
+ receive subcommand Must also have the 'mount' and
+ 'create' ability
release subcommand Allows releasing a user hold which
might destroy the snapshot
- rename subcommand Must also have the 'mount' and 'create'
- ability in the new parent
- rollback subcommand Allows rolling back datasets to previously-taken snapshots
+ rename subcommand Must also have the 'mount' and
+ 'create' ability in the new parent
+ rollback subcommand Allows rolling back datasets to
+ previously-taken snapshots
send subcommand Allows sending of snapshots
- share subcommand Allows sharing file systems over NFS or SMB
- protocols
+ share subcommand Allows sharing file systems over NFS or
+ SMB protocols
snapshot subcommand Allows taking of snapshots
- snapdestroy subcommand Also requires the 'mount' ability if the
- snapshot is mounted.
- groupquota other Allows accessing any groupquota@... property
- groupused other Allows reading any groupused@... property
+ snapdestroy subcommand Also requires the 'mount' ability if
+ the snapshot is mounted.
+ groupquota other Allows accessing any groupquota@...
+ property
+ groupused other Allows reading any groupused@...
+ property
key other Allows load/unload of dataset key
keychange other Allows key change operations
userprop other Allows changing any user property
- userquota other Allows accessing any userquota@... property
- userused other Allows reading any userused@... property
+ userquota other Allows accessing any userquota@...
+ property
+ userused other Allows reading any userused@...
+ property
- The following properties can have delegated permissions applied:
- aclinherit aclmode atime canmount
- casesensitivity checksum compression copies
- dedup defaultuserquota defaultgroupquota devices
- encryption exec keysource logbias
- mountpoint multilevel nbmand normalization
- primarycache quota readonly recordsize
- refquota refreservation reservation rstchown
- secondarycache setuid shadow sharenfs
- sharesmb snapdir sync utf8only
- version volblocksize volsize vscan
- xattr zoned
+ The properties which can have delegated permissions applied are listed
+ in the output of zfs help permissions and in zfs help -l properties in
+ the column labeled DELEG.
+
SUBCOMMANDS
All subcommands that modify state are logged persistently to the pool
in their original form.
@@ -122,7 +123,8 @@
zfs help -l properties
Displays zfs property information, including whether the property
- value is editable and inheritable, and their possible values.
+ value is editable, inheritable, and delegatable, and their possible
+ values.
zfs allow filesystem | volume
@@ -371,4 +373,4 @@
zfs_share.8, zfs(8) and the Managing ZFS File Systems in Oracle Solaris
11.4.
-Oracle Solaris 11.4 3 Jul 2012 zfs_allow(8)
+Oracle Solaris 11.4 16 Feb 2023 zfs_allow(8)
diff -NurbBw 11.4.60/man8/zfs_share.8 11.4.63/man8/zfs_share.8
--- 11.4.60/man8/zfs_share.8 2023-11-17 16:41:23.082142221 -0800
+++ 11.4.63/man8/zfs_share.8 2023-11-17 16:41:46.377834801 -0800
@@ -287,7 +287,10 @@
The following share properties are specific to the NFS protocol. All
NFS share specific properties are editable and inheritable. The default
- value for most of these properties is off unless stated otherwise.
+ value for most of these properties is off unless stated otherwise. Note
+ that the NFS share properties related to the Diffie-Hellman (dh) secu-
+ rity mode are for backwards compatibility only, are read only and can
+ only be deleted if set.
The following are the NFS share property descriptions.
@@ -1164,4 +1167,4 @@
The Unicode Standard (https://www.unicode.org/standard/standard.html)
-Oracle Solaris 11.4 19 May 2022 zfs_share(8)
+Oracle Solaris 11.4 16 Aug 2023 zfs_share(8)
diff -NurbBw 11.4.60/man8/zfs.8 11.4.63/man8/zfs.8
--- 11.4.60/man8/zfs.8 2023-11-17 16:41:23.190584279 -0800
+++ 11.4.63/man8/zfs.8 2023-11-17 16:41:46.489842174 -0800
@@ -127,7 +127,7 @@
zfs rename share share
- zfs retained [-PMeuanr] [-A | -f | [-p] -o field[,...]] filesystem
+ zfs retained [-PMeuandhr] [-A | -f | [-p] -o field[,...]] filesystem
zfs rollback [-rRf] snapshot
@@ -375,7 +375,9 @@
Files on a filesystem with retention enabled are retained by setting
the retention time via touch -R, by removing all write permissions, or
- by setting the readonly file attribute.
+ by setting the readonly file attribute. If the retention.policy.onex-
+ piry property is set to delete, the default retention period may not be
+ set to zero.
