# # Mach Operating System # Copyright (c) 1986 Carnegie-Mellon University # Copyright 2001-2014 Apple Inc. # # All rights reserved. The CMU software License Agreement # specifies the terms and conditions for use and redistribution. # ####################################################################### # # Master machine independent configuration file. # # Specific configuration files are created based on this and # the machine specific master file using the doconf script. # # Any changes to the master configuration files will affect all # other configuration files based upon it. # ####################################################################### # # To build a configuration, execute "doconf ." # Configurations are specified in the "Configurations:" section # of the MASTER and MASTER.* files as follows: # # = [ ... ] # # Lines in the MASTER and MASTER.* files are selected based on # the attribute selector list, found in a comment at the end of # the line. This is a list of attributes separated by commas. # The "!" operator selects the line if none of the attributes are # specified. # # For example: # # selects a line if "foo" or "bar" are specified. # selects a line if neither "foo" nor "bar" is # specified. # # Lines with no attributes specified are selected for all # configurations. # ####################################################################### # # SYSTEM SIZE CONFIGURATION (select exactly one) # # xlarge = extra large scale system configuration # large = large scale system configuration # medium = medium scale system configuration # small = small scale system configuration # xsmall = extra small scale system configuration # bsmall = special extra small scale system configuration # ####################################################################### # options INET # # options HW_AST # Hardware ast support # options HW_FOOTPRINT # Cache footprint support # options MACH # Standard Mach features # options MACH_COMPAT # Vendor syscall compatibility # options MACH_FASTLINK # Fast symbolic links options MACH_HOST # Mach host (resource alloc.) # options MACH_IPC_COMPAT # Enable old IPC interface # options MACH_IPC_TEST # Testing code/printfs # options MACH_FLIPC # Fast-Local IPC # options MACH_NP # Mach IPC support # options MACH_NBC # No buffer cache # options MACH_NET # Fast network access # options MACH_XP # external pager support # options NO_DIRECT_RPC # for untyped mig servers # options LOOP # loopback support # options VLAN # # options BOND # # options IF_FAKE # # options AH_ALL_CRYPTO # AH all crypto algs # options IPCOMP_ZLIB # IP compression using zlib # options PF # Packet Filter # options PF_ECN # PF use ECN marking # options PFLOG # PF log interface # options MEASURE_BW # interface bandwidth measurement # options DUMMYNET # dummynet support # options TRAFFIC_MGT # traffic management support # options MULTICAST # Internet Protocol Class-D $ options TCPDEBUG # TCP debug # options TCP_DROP_SYNFIN # Drop TCP packets with SYN+FIN set # options ICMP_BANDLIM # ICMP bandwidth limiting sysctl options IFNET_INPUT_SANITY_CHK # allow dlil/ifnet input sanity check # options MULTIPATH # Multipath domain # options MPTCP # Multipath TCP # options SYSV_SEM # SVID semaphores # options SYSV_MSG # SVID messages # options SYSV_SHM # SVID shared mem # options PSYNCH # pthread synch # options FLOW_DIVERT # options NECP # options CONTENT_FILTER # # options PACKET_MANGLER # # # secure_kernel - secure kernel from user programs options SECURE_KERNEL # options OLD_SEMWAIT_SIGNAL # old semwait_signal handler # # 4.4 general kernel # options SOCKETS # socket support # options DIAGNOSTIC # diagnostics # options GPROF # build profiling # options PROFILE # kernel profiling # options SENDFILE # sendfile # options NETWORKING # networking layer # options CONFIG_FSE # file system events # options CONFIG_IMAGEBOOT # local image boot # options CONFIG_MBUF_JUMBO # jumbo cluster pool # options CONFIG_WORKQUEUE # # # 4.4 filesystems # options MOCKFS # Boot from an executable # options FIFO # fifo support # options FDESC # fdesc_fs support # options DEVFS # devfs support # options ROUTEFS # routefs support # options NULLFS # nullfs support # options FS_COMPRESSION # fs compression # options CONFIG_DEV_KMEM # /dev/kmem device for reading KVA # # # file system features # options QUOTA # file system quotas # options NAMEDSTREAMS # named stream vnop support # options CONFIG_APPLEDOUBLE # apple double support # options CONFIG_VOLFS # volfs path support (legacy) # options CONFIG_IMGSRC_ACCESS # source of imageboot dmg # options CONFIG_TRIGGERS # trigger vnodes # options CONFIG_EXT_RESOLVER # e.g. memberd # options CONFIG_SEARCHFS # searchfs syscall support # options CONFIG_MNT_SUID # allow suid binaries # # # NFS support # options NFSCLIENT # Be an NFS client # options NFSSERVER # Be an NFS server # # # Machine Independent Apple Features # profile # build a profiling kernel # # # IPv6 Support # options "INET6" # kernel IPv6 Support # options IPV6SEND # Secure Neighbor Discovery # options IPSEC # IP security # options IPSEC_ESP # IP security # options "IPV6FIREWALL" # IPv6 Firewall Feature # options "IPV6FIREWALL_DEFAULT_TO_ACCEPT" #IPv6 Firewall Feature # #options "IPV6FIREWALL_VERBOSE" #IPv6 Firewall Feature # pseudo-device gif 1 # pseudo-device dummy 2 # pseudo-device stf 1 # options CRYPTO # options CRYPTO_SHA2 # options ENCRYPTED_SWAP # options ZLIB # inflate/deflate support # options IF_BRIDGE # # # configurable kernel event related resources # options CONFIG_KN_HASHSIZE=64 # options CONFIG_KN_HASHSIZE=48 # options CONFIG_KN_HASHSIZE=20 # # # configurable vfs related resources # CONFIG_VNODES - used to pre allocate vnode related resources # CONFIG_NC_HASH - name cache hash table allocation # CONFIG_VFS_NAMES - name strings # # 263168 magic number for medium CONFIG_VNODES is based on memory # Number vnodes is (memsize/64k) + 1024 # This is the calculation that is used by launchd in tiger # we are clipping the max based on 16G # ie ((16*1024*1024*1024)/(64 *1024)) + 1024 = 263168; options CONFIG_VNODES=263168 # options CONFIG_VNODES=263168 # options CONFIG_VNODES=10240 # options CONFIG_VNODES=750 # options CONFIG_NC_HASH=5120 # options CONFIG_NC_HASH=4096 # options CONFIG_NC_HASH=2048 # options CONFIG_NC_HASH=1024 # options CONFIG_VFS_NAMES=5120 # options CONFIG_VFS_NAMES=4096 # options CONFIG_VFS_NAMES=3072 # options CONFIG_VFS_NAMES=2048 # options CONFIG_MAX_CLUSTERS=8 # options CONFIG_MAX_CLUSTERS=4 # # # configurable options for minumum number of buffers for kernel memory # options CONFIG_MIN_NBUF=256 # options CONFIG_MIN_NBUF=128 # options CONFIG_MIN_NBUF=80 # options CONFIG_MIN_NBUF=64 # options CONFIG_MIN_NIOBUF=128 # options CONFIG_MIN_NIOBUF=64 # options CONFIG_MIN_NIOBUF=32 # # # set maximum space used for packet buffers # options CONFIG_NMBCLUSTERS="((1024 * 1024) / MCLBYTES)" # options CONFIG_NMBCLUSTERS="((1024 * 512) / MCLBYTES)" # options CONFIG_NMBCLUSTERS="((1024 * 256) / MCLBYTES)" # # # Configure size of TCP hash table # options CONFIG_TCBHASHSIZE=4096 # options CONFIG_TCBHASHSIZE=128 # # # Configure bandwidth limiting sysctl # options CONFIG_ICMP_BANDLIM=250 # options CONFIG_ICMP_BANDLIM=50 # # # configurable async IO options # CONFIG_AIO_MAX - system wide limit of async IO requests. # CONFIG_AIO_PROCESS_MAX - process limit of async IO requests. # CONFIG_AIO_THREAD_COUNT - number of async IO worker threads created. # options CONFIG_AIO_MAX=360 # options CONFIG_AIO_MAX=180 # options CONFIG_AIO_MAX=90 # options CONFIG_AIO_MAX=45 # options CONFIG_AIO_MAX=20 # options CONFIG_AIO_MAX=10 # options CONFIG_AIO_PROCESS_MAX=64 # options CONFIG_AIO_PROCESS_MAX=32 # options CONFIG_AIO_PROCESS_MAX=16 # options CONFIG_AIO_PROCESS_MAX=12 # options CONFIG_AIO_PROCESS_MAX=8 # options CONFIG_AIO_PROCESS_MAX=4 # options CONFIG_AIO_THREAD_COUNT=16 # options CONFIG_AIO_THREAD_COUNT=8 # options CONFIG_AIO_THREAD_COUNT=4 # options CONFIG_AIO_THREAD_COUNT=3 # options CONFIG_AIO_THREAD_COUNT=2 # options CONFIG_MAXVIFS=32 # options CONFIG_MAXVIFS=16 # options CONFIG_MAXVIFS=2 # options CONFIG_MFCTBLSIZ=256 # options CONFIG_MFCTBLSIZ=128 # options CONFIG_MFCTBLSIZ=16 # # # configurable kernel message buffer size # options CONFIG_MSG_BSIZE_REL=4096 # options CONFIG_MSG_BSIZE_DEV=4096 # options CONFIG_MSG_BSIZE_REL=16384 # options CONFIG_MSG_BSIZE_DEV=131072 # options CONFIG_MSG_BSIZE=CONFIG_MSG_BSIZE_REL # options CONFIG_MSG_BSIZE=CONFIG_MSG_BSIZE_DEV # # # maximum size of the per-process Mach IPC table # options CONFIG_IPC_TABLE_ENTRIES_STEPS=64 # 137898 entries # options CONFIG_IPC_TABLE_ENTRIES_STEPS=256 # 300714 entries # # # configurable kernel - use these options to strip strings from panic # and printf calls. # no_printf_str - saves around 45K of kernel footprint. # options CONFIG_NO_PRINTF_STRINGS # options CONFIG_NO_KPRINTF_STRINGS # # # use finer-grained lock groups for the proc subsystem # options CONFIG_FINE_LOCK_GROUPS # # support dynamic signing of code # options CONFIG_DYNAMIC_CODE_SIGNING # # enforce library validation on all processes. # options CONFIG_ENFORCE_LIBRARY_VALIDATION # # # code decryption... used on embedded for app protection, DSMOS on desktop # options CONFIG_CODE_DECRYPTION # # # User Content Protection, used on embedded # options CONFIG_PROTECT # # # enable per-process memory priority tracking # options CONFIG_MEMORYSTATUS # # # enable jetsam - used on embedded # options CONFIG_JETSAM # # # enable new link table implementation stats/debugging # (adds mesaureable overhead) # options CONFIG_LTABLE_STATS # options CONFIG_LTABLE_DEBUG # # # enable new wait queue implementation stats / debugging # options CONFIG_WAITQ_STATS # options CONFIG_WAITQ_DEBUG # # # enable freezing of suspended processes - used on embedded # options CONFIG_FREEZE # options CHECK_CS_VALIDATION_BITMAP # # # enable detectiion of file cache thrashing - used on platforms with # dynamic VM compression enabled # options CONFIG_PHANTOM_CACHE # # # memory pressure event support # options VM_PRESSURE_EVENTS # options CONFIG_SECLUDED_MEMORY # options CONFIG_BACKGROUND_QUEUE # # # I/O Scheduling # options CONFIG_IOSCHED # # # Accounting for I/O usage # options CONFIG_IO_ACCOUNTING # # # Enable inheritance of importance through specially marked mach ports and for file locks # For now debug is enabled wherever inheritance is # options IMPORTANCE_INHERITANCE # options IMPORTANCE_TRACE # options IMPORTANCE_DEBUG # options CONFIG_TELEMETRY # options CONFIG_PROC_UUID_POLICY # # # ECC data logging # options CONFIG_ECC_LOGGING # # # Application core dumps # options CONFIG_COREDUMP # # # Vnode guards # options CONFIG_VNGUARD # # # Ethernet (ARP) # pseudo-device ether # # # Network loopback device # pseudo-device loop # # # UCB pseudo terminal service # pseudo-device pty 512 init pty_init # pseudo-device pty 256 init pty_init # pseudo-device pty 128 init pty_init # pseudo-device pty 48 init pty_init # pseudo-device pty 16 init pty_init # pseudo-device pty 8 init pty_init # # # Cloning pseudo terminal service # pseudo-device ptmx 1 init ptmx_init # # vnode device # pseudo-device vndevice 4 init vndevice_init # # # memory device pseudo-device mdevdevice 1 init mdevinit # # # packet filter device # pseudo-device bpfilter 4 init bpf_init # # # fsevents device pseudo-device fsevents 1 init fsevents_init # pseudo-device random 1 init random_init pseudo-device dtrace 1 init dtrace_init # pseudo-device helper 1 init helper_init # pseudo-device lockstat 1 init lockstat_init # pseudo-device sdt 1 init sdt_init # pseudo-device systrace 1 init