Michael Kerrisk
6db035a320
attr.7: Document VFS-imposed limits on EAs
...
VFS imposes a 255-byte limit on EA names, and a 64kB limit on
EA values.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 10:42:38 +02:00
Michael Kerrisk
3d33987bdb
attr.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 10:42:38 +02:00
Michael Kerrisk
6ad46a9d8c
attr.7: The ext[234] block limitation applies to sum of all EAs
...
It is not a per-EA limit.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 10:42:38 +02:00
Michael Kerrisk
9a7d1c23ae
attr.7: ext2 and ext3 no longer need mounting with 'user_xattr' for user EAs
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 10:42:30 +02:00
Michael Kerrisk
03a93c3778
attr.7: Clarify permissions required to work with 'user' EAs
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 10:07:27 +02:00
Michael Kerrisk
7ee629abee
attr.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 10:07:27 +02:00
Michael Kerrisk
355657c248
attr.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 10:07:27 +02:00
Michael Kerrisk
8d75a7a852
attr.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 10:07:27 +02:00
Michael Kerrisk
b4a61f89a2
attr.7: wfix: remove unneeded statement that superuser has CAP_SYS_ADMIN
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 10:07:27 +02:00
Michael Kerrisk
d8ba76940b
attr.7: File capabilities are implemented using *security* attributes
...
Not *system* attributes
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 10:07:27 +02:00
Michael Kerrisk
68d53b6d9c
attr.7: wfix (s/zero-terminated/null/terminated)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 10:07:27 +02:00
Michael Kerrisk
5871fb36fc
attr.7: grfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 10:07:27 +02:00
Michael Kerrisk
b124a27b19
attr.7: Add CONFORMING TO section
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 10:07:27 +02:00
Michael Kerrisk
b68d4dc382
attr.7: Btrfs also supports extended attributes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 10:07:27 +02:00
Michael Kerrisk
b5792ba5dc
attr.7: ffix: s/reiserfs/Reiserfs/
...
For consistency with other man-pages pages.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 09:14:58 +02:00
Michael Kerrisk
aad5c29757
attr.7: Add various relevant pages to SEE ALSO
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 09:11:27 +02:00
Michael Kerrisk
5ee7f61c3e
attr.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 09:03:37 +02:00
Michael Kerrisk
ca7d9e3443
attr.7: Minor tweaks
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 09:00:28 +02:00
Michael Kerrisk
ebce8403ab
attr.7: Minor wording fixes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 09:00:28 +02:00
Michael Kerrisk
b63436d873
attr.7: Modify headings to man-pages norms
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 09:00:28 +02:00
Michael Kerrisk
31a369b843
attr.7: ffix: drop AUTHORS section
...
man-pages generally avoids AUTHORS sections.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 09:00:21 +02:00
Michael Kerrisk
933e467539
attr.7: srcfix: wrap long lines and wrap at end of sentences
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 08:50:55 +02:00
Andreas Gruenbacher
544a5910f7
attr.7: Import attr(5) man page from the 'attr' project
...
After discussions with Andreas Gruenbacher, it makes sense to
move this page into man-pages, since it mostly relates to
kernel details.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 08:34:32 +02:00
Michael Kerrisk
ed948c28b3
chown.2, execve.2, prctl.2, truncate.2, proc.5, capabilities.7, ld.so.8: Tighter wording: 'mode bit' rather than 'permission bit'
...
