diff options
author | Adam Wolk <a.wolk@fudosecurity.com> | 2022-04-11 22:23:43 +0000 |
---|---|---|
committer | Daniel Ebdrup Jensen <debdrup@FreeBSD.org> | 2022-04-11 22:23:43 +0000 |
commit | c8b6be0f7d1b92d11b279761685f61f6702700a1 (patch) | |
tree | b5fbb2ddcb87e8bacec5cacb043fe24978a25b6e /usr.bin | |
parent | 673bce11cedde3cc33c154d2b8e2d41139dcef72 (diff) | |
download | src-c8b6be0f7d1b92d11b279761685f61f6702700a1.tar.gz src-c8b6be0f7d1b92d11b279761685f61f6702700a1.zip |
protect.1: document existence of _oomprotect
Improve discoverability of the functionality by mentioning in the
userland tool manual. Add a SEE ALSO entry to rc.conf(5) where more
details are provided.
Sponsored by: Fudo Security (a.wolk)
Differential Revision: https://reviews.freebsd.org/D30334
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/protect/protect.1 | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/usr.bin/protect/protect.1 b/usr.bin/protect/protect.1 index b9be4afe04b8..d27a8898dad5 100644 --- a/usr.bin/protect/protect.1 +++ b/usr.bin/protect/protect.1 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 19, 2013 +.Dd May 18, 2021 .Dt PROTECT 1 .Os .Sh NAME @@ -68,6 +68,11 @@ Note that only one of the or .Fl g flags may be specified when adjusting the state of existing processes. +.Pp +Daemons can be protected on startup using +.Ao Ar name Ac Ns Va _oomprotect +option from +.Xr rc.conf 5 . .Sh EXIT STATUS .Ex -std .Sh EXAMPLES @@ -82,8 +87,31 @@ Protect all ssh sessions and their child processes: Remove protection from all current and future processes: .Pp .Dl "protect -cdi -p 1" +.Pp +Using +.Xr ps 1 +to check if the protect flag has been applied to the process: +.Pp +.Dl "ps -O flags,flags2 -p 64430" +.Pp +.Dl " PID F F2 TT STAT TIME COMMAND" +.Dl "64430 10104002 00000001 5 S+ 0:00.00 ./main" +.Dl " ^P ^PI" +.Pp +In the above example +.Nm P +points at the protected flag and +.Nm PI +points at the iheritance flag. +The process is protected if +.Nm P +bit is set to 1. All children of this process will also be protected if +.Nm PI +bit is set to 1. .Sh SEE ALSO -.Xr procctl 2 +.Xr ps 1 , +.Xr procctl 2 , +.Xr rc.conf 5 .Sh BUGS If you protect a runaway process that allocates all memory the system will deadlock. |