Michael Kerrisk
ecf9a3e30b
keyrings.7: Extend SEE ALSO list
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:22 +01:00
Michael Kerrisk
722772aa01
keyrings.7: Minor tweaks
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov
efeccbf659
keyrings.7: Add info regarding pre-3.17 defaults in root_maxbytes/root_maxkeys
2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov
f391cd5a93
keyrings.7: tfix
2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov
be851e7e53
keyrings.7: Minor clarification on where big_key payload is stored
2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov
d78255b88b
keyrings.7: tfix
2016-12-27 09:36:22 +01:00
Eugene Syromyatnikov
cd27ab965e
keyrings.7: Minor clarification regarding storage method used in keyrings
2016-12-27 09:36:22 +01:00
Michael Kerrisk
8880b194be
keyrings.7: Note key types and descriptions that are reserved to the implementation
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
9d85c78908
user_namespaces.7: Change page cross reference: keyctl(2) ==> keyrings(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
16dfd5cea1
keyrings.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
e22cb0c493
keyrings.7, persistent-keyring.7, process-keyring.7, session-keyring.7, thread-keyring.7, user-keyring.7, user-session-keyring.7: srcfix: spfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
51139f08f7
keyrings.7: /proc/keys also shows keys that are not possessed by reader
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
c9630289cd
keyrings.7: /proc/keys permissions are determined by reading thread (not process)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
59d33fb6c1
user-session-keyring.7: Note the format of the name of the user session keyring
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
cab39aef6c
user-keyring.7: Note format of the name of the user keyring
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
921482c8c9
session-keyring.7: Note the name of the session keyring
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
a60bc36bd4
thread-keyring.7: Note name of the thread keyring
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
5c05fc584e
process-keyring.7: Note name of process keyring
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
49301cc826
persistent-keyring.7: Note the format of a persistent keyring's name
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
b3093c4a06
keyrings.7: Remove bogus statement about key permissions and /proc/keys
...
Simple experiment shows that this statement is wrong!
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
eec85a076f
keyrings.7: Fix notable wording error in description of key search algorithm
...
"If valid matching key" ==> If no valid matching key"
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:21 +01:00
Michael Kerrisk
2651b688de
keyrings.7: Note bits used for permissions in /proc/keys
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
cf84b5a43a
keyrings.7: Add references to system call man pages
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
62694337df
keyrings.7: Minor wording fixes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
103a379890
keyrings.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
260eda926e
keyrings.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
39709e8a50
add_key.2, keyrings.7: Migrate some info about key types from add_key(2) to keyrings(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
f2161a52e3
keyrings.7: Improve /proc/keys description
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
0260fbc5a0
keyrings.7: srcfix: FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
25508c017b
keyrings.7: Minor tweaks
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
abb8dc5850
keyrings.7: Tweaks after discussions with David Howells
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
424fb6a6bb
keyrings.7: Document /proc/keys
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
ebf039e2ea
keyrings.7: Document /proc/key-users
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
ef805a05f8
keyrings.7: Document /proc/sys/kernel/keys/gc_delay
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
c29d99da8d
keyrings.7: Document /proc/sys/kernel/keys/persistent_keyring_expiry
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
5b0a63f609
keyrings.7: Document /proc files that define key quotas
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
baf69887a2
keyrings.7: srcfix: FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:20 +01:00
Michael Kerrisk
ec5fa8a7c4
user-session-keyring.7: Note some rationale for existence of user session keyring
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
6294ad5cb8
user-session-keyring.7: Add some details on lifetime of user session keyring
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
2929ba6883
user-keyring.7: Add details on user keyring lifetime
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
d939f942ae
session-keyring.7: Add some details on session keyring lifetime
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
e650d927c2
keyrings.7: Various reworkings and additions
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
505614ad0f
user-session-keyring.7: Various rewordings and additions
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
c2bd9d60a1
thread-keyring.7: Various rewordings and additions
