Changeset View
Changeset View
Standalone View
Standalone View
lib/libc/sys/procctl.2
Show All 23 Lines | |||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" | .\" | ||||
.Dd September 2, 2021 | .Dd September 2, 2021 | ||||
pauamma_gundo.com: Bump on commit | |||||
.Dt PROCCTL 2 | .Dt PROCCTL 2 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm procctl | .Nm procctl | ||||
.Nd control processes | .Nd control processes | ||||
.Sh LIBRARY | .Sh LIBRARY | ||||
.Lb libc | .Lb libc | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
▲ Show 20 Lines • Show All 384 Lines • ▼ Show 20 Lines | |||||
Controls the capability mode sandbox actions for the specified | Controls the capability mode sandbox actions for the specified | ||||
sandboxed processes, | sandboxed processes, | ||||
on a return from any syscall which gives either a | on a return from any syscall which gives either a | ||||
.Er ENOTCAPABLE | .Er ENOTCAPABLE | ||||
or | or | ||||
.Er ECAPMODE | .Er ECAPMODE | ||||
error. | error. | ||||
If the control is enabled, such errors from the syscalls cause | If the control is enabled, such errors from the syscalls cause | ||||
delivery of the synchronous | synchronous delivery of either a | ||||
.Dv SIGTRAP | .Dv SIGTRAP | ||||
or | |||||
.Dv SIGCAP | |||||
signal to the thread immediately before returning from the syscalls. | signal to the thread immediately before returning from the syscalls. | ||||
The former is useful for debugging processes that are unexpectedly failing in | |||||
capability mode. | |||||
Not Done Inline ActionsComma splice after "mode". I'd either s/,/;/ or s/,/ and/ pauamma_gundo.com: Comma splice after "mode". I'd either s/,/;/ or s/,/ and/ | |||||
The latter is intended to be caught by the process and used to | |||||
handle the failure within the process. | |||||
Done Inline Actions"either a synchronous", to me, hints that SIGTRAP is delivered synchronously but SIGCAP isn't or may not be, but doesn't state that conclusively. If this is what you mean If this isn't what you mean and both are synchronous, "synchronous delivery of either" would be better. If SIGCAP is or can be delivered asynchronously, "or an asynchronous" or something similar would disambiguate. pauamma_gundo.com: "either a synchronous", to me, hints that SIGTRAP is delivered synchronously but SIGCAP isn't… | |||||
.Pp | .Pp | ||||
Possible values for the | Possible values for the | ||||
.Fa data | .Fa data | ||||
argument are: | argument are: | ||||
.Bl -tag -width PROC_TRAPCAP_CTL_DISABLE | .Bl -tag -width PROC_TRAPCAP_CTL_DISABLE | ||||
.It Dv PROC_TRAPCAP_CTL_ENABLE | .It Dv PROC_TRAPCAP_CTL_ENABLE_SIGTRAP | ||||
Enable the | Enable the | ||||
.Dv SIGTRAP | .Dv SIGTRAP | ||||
signal delivery on capability mode access violations. | |||||
The enabled mode is inherited by the children of the process, | |||||
and is kept after | |||||
.Xr fexecve 2 | |||||
calls. | |||||
.It Dv PROC_TRAPCAP_CTL_ENABLE | |||||
is an alias for | |||||
.Dv PROC_TRAPCAP_CTL_ENABLE_SIGTRAP | |||||
for legacy compatibility. | |||||
.It Dv PROC_TRAPCAP_CTL_ENABLE_SIGCAP | |||||
Enable the | |||||
.Dv SIGCAP | |||||
signal delivery on capability mode access violations. | signal delivery on capability mode access violations. | ||||
The enabled mode is inherited by the children of the process, | The enabled mode is inherited by the children of the process, | ||||
and is kept after | and is kept after | ||||
.Xr fexecve 2 | .Xr fexecve 2 | ||||
calls. | calls. | ||||
.It Dv PROC_TRAPCAP_CTL_DISABLE | .It Dv PROC_TRAPCAP_CTL_DISABLE | ||||
Disable the signal delivery on capability mode access violations. | Disable the signal delivery on capability mode access violations. | ||||
Note that the global sysctl | Note that the global sysctl | ||||
▲ Show 20 Lines • Show All 402 Lines • Show Last 20 Lines |
Bump on commit