diff options
author | Alejandro Colomar <alx@kernel.org> | 2023-02-05 23:14:38 +0100 |
---|---|---|
committer | Alejandro Colomar <alx@kernel.org> | 2023-02-05 23:14:42 +0100 |
commit | cdede5cdd1b0ba75135d3b32d96354026e96f866 (patch) | |
tree | f21d7604d25b2de607ef5471e5e180094231e046 | |
parent | f29fc8dcf0da15a596a7cdc7e5a0b2932100b522 (diff) |
Many pages: Use \[bu] instead of \(bu
Signed-off-by: Alejandro Colomar <alx@kernel.org>
167 files changed, 1506 insertions, 1506 deletions
diff --git a/man1/iconv.1 b/man1/iconv.1 index fba7669ef..ece86aa6d 100644 --- a/man1/iconv.1 +++ b/man1/iconv.1 @@ -110,7 +110,7 @@ program must first allocate a conversion descriptor using The operation of the latter function is influenced by the setting of the .B GCONV_PATH environment variable: -.IP \(bu 3 +.IP \[bu] 3 If .B GCONV_PATH is not set, @@ -121,7 +121,7 @@ and then, based on the configuration, loads the gconv modules needed to perform the conversion. If the system gconv module configuration cache file is not available then the system gconv module configuration file is used. -.IP \(bu +.IP \[bu] If .B GCONV_PATH is defined (as a colon-separated list of pathnames), diff --git a/man1/locale.1 b/man1/locale.1 index a5a4cac17..368bb5eea 100644 --- a/man1/locale.1 +++ b/man1/locale.1 @@ -62,9 +62,9 @@ or locale categories (for example, or .BR LC_TIME ). For each argument, the following is displayed: -.IP \(bu 3 +.IP \[bu] 3 For a locale keyword, the value of that keyword to be displayed. -.IP \(bu +.IP \[bu] For a locale category, the values of all keywords in that category are displayed. .PP diff --git a/man1/localedef.1 b/man1/localedef.1 index 72e0e953c..6551a5816 100644 --- a/man1/localedef.1 +++ b/man1/localedef.1 @@ -57,7 +57,7 @@ etc.), and places the output in The .I outputpath argument is interpreted as follows: -.IP \(bu 3 +.IP \[bu] 3 If .I outputpath contains a slash character ('/'), it is interpreted as the name of the @@ -66,7 +66,7 @@ In this case, there is a separate output file for each locale category .RI ( LC_TIME , .IR LC_NUMERIC , and so on). -.IP \(bu +.IP \[bu] If the .B \-\-no\-archive option is used, @@ -74,7 +74,7 @@ option is used, is the name of a subdirectory in .I /usr/lib/locale where per-category compiled files are placed. -.IP \(bu +.IP \[bu] Otherwise, .I outputpath is the name of a locale and the compiled locale data is added to the diff --git a/man2/adjtimex.2 b/man2/adjtimex.2 index df7d27cd4..9f278674a 100644 --- a/man2/adjtimex.2 +++ b/man2/adjtimex.2 @@ -368,22 +368,22 @@ is a more portable interface for performing the same task as .BR adjtimex (). Other than the following points, it is identical to .BR adjtimex (): -.IP \(bu 3 +.IP \[bu] 3 The constants used in .I modes are prefixed with "MOD_" rather than "ADJ_", and have the same suffixes (thus, .BR MOD_OFFSET , .BR MOD_FREQUENCY , and so on), other than the exceptions noted in the following points. -.IP \(bu +.IP \[bu] .B MOD_CLKA is the synonym for .BR ADJ_OFFSET_SINGLESHOT . -.IP \(bu +.IP \[bu] .B MOD_CLKB is the synonym for .BR ADJ_TICK . -.IP \(bu +.IP \[bu] The is no synonym for .BR ADJ_OFFSET_SS_READ , which is not described in the KAPI. @@ -420,25 +420,25 @@ flags. The system clock is not synchronized to a reliable server. This value is returned when any of the following holds true: .RS -.IP \(bu 3 +.IP \[bu] 3 Either .B STA_UNSYNC or .B STA_CLOCKERR is set. -.IP \(bu +.IP \[bu] .B STA_PPSSIGNAL is clear and either .B STA_PPSFREQ or .B STA_PPSTIME is set. -.IP \(bu +.IP \[bu] .B STA_PPSTIME and .B STA_PPSJITTER are both set. -.IP \(bu +.IP \[bu] .B STA_PPSFREQ is set and either .B STA_PPSWANDER diff --git a/man2/bpf.2 b/man2/bpf.2 index f9539ef53..445038e6a 100644 --- a/man2/bpf.2 +++ b/man2/bpf.2 @@ -211,13 +211,13 @@ They allow sharing of data between eBPF kernel programs, and also between kernel and user-space applications. .PP Each map type has the following attributes: -.IP \(bu 3 +.IP \[bu] 3 type -.IP \(bu +.IP \[bu] maximum number of elements -.IP \(bu +.IP \[bu] key size in bytes -.IP \(bu +.IP \[bu] value size in bytes .PP The following wrapper functions demonstrate how various @@ -578,20 +578,20 @@ The following map types are supported: .\" commit 0f8e4bd8a1fc8c4185f1630061d0a1f2d197a475 Hash-table maps have the following characteristics: .RS -.IP \(bu 3 +.IP \[bu] 3 Maps are created and destroyed by user-space programs. Both user-space and eBPF programs can perform lookup, update, and delete operations. -.IP \(bu +.IP \[bu] The kernel takes care of allocating and freeing key/value pairs. -.IP \(bu +.IP \[bu] The .BR map_update_elem () helper will fail to insert new element when the .I max_entries limit is reached. (This ensures that eBPF programs cannot exhaust memory.) -.IP \(bu +.IP \[bu] .BR map_update_elem () replaces existing elements atomically. .RE @@ -603,7 +603,7 @@ optimized for speed of lookup. .\" commit 28fbcfa08d8ed7c5a50d41a0433aad222835e8e3 Array maps have the following characteristics: .RS -.IP \(bu 3 +.IP \[bu] 3 Optimized for fastest possible lookup. In the future the verifier/JIT compiler may recognize lookup() operations that employ a constant key @@ -616,16 +616,16 @@ In other words, .BR array_map_lookup_elem () may be 'inlined' by the verifier/JIT compiler while preserving concurrent access to this map from user space. -.IP \(bu +.IP \[bu] All array elements pre-allocated and zero initialized at init time -.IP \(bu +.IP \[bu] The key is an array index, and must be exactly four bytes. -.IP \(bu +.IP \[bu] .BR map_delete_elem () fails with the error .BR EINVAL , since elements cannot be deleted. -.IP \(bu +.IP \[bu] .BR map_update_elem () replaces elements in a .B nonatomic @@ -644,13 +644,13 @@ This is quite often useful for aggregation and accounting of events. .IP Among the uses for array maps are the following: .RS -.IP \(bu 3 +.IP \[bu] 3 As "global" eBPF variables: an array of 1 element whose key is (index) 0 and where the value is a collection of 'global' variables which eBPF programs can use to keep state between events. -.IP \(bu +.IP \[bu] Aggregation of tracing events into a fixed set of buckets. -.IP \(bu +.IP \[bu] Accounting of networking events, for example, number of packets and packet sizes. .RE @@ -775,23 +775,23 @@ For further details of eBPF program types, see below. The remaining fields of .I bpf_attr are set as follows: -.IP \(bu 3 +.IP \[bu] 3 .I insns is an array of .I "struct bpf_insn" instructions. -.IP \(bu +.IP \[bu] .I insn_cnt is the number of instructions in the program referred to by .IR insns . -.IP \(bu +.IP \[bu] .I license is a license string, which must be GPL compatible to call helper functions marked .IR gpl_only . (The licensing rules are the same as for kernel modules, so that also dual licenses, such as "Dual BSD/GPL", may be used.) -.IP \(bu +.IP \[bu] .I log_buf is a pointer to a caller-allocated buffer in which the in-kernel verifier can store the verification log. @@ -799,7 +799,7 @@ This log is a multi-line string that can be checked by the program author in order to understand how the verifier came to the conclusion that the eBPF program is unsafe. The format of the output can change at any time as the verifier evolves. -.IP \(bu +.IP \[bu] .I log_size size of the buffer pointed to by .IR log_buf . @@ -808,7 +808,7 @@ verifier messages, \-1 is returned and .I errno is set to .BR ENOSPC . -.IP \(bu +.IP \[bu] .I log_level verbosity level of the verifier. A value of zero means that the verifier will not provide a log; @@ -1075,14 +1075,14 @@ However they may not store kernel pointers within the maps and are presently limited to the following helper functions: .\" [Linux 5.6] mtk: The list of available functions is, I think, governed .\" by the check in net/core/filter.c::bpf_base_func_proto(). -.IP \(bu 3 +.IP \[bu] 3 get_random .PD 0 -.IP \(bu +.IP \[bu] get_smp_processor_id -.IP \(bu +.IP \[bu] tail_call -.IP \(bu +.IP \[bu] ktime_get_ns .PD .PP @@ -1151,37 +1151,37 @@ The JIT compiler for eBPF is currently .\" and by checking the documentation for bpf_jit_enable in .\" Documentation/sysctl/net.txt available for the following architectures: -.IP \(bu 3 +.IP \[bu] 3 x86-64 (since Linux 3.18; cBPF since Linux 3.0); .\" commit 0a14842f5a3c0e88a1e59fac5c3025db39721f74 .PD 0 -.IP \(bu +.IP \[bu] ARM32 (since Linux 3.18; cBPF since Linux 3.4); .\" commit ddecdfcea0ae891f782ae853771c867ab51024c2 -.IP \(bu +.IP \[bu] SPARC 32 (since Linux 3.18; cBPF since Linux 3.5); .\" commit 2809a2087cc44b55e4377d7b9be3f7f5d2569091 -.IP \(bu +.IP \[bu] ARM-64 (since Linux 3.18); .\" commit e54bcde3d69d40023ae77727213d14f920eb264a -.IP \(bu +.IP \[bu] s390 (since Linux 4.1; cBPF since Linux 3.7); .\" commit c10302efe569bfd646b4c22df29577a4595b4580 -.IP \(bu +.IP \[bu] PowerPC 64 (since Linux 4.8; cBPF since Linux 3.1); .\" commit 0ca87f05ba8bdc6791c14878464efc901ad71e99 .\" commit 156d0e290e969caba25f1851c52417c14d141b24 -.IP \(bu +.IP \[bu] SPARC 64 (since Linux 4.12); .\" commit 7a12b5031c6b947cc13918237ae652b536243b76 -.IP \(bu +.IP \[bu] x86-32 (since Linux 4.18); .\" commit 03f5781be2c7b7e728d724ac70ba10799cc710d7 -.IP \(bu +.IP \[bu] MIPS 64 (since Linux 4.18; cBPF since Linux 3.16); .\" commit c6610de353da5ca6eee5b8960e838a87a90ead0c .\" commit f381bf6d82f032b7410185b35d000ea370ac706b -.IP \(bu +.IP \[bu] riscv (since Linux 5.1). .\" commit 2353ecc6f91fd15b893fa01bf85a1c7a823ee4f2 .PD diff --git a/man2/capget.2 b/man2/capget.2 index 32f00ce4d..909f8bfe0 100644 --- a/man2/capget.2 +++ b/man2/capget.2 @@ -214,9 +214,9 @@ permitted set. .B EPERM An attempt was made to add a capability to the inheritable set, and either: .RS -.IP \(bu 3 +.IP \[bu] 3 that capability was not in the caller's bounding set; or -.IP \(bu +.IP \[bu] the capability was not in the caller's permitted set and the caller lacked the .B CAP_SETPCAP diff --git a/man2/chmod.2 b/man2/chmod.2 index 1cb5e95df..8b5db74ed 100644 --- a/man2/chmod.2 +++ b/man2/chmod.2 @@ -67,12 +67,12 @@ system calls change a file's mode bits. (The file mode consists of the file permission bits plus the set-user-ID, set-group-ID, and sticky bits.) These system calls differ only in how the file is specified: -.IP \(bu 3 +.IP \[bu] 3 .BR chmod () changes the mode of the file specified whose pathname is given in .IR pathname , which is dereferenced if it is a symbolic link. -.IP \(bu +.IP \[bu] .BR fchmod () changes the mode of the file referred to by the open file descriptor .IR fd . diff --git a/man2/chown.2 b/man2/chown.2 index 9684bec9e..d66b66f54 100644 --- a/man2/chown.2 +++ b/man2/chown.2 @@ -65,16 +65,16 @@ The and .BR lchown () system calls differ only in how the file is specified: -.IP \(bu 3 +.IP \[bu] 3 .BR chown () changes the ownership of the file specified by .IR pathname , which is dereferenced if it is a symbolic link. -.IP \(bu +.IP \[bu] .BR fchown () changes the ownership of the file referred to by the open file descriptor .IR fd . -.IP \(bu +.IP \[bu] .BR lchown () is like .BR chown (), @@ -321,18 +321,18 @@ and .BR "\-o\ sysvgroups" ) .BR mount (8) options, then the rules are as follows: -.IP \(bu 3 +.IP \[bu] 3 If the filesystem is mounted with .BR "\-o\ grpid" , then the group of a new file is made the same as that of the parent directory. -.IP \(bu +.IP \[bu] If the filesystem is mounted with .B \-o\ nogrpid and the set-group-ID bit is disabled on the parent directory, then the group of a new file is made the same as the process's filesystem GID. -.IP \(bu +.IP \[bu] If the filesystem is mounted with .B \-o\ nogrpid and the set-group-ID bit is enabled on the parent directory, diff --git a/man2/clone.2 b/man2/clone.2 index f318e319a..d63895189 100644 --- a/man2/clone.2 +++ b/man2/clone.2 @@ -98,14 +98,14 @@ and below. .PP This page describes the following interfaces: -.IP \(bu 3 +.IP \[bu] 3 The glibc .BR clone () wrapper function and the underlying system call on which it is based. The main text describes the wrapper function; the differences for the raw system call are described toward the end of this page. -.IP \(bu +.IP \[bu] The newer .BR clone3 () system call. @@ -574,7 +574,7 @@ Among the possible use cases for .B CLONE_INTO_CGROUP are the following: .RS -.IP \(bu 3 +.IP \[bu] 3 Spawning a process into a cgroup different from the parent's cgroup makes it possible for a service manager to directly spawn new services into dedicated cgroups. @@ -585,7 +585,7 @@ moved into the target cgroup. Furthermore, spawning the child process directly into a target cgroup is significantly cheaper than moving the child process into the target cgroup after it has been created. -.IP \(bu +.IP \[bu] The .B CLONE_INTO_CGROUP flag also allows the creation of @@ -593,7 +593,7 @@ frozen child processes by spawning them into a frozen cgroup. (See .BR cgroups (7) for a description of the freezer controller.) -.IP \(bu +.IP \[bu] For threaded applications (or even thread implementations which make use of cgroups to limit individual threads), it is possible to establish a fixed cgroup layout before spawning each thread @@ -875,12 +875,12 @@ The close-on-exec flag is set on this new file descriptor. PID file descriptors can be used for the purposes described in .BR pidfd_open (2). .RS -.IP \(bu 3 +.IP \[bu] 3 When using .BR clone3 (), the PID file descriptor is placed at the location pointed to by .IR cl_args.pidfd . -.IP \(bu +.IP \[bu] When using .BR clone (), the PID file descriptor is placed at the location pointed to by @@ -1811,7 +1811,7 @@ be used for the child's stack using rather than .BR malloc (3) for the following reasons: -.IP \(bu 3 +.IP \[bu] 3 .BR mmap (2) allocates a block of memory that starts on a page boundary and is a multiple of the page size. @@ -1819,7 +1819,7 @@ This is useful if we want to establish a guard page (a page with protection .BR PROT_NONE ) at the end of the stack using .BR mprotect (2). -.IP \(bu +.IP \[bu] We can specify the .B MAP_STACK flag to request a mapping that is suitable for a stack. diff --git a/man2/copy_file_range.2 b/man2/copy_file_range.2 index 264684dbb..34cd56517 100644 --- a/man2/copy_file_range.2 +++ b/man2/copy_file_range.2 @@ -35,14 +35,14 @@ The following semantics apply for .IR off_in , and similar statements apply to .IR off_out : -.IP \(bu 3 +.IP \[bu] 3 If .I off_in is NULL, then bytes are read from .I fd_in starting from the file offset, and the file offset is adjusted by the number of bytes copied. -.IP \(bu +.IP \[bu] If .I off_in is not NULL, then diff --git a/man2/delete_module.2 b/man2/delete_module.2 index f4b57e2be..0e0a67596 100644 --- a/man2/delete_module.2 +++ b/man2/delete_module.2 @@ -77,14 +77,14 @@ does not specify .BR O_NONBLOCK , the following steps occur: .RS -.IP \(bu 3 +.IP \[bu] 3 The module is marked so that no new references are permitted. -.IP \(bu +.IP \[bu] If the module's reference count is nonzero, the caller is placed in an uninterruptible sleep state .RB ( TASK_UNINTERRUPTIBLE ) until the reference count is zero, at which point the call unblocks. -.IP \(bu +.IP \[bu] The module is unloaded in the usual way. .RE .RE diff --git a/man2/dup.2 b/man2/dup.2 index 68b2ee80e..af291c3ec 100644 --- a/man2/dup.2 +++ b/man2/dup.2 @@ -99,13 +99,13 @@ by a signal handler that allocates a file descriptor, or because a parallel thread allocates a file descriptor. .PP Note the following points: -.IP \(bu 3 +.IP \[bu] 3 If .I oldfd is not a valid file descriptor, then the call fails, and .I newfd is not closed. -.IP \(bu +.IP \[bu] If .I oldfd is a valid file descriptor, and @@ -122,7 +122,7 @@ does nothing, and returns is the same as .BR dup2 (), except that: -.IP \(bu 3 +.IP \[bu] 3 The caller can force the close-on-exec flag to be set for the new file descriptor by specifying .B O_CLOEXEC @@ -131,7 +131,7 @@ in See the description of the same flag in .BR open (2) for reasons why this may be useful. -.IP \(bu +.IP \[bu] .\" Ulrich Drepper, LKML, 2008-10-09: .\" We deliberately decided on this change. Otherwise, what is the .