Kir Kolyshkin
29c1f3cf96
capabilities.7, user_namespaces.7: Describe CAP_SETFCAP
...
mtk: The kernel commit message is quite enlihtening:
commit db2e718a47984b9d71ed890eb2ea36ecf150de18
Author: Serge E. Hallyn <serge@hallyn.com>
Date: Tue Apr 20 08:43:34 2021 -0500
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2021-08-08 04:50:12 +02:00
Kir Kolyshkin
36e6250f14
capabilities.7: tfix
...
Add a missing comma.
Fixes: 3dcdef9437
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2021-08-07 23:39:02 +02:00
Michael Kerrisk
3dcdef9437
capabilities.7: CAP_IPC_LOCK also governs memory allocation using huge pages
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2021-05-17 14:08:37 +12:00
Akihiro Motoki
5d63eed891
capabilities.7: ffix
...
Signed-off-by: Akihiro Motoki <amotoki@gmail.com>
Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2021-05-12 04:52:40 +12:00
Michael Kerrisk
1d767b552e
getent.1, ldd.1, locale.1, localedef.1, memusage.1, memusagestat.1, mtrace.1, _exit.2, _syscall.2, accept.2, access.2, acct.2, add_key.2, adjtimex.2, alloc_hugepages.2, arch_prctl.2, bdflush.2, bind.2, bpf.2, brk.2, cacheflush.2, capget.2, chdir.2, chmod.2, chown.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, close_range.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fanotify_init.2, fanotify_mark.2, fcntl.2, flock.2, fork.2, fsync.2, futex.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpid.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, getxattr.2, idle.2, init_module.2, inotify_add_watch.2, inotify_rm_watch.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl.2, ioctl_console.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_fslabel.2, ioctl_getfsmap.2, ioctl_ns.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ipc.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, mount.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open.2, open_by_handle_at.2, openat2.2, pause.2, pciconfig_read.2, perf_event_open.2, perfmonctl.2, personality.2, pidfd_getfd.2, pidfd_open.2, pidfd_send_signal.2, pipe.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readlink.2, readv.2, reboot.2, recv.2, remap_file_pages.2, removexattr.2, rename.2, request_key.2, restart_syscall.2, rmdir.2, rt_sigqueueinfo.2, s390_guarded_storage.2, s390_pci_mmio_write.2, s390_runtime_instr.2, s390_sthyi.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, set_thread_area.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, setup.2, setxattr.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, shutdown.2, sigaction.2, sigaltstack.2, signal.2, signalfd.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, stime.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscall.2, syscalls.2, sysctl.2, sysfs.2, sysinfo.2, syslog.2, time.2, timer_create.2, timer_delete.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, uname.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vfork.2, vhangup.2, vm86.2, vmsplice.2, wait.2, wait4.2, write.2, CPU_SET.3, __ppc_get_timebase.3, __ppc_set_ppr_med.3, __ppc_yield.3, __setfpucw.3, a64l.3, abort.3, abs.3, acos.3, acosh.3, addseverity.3, adjtime.3, aio_cancel.3, aio_error.3, aio_fsync.3, aio_read.3, aio_return.3, aio_suspend.3, aio_write.3, alloca.3, argz_add.3, asin.3, asinh.3, asprintf.3, assert.3, assert_perror.3, atan.3, atan2.3, atanh.3, atexit.3, atof.3, atoi.3, backtrace.3, basename.3, bcmp.3, bcopy.3, bindresvport.3, bsd_signal.3, bsearch.3, bstring.3, btowc.3, byteorder.3, bzero.3, cabs.3, cacos.3, cacosh.3, canonicalize_file_name.3, carg.3, casin.3, casinh.3, catan.3, catanh.3, catgets.3, catopen.3, cbrt.3, ccos.3, ccosh.3, ceil.3, cexp.3, cexp2.3, cfree.3, cimag.3, circleq.3, clearenv.3, clock.3, clock_getcpuclockid.3, clog.3, clog10.3, clog2.3, closedir.3, cmsg.3, confstr.3, conj.3, copysign.3, cos.3, cosh.3, cpow.3, cproj.3, creal.3, crypt.3, csin.3, csinh.3, csqrt.3, ctan.3, ctanh.3, ctermid.3, ctime.3, daemon.3, des_crypt.3, difftime.3, dirfd.3, div.3, dl_iterate_phdr.3, dladdr.3, dlerror.3, dlinfo.3, dlopen.3, dlsym.3, drand48.3, drand48_r.3, duplocale.3, dysize.3, ecvt.3, ecvt_r.3, encrypt.3, endian.3, envz_add.3, erf.3, erfc.3, err.3, errno.3, error.3, ether_aton.3, euidaccess.3, exec.3, exit.3, exp.3, exp10.3, exp2.3, expm1.3, fabs.3, fclose.3, fcloseall.3, fdim.3, fenv.3, ferror.3, fexecve.3, fflush.3, ffs.3, fgetc.3, fgetgrent.3, fgetpwent.3, fgetwc.3, fgetws.3, fileno.3, finite.3, flockfile.3, floor.3, fma.3, fmax.3, fmemopen.3, fmin.3, fmod.3, fmtmsg.3, fnmatch.3, fopen.3, fopencookie.3, fpathconf.3, fpclassify.3, fpurge.3, fputwc.3, fputws.3, fread.3, frexp.3, fseek.3, fseeko.3, ftime.3, ftok.3, fts.3, ftw.3, futimes.3, fwide.3, gamma.3, gcvt.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo.3, getaddrinfo_a.3, getauxval.3, getcontext.3, getcwd.3, getdate.3, getdirentries.3, getdtablesize.3, getentropy.3, getenv.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, gethostid.3, getifaddrs.3, getipnodebyname.3, getline.3, getloadavg.3, getlogin.3, getmntent.3, getnameinfo.3, getnetent.3, getnetent_r.3, getopt.3, getpass.3, getprotoent.3, getprotoent_r.3, getpt.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getrpcent_r.3, getrpcport.3, gets.3, getservent.3, getservent_r.3, getspnam.3, getsubopt.3, getttyent.3, getumask.3, getusershell.3, getutent.3, getutmp.3, getw.3, getwchar.3, glob.3, gnu_get_libc_version.3, grantpt.3, group_member.3, gsignal.3, hsearch.3, hypot.3, iconv.3, iconv_close.3, iconv_open.3, if_nameindex.3, if_nametoindex.3, ilogb.3, index.3, inet.3, inet_net_pton.3, inet_ntop.3, inet_pton.3, initgroups.3, insque.3, isalpha.3, isatty.3, isfdtype.3, isgreater.3, iswalnum.3, iswalpha.3, iswblank.3, iswcntrl.3, iswctype.3, iswdigit.3, iswgraph.3, iswlower.3, iswprint.3, iswpunct.3, iswspace.3, iswupper.3, iswxdigit.3, j0.3, key_setsecret.3, killpg.3, ldexp.3, lgamma.3, lio_listio.3, list.3, localeconv.3, lockf.3, log.3, log10.3, log1p.3, log2.3, logb.3, login.3, lrint.3, lround.3, lsearch.3, lseek64.3, makecontext.3, makedev.3, mallinfo.3, malloc.3, malloc_get_state.3, malloc_hook.3, malloc_info.3, malloc_stats.3, malloc_trim.3, malloc_usable_size.3, mallopt.3, matherr.3, mblen.3, mbrlen.3, mbrtowc.3, mbsinit.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mbtowc.3, mcheck.3, memccpy.3, memchr.3, memcmp.3, memcpy.3, memfrob.3, memmem.3, memmove.3, mempcpy.3, memset.3, mkdtemp.3, mkfifo.3, mkstemp.3, mktemp.3, modf.3, mpool.3, mq_close.3, mq_getattr.3, mq_notify.3, mq_open.3, mq_receive.3, mq_send.3, mq_unlink.3, mtrace.3, nan.3, newlocale.3, nextafter.3, nextup.3, nl_langinfo.3, ntp_gettime.3, on_exit.3, open_memstream.3, opendir.3, openpty.3, perror.3, popen.3, posix_fallocate.3, posix_madvise.3, posix_memalign.3, posix_openpt.3, posix_spawn.3, pow.3, pow10.3, printf.3, profil.3, psignal.3, pthread_attr_init.3, pthread_attr_setaffinity_np.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setscope.3, pthread_attr_setsigmask_np.3, pthread_attr_setstack.3, pthread_attr_setstackaddr.3, pthread_attr_setstacksize.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_detach.3, pthread_equal.3, pthread_exit.