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
f6993c8cde
user-keyring.7: Various reworking and improvements
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
3079720351
session-keyring.7: Various reworking and additions
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
6d1a7867f8
process-keyring.7: Various additions and improvements
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
655b410b59
persistent-keyring.7: Various clean-ups and additions
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
630abd84e4
keyrings.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
c26b9d5711
keyrings.7, persistent-keyring.7, session-keyring.7, user-keyring.7, user-session-keyring.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
6d6d803e04
keyrings.7: spfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
c1f7a90fee
keyrings.7, process-keyring.7, thread-keyring.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
bf0dcc156f
keyrings.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:19 +01:00
Michael Kerrisk
6f04243f93
keyrings.7, persistent-keyring.7, process-keyring.7, session-keyring.7, thread-keyring.7, user-keyring.7, user-session-keyring.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:18 +01:00
Michael Kerrisk
fe2d2f79c4
keyrings.7, persistent-keyring.7, session-keyring.7: Use session and subheadings according to man-pages norms
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:18 +01:00
Michael Kerrisk
da1b8e4138
persistent-keyring.7, user-keyring.7, user-session-keyring.7: Fix page reference: exit(2) --> _exit(2)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:18 +01:00
Michael Kerrisk
f437df79f2
keyrings.7, persistent-keyring.7, process-keyring.7, session-keyring.7, thread-keyring.7, user-keyring.7, user-session-keyring.7: ffix + pages xref fixes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:18 +01:00
Michael Kerrisk
a44454bc1b
keyrings.7, persistent-keyring.7, process-keyring.7, session-keyring.7, thread-keyring.7, user-keyring.7, user-session-keyring.7: Rewrap source lines
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:18 +01:00
Michael Kerrisk
1ba9d9e551
keyrings.7, persistent-keyring.7, process-keyring.7, session-keyring.7, thread-keyring.7, user-keyring.7, user-session-keyring.7: srcfix: add license marker tags
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:18 +01:00
Michael Kerrisk
8c5a425a37
persistent-keyring.7, process-keyring.7, session-keyring.7, thread-keyring.7, user-keyring.7, user-session-keyring.7: Make NAME lines consistent
...
The names of the files use hyphens, not underscores.
The word following '\-' should start with lower case
(unless English conventions dictate otherwise).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:18 +01:00
Michael Kerrisk
e7ca6b3c5a
keyrings.7, persistent-keyring.7, process-keyring.7, session-keyring.7, thread-keyring.7, user-keyring.7, user-session-keyring.7: Fix .TH lines for follow man-pages norms
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:18 +01:00
Michael Kerrisk
2aa9ab8ba6
keyrings.7, persistent-keyring.7, process-keyring.7, session-keyring.7, thread-keyring.7, user-keyring.7, user-session-keyring.7: Fix SEE ALSO entries
...
* Prevent hyphenation
* Order entries alphabetically
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:18 +01:00
Michael Kerrisk
9bb46110dc
user-session-keyring.7: New page adopted from keyutils
...
Since this page documents kernel-user-space interfaces,
it makes sense to have it as part of man-pages, rather
than the keyutils package.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:18 +01:00
Michael Kerrisk
9d7cbb6203
user-keyring.7: New page adopted from keyutils
...
Since this page documents kernel-user-space interfaces,
it makes sense to have it as part of man-pages, rather
than the keyutils package.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:18 +01:00
Michael Kerrisk
5ecafe0f30
thread-keyring.7: New page adopted from keyutils
...
Since this page documents kernel-user-space interfaces,
it makes sense to have it as part of man-pages, rather
than the keyutils package.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:18 +01:00
Michael Kerrisk
96d7146346
session-keyring.7: New page adopted from keyutils
...
Since this page documents kernel-user-space interfaces,
it makes sense to have it as part of man-pages, rather
than the keyutils package.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:18 +01:00
Michael Kerrisk
e87dd702f5
process-keyring.7: New page adopted from keyutils
...
Since this page documents kernel-user-space interfaces,
it makes sense to have it as part of man-pages, rather
than the keyutils package.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:16 +01:00
Michael Kerrisk
33af8657ac
persistent-keyring.7: New page adopted from keyutils
...
Since this page documents kernel-user-space interfaces,
it makes sense to have it as part of man-pages, rather
than the keyutils package.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:16 +01:00
David Howells
6b71fd9aca
keyrings.7: New page adopted from keyutils
...
Since this page documents kernel-user-space interfaces,
it makes sense to have it as part of man-pages, rather
than the keyutils package.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-27 09:36:16 +01:00
Michael Kerrisk
d510e7de7e
namespaces.7: EXAMPLE: rename the example program
...
