2468f14e4b
cgroups.7: Relocate the 'Cgroups v2 "no internal processes" rule' subsection
...
Logically, this section should follow the section that
describes cgroup.subtree_control.
No content changes in this patch.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-27 06:32:48 +01:00
4f017a682c
cgroups.7: Elaborate on the "no internal processes" rule
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-27 06:32:48 +01:00
c9b101d1a2
cgroups.7: Mention ENOENT error that can occur when writing to subtree_control file
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-27 06:32:48 +01:00
4242dfbe4f
cgroups.7: Add subsection describing cgroups v2 subtree delegation
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-27 06:32:48 +01:00
ccb1a2621b
cgroups.7: Minor rewording
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-23 14:09:00 +01:00
8d5f42dc46
cgroups.7: Rewrite the description of cgroup v2 subtree control
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-23 13:41:39 +01:00
57cbb0dbb0
cgroups.7: One may need to unmount v1 controllers before they can be used in v2
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-23 10:58:08 +01:00
75a12bb537
cgroups.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-23 10:39:36 +01:00
7409b54bdd
cgroups.7: Add a section on unmounting cgroup v1 filesystems
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-23 10:27:11 +01:00
783a40b677
cgroups.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-23 09:34:14 +01:00
03bb1264cd
cgroups.7: Note that systemd(1) nowadays automatically mount the cgroup2 filesystem
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-23 09:29:45 +01:00
2e33b59ee3
cgroups.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-23 09:09:41 +01:00
4769a77817
cgroups.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-23 09:09:26 +01:00
44c429ed45
cgroups.7: Add list of currently available version 2 controllers
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-23 09:07:00 +01:00
d5034243fa
sched.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-19 10:22:09 +01:00
286bdd7ca2
sched.7: Remove a mention of SCHED_RR in discussion of priority changes
...
Later in the page it is stated that SCHED_RR is the same as SCHED_FIFO.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-19 10:19:39 +01:00
329c0e77d1
sched.7: Minor clarifications
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-19 09:04:26 +01:00
cb57fbc284
ip.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-18 17:43:54 +01:00
5d0ea688e3
ip.7: s/INADDR_ANY/INADDR_LOOPBACK/ in discussion of htonl()
...
INADDR_LOOPBACK is a better example, since it is not
byte-order neutral.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-18 17:39:02 +01:00
c0a0e532ae
ip.7: INADDR_* values cannot be assigned directly to 's_addr'
...
According to The Open Group Base Specifications Issue 7, RATIONALE
section of
http://pubs.opengroup.org/onlinepubs/9699919799/ basedefs/netinet_in.h.html
some INADDR_* values must be converted using htonl().
INADDR_ANY and INADDR_BROADCAST are byte-order-neutral so they do
not require htonl(), however I only comment this fact in NOTES.
On the text I recommend to use htonl(), "even if for some subset
it's not necessary".
Signed-off-by: Ricardo Biehl Pasquali <pasqualirb@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-18 17:36:57 +01:00
bd05436994
fifo.7: wfix
...
Reported-by: Adam Liddell <ml+kernel.org@aliddell.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-18 17:16:34 +01:00
d145c0250b
cgroups.7: Minor rewording
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-18 17:14:49 +01:00
cfec905ed7
cgroups.7: Add information about RDMA controller
...
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-18 17:11:47 +01:00
b8cee784b3
capabilities.7: Clarify effect of CAP_SETFCAP
...
Make it clear that CAP_SETFCAP allows setting arbitrary
capabilities on a file.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-16 00:09:25 +01:00
ba294a0ee6
vsock.7: Clarify send(2)/recv(2) families of system calls
...
Sockets support both read(2)/write(2) and send(2)/recv(2) system
calls. Each of these is actually a family of multiple system
calls such as send(2), sendfile(2), sendmsg(2), sendmmsg(2), and
sendto(2).
This patch claries which families of system calls can be used.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-12 19:12:07 +01:00
308a16d989
vsock.7: Place SEE ALSO and ERRORS in alphabetical order
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 20:30:38 +01:00
2472922151
vsock.7: Minor fixes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 20:30:37 +01:00
4a70bb07bc
vsock.7: srcfix: rewrap source lines
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 20:19:03 +01:00
29598b2f2d
vsock.7: Document the VSOCK socket address family
...
