Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 21 Jul 2022 23:57:46 GMT
From:      Mateusz Piotrowski <0mp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 16a44c124272 - stable/13 - protect.1: document existence of _oomprotect
Message-ID:  <202207212357.26LNvksC035107@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by 0mp (doc, ports committer):

URL: https://cgit.FreeBSD.org/src/commit/?id=16a44c124272d3d42ca0821eca31cd79068da71b

commit 16a44c124272d3d42ca0821eca31cd79068da71b
Author:     Adam Wolk <a.wolk@fudosecurity.com>
AuthorDate: 2022-04-11 22:23:43 +0000
Commit:     Mateusz Piotrowski <0mp@FreeBSD.org>
CommitDate: 2022-07-21 23:56:27 +0000

    protect.1: document existence of _oomprotect
    
    Improve discoverability of the functionality by mentioning in the
    userland tool manual. Add a SEE ALSO entry to rc.conf(5) where more
    details are provided.
    
    Sponsored by:   Fudo Security (a.wolk)
    Differential Revision:  https://reviews.freebsd.org/D30334
    
    (cherry picked from commit c8b6be0f7d1b92d11b279761685f61f6702700a1)
---
 usr.bin/protect/protect.1 | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/usr.bin/protect/protect.1 b/usr.bin/protect/protect.1
index b9be4afe04b8..d27a8898dad5 100644
--- a/usr.bin/protect/protect.1
+++ b/usr.bin/protect/protect.1
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd September 19, 2013
+.Dd May 18, 2021
 .Dt PROTECT 1
 .Os
 .Sh NAME
@@ -68,6 +68,11 @@ Note that only one of the
 or
 .Fl g
 flags may be specified when adjusting the state of existing processes.
+.Pp
+Daemons can be protected on startup using
+.Ao Ar name Ac Ns Va _oomprotect
+option from
+.Xr rc.conf 5 .
 .Sh EXIT STATUS
 .Ex -std
 .Sh EXAMPLES
@@ -82,8 +87,31 @@ Protect all ssh sessions and their child processes:
 Remove protection from all current and future processes:
 .Pp
 .Dl "protect -cdi -p 1"
+.Pp
+Using
+.Xr ps 1
+to check if the protect flag has been applied to the process:
+.Pp
+.Dl "ps -O flags,flags2 -p 64430"
+.Pp
+.Dl " PID        F       F2 TT  STAT    TIME COMMAND"
+.Dl "64430 10104002 00000001  5  S+   0:00.00 ./main"
+.Dl "        ^P            ^PI"
+.Pp
+In the above example
+.Nm P
+points at the protected flag and
+.Nm PI
+points at the iheritance flag.
+The process is protected if
+.Nm P
+bit is set to 1. All children of this process will also be protected if
+.Nm PI
+bit is set to 1.
 .Sh SEE ALSO
-.Xr procctl 2
+.Xr ps 1 ,
+.Xr procctl 2 ,
+.Xr rc.conf 5
 .Sh BUGS
 If you protect a runaway process that allocates all memory the system will
 deadlock.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202207212357.26LNvksC035107>