.SS Ptrace access mode checking
Various parts of the kernel-user-space API (not just
.BR ptrace (2)
-operations), require so-called "ptrace access mode permissions" which
-are gated by any enabled Linux Security Module (LSM)\(emfor example,
-SELinux, Yama, or Smack\(emand by the the commoncap LSM
+operations), require so-called "ptrace access mode" checks,
+whose outcome determines whether an operation is permitted
+(or, in a few cases, causes a "read" operation to return sanitized data).
+These checks are performed in cases where one process can
+inspect sensitive information about,
+or in some cases modify the state of, another process.
+The checks are based on factors such as the credentials and capabilities
+of the two processes,
+whether or not the "target" process is dumpable,
+and the results of checks performed by any enabled Linux Security Module
+(LSM)\(emfor example, SELinux, Yama, or Smack\(emand by the commoncap LSM
(which is always invoked).
Prior to Linux 2.6.27, all access checks were of a single type.