mirror of https://github.com/mkerrisk/man-pages
745 lines
27 KiB
Plaintext
745 lines
27 KiB
Plaintext
==================== Changes in man-pages-3.82 ====================
|
|
|
|
Released: 2015-03-29, Paris
|
|
|
|
Eric W. Biederman <ebiederm@xmission.com>
|
|
Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Jakub Wilk <ubanus@users.sf.net>
|
|
Jann Horn <jann@thejh.net>
|
|
Jason Vas Dias <jason.vas.dias@gmail.com>
|
|
Josh Triplett <josh@joshtriplett.org>
|
|
J William Piggott <elseifthen@gmx.com>
|
|
Kees Cook <keescook@chromium.org>
|
|
Konstantin Shemyak <konstantin@shemyak.com>
|
|
Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
|
|
Matt Turner <mattst88@gmail.com>
|
|
Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Michael Witten <mfwitten@gmail.com>
|
|
Mikael Pettersson <mikpelinux@gmail.com>
|
|
Namhyung Kim <namhyung@gmail.com>
|
|
Nicolas FRANCOIS <nicolas.francois@centraliens.net>
|
|
Paul E Condon <pecondon@mesanetworks.net>
|
|
Peter Adkins <peter.adkins@kernelpicnic.net>
|
|
Scot Doyle <lkml14@scotdoyle.com>
|
|
Shawn Landden <shawn@churchofgit.com>
|
|
Stéphane Aulery <saulery@free.fr>
|
|
Stephen Smalley <sds@tycho.nsa.gov>
|
|
Taisuke Yamada <tai@rakugaki.org>
|
|
Torvald Riegel <triegel@redhat.com>
|
|
Vincent Lefevre <vincent@vinc17.net>
|
|
<ygrex@ygrex.ru>
|
|
Yuri Kozlov <yuray@komyakino.ru>
|
|
|
|
|
|
Contributors
|
|
------------
|
|
|
|
The following people contributed patches/fixes or (noted in brackets
|
|
in the changelog below) reports, notes, and ideas that have been
|
|
incorporated in changes in this release:
|
|
|
|
Alban Crequy <alban.crequy@gmail.com>
|
|
Andy Lutomirski <luto@amacapital.net>
|
|
Bert Wesarg <bert.wesarg@googlemail.com>
|
|
Bill Pemberton <wfp5p@worldbroken.com>
|
|
Chris Delozier <c.s.delozier@gmail.com>
|
|
David Madore <david.madore@ens.fr>
|
|
Dmitry Deshevoy <mityada@gmail.com>
|
|
Eric W. Biederman <ebiederm@xmission.com>
|
|
Heinrich Schuchardt <xypron.glpk@gmx.de>
|
|
Jakub Wilk <ubanus@users.sf.net>
|
|
Jann Horn <jann@thejh.net>
|
|
Jason Vas Dias <jason.vas.dias@gmail.com>
|
|
Josh Triplett <josh@joshtriplett.org>
|
|
J William Piggott <elseifthen@gmx.com>
|
|
Kees Cook <keescook@chromium.org>
|
|
Konstantin Shemyak <konstantin@shemyak.com>
|
|
Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
|
|
Matt Turner <mattst88@gmail.com>
|
|
Michael Kerrisk <mtk.manpages@gmail.com>
|
|
Michael Witten <mfwitten@gmail.com>
|
|
Mikael Pettersson <mikpelinux@gmail.com>
|
|
Namhyung Kim <namhyung@gmail.com>
|
|
Nicolas FRANCOIS <nicolas.francois@centraliens.net>
|
|
Paul E Condon <pecondon@mesanetworks.net>
|
|
Peter Adkins <peter.adkins@kernelpicnic.net>
|
|
Scot Doyle <lkml14@scotdoyle.com>
|
|
Shawn Landden <shawn@churchofgit.com>
|
|
Stéphane Aulery <saulery@free.fr>
|
|
Stephen Smalley <sds@tycho.nsa.gov>
|
|
Taisuke Yamada <tai@rakugaki.org>
|
|
Torvald Riegel <triegel@redhat.com>
|
|
Vincent Lefevre <vincent@vinc17.net>
|
|
<ygrex@ygrex.ru>
|
|
Yuri Kozlov <yuray@komyakino.ru>
|
|
|
|
Apologies if I missed anyone!
