Michael Kerrisk
a1c7ef5685
get_robust_list.2: get_robust_list() is governed by PTRACE_MODE_READ_REALCREDS
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
13ec13dc19
perf_event_open.2: If pid > 0, the operation is governed by PTRACE_MODE_READ_REALCREDS
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
c33e8aff8c
ptrace.2: Note that PTRACE_SEIZE is subject to a ptrace access mode check
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
d4c976d820
ptrace.2: Rephrase PTRACE_ATTACH permissions in terms of ptrace access mode check
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
408c8172e4
process_vm_readv.2: Rephrase permission rules in terms of a ptrace access mode check
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
b02b4b74d5
proc.5: Note /proc/PID/stat fields that are governed by PTRACE_MODE_READ_FSCREDS
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
138a191e99
proc.5: /proc/PID/fd/* are governed by PTRACE_MODE_READ_FSCREDS
...
Permission to dereference/readlink /proc/PID/fd/* symlinks is
governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
33a1ab5da1
namespaces.7: /proc/PID/ns/* are governed by PTRACE_MODE_READ_FSCREDS
...
Permission to dereference/readlink /proc/PID/ns/* symlinks is
governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
b902fe180b
proc.5: /proc/PID/{cwd,exe,root} are governed by PTRACE_MODE_READ_FSCREDS
...
Permission to dereference/readlink /proc/PID/{cwd,exe,root} is
governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
4834ae914c
proc.5: /proc/PID/{personality,stack,syscall} are governed by PTRACE_MODE_ATTACH_FSCREDS
...
Permission to access /proc/PID/{personality,stack,syscall} is
governed by a PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
d8e2972ab8
proc.5: /proc/PID/io is governed by PTRACE_MODE_READ_FSCREDS
...
Permission to access /proc/PID/io is governed by
a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
a62e0e012d
proc.5: /proc/PID/timerslack_ns is governed by PTRACE_MODE_ATTACH_FSCREDS
...
Permission to access /proc/PID/timerslack_ns is governed by
a PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:28 +02:00
Michael Kerrisk
82664739be
proc.5: /proc/PID/{auxv,environ,wchan} are governed by PTRACE_MODE_READ_FSCREDS
...
Permission to access /proc/PID/{auxv,environ,wchan} is governed by
a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:28 +02:00
Michael Kerrisk
aee2f0bfa1
proc.5: Document /proc/PID/{maps,mem,pagemap} access mode checks
...
Permission to access /proc/PID/{maps,pagemap} is governed by a
PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Permission to access /proc/PID/mem is governed by a
PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:28 +02:00
Michael Kerrisk
ace93363fb
ptrace.2: Document ptrace access modes
...
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:28 +02:00
Michael Kerrisk
2e23a9b257
cgroups.7: ERRORS: add mount(2) EBUSY error
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-28 06:32:23 +02:00
Michael Kerrisk
687d3f4aef
user_namespaces.7: Correct user namespace rules for mounting /proc
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-26 16:31:44 +02:00
Michael Kerrisk
7e52299f66
user_namespaces.7: CAP_SYS_ADMIN allows mounting cgroup filesystems
...
See https://bugzilla.kernel.org/show_bug.cgi?id=120671
Reported-by: Michał Zegan <webczat_200@poczta.onet.pl>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-26 16:11:30 +02:00
Michael Kerrisk
8a9fb19dbd
user_namespaces.7: Clarify CAP_SYS_ADMIN details for mounting FS_USERNS_MOUNT filesystems
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-26 16:09:06 +02:00
Michael Kerrisk
329ad27142
acct.2, chmod.2, fcntl.2, mmap.2, mprotect.2, rmdir.2, times.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-26 13:08:52 +02:00
Michael Kerrisk
74714ea895
ctime.3, error.3, getmntent.3, getnetent_r.3, getrpcent_r.3, getservent_r.3, pthread_attr_init.3, pthread_getattr_np.3, pthread_tryjoin_np.3, rpc.3, setaliasent.3, setenv.3, unlocked_stdio.3: srcfix: Eliminate some groff warnings
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-26 11:25:22 +02:00
Michael Kerrisk
4100abc52e
futex.2: Explain how to get equivalent of FUTEX_WAIT with an absolute timeout
...
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-26 11:25:22 +02:00
Michael Kerrisk
678c99868e
futex.2: Describe FUTEX_BITSET_MATCH_ANY
...
Describe FUTEX_BITSET_MATCH_ANY and FUTEX_WAIT and FUTEX_WAKE
equivalences.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-26 11:25:11 +02:00
Michael Kerrisk
6c38ce7f1f
futex.2: Note that at least one bit must be set in mask for BITSET operations
...
