Michael Kerrisk
1a99804a1c
capabilities.7: SEE ALSO: add proc(5)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-20 16:57:11 +02:00
Michael Kerrisk
6f858d5ccc
lirc.4, proc.5, netlink.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-16 12:42:20 +02:00
Michael Kerrisk
af0cb4bd54
raw.7: Clarify user namespace requirements for CAP_NET_RAW
...
Also remove mention of UID 0 as a method or creating
a raw socket. As far as I can tell from reading the
kernel source (net/ipv4/af_inet.c), this is not true.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:34:22 +01:00
Michael Kerrisk
f71d155750
packet.7: Clarify user namespace requirements for CAP_NET_RAW
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:34:22 +01:00
Michael Kerrisk
ed1ba8a5eb
bindresvport.3, rcmd.3, ip.7: Note user namespace requirements for CAP_NET_BIND_SERVICE
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:34:22 +01:00
Michael Kerrisk
70b723049c
ip.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 20:34:22 +01:00
Michael Kerrisk
0d86f49075
socket.7: SIOCSPGRP: refer to fcntl(2) F_SETOWN for correct permission rules
...
The permission rules described for SIOCCPGRP are wrong. Rather
than repeat the rules here, just refer the reader to fcntl(2),
where the rules are described for F_SETOWN.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 14:04:45 +01:00
Michael Kerrisk
9d604ae9a7
credentials.7: SEE ALSO: add setsid(2) and setpgid(2)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 06:34:34 +01:00
Michael Kerrisk
dc1f897234
ip.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-23 18:26:12 +12:00
Michael Kerrisk
173fa792d5
ip.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-23 18:21:03 +12:00
Michael Kerrisk
a2bb780cf0
ddp.7: grfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-23 16:46:20 +12:00
Michael Kerrisk
bb05e249ae
ddp.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-23 16:44:24 +12:00
Michael Kerrisk
c1aac5e301
fifo.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-23 10:27:00 +12:00
Michael Kerrisk
1a0dff18b2
capabilities.7: Minor tweaks to Matthew Saunders' patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-20 11:37:42 +12:00
Michael Kerrisk
1f601b1c28
capabilities.7: Add note about nosuid to file capabilities section
2016-08-20 11:31:26 +12:00
David Turner
41185b1261
cpuset.7: tfix
2016-08-17 17:07:32 +12:00
Michael Kerrisk
61775a254e
fifo.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-17 08:09:28 +12:00
Michael Kerrisk
1bceaaee94
glob.7: Clarify that syntactically incorrect patterns are left unchanged
...
Reported-by: Arnaud Gaillard <arnaud.mgaillard@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-12 07:14:42 +12:00
Michael Kerrisk
2a69e8175e
ascii.7: Eliminate groff "cannot adjust line" warnings
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-12 07:14:42 +12:00
Michael Kerrisk
a4680ab51d
user_namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:16 +10:00
Michael Kerrisk
ba4add12fd
mq_overview.7: Fix section ordering
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:15 +10:00
Michael Kerrisk
c307aecd09
mount_namespaces.7: Fix section ordering
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:15 +10:00
Michael Kerrisk
e664450b01
cgroup_namespaces.7: Fix section ordering
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:15 +10:00
Michael Kerrisk
584c8ee025
sched.7: Fix order of SEE ALSO entries
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:14 +10:00
Michael Kerrisk
c9c01cdbcb
capabilities.7: Fix order of SEE ALSO entries
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:14 +10:00
Michael Kerrisk
3525268cbd
user_namespaces.7: Fix order of SEE ALSO entries
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:14 +10:00
Michael Kerrisk
b4cb896f5b
signal.7: Fix order of SEE ALSO entries
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:14 +10:00
Michael Kerrisk
4493c840d7
pthreads.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:14 +10:00
Michael Kerrisk
b10cb05c99
pid_namespaces.7: Fix order of SEE ALSO entries
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:14 +10:00
Michael Kerrisk
109aa73d3f
environ.7: Fix order of SEE ALSO entries
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:14 +10:00
Michael Kerrisk
d17b32ada1
credentials.7: Fix order of SEE ALSO entries
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:14 +10:00
Michael Kerrisk
bbbaa1f642
xattr.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:12 +10:00
Michael Kerrisk
bf7bc8b898
arch_prctl.2, execveat.2, fanotify_mark.2, fcntl.2, fork.2, madvise.2, mknod.2, mmap.2, modify_ldt.2, mount.2, open.2, prctl.2, ptrace.2, restart_syscall.2, seccomp.2, semop.2, set_thread_area.2, symlink.2, umount.2, unlink.2, error.3, getnetent.3, getprotoent.3, getservent.3, getutent.3, glob.3, login.3, setjmp.3, setnetgrent.3, wordexp.3, epoll.7: Remove section number from page self reference
...
Fix places where pages refer to the function that they describe
and include a section number in that reference. Such references
cause some HTML-rendering tools to create self-references in the
page.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:12 +10:00
Michael Kerrisk
0ec74e08e3
cgroups.7: tfix
...
Reported-by: Local Lembke <logan@blackhillsinfosec.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-27 14:33:30 +02:00
Michael Kerrisk
110039c1da
unix.7: Remove mention of recvmsg() from discussion of EPIPE error
...