|
|
|
|
|
|
New and rewritten pages
|
|
-----------------------
|
|
|
|
nptl.7
|
|
Michael Kerrisk
|
|
New page with details of the NPTL POSIX threads implementation
|
|
|
|
|
|
Newly documented interfaces in existing pages
|
|
---------------------------------------------
|
|
|
|
user_namespaces.7
|
|
Eric W. Biederman [Michael Kerrisk]
|
|
Document /proc/[pid]/setgroups
|
|
|
|
|
|
Changes to individual pages
|
|
---------------------------
|
|
|
|
intro.1
|
|
Stéphane Aulery
|
|
Prompt is not % but $
|
|
Stéphane Aulery
|
|
Various improvements
|
|
- Add reference to other common shells dash(1), ksh(1)
|
|
- Add a reference to stdout(3)
|
|
- Separate cp and mv descriptions
|
|
- Add examples of special cases of cd
|
|
- Add su(1) and shutdown(8) references for section Logout
|
|
and poweroff
|
|
- Move Control-D to section Logout and poweroff
|
|
- Fix some little formatting errors
|
|
Stéphane Aulery
|
|
Add cross references cited
|
|
Stéphane Aulery
|
|
Order SEE ALSO section
|
|
|
|
clone.2
|
|
Josh Triplett
|
|
Document that clone() silently ignores CLONE_PID and CLONE_STOPPED
|
|
Normally, system calls return EINVAL for flags they don't support.
|
|
Explicitly document that clone does *not* produce an error for
|
|
these two obsolete flags.
|
|
Michael Kerrisk
|
|
Small rewording of explanation of clone() wrt threads
|
|
Clone has so many effects that it's an oversimplification to say
|
|
that the *main* use of clone is to create a thread. (In fact,
|
|
the use of clone() to create new processes may well be more
|
|
common, since glibc's fork() is a wrapper that calls clone().)
|
|
|
|
getgroups.2
|
|
Michael Kerrisk [Shawn Landden]
|
|
Add discussion of NPTL credential-changing mechanism
|
|
At the kernel level, credentials (UIDs and GIDs) are a per-thread
|
|
attribute. NPTL uses a signal-based mechanism to ensure that
|
|
when one thread changes its credentials, all other threads change
|
|
credentials to the same values. By this means, the NPTL
|
|
implementation conforms to the POSIX requirement that the threads
|
|
in a process share credentials.
|
|
Michael Kerrisk
|
|
ERRORS: add EPERM for the case where /proc/PID/setgroups is "deny"
|
|
Michael Kerrisk
|
|
Note capability associated with EPERM error for setgroups(2)
|
|
Michael Kerrisk
|
|
Refer reader to user_namespaces(7) for discussion of /proc/PID/setgroups
|
|
The discussion of /proc/PID/setgroups has moved from
|
|
proc(5) to user_namespaces(7).
|
|
|
|
getpid.2
|
|
Michael Kerrisk
|
|
Note that getppid() returns 0 if parent is in different PID namespace
|
|
|
|
getsockopt.2
|
|
Konstantin Shemyak
|
|
Note RETURN VALUE details when netfilter is involved
|
|
|
|
ioctl_list.2
|
|
Heinrich Schuchardt
|
|
SEE ALSO ioctl_fat.2
|
|
Add FAT_IOCTL_GET_VOLUME_ID
|
|
SEE ALSO ioctl_fat.2
|
|
Heinrich Schuchardt
|
|
include/linux/ext2_fs.h
|
|
Include linux/ext2_fs.h does not contain any ioctl definitions
|
|
anymore.
|
|
|
|
Request codes EXT2_IOC* have been replaced by FS_IOC* in
|
|
linux/fs.h.
|
|
|
|
Some definitions of FS_IOC_* use long* but the actual code expects
|
|
int* (see fs/ext2/ioctl.c).
|
|
|
|
msgop.2
|
|
Bill Pemberton
|
|
Remove EAGAIN as msgrcv() errno
|
|
The list of errnos for msgrcv() lists both EAGAIN and ENOMSG as
|
|
the errno for no message available with the IPC_NOWAIT flag.
|
|
ENOMSG is the errno that will be set.
|
|
Bill Pemberton
|
|
Add an example program
|
|
|
|
open.2
|
|
Michael Kerrisk [Jason Vas Dias]
|
|
Mention blocking semantics for FIFO opens
|
|
See https://bugzilla.kernel.org/show_bug.cgi?id=95191
|
|
|
|
seccomp.2
|
|
Jann Horn [Kees Cook, Mikael Pettersson, Andy Lutomirski]
|
|
Add note about alarm(2) not being sufficient to limit runtime
|
|
Jann Horn
|
|
Explain blacklisting problems, expand example
|
|
Michael Kerrisk [Kees Cook]
|
|
Add mention of libseccomp
|
|
|
|
setgid.2
|
|
Michael Kerrisk
|
|
Clarify that setgid() changes all GIDs when caller has CAP_SETGID
|
|
Michael Kerrisk [Shawn Landden]
|
|
Add discussion of NPTL credential-changing mechanism
|
|
At the kernel level, credentials (UIDs and GIDs) are a per-thread
|
|
attribute. NPTL uses a signal-based mechanism to ensure that
|
|
when one thread changes its credentials, all other threads change
|
|
credentials to the same values. By this means, the NPTL
|
|
implementation conforms to the POSIX requirement that the threads
|
|
in a process share credentials.
|
|
|
|
setresuid.2
|
|
Michael Kerrisk [Shawn Landden]
|
|
Add discussion of NPTL credential-changing mechanism
|
|
At the kernel level, credentials (UIDs and GIDs) are a per-thread
|
|
attribute. NPTL uses a signal-based mechanism to ensure that
|
|
when one thread changes its credentials, all other threads change
|
|
credentials to the same values. By this means, the NPTL
|
|
implementation conforms to the POSIX requirement that the threads
|
|
in a process share credentials.
|
|
|
|
setreuid.2
|
|
Michael Kerrisk [Shawn Landden]
|
|
Add discussion of NPTL credential-changing mechanism
|
|
At the kernel level, credentials (UIDs and GIDs) are a per-thread
|
|
attribute. NPTL uses a signal-based mechanism to ensure that
|
|
when one thread changes its credentials, all other threads change
|
|
credentials to the same values. By this means, the NPTL
|
|
implementation conforms to the POSIX requirement that the threads
|
|
in a process share credentials.
|
|
Michael Kerrisk
|
|
SEE ALSO: add credentials(7)
|
|
|
|
setuid.2
|
|
Michael Kerrisk
|
|
Clarify that setuid() changes all UIDs when caller has CAP_SETUID
|
|
Michael Kerrisk [Shawn Landden]
|
|
Add discussion of NPTL credential-changing mechanism
|
|
At the kernel level, credentials (UIDs and GIDs) are a per-thread
|
|
attribute. NPTL uses a signal-based mechanism to ensure that
|
|
when one thread changes its credentials, all other threads change
|
|
credentials to the same values. By this means, the NPTL
|
|
implementation conforms to the POSIX requirement that the threads
|
|
in a process share credentials.
