Print this page
Code review comments from jeffpc
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
@@ -3,15 +3,14 @@
.\" Copyright (c) 2006, Sun Microsystems, Inc. All Rights Reserved.
.\" Copyright (c) 2013, Joyent, Inc. All rights reserved.
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH PROC 4 "Mar 31, 2013"
+.TH PROC 4 "Jun 6, 2016"
.SH NAME
proc \- /proc, the process file system
.SH DESCRIPTION
-.sp
.LP
\fB/proc\fR is a file system that provides access to the state of each process
and light-weight process (lwp) in the system. The name of each entry in the
\fB/proc\fR directory is a decimal number corresponding to a process-ID. These
entries are themselves subdirectories. Access to process state is provided by
@@ -172,11 +171,10 @@
64-bit controlling program can be compiled with the C preprocessor symbol
\fB_SYSCALL32\fR defined before system header files are included. This makes
explicit 32-bit fixed-width data structures (like \fBcstruct stat32\fR) visible
to the 64-bit program. See \fBtypes32.h\fR(3HEAD).
.SH DIRECTORY STRUCTURE
-.sp
.LP
At the top level, the directory \fB/proc\fR contains entries each of which
names an existing process in the system. These entries are themselves
directories. Except where otherwise noted, the files described below can be
opened for reading only. In addition, if a process becomes a \fIzombie\fR (one
@@ -199,33 +197,29 @@
A number of structure definitions are used to describe the files. These
structures may grow by the addition of elements at the end in future releases
of the system and it is not legitimate for a program to assume that they will
not.
.SH STRUCTURE OF \fB/proc/\fR\fIpid\fR
-.sp
.LP
A given directory \fB/proc/\fR\fIpid\fR contains the following entries. A
process can use the invisible alias \fB/proc/self\fR if it wishes to open one
of its own \fB/proc\fR files (invisible in the sense that the name ``self''
does not appear in a directory listing of \fB/proc\fR obtained from
\fBls\fR(1), \fBgetdents\fR(2), or \fBreaddir\fR(3C)).
.SS "contracts"
-.sp
.LP
A directory containing references to the contracts held by the process. Each
entry is a symlink to the contract's directory under \fB/system/contract\fR.
See \fBcontract\fR(4).
.SS "as"
-.sp
.LP
Contains the address-space image of the process; it can be opened for both
reading and writing. \fBlseek\fR(2) is used to position the file at the virtual
address of interest and then the address space can be examined or changed
through \fBread\fR(2) or \fBwrite\fR(2) (or by using \fBpread\fR(2) or
\fBpwrite\fR(2) for the combined operation).
.SS "ctl"
-.sp
.LP
A write-only file to which structured messages are written directing the system
to change some aspect of the process's state or control its behavior in some
way. The seek offset is not relevant when writing to this file. Individual lwps
also have associated \fBlwpctl\fR files in the lwp subdirectories. A control
@@ -233,11 +227,10 @@
\fBlwpctl\fR file with operation-specific effects. The effect of a control
message is immediately reflected in the state of the process visible through
appropriate status and information files. The types of control messages are
described in detail later. See \fBCONTROL MESSAGES\fR.
.SS "status"
-.sp
.LP
Contains state information about the process and the representative lwp. The
file contains a \fBpstatus\fR structure which contains an embedded
\fBlwpstatus\fR structure for the representative lwp, as follows:
.sp
@@ -862,11 +855,10 @@
registers.
.sp
.LP
If the lwp is not stopped, all register values are undefined.
.SS "psinfo"
-.sp
.LP
Contains miscellaneous information about the process and the representative lwp
needed by the \fBps\fR(1) command. \fBpsinfo\fR remains accessible after a
process becomes a \fIzombie\fR. The file contains a \fBpsinfo\fR structure
which contains an embedded \fBlwpsinfo\fR structure for the representative lwp,
@@ -981,11 +973,10 @@
.sp
.LP
\fBpr_contract\fR is the id of the process contract of which the process is a
member. See \fBcontract\fR(4) and \fBprocess\fR(4).
.SS "cred"
-.sp
.LP
Contains a description of the credentials associated with the process:
.sp
.in +2
.nf
@@ -1008,11 +999,10 @@
The array of associated supplementary groups in \fBpr_groups\fR is of variable
length; the \fBcred\fR file contains all of the supplementary groups.
\fBpr_ngroups\fR indicates the number of supplementary groups. (See also the
\fBPCSCRED\fR and \fBPCSCREDX\fR control operations.)
.SS "priv"
-.sp
.LP
Contains a description of the privileges associated with the process:
.sp
.in +2
.nf
@@ -1041,35 +1031,51 @@
\fBpr_infosize\fR bytes in size.
.sp
.LP
The full size of the structure can be computed using
\fBPRIV_PRPRIV_SIZE\fR(\fBprpriv_t *\fR).
-.SS "sigact"
+.SS "secflags"
+.LP
+This file contains the security-flags of the process. It contains a
+description of the security flags associated with the process.
.sp
+.in +2
+.nf
+typedef struct prsecflags {
+ uint32_t pr_version; /* ABI Versioning of this structure */
+ secflagset_t pr_effective; /* Effective flags */
+ secflagset_t pr_inherit; /* Inheritable flags */
+ secflagset_t pr_lower; /* Lower flags */
+ secflagset_t pr_upper; /* Upper flags */
+} prsecflags_t;
+.in -2
+
+.sp
+.LP
+The \fBpr_version\fR field is a version number for the structure, currently
+\fBPRSECFLAGS_VERSION_1\fR.
+.SS "sigact"
.LP
Contains an array of \fBsigaction structures\fR describing the current
dispositions of all signals associated with the traced process (see
\fBsigaction\fR(2)). Signal numbers are displaced by 1 from array indices, so
that the action for signal number \fIn\fR appears in position \fIn\fR-1 of the
array.
.SS "auxv"
-.sp
.LP
Contains the initial values of the process's aux vector in an array of
\fBauxv_t\fR structures (see \fB<sys/auxv.h>\fR). The values are those that
were passed by the operating system as startup information to the dynamic
linker.
.SS "ldt"
-.sp
.LP
This file exists only on x86-based machines. It is non-empty only if the
process has established a local descriptor table (\fBLDT\fR). If non-empty, the
file contains the array of currently active \fBLDT\fR entries in an array of
elements of type \fBstruct ssd\fR, defined in \fB<sys/sysi86.h>\fR, one element
for each active \fBLDT\fR entry.
.SS "map, xmap"
-.sp
.LP
Contain information about the virtual address map of the process. The map file
contains an array of \fBprmap\fR structures while the xmap file contains an
array of \fBprxmap\fR structures. Each structure describes a contiguous virtual
address region in the address space of the traced process:
@@ -1233,36 +1239,32 @@
\fBpr_hatpagesize\fR is the size, in bytes, of the \fBHAT\fR (\fBMMU\fR)
translation for the mapping. \fBpr_hatpagesize\fR may be different than
\fBpr_pagesize.\fR The possible values are hardware architecture specific, and
may change over a mapping's lifetime.
.SS "rmap"
-.sp
.LP
Contains information about the reserved address ranges of the process. The file
contains an array of \fBprmap\fR structures, as defined above for the \fBmap\fR
file. Each structure describes a contiguous virtual address region in the
address space of the traced process that is reserved by the system in the sense
that an \fBmmap\fR(2) system call that does not specify \fBMAP_FIXED\fR will
not use any part of it for the new mapping. Examples of such reservations
include the address ranges reserved for the process stack and the individual
thread stacks of a multi-threaded process.
.SS "cwd"
-.sp
.LP
A symbolic link to the process's current working directory. See \fBchdir\fR(2).
