Lines Matching full:the

5 .\" Copyright (c) 2014 The FreeBSD Foundation
7 .\" under sponsorship from the FreeBSD Foundation.
10 .\" modification, are permitted provided that the following conditions
12 .\" 1. Redistributions of source code must retain the above copyright
13 .\"    notice, this list of conditions and the following disclaimer.
14 .\" 2. Redistributions in binary form must reproduce the above copyright
15 .\"    notice, this list of conditions and the following disclaimer in the
16 .\"    documentation and/or other materials provided with the distribution.
18 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 The
46 The
50 arguments specify the set of processes to control.
51 If multiple processes match the identifier,
55 to control as many of the selected processes as possible.
57 the request.
58 The following identifier types are supported:
61 Control the process with the process ID
64 zero is a shortcut for the calling process ID.
66 Control processes belonging to the process group with the ID
70 The control request to perform is specified by the
76 require the caller to have the right to debug the target.
79 require the caller to have the right to observe the target.
81 The following commands are supported:
88 in the specified process or its descendants that do not either change
89 the control or modify it by other means.
90 The
92 parameter must point to an integer variable holding one of the following
102 Use the system-wide configured policy for ASLR.
105 Note that the
111 control and only honors the
115 Returns the current status of ASLR enablement for the target process.
116 The
118 parameter must point to an integer variable, where one of the
126 If the currently executed image in the process itself has ASLR enabled,
127 the
129 flag is or-ed with the value listed above.
131 Controls the logging of exits due to signals that would normally cause a core
133 The
135 parameter must point to an integer variable holding one of the following values:
144 Disables the logging of exits due to signals that would normally cause a core
147 The logging behavior is delegated to the
153 Returns the current status of logging for the target process.
154 The
156 parameter must point to an integer variable, where one of the following values
164 Controls the maximum protection used for
166 requests in the target process that do not specify
167 an explicit maximum protection in the
171 The maximum protection limits the permissions a mapping can be assigned by
174 the maximum protection for a new mapping is set to either
177 or the protection specified in
185 The
187 parameter must point to an integer variable holding one of the following
191 Use the permissions in
193 as the implicit maximum protection,
194 even if RWX permissions are requested by the sysctl
197 Use RWX as the implicit maximum protection,
198 even if constrained permissions are requested by the sysctl
201 Use the system-wide configured policy for the implicit PROT_MAX control.
204 Note that the
208 Executing a binary with this flag set will always use RWX as the implicit
211 Returns the current status of the implicit PROT_MAX control for the
213 The
215 parameter must point to an integer variable, where one of the
223 If the currently executed image in the process itself has the implicit PROT_MAX
224 control enabled, the
226 flag is or-ed with the value listed above.
229 This is used to mark a process as protected from being killed if the system
231 The
235 The following operations are supported:
238 Mark the selected processes as protected.
240 Clear the protected state of selected processes.
243 The following optional flags are supported:
246 Apply the requested operation to all child processes of each selected process
255 Enable orphaned process reaping for future children of the current process.
258 the remaining children processes are orphaned.
261 the terminated process via
264 the current process becomes the reaper process for future children and their
266 Existing child processes continue to use the reaper assigned when the child
270 all of the processes for whom it was the reaper are reassigned to the reaper
275 is the default reaper.
277 Disable orphaned process reaping for the current process.
279 Any processes for whom the current process was the reaper are reassigned to
280 the current process's reaper.
282 Provides a consistent snapshot of information about the reaper
283 of the specified process,
284 or the process itself if it is a reaper.
285 The
289 structure which is filled in by the system call on successful return.
300 The
302 may have the following flags returned:
305 The specified process is a reaper.
306 When this flag is returned, the specified process
308 pid, identifies a reaper, otherwise the
310 field of the structure is set to the pid of the reaper
311 for the specified process id.
313 The specified process is the root of the reaper tree, i.e.,
317 The
319 field returns the number of processes that can be reaped by the reaper that
320 are also children of the reaper.
321 It is possible to have a child whose reaper is not the specified process,
322 since the reaper for existing children is not changed by
324 The
326 field returns the total number of processes that can be reaped by the reaper.
327 The
329 field returns the reaper's pid.
330 The
332 returns the pid of one reaper child if there are any processes that can be
336 Queries the list of processes that can be reaped
337 by the reaper of the specified process.
338 The request takes a pointer to a
340 structure in the
350 When called, the
356 The kernel will populate these structures with information about the
359 The
361 structure provides some information about one of the reaper's descendants.
363 identified because of a race in which the original child process exited
364 and the exited process's pid was reused for an unrelated process.
373 The
375 field is the process id of the descendant.
376 The
378 field provides the pid of the direct child of the reaper which is
379 the (grand-)parent of the descendant process.
380 The
382 field returns the following flags, further describing the descendant:
385 Set to indicate that the
387 structure was filled in by the kernel.
388 Zero-filling the
390 array and testing the
392 flag allows the caller to detect the end
393 of the returned array.
395 The
397 field identifies a direct child of the reaper.
399 The reported process is itself a reaper.
400 The descendants of the subordinate reaper are not reported.
402 The reported process is in the zombie state, ready to be reaped.
404 The reported process is stopped by a SIGSTOP/SIGTSTP signal.
406 The reported process is in the process of exiting (but not yet a zombie).
409 Request to deliver a signal to some subset of the descendants of the reaper.
410 The
425 The
427 field specifies the signal to be delivered.
