]>
Commit | Line | Data |
---|---|---|
fea681da | 1 | .\" Copyright (C) 1998 Andries Brouwer (aeb@cwi.nl) |
73d3ac53 | 2 | .\" and Copyright (C) 2002, 2006, 2008, 2012, 2013 Michael Kerrisk <mtk.manpages@gmail.com> |
af5f9508 | 3 | .\" and Copyright Guillem Jover <guillem@hadrons.org> |
3cd5e983 | 4 | .\" and Copyright (C) 2014 Dave Hansen / Intel |
fea681da | 5 | .\" |
93015253 | 6 | .\" %%%LICENSE_START(VERBATIM) |
fea681da MK |
7 | .\" Permission is granted to make and distribute verbatim copies of this |
8 | .\" manual provided the copyright notice and this permission notice are | |
9 | .\" preserved on all copies. | |
10 | .\" | |
11 | .\" Permission is granted to copy and distribute modified versions of this | |
12 | .\" manual under the conditions for verbatim copying, provided that the | |
13 | .\" entire resulting derived work is distributed under the terms of a | |
14 | .\" permission notice identical to this one. | |
c13182ef | 15 | .\" |
fea681da MK |
16 | .\" Since the Linux kernel and libraries are constantly changing, this |
17 | .\" manual page may be incorrect or out-of-date. The author(s) assume no | |
18 | .\" responsibility for errors or omissions, or for damages resulting from | |
19 | .\" the use of the information contained herein. The author(s) may not | |
20 | .\" have taken the same level of care in the production of this manual, | |
21 | .\" which is licensed free of charge, as they might when working | |
22 | .\" professionally. | |
c13182ef | 23 | .\" |
fea681da MK |
24 | .\" Formatted or processed versions of this manual, if unaccompanied by |
25 | .\" the source, must acknowledge the copyright and authors of this work. | |
4b72fb64 | 26 | .\" %%%LICENSE_END |
fea681da MK |
27 | .\" |
28 | .\" Modified Thu Nov 11 04:19:42 MET 1999, aeb: added PR_GET_PDEATHSIG | |
29 | .\" Modified 27 Jun 02, Michael Kerrisk | |
c13182ef | 30 | .\" Added PR_SET_DUMPABLE, PR_GET_DUMPABLE, |
fea681da | 31 | .\" PR_SET_KEEPCAPS, PR_GET_KEEPCAPS |
e87fdd92 MK |
32 | .\" Modified 2006-08-30 Guillem Jover <guillem@hadrons.org> |
33 | .\" Updated Linux versions where the options where introduced. | |
34 | .\" Added PR_SET_TIMING, PR_GET_TIMING, PR_SET_NAME, PR_GET_NAME, | |
35 | .\" PR_SET_UNALIGN, PR_GET_UNALIGN, PR_SET_FPEMU, PR_GET_FPEMU, | |
36 | .\" PR_SET_FPEXC, PR_GET_FPEXC | |
8ab8b43f MK |
37 | .\" 2008-04-29 Serge Hallyn, Document PR_CAPBSET_READ and PR_CAPBSET_DROP |
38 | .\" 2008-06-13 Erik Bosman, <ejbosman@cs.vu.nl> | |
39 | .\" Document PR_GET_TSC and PR_SET_TSC. | |
40 | .\" 2008-06-15 mtk, Document PR_SET_SECCOMP, PR_GET_SECCOMP | |
bc02b3ea | 41 | .\" 2009-10-03 Andi Kleen, document PR_MCE_KILL |
06afe673 | 42 | .\" 2012-04 Cyrill Gorcunov, Document PR_SET_MM |
bc02b3ea MK |
43 | .\" 2012-04-25 Michael Kerrisk, Document PR_TASK_PERF_EVENTS_DISABLE and |
44 | .\" PR_TASK_PERF_EVENTS_ENABLE | |
34447828 | 45 | .\" 2012-09-20 Kees Cook, update PR_SET_SECCOMP for mode 2 |
f83fe154 | 46 | .\" 2012-09-20 Kees Cook, document PR_SET_NO_NEW_PRIVS, PR_GET_NO_NEW_PRIVS |
934487a0 MK |
47 | .\" 2012-10-25 Michael Kerrisk, Document PR_SET_TIMERSLACK and |
48 | .\" PR_GET_TIMERSLACK | |
491b2e75 | 49 | .\" 2013-01-10 Kees Cook, document PR_SET_PTRACER |
31cc8387 | 50 | .\" 2012-02-04 Michael Kerrisk, document PR_{SET,GET}_CHILD_SUBREAPER |
03979794 | 51 | .\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT |
fea681da | 52 | .\" |
e14baeeb | 53 | .\" |
3df541c0 | 54 | .TH PRCTL 2 2016-07-17 "Linux" "Linux Programmer's Manual" |
fea681da MK |
55 | .SH NAME |
56 | prctl \- operations on a process | |
57 | .SH SYNOPSIS | |
521bf584 | 58 | .nf |
fea681da MK |
59 | .B #include <sys/prctl.h> |
60 | .sp | |
521bf584 MK |
61 | .BI "int prctl(int " option ", unsigned long " arg2 ", unsigned long " arg3 , |
62 | .BI " unsigned long " arg4 ", unsigned long " arg5 ); | |
63 | .fi | |
fea681da | 64 | .SH DESCRIPTION |
e511ffb6 | 65 | .BR prctl () |
fea681da | 66 | is called with a first argument describing what to do |
1a329b56 | 67 | (with values defined in \fI<linux/prctl.h>\fP), and further |
c4bb193f | 68 | arguments with a significance depending on the first one. |
fea681da | 69 | The first argument can be: |
03547431 MK |
70 | .\" |
71 | .TP | |
72 | .BR PR_CAP_AMBIENT " (since Linux 4.3)" | |
73 | .\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08 | |
74 | Reads or changes the ambient capability set, according to the value of | |
75 | .IR arg2 , | |
76 | which must be one of the following: | |
77 | .RS | |
78 | .\" | |
79 | .TP | |
80 | .B PR_CAP_AMBIENT_RAISE | |
81 | The capability specified in | |
82 | .I arg3 | |
83 | is added to the ambient set. | |
84 | The specified capability must already be present in | |
85 | both the permitted and the inheritable sets of the process. | |
86 | This operation is not permitted if the | |
87 | .B SECBIT_NO_CAP_AMBIENT_RAISE | |
88 | securebit is set. | |
89 | .TP | |
90 | .B PR_CAP_AMBIENT_LOWER | |
91 | The capability specified in | |
92 | .I arg3 | |
93 | is removed from the ambient set. | |
94 | .TP | |
95 | .B PR_CAP_AMBIENT_IS_SET | |
96 | The | |
97 | .BR prctl (2) | |
98 | call returns 1 if the capability in | |
99 | .I arg3 | |
100 | is in the ambient set and 0 if it is not. | |
101 | .TP | |
102 | .BR PR_CAP_AMBIENT_CLEAR_ALL | |
103 | All capabilities will be removed from the ambient set. | |
104 | This operation requires setting | |
105 | .I arg3 | |
106 | to zero. | |
107 | .RE | |
269e3b97 MK |
108 | .IP |
109 | In all of the above operations, | |
110 | .I arg4 | |
111 | and | |
112 | .I arg5 | |
113 | must be specified as 0. | |
fea681da | 114 | .TP |
2e781e20 | 115 | .BR PR_CAPBSET_READ " (since Linux 2.6.25)" |
8ab8b43f MK |
116 | Return (as the function result) 1 if the capability specified in |
117 | .I arg2 | |
118 | is in the calling thread's capability bounding set, | |
119 | or 0 if it is not. | |
120 | (The capability constants are defined in | |
121 | .IR <linux/capability.h> .) | |
122 | The capability bounding set dictates | |
123 | whether the process can receive the capability through a | |
2914a14d | 124 | file's permitted capability set on a subsequent call to |
8ab8b43f MK |
125 | .BR execve (2). |
126 | ||
127 | If the capability specified in | |
128 | .I arg2 | |
129 | is not valid, then the call fails with the error | |
130 | .BR EINVAL . | |
131 | .TP | |
132 | .BR PR_CAPBSET_DROP " (since Linux 2.6.25)" | |
133 | If the calling thread has the | |
134 | .B CAP_SETPCAP | |
135 | capability, then drop the capability specified by | |
136 | .I arg2 | |
137 | from the calling thread's capability bounding set. | |
138 | Any children of the calling thread will inherit the newly | |
139 | reduced bounding set. | |
140 | ||
141 | The call fails with the error: | |
142 | .B EPERM | |
2914a14d | 143 | if the calling thread does not have the |
8ab8b43f MK |
144 | .BR CAP_SETPCAP ; |
145 | .BR EINVAL | |
146 | if | |
147 | .I arg2 | |
148 | does not represent a valid capability; or | |
149 | .BR EINVAL | |
150 | if file capabilities are not enabled in the kernel, | |
151 | in which case bounding sets are not supported. | |
73d3ac53 MK |
152 | .TP |
153 | .BR PR_SET_CHILD_SUBREAPER " (since Linux 3.4)" | |
154 | .\" commit ebec18a6d3aa1e7d84aab16225e87fd25170ec2b | |
155 | If | |
156 | .I arg2 | |
157 | is nonzero, | |
158 | set the "child subreaper" attribute of the calling process; | |
159 | if | |
160 | .I arg2 | |
161 | is zero, unset the attribute. | |
8b41eea4 | 162 | |
36127c0e | 163 | When a process is marked as a child subreaper, |
73d3ac53 MK |
164 | all of the children that it creates, and their descendants, |
165 | will be marked as having a subreaper. | |
166 | In effect, a subreaper fulfills the role of | |
167 | .BR init (1) | |
168 | for its descendant processes. | |
169 | Upon termination of a process | |
170 | that is orphaned (i.e., its immediate parent has already terminated) | |
171 | and marked as having a subreaper, | |
172 | the nearest still living ancestor subreaper | |
173 | will receive a | |
174 | .BR SIGCHLD | |
1a8e1c2f | 175 | signal and will be able to |
73d3ac53 MK |
176 | .BR wait (2) |
177 | on the process to discover its termination status. | |
73d3ac53 MK |
178 | .TP |
179 | .BR PR_GET_CHILD_SUBREAPER " (since Linux 3.4)" | |
180 | Return the "child subreaper" setting of the caller, | |
181 | in the location pointed to by | |
182 | .IR "(int\ *) arg2" . | |
8ab8b43f | 183 | .TP |
88989295 | 184 | .BR PR_SET_DUMPABLE " (since Linux 2.3.20)" |
2d7fc98d MK |
185 | Set the state of the "dumpable" flag, |
186 | which determines whether core dumps are produced for the calling process | |
187 | upon delivery of a signal whose default behavior is to produce a core dump. | |
4a3713a4 | 188 | |
88989295 | 189 | In kernels up to and including 2.6.12, |
8ab8b43f | 190 | .I arg2 |
8aad30d7 MK |
191 | must be either 0 |
192 | .RB ( SUID_DUMP_DISABLE , | |
193 | process is not dumpable) or 1 | |
194 | .RB ( SUID_DUMP_USER , | |
195 | process is dumpable). | |
0de51ed1 MK |
196 | Between kernels 2.6.13 and 2.6.17, |
197 | .\" commit abf75a5033d4da7b8a7e92321d74021d1fcfb502 | |
198 | the value 2 was also permitted, | |
88989295 MK |
199 | which caused any binary which normally would not be dumped |
200 | to be dumped readable by root only; | |
201 | for security reasons, this feature has been removed. | |
202 | .\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2 | |
203 | .\" Subject: Fix prctl privilege escalation (CVE-2006-2451) | |
204 | .\" From: Marcel Holtmann <marcel () holtmann ! org> | |
205 | .\" Date: 2006-07-12 11:12:00 | |
206 | (See also the description of | |
2d7fc98d | 207 | .I /proc/sys/fs/\:suid_dumpable |
88989295 MK |
208 | in |
209 | .BR proc (5).) | |
4a3713a4 | 210 | |
2d7fc98d MK |
211 | Normally, this flag is set to 1. |
212 | However, it is reset to the current value contained in the file | |
213 | .IR /proc/sys/fs/\:suid_dumpable | |
214 | (which by default has the value 0), | |
215 | if any of the following attributes of the process | |
216 | are changed by the operations listed below: | |
217 | .\" See kernel/cred.c::commit_creds() (Linux 3.18 sources) | |
218 | .RS | |
219 | .IP * 3 | |
220 | The effective user or group ID is changed. | |
221 | .IP * | |
222 | The filesystem user or group ID is changed (see | |
223 | .BR credentials (7)). | |
224 | .IP * | |
225 | The process's set of permitted capabilities (see | |
226 | .BR capabilities (7)) | |
227 | is changed such that its new set of capabilities is | |
228 | not a subset of its previous set of capabilities. | |
229 | .RE | |
230 | .IP | |
231 | The operations that may trigger changes to the dumpable flag include: | |
232 | .\" Look for uses of commit_creds() in the kernel source code | |
233 | .RS | |
234 | .IP * 3 | |
235 | execution | |
236 | .RB ( execve (2)) | |
237 | of a set-user-ID or set-group-ID program, | |
238 | or a program that has capabilities (see | |
239 | .BR capabilities (7)); | |
240 | .IP * | |
241 | .BR capset (2); | |
242 | and | |
243 | .IP * | |
244 | system calls that change process credentials | |
245 | .RB ( setuid (2) | |
246 | .BR setgid (2), | |
247 | .BR setresuid (2), | |
248 | .BR setresgid (2), | |
249 | .BR setgroups (2), | |
250 | and so on). | |
5d28ea3e | 251 | .\" Also certain namespace operations; |
2d7fc98d MK |
252 | .RE |
253 | .IP | |
cadcf1b1 | 254 | Processes that are not dumpable can not be attached via |
6fdbc779 | 255 | .BR ptrace (2) |
cadcf1b1 | 256 | .BR PTRACE_ATTACH . |
