tzfile.5: tfix

Reported-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fallocate.2, futex.2, getrandom.2, mprotect.2, posix_spawn.3, address_families.7, ipv6.7, sock_diag.7, socket.7: ffix

Reported-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

set_thread_area.2: tfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

locale.7, user_namespaces.7: ffix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

pkey_alloc.2: srcfix

Reported-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

perf_event_open.2: ffix

Reported-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

epoll_ctl.2, ioctl_userfaultfd.2, keyctl.2, ptrace.2, socket.7: ffix

Reported-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fallocate.2, getgid.2, getpid.2, getuid.2, lseek.2, set_thread_area.2, tzset.3: srcfix: fix some unconventional markup

No (intended) changes to generated output

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

keyctl.2, mlock.2, timerfd_create.2, write.2, nl_langinfo.3, posix_spawn.3: ffix

Reported-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ptrace.2: ffix

Reported-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

man2/bpf.2: srcfix: Some fixes that only change fonts

1) Use single-font macros for a single argument.

2) Use quotation marks for arguments containing a space.

3) Use roman font for punctuation marks.

  The output has only changes of the font for a punctuation mark.

Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

getent.1, iconv.1, ldd.1, locale.1, localedef.1, memusage.1, memusagestat.1, pldd.1, sprof.1, time.1: tfix, use a one-font macro for a single argument

1) Use a single capital font macro for a genuine single argument.
  The output is unchanged.

2) Remove quotation marks (") around a single argument.
  The output is unchanged.

3) Change ".IR ab()" to ".IR ab ()"
  A font is changed in the output.

mtk: I verified that the output is unchanged (other than fonts)
by comparing the output of:

    for a in *.1; do man $a >> out.txt; done

before and after the patch.

Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ld.so.8: Bump timestamp for David Newall's review of --preload text

Reviewed-by: David Newall <glibc@davidnewall.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

stat.2: tfix

Reported-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

msgctl.2, semctl.2, shmctl.2: Add kernel version for *_STAT_ANY operation

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

seccomp.2: (Briefly) document SECCOMP_FILTER_FLAG_SPEC_ALLOW

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fanotify_init.2: Add a little more detail on FAN_REPORT_TID

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fanotify_init.2: Minor tweaks to Amir Goldstein's patch

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fanotify_init.2, fanotify.7: Document FAN_REPORT_TID

fanotify_init.2: add new flag FAN_REPORT_TID
fanotify.7: update description of member pid in
    struct fanotify_event_metadata

Signed-off-by: nixiaoming <nixiaoming@huawei.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fanotify_mark.2, fanotify.7: Minor tweaks to Amir Goldstein's patch

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fanotify_mark.2, fanotify.7: Document FAN_MARK_FILESYSTEM

Monitor fanotify events on the entire filesystem.

Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fanotify_mark.2, fanotify.7: Minor tweaks to Matthew Bobrowski's patch

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fanotify_mark.2, fanotify.7: Document FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM

New event masks have been added to the fanotify API. Documentation to
support the use and behaviour of these new masks has been added
accordingly.

Signed-off-by: Matthew Bobrowski <mbobrowski@mbobrowski.org>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

inotify.7: Minor tweaks

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

inotify_add_watch.2: Minor fixes to Henry Wilson's patch

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

inotify_add_watch.2: Note errors that can occur for IN_MASK_CREATE

Note EEXIST error that occurs when requesting a watch on a path
which is already watched with IN_MASK_CREATE.

Note EINVAL error also occurs when requesting a watch specifying
both IN_MASK_CREATE and IN_MASK_ADD.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

inotify.7: Minor fixes to Henry Wilson's patch

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

inotify.7: Document IN_MASK_CREATE

Add documentation for new flag IN_MASK_CREATE for inotify_add_watch()
which is used to only allow new watches to be created.

