p_candebug(9)
NAME
p_candebug - determine debuggability of a process
SYNOPSIS
#include <sys/proc.h> int p_candebug(struct thread *td, struct proc *p);
DESCRIPTION
- This function can be used to determine if a given process p
- is debuggable
by the thread td.
SYSCTL VARIABLES
- The following sysctl(8) variables directly influence the be
- haviour of
p_candebug(): - kern.securelevel
- Debugging of the init process is not allowed if this
- variable is
1 or greater. - security.bsd.unprivileged_proc_debug
- Must be set to a non-zero value to allow unprivi
- leged processes
access to the kernel's debug facilities.
RETURN VALUES
- The p_candebug() function returns 0 if the process denoted
- by p is debuggable by thread td, or a non-zero error return value other
- wise.
ERRORS
[EACCESS] The MAC subsystem denied debuggability.
- [EAGAIN] Process p is in the process of being
- exec()'ed.
- [EPERM] Thread td lacks super-user credentials
- and process p
- is executing a set-user-ID or set-group
- ID executable.
- [EPERM] Thread td lacks super-user credentials
- and process p's
- group set is not a subset of td's effec
- tive group set.
- [EPERM] Thread td lacks super-user credentials
- and process p's
- user IDs do not match thread td's effec
- tive user ID.
- [EPERM] Process p denotes the initial process
- initproc() and
- the sysctl(8) variable kern.securelevel
- is greater
than zero. - [ESRCH] Process p is not visible to thread td as
- determined by
- cr_seeotheruids(9) or cr_seeothergids(9).
- [ESRCH] Thread td has been jailed and process p
- does not
- belong to the same jail as td.
- [ESRCH] The MAC subsystem denied debuggability.
SEE ALSO
- intro(2), jail(2), sysctl(8), cr_seeothergids(9),
- cr_seeotheruids(9),
mac(9), prison_check(9) - BSD November 11, 2003