]>
Commit | Line | Data |
---|---|---|
fea681da MK |
1 | .\" Hey Emacs! This file is -*- nroff -*- source. |
2 | .\" | |
3 | .\" Copyright (C) 1998 Andries Brouwer (aeb@cwi.nl) | |
c11b1abf | 4 | .\" and Copyright (C) 2002 Michael Kerrisk <mtk.manpages@gmail.com> |
af5f9508 | 5 | .\" and Copyright Guillem Jover <guillem@hadrons.org> |
fea681da MK |
6 | .\" |
7 | .\" Permission is granted to make and distribute verbatim copies of this | |
8 | .\" manual provided the copyright notice and this permission notice are | |
9 | .\" preserved on all copies. | |
10 | .\" | |
11 | .\" Permission is granted to copy and distribute modified versions of this | |
12 | .\" manual under the conditions for verbatim copying, provided that the | |
13 | .\" entire resulting derived work is distributed under the terms of a | |
14 | .\" permission notice identical to this one. | |
c13182ef | 15 | .\" |
fea681da MK |
16 | .\" Since the Linux kernel and libraries are constantly changing, this |
17 | .\" manual page may be incorrect or out-of-date. The author(s) assume no | |
18 | .\" responsibility for errors or omissions, or for damages resulting from | |
19 | .\" the use of the information contained herein. The author(s) may not | |
20 | .\" have taken the same level of care in the production of this manual, | |
21 | .\" which is licensed free of charge, as they might when working | |
22 | .\" professionally. | |
c13182ef | 23 | .\" |
fea681da MK |
24 | .\" Formatted or processed versions of this manual, if unaccompanied by |
25 | .\" the source, must acknowledge the copyright and authors of this work. | |
26 | .\" | |
27 | .\" Modified Thu Nov 11 04:19:42 MET 1999, aeb: added PR_GET_PDEATHSIG | |
28 | .\" Modified 27 Jun 02, Michael Kerrisk | |
c13182ef | 29 | .\" Added PR_SET_DUMPABLE, PR_GET_DUMPABLE, |
fea681da | 30 | .\" PR_SET_KEEPCAPS, PR_GET_KEEPCAPS |
e87fdd92 MK |
31 | .\" Modified 2006-08-30 Guillem Jover <guillem@hadrons.org> |
32 | .\" Updated Linux versions where the options where introduced. | |
33 | .\" Added PR_SET_TIMING, PR_GET_TIMING, PR_SET_NAME, PR_GET_NAME, | |
34 | .\" PR_SET_UNALIGN, PR_GET_UNALIGN, PR_SET_FPEMU, PR_GET_FPEMU, | |
35 | .\" PR_SET_FPEXC, PR_GET_FPEXC | |
8ab8b43f MK |
36 | .\" 2008-04-29 Serge Hallyn, Document PR_CAPBSET_READ and PR_CAPBSET_DROP |
37 | .\" 2008-06-13 Erik Bosman, <ejbosman@cs.vu.nl> | |
38 | .\" Document PR_GET_TSC and PR_SET_TSC. | |
39 | .\" 2008-06-15 mtk, Document PR_SET_SECCOMP, PR_GET_SECCOMP | |
40 | .\" FIXME . reorder commands alphabetically | |
fea681da | 41 | .\" |
8ab8b43f | 42 | .TH PRCTL 2 2008-07-15 "Linux" "Linux Programmer's Manual" |
fea681da MK |
43 | .SH NAME |
44 | prctl \- operations on a process | |
45 | .SH SYNOPSIS | |
521bf584 | 46 | .nf |
fea681da MK |
47 | .B #include <sys/prctl.h> |
48 | .sp | |
521bf584 MK |
49 | .BI "int prctl(int " option ", unsigned long " arg2 ", unsigned long " arg3 , |
50 | .BI " unsigned long " arg4 ", unsigned long " arg5 ); | |
51 | .fi | |
fea681da | 52 | .SH DESCRIPTION |
e511ffb6 | 53 | .BR prctl () |
fea681da | 54 | is called with a first argument describing what to do |
1a329b56 | 55 | (with values defined in \fI<linux/prctl.h>\fP), and further |
