LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity
16,275 Commits 1 Branch 197 Tags 93 MiB
Commit Graph

2731 Commits

Author SHA1 Message Date
Michael Kerrisk 1a99804a1c capabilities.7: SEE ALSO: add proc(5) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-09-20 16:57:11 +02:00
Michael Kerrisk 6f858d5ccc lirc.4, proc.5, netlink.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-09-16 12:42:20 +02:00
Michael Kerrisk af0cb4bd54 raw.7: Clarify user namespace requirements for CAP_NET_RAW 
Also remove mention of UID 0 as a method or creating
a raw socket. As far as I can tell from reading the
kernel source (net/ipv4/af_inet.c), this is not true.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-09-12 20:34:22 +01:00
Michael Kerrisk f71d155750 packet.7: Clarify user namespace requirements for CAP_NET_RAW 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-09-12 20:34:22 +01:00
Michael Kerrisk ed1ba8a5eb bindresvport.3, rcmd.3, ip.7: Note user namespace requirements for CAP_NET_BIND_SERVICE 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-09-12 20:34:22 +01:00
Michael Kerrisk 70b723049c ip.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-09-12 20:34:22 +01:00
Michael Kerrisk 0d86f49075 socket.7: SIOCSPGRP: refer to fcntl(2) F_SETOWN for correct permission rules 
The permission rules described for SIOCCPGRP are wrong. Rather
than repeat the rules here, just refer the reader to fcntl(2),
where the rules are described for F_SETOWN.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-09-12 14:04:45 +01:00
Michael Kerrisk 9d604ae9a7 credentials.7: SEE ALSO: add setsid(2) and setpgid(2) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-09-12 06:34:34 +01:00
Michael Kerrisk dc1f897234 ip.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-23 18:26:12 +12:00
Michael Kerrisk 173fa792d5 ip.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-23 18:21:03 +12:00
Michael Kerrisk a2bb780cf0 ddp.7: grfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-23 16:46:20 +12:00
Michael Kerrisk bb05e249ae ddp.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-23 16:44:24 +12:00
Michael Kerrisk c1aac5e301 fifo.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-23 10:27:00 +12:00
Michael Kerrisk 1a0dff18b2 capabilities.7: Minor tweaks to Matthew Saunders' patch 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-20 11:37:42 +12:00
Michael Kerrisk 1f601b1c28 capabilities.7: Add note about nosuid to file capabilities section 2016-08-20 11:31:26 +12:00
David Turner 41185b1261 cpuset.7: tfix 2016-08-17 17:07:32 +12:00
Michael Kerrisk 61775a254e fifo.7: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-17 08:09:28 +12:00
Michael Kerrisk 1bceaaee94 glob.7: Clarify that syntactically incorrect patterns are left unchanged 
Reported-by: Arnaud Gaillard <arnaud.mgaillard@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-12 07:14:42 +12:00
Michael Kerrisk 2a69e8175e ascii.7: Eliminate groff "cannot adjust line" warnings 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-12 07:14:42 +12:00
Michael Kerrisk a4680ab51d user_namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:16 +10:00
Michael Kerrisk ba4add12fd mq_overview.7: Fix section ordering 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:15 +10:00
Michael Kerrisk c307aecd09 mount_namespaces.7: Fix section ordering 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:15 +10:00
Michael Kerrisk e664450b01 cgroup_namespaces.7: Fix section ordering 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:15 +10:00
Michael Kerrisk 584c8ee025 sched.7: Fix order of SEE ALSO entries 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:14 +10:00
Michael Kerrisk c9c01cdbcb capabilities.7: Fix order of SEE ALSO entries 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:14 +10:00
Michael Kerrisk 3525268cbd user_namespaces.7: Fix order of SEE ALSO entries 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:14 +10:00
Michael Kerrisk b4cb896f5b signal.7: Fix order of SEE ALSO entries 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:14 +10:00
Michael Kerrisk 4493c840d7 pthreads.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:14 +10:00
Michael Kerrisk b10cb05c99 pid_namespaces.7: Fix order of SEE ALSO entries 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:14 +10:00
Michael Kerrisk 109aa73d3f environ.7: Fix order of SEE ALSO entries 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:14 +10:00
Michael Kerrisk d17b32ada1 credentials.7: Fix order of SEE ALSO entries 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:14 +10:00
Michael Kerrisk bbbaa1f642 xattr.7: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:12 +10:00
Michael Kerrisk bf7bc8b898 arch_prctl.2, execveat.2, fanotify_mark.2, fcntl.2, fork.2, madvise.2, mknod.2, mmap.2, modify_ldt.2, mount.2, open.2, prctl.2, ptrace.2, restart_syscall.2, seccomp.2, semop.2, set_thread_area.2, symlink.2, umount.2, unlink.2, error.3, getnetent.3, getprotoent.3, getservent.3, getutent.3, glob.3, login.3, setjmp.3, setnetgrent.3, wordexp.3, epoll.7: Remove section number from page self reference 
Fix places where pages refer to the function that they describe
and include a section number in that reference. Such references
cause some HTML-rendering tools to create self-references in the
page.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:12 +10:00
Michael Kerrisk 0ec74e08e3 cgroups.7: tfix 
Reported-by: Local Lembke <logan@blackhillsinfosec.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-07-27 14:33:30 +02:00
Michael Kerrisk 110039c1da unix.7: Remove mention of recvmsg() from discussion of EPIPE error 
See https://bugzilla.kernel.org/show_bug.cgi?id=137351

