diff options
Diffstat (limited to 'man2/prctl.2')
| -rw-r--r-- | man2/prctl.2 | 261 |
1 files changed, 132 insertions, 129 deletions
diff --git a/man2/prctl.2 b/man2/prctl.2 index f1604a7cb..7fefb5d2e 100644 --- a/man2/prctl.2 +++ b/man2/prctl.2 @@ -114,12 +114,12 @@ must be specified as 0. .IP Higher-level interfaces layered on top of the above operations are provided in the -.BR libcap (3) +.MR libcap 3 library in the form of -.BR cap_get_ambient (3), -.BR cap_set_ambient (3), +.MR cap_get_ambient 3 , +.MR cap_set_ambient 3 , and -.BR cap_reset_ambient (3). +.MR cap_reset_ambient 3 . .\" prctl PR_CAPBSET_READ .TP .BR PR_CAPBSET_READ " (since Linux 2.6.25)" @@ -132,7 +132,7 @@ or 0 if it is not. The capability bounding set dictates whether the process can receive the capability through a file's permitted capability set on a subsequent call to -.BR execve (2). +.MR execve 2 . .IP If the capability specified in .I arg2 @@ -140,9 +140,9 @@ is not valid, then the call fails with the error .BR EINVAL . .IP A higher-level interface layered on top of this operation is provided in the -.BR libcap (3) +.MR libcap 3 library in the form of -.BR cap_get_bound (3). +.MR cap_get_bound 3 . .\" prctl PR_CAPBSET_DROP .TP .BR PR_CAPBSET_DROP " (since Linux 2.6.25)" @@ -167,9 +167,9 @@ if file capabilities are not enabled in the kernel, in which case bounding sets are not supported. .IP A higher-level interface layered on top of this operation is provided in the -.BR libcap (3) +.MR libcap 3 library in the form of -.BR cap_drop_bound (3). +.MR cap_drop_bound 3 . .\" prctl PR_SET_CHILD_SUBREAPER .TP .BR PR_SET_CHILD_SUBREAPER " (since Linux 3.4)" @@ -183,29 +183,29 @@ if is zero, unset the attribute. .IP A subreaper fulfills the role of -.BR init (1) +.MR init 1 for its descendant processes. When a process becomes orphaned (i.e., its immediate parent terminates), then that process will be reparented to the nearest still living ancestor subreaper. Subsequently, calls to -.BR getppid (2) +.MR getppid 2 in the orphaned process will now return the PID of the subreaper process, and when the orphan terminates, it is the subreaper process that will receive a .B SIGCHLD signal and will be able to -.BR wait (2) +.MR wait 2 on the process to discover its termination status. .IP The setting of the "child subreaper" attribute is not inherited by children created by -.BR fork (2) +.MR fork 2 and -.BR clone (2). +.MR clone 2 . The setting is preserved across -.BR execve (2). +.MR execve 2 . .IP Establishing a subreaper process is useful in session management frameworks where a hierarchical group of processes is managed by a subreaper process @@ -213,9 +213,9 @@ that needs to be informed when one of the processes\[em]for example, a double-forked daemon\[em]terminates (perhaps so that it can restart that process). Some -.BR init (1) +.MR init 1 frameworks (e.g., -.BR systemd (1)) +.MR systemd 1 ) employ a subreaper process for similar reasons. .\" prctl PR_GET_CHILD_SUBREAPER .TP @@ -250,7 +250,7 @@ for security reasons, this feature has been removed. (See also the description of .I /proc/sys/fs/\:suid_dumpable in -.BR proc (5).) +.MR proc 5 .) .IP Normally, the "dumpable" attribute is set to 1. However, it is reset to the current value contained in the file @@ -263,17 +263,19 @@ in the following circumstances: The process's effective user or group ID is changed. .IP \[bu] The process's filesystem user or group ID is changed (see -.BR credentials (7)). +.MR credentials 7 ). .IP \[bu] The process executes -.RB ( execve (2)) +\%(\c +.MR execve 2 ) a set-user-ID or set-group-ID program, resulting in a change of either the effective user ID or the effective group ID. .IP \[bu] The process executes -.RB ( execve (2)) +\%(\c +.MR execve 2 ) a program that has file capabilities (see -.BR capabilities (7)), +.MR capabilities 7 ), .