Native Properties
Properties are divided into two types, native properties and user-de-
@@ -1401,6 +1403,44 @@
Retention period values must be less than 100 years.
+ retention.policy.changeacl=on | off
+
+ This controls whether changes can be made to the file permissions
+ or ACL on a retained file. If this is set to on, the file permis-
+ sions may be changed, excluding write. Additionally, he ACL may be
+ changed, excluding adding any allow entries for write_data. Allow
+ entries for append_data are also rejected unless the file has the
+ appendonly system attribute. The default is off.
+
+
+ retention.policy.onexpiry=off | delete | hold
+
+ This controls what happens to retained files after the retention
+ expires.
+
+
+ off
+
+ Nothing is done to the file. On retention expiration, the file
+ may be manually deleted as normal.
+
+
+ delete
+
+ On retention expiration, the file is deleted. Note that this
+ cannot be set unless the default retention period is greater
+ than zero.
+
+
+ hold
+
+ This causes the retention expiration time for files to be ig-
+ nored, and retained files may not be deleted until this is
+ turned off.
+
+
+
+
retention.status.expiry
The latest-expiring retention timestamp of a file is shown by this
@@ -1532,7 +1572,8 @@
zfs help -l properties
Displays zfs property information, including whether the property
- value is editable and inheritable, and their possible values.
+ value is editable, inheritable, or delegatable, and their possible
+ values.
zfs allow filesystem | volume
@@ -2458,7 +2499,7 @@
Renames the specified share to a new share name.
- zfs retained [-PMeuanr] [-A | -f | [-p] -o field[,...]] filesystem
+ zfs retained [-PMeuandhr] [-A | -f | [-p] -o field[,...]] filesystem
Lists the files retained in the specified filesystem.
@@ -2466,21 +2507,28 @@
The -P and -M options select whether privileged (-P) or manda-
tory (-M) retention datasets are shown. If neither option is
- included, all are shown.
+ included, all are shown. -P and -M are mutually exclusive.
-e/-u
These options select whether expired (-e) or unexpired (-u) re-
tention files are shown. If neither option is included, all are
- shown.
+ shown. -e and -u are mutually exclusive.
-a/-n
These options select whether automatic (-a) or non-automatic
(-n) retention datasets are included. If neither option is in-
- cluded, all are shown.
+ cluded, all are shown. -a and -n are mutually exclusive.
+
+
+ -d/-h
+
+ This option selects only files on filesystems with reten-
+ tion.policy.onexpiry set to delete (-d) or set to hold (-h). -d
+ and -h are mutually exclusive.
-r
@@ -2817,8 +2865,8 @@
Recursively apply the effective value of the setting throughout
the subtree of child datasets. The effective value may be set
or inherited, depending on the property. Use the zfs help -l
- properties command to review whether a property is settable or
- inheritable.
+ properties command to review whether a property is editable,
+ inheritable, or delegatable.
@@ -3502,4 +3550,4 @@
modified in multiple ways. Any action that causes a change in the
st_ctim (see stat(2)) is a basis for reporting a modification.
-Oracle Solaris 11.4 18 Jan 2023 zfs(8)
+Oracle Solaris 11.4 16 Feb 2023 zfs(8)
diff -NurbBw 11.4.60/man8/zoneadm.8 11.4.63/man8/zoneadm.8
--- 11.4.60/man8/zoneadm.8 2023-11-17 16:41:23.263196215 -0800
+++ 11.4.63/man8/zoneadm.8 2023-11-17 16:41:46.569737515 -0800
@@ -578,10 +578,10 @@
After migration, the zone will be detached from the source zone,
but left in a configured state.
- The destination host is defined by the given RAD URI (see rad(8)).
- The scheme defaults to rads, user defaults to the current user, and
- port defaults to the standard RAD port. Supported values for scheme
- are rads, rad, and ssh.
+ The destination host is defined by the given RAD URI (see rad-
+ uri(7)). The scheme defaults to rads, user defaults to the current
+ user, and port defaults to the standard RAD port. Supported values
+ for scheme are rads, rad, and ssh.
When ssh scheme is used, zoneadm migrate observes the SSH_AUTH_SOCK
environment variable pointing to a UNIX-domain socket created by
@@ -1913,11 +1913,11 @@
SEE ALSO
- attributes(7), brands(7), cpio(1), init(8), kernel(8), libuuid(3LIB),
- mwac(7), pax(1), rad(8), read(1), smf(7), solaris(7), solaris-kz(7),
- suri(7), svc.startd(8), svc.startd(8), svcadm(8), svcs(1), sysadm(8),
- sysconfig(8), uar(7), zfs(4FS), zlogin(1), zonecfg(8), zonename(1),
- zones(7), zpool(8)
+ cpio(1), pax(1), read(1), svcs(1), zlogin(1), zonename(1), libu-
+ uid(3LIB), zfs(4FS), attributes(7), brands(7), mwac(7), rad-uri(7),
+ smf(7), solaris(7), solaris-kz(7), suri(7), uar(7), zones(7), init(8),
+ kernel(8), rad(8), svc.startd(8), svcadm(8), sysadm(8), sysconfig(8),
+ zonecfg(8), zpool(8)
Oracle OpenBoot 4.x Administration Guide
@@ -1939,4 +1939,4 @@
when the zone is booted with -w/-W, the write-only protection is dis-
abled. Care must be taken that the zone is otherwise protected.
