Unix/Linux Go Back    


CentOS 7.0 - man page for prctl (centos section 2)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


PRCTL(2)			    Linux Programmer's Manual				 PRCTL(2)

NAME
       prctl - operations on a process

SYNOPSIS
       #include <sys/prctl.h>

       int prctl(int option, unsigned long arg2, unsigned long arg3,
		 unsigned long arg4, unsigned long arg5);

DESCRIPTION
       prctl()	is  called  with  a  first argument describing what to do (with values defined in
       <linux/prctl.h>), and further arguments with a significance depending on  the  first  one.
       The first argument can be:

       PR_CAPBSET_READ (since Linux 2.6.25)
	      Return  (as  the	function  result) 1 if the capability specified in arg2 is in the
	      calling thread's capability bounding set, or 0 if it is not.  (The capability  con-
	      stants  are defined in <linux/capability.h>.)  The capability bounding set dictates
	      whether the process can receive the capability through a file's permitted  capabil-
	      ity set on a subsequent call to execve(2).

	      If  the  capability  specified  in  arg2 is not valid, then the call fails with the
	      error EINVAL.

       PR_CAPBSET_DROP (since Linux 2.6.25)
	      If the calling thread has the CAP_SETPCAP  capability,  then  drop  the  capability
	      specified  by arg2 from the calling thread's capability bounding set.  Any children
	      of the calling thread will inherit the newly reduced bounding set.

	      The call fails with the error: EPERM if  the  calling  thread  does  not	have  the
	      CAP_SETPCAP;  EINVAL  if	arg2  does not represent a valid capability; or EINVAL if
	      file capabilities are not enabled in the kernel, in which case  bounding	sets  are
	      not supported.

       PR_SET_CHILD_SUBREAPER (since Linux 3.4)
	      If  arg2 is nonzero, set the "child subreaper" attribute of the calling process; if
	      arg2 is zero, unset the attribute.  When a process is marked as a child  subreaper,
	      all  of the children that it creates, and their descendants, will be marked as hav-
	      ing a subreaper.	In effect, a subreaper fulfills  the  role  of	init(1)  for  its
	      descendant  processes.   Upon  termination of a process that is orphaned (i.e., its
	      immediate parent has already terminated) and marked  as  having  a  subreaper,  the
	      nearest  still  living ancestor subreaper will receive a SIGCHLD signal and be able
	      to wait(2) on the process to discover its termination status.

       PR_GET_CHILD_SUBREAPER (since Linux 3.4)
	      Return the "child subreaper" setting of the caller, in the location pointed  to  by
	      (int *) arg2.

       PR_SET_DUMPABLE (since Linux 2.3.20)
	      Set the state of the flag determining whether core dumps are produced for the call-
	      ing process upon delivery of a signal whose default behavior is to produce  a  core
	      dump.  (Normally, this flag is set for a process by default, but it is cleared when
	      a set-user-ID or set-group-ID program is executed and also by various system  calls
	      that  manipulate	process  UIDs  and GIDs).  In kernels up to and including 2.6.12,
	      arg2 must be either 0 (process  is  not  dumpable)  or  1  (process  is  dumpable).
	      Between kernels 2.6.13 and 2.6.17, the value 2 was also permitted, which caused any
	      binary which normally would not be dumped to be dumped readable by root  only;  for
	      security	reasons,  this	feature  has  been removed.  (See also the description of
	      /proc/sys/fs/suid_dumpable in proc(5).)  Processes that are not dumpable can not be
	      attached via ptrace(2) PTRACE_ATTACH.

       PR_GET_DUMPABLE (since Linux 2.3.20)
	      Return (as the function result) the current state of the calling process's dumpable
	      flag.

       PR_SET_ENDIAN (since Linux 2.6.18, PowerPC only)
	      Set the endian-ness of the calling process to the value given in arg2, which should
	      be  one  of the following: PR_ENDIAN_BIG, PR_ENDIAN_LITTLE, or PR_ENDIAN_PPC_LITTLE
	      (PowerPC pseudo little endian).

