Install Now
p_candebug — determine debuggability of a process
Contents
Description
This function can be used to determine if a given process p is debuggable by the thread td.
Errors
[EACCESS] The MAC subsystem denied debuggability.
[EAGAIN] Process p is in the process of being exec()'ed.
[EPERM] Thread td lacks super-user credentials and process p is executing a set-user-ID or
set-group-ID executable.
[EPERM] Thread td lacks super-user credentials and process p's group set is not a subset of
td's effective group set.
[EPERM] Thread td lacks super-user credentials and process p's user IDs do not match thread
td's effective user ID.
[EPERM] Process p denotes the initial process initproc() and the sysctl(8) variable
kern.securelevel is greater than zero.
[ESRCH] Process p is not visible to thread td as determined by cr_seeotheruids(9) or
cr_seeothergids(9).
[ESRCH] Thread td has been jailed and process p does not belong to the same jail as td.
[ESRCH] The MAC subsystem denied debuggability.
Name
p_candebug — determine debuggability of a process
Return Values
The p_candebug() function returns 0 if the process denoted by p is debuggable by thread td, or a non-zero
error return value otherwise.
See Also
jail(2), sysctl(8), cr_seeothergids(9), cr_seeotheruids(9), mac(9), p_cansee(9), prison_check(9) Debian November 19, 2006 P_CANDEBUG(9)
Synopsis
#include<sys/param.h>#include<sys/proc.h>intp_candebug(structthread*td, structproc*p);
Sysctl Variables
The following sysctl(8) variables directly influence the behaviour of p_candebug():
kern.securelevel
Debugging of the init process is not allowed if this variable is 1 or greater.
security.bsd.unprivileged_proc_debug
Must be set to a non-zero value to allow unprivileged processes access to the kernel's debug
facilities.
PNG Icons