A \fBreadlink\fR(2) of \fB/proc/\fIpid\fR/cwd\fR yields a null string. However,
it can be opened, listed, and searched as a directory, and can be the target of
\fBchdir\fR(2).
.SS "root"
-.sp
.LP
A symbolic link to the process's root directory.
\fB/proc/\fR\fIpid\fR\fB/root\fR can differ from the system root directory if
the process or one of its ancestors executed \fBchroot\fR(2) as super user. It
has the same semantics as \fB/proc/\fR\fIpid\fR\fB/cwd\fR.
.SS "fd"
-.sp
.LP
A directory containing references to the open files of the process. Each entry
is a decimal number corresponding to an open file descriptor in the process.
.sp
.LP
@@ -1272,11 +1274,10 @@
read/write open modes in the controlled process. If an entry refers to a
directory, it can be accessed with the same semantics as
\fB/proc/\fIpid\fR/cwd\fR. An attempt to open any other type of entry fails
with \fBEACCES\fR.
.SS "object"
-.sp
.LP
A directory containing read-only files with names corresponding to the
\fBpr_mapname\fR entries in the \fBmap\fR and \fBpagedata\fR files. Opening
such a file yields a file descriptor for the underlying mapped file associated
with an address-space mapping in the process. The file name \fBa.out\fR appears
@@ -1285,11 +1286,10 @@
.LP
The \fBobject\fR directory makes it possible for a controlling process to gain
access to the object file and any shared libraries (and consequently the symbol
tables) without having to know the actual path names of the executable files.
.SS "path"
-.sp
.LP
A directory containing symbolic links to files opened by the process. The
directory includes one entry for \fBcwd\fR and \fBroot\fR. The directory also
contains a numerical entry for each file descriptor in the \fBfd\fR directory,
and entries matching those in the \fBobject\fR directory. If this information
@@ -1297,11 +1297,10 @@
fail. This is most common for files that do not exist in the filesystem
namespace (such as \fBFIFO\fRs and sockets), but can also happen for regular
files. For the file descriptor entries, the path may be different from the one
used by the process to open the file.
.SS "pagedata"
-.sp
.LP
Opening the page data file enables tracking of address space references and
modifications on a per-page basis.
.sp
.LP
@@ -1379,17 +1378,15 @@
More than one page data file descriptor for the same process can be opened, up
to a system-imposed limit per traced process. A read of one does not affect the
data being collected by the system for the others. An open of the page data
file will fail with \fBENOMEM\fR if the system-imposed limit would be exceeded.
.SS "watch"
-.sp
.LP
Contains an array of \fBprwatch\fR structures, one for each watched area
established by the \fBPCWATCH\fR control operation. See \fBPCWATCH\fR for
details.
.SS "usage"
-.sp
.LP
Contains process usage information described by a \fBprusage\fR structure which
contains at least the following fields:
.sp
.in +2
@@ -1432,11 +1429,10 @@
Microstate accounting is now continuously enabled. While this information was
previously an estimate, if microstate accounting were not enabled, the current
information is now never an estimate represents time the process has spent in
various states.
.SS "lstatus"
-.sp
.LP
Contains a \fBprheader\fR structure followed by an array of \fBlwpstatus\fR
structures, one for each active lwp in the process (see also
\fB/proc/\fR\fIpid\fR\fB/lwp/\fR\fIlwpid\fR/\fBlwpstatus\fR, below). The
\fBprheader\fR structure describes the number and size of the array entries
@@ -1457,109 +1453,95 @@
in future releases of the system. Programs must use \fBpr_entsize\fR in the
file header to index through the array. These comments apply to all \fB/proc\fR
files that include a \fBprheader\fR structure (\fBlpsinfo\fR and \fBlusage\fR,
below).
