1 .\" Hey Emacs! This file is -*- nroff -*- source.
3 .\" Copyright (C) 1998 Andries Brouwer (aeb@cwi.nl)
4 .\" and Copyright (C) 2002 Michael Kerrisk <mtk.manpages@gmail.com>
5 .\" and Copyright Guillem Jover <guillem@hadrons.org>
7 .\" Permission is granted to make and distribute verbatim copies of this
8 .\" manual provided the copyright notice and this permission notice are
9 .\" preserved on all copies.
11 .\" Permission is granted to copy and distribute modified versions of this
12 .\" manual under the conditions for verbatim copying, provided that the
13 .\" entire resulting derived work is distributed under the terms of a
14 .\" permission notice identical to this one.
16 .\" Since the Linux kernel and libraries are constantly changing, this
17 .\" manual page may be incorrect or out-of-date. The author(s) assume no
18 .\" responsibility for errors or omissions, or for damages resulting from
19 .\" the use of the information contained herein. The author(s) may not
20 .\" have taken the same level of care in the production of this manual,
21 .\" which is licensed free of charge, as they might when working
24 .\" Formatted or processed versions of this manual, if unaccompanied by
25 .\" the source, must acknowledge the copyright and authors of this work.
27 .\" Modified Thu Nov 11 04:19:42 MET 1999, aeb: added PR_GET_PDEATHSIG
28 .\" Modified 27 Jun 02, Michael Kerrisk
29 .\" Added PR_SET_DUMPABLE, PR_GET_DUMPABLE,
30 .\" PR_SET_KEEPCAPS, PR_GET_KEEPCAPS
31 .\" Modified 2006-08-30 Guillem Jover <guillem@hadrons.org>
32 .\" Updated Linux versions where the options where introduced.
33 .\" Added PR_SET_TIMING, PR_GET_TIMING, PR_SET_NAME, PR_GET_NAME,
34 .\" PR_SET_UNALIGN, PR_GET_UNALIGN, PR_SET_FPEMU, PR_GET_FPEMU,
35 .\" PR_SET_FPEXC, PR_GET_FPEXC
36 .\" 2008-04-29 Serge Hallyn, Document PR_CAPBSET_READ and PR_CAPBSET_DROP
37 .\" 2008-06-13 Erik Bosman, <ejbosman@cs.vu.nl>
38 .\" Document PR_GET_TSC and PR_SET_TSC.
39 .\" 2008-06-15 mtk, Document PR_SET_SECCOMP, PR_GET_SECCOMP
41 .TH PRCTL 2 2008-07-16 "Linux" "Linux Programmer's Manual"
43 prctl \- operations on a process
46 .B #include <sys/prctl.h>
48 .BI "int prctl(int " option ", unsigned long " arg2 ", unsigned long " arg3 ,
49 .BI " unsigned long " arg4 ", unsigned long " arg5 );
53 is called with a first argument describing what to do
54 (with values defined in \fI<linux/prctl.h>\fP), and further
55 arguments with a significance depending on the first one.
56 The first argument can be:
58 .BR PR_CAPBSET_READ " (since Linux 2.6.25)
59 Return (as the function result) 1 if the capability specified in
61 is in the calling thread's capability bounding set,
63 (The capability constants are defined in
64 .IR <linux/capability.h> .)
65 The capability bounding set dictates
66 whether the process can receive the capability through a
67 file's permitted capability set on a subsequent call to
70 If the capability specified in
72 is not valid, then the call fails with the error
75 .BR PR_CAPBSET_DROP " (since Linux 2.6.25)"
76 If the calling thread has the
78 capability, then drop the capability specified by
80 from the calling thread's capability bounding set.
81 Any children of the calling thread will inherit the newly
84 The call fails with the error:
86 if the calling thread does not have the
91 does not represent a valid capability; or
93 if file capabilities are not enabled in the kernel,
94 in which case bounding sets are not supported.
96 .BR PR_SET_DUMPABLE " (since Linux 2.3.20)"
97 Set the state of the flag determining whether core dumps are produced
98 for this process upon delivery of a signal whose default behavior is
99 to produce a core dump.
100 (Normally this flag is set for a process by default, but it is cleared
101 when a set-user-ID or set-group-ID program is executed and also by
102 various system calls that manipulate process UIDs and GIDs).
103 In kernels up to and including 2.6.12,
105 must be either 0 (process is not dumpable) or 1 (process is dumpable).
106 Between kernels 2.6.13 and 2.6.17, the value 2 was also permitted,
107 which caused any binary which normally would not be dumped
108 to be dumped readable by root only;
109 for security reasons, this feature has been removed.
