| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Bobrowski's patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
directory modification events
Details relating to the new initialization flag FAN_REPORT_FID has been
added. As part of the FAN_REPORT_FID feature, a new set of event masks are
available and have been documented accordingly.
A simple example program has been added to also support the understanding
and use of FAN_REPORT_FID and directory modification events.
Signed-off-by: Matthew Bobrowski <mbobrowski@mbobrowski.org>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
different prompt
Give the shell in the second cgroup namespace a different prompt,
so as to clearly distinguish the two namespaces.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
words
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
posix_memalign.3, stdarg.3, sysconf.3, tsearch.3, elf.5, hostname.7, inode.7: tstamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Use gender-neutral pronouns.
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Other NSS modules do not necessarily honor these settings.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Escape hyphen.
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
The section "Example Programs ..." was renamed to "Example programs ..."
(with lowercase p) in c634028ab5768a04, but the reference was not
updated.
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Reported-by: Elias Benali <stackptr@users.sourceforge.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Marcus Huewe <suse-tux@gmx.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
pldd.1, sprof.1, time.1, _syscall.2, accept.2, add_key.2, adjtimex.2, bind.2, bpf.2, capget.2, chown.2, chroot.2, clock_getres.2, clone.2, connect.2, copy_file_range.2, epoll_ctl.2, epoll_wait.2, eventfd.2, fanotify_init.2, fanotify_mark.2, fcntl.2, fsync.2, futex.2, getcpu.2, getdents.2, getgid.2, getgroups.2, getpid.2, gettid.2, gettimeofday.2, getuid.2, getxattr.2, inotify_add_watch.2, inotify_init.2, ioctl_fat.2, ioctl_ns.2, ioctl_userfaultfd.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, listxattr.2, lseek.2, madvise.2, memfd_create.2, migrate_pages.2, mount.2, mprotect.2, mremap.2, msgctl.2, msgop.2, nfsservctl.2, open_by_handle_at.2, perf_event_open.2, pipe.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, readahead.2, readdir.2, readlink.2, reboot.2, recvmmsg.2, removexattr.2, rename.2, request_key.2, s390_guarded_storage.2, s390_runtime_instr.2, s390_sthyi.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, seccomp.2, select.2, select_tut.2, semctl.2, sendmmsg.2, set_thread_area.2, setgid.2, setns.2, setuid.2, setxattr.2, shmctl.2, sigaction.2, signalfd.2, sigsuspend.2, socket.2, socketpair.2, spu_run.2, stat.2, statx.2, subpage_prot.2, syscalls.2, sysctl.2, tee.2, timer_create.2, timerfd_create.2, truncate.2, uname.2, unshare.2, userfaultfd.2, ustat.2, vmsplice.2, write.2, CPU_SET.3, __ppc_get_timebase.3, alloca.3, argz_add.3, asprintf.3, backtrace.3, basename.3, bsd_signal.3, bstring.3, bswap.3, bzero.3, cacos.3, cacosh.3, catan.3, catanh.3, catgets.3, clock_getcpuclockid.3, cmsg.3, confstr.3, ctermid.3, ctime.3, des_crypt.3, dl_iterate_phdr.3, dlinfo.3, dlsym.3, duplocale.3, end.3, endian.3, errno.3, exec.3, exit.3, ferror.3, fgetws.3, fmemopen.3, fnmatch.3, fopencookie.3, fputws.3, frexp.3, ftw.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getgrouplist.3, getifaddrs.3, getline.3, getlogin.3, getmntent.3, getnameinfo.3, getopt.3, getpass.3, getprotoent_r.3, getpwnam.3, getservent_r.3, getsubopt.3, glob.3, gnu_get_libc_version.3, hsearch.3, if_nameindex.3, index.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isatty.3, iswblank.3, iswspace.3, lockf.3, makecontext.3, mallinfo.3, malloc.3, malloc_hook.3, malloc_info.3, mallopt.3, matherr.3, mbrtowc.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mbtowc.3, mcheck.3, memchr.3, mq_getattr.3, mq_notify.3, newlocale.3, nl_langinfo.3, offsetof.3, perror.3, posix_spawn.3, printf.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_mutexattr_setrobust.3, pthread_rwlockattr_setkind_np.3, pthread_setaffinity_np.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, putenv.3, qsort.3, rand.3, random.3, readdir.3, regex.3, resolver.3, rpmatch.3, rtime.3, scanf.3, sem_wait.3, setaliasent.3, setbuf.3, stpcpy.3, stpncpy.3, strcat.3, strchr.3, strcmp.3, strcpy.3, strdup.3, strerror.3, strfromd.3, strfry.3, strftime.3, string.3, strlen.3, strnlen.3, strsep.3, strstr.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, strxfrm.3, system.3, termios.3, trunc.3, wcpcpy.3, wcpncpy.3, wcrtomb.3, wcscat.3, wcscpy.3, wcslen.3, wcsncat.3, wcsncmp.3, wcsncpy.3, wcsnlen.3, wcsnrtombs.3, wcsrtombs.3, wcsstr.3, wcstok.3, wcstombs.3, wcwidth.3, wprintf.3, xcrypt.3, console_codes.4, dsp56k.4, full.4, initrd.4, lirc.4, loop.4, st.4, tty.4, vcs.4, charmap.5, core.5, host.conf.5, locale.5, proc.5, repertoiremap.5, resolv.conf.5, termcap.5, tmpfs.5, tzfile.5, aio.7, capabilities.7, cgroup_namespaces.7, cgroups.7, charsets.7, complex.7, epoll.7, fanotify.7, feature_test_macros.7, inotify.7, ip.7, locale.7, man-pages.7, man.7, namespaces.7, pid_namespaces.7, pkeys.7, pthreads.7, rtld-audit.7, sched.7, signal.7, sock_diag.7, socket.7, tcp.7, udp.7, unicode.7, user_namespaces.7, utf-8.7, zdump.8, zic.8: tstamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
groff_mdoc(7) from the groff project provides a better
equivalent of mdoc.samples(7) and the 'mandoc' project
provides a better mdoc(7). And nowadays, there are virtually
no pages in "man-pages" that use mdoc markup.
