mirror of https://github.com/mkerrisk/man-pages
Compare commits
6 Commits
5303eb87ee
...
a1508e361f
Author | SHA1 | Date |
---|---|---|
Michael Kerrisk | a1508e361f | |
Michael Kerrisk | ab4c4b2fbb | |
Michael Kerrisk | 9f275af155 | |
Michael Kerrisk | ed655e3c21 | |
Michael Kerrisk | 2d369e8e5d | |
Michael Kerrisk | 2430d2a7b3 |
|
@ -49,8 +49,17 @@ the close-on-exec flag is set on the file descriptor.
|
||||||
.PP
|
.PP
|
||||||
The
|
The
|
||||||
.I flags
|
.I flags
|
||||||
argument is reserved for future use;
|
argument either has the value 0, or contains the following flag:
|
||||||
currently, this argument must be specified as 0.
|
.TP
|
||||||
|
.BR PIDFD_NONBLOCK " (since Linux 5.10)"
|
||||||
|
.\" commit 4da9af0014b51c8b015ed8c622440ef28912efe6
|
||||||
|
Return a nonblocking file descriptor.
|
||||||
|
If the process referred to by the file descriptor has not yet terminated,
|
||||||
|
then an attempt to wait on the file descriptor using
|
||||||
|
.BR waitid (2)
|
||||||
|
will immediately return the error
|
||||||
|
.BR EAGAIN
|
||||||
|
rather than blocking.
|
||||||
.SH RETURN VALUE
|
.SH RETURN VALUE
|
||||||
On success,
|
On success,
|
||||||
.BR pidfd_open ()
|
.BR pidfd_open ()
|
||||||
|
@ -62,7 +71,7 @@ is set to indicate the error.
|
||||||
.TP
|
.TP
|
||||||
.B EINVAL
|
.B EINVAL
|
||||||
.I flags
|
.I flags
|
||||||
is not 0.
|
is not valid.
|
||||||
.TP
|
.TP
|
||||||
.B EINVAL
|
.B EINVAL
|
||||||
.I pid
|
.I pid
|
||||||
|
|
|
@ -262,7 +262,7 @@ This flag is meaningful only when establishing a signal handler.
|
||||||
.\" field was added in Linux 2.1.86.)
|
.\" field was added in Linux 2.1.86.)
|
||||||
.\"
|
.\"
|
||||||
.TP
|
.TP
|
||||||
.B SA_UNSUPPORTED
|
.BR SA_UNSUPPORTED " (since Linux 5.11)"
|
||||||
Used to dynamically probe for flag bit support.
|
Used to dynamically probe for flag bit support.
|
||||||
.IP
|
.IP
|
||||||
If an attempt to register a handler succeeds with this flag set in
|
If an attempt to register a handler succeeds with this flag set in
|
||||||
|
|
|
@ -566,7 +566,7 @@ T}
|
||||||
\fBpwritev2\fP(2) 4.6
|
\fBpwritev2\fP(2) 4.6
|
||||||
\fBquery_module\fP(2) 2.2 Removed in 2.6
|
\fBquery_module\fP(2) 2.2 Removed in 2.6
|
||||||
\fBquotactl\fP(2) 1.0
|
\fBquotactl\fP(2) 1.0
|
||||||
\fBquotactl_path\fP(2) 5.13
|
\fBquotactl_fd\fP(2) 5.14
|
||||||
\fBread\fP(2) 1.0
|
\fBread\fP(2) 1.0
|
||||||
\fBreadahead\fP(2) 2.4.13
|
\fBreadahead\fP(2) 2.4.13
|
||||||
\fBreaddir\fP(2) 1.0
|
\fBreaddir\fP(2) 1.0
|
||||||
|
|
|
@ -419,6 +419,11 @@ On failure, each of these calls sets
|
||||||
to indicate the error.
|
to indicate the error.
|
||||||
.SH ERRORS
|
.SH ERRORS
|
||||||
.TP
|
.TP
|
||||||
|
.B EAGAIN
|
||||||
|
The PID file descriptor specified in
|
||||||
|
.I id
|
||||||
|
is nonblocking and the process that it refers to has not terminated.