fea681da MK |
56 | parameters with a significance depending on the first one. |
57 | The first argument can be: | |
58 | .TP | |
8ab8b43f | 59 | .BR PR_SET_PDEATHSIG " (since Linux 2.1.57)" |
fea681da | 60 | Set the parent process death signal |
64536a1b | 61 | of the calling process to \fIarg2\fP (either a signal value |
fea681da | 62 | in the range 1..maxsig, or 0 to clear). |
64536a1b | 63 | This is the signal that the calling process will get when its |
c13182ef | 64 | parent dies. |
8ab8b43f | 65 | This value is cleared for the child of a |
0bfa087b | 66 | .BR fork (2). |
fea681da | 67 | .TP |
8ab8b43f MK |
68 | .BR PR_GET_PDEATHSIG " (since Linux 2.3.15)" |
69 | Return the current value of the parent process death signal, | |
70 | in the location pointed to by | |
71 | .IR "(int\ *) arg2" . | |
fea681da | 72 | .TP |
8ab8b43f | 73 | .BR PR_SET_DUMPABLE " (since Linux 2.3.20)" |
fea681da | 74 | Set the state of the flag determining whether core dumps are produced |
d9bfdb9c | 75 | for this process upon delivery of a signal whose default behavior is |
fea681da MK |
76 | to produce a core dump. |
77 | (Normally this flag is set for a process by default, but it is cleared | |
c13182ef | 78 | when a set-user-ID or set-group-ID program is executed and also by |
880f5b4b | 79 | various system calls that manipulate process UIDs and GIDs). |
c0dc0445 | 80 | In kernels up to and including 2.6.12, |
fea681da MK |
81 | .I arg2 |
82 | must be either 0 (process is not dumpable) or 1 (process is dumpable). | |
a4775da6 | 83 | Between kernels 2.6.13 and 2.6.17, the value 2 was also permitted, |
c13182ef MK |
84 | which caused any binary which normally would not be dumped |
85 | to be dumped readable by root only; | |
a3b7f00b MK |
86 | for security reasons, this feature has been removed. |
87 | .\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2 | |
88 | .\" Subject: Fix prctl privilege escalation (CVE-2006-2451) | |
89 | .\" From: Marcel Holtmann <marcel () holtmann ! org> | |
90 | .\" Date: 2006-07-12 11:12:00 | |
c13182ef | 91 | (See also the description of |
c0dc0445 MK |
92 | .I /proc/sys/fs/suid_dumpable |
93 | in | |
94 | .BR proc (5).) | |
fea681da | 95 | .TP |
8ab8b43f | 96 | .BR PR_GET_DUMPABLE " (since Linux 2.3.20)" |
fea681da MK |
97 | Return (as the function result) the current state of the calling |
98 | process's dumpable flag. | |
c13182ef | 99 | .\" Since Linux 2.6.13, the dumpable flag can have the value 2, |
b0c93735 | 100 | .\" but in 2.6.13 PR_GET_DUMPABLE simply returns 1 if the dumpable |
eba72288 | 101 | .\" flags has a non-zero value. This was fixed in 2.6.14. |
fea681da | 102 | .TP |
8ab8b43f MK |
103 | .BR PR_SET_KEEPCAPS " (since Linux 2.2.18)" |
104 | Set the state of the thread's "keep capabilities" flag, | |
105 | which determines whether the threads's effective and permitted | |
106 | capability sets are cleared when a change is made to the threads's user IDs | |
107 | such that the threads's real UID, effective UID, and saved set-user-ID | |
eba72288 | 108 | all become non-zero when at least one of them previously had the value 0. |
fea681da MK |
