Reported-by: Joe Lawrence <joe.lawrence@redhat.com>
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Ian Turner: The exact return calls are at the discretion of the
underlying VFS, but I'm pretty sure that EINTR is a possibility.
Or, if it's not, then the flock() manpage should be amended
accordingly, since the two share the same underlying
implementation.
mtk: lockf(3) is implemented on top of fcntl() locking, so
EINTR is of course a possibility.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Mention that the named constants (SECBIT_KEEP_CAPS and others)
are available only if the linux/securebits.h user-space header
is included.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Make zic.8 a copy of the upstream tzdb version, except that
the tzdb version's first line is replaced by man-pages
boilerplate, and omit features introduced after 2017b
(the most recent merge to glibc).
This has the following effect:
Document --version, --help.
Document new -v warnings.
Remove -y.
Document that input should be text files, and similar restrictions
on names.
Document negative DST.
Document what is meant by "white space".
Do some minor reformatting.
Use .B for as-is keywords, like commands.
New section "EXTENDED EXAMPLE".
Omit some changes that were made on the man-pages side, notably by
changing some "timezone"s back to the preferred-upstream "time
zone" when talking about traditional time zones as opposed to
POSIX timezone settings. Also, fix some formatting glitches.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Make zdump.8 a copy of the upstream tzdb version, except that
the tzdb version's first line is replaced by man-pages
boilerplate.
This has the following effect:
Document new options -i, -t, -V.
New section LIMITATIONS.
Do some minor reformatting.
Omit some changes that were made on the man-pages side, notably by
changing some "timezone"s back to the preferred-upstream "time
zone" when talking about traditional time zones as opposed to
POSIX timezone settings. Also, fix some formatting glitches.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Make tzfile.5 a copy of the upstream tzdb version, except that
the tzdb version's first line is replaced by man-pages
boilerplate.
This has the following effect:
Do some minor spec fixes, notably about time type 0
and empty TZ strings. Omit some changes that were made on the
man-pages side, notably by changing some "timezone"s back to the
preferred-upstream "time zone" when talking about traditional
time zones as opposed to POSIX timezone settings.
Also, fix some formatting glitches.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
eBPF sub-system on Linux can use "helper functions", functions
implemented in the kernel that can be called from within a eBPF program
injected by a user on Linux. The kernel already supports a long list of
such helpers (sixty-seven at this time, new ones are under review).
Therefore, it is proposed to create a new manual page, separate from
bpf(2), to document those helpers for people willing to develop new eBPF
programs.
Additionally, in an effort to keep this documentation in synchronisation
with what is implemented in the kernel, it is further proposed to keep
the documentation itself in the kernel sources, as comments in file
"include/uapi/linux/bpf.h", and to generate the man page from there.
This patch adds the new man page, generated from kernel sources, to the
man-pages repository. For each eBPF helper function, a description of
the helper, of its arguments and of the return value is provided. The
idea is that all future changes for this page should be redirected to
the kernel file "include/uapi/linux/bpf.h", and the modified page
generated from there.
Generating the page itself is a two-step process. First, the
documentation is extracted from include/uapi/linux/bpf.h, and converted
to a RST (reStructuredText-formatted) page, with the relevant script
from Linux sources:
$ ./scripts/bpf_helpers_doc.py > /tmp/bpf-helpers.rst
The second step consists in turning the RST document into the final man
page, with rst2man:
$ rst2man /tmp/bpf-helpers.rst > bpf-helpers.7
The bpf.h file was taken as at kernel 4.19
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This just adds to the point made by Marcus Gelderie's patch. Note
also that SECBIT_KEEP_CAPS provides the same functionality as the
prctl() PR_SET_KEEPCAPS flag, and the prctl(2) manual page has the
correct description of the semantics (i.e., that the flag affects
the treatment of onlt the permitted capability set).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
The description of SECBIT_KEEP_CAPS is misleading about the
effects on the effective capabilities of a process during a
switch to nonzero UIDs. The effective set is cleared based on
the effective UID switching to a nonzero value, even if
SECBIT_KEEP_CAPS is set. However, with this bit set, the
effective and permitted sets are not cleared if the real and
saved set-user-ID are set to nonzero values.