Reported-by: Laurent Georget <laurent.georget@supelec.fr>
Reported-by: Ivan Kharpalev <ivan.kharpalev@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-07-24 21:27:09 +02:00
Michael Kerrisk 3df541c0e6 ldd.1, localedef.1, add_key.2, chroot.2, clone.2, fork.2, futex.2, get_mempolicy.2, get_robust_list.2, getitimer.2, getpriority.2, ioctl.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, kcmp.2, kill.2, lookup_dcookie.2, mmap.2, mount.2, open.2, pciconfig_read.2, perf_event_open.2, prctl.2, process_vm_readv.2, ptrace.2, quotactl.2, recv.2, setfsgid.2, setfsuid.2, sysinfo.2, umask.2, umount.2, unshare.2, utimensat.2, wait.2, assert.3, fmax.3, fmin.3, getauxval.3, inet_pton.3, malloc_hook.3, memmem.3, mkdtemp.3, mktemp.3, printf.3, strcasecmp.3, strcat.3, strtoul.3, strxfrm.3, console_codes.4, console_ioctl.4, lirc.4, tty.4, vcs.4, charmap.5, elf.5, locale.5, proc.5, repertoiremap.5, utmp.5, capabilities.7, cgroup_namespaces.7, cgroups.7, charsets.7, cp1251.7, cp1252.7, credentials.7, feature_test_macros.7, iso_8859-1.7, iso_8859-15.7, iso_8859-5.7, koi8-r.7, koi8-u.7, man-pages.7, mount_namespaces.7, namespaces.7, netlink.7, pid_namespaces.7, unix.7, user_namespaces.7, utf-8.7: tstamp 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-07-17 18:10:19 +02:00
Michael Kerrisk 8c74a1cea4 user_namespaces.7: Clarify details of CAP_SYS_ADMIN and cgroup v1 mounts 
With respect to cgroups version 1, CAP_SYS_ADMIN in the user
namespace allows only *named* hierarchies to be mounted (and
not hierarchies that have a controller).

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-07-07 14:30:01 +02:00
Michael Kerrisk c7e077eaa4 user_namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-07-07 13:59:24 +02:00
Michael Kerrisk c0ada844e0 man-pages.7: Add a few more details on formatting conventions 
Add some more details for Section 1 and 8 formatting.
Separate out formatting discussion into commands, functions,
and "general".

In part triggered by https://bugzilla.kernel.org/show_bug.cgi?id=121211

Reported-by: Josh Triplett <josh@kernel.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-07-07 13:23:13 +02:00
Michael Kerrisk 0b9200154c man-pages.7: Clarify which sections man-pages provides man pages for 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-07-07 13:23:13 +02:00
Jakub Wilk 1481407a2e mount_namespaces.7: tfix 
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
 2016-07-07 12:16:28 +02:00
Jakub Wilk 26213e0e53 ip.7: tfix 
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
 2016-07-07 12:15:58 +02:00
Michael Kerrisk ba5fd8d940 capabilities.7: Note on SECURE_NO_CAP_AMBIENT_RAISE for capabilities-only environment 
A few months after applying Andy Lutomirski's patch that documented
ambient capabilities, I found myself again asking a question
that I'd already once asked of Any. So, best to be more explicit
in the man page that setting/locking SECBIT_NO_CAP_AMBIENT_RAISE
is not required when using prctl(PR_SET_SECUREBITS) to create
a capabilities-only environment.

This was the 4 Dec 2015 reply from Andy to my question:

    > In the capabilities(7) page tehre is the longstanding text:
    >
    >        An  application  can use the following call to lock itself, and
    >        all of its descendants, into an environment where the only  way
    >        of  gaining capabilities is by executing a program with associ‐
    >        ated file capabilities:
    >
    >            prctl(PR_SET_SECUREBITS,
    >                    SECBIT_KEEP_CAPS_LOCKED |
    >                    SECBIT_NO_SETUID_FIXUP |
    >                    SECBIT_NO_SETUID_FIXUP_LOCKED |
    >                    SECBIT_NOROOT |
    >                    SECBIT_NOROOT_LOCKED);
    >
    > As far as I can estimate, no changes are needed here to include
    > SECBIT_NO_CAP_AMBIENT_RAISE and SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED
    > in the above prctl() call, but could you confirm please?

    Correct.  I'll probably write up a patch to suggest that doing this is
    a poor idea on a conventional distro, though, and I'll explain why.  I
    suppose than deleting this would be an option, too.

Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-07-07 09:06:43 +02:00
Michael Kerrisk c54fbb8c3d capabilities.7: Add a detail on use of securebits 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-07-07 08:13:23 +02:00
Jakub Wilk 658a3012f8 bootparam.7: tfix 
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
 2016-07-01 20:57:31 +02:00
Michael Kerrisk f481726d64 mount_namespaces.7: Minor fixes 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-06-30 06:08:32 +02:00
Michael Kerrisk e210919644 mount_namespaces.7: Describe "dominant peer group" and "propagate_from" mountinfo tag 
Reported-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-06-30 06:08:32 +02:00
Michael Kerrisk da031af127 namespaces.7: Refer to new mount_namespaces(7) for information on mount namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-06-30 06:08:31 +02:00
Michael Kerrisk d9cdf357c9 mount_namespaces.7: Minor tweaks 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-06-30 06:08:31 +02:00
Michael Kerrisk 98c28960c3 mount_namespaces.7: New page describing mount namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-06-30 06:08:31 +02:00