==================== Changes in man-pages-5.00 ==================== Released: ????-??-??, Munich Contributors ------------ The following people contributed patches/fixes or (noted in brackets in the changelog below) reports, notes, and ideas that have been incorporated in changes in this release: Adam Manzanares Alan Jenkins Alec Leamas Alessandro Vesely Alexander E. Patrakov Allison Randal Amir Goldstein Anatoly Borodin Andreas Gruenbacher Andreas Westfeld Andrei Vagin Andrew Price Anthony Iliopoulos Antonio Chirizzi Antonio Ospite Arkadiusz Drabczyk Balbir Singh Benjamin Peterson Bernd Petrovitsch bert hubert Bjarni Ingi Gislason Burkhard Lück Carlos O'Donell Claudio Scordino Daniel Borkmann Daniel Kamil Kozar Davidlohr Bueso Davidlohr Bueso David Newall Dmitry V. Levin Elliot Hughes Elvira Khabirova Emil Fihlman Enrico Scholz Eric Benton Eric Sanchis Eugene Syromiatnikov Eugene Syromyatnikov Felipe Gasper Florian Weimer Frank Theile G. Branden Robinson Goldwyn Rodrigues Goldwyn Rodrigues Göran Häggsjö Harry Mallon Heinrich Schuchardt Heiko Carstens Helge Deller Henry Wilson Hiroya Ito Howard Johnson Ian Turner Ignat Loskutov Ingo Schwarze Jakub Wilk James Weigle Jann Horn Jann Horn Jason A. Donenfeld Jeff Moyer Jens Thoms Toerring Joe Lawrence Johannes Altmanninger Johannes Liebermann Jonny Grant Joseph C. Sible Joseph Sible Josh Gao Josh Triplett Kees Cook Keith Thompson Keno Fischer Konrad Rzeszutek Wilk Konst Mayer Leah Hanson Lucas De Marchi Lucas Werkmeister Luka Macan Marc-André Lureau Marcus Gelderie Marcus Gelderie Marko Myllynen Mark Schott Matthew Bobrowski Matthew Kilgore Mattias Engdegård Mauro Carvalho Chehab Michael Becker Michael Kerrisk Michael Witten Michal Hocko Mihir Mehta Mike Frysinger Mike Frysinger Mike Rapoport Mike Weilgart Nadav Har'El Nick Gregory Niklas Hambüchen Nikola Forró nixiaoming Oded Elisha Paul Eggert Paul Millar Philip Dumont Pierre Chifflier Quentin Monnet Radostin Stoyanov Robert O'Callahan Robert P. J. Day Robin Kuzmin ruschein Sam Varshavchik Sean Young Shawn Landden Simone Piccardi snyh Solal Pirelli Stan Schwertly Stephan Knauss Szabolcs Nagy Thomas Posch Tobias Klauser Troy Engel Tycho Andersen Tycho Kirchner Vince Weaver Wang Nan William Kucharski Xiao Yang Apologies if I missed anyone! New and rewritten pages ----------------------- s390_guarded_storage.2 Eugene Syromyatnikov New page documenting s390_guarded_storage(2) s390-specific system call address_families.7 Michael Kerrisk [Eugene Syromyatnikov] New page that contains details of socket address families There is too much detail in socket(2). Move most of it into a new page instead. bpf-helpers.7 Michael Kerrisk [Daniel Borkmann, Quentin Monnet] Add new man page for eBPF helper functions (autogenerated from kernel source files) Newly documented interfaces in existing pages --------------------------------------------- prctl.2 Konrad Rzeszutek Wilk [Michael Kerrisk] Document PR_SET_SPECULATION_CTRL and PR_GET_SPECULATION_CTRL sched_setattr.2 Claudio Scordino [Michael Kerrisk] Document SCHED_FLAG_DL_OVERRUN and SCHED_FLAG_RECLAIM socket.2 Tobias Klauser Document AF_XDP Document AF_XDP added in Linux 4.18. inotify.7 Henry Wilson Document IN_MASK_CREATE unix.7 Michael Kerrisk Document SO_PASSSEC Michael Kerrisk Document SCM_SECURITY ancillary data New and changed links --------------------- reallocarray.3 Michael Kerrisk New link to malloc(3) precedence.7 Josh Triplett Add as a redirect to operator.7 Global changes -------------- Various pages Michael Kerrisk [G. Branden Robinson] Use '\e' rather than '\\' to get a backslash Various pages Michael Kerrisk [Bjarni Ingi Gislason, G. Branden Robinson] Use zero‐width space in appropriate locations Various pages Michael Kerrisk Clarify the distinction between "file descriptor" and "file description" Various pages Mike Rapoport Update paths for in-kernel memory management documentation files A few pages Michael Kerrisk Change references to '2.6.0-test*' series kernels to just '2.6.0' Changes to individual pages --------------------------- iconv.1 Marko Myllynen SEE ALSO: add uconv(1) localedef.1 Howard Johnson Note that -f and -c, are reversed from what you might expect time.1 Michael Kerrisk [Johannes Altmanninger] Document the -q/--quiet option Jakub Wilk Update bug reporting address bpf.2 Tobias Klauser Update JIT support list for Linux 4.18 JIT support for x86-32 was during the Linux 4.18 release cycle. Also correct the entry for MIPS (only MIPS64 is supported). Oded Elisha Fix