109 | (By default, these credential sets are cleared). |
110 | .I arg2 | |
111 | must be either 0 (capabilities are cleared) or 1 (capabilities are kept). | |
8ab8b43f MK |
112 | This value will be reset to 0 on subsequent calls to |
113 | .BR execve (2). | |
fea681da | 114 | .TP |
8ab8b43f MK |
115 | .BR PR_GET_KEEPCAPS " (since Linux 2.2.18)" |
116 | Return (as the function result) the current state of the calling threads's | |
fea681da | 117 | "keep capabilities" flag. |
e87fdd92 | 118 | .TP |
8ab8b43f MK |
119 | .BR PR_CAPBSET_READ " (since Linux 2.6.25) |
120 | Return (as the function result) 1 if the capability specified in | |
121 | .I arg2 | |
122 | is in the calling thread's capability bounding set, | |
123 | or 0 if it is not. | |
124 | (The capability constants are defined in | |
125 | .IR <linux/capability.h> .) | |
126 | The capability bounding set dictates | |
127 | whether the process can receive the capability through a | |
128 | file's permitted capability set on a subsequent call to | |
129 | .BR execve (2). | |
130 | ||
131 | If the capability specified in | |
132 | .I arg2 | |
133 | is not valid, then the call fails with the error | |
134 | .BR EINVAL . | |
135 | .TP | |
136 | .BR PR_CAPBSET_DROP " (since Linux 2.6.25)" | |
137 | If the calling thread has the | |
138 | .B CAP_SETPCAP | |
139 | capability, then drop the capability specified by | |
140 | .I arg2 | |
141 | from the calling thread's capability bounding set. | |
142 | Any children of the calling thread will inherit the newly | |
143 | reduced bounding set. | |
144 | ||
145 | The call fails with the error: | |
146 | .B EPERM | |
147 | if the calling thread does not have the | |
148 | .BR CAP_SETPCAP ; | |
149 | .BR EINVAL | |
150 | if | |
151 | .I arg2 | |
152 | does not represent a valid capability; or | |
153 | .BR EINVAL | |
154 | if file capabilities are not enabled in the kernel, | |
155 | in which case bounding sets are not supported. | |
156 | .TP | |
157 | .BR PR_SET_SECUREBITS " (since Linux 2.6.26)" | |
158 | Set the "securebits" flags of the calling thread to the value supplied in | |
159 | .IR arg2 . | |
160 | See | |
161 | .BR capabilities (7). | |
162 | .TP | |
163 | .BR PR_GET_SECUREBITS " (since Linux 2.6.26)" | |
164 | Return (as the function result) | |
165 | the "securebits" flags of the calling thread. | |
166 | See | |
167 | .BR capabilities (7). | |
168 | .TP | |
169 | .BR PR_SET_TSC " (since Linux 2.6.26, x86 only)" | |
170 | Set the state of the flag determining whether the timestamp counter | |
171 | can be read by the process. | |
172 | Pass | |
173 | .B PR_TSC_ENABLE | |
174 | to | |
175 | .I arg2 | |
176 | to allow it to be read, or | |
177 | .B PR_TSC_SIGSEGV | |
178 | to generate a | |
179 | .B SIGSEGV | |
180 | when the process tries to read the timestamp counter. | |
181 | .TP | |
182 | .BR PR_GET_TSC " (since Linux 2.6.26, x86 only)" | |
183 | Return the state of the flag determining whether the timestamp counter | |
184 | can be read, | |
185 | in the location pointed to by | |
186 | .IR "(int\ *) arg2" . | |
187 | .TP | |
188 | .BR PR_SET_TIMING " (since Linux 2.6.0-test4)" | |
e87fdd92 | 189 | Set whether to use (normal, traditional) statistical process timing or |
