1.\" 2.\" Copyright (c) 2003 Joseph Koshy <jkoshy@freebsd.org> 3.\" 4.\" All rights reserved. 5.\" 6.\" This program is free software. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" notice, this list of conditions and the following disclaimer in the 15.\" documentation and/or other materials provided with the distribution. 16.\" 17.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 18.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 21.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27.\" 28.\" $FreeBSD$ 29.\" 30.Dd November 19, 2006 31.Os 32.Dt P_CANDEBUG 9 33.Sh NAME 34.Nm p_candebug 35.Nd determine debuggability of a process 36.Sh SYNOPSIS 37.In sys/param.h 38.In sys/proc.h 39.Ft int 40.Fn p_candebug "struct thread *td" "struct proc *p" 41.Sh DESCRIPTION 42This function can be used to determine if a given process 43.Fa p 44is debuggable by the thread 45.Fa td . 46.Sh SYSCTL VARIABLES 47The following 48.Xr sysctl 8 49variables directly influence the behaviour of 50.Fn p_candebug : 51.Bl -tag -width indent 52.It Va kern.securelevel 53Debugging of the init process is not allowed if this variable is 54.Li 1 55or greater. 56.It Va security.bsd.unprivileged_proc_debug 57Must be set to a non-zero value to allow unprivileged processes 58access to the kernel's debug facilities. 59.El 60.Sh RETURN VALUES 61The 62.Fn p_candebug 63function 64returns 65.Li 0 66if the process denoted by 67.Fa p 68is debuggable by thread 69.Fa td , 70or a non-zero error return value otherwise. 71.Sh ERRORS 72.Bl -tag -width Er 73.It Bq Er EACCESS 74The MAC subsystem denied debuggability. 75.It Bq Er EAGAIN 76Process 77.Fa p 78is in the process of being 79.Fn exec Ns 'ed. 80.It Bq Er EPERM 81Thread 82.Fa td 83lacks super-user credentials and process 84.Fa p 85is executing a set-user-ID or set-group-ID executable. 86.It Bq Er EPERM 87Thread 88.Fa td 89lacks super-user credentials and process 90.Fa p Ns 's 91group set is not a subset of 92.Fa td Ns 's 93effective group set. 94.It Bq Er EPERM 95Thread 96.Fa td 97lacks super-user credentials and process 98.Fa p Ns 's 99user IDs do not match thread 100.Fa td Ns 's 101effective user ID. 102.It Bq Er EPERM 103Process 104.Fa p 105denotes the initial process 106.Fn initproc 107and the 108.Xr sysctl 8 109variable 110.Va kern.securelevel 111is greater than zero. 112.It Bq Er ESRCH 113Process 114.Fa p 115is not visible to thread 116.Fa td 117as determined by 118.Xr cr_seeotheruids 9 119or 120.Xr cr_seeothergids 9 . 121.It Bq Er ESRCH 122Thread 123.Fa td 124has been jailed and process 125.Fa p 126does not belong to the same jail as 127.Fa td . 128.It Bq Er ESRCH 129The MAC subsystem denied debuggability. 130.El 131.Sh SEE ALSO 132.Xr jail 2 , 133.Xr sysctl 8 , 134.Xr cr_seeothergids 9 , 135.Xr cr_seeotheruids 9 , 136.Xr mac 9 , 137.Xr p_cansee 9 , 138.Xr prison_check 9 139