]>
git.ipfire.org Git - thirdparty/man-pages.git/log
Michael Kerrisk [Sat, 18 Jun 2016 20:11:41 +0000 (22:11 +0200)]
mount.2: SEE ALSO: s/namespaces(7)/mount_namespaces(7)/
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 18 Jun 2016 20:10:12 +0000 (22:10 +0200)]
namespaces.7: Refer to new mount_namespaces(7) for information on mount namespaces
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Mon, 27 Jun 2016 15:52:31 +0000 (10:52 -0500)]
mount_namespaces.7: Minor tweaks
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 18 Jun 2016 18:00:04 +0000 (20:00 +0200)]
mount_namespaces.7: New page describing mount namespaces
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Mon, 20 Jun 2016 12:22:22 +0000 (14:22 +0200)]
proc.5: /proc/PID/mountinfo 'propagate_from' always appears with 'master' tag
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Mon, 20 Jun 2016 12:21:25 +0000 (14:21 +0200)]
proc.5: Rework /proc/PID/mountinfo text on dominant peer groups
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Mon, 20 Jun 2016 11:21:07 +0000 (13:21 +0200)]
proc.5: ffix + wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 29 Jun 2016 05:26:33 +0000 (07:26 +0200)]
user_namespaces.7: Correct kernel version where XFS added support for user namespaces
Linux 3.12, not 3.11.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 29 Jun 2016 05:02:50 +0000 (07:02 +0200)]
ptrace.2: Minor fixes after review by Kees Cook
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 29 Jun 2016 04:47:16 +0000 (06:47 +0200)]
ptrace.2: tfix
Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Tue, 28 Jun 2016 05:05:21 +0000 (07:05 +0200)]
ptrace.2: Note that user namespaces can be used to bypass Yama protections
Cowrittten-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Tue, 28 Jun 2016 04:59:28 +0000 (06:59 +0200)]
user_namespaces.7: SEE ALSO: add ptrace(2)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 25 Jun 2016 07:25:09 +0000 (09:25 +0200)]
ptrace.2: Update Yama ptrace_scope documentation
Reframe the discussion in terms of PTRACE_MODE_ATTACH checks,
and make a few other minor tweaks and additions.
Reviewed-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 25 Jun 2016 06:41:05 +0000 (08:41 +0200)]
ptrace.2: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 25 Jun 2016 06:31:28 +0000 (08:31 +0200)]
ptrace.2: srcfix: add 2015 copyright notice for mtk
(Yama ptrace_scope text added in 2015.)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 09:49:09 +0000 (11:49 +0200)]
ptrace.2: Add an introductory paragraph to the Ptrace access mode checks" section
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 08:45:47 +0000 (10:45 +0200)]
ptrace.2: tfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 08:44:45 +0000 (10:44 +0200)]
ptrace.2: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 08:43:26 +0000 (10:43 +0200)]
ptrace.2: Relocate text noting that PTRACE_MODE_* constants are kernel-internal
(No content changes.)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 08:41:49 +0000 (10:41 +0200)]
ptrace.2: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 08:33:01 +0000 (10:33 +0200)]
ptrace.2: srcfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Stephen Smalley [Fri, 24 Jun 2016 08:27:53 +0000 (10:27 +0200)]
ptrace.2: Describe PTRACE_MODE_NOAUDIT in more detail
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Thu, 23 Jun 2016 07:41:03 +0000 (09:41 +0200)]
ptrace.2: Further fixes after review from Jann Horn
Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Thu, 23 Jun 2016 04:30:37 +0000 (06:30 +0200)]
ptrace.2: Minor improvements to ptrace access mode text
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 22 Jun 2016 19:12:57 +0000 (21:12 +0200)]
ptrace.2: Various fixes after review by Jann Horn
Among other things, Jann pointed out that the commoncap LSM
is always invoked, and Kees Cook pointed out the relevant
kernel code:
===
> BTW, can you point me at the piece(s) of kernel code that show that
> "commoncap" is always invoked in addition to any other LSM that has
> been installed?
It's not entirely obvious, but the bottom of security/commoncap.c shows:
struct security_hook_list capability_hooks[] = {
LSM_HOOK_INIT(capable, cap_capable),
...
};
void __init capability_add_hooks(void)
{
security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks));
}
And security/security.c shows the initialization order of the LSMs:
int __init security_init(void)
{
pr_info("Security Framework initialized\n");
/*
* Load minor LSMs, with the capability module always first.
*/
capability_add_hooks();
yama_add_hooks();
loadpin_add_hooks();
/*
* Load all the remaining security modules.
