2004-11-03 13:51:07 +00:00
|
|
|
.\" Hey Emacs! This file is -*- nroff -*- source.
|
|
|
|
.\"
|
|
|
|
.\" Copyright (C) 1998 Andries Brouwer (aeb@cwi.nl)
|
2007-09-20 06:52:22 +00:00
|
|
|
.\" and Copyright (C) 2002 Michael Kerrisk <mtk.manpages@gmail.com>
|
2007-06-02 08:19:44 +00:00
|
|
|
.\" and Copyright Guillem Jover <guillem@hadrons.org>
|
2004-11-03 13:51:07 +00:00
|
|
|
.\"
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
|
|
.\" permission notice identical to this one.
|
2007-04-12 22:42:49 +00:00
|
|
|
.\"
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
|
|
.\" have taken the same level of care in the production of this manual,
|
|
|
|
.\" which is licensed free of charge, as they might when working
|
|
|
|
.\" professionally.
|
2007-04-12 22:42:49 +00:00
|
|
|
.\"
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
|
|
.\"
|
|
|
|
.\" Modified Thu Nov 11 04:19:42 MET 1999, aeb: added PR_GET_PDEATHSIG
|
|
|
|
.\" Modified 27 Jun 02, Michael Kerrisk
|
2007-04-12 22:42:49 +00:00
|
|
|
.\" Added PR_SET_DUMPABLE, PR_GET_DUMPABLE,
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" PR_SET_KEEPCAPS, PR_GET_KEEPCAPS
|
2006-09-26 12:03:11 +00:00
|
|
|
.\" Modified 2006-08-30 Guillem Jover <guillem@hadrons.org>
|
|
|
|
.\" Updated Linux versions where the options where introduced.
|
|
|
|
.\" Added PR_SET_TIMING, PR_GET_TIMING, PR_SET_NAME, PR_GET_NAME,
|
|
|
|
.\" PR_SET_UNALIGN, PR_GET_UNALIGN, PR_SET_FPEMU, PR_GET_FPEMU,
|
|
|
|
.\" PR_SET_FPEXC, PR_GET_FPEXC
|
2008-07-09 11:53:48 +00:00
|
|
|
.\" 2008-04-29 Serge Hallyn, Document PR_CAPBSET_READ and PR_CAPBSET_DROP
|
|
|
|
.\" 2008-06-13 Erik Bosman, <ejbosman@cs.vu.nl>
|
|
|
|
.\" Document PR_GET_TSC and PR_SET_TSC.
|
|
|
|
.\" 2008-06-15 mtk, Document PR_SET_SECCOMP, PR_GET_SECCOMP
|
2010-06-12 11:47:27 +00:00
|
|
|
.\" 2009-10-03 Andi Kleen, document PR_MCE_KILL_*
|
2004-11-03 13:51:07 +00:00
|
|
|
.\"
|
2010-06-27 04:54:10 +00:00
|
|
|
.\" FIXME: Document PR_SET_TIMERSLACK and PR_GET_TIMERSLACK (new in 2.6.28)
|
|
|
|
.\" FIXME: Document PR_TASK_PERF_EVENTS_DISABLE and
|
|
|
|
.\" PR_TASK_PERF_EVENTS_ENABLE (new in 2.6.32)
|
|
|
|
.\"
|
2011-09-17 04:10:54 +00:00
|
|
|
.TH PRCTL 2 2011-09-17 "Linux" "Linux Programmer's Manual"
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH NAME
|
|
|
|
prctl \- operations on a process
|
|
|
|
.SH SYNOPSIS
|
2007-04-03 14:04:54 +00:00
|
|
|
.nf
|
2004-11-03 13:51:07 +00:00
|
|
|
.B #include <sys/prctl.h>
|
|
|
|
.sp
|
2007-04-03 14:04:54 +00:00
|
|
|
.BI "int prctl(int " option ", unsigned long " arg2 ", unsigned long " arg3 ,
|
|
|
|
.BI " unsigned long " arg4 ", unsigned long " arg5 );
|
|
|
|
.fi
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH DESCRIPTION
|
2005-10-19 06:54:38 +00:00
|
|
|
.BR prctl ()
|
2004-11-03 13:51:07 +00:00
|
|
|
is called with a first argument describing what to do
|
2007-12-10 07:16:56 +00:00
|
|
|
(with values defined in \fI<linux/prctl.h>\fP), and further
|
2008-07-10 20:53:08 +00:00
|
|
|
arguments with a significance depending on the first one.