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_join.3, pthread_kill.3, pthread_kill_other_threads_np.3, pthread_mutex_consistent.3, pthread_mutexattr_getpshared.3, pthread_mutexattr_setrobust.3, pthread_rwlockattr_setkind_np.3, pthread_self.3, pthread_setaffinity_np.3, pthread_setcancelstate.3, pthread_setconcurrency.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_setschedprio.3, pthread_sigmask.3, pthread_sigqueue.3, pthread_spin_init.3, pthread_spin_lock.3, pthread_testcancel.3, pthread_tryjoin_np.3, pthread_yield.3, ptsname.3, putenv.3, putgrent.3, putpwent.3, puts.3, putwchar.3, qecvt.3, qsort.3, raise.3, rand.3, random.3, random_r.3, rcmd.3, re_comp.3, readdir.3, readdir_r.3, realpath.3, regex.3, remainder.3, remove.3, remquo.3, resolver.3, rewinddir.3, rexec.3, rint.3, round.3, rpc.3, rpmatch.3, rtime.3, rtnetlink.3, scalb.3, scalbln.3, scandir.3, scanf.3, sched_getcpu.3, seekdir.3, sem_close.3, sem_destroy.3, sem_getvalue.3, sem_init.3, sem_open.3, sem_post.3, sem_unlink.3, sem_wait.3, setaliasent.3, setbuf.3, setenv.3, setjmp.3, setlocale.3, setlogmask.3, setnetgrent.3, shm_open.3, siginterrupt.3, signbit.3, significand.3, sigpause.3, sigqueue.3, sigset.3, sigsetops.3, sigvec.3, sigwait.3, sin.3, sincos.3, sinh.3, sleep.3, slist.3, sockatmark.3, sqrt.3, stailq.3, statvfs.3, stdarg.3, stdio.3, stdio_ext.3, stpcpy.3, stpncpy.3, strcasecmp.3, strcat.3, strchr.3, strcmp.3, strcoll.3, strcpy.3, strdup.3, strerror.3, strfmon.3, strfromd.3, strfry.3, strftime.3, string.3, strlen.3, strnlen.3, strpbrk.3, strptime.3, strsep.3, strsignal.3, strspn.3, strstr.3, strtod.3, strtoimax.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, strxfrm.3, swab.3, sysconf.3, syslog.3, system.3, sysv_signal.3, tailq.3, tan.3, tanh.3, tcgetpgrp.3, tcgetsid.3, telldir.3, tempnam.3, termios.3, tgamma.3, timegm.3, timeradd.3, tmpfile.3, tmpnam.3, toascii.3, toupper.3, towctrans.3, towlower.3, towupper.3, trunc.3, tsearch.3, ttyname.3, ttyslot.3, tzset.3, ualarm.3, ulimit.3, undocumented.3, ungetwc.3, unlocked_stdio.3, unlockpt.3, updwtmp.3, uselocale.3, usleep.3, wcpcpy.3, wcpncpy.3, wcrtomb.3, wcscasecmp.3, wcscat.3, wcschr.3, wcscmp.3, wcscpy.3, wcscspn.3, wcsdup.3, wcslen.3, wcsncasecmp.3, wcsncat.3, wcsncmp.3, wcsncpy.3, wcsnlen.3, wcsnrtombs.3, wcspbrk.3, wcsrchr.3, wcsrtombs.3, wcsspn.3, wcsstr.3, wcstoimax.3, wcstok.3, wcstombs.3, wcswidth.3, wctob.3, wctomb.3, wctrans.3, wctype.3, wcwidth.3, wmemchr.3, wmemcmp.3, wmemcpy.3, wmemmove.3, wmemset.3, wordexp.3, wprintf.3, xcrypt.3, xdr.3, y0.3, cciss.4, console_codes.4, dsp56k.4, hpsa.4, initrd.4, loop.4, lp.4, msr.4, random.4, rtc.4, smartpqi.4, veth.4, wavelan.4, acct.5, core.5, elf.5, hosts.5, locale.5, proc.5, resolv.conf.5, rpc.5, slabinfo.5, sysfs.5, tmpfs.5, utmp.5, address_families.7, aio.7, attributes.7, bootparam.7, capabilities.7, cgroups.7, complex.7, ddp.7, environ.7, epoll.7, fanotify.7, feature_test_macros.7, hier.7, inode.7, inotify.7, ip.7, ipv6.7, keyrings.7, locale.7, man-pages.7, man.7, math_error.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, numa.7, packet.7, pkeys.7, pthreads.7, queue.7, raw.7, rtnetlink.7, sched.7, session-keyring.7, shm_overview.7, sigevent.7, signal-safety.7, signal.7, sock_diag.7, socket.7, spufs.7, symlink.7, system_data_types.7, tcp.7, time_namespaces.7, udp.7, udplite.7, unicode.7, unix.7, uri.7, user_namespaces.7, vdso.7, vsock.7, x25.7, iconvconfig.8, ld.so.8, ldconfig.8, sln.8, tzselect.8: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2021-03-22 00:15:34 +01:00
Michael Kerrisk
b49c2acb42
Various pages: use real minus signs in pathnames
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2021-01-21 10:29:14 +01:00
Michael Kerrisk
735334d454
Various pages: tfix (Oxford comma)
...
Discovered using:
git grep -lE '^[^.].*, [^ ]*[^,] (or|and)\>'
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2021-01-09 11:02:33 +01:00
Michael Kerrisk
2fbfb575b8
capabilities.7: Under CAP_SYS_ADMIN, group "sub-capabilities" together
...
CAP_BPF, CAP_PERFMON, and CAP_CHECKPOINT_RESTORE have all been
added to split out the power of CAP_SYS_ADMIN into weaker pieces.
Group all of these capabilities together in the list under
CAP_SYS_ADMIN, to make it clear that there is a pattern to these
capabilities.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-10-27 14:51:44 +01:00
Michael Kerrisk
045c5bde77
capabilities.7: CAP_SYS_ADMIN implies CAP_CHECKPOINT_RESTORE
...
But the latter, weaker capability is preferred.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-10-27 14:51:44 +01:00
Michael Kerrisk
a526aa4040
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-10-27 14:51:44 +01:00
Michael Kerrisk
71f6247f3c
capabilities.7: Document the CAP_CHECKPOINT_RESTORE capability added in Linux 5.9
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-10-27 14:51:44 +01:00
Michael Kerrisk
874355e30b
capabilities.7: Add kernel doc reference for CAP_PERFMON
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-10-27 14:51:44 +01:00
Michael Kerrisk
f7cf9c0bf0
capabilities.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-10-27 14:51:44 +01:00
Steve Hilder
cbcd119573
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-08-22 22:24:02 +02:00
Michael Kerrisk
ed6c69cab9
intro.1, clock_getres.2, execve.2, fcntl.2, iopl.2, lseek.2, mknod.2, mmap.2, mount.2, mq_getsetattr.2, pidfd_open.2, prctl.2, setns.2, sgetmask.2, sigaction.2, stat.2, statx.2, sync.2, syscalls.2, syslog.2, timerfd_create.2, umask.2, a64l.3, aio_init.3, atoi.3, dladdr.3, fread.3, getpt.3, isfdtype.3, malloc_stats.3, malloc_trim.3, mkfifo.3, mq_close.3, mq_open.3, mq_receive.3, mq_send.3, mq_unlink.3, posix_memalign.3, posix_openpt.3, pthread_atfork.3, pthread_rwlockattr_setkind_np.3, regex.3, scanf.3, sem_close.3, sem_destroy.3, sem_init.3, sem_open.3, sem_post.3, sem_unlink.3, sigset.3, sigvec.3, strftime.3, termios.3, console_codes.4, dsp56k.4, fd.4, lp.4, mouse.4, pts.4, sk98lin.4, dir_colors.5, proc.5, resolv.conf.5, termcap.5, utmp.5, aio.7, armscii-8.7, arp.7, capabilities.7, cgroups.7, charsets.7, cp1251.7, cp1252.7, environ.7, glob.7, inode.7, iso_8859-1.7, iso_8859-10.7, iso_8859-11.7, iso_8859-13.7, iso_8859-14.7, iso_8859-15.7, iso_8859-16.7, iso_8859-2.7, iso_8859-3.7, iso_8859-4.7, iso_8859-5.7, iso_8859-6.7, iso_8859-7.7, iso_8859-8.7, iso_8859-9.7, keyrings.7, koi8-r.7, koi8-u.7, mailaddr.7, man-pages.7, netdevice.7, operator.7, persistent-keyring.7, process-keyring.7, pthreads.7, pty.7, raw.7, regex.7, session-keyring.7, shm_overview.7, signal.7, socket.7, suffixes.7, thread-keyring.7, unicode.7, units.7, uri.7, user-keyring.7, user-session-keyring.7, iconvconfig.8, ld.so.8, zic.8: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-08-13 10:01:14 +02:00
Michael Kerrisk
aade901bee
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-07-17 13:31:12 +02:00
Saikiran Madugula
69a0c93e3c
capabilities.7: CAP_SYS_RESOURCE: add two more items for POSIX message queues
...
CAP_SYS_RESOURCE also allows overriding /proc/sys/fs/mqueue/msg_max
and /proc/sys/fs/mqueue/msgsize_max.