64536a1b | 257 | .TP |
88989295 MK |
258 | .BR PR_GET_DUMPABLE " (since Linux 2.3.20)" |
259 | Return (as the function result) the current state of the calling | |
260 | process's dumpable flag. | |
261 | .\" Since Linux 2.6.13, the dumpable flag can have the value 2, | |
262 | .\" but in 2.6.13 PR_GET_DUMPABLE simply returns 1 if the dumpable | |
c7094399 | 263 | .\" flags has a nonzero value. This was fixed in 2.6.14. |
64536a1b | 264 | .TP |
8ab8b43f | 265 | .BR PR_SET_ENDIAN " (since Linux 2.6.18, PowerPC only)" |
c13182ef | 266 | Set the endian-ness of the calling process to the value given |
64536a1b | 267 | in \fIarg2\fP, which should be one of the following: |
8ab8b43f | 268 | .\" Respectively 0, 1, 2 |
64536a1b MK |
269 | .BR PR_ENDIAN_BIG , |
270 | .BR PR_ENDIAN_LITTLE , | |
271 | or | |
0daa9e92 | 272 | .B PR_ENDIAN_PPC_LITTLE |
64536a1b | 273 | (PowerPC pseudo little endian). |
e87fdd92 | 274 | .TP |
8ab8b43f MK |
275 | .BR PR_GET_ENDIAN " (since Linux 2.6.18, PowerPC only)" |
276 | Return the endian-ness of the calling process, | |
277 | in the location pointed to by | |
278 | .IR "(int\ *) arg2" . | |
279 | .TP | |
8ab8b43f | 280 | .BR PR_SET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)" |
e87fdd92 | 281 | Set floating-point emulation control bits to \fIarg2\fP. |
7626d2ce MK |
282 | Pass |
283 | .B PR_FPEMU_NOPRINT | |
284 | to silently emulate floating-point operation accesses, or | |
285 | .B PR_FPEMU_SIGFPE | |
286 | to not emulate floating-point operations and send | |
8bd58774 MK |
287 | .B SIGFPE |
288 | instead. | |
e87fdd92 | 289 | .TP |
8ab8b43f MK |
290 | .BR PR_GET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)" |
291 | Return floating-point emulation control bits, | |
292 | in the location pointed to by | |
293 | .IR "(int\ *) arg2" . | |
e87fdd92 | 294 | .TP |
8ab8b43f | 295 | .BR PR_SET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)" |
1c44bd5b MK |
296 | Set floating-point exception mode to \fIarg2\fP. |
297 | Pass \fBPR_FP_EXC_SW_ENABLE\fP to use FPEXC for FP exception enables, | |
c45bd688 MK |
298 | \fBPR_FP_EXC_DIV\fP for floating-point divide by zero, |
299 | \fBPR_FP_EXC_OVF\fP for floating-point overflow, | |
300 | \fBPR_FP_EXC_UND\fP for floating-point underflow, | |
301 | \fBPR_FP_EXC_RES\fP for floating-point inexact result, | |
302 | \fBPR_FP_EXC_INV\fP for floating-point invalid operation, | |
e87fdd92 | 303 | \fBPR_FP_EXC_DISABLED\fP for FP exceptions disabled, |
b28f6e56 | 304 | \fBPR_FP_EXC_NONRECOV\fP for async nonrecoverable exception mode, |
e87fdd92 MK |
305 | \fBPR_FP_EXC_ASYNC\fP for async recoverable exception mode, |
306 | \fBPR_FP_EXC_PRECISE\fP for precise exception mode. | |
307 | .TP | |
8ab8b43f MK |
308 | .BR PR_GET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)" |
309 | Return floating-point exception mode, | |
310 | in the location pointed to by | |
311 | .IR "(int\ *) arg2" . | |
312 | .TP | |
88989295 MK |
313 | .BR PR_SET_KEEPCAPS " (since Linux 2.2.18)" |
314 | Set the state of the thread's "keep capabilities" flag, | |
88ee5c1c JW |
315 | which determines whether the thread's permitted |
316 | capability set is cleared when a change is made to the thread's user IDs | |
317 | such that the thread's real UID, effective UID, and saved set-user-ID | |
c7094399 | 318 | all become nonzero when at least one of them previously had the value 0. |
028cb080 MK |
319 | By default, the permitted capability set is cleared when such a change is made; |
320 | setting the "keep capabilities" flag prevents it from being cleared. | |
88989295 | 321 | .I arg2 |
028cb080 MK |
322 | must be either 0 (permitted capabilities are cleared) |
323 | or 1 (permitted capabilities are kept). | |
324 | (A thread's | |
325 | .I effective | |
326 | capability set is always cleared when such a credential change is made, | |
327 | regardless of the setting of the "keep capabilities" flag.) | |
328 | The "keep capabilities" value will be reset to 0 on subsequent calls to | |
88989295 MK |
329 | .BR execve (2). |
330 | .TP | |
331 | .BR PR_GET_KEEPCAPS " (since Linux 2.2.18)" | |
88ee5c1c | 332 | Return (as the function result) the current state of the calling thread's |
88989295 MK |
333 | "keep capabilities" flag. |
334 | .TP | |
03547431 MK |
335 | .BR PR_MCE_KILL " (since Linux 2.6.32)" |
336 | Set the machine check memory corruption kill policy for the current thread. | |
337 | If | |
338 | .I arg2 | |
339 | is | |
340 | .BR PR_MCE_KILL_CLEAR , | |
341 | clear the thread memory corruption kill policy and use the system-wide default. | |
342 | (The system-wide default is defined by | |
343 | .IR /proc/sys/vm/memory_failure_early_kill ; | |
344 | see | |
345 | .BR proc (5).) | |
346 | If | |
347 | .I arg2 | |
348 | is | |
349 | .BR PR_MCE_KILL_SET , | |
350 | use a thread-specific memory corruption kill policy. | |
351 | In this case, | |
352 | .I arg3 | |
353 | defines whether the policy is | |
354 | .I early kill | |
355 | .RB ( PR_MCE_KILL_EARLY ), | |
356 | .I late kill | |
357 | .RB ( PR_MCE_KILL_LATE ), | |
358 | or the system-wide default | |
359 | .RB ( PR_MCE_KILL_DEFAULT ). | |
360 | Early kill means that the thread receives a | |
361 | .B SIGBUS | |
362 | signal as soon as hardware memory corruption is detected inside | |
363 | its address space. | |
364 | In late kill mode, the process is killed only when it accesses a corrupted page. | |
365 | See | |
366 | .BR sigaction (2) | |
367 | for more information on the | |
368 | .BR SIGBUS | |
369 | signal. | |
370 | The policy is inherited by children. | |
371 | The remaining unused | |
372 | .BR prctl () | |
373 | arguments must be zero for future compatibility. | |
88989295 | 374 | .TP |
03547431 MK |
