2015-01-22 21:16:29 +00:00
|
|
|
.\" Copyright (c) 2014 Google, Inc., written by David Drysdale
|
|
|
|
.\" and Copyright (c) 2015, Michael Kerrisk <mtk.manpages@gmail.com>
|
2014-11-24 11:53:59 +00:00
|
|
|
.\"
|
|
|
|
.\" %%%LICENSE_START(VERBATIM)
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
|
|
.\" permission notice identical to this one.
|
|
|
|
.\"
|
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
|
|
.\" have taken the same level of care in the production of this manual,
|
|
|
|
.\" which is licensed free of charge, as they might when working
|
|
|
|
.\" professionally.
|
|
|
|
.\"
|
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
|
|
.\" %%%LICENSE_END
|
|
|
|
.\"
|
_exit.2, dup.2, execve.2, execveat.2, fallocate.2, fcntl.2, get_robust_list.2, getrlimit.2, mbind.2, memfd_create.2, mmap.2, open.2, ptrace.2, readv.2, select.2, sigaction.2, syscall.2, syscalls.2, truncate.2, utimensat.2, write.2, errno.3, exec.3, fclose.3, fexecve.3, fmemopen.3, fopencookie.3, getgrent_r.3, getline.3, getmntent.3, getpw.3, getpwent_r.3, getspnam.3, malloc_info.3, posix_fallocate.3, putgrent.3, shm_open.3, locale.5, proc.5: tstamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-22 22:29:25 +00:00
|
|
|
.TH EXECVEAT 2 2015-01-22 "Linux" "Linux Programmer's Manual"
|
2014-11-24 11:53:59 +00:00
|
|
|
.SH NAME
|
|
|
|
execveat \- execute program relative to a directory file descriptor
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.B #include <unistd.h>
|
|
|
|
.sp
|
2015-01-09 14:11:42 +00:00
|
|
|
.BI "int execveat(int " dirfd ", const char *" pathname ","
|
2014-11-24 11:53:59 +00:00
|
|
|
.br
|
2015-01-09 14:11:42 +00:00
|
|
|
.BI " char *const " argv "[], char *const " envp "[],"
|
2014-11-24 11:53:59 +00:00
|
|
|
.br
|
2015-01-09 14:11:42 +00:00
|
|
|
.BI " int " flags );
|
2014-11-24 11:53:59 +00:00
|
|
|
.SH DESCRIPTION
|
2015-01-09 14:11:42 +00:00
|
|
|
.\" commit 51f39a1f0cea1cacf8c787f652f26dfee9611874
|
2014-11-24 11:53:59 +00:00
|
|
|
The
|
|
|
|
.BR execveat ()
|
2015-01-09 14:11:42 +00:00
|
|
|
system call executes the program referred to by the combination of
|
|
|
|
.I dirfd
|
|
|
|
and
|
|
|
|
.IR pathname .
|
|
|
|
It operates in exactly the same way as
|
2014-11-24 11:53:59 +00:00
|
|
|
.BR execve (2),
|
|
|
|
except for the differences described in this manual page.
|
|
|
|
|
|
|
|
If the pathname given in
|
|
|
|
.I pathname
|
|
|
|
is relative, then it is interpreted relative to the directory
|
|
|
|
referred to by the file descriptor
|
2015-01-09 14:11:42 +00:00
|
|
|
.I dirfd
|
2014-11-24 11:53:59 +00:00
|
|
|
(rather than relative to the current working directory of
|
|
|
|
the calling process, as is done by
|
|
|
|
.BR execve (2)
|
|
|
|
for a relative pathname).
|
|
|
|
|
|
|
|
If
|
|
|
|
.I pathname
|
|
|
|
is relative and
|
2015-01-09 14:11:42 +00:00
|
|
|
.I dirfd
|
2014-11-24 11:53:59 +00:00
|
|
|
is the special value
|
|
|
|
.BR AT_FDCWD ,
|
|
|
|
then
|
|
|
|
.I pathname
|
|
|
|
is interpreted relative to the current working
|
|
|
|
directory of the calling process (like
|
|
|
|
.BR execve (2)).
|
|
|
|
|
|
|
|
If
|
|
|
|
.I pathname
|
|
|
|
is absolute, then
|
2015-01-09 14:11:42 +00:00
|
|
|
.I dirfd
|
2014-11-24 11:53:59 +00:00
|
|
|
is ignored.