This was tested using the following C code and reading the kernel
source at security/commoncap.c: cap_emulate_setxuid.
void print_caps(void) {
cap_t current = cap_get_proc();
if (!current) {
perror("Current caps");
return;
}
char *text = cap_to_text(current, NULL);
if (!text) {
perror("Converting caps to text");
goto free_caps;
}
printf("Capabilities: %s\n", text);
cap_free(text);
free_caps:
cap_free(current);
}
void print_creds(void) {
uid_t ruid, suid, euid;
if (getresuid(&ruid, &euid, &suid)) {
perror("Error getting UIDs");
return;
}
printf("real = %d, effective = %d, saved set-user-ID = %d\n", ruid, euid, suid);
}
void set_caps(int size, const cap_value_t *caps) {
cap_t current = cap_init();
if (!current) {
perror("Error getting current caps");
return;
}
if (cap_clear(current)) {
perror("Error clearing caps");
}
if (cap_set_flag(current, CAP_INHERITABLE, size, caps, CAP_SET)) {
perror("setting caps");
goto free_caps;
}
if (cap_set_flag(current, CAP_EFFECTIVE, size, caps, CAP_SET)) {
perror("setting caps");
goto free_caps;
}
if (cap_set_flag(current, CAP_PERMITTED, size, caps, CAP_SET)) {
perror("setting caps");
goto free_caps;
}
if (cap_set_proc(current)) {
perror("Comitting caps");
goto free_caps;
}
free_caps:
cap_free(current);
}
const cap_value_t caps[] = {CAP_SETUID, CAP_SETPCAP};
const size_t num_caps = sizeof(caps) / sizeof(cap_value_t);
int main(int argc, char **argv) {
puts("[+] Dropping most capabilities to reduce amount of console output...");
set_caps(num_caps, caps);
puts("[+] Dropped capabilities. Starting with these credentials and capabilities:");
print_caps();
print_creds();
if (argc >= 2 && 0 == strncmp(argv[1], "keep", 4)) {
puts("[+] Setting SECBIT_KEEP_CAPS bit");
if (prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS, 0, 0, 0)) {
perror("Setting secure bits");
return 1;
}
}
puts("[+] Setting effective UID to 1000");
if (seteuid(1000)) {
perror("Error setting effective UID");
return 2;
}
print_caps();
print_creds();
puts("[+] Raising caps again");
set_caps(num_caps, caps);
print_caps();
print_creds();
puts("[+] Setting all remaining UIDs to nonzero values");
if (setreuid(1000, 1000)) {
perror("Error setting all UIDs to 1000");
return 3;
}
print_caps();
print_creds();
return 0;
}
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Note that LIRC_GET_FEATURES is the only ioctl() which is always
supported now that there are send-only devices.
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
There are no drivers that support LIRC_MODE_LIRCCODE any more;
those drivers were in the kernel staging area, so they were
never part of the mainline kernel.
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Prefer the word "owns" rather than "associated with" when
describing the relationship between user namespaces and non-user
namespaces. The existing text used a mix of the two terms, with
"associated with" being predominant, but to my ear, describing the
relationship as "ownership" is more comprehensible.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Fix broken example code in the vcs.4 man page
- use of wrong variable (attrib, which is uninitialised, instead of s)
- variable ch too narrow
- printing a font char index with %c, as if it were ASCII (it's not)
- removing the high font bit while changing the background colour
- unwarranted assumption of little-endian byte order
Also be friendly and use SEEK_* instead of numbers.
Reported-by: Michael Witten <mfwitten@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
The lirc header file included ioctls and feature bits which were
never implemented by any driver. They were removed in kernel
commit d55f09abe24b4dfadab246b6f217da547361cdb6
Reviewed-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Reported-by: Alec Leamas <leamas.alec@gmail.com>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk