Memory-Deny-Write-Execute is a W^X process control originally introduced by Joey Gouly. I'm the author of the PR_MDWE_NO_INHERIT flag. Signed-off-by: Florent Revest <revest@xxxxxxxxxxxx> --- man2/prctl.2 | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/man2/prctl.2 b/man2/prctl.2 index d845b0905..67e6e2ff0 100644 --- a/man2/prctl.2 +++ b/man2/prctl.2 @@ -2041,6 +2041,33 @@ the copy will be truncated. Return (as the function result) the full length of the auxiliary vector. \fIarg4\fP and \fIarg5\fP must be 0. +.TP +.BR PR_SET_MDWE " (since Linux 6.3)" +.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61 +Set the process' Memory-Deny-Write-Execute protection mask. +.IR arg2 +must be a bitmask of: +.RS +.\" +.TP +.B PR_MDWE_REFUSE_EXEC_GAIN +New memory mapping protections can't be writable and executable. Non-executable +mappings can't become executable. +.TP +.B PR_MDWE_NO_INHERIT " (since Linux 6.6)" +.\" commit 2a87e5520554034e8c423479740f95bea4a086a0 +Do not propagate MDWE protection to child processes on +.BR fork (2). +.TP +Once protection bits are set, they can not be changed. +.RE +.TP +.BR PR_GET_MDWE " (since Linux 6.3)" +.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61 +Return (as the function result) the Memory-Deny-Write-Execute protection mask. +(See +.B PR_SET_MDWE +for information on the protection mask bits.) .SH RETURN VALUE On success, .BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET , -- 2.42.0.582.g8ccd20d70d-goog
