proccontrol
—
Control some process execution aspects
proccontrol |
-m mode
[-s control]
[-q ] -p
pid | command |
The proccontrol
command modifies the execution parameter
of existing process specified by the pid argument, or
starts execution of the new program command with the
execution parameter set for it.
Which execution parameter is changed, selected by the mandatory
parameter mode. Possible values for
mode are:
- aslr
- Control the Address Space Layout Randomization. Only applicable to the new
process spawned.
- trace
- Control the permission for debuggers to attach. Note that process is only
allowed to enable tracing for itself, not for any other process.
- trapcap
- Controls the signalling of capability mode access violations.
- protmax
- Controls the implicit PROT_MAX application for
mmap(2).
- nonewprivs
- Controls disabling the setuid and sgid bits for
execve(2).
- wxmap
- Controls the write exclusive execute mode for mappings.
- kpti
- Controls the KPTI enable, AMD64 only.
- la48
- Control limiting usermode process address space to 48 bits of address,
AMD64 only, on machines capable of 57-bit addressing.
The control specifies if the selected
mode should be enabled or disabled. Possible values
are enable and disable, with the
default value being enable if not specified. See
procctl(2)
for detailed description of each mode effects and interaction with other
process control facilities.
The -q
switch makes the utility query and
print the current setting for the selected mode. The
-q
requires the query target process specification
with -p
.
The proccontrol
utility exits 0 on success,
and >0 if an error occurs.
- To disable debuggers attachment to the process 1020, execute
proccontrol -m trace -s disable
-p 1020
- To execute the
uniq(1)
program in a mode where capability access violations cause
SIGTRAP
delivery, do
proccontrol -m trapcap
uniq
- To query the current ASLR enablement mode for the running process 1020, do
proccontrol -m aslr -q -p
1020
The proccontrol
command appeared in
FreeBSD 10.0.
The proccontrol
command and this manual page were
written by Konstantin Belousov
<kib@freebsd.org> under
sponsorship from The FreeBSD Foundation.