mirror of https://github.com/mkerrisk/man-pages
bindresvport.3, rcmd.3, ip.7: Note user namespace requirements for CAP_NET_BIND_SERVICE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
70b723049c
commit
ed1ba8a5eb
|
@ -79,9 +79,10 @@ can fail for any of the same reasons as
|
|||
In addition, the following errors may occur:
|
||||
.TP
|
||||
.BR EACCES
|
||||
The caller did not have superuser privilege (to be precise: the
|
||||
The calling process was not privileged
|
||||
(on Linux: the calling process did not have the
|
||||
.B CAP_NET_BIND_SERVICE
|
||||
capability is required).
|
||||
capability in the user namespace governing its network namespace).
|
||||
.TP
|
||||
.B EADDRINUSE
|
||||
All privileged ports are in use.
|
||||
|
|
|
@ -172,7 +172,9 @@ This socket is suitable for use by
|
|||
and several other functions.
|
||||
Privileged ports are those in the range 0 to 1023.
|
||||
Only a privileged process
|
||||
.RB ( CAP_NET_BIND_SERVICE )
|
||||
(on Linux: a process that has the
|
||||
.B CAP_NET_BIND_SERVICE
|
||||
capability in the user namespace governing its network namespace).
|
||||
is allowed to bind to a privileged port.
|
||||
In the glibc implementation,
|
||||
this function restricts its search to the ports from 512 to 1023.
|
||||
|
|
|
@ -160,9 +160,10 @@ The port numbers below 1024 are called
|
|||
.IR "privileged ports"
|
||||
(or sometimes:
|
||||
.IR "reserved ports" ).
|
||||
Only a privileged process (i.e., one having the
|
||||
Only a privileged process
|
||||
(on Linux: a process that has the
|
||||
.B CAP_NET_BIND_SERVICE
|
||||
capability) may
|
||||
capability in the user namespace governing its network namespace) may
|
||||
.BR bind (2)
|
||||
to these sockets.
|
||||
Note that the raw IPv4 protocol as such has no concept of a
|
||||
|
|
Loading…
Reference in New Issue