Michael Kerrisk
4acc2a5ff8
sysinfo.2: srcfix: remove request to add timestamp in source; we have Git nowadays
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-05 12:44:39 +02:00
Michael Kerrisk
7106a19458
ldd.1: Add a little more detail on why ldd is unsafe with untrusted executables
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-05 12:44:39 +02:00
Michael Kerrisk
0fa34fb396
utimensat.2: Note that the glibc wrapper disallows pathname==NULL
...
Reported-by: Rob Landley <rob@landley.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-02 11:25:51 +02:00
Michael Kerrisk
2389c1e3c1
utimensat.2: Minor fix: reorder some text in NOTES
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-02 11:20:42 +02:00
Michael Kerrisk
f69c2584a9
getpriority.2: Make discussion of RLIMIT_NICE more prominent
...
The discussion of RLIMIT_NICE was hidden under the EPERM error,
where it was difficult to find. Place some relevant text in
DESCRIPTION.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-02 00:45:20 +02:00
Michael Kerrisk
b8bc577b89
getpriority.2: Clarify equivalence between lower nice value and higher priority
...
Reported-by: Robin Kuzmin <kuzmin.robin@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-02 00:36:43 +02:00
Michael Kerrisk
653c1fe2e2
getpriority.2: Note that getpriority()/setpriority deal with same attribute as nice(2)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-02 00:32:32 +02:00
Michael Kerrisk
659cc17f4f
setfsgid.2, setfsuid.2: Note which glibc version stopped checking for truncation of the argument
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-02 00:15:24 +02:00
Michael Kerrisk
dc439d82cb
setfsgid.2, setfsuid.2: Move glibc wrapper notes to "C library/kernel differences" subsection
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-07-02 00:13:05 +02:00
Jann Horn
de61071a21
setfsgid.2, setfsuid.2: Fix note about errors from the syscall wrapper
...
See sysdeps/unix/sysv/linux/i386/setfsuid.c in glibc-2.2.1.
(This code is not present in modern glibc anymore.)
Signed-off-by: Jann Horn <jannh@google.com>
2016-07-02 00:09:30 +02:00
Jakub Wilk
658a3012f8
bootparam.7: tfix
...
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
2016-07-01 20:57:31 +02:00
Jakub Wilk
999d535dde
dir_colors.5: tfix
...
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
2016-07-01 20:56:47 +02:00
Jakub Wilk
48235a56f3
syscalls.2: tfix
...
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
2016-07-01 20:56:11 +02:00
Michael Kerrisk
e203673ac7
unshare.2: Add reference to mount_namespaces(7) under CLONE_NEWNS description
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:32 +02:00
Michael Kerrisk
c212248c77
clone.2: Add reference to mount_namespaces(7) under CLONE_NEWNS description
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:32 +02:00
Michael Kerrisk
39b3f0058e
clone.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:32 +02:00
Michael Kerrisk
b7b798454a
mount.2: Refer reader to mount_namespaces(7) for details on propagation types
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:32 +02:00
Michael Kerrisk
f481726d64
mount_namespaces.7: Minor fixes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:32 +02:00
Michael Kerrisk
e210919644
mount_namespaces.7: Describe "dominant peer group" and "propagate_from" mountinfo tag
...
Reported-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:32 +02:00
Michael Kerrisk
966b583993
proc.5: Move shared subtree /proc/PID/mountinfo fields to mount_namespaces(7)
...
Move information on shared subtree fields in /proc/PID/mountinfo
to mount_namespaces(7).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00
Michael Kerrisk
211f4a1468
proc.5: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00
Michael Kerrisk
803c129a65
proc.5: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00
Michael Kerrisk
ef5b47f63c
proc.5: Add references to mount_namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00
Michael Kerrisk
a67271b0c9
umount.2: SEE ALSO: add mount_namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00
Michael Kerrisk
3077ac0f12
mount.2: SEE ALSO: s/namespaces(7)/mount_namespaces(7)/
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00
Michael Kerrisk
da031af127
namespaces.7: Refer to new mount_namespaces(7) for information on mount namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00
Michael Kerrisk
d9cdf357c9
mount_namespaces.7: Minor tweaks
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00
Michael Kerrisk
98c28960c3
mount_namespaces.7: New page describing mount namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00
Michael Kerrisk
20eed1b32f
proc.5: /proc/PID/mountinfo 'propagate_from' always appears with 'master' tag
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00
Michael Kerrisk
124b24148b
proc.5: Rework /proc/PID/mountinfo text on dominant peer groups
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00
Michael Kerrisk
e7fa660159
proc.5: ffix + wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:31 +02:00
Michael Kerrisk
fa7ae0ea13
user_namespaces.7: Correct kernel version where XFS added support for user namespaces
...
Linux 3.12, not 3.11.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-30 06:08:18 +02:00
Michael Kerrisk
028b5760e8
ptrace.2: Minor fixes after review by Kees Cook
...
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:30 +02:00
Michael Kerrisk
e48ed83a6a
ptrace.2: tfix
...
Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:30 +02:00
Michael Kerrisk
d5765e275d
ptrace.2: Note that user namespaces can be used to bypass Yama protections
...
Cowrittten-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:30 +02:00
Michael Kerrisk
801245a110
user_namespaces.7: SEE ALSO: add ptrace(2)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:30 +02:00
Michael Kerrisk
e532361686
ptrace.2: Update Yama ptrace_scope documentation
...
Reframe the discussion in terms of PTRACE_MODE_ATTACH checks,
and make a few other minor tweaks and additions.
Reviewed-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:30 +02:00
Michael Kerrisk
94b0464cc2
ptrace.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:30 +02:00
Michael Kerrisk
b0459842ff
ptrace.2: srcfix: add 2015 copyright notice for mtk
...
(Yama ptrace_scope text added in 2015.)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:30 +02:00
Michael Kerrisk
00172d8d96
ptrace.2: Add an introductory paragraph to the Ptrace access mode checks" section
...
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
1c22e40a71
ptrace.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
3224581342
ptrace.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
edb7368474
ptrace.2: Relocate text noting that PTRACE_MODE_* constants are kernel-internal
...
(No content changes.)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
be26fa864f
ptrace.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
bcd0d82dac
ptrace.2: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Stephen Smalley
3cd161fe57
ptrace.2: Describe PTRACE_MODE_NOAUDIT in more detail
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
78f0786577
ptrace.2: Further fixes after review from Jann Horn
...
Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
a330bffa78
ptrace.2: Minor improvements to ptrace access mode text
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
611d3ac40a
ptrace.2: Various fixes after review by Jann Horn
...
Among other things, Jann pointed out that the commoncap LSM
is always invoked, and Kees Cook pointed out the relevant
kernel code:
===
> BTW, can you point me at the piece(s) of kernel code that show that
> "commoncap" is always invoked in addition to any other LSM that has
> been installed?
It's not entirely obvious, but the bottom of security/commoncap.c shows:
struct security_hook_list capability_hooks[] = {
LSM_HOOK_INIT(capable, cap_capable),
...
};
void __init capability_add_hooks(void)
{
security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks));
}
And security/security.c shows the initialization order of the LSMs:
int __init security_init(void)
{
pr_info("Security Framework initialized\n");
/*
* Load minor LSMs, with the capability module always first.
*/
capability_add_hooks();
yama_add_hooks();
loadpin_add_hooks();
/*
* Load all the remaining security modules.
*/
do_security_initcalls();
return 0;
}
===
Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00
Michael Kerrisk
0647331a06
kcmp.2, ptrace.2: tfix
...
Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-06-29 07:06:29 +02:00