       PR_GET_ENDIAN (since Linux 2.6.18, PowerPC only)
	      Return the endian-ness of the calling  process,  in  the	location  pointed  to  by
	      (int *) arg2.

       PR_SET_FPEMU (since Linux 2.4.18, 2.5.9, only on ia64)
	      Set  floating-point  emulation  control  bits  to  arg2.	 Pass PR_FPEMU_NOPRINT to
	      silently emulate fp operations accesses, or PR_FPEMU_SIGFPE to not emulate fp oper-
	      ations and send SIGFPE instead.

       PR_GET_FPEMU (since Linux 2.4.18, 2.5.9, only on ia64)
	      Return floating-point emulation control bits, in the location pointed to by (int *)
	      arg2.

       PR_SET_FPEXC (since Linux 2.4.21, 2.5.32, only on PowerPC)
	      Set floating-point exception mode to arg2.  Pass PR_FP_EXC_SW_ENABLE to  use  FPEXC
	      for  FP  exception  enables,  PR_FP_EXC_DIV  for	floating-point	divide	by  zero,
	      PR_FP_EXC_OVF for floating-point overflow, PR_FP_EXC_UND for floating-point  under-
	      flow,  PR_FP_EXC_RES for floating-point inexact result, PR_FP_EXC_INV for floating-
	      point  invalid  operation,   PR_FP_EXC_DISABLED	for   FP   exceptions	disabled,
	      PR_FP_EXC_NONRECOV  for  async  nonrecoverable  exception mode, PR_FP_EXC_ASYNC for
	      async recoverable exception mode, PR_FP_EXC_PRECISE for precise exception mode.

       PR_GET_FPEXC (since Linux 2.4.21, 2.5.32, only on PowerPC)
	      Return floating-point exception mode, in the location pointed to by (int *) arg2.

       PR_SET_KEEPCAPS (since Linux 2.2.18)
	      Set the state of the thread's "keep capabilities" flag,  which  determines  whether
	      the  threads's  permitted  capability  set  is cleared when a change is made to the
	      threads's user IDs such that the threads's real UID, effective UID, and saved  set-
	      user-ID  all  become  nonzero when at least one of them previously had the value 0.
	      By default, the permitted capability set is cleared when such  a	change	is  made;
	      setting  the "keep capabilities" flag prevents it from being cleared.  arg2 must be
	      either 0 (permitted capabilities are cleared)  or  1  (permitted	capabilities  are
	      kept).   (A thread's effective capability set is always cleared when such a creden-
	      tial change is made, regardless of the setting of the  "keep  capabilities"  flag.)
	      The "keep capabilities" value will be reset to 0 on subsequent calls to execve(2).

       PR_GET_KEEPCAPS (since Linux 2.2.18)
	      Return  (as  the	function result) the current state of the calling threads's "keep
	      capabilities" flag.

       PR_SET_NAME (since Linux 2.6.9)
	      Set the name of the calling thread, using the value in the location pointed  to  by
	      (char *)	arg2.  The name can be up to 16 bytes long, and should be null-terminated
	      if it contains fewer bytes.  This is  the  same  attribute  that	can  be  set  via
	      pthread_setname_np(3)  and retrieved using pthread_getname_np(3).  The attribute is
	      likewise accessible via /proc/self/task/[tid]/comm, where tid is the  name  of  the
	      calling thread.

       PR_GET_NAME (since Linux 2.6.11)
	      Return  the  name of the calling thread, in the buffer pointed to by (char *) arg2.
	      The buffer should allow space for up to 16 bytes; the returned string will be null-
	      terminated if it is shorter than that.

       PR_SET_NO_NEW_PRIVS (since Linux 3.5)
	      Set the calling process's no_new_privs bit to the value in arg2.	With no_new_privs
	      set to 1, execve(2) promises not to grant privileges to do anything that could  not
	      have  been  done without the execve(2) call (for example, rendering the set-user-ID
	      and set-group-ID permission bits, and file capabilities non-functional).	Once set,
	      this bit cannot be unset.  The setting of this bit is inherited by children created
	      by fork(2) and clone(2), and preserved across execve(2).

	      For    more    information,    see    the    kernel    source    file    Documenta-
	      tion/prctl/no_new_privs.txt.

       PR_GET_NO_NEW_PRIVS (since Linux 3.5)
	      Return  the  value  of  the no_new_privs bit for the current process.  A value of 0
	      indicates the regular execve(2) behavior.  A value of 1  indicates  execve(2)  will
	      operate in the privilege-restricting mode described above.

       PR_SET_PDEATHSIG (since Linux 2.1.57)
	      Set the parent process death signal of the calling process to arg2 (either a signal
	      value in the range 1..maxsig, or 0 to clear).  This is the signal that the  calling
	      process  will  get  when its parent dies.  This value is cleared for the child of a
	      fork(2) and (since Linux 2.4.36 / 2.6.23) when  executing  a  set-user-ID  or  set-
	      group-ID binary.

       PR_GET_PDEATHSIG (since Linux 2.3.15)
	      Return  the  current  value  of  the  parent  process death signal, in the location
	      pointed to by (int *) arg2.

       PR_SET_PTRACER (since Linux 3.4)
	      This is meaningful only when the Yama LSM is enabled and	in  mode  1  ("restricted
	      ptrace",	visible via /proc/sys/kernel/yama/ptrace_scope).  When a "ptracer process
	      ID" is passed in arg2, the  caller  is  declaring  that  the  ptracer  process  can
	      ptrace(2)  the  calling  process	as  if	it  were a direct process ancestor.  Each
	      PR_SET_PTRACER operation replaces the previous  "ptracer	process  ID".	Employing
	      PR_SET_PTRACER  with  arg2  set  to 0 clears the caller's "ptracer process ID".  If
	      arg2 is PR_SET_PTRACER_ANY, the ptrace restrictions introduced by Yama  are  effec-
	      tively disabled for the calling process.

	      For   further   information,   see   the	kernel	source	file  Documentation/secu-
	      rity/Yama.txt.

       PR_SET_SECCOMP (since Linux 2.6.23)
	      Set the secure computing (seccomp) mode for the calling thread, to limit the avail-
	      able  system calls.  The seccomp mode is selected via arg2.  (The seccomp constants
	      are defined in <linux/seccomp.h>.)

	      With arg2 set to SECCOMP_MODE_STRICT the only system calls that the thread is  per-
	      mitted  to  make	are  read(2), write(2), _exit(2), and sigreturn(2).  Other system
	      calls result in the delivery of a SIGKILL signal.  Strict secure computing mode  is
	      useful  for  number-crunching  applications that may need to execute untrusted byte
	      code, perhaps obtained by reading from a pipe or socket.	This operation is  avail-
	      able only if the kernel is configured with CONFIG_SECCOMP enabled.

	      With arg2 set to SECCOMP_MODE_FILTER (since Linux 3.5) the system calls allowed are
	      defined by a pointer to a Berkeley Packet Filter passed in arg3.	This argument  is
	      a pointer to struct sock_fprog; it can be designed to filter arbitrary system calls
	      and system call arguments.  This mode is available only if the kernel is configured
	      with CONFIG_SECCOMP_FILTER enabled.

	      If  SECCOMP_MODE_FILTER  filters permit fork(2), then the seccomp mode is inherited
	      by children created by fork(2); if execve(2) is permitted, then the seccomp mode is
	      preserved  across  execve(2).  If the filters permit prctl() calls, then additional
	      filters can be added; they are run in order until the  first  non-allow  result  is
	      seen.

	      For  further  information,  see  the  kernel  source  file Documentation/prctl/sec-
	      comp_filter.txt.

       PR_GET_SECCOMP (since Linux 2.6.23)
	      Return the secure computing mode of the calling thread.  If the caller  is  not  in
	      secure  computing mode, this operation returns 0; if the caller is in strict secure
	      computing mode, then the prctl() call will cause a SIGKILL signal to be sent to the
	      process.	 If  the caller is in filter mode, and this system call is allowed by the
	      seccomp filters, it returns 2.  This operation is available only if the  kernel  is
	      configured with CONFIG_SECCOMP enabled.

