seteuid.2, setgid.2, setresuid.2, setreuid.2, setuid.2: EINVAL can occur if UID/GID is not valid in caller's user namespace

Also add namespaces(7) under SEE ALSO. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-02-19 05:09:15 +01:00 · 2013-02-19 05:09:15 +01:00 · 0076479cdd
parent 8e5924c0a9
commit 0076479cdd
5 changed files with 32 additions and 8 deletions
--- a/man2/seteuid.2
+++ b/man2/seteuid.2
@ -77,8 +77,9 @@ can fail even when the caller is UID 0;
 it is a grave security error to omit checking for a failure return from
 .BR seteuid ().
 .SH ERRORS
-.\" .TP
-.\" .B EINVAL
+.TP
+.B EINVAL
+The target user or group ID is not valid in this user namespace.
 .TP
 .B EPERM
 The calling process is not privileged (Linux: does not have the
@ -143,4 +144,5 @@ and
 .BR setreuid (2),
 .BR setuid (2),
 .BR capabilities (7),
-.BR credentials (7)
+.BR credentials (7),
+.BR namespaces (7)
--- a/man2/setgid.2
+++ b/man2/setgid.2
@ -26,7 +26,7 @@
 .\" Modified 1997-01-31 by Eric S. Raymond <esr@thyrsus.com>
 .\" Modified 2002-03-09 by aeb
 .\"
-.TH SETGID 2 2010-11-22 "Linux" "Linux Programmer's Manual"
+.TH SETGID 2 2013-02-19 "Linux" "Linux Programmer's Manual"
 .SH NAME
 setgid \- set group identity
 .SH SYNOPSIS
@ -57,6 +57,11 @@ On error, \-1 is returned, and
 is set appropriately.
 .SH ERRORS
 .TP
+.B EINVAL
+The group ID specified in
+.I gid
+is not valid in this user namespace.
+.TP
 .B EPERM
 The calling process is not privileged (does not have the
 \fBCAP_SETGID\fP capability), and
@ -80,4 +85,5 @@ wrapper function transparently deals with the variation across kernel versions.
 .BR setegid (2),
 .BR setregid (2),
 .BR capabilities (7),
-.BR credentials (7)
+.BR credentials (7),
+.BR namespaces (7)
--- a/man2/setresuid.2
+++ b/man2/setresuid.2
@ -97,6 +97,10 @@ see the description of
 in
 .BR execve (2).
 .TP
+.B EINVAL
+One or more of the target user or group IDs
+is not valid in this user namespace.
+.TP
 .B EPERM
 The calling process is not privileged (did not have the \fBCAP_SETUID\fP
 capability) and tried to change the IDs to values that are not permitted.
@ -133,4 +137,5 @@ wrapper functions transparently deal with the variations across kernel versions.
 .BR setreuid (2),
 .BR setuid (2),
 .BR capabilities (7),
-.BR credentials (7)
+.BR credentials (7),
+.BR namespaces (7)
--- a/man2/setreuid.2
+++ b/man2/setreuid.2
@ -126,6 +126,10 @@ see the description of
 in
 .BR execve (2).
 .TP
+.B EINVAL
+One or more of the target user or group IDs
+is not valid in this user namespace.
+.TP
 .B EPERM
 The calling process is not privileged
 (Linux: does not have the
@ -194,4 +198,5 @@ wrapper functions transparently deal with the variations across kernel versions.
 .BR setgid (2),
 .BR setresuid (2),
 .BR setuid (2),
-.BR capabilities (7)
+.BR capabilities (7),
+.BR namespaces (7)
--- a/man2/setuid.2
+++ b/man2/setuid.2
@ -103,6 +103,11 @@ see the description of
 in
 .BR execve (2).
 .TP
+.B EINVAL
+The user ID specified in
+.I uid
+is not valid in this user namespace.
+.TP
 .B EPERM
 The user is not privileged (Linux: does not have the
 .B CAP_SETUID
@ -143,4 +148,5 @@ wrapper function transparently deals with the variation across kernel versions.
 .BR setfsuid (2),
 .BR setreuid (2),
 .BR capabilities (7),
-.BR credentials (7)
+.BR credentials (7),
+.BR namespaces (7)