bug in example Quentin Monnet SEE ALSO: add bpf-helpers(7) capget.2 Michael Kerrisk Remove crufty sentence suggesting use of deprecated functions Remove crufty sentence suggesting use of deprecated capsetp(3) and capgetp(3); the manual page for those functions has long (at least as far back as 2007) noted that they are deprecated. Michael Kerrisk Remove first paragraph, which repeats details from capabilities(7) chroot.2 Michael Kerrisk Mention /proc/[pid]/root clock_getres.2 Michael Kerrisk [Jens Thoms Toerring] CLOCK_MONOTONIC_RAW does not count while the system is suspended Michael Kerrisk [Jens Thoms Toerring] On Linux CLOCK_MONOTONIC counts time that the system has run since boot Michael Kerrisk [Jens Thoms Toerring] CLOCK_MONOTONIC does not count while the system is suspended Michael Kerrisk ERRORS: add EINVAL error for noncanonical clock_settime() value clone.2 Michael Kerrisk Rework discussion of threads and signals The discussion is phrased in terms of signals sent using kill(2), but applies equally to a signal sent by the kernel. Jann Horn Pending CLONE_NEWPID prevents thread creation Michael Kerrisk Clarify the discussion of threads and signals And explicitly introduce the terms "process-directed" and "thread-directed" signals. Eugene Syromyatnikov Add information about clone and clone2 on IA-64 Michael Kerrisk ERRORS: EINVAL occurs with CLONE_NEWUSER if !CONFIG_USER_NS connect.2 Benjamin Peterson Document error semantics of nonblocking UNIX domain sockets epoll_ctl.2 Michael Kerrisk Use the term "interest list" consistently epoll_wait.2 Michael Kerrisk Clarify the behavior when epoll_wait()-ing on an empty interest list Michael Kerrisk Note that epoll_wait() round robins through the set of ready descriptors eventfd.2 Michael Kerrisk Move text noting that eventfd() creates a FD earlier in the page fanotify_init.2 Michael Kerrisk Add a little more detail on FAN_REPORT_TID fanotify_init.2 fanotify.7 nixiaoming [Amir Goldstein] Document FAN_REPORT_TID fanotify_init.2: add new flag FAN_REPORT_TID fanotify.7: update description of member pid in struct fanotify_event_metadata Amir Goldstein Document FAN_MARK_FILESYSTEM Monitor fanotify events on the entire filesystem. Matthew Bobrowski [Amir Goldstein] Document FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM fcntl.2 Michael Kerrisk Actual pipe capacity may in practice be less than nominal capacity The number of bytes that can be written to the pipe may be less (sometimes substantially less) than the nominal capacity. Eugene Syromyatnikov Mention that l_sysid is not used even if present Michael Kerrisk Briefly explain the meaning of the 'l_sysid' field in 'struct flock' futex.2 Benjamin Peterson Make the example use C11 atomics rather than GCC builtins getcpu.2 Tobias Klauser [Michael Kerrisk] getcpu() now has a glibc wrapper; remove mention of syscall(2) The glibc wrapper was added in glibc 2.29, release on 1 Feb 2019. getgid.2 getpid.2 getuid.2 pipe.2 syscall.2 Eugene Syromiatnikov [Michael Kerrisk] Describe 2nd return value peculiarity Some architectures (ab)use second return value register for additional return value in some system calls. Let's describe this. getgroups.2 Michael Kerrisk Note that a process can drop all groups with: setgroups(0, NULL) getrlimit.2 Eugene Syromyatnikov Note that setrlimit(RLIMIT_CPU) doesn't fail Michael Kerrisk Resource limits are process-wide attributes shared by all threads This was already noted in pthreads(7), but bears repeating here. Eugene Syromyatnikov Correct information about large limits on 32-bit architectures gettid.2 Michael Kerrisk Glibc provides a wrapper since version 2.30 gettimeofday.2 Michael Kerrisk ERRORS: add EINVAL for noncanonical 'tv' argument to settimeofday() gettimeofday.2 clock_getres.2 Michael Kerrisk [Jens Thoms Toerring] ERRORS: EINVAL can occur if new real time is less than monotonic clock getxattr.2 removexattr.2 setxattr.2 Michael Kerrisk [Andreas Gruenbacher, Enrico Scholz] ERRORS: replace ENOATTR with ENODATA See also https://bugzilla.kernel.org/show_bug.cgi?id=201995 inotify_add_watch.2 Paul Millar Add IN_ONLYDIR based error Henry Wilson Note errors that can occur for IN_MASK_CREATE io_submit.2 Adam Manzanares Document IOCB_FLAG_IOPRIO Jeff Moyer Fix the description of aio_data aio_data is not a kernel-internal field. madvise.2 Michal Hocko [Niklas Hambüchen] MADV_FREE clarify swapless behavior memfd_create.2 Marc-André Lureau Update hugetlb file-sealing support Lucas De Marchi Fix header for