Use a more generic name, since this program may be expanded
in various ways in the future.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-23 09:28:54 +01:00
Michael Kerrisk
e79c9e5825
namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-23 09:26:09 +01:00
Michael Kerrisk
0fbabfc2d5
namespaces.7: Minor clarification in EXAMPLE
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-23 09:22:27 +01:00
Michael Kerrisk
c6ff0d07a0
namespaces.7: EXAMPLE: fix an error in shell session
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-23 09:18:46 +01:00
Michael Kerrisk
794652c5f0
namespaces.7: Minor wording fix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-23 09:18:34 +01:00
Michael Kerrisk
d3fca275d2
namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-23 09:05:41 +01:00
Michael Kerrisk
70fdcbc20a
unix.7: Note that the ETOOMANYREFS diagnostic may be backported to older kernels
...
Reported-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-17 10:33:55 +01:00
Michael Kerrisk
dc4eea68b5
unix.7: Document ETOOMANYREFS for SCM_RIGHTS send exceeding RLIMIT_NOFILE limit
...
Reviewed-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-17 10:33:55 +01:00
Michael Kerrisk
25d2cc431f
charsets.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-16 15:21:15 +01:00
Michael Kerrisk
7509f758ce
capabilities.7: Document a new use of CAP_SYS_RESOURCE
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-16 12:29:08 +01:00
Michael Kerrisk
9ca2e0c114
unix.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-16 11:30:16 +01:00
Michael Kerrisk
dd55b8a1d7
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-16 09:19:01 +01:00
Michael Kerrisk
24ee13dfc1
capabilities.7: Add another case for CAP_DAC_READ_SEARCH
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-16 09:10:40 +01:00
Michael Kerrisk
968b27aa1a
capabilities.7: Add some more operations governed by CAP_SYS_ADMIN
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-15 20:53:50 +01:00
Michael Kerrisk
c6ddae522e
capabilities.7: Add a few more operations covered by CAP_SYS_ADMIN
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-15 19:18:11 +01:00
Michael Kerrisk
56cc88cbdc
capabilities.7: Refer to execve(2) for the reasons that file capabilities may be ignored
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-15 12:47:59 +01:00
Michael Kerrisk
f04f131fa9
capabilities.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-15 12:47:59 +01:00
Michael Kerrisk
fa72c2244f
namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-14 11:52:55 +01:00
Michael Kerrisk
7c28a0b660
random.7: SEE ALSO: add getauxval(3)
...
A small hint to the reader that some random bytes arrive
in the auxiliary vector.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-13 12:11:32 +01:00
Michael Kerrisk
67557cd9d1
signal-safety.7: Note async-signal-safety problems caused by pthread_atfork()
...
See https://bugzilla.kernel.org/show_bug.cgi?id=25292
And there will likely be future changes as well.
Quoting http://www.opengroup.org/austin/aardvark/latest/xshbug3.txt :
COMMENT Enhancement Request Number 15
rajani.g.k:xxxxxx Defect in XSH 2.4.3 (rdvk# 6)
{GKRFORK012009} Thu, 8 Jan 2009 07:41:10 GMT
[...]
As per this section, XSH P1529, L49389-49402, it is possible
that multithreaded libraries could be used by single threaded
applications. In which case, atfork handlers are essential for
the libraries to protect their internal state during fork. As
explained further P1530, L49403-49404, pthread_atfork
functions are mainly required to acquire/release mutex locks,
for protecting the applications/libraries from fork() calls.
C-library needs to as well have an atfork handler which
acquires all the required locks to protect its memory state
across fork().
The acquire/release mutex calls themselves are aync-signal
unsafe operations. Use of them makes pthread_atfork handlers
async-signal unsafe which in turn makes fork() async-signal
unsafe when called by an application which is multi threaded,
or which is linked to a library which is multi threaded.
Action:
Need clarification with respect to
1. Is it correct to list fork as an async-signal safe
interface, in a multi threaded scenario?
2. Can the implementation be allowed to not call the atfor
handlers, when fork is called from a signal handler? If the
atfork handlers are not going to be called when fork is called
in the signal handler, then they can not be called, even if
fork is called in the newly created child before exec.
3. If only async-signal safe functions are to be called from
pthread_atfork handlers, then how will multi-threaded librarie
protect themselves by the fork calls, made by single threaded
applications linked to them?
Reported-by: KASAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 12:53:05 +01:00
Michael Kerrisk
fb16ec3585
signal-safety.7: Note glibc deviations from POSIX requirements
...