       PR_SET_SECUREBITS (since Linux 2.6.26)
	      Set  the	"securebits"  flags  of the calling thread to the value supplied in arg2.
	      See capabilities(7).

       PR_GET_SECUREBITS (since Linux 2.6.26)
	      Return (as the function result) the "securebits" flags of the calling thread.   See
	      capabilities(7).

       PR_GET_TID_ADDRESS (since Linux 3.5)
	      Retrieve	the  clear_child_tid  address  set by set_tid_address(2) and the clone(2)
	      CLONE_CHILD_CLEARTID flag, in the location pointed to by (int **) arg2.  This  fea-
	      ture  is	available  only if the kernel is built with the CONFIG_CHECKPOINT_RESTORE
	      option enabled.

       PR_SET_TIMERSLACK (since Linux 2.6.28)
	      Set the current timer slack for the calling thread to the nanosecond value supplied
	      in  arg2.   If arg2 is less than or equal to zero, reset the current timer slack to
	      the thread's default timer slack value.  The timer slack is used by the  kernel  to
	      group  timer expirations for the calling thread that are close to one another; as a
	      consequence, timer expirations for the thread may be up to the specified number  of
	      nanoseconds  late  (but  will  never expire early).  Grouping timer expirations can
	      help reduce system power consumption by minimizing CPU wake-ups.

	      The timer expirations affected by timer slack are  those	set  by  select(2),  pse-
	      lect(2),	poll(2),  ppoll(2),  epoll_wait(2),  epoll_pwait(2),  clock_nanosleep(2),
	      nanosleep(2), and futex(2) (and thus the library functions implemented via futexes,
	      including 	  pthread_cond_timedwait(3),	      pthread_mutex_timedlock(3),
	      pthread_rwlock_timedrdlock(3),   pthread_rwlock_timedwrlock(3),	and    sem_timed-
	      wait(3)).

	      Timer  slack is not applied to threads that are scheduled under a realtime schedul-
	      ing policy (see sched_setscheduler(2)).

	      Each thread has two associated timer slack values: a "default" value, and  a  "cur-
	      rent"  value.   The current value is the one that governs grouping of timer expira-
	      tions.  When a new thread is created, the two timer slack values are made the  same
	      as  the  current value of the creating thread.  Thereafter, a thread can adjust its
	      current timer slack  value  via  PR_SET_TIMERSLACK  (the	default  value	can't  be
	      changed).   The  timer slack values of init (PID 1), the ancestor of all processes,
	      are 50,000 nanoseconds (50 microseconds).  The timer  slack  values  are	preserved
	      across execve(2).

       PR_GET_TIMERSLACK (since Linux 2.6.28)
	      Return the current timer slack value of the calling thread.

       PR_SET_TIMING (since Linux 2.6.0-test4)
	      Set  whether  to	use  (normal, traditional) statistical process timing or accurate
	      timestamp-based process timing, by passing PR_TIMING_STATISTICAL or PR_TIMING_TIME-
	      STAMP to arg2.  PR_TIMING_TIMESTAMP is not currently implemented (attempting to set
	      this mode will yield the error EINVAL).

       PR_GET_TIMING (since Linux 2.6.0-test4)
	      Return (as the function result) which process timing method is currently in use.

       PR_TASK_PERF_EVENTS_DISABLE (since Linux 2.6.31)
	      Disable all performance counters attached to the	calling  process,  regardless  of
	      whether  the counters were created by this process or another process.  Performance
	      counters created by the calling process for other processes  are	unaffected.   For
	      more  information  on  performance  counters,  see  the  Linux  kernel  source file
	      tools/perf/design.txt.

	      Originally  called  PR_TASK_PERF_COUNTERS_DISABLE;  renamed  (with  same	numerical
	      value) in Linux 2.6.32.

       PR_TASK_PERF_EVENTS_ENABLE (since Linux 2.6.31)
	      The  converse  of PR_TASK_PERF_EVENTS_DISABLE; enable performance counters attached
	      to the calling process.

