The existing grouped fork(), clone(), execve() together
in a discussion about child processes. But execve()
does not create a process.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Combines documentation from prctl, in-kernel seccomp_filter.txt
and dropper.c, along with details specific to the new system call.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This notes the distinction made between EINVAL and EFAULT when
attempting to use SECCOMP_MODE_FILTER with PR_SET_SECCOMP.
Suggested-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Clarify that tcp_tw_recycle will break communication with many
general-purpose remote Internet hosts (namely, remote NAT devices)
even when the Linux device itself is not behind NAT.
Sources:
- BCP to make NAT implementors aware of this problem (2013):
https://tools.ietf.org/html/draft-penno-behave-rfc4787-5382-5508-bis-04#section-3.1.2
- RFC 1323 (PAWS)
- RFC 6191: Reducing the TIME-WAIT State Using TCP Timestamps
- The many users who unknowingly enabled this option on devices
communicating with the general-purpose Internet:
https://www.google.com/search?q=tcp_tw_recycle%20ip%20nat%20timestamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Hi again,
this is the second patch of the new series of patchs for adjtimex.2.
This is a trivia patch correcting "PPM" (parts per million) to the more usual "ppm".
Credits to Jeff Epler <jepler@unpythonic.net>.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This patch makes explicit and clarifies the unit used for
the fields "freq", "ppsfreq" and "stabil" in struct timex.
Reviewed-by: Richard Cochran <richardcochran@gmail.com>
Reviewed-by: Jeff Epler <jepler@unpythonic.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
epoll_create1() is more or less the preferred API for new
applications, since it allows for some flags and avoids the
misdesigned epoll_create() argument, and so it seems sensible
to use that in the example, rather than epoll_create().
Reported-by: Ignat Loskutov <ignat.loskutov@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
The setns(2) man page already mentions that CLONE_NEWPID may only
be used with descendant namespaces, but this nuance could be
listed in a few more places so it is not missed.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
mem.4 mentions that group for /dev/port should be set to 'mem'
However, all other files (/dev/mem and /dev/kmem) use the kmem
group in their examples and on my system /dev/port belongs to
kmem. Hence the 'mem' group was probably a typo:
edb@lapelidb:~$ cat /etc/group | grep -i mem
kmem❌15:
edb@lapelidb:~$ ls -al /dev/port
crw-r----- 1 root kmem 1, 4 Jan 2 10:00 /dev/port
Signed-off-by: Elie De Brauwer <eliedebrauwer@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>