|
2004-11-03 13:51:07 +00:00
|
|
|
The first argument can be:
|
|
|
|
.TP
|
2011-09-17 04:08:35 +00:00
|
|
|
.BR PR_CAPBSET_READ " (since Linux 2.6.25)"
|
2008-07-09 11:53:48 +00:00
|
|
|
Return (as the function result) 1 if the capability specified in
|
|
|
|
.I arg2
|
|
|
|
is in the calling thread's capability bounding set,
|
|
|
|
or 0 if it is not.
|
|
|
|
(The capability constants are defined in
|
|
|
|
.IR <linux/capability.h> .)
|
|
|
|
The capability bounding set dictates
|
|
|
|
whether the process can receive the capability through a
|
2008-07-09 13:55:24 +00:00
|
|
|
file's permitted capability set on a subsequent call to
|
2008-07-09 11:53:48 +00:00
|
|
|
.BR execve (2).
|
|
|
|
|
|
|
|
If the capability specified in
|
|
|
|
.I arg2
|
|
|
|
is not valid, then the call fails with the error
|
|
|
|
.BR EINVAL .
|
|
|
|
.TP
|
|
|
|
.BR PR_CAPBSET_DROP " (since Linux 2.6.25)"
|
|
|
|
If the calling thread has the
|
|
|
|
.B CAP_SETPCAP
|
|
|
|
capability, then drop the capability specified by
|
|
|
|
.I arg2
|
|
|
|
from the calling thread's capability bounding set.
|
|
|
|
Any children of the calling thread will inherit the newly
|
|
|
|
reduced bounding set.
|
|
|
|
|
|
|
|
The call fails with the error:
|
|
|
|
.B EPERM
|
2008-07-09 13:55:24 +00:00
|
|
|
if the calling thread does not have the
|
2008-07-09 11:53:48 +00:00
|
|
|
.BR CAP_SETPCAP ;
|
|
|
|
.BR EINVAL
|
|
|
|
if
|
|
|
|
.I arg2
|
|
|
|
does not represent a valid capability; or
|
|
|
|
.BR EINVAL
|
|
|
|
if file capabilities are not enabled in the kernel,
|
|
|
|
in which case bounding sets are not supported.
|
|
|
|
.TP
|
2008-07-16 14:01:02 +00:00
|
|
|
.BR PR_SET_DUMPABLE " (since Linux 2.3.20)"
|
|
|
|
Set the state of the flag determining whether core dumps are produced
|
|
|
|
for this process upon delivery of a signal whose default behavior is
|
|
|
|
to produce a core dump.
|
|
|
|
(Normally this flag is set for a process by default, but it is cleared
|
|
|
|
when a set-user-ID or set-group-ID program is executed and also by
|
|
|
|
various system calls that manipulate process UIDs and GIDs).
|
|
|
|
In kernels up to and including 2.6.12,
|
2008-07-09 11:53:48 +00:00
|
|
|
.I arg2
|
2008-07-16 14:01:02 +00:00
|
|
|
must be either 0 (process is not dumpable) or 1 (process is dumpable).
|
|
|
|
Between kernels 2.6.13 and 2.6.17, the value 2 was also permitted,
|
|
|
|
which caused any binary which normally would not be dumped
|
|
|
|
to be dumped readable by root only;
|
|
|
|
for security reasons, this feature has been removed.
|
|
|
|
.\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2
|
|
|
|
.\" Subject: Fix prctl privilege escalation (CVE-2006-2451)
|
|
|
|
.\" From: Marcel Holtmann <marcel () holtmann ! org>
|
|
|
|
.\" Date: 2006-07-12 11:12:00
|
|
|
|
(See also the description of
|
|
|
|
.I /proc/sys/fs/suid_dumpable
|
|
|
|
in
|
|
|
|
.BR proc (5).)
|
2011-09-17 04:10:54 +00:00
|
|
|
Processes that are not dumpable can not be attached via
|
|
|
|
.BR ptrace(2)
|
|
|
|
.BR PTRACE_ATTACH .
|
2006-09-26 13:01:24 +00:00
|
|
|
.TP
|
2008-07-16 14:01:02 +00:00
|
|
|
.BR PR_GET_DUMPABLE " (since Linux 2.3.20)"
|
|
|
|
Return (as the function result) the current state of the calling
|
|
|
|
process's dumpable flag.