	      Originally called PR_TASK_PERF_COUNTERS_ENABLE; renamed in Linux 2.6.32.

       PR_SET_TSC (since Linux 2.6.26, x86 only)
	      Set the state of the flag determining whether the timestamp counter can be read  by
	      the  process.  Pass PR_TSC_ENABLE to arg2 to allow it to be read, or PR_TSC_SIGSEGV
	      to generate a SIGSEGV when the process tries to read the timestamp counter.

       PR_GET_TSC (since Linux 2.6.26, x86 only)
	      Return the state of the flag determining whether the timestamp counter can be read,
	      in the location pointed to by (int *) arg2.

       PR_SET_UNALIGN
	      (Only  on:  ia64,  since	Linux  2.3.48; parisc, since Linux 2.6.15; PowerPC, since
	      Linux 2.6.18; Alpha, since Linux 2.6.22) Set unaligned access control bits to arg2.
	      Pass   PR_UNALIGN_NOPRINT   to   silently   fix  up  unaligned  user  accesses,  or
	      PR_UNALIGN_SIGBUS to generate SIGBUS on unaligned user access.

       PR_GET_UNALIGN
	      (see PR_SET_UNALIGN for information on versions and architectures) Return unaligned
	      access control bits, in the location pointed to by (int *) arg2.

       PR_MCE_KILL (since Linux 2.6.32)
	      Set  the	machine  check	memory corruption kill policy for the current thread.  If
	      arg2 is PR_MCE_KILL_CLEAR, clear the thread memory corruption kill policy  and  use
	      the  system-wide default.  (The system-wide default is defined by /proc/sys/vm/mem-
	      ory_failure_early_kill; see proc(5).)  If arg2 is PR_MCE_KILL_SET,  use  a  thread-
	      specific	memory	corruption  kill  policy.  In this case, arg3 defines whether the
	      policy is early kill (PR_MCE_KILL_EARLY), late kill (PR_MCE_KILL_LATE), or the sys-
	      tem-wide	default (PR_MCE_KILL_DEFAULT).	Early kill means that the thread receives
	      a SIGBUS signal as soon as  hardware  memory  corruption	is  detected  inside  its
	      address  space.	In  late kill mode, the process is killed only when it accesses a
	      corrupted page.  See sigaction(2) for more information on the SIGBUS  signal.   The
	      policy  is  inherited  by children.  The remaining unused prctl() arguments must be
	      zero for future compatibility.

       PR_MCE_KILL_GET (since Linux 2.6.32)
	      Return the current per-process machine check kill policy.  All unused prctl() argu-
	      ments must be zero.

       PR_SET_MM (since Linux 3.3)
	      Modify certain kernel memory map descriptor fields of the calling process.  Usually
	      these fields are set by the kernel and dynamic loader (see ld.so(8) for more infor-
	      mation)  and a regular application should not use this feature.  However, there are
	      cases, such as self-modifying programs, where a program might  find  it  useful  to
	      change  its  own memory map.  This feature is available only if the kernel is built
	      with the CONFIG_CHECKPOINT_RESTORE option enabled.  The calling process  must  have
	      the  CAP_SYS_RESOURCE  capability.   The value in arg2 is one of the options below,
	      while arg3 provides a new value for the option.

	      PR_SET_MM_START_CODE
		     Set the address above which the program text  can	run.   The  corresponding
		     memory  area  must  be readable and executable, but not writable or sharable
		     (see mprotect(2) and mmap(2) for more information).

	      PR_SET_MM_END_CODE
		     Set the address below which the program text  can	run.   The  corresponding
		     memory area must be readable and executable, but not writable or sharable.

	      PR_SET_MM_START_DATA
		     Set  the  address	above  which initialized and uninitialized (bss) data are
		     placed.  The corresponding memory area must be readable  and  writable,  but
		     not executable or sharable.

	      PR_SET_MM_END_DATA
		     Set  the  address	below  which initialized and uninitialized (bss) data are
		     placed.  The corresponding memory area must be readable  and  writable,  but
		     not executable or sharable.