For sticky, set-UID, and set-GID mode bits (as used in POSIX).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-21 14:36:59 +02:00
Michael Kerrisk
c73595c249
getent.1, fallocate.2, getrlimit.2, llseek.2, madvise.2, mount.2, poll.2, posix_fadvise.2, pread.2, stat.2, symlink.2, timer_create.2, timerfd_create.2, unshare.2, acos.3, acosh.3, asin.3, asinh.3, asprintf.3, atan.3, atan2.3, atanh.3, cabs.3, cacos.3, cacosh.3, carg.3, casin.3, casinh.3, catan.3, catanh.3, cbrt.3, ccos.3, ccosh.3, ceil.3, cexp.3, cimag.3, clog.3, conj.3, copysign.3, cos.3, cosh.3, cpow.3, cproj.3, creal.3, csin.3, csinh.3, csqrt.3, ctan.3, ctanh.3, ctime.3, erf.3, erfc.3, exec.3, exp.3, exp2.3, expm1.3, fabs.3, fdim.3, floor.3, fma.3, fmax.3, fmin.3, fmod.3, frexp.3, ftw.3, get_nprocs_conf.3, getcwd.3, gethostbyname.3, getnetent.3, getutent.3, glob.3, ilogb.3, insque.3, j0.3, ldexp.3, lgamma.3, log.3, log10.3, log1p.3, log2.3, logb.3, login.3, lrint.3, lround.3, lseek64.3, malloc.3, mbsnrtowcs.3, mbsrtowcs.3, modf.3, mq_notify.3, mq_open.3, nan.3, nextafter.3, openpty.3, perror.3, posix_memalign.3, pow.3, printf.3, qsort.3, realpath.3, remainder.3, remquo.3, rint.3, round.3, scalbln.3, scandir.3, scanf.3, setnetgrent.3, significand.3, sin.3, sinh.3, sqrt.3, strcasecmp.3, tan.3, tanh.3, tgamma.3, trunc.3, unlocked_stdio.3, updwtmp.3, wcrtomb.3, wcsnrtombs.3, wcsrtombs.3, wordexp.3, wprintf.3, y0.3, epoll.7, icmp.7, nptl.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-19 11:20:58 +02:00
Michael Kerrisk
1cf6aebac1
icmp.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-18 23:09:46 +02:00
YOSHIFUJI Hideaki/吉藤英明
7711151ab8
icmp.7: Document net.ipv4.ping_group_range knob
...
Signed-off-by: YOSHIFUJI Hideaki <hideaki.yoshifuji@miraclelinux.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-18 23:07:54 +02:00
Michael Kerrisk
634c92fbb7
epoll.7: SEE ALSO: add poll(2) and select(2)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-18 13:20:39 +02:00
Michael Kerrisk
c99652b724
nptl.7: Add reference to timer_create(2)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-06 16:13:54 +02:00
Masanari Iida
9284f6e7a2
boot.7: tfix: Fix spelling typo in boot.7
...
Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-06 16:13:54 +02:00
Michael Kerrisk
14cb1eefe2
raw.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-06 16:13:54 +02:00
Michael Kerrisk
458abbe629
Removed trailing white space at end of lines
2015-03-29 22:31:35 +02:00
Michael Kerrisk
1e64c86bbf
intro.1, ldd.1, clone.2, getgroups.2, getpid.2, getsockopt.2, ioctl_list.2, msgop.2, open.2, seccomp.2, setgid.2, setresuid.2, setreuid.2, setuid.2, sigaction.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, syscall.2, syscalls.2, umount.2, clock.3, dlopen.3, fmemopen.3, fpathconf.3, fputwc.3, fputws.3, fseek.3, fseeko.3, gcvt.3, getline.3, getwchar.3, hypot.3, if_nameindex.3, initgroups.3, popen.3, resolver.3, strcoll.3, strdup.3, tzset.3, ulimit.3, wcstombs.3, wctob.3, xdr.3, console_codes.4, random.4, filesystems.5, host.conf.5, hosts.5, proc.5, resolv.conf.5, securetty.5, credentials.7, feature_test_macros.7, hier.7, ipv6.7, packet.7, pthreads.7, raw.7, signal.7, tcp.7, user_namespaces.7, ld.so.8, ldconfig.8: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-29 22:30:09 +02:00
Michael Kerrisk
519f81c60c
raw.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-29 17:16:36 +02:00
Michael Kerrisk
44d8807495
nptl.7: wfix
...
Reported-by: Bert Wesarg <bert.wesarg@googlemail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-28 23:58:04 +01:00
Michael Kerrisk
cb066271c9
signal.7: SEE ALSO: add nptl(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-28 23:58:04 +01:00
Michael Kerrisk
d378f78434
pthreads.7: Add references to nptl(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-28 23:58:04 +01:00
Michael Kerrisk
2baa3e91e4
credentials.7: Add reference to nptl(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-28 23:58:04 +01:00
Michael Kerrisk
672e27e450
nptl.7: New page with details of the NPTL POSIX threads implementation
2015-03-28 23:58:03 +01:00
Michael Kerrisk
159097d4d4
socket.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-28 23:55:01 +01:00
Michael Kerrisk
b756950670
ip.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-27 14:33:35 +01:00
Michael Kerrisk
be38232488
raw.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-27 14:33:34 +01:00
Michael Kerrisk
d46f21fedf
raw.7: Rephrase "Linux 2.2" language to "Linux 2.2 or later"
...
The man page was written in the LInux 2.2 timeframe, and
some phrasing was not future-proof.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-27 14:23:14 +01:00
Michael Kerrisk
2205c29290
packet.7: Rework description of fanout algorithms as list
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-27 13:00:42 +01:00
Michael Kerrisk
ab8ff64cb9
packet.7: Rework description of 'sockaddr_ll' fields as a list
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-27 13:00:42 +01:00
Michael Kerrisk
71bbbbef71
packet.7: Remove text about ancient glibc not defining SOL_PACKET
...