The AF_VSOCK address family has been available since Linux 3.9.
This patch adds vsock.7 and describes its use along the same lines as
existing ip.7, unix.7, and netlink.7 man pages.
CC: Jorgen Hansen <jhansen@vmware.com>
CC: Dexuan Cui <decui@microsoft.com>
Reviewed-by: Jorgen Hansen <jhansen@vmware.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 20:11:12 +01:00
46010ab917
socket.7: tfix
...
Reported-by: Joel Williamson <jwilliamson@carnegietechnologies.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-11 18:40:14 +01:00
ec9612a19f
network_namespaces.7: Minor adjustments to list of resources governed by network namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-10 23:19:17 +01:00
f9ecf99e59
network_namespaces.7: When a NW namespace is freed, veth devices are destroyed
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-10 23:19:17 +01:00
f051ce24ac
network_namespaces.7: Reorganize text
...
No content changes...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-10 23:19:17 +01:00
2685b303e3
namespaces.7, network_namespaces.7: Move content from namespaces(7) to network_namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-10 23:19:17 +01:00
9f7ce0c2e8
network_namespaces.7: New page describing network namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-10 23:19:17 +01:00
4bf43ba523
pid_namespaces.7: SEE ALSO: add mount_namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-08 10:13:42 +01:00
54b9d7bf87
user_namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-06 15:05:15 +01:00
e62172cbd9
capabilities.7: Rephrase CAP_SETPCAP description
...
* Mention kernel versions.
* Place current kernel behavior first
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-05 22:27:27 +01:00
777411ae61
iconv.1, pthread_rwlockattr_setkind_np.3, man-pages.7, socket.7, iconvconfig.8: Standardize on "nonzero"
...
Also add this term to the style guide in man-pages(7).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-05 22:27:13 +01:00
e93e59f97b
capabilities.7: SECBIT_KEEP_CAPS is ignored if SECBIT_NO_SETUID_FIXUP is set
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-03 11:16:32 +01:00
e43d2a6013
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-03 11:16:32 +01:00
02ff4f27c2
capabilities.7: Note which capability sets are affected by SECBIT_NO_SETUID_FIXUP
...
Note explicitly that SECBIT_NO_SETUID_FIXUP is relevant for
the permitted, effective, and ambient capability sets.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-03 11:16:19 +01:00
7c8eb8f7cf
capabilities.7: Deemphasize the ancient prctl(2) PR_SET_KEEPCAPS command
...
The modern approach is SECBITS_KEEP_CAPS.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 16:21:37 +01:00
f7dbc40ee7
capabilities.7: Minor wording fix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 16:21:37 +01:00
705a8f33f1
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 15:43:02 +01:00
bbb186d403
capabilities.7: Clarify which capability sets are effected by SECBIT_KEEP_CAPS
...
This flag has relevance only for the process permitted and
effective sets.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 15:40:39 +01:00
e67ac266c8
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 15:08:52 +01:00
f6b60423bd
capabilities.7: Ambient set is also cleared when UIDs are set to nonzero value
...
See cap_emulate_setxuid():
kuid_t root_uid = make_kuid(old->user_ns, 0);
if ((uid_eq(old->uid, root_uid) ||
uid_eq(old->euid, root_uid) ||
uid_eq(old->suid, root_uid)) &&
(!uid_eq(new->uid, root_uid) &&
!uid_eq(new->euid, root_uid) &&
!uid_eq(new->suid, root_uid))) {
if (!issecure(SECURE_KEEP_CAPS)) {
cap_clear(new->cap_permitted);
cap_clear(new->cap_effective);
}
/*
* Pre-ambient programs expect setresuid to nonroot followed
* by exec to drop capabilities. We should make sure that
* this remains the case.
*/
cap_clear(new->cap_ambient);
}
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 11:08:40 +01:00
8e821c3aa8
user_namespaces.7: Mention NS_GET_OWNER_UID ioctl() operation
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 09:22:40 +01:00
a563b19b70
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-12-02 09:12:07 +01:00
Michael Kerrisk