\" See kernel/cred.c::commit_creds() but only if the permitted capabilities gained exceed those already permitted for the process. @@ -281,17 +283,17 @@ gained exceed those already permitted for the process. .RE .IP Processes that are not dumpable can not be attached via -.BR ptrace (2) +.MR ptrace 2 .BR PTRACE_ATTACH ; see -.BR ptrace (2) +.MR ptrace 2 for further details. .IP If a process is not dumpable, the ownership of files in the process's .IR /proc/ pid directory is affected as described in -.BR proc (5). +.MR proc 5 . .\" prctl PR_GET_DUMPABLE .TP .BR PR_GET_DUMPABLE " (since Linux 2.3.20)" @@ -415,7 +417,8 @@ so FPU emulation is not required and the FPU always operates in mode. .IP This operation is mainly intended for use by the dynamic linker -.RB ( ld.so (8)). +\%(\c +.MR ld.so 8 ). .IP The arguments .IR arg3 , @@ -500,9 +503,9 @@ and must be zero. .IP The IO_FLUSHER state is inherited by a child process created via -.BR fork (2) +.MR fork 2 and is preserved across -.BR execve (2). +.MR execve 2 . .IP Examples of IO_FLUSHER applications are FUSE daemons, SCSI device emulation daemons, and daemons that perform error handling like multipath @@ -529,19 +532,19 @@ must be zero. .BR PR_SET_KEEPCAPS " (since Linux 2.2.18)" Set the state of the calling thread's "keep capabilities" flag. The effect of this flag is described in -.BR capabilities (7). +.MR capabilities 7 . .I arg2 must be either 0 (clear the flag) or 1 (set the flag). The "keep capabilities" value will be reset to 0 on subsequent calls to -.BR execve (2). +.MR execve 2 . .\" prctl PR_GET_KEEPCAPS .TP .BR PR_GET_KEEPCAPS " (since Linux 2.2.18)" Return (as the function result) the current state of the calling thread's "keep capabilities" flag. See -.BR capabilities (7) +.MR capabilities 7 for a description of this flag. .\" prctl PR_MCE_KILL .TP @@ -555,7 +558,7 @@ clear the thread memory corruption kill policy and use the system-wide default. (The system-wide default is defined by .IR /proc/sys/vm/memory_failure_early_kill ; see -.BR proc (5).) +.MR proc 5 .) If .I arg2 is @@ -576,7 +579,7 @@ signal as soon as hardware memory corruption is detected inside its address space. In late kill mode, the process is killed only when it accesses a corrupted page. See -.BR sigaction (2) +.MR sigaction 2 for more information on the .B SIGBUS signal. @@ -599,7 +602,7 @@ arguments must be zero. Modify certain kernel memory map descriptor fields of the calling process. Usually these fields are set by the kernel and dynamic loader (see -.BR ld.so (8) +.MR ld.so 8 for more information) and a regular application should not use this feature. However, there are cases, such as self-modifying programs, where a program might find it useful to change its own memory map. @@ -629,9 +632,9 @@ option enabled. Set the address above which the program text can run. The corresponding memory area must be readable and executable, but not writable or shareable (see -.BR mprotect (2) +.MR mprotect 2 and -.BR mmap (2) +.MR mmap 2 for more information). .TP .B PR_SET_MM_END_CODE @@ -657,7 +660,7 @@ The corresponding memory area must be readable and writable. .TP .B PR_SET_MM_START_BRK Set the address above which the program heap can be expanded with -.BR brk (2) +.MR brk 2 