Michael Kerrisk
94950b9a68
socket.7, unix.7: Move text describing SO_PEERCRED from socket(7) to unix(7)
...
This is, AFAIK, an option specific to UNIX domain sockets, so
place it in unix(7).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-28 12:30:44 +02:00
Michael Kerrisk
ffab8460c6
unix.7: Refer reader to socket(7) for information about SO_PEEK_OFF
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-28 12:30:44 +02:00
Michael Kerrisk
2fc7c74cc5
socket.7: Refer reader to unix(7) for information on SO_PASSSEC
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-28 12:30:44 +02:00
Michael Kerrisk
48c2b7065d
tcp.7, udp.7: Add a reference to socket(7) noting existence of further socket options
...
Some other socket options that are applicable for TCP and UDP sockets
are documented in socket(7), so help the reader by pointing them at
that page.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-28 12:30:44 +02:00
Michael Kerrisk
670387c122
udp.7: srcfix: add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-28 12:30:44 +02:00
Michael Kerrisk
1221abb60e
unix.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-28 12:30:44 +02:00
Michael Kerrisk
ffad6a017f
unix.7: Document SCM_SECURITY ancillary data
...
And fix a wording error in the description of SO_PASSSEC.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-28 12:30:44 +02:00
Michael Kerrisk
366a9bffc8
unix.7: Document SO_PASSSEC
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-28 11:50:11 +02:00
Michael Kerrisk
5af0f223d1
unix.7: Ancillary data forms a barrier when receiving on a stream socket
...
Thanks to a tip from Keith Packard:
https://keithp.com/blogs/fd-passing/
(Also verified by experiment.)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-17 09:39:56 +02:00
Michael Kerrisk
5219daec26
unix.7: One must send at least one byte of real data with ancillary data
...
When sending ancillary data, at least one byte of real data should
also be sent. This is strictly necessary for stream sockets
(verified by experiment). It is not required for datagram sockets
on Linux (verified by experiment), but portable applications
should do so.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-15 10:33:42 +02:00
Michael Kerrisk
c0e56ed687
unix.7: Clarify treatment of incoming ancillary data if 'msg_control' is NULL
...
If no buffer is supplied for incoming ancillary data, then
the data is lost.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-15 10:33:32 +02:00
Michael Kerrisk
4564dd1fee
unix.7: If the buffer to receive SCM_RIGHTS FDs is too small, FDs are closed
...
If the ancillary data buffer for receiving SCM_RIGHTS file
descriptors is too small, then the excess file descriptors are
automatically closed in the receiving process. Verified by
experiment.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-15 10:16:49 +02:00
Michael Kerrisk
b65f4c691d
unix.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-15 10:16:49 +02:00
Michael Kerrisk
879962006f
unix.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-15 09:50:30 +02:00
Michael Kerrisk
93f5b0f8f4
mount_namespaces.7: SEE ALSO: add findmnt(8)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-13 07:08:28 +02:00
Michael Kerrisk
5b5cb19580
unix.7: When sending ancillary data, only one item of each type may be sent
...
Verified by experiment and reading the source code (although
the SCM_RIGHTS case is not so clear to me in the source code).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-10 07:14:50 +02:00
Michael Kerrisk
52900faab3
unix.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-10 07:14:50 +02:00
Michael Kerrisk
311bf2f694
unix.7: Minor wording fixes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-10 07:14:50 +02:00
Michael Kerrisk
05bf3361a6
unix.7: grfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-10 07:14:50 +02:00
Michael Kerrisk
c87721467e
unix.7: Note behavior if buffer to receive ancillary data is too small
...
If the buffer supplied to recvmsg() to receive ancillary data is
too small, then the data is truncated and the MSG_CTRUNC flag is
set.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-08 21:13:08 +02:00
Michael Kerrisk
13600496d3
unix.7: Enhance the description of SCM_RIGHTS
...
The existing description is rather thin. More can be said.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-08 10:57:27 +02:00
Michael Kerrisk
8bdcf4bf81
unix.7: There is a limit on the size of the file descriptor array for SCM_RIGHTS
...
The limit is defined in the kernel as SCM_MAX_FD (253).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-08 10:38:44 +02:00
Michael Kerrisk
f1081bdc42
unix.7: Fix a minor imprecision in description of SCM_CREDENTIALS
...
To spoof credentials requires privilege (i.e., capabilities),
not UID 0.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-08 10:21:43 +02:00
Michael Kerrisk
b66d5714b1
unix.7: grfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-08 10:20:52 +02:00
Michael Kerrisk
bdef802116
unix.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-08 10:20:32 +02:00
Michael Kerrisk
2c77e8de08
capabilities.7: Note that v3 security.attributes are transparently created/retrieved
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-02 09:59:21 +02:00
Michael Kerrisk
00ae99b028
capabilities.7: Fix some imprecisions in discussion of namespaced file capabilities
...