|
||||||
|
.TP
|
||||||
.B ECHILD
|
.B ECHILD
|
||||||
(for
|
(for
|
||||||
.BR wait ())
|
.BR wait ())
|
||||||
|
|
|
@ -352,10 +352,9 @@ Set arbitrary capabilities on a file.
|
||||||
.IP
|
.IP
|
||||||
.\" commit db2e718a47984b9d71ed890eb2ea36ecf150de18
|
.\" commit db2e718a47984b9d71ed890eb2ea36ecf150de18
|
||||||
Since Linux 5.12, this capability is
|
Since Linux 5.12, this capability is
|
||||||
also needed to map UID 0 (as in
|
also needed to map user ID 0 in a new user namespace; see
|
||||||
.IR "unshare \-Ur" ;
|
.BR user_namespaces (7)
|
||||||
see
|
for details.
|
||||||
.BR unshare (1)).
|
|
||||||
.TP
|
.TP
|
||||||
.B CAP_SETPCAP
|
.B CAP_SETPCAP
|
||||||
If file capabilities are supported (i.e., since Linux 2.6.24):
|
If file capabilities are supported (i.e., since Linux 2.6.24):
|
||||||
|
|
|
@ -577,11 +577,47 @@ or be in the parent user namespace of the process
|
||||||
The mapped user IDs (group IDs) must in turn have a mapping
|
The mapped user IDs (group IDs) must in turn have a mapping
|
||||||
in the parent user namespace.
|
in the parent user namespace.
|
||||||
.IP 4.
|
.IP 4.
|
||||||
|
If updating
|
||||||
|
.IR /proc/[pid]/uid_map
|
||||||
|
to create a mapping that maps UID 0 in the parent namespace,
|
||||||
|
then one of the following must be true:
|
||||||
|
.RS
|
||||||
|
.IP * 3
|
||||||
|
if writing process is in the parent user namespace,
|
||||||
|
then it must have the
|
||||||
|
.BR CAP_SETFCAP
|
||||||
|
capability in that user namespace; or
|
||||||
|
.IP *
|
||||||
|
if the writing process is in the child user namespace,
|
||||||
|
then the process that created the user namespace must have had the
|
||||||
|
.BR CAP_SETFCAP
|
||||||
|
capability when the namespace was created.
|
||||||
|
.RE
|
||||||
|
.IP
|
||||||
|
This rule has been in place since
|
||||||
.\" commit db2e718a47984b9d71ed890eb2ea36ecf150de18
|
.\" commit db2e718a47984b9d71ed890eb2ea36ecf150de18
|
||||||
If a writing process is root (i.e., UID 0) trying to map host user ID 0,
|
Linux 5.12.
|
||||||
it must have the
|
It eliminates an earlier security bug whereby
|
||||||
|
a UID 0 process that lacks the
|
||||||
.B CAP_SETFCAP
|
.B CAP_SETFCAP
|
||||||
capability (since Linux 5.12).
|
capability,
|
||||||
|
which is needed to create a binary with namespaced file capabilities
|
||||||
|
(as described in
|
||||||
|
.BR capabilities (7)),
|
||||||
|
could nevertheless create such a binary,
|
||||||
|
by the following steps:
|
||||||
|
.RS
|
||||||
|
.IP * 3
|
||||||
|
Create a new user namespace with the identity mapping
|
||||||
|
(i.e., UID 0 in the new user namespace maps to UID 0 in the parent namespace),
|
||||||
|
so that UID 0 in both namespaces is equivalent to the same root user ID.
|
||||||
|
.IP *
|
||||||
|
Since the child process has the
|
||||||
|
.B CAP_SETFCAP
|
||||||
|
capability, it could create a binary with namespaced file capabilities
|
||||||
|
that would then be effective in the parent user namespace
|
||||||
|
(because the root user IDs are the same in the two namespaces).
|
||||||
|
.RE
|
||||||
.IP 5.
|
.IP 5.
|
||||||
One of the following two cases applies:
|
One of the following two cases applies:
|
||||||
.RS
|
.RS
|
||||||
|
|
Loading…
Reference in New Issue