system: more for #7440

src/etc/config.xml.sample

@@ -81,11 +81,6 @@
       <tunable>net.inet.tcp.delayed_ack</tunable>
       <value>default</value>
     </item>
-    <item>
-      <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
-      <tunable>net.inet.udp.maxdgram</tunable>
-      <value>default</value>
-    </item>
     <item>
       <descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
       <tunable>net.link.bridge.pfil_onlyip</tunable>
@@ -156,21 +151,6 @@
       <tunable>hw.ibrs_disable</tunable>
       <value>default</value>
     </item>
-    <item>
-      <descr><![CDATA[Hide processes running as other groups]]></descr>
-      <tunable>security.bsd.see_other_gids</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Hide processes running as other users]]></descr>
-      <tunable>security.bsd.see_other_uids</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
-      <tunable>net.local.dgram.maxdgram</tunable>
-      <value>default</value>
-    </item>
   </sysctl>
   <system>
     <optimization>normal</optimization>

src/etc/inc/system.inc

@@ -104,7 +104,7 @@ function system_sysctl_defaults()
         'net.inet.tcp.tso' => [ 'default' => '1' ],
         'net.inet.udp.blackhole' => [ 'default' => '1' ],
         'net.inet.udp.checksum' => [ 'default' => 1 ],
-        'net.inet.udp.maxdgram' => [ 'default' => '57344' ],
+        'net.inet.udp.maxdgram' => [ 'default' => '57344', 'required' => true ],
         'net.inet6.ip6.accept_rtadv' => [ 'default' => isset($config['system']['ipv6allow']) ? '1' : '0', 'required' => true ],
         'net.inet6.ip6.forwarding' => [ 'default' => '1', 'required' => true ],
         'net.inet6.ip6.intr_queue_maxlen' => [ 'default' => '1000', 'required' => true ],
@@ -125,8 +125,8 @@ function system_sysctl_defaults()
         'net.pf.share_forward' => [ 'default' => !empty($config['system']['pf_share_forward']) ? '1' : '0', 'required' => true ],
         'net.pf.share_forward6' => [ 'default' => !empty($config['system']['pf_share_forward']) ? '1' : '0', 'required' => true ],
         'net.route.multipath' => [ 'default' => '0', 'required' => true ],
-        'security.bsd.see_other_gids' => [ 'default' => '0' ],
-        'security.bsd.see_other_uids' => [ 'default' => '0' ],
+        'security.bsd.see_other_gids' => [ 'default' => '0', 'required' => true ],
+        'security.bsd.see_other_uids' => [ 'default' => '0', 'required' => true ],
         'vfs.read_max' => [ 'default' => '32' ],
         'vfs.zfs.dirty_data_sync_percent' => [ 'default' => '5', 'required' => true ],
         'vfs.zfs.txg.timeout' => [ 'default' => '90', 'required' => true ],

src/opnsense/mvc/tests/app/models/OPNsense/ACL/AclConfig/config.xml

@@ -81,11 +81,6 @@
       <tunable>net.inet.tcp.delayed_ack</tunable>
       <value>default</value>
     </item>
-    <item>
-      <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
-      <tunable>net.inet.udp.maxdgram</tunable>
-      <value>default</value>
-    </item>
     <item>
       <descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
       <tunable>net.link.bridge.pfil_onlyip</tunable>
@@ -156,21 +151,6 @@
       <tunable>hw.ibrs_disable</tunable>
       <value>default</value>
     </item>
-    <item>
-      <descr><![CDATA[Hide processes running as other groups]]></descr>
-      <tunable>security.bsd.see_other_gids</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Hide processes running as other users]]></descr>
-      <tunable>security.bsd.see_other_uids</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
-      <tunable>net.local.dgram.maxdgram</tunable>
-      <value>default</value>
-    </item>
   </sysctl>
   <system>
     <optimization>normal</optimization>