Signed-off-by: Saikiran Madugula <hummerbliss@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-07-17 13:31:06 +02:00
Michael Kerrisk
28a4c58cc2
intro.1, localedef.1, memusage.1, memusagestat.1, bpf.2, execve.2, fork.2, keyctl.2, request_key.2, sigaction.2, signal.2, socket.2, dlopen.3, getauxval.3, gnu_get_libc_version.3, pthread_atfork.3, sem_post.3, setjmp.3, strftime.3, veth.4, locale.5, nscd.conf.5, resolv.conf.5, address_families.7, armscii-8.7, ascii.7, capabilities.7, cgroups.7, charsets.7, cp1251.7, cp1252.7, iso_8859-1.7, iso_8859-10.7, iso_8859-11.7, iso_8859-13.7, iso_8859-14.7, iso_8859-15.7, iso_8859-16.7, iso_8859-2.7, iso_8859-3.7, iso_8859-4.7, iso_8859-5.7, iso_8859-6.7, iso_8859-7.7, iso_8859-8.7, iso_8859-9.7, keyrings.7, koi8-r.7, koi8-u.7, libc.7, locale.7, man.7, network_namespaces.7, persistent-keyring.7, session-keyring.7, signal.7, unicode.7, uri.7, user-keyring.7, user-session-keyring.7: ffix: replace - with real\-
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-07-06 14:28:51 +02:00
Dan Kenigsberg
0c576731a8
capabilities.7: Clarify that CAP_SYS_NICE relates to *lowering* the nice value
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-06-24 13:43:06 +02:00
Michael Kerrisk
baa9880610
capabilities.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-06-24 12:02:18 +02:00
Michael Kerrisk
9f6f7345e4
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-06-24 12:01:06 +02:00
Michael Kerrisk
a3cb5856c8
capabilities.7: Clarify wording around increasing process nice value
...
The fact that a more negative nice value means higher
priority is a continuing source of confusion.
Reported-by: Dan Kenigsberg <danken@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-06-24 11:59:49 +02:00
Michael Kerrisk
81701c0437
capabilities.7: Document CAP_BPF
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-06-12 13:52:22 +02:00
Michael Kerrisk
3502d8682f
capabilities.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-06-12 13:52:22 +02:00
Michael Kerrisk
e39e42409d
capabilities.7: Add CAP_PERFMON
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-06-12 13:52:22 +02:00
Michael Kerrisk
a8fcac48f5
capabilities.7: SEE ALSO: add getpcaps(8)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-06-10 08:00:46 +02:00
Michael Kerrisk
1cc2995abf
capabilities.7: tfix
...
Reported-by: Helge Kreutzmann <debian@helgefjell.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-04-19 21:20:09 +02:00
Michael Kerrisk
19531dec84
capabilities.7: tfix
...
Reported-by: Helge Kreutzmann <debian@helgefjell.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-04-19 16:42:00 +02:00
Michael Kerrisk
ef0ba060b3
capabilities.7: Minor clarification of historical behavior
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-12-30 11:01:01 +01:00
Michael Kerrisk
bafa494386
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-12-30 11:01:01 +01:00
Marko Myllynen
d6094c8a3b
capabilities.7: tfix
...
Hi Michael, it's been a while but few simple patches today..
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-08-26 23:14:49 +02:00
Michael Kerrisk
7e7e8de32e
capabilities.7: CAP_SYS_ADMIN allows modifying autogroup nice values
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-08-02 13:57:10 +02:00
Michael Kerrisk
63121bd499
pldd.1, bpf.2, chdir.2, clone.2, fanotify_init.2, fanotify_mark.2, intro.2, ipc.2, mount.2, mprotect.2, msgctl.2, msgget.2, msgop.2, pivot_root.2, pkey_alloc.2, poll.2, prctl.2, semctl.2, semget.2, semop.2, setxattr.2, shmctl.2, shmget.2, shmop.2, tkill.2, dlopen.3, exec.3, ftok.3, getutent.3, on_exit.3, strcat.3, cpuid.4, proc.5, capabilities.7, cgroup_namespaces.7, credentials.7, fanotify.7, mount_namespaces.7, namespaces.7, sched.7, signal.7, socket.7, unix.7, user_namespaces.7, vdso.7, xattr.7, ld.so.8: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-08-02 08:34:32 +02:00
Michael Kerrisk
40ca38806d
capabilities.7: Add pivot_root(2) to CAP_SYS_ADMIN list
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-07-28 13:34:28 +02:00
Michael Kerrisk
3b13efed75
capabilities.7: Add a note about using strace on binaries that have capabilities
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-07-17 04:19:01 +02:00
Michael Kerrisk
c99eb2b204
capabilities.7: CAP_FOWNER also allows modifying user xattrs on sticky directories
...
See fs/xattr.c::xattr_permission()"
/*
* In the user.* namespace, only regular files and directories can have
* extended attributes. For sticky directories, only the owner and
* privileged users can write attributes.
