Michael Kerrisk
a3dcaaa2ba
seccomp.2: in EXAMPLE, clearly note that x32 syscalls are >= X32_SYSCALL_BIT
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-03-05 12:55:50 +01:00
Michael Kerrisk
8538a62b4c
iconv.1, bpf.2, copy_file_range.2, fcntl.2, memfd_create.2, mlock.2, mount.2, mprotect.2, perf_event_open.2, pkey_alloc.2, prctl.2, read.2, recvmmsg.2, s390_sthyi.2, seccomp.2, sendmmsg.2, syscalls.2, unshare.2, write.2, errno.3, fgetpwent.3, fts.3, pthread_rwlockattr_setkind_np.3, fuse.4, veth.4, capabilities.7, cgroups.7, ip.7, man-pages.7, namespaces.7, network_namespaces.7, sched.7, socket.7, user_namespaces.7, iconvconfig.8: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2018-02-02 07:38:54 +01:00
Michael Kerrisk
6dfb150c9f
seccomp.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-01 22:03:20 +01:00
Michael Kerrisk
b94c5c5a5b
seccomp.2: Clarify that SECCOMP_RET_TRAP SIGSYS signal is thread-directed
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-01 22:02:43 +01:00
Michael Kerrisk
c6688cd124
Removed trailing white space at end of lines
2017-11-26 12:42:22 +01:00
Michael Kerrisk
58440555d2
ioctl_getfsmap.2, membarrier.2, seccomp.2: spfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-22 17:40:58 +01:00
Michael Kerrisk
faec2136ca
seccomp.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-20 00:37:40 +01:00
Michael Kerrisk
0771269c60
seccomp.2: Document the "default" filter return action
...
The kernel defaults to either SECCOMP_RET_KILL_PROCESS
or SECCOMP_RET_KILL_THREAD for unrecognized filter
return action values.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-19 10:36:59 +01:00
Michael Kerrisk
df5b5f9aa8
seccomp.2: Document the seccomp audit logging feature added in Linux 4.14
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-19 09:13:45 +01:00
Michael Kerrisk
0c43878057
seccomp.2: Change SECCOMP_RET_ACTION to SECCOMP_RET_ACTION_FULL
...
In Linux 4.14, the action component of the return value
switched from being 15 bits to being 16 bits. A new macro,
SECCOMP_RET_ACTION_FULL, that masks the 16 bits was added,
to replace the older SECCOMP_RET_ACTION.
Reported-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-18 23:17:56 +01:00
Michael Kerrisk
1d530819c5
seccomp.2: Minor wording change
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-18 23:17:56 +01:00
Michael Kerrisk
b9c6742b0b
seccomp.2: Consolidate some common text
...
Consolidate some common text for SECCOMP_RET_KILL_PROCESS
and SECCOMP_RET_KILL_THREAD.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-18 23:17:56 +01:00
Michael Kerrisk
51c58a6c11
seccomp.2: Add description of SECCOMP_RET_KILL_PROCESS
...
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-18 23:17:45 +01:00
Michael Kerrisk
5cfa062716
seccomp.2: Explicitly note that other threads survive SECCOMP_RET_KILL_THREAD
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-18 20:04:32 +01:00
Michael Kerrisk
6aa0baa439
seccomp.2: Add SECCOMP_RET_KILL_THREAD description and rework SECCOMP_RET_KILL text
...
Linux 4.14 added SECCOMP_RET_KILL_THREAD as a synonym for
SECCOMP_RET_KILL. Remove also the discussion of multithreaded
processes, since that will be addressed in the documentation
of SECCOMP_RET_KILL_PROCESS.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-18 20:04:32 +01:00
Michael Kerrisk
1f5ad3c846
seccomp.2: Minor consolidation/reworking of EINVAL descriptions
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-18 00:29:55 +01:00
Michael Kerrisk
865c9c8130
seccomp.2: Minor wording fix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-18 00:23:41 +01:00
Michael Kerrisk
1445a0ff3d
seccomp.2: srcfix: Update copyright notice
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-17 18:36:55 +01:00
Michael Kerrisk
534113fffd
seccomp.2: Update timestamp for patch review from kees Cook
...
Kees reviewed the "Caveats" patch.
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-14 07:58:25 +01:00
Michael Kerrisk
42cfb3552b
seccomp.2: Note that vDSO implementations sometimes fall back to real syscalls
...
Reported-by: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-09 15:22:07 +01:00
Michael Kerrisk
5069617c90
seccomp.2: Add some Caveats regarding the use of seccomp filters
...
Based on an email discussion with Florian Weimer and
Adhemerval Zanella on the libc-alpha mailing list.
("Seccomp implications for glibc wrapper function changes",
7 Nov 2017).
Reviewed-by: Florian Weimer <fweimer@redhat.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-09 15:22:07 +01:00
Michael Kerrisk
1e94218cbd
seccomp.2: Rewrap long source lines and on sentence breaks
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-09 15:22:07 +01:00
Tyler Hicks
f04207f406
seccomp.2: Document the SECCOMP_RET_LOG action added In Linux 4.14
...
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-09 15:22:07 +01:00
Tyler Hicks
17c56ad055
seccomp.2: Document the SECCOMP_FILTER_FLAG_LOG flag added in Linux 4.14
...
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-09 15:22:07 +01:00
Tyler Hicks
6d1728dad1
seccomp.2: Document the SECCOMP_GET_ACTION_AVAIL operation added in Linux 4.14
...
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-09 15:22:07 +01:00
Tyler Hicks
2577dbba2b
proc.5, seccomp.2: Document the seccomp /proc interfaces added in Linux 4.14
...
Document the seccomp /proc interfaces in Linux 4.14:
/proc/sys/kernel/seccomp/actions_avail and
/proc/sys/kernel/seccomp/actions_logged.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-09 15:22:07 +01:00
Michael Kerrisk
85940258c6
seccomp.2: SEE ALSO: add strace(1)
...
Point the reader at strace(1) as a way of discovering system calls
that might need to be filtered.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-09 15:22:07 +01:00
Michael Kerrisk
29aa163b97
seccomp.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-09 15:22:07 +01:00
Michael Kerrisk
cb453c80f4
seccomp.2: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-09 15:22:07 +01:00
Michael Kerrisk
26cd31fd4a
access.2, delete_module.2, eventfd.2, fallocate.2, fcntl.2, getrandom.2, init_module.2, open.2, seccomp.2, timerfd_create.2, openpty.3, pthread_spin_lock.3, shm_open.3, tempnam.3, fifo.7, keyrings.7, pid_namespaces.7, sched.7, thread-keyring.7: wfix (will fail --> fail/fails)
...
Reported-by: Pedro Alves <palves@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-10-20 16:55:10 +02:00
Jakub Wilk
3775c1ca40
seccomp.2: srcfix
...
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-09-16 15:13:03 +02:00
Michael Kerrisk
4b8c67d976
iconv.1, ldd.1, locale.1, localedef.1, memusage.1, memusagestat.1, mtrace.1, pldd.1, sprof.1, time.1, _syscall.2, add_key.2, alloc_hugepages.2, arch_prctl.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chown.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, fanotify_init.2, fcntl.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_console.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_getfsmap.2, ioctl_iflags.2, ioctl_list.2, ioctl_ns.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, ipc.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readlink.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, signal.