Information obtained from a patch I submitted to the linux kernel
https://marc.info/?l=linux-fsdevel&m=152775980422847&w=2

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

cgroups.7: Document the use of 'cgroup_no_v1=named' to disable v1 named hierarchies

This feature was added in Linux 5.0.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ld.so.8: Bump timestamp to note Florian's review of --preload option

Reported-by: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

exec.3: execv(3) does not use execv(2) on sparc/sparc64

Reported-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ld.so.8: Document the --preload command-line option added in glibc 2.30

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ld.so.8: Place OPTIONS in alphabetical order

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ld.so.8: LD_PRELOAD-ed objects are added to link map in left-to-right order

Remove any doubt, in case the reader might wrongly think that
objects are added in reverse order (which would mean that the
last listed object would be added at the front of the link map).

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ld.so.8: Minor rewording of LD_PRELOAD description, to ease readability

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ld.so.8: Note delimiters for 'list' in --audit and --inhibit-rpath

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

des_crypt.3, encrypt.3: The functions described in these pages are removed in glibc 2.28

These functions were removed because they use DES, which is no
longer considered secure.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

nfsservctl.2: Add VERSIONS section noting that this system call no longer exists

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ustat.2: Starting with version 2.28, glibc no longer provides a wrapper function

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

isatty.3: srcfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

getcpu.2: Note version where glibc wrapper was added

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

getcpu.2: getcpu() now has a glibc wrapper; remove mention of syscall(2)

The glibc wrapper was added in glibc 2.29, release on 1 Feb 2019.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

bpf.2: Fix bug in example

mtk: checked also against examples in samples/bpf
in kernel source to confirm.

Signed-off-by: Oded Elisha <oded123456@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fsync.2: fix

Reported-by: ruschein <ruschein@protonmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

sched_setaffinity.2: tfix in example shell session (s/grep/egrep)

Reported-by: Bernd Petrovitsch <bernd@petrovitsch.priv.at>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

mmap.2: Fix description of treatment of the hint

The current manpage reads to me as if the kernel will always pick
a free space close to the requested address, but that's not the
case:

mmap(0x600000000000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x600000000000
mmap(0x600000000000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0x7f5042859000

You can also see this in the various implementations of
->get_unmapped_area() - if the specified address isn't available,
the kernel basically ignores the hint (apart from the 5level
paging hack).

Clarify how this works a bit.

Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

stat.2: SEE ALSO: add statx(2)

Signed-off-by: Benjamin Peterson <benjamin@python.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

mlock.2: tfix

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

isatty.3: Most non-tty files nowadays result in the error ENOTTY

Historically, at least FIFOs and pipes yielded the error EINVAL.

Reported-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

getrlimit.2: Correct information about large limits on 32-bit architectures

Signed-off-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

syscalls.2: Comment out details of a few system calls that only ever briefly existed

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

syscalls.2: Various edits of Eugene Syromyatnikov's patch

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

syscalls.2: Update syscall table

Added: arc_gettls, arc_settls, arc_usr_cmpxchg, arch_prctl,
atomic_barrier, atomic_cmpxchg_32, bfin_spinlock, breakpoint,
clone2, cmpxchg, cmpxchg_badaddr, dma_memcpy, execv, get_tls,
getdomainname, getdtablesize, gethostname, getxgid, getxpid,
getxuid, metag_get_tls, metag_set_fpu_flags,metag_set_tls,
metag_set_global_bit, newfstatat, old_adjtimex, oldumount,
or1k_atomic, pread, pwrite, riscv_flush_icache,
sched_get_affinity, sched_set_affinity, set_tls, setaltroot,
sethae, setpgrp, spill, sram_alloc, sram_free, swapcontext,
switch_endian, sys_debug_setcontext, syscall, sysmips, timerfd,
usr26, usr32, xtensa.

Uncommented: memory_ordering

Renamed: ppc_rtas to rtas (__NR_rtas), ppc_swapcontext to
swapcontext (__NR_swacontext).

Typo: s/remaed/renamed to/

Other: s/ia64/IA-64/, s/Sparc/SPARC/

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

exec.3: Note that SPARCC provides an execv() system call

Reported-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

socket.2: Remove notes concerning AF_ALG and AF_XDP

All address families are now documented in address_families.7,
which is already present in SEE ALSO section. Also, the AF_ALG
note contains dead link to kernel HTML documentation.

