Clarify that tcp_tw_recycle will break communication with many
general-purpose remote Internet hosts (namely, remote NAT devices)
even when the Linux device itself is not behind NAT.
Sources:
- BCP to make NAT implementors aware of this problem (2013):
https://tools.ietf.org/html/draft-penno-behave-rfc4787-5382-5508-bis-04#section-3.1.2
- RFC 1323 (PAWS)
- RFC 6191: Reducing the TIME-WAIT State Using TCP Timestamps
- The many users who unknowingly enabled this option on devices
communicating with the general-purpose Internet:
https://www.google.com/search?q=tcp_tw_recycle%20ip%20nat%20timestamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
epoll_create1() is more or less the preferred API for new
applications, since it allows for some flags and avoids the
misdesigned epoll_create() argument, and so it seems sensible
to use that in the example, rather than epoll_create().
Reported-by: Ignat Loskutov <ignat.loskutov@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
The setns(2) man page already mentions that CLONE_NEWPID may only
be used with descendant namespaces, but this nuance could be
listed in a few more places so it is not missed.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Since kernel 3.7, reads from inotify(7) file descriptors no longer
show the (Linux oddity) behavior of failing with EINTR when the
process resumes after a stop signal + SIGCONT.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Reads from eventfd(2), signalfd(2), timerfd(2), inotify(7),
and fanotify(7) file descriptors are also slow operations
that are restartable.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
s/PR_GET_CHILD_SUBREAPER/PR_SET_CHILD_SUBREAPER
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
The current example code requires passing an absolute
path to the mount to be watched.
By passing AT_FDCWD to fanotify_mark it can use both
absolute and relative paths.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Since credentials.7 discusses supplementary GIDs, it should reference
getgroups(2).
Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Unfortunately, fanotify does not inform listeners for all paths
under which a touched filesystem object is visible, but only the
listener using the same path as the process touching the
filesystem object.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Calling fallocate(2) does not result in inotify events.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
fallocate(2) should create FAN_MODIFY events but does not.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
I bumped the Linux version number in the BUGS section to 3.17.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Notable changes:
* Clarify some details for pathname sockets.
* Add some advice on portably coding with pathname sockets.
* Note the "buggy" behavior for pathname sockets when
the supplied pathname is 108 bytes (after a report by
Tetsuo Handa).
Commented-by: Carlos O'Donell <carlos@systemhalted.org>
Commented-by: David Miller <davem@davemloft.net>
Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
pthread_mutex_lock(, pthread_cond_wait(), and related APIs are
automatically restarted if interrupted by a signal handler.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk