From b4b0ce46e68b6e2f9d9003f95c17b509a2d46aec Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Fri, 14 Feb 2025 08:25:46 +0100
Subject: [PATCH] system: more for #7440

---
 src/etc/config.xml.sample                     | 20 -------------------
 src/etc/inc/system.inc                        |  6 +++---
 .../models/OPNsense/ACL/AclConfig/config.xml  | 20 -------------------
 3 files changed, 3 insertions(+), 43 deletions(-)

diff --git a/src/etc/config.xml.sample b/src/etc/config.xml.sample
index 21ae62a6f..43b49b430 100644
--- a/src/etc/config.xml.sample
+++ b/src/etc/config.xml.sample
@@ -81,11 +81,6 @@
       <tunable>net.inet.tcp.delayed_ack</tunable>
       <value>default</value>
     </item>
-    <item>
-      <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
-      <tunable>net.inet.udp.maxdgram</tunable>
-      <value>default</value>
-    </item>
     <item>
       <descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
       <tunable>net.link.bridge.pfil_onlyip</tunable>
@@ -156,21 +151,6 @@
       <tunable>hw.ibrs_disable</tunable>
       <value>default</value>
     </item>
-    <item>
-      <descr><![CDATA[Hide processes running as other groups]]></descr>
-      <tunable>security.bsd.see_other_gids</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Hide processes running as other users]]></descr>
-      <tunable>security.bsd.see_other_uids</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
-      <tunable>net.local.dgram.maxdgram</tunable>
-      <value>default</value>
-    </item>
   </sysctl>
   <system>
     <optimization>normal</optimization>
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index e975b5ae2..8290fbbb8 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -104,7 +104,7 @@ function system_sysctl_defaults()
         'net.inet.tcp.tso' => [ 'default' => '1' ],
         'net.inet.udp.blackhole' => [ 'default' => '1' ],
         'net.inet.udp.checksum' => [ 'default' => 1 ],
-        'net.inet.udp.maxdgram' => [ 'default' => '57344' ],
+        'net.inet.udp.maxdgram' => [ 'default' => '57344', 'required' => true ],
         'net.inet6.ip6.accept_rtadv' => [ 'default' => isset($config['system']['ipv6allow']) ? '1' : '0', 'required' => true ],
         'net.inet6.ip6.forwarding' => [ 'default' => '1', 'required' => true ],
         'net.inet6.ip6.intr_queue_maxlen' => [ 'default' => '1000', 'required' => true ],
@@ -125,8 +125,8 @@ function system_sysctl_defaults()
         'net.pf.share_forward' => [ 'default' => !empty($config['system']['pf_share_forward']) ? '1' : '0', 'required' => true ],
         'net.pf.share_forward6' => [ 'default' => !empty($config['system']['pf_share_forward']) ? '1' : '0', 'required' => true ],
         'net.route.multipath' => [ 'default' => '0', 'required' => true ],
-        'security.bsd.see_other_gids' => [ 'default' => '0' ],
-        'security.bsd.see_other_uids' => [ 'default' => '0' ],
+        'security.bsd.see_other_gids' => [ 'default' => '0', 'required' => true ],
+        'security.bsd.see_other_uids' => [ 'default' => '0', 'required' => true ],
         'vfs.read_max' => [ 'default' => '32' ],
         'vfs.zfs.dirty_data_sync_percent' => [ 'default' => '5', 'required' => true ],
         'vfs.zfs.txg.timeout' => [ 'default' => '90', 'required' => true ],
diff --git a/src/opnsense/mvc/tests/app/models/OPNsense/ACL/AclConfig/config.xml b/src/opnsense/mvc/tests/app/models/OPNsense/ACL/AclConfig/config.xml
index 25743b851..c6efa9605 100644
--- a/src/opnsense/mvc/tests/app/models/OPNsense/ACL/AclConfig/config.xml
+++ b/src/opnsense/mvc/tests/app/models/OPNsense/ACL/AclConfig/config.xml
@@ -81,11 +81,6 @@
       <tunable>net.inet.tcp.delayed_ack</tunable>
       <value>default</value>
     </item>
-    <item>
-      <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
-      <tunable>net.inet.udp.maxdgram</tunable>
-      <value>default</value>
-    </item>
     <item>
       <descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
       <tunable>net.link.bridge.pfil_onlyip</tunable>
@@ -156,21 +151,6 @@
       <tunable>hw.ibrs_disable</tunable>
       <value>default</value>
     </item>
-    <item>
-      <descr><![CDATA[Hide processes running as other groups]]></descr>
-      <tunable>security.bsd.see_other_gids</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Hide processes running as other users]]></descr>
-      <tunable>security.bsd.see_other_uids</tunable>
-      <value>default</value>
-    </item>
-    <item>
-      <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
-      <tunable>net.local.dgram.maxdgram</tunable>
-      <value>default</value>
-    </item>
   </sysctl>
   <system>
     <optimization>normal</optimization>