See https://bugzilla.kernel.org/show_bug.cgi?id=137351
Reported-by: Laurent Georget <laurent.georget@supelec.fr>
Reported-by: Ivan Kharpalev <ivan.kharpalev@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-24 21:27:09 +02:00
Michael Kerrisk
3df541c0e6
ldd.1, localedef.1, add_key.2, chroot.2, clone.2, fork.2, futex.2, get_mempolicy.2, get_robust_list.2, getitimer.2, getpriority.2, ioctl.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, kcmp.2, kill.2, lookup_dcookie.2, mmap.2, mount.2, open.2, pciconfig_read.2, perf_event_open.2, prctl.2, process_vm_readv.2, ptrace.2, quotactl.2, recv.2, setfsgid.2, setfsuid.2, sysinfo.2, umask.2, umount.2, unshare.2, utimensat.2, wait.2, assert.3, fmax.3, fmin.3, getauxval.3, inet_pton.3, malloc_hook.3, memmem.3, mkdtemp.3, mktemp.3, printf.3, strcasecmp.3, strcat.3, strtoul.3, strxfrm.3, console_codes.4, console_ioctl.4, lirc.4, tty.4, vcs.4, charmap.5, elf.5, locale.5, proc.5, repertoiremap.5, utmp.5, capabilities.7, cgroup_namespaces.7, cgroups.7, charsets.7, cp1251.7, cp1252.7, credentials.7, feature_test_macros.7, iso_8859-1.7, iso_8859-15.7, iso_8859-5.7, koi8-r.7, koi8-u.7, man-pages.7, mount_namespaces.7, namespaces.7, netlink.7, pid_namespaces.7, unix.7, user_namespaces.7, utf-8.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-17 18:10:19 +02:00
Michael Kerrisk
8c74a1cea4
user_namespaces.7: Clarify details of CAP_SYS_ADMIN and cgroup v1 mounts
...
With respect to cgroups version 1, CAP_SYS_ADMIN in the user
namespace allows only *named* hierarchies to be mounted (and
not hierarchies that have a controller).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-07 14:30:01 +02:00
Michael Kerrisk
c7e077eaa4
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-07 13:59:24 +02:00
Michael Kerrisk
c0ada844e0
man-pages.7: Add a few more details on formatting conventions
...
Add some more details for Section 1 and 8 formatting.
Separate out formatting discussion into commands, functions,
and "general".
In part triggered by https://bugzilla.kernel.org/show_bug.cgi?id=121211
Reported-by: Josh Triplett <josh@kernel.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-07 13:23:13 +02:00
Michael Kerrisk
0b9200154c
man-pages.7: Clarify which sections man-pages provides man pages for
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-07 13:23:13 +02:00
Jakub Wilk
1481407a2e
mount_namespaces.7: tfix
...
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
2016-07-07 12:16:28 +02:00
Jakub Wilk
26213e0e53
ip.7: tfix
...
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
2016-07-07 12:15:58 +02:00
Michael Kerrisk
ba5fd8d940
capabilities.7: Note on SECURE_NO_CAP_AMBIENT_RAISE for capabilities-only environment
...
A few months after applying Andy Lutomirski's patch that documented
ambient capabilities, I found myself again asking a question
that I'd already once asked of Any. So, best to be more explicit
in the man page that setting/locking SECBIT_NO_CAP_AMBIENT_RAISE
is not required when using prctl(PR_SET_SECUREBITS) to create
a capabilities-only environment.
This was the 4 Dec 2015 reply from Andy to my question:
> In the capabilities(7) page tehre is the longstanding text:
>
> An application can use the following call to lock itself, and
> all of its descendants, into an environment where the only way
> of gaining capabilities is by executing a program with associ‐
> ated file capabilities:
>
> prctl(PR_SET_SECUREBITS,
> SECBIT_KEEP_CAPS_LOCKED |
> SECBIT_NO_SETUID_FIXUP |
> SECBIT_NO_SETUID_FIXUP_LOCKED |
> SECBIT_NOROOT |
> SECBIT_NOROOT_LOCKED);
>
> As far as I can estimate, no changes are needed here to include
> SECBIT_NO_CAP_AMBIENT_RAISE and SECBIT_NO_CAP_AMBIENT_RAISE_LOCKED
> in the above prctl() call, but could you confirm please?
Correct. I'll probably write up a patch to suggest that doing this is
a poor idea on a conventional distro, though, and I'll explain why. I
suppose than deleting this would be an option, too.
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-07 09:06:43 +02:00
Michael Kerrisk
c54fbb8c3d
capabilities.7: Add a detail on use of securebits
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-07 08:13:23 +02:00
Jakub Wilk
658a3012f8
bootparam.7: tfix
...
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
2016-07-01 20:57:31 +02:00
Michael Kerrisk
f481726d64
mount_namespaces.7: Minor fixes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:32 +02:00
Michael Kerrisk
e210919644
mount_namespaces.7: Describe "dominant peer group" and "propagate_from" mountinfo tag
...
Reported-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:32 +02:00
Michael Kerrisk
da031af127
namespaces.7: Refer to new mount_namespaces(7) for information on mount namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00
Michael Kerrisk
d9cdf357c9
mount_namespaces.7: Minor tweaks
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00
Michael Kerrisk
98c28960c3
mount_namespaces.7: New page describing mount namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00