|
|
|
|
sigaction.2
|
|
Michael Kerrisk
|
|
Add discussion of rt_sigaction(2)
|
|
Michael Kerrisk
|
|
Note treatment of signals used internally by NPTL
|
|
The glibc wrapper gives an EINVAL error on attempts to change the
|
|
disposition of either of the two real-time signals used by NPTL.
|
|
|
|
sigpending.2
|
|
Michael Kerrisk
|
|
Add discussion of rt_sigpending(2)
|
|
|
|
sigprocmask.2
|
|
Michael Kerrisk
|
|
Add discussion of rt_sigprocmask(2)
|
|
Michael Kerrisk
|
|
Note treatment of signals used internally by NPTL
|
|
The glibc wrapper silently ignores attempts to block the two
|
|
real-time signals used by NPTL.
|
|
|
|
sigreturn.2
|
|
Michael Kerrisk
|
|
Add discussion of rt_sigreturn(2)
|
|
|
|
sigsuspend.2
|
|
Michael Kerrisk
|
|
Add discussion of rt_sigsuspend(2)
|
|
|
|
sigwaitinfo.2
|
|
Michael Kerrisk
|
|
Note treatment of signals used internally by NPTL
|
|
The glibc wrappers silently ignore attempts to wait for
|
|
signals used by NPTL.
|
|
Michael Kerrisk
|
|
Add discussion of rt_sigtimedwait(2)
|
|
|
|
socket.2
|
|
Heinrich Schuchardt
|
|
SEE ALSO close(2)
|
|
The description mentions close(2). Hence it should also be
|
|
referenced in the SEE ALSO section.
|
|
|
|
syscall.2
|
|
Jann Horn
|
|
Add x32 ABI
|
|
|
|
umount.2
|
|
Eric W. Biederman
|
|
Document the effect of shared subtrees on umount(2)
|
|
Eric W. Biederman
|
|
Correct the description of MNT_DETACH
|
|
I recently realized that I had been reasoning improperly about
|
|
what umount(MNT_DETACH) did based on an insufficient description
|
|
in the umount.2 man page, that matched my intuition but not the
|
|
implementation.
|
|
|
|
When there are no submounts, MNT_DETACH is essentially harmless to
|
|
applications. Where there are submounts, MNT_DETACH changes what
|
|
is visible to applications using the detach directories.
|
|
Michael Kerrisk
|
|
Move "shared mount + umount" text to a subsection in NOTES
|
|
|
|
aio_return.3
|
|
Stéphane Aulery
|
|
Document the return value on error
|
|
Reported by Alexander Holler <holler@ahsoftware.de>
|
|
|
|
clock.3
|
|
Stéphane Aulery
|
|
CLOCKS_PER_SEC = 1000000 is required by XSI, not POSIX
|
|
Debian Bug #728213 reported by Tanaka Akira <akr@fsij.org>
|
|
|
|
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728213
|
|
|
|
dlopen.3
|
|
Michael Kerrisk
|
|
Amend error in description of dlclose() behavior
|
|
The current text says that unloading depends on whether
|
|
the reference count falls to zero *and no other libraries
|
|
are using symbols in this library*. That latter text has
|
|
been there since man-pages-1.29, but it seems rather dubious.
|
|
How could the implementation know whether other libraries
|
|
are still using symbols in this library? Furthermore, no
|
|
other implementation's man page mentions this point.
|
|
Seems best to drop this point.
|
|
Michael Kerrisk
|
|
Add some details for RTLD_DEFAULT
|
|
Michael Kerrisk
|
|
Add some details on RTLD_NEXT and preloading
|
|
Michael Kerrisk
|
|
RTLD_NEXT works for symbols generally, not just functions
|
|
The common use case is for functions, but RTLD_NEXT
|
|
also applies to variable symbols.