So, drop these pages.
From a conversation on linux-man with Ingo Schwarz:
[[
Subject: Re: [groff] [PATCH] man7/mdoc_samples.7: srcfix: Avoid a warning about a wrong section
Date: Wed, 27 Feb 2019 15:28:19 +0100
> The two actual problems are both within the Linux man-pages project,
> not within groff:
>
> 1. While back in the early 1990ies, Cynthia Livingston's
> mdoc.samples(7) manual page was an important document and the
> de-facto language definition of the mdoc(7) language, it has
> been outdated for a long time now. The current groff_mdoc(7)
> manual page is based on it but contains large numbers of important
> improvements by Werner Lemberg and others. As an alternative
> language definition that is slightly more concise without being
> less precise and complete, the mdoc(7) manual page is available
> from the mandoc(1) distribution (mandoc.bsd.lv). If there are
> any contradictions between groff_mdoc(7) and mdoc(7), those are
> unintended and i ought to fix them.
>
> So i really believe that the Linux man-pages project ought to
> stop distributing the woefully outdated mdoc.samples(7) manual
> page. If you want to include documentation for the mdoc language,
> i suggest that you either include a copy of the current version
> of the groff_mdoc(7) manual from the groff(1) distribution or
> of the mdoc(7) manual from the mandoc(1) distribution, whichever
> you think harmonizes better with the Linux man-pages project.
> Both are BSD-style licensed, so there should be no licensing
> issues.
>
> I'm not sure whether it is better for you to include or not
> include it. There is probably value in having mdoc(7) documentation
> out of the box with the Linux man-pages project. Then again,
> having groff_mdoc(7) in both the Linux man-pages package and
> in the groff package - or having mdoc(7) in both the Linux
> man-pages project and the mandoc(1) package - might cause
> packaging conflicts for some distributions. I don't rightly
> know how such conflicts are typically handled by Linux
> distributions. Not being able to install the Linux man-pages
> pages project, groff(1) and mandoc(1) all together on the same
> Linux machine would certainly be a bad situation...
>
> By the way, the mdoc(7) manual page distributed by the Linux
> man-pages project also makes very little sense. It is a partial
> repetition of information from groff_mdoc(7)/[mandoc-]mdoc(7),
> but so compressed that it is mostly unintelligible. Besides,
> it is incomplete: e.g. .Lk, .Mt, .Dx, .Ox, .Nx, .Ta, .%U, .Bk,
> .Ek, .Lb, .In, .Ft, .Ms, .Brq, .Bro, .Brc, .Ex are missing -
> it seems outdated by at lest 25 years. Also, some claims are
> outright wrong - for example, you *cannot* use .UR/.UE in an
> mdoc(7) document, and i cannot remember ever having seen an
> implementation of a .UN macro anywhere. Some macros descriptions
> are also wrong, e.g. .Fd is *not* intended for "function
> declarations", and .Vt is *not* "Fortran only". And so on.
>
> 2. I don't recommend keeping the old mdoc.samples(7) and mdoc(7)
> manual pages, but if you think you must do that for some reason,
> then you must at least revert this bogus commit:
I am *not at all* attached to keeping to these pages. Their
presence in the project has always felt a bit anomalous to me.
Back when I took over maintainership in 2004, there were a small
number of pages that used mdoc markup, and so it seemed wise
to keep these pages. Over time, most of those few pages were
converted to 'man' markup, and today the only other page in the
project that still uses mdoc markup is in queue(3). So, there is
just about zero value in having 'mdoc' documentation come with
the "Linux man-pages" box.