Signed-off-by: Nikola Forró <nforro@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

filesystems.5: Minor wording fixes

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

filesystems.5: Minor tweaks to Eugene Syromyatnikov's patch

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

filesystems.5: Mention sysfs(2)

* man5/filesystems.5 (.SH DESCRIPTION): Add a note that the
  information about available file systems can be obtained
  via sysfs() syscall.

Signed-off-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

address_families.7: tfix

Signed-off-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

socket.2: Reinstate AF_VSOCK mention

It has its own man page, so it probably makes sense to mention
it here.

* man2/socket.2 (.SH DESCRIPTION): Add mention of AF_VSOCK back.

Signed-off-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

socket.2: tfix

Signed-off-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

socket.2, address_families.7: Mention that address family names are Linux-specific

* man2/socket.2 (.SH DESCRIPTION): Mention that the list of
  address families is Linux-specific.
* man7/address_families.7 (.SH DESCRIPTION): Likewise.

Signed-off-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

sigaction.2: Minot tweaks to Eugene Syromyatnikov's patch

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

sigaction.2: Describe obsolete usage of struct sigcontext as signal handler argument

* man2/sigaction.2 (.SS Undocumented): Provide information about
  relation between the second argument of sa_handler and
  uc_mcontext field of the struct ucontext structure.

Signed-off-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fcntl.2: Briefly explain the meaning of the 'l_sysid' field in 'struct flock'

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fcntl.2: Mention that l_sysid is not used even if present

Some architectures do provide an 'l_sysid' declaration in
struct flock; however, it is not used anyway.

* man2/fcntl.2 (.SH NOTES): Note that l_sysid field is not used on
Linux even if present on some architectures.

Signed-off-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

ip.7: IP_RECVTTL error fixed

I need to get the TTL of UDP datagrams from userspace, so I set
the IP_RECVTTL socket option.  And as promised by ip.7, I then get
IP_TTL messages from recvfrom.  However, unlike what the manpage
promises, the TTL field gets passed as a 32 bit integer.

The following userspace code works:

  uint32_t ttl32;
  for (cmsg = CMSG_FIRSTHDR(msgh); cmsg != NULL; cmsg = CMSG_NXTHDR(msgh,cmsg)) {
    if ((cmsg->cmsg_level == IPPROTO_IP) && (cmsg->cmsg_type == IP_TTL) &&
        CMSG_LEN(sizeof(ttl32)) == cmsg->cmsg_len) {

      memcpy(&ttl32, CMSG_DATA(cmsg), sizeof(ttl32));
      *ttl=ttl32;
      return true;
    }
    else
      cerr<<"Saw something else "<<(cmsg->cmsg_type == IP_TTL) <<
", "<<(int)cmsg->cmsg_level<<", "<<cmsg->cmsg_len<<", "<<
CMSG_LEN(1)<<endl;
  }

The 'else' field was used to figure out I go the length wrong.

Note from mtk:

Reading the source code also seems to confirm this, from
net/ipv4/ip_sockglue.c:

[[
static void ip_cmsg_recv_ttl(struct msghdr *msg, struct sk_buff *skb)
{
        int ttl = ip_hdr(skb)->ttl;
        put_cmsg(msg, SOL_IP, IP_TTL, sizeof(int), &ttl);
}
]]

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capget.2: Remove first paragraph, which repeats details from capabilities(7)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capget.2: Relocate a misplaced sentence

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capabilities.7: tfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

gettid.2: Glibc provides a wrapper since version 2.30

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

setns.2: When joining a user namespace, it must be a descendant user namespace

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capabilities.7: CAP_SYS_CHROOT allows use of setns() to change the mount namespace

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capabilities.7: srcfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capabilities.7: Add a subsection on per-user-namespace "set-user-ID-root" programs

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capabilities.7: Relocate the subsection "Interaction with user namespaces"

This best belongs at the end of the page, after the subsections
that already make some mention of user namespaces.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capabilities.7: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capabilities.7: Substantially rework "Capabilities and execution of programs by root"

Rework for improved clarity, and also to include missing details
on the case where (1) the binary that is being executed has
capabilities attached and (2) the real user ID of the process is
not 0 (root) and (3) the effective user ID of the process is 0
(root).

Kernel code analysis and some test code (GPLv3 licensed) below.