|
|
|
|
|
|
|
|
If
|
|
|
|
.I pathname
|
|
|
|
is an empty string and the
|
|
|
|
.BR AT_EMPTY_PATH
|
|
|
|
flag is specified, then the file descriptor
|
2015-01-09 14:11:42 +00:00
|
|
|
.I dirfd
|
|
|
|
specifies the file to be executed (i.e.,
|
|
|
|
.IR dirfd
|
|
|
|
refers to an executable file, rather than a directory).
|
2014-11-24 11:53:59 +00:00
|
|
|
|
2015-01-09 14:11:42 +00:00
|
|
|
The
|
2014-11-24 11:53:59 +00:00
|
|
|
.I flags
|
2015-01-09 14:11:42 +00:00
|
|
|
argument is a bit mask that can include zero or more of the following flags:
|
2014-11-24 11:53:59 +00:00
|
|
|
.TP
|
|
|
|
.BR AT_EMPTY_PATH
|
|
|
|
If
|
|
|
|
.I pathname
|
|
|
|
is an empty string, operate on the file referred to by
|
2015-01-09 14:11:42 +00:00
|
|
|
.IR dirfd
|
2014-11-24 11:53:59 +00:00
|
|
|
(which may have been obtained using the
|
|
|
|
.BR open (2)
|
|
|
|
.B O_PATH
|
|
|
|
flag).
|
|
|
|
.TP
|
|
|
|
.B AT_SYMLINK_NOFOLLOW
|
|
|
|
If the file identified by
|
2015-01-09 14:11:42 +00:00
|
|
|
.I dirfd
|
2014-11-24 11:53:59 +00:00
|
|
|
and a non-NULL
|
|
|
|
.I pathname
|
|
|
|
is a symbolic link, then the call fails with the error
|
2015-01-10 07:53:33 +00:00
|
|
|
.BR ELOOP .
|
iconv.1, localedef.1, access.2, execveat.2, fanotify_init.2, futex.2, ioctl_fat.2, mount.2, ftw.3, sd.4, tty_ioctl.4, fanotify.7, futex.7, posixoptions.7, iconvconfig.8: srcfix: Remove useless quotes from .SS and .SH sections
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-08 02:03:52 +00:00
|
|
|
.SH RETURN VALUE
|
2014-11-24 11:53:59 +00:00
|
|
|
On success,
|
|
|
|
.BR execveat ()
|
2015-01-09 14:11:42 +00:00
|
|
|
does not return.
|
|
|
|
On error, \-1 is returned, and
|
2014-11-24 11:53:59 +00:00
|
|
|
.I errno
|
|
|
|
is set appropriately.
|
|
|
|
.SH ERRORS
|
|
|
|
The same errors that occur for
|
|
|
|
.BR execve (2)
|
|
|
|
can also occur for
|
|
|
|
.BR execveat ().
|
|
|
|
The following additional errors can occur for
|
|
|
|
.BR execveat ():
|
|
|
|
.TP
|
|
|
|
.B EBADF
|
2015-01-09 14:11:42 +00:00
|
|
|
.I dirfd
|
2014-11-24 11:53:59 +00:00
|
|
|
is not a valid file descriptor.
|
|
|
|
.TP
|
|
|
|
.B EINVAL
|
2015-01-10 07:53:33 +00:00
|
|
|
Invalid flag specified in
|
|
|
|
.IR flags .
|
|
|
|
.TP
|
|
|
|
.B ELOOP
|
2015-01-09 15:39:41 +00:00
|
|
|
.I flags
|
|
|
|
includes
|
|
|
|
.BR AT_SYMLINK_NOFOLLOW
|
|
|
|
and the file identified by
|
|
|
|
.I dirfd
|
|
|
|
and a non-NULL
|
|
|
|
.I pathname
|
|
|
|
is a symbolic link.
|
|
|
|
.TP
|
2015-01-09 14:11:42 +00:00
|
|
|
.B ENOENT
|
|
|
|
The program identified by
|
|
|
|
.I dirfd
|
|
|
|
and
|
|
|
|
.I pathname
|
|
|
|
requires the use of an interpreter program
|
|
|
|
(such as a script starting with "#!"), but the file descriptor
|
|
|
|
.I dirfd
|
|
|
|
was opened with the
|
|
|
|
.B O_CLOEXEC
|
|
|
|
flag, with the result that
|
|
|
|
the program file is inaccessible to the launched interpreter.
|
2015-01-10 07:37:39 +00:00
|
|
|
See BUGS.