*/
do_security_initcalls();
return 0;
}
===
Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 22 Jun 2016 18:57:08 +0000 (20:57 +0200)]
kcmp.2, ptrace.2: tfix
Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 22 Jun 2016 18:41:15 +0000 (20:41 +0200)]
ptrace.2: Clarify the purpose of mentioning the kernel PTRACE_MODE_* constants
The "ptrace access mode" text is about user-space-visible
behavior, but in order to explain that behavior at what I
believe is a sufficient level of detail (e.g., to differentiate
the various types of checks that are performed for various
system calls and pseudofile accesses), one needs (1) to discuss
the MODE flag details as implemented in the kernel, and (2) to
have a shorthand way to refer to the various cases from other
pages. It's not absolutely necessary to name the flags for (1),
but using the flag names is certainly a handy shorthand for (2).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Tue, 21 Jun 2016 09:31:21 +0000 (11:31 +0200)]
proc.5: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 10:21:19 +0000 (12:21 +0200)]
kcmp.2: kcmp() is governed by PTRACE_MODE_READ_REALCREDS
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 10:16:23 +0000 (12:16 +0200)]
get_robust_list.2: get_robust_list() is governed by PTRACE_MODE_READ_REALCREDS
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 10:13:14 +0000 (12:13 +0200)]
perf_event_open.2: If pid > 0, the operation is governed by PTRACE_MODE_READ_REALCREDS
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 10:09:18 +0000 (12:09 +0200)]
ptrace.2: Note that PTRACE_SEIZE is subject to a ptrace access mode check
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 10:08:08 +0000 (12:08 +0200)]
ptrace.2: Rephrase PTRACE_ATTACH permissions in terms of ptrace access mode check
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 10:04:26 +0000 (12:04 +0200)]
process_vm_readv.2: Rephrase permission rules in terms of a ptrace access mode check
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 09:56:34 +0000 (11:56 +0200)]
proc.5: Note /proc/PID/stat fields that are governed by PTRACE_MODE_READ_FSCREDS
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 09:40:29 +0000 (11:40 +0200)]
proc.5: /proc/PID/fd/* are governed by PTRACE_MODE_READ_FSCREDS
Permission to dereference/readlink /proc/PID/fd/* symlinks is
governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 09:35:06 +0000 (11:35 +0200)]
namespaces.7: /proc/PID/ns/* are governed by PTRACE_MODE_READ_FSCREDS
Permission to dereference/readlink /proc/PID/ns/* symlinks is
governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 09:28:03 +0000 (11:28 +0200)]
proc.5: /proc/PID/{cwd,exe,root} are governed by PTRACE_MODE_READ_FSCREDS
Permission to dereference/readlink /proc/PID/{cwd,exe,root} is
governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 09:12:36 +0000 (11:12 +0200)]
proc.5: /proc/PID/{personality,stack,syscall} are governed by PTRACE_MODE_ATTACH_FSCREDS
Permission to access /proc/PID/{personality,stack,syscall} is
governed by a PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 09:06:03 +0000 (11:06 +0200)]
proc.5: /proc/PID/io is governed by PTRACE_MODE_READ_FSCREDS
Permission to access /proc/PID/io is governed by
a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 09:01:50 +0000 (11:01 +0200)]
proc.5: /proc/PID/timerslack_ns is governed by PTRACE_MODE_ATTACH_FSCREDS
Permission to access /proc/PID/timerslack_ns is governed by
a PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 08:41:59 +0000 (10:41 +0200)]
proc.5: /proc/PID/{auxv,environ,wchan} are governed by PTRACE_MODE_READ_FSCREDS
Permission to access /proc/PID/{auxv,environ,wchan} is governed by
a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sat, 11 Jun 2016 08:07:53 +0000 (10:07 +0200)]
proc.5: Document /proc/PID/{maps,mem,pagemap} access mode checks
Permission to access /proc/PID/{maps,pagemap} is governed by a
PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Permission to access /proc/PID/mem is governed by a
PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Thu, 9 Jun 2016 20:13:53 +0000 (22:13 +0200)]
ptrace.2: Document ptrace access modes
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Tue, 28 Jun 2016 04:32:23 +0000 (06:32 +0200)]
cgroups.7: ERRORS: add mount(2) EBUSY error
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sun, 26 Jun 2016 14:31:44 +0000 (16:31 +0200)]
user_namespaces.7: Correct user namespace rules for mounting /proc
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sun, 26 Jun 2016 14:11:30 +0000 (16:11 +0200)]
user_namespaces.7: CAP_SYS_ADMIN allows mounting cgroup filesystems