|
|
|
|
.\" Since Linux 2.6.13, the dumpable flag can have the value 2,
|
|
|
|
.\" but in 2.6.13 PR_GET_DUMPABLE simply returns 1 if the dumpable
|
intro.1, time.1, adjtimex.2, capget.2, eventfd.2, fcntl.2, getrlimit.2, getsockopt.2, gettimeofday.2, intro.2, ioctl_list.2, ioperm.2, mlock.2, pivot_root.2, poll.2, prctl.2, ptrace.2, sched_setscheduler.2, select_tut.2, semget.2, sigaltstack.2, signalfd.2, sysctl.2, timer_settime.2, timerfd_create.2, wait.2, CPU_SET.3, argz_add.3, assert_perror.3, atexit.3, backtrace.3, bcmp.3, clearenv.3, ctime.3, dl_iterate_phdr.3, dlopen.3, ecvt.3, errno.3, error.3, ether_aton.3, exit.3, fenv.3, ferror.3, finite.3, flockfile.3, fnmatch.3, fpathconf.3, fpclassify.3, ftime.3, ftok.3, ftw.3, fwide.3, getaddrinfo.3, gethostbyname.3, getlogin.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getrpcent.3, getservent.3, glob.3, hsearch.3, inet.3, isalpha.3, iswalnum.3, iswalpha.3, iswblank.3, iswcntrl.3, iswctype.3, iswdigit.3, iswgraph.3, iswlower.3, iswprint.3, iswpunct.3, iswspace.3, iswupper.3, iswxdigit.3, longjmp.3, lsearch.3, malloc.3, matherr.3, mblen.3, mbsinit.3, mbtowc.3, on_exit.3, printf.3, pthread_attr_init.3, pthread_attr_setaffinity_np.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setscope.3, pthread_attr_setstack.3, pthread_attr_setstackaddr.3, pthread_attr_setstacksize.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_equal.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setaffinity_np.3, pthread_setcancelstate.3, pthread_setconcurrency.3, pthread_setschedparam.3, pthread_setschedprio.3, ptsname.3, putenv.3, putgrent.3, raise.3, rcmd.3, regex.3, rexec.3, rpc.3, rpmatch.3, rtnetlink.3, scandir.3, sem_init.3, setaliasent.3, setbuf.3, setenv.3, setjmp.3, signbit.3, stdio_ext.3, strtod.3, strtol.3, strtoul.3, system.3, termios.3, timeradd.3, tzset.3, ualarm.3, wctomb.3, xdr.3, st.4, tty_ioctl.4, core.5, elf.5, proc.5, bootparam.7, capabilities.7, icmp.7, ip.7, ipv6.7, math_error.7, mdoc.samples.7, mq_overview.7, pthreads.7, raw.7, regex.7, socket.7, tcp.7, tzselect.8: Global fix: s/non-zero/nonzero/
The tendency in English, as prescribed in style guides like
Chicago MoS, is towards removing hyphens after prefixes
like "non-" etc.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-01-16 16:40:55 +00:00
|
|
|
.\" flags has a nonzero value. This was fixed in 2.6.14.
|
2006-09-26 13:01:24 +00:00
|
|
|
.TP
|
2008-07-09 11:53:48 +00:00
|
|
|
.BR PR_SET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
|
2007-04-12 22:42:49 +00:00
|
|
|
Set the endian-ness of the calling process to the value given
|
2006-09-26 13:01:24 +00:00
|
|
|
in \fIarg2\fP, which should be one of the following:
|
2008-07-09 11:53:48 +00:00
|
|
|
.\" Respectively 0, 1, 2
|
2006-09-26 13:01:24 +00:00
|
|
|
.BR PR_ENDIAN_BIG ,
|
|
|
|
.BR PR_ENDIAN_LITTLE ,
|
|
|
|
or
|
2007-09-20 16:26:31 +00:00
|
|
|
.B PR_ENDIAN_PPC_LITTLE
|
2006-09-26 13:01:24 +00:00
|
|
|
(PowerPC pseudo little endian).
|
2006-09-26 12:03:11 +00:00
|
|
|
.TP
|
2008-07-09 11:53:48 +00:00
|
|
|
.BR PR_GET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
|
|
|
|
Return the endian-ness of the calling process,
|
|
|
|
in the location pointed to by
|
|
|
|
.IR "(int\ *) arg2" .
|
|
|
|
.TP
|
|
|
|
.BR PR_SET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
|
2006-09-26 12:03:11 +00:00
|
|
|
Set floating-point emulation control bits to \fIarg2\fP.
|
|
|
|
Pass \fBPR_FPEMU_NOPRINT\fP to silently emulate fp operations accesses, or
|
2007-06-21 05:38:48 +00:00
|
|
|
\fBPR_FPEMU_SIGFPE\fP to not emulate fp operations and send
|
|
|
|
.B SIGFPE
|
|
|
|
instead.
|
2006-09-26 12:03:11 +00:00
|
|
|
.TP
|
2008-07-09 11:53:48 +00:00
|
|
|
.BR PR_GET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
|
|
|
|
Return floating-point emulation control bits,
|
|
|
|
in the location pointed to by
|
|
|
|
.IR "(int\ *) arg2" .
