Changeset View
Changeset View
Standalone View
Standalone View
lib/libc/sys/procctl.2
Show First 20 Lines • Show All 106 Lines • ▼ Show 20 Lines | |||||
.It Dv PROC_ASLR_FORCE_DISABLE | .It Dv PROC_ASLR_FORCE_DISABLE | ||||
.It Dv PROC_ASLR_NOFORCE | .It Dv PROC_ASLR_NOFORCE | ||||
.El | .El | ||||
.Pp | .Pp | ||||
If the currently executed image in the process itself has ASLR enabled, | If the currently executed image in the process itself has ASLR enabled, | ||||
the | the | ||||
.Dv PROC_ASLR_ACTIVE | .Dv PROC_ASLR_ACTIVE | ||||
flag is or-ed with the value listed above. | flag is or-ed with the value listed above. | ||||
.It Dv PROC_PROTMAX_CTL | |||||
Controls implicit application of PROT_MAX protection equal to the | |||||
.Fa prot | |||||
argument of the | |||||
.Xr mmap 2 | |||||
markj: and .Xr mprotect 2 | |||||
brooksUnsubmitted Not Done Inline ActionsWe don't imply PROT_MAX on mprotect at this time. One could make a case for it, but we're never tested it and it's not as clear a case IMO. brooks: We don't imply PROT_MAX on mprotect at this time. One could make a case for it, but we're… | |||||
syscall, in the target process. | |||||
The | |||||
.Va arg | |||||
parameter must point to the integer variable holding one of the following | |||||
values: | |||||
.Bl -tag -width PROC_PROTMAX_FORCE_DISABLE | |||||
.It Dv PROC_PROTMAX_FORCE_ENABLE | |||||
Enables implicit PROT_MAX application, | |||||
even if it is disabled system-wide by default. | |||||
markjUnsubmitted Not Done Inline ActionsIt would be nice to reference the sysctl here, "disabled system-wide by vm.imply_prot_max" markj: It would be nice to reference the sysctl here, "disabled system-wide by vm.imply_prot_max" | |||||
The image flag might prevent the enablement still. | |||||
bcrUnsubmitted Done Inline ActionsThe image flag might still prevent the enablement. bcr: The image flag might still prevent the enablement. | |||||
.It Dv PROC_ASLR_FORCE_DISABLE | |||||
Request that implicit application of PROT_MAX is disabled. | |||||
markjUnsubmitted Not Done Inline ActionsShould be "be disabled." markj: Should be "be disabled." | |||||
Same notes as for | |||||
.Dv PROC_PROT_MAX_FORCE_ENABLE | |||||
markjUnsubmitted Not Done Inline ActionsExtra _ between PROT and MAX. markj: Extra _ between PROT and MAX. | |||||
apply. | |||||
.It Dv PROC_PROTMAX_NOFORCE | |||||
Use system-wide configured policy for PROT_MAX. | |||||
markjUnsubmitted Not Done Inline Actions"Use the system-wide ..." markj: "Use the system-wide ..." | |||||
.El | |||||
.It Dv PROC_PROTMAX_STATUS | |||||
Returns the current status of implicit PROT_MAX enablement for the | |||||
target process. | |||||
The | |||||
.Va arg | |||||
parameter must point to the integer variable, where one of the | |||||
following values is written: | |||||
.Bl -tag -width PROC_PROTMAX_FORCE_DISABLE | |||||
.It Dv PROC_PROTMAX_FORCE_ENABLE | |||||
.It Dv PROC_PROTMAX_FORCE_DISABLE | |||||
.It Dv PROC_PROTMAX_NOFORCE | |||||
.El | |||||
.Pp | |||||
If the currently executed image in the process itself has implicit PROT_MAX | |||||
application enabled, | |||||
the | |||||
.Dv PROC_PROTMAX_ACTIVE | |||||
flag is or-ed with the value listed above. | |||||
.It Dv PROC_SPROTECT | .It Dv PROC_SPROTECT | ||||
Set process protection state. | Set process protection state. | ||||
This is used to mark a process as protected from being killed if the system | This is used to mark a process as protected from being killed if the system | ||||
exhausts the available memory and swap. | exhausts the available memory and swap. | ||||
The | The | ||||
.Fa arg | .Fa arg | ||||
parameter must point to an integer containing an operation and zero or more | parameter must point to an integer containing an operation and zero or more | ||||
optional flags. | optional flags. | ||||
▲ Show 20 Lines • Show All 447 Lines • ▼ Show 20 Lines | |||||
.El | .El | ||||
.Sh SEE ALSO | .Sh SEE ALSO | ||||
.Xr dtrace 1 , | .Xr dtrace 1 , | ||||
.Xr proccontrol 1 , | .Xr proccontrol 1 , | ||||
.Xr protect 1 , | .Xr protect 1 , | ||||
.Xr cap_enter 2, | .Xr cap_enter 2, | ||||
.Xr kill 2 , | .Xr kill 2 , | ||||
.Xr ktrace 2 , | .Xr ktrace 2 , | ||||
.Xr mmap 2 , | |||||
.Xr ptrace 2 , | .Xr ptrace 2 , | ||||
.Xr wait 2 , | .Xr wait 2 , | ||||
.Xr capsicum 4 , | .Xr capsicum 4 , | ||||
.Xr hwpmc 4 , | .Xr hwpmc 4 , | ||||
.Xr init 8 | .Xr init 8 | ||||
.Sh HISTORY | .Sh HISTORY | ||||
The | The | ||||
.Fn procctl | .Fn procctl | ||||
Show All 15 Lines |
and .Xr mprotect 2