\" result of dup3(fd, fd, O_CLOEXEC)? diff --git a/man2/epoll_wait.2 b/man2/epoll_wait.2 index 70c4e2993..1620cff9d 100644 --- a/man2/epoll_wait.2 +++ b/man2/epoll_wait.2 @@ -59,11 +59,11 @@ clock. A call to .BR epoll_wait () will block until either: -.IP \(bu 3 +.IP \[bu] 3 a file descriptor delivers an event; -.IP \(bu +.IP \[bu] the call is interrupted by a signal handler; or -.IP \(bu +.IP \[bu] the timeout expires. .PP Note that the diff --git a/man2/eventfd.2 b/man2/eventfd.2 index 5e70d2486..c1cb40894 100644 --- a/man2/eventfd.2 +++ b/man2/eventfd.2 @@ -92,21 +92,21 @@ and whether the .B EFD_SEMAPHORE flag was specified when creating the eventfd file descriptor: .RS -.IP \(bu 3 +.IP \[bu] 3 If .B EFD_SEMAPHORE was not specified and the eventfd counter has a nonzero value, then a .BR read (2) returns 8 bytes containing that value, and the counter's value is reset to zero. -.IP \(bu +.IP \[bu] If .B EFD_SEMAPHORE was specified and the eventfd counter has a nonzero value, then a .BR read (2) returns 8 bytes containing the value 1, and the counter's value is decremented by 1. -.IP \(bu +.IP \[bu] If the eventfd counter is zero at the time of the call to .BR read (2), then the call either blocks until the counter becomes nonzero @@ -151,7 +151,7 @@ and .BR select (2), as follows: .RS -.IP \(bu 3 +.IP \[bu] 3 The file descriptor is readable (the .BR select (2) @@ -161,7 +161,7 @@ argument; the .B POLLIN flag) if the counter has a value greater than 0. -.IP \(bu +.IP \[bu] The file descriptor is writable (the .BR select (2) @@ -171,7 +171,7 @@ argument; the .B POLLOUT flag) if it is possible to write a value of at least "1" without blocking. -.IP \(bu +.IP \[bu] If an overflow of the counter value was detected, then .BR select (2) diff --git a/man2/execve.2 b/man2/execve.2 index cc81f9156..819cba3c1 100644 --- a/man2/execve.2 +++ b/man2/execve.2 @@ -110,12 +110,12 @@ The aforementioned transformations of the effective IDs are .I not performed (i.e., the set-user-ID and set-group-ID bits are ignored) if any of the following is true: -.IP \(bu 3 +.IP \[bu] 3 the .I no_new_privs attribute is set for the calling thread (see .BR prctl (2)); -.IP \(bu +.IP \[bu] the underlying filesystem is mounted .I nosuid (the @@ -123,7 +123,7 @@ the underlying filesystem is mounted flag for .BR mount (2)); or -.IP \(bu +.IP \[bu] the calling process is being ptraced. .PP The capabilities of the program file (see @@ -159,43 +159,43 @@ for binaries linked with glibc (see All process attributes are preserved during an .BR execve (), except the following: -.IP \(bu 3 +.IP \[bu] 3 The dispositions of any signals that are being caught are reset to the default .RB ( signal (7)). -.IP \(bu +.IP \[bu] Any alternate signal stack is not preserved .RB ( sigaltstack (2)). -.IP \(bu +.IP \[bu] Memory mappings are not preserved .RB ( mmap (2)). -.IP \(bu +.IP \[bu] Attached System\ V shared memory segments are detached .RB ( shmat (2)). -.IP \(bu +.IP \[bu] POSIX shared memory regions are unmapped .RB ( shm_open (3)). -.IP \(bu +.IP \[bu] Open POSIX message queue descriptors are closed .RB ( mq_overview (7)). -.IP \(bu +.IP \[bu] Any open POSIX named semaphores are closed .RB ( sem_overview (7)). -.IP \(bu +.IP \[bu] POSIX timers are not preserved .RB ( timer_create (2)). -.IP \(bu +.IP \[bu] Any open directory streams are closed .RB ( opendir (3)). -.IP \(bu +.IP \[bu] Memory locks are not preserved .RB ( mlock (2), .BR mlockall (2)). -.IP \(bu +.IP \[bu] Exit handlers are not preserved .RB ( atexit (3), .BR on_exit (3)). -.IP \(bu +.IP \[bu] The floating-point environment is reset to the default (see .BR fenv (3)). .PP @@ -204,7 +204,7 @@ in POSIX.1. The following Linux-specific process attributes are also not preserved during an .BR execve (): -.IP \(bu 3 +.IP \[bu] 3 The process's "dumpable" attribute is set to the value 1, unless a set-user-ID program, a set-group-ID program, or a program with capabilities is being executed, @@ -221,52 +221,52 @@ directory to change to .IR root:root , as described in .BR proc (5). -.IP \(bu +.IP \[bu] The .BR prctl (2) .B PR_SET_KEEPCAPS flag is cleared. -.IP \(bu +.IP \[bu] (Since Linux 2.4.36 / 2.6.23) If a set-user-ID or set-group-ID program is being executed, then the parent death signal set by .BR prctl (2) .B PR_SET_PDEATHSIG flag is cleared. -.IP \(bu +.IP \[bu] The process name, as set by .BR prctl (2) .B PR_SET_NAME (and displayed by .IR "ps\ \-o comm" ), is reset to the name of the new executable file. -.IP \(bu +.IP \[bu] The .B SECBIT_KEEP_CAPS .I securebits flag is cleared. See .BR capabilities (7). -.IP \(bu +.IP \[bu] The termination signal is reset to .B SIGCHLD (see .BR clone (2)). -.IP \(bu +.IP \[bu] The file descriptor table is unshared, undoing the effect of the .B CLONE_FILES flag of .BR clone (2). .PP Note the following further points: -.IP \(bu 3 +.IP \[bu] 3 All threads other than the calling thread are destroyed during an .BR execve (). Mutexes, condition variables, and other pthreads objects are not preserved. -.IP \(bu +.IP \[bu] The equivalent of \fIsetlocale(LC_ALL, "C")\fP is executed at program start-up. -.IP \(bu +.IP \[bu] POSIX.1 specifies that the dispositions of any signals that are ignored or set to the default are left unchanged. POSIX.1 specifies one exception: if @@ -274,16 +274,16 @@ POSIX.1 specifies one exception: if is being ignored, then an