Michael Kerrisk
0f4727addb
sigaltstack.2: tfix
...
Reported-by: Elie Roudninski <xademax@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-18 17:09:46 +01:00
Michael Kerrisk
b8cee784b3
capabilities.7: Clarify effect of CAP_SETFCAP
...
Make it clear that CAP_SETFCAP allows setting arbitrary
capabilities on a file.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-16 00:09:25 +01:00
Michael Kerrisk
6386c0c862
errno.3: Add Linux error text corresponding to ENOMEM
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-16 00:09:16 +01:00
Stefan Hajnoczi
ba294a0ee6
vsock.7: Clarify send(2)/recv(2) families of system calls
...
Sockets support both read(2)/write(2) and send(2)/recv(2) system
calls. Each of these is actually a family of multiple system
calls such as send(2), sendfile(2), sendmsg(2), sendmmsg(2), and
sendto(2).
This patch claries which families of system calls can be used.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-12 19:12:07 +01:00
Michael Kerrisk
0d757f49e2
s390_sthyi.2: Give an argument a more meaningful name ('buffer' --> 'resp_buffer')
...
Reviewed-by: QingFeng Hao <haoqf@linux.vnet.ibm.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-12 07:33:08 +01:00
Michael Kerrisk
308a16d989
vsock.7: Place SEE ALSO and ERRORS in alphabetical order
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 20:30:38 +01:00
Michael Kerrisk
2472922151
vsock.7: Minor fixes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 20:30:37 +01:00
Michael Kerrisk
4a70bb07bc
vsock.7: srcfix: rewrap source lines
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 20:19:03 +01:00
Stefan Hajnoczi
29598b2f2d
vsock.7: Document the VSOCK socket address family
...
The AF_VSOCK address family has been available since Linux 3.9.
This patch adds vsock.7 and describes its use along the same lines as
existing ip.7, unix.7, and netlink.7 man pages.
CC: Jorgen Hansen <jhansen@vmware.com>
CC: Dexuan Cui <decui@microsoft.com>
Reviewed-by: Jorgen Hansen <jhansen@vmware.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 20:11:12 +01:00
Michael Kerrisk
4f684d1d8e
s390_sthyi.2: Move reference to external documentation to NOTES
...
CONFORMING TO is not the right place for this information.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 19:56:14 +01:00
Michael Kerrisk
763235c5e1
s390_sthyi.2: Place error list in alphabetical order
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 19:54:11 +01:00
Michael Kerrisk
9224781fd0
s390_sthyi.2: Minor wording fix-ups
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 19:54:11 +01:00
Michael Kerrisk
0966592e9f
s390_sthyi.2: ffix: allow breaks inside long URL
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 19:46:04 +01:00
Michael Kerrisk
a6ae634437
s390_sthyi.2: Srcfix: rewrap source lines
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 19:46:04 +01:00
Michael Kerrisk
ba6f9c34af
s390_sthyi.2: Minor tweaks
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 19:41:49 +01:00
Michael Kerrisk
5057157b07
s390_sthyi.2: Minor fixes
...
Reported-by: Stefan Raspl <raspl@linux.vnet.ibm.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 19:05:18 +01:00
Michael Kerrisk
ef741e2a72
syscalls.2: Add s390-specific s390_sthyi(2) to syscall list
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 18:47:19 +01:00
QingFeng Hao
c336d6e0fb
s390_sthyi.2: New page for s390-specific s390_sthyi(2)
...
Signed-off-by: QingFeng Hao <haoqf@linux.vnet.ibm.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 18:46:09 +01:00
Michael Kerrisk
46010ab917
socket.7: tfix
...
Reported-by: Joel Williamson <jwilliamson@carnegietechnologies.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 18:40:14 +01:00
Michael Kerrisk
cfd7fdf5ed
Changes.old: tfix
...
Reported-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 18:34:58 +01:00
Michael Kerrisk
ec9612a19f
network_namespaces.7: Minor adjustments to list of resources governed by network namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-10 23:19:17 +01:00
Michael Kerrisk
5d9b8ae9b9
sysfs.5: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-10 23:19:17 +01:00
Michael Kerrisk
f9ecf99e59
network_namespaces.7: When a NW namespace is freed, veth devices are destroyed
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-10 23:19:17 +01:00
Michael Kerrisk
f051ce24ac
network_namespaces.7: Reorganize text
...
No content changes...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-10 23:19:17 +01:00
Michael Kerrisk
2685b303e3
namespaces.7, network_namespaces.7: Move content from namespaces(7) to network_namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-10 23:19:17 +01:00
Michael Kerrisk
9f7ce0c2e8
network_namespaces.7: New page describing network namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-10 23:19:17 +01:00
Michael Kerrisk
c4851a982b
veth.4: Add network_namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-10 23:19:17 +01:00
Michael Kerrisk
4bf43ba523
pid_namespaces.7: SEE ALSO: add mount_namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-08 10:13:42 +01:00
Michael Kerrisk
54b9d7bf87
user_namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-06 15:05:15 +01:00
Michael Kerrisk
e62172cbd9
capabilities.7: Rephrase CAP_SETPCAP description
...