	      PR_SET_MM_START_STACK
		     Set  the  start address of the stack.  The corresponding memory area must be
		     readable and writable.

	      PR_SET_MM_START_BRK
		     Set the address above which the program heap can  be  expanded  with  brk(2)
		     call.   The  address  must be greater than the ending address of the current
		     program data segment.  In addition, the combined size of the resulting  heap
		     and the size of the data segment can't exceed the RLIMIT_DATA resource limit
		     (see setrlimit(2)).

	      PR_SET_MM_BRK
		     Set the current brk(2) value.  The requirements for the address are the same
		     as for the PR_SET_MM_START_BRK option.

RETURN VALUE
       On   success,   PR_GET_DUMPABLE,  PR_GET_KEEPCAPS,  PR_GET_NO_NEW_PRIVS,  PR_CAPBSET_READ,
       PR_GET_TIMING, PR_GET_SECUREBITS, PR_MCE_KILL_GET,  and	(if  it  returns)  PR_GET_SECCOMP
       return  the  nonnegative values described above.  All other option values return 0 on suc-
       cess.  On error, -1 is returned, and errno is set appropriately.

ERRORS
       EFAULT arg2 is an invalid address.

       EINVAL The value of option is not recognized.

       EINVAL option is PR_MCE_KILL or PR_MCE_KILL_GET or PR_SET_MM, and unused prctl() arguments
	      were not specified as zero.

       EINVAL arg2 is not valid value for this option.

       EINVAL option  is PR_SET_SECCOMP or PR_GET_SECCOMP, and the kernel was not configured with
	      CONFIG_SECCOMP.

       EINVAL option is PR_SET_MM, and one of the following is true

	      *  arg4 or arg5 is nonzero;

	      *  arg3 is greater than TASK_SIZE (the limit on the size of the user address  space
		 for this architecture);

	      *  arg2	 is   PR_SET_MM_START_CODE,   PR_SET_MM_END_CODE,   PR_SET_MM_START_DATA,
		 PR_SET_MM_END_DATA, or PR_SET_MM_START_STACK, and the permissions of the  corre-
		 sponding memory area are not as required;

	      *  arg2  is PR_SET_MM_START_BRK or PR_SET_MM_BRK, and arg3 is less than or equal to
		 the end of  the  data	segment  or  specifies	a  value  that	would  cause  the
		 RLIMIT_DATA resource limit to be exceeded.

       EINVAL option  is  PR_SET_PTRACER  and arg2 is not 0, PR_SET_PTRACER_ANY, or the PID of an
	      existing process.

       EPERM  option is PR_SET_SECUREBITS, and the caller does not have the CAP_SETPCAP  capabil-
	      ity,  or tried to unset a "locked" flag, or tried to set a flag whose corresponding
	      locked flag was set (see capabilities(7)).

       EPERM  option is PR_SET_KEEPCAPS, and the callers's SECURE_KEEP_CAPS_LOCKED  flag  is  set
	      (see capabilities(7)).

       EPERM  option is PR_CAPBSET_DROP, and the caller does not have the CAP_SETPCAP capability.

       EPERM  option is PR_SET_MM, and the caller does not have the CAP_SYS_RESOURCE capability.

VERSIONS
       The prctl() system call was introduced in Linux 2.1.57.

CONFORMING TO
       This  call  is  Linux-specific.	 IRIX has a prctl() system call (also introduced in Linux
       2.1.44 as irix_prctl on the MIPS architecture), with prototype

       ptrdiff_t prctl(int option, int arg2, int arg3);

       and options to get the maximum number of processes per user, get  the  maximum  number  of
       processors  the calling process can use, find out whether a specified process is currently
       blocked, get or set the maximum stack size, and so on.

SEE ALSO
       signal(2), core(5)

COLOPHON
       This page is part of release 3.53 of the Linux man-pages project.  A  description  of  the
       project,     and    information	  about    reporting	bugs,	 can	be    found    at
       http://www.kernel.org/doc/man-pages/.

Linux					    2013-05-21					 PRCTL(2)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 06:05 PM.