See https://bugzilla.kernel.org/show_bug.cgi?id=25292
Reported-by: KASAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 12:53:05 +01:00
Michael Kerrisk
d1329af1f3
signal-safety.7, signal.7: Migrate discussion of async-signal-safe functions to new page
...
Also:
* add more detail on changes across standards
* provide proper section cross references in function references
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 12:53:05 +01:00
Michael Kerrisk
1b9d581944
Removed trailing white space at end of lines
2016-12-12 10:47:17 +01:00
Michael Kerrisk
35deeb8703
bind.2, chmod.2, chown.2, chroot.2, clock_getres.2, clone.2, connect.2, dup.2, fallocate.2, get_mempolicy.2, getpeername.2, getpriority.2, getsockname.2, getsockopt.2, gettimeofday.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, kill.2, mbind.2, mmap.2, mount.2, mprotect.2, nfsservctl.2, nice.2, open.2, perf_event_open.2, pipe.2, pkey_alloc.2, prctl.2, ptrace.2, quotactl.2, remap_file_pages.2, sched_setscheduler.2, set_mempolicy.2, signal.2, signalfd.2, swapon.2, sync_file_range.2, syscalls.2, timer_create.2, timerfd_create.2, utime.2, utimensat.2, wait.2, atof.3, ctime.3, errno.3, fclose.3, fflush.3, insque.3, malloc_get_state.3, mallopt.3, mbsnrtowcs.3, mq_close.3, mq_open.3, mq_receive.3, mq_send.3, printf.3, pthread_attr_init.3, pthread_create.3, pthread_setaffinity_np.3, ptsname.3, remainder.3, strtod.3, tgamma.3, timegm.3, tmpnam.3, ttyname.3, console_ioctl.4, elf.5, filesystems.5, proc.5, utmp.5, capabilities.7, cgroups.7, credentials.7, ddp.7, feature_test_macros.7, fifo.7, inotify.7, libc.7, mount_namespaces.7, namespaces.7, netlink.7, pid_namespaces.7, pkeys.7, shm_overview.7, standards.7, uri.7, user_namespaces.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 10:45:24 +01:00
Michael Kerrisk
e6f1b08f55
namespaces.7: Adjust example program to show device major and minor numbers
...
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 07:30:16 +01:00
Michael Kerrisk
e0ff749f64
namespaces.7: Comparisons between fstat()ed files should be on st_dev+st_ino
...
The FDs returned by NS_GET_USERNS and NS_GET_PAREENT must be
tested by comparing to both the 'st_dev' and 'st_ino' fields
returned by fstat(2).
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 07:30:16 +01:00
Michael Kerrisk
58615b43fb
namespaces.7: Add ENOTTY error() for ioctl namespace operations
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 07:30:16 +01:00
Michael Kerrisk
519949ecad
namespaces.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 07:30:16 +01:00
Michael Kerrisk
57422589cf
namespaces.7: Tweaks to text on ioctl() operations
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 07:30:16 +01:00
Michael Kerrisk
4f74d99615
mount_namespaces.7: Minor clean-up (note a forward reference in the text)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 07:30:16 +01:00
Michael Kerrisk
4bfc202622
mount_namespaces.7, user_namespaces.7: Migrate subsection on mount restrictions to mount_namespaces(7)
...
This section material in the user_namespaces(7) page was written
before the creation of the mount_namespaces(7) manual page.
Nowadays, this material properly belongs in the newer page.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 07:28:52 +01:00
Michael Kerrisk
466247eb67
mount_namespaces.7: SEE ALSO: add user_namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 07:27:23 +01:00
Michael Kerrisk
414908519d
user_namespaces.7: Add reference to namespaces(7) for NS_GET_USERNS operation
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 07:27:23 +01:00
Michael Kerrisk
7af6863be7
user_namespaces.7: Add reference to namespaces(7) for NS_GET_PARENT operation
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 07:27:23 +01:00
Michael Kerrisk
3889900a0a
pid_namespaces.7: Refer to namespaces(7) for information about NS_GET_PARENT
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 07:27:23 +01:00
Michael Kerrisk
6143dbbffd
namespaces.7: Document the NS_GET_USERNS and NS_GET_PARENT ioctl() operations
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 07:27:23 +01:00
Michael Kerrisk
6d891a8100
pid_namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-11 15:45:08 +01:00
Michael Kerrisk
791ea4b39c
user_namespaces.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-11 11:07:19 +01:00
Michael Kerrisk
ced6277a7b
namespaces.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-11 11:06:24 +01:00
Michael Kerrisk
03fb4543fd
feature_test_macros.7: Further tweaks to _REENTRANT description
...