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscall.2, syscalls.2, sysctl.2, sysfs.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, uname.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2, CPU_SET.3, INFINITY.3, __ppc_get_timebase.3, __ppc_set_ppr_med.3, __ppc_yield.3, __setfpucw.3, acos.3, acosh.3, adjtime.3, aio_fsync.3, aio_init.3, aio_read.3, aio_return.3, aio_suspend.3, aio_write.3, alloca.3, argz_add.3, asin.3, asinh.3, asprintf.3, assert.3, assert_perror.3, atan.3, atan2.3, atanh.3, atexit.3, backtrace.3, basename.3, bindresvport.3, bsd_signal.3, bsearch.3, bswap.3, btree.3, byteorder.3, bzero.3, canonicalize_file_name.3, carg.3, cbrt.3, ccos.3, ccosh.3, ceil.3, cexp.3, cfree.3, clearenv.3, clock.3, clock_getcpuclockid.3, clog.3, clog10.3, clog2.3, cmsg.3, confstr.3, copysign.3, cos.3, cosh.3, crypt.3, csin.3, csinh.3, csqrt.3, ctan.3, ctanh.3, ctime.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlerror.3, dlinfo.3, dlopen.3, dlsym.3, drand48.3, drand48_r.3, duplocale.3, encrypt.3, end.3, endian.3, envz_add.3, erf.3, erfc.3, err.3, errno.3, error.3, ether_aton.3, euidaccess.3, exec.3, exit.3, exp.3, exp10.3, exp2.3, expm1.3, fabs.3, fcloseall.3, fdim.3, fenv.3, ferror.3, fexecve.3, fflush.3, ffs.3, fgetc.3, fgetgrent.3, fgetpwent.3, finite.3, floor.3, fma.3, fmax.3, fmemopen.3, fmin.3, fmod.3, fmtmsg.3, fopen.3, fopencookie.3, fpclassify.3, fpurge.3, fputwc.3, fputws.3, frexp.3, fseek.3, fseeko.3, ftime.3, fts.3, ftw.3, futimes.3, gamma.3, gcvt.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo.3, getaddrinfo_a.3, getauxval.3, getcontext.3, getcwd.3, getdate.3, getentropy.3, getenv.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, gethostid.3, getifaddrs.3, getipnodebyname.3, getline.3, getlogin.3, getmntent.3, getnameinfo.3, getnetent.3, getnetent_r.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getrpcent_r.3, getrpcport.3, gets.3, getservent.3, getservent_r.3, getspnam.3, getsubopt.3, getttyent.3, getumask.3, getutent.3, getwchar.3, glob.3, gnu_get_libc_version.3, grantpt.3, gsignal.3, hash.3, hsearch.3, hypot.3, iconv.3, iconv_close.3, iconv_open.3, if_nameindex.3, if_nametoindex.3, ilogb.3, inet.3, inet_net_pton.3, inet_ntop.3, inet_pton.3, initgroups.3, insque.3, intro.3, isalpha.3, isgreater.3, j0.3, key_setsecret.3, killpg.3, ldexp.3, lgamma.3, lio_listio.3, lockf.3, log.3, log10.3, log1p.3, log2.3, logb.3, login.3, lrint.3, lround.3, lsearch.3, lseek64.3, makecontext.3, makedev.3, mallinfo.3, malloc.3, malloc_get_state.3, malloc_info.3, malloc_stats.3, malloc_trim.3, malloc_usable_size.3, mallopt.3, matherr.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mcheck.3, memccpy.3, memchr.3, memcmp.3, memcpy.3, mkfifo.3, mkstemp.3, mktemp.3, modf.3, mpool.3, mq_close.3, mq_getattr.3, mq_notify.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, nextafter.3, nextup.3, nl_langinfo.3, ntp_gettime.3, offsetof.3, on_exit.3, open_memstream.3, opendir.3, openpty.3, perror.3, popen.3, posix_fallocate.3, posix_madvise.3, posix_memalign.3, posix_openpt.3, posix_spawn.3, pow.3, pow10.3, printf.3, profil.3, program_invocation_name.3, psignal.3, pthread_atfork.3, pthread_attr_init.3, pthread_attr_setaffinity_np.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setscope.3, pthread_attr_setstack.3, pthread_attr_setstackaddr.3, pthread_attr_setstacksize.