mirror of https://github.com/mkerrisk/man-pages
prctl.2: Document PR_SET_PTRACER
Document the Yama LSM's prctl handler that allows processes to declare ptrace restriction exception relationships via PR_SET_PTRACER. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
7f26805b7e
commit
491b2e75a3
18
man2/prctl.2
18
man2/prctl.2
|
@ -45,9 +45,10 @@
|
|||
.\" 2012-09-20 Kees Cook, document PR_SET_NO_NEW_PRIVS, PR_GET_NO_NEW_PRIVS
|
||||
.\" 2012-10-25 Michael Kerrisk, Document PR_SET_TIMERSLACK and
|
||||
.\" PR_GET_TIMERSLACK
|
||||
.\" 2013-01-10 Kees Cook, document PR_SET_PTRACER
|
||||
.\"
|
||||
.\"
|
||||
.TH PRCTL 2 2012-10-25 "Linux" "Linux Programmer's Manual"
|
||||
.TH PRCTL 2 2013-01-10 "Linux" "Linux Programmer's Manual"
|
||||
.SH NAME
|
||||
prctl \- operations on a process
|
||||
.SH SYNOPSIS
|
||||
|
@ -270,6 +271,21 @@ Return the current value of the parent process death signal,
|
|||
in the location pointed to by
|
||||
.IR "(int\ *) arg2" .
|
||||
.TP
|
||||
.BR PR_SET_PTRACER " (since Linux 3.4)"
|
||||
This is only meaningful when the Yama LSM is enabled and in mode 1
|
||||
("restricted ptrace", visible via
|
||||
.IR /proc/sys/kernel/yama/ptrace_scope ).
|
||||
When a "ptracer process id" is passed in \fIarg2\fP, the caller is declaring
|
||||
that the ptracer process can ptrace the current process as if it were a
|
||||
direct process ancestor. When set to 0, this relationship is removed. When
|
||||
set to
|
||||
.BR PR_SET_PTRACER_ANY,
|
||||
the ptrace restrictions introduced by Yama are effectively disabled for the
|
||||
current process.
|
||||
|
||||
For further information, see the kernel source file
|
||||
.IR Documentation/security/Yama.txt .
|
||||
.TP
|
||||
.BR PR_SET_SECCOMP " (since Linux 2.6.23)"
|
||||
.\" See http://thread.gmane.org/gmane.linux.kernel/542632
|
||||
.\" [PATCH 0 of 2] seccomp updates
|
||||
|
|
Loading…
Reference in New Issue