call. The address must be greater than the ending address of the current program data segment. @@ -665,11 +668,11 @@ In addition, the combined size of the resulting heap and the size of the data segment can't exceed the .B RLIMIT_DATA resource limit (see -.BR setrlimit (2)). +.MR setrlimit 2 ). .TP .B PR_SET_MM_BRK Set the current -.BR brk (2) +.MR brk 2 value. The requirements for the address are the same as for the .B PR_SET_MM_START_BRK @@ -701,7 +704,7 @@ Thus, the corresponding memory area must be readable, writable, and (depending on the kernel configuration) have the .B MAP_GROWSDOWN attribute set (see -.BR mmap (2)). +.MR mmap 2 ). .TP .B PR_SET_MM_AUXV Set a new auxiliary vector. @@ -721,7 +724,7 @@ identified by the file descriptor provided in .I arg3 argument. The file descriptor should be obtained with a regular -.BR open (2) +.MR open 2 call. .IP To change the symbolic link, one needs to unmap all existing @@ -873,10 +876,10 @@ enabled. All threads in a process are affected by these calls. .IP The child of a -.BR fork (2) +.MR fork 2 inherits the state of MPX management. During -.BR execve (2), +.MR execve 2 , MPX management is reset to a state as if .B PR_MPX_DISABLE_MANAGEMENT had been called. @@ -901,17 +904,17 @@ including the terminating null byte. (If the length of the string, including the terminating null byte, exceeds 16 bytes, the string is silently truncated.) This is the same attribute that can be set via -.BR pthread_setname_np (3) +.MR pthread_setname_np 3 and retrieved using -.BR pthread_getname_np (3). +.MR pthread_getname_np 3 . The attribute is likewise accessible via .IR /proc/self/task/ tid /comm (see -.BR proc (5)), +.MR proc 5 ), where .I tid is the thread ID of the calling thread, as returned by -.BR gettid (2). +.MR gettid 2 . .\" prctl PR_GET_NAME .TP .BR PR_GET_NAME " (since Linux 2.6.11)" @@ -930,10 +933,10 @@ attribute to the value in With .I no_new_privs set to 1, -.BR execve (2) +.MR execve 2 promises not to grant privileges to do anything that could not have been done without the -.BR execve (2) +.MR execve 2 call (for example, rendering the set-user-ID and set-group-ID mode bits, and file capabilities non-functional). @@ -941,11 +944,11 @@ Once set, the .I no_new_privs attribute cannot be unset. The setting of this attribute is inherited by children created by -.BR fork (2) +.MR fork 2 and -.BR clone (2), +.MR clone 2 , and preserved across -.BR execve (2). +.MR execve 2 . .IP Since Linux 4.10, the value of a thread's @@ -963,7 +966,7 @@ For more information, see the kernel source file .I Documentation/prctl/no_new_privs.txt before Linux 4.13). See also -.BR seccomp (2). +.MR seccomp 2 . .\" prctl PR_GET_NO_NEW_PRIVS .TP .BR PR_GET_NO_NEW_PRIVS " (since Linux 3.5)" @@ -971,10 +974,10 @@ Return (as the function result) the value of the .I no_new_privs attribute for the calling thread. A value of 0 indicates the regular -.BR execve (2) +.MR execve 2 behavior. A value of 1 indicates -.BR execve (2) +.MR execve 2 will operate in the privilege-restricting mode described above. .\" prctl PR_PAC_RESET_KEYS .