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_detach.3, pthread_exit.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_join.3, pthread_kill.3, pthread_kill_other_threads_np.3, pthread_self.3, pthread_setaffinity_np.3, pthread_setcancelstate.3, pthread_setconcurrency.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_sigqueue.3, pthread_testcancel.3, pthread_tryjoin_np.3, ptsname.3, putgrent.3, putpwent.3, qsort.3, random.3, random_r.3, rcmd.3, re_comp.3, readdir.3, realpath.3, recno.3, regex.3, remainder.3, remove.3, remquo.3, resolver.3, rexec.3, rint.3, round.3, rpc.3, rpmatch.3, rtime.3, scalb.3, scalbln.3, scandir.3, scanf.3, sched_getcpu.3, sem_close.3, sem_destroy.3, sem_getvalue.3, sem_init.3, sem_open.3, sem_wait.3, setaliasent.3, setbuf.3, setenv.3, setlocale.3, setlogmask.3, setnetgrent.3, shm_open.3, signbit.3, significand.3, sigpause.3, sigqueue.3, sigset.3, sigvec.3, sin.3, sincos.3, sinh.3, sleep.3, sockatmark.3, sqrt.3, statvfs.3, stdarg.3, stdin.3, strcasecmp.3, strcat.3, strchr.3, strcoll.3, strcpy.3, strdup.3, strerror.3, strfmon.3, strfromd.3, strftime.3, strptime.3, strsignal.3, strstr.3, strtod.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, syslog.3, system.3, sysv_signal.3, tan.3, tanh.3, telldir.3, tempnam.3, termios.3, tgamma.3, timeradd.3, tmpnam.3, toupper.3, towlower.3, towupper.3, trunc.3, ttyslot.3, tzset.3, ualarm.3, ulimit.3, undocumented.3, unlocked_stdio.3, updwtmp.3, uselocale.3, usleep.3, wcrtomb.3, wcsdup.3, wcsnrtombs.3, wcsrtombs.3, wcstombs.3, wctob.3, wcwidth.3, wordexp.3, wprintf.3, xcrypt.3, xdr.3, y0.3, cciss.4, console_codes.4, dsp56k.4, fuse.4, hd.4, hpsa.4, initrd.4, intro.4, loop.4, random.4, rtc.4, sd.4, sk98lin.4, st.4, wavelan.4, acct.5, core.5, elf.5, filesystems.5, host.conf.5, hosts.5, locale.5, nologin.5, proc.5, resolv.conf.5, rpc.5, slabinfo.5, utmp.5, aio.7, arp.7, bootparam.7, capabilities.7, cgroup_namespaces.7, cgroups.7, charsets.7, cpuset.7, ddp.7, environ.7, epoll.7, fanotify.7, feature_test_macros.7, futex.7, inode.7, inotify.7, ip.7, ipv6.7, keyrings.7, locale.7, man-pages.7, man.7, math_error.7, mount_namespaces.7, mq_overview.7, namespaces.7, netdevice.7, netlink.7, packet.7, pipe.7, pkeys.7, pthreads.7, pty.7, raw.7, rtld-audit.7, rtnetlink.7, sched.7, session-keyring.7, signal.7, sock_diag.7, socket.7, spufs.7, suffixes.7, tcp.7, udp.7, udplite.7, unicode.7, units.7, unix.7, uri.7, user_namespaces.7, vdso.7, x25.7, xattr.7, iconvconfig.8, ld.so.8, ldconfig.8, sln.8: Update timestamps
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-09-15 12:44:56 +02:00
Eugene Syromyatnikov
28d96036f2
prctl.2, seccomp.2: Update pointer to in-kernel seccomp documentation
...
Linux commit v4.13-rc1~34^2~40 converted seccomp documentation
(previously resided in Documentation/prctl/seccomp_filter.txt)
to ReStructured, along with relocating it to
Documentation/userspace-api/seccomp_filter.rst.
* man2/prctl.2 (.SH DESCRIPTION) <.TP .BR PR_SET_SECCOMP>: Amend
pointer to Documentation/prctl/seccomp_filter.txt with change
introduced in Linux 4.13 (move to
Documentation/userspace_api/seccomp_filter.rst).
* man2/seccomp.2 (.SH SEE ALSO): Likewise.
Signed-off-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-09-11 12:50:51 +02:00
Michael Kerrisk
b8302363ed
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
...