110 .\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2
111 .\" Subject: Fix prctl privilege escalation (CVE-2006-2451)
112 .\" From: Marcel Holtmann <marcel () holtmann ! org>
113 .\" Date: 2006-07-12 11:12:00
114 (See also the description of
115 .I /proc/sys/fs/suid_dumpable
119 .BR PR_GET_DUMPABLE " (since Linux 2.3.20)"
120 Return (as the function result) the current state of the calling
121 process's dumpable flag.
122 .\" Since Linux 2.6.13, the dumpable flag can have the value 2,
123 .\" but in 2.6.13 PR_GET_DUMPABLE simply returns 1 if the dumpable
124 .\" flags has a nonzero value. This was fixed in 2.6.14.
126 .BR PR_SET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
127 Set the endian-ness of the calling process to the value given
128 in \fIarg2\fP, which should be one of the following:
129 .\" Respectively 0, 1, 2
131 .BR PR_ENDIAN_LITTLE ,
133 .B PR_ENDIAN_PPC_LITTLE
134 (PowerPC pseudo little endian).
136 .BR PR_GET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
137 Return the endian-ness of the calling process,
138 in the location pointed to by
139 .IR "(int\ *) arg2" .
141 .BR PR_SET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
142 Set floating-point emulation control bits to \fIarg2\fP.
143 Pass \fBPR_FPEMU_NOPRINT\fP to silently emulate fp operations accesses, or
144 \fBPR_FPEMU_SIGFPE\fP to not emulate fp operations and send
148 .BR PR_GET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
149 Return floating-point emulation control bits,
150 in the location pointed to by
151 .IR "(int\ *) arg2" .
153 .BR PR_SET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
154 Set floating-point exception mode to \fIarg2\fP.
155 Pass \fBPR_FP_EXC_SW_ENABLE\fP to use FPEXC for FP exception enables,
156 \fBPR_FP_EXC_DIV\fP for floating-point divide by zero,
157 \fBPR_FP_EXC_OVF\fP for floating-point overflow,
158 \fBPR_FP_EXC_UND\fP for floating-point underflow,
159 \fBPR_FP_EXC_RES\fP for floating-point inexact result,
160 \fBPR_FP_EXC_INV\fP for floating-point invalid operation,
161 \fBPR_FP_EXC_DISABLED\fP for FP exceptions disabled,
162 \fBPR_FP_EXC_NONRECOV\fP for async nonrecoverable exception mode,
163 \fBPR_FP_EXC_ASYNC\fP for async recoverable exception mode,
164 \fBPR_FP_EXC_PRECISE\fP for precise exception mode.
166 .BR PR_GET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
167 Return floating-point exception mode,
168 in the location pointed to by
169 .IR "(int\ *) arg2" .
171 .BR PR_SET_KEEPCAPS " (since Linux 2.2.18)"
172 Set the state of the thread's "keep capabilities" flag,
173 which determines whether the threads's effective and permitted
174 capability sets are cleared when a change is made to the threads's user IDs
175 such that the threads's real UID, effective UID, and saved set-user-ID
176 all become nonzero when at least one of them previously had the value 0.
177 (By default, these credential sets are cleared).
179 must be either 0 (capabilities are cleared) or 1 (capabilities are kept).
180 This value will be reset to 0 on subsequent calls to
183 .BR PR_GET_KEEPCAPS " (since Linux 2.2.18)"
184 Return (as the function result) the current state of the calling threads's
185 "keep capabilities" flag.
187 .BR PR_SET_NAME " (since Linux 2.6.9)"
188 Set the process name for the calling process,
189 using the value in the location pointed to by
190 .IR "(char\ *) arg2" .
191 The name can be up to 16 bytes long,
192 .\" TASK_COMM_LEN in include/linux/sched.h
193 and should be null-terminated if it contains fewer bytes.
195 .BR PR_GET_NAME " (since Linux 2.6.11)"
196 Return the process name for the calling process,
197 in the buffer pointed to by
198 .IR "(char\ *) arg2" .
199 The buffer should allow space for up to 16 bytes;
200 the returned string will be null-terminated if it is shorter than that.
202 .BR PR_SET_PDEATHSIG " (since Linux 2.1.57)"
203 Set the parent process death signal
204 of the calling process to \fIarg2\fP (either a signal value
205 in the range 1..maxsig, or 0 to clear).
206 This is the signal that the calling process will get when its
208 This value is cleared for the child of a
211 .BR PR_GET_PDEATHSIG " (since Linux 2.3.15)"
212 Return the current value of the parent process death signal,
213 in the location pointed to by
214 .IR "(int\ *) arg2" .