Since I seldom use mdoc markup myself, I've had no reason to
monitor pages such as groff_mdoc(7) or the mdoc(7) page
provided my ther 'mandoc' project and compare them with
the pages provided by "Linux man-pages". Now I've had a
closer look. It's sad.
I've removed mdoc(7) and mdoc.samples(7) from "Linux -man-pages".
]]
Reported-by: Ingo Schwarze <schwarze@usta.de>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
clone.2, copy_file_range.2, eventfd.2, execve.2, futex.2, getdents.2, getrlimit.2, ioctl_fat.2, ioctl_ns.2, kcmp.2, kexec_load.2, keyctl.2, listxattr.2, lseek.2, membarrier.2, memfd_create.2, mmap.2, mprotect.2, msgop.2, open_by_handle_at.2, perf_event_open.2, pipe.2, readdir.2, readlink.2, readv.2, recvmmsg.2, request_key.2, sched_setaffinity.2, seccomp.2, select.2, select_tut.2, sendmmsg.2, setns.2, signalfd.2, spu_run.2, stat.2, sysctl.2, tee.2, timer_create.2, timerfd_create.2, truncate.2, uname.2, unshare.2, userfaultfd.2, ustat.2, wait.2, CPU_SET.3, __ppc_get_timebase.3, argz_add.3, asprintf.3, backtrace.3, basename.3, bswap.3, bzero.3, cacos.3, cacosh.3, catan.3, catanh.3, catgets.3, clock_getcpuclockid.3, confstr.3, ctime.3, dl_iterate_phdr.3, dlinfo.3, duplocale.3, encrypt.3, end.3, endian.3, fgetws.3, fmemopen.3, fopencookie.3, fputws.3, frexp.3, ftw.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getgrouplist.3, getifaddrs.3, getline.3, getlogin.3, getopt.3, getpass.3, getprotoent_r.3, getpwnam.3, getservent_r.3, getsubopt.3, glob.3, gnu_get_libc_version.3, hsearch.3, if_nameindex.3, index.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, iswblank.3, iswspace.3, makecontext.3, mallinfo.3, malloc_hook.3, malloc_info.3, mallopt.3, matherr.3, mbrtowc.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mbtowc.3, mcheck.3, memchr.3, mq_getattr.3, mq_notify.3, newlocale.3, nl_langinfo.3, offsetof.3, perror.3, posix_spawn.3, printf.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_mutexattr_setrobust.3, pthread_setaffinity_np.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, qsort.3, rand.3, readdir.3, regex.3, rpmatch.3, rtime.3, scanf.3, sem_wait.3, setaliasent.3, setbuf.3, stpcpy.3, stpncpy.3, strcat.3, strchr.3, strcpy.3, strdup.3, strerror.3, strfromd.3, strftime.3, strlen.3, strnlen.3, strsep.3, strstr.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, strxfrm.3, termios.3, tsearch.3, wcpcpy.3, wcpncpy.3, wcrtomb.3, wcscat.3, wcscpy.3, wcslen.3, wcsncat.3, wcsncmp.3, wcsncpy.3, wcsnlen.3, wcsnrtombs.3, wcsrtombs.3, wcsstr.3, wcstok.3, wcstombs.3, wcwidth.3, wprintf.3, console_codes.4, dsp56k.4, full.4, initrd.4, loop.4, vcs.4, charmap.5, core.5, elf.5, locale.5, proc.5, repertoiremap.5, sysfs.5, termcap.5, aio.7, bpf-helpers.7, cgroups.7, charsets.7, complex.7, fanotify.7, feature_test_macros.7, inotify.7, locale.7, man-pages.7, man.7, pkeys.7, pthreads.7, rtld-audit.7, sock_diag.7, unix.7, user_namespaces.7, utf-8.7: Use '\e' rather than '\\' to get a backslash
Quoting Branden:
*roff escape sequences may sometimes look like C escapes, but that
is misleading. *roff is in part a macro language and that means
recursive expansion to arbitrary depths.
You can get away with "\\" in a context where no macro expansion
is taking place, but try to spell a literal backslash this way in
the argument to a macro and you will likely be unhappy with
results.
Try viewing the attached file with "man -l".
"\e" is the preferred and portable way to get a portable "escape
literal" going back to CSTR #54, the original Bell Labs troff
paper.
groff(7) discusses the issue:
\\ reduces to a single backslash; useful to delay its
interpretation as escape character in copy mode. For a
printable backslash, use \e, or even better \[rs], to be
independent from the current escape character.
As of groff 1.22.4, groff_man(7) does as well:
\e Widely used in man pages to represent a backslash output
glyph. It works reliably as long as the .ec request is
not used, which should never happen in man pages, and it
is slightly more portable than the more exact ‘\(rs’
(“reverse solidus”) escape sequence.
