Update manpage for pledge()

[priv_wrapper.git] / doc / priv_wrapper.1

'\" t
.\"     Title: priv_wrapper
.\"    Author: Samba Team
.\" Generator: Asciidoctor 2.0.17
.\"      Date: 2022-09-14
.\"    Manual: \ \&
.\"    Source: \ \&
.\"  Language: English
.\"
.TH "PRIV_WRAPPER" "1" "2022-09-14" "\ \&" "\ \&"
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.ss \n[.ss] 0
.nh
.ad l
.de URL
\fI\\$2\fP <\\$1>\\$3
..
.als MTO URL
.if \n[.g] \{\
.  mso www.tmac
.  am URL
.    ad l
.  .
.  am MTO
.    ad l
.  .
.  LINKSTYLE blue R < >
.\}
.SH "NAME"
priv_wrapper \- A library to disable resource limits and other priviledge dropping.
.SH "SYNOPSIS"
.sp
LD_PRELOAD=libpriv_wrapper.so PRIV_WRAPPER=1 [PRIV_WRAPPER_CHROOT_DISABLE=1] [PRIV_WRAPPER_PRCTL_DISABLE=<options>] [PRIV_WRAPPER_SETRLIMIT_DISABLE=<options>]
.SH "DESCRIPTION"
.sp
priv_wrapper aims to help running processes which are dropping privileges or are
restricting resources in test environments.
It can disable chroot, prctl, pledge and setrlmit system calls. A disabled call always
succeeds (i.e. returns 0) and does nothing.
The system call pledge exists only on OpenBSD.
.SH "ENVIRONMENT VARIABLES"
.sp
\fBPRIV_WRAPPER\fP
.RS 4
This variable activates priv_wrapper when set to \fI1\fP.
.RE
.sp
\fBPRIV_WRAPPER_DISABLE_DEEPBIND\fP
.RS 4
This allows you to disable deep binding in priv_wrapper.
This is useful for running valgrind tools or sanitizers like (address, undefined, thread).
.RE
.sp
\fBPRIV_WRAPPER_CHROOT_DISABLE\fP
.RS 4
If this is set to \fI1\fP then chroot() system call will be disabled.
.RE
.sp
\fBPRIV_WRAPPER_PRCTL_DISABLE\fP
.RS 4
prctl calls can be disabled using this environment variable. You can either disable all
calls using PRIV_WRAPPER_PRCTL_DISABLE=ALL or special options using e.g.
PRIV_WRAPPER_PRCTL_DISABLE=PR_SET_SECCOMP|PR_SET_NO_NEW_PRIVS
.RE
.sp
Supported options are:
.sp
PR_SET_SECCOMP
PR_SET_NO_NEW_PRIVS
PR_SET_DUMPABLE
.sp
\fBPRIV_WRAPPER_SETRLIMIT_DISABLE\fP
.RS 4
Either all resource limits can be disabled using PRIV_WRAPPER_SETRLIMIT_DISABLE=ALL or
you can pick specific resources using e.g:
.RE
.sp
PRIV_WRAPPER_SETRLIMIT_DISABLE=RLIMIT_STACK|RLIMIT_CORE
.sp
Supported options are:
.sp
RLIMIT_CPU
RLIMIT_FSIZE
RLIMIT_DATA
RLIMIT_STACK
RLIMIT_CORE
RLIMIT_RSS
RLIMIT_NOFILE
RLIMIT_AS
RLIMIT_NPROC
RLIMIT_MEMLOCK
RLIMIT_LOCKS
RLIMIT_SIGPENDING
RLIMIT_MSGQUEUE
RLIMIT_NICE
RLIMIT_RTPRIO
RLIMIT_RTTIME
RLIMIT_NLIMITS
.sp
\fBPRIV_WRAPPER_PLEDGE_DISABLE\fP
.RS 4
If this is set to \fI1\fP then pledge() system call will be disabled.
.RE
.sp
\fBPRIV_WRAPPER_DEBUGLEVEL\fP
.RS 4
If you need to see what is going on in priv_wrapper itself or try to find a
bug, you can enable logging support in priv_wrapper if you built it with
debug symbols.
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
0 = ERROR
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
1 = WARNING
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
2 = DEBUG
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
3 = TRACE
.RE
.RE
.SH "EXAMPLE"
.sp
LD_PRELOAD=libpriv_wrapper.so PRIV_WRAPPER=1 PRIV_WRAPPER_PRCTL_DISABLE="PR_SET_SECCOMP|PR_SET_NO_NEW_PRIVS"
.sp
LD_PRELOAD=libpriv_wrapper.so PRIV_WRAPPER=1 PRIV_WRAPPER_CHROOT_DISABLE=1 PRIV_WRAPPER_PRCTL_DISABLE=ALL PRIV_WRAPPER_SETRLIMIT_DISABLE="RLIMIT_CPU|RLIMIT_DATA|RLIMIT_NLIMITS"
.SH "AUTHOR"
.sp
Samba Team