* Mention kernel versions.
* Place current kernel behavior first
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-05 22:27:27 +01:00
G. Branden Robinson
777411ae61
iconv.1, pthread_rwlockattr_setkind_np.3, man-pages.7, socket.7, iconvconfig.8: Standardize on "nonzero"
...
Also add this term to the style guide in man-pages(7).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-05 22:27:13 +01:00
John Hubbard
ffa518803e
mmap.2: MAP_FIXED is no longer discouraged
...
MAP_FIXED has been widely used for a very long time, yet the man
page still claims that "the use of this option is discouraged".
The documentation assumes that "less portable" == "must be discouraged".
Instead of discouraging something that is so useful and widely used,
change the documentation to explain its limitations better.
Signed-off-by: John Hubbard <jhubbard@nvidia.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-05 22:27:08 +01:00
roblabla
0f24751222
pthread_mutexattr_init.3: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-05 22:27:06 +01:00
Michael Kerrisk
e93e59f97b
capabilities.7: SECBIT_KEEP_CAPS is ignored if SECBIT_NO_SETUID_FIXUP is set
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-03 11:16:32 +01:00
Michael Kerrisk
e43d2a6013
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-03 11:16:32 +01:00
Michael Kerrisk
02ff4f27c2
capabilities.7: Note which capability sets are affected by SECBIT_NO_SETUID_FIXUP
...
Note explicitly that SECBIT_NO_SETUID_FIXUP is relevant for
the permitted, effective, and ambient capability sets.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-03 11:16:19 +01:00
Michael Kerrisk
ae16c99d97
prctl.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 16:23:00 +01:00
Michael Kerrisk
7c8eb8f7cf
capabilities.7: Deemphasize the ancient prctl(2) PR_SET_KEEPCAPS command
...
The modern approach is SECBITS_KEEP_CAPS.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 16:21:37 +01:00
Michael Kerrisk
f7dbc40ee7
capabilities.7: Minor wording fix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 16:21:37 +01:00
Michael Kerrisk
0336144833
prctl.2: Defer to capabilities(7) for discussion of the "keep capabilities" flag
...
It makes no sense to describe this flag in two different
manual pages, so consolidate the description to one page.
Furthermore, the following statement that was in the prctl(2)
page is not correct:
A thread's effective capability set is always cleared
when such a credential change is made, regardless of
the setting of the "keep capabilities" flag.
The effective set is not cleared if, for example, the
credential sets were [ruid != 0, euid != 0, suid == 0]
and suid is switched to zero while the "keep capabilities"
flag is set.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 16:21:13 +01:00
Michael Kerrisk
705a8f33f1
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 15:43:02 +01:00
Michael Kerrisk
bbb186d403
capabilities.7: Clarify which capability sets are effected by SECBIT_KEEP_CAPS
...
This flag has relevance only for the process permitted and
effective sets.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 15:40:39 +01:00
Michael Kerrisk
e67ac266c8
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 15:08:52 +01:00
Michael Kerrisk
f6b60423bd
capabilities.7: Ambient set is also cleared when UIDs are set to nonzero value
...
See cap_emulate_setxuid():
kuid_t root_uid = make_kuid(old->user_ns, 0);
if ((uid_eq(old->uid, root_uid) ||
uid_eq(old->euid, root_uid) ||
uid_eq(old->suid, root_uid)) &&
(!uid_eq(new->uid, root_uid) &&
!uid_eq(new->euid, root_uid) &&
!uid_eq(new->suid, root_uid))) {
if (!issecure(SECURE_KEEP_CAPS)) {
cap_clear(new->cap_permitted);
cap_clear(new->cap_effective);
}
/*
* Pre-ambient programs expect setresuid to nonroot followed
* by exec to drop capabilities. We should make sure that
* this remains the case.
*/
cap_clear(new->cap_ambient);
}
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 11:08:40 +01:00
Michael Kerrisk
8e821c3aa8
user_namespaces.7: Mention NS_GET_OWNER_UID ioctl() operation
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 09:22:40 +01:00
Michael Kerrisk
a563b19b70
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 09:12:07 +01:00
Michael Kerrisk
6dfb150c9f
seccomp.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-01 22:03:20 +01:00
Michael Kerrisk
b94c5c5a5b
seccomp.2: Clarify that SECCOMP_RET_TRAP SIGSYS signal is thread-directed
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-01 22:02:43 +01:00
Michael Kerrisk
3411d30b10
memfd_create.2: glibc support for memfd_create() was added in version 2.27
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-30 18:59:48 +01:00
Michael Kerrisk
39874d761d
mlock.2: glibc support for mlock2() is added in version 2.27
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-30 18:58:53 +01:00