Date: Thu, 21 Jul 2022 23:57:46 GMT From: Mateusz Piotrowski <0mp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 16a44c124272 - stable/13 - protect.1: document existence of _oomprotect Message-ID: <202207212357.26LNvksC035107@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by 0mp (doc, ports committer): URL: https://cgit.FreeBSD.org/src/commit/?id=16a44c124272d3d42ca0821eca31cd79068da71b commit 16a44c124272d3d42ca0821eca31cd79068da71b Author: Adam Wolk <a.wolk@fudosecurity.com> AuthorDate: 2022-04-11 22:23:43 +0000 Commit: Mateusz Piotrowski <0mp@FreeBSD.org> CommitDate: 2022-07-21 23:56:27 +0000 protect.1: document existence of _oomprotect Improve discoverability of the functionality by mentioning in the userland tool manual. Add a SEE ALSO entry to rc.conf(5) where more details are provided. Sponsored by: Fudo Security (a.wolk) Differential Revision: https://reviews.freebsd.org/D30334 (cherry picked from commit c8b6be0f7d1b92d11b279761685f61f6702700a1) --- usr.bin/protect/protect.1 | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/usr.bin/protect/protect.1 b/usr.bin/protect/protect.1 index b9be4afe04b8..d27a8898dad5 100644 --- a/usr.bin/protect/protect.1 +++ b/usr.bin/protect/protect.1 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 19, 2013 +.Dd May 18, 2021 .Dt PROTECT 1 .Os .Sh NAME @@ -68,6 +68,11 @@ Note that only one of the or .Fl g flags may be specified when adjusting the state of existing processes. +.Pp +Daemons can be protected on startup using +.Ao Ar name Ac Ns Va _oomprotect +option from +.Xr rc.conf 5 . .Sh EXIT STATUS .Ex -std .Sh EXAMPLES @@ -82,8 +87,31 @@ Protect all ssh sessions and their child processes: Remove protection from all current and future processes: .Pp .Dl "protect -cdi -p 1" +.Pp +Using +.Xr ps 1 +to check if the protect flag has been applied to the process: +.Pp +.Dl "ps -O flags,flags2 -p 64430" +.Pp +.Dl " PID F F2 TT STAT TIME COMMAND" +.Dl "64430 10104002 00000001 5 S+ 0:00.00 ./main" +.Dl " ^P ^PI" +.Pp +In the above example +.Nm P +points at the protected flag and +.Nm PI +points at the iheritance flag. +The process is protected if +.Nm P +bit is set to 1. All children of this process will also be protected if +.Nm PI +bit is set to 1. .Sh SEE ALSO -.Xr procctl 2 +.Xr ps 1 , +.Xr procctl 2 , +.Xr rc.conf 5 .Sh BUGS If you protect a runaway process that allocates all memory the system will deadlock.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202207212357.26LNvksC035107>