[PATCH] kcmp.2: note about SECURITY

linux-man.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] kcmp.2: note about SECURITY_YAMA
@ 2013-11-28 21:42 Shawn Landden
       [not found] ` <1385674933-9388-1-git-send-email-shawn-01I/ocv1qBBILuwUvNxBeQ@public.gmane.org>
  0 siblings, 1 reply; 2+ messages in thread
From: Shawn Landden @ 2013-11-28 21:42 UTC (permalink / raw)
  To: linux-man-u79uwXL29TY76Z2rM5mHXA; +Cc: Shawn Landden

---
 man2/kcmp.2 | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/man2/kcmp.2 b/man2/kcmp.2
index 5cde64e..fcfe711 100644
--- a/man2/kcmp.2
+++ b/man2/kcmp.2
@@ -187,7 +187,12 @@ is invalid.
 Insufficient permission to inspect process resources.
 The
 .B CAP_SYS_PTRACE
-capability is required to inspect processes that you do not own.
+capability is required to inspect processes that you do not own. Other
+limitations on ptrace apply, such as
+.BR CONFIG_SECURITY_YAMA ,
+which when /proc/sys/kernel/yama/ptrace_scope is 2 (the default) limits
+.BR kcmp()
+to child processes.
 .TP
 .B ESRCH
 Process
-- 
1.8.4.4

--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] kcmp.2: note about SECURITY_YAMA
       [not found] ` <1385674933-9388-1-git-send-email-shawn-01I/ocv1qBBILuwUvNxBeQ@public.gmane.org>
@ 2016-06-09  8:20   ` Michael Kerrisk (man-pages)
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Kerrisk (man-pages) @ 2016-06-09  8:20 UTC (permalink / raw)
  To: Shawn Landden, linux-man-u79uwXL29TY76Z2rM5mHXA
  Cc: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w

On 11/28/2013 10:42 PM, Shawn Landden wrote:

Thanks, Shawn.

Applied.

Cheers,

Michael


> ---
>  man2/kcmp.2 | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/man2/kcmp.2 b/man2/kcmp.2
> index 5cde64e..fcfe711 100644
> --- a/man2/kcmp.2
> +++ b/man2/kcmp.2
> @@ -187,7 +187,12 @@ is invalid.
>  Insufficient permission to inspect process resources.
>  The
>  .B CAP_SYS_PTRACE
> -capability is required to inspect processes that you do not own.
> +capability is required to inspect processes that you do not own. Other
> +limitations on ptrace apply, such as
> +.BR CONFIG_SECURITY_YAMA ,
> +which when /proc/sys/kernel/yama/ptrace_scope is 2 (the default) limits
> +.BR kcmp()
> +to child processes.
>  .TP
>  .B ESRCH
>  Process
> 


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-06-09  8:20 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-11-28 21:42 [PATCH] kcmp.2: note about SECURITY_YAMA Shawn Landden
     [not found] ` <1385674933-9388-1-git-send-email-shawn-01I/ocv1qBBILuwUvNxBeQ@public.gmane.org>
2016-06-09  8:20   ` Michael Kerrisk (man-pages)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).