8ab8b43f MK |
190 | accurate timestamp based process timing, by passing |
191 | .B PR_TIMING_STATISTICAL | |
192 | .\" 0 | |
193 | or | |
194 | .B PR_TIMING_TIMESTAMP | |
195 | .\" 1 | |
196 | to \fIarg2\fP. | |
197 | .B PR_TIMING_TIMESTAMP | |
198 | is not currently implemented | |
199 | (attempting to set this mode will yield the error | |
200 | .BR EINVAL ). | |
201 | .\" PR_TIMING_TIMESTAMP doesn't do anything in 2.6.26-rc8, | |
202 | .\" and looking at the patch history, it appears | |
203 | .\" that it never did anything. | |
e87fdd92 | 204 | .TP |
8ab8b43f | 205 | .BR PR_GET_TIMING " (since Linux 2.6.0-test4)" |
e87fdd92 MK |
206 | Return (as the function result) which process timing method is currently |
207 | in use. | |
208 | .TP | |
8ab8b43f MK |
209 | .BR PR_SET_NAME " (since Linux 2.6.9)" |
210 | Set the process name for the calling process, | |
211 | using the value in the location pointed to by | |
212 | .IR "(char\ *) arg2" . | |
213 | The name can be up to 16 bytes long, | |
214 | .\" TASK_COMM_LEN in include/linux/sched.h | |
215 | and should be null terminated if it contains fewer bytes. | |
64536a1b | 216 | .TP |
8ab8b43f MK |
217 | .BR PR_GET_NAME " (since Linux 2.6.11)" |
218 | Return the process name for the calling process, | |
219 | in the buffer pointed to by | |
220 | .IR "(char\ *) arg2" . | |
221 | The buffer should allow space for up to 16 bytes; | |
222 | the returned string will be null terminated if it is shorter than that. | |
64536a1b | 223 | .TP |
8ab8b43f | 224 | .BR PR_SET_ENDIAN " (since Linux 2.6.18, PowerPC only)" |
c13182ef | 225 | Set the endian-ness of the calling process to the value given |
64536a1b | 226 | in \fIarg2\fP, which should be one of the following: |
8ab8b43f | 227 | .\" Respectively 0, 1, 2 |
64536a1b MK |
228 | .BR PR_ENDIAN_BIG , |
229 | .BR PR_ENDIAN_LITTLE , | |
230 | or | |
0daa9e92 | 231 | .B PR_ENDIAN_PPC_LITTLE |
64536a1b | 232 | (PowerPC pseudo little endian). |
e87fdd92 | 233 | .TP |
8ab8b43f MK |
234 | .BR PR_GET_ENDIAN " (since Linux 2.6.18, PowerPC only)" |
235 | Return the endian-ness of the calling process, | |
236 | in the location pointed to by | |
237 | .IR "(int\ *) arg2" . | |
238 | .TP | |
e87fdd92 | 239 | .B PR_SET_UNALIGN |
20f75f5f | 240 | (Only on: ia64, since Linux 2.3.48; parisc, since Linux 2.6.15; |
eaf7a691 | 241 | PowerPC, since Linux 2.6.18; Alpha, since Linux 2.6.22) |
1c44bd5b MK |
242 | Set unaligned access control bits to \fIarg2\fP. |
243 | Pass | |
244 | \fBPR_UNALIGN_NOPRINT\fP to silently fix up unaligned user accesses, | |
8bd58774 MK |
245 | or \fBPR_UNALIGN_SIGBUS\fP to generate |
246 | .B SIGBUS | |
247 | on unaligned user access. | |
e87fdd92 MK |
248 | .TP |
249 | .B PR_GET_UNALIGN | |
bf1c0ede | 250 | (see |
20f75f5f MK |
251 | .B PR_SET_UNALIGN |
252 | for information on versions and architectures) | |
8ab8b43f MK |
253 | Return unaligned access control bits, in the location pointed to by |
254 | .IR "(int\ *) arg2" . | |
e87fdd92 | 255 | .TP |
8ab8b43f | 256 | .BR PR_SET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)" |
e87fdd92 MK |