memfd_create() Joseph C. Sible _GNU_SOURCE is required mmap.2 Elliott Hughes Explicitly state that the fd can be closed Jann Horn [Michal Hocko, William Kucharski] Fix description of treatment of the hint The current manpage reads as if the kernel will always pick a free space close to the requested address, but that's not the case. mount.2 Michael Kerrisk Clearly distinguish per-mount-point vs per-superblock mount flags Michael Kerrisk MS_SILENT is ignored when changing propagation type Michael Kerrisk Attempts to change MS_SILENT setting during remount are silently ignored Michael Kerrisk [Harry Mallon] Document EROFS for read-only filesystems See https://bugzilla.kernel.org/show_bug.cgi?id=200649 Michael Kerrisk Clarify that per-superblock flags are shared during remount Michael Kerrisk Remove crufty sentence about MS_BIND + MS_REMOUNT Michael Kerrisk Mention /proc/PID/mountinfo Many people are unaware of the /proc/PID/mountinfo file. Provide a helpful clue here. Michael Kerrisk Mandatory locking also now requires CONFIG_MANDATORY_FILE_LOCKING Michael Kerrisk [Simone Piccardi] Add MS_STRICTATIME to list of flags that can be used in remount Michael Kerrisk EACCES: note some reasons why a filesystem may be read-only Michael Kerrisk SEE ALSO: add ioctl_iflags(2) msgctl.2 semctl.2 shmctl.2 Davidlohr Bueso [Joe Lawrence, Michael Kerrisk] Document STAT_ANY commands msgop.2 Michael Kerrisk Correct the capability description for msgsnd() EACCESS error nfsservctl.2 Michael Kerrisk Add VERSIONS section noting that this system call no longer exists open.2 Lucas Werkmeister Document ENXIO for sockets Michael Kerrisk Clarify a special use case of O_NONBLOCK for devices Eugene Syromiatnikov Mention presence of unused O_RSYNC definition O_RSYNC is defined in on HP PA-RISC, but is not used anyway. Eugene Syromiatnikov Document FASYNC usage in Linux UAPI headers Andrew Price Remove O_DIRECT-related quotation Remove a section that adds no benefit to the discussion of O_DIRECT. Michael Kerrisk [Robin Kuzmin] Clarify that O_NONBLOCK has no effect on poll/epoll/select perf_event_open.2 Vince Weaver [Wang Nan] Document the PERF_EVENT_IOC_PAUSE_OUTPUT ioctl The PERF_EVENT_IOC_PAUSE_OUTPUT ioctl was introduced in Linux 4.7. Vince Weaver Fix wording in multiplexing description Vince Weaver Clarify exclude_idle Vince Weaver Document the PERF_EVENT_IOC_QUERY_BPF ioctl Vince Weaver Document the PERF_EVENT_IOC_MODIFY_ATTRIBUTES ioctl Vince Weaver Fix prctl behavior description pivot_root.2 Elvira Khabirova Joseph Sible [Joseph C. Sible] Document EINVAL if root is rootfs pkey_alloc.2 Michael Kerrisk [Szabolcs Nagy] Switch to glibc prototype in SYNOPSIS poll.2 Michael Kerrisk Note that poll() and ppoll() are not affected by O_NONBLOCK posix_fadvise.2 Eugene Syromyatnikov Describe the difference between fadvise64/fadvise64_64 prctl.2 Benjamin Peterson PR_SET_MM_EXE_FILE may now be used as many times as desired Michael Kerrisk Add some further historical details on PR_SET_MM_EXE_FILE Michael Kerrisk [Jann Horn] Explain the circumstances in which the parent-death signal is sent Michael Kerrisk Rework the PR_SET_PDEATHSIG description a little, for easier readability Michael Kerrisk Add additional info on PR_SET_PDEATHSIG The signal is process directed and the siginfo_t->si_pid filed contains the PID of the terminating parent. Michael Kerrisk Note libcap(3) APIs for operating on ambient capability set (However, the libcap APIs do not yet seem to have manual pages...) Michael Kerrisk Mention libcap APIs for operating on capability bounding set ptrace.2 Dmitry V. Levin Do not say that PTRACE_O_TRACESYSGOOD may not work Jann Horn BUGS: ptrace() may set errno to zero readdir.2 Eugene Syromyatnikov Fix struct old_linux_dirent in accordance with current definition readv.2 Xiao Yang [Florian Weimer] Fix wrong errno for an unknown flag rename.2 Michael Kerrisk glibc 2.28 adds library support for renameat2() Tobias Klauser Add feature test macro for renameat2() The glibc wrapper for renameat2() was added in glibc 2.28 and requires _GNU_SOURCE. Eugene Syromiatnikov Some additional notes regarding RENAME_WHITEOUT Lucas Werkmeister [Michael Kerrisk] Add kernel versions for RENAME_NOREPLACE support Michael Kerrisk Rework list of supported filesystems for RENAME_NOREPLACE Tobias Klauser renameat2() now has a glibc wrapper; remove mention of syscall(2) s390_runtime_instr.2 Eugene Syromyatnikov Add a note about runtime_instr.h availability s390_sthyi.2 Eugene Syromyatnikov [Heiko Carstens] Some minor additions sched_setattr.2 Michael Kerrisk Add a bit more detail for SCHED_DEADLINE sched_setparam.2 Michael Kerrisk Clarify that scheduling parameters are per-thread (not per-process) seccomp.2 Michael Kerrisk (Briefly) document SECCOMP_FILTER_FLAG_SPEC_ALLOW Michael Kerrisk SEE ALSO: add bpfc(1) select.2 Michael Kerrisk BUGS: the use of value-result arguments is a design bug Michael Kerrisk [Robin Kuzmin] Note that select() and pselect() are not affected by O_NONBLOCK select_tut.2 Michael Kerrisk [Antonio Chirizzi] Diagnose inet_aton() errors with simple fprintf() (not perror()) setgid.2 Michael Kerrisk Clarify EPERM capability requirements with respect to user namespaces setns.2 Michael Kerrisk When joining a user namespace, it must be a descendant user namespace Michael Kerrisk Note capability requirements for changing PID namespace Note capability requirements for changing network, IPC, or UTS namespace Note capability requirements for changing cgroup namespace Michael Kerrisk Some text restructuring and reordering set_thread_area.2 Eugene Syromyatnikov Mention related prctl() requests in SEE ALSO Eugene Syromyatnikov Mention that get_thread_area() is also Linux-specific Eugene Syromyatnikov Describe set_thread_area()/get_thread_area() on m68k/MIPS setuid.2 Michael Kerrisk Clarify EPERM capability requirements with respect to user namespaces sigaction.2 Eugene Syromyatnikov [Michael Kerrisk] Describe obsolete usage of struct sigcontext as signal handler argument sigsuspend.2 Michael Kerrisk Clarify that sigsuspend() suspends the calling *thread* socket.2 Michael Kerrisk Remove references to external docs This information is all in the new address_families(7) Michael Kerrisk Add cross reference to address_families(7) Eugene Syromyatnikov Reinstate AF_VSOCK mention Michael Kerrisk Simplify list of address families Remove many of the details that are in address_families(7) Nikola Forró Remove notes concerning AF_ALG and AF_XDP All address families are now documented in address_families.7. Michael Kerrisk Remove some more obscure protocols from address family list The list of address families in this page is still overwhelmingly long. So let's shorten it. The removed entries are all in address_families(7). Michael Kerrisk Remove a few obsolete protocols Documentation for these remains in address_families(7) socketpair.2 Eugene Syromyatnikov Note that AF_TIPC also supports socketpair(2) Introduced by Linux commit v4.12-rc1~64^3~304^2~1. stat.2 Michael Kerrisk [Alessandro Vesely] ERRORS: ENOENT can occur where a path component is a dangling symlink See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909789 Benjamin Peterson SEE ALSO: add statx(2) statx.2 Tobias Klauser [Michael Kerrisk] statx() now has a glibc wrapper; remove mention of syscall(2) syscall.2 Eugene Syromyatnikov [Michael Kerrisk] Elaborate x32 ABI specifics snyh Fix wrong retval register number in alpha architecture Helge Deller parisc needs care with syscall parameters Michael Kerrisk Rework table to render within 80 columns syscalls.2 Eugene Syromyatnikov Change example of a thin syscall wrapper to chdir() As truncate(3) should dispatch between truncate/truncate64, as noted later in the page. Eugene Syromyatnikov [Michael Kerrisk] Update syscall table Added: arc_gettls, arc_settls, arc_usr_cmpxchg, arch_prctl, atomic_barrier, atomic_cmpxchg_32, bfin_spinlock, breakpoint, clone2, cmpxchg, cmpxchg_badaddr, dma_memcpy, execv, get_tls, getdomainname, getdtablesize, gethostname, getxgid, getxpid, getxuid, metag_get_tls, metag_set_fpu_flags,metag_set_tls, metag_set_global_bit, newfstatat, old_adjtimex, oldumount, or1k_atomic, pread, pwrite, riscv_flush_icache, sched_get_affinity, sched_set_affinity, set_tls, setaltroot, sethae, setpgrp, spill, sram_alloc, sram_free, swapcontext, switch_endian, sys_debug_setcontext, syscall, sysmips, timerfd, usr26, usr32, xtensa. Uncommented: memory_ordering Renamed: ppc_rtas to rtas (__NR_rtas), ppc_swapcontext to swapcontext (__NR_swacontext). Eugene Syromyatnikov Note about s390x and old_mmap Michael Kerrisk Add s390_guarded_storage(2) Michael Kerrisk Update syscall list for Linux 4.18 Eugene Syromyatnikov Note that not all architectures return errno negated Helge Deller parisc Linux does not any longer emulate HP-UX Michael Kerrisk Comment out details of a few system calls that only ever briefly existed unshare.2 Michael Kerrisk [Shawn Landden] Same EINVAL errors as for clone(2) can also occur with