systrace_init # pseudo-device fbt 1 init fbt_init # pseudo-device profile_prvd 1 init profile_init # # # IOKit configuration options # options HIBERNATION # system hibernation # options IOKITCPP # C++ implementation # options IOKITSTATS # IOKit statistics # options IOTRACKING # IOKit tracking # options CONFIG_SLEEP # # options CONFIG_MAX_THREADS=64 # IOConfigThread threads options NO_KEXTD # options NO_KERNEL_HID # # # Libkern configuration options # options LIBKERNCPP # C++ implementation # options CONFIG_KXLD # kxld/runtime linking of kexts # options CONFIG_KEC_FIPS # Kernel External Components for FIPS compliance (KEC_FIPS) # # Note that when adding this config option to an architecture, one MUST # add the architecture to the preprocessor test at the beginning of # libkern/kmod/cplus_{start.c,stop.c}. options CONFIG_STATIC_CPPINIT # Static library initializes kext cpp runtime # # # libsa configuration options # # CONFIG_KEXT_BASEMENT - alloc post boot loaded kexts after prelinked kexts # options CONFIG_KEXT_BASEMENT # # # # Persona Management # options CONFIG_PERSONAS # Persona management # options PERSONA_DEBUG # Persona debugging # # # security configuration options # options CONFIG_MACF # Mandatory Access Control Framework # options CONFIG_MACF_SOCKET_SUBSET # MAC socket subest (no labels) # #options CONFIG_MACF_SOCKET # MAC socket labels # #options CONFIG_MACF_NET # mbuf # #options CONFIG_MACF_DEBUG # debug # options CONFIG_AUDIT # Kernel auditing # # # MACH configuration options. # # TASK_SWAPPER enables code that manages demand for physical memory by # forcibly suspending tasks when the demand exceeds supply. This # option should be on. # options TASK_SWAPPER # # # This defines configuration options that are normally used only during # kernel code development and debugging. They add run-time error checks or # statistics gathering, which will slow down the system # ########################################################## # # MACH_ASSERT controls the assert() and ASSERT() macros, used to verify the # consistency of various algorithms in the kernel. The performance impact # of this option is significant. # options MACH_ASSERT # # # # MACH_DEBUG enables the mach_debug_server, a message interface used to # retrieve or control various statistics. This interface may expose data # structures that would not normally be allowed outside the kernel, and # MUST NOT be enabled on a released configuration. # Other options here enable information retrieval for specific subsystems # options MACH_DEBUG # IPC debugging interface # options MACH_IPC_DEBUG # Enable IPC debugging calls # options MACH_VM_DEBUG # # # # MACH_MP_DEBUG control the possible dead locks that may occur by controlling # that IPL level has been raised down to SPL0 after some calls to # hardclock device driver. # options MACH_MP_DEBUG # # # # ZONE_DEBUG keeps track of all zalloc()ed elements to perform further # operations on each element. # options ZONE_DEBUG # # options CONFIG_ZLEAKS # Live zone leak debugging # # # CONFIG_TASK_ZONE_INFO allows per-task zone information to be extracted # Primarily useful for xnu debug and development. # options CONFIG_TASK_ZONE_INFO # # # CONFIG_DEBUGGER_FOR_ZONE_INFO restricts zone info so that it is only # available when the kernel is being debugged. # options CONFIG_DEBUGGER_FOR_ZONE_INFO # # # XPR_DEBUG enables the gathering of data through the XPR macros inserted # into various subsystems. This option is normally only enabled for # specific performance or behavior studies, as the overhead in both # code and data space is large. The data is normally retrieved through # the kernel debugger (kdb) or by reading /dev/kmem. # options XPR_DEBUG # # # # MACH_LDEBUG controls the internal consistency checks and # data gathering in the locking package. This also enables a debug-only # version of simple-locks