Reviewed-by: Zack Weinberg <zackw@panix.com>
Reported-by: Zack Weinberg <zackw@panix.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-10 15:20:21 +01:00
Michael Kerrisk
26719dcfce
feature_test_macros.7: Note that "cc -pthread" defines _REENTRANT
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-10 15:20:21 +01:00
Michael Kerrisk
f74991beed
feature_test_macros.7: Improve the text on _REENTRANT/_THREAD_SAFE deprecation
...
[mtk] I did a little code spelunking and found the following:
1. In glibc 1.09 (tagged 1995-03-02 in the git history),
__USE_REENTRANT, _THREAD_SAFE, and _REENTRANT do not appear.
2. In glibc-1.93 (tagged 1996-08-29 in the git history),
__USE_REENTRANT governs the exposure of some "_r()"
functions from about a dozen header files. However, it is
defined in <features.h> via
#if defined (__USE_GNU) || defined (__USE_MISC)
#define __USE_REENTRANT 1
#endif
_REENTRANT and _THREAD_SAFE solely govern declarations in
<stdio.h>, where they expose declarations of a few "unlocked"
stdio functions and use #define to redirect a few stdio
function names to "locked" versions.
3. THREAD_SAFE and _REENTRANT first appear in the git logs
1996-05-09.
4. About 9 months later, glibc 2.0.1 arrives on 1997-02-04
(timestamp and tarball taken from
https://ftp.gnu.org/gnu/libc/ , since there is no tag in the
git history; casual inspection of the logs suggests the
glibc 2.0 release was about a week earlier.
By now we have the following in <features.h>:
#if defined _REENTRANT || defined _THREAD_SAFE
#define __USE_REENTRANT 1
#endif
And _THREAD_SAFE, and _REENTRANT do not appear appear in
other headers. However, by now, __USE_REENTRANT governs only
the declarations of tmpnam_r() and getlogin_r()
In other words, the window of time where _REENTRANT and
_THREAD_SAFE did anything much in glibc was quite short, IIUC.
Cowritten-by: Zack Weinberg <zackw@panix.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-10 15:20:21 +01:00
Michael Kerrisk
75b554e781
feature_test_macros.7: Note that _REENTRANT and _THREAD_SAFE are now deprecated
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-10 15:20:21 +01:00
Michael Kerrisk
6b383fbd0b
environ.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-10 11:23:42 +01:00
Michael Kerrisk
6b0e82039c
mdoc.7: Add a cross-reference to groff_mdoc(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-10 11:12:44 +01:00
Michael Kerrisk
88c4d99aa8
mdoc.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-10 11:11:28 +01:00
Michael Kerrisk
595327306c
libc.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-09 13:21:55 +01:00
Michael Kerrisk
dd964d66b2
libc.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-09 13:21:32 +01:00
Michael Kerrisk
961b740361
libc.7: Add a note on why glibc 2.x uses the soname libc.so.6
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-09 13:21:32 +01:00
Michael Kerrisk
e5fbb0bfed
libc.7: Add a few historical details on Linux libc4 and libc5
...
Just for historical interest. Details taken from
http://www.linux-m68k.org/faq/glibcinfo.html .
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-09 12:39:28 +01:00
Michael Kerrisk
a62ca28af6
feature_test_macros.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-08 10:15:00 +01:00
Michael Kerrisk
990b14c4fa
sock_diag.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-07 16:09:52 +01:00
Michael Kerrisk
9e39d87df1
sock_diag.7: More minor fixes to Dmitry's patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-07 16:09:52 +01:00
Michael Kerrisk
94dc419f1d
sock_diag.7: ffix: better hanging lists
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-07 15:51:33 +01:00
Michael Kerrisk
e6e0499ee0
sock_diag.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-07 15:43:47 +01:00
Michael Kerrisk
e2734d296b
sock_diag.7: Tweaks to Dmitry Levin's page
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-07 15:40:29 +01:00
Michael Kerrisk
c974db0909
sock_diag.7: ffix: white space tweaks in example program
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-07 15:23:33 +01:00
Michael Kerrisk
6d654721b9
sock_diag.7: srcfix: rewrap long lines
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-07 15:19:40 +01:00
Michael Kerrisk
7133b8984b
netlink.7: Rework position of NETLINK_SOCK_DIAG in list
...
