1PRCTL(2) Linux Programmer's Manual PRCTL(2)
2
6 prctl - operations on a process
7
9 #include <sys/prctl.h>
10 int prctl(int option, unsigned long arg2, unsigned long arg3,
12 unsigned long arg4, unsigned long arg5);
13
15 prctl() is called with a first argument describing what to do (with
16 values defined in <linux/prctl.h>), and further arguments with a sig‐
17 nificance depending on the first one. The first argument can be:
18 PR_CAPBSET_READ (since Linux 2.6.25)
20 Return (as the function result) 1 if the capability specified in
21 arg2 is in the calling thread's capability bounding set, or 0 if
22 it is not. (The capability constants are defined in
23 <linux/capability.h>.) The capability bounding set dictates
24 whether the process can receive the capability through a file's
25 permitted capability set on a subsequent call to execve(2).
26 If the capability specified in arg2 is not valid, then the call
28 fails with the error EINVAL.
29 PR_CAPBSET_DROP (since Linux 2.6.25)
31 If the calling thread has the CAP_SETPCAP capability, then drop
32 the capability specified by arg2 from the calling thread's capa‐
33 bility bounding set. Any children of the calling thread will
34 inherit the newly reduced bounding set.
35 The call fails with the error: EPERM if the calling thread does
37 not have the CAP_SETPCAP; EINVAL if arg2 does not represent a
38 valid capability; or EINVAL if file capabilities are not enabled
39 in the kernel, in which case bounding sets are not supported.
40 PR_SET_DUMPABLE (since Linux 2.3.20)
42 Set the state of the flag determining whether core dumps are
43 produced for this process upon delivery of a signal whose
44 default behavior is to produce a core dump. (Normally this flag
45 is set for a process by default, but it is cleared when a set-
46 user-ID or set-group-ID program is executed and also by various
47 system calls that manipulate process UIDs and GIDs). In kernels
48 up to and including 2.6.12, arg2 must be either 0 (process is
49 not dumpable) or 1 (process is dumpable). Between kernels
50 2.6.13 and 2.6.17, the value 2 was also permitted, which caused
51 any binary which normally would not be dumped to be dumped read‐
52 able by root only; for security reasons, this feature has been
53 removed. (See also the description of
54 /proc/sys/fs/suid_dumpable in proc(5).)
55 PR_GET_DUMPABLE (since Linux 2.3.20)
57 Return (as the function result) the current state of the calling
58 process's dumpable flag.
59 PR_SET_ENDIAN (since Linux 2.6.18, PowerPC only)
61 Set the endian-ness of the calling process to the value given in
62 arg2, which should be one of the following: PR_ENDIAN_BIG,
63 PR_ENDIAN_LITTLE, or PR_ENDIAN_PPC_LITTLE (PowerPC pseudo little
64 endian).
65 PR_GET_ENDIAN (since Linux 2.6.18, PowerPC only)
67 Return the endian-ness of the calling process, in the location
68 pointed to by (int *) arg2.
69 PR_SET_FPEMU (since Linux 2.4.18, 2.5.9, only on ia64)
71 Set floating-point emulation control bits to arg2. Pass
72 PR_FPEMU_NOPRINT to silently emulate fp operations accesses, or
73 PR_FPEMU_SIGFPE to not emulate fp operations and send SIGFPE
74 instead.
75 PR_GET_FPEMU (since Linux 2.4.18, 2.5.9, only on ia64)
77 Return floating-point emulation control bits, in the location
78 pointed to by (int *) arg2.
79 PR_SET_FPEXC (since Linux 2.4.21, 2.5.32, only on PowerPC)
81 Set floating-point exception mode to arg2. Pass
82 PR_FP_EXC_SW_ENABLE to use FPEXC for FP exception enables,
83 PR_FP_EXC_DIV for floating-point divide by zero, PR_FP_EXC_OVF
84 for floating-point overflow, PR_FP_EXC_UND for floating-point
85 underflow, PR_FP_EXC_RES for floating-point inexact result,
86 PR_FP_EXC_INV for floating-point invalid operation,
87 PR_FP_EXC_DISABLED for FP exceptions disabled, PR_FP_EXC_NONRE‐
88 COV for async nonrecoverable exception mode, PR_FP_EXC_ASYNC for
89 async recoverable exception mode, PR_FP_EXC_PRECISE for precise
90 exception mode.