unshare(2) Tycho Andersen Note EINVAL when unsharing pid ns twice The kernel doesn't allow unsharing a pid NS if it has previously been unshared. ustat.2 Michael Kerrisk Starting with version 2.28, glibc no longer provides a wrapper function vmsplice.2 Andrei Vagin Note that vmsplice can splice pages from pipe to memory wait.2 Michael Kerrisk Add some cross references to core(5) write.2 Michael Kerrisk [Nadav Har'El] RETURN VALUE: clarify details of partial write and https://bugzilla.kernel.org/show_bug.cgi?id=197961 Goldwyn Rodrigues Add details on partial direct I/O writes alloca.3 Michael Kerrisk [Robin Kuzmin] Prevent any misunderstanding about when allocated memory is released bsd_signal.3 Xiao Yang Fix the wrong version of _POSIX_C_SOURCE bstring.3 Michael Kerrisk [Emil Fihlman] Correct argument list for memmem() prototype cmsg.3 Michael Kerrisk Explain zero-initialization requirement for CMSG_NXTHDR() Michael Kerrisk Remove out of place mention of MSG_CTRUNC This detail is covered in recvmsg(2), and now also in unix(7). Michael Kerrisk Note that CMSG_FIRSTHDR can return NULL Michael Kerrisk Remove unnecessary 'fdptr' intermediate variable in example code des_crypt.3 encrypt.3 Michael Kerrisk The functions described in these pages are removed in glibc 2.28 dlsym.3 Michael Kerrisk Describe a case where a symbol value may be NULL errno.3 Michael Kerrisk [Robert P. J. Day] Mention that errno(1) is part of the 'moreutils' package exec.3 Michael Kerrisk [Eugene Syromyatnikov] Note that SPARCC provides an execv() system call exit.3 Mike Frysinger Note wider sysexits.h availability ferror.3 Elliot Hughes Warn about closing the result of fileno() fnmatch.3 Elliott Hughes Clarify "shell wildcard pattern" getaddrinfo.3 Michael Kerrisk [Eric Sanchis] Fix off-by-one error in example client program getcwd.3 Michael Kerrisk Rework text on use of getcwd() system call Make it clear that all of the library functions described on this page will use the getcwd() system call if it is present. Michael Kerrisk Add details on the getcwd() syscall and how it used by libc functions Michael Kerrisk Reorder the text describing "(unreachable)" being returned by getcwd() getmntent.3 Elliot Hughes Clarify that endmntent() should be used rather than fclose() isatty.3 Michael Kerrisk [Jakub Wilk] Most non-tty files nowadays result in the error ENOTTY Historically, at least FIFOs and pipes yielded the error EINVAL. lockf.3 Ian Turner ERRORS: add EINTR malloc.3 Michael Kerrisk Add reference to glibc MallocInternals wiki Michael Kerrisk Note that calloc() detects overflow when multiplying its arguments Michael Kerrisk Since glibc 2.29, realloc() is exposed by defining _DEFAULT_SOURCE Info gleaned from glilic NEWS file. pthread_attr_init.3 Michael Kerrisk [Göran Häggsjö, Jakub Wilk] Use correct printf() specifier for "size_t" in example program pthread_rwlockattr_setkind_np.3 Carlos O'Donell Remove bug notes pthread_setname_np.3 Jakub Wilk Explain _np suffix Add text to CONFORMING TO explaining that the "_np" suffix is because these functions are non-portable. putenv.3 Michael Kerrisk Note a glibc extension: putenv("NAME") removes an environment variable resolver.3 Michael Becker Add documentation of res_nclose() strcmp.3 Heinrich Schuchardt Clarify that strcmp() is not locale aware strcpy.3 Matthew Kilgore Fix example code for strncpy, which could pass an incorrect length Michael Kerrisk [Frank Theile] Use "destination" consistently (instead of "target" sometimes) strfry.3 Keith Thompson Remove incorrect reference to rand(3) string.3 strlen.3 strnlen.3 Michael Kerrisk [Jakub Wilk] Use 'bytes' not 'characters' This is in line with POSIX terminology. system.3 Michael Kerrisk [Jonny Grant] Use '(char *) NULL' rather than '(char *) 0' Michael Kerrisk Note that system() can fail for the same reasons as fork(2) Arkadiusz Drabczyk Mention that 'errno' is set on error termios.3 Eugene Syromyatnikov Note an XTABS alpha issue trunc.3 Michael Kerrisk [Eric Benton, G. Branden Robinson] Make the description a little clearer Michael Kerrisk Emphasize that the return value is a floating-point number xcrypt.3 Jason A. Donenfeld Warn folks not to use these functions lirc.4 Sean Young Fix broken link Sean Young Document error returns more explicitly Sean Young lirc.h include file is in /usr/include/linux/lirc.h Sean Young [Alec Leamas, Mauro Carvalho Chehab] Remove ioctls and feature bits which were never implemented Sean Young Unsupported ioctl() operationsalways return ENOTTY Sean Young LIRC_MODE_LIRCCODE has been replaced by LIRC_MODE_SCANCODE Sean Young Document remaining ioctl (LIRC_GET_REC_TIMEOUT) Now all ioctls are documented. Sean Young Timeout reports are enabled by default Sean Young Some devices are send only Sean Young Update SEE ALSO Sean Young LIRC_CAN_SET_REC_DUTY_CYCLE_RANGE was never supported No driver ever supported such a thing. Michael Kerrisk Clarify the description LIRC_SET_REC_TIMEOUT tty.4 Michael Witten Add `vcs(4)' and `pty(7)' to the `SEE ALSO' section vcs.4 Mattias Engdegård [Michael Witten] Fix broken example code core.5 Michael Kerrisk Add cross reference to vdso(7) where "virtual DSO" is mentioned filesystems.5 Eugene Syromyatnikov Mention sysfs(2) host.conf.5 Nikola Forró Clarify glibc versions in which spoof options were removed proc.5 Michael Kerrisk [Philip Dumont] Document /proc/[tid] See also https://bugzilla.kernel.org/show_bug.cgi?id=201441 Michael Kerrisk Add an overview section describing the groups of files under /proc Keno Fischer [Robert O'Callahan] Correct description of NStgid Lucas Werkmeister Document fdinfo format for timerfd Stephan Knauss Mention /proc/uptime includes time spent in suspend Michael Kerrisk Reword /proc/PID/fdinfo timerfd field descriptions as a hanging list Michael Kerrisk SEE ALSO: add htop(1) and pstree(1) fs/proc/uptime.c:uptime_proc_show() fetches time using ktime_get_boottime which includes the time spent in suspend. Michael Kerrisk Document /proc/PID/status CoreDumping field Michael Kerrisk Mention choom(1) in discussion of /proc/[pid]/oom_score_adj Michael Kerrisk Add a few details on /rpoc/PID/fdinfo timerfd Michael Kerrisk Document /proc/meminfo KReclaimable field Added in Linux 4.20. Michael Kerrisk Explain how to determine top-most mount in /proc/PID/mountinfo Explain how to determine the top-most mount at a particular location by inspecting /proc/PID/mountinfo. Michael Kerrisk [Jakub Wilk] Remove bogus suggestion to use cat(1) to read files containing '\0' Michael Kerrisk Refer to mount(2) for explanation of mount vs superblock options Michael Kerrisk Fix description of /proc/PID/* ownership to account for user namespaces Elvira Khabirova Describe ambiguities in /proc//maps Michael Kerrisk [Nick Gregory] Since Linux 4.5, "stack:" is no longer shown in /proc/PID/maps Nikola Forró Document /proc/[pid]/status Speculation_Store_Bypass field Alan Jenkins Vmalloc information is no longer calculated (Linux 4.4) Michael Kerrisk [Alexander E. Patrakov, Jakub Wilk, Michael Kerrisk] Use 'tr '\000' '\n' to display contents of /proc/PID/environ Michael Kerrisk Setting dumpable to 1 reverts ownership of /proc/PID/* to effective IDs Michael Kerrisk Document /proc/Meminfo LazyFree field Michael Kerrisk Fix kernel source pathname for soft-dirty documentation Michael Kerrisk /proc/[pid]/status VmPMD field was removed in Linux 4.15 resolv.conf.5 Nikola Forró Document no-reload (RES_NPRELOAD) option tzfile.5 Paul Eggert Sync from tzdb upstream capabilities.7 Michael Kerrisk Fix some imprecisions in discussion of namespaced file capabilities The file UID does not come into play when creating a v3 security.capability extended attribute. Michael Kerrisk Note that v3 security.attributes are transparently created/retrieved Michael Kerrisk Improve the discussion of when file capabilities are ignored The text stated that the execve() capability transitions are not performed for the same reasons that setuid and setgid mode bits may be ignored (as described in execve(2)). But, that's not quite correct: rather, the file capability sets are treated as empty for the purpose of the capability transition calculations. Michael Kerrisk Rework bounding set as per-thread set in transformation rules Michael Kerrisk Substantially rework "Capabilities and execution of programs by root" Rework for improved clarity, and also to include missing details on the case where (1) the binary that is being executed has capabilities attached and (2) the real user ID of the process is not 0 (root) and (3) the effective user ID of the process is 0 (root). Marcus Gelderie Add details about SECBIT_KEEP_CAPS The description of SECBIT_KEEP_CAPS is misleading about the effects on the effective capabilities of a process during a switch to nonzero UIDs. The effective set is cleared based on the effective UID switching to a nonzero value, even if SECBIT_KEEP_CAPS is set. However, with this bit set, the effective and permitted sets are not cleared if the real and saved set-user-ID