Manpages

P_CANDEBUG(9) BSD Kernel Developer’s Manual P_CANDEBUG(9)

NAME

p_candebug — determine debuggability of a process

SYNOPSIS

#include <sys/param.h>
#include <sys/proc.h>

int

p_candebug(struct thread *td, struct proc *p);

DESCRIPTION

This function can be used to determine if a given process p is debuggable by the thread td.

SYSCTL VARIABLES

The following sysctl(8) variables directly influence the behaviour of p_candebug():

kern.securelevel

Debugging of the init process is not allowed if this variable is 1 or greater.

security.bsd.unprivileged_proc_debug

Must be set to a non-zero value to allow unprivileged processes access to the kernel’s debug facilities.

RETURN VALUES

The p_candebug() function returns 0 if the process denoted by p is debuggable by thread td, or a non-zero error return value otherwise.

ERRORS
[EACCESS]

The MAC subsystem denied debuggability.

[EAGAIN]

Process p is in the process of being exec()’ed.

[EPERM]

Thread td lacks super-user credentials and process p is executing a set-user-ID or set-group-ID executable.

[EPERM]

Thread td lacks super-user credentials and process p’s group set is not a subset of td’s effective group set.

[EPERM]

Thread td lacks super-user credentials and process p’s user IDs do not match thread td’s effective user ID.

[EPERM]

Process p denotes the initial process initproc() and the sysctl(8) variable kern.securelevel is greater than zero.

[ESRCH]

Process p is not visible to thread td as determined by cr_seeotheruids(9) or cr_seeothergids(9).

[ESRCH]

Thread td has been jailed and process p does not belong to the same jail as td.

[ESRCH]

The MAC subsystem denied debuggability.

SEE ALSO

jail(2), sysctl(8), cr_seeothergids(9), cr_seeotheruids(9), mac(9), p_cansee(9), prison_check(9)

BSD November 19, 2006 BSD