The default setting of 1 in/proc/sys/fs/protected_hardlinks
and /proc/sys/fs/protected_symlinks caused one too many
breakages for Linus's taste, so commit 561ec64ae67e changed
the default for both files to 0.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
PTRACE_GETREGS, PTRACE_SETGREFS, PTRACE_GETFPREGS,
and PTRACE_GETSPREGS are not present on all architectures.
PTRACE_SYSEMU and PTRACE_SYSEMU_SINGLESTEP are present only
on x86.
See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=122383
Simon Paillard <spaillard@debian.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Recommend clock_gettime(2), not gettimeofday(2) as alternative to times(2).
From times(2):
"To measure changes in elapsed time, use gettimeofday(2)
instead."
From gettimeofday(2):
"POSIX.1-2008 marks gettimeofday() as obsolete, recommending the
use of clock_gettime(2) instead."
Some context, showing how use of gettimeofday() causes actual bugs
(also read comments):
http://blog.habets.pp.se/2010/09/gettimeofday-should-never-be-used-to-measure-time
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This adds a short description of the no_new_privs bit,
as described in Documentation/prctl/no_new_privs.txt.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Note type of 'arg3' for SECCOMP_MODE_FILTER.
Add pointer to Documentation/prctl/seccomp_filter.txt.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This adds a short summary of the arguments used
for "mode 2" (BPF) seccomp.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Notes from Bert Hubert:
Recently PowerDNS needed to support the getting of the
original destination address of packets received on ::.
Following the advice in ipv6(7) generated an error on
setsockopt().
Some googling confirmed that setsockopt() with
IPV6_PKTINFO indeed does not work, but we found that
IPV6_RECVPKTINFO did.
Our experiences are detailed in
http://bert-hubert.blogspot.nl/2012/10/on-binding-datagram-udp-sockets-to-any.html
Please find attached a quite naive patch to ipv6.7 that at
least fixes 'my' problem, but does not document if
IPV6_PKTINFO ever worked as a flag. It does document that
IPV6_RECVPKTINFO is available since 2.6.13.
Please let me know if this patch is acceptable, or if you
want me to dig deeper into the IPV6_PKTINFO situation.
Notes from mtk:
Drop mention of IPV6_PKTINFO; that's IPV6_2292PKTINFO nowadays
(and needs to be documented). And, confusingly, there's nowadays
an IPV6_PKTINFO that is a quite different thig.
With kernel commit 333fad5364d6b457c8d837f7d05802d2aaf8a961
(Sep 2005) PV6_PKTINFO disappeared from the
getsockopt/setsockopt API, and IPV6_2292PKTINFO took its place.
Meanwhile, IPV6_RECVPKTINFO was added.
Then kernel commit b24a2516d10751d7ed5afb58420df25370c9dffb
(Dec 2008) added IPV6_PKTINFO back to the
getsockopt/getsockopt API, but with what looks to be a
rather different meaning (it takes a 'struct in6_pktinfo'
as the third arg).
This seems consistent (if confusing) with the RFCs:
http://www.ietf.org/rfc/rfc2292.txthttp://www.ietf.org/rfc/rfc3542.txt (obsoletes 2292)
Both of those RFCs define an IPV6_PKTINO sockopt, but the
former takes an int arg, and the latter takes a
'struct in6_pktinfo'.
So, my summary of your patch is that it's correct. (But I think
that IPV6_RECVPKTINFO is present since 2.6.14, not 2.6.13.)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Add a 'check-groff-warnings' target to check if groff
reports warnings (the underlying problem may be causing
words or sentences not to be displayed) from
http://lintian.debian.org/tags/manpage-has-errors-from-man.html
Some edits by mtk.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
The line(s) in the NAME section should only use capitals
where English usage dictates that. Otherwise, use
lowercase throughout.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Existing pages variously use "userspace or "user space".
But, "userspace" is not quite an English word.
So change "userspace" to "user space" or, when used
attributively, "user-space".
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>