216 .BR PR_SET_SECCOMP " (since Linux 2.6.23)"
217 .\" See http://thread.gmane.org/gmane.linux.kernel/542632
218 .\" [PATCH 0 of 2] seccomp updates
219 .\" andrea@cpushare.com
220 Set the secure computing mode for the calling thread.
221 In the current implementation,
224 After the secure computing mode has been set to 1,
225 the only system calls that the thread is permitted to make are
231 Other system calls result in the delivery of a
234 Secure computing mode is useful for number-crunching applications
235 that may need to execute untrusted byte code,
236 perhaps obtained by reading from a pipe or socket.
237 This operation is only available
238 if the kernel is configured with CONFIG_SECCOMP enabled.
240 .BR PR_GET_SECCOMP " (since Linux 2.6.23)"
241 Return the secure computing mode of the calling thread.
242 Not very useful for the current implementation (mode equals 1),
243 but may be useful for other possible future modes:
244 if the caller is not in secure computing mode, this operation returns 0;
245 if the caller is in secure computing mode, then the
249 signal to be sent to the process.
250 This operation is only available
251 if the kernel is configured with CONFIG_SECCOMP enabled.
253 .BR PR_SET_SECUREBITS " (since Linux 2.6.26)"
254 Set the "securebits" flags of the calling thread to the value supplied in
257 .BR capabilities (7).
259 .BR PR_GET_SECUREBITS " (since Linux 2.6.26)"
260 Return (as the function result)
261 the "securebits" flags of the calling thread.
263 .BR capabilities (7).
265 .BR PR_SET_TIMING " (since Linux 2.6.0-test4)"
266 Set whether to use (normal, traditional) statistical process timing or
267 accurate timestamp based process timing, by passing
268 .B PR_TIMING_STATISTICAL
271 .B PR_TIMING_TIMESTAMP
274 .B PR_TIMING_TIMESTAMP
275 is not currently implemented
276 (attempting to set this mode will yield the error
278 .\" PR_TIMING_TIMESTAMP doesn't do anything in 2.6.26-rc8,
279 .\" and looking at the patch history, it appears
280 .\" that it never did anything.
282 .BR PR_GET_TIMING " (since Linux 2.6.0-test4)"
283 Return (as the function result) which process timing method is currently
286 .BR PR_SET_TSC " (since Linux 2.6.26, x86 only)"
287 Set the state of the flag determining whether the timestamp counter
288 can be read by the process.
293 to allow it to be read, or
297 when the process tries to read the timestamp counter.
299 .BR PR_GET_TSC " (since Linux 2.6.26, x86 only)"
300 Return the state of the flag determining whether the timestamp counter
302 in the location pointed to by
303 .IR "(int\ *) arg2" .
306 (Only on: ia64, since Linux 2.3.48; parisc, since Linux 2.6.15;
307 PowerPC, since Linux 2.6.18; Alpha, since Linux 2.6.22)
308 Set unaligned access control bits to \fIarg2\fP.
310 \fBPR_UNALIGN_NOPRINT\fP to silently fix up unaligned user accesses,
311 or \fBPR_UNALIGN_SIGBUS\fP to generate
313 on unaligned user access.
318 for information on versions and architectures)
319 Return unaligned access control bits, in the location pointed to by
320 .IR "(int\ *) arg2" .
323 .BR PR_GET_DUMPABLE ,
324 .BR PR_GET_KEEPCAPS ,
325 .BR PR_CAPBSET_READ ,
327 .BR PR_GET_SECUREBITS ,
330 return the nonnegative values described above.
333 values return 0 on success.
334 On error, \-1 is returned, and
336 is set appropriately.
341 is an invalid address.
350 is not valid value for this
359 and the kernel was not configured with
365 .BR PR_SET_SECUREBITS ,
366 and the caller does not have the
369 or tried to unset a "locked" flag,
370 or tried to set a flag whose corresponding locked flag was set
372 .BR capabilities (7)).
377 .BR PR_SET_KEEPCAPS ,
379 .B SECURE_KEEP_CAPS_LOCKED
382 .BR capabilities (7)).
387 .BR PR_CAPBSET_DROP ,
388 and the caller does not have the
391 .\" The following can't actually happen, because prctl() in
392 .\" seccomp mode will cause SIGKILL.
397 .\" .BR PR_SET_SECCOMP ,
398 .\" and secure computing mode is already 1.
402 system call was introduced in Linux 2.1.57.
403 .\" The library interface was added in glibc 2.0.6
405 This call is Linux-specific.
408 system call (also introduced in Linux 2.1.44
409 as irix_prctl on the MIPS architecture),
412 .BI "ptrdiff_t prctl(int " option ", int " arg2 ", int " arg3 );
414 and options to get the maximum number of processes per user,
415 get the maximum number of processors the calling process can use,
416 find out whether a specified process is currently blocked,
417 get or set the maximum stack size, etc.