|
2006-09-26 12:03:11 +00:00
|
|
|
.TP
|
2008-07-09 11:53:48 +00:00
|
|
|
.BR PR_SET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
|
2007-04-24 16:44:51 +00:00
|
|
|
Set floating-point exception mode to \fIarg2\fP.
|
|
|
|
Pass \fBPR_FP_EXC_SW_ENABLE\fP to use FPEXC for FP exception enables,
|
2008-07-23 02:57:20 +00:00
|
|
|
\fBPR_FP_EXC_DIV\fP for floating-point divide by zero,
|
|
|
|
\fBPR_FP_EXC_OVF\fP for floating-point overflow,
|
|
|
|
\fBPR_FP_EXC_UND\fP for floating-point underflow,
|
|
|
|
\fBPR_FP_EXC_RES\fP for floating-point inexact result,
|
|
|
|
\fBPR_FP_EXC_INV\fP for floating-point invalid operation,
|
2006-09-26 12:03:11 +00:00
|
|
|
\fBPR_FP_EXC_DISABLED\fP for FP exceptions disabled,
|
2010-01-16 17:01:12 +00:00
|
|
|
\fBPR_FP_EXC_NONRECOV\fP for async nonrecoverable exception mode,
|
2006-09-26 12:03:11 +00:00
|
|
|
\fBPR_FP_EXC_ASYNC\fP for async recoverable exception mode,
|
|
|
|
\fBPR_FP_EXC_PRECISE\fP for precise exception mode.
|
|
|
|
.TP
|
2008-07-09 11:53:48 +00:00
|
|
|
.BR PR_GET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
|
|
|
|
Return floating-point exception mode,
|
|
|
|
in the location pointed to by
|
|
|
|
.IR "(int\ *) arg2" .
|
|
|
|
.TP
|
2008-07-16 14:01:02 +00:00
|
|
|
.BR PR_SET_KEEPCAPS " (since Linux 2.2.18)"
|
|
|
|
Set the state of the thread's "keep capabilities" flag,
|
2010-05-13 04:16:25 +00:00
|
|
|
which determines whether the threads's permitted
|
|
|
|
capability set is cleared when a change is made to the threads's user IDs
|
2008-07-16 14:01:02 +00:00
|
|
|
such that the threads's real UID, effective UID, and saved set-user-ID
|
intro.1, time.1, adjtimex.2, capget.2, eventfd.2, fcntl.2, getrlimit.2, getsockopt.2, gettimeofday.2, intro.2, ioctl_list.2, ioperm.2, mlock.2, pivot_root.2, poll.2, prctl.2, ptrace.2, sched_setscheduler.2, select_tut.2, semget.2, sigaltstack.2, signalfd.2, sysctl.2, timer_settime.2, timerfd_create.2, wait.2, CPU_SET.3, argz_add.3, assert_perror.3, atexit.3, backtrace.3, bcmp.3, clearenv.3, ctime.3, dl_iterate_phdr.3, dlopen.3, ecvt.3, errno.3, error.3, ether_aton.3, exit.3, fenv.3, ferror.3, finite.3, flockfile.3, fnmatch.3, fpathconf.3, fpclassify.3, ftime.3, ftok.3, ftw.3, fwide.3, getaddrinfo.3, gethostbyname.3, getlogin.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getrpcent.3, getservent.3, glob.3, hsearch.3, inet.3, isalpha.3, iswalnum.3, iswalpha.3, iswblank.3, iswcntrl.3, iswctype.3, iswdigit.3, iswgraph.3, iswlower.3, iswprint.3, iswpunct.3, iswspace.3, iswupper.3, iswxdigit.3, longjmp.3, lsearch.3, malloc.3, matherr.3, mblen.3, mbsinit.3, mbtowc.3, on_exit.3, printf.3, pthread_attr_init.3, pthread_attr_setaffinity_np.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setscope.3, pthread_attr_setstack.3, pthread_attr_setstackaddr.3, pthread_attr_setstacksize.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_equal.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setaffinity_np.3, pthread_setcancelstate.3, pthread_setconcurrency.3, pthread_setschedparam.3, pthread_setschedprio.3, ptsname.3, putenv.3, putgrent.3, raise.3, rcmd.3, regex.3, rexec.3, rpc.3, rpmatch.3, rtnetlink.3, scandir.3, sem_init.3, setaliasent.3, setbuf.3, setenv.3, setjmp.3, signbit.3, stdio_ext.3, strtod.3, strtol.3, strtoul.3, system.3, termios.3, timeradd.3, tzset.3, ualarm.3, wctomb.3, xdr.3, st.4, tty_ioctl.4, core.5, elf.5, proc.5, bootparam.7, capabilities.7, icmp.7, ip.7, ipv6.7, math_error.7, mdoc.samples.7, mq_overview.7, pthreads.7, raw.7, regex.7, socket.7, tcp.7, tzselect.8: Global fix: s/non-zero/nonzero/
The tendency in English, as prescribed in style guides like
Chicago MoS, is towards removing hyphens after prefixes
like "non-" etc.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-01-16 16:40:55 +00:00
|
|
|
all become nonzero when at least one of them previously had the value 0.
|
2010-05-13 04:16:25 +00:00
|
|
|
By default, the permitted capability set is cleared when such a change is made;
|
|
|
|
setting the "keep capabilities" flag prevents it from being cleared.
|
2008-07-16 14:01:02 +00:00
|
|
|
.I arg2
|
2010-05-13 04:16:25 +00:00
|
|
|
must be either 0 (permitted capabilities are cleared)
|
|
|
|
or 1 (permitted capabilities are kept).
|
|
|
|
(A thread's
|
|
|
|
.I effective
|
|
|
|
capability set is always cleared when such a credential change is made,
|
|
|
|
regardless of the setting of the "keep capabilities" flag.)
|
|
|
|
The "keep capabilities" value will be reset to 0 on subsequent calls to
|
2008-07-16 14:01:02 +00:00
|
|
|
.BR execve (2).
|
|
|
|
.TP
|
|
|
|
.BR PR_GET_KEEPCAPS " (since Linux 2.2.18)"
|
|
|
|
Return (as the function result) the current state of the calling threads's
|
|
|
|
"keep capabilities" flag.
|
|
|
|
.TP
|
|
|
|
.BR PR_SET_NAME " (since Linux 2.6.9)"
|
|
|
|
Set the process name for the calling process,
|
|
|
|
using the value in the location pointed to by
|
|
|
|
.IR "(char\ *) arg2" .
|
|
|
|
The name can be up to 16 bytes long,
|
|
|
|
.\" TASK_COMM_LEN in include/linux/sched.h
|
2010-01-16 17:56:17 +00:00
|
|
|
and should be null-terminated if it contains fewer bytes.
|
2008-07-16 14:01:02 +00:00
|
|
|
.TP
|
|
|
|
.BR PR_GET_NAME " (since Linux 2.6.11)"
|
|
|
|
Return the process name for the calling process,
|
|
|
|
in the buffer pointed to by
|
|
|
|
.IR "(char\ *) arg2" .
|
|
|
|
The buffer should allow space for up to 16 bytes;
|
2010-01-16 17:56:17 +00:00
|
|
|
the returned string will be null-terminated if it is shorter than that.
|
2008-07-16 14:01:02 +00:00
|
|
|
.TP
|
|
|
|
.BR PR_SET_PDEATHSIG " (since Linux 2.1.57)"
|
|
|
|
Set the parent process death signal
|
|
|
|
of the calling process to \fIarg2\fP (either a signal value
|
|
|
|
in the range 1..maxsig, or 0 to clear).
|
|
|
|
This is the signal that the calling process will get when its
|
|
|
|
parent dies.
|
|
|
|
This value is cleared for the child of a
|
|
|
|
.BR fork (2).
|
|
|
|
.TP
|
|
|
|
.BR PR_GET_PDEATHSIG " (since Linux 2.3.15)"
|
|
|
|
Return the current value of the parent process death signal,
|
|
|
|
in the location pointed to by
|
|
|
|
.IR "(int\ *) arg2" .
|
|
|
|
.TP
|
2008-07-09 11:53:48 +00:00
|
|
|
.BR PR_SET_SECCOMP " (since Linux 2.6.23)"
|
|
|
|
.\" See http://thread.gmane.org/gmane.linux.kernel/542632
|
|
|
|
.\" [PATCH 0 of 2] seccomp updates
|
|
|
|
.\" andrea@cpushare.com
|
|
|
|
Set the secure computing mode for the calling thread.
|
|
|
|
In the current implementation,
|
|
|
|
.IR arg2
|
|
|
|
must be 1.
|
|
|
|
After the secure computing mode has been set to 1,
|
|
|
|
the only system calls that the thread is permitted to make are
|
|
|
|
.BR read (2),
|
|
|
|
.BR write (2),
|
2008-09-29 09:00:36 +00:00
|
|
|
.BR _exit (2),
|
2004-11-03 13:51:07 +00:00
|
|
|
and
|
2008-07-09 11:53:48 +00:00
|
|
|
.BR sigreturn (2).
|
|
|
|
Other system calls result in the delivery of a
|
|
|
|
.BR SIGKILL
|
|
|
|
signal.
|
|
|
|
Secure computing mode is useful for number-crunching applications
|
|
|
|
that may need to execute untrusted byte code,
|
|
|
|
perhaps obtained by reading from a pipe or socket.