are set to nonzero values. Marcus Gelderie Mention header for SECBIT constants Mention that the named constants (SECBIT_KEEP_CAPS and others) are available only if the linux/securebits.h user-space header is included. Michael Kerrisk Add text introducing bounding set along with other capability sets Michael Kerrisk [Allison Randal] Update URL for location of POSIX.1e draft standard Michael Kerrisk CAP_SYS_CHROOT allows use of setns() to change the mount namespace Michael Kerrisk [Pierre Chifflier] Ambient capabilities do not trigger secure-execution mode Michael Kerrisk Add a subsection on per-user-namespace "set-user-ID-root" programs Michael Kerrisk Rework discussion of exec and UID 0, correcting a couple of details Clarify the "Capabilities and execution of programs by root" section, and correct a couple of details: * If a process with rUID == 0 && eUID != 0 does an exec, the process will nevertheless gain effective capabilities if the file effective bit is set. * Set-UID-root programs only confer a full set of capabilities if the binary does not also have attached capabilities. Michael Kerrisk Update URL for libcap tarballs The previous location does not seem to be getting updated. (For example, at the time of this commit, libcap-2.26 had been out for two months, but was not present at http://www.kernel.org/pub/linux/libs/security/linux-privs. Michael Kerrisk Clarify which capability sets capset(2) and capget(2) apply to capset(2) and capget(2) apply operate only on the permitted, effective, and inheritable process capability sets. Michael Kerrisk Correct the description of SECBIT_KEEP_CAPS Michael Kerrisk Add background details on capability transformations during execve(2) Add background details on ambient and bounding set when discussing capability transformations during execve(2). Michael Kerrisk Document the 'no_file_caps' kernel command-line option cgroup_namespaces.7 Michael Kerrisk [Troy Engel] Clarify the example by making an implied detail more explicit. See https://bugzilla.kernel.org/show_bug.cgi?id=201047 Michael Kerrisk Add more detail on v2 'cpu' controller and realtime threads Explicitly note the scheduling policies that are relevant for the v2 'cpu' controller. cgroups.7 Michael Kerrisk Document the use of 'cgroup_no_v1=named' to disable v1 named hierarchies This feature was added in Linux 5.0. Michael Kerrisk [Mike Weilgart] Complete partial sentence re kernel boot options and 'nsdelegate' https://bugzilla.kernel.org/show_bug.cgi?id=201029 Michael Kerrisk Reframe the text on delegation to include more details about cgroups v1 Michael Kerrisk [Leah Hanson] Rework discussion of writing to cgroup.type file In particular, it is possible to write "threaded" to a cgroup.type file if the current type is "domain threaded". Previously, the text had implied that this was not possible. Michael Kerrisk [Balbir Singh, Marcus Gelderie] Soften the discussion about delegation in cgroups v1 Balbir pointed out that v1 delegation was not an accidental feature. epoll.7 Michael Kerrisk Introduce the terms "interest list" and "ready list" Michael Kerrisk Consistently use the term "interest list" rather than "epoll set" Michael Kerrisk Reformat Q&A list Michael Kerrisk Note that edge-triggered notification wakes up only one waiter Note a useful performance benefit of EPOLLET: ensuring that only one of multiple waiters (in epoll_wait()) is woken up when a file descriptor becomes ready. Michael Kerrisk Expand the discussion of the implications of file descriptor duplication In particular, note that it may be difficult for an application to know about the existence of duplicate file descriptors. feature_test_macros.7 Michael Kerrisk [Andreas Westfeld] Add more detail on why FTMs must be defined before including any header inotify.7 Michael Kerrisk [Paul Millar] Note ENOTDIR error that can occur for IN_ONLYDIR Note ENOTDIR error that occurs when requesting a watch on a nondirectory with IN_ONLYDIR. ip.7 Bert Hubert IP_RECVTTL error fixed I need to get the TTL of UDP datagrams from userspace, so I set the IP_RECVTTL socket option. And as promised by ip.7, I then get IP_TTL messages from recvfrom. However, unlike what the manpage promises, the TTL field gets passed as a 32 bit integer. man.7 Michael Kerrisk SEE ALSO: remove mdoc.samples(7) mount_namespaces.7 Michael Kerrisk SEE ALSO: add findmnt(8) namespaces.7 Michael Kerrisk List factors that may pin a namespace into existence Various factors may pin a namespace into existence, even