Commit Graph

13232 Commits

Author SHA1 Message Date
Michael Kerrisk 34bcced069 user_namespaces.7: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:53:43 +01:00
Michael Kerrisk 690c890a75 user_namespaces.7: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:44:41 +01:00
Michael Kerrisk 50b49f0b54 user_namespaces.7: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:43:45 +01:00
Michael Kerrisk 1fc04edfbb user_namespaces.7: tfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:42:17 +01:00
Michael Kerrisk 31a7d5060a user_namespaces.7: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:40:32 +01:00
Michael Kerrisk b37c3036bb filesystems.5: srcfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:33:45 +01:00
Michael Kerrisk b7a89be42c filesystems.5: Remove dubious claim about comparative performance of ext2
Perhaps it was the best filesystem performance-wise in
the 20th century, when that text was written. That probaly
ceased to be true quite a long time ago, though.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:29:55 +01:00
Stéphane Aulery eaf096254c filesystems.5: Add cross references for ext filesystems
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:25:40 +01:00
Michael Kerrisk 6c8571e079 user_namespaces.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 20:13:57 +01:00
Ma Shimiao 9da4cd7d47 getwchar.3: ATTRIBUTES: Note function that is thread-safe
The marking matches glibc marking.

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 15:02:37 +01:00
Stéphane Aulery 4ca1679e52 intro.1: ffix
Highlighting like other commands

Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:51 +01:00
Stéphane Aulery 144685a73a intro.1: Prompt is not % but $
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:51 +01:00
Stéphane Aulery af2908c3cf intro.1: ffix
Filenames in italic

Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:51 +01:00
Stéphane Aulery d1f129d4d4 intro.1: ffix
User input in bold

Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:51 +01:00
Stéphane Aulery b35813db33 intro.1: Add cross references cited
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:51 +01:00
Michael Kerrisk 7566936006 filesystems.5: Fixup: Reverse earlier change to case of filesystem names
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:34 +01:00
Stéphane Aulery c2c247dc56 filesystems.5: ffix
Highlight all file systems citations

Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:34 +01:00
Stéphane Aulery c8375cf207 filesystems.5: wfix
XIA filesystem Linux module name is xiafs

Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:34 +01:00
Stéphane Aulery 895fe6f029 filesystems.5: ffix
All filesystems in lowercase

Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:34 +01:00
Stéphane Aulery 5bc93c9f3d filesystems.5: Specifies the scope of this list and its limits.
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:34 +01:00
Stéphane Aulery 1258e3251b filesystems.5: srcfix
Remove useless quotes

Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:34 +01:00
Michael Kerrisk d06a6170dd proc.5: Replace description of 'uid_map' with a reference to user_namespaces(7)
All of the information in proc(5) was also present in
user_namespaces(7), but the latter was more detailed
and up to date.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk 4990f759aa user_namespaces.7: wspfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk c38a2a0473 user_namespaces.7: Handle /proc/PID/setgroups in the example program
Reported-by: Alban Crequy <alban.crequy@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk ecb0ff30e8 user_namespaces.7: Explain why the /proc/PID/setgroups file was added
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk d6add5efa2 user_namespaces.7: Rework test describing restrictions on updating /proc/PID/setgroups
No (intentional) changes to factual description, but the
restructured text is hopefully easier to grasp.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk 30b33164cb user_namespaces.7: Rework some text describing permission rules for updating map files
No (intentional) change to the facts, but this restructuring
should make the meaning easier to grasp.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk a1d4cbf4f8 getgroups.2: Refer reader to user_namespaces(7) for discussion of /proc/PID/setgroups
The discussion of /proc/PID/setgroups has moved from
proc(5) to user_namespaces(7).

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk ab28dba9a0 proc.5, user_namespaces.7: Migrate description of /proc/PID/setgroups to user_namespaces(7)
It makes sense to have the description of this file
in the general discussion of user namespaces.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk 4e2683f9a3 getgroups.2: Note kernel version for EPERM /proc/PID/setgroups error case
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Ma Shimiao b640fcfad1 wcstombs.3: ATTRIBUTES: Note function that is thread-safe
The marking matches glibc marking.

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Ma Shimiao 988517af15 wctob.3: ATTRIBUTES: Note function that is thread-safe
The marking matches glibc marking.

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Ma Shimiao 8ae2d62531 popen.3: ATTRIBUTES: Note functions that are thread-safe
The marking matches glibc marking.

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk a0726dbfdd proc.5: Tweaks to /proc/PID/setgroups text
After comments from Eric Biederman

Cowritten-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk f72de267d9 user_namespaces.7: srcfix: FIXME
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk 364ce93556 user_namespaces.7: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk f2d61dbbaa user_namespaces.7: Some tweaks to Eric Biederman's patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Eric W. Biederman 0c9abe8b8c user_namespaces.7: Update the documentation to reflect the fixes for negative groups
Files with access permissions such as rwx---rwx give fewer
permissions to their group then they do to everyone else.  Which
means dropping groups with setgroups(0, NULL) actually grants a
process privileges.

The unprivileged setting of gid_map turned out not to be safe
after this change.  Privileged setting of gid_map can be
interpreted as meaning yes it is ok to drop groups. [ Eric
additionally noted: Setting of gid_map with privilege has been
clarified to mean that dropping groups is ok.  This allows
existing programs that set gid_map with privilege to work
without changes.  That is, newgidmap(1) continues to work
unchanged.]

To prevent this problem and future problems, user namespaces were
changed in such a way as to guarantee a user can not obtain
credentials without privilege that they could not obtain without
the help of user namespaces.

This meant testing the effective user ID and not the filesystem
user ID, as setresuid(2) and setregid(2) allow setting any process
UID or GID (except the supplementary groups) to the effective ID.

Furthermore, to preserve in some form the useful applications
that have been setting gid_map without privilege, the file
/proc/[pid]/setgroups was added to allow disabling setgroups(2).
With setgroups(2) permanently disabled in a user namespace, it
again becomes safe to allow writes to gid_map without privilege.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:10:02 +01:00
Michael Kerrisk 6bb49a3266 proc.5: Tweak's to Eric Biederman's patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:39 +01:00
Michael Kerrisk de04dd4df3 proc.5: Add some details on /proc/PID/setgroups
And generally rework the text.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:39 +01:00
Michael Kerrisk c06e4b9664 getgroups.2: ERRORS: add EPERM for the case where /proc/PID/setgroups is "deny"
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:39 +01:00
Michael Kerrisk 925b92395b getgroups.2: Note capability associated with EPERM error for setgroups(2)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:39 +01:00
Michael Kerrisk 5c92b1b761 proc.5: Tweaks to Eric Biederman's patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:39 +01:00
Eric W. Biederman d520465b99 proc.5: Document /proc/[pid]/setgroups
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:39 +01:00
Michael Kerrisk 1622fc979b proc.5: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:39 +01:00
Michael Kerrisk 430a1677d2 umount.2: Move "shared mount + umount" text to a subsection in MOTTES
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:39 +01:00
Michael Kerrisk 50a4b0aafc umount.2: Tweak's to Eric Biederman's "shared subtrees on umount" patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:39 +01:00
Eric W. Biederman 6d47504df1 umount.2: Document the effect of shared subtrees on umount(2)
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:39 +01:00
Eric W. Biederman f131122173 umount.2: Correct the description of MNT_DETACH
I recently realized that I had been reasoning improperly about
what umount(MNT_DETACH) did based on an insufficient description
in the umount.2 man page, that matched my intuition but not the
implementation.

When there are no submounts, MNT_DETACH is essentially harmless to
applications.  Where there are submounts, MNT_DETACH changes what
is visible to applications using the detach directories.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:38 +01:00
Michael Kerrisk 3ef9fdd1a9 user_namespaces.7: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:16 +01:00