Essentially to fix a formatting issue, where the list head
item wrapped past the 80-column limit when rendered.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-07 15:19:40 +01:00
Dmitry V. Levin
77a7e0e2bf
netlink.7: Add references to sock_diag(7)
...
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-07 15:19:40 +01:00
Dmitry V. Levin
407bcead83
netlink.7: Document NETLINK_INET_DIAG rename to NETLINK_SOCK_DIAG
...
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-07 15:19:40 +01:00
Pavel Emelyanov
4f6a0a4a90
sock_diag.7: New page documenting NETLINK_SOCK_DIAG interface
...
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-07 15:19:40 +01:00
Dmitry V. Levin
34caa2222e
netlink.7: ffix
...
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-07 15:19:40 +01:00
Michael Kerrisk
2f3db2a58f
symlink.7: SEE ALSO: add namei(1)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-05 12:31:37 +01:00
Michael Kerrisk
def79251d4
credentials.7: SEE ALSO: add shadow(5)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-05 12:28:21 +01:00
Michael Kerrisk
360c190092
signal.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-05 12:13:33 +01:00
Michael Kerrisk
b7171b1495
sched.7: Clarify that autogroup defaults on in various distros
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-05 12:13:33 +01:00
Michael Kerrisk
58543181f8
sched.7: Note command that can be used to modify the autogroup nice value
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-05 12:13:33 +01:00
Michael Kerrisk
a695d35c98
sched.7: Improve section on nice value and group scheduling
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-30 18:30:54 +01:00
Michael Kerrisk
4fbe161bf2
sched.7: Relocate discussion of group scheduling
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-30 18:30:54 +01:00
Michael Kerrisk
7ef1473742
sched.7: Clarify details of autogroup nice value
...
Also clarify its interactions with the thread nice value.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-30 18:30:36 +01:00
Michael Kerrisk
c49631b7de
sched.7: srcfix: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-29 21:50:15 +01:00
Michael Kerrisk
0cacdedace
sched.7: Further clarify scheduling policies for which autogroup applied
...
Further clarify that autogroup groups only SCHED_OTHER/SCHED_NICE/
SCHED_IDLE processes.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-29 21:50:15 +01:00
Michael Kerrisk
e92070f8cc
sched.7: Add a subsection on group scheduling
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-29 21:50:15 +01:00
Michael Kerrisk
e9c1649aa7
sched.7: Tweak description of cgroups overriding autogroup
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-29 21:50:15 +01:00
Michael Kerrisk
1dd83d2e8f
sched.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-29 21:50:15 +01:00
Michael Kerrisk
58627ec0d8
sched.7: Note error that occurs when writing invalid value to /proc/PID/autogroup
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-29 21:50:15 +01:00
Michael Kerrisk
626dca367b
sched.7: Further clarify details of group scheduling
...
After comments by Mike Galbraith.
Reported-by: Mike Galbraith <efault@gmx.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-29 21:50:15 +01:00
Michael Kerrisk
c11d067046
sched.7: wfix
...
Reported-by: Afzal Mohammed <afzal.mohd.ma@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-29 21:50:15 +01:00
Michael Kerrisk
45922aa8d3
sched.7: srcfix: add details to FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-29 21:50:15 +01:00
Michael Kerrisk
ee1f3c18a2
sched.7: Rework discussion of autogroups
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-29 21:50:15 +01:00
Michael Kerrisk
576b74eec2
sched.7: Rework discussion of autogroup nice value
...
Remove the text saying that setting the autogroup nice value
always lowers the group's priority. That was actually a
bug introduced in Linux 4.7.
Also make it clearer that the autogroup nice value has the same
meaning as the nice value set by setpriority(2).
Reported-by: Mike Galbraith <efault@gmx.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-29 21:50:15 +01:00
Michael Kerrisk
ed520068e7
sched.7: Document the autogroup feature
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-29 21:50:15 +01:00
Michael Kerrisk
1dc3d91d7b
namespaces.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-29 17:55:08 +01:00
Michael Kerrisk
6ad8b4d00c
sched.7: Minor wording fix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-29 07:48:35 +01:00
Michael Kerrisk
bcbb240cf4
sched.7: Minor rewording of discussion of nice value
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-28 07:06:59 +01:00
Michael Kerrisk
31046c3cbd
sched.7: Add nice(2), getpriority(2), and setpriority(2) to API list
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-28 07:03:26 +01:00
Michael Kerrisk
2be50a325d
sched.7: Minor text reorganization
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-27 19:27:46 +01:00
Michael Kerrisk
927d0dfaa7
sched.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-27 19:27:45 +01:00
Michael Kerrisk
d145138ee0
sched.7: Add a new introductory paragraph describing the nice value
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-27 19:27:45 +01:00
Jakub Wilk
40f0931ccb
random.7: tfix
...
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
2016-11-27 18:59:06 +01:00
Michael Kerrisk
50e12810b3
sched.7: Mention RLIMIT_NICE in the discussion of the nice value
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-27 18:57:48 +01:00
Michael Kerrisk
115366c6f3
sched.7: Add more precise details on CFS's treatment of the nice value
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-27 18:57:48 +01:00
Michael Kerrisk
45fcd0e27f
getpriority.2, sched.7: Move nice value details from getpriority(2) to sched(7)
...
Centralizing these details in sched(7) is more logical.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-27 18:57:48 +01:00
Michael Kerrisk
f677bcfb6e
sched.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-27 18:57:41 +01:00
Michael Kerrisk
b8986eaed3
sched.7: Make it clearer that SCHED_OTHER is always scheduled below real-time
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-27 18:57:41 +01:00
Michael Kerrisk
30af6b5d8b
sched.7: Add introductory sentence mentioning CFS scheduler
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-27 18:57:41 +01:00
Michael Kerrisk
bac6ef74c2
sched.7: Minor wording improvement in text introducing system calls
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-27 18:57:41 +01:00
Michael Kerrisk
94875d76d1
sched.7: Remove mention of individual kernel developer names
...
It's not the norm to name developers of particular features
in each man page. No need for an exception here.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-27 18:57:30 +01:00
Michael Kerrisk
df312a964f
sched.7: Minor wording fix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-27 15:02:53 +01:00
Michael Kerrisk
0b1ce08517
sched.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-27 14:57:30 +01:00
Michael Kerrisk
4ad9a70616
cgroups.7: Add details on 'cpu' CFS bandwidth control
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-27 14:44:24 +01:00
Michael Kerrisk
983c70fcfc
random.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-26 14:31:53 +01:00
Michael Kerrisk
289b177f0f
random.7: Remove recommendation against consuming large amounts of randomness
...
From the email discussion:
> > Usage recommendations
> > The kernel random-number generator relies on entropy gathered
> > from device drivers and other sources of environmental noise.
> > It is designed to produce a small amount of high-quality seed
> > material to seed a cryptographically secure pseudorandom number
> > generator (CSPRNG). It is designed for security, not speed,
> > and is poorly suited to generating large amounts of crypto‐
> > graphic random data. Users should be economical in the amount
> > of seed material that they consume via getrandom(2), /dev/uran‐
> > dom, and /dev/random.
> >
> > ┌─────────────────────────────────────────────────────┐
> > │FIXME │
> > ├─────────────────────────────────────────────────────┤
> > │Is it really necessary to avoid consuming large │
> > │amounts from /dev/urandom? Various sources linked to │
> > │by https://bugzilla.kernel.org/show_bug.cgi?id=71211 │
> > │suggest it is not. │
> > │ │
> > │And: has the answer to the previous question changed │
> > │across kernel versions? │
> > └─────────────────────────────────────────────────────┘
> > Consuming unnecessarily large quantities of data via these
> > interfaces will have a negative impact on other consumers of
> > randomness.
[Ted T'so:]
> So "poorly suited" is definitely true. Also true is that urandom is
> not engineered for use for non-cryptographic uses. It's always going
> to be faster to use random(3) for those purposes.
>
> As far as whether or not it has a negative impact, it depends on how
> much you trust the underlying cryptographic algorithms. If the CSPRNG
> is seeded correctly with at least 256 bits of entropy that can't be
> guessed by the attacker, and if the underlying cryptographic
> primitives are secure, then it won't matter. But *if* there is an
> unknown vulnerability in the underlying primitive, and *if* large
> amounts of data generated by the CSPRNG would help exploit that
> vulnerability, and *if* that bulk amount of CSPRNG output is made
> available to an attacker with the capability to break the underlying
> cryptographic vulnerability, then there would be a problem.
>
> Obviously, no one knows of such a vulnerability, and I'm fairly
> confident that there won't be such a vulnerability across the
> different ways we've used to generate the urandom source --- but some
> people are professional paranoids, and would argue that we shouldn't
> make bulk output of the CSPRNG available for no good reason, just in
> case.
