From 0076479cddcf3e92effec68a09958607269a0102 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Tue, 19 Feb 2013 05:09:15 +0100 Subject: [PATCH] seteuid.2, setgid.2, setresuid.2, setreuid.2, setuid.2: EINVAL can occur if UID/GID is not valid in caller's user namespace Also add namespaces(7) under SEE ALSO. Signed-off-by: Michael Kerrisk --- man2/seteuid.2 | 8 +++++--- man2/setgid.2 | 10 ++++++++-- man2/setresuid.2 | 7 ++++++- man2/setreuid.2 | 7 ++++++- man2/setuid.2 | 8 +++++++- 5 files changed, 32 insertions(+), 8 deletions(-) diff --git a/man2/seteuid.2 b/man2/seteuid.2 index 9ff3f2bd6..fee9c5348 100644 --- a/man2/seteuid.2 +++ b/man2/seteuid.2 @@ -77,8 +77,9 @@ can fail even when the caller is UID 0; it is a grave security error to omit checking for a failure return from .BR seteuid (). .SH ERRORS -.\" .TP -.\" .B EINVAL +.TP +.B EINVAL +The target user or group ID is not valid in this user namespace. .TP .B EPERM The calling process is not privileged (Linux: does not have the @@ -143,4 +144,5 @@ and .BR setreuid (2), .BR setuid (2), .BR capabilities (7), -.BR credentials (7) +.BR credentials (7), +.BR namespaces (7) diff --git a/man2/setgid.2 b/man2/setgid.2 index 96c802093..442e68c6f 100644 --- a/man2/setgid.2 +++ b/man2/setgid.2 @@ -26,7 +26,7 @@ .\" Modified 1997-01-31 by Eric S. Raymond .\" Modified 2002-03-09 by aeb .\" -.TH SETGID 2 2010-11-22 "Linux" "Linux Programmer's Manual" +.TH SETGID 2 2013-02-19 "Linux" "Linux Programmer's Manual" .SH NAME setgid \- set group identity .SH SYNOPSIS @@ -57,6 +57,11 @@ On error, \-1 is returned, and is set appropriately. .SH ERRORS .TP +.B EINVAL +The group ID specified in +.I gid +is not valid in this user namespace. +.TP .B EPERM The calling process is not privileged (does not have the \fBCAP_SETGID\fP capability), and @@ -80,4 +85,5 @@ wrapper function transparently deals with the variation across kernel versions. .BR setegid (2), .BR setregid (2), .BR capabilities (7), -.BR credentials (7) +.BR credentials (7), +.BR namespaces (7) diff --git a/man2/setresuid.2 b/man2/setresuid.2 index 90e7cc661..2d0d9c8fb 100644 --- a/man2/setresuid.2 +++ b/man2/setresuid.2 @@ -97,6 +97,10 @@ see the description of in .BR execve (2). .TP +.B EINVAL +One or more of the target user or group IDs +is not valid in this user namespace. +.TP .B EPERM The calling process is not privileged (did not have the \fBCAP_SETUID\fP capability) and tried to change the IDs to values that are not permitted. @@ -133,4 +137,5 @@ wrapper functions transparently deal with the variations across kernel versions. .BR setreuid (2), .BR setuid (2), .BR capabilities (7), -.BR credentials (7) +.BR credentials (7), +.BR namespaces (7) diff --git a/man2/setreuid.2 b/man2/setreuid.2 index 37702fd22..db588b6e4 100644 --- a/man2/setreuid.2 +++ b/man2/setreuid.2 @@ -126,6 +126,10 @@ see the description of in .BR execve (2). .TP +.B EINVAL +One or more of the target user or group IDs +is not valid in this user namespace. +.TP .B EPERM The calling process is not privileged (Linux: does not have the @@ -194,4 +198,5 @@ wrapper functions transparently deal with the variations across kernel versions. .BR setgid (2), .BR setresuid (2), .BR setuid (2), -.BR capabilities (7) +.BR capabilities (7), +.BR namespaces (7) diff --git a/man2/setuid.2 b/man2/setuid.2 index dd07151c6..7d4ee5c4e 100644 --- a/man2/setuid.2 +++ b/man2/setuid.2 @@ -103,6 +103,11 @@ see the description of in .BR execve (2). .TP +.B EINVAL +The user ID specified in +.I uid +is not valid in this user namespace. +.TP .B EPERM The user is not privileged (Linux: does not have the .B CAP_SETUID @@ -143,4 +148,5 @@ wrapper function transparently deals with the variation across kernel versions. .BR setfsuid (2), .BR setreuid (2), .BR capabilities (7), -.BR credentials (7) +.BR credentials (7), +.BR namespaces (7)