People not concerned with portability to extremely old troffs should
probably just use \(rs (or \[rs]), as it means "the backslash
glyph", not "the glyph corresponding to whatever the current escape
character is".
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
console_codes.4, sysfs.5, sched.7, unicode.7: Use zero‐width space in appropriate locations
Quoting Branden:
*roff systems will interpret the period in the unpatched
page as sentence-ending punctuation and put inter-sentence
spacing after it. (This might not be visible on
nroff/terminal devices, but it is more likely to be on
typesetter/PostScript/PDF output).
groff_man(7) in groff 1.22.4 attempts to throw man page
writers a bone here:
\& Zero‐width space. Append to an input line to prevent
an end‐of‐ sentence punctuation sequence from being
recognized as such, or insert at the beginning of an
input line to prevent a dot or apostrophe from being
interpreted as the beginning of a roff request.
Reported-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Reported-by: G. Branden Robinson <g.branden.robinson@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
address_families.7, ipv6.7, sock_diag.7, socket.7: ffix
Reported-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Reported-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
fanotify_init.2: add new flag FAN_REPORT_TID
fanotify.7: update description of member pid in
struct fanotify_event_metadata
Signed-off-by: nixiaoming <nixiaoming@huawei.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Monitor fanotify events on the entire filesystem.
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
New event masks have been added to the fanotify API. Documentation to
support the use and behaviour of these new masks has been added
accordingly.
Signed-off-by: Matthew Bobrowski <mbobrowski@mbobrowski.org>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Add documentation for new flag IN_MASK_CREATE for inotify_add_watch()
which is used to only allow new watches to be created.
Information obtained from a patch I submitted to the linux kernel
https://marc.info/?l=linux-fsdevel&m=152775980422847&w=2
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
hierarchies
This feature was added in Linux 5.0.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Linux-specific
* man2/socket.2 (.SH DESCRIPTION): Mention that the list of
address families is Linux-specific.
* man7/address_families.7 (.SH DESCRIPTION): Likewise.
Signed-off-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
I need to get the TTL of UDP datagrams from userspace, so I set
the IP_RECVTTL socket option. And as promised by ip.7, I then get
IP_TTL messages from recvfrom. However, unlike what the manpage
promises, the TTL field gets passed as a 32 bit integer.
The following userspace code works:
uint32_t ttl32;
for (cmsg = CMSG_FIRSTHDR(msgh); cmsg != NULL; cmsg = CMSG_NXTHDR(msgh,cmsg)) {
if ((cmsg->cmsg_level == IPPROTO_IP) && (cmsg->cmsg_type == IP_TTL) &&
CMSG_LEN(sizeof(ttl32)) == cmsg->cmsg_len) {
memcpy(&ttl32, CMSG_DATA(cmsg), sizeof(ttl32));
*ttl=ttl32;
return true;
}
else
cerr<<"Saw something else "<<(cmsg->cmsg_type == IP_TTL) <<
", "<<(int)cmsg->cmsg_level<<", "<<cmsg->cmsg_len<<", "<<
CMSG_LEN(1)<<endl;
}
The 'else' field was used to figure out I go the length wrong.
Note from mtk:
Reading the source code also seems to confirm this, from
net/ipv4/ip_sockglue.c:
[[
static void ip_cmsg_recv_ttl(struct msghdr *msg, struct sk_buff *skb)
{
int ttl = ip_hdr(skb)->ttl;
put_cmsg(msg, SOL_IP, IP_TTL, sizeof(int), &ttl);
}
]]
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
namespace
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
programs
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
This best belongs at the end of the page, after the subsections
that already make some mention of user namespaces.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
by root"
Rework for improved clarity, and also to include missing details
on the case where (1) the binary that is being executed has
capabilities attached and (2) the real user ID of the process is
not 0 (root) and (3) the effective user ID of the process is 0
(root).
Kernel code analysis and some test code (GPLv3 licensed) below.
======
My analysis of security/commoncaps.c capabilities handling
(from Linux 4.20 source):
execve() eventually calls __do_execve_file():
__do_execve_file()
|
+-prepare_bprm_creds(&bprm)
| |
| +-prepare_exec_creds()
| | |
| | +-prepare_creds()
| | |
| | | // Returns copy of existing creds
| | |
| | +-security_prepare_creds()
| | |
| | +-cred_prepare() [via hook]
| | // Seems to do nothing for commoncaps
| |
| // Returns creds provided by prepare_creds()
|
// Places creds returned by prepare_exec_creds() in bprm->creds
|
|
+-prepare_binprm(&bprm) // bprm from prepare_bprm_creds()
|
+-bprm_fill_uid(&bprm)
|
| // Places current credentials into bprm
|
| // Performs set-UID & set-GID transitions if those file bits are set
|
+-security_bprm_set_creds(&bprm)
|
+-bprm_set_creds(&bprm) [via hook]
|
+-cap_bprm_set_creds(&bprm)
|
// effective = false
|
+-get_file_caps(&bprm, &effective, &has_fcap)
| |
| +-get_vfs_caps_from_disk(..., &vcaps)
| |
| | // Fetches file capabilities from disk and places in vcaps
| |
| +-bprm_caps_from_vfs_caps(&vcaps, &bprm, &effective, &has_fcap)
|
| // If file effective bit is set: effective = true
| //
| // If file has capabilities: has_fcap |= true
| //
| // Perform execve transformation:
| // P'(perm) = F(inh) & P(Inh) | F(Perm) & P(bset)
|
+-handle_privileged_root(&bprm, has_fcap, &effective, root_uid)
|
| // If has_fcap && (rUID != root && eUID == root) then
| // return without doing anything
| //
| // If rUID == root || eUID == root then
| // P'(perm) = P(inh) | P(bset)
| //
| // If eUID == root then
| // effective = true
|
// Perform execve() transformation:
//
// P'(Amb) = (privprog) ? 0 : P(Amb)
// P'(Perm) |= P'(Amb)
// P'(Eff) = effective ? P'(Perm) : P'(Amb)
Summary
1. Perform set-UID/set-GID transformations
2. P'(Amb) = (privprog) ? 0 : P(Amb)
3. If [process has nonzero UIDs] OR
([file has caps] && [rUID != root && eUID == root]), then
P'(perm) = F(inh) & P(Inh) | F(Perm) & P(bset) | P'(Amb)
else // ~ [process has rUID == root || eUID == root]
P'(perm) = P(inh) | P(bset) | P'(Amb)
4. P'(Eff) = (F(eff) || eUID == root) ? P'(Perm) : P'(Amb)
======
$ cat show_creds_and_caps_long.c
int
main(int argc, char *argv[])
{
uid_t ruid, euid, suid;
gid_t rgid, egid, sgid;
cap_t caps;
char *s;
if (getresuid(&ruid, &euid, &suid) == -1) {
perror("getresuid");
exit(EXIT_FAILURE);
}
if (getresgid(&rgid, &egid, &sgid) == -1) {
perror("getresgid");
exit(EXIT_FAILURE);
}
printf("UID: %5ld (real), %5ld (effective), %5ld (saved)\n",
(long) ruid, (long) euid, (long) suid);
printf("GID: %5ld (real), %5ld (effective), %5ld (saved)\n",
(long) rgid, (long) egid, (long) sgid);
caps = cap_get_proc();
if (caps == NULL) {
perror("cap_get_proc");
exit(EXIT_FAILURE);
}
s = cap_to_text(caps, NULL);
if (s == NULL) {
perror("cap_to_text");
exit(EXIT_FAILURE);
}
printf("Capabilities: %s\n", s);
cap_free(caps);
cap_free(s);
exit(EXIT_SUCCESS);
}
$ cat cred_launcher.c
} while (0)
do { fprintf(stderr, "Usage: "); \
fprintf(stderr, msg, progName); \
exit(EXIT_FAILURE); } while (0)
int
main(int argc, char *argv[])
{
uid_t r, e, s;
if (argc != 5 || strcmp(argv[1], "--help") == 0)
usageErr("%s rUID eUID sUID <prog>\n", argv[0]);
r = atoi(argv[1]);
e = atoi(argv[2]);
s = atoi(argv[3]);
if (setresuid(r, e, s) == -1)
errExit("setresuid");
if (getresuid(&r, &e, &s) == -1)
errExit("getresuid");
execv(argv[4], &argv[4]);
errExit("execve");
}
$ cc -o cred_launcher cred_launcher.c
$ cc -o show_creds_and_caps_long show_creds_and_caps_long.c -lcap
$ sudo ./cred_launcher 1000 0 1000 ./show_creds_and_caps_long
UID: 1000 (real), 0 (effective), 0 (saved)
GID: 0 (real), 0 (effective), 0 (saved)
Capabilities: =ep
$ sudo setcap cap_kill=pe show_creds_and_caps_long
$ sudo ./cred_launcher 1000 0 1000 ./show_creds_and_caps_long
UID: 1000 (real), 0 (effective), 0 (saved)
GID: 0 (real), 0 (effective), 0 (saved)
Capabilities: = cap_kill+ep
The final program execution above shows the special casing
that occurs in handle_privileged_root() for the case where:
rUID != root && eUID == root && [file has capabilities]
======
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
The text stated that the execve() capability transitions are not
performed for the same reasons that setuid and setgid mode bits
may be ignored (as described in execve(2)). But, that's not quite
correct: rather, the file capability sets are treated as empty
for the purpose of the capability transition calculations.
Also merge the new 'no_file_caps' kernel option text into the
same paragraph.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
details
Clarify the "Capabilities and execution of programs by root"
section, and correct a couple of details:
* If a process with rUID == 0 && eUID != 0 does an exec,
the process will nevertheless gain effective capabilities
if the file effective bit is set.
* Set-UID-root programs only confer a full set of capabilities
if the binary does not also have attached capabilities.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
cgroups v1
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Balbir pointed out that v1 delegation was not an accidental
feature.
Reported-by: Balbir Singh <bsingharora@gmail.com>
Reported-by: Marcus Gelderie <redmnic@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Use \(aq for ASCII apostrophes and \(ga for backtick,
as recommended by groff_man(7).
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
including any header
Reported-by: Andreas Westfeld <andreas.westfeld@htw-dresden.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Reported-by: Felipe Gasper <felipe@felipegasper.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Clarify that SO_PASSCRED results in SCM_CREDENTIALS data in each
subsequently received message.
See https://bugzilla.kernel.org/show_bug.cgi?id=201805
Reported-by: Felipe Gasper <felipe@felipegasper.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Use "FAN_OPEN_PERM" consistently rather than "FAN_PERM_OPEN".
Signed-off-by: Anthony Iliopoulos <ailiopoulos@suse.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Because of setns() semantics, the parent of a process may reside
in the outer PID namespace. If that parent terminates, then the
child is adopted by the "init" in the outer PID namespace (rather
than the "init" of the PID namespace of the child).
Thus, in a scenario such as the following, if process M
terminates, P is adopted by the init process in the initial
PID namespace, and if P terminates, Q is adopted by the init
process in the inner PID namespace.
+---------------------------------------------+
| Initial PID NS |
| +---------------+ |
| +-+ | inner PID NS | |
| |1| | | |
| +-+ | +-+ | |
| | |1| | |
| | +-+ | |
| | | |
| +-+ setns(), fork() | +-+ | |
| |M|----------------------+--> |P| | |
| +-+ | +-+ | |
| | | fork() | |
| | v | |
| | +-+ | |
| | |Q| | |
| | +-+ | |
| +---------------+ |
+---------------------------------------------+
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Having the signals listed in three different tables reduces
readability, and would require more table splits if future
standards specify other signals.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
The current tables of signal information are unwieldy,
as they try to cram in too much information.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
The previous location does not seem to be getting updated.
(For example, at the time of this commit, libcap-2.26
had been out for two months, but was not present at
http://www.kernel.org/pub/linux/libs/security/linux-privs.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Reported-by: Helge Deller <deller@gmx.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
x86 and ARM are the most common architectures, but currently
are in the second subfield in the signal number lists.
Instead, swap that info with subfield 1, so the most
common architectures are first in the list.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
This patch adds the signal numbers for parisc to the signal(7) man page.
Those parisc-specific values for the various signals are valid since the
Linux kernel upstream commit ("parisc: Reduce SIGRTMIN from 37 to 32 to
behave like other Linux architectures") during development of kernel 3.18:
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f25df2eff5b25f52c139d3ff31bc883eee9a0ab
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
The stated points still hold true as at Linux 4.1.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Escape hyphens; use \(aq for ASCII apostrophes.
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Reported-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Mention that the named constants (SECBIT_KEEP_CAPS and others)
are available only if the linux/securebits.h user-space header
is included.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
eBPF sub-system on Linux can use "helper functions", functions
implemented in the kernel that can be called from within a eBPF program
injected by a user on Linux. The kernel already supports a long list of
such helpers (sixty-seven at this time, new ones are under review).
Therefore, it is proposed to create a new manual page, separate from
bpf(2), to document those helpers for people willing to develop new eBPF
programs.
Additionally, in an effort to keep this documentation in synchronisation
with what is implemented in the kernel, it is further proposed to keep
the documentation itself in the kernel sources, as comments in file
"include/uapi/linux/bpf.h", and to generate the man page from there.
This patch adds the new man page, generated from kernel sources, to the
man-pages repository. For each eBPF helper function, a description of
the helper, of its arguments and of the return value is provided. The
idea is that all future changes for this page should be redirected to
the kernel file "include/uapi/linux/bpf.h", and the modified page
generated from there.
Generating the page itself is a two-step process. First, the
documentation is extracted from include/uapi/linux/bpf.h, and converted
to a RST (reStructuredText-formatted) page, with the relevant script
from Linux sources:
$ ./scripts/bpf_helpers_doc.py > /tmp/bpf-helpers.rst
The second step consists in turning the RST document into the final man
page, with rst2man:
$ rst2man /tmp/bpf-helpers.rst > bpf-helpers.7
The bpf.h file was taken as at kernel 4.19
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
This just adds to the point made by Marcus Gelderie's patch. Note
also that SECBIT_KEEP_CAPS provides the same functionality as the
prctl() PR_SET_KEEPCAPS flag, and the prctl(2) manual page has the
correct description of the semantics (i.e., that the flag affects
the treatment of onlt the permitted capability set).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
The description of SECBIT_KEEP_CAPS is misleading about the
effects on the effective capabilities of a process during a
switch to nonzero UIDs. The effective set is cleared based on
the effective UID switching to a nonzero value, even if
SECBIT_KEEP_CAPS is set. However, with this bit set, the
effective and permitted sets are not cleared if the real and
saved set-user-ID are set to nonzero values.
