getpriority.2: Make discussion of RLIMIT_NICE more prominent

The discussion of RLIMIT_NICE was hidden under the EPERM error,
where it was difficult to find. Place some relevant text in
DESCRIPTION.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

getpriority.2: Clarify equivalence between lower nice value and higher priority

Reported-by: Robin Kuzmin <kuzmin.robin@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

getpriority.2: Note that getpriority()/setpriority deal with same attribute as nice(2)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

setfsgid.2, setfsuid.2: Note which glibc version stopped checking for truncation of the argument

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

setfsgid.2, setfsuid.2: Move glibc wrapper notes to "C library/kernel differences" subsection

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

setfsgid.2, setfsuid.2: Fix note about errors from the syscall wrapper

See sysdeps/unix/sysv/linux/i386/setfsuid.c in glibc-2.2.1.
(This code is not present in modern glibc anymore.)

Signed-off-by: Jann Horn <jannh@google.com>

bootparam.7: tfix

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>

dir_colors.5: tfix

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>

syscalls.2: tfix

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>

unshare.2: Add reference to mount_namespaces(7) under CLONE_NEWNS description

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

clone.2: Add reference to mount_namespaces(7) under CLONE_NEWNS description

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

clone.2: tfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

mount.2: Refer reader to mount_namespaces(7) for details on propagation types

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

mount_namespaces.7: Minor fixes

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

mount_namespaces.7: Describe "dominant peer group" and "propagate_from" mountinfo tag

Reported-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: Move shared subtree /proc/PID/mountinfo fields to mount_namespaces(7)

Move information on shared subtree fields in /proc/PID/mountinfo
to mount_namespaces(7).

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: ffix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: srcfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: Add references to mount_namespaces(7)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

umount.2: SEE ALSO: add mount_namespaces(7)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

mount.2: SEE ALSO: s/namespaces(7)/mount_namespaces(7)/

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

namespaces.7: Refer to new mount_namespaces(7) for information on mount namespaces

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

mount_namespaces.7: Minor tweaks

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

mount_namespaces.7: New page describing mount namespaces

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: /proc/PID/mountinfo 'propagate_from' always appears with 'master' tag

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: Rework /proc/PID/mountinfo text on dominant peer groups

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: ffix + wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

user_namespaces.7: Correct kernel version where XFS added support for user namespaces

Linux 3.12, not 3.11.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: Minor fixes after review by Kees Cook

Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: tfix

Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: Note that user namespaces can be used to bypass Yama protections

Cowrittten-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

user_namespaces.7: SEE ALSO: add ptrace(2)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: Update Yama ptrace_scope documentation

Reframe the discussion in terms of PTRACE_MODE_ATTACH checks,
and make a few other minor tweaks and additions.

Reviewed-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: srcfix: add 2015 copyright notice for mtk

(Yama ptrace_scope text added in 2015.)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: Add an introductory paragraph to the Ptrace access mode checks" section

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: tfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: Relocate text noting that PTRACE_MODE_* constants are kernel-internal

(No content changes.)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: srcfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: Describe PTRACE_MODE_NOAUDIT in more detail

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: Further fixes after review from Jann Horn

Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: Minor improvements to ptrace access mode text

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: Various fixes after review by Jann Horn

Among other things, Jann pointed out that the commoncap LSM
is always invoked, and Kees Cook pointed out the relevant
kernel code:

===
> BTW, can you point me at the piece(s) of kernel code that show that
> "commoncap" is always invoked in addition to any other LSM that has
> been installed?

It's not entirely obvious, but the bottom of security/commoncap.c shows:

struct security_hook_list capability_hooks[] = {
        LSM_HOOK_INIT(capable, cap_capable),
...
};

void __init capability_add_hooks(void)
{
        security_add_hooks(capability_hooks, ARRAY_SIZE(capability_hooks));
}

And security/security.c shows the initialization order of the LSMs:

int __init security_init(void)
{
        pr_info("Security Framework initialized\n");

        /*
         * Load minor LSMs, with the capability module always first.
         */
        capability_add_hooks();
        yama_add_hooks();
        loadpin_add_hooks();

        /*
         * Load all the remaining security modules.
         */
        do_security_initcalls();

        return 0;
}
===

Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

kcmp.2, ptrace.2: tfix

Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: Clarify the purpose of mentioning the kernel PTRACE_MODE_* constants

The "ptrace access mode" text is about user-space-visible
behavior, but in order to explain that behavior at what I
believe is a sufficient level of detail (e.g., to differentiate
the various types of checks that are performed for various
system calls and pseudofile accesses), one needs (1) to discuss
the MODE flag details as implemented in the kernel, and (2) to
have a shorthand way to refer to the various cases from other
pages. It's not absolutely necessary to name the flags for (1),
but using the flag names is certainly a handy shorthand for (2).