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-19 13:47:27 +02:00
Michael Kerrisk
e646a1bad9
ioctl_console.2, ioctl_getfsmap.2, ioctl_iflags.2, ioctl_list.2, ioctl_ns.2, kcmp.2, kexec_load.2, keyctl.2, link.2, mmap.2, modify_ldt.2, msgctl.2, poll.2, query_module.2, quotactl.2, recv.2, recvmmsg.2, sched_setscheduler.2, seccomp.2, select.2, semctl.2, semop.2, send.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sysinfo.2, timer_create.2, timerfd_create.2, uname.2, unshare.2, userfaultfd.2, ustat.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, backtrace.3, bswap.3, btree.3, clock_getcpuclockid.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dlinfo.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, fmemopen.3, fopencookie.3, frexp.3, fts.3, ftw.3, getaddrinfo.3, getaddrinfo_a.3, getcontext.3, getgrouplist.3, getifaddrs.3, getipnodebyname.3, getnameinfo.3, getopt.3, getprotoent_r.3, getpwent_r.3, getrpcent.3, getservent_r.3, getttyent.3, getumask.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, inet.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallopt.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mtrace.3, newlocale.3, ntp_gettime.3, offsetof.3, posix_openpt.3, printf.3, pthread_setname_np.3, pthread_setschedparam.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, sigvec.3, stdarg.3, strcat.3, strcpy.3, strftime.3, strtol.3, toupper.3, ttyslot.3, fuse.4, loop.4, st.4, elf.5, cgroup_namespaces.7, cgroups.7, feature_test_macros.7, inode.7, inotify.7, keyrings.7, man-pages.7, math_error.7, mount_namespaces.7, mq_overview.7, pthreads.7, sched.7, session-keyring.7, udplite.7, unix.7, vdso.7: Use consistent markup for code snippets
...
The preferred form is
.PP/.IP
.in +4n
.EX
<code>
.EE
.in
.PP/.IP
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-19 13:47:26 +02:00
Michael Kerrisk
51f5698d3c
capget.2, gettimeofday.2, nanosleep.2, process_vm_readv.2, readv.2, seccomp.2, semop.2, sigaction.2, sigwaitinfo.2, dbopen.3, dladdr.3, ether_aton.3, fenv.3, fgetgrent.3, fgetpwent.3, frexp.3, ftime.3, gamma.3, getaddrinfo.3, getaddrinfo_a.3, getgrent_r.3, getgrnam.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnetent.3, getprotoent.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getservent.3, getspnam.3, getutent.3, glob.3, hsearch.3, if_nameindex.3, inet.3, mq_receive.3, putgrent.3, putpwent.3, rand.3, sigqueue.3, strfromd.3, strptime.3, strtol.3, termios.3, timeradd.3, lp.4, tty.4, ip.7, ipv6.7, netdevice.7, raw.7, rtnetlink.7, units.7, zic.8: ffix: replace .sp by .PP
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 01:00:48 +02:00
Michael Kerrisk
e7d0bb4715
memusage.1, clone.2, eventfd.2, futex.2, getdents.2, ioctl_fat.2, ioctl_ns.2, kcmp.2, keyctl.2, mmap.2, mprotect.2, msgop.2, recvmmsg.2, request_key.2, sched_setaffinity.2, seccomp.2, setns.2, tee.2, timer_create.2, timerfd_create.2, unshare.2, userfaultfd.2, wait.2, __ppc_get_timebase.3, backtrace.3, bswap.3, clock_getcpuclockid.3, dl_iterate_phdr.3, dlinfo.3, dlopen.3, duplocale.3, end.3, endian.3, fmemopen.3, fopencookie.3, frexp.3, ftw.3, getdate.3, getgrouplist.3, getifaddrs.3, getprotoent_r.3, getservent_r.3, gnu_get_libc_version.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, mq_getattr.3, mq_notify.3, newlocale.3, offsetof.3, posix_spawn.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, scandir.3, sem_wait.3, strcat.3, strftime.3, strtok.3, strtol.3, strverscmp.3, loop.4, core.5, aio.7, fanotify.7, feature_test_macros.7, inotify.7, pkeys.7, unix.7, user_namespaces.7: Use .EX/.EE for EXAMPLE programs
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 10:44:33 +02:00
Michael Kerrisk
efeece0465
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
...
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 09:30:51 +02:00
Michael Kerrisk
0fc339b298
seccomp.2: Minor tweaks to Kees Cook's patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-15 20:49:22 +02:00
Kees Cook
5defc77db0
seccomp.2: Clarify SECCOMP_RET_KILL kills tasks not processes
...