*/
if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) {
if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode))
return (mask & MAY_WRITE) ? -EPERM : -ENODATA;
if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) &&
(mask & MAY_WRITE) && !inode_owner_or_capable(inode))
return -EPERM;
}
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-07-01 09:59:37 +02:00
Michael Kerrisk
9ba0180298
getent.1, iconv.1, ldd.1, locale.1, localedef.1, memusage.1, memusagestat.1, pldd.1, sprof.1, time.1, _syscall.2, accept.2, add_key.2, adjtimex.2, bind.2, bpf.2, capget.2, chown.2, chroot.2, clock_getres.2, clone.2, connect.2, copy_file_range.2, epoll_ctl.2, epoll_wait.2, eventfd.2, fanotify_init.2, fanotify_mark.2, fcntl.2, fsync.2, futex.2, getcpu.2, getdents.2, getgid.2, getgroups.2, getpid.2, gettid.2, gettimeofday.2, getuid.2, getxattr.2, inotify_add_watch.2, inotify_init.2, ioctl_fat.2, ioctl_ns.2, ioctl_userfaultfd.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, listxattr.2, lseek.2, madvise.2, memfd_create.2, migrate_pages.2, mount.2, mprotect.2, mremap.2, msgctl.2, msgop.2, nfsservctl.2, open_by_handle_at.2, perf_event_open.2, pipe.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, readahead.2, readdir.2, readlink.2, reboot.2, recvmmsg.2, removexattr.2, rename.2, request_key.2, s390_guarded_storage.2, s390_runtime_instr.2, s390_sthyi.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, seccomp.2, select.2, select_tut.2, semctl.2, sendmmsg.2, set_thread_area.2, setgid.2, setns.2, setuid.2, setxattr.2, shmctl.2, sigaction.2, signalfd.2, sigsuspend.2, socket.2, socketpair.2, spu_run.2, stat.2, statx.2, subpage_prot.2, syscalls.2, sysctl.2, tee.2, timer_create.2, timerfd_create.2, truncate.2, uname.2, unshare.2, userfaultfd.2, ustat.2, vmsplice.2, write.2, CPU_SET.3, __ppc_get_timebase.3, alloca.3, argz_add.3, asprintf.3, backtrace.3, basename.3, bsd_signal.3, bstring.3, bswap.3, bzero.3, cacos.3, cacosh.3, catan.3, catanh.3, catgets.3, clock_getcpuclockid.3, cmsg.3, confstr.3, ctermid.3, ctime.3, des_crypt.3, dl_iterate_phdr.3, dlinfo.3, dlsym.3, duplocale.3, end.3, endian.3, errno.3, exec.3, exit.3, ferror.3, fgetws.3, fmemopen.3, fnmatch.3, fopencookie.3, fputws.3, frexp.3, ftw.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getgrouplist.3, getifaddrs.3, getline.3, getlogin.3, getmntent.3, getnameinfo.3, getopt.3, getpass.3, getprotoent_r.3, getpwnam.3, getservent_r.3, getsubopt.3, glob.3, gnu_get_libc_version.3, hsearch.3, if_nameindex.3, index.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isatty.3, iswblank.3, iswspace.3, lockf.3, makecontext.3, mallinfo.3, malloc.3, malloc_hook.3, malloc_info.3, mallopt.3, matherr.3, mbrtowc.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mbtowc.3, mcheck.3, memchr.3, mq_getattr.3, mq_notify.3, newlocale.3, nl_langinfo.3, offsetof.3, perror.3, posix_spawn.3, printf.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_mutexattr_setrobust.3, pthread_rwlockattr_setkind_np.3, pthread_setaffinity_np.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, putenv.3, qsort.3, rand.3, random.3, readdir.3, regex.3, resolver.3, rpmatch.3, rtime.3, scanf.3, sem_wait.3, setaliasent.3, setbuf.3, stpcpy.3, stpncpy.3, strcat.3, strchr.3, strcmp.3, strcpy.3, strdup.3, strerror.3, strfromd.3, strfry.3, strftime.3, string.3, strlen.3, strnlen.3, strsep.3, strstr.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, strxfrm.3, system.3, termios.3, trunc.3, wcpcpy.3, wcpncpy.3, wcrtomb.3, wcscat.3, wcscpy.3, wcslen.3, wcsncat.3, wcsncmp.3, wcsncpy.3, wcsnlen.3, wcsnrtombs.3, wcsrtombs.3, wcsstr.3, wcstok.3, wcstombs.3, wcwidth.3, wprintf.3, xcrypt.3, console_codes.4, dsp56k.4, full.4, initrd.4, lirc.4, loop.4, st.4, tty.4, vcs.4, charmap.5, core.5, host.conf.5, locale.5, proc.5, repertoiremap.5, resolv.conf.5, termcap.5, tmpfs.5, tzfile.5, aio.7, capabilities.7, cgroup_namespaces.7, cgroups.7, charsets.7, complex.7, epoll.7, fanotify.7, feature_test_macros.7, inotify.7, ip.7, locale.7, man-pages.7, man.7, namespaces.7, pid_namespaces.7, pkeys.7, pthreads.7, rtld-audit.7, sched.7, signal.7, sock_diag.7, socket.7, tcp.7, udp.7, unicode.7, user_namespaces.7, utf-8.7, zdump.8, zic.8: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-03-06 15:12:10 +01:00
