{"id":2235280,"url":"http://patchwork.ozlabs.org/api/patches/2235280/?format=json","web_url":"http://patchwork.ozlabs.org/project/glibc/patch/xny0hte63e.fsf@greed.delorie.com/","project":{"id":41,"url":"http://patchwork.ozlabs.org/api/projects/41/?format=json","name":"GNU C Library","link_name":"glibc","list_id":"libc-alpha.sourceware.org","list_email":"libc-alpha@sourceware.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<xny0hte63e.fsf@greed.delorie.com>","list_archive_url":null,"date":"2026-05-09T01:15:17","name":"Add system-wide tunables: manual","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"e1f042234b158fadcc402a442db26ac13841f4c9","submitter":{"id":4388,"url":"http://patchwork.ozlabs.org/api/people/4388/?format=json","name":"DJ Delorie","email":"dj@redhat.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/glibc/patch/xny0hte63e.fsf@greed.delorie.com/mbox/","series":[{"id":503471,"url":"http://patchwork.ozlabs.org/api/series/503471/?format=json","web_url":"http://patchwork.ozlabs.org/project/glibc/list/?series=503471","date":"2026-05-09T01:15:17","name":"Add system-wide tunables: manual","version":1,"mbox":"http://patchwork.ozlabs.org/series/503471/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2235280/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2235280/checks/","tags":{},"related":[],"headers":{"Return-Path":"<libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org>","X-Original-To":["incoming@patchwork.ozlabs.org","libc-alpha@sourceware.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","libc-alpha@sourceware.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=LBOylDBP;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org\n (client-ip=38.145.34.32; helo=vm01.sourceware.org;\n envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;\n receiver=patchwork.ozlabs.org)","sourceware.org;\n\tdkim=pass (1024-bit key,\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=LBOylDBP","sourceware.org; dmarc=pass (p=quarantine dis=none)\n header.from=redhat.com","sourceware.org; spf=pass smtp.mailfrom=redhat.com","sourceware.org; arc=none smtp.remote-ip=170.10.129.124"],"Received":["from vm01.sourceware.org (vm01.sourceware.org [38.145.34.32])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gC7NF37btz1yK7\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 09 May 2026 11:15:57 +1000 (AEST)","from vm01.sourceware.org (localhost [IPv6:::1])\n\tby sourceware.org (Postfix) with ESMTP id C45694BA2E09\n\tfor <incoming@patchwork.ozlabs.org>; Sat,  9 May 2026 01:15:54 +0000 (GMT)","from us-smtp-delivery-124.mimecast.com\n (us-smtp-delivery-124.mimecast.com [170.10.129.124])\n by sourceware.org (Postfix) with ESMTP id 9F9244BA5435\n for <libc-alpha@sourceware.org>; Sat,  9 May 2026 01:15:29 +0000 (GMT)","from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com\n (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by\n relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,\n cipher=TLS_AES_256_GCM_SHA384) id us-mta-241-MFEc3RfiOL-uFV6yJ3XSjg-1; Fri,\n 08 May 2026 21:15:27 -0400","from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com\n (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS\n id 9199D1800359\n for <libc-alpha@sourceware.org>; Sat,  9 May 2026 01:15:26 +0000 (UTC)","from greed.delorie.com (unknown [10.22.88.29])\n by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with\n ESMTPS\n