See https://bugzilla.kernel.org/show_bug.cgi?id=120671
Reported-by: Michał Zegan <webczat_200@poczta.onet.pl>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sun, 26 Jun 2016 14:09:06 +0000 (16:09 +0200)]
user_namespaces.7: Clarify CAP_SYS_ADMIN details for mounting FS_USERNS_MOUNT filesystems
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Sun, 26 Jun 2016 11:08:52 +0000 (13:08 +0200)]
acct.2, chmod.2, fcntl.2, mmap.2, mprotect.2, rmdir.2, times.2: tfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 15:19:21 +0000 (17:19 +0200)]
ctime.3, error.3, getmntent.3, getnetent_r.3, getrpcent_r.3, getservent_r.3, pthread_attr_init.3, pthread_getattr_np.3, pthread_tryjoin_np.3, rpc.3, setaliasent.3, setenv.3, unlocked_stdio.3: srcfix: Eliminate some groff warnings
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 08:20:40 +0000 (10:20 +0200)]
futex.2: Explain how to get equivalent of FUTEX_WAIT with an absolute timeout
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 08:00:25 +0000 (10:00 +0200)]
futex.2: Describe FUTEX_BITSET_MATCH_ANY
Describe FUTEX_BITSET_MATCH_ANY and FUTEX_WAIT and FUTEX_WAKE
equivalences.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 07:35:44 +0000 (09:35 +0200)]
futex.2: Note that at least one bit must be set in mask for BITSET operations
At least one bit must be set in the 'val3' mask supplied for the
FUTEX_WAIT_BITSET and FUTEX_WAKE_BITSET operations.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 07:34:16 +0000 (09:34 +0200)]
futex.2: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 07:28:56 +0000 (09:28 +0200)]
futex.2: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 06:54:38 +0000 (08:54 +0200)]
futex.2: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 06:54:03 +0000 (08:54 +0200)]
futex.2: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 06:52:16 +0000 (08:52 +0200)]
futex.2: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 06:49:18 +0000 (08:49 +0200)]
futex.2: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 24 Jun 2016 06:39:40 +0000 (08:39 +0200)]
futex.2: Clarify clock default and choices for FUTEX_WAIT
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Marko Myllynen [Tue, 21 Jun 2016 07:07:42 +0000 (10:07 +0300)]
charmap.5: ffix
Michael Kerrisk [Thu, 23 Jun 2016 10:43:51 +0000 (12:43 +0200)]
futex.2: Fix descriptions of various timeouts
Reported-by: Thomas Gleixner <tglx@linutronix.de>
Reported-by: Darren Hart <dvhart@infradead.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Thu, 23 Jun 2016 08:29:41 +0000 (10:29 +0200)]
futex.2: Correct an ENOSYS error description
Since Linux 4.5, FUTEX_CLOCK_REALTIME is allowed with with FUTEX_WAIT.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Thu, 23 Jun 2016 08:13:59 +0000 (10:13 +0200)]
futex.2: Remove crufty text about FUTEX_WAIT_BITSET interpretation of timeout
Since Linux 4.5, FUTEX_WAIT also understands
FUTEX_CLOCK_REALTIME.
Reported-by: Darren Hart <dvhart@infradead.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 22 Jun 2016 10:32:48 +0000 (12:32 +0200)]
termio.7: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 22 Jun 2016 10:31:21 +0000 (12:31 +0200)]
boot.7: Minor SEE ALSO fixes
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 22 Jun 2016 10:26:16 +0000 (12:26 +0200)]
statfs.2: tfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 22 Jun 2016 10:10:46 +0000 (12:10 +0200)]
fmax.3, fmin.3: SEE ALSO: add fdim(3)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 22 Jun 2016 10:04:15 +0000 (12:04 +0200)]
strtoul.3: SEE ALSO: add a64l(3)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 22 Jun 2016 10:01:56 +0000 (12:01 +0200)]
vhangup.2: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 22 Jun 2016 09:55:41 +0000 (11:55 +0200)]
chroot.2: SEE ALSO: add pivot_root(2)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 22 Jun 2016 09:48:44 +0000 (11:48 +0200)]
lookup_dcookie.2: ffix / wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 22 Jun 2016 09:47:35 +0000 (11:47 +0200)]
lookup_dcookie.2: SEE ALSO: add oprofile(1)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Wed, 22 Jun 2016 09:11:56 +0000 (11:11 +0200)]
cacheflush.2: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Tue, 21 Jun 2016 10:17:27 +0000 (12:17 +0200)]
strcat.3: Add a program that shows the performance characteristics of strcat()
In honor of Joel Spolksy's visit to Munich, let's start educating
Schlemiel The Painter.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Tue, 21 Jun 2016 11:51:24 +0000 (13:51 +0200)]
user_namespaces.7: List the mount operations permitted by CAP_SYS_ADMIN
List the mount operations permitted by CAP_SYS_ADMIN in a
noninitial userns.
