protect.1: Document that protect(1) does not work in jails

The reason is that in order to protect a process procctl(2) needs the PRIV_VM_MADV_PROTECT privilege, which is currently denied in jails (see kern_jail.c). MFC after: 1 week
2024-07-21 18:27:22 +00:00 · 2022-07-12 00:43:27 +02:00 · 2022-07-12 00:43:27 +02:00 · 6452fb1e87
parent 16899291de
commit 6452fb1e87
1 changed files with 19 additions and 1 deletions
--- a/usr.bin/protect/protect.1
+++ b/usr.bin/protect/protect.1
@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 7, 2022
+.Dd July 12, 2022
 .Dt PROTECT 1
 .Os
 .Sh NAME
@ -112,6 +112,24 @@ bit is set to 1.
 All children of this process will also be protected if
 .Nm PI
 bit is set to 1.
+.Sh DIAGNOSTICS
+.Bl -diag
+.It "protect: procctl: Operation not permitted"
+The
+.Nm
+command does not have the required permissions to protect selected processes.
+There are many reasons why this could be the case, e.g.:
+.Bl -dash
+.It
+.Nm
+is not executed by root.
+.It
+.Nm
+is executed inside a
+.Xr jail 8 ,
+which is not supported at the moment.
+.El
+.El
 .Sh SEE ALSO
 .Xr ps 1 ,
 .Xr procctl 2 ,