|
|
Michael Kerrisk
|
|
dlclose() recursively closes dependent libraries
|
|
Note that dlclose() recursively closes dependent libraries
|
|
that were loaded by dlopen()
|
|
Michael Kerrisk
|
|
Rename second dlopen() argument from "flag" to "flags"
|
|
This is more consistent with other such arguments
|
|
Michael Kerrisk
|
|
Reformat text on RTLD_DEFAULT and RTLD_NEXT
|
|
|
|
fmemopen.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note functions that are thread-safe
|
|
The markings match glibc markings.
|
|
|
|
fpathconf.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note functions that are thread-safe
|
|
The marking matches glibc marking.
|
|
|
|
fputwc.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note functions that are thread-safe
|
|
The marking matches glibc marking.
|
|
|
|
fputws.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note function that is thread-safe
|
|
The marking matches glibc marking.
|
|
|
|
fseek.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note functions that are thread-safe
|
|
The markings match glibc markings.
|
|
|
|
fseeko.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note functions that are thread-safe
|
|
The markings match glibc markings.
|
|
|
|
gcvt.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note function that is thread-safe
|
|
The marking matches glibc marking.
|
|
|
|
getline.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note functions that are thread-safe
|
|
The marking matches glibc marking.
|
|
|
|
getwchar.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note function that is thread-safe
|
|
The marking matches glibc marking.
|
|
|
|
hypot.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note functions that are thread-safe
|
|
The markings match glibc markings.
|
|
|
|
iconv_open.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note function that is thread-safe
|
|
The marking matches glibc marking.
|
|
|
|
if_nameindex.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note functions that are thread-safe
|
|
The markings match glibc markings.
|
|
|
|
initgroups.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note function that is thread-safe
|
|
The markings match glibc markings.
|
|
|
|
mq_open.3
|
|
Torvald Riegel
|
|
Add EINVAL error case for invalid name
|
|
This behavior is implementation-defined by POSIX. If the name
|
|
doesn't start with a '/', glibc returns EINVAL without attempting
|
|
the syscall.
|
|
|
|
popen.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note functions that are thread-safe
|
|
The marking matches glibc marking.
|
|
|
|
pthread_kill.3
|
|
Michael Kerrisk
|
|
Note treatment of signals used internally by NPTL
|
|
The glibc pthread_kill() function gives an error on attempts
|
|
to send either of the real-time signals used by NPTL.
|
|
|
|
pthread_sigmask.3
|
|
Michael Kerrisk
|
|
Note treatment of signals used internally by NPTL
|
|
The glibc implementation silently ignores attempts to block the two
|
|
real-time signals used by NPTL.
|
|
|
|
pthread_sigqueue.3
|
|
Michael Kerrisk
|
|
Note treatment of signals used internally by NPTL
|
|
The glibc pthread_sigqueue() function gives an error on attempts
|
|
to send either of the real-time signals used by NPTL.
|
|
|
|
resolver.3
|
|
Stéphane Aulery [Jakub Wilk]
|
|
Document missing options used by _res structure indicate defaults
|
|
Missing options: RES_INSECURE1, RES_INSECURE2, RES_NOALIASES,
|
|
USE_INET6, ROTATE, NOCHECKNAME, RES_KEEPTSIG, BLAST, USEBSTRING,
|
|
NOIP6DOTINT, USE_EDNS0, SNGLKUP, SNGLKUPREOP, RES_USE_DNSSEC,
|
|
NOTLDQUERY, DEFAULT
|
|
|
|
Written from the glibc source and resolv.conf.5.
|
|
|
|
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527136
|
|
Stéphane Aulery
|
|
RES_IGNTC is implemented
|
|
|
|
rint.3
|
|
Matt Turner
|
|
Document that halfway cases are rounded to even
|
|
Per IEEE-754 rounding rules.
