From 863d6b7de0e91ef768a78d363beeb5671a0962e7 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Wed, 5 Feb 2020 12:51:51 +0100
Subject: [PATCH] unix.7: The PID sent with SCM_CREDENTIALS must match an
 existing process

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man7/unix.7 | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/man7/unix.7 b/man7/unix.7
index aa07793c2..79872b699 100644
--- a/man7/unix.7
+++ b/man7/unix.7
@@ -503,7 +503,8 @@ of this structure.
 The credentials which the sender specifies are checked by the kernel.
 A privileged process is allowed to specify values that do not match its own.
 The sender must specify its own process ID (unless it has the capability
-.BR CAP_SYS_ADMIN ),
+.BR CAP_SYS_ADMIN ,
+in which case the PID of any existing process may be specified),
 its real user ID, effective user ID, or saved set-user-ID (unless it has
 .BR CAP_SETUID ),
 and its real group ID, effective group ID, or saved set-group-ID
@@ -720,6 +721,11 @@ versus
 .B ESOCKTNOSUPPORT
 Unknown socket type.
 .TP
+.B ESRCH
+While sending an ancillary message containing credentials
+.RB ( SCM_CREDENTIALS ),
+the caller specified a PID that does not match any existing process.
+.TP
 .B ETOOMANYREFS
 This error can occur for
 .BR sendmsg (2)