257 | Set floating-point emulation control bits to \fIarg2\fP. |
258 | Pass \fBPR_FPEMU_NOPRINT\fP to silently emulate fp operations accesses, or | |
8bd58774 MK |
259 | \fBPR_FPEMU_SIGFPE\fP to not emulate fp operations and send |
260 | .B SIGFPE | |
261 | instead. | |
e87fdd92 | 262 | .TP |
8ab8b43f MK |
263 | .BR PR_GET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)" |
264 | Return floating-point emulation control bits, | |
265 | in the location pointed to by | |
266 | .IR "(int\ *) arg2" . | |
e87fdd92 | 267 | .TP |
8ab8b43f | 268 | .BR PR_SET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)" |
1c44bd5b MK |
269 | Set floating-point exception mode to \fIarg2\fP. |
270 | Pass \fBPR_FP_EXC_SW_ENABLE\fP to use FPEXC for FP exception enables, | |
e87fdd92 MK |
271 | \fBPR_FP_EXC_DIV\fP for floating point divide by zero, |
272 | \fBPR_FP_EXC_OVF\fP for floating point overflow, | |
273 | \fBPR_FP_EXC_UND\fP for floating point underflow, | |
274 | \fBPR_FP_EXC_RES\fP for floating point inexact result, | |
275 | \fBPR_FP_EXC_INV\fP for floating point invalid operation, | |
276 | \fBPR_FP_EXC_DISABLED\fP for FP exceptions disabled, | |
277 | \fBPR_FP_EXC_NONRECOV\fP for async non-recoverable exception mode, | |
278 | \fBPR_FP_EXC_ASYNC\fP for async recoverable exception mode, | |
279 | \fBPR_FP_EXC_PRECISE\fP for precise exception mode. | |
280 | .TP | |
8ab8b43f MK |
281 | .BR PR_GET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)" |
282 | Return floating-point exception mode, | |
283 | in the location pointed to by | |
284 | .IR "(int\ *) arg2" . | |
285 | .TP | |
286 | .BR PR_SET_SECCOMP " (since Linux 2.6.23)" | |
287 | .\" See http://thread.gmane.org/gmane.linux.kernel/542632 | |
288 | .\" [PATCH 0 of 2] seccomp updates | |
289 | .\" andrea@cpushare.com | |
290 | Set the secure computing mode for the calling thread. | |
291 | In the current implementation, | |
292 | .IR arg2 | |
293 | must be 1. | |
294 | After the secure computing mode has been set to 1, | |
295 | the only system calls that the thread is permitted to make are | |
296 | .BR read (2), | |
297 | .BR write (2), | |
298 | .BR _exit(2), | |
fea681da | 299 | and |
8ab8b43f MK |
300 | .BR sigreturn (2). |
301 | Other system calls result in the delivery of a | |
302 | .BR SIGKILL | |
303 | signal. | |
304 | Secure computing mode is useful for number-crunching applications | |
305 | that may need to execute untrusted byte code, | |
306 | perhaps obtained by reading from a pipe or socket. | |
307 | This operation is only available | |
308 | if the kernel is configured with CONFIG_SECCOMP enabled. | |
309 | .TP | |
310 | .BR PR_GET_SECCOMP " (since Linux 2.6.23)" | |
311 | Return the secure computing mode of the calling thread. | |
312 | Not very useful for the current implementation (mode equals 1), | |
313 | but may be useful for other possible future modes: | |
314 | if the caller is not in secure computing mode, this operation returns 0; | |
315 | if the caller is in secure computing mode, then the | |
316 | .BR prctl () | |
317 | call will cause a | |
318 | .B SIGKILL | |
319 | signal to be sent to the process. | |
320 | This operation is only available | |