id 455D51800347\n for <libc-alpha@sourceware.org>; Sat,  9 May 2026 01:15:25 +0000 (UTC)","from greed.delorie.com.redhat.com (localhost [127.0.0.1])\n by greed.delorie.com (8.16.1/8.16.1) with ESMTP id 6491FHNQ2530954\n for <libc-alpha@sourceware.org>; Fri, 8 May 2026 21:15:19 -0400"],"DKIM-Filter":["OpenDKIM Filter v2.11.0 sourceware.org C45694BA2E09","OpenDKIM Filter v2.11.0 sourceware.org 9F9244BA5435"],"DMARC-Filter":"OpenDMARC Filter v1.4.2 sourceware.org 9F9244BA5435","ARC-Filter":"OpenARC Filter v1.0.0 sourceware.org 9F9244BA5435","ARC-Seal":"i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1778289329; cv=none;\n b=JjHXrjk6Y8kK5M4ZdIzBbrKgmF2wBB5W1nwlfrFp7HUuinuWDdYdJzPhGAk3WuvVW2lgdEPvzdDIUhhdyq0nVGbJtA7+lvW8d0wps65ccI4eA3taJ2/iysOmSsu+N9fwvrTe5/yityZl1Jfru/IXL16tfBsZCFcE96Ngl/7y+GI=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=sourceware.org; s=key;\n t=1778289329; c=relaxed/simple;\n bh=yUSGP/q6wBQeLYLB3bIUNYLgcEiy6nepHrG0YSmPsG0=;\n h=DKIM-Signature:Date:Message-Id:From:To:Subject;\n b=dYX9ZdDD5mSAtUQUIzZAIphGMLLo7Ubq2qveQlcC5rXZJyyKcc7K/SOWqVGttJqSz7LxM6ccFTMmevNsQ2yj1+UJ6pw1VLB+ewojdjmM5/GUxHoSLO1W/YkJTyFLhc92jRTJ/XwFHNs4BIQ0RVGvsMrKi37Ts+7sDkoeAmmrpaA=","ARC-Authentication-Results":"i=1; sourceware.org;\n dkim=pass (1024-bit key, unprotected)\n header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=LBOylDBP","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1778289329;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:content-type:content-type;\n bh=q2++bu6iK8qXxS8fcXhCm6tzvlUI0jTxjlxfrboAC5k=;\n b=LBOylDBPJgrTsoVa2z3csOAZfNVfFxcqKGKgmRT0Q1Y8TgyGIC9EUMctLR8R3KC8hHFlJM\n HKGEeseZK60Ait/8kT2VWQsCgs4w1ZlXsXZollY+wAWCIlqC26a1hVoAu+rpTMB4i1D/+R\n 02+oaxE3NBY91xc/DTh4w3cN7cOYXHo=","X-MC-Unique":"MFEc3RfiOL-uFV6yJ3XSjg-1","X-Mimecast-MFC-AGG-ID":"MFEc3RfiOL-uFV6yJ3XSjg_1778289327","Date":"Fri, 08 May 2026 21:15:17 -0400","Message-Id":"<xny0hte63e.fsf@greed.delorie.com>","From":"DJ Delorie <dj@redhat.com>","To":"libc-alpha@sourceware.org","Subject":"Add system-wide tunables: manual","X-Scanned-By":"MIMEDefang 3.4.1 on 10.30.177.93","X-Mimecast-Spam-Score":"0","X-Mimecast-MFC-PROC-ID":"tJvqPvkBwlNul069px11rz_JtdJtn73a6Wyr1f1noYE_1778289327","X-Mimecast-Originator":"redhat.com","content-type":"text/plain; charset=\"US-ASCII\"; x-default=true","X-BeenThere":"libc-alpha@sourceware.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Libc-alpha mailing list <libc-alpha.sourceware.org>","List-Unsubscribe":"<https://sourceware.org/mailman/options/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>","List-Archive":"<https://sourceware.org/pipermail/libc-alpha/>","List-Post":"<mailto:libc-alpha@sourceware.org>","List-Help":"<mailto:libc-alpha-request@sourceware.org?subject=help>","List-Subscribe":"<https://sourceware.org/mailman/listinfo/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=subscribe>","Errors-To":"libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org"},"content":"This is part of the system-wide tunables series, and will show up as\npart 5/5 next time I submit that (v8?).