|
|
|
|
This operation is only available
|
|
|
|
if the kernel is configured with CONFIG_SECCOMP enabled.
|
|
|
|
.TP
|
|
|
|
.BR PR_GET_SECCOMP " (since Linux 2.6.23)"
|
|
|
|
Return the secure computing mode of the calling thread.
|
|
|
|
Not very useful for the current implementation (mode equals 1),
|
|
|
|
but may be useful for other possible future modes:
|
|
|
|
if the caller is not in secure computing mode, this operation returns 0;
|
|
|
|
if the caller is in secure computing mode, then the
|
|
|
|
.BR prctl ()
|
|
|
|
call will cause a
|
|
|
|
.B SIGKILL
|
|
|
|
signal to be sent to the process.
|
|
|
|
This operation is only available
|
|
|
|
if the kernel is configured with CONFIG_SECCOMP enabled.
|
2008-07-16 14:01:02 +00:00
|
|
|
.TP
|
|
|
|
.BR PR_SET_SECUREBITS " (since Linux 2.6.26)"
|
|
|
|
Set the "securebits" flags of the calling thread to the value supplied in
|
|
|
|
.IR arg2 .
|
|
|
|
See
|
|
|
|
.BR capabilities (7).
|
|
|
|
.TP
|
|
|
|
.BR PR_GET_SECUREBITS " (since Linux 2.6.26)"
|
|
|
|
Return (as the function result)
|
|
|
|
the "securebits" flags of the calling thread.
|
|
|
|
See
|
|
|
|
.BR capabilities (7).
|
|
|
|
.TP
|
|
|
|
.BR PR_SET_TIMING " (since Linux 2.6.0-test4)"
|
|
|
|
Set whether to use (normal, traditional) statistical process timing or
|
2010-10-15 05:48:02 +00:00
|
|
|
accurate timestamp-based process timing, by passing
|
2008-07-16 14:01:02 +00:00
|
|
|
.B PR_TIMING_STATISTICAL
|
|
|
|
.\" 0
|
|
|
|
or
|
|
|
|
.B PR_TIMING_TIMESTAMP
|
|
|
|
.\" 1
|
|
|
|
to \fIarg2\fP.
|
|
|
|
.B PR_TIMING_TIMESTAMP
|
|
|
|
is not currently implemented
|
|
|
|
(attempting to set this mode will yield the error
|
|
|
|
.BR EINVAL ).
|
|
|
|
.\" PR_TIMING_TIMESTAMP doesn't do anything in 2.6.26-rc8,
|
|
|
|
.\" and looking at the patch history, it appears
|
|
|
|
.\" that it never did anything.
|
|
|
|
.TP
|
|
|
|
.BR PR_GET_TIMING " (since Linux 2.6.0-test4)"
|
|
|
|
Return (as the function result) which process timing method is currently
|
|
|
|
in use.
|
|
|
|
.TP
|
|
|
|
.BR PR_SET_TSC " (since Linux 2.6.26, x86 only)"
|
|
|
|
Set the state of the flag determining whether the timestamp counter
|
|
|
|
can be read by the process.
|
|
|
|
Pass
|
|
|
|
.B PR_TSC_ENABLE
|
|
|
|
to
|
|
|
|
.I arg2
|
|
|
|
to allow it to be read, or
|
|
|
|
.B PR_TSC_SIGSEGV
|
|
|
|
to generate a
|
|
|
|
.B SIGSEGV
|
|
|
|
when the process tries to read the timestamp counter.
|
|
|
|
.TP
|
|
|
|
.BR PR_GET_TSC " (since Linux 2.6.26, x86 only)"
|
|
|
|
Return the state of the flag determining whether the timestamp counter
|
|
|
|
can be read,
|
|
|
|
in the location pointed to by
|
|
|
|
.IR "(int\ *) arg2" .
|
|
|
|
.TP
|
|
|
|
.B PR_SET_UNALIGN
|
|
|
|
(Only on: ia64, since Linux 2.3.48; parisc, since Linux 2.6.15;
|
|
|
|
PowerPC, since Linux 2.6.18; Alpha, since Linux 2.6.22)
|
|
|
|
Set unaligned access control bits to \fIarg2\fP.
|
|
|
|
Pass
|
|
|
|
\fBPR_UNALIGN_NOPRINT\fP to silently fix up unaligned user accesses,
|
|
|
|
or \fBPR_UNALIGN_SIGBUS\fP to generate
|
|
|
|
.B SIGBUS
|
|
|
|
on unaligned user access.
|
|
|
|
.TP
|
|
|
|
.B PR_GET_UNALIGN
|
|
|
|
(see
|
|
|
|
.B PR_SET_UNALIGN
|
|
|
|
for information on versions and architectures)
|
|
|
|
Return unaligned access control bits, in the location pointed to by
|
|
|
|
.IR "(int\ *) arg2" .