.SS "lpsinfo"
-.sp
.LP
Contains a \fBprheader\fR structure followed by an array of \fBlwpsinfo\fR
structures, one for eachactive and zombie lwp in the process. See also
\fB/proc/\fR\fIpid\fR\fB/lwp/\fR\fIlwpid\fR/\fBlwpsinfo\fR, below.
.SS "lusage"
-.sp
.LP
Contains a \fBprheader\fR structure followed by an array of \fBprusage\fR
structures, one for each active lwp in the process, plus an additional element
at the beginning that contains the summation over all defunct lwps (lwps that
once existed but no longer exist in the process). Excluding the \fBpr_lwpid\fR,
\fBpr_tstamp\fR, \fBpr_create\fR, and \fBpr_term\fR entries, the entry-by-entry
summation over all these structures is the definition of the process usage
information obtained from the \fBusage\fR file. (See also
\fB/proc/\fR\fIpid\fR\fB/lwp/\fR\fIlwpid\fR/\fBlwpusage\fR, below.)
.SS "lwp"
-.sp
.LP
A directory containing entries each of which names an active or zombie lwp
within the process. These entries are themselves directories containing
additional files as described below. Only the \fBlwpsinfo\fR file exists in the
directory of a zombie lwp.
.SH STRUCTURE OF \fB/proc/\fR\fIpid\fR\fB/lwp/\fR\fIlwpid\fR
-.sp
.LP
A given directory \fB/proc/\fR\fIpid\fR\fB/lwp/\fR\fIlwpid\fR contains the
following entries:
.SS "lwpctl"
-.sp
.LP
Write-only control file. The messages written to this file affect the specific
lwp rather than the representative lwp, as is the case for the process's
\fBctl\fR file.
.SS "lwpstatus"
-.sp
.LP
lwp-specific state information. This file contains the \fBlwpstatus\fR
structure for the specific lwp as described above for the representative lwp in
the process's \fBstatus\fR file.
.SS "lwpsinfo"
-.sp
.LP
lwp-specific \fBps\fR(1) information. This file contains the \fBlwpsinfo\fR
structure for the specific lwp as described above for the representative lwp in
the process's \fBpsinfo\fR file. The \fBlwpsinfo\fR file remains accessible
after an lwp becomes a zombie.
.SS "lwpusage"
-.sp
.LP
This file contains the \fBprusage\fR structure for the specific lwp as
described above for the process's \fBusage\fR file.
.SS "gwindows"
-.sp
.LP
This file exists only on SPARC based machines. If it is non-empty, it contains
a \fBgwindows_t\fR structure, defined in \fB<sys/regset.h>\fR, with the values
of those SPARC register windows that could not be stored on the stack when the
lwp stopped. Conditions under which register windows are not stored on the
stack are: the stack pointer refers to nonexistent process memory or the stack
pointer is improperly aligned. If the lwp is not stopped or if there are no
register windows that could not be stored on the stack, the file is empty (the
usual case).
.SS "xregs"
-.sp
.LP
Extra state registers. The extra state register set is architecture dependent;
this file is empty if the system does not support extra state registers. If the
file is non-empty, it contains an architecture dependent structure of type
\fBprxregset_t\fR, defined in \fB<procfs.h>\fR, with the values of the lwp's
extra state registers. If the lwp is not stopped, all register values are
undefined. See also the \fBPCSXREG\fR control operation, below.
.SS "asrs"
-.sp
.LP
This file exists only for 64-bit SPARC V9 processes. It contains an
\fBasrset_t\fR structure, defined in <\fBsys/regset.h\fR>, containing the
values of the lwp's platform-dependent ancillary state registers. If the lwp is
not stopped, all register values are undefined. See also the \fBPCSASRS\fR
control operation, below.
.SS "spymaster"
-.sp
.LP
For an agent lwp (see \fBPCAGENT\fR), this file contains a \fBpsinfo_t\fR
structure that corresponds to the process that created the agent lwp at the
time the agent was created. This structure is identical to that retrieved via
the \fBpsinfo\fR file, with one modification: the \fBpr_time\fR field does not
correspond to the CPU time for the process, but rather to the creation time of
the agent lwp.