This was fixed in glibc 2.1.1, which is a long while ago.
And in any case, there is nothing special about this case;
it's just one of those times when glibc lags.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-27 13:00:42 +01:00
Michael Kerrisk
f2b205322b
packet.7: Various minor edits
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-27 13:00:42 +01:00
Michael Kerrisk
5be2fc1653
packet.7: Remove mention of needing UID 0 to create packet socket
...
The existing text makes no sense. The check is based
purely on a capability check. (Kernel function
net/packet/af_packet.c::packet_create()
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-27 12:46:17 +01:00
Michael Kerrisk
a902a39f74
symlink.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-27 12:22:41 +01:00
Michael Kerrisk
238a751e47
cpuset.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-27 12:22:30 +01:00
Michael Kerrisk
f34cce6890
man.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-27 12:22:11 +01:00
Michael Kerrisk
0a3d13a59e
packet.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-27 12:22:00 +01:00
Michael Kerrisk
b9aee8fe52
bootparam.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-27 12:21:48 +01:00
Michael Kerrisk
d701253e26
raw.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-27 11:12:17 +01:00
Michael Kerrisk
636355f9c2
ipv6.7: Tweaks to Stéphane Aulery's patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-23 07:14:51 +01:00
Stéphane Aulery
8013e4ef70
ipv6.7: SOL_IPV6 and other SOL_* options socket are not portable
...
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472447
Reported-by: David Madore <david.madore@ens.fr>
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-23 07:10:30 +01:00
Stéphane Aulery
ad127d4cdb
hier.7: Document /initrd, /lost+found and /sys
...
Ubuntu Bug #70094 reported by Brian Beck
https://bugs.launchpad.net/ubuntu/+source/manpages/+bug/70094
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-23 07:02:26 +01:00
Michael Kerrisk
a2250622b1
boot.7: Minor fixes to Michael Witten's patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 20:39:57 +01:00
Michael Witten
fbf0b164c2
boot.7: Mention `systemd(1)' and its related `bootup(7)'
...
It's important that the reader receive contemporary information.
Signed-off-by: Michael Witten <mfwitten@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 20:39:51 +01:00
Michael Witten
a879ea438c
boot.7: Copy edit
...
While a lot of the changes are issues of presentation,
there are also issues of grammar and punctuation.
Signed-off-by: Michael Witten <mfwitten@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 20:39:48 +01:00
Michael Kerrisk
84ed5c349c
tcp.7: Minor fixes to Peter Adkins patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 20:20:58 +01:00
Peter Adkins
09fe692d1b
tcp.7: Document removal of TCP_SYNQ_HSIZE
...
Looking over the man page for 'tcp' I came across a reference to
tuning the 'TCP_SYNQ_HSIZE' parameter when increasing
'tcp_max_syn_backlog' above 1024. However, this static sizing was
removed back in Linux 2.6.20 in favor of dynamic scaling - as
part of commit 72a3effaf633bcae9034b7e176bdbd78d64a71db.
I have included a patch below with reference to this commit, and
that the process detailed is not required on >= Linux 2.6.20.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 20:20:49 +01:00
Stéphane Aulery
14e3e8583f
hier.7: Add missing directories defined by FHS 2.3
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:22 +01:00
Stéphane Aulery
0f4441126a
hier.7: SGML and XML directories are separated in FHS 2.3
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:22 +01:00
Stéphane Aulery
92b9f99b85
hier.7: Identify which directories are optional
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:22 +01:00
Stéphane Aulery
de3c357b0f
hier.7: Explain YP, which is not obvious
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:22 +01:00
Stéphane Aulery
43eeac1728
hier.7: First patch of a series to achieve compliance with FHS 2.3
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:22 +01:00
Stéphane Aulery
02a927726e
attributes.7: tfix
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:22 +01:00
Stéphane Aulery
e3a0ac0ee1
inotify.7: tfix
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:22 +01:00
Stéphane Aulery
d721b5aa25
fanotify.7: tfix
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:22 +01:00
Michael Kerrisk
e32f89181b
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:21 +01:00
Michael Kerrisk
596aa7032a
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:21 +01:00
Michael Kerrisk
11d6214a21
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:21 +01:00
Michael Kerrisk
19832d3c25
credentials.7: SEE ALSO: add pthreads(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:21 +01:00
Michael Kerrisk
530156fe3d
signal.7: Summarize 2.2 system call changes that resulted from larger signal sets
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 11:18:17 +01:00
Michael Kerrisk
373ed9ba91
signal.7: Correct the range of realtime signals
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 11:18:17 +01:00
Michael Kerrisk
6c6aa9a8d7
signal.7: Note when Linux added realtime signals
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 11:18:17 +01:00
Michael Kerrisk
d0b8a20c47
man-pages.7: Tweak preferred indent(1) command
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-09 15:03:58 +01:00
Michael Kerrisk
e2b6e58cd8
user_namespaces.7: Minor tweak to order of "setgroups" text
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-09 14:33:20 +01:00
Michael Kerrisk
b1f800c6d2
man-pages.7: Add indent(1) command that produces desired formatting for example code
...