At least one bit must be set in the 'val3' mask supplied for the
FUTEX_WAIT_BITSET and FUTEX_WAKE_BITSET operations.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-24 09:42:15 +02:00
Michael Kerrisk
84abf4ba97
futex.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-24 09:34:16 +02:00
Michael Kerrisk
b3d5bc4ca6
futex.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-24 09:28:56 +02:00
Michael Kerrisk
ac991a11d7
futex.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-24 08:55:17 +02:00
Michael Kerrisk
a6918f1d4b
futex.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-24 08:54:03 +02:00
Michael Kerrisk
40d2dab928
futex.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-24 08:53:09 +02:00
Michael Kerrisk
6f19879d52
futex.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-24 08:53:09 +02:00
Michael Kerrisk
a01c3098e8
futex.2: Clarify clock default and choices for FUTEX_WAIT
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-24 08:53:09 +02:00
Marko Myllynen
2c0cac3e00
charmap.5: ffix
2016-06-23 12:54:29 +02:00
Michael Kerrisk
8064bfa536
futex.2: Fix descriptions of various timeouts
...
Reported-by: Thomas Gleixner <tglx@linutronix.de>
Reported-by: Darren Hart <dvhart@infradead.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-23 12:47:49 +02:00
Michael Kerrisk
017d194b0b
futex.2: Correct an ENOSYS error description
...
Since Linux 4.5, FUTEX_CLOCK_REALTIME is allowed with with FUTEX_WAIT.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-23 12:47:41 +02:00
Michael Kerrisk
0b97369dd8
futex.2: Remove crufty text about FUTEX_WAIT_BITSET interpretation of timeout
...
Since Linux 4.5, FUTEX_WAIT also understands
FUTEX_CLOCK_REALTIME.
Reported-by: Darren Hart <dvhart@infradead.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-23 10:19:39 +02:00
Michael Kerrisk
c54e143901
termio.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-22 12:32:48 +02:00
Michael Kerrisk
712550ffb6
boot.7: Minor SEE ALSO fixes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-22 12:31:21 +02:00
Michael Kerrisk
11d98142c9
statfs.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-22 12:26:16 +02:00
Michael Kerrisk
0b5ff3b662
fmax.3, fmin.3: SEE ALSO: add fdim(3)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-22 12:10:46 +02:00
Michael Kerrisk
c545391400
strtoul.3: SEE ALSO: add a64l(3)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-22 12:04:15 +02:00
Michael Kerrisk
fe0960af7b
vhangup.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-22 12:01:56 +02:00
Michael Kerrisk
2e78e5e1e3
chroot.2: SEE ALSO: add pivot_root(2)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-22 11:55:41 +02:00
Michael Kerrisk
9484e1a348
lookup_dcookie.2: ffix / wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-22 11:48:44 +02:00
Michael Kerrisk
d133313fb1
lookup_dcookie.2: SEE ALSO: add oprofile(1)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-22 11:47:35 +02:00
Michael Kerrisk
d5e8624c2d
cacheflush.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-22 11:42:56 +02:00
Michael Kerrisk
b2f0984e04
strcat.3: Add a program that shows the performance characteristics of strcat()
...
In honor of Joel Spolksy's visit to Munich, let's start educating
Schlemiel The Painter.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-21 13:55:09 +02:00
Michael Kerrisk
32efecaab8
user_namespaces.7: List the mount operations permitted by CAP_SYS_ADMIN
...
List the mount operations permitted by CAP_SYS_ADMIN in a
noninitial userns.
See https://bugzilla.kernel.org/show_bug.cgi?id=120671
Reported-by: Michał Zegan <webczat_200@poczta.onet.pl>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-21 13:55:07 +02:00
Michael Kerrisk
2304b0d740
user_namespaces.7: Add a subsection heading for effects of capabilities in user NS
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-21 13:55:07 +02:00
Michael Kerrisk
89070c1a7c
user_namespaces.7: Clarify meaning of privilege in a user namespace
...
Having privilege in a user NS only allows privileged
operations on resources governed by that user NS. Many
privileged operations relate to resources that have no
association with any namespace type, and only processes
with privilege in the initial user NS can perform those
operations.
See https://bugzilla.kernel.org/show_bug.cgi?id=120671
Reported-by: Michał Zegan <webczat_200@poczta.onet.pl>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-21 10:48:43 +02:00
Michael Kerrisk
61256f9f75
cgroup_namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-21 10:25:38 +02:00