[Nikos Mavrogiannopoulos:]
The above is certainly accurate, however, I think that such a
discussion or text, when reflected to a man-page is going to
cause problems. The audience of a man-page are not crypto people,
and seeing such text would create confusion rather than clarify
how these devices/apis should be used. The *if* part is not put
into a perspective, suggesting that such an *if* is possible.
However, if one clarifies, i.e., in that case, your TLS or SSH
connection is most likely broken as well, and not because of any
attack on /dev/urandom, then one can see that we are heading
towards a theoretical discussion.
My suggestion, on that particular text would be to remove it,
but make it explicit somewhere in the text that all the
assurances for the devices depend on the crypto primitives,
rather than describing risks that may arise on particular
usage patterns *if* primitives are broken.
Reviewed-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reported-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-26 14:31:53 +01:00
Michael Kerrisk
88e28f78bd
sched.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-22 14:44:07 +01:00
Michael Kerrisk
3c61c8ac19
sched.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-22 13:42:49 +01:00
Michael Kerrisk
cfd62fa259
sched.7: Give the page a more generic NAME
...
The page isn't just about APIs.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-22 13:21:32 +01:00
Michael Kerrisk
1f7fb9c057
sched.7: NOTES: mention cgroups CPU controller
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-22 13:19:20 +01:00
Michael Kerrisk
55a51edbd7
bootparam.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-21 10:54:55 +01:00
Michael Kerrisk
7c896e1ece
random.7: wfix
...
Reported-by: Jeremy Harris <jgh@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-19 11:28:46 +01:00
Michael Kerrisk
a4439a507a
inotify.7: srcfix: FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-18 10:41:26 +01:00
Michael Kerrisk
705bb6738b
inotify.7: Note a subtlety of event generation when monitoring a directory
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-18 10:39:10 +01:00
Michael Kerrisk
2b44a16879
random.7: wfix
...
Reported-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-15 22:14:52 +01:00
Michael Kerrisk
e97a8a1d49
random.7: srcfix: tweak FIXMEs
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-15 07:48:59 +01:00
Michael Kerrisk
091ae4d20b
random.7: Tewaks after review by Ted T'so
...
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Reported-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-15 07:40:35 +01:00
Michael Kerrisk
76d8c32d6f
random.7: Fixes after review by Laurent Georget
...
Reviewed-by: Laurent Georget <laurent@lgeorget.eu>
Reported-by: Laurent Georget <laurent@lgeorget.eu>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-15 07:19:09 +01:00
Michael Kerrisk
e10dec2908
random.7: wfix
...
Reported-by: Jeremy Harris <jgh@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-15 06:57:51 +01:00
Michael Kerrisk
b171f0af8a
random.7: srcfix: FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-13 07:34:18 +01:00
Michael Kerrisk
2c158ae506
random.7: Note that simulations don't need cryptographically secure random numbers
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-13 07:26:51 +01:00
Michael Kerrisk
cdfedc0324
random.7: wfix
...
Reported-by: Laurent Georget <laurent.georget@supelec.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-12 23:00:40 +01:00
Michael Kerrisk
5a1df80797
random.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-12 20:18:15 +01:00
Michael Kerrisk
e919912d34
random.7: wfix
...
Further weaken any suggestion that the "random" source is
in some cases preferable.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-12 13:19:10 +01:00
Michael Kerrisk
d8de7cba64
random.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-12 12:22:10 +01:00
Michael Kerrisk
dce6b79650
getrandom.2, random.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-12 12:22:10 +01:00
Michael Kerrisk
0ae2c1356d
random.7: New page providing an overview of interfaces for obtaining randomness
...
Ccontains material extracted from getrandom(2) and random(4),
as well as new material.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-12 12:22:10 +01:00
Michael Kerrisk
1d99db5f09
udplite.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-11 09:46:13 +01:00
Michael Kerrisk
b64fbdca61
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-11 09:38:06 +01:00
Michael Kerrisk
d51fc363eb
udp.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-11 09:34:52 +01:00
Michael Kerrisk
d70877837a
socket.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-11 09:34:08 +01:00
Michael Kerrisk
d4c45a8e43
ipv6.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-11 09:33:18 +01:00
Michael Kerrisk
82d28cfa21
ip.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-11 09:32:09 +01:00