-Oracle Solaris 11.4 28 Mar 2023 zoneadm(8)
+Oracle Solaris 11.4 19 Jul 2023 zoneadm(8)
diff -NurbBw 11.4.60/man8/zonecfg.8 11.4.63/man8/zonecfg.8
--- 11.4.60/man8/zonecfg.8 2023-11-17 16:41:23.378066195 -0800
+++ 11.4.63/man8/zonecfg.8 2023-11-17 16:41:46.678764668 -0800
@@ -67,8 +67,9 @@
running zone and requires the authorization solaris.zone.livecon-
fig/zonename.
- See the respective brand manual page for details on resources sup-
- ported by the live zone reconfiguration.
+ For more information about the resources that are supported by the
+ live zone reconfiguration (LZR) feature, see the appropriate brand
+ man page.
@@ -110,8 +111,8 @@
capped-memory
Limits for physical, swap, and locked memory. Optionally specify
- pagesize, pagesize-policy or memory-reserve for physical memory of
- solaris-kz brand zone.
+ pagesize, pagesize-policy, memory-reserve, or memlzr for physical
+ memory of solaris-kz brand zone.
dataset
@@ -235,10 +236,10 @@
The new packaging system, IPS, provides more flexibility when choosing
which packages to install in a zone. This, along with advances in file
- system technology (notable among which is ZFS deduplication), means
- that it was most sensible to remove sparse root zones. The benefits of
- sparse root zones are provided for all zones by means of the combina-
- tion of IPS packaging and file system advances.
+ system technology (notably ZFS deduplication), means that it was most
+ sensible to remove sparse root zones. The benefits of sparse root zones
+ are provided for all zones by means of the combination of IPS packaging
+ and file system advances.
Properties
Each resource type has one or more properties. There are also some
@@ -464,7 +465,8 @@
capped-memory
- physical, swap, locked, pagesize, pagesize-policy, memory-reserve
+ physical, swap, locked, pagesize, pagesize-policy, memory-reserve,
+ memlzr
capped-cpu
@@ -1699,8 +1701,8 @@
with an alphanumeric, and can contain alphanumerics plus the hyphen
(-), underscore (_), and dot (.) characters. Attribute names begin-
ning with "zone" are reserved for use by the system. Finally, the
- autoboot and global-time global property must have a value of
- "true" or "false".
+ autoboot and global-time global property must have a value of true
+ or false.
dataset: name, alias
@@ -1715,10 +1717,10 @@
The only supported ZFS dataset type for a delegated dataset re-
- source is filesystem. Other dataset types, such as Volumes and
- Snapshots cannot be added.
+ source is filesystem. Other dataset types, such as volumes and
+ snapshots cannot be added.
- The alias is the name of this virtual pool. See the zpool(8) man
+ The alias sets the name of this virtual pool. See the zpool(8) man
page for name restrictions that apply to ZFS pool names and as a
result also apply to dataset alias values. The alias rpool is re-
served from the zone's rpool dataset. Note that aliased datasets
@@ -1886,25 +1888,56 @@
the zone.
- capped-memory: physical, swap, locked, pagesize-policy, memory-reserve
+ capped-memory: physical, swap, locked, pagesize, pagesize-policy, mem-
+ ory-reserve, memlzr
- The physical, swap, locked caps on the memory that can be used by
- this zone. A scale (K, M, G, T) can be applied to the value for
- each of these numbers (for example, 1M is one megabyte). Each of
- these three properties is optional but at least one property must
- be set when adding this resource. Only a single instance of this
- resource can be added to the zone. The physical property sets the
- max-rss for this zone. This will be enforced by rcapd(8) running in
- the global zone. The swap property is the preferred way to set the
- zone.max-swap rctl. The locked property is the preferred way to set
- the zone.max-locked-memory rctl.
-
- The pagesize-policy and memory-reserve properties for the solaris-
- kz brand are mutually exclusive. The pagesize-policy property is
- used to specify a policy for using large page(s) for its physical
- memory. The memory-reserve property is used to specify which memory
- reserve pool service to allocate physical memory from. For more in-
- formation, see the solaris-kz(7) man page.
+ Configure the capped-memory resource to control memory allocation
+ policies and place a cap on the memory this zone uses.
+
+ The specified zone can only have a single instance of the capped-
+ memory resource. This instance must include the physical, swap, or
+ locked property. Properties swap and locked are only valid for the
+ solaris and solaris10 branded zones. The numerical values require
+ that you specify the appropriate size unit: K (kilobytes), M
+ (megabytes), G (gigabytes), and T (terabytes). For example, 1M is
+ one megabyte.
+
+ For the solaris and solaris10 brands, the rcapd(8) daemon that runs
+ in the global zone enforces this behavior. The properties have
+ meanings as follows.
+
+ o physical - Specifies the max-rss resource control for
+ the specified zonea. For the solaris-kz brand, it speci-
+ fies the memory size of the virtual machine.
+
+
+ o swap - Specifies the zone.max-swap resource control.
+
+
+ o locked - Specifies the zone.max-locked-memory resource
+ control.
+
+
+ The following properties are available only for the solaris-kz
+ brand. The pagesize, pagesize-policy, and memory-reserve properties
+ are mutually exclusive.
+
+
+ o pagesize - Specify the page size for its physical mem-
+ ory.
+
+
+ o pagesize-policy - Specify the large-page policy for its
+ physical memory.
+
+
+ o memory-reserve - Specifies the memory reserve pool ser-
+ vice from which to allocate physical memory.
+
+
+ o memlzr - Modifies the memory LZR behavior.
+
+ For more information, see the solaris-kz(7) man page.
capped-cpu: ncpus
@@ -2723,7 +2756,7 @@
example# zonecfg -z myzone
- zonecfg:myzone> set global-time="true"
+ zonecfg:myzone> set global-time=true
zonecfg:myzone2> exit
@@ -3823,4 +3856,4 @@
cannot be a descendant of any dataset delegated to the zone, including
the zone's top-level delegated dataset.
-Oracle Solaris 11.4 19 Jan 2023 zonecfg(8)
+Oracle Solaris 11.4 19 Jul 2023 zonecfg(8)
diff -NurbBw 11.4.60/man8/zpool.8 11.4.63/man8/zpool.8
--- 11.4.60/man8/zpool.8 2023-11-17 16:41:23.464132836 -0800
+++ 11.4.63/man8/zpool.8 2023-11-17 16:41:46.767414741 -0800
@@ -95,7 +95,7 @@
zpool replace [-f] pool device [new_device]
- zpool retained [-euanr] [-A | -f | [-p] -o field[,...]] [pool] ...
+ zpool retained [-euandhr] [-A | -f | [-p] -o field[,...]] [pool] ...
zpool scrub [-s] pool ...
@@ -807,7 +807,15 @@
Displays the latest/last retention timestamp of mandatory retention
filesystems in this pool. If that time has passed, the property
will also display (expired) indicating that all file retentions
- have expired.
+ have expired. Until all file retentions have expired, the pool may
+ not be destroyed.
+
+
+ retentionheldfs
+
+ Displays a count of filesystems within this pool that have manda-
+ tory retention and retention.onexpiry set to hold. The pool may not
+ be destroyed until this reaches zero.
scrubinterval=manual | timeinterval
@@ -1788,7 +1796,7 @@
- zpool retained [-euanr] [-A | -f | [-p] -o field[,...]] [pool]
+ zpool retained [-euandhr] [-A | -f | [-p] -o field[,...]] [pool]
Lists the mandatory retention filesystems with retained files in
the specified pool. If no pools are specified, then all pools with
@@ -1794,18 +1802,27 @@
the specified pool. If no pools are specified, then all pools with
filesystems with mandatory retention are shown.
+
-e/-u
These options select whether expired (-e) or unexpired (-u) re-
tention datasets and files are shown. If neither option is in-
- cluded, all are shown.
+ cluded, all are shown. -e and -u are mutually exclusive.
-a/-n
These options select whether automatic (-a) or non-automatic
(-n) retention datasets are included. If neither option is in-
- cluded, all are shown.
+ cluded, all are shown. -a and -n are mutually exclusive.
+
+
+ -d/-h
+
+ If the -d option is included, only datasets with retention.on-
+ expiry set to delete are shown. If the -h option is included,
+ only datasets with retention.onexpiry set to hold are shown. -d
+ and -h are mutually exclusive.
-r
@@ -2999,4 +3016,4 @@
ble in such tools as ps(1). A user has no interaction with these
processes. For more information, see the SDC(4) man page.
-Oracle Solaris 11.4 17 Jan 2022 zpool(8)
+Oracle Solaris 11.4 3 Jul 2023 zpool(8)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment