-.\" $OpenBSD: pledge.2,v 1.42 2017/05/30 16:46:04 deraadt Exp $
+.\" $OpenBSD: pledge.2,v 1.43 2017/06/07 20:53:59 bluhm Exp $
.\"
.\" Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
.\"
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: May 30 2017 $
+.Dd $Mdocdate: June 7 2017 $
.Dt PLEDGE 2
.Os
.Sh NAME
A process which attempts a restricted operation is killed with an uncatchable
.Dv SIGABRT ,
delivering a core file if possible.
+A process currently running with pledge has state
+.Sq p
+in
+.Xr ps 1
+output; a process that was terminated due to a pledge violation
+is accounted by
+.Xr lastcomm 1
+with the
+.Sq P
+flag.
.Pp
A
.Fa promises
-/* $OpenBSD: kern_pledge.c,v 1.211 2017/06/03 04:34:41 tb Exp $ */
+/* $OpenBSD: kern_pledge.c,v 1.212 2017/06/07 20:53:59 bluhm Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
#include <sys/mman.h>
#include <sys/sysctl.h>
#include <sys/ktrace.h>
+#include <sys/acct.h>
#include <sys/ioctl.h>
#include <sys/termios.h>
}
printf("%s(%d): syscall %d \"%s\"\n", p->p_p->ps_comm, p->p_p->ps_pid,
p->p_pledge_syscall, codes);
+ p->p_p->ps_acflag |= APLEDGE;
#ifdef KTRACE
if (KTRPOINT(p, KTR_PLEDGE))
ktrpledge(p, error, code, p->p_pledge_syscall);
-/* $OpenBSD: acct.h,v 1.5 2012/07/16 15:20:38 deraadt Exp $ */
+/* $OpenBSD: acct.h,v 1.6 2017/06/07 20:53:59 bluhm Exp $ */
/* $NetBSD: acct.h,v 1.16 1995/03/26 20:23:52 jtc Exp $ */
/*-
#define ACOMPAT 0x04 /* used compatibility mode */
#define ACORE 0x08 /* dumped core */
#define AXSIG 0x10 /* killed by a signal */
+#define APLEDGE 0x20 /* killed due to pledge violation */
u_int8_t ac_flag; /* accounting flags */
};
-.\" $OpenBSD: lastcomm.1,v 1.16 2007/05/31 19:20:11 jmc Exp $
+.\" $OpenBSD: lastcomm.1,v 1.17 2017/06/07 20:53:59 bluhm Exp $
.\" $NetBSD: lastcomm.1,v 1.5 1995/10/22 01:43:41 ghudson Exp $
.\"
.\" Copyright (c) 1980, 1990, 1993
.\"
.\" @(#)lastcomm.1 8.1 (Berkeley) 6/6/93
.\"
-.Dd $Mdocdate: May 31 2007 $
+.Dd $Mdocdate: June 7 2017 $
.Dt LASTCOMM 1
.Os
.Sh NAME
.Sq D
indicates the command terminated with the generation of a
.Pa core
-file, and
+file,
.Sq X
-indicates the command was terminated with a signal.
+indicates the command was terminated with a signal, and
+.Sq P
+indicates the command was terminated due to a
+.Xr pledge 2
+violation.
.Sh FILES
.Bl -tag -width /var/account/acct -compact
.It Pa /var/account/acct
-/* $OpenBSD: lastcomm.c,v 1.24 2017/03/11 18:33:21 guenther Exp $ */
+/* $OpenBSD: lastcomm.c,v 1.25 2017/06/07 20:53:59 bluhm Exp $ */
/* $NetBSD: lastcomm.c,v 1.9 1995/10/22 01:43:42 ghudson Exp $ */
/*
BIT(ACOMPAT, 'C');
BIT(ACORE, 'D');
BIT(AXSIG, 'X');
+ BIT(APLEDGE, 'P');
*p = '\0';
return (flags);
}
projects / openbsd / commitdiff