ld.so.8: LD_BIND_NOT has effect only for function symbols

As far as I can tell from testing and a short read of the glibc
source code, LD_BIND_NOT has an effect only for function symbols.
This is consistent also with the Solaris documentation, which
says:

    When the runtime linker performs a function relocation, it
    rewrites data associated with the functions .plt so that any
    subsequent calls will go directly to the function. The
    environment variable LD_BIND_NOT can be set to any value to
    prevent this data update. By using this variable together
    with the debugging request for detailed bindings, you can
    get a complete runtime account of all function binding.

Test case:

$ cat prog.c

int
main(int argc, char *argv[])
{
    for (;;) {
sleep(1);
optind = 0;
    }

    exit(EXIT_SUCCESS);
}
$ cc prog.c

And then in the run below, in each loop, we see repeated resolutions
only for the function symbol, sleep() (and not for optind).

$ LD_BIND_NOT=1 LD_DEBUG=symbols,bindings ./a.out
...
     30481: transferring control: ./t
     30481:
     30481: symbol=sleep;  lookup in file=./t [0]
     30481: symbol=sleep;  lookup in file=/lib64/libc.so.6 [0]
     30481: binding file ./t [0] to /lib64/libc.so.6 [0]: normal symbol `sleep' [GLIBC_2.2.5]
     30481: symbol=sleep;  lookup in file=./t [0]
     30481: symbol=sleep;  lookup in file=/lib64/libc.so.6 [0]
     30481: binding file ./t [0] to /lib64/libc.so.6 [0]: normal symbol `sleep' [GLIBC_2.2.5]
     30481: symbol=sleep;  lookup in file=./t [0]
     30481: symbol=sleep;  lookup in file=/lib64/libc.so.6 [0]
     30481: binding file ./t [0] to /lib64/libc.so.6 [0]: normal symbol `sleep' [GLIBC_2.2.5]
     30481: symbol=sleep;  lookup in file=./t [0]
     30481: symbol=sleep;  lookup in file=/lib64/libc.so.6 [0]
     30481: binding file ./t [0] to /lib64/libc.so.6 [0]: normal symbol `sleep' [GLIBC_2.2.5]
     30481: symbol=sleep;  lookup in file=./t [0]
     30481: symbol=sleep;  lookup in file=/lib64/libc.so.6 [0]
     30481: binding file ./t [0] to /lib64/libc.so.6 [0]: normal symbol `sleep' [GLIBC_2.2.5]
     30481: symbol=sleep;  lookup in file=./t [0]
     30481: symbol=sleep;  lookup in file=/lib64/libc.so.6 [0]
     30481: binding file ./t [0] to /lib64/libc.so.6 [0]: normal symbol `sleep' [GLIBC_2.2.5]

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

resolv.conf.5: The 'inet6' option is deprecated since glibc 2.25

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

resolver.3: RES_USE_INET6 is deprecated since glibc 2.25

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

resolver.3: Note that RES_BLAST was unimplemented and is now deprecated

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

resolver.3: RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG are deprecated

These options were never implemented; since glibc 2.25, they
are deprecated.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

resolv.conf.5: ip6-bytestring was removed in glibc 2.25

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

resolver.3: RES_USEBSTRING was removed in glibc 2.25

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

resolver.3, resolv.conf.5: Note that RES_USEBSTRING defaults to off

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

resolv.conf.5: tfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

resolv.conf.5: The ipc-dotint and no-ip6-dotint options were removed in glibc 2.25

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

resolv.conf.5: ffix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

resolver.3: The RES_NOIP6DOTINT is removed in glibc 2.25

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

getrlimit.2: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

getrlimit.2: tfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

pid_namespaces.7, user_namespaces.7: Adjust references to namespaces(7) to ioctl_ns(2)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ioctl.2: SEE ALSO: add ioctl_ns(2)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

namespaces.7: Remove content split out into ioctl_ns(2)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ioctl_ns.2: New page created by splitting ioctl(2) operations out of namespaces(7)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

remap_file_pages.2: remap_file_pages() has been replaced by a slower in-kernel emulation

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ioctl_fideduperange.2: ffix

Add empty line between "struct file_dedupe_range" definition and the
following paragraph.