Michael Kerrisk
9f92e4e1cb
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-23 22:03:20 +01:00
Michael Kerrisk
4312e0cb67
capabilities.7: CAP_SYS_CHROOT allows use of setns() to change the mount namespace
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-23 22:03:20 +01:00
Michael Kerrisk
dd61e8a8f4
capabilities.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-23 22:03:20 +01:00
Michael Kerrisk
9c5b11bf42
capabilities.7: Add a subsection on per-user-namespace "set-user-ID-root" programs
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-23 22:03:20 +01:00
Michael Kerrisk
bcf7072dbd
capabilities.7: Relocate the subsection "Interaction with user namespaces"
...
This best belongs at the end of the page, after the subsections
that already make some mention of user namespaces.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-23 22:03:20 +01:00
Michael Kerrisk
049d1a1534
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-23 22:03:20 +01:00
Michael Kerrisk
33d0916f81
capabilities.7: Substantially rework "Capabilities and execution of programs by root"
...
Rework for improved clarity, and also to include missing details
on the case where (1) the binary that is being executed has
capabilities attached and (2) the real user ID of the process is
not 0 (root) and (3) the effective user ID of the process is 0
(root).
Kernel code analysis and some test code (GPLv3 licensed) below.
======
My analysis of security/commoncaps.c capabilities handling
(from Linux 4.20 source):
execve() eventually calls __do_execve_file():
__do_execve_file()
|
+-prepare_bprm_creds(&bprm)
| |
| +-prepare_exec_creds()
| | |
| | +-prepare_creds()
| | |
| | | // Returns copy of existing creds
| | |
| | +-security_prepare_creds()
| | |
| | +-cred_prepare() [via hook]
| | // Seems to do nothing for commoncaps
| |
| // Returns creds provided by prepare_creds()
|
// Places creds returned by prepare_exec_creds() in bprm->creds
|
|
+-prepare_binprm(&bprm) // bprm from prepare_bprm_creds()
|
+-bprm_fill_uid(&bprm)
|
| // Places current credentials into bprm
|
| // Performs set-UID & set-GID transitions if those file bits are set
|
+-security_bprm_set_creds(&bprm)
|
+-bprm_set_creds(&bprm) [via hook]
|
+-cap_bprm_set_creds(&bprm)
|
// effective = false
|
+-get_file_caps(&bprm, &effective, &has_fcap)
| |
| +-get_vfs_caps_from_disk(..., &vcaps)
| |
| | // Fetches file capabilities from disk and places in vcaps
| |
| +-bprm_caps_from_vfs_caps(&vcaps, &bprm, &effective, &has_fcap)
|
| // If file effective bit is set: effective = true
| //
| // If file has capabilities: has_fcap |= true
| //
| // Perform execve transformation:
| // P'(perm) = F(inh) & P(Inh) | F(Perm) & P(bset)
|
+-handle_privileged_root(&bprm, has_fcap, &effective, root_uid)
|
| // If has_fcap && (rUID != root && eUID == root) then
| // return without doing anything
| //
| // If rUID == root || eUID == root then
| // P'(perm) = P(inh) | P(bset)
| //
| // If eUID == root then
| // effective = true
|
// Perform execve() transformation:
//
// P'(Amb) = (privprog) ? 0 : P(Amb)
// P'(Perm) |= P'(Amb)
// P'(Eff) = effective ? P'(Perm) : P'(Amb)
Summary
1. Perform set-UID/set-GID transformations
2. P'(Amb) = (privprog) ? 0 : P(Amb)
3. If [process has nonzero UIDs] OR
([file has caps] && [rUID != root && eUID == root]), then
P'(perm) = F(inh) & P(Inh) | F(Perm) & P(bset) | P'(Amb)
else // ~ [process has rUID == root || eUID == root]
P'(perm) = P(inh) | P(bset) | P'(Amb)
4. P'(Eff) = (F(eff) || eUID == root) ? P'(Perm) : P'(Amb)
======