|
2015-01-09 14:11:42 +00:00
|
|
|
.TP
|
2014-11-24 11:53:59 +00:00
|
|
|
.B ENOTDIR
|
|
|
|
.I pathname
|
|
|
|
is relative and
|
2015-01-09 14:11:42 +00:00
|
|
|
.I dirfd
|
2014-11-24 11:53:59 +00:00
|
|
|
is a file descriptor referring to a file other than a directory.
|
|
|
|
.SH VERSIONS
|
|
|
|
.BR execveat ()
|
2015-01-09 14:11:42 +00:00
|
|
|
was added to Linux in kernel 3.19.
|
2015-01-09 14:54:59 +00:00
|
|
|
GNU C library support is pending.
|
|
|
|
.\" FIXME . check for glibc support in a future release
|
2015-01-09 14:57:01 +00:00
|
|
|
.SH CONFORMING TO
|
|
|
|
The
|
|
|
|
.BR execveat ()
|
|
|
|
system call is Linux-specific.
|
2014-11-24 11:53:59 +00:00
|
|
|
.SH NOTES
|
|
|
|
In addition to the reasons explained in
|
|
|
|
.BR openat (2),
|
|
|
|
the
|
|
|
|
.BR execveat ()
|
|
|
|
system call is also needed to allow
|
|
|
|
.BR fexecve (3)
|
|
|
|
to be implemented on systems that do not have the
|
|
|
|
.I /proc
|
|
|
|
filesystem mounted.
|
2015-01-10 08:28:26 +00:00
|
|
|
|
|
|
|
When asked to execute a script file, the
|
|
|
|
.IR argv[0]
|
|
|
|
that is passed to the script interpreter is a string of the form
|
|
|
|
.IR /dev/fd/N
|
|
|
|
or
|
|
|
|
.IR /dev/fd/N/P ,
|
|
|
|
where
|
|
|
|
.I N
|
|
|
|
is the number of the file descriptor passed via the
|
|
|
|
.IR dirfd
|
|
|
|
argument.
|
|
|
|
A string of the first form occurs when
|
|
|
|
.BR AT_EMPTY_PATH
|
|
|
|
is employed.
|
|
|
|
A string of the second form occurs when the script is specified via both
|
|
|
|
.IR dirfd
|
|
|
|
and
|
|
|
|
.IR pathname ;
|
|
|
|
in this case,
|
|
|
|
.IR P
|
|
|
|
is the value given in
|
|
|
|
.IR pathname .
|
2015-01-10 20:29:51 +00:00
|
|
|
|
|
|
|
For the same reasons described in
|
|
|
|
.BR fexecve (3),
|
|
|
|
the natural idiom when using
|
|
|
|
.BR execveat (2)
|
|
|
|
is to set the close-on-exec flag on
|
|
|
|
.IR dirfd .
|
|
|
|
(But see BUGS.)
|
2015-01-10 07:37:39 +00:00
|
|
|
.SH BUGS
|
|
|
|
The
|
|
|
|
.B ENOENT
|
|
|
|
error described above means that it is not possible to set the
|
|
|
|
close-on-exec flag on the file descriptor given to a call of the form:
|
|
|
|
|
|
|
|
execveat(fd, "", argv, envp, AT_EMPTY_PATH);
|
|
|
|
|
|
|
|
However, the inability to set the close-on-exec flag means that a file
|
|
|
|
descriptor referring to the script leaks through to the script itself.
|
|
|
|
As well as wasting a file descriptor,
|
|
|
|
this leakage can lead to file-descriptor exhaustion in scenarios
|
|
|
|
where scripts recursively employ
|
2015-01-16 13:50:57 +00:00
|
|
|
.BR execveat ().
|
2015-01-10 07:37:39 +00:00
|
|
|
.\" For an example, see Michael Kerrisk's 2015-01-10 reply in this LKML
|
|
|
|
.\" thread (http://thread.gmane.org/gmane.linux.kernel/1836105/focus=20229):
|
|
|
|
.\"
|
2015-01-16 13:50:57 +00:00
|
|
|
.\" Subject: [PATCHv10 man-pages 5/5] execveat.2: initial man page.\" for execveat(2
|
2015-01-10 07:37:39 +00:00
|
|
|
.\" Date: Mon, 24 Nov 2014 11:53:59 +0000
|
2014-11-24 11:53:59 +00:00
|
|
|
.SH SEE ALSO
|
|
|
|
.BR execve (2),
|
2015-01-09 14:11:42 +00:00
|
|
|
.BR openat (2),
|
2014-11-24 11:53:59 +00:00
|
|
|
.BR fexecve (3)
|