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

getmntent.3: Prefer '\\' as the escape to get a backslash

See https://bugzilla.kernel.org/show_bug.cgi?id=191611

Reported-by: Anders Thulin <anders@thulin.name>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fopen.3: Change argument name: 'path' to 'pathname'

For consistency with open(2).

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fopen.3: Describe freopen() behavior for NULL pathname argument

See https://bugzilla.kernel.org/show_bug.cgi?id=191261

Reported-by: Helmut Eller <eller.helmut@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fopen.3: Note the open(2) flags that correspond to the 'mode' argument

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fopen.3: Add subsection headings for each function

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fopen.3: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

unix.7: tfix

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

mdoc.7: tfix

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: tfix

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

aio_suspend.3: tfix

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

request_key.2: tfix

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyctl.2: tfix

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

getrlimit.2: tfix

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

Changes.old: tfix

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

signal.7: SIGXFSZ: add reference to setrlimit(2)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

signal.7: SIGXCPU: add reference to setrlimit(2)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

signal.7: SIGSYS: add reference to seccomp(2)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

signal.7: SIGPIPE: add reference to pipe(7)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

signal.7: Add a name for SIGEMT

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

pkeys.7, signal.7: tfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

signal.7: Change description of SIGSYS to "Bad system call"

This is the more typical definition.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

inotify_add_watch.2: Note "inode" as a synonym for "filesystem object"

Consistent with clarifications just made in inotify(7).

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

inotify.7: Point out that inotify monitoring is inode based

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

recv.2: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: clarify PTRACE_O_EXITKILL

The description in the man page is confusing; it makes it sound like
setting the PTRACE_O_EXITKILL flag on any tracee makes it so that all
tracees are killed if the tracer exits. The description from kernel
commit 992fb6e170639b that introduced PTRACE_O_EXITKILL offers a
different explanation: "If the tracer exits it sends SIGKILL to every
tracee which has this bit set".

Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

cgroups.7: tfix

Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

recv.2: Remove duplicate paragraph

man-pages-1.34 included changes that duplicated an existing
paragraph. Remove that duplicate.

Reported-by: Vincent Bernat <vincent@bernat.im>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, perfmonctl.2, sched_rr_get_interval.2: ffix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

pid_namespaces.7: Minor fixes to Keno Fischer's patch

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

pid_namespaces.7: CLONE_SIGHAND|CLONE_VM|CLONE_NEWPID is no longer disallowed

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

__ppc_set_ppr_med.3: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

__ppc_set_ppr_med.3: Note need for _ARCH_PWR8 macro

The _ARCH_PWR8 macro must be defined to get the
 __ppc_set_ppr_very_low() and __ppc_set_ppr_med_high()
definitions.

Signed-off-by: Wainer dos Santos Moschetta <wainersm@linux.vnet.ibm.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

prctl.2: Minor fixes to Keno's patch

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

prctl.2: Be more precise in what causes dumpable to reset

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

poll.2i, select.2: ffix + srcfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

poll.2, select.2: Add a reference to the sigset discussion in sigprocmask(2)

A little while back, I added a note to sigprocmask.2 that
discussed the difference between the libc's and the kernel's
sigset_t structures.  I added that note, because I saw this being
done wrong in a tool tracing system calls (causing subtle bugs).
As it turns out, the same bugs existed for ppoll and pselect, for
the same reason. I'm hoping by adding the reference here, future
writers of similar tools will find that discussion and not make
the same mistake.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

cgroups.7: ffix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

sched.7: wfix

Reported-by: Nicolas Biscos <nicolas.biscos+man7@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

getline.3: Document ENOMEM error case

see the error handling in libio/iogetdelim.c

Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

man_show_fixme.sh: Fix rendering issue

If a single quote falls at the start of a line, then the rest of
the line is treated as a comment. Therefore, escape single quotes.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyctl.2: srcfix: update FIXME

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyctl.2: KEYCTL_SET_REQKEY_KEYRING also has an effect for request_key(2)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

add_key.2: srcfix: Update FIXMEs

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

request_key.2: srcfix: FIXME

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyctl.2: Improve a KEYCTL_SET_REQKEY_KEYRING detail

