Michael Kerrisk
4ab9f1db3d
prctl.2: ERRORS: Add EACCES error for PR_SET_SECCOMP-SECCOMP_MODE_FILTER
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-16 12:35:45 +02:00
Michael Kerrisk
d4748fad9f
clone.2: EINVAL is generated by glibc wrapper for NULL 'fn' or 'child_stack'
...
Clarify that this error is produced by the wrapper function, not
the underlying system call. In particular, the point is that the
raw system call can accommodate a NULL pointer for 'child_stack'.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-15 18:39:57 +02:00
Michael Kerrisk
8e7a186ab8
ld.so.8: Clarify text describing whether secure-mode programs preload libraries
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-15 08:18:21 +02:00
Michael Kerrisk
a5a3e91bf9
proc.5: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:41:08 +01:00
Michael Kerrisk
0989246ebd
proc.5: Minor tweaks to Namhyung Kim's patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:40:39 +01:00
Namhyung Kim
dfdf642ebb
proc.5: Add description of CLEAR_REFS_MM_HIWATER_RSS
...
The Linux kernel commit 695f05593693 ("fs/proc/task_mmu.c: add
user-space support for resetting mm->hiwater_rss (peak RSS)") added a
way to reset peak RSS of a process but missed to update manpage.
Cc: Petr Cermak <petrcermak@chromium.org>
Acked-by: Petr Cermak <petrcermak@chromium.org>
Signed-off-by: Namhyung Kim <namhyung@gmail.com>
2016-09-12 20:38:44 +01:00
Michael Kerrisk
af0cb4bd54
raw.7: Clarify user namespace requirements for CAP_NET_RAW
...
Also remove mention of UID 0 as a method or creating
a raw socket. As far as I can tell from reading the
kernel source (net/ipv4/af_inet.c), this is not true.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:34:22 +01:00
Michael Kerrisk
f71d155750
packet.7: Clarify user namespace requirements for CAP_NET_RAW
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:34:22 +01:00
Michael Kerrisk
47c906e5c4
open.2: Clarify user namespace capability requirements for O_NOATIME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:34:22 +01:00
Michael Kerrisk
58afe6afe1
proc.5: Clarify user namespace requirements for /proc/sys/fs/protected_hardlinks
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:34:22 +01:00
Michael Kerrisk
ed1ba8a5eb
bindresvport.3, rcmd.3, ip.7: Note user namespace requirements for CAP_NET_BIND_SERVICE
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:34:22 +01:00
Michael Kerrisk
70b723049c
ip.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:34:22 +01:00
Michael Kerrisk
3294109d14
msgctl.2, msgget.2, msgop.2, semctl.2, semget.2, semop.2, shmctl.2, shmget.2, shmop.2: Note the user namespace requirements for CAP_IPC_OWNER
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:34:22 +01:00
Michael Kerrisk
d4dabee19b
chroot.2: Note user namespace requirements for CAP_SYS_CHROOT
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:34:21 +01:00
Michael Kerrisk
c387fb9b2c
setuid.2: Note user namespace requirements for CAP_SETUID
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:34:21 +01:00
Michael Kerrisk
36a62e0379
setreuid.2: Note user namespace requirements for CAP_SETUID and CAP_SETGID
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 16:54:36 +01:00
Michael Kerrisk
fb03f4addc
setresuid.2: Note user namespace requirements for CAP_SETUID
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 16:54:36 +01:00
Michael Kerrisk
6f22721ecb
setgid.2: Note user namespace requirements for CAP_SETGID
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 16:54:36 +01:00
Michael Kerrisk
52f2c8fb7e
setgid.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 16:54:36 +01:00
Michael Kerrisk
1a54ad1eae
seteuid.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 16:54:36 +01:00
Michael Kerrisk
cdbc9e153d
seteuid.2: Note user namespace requirements for CAP_SETUID and CAP_SETGID
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 16:54:36 +01:00
Michael Kerrisk
7127bd53ee
setuid.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 16:54:36 +01:00
Michael Kerrisk
0e332aef5f
setresuid.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 16:54:36 +01:00
Michael Kerrisk
02a0d14238
setgid.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 16:54:36 +01:00
Michael Kerrisk
67453c5afe
kill.2: Minor wording fix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 16:54:36 +01:00
Michael Kerrisk
0a58b1ae5c
kill.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 16:54:36 +01:00
Michael Kerrisk
be8f12726e
seccomp.2: CAP_SYS_ADMIN is required only in caller's user namespace
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 16:54:28 +01:00
Michael Kerrisk
32dbbd6416
getrlimit.2: Note user namespace semantics for CAP_SYS_RESOURCE
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
e31d1beb76
getgroups.2: Note user namespace requirements for CAP_SETGID
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
2ff964df8f
getdomainname.2: Note user namespace requirements for CAP_SYS_ADMIN
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
6e87fb0b6e
gethostname.2: Note user namespace requirements for CAP_SYS_ADMIN
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
af53fcb53e
prctl.2: Note user namespace requirements for PR_CAPBSET_DROP CAP_SETPCAP
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
a0b4ac2c1c
reboot.2: Note user namespace requirements around CAP_SYS_BOOT
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
1090e3f079
sched_setaffinity.2: Note user namespace requirements for CAP_SYS_NICE
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
097ccd1a89
kill.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
a354707257
kill.2: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
7de0791306
kill.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
1b1ebece3c
kill.2: Note the user namespace requirement for CAP_KILL
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
6fee0ca3ba
killpg.2: Refer reader to kill(2) for signal permission rules
...
Rather than repeating details here, refer the reader to kill(2)
(so that the rules are in a canonical location, and need only
be edited in one place for future changes--see next commit).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
40ff9e27dc
fcntl.2: Note an important detail of F_SETOWN permission rules for signals
...
F_SETOWN records the caller's credentials at the time of
the fcntl() call, and it is these saved credentials that
are used for subsequent permission checks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
0d86f49075
socket.7: SIOCSPGRP: refer to fcntl(2) F_SETOWN for correct permission rules
...
The permission rules described for SIOCCPGRP are wrong. Rather
than repeat the rules here, just refer the reader to fcntl(2),
where the rules are described for F_SETOWN.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
81554da338
close.2: Add mention of the close-on-exec flag
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 13:54:38 +01:00
Michael Kerrisk
cfa21a0b8f
umask.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 07:39:40 +01:00
Michael Kerrisk
ddf5e4ab24
open.2: Clarify the rules about how the group ID of a new file is determined
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 07:39:40 +01:00
Michael Kerrisk
40169a93c1
open.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 07:39:40 +01:00
Michael Kerrisk
7351ae87ea
open.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 07:39:40 +01:00
Michael Kerrisk
3d8af60347
getsid.2: Rework description to be somewhat clearer
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 07:39:40 +01:00
Michael Kerrisk
1986f06518
setsid.2: Refer to credentials(7) for details for details on controlling terminal
...
Refer to credentials(7) for details of how a session obtains
a controlling terminal.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 07:39:40 +01:00
Michael Kerrisk
a12db8121c
getsid.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 07:39:39 +01:00
Michael Kerrisk
ff437c946b
getsid.2: Correct the definition of "session ID"
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 07:39:33 +01:00