1.\" 2.\" Copyright (c) 2003 Joseph Koshy <jkoshy@FreeBSD.org> 3.\" 4.\" All rights reserved. 5.\" 6.\" This program is free software. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" notice, this list of conditions and the following disclaimer in the 15.\" documentation and/or other materials provided with the distribution. 16.\" 17.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 18.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 21.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27.\" 28.Dd November 19, 2006 29.Dt P_CANDEBUG 9 30.Os 31.Sh NAME 32.Nm p_candebug 33.Nd determine debuggability of a process 34.Sh SYNOPSIS 35.In sys/param.h 36.In sys/proc.h 37.Ft int 38.Fn p_candebug "struct thread *td" "struct proc *p" 39.Sh DESCRIPTION 40This function can be used to determine if a given process 41.Fa p 42is debuggable by the thread 43.Fa td . 44.Sh SYSCTL VARIABLES 45The following 46.Xr sysctl 8 47variables directly influence the behaviour of 48.Fn p_candebug : 49.Bl -tag -width indent 50.It Va kern.securelevel 51Debugging of the init process is not allowed if this variable is 52.Li 1 53or greater. 54.It Va security.bsd.unprivileged_proc_debug 55Must be set to a non-zero value to allow unprivileged processes 56access to the kernel's debug facilities. 57.El 58.Sh RETURN VALUES 59The 60.Fn p_candebug 61function 62returns 63.Li 0 64if the process denoted by 65.Fa p 66is debuggable by thread 67.Fa td , 68or a non-zero error return value otherwise. 69.Sh ERRORS 70.Bl -tag -width Er 71.It Bq Er EACCESS 72The MAC subsystem denied debuggability. 73.It Bq Er EAGAIN 74Process 75.Fa p 76is in the process of being 77.Fn exec Ns 'ed. 78.It Bq Er EPERM 79Thread 80.Fa td 81lacks super-user credentials and process 82.Fa p 83is executing a set-user-ID or set-group-ID executable. 84.It Bq Er EPERM 85Thread 86.Fa td 87lacks super-user credentials and process 88.Fa p Ns 's 89group set is not a subset of 90.Fa td Ns 's 91effective group set. 92.It Bq Er EPERM 93Thread 94.Fa td 95lacks super-user credentials and process 96.Fa p Ns 's 97user IDs do not match thread 98.Fa td Ns 's 99effective user ID. 100.It Bq Er EPERM 101Process 102.Fa p 103denotes the initial process 104.Fn initproc 105and the 106.Xr sysctl 8 107variable 108.Va kern.securelevel 109is greater than zero. 110.It Bq Er ESRCH 111Process 112.Fa p 113is not visible to thread 114.Fa td 115as determined by 116.Xr cr_seeotheruids 9 117or 118.Xr cr_seeothergids 9 . 119.It Bq Er ESRCH 120Thread 121.Fa td 122has been jailed and process 123.Fa p 124does not belong to the same jail as 125.Fa td . 126.It Bq Er ESRCH 127The MAC subsystem denied debuggability. 128.El 129.Sh SEE ALSO 130.Xr jail 2 , 131.Xr sysctl 8 , 132.Xr cr_seeothergids 9 , 133.Xr cr_seeotheruids 9 , 134.Xr mac 9 , 135.Xr p_cansee 9 , 136.Xr prison_check 9 137