implementation may leave the disposition unchanged or reset it to the default; Linux does the former. -.IP \(bu +.IP \[bu] Any outstanding asynchronous I/O operations are canceled .RB ( aio_read (3), .BR aio_write (3)). -.IP \(bu +.IP \[bu] For the handling of capabilities during .BR execve (), see .BR capabilities (7). -.IP \(bu +.IP \[bu] By default, file descriptors remain open across an .BR execve (). File descriptors that are marked close-on-exec are closed; diff --git a/man2/fallocate.2 b/man2/fallocate.2 index 14a5b8a52..209e1ec8b 100644 --- a/man2/fallocate.2 +++ b/man2/fallocate.2 @@ -125,18 +125,18 @@ Not all filesystems support .BR FALLOC_FL_PUNCH_HOLE ; if a filesystem doesn't support the operation, an error is returned. The operation is supported on at least the following filesystems: -.IP \(bu 3 +.IP \[bu] 3 XFS (since Linux 2.6.38) -.IP \(bu +.IP \[bu] ext4 (since Linux 3.0) .\" commit a4bb6b64e39abc0e41ca077725f2a72c868e7622 -.IP \(bu +.IP \[bu] Btrfs (since Linux 3.7) -.IP \(bu +.IP \[bu] .BR tmpfs (5) (since Linux 3.5) .\" commit 83e4fa9c16e4af7122e31be3eca5d57881d236fe -.IP \(bu +.IP \[bu] .BR gfs2 (5) (since Linux 4.16) .\" commit 4e56a6411fbce6f859566e17298114c2434391a4 @@ -235,16 +235,16 @@ Not all filesystems support .BR FALLOC_FL_ZERO_RANGE ; if a filesystem doesn't support the operation, an error is returned. The operation is supported on at least the following filesystems: -.IP \(bu 3 +.IP \[bu] 3 XFS (since Linux 3.15) .\" commit 376ba313147b4172f3e8cf620b9fb591f3e8cdfa -.IP \(bu +.IP \[bu] ext4, for extent-based files (since Linux 3.15) .\" commit b8a8684502a0fc852afa0056c6bb2a9273f6fcc0 -.IP \(bu +.IP \[bu] SMB3 (since Linux 3.17) .\" commit 30175628bf7f521e9ee31ac98fa6d6fe7441a556 -.IP \(bu +.IP \[bu] Btrfs (since Linux 4.16) .\" commit f27451f229966874a8793995b8e6b74326d125df .SS Increasing file space diff --git a/man2/fanotify_init.2 b/man2/fanotify_init.2 index ec1976efa..e9c65c280 100644 --- a/man2/fanotify_init.2 +++ b/man2/fanotify_init.2 @@ -483,24 +483,24 @@ The limitations imposed on an event listener created by a user without the .B CAP_SYS_ADMIN capability are as follows: .RS -.IP \(bu 3 +.IP \[bu] 3 The user cannot request for an unlimited event queue by using .BR FAN_UNLIMITED_QUEUE . -.IP \(bu +.IP \[bu] The user cannot request for an unlimited number of marks by using .BR FAN_UNLIMITED_MARKS . -.IP \(bu +.IP \[bu] The user cannot request to use either notification classes .B FAN_CLASS_CONTENT or .BR FAN_CLASS_PRE_CONTENT . This means that user cannot request permission events. -.IP \(bu +.IP \[bu] The user is required to create a group that identifies filesystem objects by file handles, for example, by providing the .B FAN_REPORT_FID flag. -.IP \(bu +.IP \[bu] The user is limited to only mark inodes. The ability to mark a mount or filesystem via .BR fanotify_mark () @@ -509,7 +509,7 @@ through the use of or .B FAN_MARK_FILESYSTEM is not permitted. -.IP \(bu +.IP \[bu] The event object in the event queue is limited in terms of the information that is made available to the unprivileged user. A user will also not receive the pid that generated the event, unless the @@ -519,7 +519,7 @@ listening process itself generated the event. This system call is Linux-specific. .SH BUGS The following bug was present before Linux 3.18: -.IP \(bu 3 +.IP \[bu] 3 .\" Fixed by commit 0b37e097a648aa71d4db1ad108001e95b69a2da4 The .B O_CLOEXEC @@ -527,7 +527,7 @@ is ignored when passed in .IR event_f_flags . .PP The following bug was present before Linux 3.14: -.IP \(bu 3 +.IP \[bu] 3 .\" Fixed by commit 48149e9d3a7e924010a0daab30a6197b7d7b6580 The .I event_f_flags diff --git a/man2/fanotify_mark.2 b/man2/fanotify_mark.2 index 23169047b..5577a3888 100644 --- a/man2/fanotify_mark.2 +++ b/man2/fanotify_mark.2 @@ -501,13 +501,13 @@ The filesystem object to be marked is determined by the file descriptor .I dirfd and the pathname specified in .IR pathname : -.IP \(bu 3 +.IP \[bu] 3 If .I pathname is NULL, .I dirfd defines the filesystem object to be marked. -.IP \(bu +.IP \[bu] If .I pathname is NULL, and @@ -515,13 +515,13 @@ is NULL, and takes the special value .BR AT_FDCWD , the current working directory is to be marked. -.IP \(bu +.IP \[bu] If .I pathname is absolute, it defines the filesystem object to be marked, and .I dirfd is ignored. -.IP \(bu +.IP \[bu] If .I pathname is relative, and @@ -532,7 +532,7 @@ then the filesystem object to be marked is determined by interpreting .I pathname relative the directory referred to by .IR dirfd . -.IP \(bu +.IP \[bu] If .I pathname is relative, and @@ -814,7 +814,7 @@ events for both the ELF binary and interpreter, respectively: .in .SH BUGS The following bugs were present in before Linux 3.16: -.IP \(bu 3 +.IP \[bu] 3 .\" Fixed by commit 0a8dd2db579f7a0ac7033d6b857c3d5dbaa77563 If .I flags @@ -824,13 +824,13 @@ contains and .I pathname must specify a valid filesystem object, even though this object is not used. -.IP \(bu +.IP \[bu] .\" Fixed by commit d4c7cf6cffb1bc711a833b5e304ba5bcfe76398b .BR readdir (2) does not generate a .B FAN_ACCESS event. -.IP \(bu +.IP \[bu] .\" Fixed by commit cc299a98eb13a9853675a9cbb90b30b4011e1406 If .BR fanotify_mark () diff --git a/man2/fcntl.2 b/man2/fcntl.2 index 885c88fd9..3ec52dc4d 100644 --- a/man2/fcntl.2 +++ b/man2/fcntl.2 @@ -440,7 +440,7 @@ instead. The record locks described above are associated with the process (unlike the open file description locks described below). This has some unfortunate consequences: -.IP \(bu 3 +.IP \[bu] 3 If a process closes .I any file descriptor referring to a file, @@ -456,7 +456,7 @@ or .I /etc/mtab when for some reason a library function decides to open, read, and close the same file. -.IP \(bu +.IP \[bu] The threads in a process share locks. In other words, a multithreaded program can't use record locking to ensure diff --git a/man2/fork.2 b/man2/fork.2 index 358e90349..1b2498af7 100644 --- a/man2/fork.2 +++ b/man2/fork.2 @@ -50,30 +50,30 @@ performed by one of the processes do not affect the other. .PP The child process is an exact duplicate of the parent process except for the following points: -.IP \(bu 3 +.IP \[bu] 3 The child has its own unique process ID, and this PID does not match the ID of any existing process group .RB ( setpgid (2)) or session. -.IP \(bu +.IP \[bu] The child's parent process ID is the same as the parent's process ID. -.IP \(bu +.IP \[bu] The child does not inherit its parent's memory locks .RB ( mlock (2), .BR mlockall (2)). -.IP \(bu +.IP \[bu] Process resource utilizations .RB ( getrusage (2)) and CPU time counters .RB ( times (2)) are reset to zero in the child. -.IP \(bu +.IP \[bu] The child's set of pending signals is initially empty .RB ( sigpending (2)). -.IP \(bu +.IP \[bu] The child does not inherit semaphore adjustments from its parent .RB ( semop (2)). -.IP \(bu +.IP \[bu] The child does not inherit process-associated record locks from its parent .RB ( fcntl (2)). (On the other hand, it does inherit @@ -81,12 +81,12 @@ The child does not inherit process-associated record locks from its parent open file description locks and .BR flock (2) locks from its parent.) -.IP \(bu +.IP \[bu] The child does not inherit timers from its parent .RB ( setitimer (2), .BR alarm (2), .BR timer_create (2)). -.IP \(bu +.IP \[bu] The child does not inherit outstanding asynchronous I/O operations from its parent .RB ( aio_read (3), @@ -98,33 +98,33 @@ The process attributes in the preceding list are all specified in POSIX.1. The parent and child also differ with respect to the following Linux-specific process attributes: -.IP \(bu 3 +.IP \[bu] 3 The child does not inherit directory change notifications (dnotify) from its parent (see the description of .B F_NOTIFY in .BR fcntl (2)). -.IP \(bu +.IP \[bu] The .BR prctl (2) .B PR_SET_PDEATHSIG setting is reset so that the child does not receive a signal when its parent terminates. -.IP \(bu +.IP \[bu] The default timer slack value is set to the parent's current timer slack value. See the description of .B PR_SET_TIMERSLACK in .BR prctl (2). -.IP \(bu +.IP \[bu] Memory mappings that have been marked with the .BR madvise (2) .B MADV_DONTFORK flag are not inherited across a .BR fork (). -.IP \(bu +.IP \[bu] Memory in address ranges that have been marked with the .BR madvise (2) .B MADV_WIPEONFORK @@ -133,12 +133,12 @@ flag is zeroed in the child after a (The .B MADV_WIPEONFORK setting remains in place for those address ranges in the child.) -.IP \(bu +.IP \[bu] The termination signal of the child is always .B SIGCHLD (see .BR clone (2)). -.IP \(bu +.IP \[bu] The port access permission bits set by .BR ioperm (2) are not inherited by the child; @@ -146,7 +146,7 @@ the child must turn on any bits that it requires using .BR ioperm (2). .PP Note the following further points: -.IP \(bu 3 +.IP \[bu] 3 The child process is created with a single thread\[em]the one that called .BR fork (). @@ -155,7 +155,7 @@ including the states of mutexes, condition variables, and other pthreads objects; the use of .BR pthread_atfork (3) may be helpful for dealing with problems that this can cause. -.IP \(bu +.IP \[bu] After a .BR fork () in a multithreaded program, @@ -163,7 +163,7 @@ the child can safely call only async-signal-safe functions (see .BR signal\-safety (7)) until such time as it calls .BR execve (2). -.IP \(bu +.IP \[bu] The child inherits copies of the parent's set of open file descriptors. Each file descriptor in the child refers to the same open file description (see @@ -177,7 +177,7 @@ and .B F_SETSIG in .BR fcntl (2)). -.IP \(bu +.IP \[bu] The child inherits copies of the parent's set of open message queue descriptors (see .BR mq_overview (7)). @@ -186,7 +186,7 @@ open message queue description as the corresponding file descriptor in the parent. This means that the two file descriptors share the same flags .RI ( mq_flags ). -.IP \(bu +.IP \[bu] The child inherits copies of the parent's set of open directory streams (see .BR opendir (3)). POSIX.1 says that the corresponding directory streams @@ -208,25 +208,25 @@ is set to indicate the error. A system-imposed limit on the number of threads was encountered. There are a number of limits that may trigger this error: .RS -.IP \(bu 3 +.IP \[bu] 3 the .B RLIMIT_NPROC soft resource limit (set via .BR setrlimit (2)), which limits the number of processes and threads for a real user ID, was reached; -.IP \(bu +.IP \[bu] the kernel's system-wide limit on the number of processes and threads, .IR /proc/sys/kernel/threads\-max , was reached (see .BR proc (5)); -.IP \(bu +.IP \[bu] the maximum number of PIDs, .IR /proc/sys/kernel/pid_max , was reached (see .BR proc (5)); or -.IP \(bu +.IP \[bu] the PID limit .RI ( pids.max ) imposed by the cgroup "process number" (PIDs) controller was reached. diff --git a/man2/futex.2 b/man2/futex.2 index 8b9b1df67..cd52254ba 100644 --- a/man2/futex.2 +++ b/man2/futex.2 @@ -604,20 +604,20 @@ In other words, .B FUTEX_WAKE_OP does the following: .RS -.IP \(bu 3 +.IP \[bu] 3 saves the original value of the futex word at .I uaddr2 and performs an operation to modify the value of the futex at .IR uaddr2 ; this is an atomic read-modify-write memory access (i.e., using atomic machine instructions of the respective architecture) -.IP \(bu +.IP \[bu] wakes up a maximum of .I val waiters on the futex for the futex word at .IR uaddr ; and -.IP \(bu +.IP \[bu] dependent on the results of a test of the original value of the futex word at .IR uaddr2 , @@ -876,15 +876,15 @@ for the implementation of very specific IPC mechanisms.) The PI-futex operations described below differ from the other futex operations in that they impose policy on the use of the value of the futex word: -.IP \(bu 3 +.IP \[bu] 3 If the lock is not acquired, the futex word's value shall be 0. -.IP \(bu +.IP \[bu] If the lock is acquired, the futex word's value shall be the thread ID (TID; see .BR gettid (2)) of the owning thread. -.IP \(bu +.IP \[bu] If the lock is owned and there are threads contending for the lock, then the .B FUTEX_WAITERS @@ -974,7 +974,7 @@ PI futexes are operated on by specifying one of the values listed below in .IR futex_op . Note that the PI futex operations must be used as paired operations and are subject to some additional requirements: -.IP \(bu 3 +.IP \[bu] 3 .BR FUTEX_LOCK_PI , .BR FUTEX_LOCK_PI2 , and @@ -986,7 +986,7 @@ must be called only on a futex owned by the calling thread, as defined by the value policy, otherwise the error .B EPERM results. -.IP \(bu +.IP \[bu] .B FUTEX_WAIT_REQUEUE_PI pairs with .BR FUTEX_CMP_REQUEUE_PI . @@ -1945,15 +1945,15 @@ main(int argc, char *argv[]) .BR sched (7) .PP The following kernel source files: -.IP \(bu 3 +.IP \[bu] 3 .I Documentation/pi\-futex.txt -.IP \(bu +.IP \[bu] .I Documentation/futex\-requeue\-pi.txt -.IP \(bu +.IP \[bu] .I Documentation/locking/rt\-mutex.txt -.IP \(bu +.IP \[bu] .I Documentation/locking/rt\-mutex\-design.txt -.IP \(bu +.IP \[bu] .I Documentation/robust\-futex\-ABI.txt .PP Franke, H., Russell, R., and Kirwood, M., 2002. diff --git a/man2/getrandom.2 b/man2/getrandom.2 index e66815450..d85978c84 100644 --- a/man2/getrandom.2 +++ b/man2/getrandom.2 @@ -185,7 +185,7 @@ that was opened by a library. .\" .SS Maximum number of bytes returned As of Linux 3.19 the following limits apply: -.IP \(bu 3 +.IP \[bu] 3 When reading from the .I urandom source, a maximum of 33554431 bytes is returned by a single call to @@ -193,7 +193,7 @@ source, a maximum of 33554431 bytes is returned by a single call to on systems where .I int has a size of 32 bits. -.IP \(bu +.IP \[bu] When reading from the .I random source, a maximum of 512 bytes is returned. @@ -284,7 +284,7 @@ but the careful programmer will check for this anyway! .SH BUGS As of Linux 3.19, the following bug exists: .\" FIXME patch proposed https://lkml.org/lkml/2014/11/29/16 -.IP \(bu 3 +.IP \[bu] 3 Depending on CPU load, .BR getrandom () does not react to interrupts before reading all bytes requested. diff --git a/man2/intro.2 b/man2/intro.2 index ef1e0cad1..27f2c2802 100644 --- a/man2/intro.2 +++ b/man2/intro.2 @@ -21,13 +21,13 @@ Thus, making a system call looks the same as invoking a normal library function. .PP In many cases, the C library wrapper function does nothing more than: -.IP \(bu 3 +.IP \[bu] 3 copying arguments and the unique system call number to the registers where the kernel expects them; -.IP \(bu +.IP \[bu] trapping to kernel mode, at which point the kernel does the real work of the system call; -.IP \(bu +.IP \[bu] setting .I errno if the system call returns an error number when the kernel returns the diff --git a/man2/kexec_load.2 b/man2/kexec_load.2 index f339aee86..b5a9935db 100644 --- a/man2/kexec_load.2 +++ b/man2/kexec_load.2 @@ -128,7 +128,7 @@ If these checks pass, the kernel copies the segment data to kernel memory. Each segment specified in .I segments is copied as follows: -.IP \(bu 3 +.IP \[bu] 3 .I buf and .I bufsz @@ -139,14 +139,14 @@ The value in may not exceed the value in the .I memsz field. -.IP \(bu +.IP \[bu] .I mem and .I memsz specify a physical address range that is the target of the copy. The values specified in both fields must be multiples of the system page size. -.IP \(bu +.IP \[bu] .I bufsz bytes are copied from the source buffer to the target kernel buffer. If diff --git a/man2/keyctl.2 b/man2/keyctl.2 index 29ebcfbbe..4ce87dcf3 100644 --- a/man2/keyctl.2 +++ b/man2/keyctl.2 @@ -173,7 +173,7 @@ Otherwise, is treated as the description (name) of a keyring, and the behavior is as follows: .RS -.IP \(bu 3 +.IP \[bu] 3 If a keyring with a matching description exists, the process will attempt to subscribe to that keyring as its session keyring if possible; @@ -182,7 +182,7 @@ In order to subscribe to the keyring, the caller must have .I search permission on the keyring. -.IP \(bu +.IP \[bu] If a keyring with a matching description does not exist, then a new keyring with the specified description is created, and the process is subscribed