|
|
|
|
The round(3) page describes the behavior of rint and nearbyint
|
|
in the halfway cases by saying:
|
|
|
|
These functions round x to the nearest integer, but round
|
|
halfway cases away from zero [...], instead of to the
|
|
nearest even integer like rint(3)
|
|
|
|
sigqueue.3
|
|
Michael Kerrisk
|
|
NOTES: add "C library/kernel ABI differences" subheading
|
|
Michael Kerrisk
|
|
Clarify version info (mention rt_sigqueueinfo())
|
|
|
|
sigsetops.3
|
|
Michael Kerrisk
|
|
Note treatment of signals used internally by NPTL
|
|
The glibc sigfillset() function excludes the two real-time
|
|
signals used by NPTL.
|
|
|
|
sigwait.3
|
|
Michael Kerrisk
|
|
Note treatment of signals used internally by NPTL
|
|
The glibc sigwait() silently ignore attempts to wait for
|
|
signals used by NPTL.
|
|
|
|
strcoll.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note function that is thread-safe
|
|
The markings match glibc markings.
|
|
|
|
strdup.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note functions that are thread-safe
|
|
The marking matches glibc marking.
|
|
|
|
tzset.3
|
|
J William Piggott
|
|
Add 'std' quoting information
|
|
|
|
ulimit.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note function that is thread-safe
|
|
The marking matches glibc marking.
|
|
|
|
wcstombs.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note function that is thread-safe
|
|
The marking matches glibc marking.
|
|
|
|
wctob.3
|
|
Ma Shimiao
|
|
ATTRIBUTES: Note function that is thread-safe
|
|
The marking matches glibc marking.
|
|
|
|
xdr.3
|
|
Taisuke Yamada
|
|
Clarified incompatibility and correct usage of XDR API
|
|
See http://bugs.debian.org/628099
|
|
|
|
console_codes.4
|
|
Scot Doyle
|
|
Add Console Private CSI sequence 15
|
|
An undocumented escape sequence in drivers/tty/vt/vt.c brings the
|
|
previously accessed virtual terminal to the foreground.
|
|
mtk: Patch misattributed to Taisuke Yamada in Git commit
|
|
because of a muck up on my part.
|
|
Michael Kerrisk
|
|
Add kernel version number for CSI sequence 15
|
|
|
|
random.4
|
|
Michael Kerrisk
|
|
Fix permissions shown for the devices
|
|
These days, the devices are RW for everyone.
|
|
|
|
filesystems.5
|
|
Michael Kerrisk
|
|
Remove dubious claim about comparative performance of ext2
|
|
Perhaps it was the best filesystem performance-wise in
|
|
the 20th century, when that text was written. That probably
|
|
ceased to be true quite a long time ago, though.
|
|
Stéphane Aulery
|
|
Add cross references for ext filesystems
|
|
Stéphane Aulery
|
|
Specifies the scope of this list and its limits.
|
|
|
|
host.conf.5
|
|
hosts.5
|
|
resolv.conf.5
|
|
Stéphane Aulery [Paul E Condon]
|
|
Cross references of these pages.
|
|
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298259
|
|
|
|
host.conf.5
|
|
Stéphane Aulery
|
|
Rework discussion of nospoof, spoofalert, spoof and RESOLV_SPOOF_CHECK
|
|
The keywords and environment variables "nospoof", "spoofalert",
|
|
"spoof" and RESOLV_SPOOF_CHECK were added to glibc 2.0.7 but
|
|
never implemented
|
|
|
|
Move descriptions to historical section and reorder it for clarity
|
|
|
|
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773443
|
|
|
|
hosts.5
|
|
Stéphane Aulery [Vincent Lefevre]
|
|
Mention 127.0.1.1 for FQDN and IPv6 examples
|
|
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=562890
|
|
|
|
proc.5
|
|
Taisuke Yamada
|
|
Document /proc/PID/status VmPin field
|
|
See https://bugs.launchpad.net/bugs/1071746
|
|
Michael Kerrisk
|
|
Document (the obsolete) /proc/PID/seccomp
|
|
Michael Kerrisk
|
|
Replace description of 'uid_map' with a reference to user_namespaces(7)
|
|
All of the information in proc(5) was also present in
|
|
user_namespaces(7), but the latter was more detailed
|
|
and up to date.
