summaryrefslogtreecommitdiffstats
path: root/share/man/man9/p_candebug.9
diff options
context:
space:
mode:
Diffstat (limited to 'share/man/man9/p_candebug.9')
-rw-r--r--share/man/man9/p_candebug.9138
1 files changed, 138 insertions, 0 deletions
diff --git a/share/man/man9/p_candebug.9 b/share/man/man9/p_candebug.9
new file mode 100644
index 0000000..722052a
--- /dev/null
+++ b/share/man/man9/p_candebug.9
@@ -0,0 +1,138 @@
+.\"
+.\" Copyright (c) 2003 Joseph Koshy <jkoshy@FreeBSD.org>
+.\"
+.\" All rights reserved.
+.\"
+.\" This program is free software.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd November 19, 2006
+.Dt P_CANDEBUG 9
+.Os
+.Sh NAME
+.Nm p_candebug
+.Nd determine debuggability of a process
+.Sh SYNOPSIS
+.In sys/param.h
+.In sys/proc.h
+.Ft int
+.Fn p_candebug "struct thread *td" "struct proc *p"
+.Sh DESCRIPTION
+This function can be used to determine if a given process
+.Fa p
+is debuggable by the thread
+.Fa td .
+.Sh SYSCTL VARIABLES
+The following
+.Xr sysctl 8
+variables directly influence the behaviour of
+.Fn p_candebug :
+.Bl -tag -width indent
+.It Va kern.securelevel
+Debugging of the init process is not allowed if this variable is
+.Li 1
+or greater.
+.It Va security.bsd.unprivileged_proc_debug
+Must be set to a non-zero value to allow unprivileged processes
+access to the kernel's debug facilities.
+.El
+.Sh RETURN VALUES
+The
+.Fn p_candebug
+function
+returns
+.Li 0
+if the process denoted by
+.Fa p
+is debuggable by thread
+.Fa td ,
+or a non-zero error return value otherwise.
+.Sh ERRORS
+.Bl -tag -width Er
+.It Bq Er EACCESS
+The MAC subsystem denied debuggability.
+.It Bq Er EAGAIN
+Process
+.Fa p
+is in the process of being
+.Fn exec Ns 'ed.
+.It Bq Er EPERM
+Thread
+.Fa td
+lacks super-user credentials and process
+.Fa p
+is executing a set-user-ID or set-group-ID executable.
+.It Bq Er EPERM
+Thread
+.Fa td
+lacks super-user credentials and process
+.Fa p Ns 's
+group set is not a subset of
+.Fa td Ns 's
+effective group set.
+.It Bq Er EPERM
+Thread
+.Fa td
+lacks super-user credentials and process
+.Fa p Ns 's
+user IDs do not match thread
+.Fa td Ns 's
+effective user ID.
+.It Bq Er EPERM
+Process
+.Fa p
+denotes the initial process
+.Fn initproc
+and the
+.Xr sysctl 8
+variable
+.Va kern.securelevel
+is greater than zero.
+.It Bq Er ESRCH
+Process
+.Fa p
+is not visible to thread
+.Fa td
+as determined by
+.Xr cr_seeotheruids 9
+or
+.Xr cr_seeothergids 9 .
+.It Bq Er ESRCH
+Thread
+.Fa td
+has been jailed and process
+.Fa p
+does not belong to the same jail as
+.Fa td .
+.It Bq Er ESRCH
+The MAC subsystem denied debuggability.
+.El
+.Sh SEE ALSO
+.Xr jail 2 ,
+.Xr sysctl 8 ,
+.Xr cr_seeothergids 9 ,
+.Xr cr_seeotheruids 9 ,
+.Xr mac 9 ,
+.Xr p_cansee 9 ,
+.Xr prison_check 9
OpenPOWER on IntegriCloud