.SS "templates"
-.sp
.LP
A directory which contains references to the active templates for the lwp,
named by the contract type. Changes made to an active template descriptor do
not affect the original template which was activated, though they do affect the
active template. It is not possible to activate an active template descriptor.
See \fBcontract\fR(4).
.SH CONTROL MESSAGES
-.sp
.LP
Process state changes are effected through messages written to a process's
\fBctl\fR file or to an individual lwp's \fBlwpctl\fR file. All control
messages consist of a \fBlong\fR that names the specific operation followed by
additional data containing the operand, if any.
@@ -1575,11 +1557,10 @@
.LP
Descriptions of the allowable control messages follow. In all cases, writing a
message to a control file for a process or lwp that has terminated elicits the
error \fBENOENT\fR.
.SS "PCSTOP PCDSTOP PCWSTOP PCTWSTOP"
-.sp
.LP
When applied to the process control file, \fBPCSTOP\fR directs all lwps to stop
and waits for them to stop, \fBPCDSTOP\fR directs all lwps to stop without
waiting for them to stop, and \fBPCWSTOP\fR simply waits for all lwps to stop.
When applied to an lwp control file, \fBPCSTOP\fR directs the specific lwp to
@@ -1624,11 +1605,10 @@
A system process (indicated by the \fBPR_ISSYS\fR flag) never executes at user
level, has no user-level address space visible through \fB/proc\fR, and cannot
be stopped. Applying one of these operations to a system process or any of its
lwps elicits the error \fBEBUSY\fR.
.SS "PCRUN"
-.sp
.LP
Make an lwp runnable again after a stop. This operation takes a \fBlong\fR
operand containing zero or more of the following flags:
.sp
.ne 2
@@ -1705,11 +1685,10 @@
outstanding directed-stop requests are cleared and, if it was stopped on an
event of interest, the representative lwp is marked \fBPR_REQUESTED\fR. If, as
a consequence, all lwps are in the \fBPR_REQUESTED\fR or \fBPR_SUSPENDED\fR
stop state, all lwps showing \fBPR_REQUESTED\fR are made runnable.
.SS "PCSTRACE"
-.sp
.LP
Define a set of signals to be traced in the process. The receipt of one of
these signals by an lwp causes the lwp to stop. The set of signals is defined
using an operand \fBsigset_t\fR contained in the control message. Receipt of
\fBSIGKILL\fR cannot be traced; if specified, it is silently ignored.
@@ -1718,15 +1697,13 @@
If a signal that is included in an lwp's held signal set (the signal mask) is
sent to the lwp, the signal is not received and does not cause a stop until it
is removed from the held signal set, either by the lwp itself or by setting the
held signal set with \fBPCSHOLD\fR.
.SS "PCCSIG"
-.sp
.LP
The current signal, if any, is cleared from the specific or representative lwp.
.SS "PCSSIG"
-.sp
.LP
The current signal and its associated signal information for the specific or
representative lwp are set according to the contents of the operand
\fBsiginfo\fR structure (see \fB<sys/siginfo.h>\fR). If the specified signal
number is zero, the current signal is cleared. The semantics of this operation
@@ -1734,35 +1711,31 @@
the lwp immediately after execution is resumed (even if it is being blocked)
and an additional \fBPR_SIGNALLED\fR stop does not intervene even if the signal
is traced. Setting the current signal to \fBSIGKILL\fR terminates the process
immediately.
.SS "PCKILL"
-.sp
.LP
If applied to the process control file, a signal is sent to the process with
semantics identical to those of \fBkill\fR(2). If applied to an lwp control
file, a directed signal is sent to the specific lwp. The signal is named in a
\fBlong\fR operand contained in the message. Sending \fBSIGKILL\fR terminates
the process immediately.
