:man| Alphabetical   Categories   About us 
 
P_CANDEBUG (9) | Kernel routines | Unix Manual Pages | :man

NAME

p_candebug - determine debuggability of a process

CONTENTS

Synopsis
Description
Sysctl Variables
Return Values
Errors
See Also

SYNOPSIS


.In sys/proc.h int p_candebug "struct thread *td" "struct proc *p"

DESCRIPTION

This function can be used to determine if a given process p is debuggable by the thread td.

SYSCTL VARIABLES

The following sysctl(8) variables directly influence the behaviour of p_candebug:
kern.securelevel
Debugging of the init process is not allowed if this variable is 1 or greater.
security.bsd.unprivileged_proc_debug
Must be set to a non-zero value to allow unprivileged processes access to the kernel’s debug facilities.

RETURN VALUES

The p_candebug function returns 0 if the process denoted by p is debuggable by thread td, or a non-zero error return value otherwise.

ERRORS

[EACCESS]
The MAC subsystem denied debuggability.
[EAGAIN]
Process p is in the process of being exec ’ed.
[EPERM]
Thread td lacks super-user credentials and process p is executing a set-user-ID or set-group-ID executable.
[EPERM]
Thread td lacks super-user credentials and process p ’s group set is not a subset of td ’s effective group set.
[EPERM]
Thread td lacks super-user credentials and process p ’s user IDs do not match thread td ’s effective user ID.
[EPERM]
Process p denotes the initial process initproc and the sysctl(8) variable kern.securelevel is greater than zero.
[ESRCH]
Process p is not visible to thread td as determined by cr_seeotheruids(9) or cr_seeothergids(9).
[ESRCH]
Thread td has been jailed and process p does not belong to the same jail as td.
[ESRCH]
The MAC subsystem denied debuggability.

SEE ALSO

intro(2), jail(2), sysctl(8), cr_seeothergids(9), cr_seeotheruids(9), mac(9), prison_check(9)

 
Created by Blin Media, 2008-2013