Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Jul 2022 23:57:53 GMT
From:      Mateusz Piotrowski <0mp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: f91f4cc4f374 - stable/12 - protect.1: Document that protect(1) does not work in jails
Message-ID:  <202207212357.26LNvrCT035425@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/12 has been updated by 0mp (doc, ports committer):

URL: https://cgit.FreeBSD.org/src/commit/?id=f91f4cc4f374c46d57ccf47d3e916d4818ad96fb

commit f91f4cc4f374c46d57ccf47d3e916d4818ad96fb
Author:     Mateusz Piotrowski <0mp@FreeBSD.org>
AuthorDate: 2022-07-11 22:43:27 +0000
Commit:     Mateusz Piotrowski <0mp@FreeBSD.org>
CommitDate: 2022-07-21 23:56:59 +0000

    protect.1: Document that protect(1) does not work in jails
    
    The reason is that in order to protect a process procctl(2) needs
    the PRIV_VM_MADV_PROTECT privilege, which is currently denied in jails
    (see kern_jail.c).
    
    MFC after:      1 week
    
    (cherry picked from commit 6452fb1e87ed9d00b52fa1e63e7c3a7516c9586c)
---
 usr.bin/protect/protect.1 | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/usr.bin/protect/protect.1 b/usr.bin/protect/protect.1
index 87a8169b1885..f67a8d9b59ea 100644
--- a/usr.bin/protect/protect.1
+++ b/usr.bin/protect/protect.1
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 7, 2022
+.Dd July 12, 2022
 .Dt PROTECT 1
 .Os
 .Sh NAME
@@ -112,6 +112,24 @@ bit is set to 1.
 All children of this process will also be protected if
 .Nm PI
 bit is set to 1.
+.Sh DIAGNOSTICS
+.Bl -diag
+.It "protect: procctl: Operation not permitted"
+The
+.Nm
+command does not have the required permissions to protect selected processes.
+There are many reasons why this could be the case, e.g.:
+.Bl -dash
+.It
+.Nm
+is not executed by root.
+.It
+.Nm
+is executed inside a
+.Xr jail 8 ,
+which is not supported at the moment.
+.El
+.El
 .Sh SEE ALSO
 .Xr ps 1 ,
 .Xr procctl 2 ,

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202207212357.26LNvrCT035425>