This was tested using the following C code and reading the kernel
source at security/commoncap.c: cap_emulate_setxuid.
void print_caps(void) {
cap_t current = cap_get_proc();
if (!current) {
perror("Current caps");
return;
}
char *text = cap_to_text(current, NULL);
if (!text) {
perror("Converting caps to text");
goto free_caps;
}
printf("Capabilities: %s\n", text);
cap_free(text);
free_caps:
cap_free(current);
}
void print_creds(void) {
uid_t ruid, suid, euid;
if (getresuid(&ruid, &euid, &suid)) {
perror("Error getting UIDs");
return;
}
printf("real = %d, effective = %d, saved set-user-ID = %d\n", ruid, euid, suid);
}
void set_caps(int size, const cap_value_t *caps) {
cap_t current = cap_init();
if (!current) {
perror("Error getting current caps");
return;
}
if (cap_clear(current)) {
perror("Error clearing caps");
}
if (cap_set_flag(current, CAP_INHERITABLE, size, caps, CAP_SET)) {
perror("setting caps");
goto free_caps;
}
if (cap_set_flag(current, CAP_EFFECTIVE, size, caps, CAP_SET)) {
perror("setting caps");
goto free_caps;
}
if (cap_set_flag(current, CAP_PERMITTED, size, caps, CAP_SET)) {
perror("setting caps");
goto free_caps;
}
if (cap_set_proc(current)) {
perror("Comitting caps");
goto free_caps;
}
free_caps:
cap_free(current);
}
const cap_value_t caps[] = {CAP_SETUID, CAP_SETPCAP};
const size_t num_caps = sizeof(caps) / sizeof(cap_value_t);
int main(int argc, char **argv) {
puts("[+] Dropping most capabilities to reduce amount of console output...");
set_caps(num_caps, caps);
puts("[+] Dropped capabilities. Starting with these credentials and capabilities:");
print_caps();
print_creds();
if (argc >= 2 && 0 == strncmp(argv[1], "keep", 4)) {
puts("[+] Setting SECBIT_KEEP_CAPS bit");
if (prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS, 0, 0, 0)) {
perror("Setting secure bits");
return 1;
}
}
puts("[+] Setting effective UID to 1000");
if (seteuid(1000)) {
perror("Error setting effective UID");
return 2;
}
print_caps();
print_creds();
puts("[+] Raising caps again");
set_caps(num_caps, caps);
print_caps();
print_creds();
puts("[+] Setting all remaining UIDs to nonzero values");
if (setreuid(1000, 1000)) {
perror("Error setting all UIDs to 1000");
return 3;
}
print_caps();
print_creds();
return 0;
}
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
namespaces
Reported-by: Tycho Kirchner <tychokirchner@mail.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Prefer the word "owns" rather than "associated with" when
describing the relationship between user namespaces and non-user
namespaces. The existing text used a mix of the two terms, with
"associated with" being predominant, but to my ear, describing the
relationship as "ownership" is more comprehensible.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Reported-by: Burkhard Lück <lueck@hube-lueck.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
There is too much detail in socket(2). Move most of it into
a new page instead.
Cowritten-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Reported-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Clarify the example by making an implied detail more explicit.
Quoting the Troy Engel on the problem with the original text:
The problem is "and a process in a sibling cgroup (sub2)"
(shown as PID 20124 here) - how did this get here? How do I
recreate this? Following this example, there's no mention of
how, it's out of place when following the instructions.
There is nothing in any of the cgroup files which contain
this (# grep freezer /proc/*/cgroup) while at this stage.
The intent is understood, however the man page seems to skip
a step to create this in the teaching example. We should add
whatever simple steps are needed to create the "process in a
sibling cgroup" as outlined so it makes sense - as written,
I have no clue where "sibling cgroup (sub2)" came from, it
just appeared out of the blue in that step. Thanks!
See https://bugzilla.kernel.org/show_bug.cgi?id=201047
Reported-by: Troy Engel <troyengel@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
This sentence fits better in NOTES.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
The intended text was hidden elsewhere in the source of the
page as a comment.
https://bugzilla.kernel.org/show_bug.cgi?id=201029
Reported-by: Mike Weilgart <mike.weilgart@verticalsysadmin.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Explicitly note the scheduling policies that are relevant for the
v2 'cpu' controller.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
In particular, it is possible to write "threaded" to a
cgroup.type file if the current type is "domain threaded".