Zach Reizner pointed out a mismatch between kernel behavior and the
man-page documentation of SECCOMP_RET_KILL which kills tasks not
processes.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-15 20:47:14 +02:00
Michael Kerrisk
dbfe9c700e
_syscall.2, clock_getres.2, clone.2, copy_file_range.2, create_module.2, delete_module.2, fallocate.2, futex.2, get_kernel_syms.2, get_robust_list.2, getcpu.2, getdents.2, gettid.2, gettimeofday.2, getunwind.2, init_module.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_userfaultfd.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, link.2, llseek.2, memfd_create.2, mmap.2, mq_getsetattr.2, msgctl.2, msgget.2, open_by_handle_at.2, outb.2, perf_event_open.2, pivot_root.2, process_vm_readv.2, query_module.2, readdir.2, recvmmsg.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_setattr.2, seccomp.2, select.2, select_tut.2, send.2, sendmmsg.2, set_thread_area.2, set_tid_address.2, sgetmask.2, shmop.2, sigaction.2, sigprocmask.2, splice.2, spu_create.2, spu_run.2, statx.2, subpage_prot.2, sync_file_range.2, syscall.2, sysctl.2, sysfs.2, tee.2, timer_create.2, timer_delete.2, timer_getoverrun.2, timer_settime.2, tkill.2, uselib.2, utimensat.2, vmsplice.2, wait.2, aio_init.3, asinh.3, atan2.3, atanh.3, backtrace.3, basename.3, bswap.3, bzero.3, catgets.3, catopen.3, dladdr.3, dlsym.3, endian.3, envz_add.3, erf.3, erfc.3, error.3, ferror.3, ffs.3, fgetc.3, fmemopen.3, fopen.3, fopencookie.3, fseek.3, ftw.3, futimes.3, getdate.3, getenv.3, getline.3, getlogin.3, getrpcent.3, getsubopt.3, getutmp.3, getw.3, gnu_get_libc_version.3, inet_net_pton.3, isalpha.3, lio_listio.3, makedev.3, malloc_get_state.3, malloc_stats.3, malloc_trim.3, malloc_usable_size.3, matherr.3, memchr.3, nextup.3, ntp_gettime.3, posix_madvise.3, program_invocation_name.3, pthread_atfork.3, pthread_attr_setaffinity_np.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setscope.3, pthread_attr_setstack.3, pthread_attr_setstackaddr.3, pthread_attr_setstacksize.3, pthread_cleanup_push_defer_np.3, pthread_detach.3, pthread_equal.3, pthread_exit.3, pthread_join.3, pthread_kill.3, pthread_kill_other_threads_np.3, pthread_rwlockattr_setkind_np.3, pthread_self.3, pthread_setcancelstate.3, pthread_setconcurrency.3, pthread_setschedprio.3, pthread_testcancel.3, pthread_tryjoin_np.3, pthread_yield.3, puts.3, random.3, random_r.3, rpc.3, sched_getcpu.3, setnetgrent.3, sigwait.3, stdin.3, strerror.3, strfmon.3, timeradd.3, tmpnam.3, toupper.3, towlower.3, towupper.3, ttyname.3, uselocale.3, xdr.3, dsp56k.4, sigevent.7, vdso.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-15 19:39:04 +02:00
Michael Kerrisk
f55a6d598d
Changes, ldd.1, chown.2, epoll_wait.2, get_mempolicy.2, ioctl_getfsmap.2, madvise.2, membarrier.2, mount.2, pipe.2, readv.2, seccomp.2, sigaltstack.2, splice.2, tee.2, timer_create.2, vmsplice.2, acosh.3, asinh.3, atanh.3, bsd_signal.3, dl_iterate_phdr.3, dlsym.3, flockfile.3, fpathconf.3, ftw.3, getaddrinfo.3, getcontext.3, getgrent.3, if_nametoindex.3, malloc.3, nl_langinfo.3, posix_madvise.3, ptsname.3, rand.3, resolver.3, sigpause.3, sigwait.3, strtol.3, sysconf.3, ttyslot.3, unlocked_stdio.3, unlockpt.3, capabilities.7, cgroup_namespaces.7, inode.7, man.7, pipe.7, sigevent.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-07-13 14:22:45 +02:00
Michael Kerrisk
baaf65e88a
seccomp.2: Minor tweaks to Mike's patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-07-05 10:46:44 +02:00
Mike Frysinger
089761d56d
seccomp(2): Expand SECCOMP_RET_KILL documentation
...
First clarify that the process cannot catch this SIGSYS signal.