.SS "PCUNKILL"
-.sp
.LP
A signal is deleted, that is, it is removed from the set of pending signals. If
applied to the process control file, the signal is deleted from the process's
pending signals. If applied to an lwp control file, the signal is deleted from
the lwp's pending signals. The current signal (if any) is unaffected. The
signal is named in a \fBlong\fR operand in the control message. It is an error
(\fBEINVAL\fR) to attempt to delete \fBSIGKILL\fR.
.SS "PCSHOLD"
-.sp
.LP
Set the set of held signals for the specific or representative lwp (signals
whose delivery will be blocked if sent to the lwp). The set of signals is
specified with a \fBsigset_t\fR operand. \fBSIGKILL\fR and \fBSIGSTOP\fR cannot
be held; if specified, they are silently ignored.
.SS "PCSFAULT"
-.sp
.LP
Define a set of hardware faults to be traced in the process. On incurring one
of these faults, an lwp stops. The set is defined via the operand
\fBfltset_t\fR structure. Fault names are defined in \fB<sys/fault.h>\fR and
include the following. Some of these may not occur on all processors; there may
@@ -1883,16 +1856,14 @@
or by the \fBPRCFAULT\fR option of \fBPCRUN\fR. \fBFLTPAGE\fR is an exception;
no signal is posted. The \fBpr_info\fR field in the \fBlwpstatus\fR structure
identifies the signal to be sent and contains machine-specific information
about the fault.
.SS "PCCFAULT"
-.sp
.LP
The current fault, if any, is cleared; the associated signal will not be sent
to the specific or representative lwp.
.SS "PCSENTRY PCSEXIT"
-.sp
.LP
These control operations instruct the process's lwps to stop on entry to or
exit from specified system calls. The set of system calls to be traced is
defined via an operand \fBsysset_t\fR structure.
.sp
@@ -1909,11 +1880,10 @@
sleeping in an interruptible system call (\fBPR_ASLEEP\fR is set), it may be
instructed to go directly to system call exit by specifying the \fBPRSABORT\fR
flag in a \fBPCRUN\fR control message. Unless exit from the system call is
being traced, the lwp returns to user level showing \fBEINTR\fR.
.SS "PCWATCH"
-.sp
.LP
Set or clear a watched area in the controlled process from a \fBprwatch\fR
structure operand:
.sp
.in +2
@@ -2058,11 +2028,10 @@
Watched areas are not inherited by child processes, even if the traced
process's inherit-on-fork mode, \fBPR_FORK\fR, is set (see \fBPCSET\fR, below).
All watched areas are cancelled when the traced process performs a successful
\fBexec\fR(2).
.SS "PCSET PCUNSET"
-.sp
.LP
\fBPCSET\fR sets one or more modes of operation for the traced process.
\fBPCUNSET\fR unsets these modes. The modes to be set or unset are specified by
flags in an operand \fBlong\fR in the control message:
.sp
@@ -2174,11 +2143,10 @@
It is an error (\fBEINVAL\fR) to specify flags other than those described above
or to apply these operations to a system process. The current modes are
reported in the \fBpr_flags\fR field of \fB/proc/\fR\fIpid\fR\fB/status\fR and
\fB/proc/\fR\fIpid\fR\fB/lwp/\fR\fIlwp\fR\fB/lwpstatus\fR.
.SS "PCSREG"
-.sp
.LP
Set the general registers for the specific or representative lwp according to
the operand \fBprgregset_t\fR structure.
.sp
.LP
@@ -2193,46 +2161,41 @@
.sp
.LP
\fBPCSREG\fR fails with \fBEBUSY\fR if the lwp is not stopped on an event of
interest.