321 | if the kernel is configured with CONFIG_SECCOMP enabled. | |
322 | .SH "RETURN VALUE" | |
323 | On success, | |
324 | .BR PR_GET_DUMPABLE , | |
325 | .BR PR_GET_KEEPCAPS , | |
326 | .BR PR_CAPBSET_READ , | |
327 | .BR PR_GET_TIMING , | |
328 | .BR PR_GET_SECUREBITS , | |
329 | and (if it returns) | |
330 | .BR PR_GET_SECCOMP | |
331 | return the non-negative values described above. | |
fea681da MK |
332 | All other |
333 | .I option | |
334 | values return 0 on success. | |
335 | On error, \-1 is returned, and | |
336 | .I errno | |
337 | is set appropriately. | |
338 | .SH ERRORS | |
339 | .TP | |
8ab8b43f MK |
340 | .B EFAULT |
341 | .I arg2 | |
342 | is an invalid address. | |
343 | .TP | |
fea681da MK |
344 | .B EINVAL |
345 | The value of | |
346 | .I option | |
8ab8b43f MK |
347 | is not recognized |
348 | .B EINVAL | |
fea681da | 349 | .I arg2 |
8ab8b43f MK |
350 | is not valid value for this |
351 | .IR option . | |
352 | .TP | |
353 | .B EINVAL | |
354 | .I option | |
355 | is | |
356 | .BR PR_SET_SECCOMP | |
357 | or | |
358 | .BR PR_SET_SECCOMP , | |
359 | and the kernel was not configured with | |
360 | .BR CONFIG_SECCOMP . | |
361 | .TP | |
362 | .B EPERM | |
363 | .I option | |
364 | is | |
365 | .BR PR_SET_SECUREBITS , | |
366 | and the caller does not have the | |
367 | .B CAP_SETPCAP | |
368 | capability, | |
369 | or tried to unset a "locked" flag, | |
370 | or tried to set a flag whose corresponding locked flag was set | |
371 | (see | |
372 | .BR capabilities (7)). | |
373 | .TP | |
374 | .B EPERM | |
375 | .I option | |
376 | is | |
377 | .BR PR_SET_KEEPCAPS , | |
378 | and the callers's | |
379 | .B SECURE_KEEP_CAPS_LOCKED | |
380 | flag is set | |
381 | (see | |
382 | .BR capabilities (7)). | |
383 | .TP | |
384 | .B EPERM | |
385 | .I option | |
386 | is | |
387 | .BR PR_CAPBSET_DROP , | |
388 | and the caller does not have the | |
389 | .B CAP_SETPCAP | |
390 | capability. | |
391 | .\" The following can't actually happen, because prctl() in | |
392 | .\" seccomp mode will cause SIGKILL. | |
393 | .\" .TP | |
394 | .\" .B EPERM | |
395 | .\" .I option | |
396 | .\" is | |
397 | .\" .BR PR_SET_SECCOMP , | |
398 | .\" and secure computing mode is already 1. | |
a1d5f77c MK |
399 | .SH VERSIONS |
400 | The | |
401 | .BR prctl () | |
402 | system call was introduced in Linux 2.1.57. | |
403 | .\" The library interface was added in glibc 2.0.6 | |
fea681da | 404 | .SH "CONFORMING TO" |
8382f16d | 405 | This call is Linux-specific. |
c13182ef | 406 | IRIX has a |
1e321034 MK |
407 | .BR prctl () |
408 | system call (also introduced in Linux 2.1.44 | |
fea681da MK |
409 | as irix_prctl on the MIPS architecture), |
410 | with prototype | |
411 | .sp | |
412 | .BI "ptrdiff_t prctl(int " option ", int " arg2 ", int " arg3 ); | |
413 | .sp | |
414 | and options to get the maximum number of processes per user, | |
415 | get the maximum number of processors the calling process can use, | |
416 | find out whether a specified process is currently blocked, | |
fba59d25 | 417 | get or set the maximum stack size, etc. |
fea681da | 418 | .SH "SEE ALSO" |
cb1c9135 | 419 | .BR signal (2), |
e1a9bc1b | 420 | .BR core (5) |