======

My analysis of security/commoncaps.c capabilities handling
(from Linux 4.20 source):

execve() eventually calls __do_execve_file():

__do_execve_file()
  |
  +-prepare_bprm_creds(&bprm)
  |  |
  |  +-prepare_exec_creds()
  |  |  |
  |  |  +-prepare_creds()
  |  |     |
  |  |     | // Returns copy of existing creds
  |  |     |
  |  |     +-security_prepare_creds()
  |  |        |
  |  |        +-cred_prepare() [via hook]
  |  |           // Seems to do nothing for commoncaps
  |  |
  |  // Returns creds provided by prepare_creds()
  |
  // Places creds returned by prepare_exec_creds() in bprm->creds
  |
  |
  +-prepare_binprm(&bprm) // bprm from prepare_bprm_creds()
     |
     +-bprm_fill_uid(&bprm)
     |
     |  // Places current credentials into bprm
     |
     |  // Performs set-UID & set-GID transitions if those file bits are set
     |
     +-security_bprm_set_creds(&bprm)
        |
        +-bprm_set_creds(&bprm) [via hook]
           |
           +-cap_bprm_set_creds(&bprm)
              |
              // effective = false
              |
              +-get_file_caps(&bprm, &effective, &has_fcap)
              |  |
              |  +-get_vfs_caps_from_disk(..., &vcaps)
              |  |
              |  |  // Fetches file capabilities from disk and places in vcaps
              |  |
              |  +-bprm_caps_from_vfs_caps(&vcaps, &bprm, &effective, &has_fcap)
              |
              |     // If file effective bit is set: effective = true
              |     //
              |     // If file has capabilities: has_fcap |= true
              |     //
              |     // Perform execve transformation:
              |     //     P'(perm) = F(inh) & P(Inh) | F(Perm) & P(bset)
              |
              +-handle_privileged_root(&bprm, has_fcap, &effective, root_uid)
              |
              |  // If has_fcap && (rUID != root && eUID == root) then
              |  //     return without doing anything
              |  //
              |  // If rUID == root || eUID == root then
              |  //    P'(perm) = P(inh) | P(bset)
              |  //
              |  // If eUID == root then
              |  //     effective = true
              |
              // Perform execve() transformation:
              //
              //     P'(Amb) = (privprog) ? 0 : P(Amb)
              //     P'(Perm) |= P'(Amb)
              //     P'(Eff) = effective ? P'(Perm) : P'(Amb)

Summary

1. Perform set-UID/set-GID transformations

2. P'(Amb) = (privprog) ? 0 : P(Amb)

3. If [process has nonzero UIDs] OR
   ([file has caps] && [rUID != root && eUID == root]), then

        P'(perm) = F(inh) & P(Inh) | F(Perm) & P(bset) | P'(Amb)

   else // ~ [process has rUID == root || eUID == root]

        P'(perm) = P(inh) | P(bset) | P'(Amb)

4. P'(Eff) = (F(eff) || eUID == root) ? P'(Perm) : P'(Amb)

======

$ cat show_creds_and_caps_long.c

int
main(int argc, char *argv[])
{
    uid_t ruid, euid, suid;
    gid_t rgid, egid, sgid;
    cap_t caps;
    char *s;

    if (getresuid(&ruid, &euid, &suid) == -1) {
        perror("getresuid");
        exit(EXIT_FAILURE);
    }

    if (getresgid(&rgid, &egid, &sgid) == -1) {
        perror("getresgid");
        exit(EXIT_FAILURE);
    }

    printf("UID: %5ld (real), %5ld (effective), %5ld (saved)\n",
            (long) ruid, (long) euid, (long) suid);
    printf("GID: %5ld (real), %5ld (effective), %5ld (saved)\n",
            (long) rgid, (long) egid, (long) sgid);

    caps = cap_get_proc();
    if (caps == NULL) {
        perror("cap_get_proc");
        exit(EXIT_FAILURE);
    }
    s = cap_to_text(caps, NULL);
    if (s == NULL) {
        perror("cap_to_text");
        exit(EXIT_FAILURE);
    }
    printf("Capabilities: %s\n", s);

    cap_free(caps);
    cap_free(s);

    exit(EXIT_SUCCESS);
}

$ cat cred_launcher.c

                        } while (0)