|
2010-06-12 11:47:27 +00:00
|
|
|
.TP
|
|
|
|
.BR PR_MCE_KILL " (since Linux 2.6.32)"
|
|
|
|
Set the machine check memory corruption kill policy for the current thread.
|
|
|
|
If
|
|
|
|
.I arg2
|
|
|
|
is
|
|
|
|
.BR PR_MCE_KILL_CLEAR ,
|
|
|
|
clear the thread memory corruption kill policy and use the system-wide default.
|
|
|
|
(The system-wide default is defined by
|
|
|
|
.IR /proc/sys/vm/memory_failure_early_kill ;
|
|
|
|
see
|
|
|
|
.BR proc (5).)
|
|
|
|
If
|
|
|
|
.I arg2
|
|
|
|
is
|
|
|
|
.BR PR_MCE_KILL_SET ,
|
|
|
|
use a thread-specific memory corruption kill policy.
|
|
|
|
In this case,
|
|
|
|
.I arg3
|
|
|
|
defines whether the policy is
|
2010-06-20 04:43:23 +00:00
|
|
|
.I early kill
|
2010-06-12 11:47:27 +00:00
|
|
|
.RB ( PR_MCE_KILL_EARLY ),
|
2010-06-20 04:43:23 +00:00
|
|
|
.I late kill
|
2010-06-12 11:47:27 +00:00
|
|
|
.RB ( PR_MCE_KILL_LATE ),
|
|
|
|
or the system-wide default
|
|
|
|
.RB ( PR_MCE_KILL_DEFAULT ).
|
2011-10-03 13:40:42 +00:00
|
|
|
Early kill means that the thread receives a
|
2010-06-12 11:47:27 +00:00
|
|
|
.B SIGBUS
|
|
|
|
signal as soon as hardware memory corruption is detected inside
|
|
|
|
its address space.
|
|
|
|
In late kill mode, the process is only killed when it accesses a corrupted page.
|
|
|
|
See
|
2011-09-08 15:06:05 +00:00
|
|
|
.BR sigaction (2)
|
2010-06-12 11:47:27 +00:00
|
|
|
for more information on the
|
|
|
|
.BR SIGBUS
|
|
|
|
signal.
|
|
|
|
The policy is inherited by children.
|
|
|
|
The remaining unused
|
|
|
|
.BR prctl ()
|
|
|
|
arguments must be zero for future compatibility.
|
|
|
|
.TP
|
|
|
|
.BR PR_MCE_KILL_GET " (since Linux 2.6.32)"
|
|
|
|
Return the current per-process machine check kill policy.
|
|
|
|
All unused
|
|
|
|
.BR prctl ()
|
|
|
|
arguments must be zero.
|
2008-07-09 11:53:48 +00:00
|
|
|
.SH "RETURN VALUE"
|
|
|
|
On success,
|
|
|
|
.BR PR_GET_DUMPABLE ,
|
|
|
|
.BR PR_GET_KEEPCAPS ,
|
|
|
|
.BR PR_CAPBSET_READ ,
|
|
|
|
.BR PR_GET_TIMING ,
|
|
|
|
.BR PR_GET_SECUREBITS ,
|
2010-06-12 11:47:27 +00:00
|
|
|
.BR PR_MCE_KILL_GET ,
|
2008-07-09 11:53:48 +00:00
|
|
|
and (if it returns)
|
|
|
|
.BR PR_GET_SECCOMP
|
_syscall.2, accept.2, epoll_create.2, inotify_add_watch.2, ioctl.2, msgget.2, msgop.2, open.2, prctl.2, sched_setscheduler.2, semctl.2, semget.2, swapon.2, addseverity.3, cacosh.3, csqrt.3, dirfd.3, drand48.3, fputws.3, mq_send.3, posix_openpt.3, puts.3, sched_getcpu.3, shm_open.3, sqrt.3, sysconf.3, tgamma.3, ulimit.3, credentials.7, svipc.7: Global fix: s/non-negative/nonnegative/
The tendency in English, as prescribed in style guides like
Chicago MoS, is towards removing hyphens after prefixes
like "non-" etc.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2010-01-16 16:44:48 +00:00
|
|
|
return the nonnegative values described above.
|
2004-11-03 13:51:07 +00:00
|
|
|
All other
|
|
|
|
.I option
|
|
|
|
values return 0 on success.
|
|
|
|
On error, \-1 is returned, and
|
|
|
|
.I errno
|
|
|
|
is set appropriately.