430 The
432 field further directs the operation.
433 It is or-ed from the following flags:
436 Deliver the specified signal only to direct children of the reaper.
438 Deliver the specified signal only to descendants that were forked by
439 the direct child with pid specified in the
444 If neither the
446 nor the
448 flags are specified, all current descendants of the reaper are signalled.
450 If a signal was delivered to any process, the return value from the request
452 In this case, the
454 field identifies the number of processes signalled.
455 The
457 field is set to the pid of the first process for which signal
459 If no such process exists, the
463 Enable or disable tracing of the specified process(es), according to the
464 value of the integer argument.
465 Tracing includes inspecting the process via
473 Possible values for the
482 Disable tracing for the specified process.
483 Tracing is re-enabled when the process changes the executing
484 program with the
487 A child inherits the trace settings from the parent on
492 but the setting persists for the process even after
496 Returns the current tracing status for the specified process in
497 the integer variable pointed to by
502 If tracing is enabled, but no debugger is attached by the
509 is set to the pid of the debugger process.
511 Controls the capability mode sandbox actions for the specified
521 signal is delivered to the thread immediately before returning from the
524 Possible values for the
532 The enabled mode is inherited by the children of the process,
540 Note that the global sysctl
542 might still cause the signal to be delivered.
547 On signal delivery, the
549 member of the
551 signal handler parameter is set to the system call error value,
552 and the
556 The system call number is stored in the
558 field of the
561 The other system call parameters can be read from the
563 but the system call number is typically stored in the register
564 that also contains the return value and so is unavailable in the
571 Return the current status of raising
573 for capability mode access violations by the specified process.
574 The integer value pointed to by the
576 argument is set to the
584 See the note about sysctl
588 Request the delivery of a signal when the parent of the calling
595 must be the either caller's pid or zero, with no difference in effect.
596 The value is cleared for child processes
601 indicating the signal
602 that should be delivered to the caller.
605 Query the current signal number that will be delivered when the parent
606 of the calling process exits.
612 must be the either caller's pid or zero, with no difference in effect.
619 Controls stack gaps in the specified process.
620 A stack gap is one or more virtual memory pages at the end of the
624 Instead, the process is guaranteed to receive a synchronous
626 signal for each access to pages in the gap.
627 The number of pages reserved for each stack is set by the sysctl
631 adjacent to the stack.
633 The
636 The following flags are allowed:
641 If stack gaps are enabled, the flag is ignored.
642 If stack gaps are disabled, the request fails with
648 Disable stack gaps for the process.
649 For existing stacks, the gap is no longer reserved
652 Enable stack gaps for the new address space constructed by any future
654 in the specified process.
658 In other words, if the currently executing program has stack gaps disabled,
663 The stack gap state is inherited from the parent on
666 Returns the current stack gap state for the specified process.
669 consisting of the following flags:
676 Stack gaps are enabled in the process after
679 Stack gaps are disabled in the process after
683 Note that the
687 Executing a binary with this flag set will never use stack gaps in the address
690 However, the controls value can still be inherited by child processes, and
691 executing a binary without this flag set will revert to the behavior specified
692 by the control.
694 Allows one to ignore the set-user-ID and set-group-ID bits on the program
697 in the specified process and its future descendants.
698 The
700 parameter must point to an integer variable holding the following
709 Returns the current status of set-ID bits enablement for the target process.
710 The
712 parameter must point to an integer variable, where one of the
719 Controls the creation of mappings with both write and execute permissions
721 The
723 parameter must point to an integer variable holding one of the
728 permissions in the specified process' current and future address spaces.
741 mappings with write and execute permissions are only permitted if the
743 sysctl is non-zero or the
746 flag is set in the ELF control note.
750 The only way to ensure the absence of such mappings after they
751 were enabled in a given process is to set the
757 Returns the current status of the controls over creation of mappings with
758 both write and execute permissions for the specified process.
759 The
761 parameter must point to an integer variable, where one of the
766 otherwise, the process cannot create such mappings.
770 the new address space will not permit creation of simultaneously
774 Additionally, if the address space of the process does not permit
777 creation, the
779 flag is set in the returned value.
785 Controls the Kernel Page Table Isolation (KPTI) option for the children
786 of the specified process.
787 This control is only meaningful if KPTI has been enabled globally by the
790 It is not possible to change the KPTI setting for a running process,
794 The
796 parameter must point to an integer variable containing one of the
805 Only root or a process having the
810 Returns the current KPTI status for the specified process.
812 must point to an integer variable, where one of the
819 The status is or-ed with
821 if KPTI is active for the current address space of the process.
825 feature, as it is bypassable both by the kernel and privileged processes
830 Note that processes can trivially bypass the 'no simultaneously
838 is set to indicate the error.
840 The
846 The
848 parameter points outside the process's allocated address space.
850 The
854 The
858 The calling process does not have permission to perform the requested
859 operation on any of the selected processes.
861 No processes matched the requested
866 No descendant processes can be found matching criteria specified in the
876 The
882 is not equal to the pid of the calling process, for
898 request was issued by the
912 request to re-enable tracing of the process
918 specified a target process other than the calling process.
920 The value of the integer
922 parameter for the
928 The
953 The
958 The reaper facility is based on a similar feature in Linux and
962 The
964 facility is based on the