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

request_key.2: Improve description of default keyring when dest_keyring is zero

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

request_key.2: Minor wording fixes

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

request_key.2: Add information regarding default keyring

Notes from Eugene:

Based on linux v4.9-rc6 (9c763584):

 * security/keys/keyctl.c, SYSCALL_DEFINE4(request_key, ...), line 158:
  * Assume that call is performed with with destringid == 0:
  * We skip check on line 196, so dest_ref remains NULL
  * On line 213, request_key_and_link is called with key_ref_to_ptr(dest_ref)
   * key_ref_to_ptr() itself just zeroes lower bit which is used for
     indication that key reference in the possession of the current
     context.
 * security/keys/request_key.c, request_key_and_link, line 508:
  * On line 543, we try to search process keyrings for the key (we
    fill ctx at hte beginning of the function and then pass it to
    search_process_keyrings)
  * If key is found (key_ref is not erroneous), we convert key_ref to
    ptr on line 546 and skip the following block on line 547 since
    dest_keyring is 0.
  * If key is not found and error is not EAGAIN, then
    construct_key_and_link is called on line 566 with dest_keyring ==
    NULL.
 * security/keys/request_key.c, construct_key_and_link, line 430:
  * On line 450, construct_get_dest_keyring is called with dest_keyring
    == NULL.
 * security/keys/request_key.c, construct_get_dest_keyring, line 253:
  * The argument here (which is pointer to pointer to struct key) is
    named _dest_keyring, but on line 257 it is dereferenced to local
    variable dest_keyring (so it stores NULL now).
  * We re going to the "else" branch (starting from line 266) of check
    on line 262
  * Now we are switching against cred->jit_keyring with the behavour
    described in the patch.
 * git grep jit_keyring security/keys reveals that it is assigned inside
   keyctl_set_reqkey_keyring, security/keys/keyctl.c, line 1257.
 * keyctl_set_reqkey_keyring is called from SYSCALL_DEFINE5(keyctl,
   ...), when option passed to keyctl is KEYCTL_SET_REQKEY_KEYRING (line
   1652).
 * Default value for jit_keyring is sort of difficult to find out, since
   it is inherited, but overall it is explicitly set to
   KEY_REQKEY_DEFL_THREAD_KEYRING or copied from zeroed-out structures
   (so it is equal to KEY_REQKEY_DEFL_DEFAULT) which leads to the same
   behaviour in case the process has not been upcalled by request_key
   construction.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: Number the fields in /proc/keys for easy reference in discussion

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: srcfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: wfix

Reported-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: Fixes after feedback from David Howells

Reported-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: wfix

Reported-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: Add a little more detail on the encryption of the big_key payload

Reported-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: ff

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: Rework 'big_key' text a little

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: Fixes after review by David Howells

Reported-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: Reorder list of key types

Place "keyring" first.

Reported-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

add_key.2: Various fixes after review by David Howells

Reported-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

add_key.2: Reorder list of key tpes (pace keyrings first)

Reported-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: Add a note on the unimplemented group keyring

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: Note the special keyring IDs used in add_key()/request_key()/keyctl()

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: ffix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: Extend SEE ALSO list

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

add_key.2: srcfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: Minor tweaks

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyrings.7: Add info regarding pre-3.17 defaults in root_maxbytes/root_maxkeys

keyrings.7: tfix

keyrings.7: Minor clarification on where big_key payload is stored

keyrings.7: tfix

keyrings.7: Minor clarification regarding storage method used in keyrings

keyctl.2: tfix

request_key.2: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

request_key.2: Tweaks to Eugene Syromyatnikov's patches

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

request_key.2: VERSIONS: Note kernel version that added key instantiation on request

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

request_key.2: Document some additional errors

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

request_key.2: wfix

request_key.2: tfix

keyrings.7: Note key types and descriptions that are reserved to the implementation

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

add_key.2: ERRORS: Note key types and descriptions that are reserved

Some key type names and keyring description names are
reserved to the implementation.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>