when it has no member processes. Michael Kerrisk [Tycho Kirchner] Briefly explain why CAP_SYS_ADMIN is needed to create nonuser namespaces Michael Kerrisk Mention ioctl(2) in discussion of namespaces APIs Michael Kerrisk SEE ALSO: add pam_namespace(8) pid_namespaces.7 Michael Kerrisk Clarify the semantics for the adoption of orphaned processes Because of setns() semantics, the parent of a process may reside in the outer PID namespace. If that parent terminates, then the child is adopted by the "init" in the outer PID namespace (rather than the "init" of the PID namespace of the child). Michael Kerrisk Note a detail of /proc/PID/ns/pid_for_children behavior After clone(CLONE_NEWPID), /proc/PID/ns/pid_for_children is empty until the first child is created. Verified by experiment. Michael Kerrisk Note that a process can do unshare(CLONE_NEWPID) only once (See the recent commit to the unshare(2) manual page.) sched.7 Michael Kerrisk [Eugene Syromyatnikov] In the kernel source SCHED_OTHER is actually called SCHED_NORMAL Michael Kerrisk SEE ALSO: add ps(1) and top(1) Michael Kerrisk SEE ALSO: add chcpu(1), lscpu(1) signal.7 Michael Kerrisk [Robin Kuzmin] Clarify that sigsuspend() and pause() suspend the calling *thread* Helge Deller Add signal numbers for parisc Michael Kerrisk Unify signal lists into a signal table that embeds standards info Having the signals listed in three different tables reduces readability, and would require more table splits if future standards specify other signals. Michael Kerrisk Reorder the architectures in the signal number lists x86 and ARM are the most common architectures, but currently are in the second subfield in the signal number lists. Instead, swap that info with subfield 1, so the most common architectures are first in the list. Michael Kerrisk Place signal numbers in a separate table The current tables of signal information are unwieldy, as they try to cram in too much information. Michael Kerrisk Insert standards info into tables Michael Kerrisk SEE ALSO: add clone(2) socket.7 Michael Kerrisk Refer reader to unix(7) for information on SO_PASSSEC Michael Kerrisk SEE ALSO: add address_families(7) socket.7 unix.7 Michael Kerrisk Move text describing SO_PEERCRED from socket(7) to unix(7) This is, AFAIK, an option specific to UNIX domain sockets, so place it in unix(7). tcp.7 udp.7 Michael Kerrisk Add a reference to socket(7) noting existence of further socket options unix.7 Michael Kerrisk Enhance the description of SCM_RIGHTS The existing description is rather thin. More can be said. Michael Kerrisk There is a limit on the size of the file descriptor array for SCM_RIGHTS The limit is defined in the kernel as SCM_MAX_FD (253). Michael Kerrisk Rework SO_PEERCRED text for greater clarity Michael Kerrisk [Felipe Gasper] Clarify SO_PASSCRED behavior Michael Kerrisk Explicitly note that SO_PASSCRED provides SCM_CREDENTIALS messages Michael Kerrisk If the buffer to receive SCM_RIGHTS FDs is too small, FDs are closed Michael Kerrisk One must send at least one byte of real data with ancillary data Michael Kerrisk Ancillary data forms a barrier when receiving on a stream socket Michael Kerrisk When sending ancillary data, only one item of each type may be sent Michael Kerrisk Improve wording describing socket option argument/return values Michael Kerrisk Clarify treatment of incoming ancillary data if 'msg_control' is NULL Michael Kerrisk Note behavior if buffer to receive ancillary data is too small Michael Kerrisk Fix a minor imprecision in description of SCM_CREDENTIALS Michael Kerrisk Refer reader to socket(7) for information about SO_PEEK_OFF user_namespaces.7 Michael Kerrisk Rework terminology describing ownership of nonuser namespaces Prefer the word "owns" rather than "associated with" when describing the relationship between user namespaces and non-user namespaces. The existing text used a mix of the two terms, with "associated with" being predominant, but to my ear, describing the relationship as "ownership" is more comprehensible. vdso.7 Helge Deller Fix parisc gateway page description ld.so.8 Michael Kerrisk [Florian Weimer, David Newall] Document the --preload command-line option added in glibc 2.30 Michael Kerrisk Note delimiters for 'list' in --audit and --inhibit-rpath Michael Kerrisk Place OPTIONS in alphabetical order Michael Kerrisk LD_PRELOAD-ed objects are added to link map in left-to-right order zdump.8 Paul Eggert Sync from tzdb upstream zic.8 Paul Eggert Sync from tzdb upstream