bf92bef9c9
capabilities.7: spfix
...
Fix capitalization in the reference to section "Effect of user ID
changes on capabilities".
Capitalization of the section name was changed in
c634028ab5
2016-02-29 12:22:21 +01:00
f6f85d2db1
capabilities.7: tfix
...
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-02-28 14:39:08 +01:00
bc0c82b158
capabilities.7: tfix
...
Reported-by: Marianne CHEVROT <blackmoor@openmailbox.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-02-26 16:31:44 +01:00
787dd4ad3a
membarrier.2, crypt.3, dladdr.3, duplocale.3, fmemopen.3, gethostbyname.3, mallopt.3, newlocale.3, resolver.3, sigsetops.3, strfmon.3, tzset.3, console_ioctl.4, lirc.4, loop.4, vcs.4, dir_colors.5, locale.5, proc.5, tzfile.5, attributes.7, bootparam.7, capabilities.7, feature_test_macros.7, icmp.7, man-pages.7, netlink.7, path_resolution.7, pipe.7, socket.7, unix.7, vdso.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-02-03 09:14:22 +01:00
6f3c74a8b9
mremap.2, open.2, perf_event_open.2, prctl.2, ptrace.2, reboot.2, seccomp.2, signalfd.2, syscalls.2, __ppc_set_ppr_med.3, daemon.3, dirfd.3, fgetgrent.3, fgetpwent.3, getauxval.3, getspnam.3, mallinfo.3, mallopt.3, posix_fallocate.3, termios.3, tty_ioctl.4, core.5, nsswitch.conf.5, proc.5, aio.7, capabilities.7, path_resolution.7, pipe.7, rtld-audit.7, signal.7, tcp.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-12-05 10:46:28 +01:00
3375bef146
capabilities.7: Various additions and reworkings for ambient capability text
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-12-04 10:44:46 +01:00
e574dcd0ac
capabilities.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-12-04 10:44:46 +01:00
6260f4cd27
capabilities.7: Document ambient capabilities
...
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-12-04 10:44:45 +01:00
0563f2047b
capabilities.7: CAP_SYS_ADMIN allows calling bpf(2)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-07-23 15:37:26 +02:00
67d2c6873c
add_key.2, chown.2, epoll_ctl.2, epoll_wait.2, execve.2, fcntl.2, get_mempolicy.2, getxattr.2, ioctl.2, keyctl.2, listxattr.2, mkdir.2, mknod.2, mmap.2, msync.2, nfsservctl.2, open.2, prctl.2, removexattr.2, request_key.2, sendfile.2, set_mempolicy.2, setxattr.2, shmget.2, shutdown.2, sigaction.2, syslog.2, truncate.2, umask.2, CPU_SET.3, atexit.3, bsearch.3, cmsg.3, err.3, gethostid.3, getmntent.3, getopt.3, iconv_close.3, inet_ntop.3, longjmp.3, lsearch.3, mcheck.3, on_exit.3, putpwent.3, regex.3, resolver.3, setbuf.3, setjmp.3, setlocale.3, setlogmask.3, sleep.3, strsignal.3, sysconf.3, undocumented.3, tty_ioctl.4, proc.5, resolv.conf.5, tzfile.5, aio.7, bootparam.7, capabilities.7, fanotify.7, inotify.7, ip.7, packet.7, pthreads.7, raw.7, signal.7, socket.7, unix.7, ld.so.8, nscd.8: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-05-07 08:26:32 +02:00
89fabe2e91
getxattr.2, listxattr.2, removexattr.2, setxattr.2, capabilities.7: Adjust "attr(5)" references to "xattr(7)"
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-22 14:40:38 +02:00
ed948c28b3
chown.2, execve.2, prctl.2, truncate.2, proc.5, capabilities.7, ld.so.8: Tighter wording: 'mode bit' rather than 'permission bit'
...
For sticky, set-UID, and set-GID mode bits (as used in POSIX).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-21 14:36:59 +02:00
e32f89181b
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:21 +01:00
596aa7032a
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:21 +01:00
11d6214a21
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 19:25:21 +01:00
7e3aca25bc
capabilities.7: Mention SECBIT_KEEP_CAPS as an alternative to prctl() PR_SET_KEEPCAPS
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-02-21 08:32:11 +01:00
f794d5274f
capabilities.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-02-21 08:32:11 +01:00
6016943675
capabilities.7: Minor tweaks
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-02-21 08:32:11 +01:00
16512b57bc
capabilities.7: NOTES: add last kernel versions for obsolete options
...
The CONFIG_SECURITY_CAPABILITIES option was removed by
commit 5915eb53861c5776cfec33ca4fcc1fd20d66dd27
The CONFIG_SECURITY_FILE_CAPABILITIES option removed in
Linux 2.6.33 as already mentioned in DESCRIPTION.
Signed-off-by: Chris Mayo <aklhfex@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-02-21 08:32:11 +01:00
9dc53e71c2
kexec_load.2, personality.2, prctl.2, reboot.2, socket.2, fflush.3, getopt.3, random.3, termios.3, random.4, passwd.5, capabilities.7, signal.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-02-01 17:14:12 +01:00
1d2bf1840c
capabilities.7: SEE ALSO: add setpriv(1)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-02-01 09:32:37 +01:00
f5ac5bbfd4
capabilities.7: Minor improvement of detail
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-16 08:15:05 +01:00
a2d5944156
capabilities.7: tfix
...
Reported-by: Christian Seiler <christian@iwakd.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-16 08:13:29 +01:00
e7e006f279
getdents.2, capabilities.7, symlink.7: tfix: Change 'i-node' to 'inode'
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-11-12 22:32:40 +01:00
daf084cc33
clone.2, flock.2, getpid.2, getunwind.2, mount.2, reboot.2, semop.2, seteuid.2, setgid.2, setns.2, setresuid.2, setreuid.2, setuid.2, uname.2, unshare.2, clock.3, drand48.3, proc.5, capabilities.7, credentials.7, mq_overview.7, namespaces.7, pid_namespaces.7, svipc.7, user_namespaces.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-21 11:23:07 +02:00
19b06c778d
capabilities.7: Refer reader to user_namespaces(7) for a discussion of capabilities
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
c3b49118b9
capabilities.7: setns() needs CAP_SYS_ADMIN in the *target* namespace
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
f58fb24f16
clone.2, seteuid.2, setgid.2, setresuid.2, setreuid.2, setuid.2, unshare.2, capabilities.7, credentials.7: Change reference to namespaces(7) to user_namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
a7d96776a1
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
5bea231de3
capabilities.7: Document CAP_SETUID and CAP_SETGID for user namespace mappings
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
c67d3814e7
capabilities.7: Since Linux 3.8, user namespaces no longer require CAP_SYS_ADMIN
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
bea08fec7e
adjtimex.2, bind.2, cacheflush.2, clone.2, fallocate.2, fanotify_init.2, fanotify_mark.2, flock.2, futex.2, getdents.2, getpriority.2, getrlimit.2, gettid.2, gettimeofday.2, ioprio_set.2, kexec_load.2, migrate_pages.2, modify_ldt.2, mount.2, move_pages.2, mprotect.2, msgop.2, nfsservctl.2, perf_event_open.2, pread.2, ptrace.2, recvmmsg.2, rename.2, restart_syscall.2, sched_setattr.2, send.2, shmop.2, shutdown.2, sigaction.2, signalfd.2, syscalls.2, timer_create.2, timerfd_create.2, tkill.2, vmsplice.2, wait.2, aio_init.3, confstr.3, exit.3, fmemopen.3, fopen.3, getaddrinfo.3, getauxval.3, getspnam.3, isalpha.3, isatty.3, mallinfo.3, malloc.3, mallopt.3, psignal.3, pthread_attr_setinheritsched.3, qecvt.3, queue.3, rtnetlink.3, strerror.3, strftime.3, toupper.3, towlower.3, towupper.3, initrd.4, locale.5, proc.5, bootparam.7, capabilities.7, ddp.7, fanotify.7, icmp.7, inotify.7, ip.7, ipv6.7, netdevice.7, netlink.7, path_resolution.7, rtld-audit.7, rtnetlink.7, sched.7, signal.7, socket.7, svipc.7, tcp.7, unix.7, ld.so.8: srcfix: Update FIXMEs
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-08-21 16:47:44 -05:00
8980a50087
access.2, bdflush.2, bind.2, brk.2, chmod.2, chown.2, clone.2, epoll_wait.2, execve.2, fsync.2, getgroups.2, gethostname.2, getpagesize.2, getpriority.2, getrlimit.2, ioperm.2, kexec_load.2, link.2, mkdir.2, mmap.2, msgop.2, perf_event_open.2, process_vm_readv.2, ptrace.2, readlink.2, readv.2, recv.2, rename.2, sched_setaffinity.2, select.2, send.2, seteuid.2, signal.2, sigwaitinfo.2, stat.2, symlink.2, sync.2, sync_file_range.2, sysinfo.2, timer_create.2, uname.2, unlink.2, utime.2, wait.2, abs.3, atoi.3, catopen.3, cerf.3, cexp2.3, clearenv.3, clog2.3, ctime.3, des_crypt.3, ecvt.3, fgetgrent.3, flockfile.3, fseeko.3, ftime.3, ftok.3, ftw.3, getauxval.3, getcwd.3, getdtablesize.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, getline.3, getpass.3, getutent.3, glob.3, insque.3, lseek64.3, memmem.3, mkstemp.3, mktemp.3, on_exit.3, openpty.3, putenv.3, qecvt.3, realpath.3, remove.3, setbuf.3, sigpause.3, strftime.3, strptime.3, strstr.3, strtod.3, tzset.3, updwtmp.3, xcrypt.3, core.5, utmp.5, capabilities.7, charsets.7, environ.7, ipv6.7, man-pages.7, packet.7, vdso.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-08-19 11:55:41 -05:00
c81cea2caa
capabilities.7: Add CAP_AUDIT_READ
...
