summaryrefslogtreecommitdiff
path: root/share/man/man4
diff options
context:
space:
mode:
Diffstat (limited to 'share/man/man4')
-rw-r--r--share/man/man4/systrace.451
1 files changed, 47 insertions, 4 deletions
diff --git a/share/man/man4/systrace.4 b/share/man/man4/systrace.4
index feac52ca9af..d76d161789d 100644
--- a/share/man/man4/systrace.4
+++ b/share/man/man4/systrace.4
@@ -1,4 +1,4 @@
-.\" $OpenBSD: systrace.4,v 1.10 2004/03/22 20:31:36 miod Exp $
+.\" $OpenBSD: systrace.4,v 1.11 2004/10/04 08:56:51 marius Exp $
.\"
.\" Copyright (c) 2002, 2003 CubeSoft Communications, Inc.
.\" All rights reserved.
@@ -72,12 +72,17 @@ struct str_message {
#define SYSTR_MSG_RES 2
#define SYSTR_MSG_EMUL 3
#define SYSTR_MSG_CHILD 4
+#define SYSTR_MSG_UGID 5
+#define SYSTR_MSG_POLICYFREE 6
+#define SYSTR_MSG_EXECVE 7
pid_t msg_pid;
short msg_policy;
union {
struct str_msg_emul msg_emul;
+ struct str_msg_ugid msg_ugid;
struct str_msg_ask msg_ask;
struct str_msg_child msg_child;
+ struct str_msg_execve msg_execve;
} msg_data;
};
@@ -85,6 +90,15 @@ struct str_msg_emul {
char emul[SYSTR_EMULEN];
};
+struct str_msg_ugid {
+ uid_t uid;
+ gid_t gid;
+};
+
+struct str_msg_execve {
+ char path[MAXPATHLEN];
+};
+
struct str_msg_ask {
int code;
int argsize;
@@ -97,6 +111,35 @@ struct str_msg_child {
pid_t new_pid;
};
.Ed
+These messages are all to the userland control process.
+.Bl -tag -width SYSTR_MSG_XXXXXXXXXX
+.It SYSTR_MSG_ASK
+This message is sent whenever the kernel does not have a cached
+simple policy for system call number
+.Va code
+within the currently set emulation.
+.It SYSTR_MSG_RES
+This message is sent whenever a system call is flagged with
+SYSTR_FLAGS_RESULT.
+.It SYSTR_MSG_EMUL
+This message is sent whenever the emulation of a process changes.
+.It SYSTR_MSG_CHILD
+This message is sent whenever a process gains a child.
+.It SYSTR_MSG_UGID
+This message is sent whenever the effective UID or GID has changed
+during the execution of a system call.
+.It SYSTR_MSG_POLICYFREE
+This is sent whenever the kernel frees the policy identified by
+.Va msg_policy .
+.It SYSTR_MSG_EXECVE
+This message is sent whenever, before a call to
+.Xr execve 2
+a process is privileged (technically, the process has the P_SUGID or
+P_SUGIDEXEC flag set), but after the call, these priveliges have been
+dropped. The new image name is specified in the
+.Va path
+argument.
+.El
.Sh IOCTL INTERFACE
.Nm
supports the following
@@ -139,10 +182,10 @@ what to do with a system call that was assigned a policy of
.Dv SYSTR_POLICY_ASK .
.Bd -literal
struct systrace_answer {
- pid_t stra_pid; /* PID of process being traced */
+ pid_t stra_pid; /* PID of process being traced */
int stra_policy; /* Policy to assign */
- int stra_error; /* Return value of denied syscall
- (will return EPERM if zero) */
+ int stra_error; /* Return value of denied syscall
+ (will return EPERM if zero) */
int stra_flags;
#define SYSTR_FLAGS_RESULT 0x0001 /* Report syscall result */
};