$ cat show_creds_and_caps_long.c
int
main(int argc, char *argv[])
{
uid_t ruid, euid, suid;
gid_t rgid, egid, sgid;
cap_t caps;
char *s;
if (getresuid(&ruid, &euid, &suid) == -1) {
perror("getresuid");
exit(EXIT_FAILURE);
}
if (getresgid(&rgid, &egid, &sgid) == -1) {
perror("getresgid");
exit(EXIT_FAILURE);
}
printf("UID: %5ld (real), %5ld (effective), %5ld (saved)\n",
(long) ruid, (long) euid, (long) suid);
printf("GID: %5ld (real), %5ld (effective), %5ld (saved)\n",
(long) rgid, (long) egid, (long) sgid);
caps = cap_get_proc();
if (caps == NULL) {
perror("cap_get_proc");
exit(EXIT_FAILURE);
}
s = cap_to_text(caps, NULL);
if (s == NULL) {
perror("cap_to_text");
exit(EXIT_FAILURE);
}
printf("Capabilities: %s\n", s);
cap_free(caps);
cap_free(s);
exit(EXIT_SUCCESS);
}
$ cat cred_launcher.c
} while (0)
do { fprintf(stderr, "Usage: "); \
fprintf(stderr, msg, progName); \
exit(EXIT_FAILURE); } while (0)
int
main(int argc, char *argv[])
{
uid_t r, e, s;
if (argc != 5 || strcmp(argv[1], "--help") == 0)
usageErr("%s rUID eUID sUID <prog>\n", argv[0]);
r = atoi(argv[1]);
e = atoi(argv[2]);
s = atoi(argv[3]);
if (setresuid(r, e, s) == -1)
errExit("setresuid");
if (getresuid(&r, &e, &s) == -1)
errExit("getresuid");
execv(argv[4], &argv[4]);
errExit("execve");
}
$ cc -o cred_launcher cred_launcher.c
$ cc -o show_creds_and_caps_long show_creds_and_caps_long.c -lcap
$ sudo ./cred_launcher 1000 0 1000 ./show_creds_and_caps_long
UID: 1000 (real), 0 (effective), 0 (saved)
GID: 0 (real), 0 (effective), 0 (saved)
Capabilities: =ep
$ sudo setcap cap_kill=pe show_creds_and_caps_long
$ sudo ./cred_launcher 1000 0 1000 ./show_creds_and_caps_long
UID: 1000 (real), 0 (effective), 0 (saved)
GID: 0 (real), 0 (effective), 0 (saved)
Capabilities: = cap_kill+ep
The final program execution above shows the special casing
that occurs in handle_privileged_root() for the case where:
rUID != root && eUID == root && [file has capabilities]
======
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-23 22:03:20 +01:00
Michael Kerrisk
cc0fb214da
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-23 22:03:20 +01:00
Michael Kerrisk
1a9ed17c9e
capabilities.7: Improve the discussion of when file capabilities are ignored
...
The text stated that the execve() capability transitions are not
performed for the same reasons that setuid and setgid mode bits
may be ignored (as described in execve(2)). But, that's not quite
correct: rather, the file capability sets are treated as empty
for the purpose of the capability transition calculations.
Also merge the new 'no_file_caps' kernel option text into the
same paragraph.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-23 22:03:20 +01:00
Michael Kerrisk
f6acfeb8f8
capabilities.7: Document the 'no_file_caps' kernel command-line option
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-23 22:03:20 +01:00
Michael Kerrisk
bc1950ac92
capabilities.7: Rework discussion of exec and UID 0, correcting a couple of details
...
Clarify the "Capabilities and execution of programs by root"
section, and correct a couple of details:
* If a process with rUID == 0 && eUID != 0 does an exec,
the process will nevertheless gain effective capabilities
if the file effective bit is set.
* Set-UID-root programs only confer a full set of capabilities
if the binary does not also have attached capabilities.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-10 03:40:15 +01:00
Michael Kerrisk
db18d67f21
capabilities.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2019-02-07 11:40:25 +01:00
Michael Kerrisk
d893df00d9
capabilities.7: Update URL for libcap tarballs
...
The previous location does not seem to be getting updated.
(For example, at the time of this commit, libcap-2.26
had been out for two months, but was not present at
http://www.kernel.org/pub/linux/libs/security/linux-privs .
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-11-17 07:26:22 +01:00