Stéphane Aulery
ab94602069
intro.1: srcfix
...
Remove non breaking spaces accidentally inserted.
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-09 08:09:06 +01:00
Stéphane Aulery
504b1c79a6
clock.3: CLOCKS_PER_SEC = 1000000 is required by XSI, not POSIX
...
Debian Bug #728213 reported by Tanaka Akira <akr@fsij.org>
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728213
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-08 09:52:55 +01:00
Stéphane Aulery
520c3a8b9d
securetty.5: Note that the pam_securetty module also uses this file
...
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528015
This patch is a modified version of the one proposed without
parts specific to Debian.
Reported-by: Nicolas FRANCOIS <nicolas.francois@centraliens.net>
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-08 09:52:13 +01:00
Michael Kerrisk
416d987671
posix_fadvise.2: wfix
...
Reported-by: Chris Delozier <c.s.delozier@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-08 09:52:13 +01:00
Stéphane Aulery
ea36508af1
filesystems.5: ffix
...
Order the list of filesystems by name
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-08 09:52:13 +01:00
Stéphane Aulery
7b46b4fae3
host.conf.5, hosts.5, resolv.conf.5: Cross references of these pages.
...
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298259
Reported-by: Paul E Condon <pecondon@mesanetworks.net>
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-08 09:51:54 +01:00
Stéphane Aulery
cd22e342ff
ldd.1: Order SEE ALSO section
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-08 08:55:07 +01:00
Stéphane Aulery
d282bb247b
iconv.1, localedef.1, access.2, execveat.2, fanotify_init.2, futex.2, ioctl_fat.2, mount.2, ftw.3, sd.4, tty_ioctl.4, fanotify.7, futex.7, posixoptions.7, iconvconfig.8: srcfix: Remove useless quotes from .SS and .SH sections
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-08 08:55:03 +01:00
Michael Kerrisk
fe3e2b4e4a
user_namespaces.7: Tweaks to /proc/PID/setgroups text
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-07 08:31:39 +01:00
Michael Kerrisk
34bcced069
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:53:43 +01:00
Michael Kerrisk
690c890a75
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:44:41 +01:00
Michael Kerrisk
50b49f0b54
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:43:45 +01:00
Michael Kerrisk
1fc04edfbb
user_namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:42:17 +01:00
Michael Kerrisk
31a7d5060a
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:40:32 +01:00
Michael Kerrisk
b37c3036bb
filesystems.5: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:33:45 +01:00
Michael Kerrisk
b7a89be42c
filesystems.5: Remove dubious claim about comparative performance of ext2
...
Perhaps it was the best filesystem performance-wise in
the 20th century, when that text was written. That probaly
ceased to be true quite a long time ago, though.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:29:55 +01:00
Stéphane Aulery
eaf096254c
filesystems.5: Add cross references for ext filesystems
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 22:25:40 +01:00
Michael Kerrisk
6c8571e079
user_namespaces.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 20:13:57 +01:00
Ma Shimiao
9da4cd7d47
getwchar.3: ATTRIBUTES: Note function that is thread-safe
...
The marking matches glibc marking.
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 15:02:37 +01:00
Stéphane Aulery
4ca1679e52
intro.1: ffix
...
Highlighting like other commands
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:51 +01:00
Stéphane Aulery
144685a73a
intro.1: Prompt is not % but $
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:51 +01:00
Stéphane Aulery
af2908c3cf
intro.1: ffix
...
Filenames in italic
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:51 +01:00
Stéphane Aulery
d1f129d4d4
intro.1: ffix
...
User input in bold
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:51 +01:00
Stéphane Aulery
b35813db33
intro.1: Add cross references cited
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:51 +01:00
Michael Kerrisk
7566936006
filesystems.5: Fixup: Reverse earlier change to case of filesystem names
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:34 +01:00
Stéphane Aulery
c2c247dc56
filesystems.5: ffix
...
Highlight all file systems citations
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:34 +01:00
Stéphane Aulery
c8375cf207
filesystems.5: wfix
...
XIA filesystem Linux module name is xiafs
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:34 +01:00
Stéphane Aulery
895fe6f029
filesystems.5: ffix
...
All filesystems in lowercase
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:34 +01:00
Stéphane Aulery
5bc93c9f3d
filesystems.5: Specifies the scope of this list and its limits.
...
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:34 +01:00
Stéphane Aulery
1258e3251b
filesystems.5: srcfix
...
Remove useless quotes
Signed-off-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-06 14:56:34 +01:00
Michael Kerrisk
d06a6170dd
proc.5: Replace description of 'uid_map' with a reference to user_namespaces(7)
...
All of the information in proc(5) was also present in
user_namespaces(7), but the latter was more detailed
and up to date.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
4990f759aa
user_namespaces.7: wspfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
c38a2a0473
user_namespaces.7: Handle /proc/PID/setgroups in the example program
...
Reported-by: Alban Crequy <alban.crequy@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
ecb0ff30e8
user_namespaces.7: Explain why the /proc/PID/setgroups file was added
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
d6add5efa2
user_namespaces.7: Rework test describing restrictions on updating /proc/PID/setgroups
...
No (intentional) changes to factual description, but the
restructured text is hopefully easier to grasp.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
30b33164cb
user_namespaces.7: Rework some text describing permission rules for updating map files
...
No (intentional) change to the facts, but this restructuring
should make the meaning easier to grasp.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
a1d4cbf4f8
getgroups.2: Refer reader to user_namespaces(7) for discussion of /proc/PID/setgroups
...
The discussion of /proc/PID/setgroups has moved from
proc(5) to user_namespaces(7).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
ab28dba9a0
proc.5, user_namespaces.7: Migrate description of /proc/PID/setgroups to user_namespaces(7)
...
It makes sense to have the description of this file
in the general discussion of user namespaces.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
4e2683f9a3
getgroups.2: Note kernel version for EPERM /proc/PID/setgroups error case
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Ma Shimiao
b640fcfad1
wcstombs.3: ATTRIBUTES: Note function that is thread-safe
...
The marking matches glibc marking.
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Ma Shimiao
988517af15
wctob.3: ATTRIBUTES: Note function that is thread-safe
...
The marking matches glibc marking.
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Ma Shimiao
8ae2d62531
popen.3: ATTRIBUTES: Note functions that are thread-safe
...
The marking matches glibc marking.
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
a0726dbfdd
proc.5: Tweaks to /proc/PID/setgroups text
...
After comments from Eric Biederman
Cowritten-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
f72de267d9
user_namespaces.7: srcfix: FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
364ce93556
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Michael Kerrisk
f2d61dbbaa
user_namespaces.7: Some tweaks to Eric Biederman's patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:11:02 +01:00
Eric W. Biederman
0c9abe8b8c
user_namespaces.7: Update the documentation to reflect the fixes for negative groups
...
Files with access permissions such as rwx---rwx give fewer
permissions to their group then they do to everyone else. Which
means dropping groups with setgroups(0, NULL) actually grants a
process privileges.
The unprivileged setting of gid_map turned out not to be safe
after this change. Privileged setting of gid_map can be
interpreted as meaning yes it is ok to drop groups. [ Eric
additionally noted: Setting of gid_map with privilege has been
clarified to mean that dropping groups is ok. This allows
existing programs that set gid_map with privilege to work
without changes. That is, newgidmap(1) continues to work
unchanged.]
To prevent this problem and future problems, user namespaces were
changed in such a way as to guarantee a user can not obtain
credentials without privilege that they could not obtain without
the help of user namespaces.
This meant testing the effective user ID and not the filesystem
user ID, as setresuid(2) and setregid(2) allow setting any process
UID or GID (except the supplementary groups) to the effective ID.
Furthermore, to preserve in some form the useful applications
that have been setting gid_map without privilege, the file
/proc/[pid]/setgroups was added to allow disabling setgroups(2).
With setgroups(2) permanently disabled in a user namespace, it
again becomes safe to allow writes to gid_map without privilege.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-04 15:10:02 +01:00
Michael Kerrisk
6bb49a3266
proc.5: Tweak's to Eric Biederman's patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:39 +01:00
Michael Kerrisk
de04dd4df3
proc.5: Add some details on /proc/PID/setgroups
...
And generally rework the text.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:39 +01:00
Michael Kerrisk
c06e4b9664
getgroups.2: ERRORS: add EPERM for the case where /proc/PID/setgroups is "deny"
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-03 15:49:39 +01:00