ptrace.2: Add an introductory paragraph to the Ptrace access mode checks" section

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

diff --git a/man2/ptrace.2 b/man2/ptrace.2
index b68ba235bcc24e26f96b066dc52fe389278cdcda..d36efbf8f42db8803bf3b0c0135ba39705788d58 100644 (file)
--- a/man2/ptrace.2
+++ b/man2/ptrace.2
@@ -2081,9 +2081,17 @@ is highly specific to the operating system and architecture.
 .SS Ptrace access mode checking
 Various parts of the kernel-user-space API (not just
 .BR ptrace (2)
-operations), require so-called "ptrace access mode permissions" which
-are gated by any enabled Linux Security Module (LSM)\(emfor example,
-SELinux, Yama, or Smack\(emand by the the commoncap LSM
+operations), require so-called "ptrace access mode" checks,
+whose outcome determines whether an operation is permitted
+(or, in a few cases, causes a "read" operation to return sanitized data).
+These checks are performed in cases where one process can
+inspect sensitive information about,
+or in some cases modify the state of, another process.
+The checks are based on factors such as the credentials and capabilities
+of the two processes,
+whether or not the "target" process is dumpable,
+and the results of checks performed by any enabled Linux Security Module
+(LSM)\(emfor example, SELinux, Yama, or Smack\(emand by the commoncap LSM
 (which is always invoked).
 
 Prior to Linux 2.6.27, all access checks were of a single type.