From b52327a5e01e0596e5d40fd1ac57145a650c4837 Mon Sep 17 00:00:00 2001
From: Ryan Lee <rlee287@yahoo.com>
Date: Wed, 21 Aug 2024 16:46:05 +0000
Subject: [PATCH] Update QuickProfileLanguage with ptrace summary

---
 QuickProfileLanguage.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/QuickProfileLanguage.md b/QuickProfileLanguage.md
index 9eed0cc..f7047d4 100644
--- a/QuickProfileLanguage.md
+++ b/QuickProfileLanguage.md
@@ -168,6 +168,29 @@ Rlimit Rules
 
 TODO
 
+
+Ptrace Rules
+------------
+
+There are four classes of ptrace operations:
+
+- `trace`: trace another process using `ptrace`
+- `tracedby`: be traced using `ptrace` by another process
+- `read`: read certain proc filesystem information, kcmp, futexes, and perf trace events about another process
+- `readby`: have certain proc filesystem information, kcmp, futexes, and perf trace events about oneself read by another process
+
+The `peer=` option can be included to limit the profiles that the other process must be running under.
+
+Example:
+
+
+```
+ /profile {
+   ptrace, # Allow all ptrace operations
+   ptrace (readby, tracedby) peer=unconfined, # Allow unconfined processes to ptrace us
+ }
+```
+
 File rules
 ----------