.SS "PCSVADDR"
-.sp
.LP
Set the address at which execution will resume for the specific or
representative lwp from the operand \fBlong\fR. On SPARC based systems, both
%pc and %npc are set, with %npc set to the instruction following the virtual
address. On x86-based systems, only %eip is set. \fBPCSVADDR\fR fails with
\fBEBUSY\fR if the lwp is not stopped on an event of interest.
.SS "PCSFPREG"
-.sp
.LP
Set the floating-point registers for the specific or representative lwp
according to the operand \fBprfpregset_t\fR structure. An error (\fBEINVAL\fR)
is returned if the system does not support floating-point operations (no
floating-point hardware and the system does not emulate floating-point machine
instructions). \fBPCSFPREG\fR fails with \fBEBUSY\fR if the lwp is not stopped
on an event of interest.
.SS "PCSXREG"
-.sp
.LP
Set the extra state registers for the specific or representative lwp according
to the architecture-dependent operand \fBprxregset_t\fR structure. An error
(\fBEINVAL\fR) is returned if the system does not support extra state
registers. \fBPCSXREG\fR fails with \fBEBUSY\fR if the lwp is not stopped on an
event of interest.
.SS "PCSASRS"
-.sp
.LP
Set the ancillary state registers for the specific or representative lwp
according to the SPARC V9 platform-dependent operand \fBasrset_t\fR structure.
An error (\fBEINVAL\fR) is returned if either the target process or the
controlling process is not a 64-bit SPARC V9 process. Most of the ancillary
state registers are privileged registers that cannot be modified. Only those
that can be modified are set; all others are silently ignored. \fBPCSASRS\fR
fails with \fBEBUSY\fR if the lwp is not stopped on an event of interest.
.SS "PCAGENT"
-.sp
.LP
Create an agent lwp in the controlled process with register values from the
operand \fBprgregset_t\fR structure (see \fBPCSREG\fR, above). The agent lwp is
created in the stopped state showing \fBPR_REQUESTED\fR and with its held
signal set (the signal mask) having all signals except \fBSIGKILL\fR and
@@ -2289,11 +2252,10 @@
.sp
.LP
Symbolic constants for system call trap numbers like \fBSYS_lwp_exit\fR and
\fBSYS_lwp_create\fR can be found in the header file <\fBsys/syscall.h\fR>.
.SS "PCREAD PCWRITE"
-.sp
.LP
Read or write the target process's address space via a \fBpriovec\fR structure
operand:
.sp
.in +2
@@ -2316,35 +2278,31 @@
example, when planting many breakpoint instructions in the process's address
space, or when stepping over a breakpointed instruction. Unlike \fBpread\fR(2)
and \fBpwrite\fR(2), no provision is made for partial reads or writes; if the
operation cannot be performed completely, it fails with \fBEIO\fR.
.SS "PCNICE"
-.sp
.LP
The traced process's \fBnice\fR(2) value is incremented by the amount in the
operand \fBlong\fR. Only a process with the {\fBPRIV_PROC_PRIOCNTL\fR}
privilege asserted in its effective set can better a process's priority in this
way, but any user may lower the priority. This operation is not meaningful for
all scheduling classes.
.SS "PCSCRED"
-.sp
.LP
Set the target process credentials to the values contained in the
\fBprcred_t\fR structure operand (see \fB/proc/\fR\fIpid\fR\fB/cred\fR). The
effective, real, and saved user-IDs and group-IDs of the target process are
set. The target process's supplementary groups are not changed; the
\fBpr_ngroups\fR and \fBpr_groups\fR members of the structure operand are
ignored. Only the privileged processes can perform this operation; for all
others it fails with \fBEPERM\fR.
.SS "PCSCREDX"
-.sp
.LP
Operates like \fBPCSCRED\fR but also sets the supplementary groups; the length
of the data written with this control operation should be "sizeof
(\fBprcred_t\fR) + sizeof (\fBgid_t)\fR * (#groups - 1)".
.SS "PCSPRIV"
-.sp
.LP
Set the target process privilege to the values contained in the \fBprpriv_t\fR
operand (see \fB/proc/pid/priv\fR). The effective, permitted, inheritable, and
limit sets are all changed. Privilege flags can also be set. The process is
made privilege aware unless it can relinquish privilege awareness. See
@@ -2358,11 +2316,10 @@
.sp
.LP
If any of the above restrictions are not met, \fBEPERM\fR is returned. If the
structure written is improperly formatted, \fBEINVAL\fR is returned.
.SH PROGRAMMING NOTES
-.sp
.LP
For security reasons, except for the \fBpsinfo\fR, \fBusage\fR, \fBlpsinfo\fR,
\fBlusage\fR, \fBlwpsinfo\fR, and \fBlwpusage\fR files, which are
world-readable, and except for privileged processes, an open of a \fB/proc\fR
file fails unless both the user-ID and group-ID of the caller match those of
@@ -2417,11 +2374,10 @@
descriptor has become invalid. \fBPOLLNVAL\fR is returned immediately if
\fBPOLLPRI\fR or \fBPOLLWRNORM\fR is requested on a file descriptor referring
to a system process (see \fBPCSTOP\fR). The requested events may be empty to
wait simply for termination.
.SH FILES
-.sp
.ne 2
.na
\fB\fB/proc\fR\fR
.ad
.sp .6
@@ -2818,11 +2774,10 @@
.RS 4n
For an agent LWP, the controlling process
.RE
.SH SEE ALSO
-.sp
.LP
\fBls\fR(1), \fBps\fR(1), \fBchroot\fR(1M), \fBalarm\fR(2), \fBbrk\fR(2),
\fBchdir\fR(2), \fBchroot\fR(2), \fBclose\fR(2), \fBcreat\fR(2), \fBdup\fR(2),
\fBexec\fR(2), \fBfcntl\fR(2), \fBfork\fR(2), \fBfork1\fR(2), \fBfstat\fR(2),
\fBgetdents\fR(2), \fBgetustack\fR(2), \fBkill\fR(2), \fBlseek\fR(2),
@@ -2832,13 +2787,12 @@
\fBvfork\fR(2), \fBwrite\fR(2), \fBwritev\fR(2), \fB_stack_grow\fR(3C),
\fBreaddir\fR(3C), \fBpthread_create\fR(3C), \fBpthread_join\fR(3C),
\fBsiginfo.h\fR(3HEAD), \fBsignal.h\fR(3HEAD), \fBthr_create\fR(3C),
\fBthr_join\fR(3C), \fBtypes32.h\fR(3HEAD), \fBucontext.h\fR(3HEAD),
\fBwait\fR(3C), \fBcontract\fR(4), \fBcore\fR(4), \fBprocess\fR(4),
-\fBlfcompile\fR(5), \fBprivileges\fR(5)
+\fBlfcompile\fR(5), \fBprivileges\fR(5), \fBsecurity-flags\fR(5)
.SH DIAGNOSTICS
-.sp
.LP
Errors that can occur in addition to the errors normally associated with file
system access:
.sp
.ne 2
@@ -2989,18 +2943,16 @@
any of the uids to 0 using PCSCRED and the security policy imposed additional
restrictions. See \fBprivileges\fR(5).
.RE
.SH NOTES
-.sp
.LP
Descriptions of structures in this document include only interesting structure
elements, not filler and padding fields, and may show elements out of order for
descriptive clarity. The actual structure definitions are contained in
\fB<procfs.h>\fR\&.
.SH BUGS
-.sp
.LP
Because the old \fBioctl\fR(2)-based version of \fB/proc\fR is currently
supported for binary compatibility with old applications, the top-level
directory for a process, \fB/proc/\fR\fIpid\fR, is not world-readable, but it
is world-searchable. Thus, anyone can open \fB/proc/\fR\fIpid\fR\fB/psinfo\fR