|
|
Taisuke Yamada
|
|
Fix SELinux /proc/pid/attr/current example
|
|
Since the /proc/pid/attr API was added to the kernel, there
|
|
have been a couple of changes to the SELinux handling of
|
|
/proc/pid/attr/current. Fix the SELinux /proc/pid/attr/current
|
|
example text to reflect these changes and note which kernel
|
|
versions first included the changes.
|
|
|
|
securetty.5
|
|
Stéphane Aulery [Nicolas FRANCOIS]
|
|
Note that the pam_securetty module also uses this file
|
|
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528015
|
|
|
|
This patch is a modified version of the one proposed without
|
|
parts specific to Debian.
|
|
|
|
boot.7
|
|
Michael Witten
|
|
Copy edit
|
|
While a lot of the changes are issues of presentation,
|
|
there are also issues of grammar and punctuation.
|
|
Michael Witten
|
|
Mention `systemd(1)' and its related `bootup(7)'
|
|
It's important that the reader receive contemporary information.
|
|
|
|
credentials.7
|
|
Michael Kerrisk
|
|
SEE ALSO: add pthreads(7)
|
|
Michael Kerrisk
|
|
Add reference to nptl(7)
|
|
|
|
feature_test_macros.7
|
|
Michael Kerrisk
|
|
Update discussion of _FORTIFY_SOURCE
|
|
Since the initial implementation a lot more checks were added.
|
|
Describe all the checks would be too verbose (and would soon
|
|
fall out of date as more checks are added). So instead, describe
|
|
the kinds of checks that are done more generally.
|
|
Also a few other minor edits to the text.
|
|
|
|
hier.7
|
|
Stéphane Aulery
|
|
First patch of a series to achieve compliance with FHS 2.3
|
|
Stéphane Aulery
|
|
SGML and XML directories are separated in FHS 2.3
|
|
Stéphane Aulery
|
|
Add missing directories defined by FHS 2.3
|
|
Stéphane Aulery
|
|
Identify which directories are optional
|
|
Stéphane Aulery
|
|
Document /initrd, /lost+found and /sys
|
|
Ubuntu Bug #70094 reported by Brian Beck
|
|
https://bugs.launchpad.net/ubuntu/+source/manpages/+bug/70094
|
|
Stéphane Aulery
|
|
Explain YP, which is not obvious
|
|
|
|
ipv6.7
|
|
Stéphane Aulery [David Madore]
|
|
SOL_IPV6 and other SOL_* options socket are not portable
|
|
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472447
|
|
|
|
man-pages.7
|
|
Michael Kerrisk [Bill Pemberton]
|
|
Add indent(1) command that produces desired formatting for example code
|
|
Stéphane Aulery
|
|
Improve description of sections in accordance with intro pages
|
|
|
|
packet.7
|
|
Michael Kerrisk
|
|
Rework description of fanout algorithms as list
|
|
Michael Kerrisk
|
|
Remove mention of needing UID 0 to create packet socket
|
|
The existing text makes no sense. The check is based
|
|
purely on a capability check. (Kernel function
|
|
net/packet/af_packet.c::packet_create()
|
|
Michael Kerrisk
|
|
Remove text about ancient glibc not defining SOL_PACKET
|
|
This was fixed in glibc 2.1.1, which is a long while ago.
|
|
And in any case, there is nothing special about this case;
|
|
it's just one of those times when glibc lags.
|
|
Michael Kerrisk
|
|
Rework description of 'sockaddr_ll' fields as a list
|
|
Michael Kerrisk
|
|
Various minor edits
|
|
|
|
pthreads.7
|
|
Michael Kerrisk
|
|
Add references to nptl(7)
|
|
|
|
raw.7
|
|
Michael Kerrisk
|
|
Rephrase "Linux 2.2" language to "Linux 2.2 or later"
|
|
The man page was written in the LInux 2.2 timeframe, and
|
|
some phrasing was not future-proof.