The file UID does not come into play when creating a v3
security.capability extended attribute.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-01 11:42:13 +02:00
Michael Kerrisk
9b2c207a33
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-01 11:42:13 +02:00
Michael Kerrisk
c281d0505d
capabilities.7: wfix
...
Fix some confusion between "mask" and "extended attribute"
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-01 11:42:13 +02:00
Michael Kerrisk
54254ef33a
capabilities.7: srcfix: Removed FIXME
...
No credential match of file UID and namespace creator UID
is needed to create a v3 security extended attribute.
Verified by experiment using my userns_child_exec.c and
show_creds.c programs (available on http://man7.org/tlpi/code ):
$ sudo setcap cap_setuid,cap_dac_override=pe \
./userns_child_exec
$ ./userns_child_exec -U -r setcap cap_kill=pe show_creds
$ ./userns_child_exec -U -M '0 1000 10' -G '0 1000 1' \
-s 1 ./show_creds
eUID = 1; eGID = 0; capabilities: = cap_kill+ep
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-07-01 11:42:07 +02:00
Michael Kerrisk
ffea2c14f2
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-06-24 08:54:17 +02:00
Michael Kerrisk
a607673bb8
epoll.7: Consistently use the term "interest list" rather than "epoll set"
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-06-22 12:21:56 +02:00
Michael Kerrisk
d1d90ea54d
epoll.7: Expand the discussion of the implications of file descriptor duplication
...
In particular, note that it may be difficult for an application
to know about the existence of duplicate file descriptors.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-06-22 12:20:25 +02:00
Michael Kerrisk
a3961b2fd5
epoll.7: Note that edge-triggered notification wakes up only one waiter
...
Note a useful performance benefit of EPOLLET: ensuring that
only one of multiple waiters (in epoll_wait()) is woken
up when a file descriptor becomes ready.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-06-22 12:20:25 +02:00
Michael Kerrisk
0409116028
epoll.7: Introduce the terms "interest list" and "ready list"
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-06-22 12:20:25 +02:00
Michael Kerrisk
4524285a71
epoll.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-06-22 09:41:16 +02:00
Michael Kerrisk
1e79ad8cd8
epoll.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-06-22 09:30:02 +02:00
Michael Kerrisk
b4ebb4ee79
epoll.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-06-22 09:27:46 +02:00
Michael Kerrisk
6832efaf3c
epoll.7: Reformat Q&A list
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-06-22 09:27:24 +02:00
Helge Deller
0201f48246
vdso.7: Fix parisc gateway page description
...
The parisc gateway page currently only exports 3 functions:
The lws_entry for CAS operations (at 0xb0), the set_thread_pointer
function for usage in glibc (at 0xe0) and the Linux syscall entry
(at 0x100).
All other symbols in the manpage are internal labels and
shouldn't be used directly by userspace or glibc, so drop them
from the man page documentation.
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-05-28 11:04:33 +02:00
Michael Kerrisk
0cec24722b
signal.7: Clarify that sigsuspend() and pause() suspend the calling *thread*
...
Reported-by: Robin Kuzmin <kuzmin.robin@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-05-18 10:04:37 +02:00
Michael Kerrisk
390795d76a
inotify.7: Note ENOTDIR error that can occur for IN_ONLYDIR
...
Note ENOTDIR error that occurs when requesting a watch on a
nondirectory with IN_ONLYDIR.
Reported-by: Paul Millar <paul.millar@desy.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-05-06 10:22:13 +02:00
Michael Kerrisk
0a719e9411
capabilities.7: tfix
...
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-05-02 21:16:20 +02:00
Michael Kerrisk
c87cbea10f
capabilities.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-05-02 11:37:29 +02:00
Michael Kerrisk
c2b279afb7
capabilities.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-05-01 13:55:37 +02:00
Michael Kerrisk
ddc1ad3079
capabilities.7: Add background details on capability transformations during execve(2)
...
Add background details on ambient and bounding set when
discussing capability transformations during execve(2).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-05-01 13:55:37 +02:00
Michael Kerrisk
7c957134f1
capabilities.7: Minor rewording
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-05-01 13:55:37 +02:00
Michael Kerrisk
bb1f24fab8
capabilities.7: Reorder text on capability bounding set
...
Reverse order of text blocks describing pre- and
post-2.6.25 bounding set. No content changes.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-05-01 13:55:37 +02:00
Michael Kerrisk
2e87ced3b5
capabilities.7: Rework bounding set as per-thread set in transformation rules
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-05-01 13:55:37 +02:00
Michael Kerrisk
36de80b984
capabilities.7: Add text introducing bounding set along with other thread capability sets
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-05-01 13:55:37 +02:00