375 | .BR PR_MCE_KILL_GET " (since Linux 2.6.32)" |
376 | Return the current per-process machine check kill policy. | |
377 | All unused | |
378 | .BR prctl () | |
379 | arguments must be zero. | |
88989295 | 380 | .TP |
03547431 MK |
381 | .BR PR_SET_MM " (since Linux 3.3)" |
382 | .\" commit 028ee4be34a09a6d48bdf30ab991ae933a7bc036 | |
383 | Modify certain kernel memory map descriptor fields | |
384 | of the calling process. | |
385 | Usually these fields are set by the kernel and dynamic loader (see | |
386 | .BR ld.so (8) | |
387 | for more information) and a regular application should not use this feature. | |
388 | However, there are cases, such as self-modifying programs, | |
389 | where a program might find it useful to change its own memory map. | |
390 | This feature is available only if the kernel is built with the | |
391 | .BR CONFIG_CHECKPOINT_RESTORE | |
392 | option enabled. | |
393 | The calling process must have the | |
394 | .BR CAP_SYS_RESOURCE | |
395 | capability. | |
396 | The value in | |
397 | .I arg2 | |
398 | is one of the options below, while | |
399 | .I arg3 | |
400 | provides a new value for the option. | |
401 | .RS | |
402 | .TP | |
403 | .BR PR_SET_MM_START_CODE | |
404 | Set the address above which the program text can run. | |
405 | The corresponding memory area must be readable and executable, | |
406 | but not writable or sharable (see | |
407 | .BR mprotect (2) | |
0fcc276f | 408 | and |
03547431 MK |
409 | .BR mmap (2) |
410 | for more information). | |
f83fe154 | 411 | .TP |
03547431 MK |
412 | .BR PR_SET_MM_END_CODE |
413 | Set the address below which the program text can run. | |
414 | The corresponding memory area must be readable and executable, | |
415 | but not writable or sharable. | |
f83fe154 | 416 | .TP |
03547431 MK |
417 | .BR PR_SET_MM_START_DATA |
418 | Set the address above which initialized and | |
419 | uninitialized (bss) data are placed. | |
420 | The corresponding memory area must be readable and writable, | |
421 | but not executable or sharable. | |
88989295 | 422 | .TP |
03547431 MK |
423 | .B PR_SET_MM_END_DATA |
424 | Set the address below which initialized and | |
425 | uninitialized (bss) data are placed. | |
426 | The corresponding memory area must be readable and writable, | |
427 | but not executable or sharable. | |
88989295 | 428 | .TP |
03547431 MK |
429 | .BR PR_SET_MM_START_STACK |
430 | Set the start address of the stack. | |
431 | The corresponding memory area must be readable and writable. | |
491b2e75 | 432 | .TP |
03547431 MK |
433 | .BR PR_SET_MM_START_BRK |
434 | Set the address above which the program heap can be expanded with | |
435 | .BR brk (2) | |
436 | call. | |
437 | The address must be greater than the ending address of | |
438 | the current program data segment. | |
439 | In addition, the combined size of the resulting heap and | |
440 | the size of the data segment can't exceed the | |
441 | .BR RLIMIT_DATA | |
442 | resource limit (see | |
443 | .BR setrlimit (2)). | |
444 | .TP | |
445 | .BR PR_SET_MM_BRK | |
446 | Set the current | |
447 | .BR brk (2) | |
448 | value. | |
449 | The requirements for the address are the same as for the | |
450 | .BR PR_SET_MM_START_BRK | |
451 | option. | |
452 | .P | |
453 | The following options are available since Linux 3.5. | |
454 | .\" commit fe8c7f5cbf91124987106faa3bdf0c8b955c4cf7 | |
455 | .TP | |
456 | .BR PR_SET_MM_ARG_START | |
457 | Set the address above which the program command line is placed. | |
458 | .TP | |
459 | .BR PR_SET_MM_ARG_END | |
460 | Set the address below which the program command line is placed. | |
461 | .TP | |
462 | .BR PR_SET_MM_ENV_START | |
463 | Set the address above which the program environment is placed. | |
464 | .TP | |
465 | .BR PR_SET_MM_ENV_END | |
466 | Set the address below which the program environment is placed. | |
467 | .IP | |
468 | The address passed with | |
469 | .BR PR_SET_MM_ARG_START , | |
470 | .BR PR_SET_MM_ARG_END , | |
471 | .BR PR_SET_MM_ENV_START , | |
472 | and | |
473 | .BR PR_SET_MM_ENV_END | |
474 | should belong to a process stack area. | |
475 | Thus, the corresponding memory area must be readable, writable, and | |
476 | (depending on the kernel configuration) have the | |
477 | .BR MAP_GROWSDOWN | |
478 | attribute set (see | |
479 | .BR mmap (2)). | |
480 | .TP | |
481 | .BR PR_SET_MM_AUXV | |
482 | Set a new auxiliary vector. | |
483 | The | |
484 | .I arg3 | |
485 | argument should provide the address of the vector. | |
486 | The | |
487 | .I arg4 | |
488 | is the size of the vector. | |
489 | .TP | |
490 | .BR PR_SET_MM_EXE_FILE | |
491 | .\" commit b32dfe377102ce668775f8b6b1461f7ad428f8b6 | |
492 | Supersede the | |
493 | .IR /proc/pid/exe | |
494 | symbolic link with a new one pointing to a new executable file | |
495 | identified by the file descriptor provided in | |
496 | .I arg3 | |
497 | argument. | |
498 | The file descriptor should be obtained with a regular | |
499 | .BR open (2) | |
500 | call. | |
501 | .IP | |
502 | To change the symbolic link, one needs to unmap all existing | |
503 | executable memory areas, including those created by the kernel itself | |
504 | (for example the kernel usually creates at least one executable | |
505 | memory area for the ELF | |
506 | .IR \.text | |
507 | section). | |
508 | .IP | |
509 | The second limitation is that such transitions can be done only once | |
510 | in a process life time. | |
511 | Any further attempts will be rejected. | |
512 | This should help system administrators monitor unusual | |
513 | symbolic-link transitions over all processes running on a system. | |
514 | .RE | |
515 | .TP | |
516 | .BR PR_MPX_ENABLE_MANAGEMENT ", " PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19) " | |
517 | .\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c | |
518 | .\" See also http://lwn.net/Articles/582712/ | |
519 | .\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler | |
520 | Enable or disable kernel management of Memory Protection eXtensions (MPX) | |
521 | bounds tables. | |
522 | The | |
523 | .IR arg2 , | |
524 | .IR arg3 , | |
525 | .IR arg4 , | |
526 | and | |
527 | .IR arg5 | |
528 | .\" commit e9d1b4f3c60997fe197bf0243cb4a41a44387a88 | |
529 | arguments must be zero. | |
530 | ||
531 | MPX is a hardware-assisted mechanism for performing bounds checking on | |
532 | pointers. | |
533 | It consists of a set of registers storing bounds information | |
534 | and a set of special instruction prefixes that tell the CPU on which | |
535 | instructions it should do bounds enforcement. | |
536 | There is a limited number of these registers and | |
537 | when there are more pointers than registers, | |
538 | their contents must be "spilled" into a set of tables. | |
539 | These tables are called "bounds tables" and the MPX | |
540 | .BR prctl () | |
541 | operations control | |
542 | whether the kernel manages their allocation and freeing. | |
543 | ||
544 | When management is enabled, the kernel will take over allocation | |
545 | and freeing of the bounds tables. | |
546 | It does this by trapping the #BR exceptions that result | |
547 | at first use of missing bounds tables and | |
548 | instead of delivering the exception to user space, | |
549 | it allocates the table and populates the bounds directory | |
550 | with the location of the new table. | |
551 | For freeing, the kernel checks to see if bounds tables are | |
552 | present for memory which is not allocated, and frees them if so. | |
553 | ||
554 | Before enabling MPX management using | |
555 | .BR PR_MPX_ENABLE_MANAGEMENT , | |
556 | the application must first have allocated a user-space buffer for | |
557 | the bounds directory and placed the location of that directory in the | |
558 | .I bndcfgu | |
559 | register. | |
560 | ||
561 | These calls will fail if the CPU or kernel does not support MPX. | |
562 | Kernel support for MPX is enabled via the | |
563 | .BR CONFIG_X86_INTEL_MPX | |
564 | configuration option. | |
565 | You can check whether the CPU supports MPX by looking for the 'mpx' | |
566 | CPUID bit, like with the following command: | |
567 | ||
568 | cat /proc/cpuinfo | grep ' mpx ' | |
569 | ||
570 | A thread may not switch in or out of long (64-bit) mode while MPX is | |
571 | enabled. | |
572 | ||
573 | All threads in a process are affected by these calls. | |
574 | ||
575 | The child of a | |
576 | .BR fork (2) | |
577 | inherits the state of MPX management. | |
578 | During | |
579 | .BR execve (2), | |
580 | MPX management is reset to a state as if | |
581 | .BR PR_MPX_DISABLE_MANAGEMENT | |
582 | had been called. | |
583 | ||
584 | For further information on Intel MPX, see the kernel source file | |
585 | .IR Documentation/x86/intel_mpx.txt . | |
586 | .TP | |
587 | .BR PR_SET_NAME " (since Linux 2.6.9)" | |
588 | Set the name of the calling thread, | |
589 | using the value in the location pointed to by | |
590 | .IR "(char\ *) arg2" . | |
591 | The name can be up to 16 bytes long, | |
592 | .\" TASK_COMM_LEN in include/linux/sched.h | |
593 | including the terminating null byte. | |
594 | (If the length of the string, including the terminating null byte, | |
595 | exceeds 16 bytes, the string is silently truncated.) | |
596 | This is the same attribute that can be set via | |
597 | .BR pthread_setname_np (3) | |
598 | and retrieved using | |
599 | .BR pthread_getname_np (3). | |
600 | The attribute is likewise accessible via | |
601 | .IR /proc/self/task/[tid]/comm , | |
602 | where | |
603 | .I tid | |
604 | is the name of the calling thread. | |
605 | .TP | |
606 | .BR PR_GET_NAME " (since Linux 2.6.11)" | |
607 | Return the name of the calling thread, | |
608 | in the buffer pointed to by | |
609 | .IR "(char\ *) arg2" . | |
610 | The buffer should allow space for up to 16 bytes; | |
611 | the returned string will be null-terminated. | |
612 | .TP | |
613 | .BR PR_SET_NO_NEW_PRIVS " (since Linux 3.5)" | |
614 | Set the calling process's | |
615 | .I no_new_privs | |
616 | bit to the value in | |
617 | .IR arg2 . | |
618 | With | |
619 | .I no_new_privs | |
620 | set to 1, | |
621 | .BR execve (2) | |
622 | promises not to grant privileges to do anything | |
623 | that could not have been done without the | |
624 | .BR execve (2) | |
625 | call (for example, | |
626 | rendering the set-user-ID and set-group-ID mode bits, | |
627 | and file capabilities non-functional). | |
628 | Once set, this bit cannot be unset. | |
629 | The setting of this bit is inherited by children created by | |
630 | .BR fork (2) | |
631 | and | |
632 | .BR clone (2), | |
633 | and preserved across | |
634 | .BR execve (2). | |
635 | ||
636 | For more information, see the kernel source file | |
637 | .IR Documentation/prctl/no_new_privs.txt . | |
638 | .TP | |
639 | .BR PR_GET_NO_NEW_PRIVS " (since Linux 3.5)" | |
640 | Return (as the function result) the value of the | |
641 | .I no_new_privs | |
642 | bit for the current process. | |
643 | A value of 0 indicates the regular | |
644 | .BR execve (2) | |
645 | behavior. | |
646 | A value of 1 indicates | |
647 | .BR execve (2) | |
648 | will operate in the privilege-restricting mode described above. | |
649 | .TP | |
650 | .BR PR_SET_PDEATHSIG " (since Linux 2.1.57)" | |
651 | Set the parent death signal | |
652 | of the calling process to \fIarg2\fP (either a signal value | |
653 | in the range 1..maxsig, or 0 to clear). | |
654 | This is the signal that the calling process will get when its | |
655 | parent dies. | |