CAP_AUDIT_READ is new in Linux 3.16.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-08-18 17:14:16 -05:00
79a022a606
capabilities.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-08-01 21:59:25 +02:00
a0fc2d2b9c
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-07-30 08:40:01 +02:00
b8f84ce202
capabilities.7: CAP_SYS_PTRACE allows process_vm_readv(2) and process_vm_writev(2)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-05-22 08:23:26 +02:00
5f94327cf5
capabilities.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-05-22 08:23:26 +02:00
eb64a9cb28
capabilities.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-05-22 08:23:26 +02:00
1a3b63f7a0
capabilities.7: CAP_SYS_ADMIN allows overriding RLIMIT_NPROC
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-05-22 08:23:26 +02:00
838ad419e2
capabilities.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-05-22 08:23:26 +02:00
3d15531307
chown.2, fcntl.2, futex.2, recvmmsg.2, sched_setscheduler.2, semget.2, shmget.2, malloc.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_setaffinity_np.3, strcpy.3, capabilities.7, cpuset.7, credentials.7, pthreads.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-05-21 13:15:30 +02:00
f96787ab34
capabilities.7: Mention sched_setattr(2) under CAP_SYS_NICE
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-05-14 20:45:29 +02:00
e8a700f9ae
capabilities.7: SEE ALSO: add capsh(1)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-04-09 15:27:32 +02:00
b752509ac2
capabilities.7: grfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-03-26 13:54:53 +01:00
f7407651f6
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-01-03 10:11:34 +13:00
5c0fa6d885
capabilities.7: Fix 2 version numbers under "Effect of user ID changes on capabilities"
...
Reported by Liu Jiaming <storypku@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-09-27 11:17:46 +02:00
9ee4a2b6ec
intro.1, time.1, access.2, acct.2, alloc_hugepages.2, bind.2, chdir.2, chmod.2, chown.2, chroot.2, clone.2, close.2, execve.2, fallocate.2, fcntl.2, getdents.2, getrusage.2, getxattr.2, init_module.2, inotify_add_watch.2, ioprio_set.2, kcmp.2, link.2, listxattr.2, lseek.2, madvise.2, mkdir.2, mknod.2, mmap.2, mount.2, move_pages.2, msgctl.2, nfsservctl.2, open.2, pivot_root.2, quotactl.2, read.2, readlink.2, removexattr.2, rename.2, rmdir.2, semctl.2, setfsgid.2, setfsuid.2, setresuid.2, setuid.2, setup.2, setxattr.2, shmctl.2, splice.2, spu_create.2, stat.2, statfs.2, swapon.2, symlink.2, sync.2, sync_file_range.2, sysfs.2, truncate.2, umount.2, unlink.2, unshare.2, ustat.2, utime.2, utimensat.2, write.2, btree.3, errno.3, fexecve.3, ftw.3, futimes.3, get_nprocs_conf.3, getcwd.3, getdirentries.3, getmntent.3, glob.3, mkfifo.3, mq_open.3, readdir.3, realpath.3, recno.3, remove.3, sem_open.3, shm_open.3, statvfs.3, sysconf.3, telldir.3, tmpfile.3, cciss.4, initrd.4, pts.4, sk98lin.4, vcs.4, core.5, filesystems.5, proc.5, boot.7, bootparam.7, capabilities.7, cpuset.7, credentials.7, feature_test_macros.7, fifo.7, hier.7, inotify.7, intro.7, mq_overview.7, path_resolution.7, pipe.7, sem_overview.7, shm_overview.7, spufs.7, symlink.7, unix.7, uri.7, sync.8: Global fix: s/file system/filesystem/
...
Notwithstanding 24d01c530c
2013-08-08 10:07:57 +02:00
ab5deaea0d
fchownat.2, fstatat.2, linkat.2, capabilities.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-07-20 23:12:07 +02:00
a537062ef5
capabilities.7: Add open_by_handle_at(2) under CAP_DAC_READ_SEARCH
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-07-20 23:11:02 +02:00
Jakub Wilk