While the text currently says that, it's easy (IMO) to read
ambiguously and that it's referring to default behavior (no
handler -> process exits).
Then add details regarding coredump behavior. Before Linux 4.11,
there was no way to get coredumps from such crashes. Now we can
at least get crashes from single threaded processes.
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-07-05 10:41:53 +02:00
Jakub Wilk
5465ae9568
futex.2, open_by_handle_at.2, seccomp.2, socket.2, console_codes.4, protocols.5, aio.7, capabilities.7, libc.7, netlink.7, raw.7, standards.7, unicode.7, uri.7, vdso.7: tfix
...
Escape hyphens in URLs.
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-01-30 08:33:49 +13:00
Michael Kerrisk
88f02af602
seccomp.2: NOTES: mention ptrace(PTRACE_SECCOMP_GET_FILTER) to dump seccomp filters
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-08 14:07:56 +01:00
Jann Horn
09481df399
seccomp.2: Document changed interaction with ptrace
...
Signed-off-by: Jann Horn <jann@thejh.net>
2016-11-06 13:19:55 -07:00
Michael Kerrisk
b8efb41432
memusage.1, memusagestat.1, pldd.1, accept.2, adjtimex.2, arch_prctl.2, bdflush.2, bpf.2, close.2, epoll_ctl.2, epoll_wait.2, execve.2, execveat.2, fanotify_init.2, fanotify_mark.2, fcntl.2, fsync.2, get_kernel_syms.2, getdomainname.2, getgroups.2, gethostname.2, getrandom.2, getrlimit.2, getrusage.2, getsid.2, getunwind.2, io_getevents.2, ioctl_fat.2, kexec_load.2, killpg.2, listxattr.2, lseek.2, madvise.2, memfd_create.2, mknod.2, mlock.2, modify_ldt.2, msgctl.2, msgget.2, msgop.2, readlink.2, readv.2, reboot.2, recvmmsg.2, rename.2, request_key.2, restart_syscall.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, seccomp.2, select_tut.2, semctl.2, semget.2, semop.2, set_thread_area.2, seteuid.2, setgid.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigprocmask.2, stat.2, symlink.2, syscall.2, sysctl.2, unlink.2, bindresvport.3, byteorder.3, dlopen.3, endian.3, error.3, ffs.3, fmemopen.3, getcwd.3, getlogin.3, getnetent.3, getprotoent.3, getservent.3, getumask.3, getutent.3, glob.3, isalpha.3, lio_listio.3, login.3, mbsinit.3, mbstowcs.3, mbtowc.3, mkstemp.3, nextup.3, ntp_gettime.3, posix_fallocate.3, posix_spawn.3, pthread_join.3, pthread_rwlockattr_setkind_np.3, random.3, rcmd.3, realpath.3, resolver.3, setjmp.3, setnetgrent.3, sigvec.3, strerror.3, strverscmp.3, system.3, toupper.3, towlower.3, towupper.3, wcstombs.3, wordexp.3, cciss.4, loop.4, mouse.4, random.4, core.5, group.5, hosts.5, resolv.conf.5, ascii.7, environ.7, epoll.7, glob.7, ip.7, mq_overview.7, packet.7, pipe.7, raw.7, sched.7, signal.7, socket.7, symlink.7, ld.so.8, sln.8: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-10-08 14:08:23 +02:00
Michael Kerrisk
be8f12726e
seccomp.2: CAP_SYS_ADMIN is required only in caller's user namespace
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 16:54:28 +01:00
Michael Kerrisk
bf7bc8b898
arch_prctl.2, execveat.2, fanotify_mark.2, fcntl.2, fork.2, madvise.2, mknod.2, mmap.2, modify_ldt.2, mount.2, open.2, prctl.2, ptrace.2, restart_syscall.2, seccomp.2, semop.2, set_thread_area.2, symlink.2, umount.2, unlink.2, error.3, getnetent.3, getprotoent.3, getservent.3, getutent.3, glob.3, login.3, setjmp.3, setnetgrent.3, wordexp.3, epoll.7: Remove section number from page self reference
...
Fix places where pages refer to the function that they describe
and include a section number in that reference. Such references
cause some HTML-rendering tools to create self-references in the
page.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:12 +10:00