656 | This value is cleared for the child of a | |
657 | .BR fork (2) | |
658 | and (since Linux 2.4.36 / 2.6.23) | |
659 | when executing a set-user-ID or set-group-ID binary, | |
660 | or a binary that has associated capabilities (see | |
661 | .BR capabilities (7)). | |
662 | This value is preserved across | |
663 | .BR execve (2). | |
664 | ||
665 | .IR Warning : | |
666 | .\" https://bugzilla.kernel.org/show_bug.cgi?id=43300 | |
667 | the "parent" in this case is considered to be the | |
668 | .I thread | |
669 | that created this process. | |
670 | In other words, the signal will be sent when that thread terminates | |
671 | (via, for example, | |
672 | .BR pthread_exit (3)), | |
673 | rather than after all of the threads in the parent process terminate. | |
674 | .TP | |
675 | .BR PR_GET_PDEATHSIG " (since Linux 2.3.15)" | |
676 | Return the current value of the parent process death signal, | |
677 | in the location pointed to by | |
678 | .IR "(int\ *) arg2" . | |
679 | .TP | |
680 | .BR PR_SET_PTRACER " (since Linux 3.4)" | |
681 | .\" commit 2d514487faf188938a4ee4fb3464eeecfbdcf8eb | |
682 | .\" commit bf06189e4d14641c0148bea16e9dd24943862215 | |
683 | This is meaningful only when the Yama LSM is enabled and in mode 1 | |
684 | ("restricted ptrace", visible via | |
685 | .IR /proc/sys/kernel/yama/ptrace_scope ). | |
686 | When a "ptracer process ID" is passed in \fIarg2\fP, | |
687 | the caller is declaring that the ptracer process can | |
688 | .BR ptrace (2) | |
689 | the calling process as if it were a direct process ancestor. | |
690 | Each | |
691 | .B PR_SET_PTRACER | |
692 | operation replaces the previous "ptracer process ID". | |
693 | Employing | |
694 | .B PR_SET_PTRACER | |
695 | with | |
696 | .I arg2 | |
697 | set to 0 clears the caller's "ptracer process ID". | |
698 | If | |
699 | .I arg2 | |
700 | is | |
701 | .BR PR_SET_PTRACER_ANY , | |
702 | the ptrace restrictions introduced by Yama are effectively disabled for the | |
703 | calling process. | |
704 | ||
705 | For further information, see the kernel source file | |
706 | .IR Documentation/security/Yama.txt . | |
707 | .TP | |
708 | .BR PR_SET_SECCOMP " (since Linux 2.6.23)" | |
709 | .\" See http://thread.gmane.org/gmane.linux.kernel/542632 | |
710 | .\" [PATCH 0 of 2] seccomp updates | |
711 | .\" andrea@cpushare.com | |
712 | Set the secure computing (seccomp) mode for the calling thread, to limit | |
713 | the available system calls. | |
714 | The more recent | |
715 | .BR seccomp (2) | |
716 | system call provides a superset of the functionality of | |
717 | .BR PR_SET_SECCOMP . | |
718 | ||
719 | The seccomp mode is selected via | |
720 | .IR arg2 . | |
721 | (The seccomp constants are defined in | |
722 | .IR <linux/seccomp.h> .) | |
34447828 KC |
723 | |
724 | With | |
8ab8b43f | 725 | .IR arg2 |
34447828 | 726 | set to |
b1248a9d | 727 | .BR SECCOMP_MODE_STRICT , |
8ab8b43f MK |
728 | the only system calls that the thread is permitted to make are |
729 | .BR read (2), | |
730 | .BR write (2), | |
85fbef74 MK |
731 | .BR _exit (2) |
732 | (but not | |
733 | .BR exit_group (2)), | |
fea681da | 734 | and |
8ab8b43f MK |
735 | .BR sigreturn (2). |
736 | Other system calls result in the delivery of a | |
737 | .BR SIGKILL | |
738 | signal. | |
34447828 | 739 | Strict secure computing mode is useful for number-crunching applications |
8ab8b43f MK |
740 | that may need to execute untrusted byte code, |
741 | perhaps obtained by reading from a pipe or socket. | |
33a0ccb2 | 742 | This operation is available only |
d6ef3d57 MK |
743 | if the kernel is configured with |
744 | .B CONFIG_SECCOMP | |
745 | enabled. | |
34447828 KC |
746 | |
747 | With | |
748 | .IR arg2 | |
749 | set to | |
b1248a9d | 750 | .BR SECCOMP_MODE_FILTER " (since Linux 3.5)," |
6239dfb2 MK |
751 | the system calls allowed are defined by a pointer |
752 | to a Berkeley Packet Filter passed in | |
753 | .IR arg3 . | |
754 | This argument is a pointer to | |
755 | .IR "struct sock_fprog" ; | |
756 | it can be designed to filter | |
d6ef3d57 | 757 | arbitrary system calls and system call arguments. |
33a0ccb2 | 758 | This mode is available only if the kernel is configured with |
d6ef3d57 MK |
759 | .B CONFIG_SECCOMP_FILTER |
760 | enabled. | |
34447828 | 761 | |
1733db35 MK |
762 | If |
763 | .BR SECCOMP_MODE_FILTER | |
764 | filters permit | |
765 | .BR fork (2), | |
990e3887 | 766 | then the seccomp mode is inherited by children created by |
1733db35 MK |
767 | .BR fork (2); |
768 | if | |
769 | .BR execve (2) | |
fa1d2749 | 770 | is permitted, then the seccomp mode is preserved across |
1733db35 MK |
771 | .BR execve (2). |
772 | If the filters permit | |
a26ec136 | 773 | .BR prctl () |
1733db35 MK |
774 | calls, then additional filters can be added; |
775 | they are run in order until the first non-allow result is seen. | |
776 | ||
6239dfb2 MK |
777 | For further information, see the kernel source file |
778 | .IR Documentation/prctl/seccomp_filter.txt . | |
8ab8b43f MK |
779 | .TP |
780 | .BR PR_GET_SECCOMP " (since Linux 2.6.23)" | |
5e91816c MK |
781 | Return (as the function result) |
782 | the secure computing mode of the calling thread. | |
34447828 KC |
783 | If the caller is not in secure computing mode, this operation returns 0; |
784 | if the caller is in strict secure computing mode, then the | |
8ab8b43f MK |
785 | .BR prctl () |
786 | call will cause a | |
787 | .B SIGKILL | |
788 | signal to be sent to the process. | |
d6ef3d57 | 789 | If the caller is in filter mode, and this system call is allowed by the |
8eeb062d MK |
790 | seccomp filters, it returns 2; otherwise, the process is killed with a |
791 | .BR SIGKILL | |
792 | signal. | |
33a0ccb2 | 793 | This operation is available only |
d6ef3d57 MK |
794 | if the kernel is configured with |
795 | .B CONFIG_SECCOMP | |
796 | enabled. | |
787843e7 MK |
797 | |
798 | Since Linux 3.8, the | |
799 | .IR Seccomp | |
800 | field of the | |
801 | .IR /proc/[pid]/status | |
802 | file provides a method of obtaining the same information, | |
803 | without the risk that the process is killed; see | |
804 | .BR proc (5). | |
88989295 MK |
805 | .TP |
806 | .BR PR_SET_SECUREBITS " (since Linux 2.6.26)" | |
807 | Set the "securebits" flags of the calling thread to the value supplied in | |
03547431 MK |
808 | .IR arg2 . |
809 | See | |
810 | .BR capabilities (7). | |
88989295 | 811 | .TP |
03547431 MK |
812 | .BR PR_GET_SECUREBITS " (since Linux 2.6.26)" |
813 | Return (as the function result) | |
814 | the "securebits" flags of the calling thread. | |
815 | See | |
816 | .BR capabilities (7). | |
817 | .TP | |
818 | .BR PR_SET_THP_DISABLE " (since Linux 3.15)" | |
819 | .\" commit a0715cc22601e8830ace98366c0c2bd8da52af52 | |
820 | Set the state of the "THP disable" flag for the calling thread. | |
821 | If | |
822 | .I arg2 | |
823 | has a nonzero value, the flag is set, otherwise it is cleared. | |
824 | Setting this flag provides a method | |
825 | for disabling transparent huge pages | |
826 | for jobs where the code cannot be modified, and using a malloc hook with | |
827 | .BR madvise (2) | |
828 | is not an option (i.e., statically allocated data). | |
829 | The setting of the "THP disable" flag is inherited by a child created via | |
830 | .BR fork (2) | |
831 | and is preserved across | |
832 | .BR execve (2). | |
833 | .\" | |
06afe673 MK |
834 | .TP |
835 | .BR PR_TASK_PERF_EVENTS_DISABLE " (since Linux 2.6.31)" | |
836 | Disable all performance counters attached to the calling process, | |
837 | regardless of whether the counters were created by | |
838 | this process or another process. | |
839 | Performance counters created by the calling process for other | |
840 | processes are unaffected. | |
66a9882e | 841 | For more information on performance counters, see the Linux kernel source file |
06afe673 MK |
842 | .IR tools/perf/design.txt . |
843 | .IP | |
03547431 MK |
844 | Originally called |
845 | .BR PR_TASK_PERF_COUNTERS_DISABLE ; | |
846 | .\" commit 1d1c7ddbfab358445a542715551301b7fc363e28 | |
847 | renamed (with same numerical value) | |
848 | in Linux 2.6.32. | |
849 | .\" | |
03979794 | 850 | .TP |
03547431 MK |
851 | .BR PR_TASK_PERF_EVENTS_ENABLE " (since Linux 2.6.31)" |
852 | The converse of | |
853 | .BR PR_TASK_PERF_EVENTS_DISABLE ; | |
854 | enable performance counters attached to the calling process. | |
855 | .IP | |
856 | Originally called | |
857 | .BR PR_TASK_PERF_COUNTERS_ENABLE ; | |
858 | .\" commit 1d1c7ddbfab358445a542715551301b7fc363e28 | |
859 | renamed | |
860 | .\" commit cdd6c482c9ff9c55475ee7392ec8f672eddb7be6 | |
861 | in Linux 2.6.32. | |
862 | .\" | |
863 | .TP | |
864 | .BR PR_GET_THP_DISABLE " (since Linux 3.15)" | |
865 | Return (via the function result) the current setting of the "THP disable" | |
866 | flag for the calling thread: | |
867 | either 1, if the flag is set, or 0, if it is not. | |
868 | .TP | |
869 | .BR PR_GET_TID_ADDRESS " (since Linux 3.5)" | |
870 | .\" commit 300f786b2683f8bb1ec0afb6e1851183a479c86d | |
871 | Retrieve the | |
872 | .I clear_child_tid | |
873 | address set by | |
874 | .BR set_tid_address (2) | |
875 | and the | |
876 | .BR clone (2) | |
877 | .B CLONE_CHILD_CLEARTID | |
878 | flag, in the location pointed to by | |
879 | .IR "(int\ **)\ arg2" . | |
880 | This feature is available only if the kernel is built with the | |
881 | .BR CONFIG_CHECKPOINT_RESTORE | |
882 | option enabled. | |
883 | .TP | |
884 | .BR PR_SET_TIMERSLACK " (since Linux 2.6.28)" | |
885 | .\" See https://lwn.net/Articles/369549/ | |
886 | .\" commit 6976675d94042fbd446231d1bd8b7de71a980ada | |
3780f8a5 MK |
887 | Each thread has two associated timer slack values: |
888 | a "default" value, and a "current" value. | |
889 | This operation sets the "current" timer slack value for the calling thread. | |
890 | If the nanosecond value supplied in | |
891 | .IR arg2 | |
892 | is greater than zero, then the "current" value is set to this value. | |
03547431 MK |
893 | If |
894 | .I arg2 | |
895 | is less than or equal to zero, | |
896 | .\" It seems that it's not possible to set the timer slack to zero; | |
897 | .\" The minimum value is 1? Seems a little strange. | |
3780f8a5 MK |
898 | the "current" timer slack is reset to the |
899 | thread's "default" timer slack value. | |
900 | ||
901 | The "current" timer slack is used by the kernel to group timer expirations | |
03547431 MK |
902 | for the calling thread that are close to one another; |
903 | as a consequence, timer expirations for the thread may be | |
904 | up to the specified number of nanoseconds late (but will never expire early). | |
905 | Grouping timer expirations can help reduce system power consumption | |
906 | by minimizing CPU wake-ups. | |
03979794 | 907 | |
03547431 MK |
908 | The timer expirations affected by timer slack are those set by |
909 | .BR select (2), | |
910 | .BR pselect (2), | |
911 | .BR poll (2), | |
912 | .BR ppoll (2), | |
913 | .BR epoll_wait (2), | |
914 | .BR epoll_pwait (2), | |
915 | .BR clock_nanosleep (2), | |
916 | .BR nanosleep (2), | |
917 | and | |
918 | .BR futex (2) | |
919 | (and thus the library functions implemented via futexes, including | |
920 | .\" List obtained by grepping for futex usage in glibc source | |
921 | .BR pthread_cond_timedwait (3), | |
922 | .BR pthread_mutex_timedlock (3), | |
923 | .BR pthread_rwlock_timedrdlock (3), | |
924 | .BR pthread_rwlock_timedwrlock (3), | |
925 | and | |
926 | .BR sem_timedwait (3)). | |