on uniprocessor machines. The code size and # performance impact of this option is significant. # options MACH_LDEBUG # # # # configuration option for full, partial, or no kernel debug event tracing # options KDEBUG # kernel tracing # options IST_KDEBUG # limited tracing # options NO_KDEBUG # no kernel tracing # # # CONFIG_DTRACE enables code needed to support DTrace. Currently this is # only used for delivery of traps/interrupts to DTrace. # options CONFIG_DTRACE # # # kernel performance tracing options KPERF # options KPC # options PGO # # MACH_COUNTERS enables code that handles various counters in the system. # options MACH_COUNTERS # # # DEVELOPMENT define for development builds options DEVELOPMENT # dev kernel # # DEBUG kernel options DEBUG # general debugging code # ########################################################## # # This defines configuration options that are normally used only during # kernel code development and performance characterization. They add run-time # statistics gathering, which will slow down the system, # ########################################################## # # MACH_IPC_STATS controls the collection of statistics in the MACH IPC # subsystem. # #options MACH_IPC_STATS # # MACH_CLUSTER_STATS controls the collection of various statistics concerning # the effectiveness and behavior of the clustered pageout and pagein # code. # #options MACH_CLUSTER_STATS options MACH_BSD # BSD subsystem on top of Mach # options IOKIT # # # # configurable kernel related resources (CONFIG_THREAD_MAX needs to stay in # sync with bsd/conf/MASTER until we fix the config system... todo XXX # options CONFIG_THREAD_MAX=2560 # options CONFIG_THREAD_MAX=1536 # options CONFIG_THREAD_MAX=1024 # options CONFIG_TASK_MAX=1024 # options CONFIG_TASK_MAX=768 # options CONFIG_TASK_MAX=512 # options CONFIG_ZONE_MAP_MIN=12582912 # options CONFIG_ZONE_MAP_MIN=6291456 # options CONFIG_ZONE_MAP_MIN=1048576 # # Sizes must be a power of two for the zhash to # be able to just mask off bits instead of mod options CONFIG_ZLEAK_ALLOCATION_MAP_NUM=16384 # options CONFIG_ZLEAK_ALLOCATION_MAP_NUM=8192 # options CONFIG_ZLEAK_TRACE_MAP_NUM=8192 # options CONFIG_ZLEAK_TRACE_MAP_NUM=4096 # # vc_progress_white - make the progress gear white instead of black options CONFIG_VC_PROGRESS_WHITE # # # Timeshare scheduler implementations # options CONFIG_SCHED_TRADITIONAL # options CONFIG_SCHED_PROTO # options CONFIG_SCHED_GRRR # options CONFIG_SCHED_GRRR_CORE # options CONFIG_SCHED_MULTIQ # options CONFIG_SCHED_TIMESHARE_CORE # options CONFIG_SCHED_IDLE_IN_PLACE # options CONFIG_SCHED_SFI # options CONFIG_GZALLOC # options CONFIG_SCHED_DEFERRED_AST # # Enable allocation of contiguous physical memory through vm_map_enter_cpm() options VM_CPM # options CONFIG_SKIP_PRECISE_USER_KERNEL_TIME # # # Switch to disable cpu, wakeup and high memory watermark monitors # options CONFIG_NOMONITORS # options MACH_KDP # KDP # options CONFIG_SERIAL_KDP # KDP over serial # options CONFIG_KDP_INTERACTIVE_DEBUGGING # # # Kernel Power On Self Tests # options CONFIG_XNUPOST # # # Kernel proc reference instrumentation # options PROC_REF_DEBUG # # # Kernel OS reason debug instrumentation # options OS_REASON_DEBUG # # # Kernel Voucher Attr Manager for Activity Trace # options CONFIG_ATM # # Group related tasks together into coalitions options CONFIG_COALITIONS # # Enable support for sysdiagnose notifications options CONFIG_SYSDIAGNOSE # # Configurable Security Restrictions options CONFIG_CSR # # # Console options # options SERIAL_CONSOLE # bi-directional serial over UART options VIDEO_CONSOLE # uni-directional output over framebuffer # # Syscall options # options CONFIG_REQUIRES_U32_MUNGING # incoming U32 argument structures must be munged to match U64 # # # copyout() instrumentation # options COPYOUT_SHIM # Shim for copyout memory analysis via kext #