\" commit ba830885656414101b2f8ca88786524d4bb5e8c1 @@ -1015,9 +1018,9 @@ when establishing a clean execution context. Note that there is no need to use .B PR_PAC_RESET_KEYS in preparation for calling -.BR execve (2), +.MR execve 2 , since -.BR execve (2) +.MR execve 2 resets all the pointer authentication keys. .IP The remaining arguments @@ -1068,7 +1071,7 @@ the "parent" in this case is considered to be the that created this process. In other words, the signal will be sent when that thread terminates (via, for example, -.BR pthread_exit (3)), +.MR pthread_exit 3 ), rather than after all of the threads in the parent process terminate. .IP The parent-death signal is sent upon subsequent termination of the parent @@ -1082,9 +1085,9 @@ by the time of the operation, then no parent-death signal is sent to the caller. .IP The parent-death signal is process-directed (see -.BR signal (7)) +.MR signal 7 ) and, if the child installs a handler using the -.BR sigaction (2) +.MR sigaction 2 .B SA_SIGINFO flag, the .I si_pid @@ -1093,15 +1096,15 @@ field of the argument of the handler contains the PID of the terminating parent process. .IP The parent-death signal setting is cleared for the child of a -.BR fork (2). +.MR fork 2 . It is also (since Linux 2.4.36 / 2.6.23) .\" commit d2d56c5f51028cb9f3d800882eb6f4cbd3f9099f cleared when executing a set-user-ID or set-group-ID binary, or a binary that has associated capabilities (see -.BR capabilities (7)); +.MR capabilities 7 ); otherwise, this value is preserved across -.BR execve (2). +.MR execve 2 . The parent-death signal setting is also cleared upon changes to any of the following thread credentials: .\" FIXME capability changes can also trigger this; see @@ -1124,7 +1127,7 @@ This is meaningful only when the Yama LSM is enabled and in mode 1 .IR /proc/sys/kernel/yama/ptrace_scope ). When a "ptracer process ID" is passed in \fIarg2\fP, the caller is declaring that the ptracer process can -.BR ptrace (2) +.MR ptrace 2 the calling process as if it were a direct process ancestor. Each .B PR_SET_PTRACER @@ -1156,7 +1159,7 @@ before Linux 4.13). Set the secure computing (seccomp) mode for the calling thread, to limit the available system calls. The more recent -.BR seccomp (2) +.MR seccomp 2 system call provides a superset of the functionality of .BR PR_SET_SECCOMP , and is the preferred interface for new applications. @@ -1172,7 +1175,7 @@ The following values can be specified: See the description of .B SECCOMP_SET_MODE_STRICT in -.BR seccomp (2). +.MR seccomp 2 . .IP This operation is available only if the kernel is configured with @@ -1190,7 +1193,7 @@ arbitrary system calls and system call arguments. See the description of .B SECCOMP_SET_MODE_FILTER in -.BR seccomp (2). +.MR seccomp 2 . .IP This operation is available only if the kernel is configured with @@ -1199,7 +1202,7 @@ enabled. .RE .IP For further details on seccomp filtering, see -.BR seccomp (2). +.MR seccomp 2 . .\" prctl PR_GET_SECCOMP .TP .BR PR_GET_SECCOMP " (since Linux 2.6.23)" @@ -1227,21 +1230,21 @@ field of the .IR /proc/ pid /status file provides a method of obtaining the same information, without the risk that the process is killed; see -.BR proc (5). +.MR proc 5 . .\" prctl PR_SET_SECUREBITS .TP .BR PR_SET_SECUREBITS " (since Linux 2.6.26)" Set the "securebits" flags of the calling thread to the value supplied in .IR arg2 . See -.BR capabilities (7). +.MR capabilities 7 . .\" prctl PR_GET_SECUREBITS .TP .BR PR_GET_SECUREBITS " (since Linux 2.6.26)" Return (as the function result) the "securebits" flags of the calling thread. See -.BR capabilities (7). +.MR capabilities 7 . .