                        do { fprintf(stderr, "Usage: "); \
                             fprintf(stderr, msg, progName); \
                             exit(EXIT_FAILURE); } while (0)

int
main(int argc, char *argv[])
{
    uid_t r, e, s;

    if (argc != 5 || strcmp(argv[1], "--help") == 0)
        usageErr("%s rUID eUID sUID <prog>\n", argv[0]);

    r = atoi(argv[1]);
    e = atoi(argv[2]);
    s = atoi(argv[3]);

    if (setresuid(r, e, s) == -1)
        errExit("setresuid");

    if (getresuid(&r, &e, &s) == -1)
        errExit("getresuid");

    execv(argv[4], &argv[4]);
    errExit("execve");
}

$ cc -o cred_launcher cred_launcher.c
$ cc -o show_creds_and_caps_long show_creds_and_caps_long.c -lcap

$ sudo ./cred_launcher 1000 0 1000 ./show_creds_and_caps_long
UID:  1000 (real),     0 (effective),     0 (saved)
GID:     0 (real),     0 (effective),     0 (saved)
Capabilities: =ep

$ sudo setcap cap_kill=pe show_creds_and_caps_long
$ sudo ./cred_launcher 1000 0 1000 ./show_creds_and_caps_long
UID:  1000 (real),     0 (effective),     0 (saved)
GID:     0 (real),     0 (effective),     0 (saved)
Capabilities: = cap_kill+ep

The final program execution above shows the special casing
that occurs in handle_privileged_root() for the case where:

    rUID != root && eUID == root && [file has capabilities]

======

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capabilities.7: tfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capabilities.7: Improve the discussion of when file capabilities are ignored

The text stated that the execve() capability transitions are not
performed for the same reasons that setuid and setgid mode bits
may be ignored (as described in execve(2)). But, that's not quite
correct: rather, the file capability sets are treated as empty
for the purpose of the capability transition calculations.

Also merge the new 'no_file_caps' kernel option text into the
same paragraph.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capabilities.7: Document the 'no_file_caps' kernel command-line option

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capget.2: Remove crufty sentence suggesting use of deprecated functions

Remove crufty sentence suggesting use of deprecated capsetp(3) and
capgetp(3); the manual page for those functions has long (at least
as far back as 2007) noted that they are deprecated.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

setfsgid.2, setfsuid.2: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capabilities.7: Rework discussion of exec and UID 0, correcting a couple of details

Clarify the "Capabilities and execution of programs by root"
section, and correct a couple of details:

* If a process with rUID == 0 && eUID != 0 does an exec,
  the process will nevertheless gain effective capabilities
  if the file effective bit is set.
* Set-UID-root programs only confer a full set of capabilities
  if the binary does not also have attached capabilities.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

capabilities.7: srcfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

namespaces.7: srcfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

cgroups.7: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: SEE ALSO: add htop(1) and pstree(1)

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: Since Linux 4.5, "stack:" is no longer shown in /proc/PID/maps

Reported-by: Nick Gregory <ghost@capsule8.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

fsync.2: tfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

io_submit.2: ffix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

io_submit.2: Fix the description of aio_data

aio_data is not a kernel-internal field.

Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

proc.5: Mention /proc/uptime includes time spent in suspend

fs/proc/uptime.c:uptime_proc_show() fetches time using
ktime_get_boottime which includes the time spent in suspend.

Signed-off-by: Stephan Knauss <linux@stephans-server.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

cgroups.7: Reframe the text on delegation to include more details about cgroups v1

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

cgroups.7: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

cgroups.7: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

cgroups.7: Soften the discussion about delegation in cgroups v1

Balbir pointed out that v1 delegation was not an accidental
feature.

Reported-by: Balbir Singh <bsingharora@gmail.com>
Reported-by: Marcus Gelderie <redmnic@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

cgroups.7: wfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

time.1: Update bug reporting address

Update the bug reporting email address to that shown by

     /bin/time --help

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

man.7: tfix

Use \(aq for ASCII apostrophes and \(ga for backtick,
as recommended by groff_man(7).

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>