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: ffix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

kcmp.2: kcmp() is governed by PTRACE_MODE_READ_REALCREDS

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

get_robust_list.2: get_robust_list() is governed by PTRACE_MODE_READ_REALCREDS

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

perf_event_open.2: If pid > 0, the operation is governed by PTRACE_MODE_READ_REALCREDS

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: Note that PTRACE_SEIZE is subject to a ptrace access mode check

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: Rephrase PTRACE_ATTACH permissions in terms of ptrace access mode check

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

process_vm_readv.2: Rephrase permission rules in terms of a ptrace access mode check

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: Note /proc/PID/stat fields that are governed by PTRACE_MODE_READ_FSCREDS

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: /proc/PID/fd/* are governed by PTRACE_MODE_READ_FSCREDS

Permission to dereference/readlink /proc/PID/fd/* symlinks is
governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

namespaces.7: /proc/PID/ns/* are governed by PTRACE_MODE_READ_FSCREDS

Permission to dereference/readlink /proc/PID/ns/* symlinks is
governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: /proc/PID/{cwd,exe,root} are governed by PTRACE_MODE_READ_FSCREDS

Permission to dereference/readlink /proc/PID/{cwd,exe,root} is
governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: /proc/PID/{personality,stack,syscall} are governed by PTRACE_MODE_ATTACH_FSCREDS

Permission to access /proc/PID/{personality,stack,syscall} is
governed by a PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: /proc/PID/io is governed by PTRACE_MODE_READ_FSCREDS

Permission to access /proc/PID/io is governed by
a PTRACE_MODE_READ_FSCREDS ptrace access mode check.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: /proc/PID/timerslack_ns is governed by PTRACE_MODE_ATTACH_FSCREDS

Permission to access /proc/PID/timerslack_ns is governed by
a PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: /proc/PID/{auxv,environ,wchan} are governed by PTRACE_MODE_READ_FSCREDS

Permission to access /proc/PID/{auxv,environ,wchan} is governed by
a PTRACE_MODE_READ_FSCREDS ptrace access mode check.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: Document /proc/PID/{maps,mem,pagemap} access mode checks

Permission to access /proc/PID/{maps,pagemap} is governed by a
PTRACE_MODE_READ_FSCREDS ptrace access mode check.

Permission to access /proc/PID/mem is governed by a
PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: Document ptrace access modes

Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Jann Horn <jann@thejh.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

cgroups.7: ERRORS: add mount(2) EBUSY error

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

user_namespaces.7: Correct user namespace rules for mounting /proc

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

user_namespaces.7: CAP_SYS_ADMIN allows mounting cgroup filesystems

See https://bugzilla.kernel.org/show_bug.cgi?id=120671

Reported-by: Michał Zegan <webczat_200@poczta.onet.pl>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

user_namespaces.7: Clarify CAP_SYS_ADMIN details for mounting FS_USERNS_MOUNT filesystems

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

acct.2, chmod.2, fcntl.2, mmap.2, mprotect.2, rmdir.2, times.2: tfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ctime.3, error.3, getmntent.3, getnetent_r.3, getrpcent_r.3, getservent_r.3, pthread_attr_init.3, pthread_getattr_np.3, pthread_tryjoin_np.3, rpc.3, setaliasent.3, setenv.3, unlocked_stdio.3: srcfix: Eliminate some groff warnings

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

futex.2: Explain how to get equivalent of FUTEX_WAIT with an absolute timeout

Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

futex.2: Describe FUTEX_BITSET_MATCH_ANY

Describe FUTEX_BITSET_MATCH_ANY and FUTEX_WAIT and FUTEX_WAKE
equivalences.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

futex.2: Note that at least one bit must be set in mask for BITSET operations

At least one bit must be set in the 'val3' mask supplied for the
FUTEX_WAIT_BITSET and FUTEX_WAKE_BITSET operations.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

futex.2: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

futex.2: ffix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

futex.2: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

futex.2: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

futex.2: ffix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

futex.2: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

futex.2: Clarify clock default and choices for FUTEX_WAIT

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

charmap.5: ffix

futex.2: Fix descriptions of various timeouts

Reported-by: Thomas Gleixner <tglx@linutronix.de>
Reported-by: Darren Hart <dvhart@infradead.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

futex.2: Correct an ENOSYS error description

Since Linux 4.5, FUTEX_CLOCK_REALTIME is allowed with with FUTEX_WAIT.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

futex.2: Remove crufty text about FUTEX_WAIT_BITSET interpretation of timeout

Since Linux 4.5, FUTEX_WAIT also understands
FUTEX_CLOCK_REALTIME.

Reported-by: Darren Hart <dvhart@infradead.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

termio.7: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

boot.7: Minor SEE ALSO fixes

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

statfs.2: tfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fmax.3, fmin.3: SEE ALSO: add fdim(3)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

strtoul.3: SEE ALSO: add a64l(3)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

vhangup.2: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

chroot.2: SEE ALSO: add pivot_root(2)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

lookup_dcookie.2: ffix / wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

lookup_dcookie.2: SEE ALSO: add oprofile(1)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

cacheflush.2: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

strcat.3: Add a program that shows the performance characteristics of strcat()

In honor of Joel Spolksy's visit to Munich, let's start educating
Schlemiel The Painter.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

user_namespaces.7: List the mount operations permitted by CAP_SYS_ADMIN

List the mount operations permitted by CAP_SYS_ADMIN in a
noninitial userns.

See https://bugzilla.kernel.org/show_bug.cgi?id=120671

Reported-by: Michał Zegan <webczat_200@poczta.onet.pl>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

user_namespaces.7: Add a subsection heading for effects of capabilities in user NS

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

user_namespaces.7: Clarify meaning of privilege in a user namespace

Having privilege in a user NS only allows privileged
operations on resources governed by that user NS. Many
privileged operations relate to resources that have no
association with any namespace type, and only processes
with privilege in the initial user NS can perform those
operations.

See https://bugzilla.kernel.org/show_bug.cgi?id=120671

Reported-by: Michał Zegan <webczat_200@poczta.onet.pl>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

cgroup_namespaces.7: tfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

user_namespaces.7: SEE ALSO: add cgroup_namespaces(7)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>