Reported-by: Bill Pemberton <wfp5p@worldbroken.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-09 08:49:54 +01:00
Stéphane Aulery
d282bb247b
iconv.1, localedef.1, access.2, execveat.2, fanotify_init.2, futex.2, ioctl_fat.2, mount.2, ftw.3, sd.4, tty_ioctl.4, fanotify.7, futex.7, posixoptions.7, iconvconfig.8: srcfix: Remove useless quotes from .SS and .SH sections
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-08 08:55:03 +01:00
Michael Kerrisk
fe3e2b4e4a
user_namespaces.7: Tweaks to /proc/PID/setgroups text
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-07 08:31:39 +01:00
Michael Kerrisk
34bcced069
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:53:43 +01:00
Michael Kerrisk
690c890a75
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:44:41 +01:00
Michael Kerrisk
50b49f0b54
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:43:45 +01:00
Michael Kerrisk
1fc04edfbb
user_namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:42:17 +01:00
Michael Kerrisk
31a7d5060a
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:40:32 +01:00
Michael Kerrisk
6c8571e079
user_namespaces.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 20:13:57 +01:00
Michael Kerrisk
4990f759aa
user_namespaces.7: wspfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
c38a2a0473
user_namespaces.7: Handle /proc/PID/setgroups in the example program
...
Reported-by: Alban Crequy <alban.crequy@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
ecb0ff30e8
user_namespaces.7: Explain why the /proc/PID/setgroups file was added
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
d6add5efa2
user_namespaces.7: Rework test describing restrictions on updating /proc/PID/setgroups
...
No (intentional) changes to factual description, but the
restructured text is hopefully easier to grasp.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
30b33164cb
user_namespaces.7: Rework some text describing permission rules for updating map files
...
No (intentional) change to the facts, but this restructuring
should make the meaning easier to grasp.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
ab28dba9a0
proc.5, user_namespaces.7: Migrate description of /proc/PID/setgroups to user_namespaces(7)
...
It makes sense to have the description of this file
in the general discussion of user namespaces.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
f72de267d9
user_namespaces.7: srcfix: FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
364ce93556
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
f2d61dbbaa
user_namespaces.7: Some tweaks to Eric Biederman's patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Eric W. Biederman
0c9abe8b8c
user_namespaces.7: Update the documentation to reflect the fixes for negative groups
...
Files with access permissions such as rwx---rwx give fewer
permissions to their group then they do to everyone else. Which
means dropping groups with setgroups(0, NULL) actually grants a
process privileges.
The unprivileged setting of gid_map turned out not to be safe
after this change. Privileged setting of gid_map can be
interpreted as meaning yes it is ok to drop groups. [ Eric
additionally noted: Setting of gid_map with privilege has been
clarified to mean that dropping groups is ok. This allows
existing programs that set gid_map with privilege to work
without changes. That is, newgidmap(1) continues to work
unchanged.]
To prevent this problem and future problems, user namespaces were
changed in such a way as to guarantee a user can not obtain
credentials without privilege that they could not obtain without
the help of user namespaces.
This meant testing the effective user ID and not the filesystem
user ID, as setresuid(2) and setregid(2) allow setting any process
UID or GID (except the supplementary groups) to the effective ID.
Furthermore, to preserve in some form the useful applications
that have been setting gid_map without privilege, the file
/proc/[pid]/setgroups was added to allow disabling setgroups(2).
With setgroups(2) permanently disabled in a user namespace, it
again becomes safe to allow writes to gid_map without privilege.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:10:02 +01:00
Michael Kerrisk
3ef9fdd1a9
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:16 +01:00
Michael Kerrisk
74412268b4
user_namespaces.7: Update kernel version associated with 5-line limit for map files
...
As at Linux 3.18, the limit is still five lines, so mention the
more recent kernel version in the text.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 13:20:28 +01:00