diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2015-01-10 16:02:28 +0100 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2015-01-10 16:02:28 +0100 |
| commit | c5257d7893a70fc238800746c25a1bb009087f85 (patch) | |
| tree | b776fd05a72d4f7afb83b8416e4053ff53b4816a | |
| parent | 3cd5e9837f1cbb3736f8fdf9f8bf20a472415f98 (diff) | |
| download | man-pages-c5257d7893a70fc238800746c25a1bb009087f85.tar.gz | |
Changes: Ready for 3.77
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
| -rw-r--r-- | Changes | 148 |
1 files changed, 141 insertions, 7 deletions
@@ -10,6 +10,28 @@ The following people contributed patches/fixes or (noted in brackets in the changelog below) reports, notes, and ideas that have been incorporated in changes in this release: +Akihiro Motoki <amotoki@gmail.com> +Alexandre Bique <bique.alexandre@gmail.com> +Andre Majorel <aym-xunil@teaser.fr> +Andy Lutomirski <luto@amacapital.net> +Daniel Borkmann <dborkman@redhat.com> +Dave Hansen <dave.hansen@intel.com> +Elie De Brauwer <eliedebrauwer@gmail.com> +Heinrich Schuchardt <xypron.glpk@gmx.de> +Ignat Loskutov <ignat.loskutov@gmail.com> +Jeff Epler <jepler@unpythonic.net> +Jérôme Pouiller <jezz@sysmic.org> +Kees Cook <keescook@chromium.org> +Laurent Georget <laurent.georget@supelec.fr> +Masanari Iida <standby24x7@gmail.com> +Michael Haardt <michael@moria.de> +Michael Kerrisk <mtk.manpages@gmail.com> +Mike Frysinger <vapier@gentoo.org> +Richard Cochran <richardcochran@gmail.com> +Stephan Mueller <stephan.mueller@atsec.com> +Troy Davis <troy@yort.com> +Vince Weaver <vincent.weaver@maine.edu> +Will Drewry <wad@chromium.org> Apologies if I missed anyone! @@ -17,19 +39,131 @@ Apologies if I missed anyone! New and rewritten pages ----------------------- +seccomp.2 + Kees Cook, Michael Kerrisk, Will Drewry [Andy Lutomirski] + New page documenting seccomp(2) + Combines documentation from prctl, in-kernel seccomp_filter.txt + and dropper.c, along with details specific to the new system call. + Newly documented interfaces in existing pages --------------------------------------------- - -New and changed links ---------------------- - - -Global changes --------------- +netlink.7 + Stephan Mueller [Michael Kerrisk] + Add NETLINK_CRYPTO Changes to individual pages --------------------------- +adjtimex.2 + Laurent Georget [Richard Cochran, Jeff Epler] + Clarify the 'ppm scaling' used in struct timex + This patch makes explicit and clarifies the unit used for + the fields "freq", "ppsfreq" and "stabil" in struct timex. + Michael Kerrisk [Masanari Iida] + Note that TIME_ERROR is the modern synonym for TIME_BAD + +perf_event_open.2 + Vince Weaver + Clarify the PERF_FLAG_FD_* flags + This change clarifies the behavior of the PERF_FLAG_FD_OUTPUT and + PERF_FLAG_FD_NO_GROUP flags to perf_event_open(), and removes + the related FIXME comments. + + While writing tests to validate the behavior of these flags I + discovered that PERF_FLAG_FD_OUTPUT has been broken since the + 2.6.35 kernel release. + +prctl.2 + Dave Hansen [Michael Kerrisk] + Add description of Intel MPX calls + The 3.19 kernel will have support for Intel MPX, including + a pair of new prctl() calls (PR_MPX_ENABLE_MANAGEMENT and + PR_MPX_DISABLE_MANAGEMENT) for enabling and disabling the + kernel's management of the "bounds tables". Add a + descriptions of the interface. + Michael Kerrisk + Add mention of seccomp(2) under PR_SET_SECCOMP + Michael Kerrisk + Suggest /proc/PID/status "Seccomp" as alternative to PRCTL_GET_SECCOMP + Michael Kerrisk + SIGKILL can also occur PRCTL_GET_SECCOMP in SECCOMP_MODE_FILTER mode + Kees Cook [Andy Lutomirski] + Document SECCOMP_MODE_FILTER vs EFAULT + This notes the distinction made between EINVAL and EFAULT when + attempting to use SECCOMP_MODE_FILTER with PR_SET_SECCOMP. + +setns.2 +pid_namespaces.7 + Mike Frysinger + Elaborate discussion of the PID namespace descendant limitation + The setns(2) man page already mentions that CLONE_NEWPID may only + be used with descendant namespaces, but this nuance could be + listed in a few more places so it is not missed. + +shmget.2 + Michael Kerrisk [Akihiro Motoki] + Make wording of SHMALL description a little clearer + +sigaction.2 + Michael Kerrisk + Add siginfo_t fields for SECCOMP_RET_TRAP + +memchr.3 +strstr.3 + Alexandre Bique + Reference memmem(3) in SEE ALSO section + +memcmp.3 + Michael Kerrisk [Michael Haardt] + NOTES: add some detail on avoiding memcmp() of cryptographic data + Wording largely based on comments from Michael Haardt. + +pthread_tryjoin_np.3 + Jérôme Pouiller [Michael Kerrisk] + Document EINVAL error for pthread_timedjoin_np() + +mem.4 + Elie De Brauwer + /dev/kmem depends on CONFIG_DEVKMEM + Elie De Brauwer + Correct /dev/port group in example + mem.4 mentions that group for /dev/port should be set to 'mem' + However, all other files (/dev/mem and /dev/kmem) use the kmem + group in their examples and on my system /dev/port belongs to + kmem. Hence the 'mem' group was probably a typo: + Elie De Brauwer + Add CONFIG_STRICT_DEVMEM + Since 2.6.26 the CONFIG_NONPROMISC_DEVMEM options limits the + physical addresses which can be accessed through /dev/mem. + +random.4 + Heinrich Schuchardt + Describe handling of O_NONBLOCK + /dev/random and /dev/urandom treat O_NONBLOCK differently. + This should be described in the manpage. + Heinrich Schuchardt + Mention PRNG used by urandom + /dev/urandom uses a pseudo-random number generator to replace + missing entropy. + +proc.5 + Michael Kerrisk + Document "Seccomp" field of /proc/PID/status + +epoll.7 + Michael Kerrisk [Ignat Loskutov] + Use epoll_create1() rather than epoll_create() in the code example + epoll_create1() is more or less the preferred API for new + applications, since it allows for some flags and avoids the + misdesigned epoll_create() argument, and so it seems sensible + to use that in the example, rather than epoll_create(). + +tcp.7 + Troy Davis + Clarify tcp_tw_recycle on Internet-facing hosts + Clarify that tcp_tw_recycle will break communication with many + general-purpose remote Internet hosts (namely, remote NAT devices) + even when the Linux device itself is not behind NAT. |