91 PR_GET_FPEXC (since Linux 2.4.21, 2.5.32, only on PowerPC)
93 Return floating-point exception mode, in the location pointed to
94 by (int *) arg2.
95 PR_SET_KEEPCAPS (since Linux 2.2.18)
97 Set the state of the thread's "keep capabilities" flag, which
98 determines whether the threads's permitted capability set is
99 cleared when a change is made to the threads's user IDs such
100 that the threads's real UID, effective UID, and saved set-user-
101 ID all become nonzero when at least one of them previously had
102 the value 0. By default, the permitted capability set is
103 cleared when such a change is made; setting the "keep capabili‐
104 ties" flag prevents it from being cleared. arg2 must be either
105 0 (permitted capabilities are cleared) or 1 (permitted capabili‐
106 ties are kept). (A thread's effective capability set is always
107 cleared when such a credential change is made, regardless of the
108 setting of the "keep capabilities" flag.) The "keep capabili‐
109 ties" value will be reset to 0 on subsequent calls to execve(2).
110 PR_GET_KEEPCAPS (since Linux 2.2.18)
112 Return (as the function result) the current state of the calling
113 threads's "keep capabilities" flag.
114 PR_SET_NAME (since Linux 2.6.9)
116 Set the process name for the calling process, using the value in
117 the location pointed to by (char *) arg2. The name can be up to
118 16 bytes long, and should be null-terminated if it contains
119 fewer bytes.
120 PR_GET_NAME (since Linux 2.6.11)
122 Return the process name for the calling process, in the buffer
123 pointed to by (char *) arg2. The buffer should allow space for
124 up to 16 bytes; the returned string will be null-terminated if
125 it is shorter than that.
126 PR_SET_PDEATHSIG (since Linux 2.1.57)
128 Set the parent process death signal of the calling process to
129 arg2 (either a signal value in the range 1..maxsig, or 0 to
130 clear). This is the signal that the calling process will get
131 when its parent dies. This value is cleared for the child of a
132 fork(2).
133 PR_GET_PDEATHSIG (since Linux 2.3.15)
135 Return the current value of the parent process death signal, in
136 the location pointed to by (int *) arg2.
137 PR_SET_SECCOMP (since Linux 2.6.23)
139 Set the secure computing mode for the calling thread. In the
140 current implementation, arg2 must be 1. After the secure com‐
141 puting mode has been set to 1, the only system calls that the
142 thread is permitted to make are read(2), write(2), _exit(2), and
143 sigreturn(2). Other system calls result in the delivery of a
144 SIGKILL signal. Secure computing mode is useful for number-
145 crunching applications that may need to execute untrusted byte
146 code, perhaps obtained by reading from a pipe or socket. This
147 operation is only available if the kernel is configured with
148 CONFIG_SECCOMP enabled.
149 PR_GET_SECCOMP (since Linux 2.6.23)
151 Return the secure computing mode of the calling thread. Not
152 very useful for the current implementation (mode equals 1), but
153 may be useful for other possible future modes: if the caller is
154 not in secure computing mode, this operation returns 0; if the
155 caller is in secure computing mode, then the prctl() call will
156 cause a SIGKILL signal to be sent to the process. This opera‐
157 tion is only available if the kernel is configured with CON‐
158 FIG_SECCOMP enabled.
159 PR_SET_SECUREBITS (since Linux 2.6.26)
161 Set the "securebits" flags of the calling thread to the value
162 supplied in arg2. See capabilities(7).
163 PR_GET_SECUREBITS (since Linux 2.6.26)
165 Return (as the function result) the "securebits" flags of the
166 calling thread. See capabilities(7).
167 PR_SET_TIMING (since Linux 2.6.0-test4)
169 Set whether to use (normal, traditional) statistical process
170 timing or accurate timestamp based process timing, by passing
171 PR_TIMING_STATISTICAL or PR_TIMING_TIMESTAMP to arg2. PR_TIM‐
172 ING_TIMESTAMP is not currently implemented (attempting to set
173 this mode will yield the error EINVAL).
174 PR_GET_TIMING (since Linux 2.6.0-test4)
176 Return (as the function result) which process timing method is
177 currently in use.
178 PR_SET_TSC (since Linux 2.6.26, x86 only)
180 Set the state of the flag determining whether the timestamp
181 counter can be read by the process. Pass PR_TSC_ENABLE to arg2
182 to allow it to be read, or PR_TSC_SIGSEGV to generate a SIGSEGV
183 when the process tries to read the timestamp counter.
184 PR_GET_TSC (since Linux 2.6.26, x86 only)
186 Return the state of the flag determining whether the timestamp
187 counter can be read, in the location pointed to by (int *) arg2.
188 PR_SET_UNALIGN
190 (Only on: ia64, since Linux 2.3.48; parisc, since Linux 2.6.15;
191 PowerPC, since Linux 2.6.18; Alpha, since Linux 2.6.22) Set
192 unaligned access control bits to arg2. Pass PR_UNALIGN_NOPRINT
193 to silently fix up unaligned user accesses, or PR_UNALIGN_SIGBUS
194 to generate SIGBUS on unaligned user access.
195 PR_GET_UNALIGN
197 (see PR_SET_UNALIGN for information on versions and architec‐
198 tures) Return unaligned access control bits, in the location
199 pointed to by (int *) arg2.
200 PR_MCE_KILL (since Linux 2.6.32)
202 Set the machine check memory corruption kill policy for the cur‐
203 rent thread. If arg2 is PR_MCE_KILL_CLEAR, clear the thread
204 memory corruption kill policy and use the system-wide default.
205 (The system-wide default is defined by /proc/sys/vm/memory_fail‐
206 ure_early_kill; see proc(5).) If arg2 is PR_MCE_KILL_SET, use a
207 thread-specific memory corruption kill policy. In this case,
208 arg3 defines whether the policy is early kill
209 (PR_MCE_KILL_EARLY), late kill (PR_MCE_KILL_LATE), or the sys‐
210 tem-wide default (PR_MCE_KILL_DEFAULT). Early kill means that
211 the task receives a SIGBUS signal as soon as hardware memory
212 corruption is detected inside its address space. In late kill
213 mode, the process is only killed when it accesses a corrupted
214 page. See sigaction(2) for more information on the SIGBUS sig‐
215 nal. The policy is inherited by children. The remaining unused
216 prctl() arguments must be zero for future compatibility.
217 PR_MCE_KILL_GET (since Linux 2.6.32)
219 Return the current per-process machine check kill policy. All
220 unused prctl() arguments must be zero.
221
223 On success, PR_GET_DUMPABLE, PR_GET_KEEPCAPS, PR_CAPBSET_READ,
224 PR_GET_TIMING, PR_GET_SECUREBITS, PR_MCE_KILL_GET, and (if it returns)
225 PR_GET_SECCOMP return the nonnegative values described above. All
226 other option values return 0 on success. On error, -1 is returned, and
227 errno is set appropriately.
228
230 EFAULT arg2 is an invalid address.
231 EINVAL The value of option is not recognized.
233 EINVAL option is PR_MCE_KILL or PR_MCE_KILL_GET, and unused prctl()
235 arguments were not specified as zero.
236 EINVAL arg2 is not valid value for this option.
238 EINVAL option is PR_SET_SECCOMP or PR_SET_SECCOMP, and the kernel was
240 not configured with CONFIG_SECCOMP.
241 EPERM option is PR_SET_SECUREBITS, and the caller does not have the
243 CAP_SETPCAP capability, or tried to unset a "locked" flag, or
244 tried to set a flag whose corresponding locked flag was set (see
245 capabilities(7)).
246 EPERM option is PR_SET_KEEPCAPS, and the callers's
248 SECURE_KEEP_CAPS_LOCKED flag is set (see capabilities(7)).
249 EPERM option is PR_CAPBSET_DROP, and the caller does not have the
251 CAP_SETPCAP capability.
252
254 The prctl() system call was introduced in Linux 2.1.57.
255
257 This call is Linux-specific. IRIX has a prctl() system call (also
258 introduced in Linux 2.1.44 as irix_prctl on the MIPS architecture),
259 with prototype
260 ptrdiff_t prctl(int option, int arg2, int arg3);
262 and options to get the maximum number of processes per user, get the
264 maximum number of processors the calling process can use, find out
265 whether a specified process is currently blocked, get or set the maxi‐
266 mum stack size, etc.
267
269 signal(2), core(5)
270
272 This page is part of release 3.25 of the Linux man-pages project. A
273 description of the project, and information about reporting bugs, can
274 be found at http://www.kernel.org/doc/man-pages/.
275Linux 2010-05-13 PRCTL(2)