|
|
|
|
signal.7
|
|
Michael Kerrisk
|
|
Note when Linux added realtime signals
|
|
Michael Kerrisk
|
|
Correct the range of realtime signals
|
|
Michael Kerrisk
|
|
Summarize 2.2 system call changes that resulted from larger signal sets
|
|
Michael Kerrisk
|
|
SEE ALSO: add nptl(7)
|
|
|
|
tcp.7
|
|
Peter Adkins
|
|
Document removal of TCP_SYNQ_HSIZE
|
|
Looking over the man page for 'tcp' I came across a reference to
|
|
tuning the 'TCP_SYNQ_HSIZE' parameter when increasing
|
|
'tcp_max_syn_backlog' above 1024. However, this static sizing was
|
|
removed back in Linux 2.6.20 in favor of dynamic scaling - as
|
|
part of commit 72a3effaf633bcae9034b7e176bdbd78d64a71db.
|
|
|
|
user_namespaces.7
|
|
Eric W. Biederman
|
|
Update the documentation to reflect the fixes for negative groups
|
|
Files with access permissions such as rwx---rwx give fewer
|
|
permissions to their group then they do to everyone else. Which
|
|
means dropping groups with setgroups(0, NULL) actually grants a
|
|
process privileges.
|
|
|
|
The unprivileged setting of gid_map turned out not to be safe
|
|
after this change. Privileged setting of gid_map can be
|
|
interpreted as meaning yes it is ok to drop groups. [ Eric
|
|
additionally noted: Setting of gid_map with privilege has been
|
|
clarified to mean that dropping groups is ok. This allows
|
|
existing programs that set gid_map with privilege to work
|
|
without changes. That is, newgidmap(1) continues to work
|
|
unchanged.]
|
|
|
|
To prevent this problem and future problems, user namespaces were
|
|
changed in such a way as to guarantee a user can not obtain
|
|
credentials without privilege that they could not obtain without
|
|
the help of user namespaces.
|
|
|
|
This meant testing the effective user ID and not the filesystem
|
|
user ID, as setresuid(2) and setregid(2) allow setting any process
|
|
UID or GID (except the supplementary groups) to the effective ID.
|
|
|
|
Furthermore, to preserve in some form the useful applications
|
|
that have been setting gid_map without privilege, the file
|
|
/proc/[pid]/setgroups was added to allow disabling setgroups(2).
|
|
With setgroups(2) permanently disabled in a user namespace, it
|
|
again becomes safe to allow writes to gid_map without privilege.
|
|
Michael Kerrisk
|
|
Rework some text describing permission rules for updating map files
|
|
No (intentional) change to the facts, but this restructuring
|
|
should make the meaning easier to grasp.
|
|
Michael Kerrisk
|
|
Update kernel version associated with 5-line limit for map files
|
|
As at Linux 3.18, the limit is still five lines, so mention the
|
|
more recent kernel version in the text.
|
|
Michael Kerrisk [Alban Crequy]
|
|
Handle /proc/PID/setgroups in the example program
|
|
Michael Kerrisk
|
|
Rework text describing restrictions on updating /proc/PID/setgroups
|
|
No (intentional) changes to factual description, but the
|
|
restructured text is hopefully easier to grasp.
|
|
Michael Kerrisk
|
|
Explain why the /proc/PID/setgroups file was added
|
|
|
|
ldconfig.8
|
|
Michael Kerrisk
|
|
Note use of /lib64 and /usr/lib64 on some 64-bit architectures
|
|
|
|
ld.so.8
|
|
Michael Kerrisk
|
|
Note the use of /lib64 and /usr/lib64 on some 64-bit architectures
|
|
|