\" prctl PR_GET_SPECULATION_CTRL .TP .BR PR_GET_SPECULATION_CTRL " (since Linux 4.17)" @@ -1275,7 +1278,7 @@ but cannot be undone. Same as .BR PR_SPEC_DISABLE , but the state will be cleared on -.BR execve (2). +.MR execve 2 . .RE .IP If all bits are 0, @@ -1353,7 +1356,7 @@ will fail with the error Same as .BR PR_SPEC_DISABLE , but the state will be cleared on -.BR execve (2). +.MR execve 2 . Currently only supported for .I arg2 equal to @@ -1420,7 +1423,7 @@ must be set to one of the following combinations of flags: .B 0 Perform the change immediately. At the next -.BR execve (2) +.MR execve 2 in the thread, the vector length will be reset to the value configured in .IR /proc/sys/abi/sve_default_vector_length . @@ -1428,24 +1431,24 @@ the vector length will be reset to the value configured in .B PR_SVE_VL_INHERIT Perform the change immediately. Subsequent -.BR execve (2) +.MR execve 2 calls will preserve the new vector length. .TP .B PR_SVE_SET_VL_ONEXEC Defer the change, so that it is performed at the next -.BR execve (2) +.MR execve 2 in the thread. Further -.BR execve (2) +.MR execve 2 calls will reset the vector length to the value configured in .IR /proc/sys/abi/sve_default_vector_length . .TP .B "PR_SVE_SET_VL_ONEXEC | PR_SVE_VL_INHERIT" Defer the change, so that it is performed at the next -.BR execve (2) +.MR execve 2 in the thread. Further -.BR execve (2) +.MR execve 2 calls will preserve the new vector length. .RE .IP @@ -1474,7 +1477,7 @@ was included in .IR arg2 , then the configuration described by the return value will take effect at the next -.BR execve (2). +.MR execve 2 . Otherwise, the configuration is already in effect when the .B PR_SVE_SET_VL call returns. @@ -1486,9 +1489,9 @@ corresponding to .IP The configuration (including any pending deferred change) is inherited across -.BR fork (2) +.MR fork 2 and -.BR clone (2). +.MR clone 2 . .IP For more information, see the kernel source file .I Documentation/arm64/sve.rst @@ -1525,7 +1528,7 @@ The bit corresponding to .B PR_SVE_VL_INHERIT indicates whether the vector length will be inherited across -.BR execve (2). +.MR execve 2 . .IP Note that there is no way to determine whether there is a pending vector length change that has not yet taken effect. @@ -1598,7 +1601,7 @@ signal to the triggering thread. Various fields will be set in the .I siginfo_t structure (see -.BR sigaction (2)) +.MR sigaction 2 ) associated with the signal: .RS .IP \[bu] 3 @@ -1637,10 +1640,10 @@ by modifying the register context stored in the .I ucontext argument of the signal handler. See -.BR sigaction (2), -.BR sigreturn (2), +.MR sigaction 2 , +.MR sigreturn 2 , and -.BR getcontext (3) +.MR getcontext 3 for more information. .IP If @@ -1651,10 +1654,10 @@ Syscall User Dispatch is disabled for that thread. the remaining arguments must be set to 0. .IP The setting is not preserved across -.BR fork (2), -.BR clone (2), +.MR fork 2 , +.MR clone 2 , or -.BR execve (2). +.MR execve 2 . .IP For more information, see the kernel source file @@ -1713,14 +1716,14 @@ addresses passed to certain interfaces must always be untagged: .RS .IP \[bu] 3 -.BR brk (2), -.BR mmap (2), -.BR shmat (2), -.BR shmdt (2), +.MR brk 2 , +.MR mmap 2 , +.MR shmat 2 , +.MR shmdt 2 , and the .I new_address argument of -.BR mremap (2). +.MR mremap 2 . .IP (Prior to Linux 5.6 these accepted tagged addresses, but the behaviour may not be what you expect. @@ -1731,11 +1734,11 @@ that accept pointers to arbitrary types cast to a .I void * or other generic type, specifically .BR prctl (), -.BR ioctl (2), +.MR ioctl 2 , and in general -.BR setsockopt (2) +.MR setsockopt 2 (only certain specific -.BR setsockopt (2) +.MR setsockopt 2 options allow tagged addresses). .RE .IP @@ -1748,11 +1751,11 @@ the effect of passing tagged addresses to these interfaces is unspecified. .IP The mode set by this call is inherited across -.BR fork (2) +.MR fork 2 and -.BR clone (2). +.MR clone 2 . The mode is reset by -.BR execve (2) +.MR execve 2 to 0 (i.e., tagged addresses not permitted in the user/kernel ABI). .IP @@ -1844,12 +1847,12 @@ has a nonzero value, the flag is set, otherwise it is cleared. Setting this flag provides a method for disabling transparent huge pages for jobs where the code cannot be modified, and using a malloc hook with -.BR madvise (2) +.MR madvise 2 is not an option (i.e., statically allocated data). The setting of the "THP disable" flag is inherited by a child created via -.BR fork (2) +.MR fork 2 and is preserved across -.BR execve (2). +.MR execve 2 . .\" prctl PR_GET_THP_DISABLE .TP .BR PR_GET_THP_DISABLE " (since Linux 3.15)" @@ -1863,9 +1866,9 @@ either 1, if the flag is set, or 0, if it is not. Return the .I clear_child_tid address set by -.BR set_tid_address (2) +.MR set_tid_address 2 and the -.BR clone (2) +.MR clone 2 .B CLONE_CHILD_CLEARTID flag, in the location pointed to by .IR "(int\~**)\~arg2" . @@ -1906,28 +1909,28 @@ Grouping timer expirations can help reduce system power consumption by minimizing CPU wake-ups. .IP The timer expirations affected by timer slack are those set by -.BR select (2), -.BR pselect (2), -.BR poll (2), -.BR ppoll (2), -.BR epoll_wait (2), -.BR epoll_pwait (2), -.BR clock_nanosleep (2), -.BR nanosleep (2), +.MR select 2 , +.MR pselect 2 , +.MR poll 2 , +.MR ppoll 2 , +.MR epoll_wait 2 , +.MR epoll_pwait 2 , +.MR clock_nanosleep 2 , +.MR nanosleep 2 , and -.BR futex (2) +.MR futex 2 (and thus the library functions implemented via futexes, including .\" List obtained by grepping for futex usage in glibc source -.BR pthread_cond_timedwait (3), -.BR pthread_mutex_timedlock (3), -.BR pthread_rwlock_timedrdlock (3), -.BR pthread_rwlock_timedwrlock (3), +.MR pthread_cond_timedwait 3 , +.MR pthread_mutex_timedlock 3 , +.MR pthread_rwlock_timedrdlock 3 , +.MR pthread_rwlock_timedwrlock 3 , and -.BR sem_timedwait (3)). +.MR sem_timedwait 3 ). .IP Timer slack is not applied to threads that are scheduled under a real-time scheduling policy (see -.BR sched_setscheduler (2)). +.MR sched_setscheduler 2 ). .IP When a new thread is created, the two timer slack values are made the same as the "current" value @@ -1940,15 +1943,15 @@ The timer slack values of (PID 1), the ancestor of all processes, are 50,000 nanoseconds (50 microseconds). The timer slack value is inherited by a child created via -.BR fork (2), +.MR fork 2 , and is preserved across -.BR execve (2). +.MR execve 2 . .IP Since Linux 4.6, the "current" timer slack value of any process can be examined and changed via the file .IR /proc/ pid /timerslack_ns . See -.BR proc (5). +.MR proc 5 . .\" prctl PR_GET_TIMERSLACK .TP .BR PR_GET_TIMERSLACK " (since Linux 2.6.28)" @@ -2060,7 +2063,7 @@ Non-executable mappings can't become executable. .B PR_MDWE_NO_INHERIT " (since Linux 6.6)" .\" commit 2a87e5520554034e8c423479740f95bea4a086a0 Do not propagate MDWE protection to child processes on -.BR fork (2). +.MR fork 2 . Setting this bit requires setting .B PR_MDWE_REFUSE_EXEC_GAIN too. @@ -2487,7 +2490,7 @@ capability, or tried to unset a "locked" flag, or tried to set a flag whose corresponding locked flag was set (see -.BR capabilities (7)). +.MR capabilities 7 ). .TP .B EPERM .I operation @@ -2505,7 +2508,7 @@ and the caller's .B SECBIT_KEEP_CAPS_LOCKED flag is set (see -.BR capabilities (7)). +.MR capabilities 7 ). .TP .B EPERM .I operation @@ -2573,5 +2576,5 @@ Linux. Linux 2.1.57, glibc 2.0.6 .SH SEE ALSO -.BR signal (2), -.BR core (5) +.MR signal 2 , +.MR core 5 |