Previously, the text had implied that this was not possible.
Verified by experiment on Linux 4.15 and 4.19-rc.
Reported-by: Leah Hanson <lhanson@pivotal.io>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
After clone(CLONE_NEWPID), /proc/PID/ns/pid_for_children is empty
until the first child is created. Verified by experiment.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
(See the recent commit to the unshare(2) manual page.)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Reported-by: Allison Randal <allison@lohutok.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Reported-by: Pierre Chifflier <pollux@debian.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Because of the discussion of trheads and signals in clone(2)/
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Reported-by: Mike Weilgart <mike.weilgart@verticalsysadmin.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Various factors may pin a namespace into existence, even when it
has no member processes.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
The more common parlance these days is, I think, "peer".
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
This is, AFAIK, an option specific to UNIX domain sockets, so
place it in unix(7).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
socket options
Some other socket options that are applicable for TCP and UDP sockets
are documented in socket(7), so help the reader by pointing them at
that page.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
And fix a wording error in the description of SO_PASSSEC.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Thanks to a tip from Keith Packard:
https://keithp.com/blogs/fd-passing/
(Also verified by experiment.)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
When sending ancillary data, at least one byte of real data should
also be sent. This is strictly necessary for stream sockets
(verified by experiment). It is not required for datagram sockets
on Linux (verified by experiment), but portable applications
should do so.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
If no buffer is supplied for incoming ancillary data, then
the data is lost.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
If the ancillary data buffer for receiving SCM_RIGHTS file
descriptors is too small, then the excess file descriptors are
automatically closed in the receiving process. Verified by
experiment.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Verified by experiment and reading the source code (although
the SCM_RIGHTS case is not so clear to me in the source code).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
If the buffer supplied to recvmsg() to receive ancillary data is
too small, then the data is truncated and the MSG_CTRUNC flag is
set.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
The existing description is rather thin. More can be said.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
The limit is defined in the kernel as SCM_MAX_FD (253).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
To spoof credentials requires privilege (i.e., capabilities),
not UID 0.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
created/retrieved
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
capabilities
The file UID does not come into play when creating a v3
security.capability extended attribute.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Fix some confusion between "mask" and "extended attribute"
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
No credential match of file UID and namespace creator UID
is needed to create a v3 security extended attribute.
Verified by experiment using my userns_child_exec.c and
show_creds.c programs (available on http://man7.org/tlpi/code):
$ sudo setcap cap_setuid,cap_dac_override=pe \
./userns_child_exec
$ ./userns_child_exec -U -r setcap cap_kill=pe show_creds
$ ./userns_child_exec -U -M '0 1000 10' -G '0 1000 1' \
-s 1 ./show_creds
eUID = 1; eGID = 0; capabilities: = cap_kill+ep
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
duplication
In particular, note that it may be difficult for an application
to know about the existence of duplicate file descriptors.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Note a useful performance benefit of EPOLLET: ensuring that
only one of multiple waiters (in epoll_wait()) is woken
up when a file descriptor becomes ready.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
The parisc gateway page currently only exports 3 functions:
The lws_entry for CAS operations (at 0xb0), the set_thread_pointer
function for usage in glibc (at 0xe0) and the Linux syscall entry
(at 0x100).
All other symbols in the manpage are internal labels and
shouldn't be used directly by userspace or glibc, so drop them
from the man page documentation.
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Reported-by: Robin Kuzmin <kuzmin.robin@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Note ENOTDIR error that occurs when requesting a watch on a
nondirectory with IN_ONLYDIR.
Reported-by: Paul Millar <paul.millar@desy.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
execve(2)
Add background details on ambient and bounding set when
discussing capability transformations during execve(2).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Reverse order of text blocks describing pre- and
post-2.6.25 bounding set. No content changes.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
capability sets
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
capset(2) and capget(2) apply operate only on the permitted,
effective, and inheritable process capability sets.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
msgget.2, open.2, ptrace.2, readv.2, semget.2, shmget.2, shutdown.2, syscall.2, wait.2, wait4.2, crypt.3, encrypt.3, fseek.3, getcwd.3, makedev.3, pthread_create.3, puts.3, tsearch.3, elf.5, filesystems.5, group.5, passwd.5, sysfs.5, mount_namespaces.7, posixoptions.7, time.7, unix.7, vdso.7, xattr.7, ld.so.8: tstamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
feature_test_macros.7, sched.7: spfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
NS symlinks
When comparing two namespaces symlinks to see if they refer to
the same namespace, both the inode number and the device ID
should be compared. This point was already made clear in
ioctl_ns(2), but was missing from this page.
Reported-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
There was some confused missing of concepts between the
two subsections, and some other details that needed fixing up.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
xattr
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Confirmed with Serge Hallyn that: "nsroot" means the UID 0
in the namespace as it would be mapped into the initial userns.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Cowritten-by: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