\n\n--- 8< ---\n\nDocument the syntax and operation.","diff":"diff --git a/manual/tunables.texi b/manual/tunables.texi\nindex 12b515c628..953f8a3834 100644\n--- a/manual/tunables.texi\n+++ b/manual/tunables.texi\n@@ -68,6 +68,7 @@ glibc.elf.thp: 0 (min: 0, max: 1)\n @end example\n \n @menu\n+* System-wide Tunables:: Tunables that affect every process\n * Tunable names::  The structure of a tunable name\n * Memory Allocation Tunables::  Tunables in the memory allocation subsystem\n * Dynamic Linking Tunables:: Tunables in the dynamic linking subsystem\n@@ -83,6 +84,89 @@ glibc.elf.thp: 0 (min: 0, max: 1)\n \n @end menu\n \n+@node System-wide Tunables\n+@section System-wide Tunables\n+@cindex System-wide Tunables\n+@cindex /etc/tunables.conf\n+\n+In addition to setting the @code{GLIBC_TUNABLES} environment variable,\n+tunables may be provided globally via the file\n+@file{/etc/tunables.conf}, which gets stored in glibc's dynamic\n+library cache @file{/etc/ld.so.cache} and read by every program at\n+startup.  @file{/etc/tunables.conf} contains one tunable per line:\n+\n+@example\n+glibc.malloc.trim_threshold=128\n+glibc.malloc.check=3\n+@end example\n+\n+@file{ldconfig} (with whatever options you normally use) will read the\n+tunables in @file{/etc/tunables.conf} and save them as an extension\n+in @file{/etc/ld.so.cache}.  Tunables in the cache are applied to\n+every program at startup, programs which are already running are not\n+affected.\n+\n+@file{/etc/tunables.conf} supports the same ``include @var{file}''\n+syntax as @file{ld.so.conf}.\n+\n+Tunables in @file{/etc/tunables.conf} serve as defaults.  They\n+override the built-in defaults in each program, but may be overridden\n+by the @code{GLIBC_TUNABLES} environment variable.  Each tunable may\n+have one or more prefixes which modifies the behavior of the tunable.\n+\n+@table @code\n+\n+@item +\n+@item -\n+Prefixing the tunable name with @code{-} blocks changes from the\n+environment variable, giving the global setting precedence.  Prefixing\n+with @code{+} reverts this behavior, which is only useful with the\n+filters (below).\n+\n+@item @@\n+Tunables prefixed with @code{@@} will apply only to processes that\n+aren't AT_SECURE.  The default is to apply to all processes, as\n+@file{/etc/tunables.conf} is considered a trusted source.\n+\n+@item $\n+Tunables prefixed with @code{$} will apply only to processes that are\n+AT_SECURE (i.e. setuid or setgid binaries, or elevated capabilities).\n+\n+@end table\n+\n+Filters make the system-wide tunables only affect certain programs.\n+This allows having a non-overridable default for most of the system\n+but a different, overridable, value for certain programs that might\n+not work at all with the default setting.  The syntax for filters is\n+to have each filter on its own line, followed by tunables that are\n+applied when the filter matches, with this format:\n+\n+@example\n+[ @var{filtername} : @var{pattern} ]\n+@end example\n+\n+Existing filters are:\n+\n+@table @code\n+@item proc\n+Matches the process name.  The pattern is either a fully qualified\n+path, or the basename of such a path.  The process name is read from\n+@file{/proc/self/exe} (if available) or @file{argv[0]} (unless\n+AT_SECURE is in effect).  Example:\n+\n+@example\n+-glibc.cpu.x86_shstk=1\n+[proc:/usr/bin/program_that_crashes_with_shstk]\n++glibc.cpu.x86_shstk=0\n+@end example\n+\n+@end table\n+\n+Note that the effects of a filter only last until the next filter, or\n+a line with @code{[]} on it (``no filter''), or the end of the file\n+(if the filter appears in an included file, at the end of the included\n+file).\n+\n @node Tunable names\n @section Tunable names\n @cindex Tunable names\n","prefixes":[]}