diff options
Diffstat (limited to 'share/man/man9/p_candebug.9')
-rw-r--r-- | share/man/man9/p_candebug.9 | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/share/man/man9/p_candebug.9 b/share/man/man9/p_candebug.9 new file mode 100644 index 0000000..722052a --- /dev/null +++ b/share/man/man9/p_candebug.9 @@ -0,0 +1,138 @@ +.\" +.\" Copyright (c) 2003 Joseph Koshy <jkoshy@FreeBSD.org> +.\" +.\" All rights reserved. +.\" +.\" This program is free software. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd November 19, 2006 +.Dt P_CANDEBUG 9 +.Os +.Sh NAME +.Nm p_candebug +.Nd determine debuggability of a process +.Sh SYNOPSIS +.In sys/param.h +.In sys/proc.h +.Ft int +.Fn p_candebug "struct thread *td" "struct proc *p" +.Sh DESCRIPTION +This function can be used to determine if a given process +.Fa p +is debuggable by the thread +.Fa td . +.Sh SYSCTL VARIABLES +The following +.Xr sysctl 8 +variables directly influence the behaviour of +.Fn p_candebug : +.Bl -tag -width indent +.It Va kern.securelevel +Debugging of the init process is not allowed if this variable is +.Li 1 +or greater. +.It Va security.bsd.unprivileged_proc_debug +Must be set to a non-zero value to allow unprivileged processes +access to the kernel's debug facilities. +.El +.Sh RETURN VALUES +The +.Fn p_candebug +function +returns +.Li 0 +if the process denoted by +.Fa p +is debuggable by thread +.Fa td , +or a non-zero error return value otherwise. +.Sh ERRORS +.Bl -tag -width Er +.It Bq Er EACCESS +The MAC subsystem denied debuggability. +.It Bq Er EAGAIN +Process +.Fa p +is in the process of being +.Fn exec Ns 'ed. +.It Bq Er EPERM +Thread +.Fa td +lacks super-user credentials and process +.Fa p +is executing a set-user-ID or set-group-ID executable. +.It Bq Er EPERM +Thread +.Fa td +lacks super-user credentials and process +.Fa p Ns 's +group set is not a subset of +.Fa td Ns 's +effective group set. +.It Bq Er EPERM +Thread +.Fa td +lacks super-user credentials and process +.Fa p Ns 's +user IDs do not match thread +.Fa td Ns 's +effective user ID. +.It Bq Er EPERM +Process +.Fa p +denotes the initial process +.Fn initproc +and the +.Xr sysctl 8 +variable +.Va kern.securelevel +is greater than zero. +.It Bq Er ESRCH +Process +.Fa p +is not visible to thread +.Fa td +as determined by +.Xr cr_seeotheruids 9 +or +.Xr cr_seeothergids 9 . +.It Bq Er ESRCH +Thread +.Fa td +has been jailed and process +.Fa p +does not belong to the same jail as +.Fa td . +.It Bq Er ESRCH +The MAC subsystem denied debuggability. +.El +.Sh SEE ALSO +.Xr jail 2 , +.Xr sysctl 8 , +.Xr cr_seeothergids 9 , +.Xr cr_seeotheruids 9 , +.Xr mac 9 , +.Xr p_cansee 9 , +.Xr prison_check 9 |