03979794 | 927 | |
03547431 MK |
928 | Timer slack is not applied to threads that are scheduled under |
929 | a real-time scheduling policy (see | |
930 | .BR sched_setscheduler (2)). | |
03979794 | 931 | |
03547431 | 932 | When a new thread is created, |
3780f8a5 | 933 | the two timer slack values are made the same as the "current" value |
03547431 | 934 | of the creating thread. |
3780f8a5 MK |
935 | Thereafter, a thread can adjust its "current" timer slack value via |
936 | .BR PR_SET_TIMERSLACK . | |
937 | The "default" value can't be changed. | |
03547431 MK |
938 | The timer slack values of |
939 | .IR init | |
940 | (PID 1), the ancestor of all processes, | |
941 | are 50,000 nanoseconds (50 microseconds). | |
942 | The timer slack values are preserved across | |
943 | .BR execve (2). | |
c1f78aba MK |
944 | |
945 | Since Linux 4.6, the "current" timer slack value of any process | |
946 | can be examined and changed via the file | |
947 | .IR /proc/[pid]/timerslack_ns . | |
948 | See | |
949 | .BR proc (5). | |
e81a96ec | 950 | .TP |
03547431 MK |
951 | .BR PR_GET_TIMERSLACK " (since Linux 2.6.28)" |
952 | Return (as the function result) | |
3780f8a5 | 953 | the "current" timer slack value of the calling thread. |
4bf25b89 | 954 | .TP |
03547431 MK |
955 | .BR PR_SET_TIMING " (since Linux 2.6.0-test4)" |
956 | Set whether to use (normal, traditional) statistical process timing or | |
957 | accurate timestamp-based process timing, by passing | |
958 | .B PR_TIMING_STATISTICAL | |
959 | .\" 0 | |
960 | or | |
961 | .B PR_TIMING_TIMESTAMP | |
962 | .\" 1 | |
963 | to \fIarg2\fP. | |
964 | .B PR_TIMING_TIMESTAMP | |
965 | is not currently implemented | |
966 | (attempting to set this mode will yield the error | |
967 | .BR EINVAL ). | |
968 | .\" PR_TIMING_TIMESTAMP doesn't do anything in 2.6.26-rc8, | |
969 | .\" and looking at the patch history, it appears | |
970 | .\" that it never did anything. | |
4bf25b89 | 971 | .TP |
03547431 MK |
972 | .BR PR_GET_TIMING " (since Linux 2.6.0-test4)" |
973 | Return (as the function result) which process timing method is currently | |
974 | in use. | |
4bf25b89 | 975 | .TP |
03547431 MK |
976 | .BR PR_SET_TSC " (since Linux 2.6.26, x86 only)" |
977 | Set the state of the flag determining whether the timestamp counter | |
978 | can be read by the process. | |
979 | Pass | |
980 | .B PR_TSC_ENABLE | |
981 | to | |
982 | .I arg2 | |
983 | to allow it to be read, or | |
984 | .B PR_TSC_SIGSEGV | |
985 | to generate a | |
986 | .B SIGSEGV | |
987 | when the process tries to read the timestamp counter. | |
4bf25b89 | 988 | .TP |
03547431 MK |
989 | .BR PR_GET_TSC " (since Linux 2.6.26, x86 only)" |
990 | Return the state of the flag determining whether the timestamp counter | |
991 | can be read, | |
992 | in the location pointed to by | |
993 | .IR "(int\ *) arg2" . | |
994 | .TP | |
995 | .B PR_SET_UNALIGN | |
996 | (Only on: ia64, since Linux 2.3.48; parisc, since Linux 2.6.15; | |
997 | PowerPC, since Linux 2.6.18; Alpha, since Linux 2.6.22) | |
998 | Set unaligned access control bits to \fIarg2\fP. | |
999 | Pass | |
1000 | \fBPR_UNALIGN_NOPRINT\fP to silently fix up unaligned user accesses, | |
1001 | or \fBPR_UNALIGN_SIGBUS\fP to generate | |
1002 | .B SIGBUS | |
1003 | on unaligned user access. | |
1004 | .TP | |
1005 | .B PR_GET_UNALIGN | |
1006 | (see | |
1007 | .B PR_SET_UNALIGN | |
1008 | for information on versions and architectures) | |
1009 | Return unaligned access control bits, in the location pointed to by | |
1010 | .IR "(int\ *) arg2" . | |
47297adb | 1011 | .SH RETURN VALUE |
8ab8b43f MK |
1012 | On success, |
1013 | .BR PR_GET_DUMPABLE , | |
1014 | .BR PR_GET_KEEPCAPS , | |
f83fe154 | 1015 | .BR PR_GET_NO_NEW_PRIVS , |
5745985f | 1016 | .BR PR_GET_THP_DISABLE , |
8ab8b43f MK |
1017 | .BR PR_CAPBSET_READ , |
1018 | .BR PR_GET_TIMING , | |
c42db321 | 1019 | .BR PR_GET_TIMERSLACK , |
8ab8b43f | 1020 | .BR PR_GET_SECUREBITS , |
ed31c572 | 1021 | .BR PR_MCE_KILL_GET , |
0c3e75cb | 1022 | .BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET , |
8ab8b43f MK |
1023 | and (if it returns) |
1024 | .BR PR_GET_SECCOMP | |
2fda57bd | 1025 | return the nonnegative values described above. |
fea681da MK |
1026 | All other |
1027 | .I option | |
1028 | values return 0 on success. | |
1029 | On error, \-1 is returned, and | |
1030 | .I errno | |
1031 | is set appropriately. | |
1032 | .SH ERRORS | |
1033 | .TP | |
0478944d MK |
1034 | .B EACCES |
1035 | .I option | |
1036 | is | |
1037 | .BR PR_SET_MM , | |
1038 | and | |
1039 | .I arg3 | |
1040 | is | |
1041 | .BR PR_SET_MM_EXE_FILE , | |
1042 | the file is not executable. | |
1043 | .TP | |
1044 | .B EBADF | |
1045 | .I option | |
1046 | is | |
1047 | .BR PR_SET_MM , | |
1048 | .I arg3 | |
1049 | is | |
1050 | .BR PR_SET_MM_EXE_FILE , | |
1051 | and the file descriptor passed in | |
1052 | .I arg4 | |
1053 | is not valid. | |
1054 | .TP | |
1055 | .B EBUSY | |
1056 | .I option | |
1057 | is | |
1058 | .BR PR_SET_MM , | |
1059 | .I arg3 | |
1060 | is | |
1061 | .BR PR_SET_MM_EXE_FILE , | |
1062 | and this the second attempt to change the | |
1063 | .I /proc/pid/exe | |
1064 | symbolic link, which is prohibited. | |
1065 | .TP | |
8ab8b43f MK |
1066 | .B EFAULT |
1067 | .I arg2 | |
1068 | is an invalid address. | |
1069 | .TP | |
e35a0512 KC |
1070 | .B EFAULT |
1071 | .I option | |
1072 | is | |
1073 | .BR PR_SET_SECCOMP , | |
1074 | .I arg2 | |
1075 | is | |
1076 | .BR SECCOMP_MODE_FILTER , | |
1077 | the system was built with | |
64c626f7 | 1078 | .BR CONFIG_SECCOMP_FILTER , |
e35a0512 KC |
1079 | and |
1080 | .I arg3 | |
1081 | is an invalid address. | |
1082 | .TP | |
fea681da MK |
1083 | .B EINVAL |
1084 | The value of | |
1085 | .I option | |