|
|
|
|
.SH ERRORS
|
|
|
|
.TP
|
2008-07-09 11:53:48 +00:00
|
|
|
.B EFAULT
|
|
|
|
.I arg2
|
|
|
|
is an invalid address.
|
|
|
|
.TP
|
2004-11-03 13:51:07 +00:00
|
|
|
.B EINVAL
|
|
|
|
The value of
|
|
|
|
.I option
|
2008-09-29 09:00:36 +00:00
|
|
|
is not recognized.
|
|
|
|
.TP
|
2008-07-09 11:53:48 +00:00
|
|
|
.B EINVAL
|
2010-06-12 11:47:27 +00:00
|
|
|
.I option
|
|
|
|
is
|
|
|
|
.BR PR_MCE_KILL
|
|
|
|
or
|
|
|
|
.BR PR_MCE_KILL_GET ,
|
|
|
|
and unused
|
|
|
|
.BR prctl ()
|
|
|
|
arguments were not specified as zero.
|
|
|
|
.TP
|
|
|
|
.B EINVAL
|
2004-11-03 13:51:07 +00:00
|
|
|
.I arg2
|
2008-07-09 11:53:48 +00:00
|
|
|
is not valid value for this
|
|
|
|
.IR option .
|
|
|
|
.TP
|
|
|
|
.B EINVAL
|
|
|
|
.I option
|
|
|
|
is
|
|
|
|
.BR PR_SET_SECCOMP
|
|
|
|
or
|
|
|
|
.BR PR_SET_SECCOMP ,
|
|
|
|
and the kernel was not configured with
|
|
|
|
.BR CONFIG_SECCOMP .
|
|
|
|
.TP
|
|
|
|
.B EPERM
|
|
|
|
.I option
|
|
|
|
is
|
|
|
|
.BR PR_SET_SECUREBITS ,
|
|
|
|
and the caller does not have the
|
|
|
|
.B CAP_SETPCAP
|
|
|
|
capability,
|
|
|
|
or tried to unset a "locked" flag,
|
|
|
|
or tried to set a flag whose corresponding locked flag was set
|
|
|
|
(see
|
|
|
|
.BR capabilities (7)).
|
|
|
|
.TP
|
|
|
|
.B EPERM
|
|
|
|
.I option
|
|
|
|
is
|
|
|
|
.BR PR_SET_KEEPCAPS ,
|
|
|
|
and the callers's
|
|
|
|
.B SECURE_KEEP_CAPS_LOCKED
|
|
|
|
flag is set
|
|
|
|
(see
|
|
|
|
.BR capabilities (7)).
|
|
|
|
.TP
|
|
|
|
.B EPERM
|
|
|
|
.I option
|
|
|
|
is
|
|
|
|
.BR PR_CAPBSET_DROP ,
|
|
|
|
and the caller does not have the
|
|
|
|
.B CAP_SETPCAP
|
|
|
|
capability.
|
|
|
|
.\" The following can't actually happen, because prctl() in
|
|
|
|
.\" seccomp mode will cause SIGKILL.
|
|
|
|
.\" .TP
|
|
|
|
.\" .B EPERM
|
|
|
|
.\" .I option
|
|
|
|
.\" is
|
|
|
|
.\" .BR PR_SET_SECCOMP ,
|
|
|
|
.\" and secure computing mode is already 1.
|
2007-05-18 16:06:42 +00:00
|
|
|
.SH VERSIONS
|
|
|
|
The
|
|
|
|
.BR prctl ()
|
|
|
|
system call was introduced in Linux 2.1.57.
|
|
|
|
.\" The library interface was added in glibc 2.0.6
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "CONFORMING TO"
|
2007-12-25 21:28:09 +00:00
|
|
|
This call is Linux-specific.
|
2007-04-12 22:42:49 +00:00
|
|
|
IRIX has a
|
2005-10-20 15:11:10 +00:00
|
|
|
.BR prctl ()
|
|
|
|
system call (also introduced in Linux 2.1.44
|
2004-11-03 13:51:07 +00:00
|
|
|
as irix_prctl on the MIPS architecture),
|
|
|
|
with prototype
|
|
|
|
.sp
|
|
|
|
.BI "ptrdiff_t prctl(int " option ", int " arg2 ", int " arg3 );
|
|
|
|
.sp
|
|
|
|
and options to get the maximum number of processes per user,
|
|
|
|
get the maximum number of processors the calling process can use,
|
|
|
|
find out whether a specified process is currently blocked,
|
2005-07-06 11:21:27 +00:00
|
|
|
get or set the maximum stack size, etc.
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH "SEE ALSO"
|
2006-08-03 03:02:31 +00:00
|
|
|
.BR signal (2),
|
2006-03-31 07:10:17 +00:00
|
|
|
.BR core (5)
|