See https://bugzilla.kernel.org/show_bug.cgi?id=120671
Reported-by: Michał Zegan <webczat_200@poczta.onet.pl>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Tue, 21 Jun 2016 11:28:29 +0000 (13:28 +0200)]
user_namespaces.7: Add a subsection heading for effects of capabilities in user NS
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Tue, 21 Jun 2016 08:44:57 +0000 (10:44 +0200)]
user_namespaces.7: Clarify meaning of privilege in a user namespace
Having privilege in a user NS only allows privileged
operations on resources governed by that user NS. Many
privileged operations relate to resources that have no
association with any namespace type, and only processes
with privilege in the initial user NS can perform those
operations.
See https://bugzilla.kernel.org/show_bug.cgi?id=120671
Reported-by: Michał Zegan <webczat_200@poczta.onet.pl>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Tue, 21 Jun 2016 08:25:38 +0000 (10:25 +0200)]
cgroup_namespaces.7: tfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Tue, 21 Jun 2016 07:56:34 +0000 (09:56 +0200)]
user_namespaces.7: SEE ALSO: add cgroup_namespaces(7)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Tue, 21 Jun 2016 07:49:32 +0000 (09:49 +0200)]
user_namespaces.7: Describe a concrete example of capability checking
Add a concrete example of how the kernel checks capabilities in
an associated user namespace when a process attempts a privileged
operation.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Tue, 21 Jun 2016 07:43:34 +0000 (09:43 +0200)]
user_namespaces.7: Minor wording fix
Avoid listing all namespace types in a couple of places,
since such a list is subject to bit rot as the number
of namespace types grows.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Mon, 20 Jun 2016 19:03:37 +0000 (21:03 +0200)]
user_namespaces.7: wfix: reword a long, difficult to understand sentence
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Mon, 20 Jun 2016 13:14:10 +0000 (15:14 +0200)]
netlink.7: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Mon, 20 Jun 2016 13:13:16 +0000 (15:13 +0200)]
netlink.7: Rework version information
(No changes in technical details.)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Mon, 20 Jun 2016 12:03:42 +0000 (14:03 +0200)]
cgroups.7: wfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Jakub Wilk [Sun, 19 Jun 2016 20:52:16 +0000 (22:52 +0200)]
kcmp.2: tfix
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Michael Kerrisk [Mon, 20 Jun 2016 12:54:52 +0000 (14:54 +0200)]
unix.7: Update text on socket permissions on other systems
At least some of the modern BSDs seem to check for write
permission on a socket. (I tested OpenBSD 5.9.) On Solaris 10,
some light testing suggested that write permission is still
not checked on that system.
See https://bugzilla.kernel.org/show_bug.cgi?id=120061 (and
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1402)
Reported-by: Carsten Grohmann <carstengrohmann@gmx.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Mon, 20 Jun 2016 09:24:11 +0000 (11:24 +0200)]
unix.7: Note that umask / permissions have no effect for abstract sockets
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Mon, 20 Jun 2016 09:17:04 +0000 (11:17 +0200)]
unix.7: Move some abstract socket details to a separate subsection
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Mon, 20 Jun 2016 09:14:27 +0000 (11:14 +0200)]
unix.7: Move discussion on pathname socket permissions to DESCRIPTION
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Mon, 20 Jun 2016 09:10:35 +0000 (11:10 +0200)]
unix.7: Minor wording fixes
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Mon, 20 Jun 2016 08:49:52 +0000 (10:49 +0200)]
unix.7: Note that abstract sockets automatically disappear when FDs are closed
Added after I ran across this question:
http://unix.stackexchange.com/questions/216784/does-linux-automatically-clean-up-abstract-domain-sockets
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 17 Jun 2016 16:57:06 +0000 (18:57 +0200)]
unix.7: Minor wording fix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 17 Jun 2016 16:51:38 +0000 (18:51 +0200)]
unix.7: Clarify ownership and permissions assigned during socket creation
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 17 Jun 2016 16:47:24 +0000 (18:47 +0200)]
unix.7: Expand discussion of socket permissions
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 17 Jun 2016 16:40:10 +0000 (18:40 +0200)]
unix.7: Enhance statement about changing sockets ownership and permissions
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 17 Jun 2016 16:38:18 +0000 (18:38 +0200)]
unix.7: Fix statement about permissions needed to connect to a UNIX doain socket
Read permission is not required (verified by experiment).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 17 Jun 2016 16:33:10 +0000 (18:33 +0200)]
unix.7: grfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Michael Kerrisk [Fri, 17 Jun 2016 21:39:05 +0000 (23:39 +0200)]
getaddrinfo_a.3: srcfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>