to that keyring as its session keyring. @@ -1698,26 +1698,26 @@ was .B KEYCTL_DH_COMPUTE and one of the following has failed: .RS -.IP \(bu 3 +.IP \[bu] 3 copying of the .IR "struct keyctl_dh_params" , provided in the .I arg2 argument, from user space; -.IP \(bu +.IP \[bu] copying of the .IR "struct keyctl_kdf_params" , provided in the non-NULL .I arg5 argument, from user space (in case kernel supports performing KDF operation on DH operation result); -.IP \(bu +.IP \[bu] copying of data pointed by the .I hashname field of the .I "struct keyctl_kdf_params" from user space; -.IP \(bu +.IP \[bu] copying of data pointed by the .I otherinfo field of the @@ -1725,7 +1725,7 @@ field of the from user space if the .I otherinfolen field was nonzero; -.IP \(bu +.IP \[bu] copying of the result to user space. .RE .TP @@ -2030,20 +2030,20 @@ Auth key description: .request_key_auth;1000;1000;0b010000;20d035bf .PP The last few lines of the above output show that the example program was able to fetch: -.IP \(bu 3 +.IP \[bu] 3 the description of the key to be instantiated, which included the name of the key .RI ( mykey ); -.IP \(bu +.IP \[bu] the payload of the authorization key, which consisted of the data .RI ( somepayloaddata ) passed to .BR request_key (2); -.IP \(bu +.IP \[bu] the destination keyring that was specified in the call to .BR request_key (2); and -.IP \(bu +.IP \[bu] the description of the authorization key, where we can see that the name of the authorization key matches the ID of the key that is to be instantiated diff --git a/man2/lseek.2 b/man2/lseek.2 index 9859b349f..8b184cece 100644 --- a/man2/lseek.2 +++ b/man2/lseek.2 @@ -137,26 +137,26 @@ The and .B SEEK_DATA operations are supported for the following filesystems: -.IP \(bu 3 +.IP \[bu] 3 Btrfs (since Linux 3.1) -.IP \(bu +.IP \[bu] OCFS (since Linux 3.2) .\" commit 93862d5e1ab875664c6cc95254fc365028a48bb1 -.IP \(bu +.IP \[bu] XFS (since Linux 3.5) -.IP \(bu +.IP \[bu] ext4 (since Linux 3.8) -.IP \(bu +.IP \[bu] .BR tmpfs (5) (since Linux 3.8) -.IP \(bu +.IP \[bu] NFS (since Linux 3.18) .\" commit 1c6dcbe5ceff81c2cf8d929646af675cd59fe7c0 .\" commit 24bab491220faa446d945624086d838af41d616c -.IP \(bu +.IP \[bu] FUSE (since Linux 4.5) .\" commit 0b5da8db145bfd44266ac964a2636a0cf8d7c286 -.IP \(bu +.IP \[bu] GFS2 (since Linux 4.15) .\" commit 3a27411cb4bc3ce31db228e3569ad01b462a4310 .SH RETURN VALUE diff --git a/man2/memfd_create.2 b/man2/memfd_create.2 index 769fc8b1f..786b7c41f 100644 --- a/man2/memfd_create.2 +++ b/man2/memfd_create.2 @@ -297,7 +297,7 @@ A second process obtains a file descriptor for the file and maps it. Among the possible ways in which this could happen are the following: .RS -.IP \(bu 3 +.IP \[bu] 3 The process that called .BR memfd_create () could transfer the resulting file descriptor to the second process @@ -307,7 +307,7 @@ and .BR cmsg (3)). The second process then maps the file using .BR mmap (2). -.IP \(bu +.IP \[bu] The second process is created via .BR fork (2) and thus automatically inherits the file descriptor and mapping. @@ -315,7 +315,7 @@ and thus automatically inherits the file descriptor and mapping. there is a natural trust relationship between the two processes, since they are running under the same user ID. Therefore, file sealing would not normally be necessary.) -.IP \(bu +.IP \[bu] The second process opens the file .IR /proc/<pid>/fd/<fd> , where diff --git a/man2/memfd_secret.2 b/man2/memfd_secret.2 index 808c76868..1e68a0bd2 100644 --- a/man2/memfd_secret.2 +++ b/man2/memfd_secret.2 @@ -154,7 +154,7 @@ it is much harder to exfiltrate data from these regions. .PP .BR memfd_secret () provides the following protections: -.IP \(bu 3 +.IP \[bu] 3 Enhanced protection (in conjunction with all the other in-kernel attack prevention systems) against ROP attacks. @@ -167,7 +167,7 @@ to reconstruct the missing page table entries, which significantly increases difficulty of the attack, especially when other protections like the kernel stack size limit and address space layout randomization are in place. -.IP \(bu +.IP \[bu] Prevent cross-process user-space memory exposures. Once a region for a .BR memfd_secret () @@ -176,7 +176,7 @@ the user can't accidentally pass it into the kernel to be transmitted somewhere. The memory pages in this region cannot be accessed via the direct map and they are disallowed in get_user_pages. -.IP \(bu +.IP \[bu] Harden against exploited kernel flaws. In order to access memory areas backed by .BR memfd_secret (), diff --git a/man2/mount.2 b/man2/mount.2 index badc51437..a818b89b1 100644 --- a/man2/mount.2 +++ b/man2/mount.2 @@ -73,17 +73,17 @@ The choice of which operation to perform is determined by testing the bits set in .IR mountflags , with the tests being conducted in the order listed here: -.IP \(bu 3 +.IP \[bu] 3 Remount an existing mount: .I mountflags includes .BR MS_REMOUNT . -.IP \(bu +.IP \[bu] Create a bind mount: .I mountflags includes .BR MS_BIND . -.IP \(bu +.IP \[bu] Change the propagation type of an existing mount: .I mountflags includes one of @@ -92,12 +92,12 @@ includes one of .BR MS_SLAVE , or .BR MS_UNBINDABLE . -.IP \(bu +.IP \[bu] Move an existing mount to a new location: .I mountflags includes .BR MS_MOVE . -.IP \(bu +.IP \[bu] Create a new mount: .I mountflags includes none of the above flags. @@ -134,17 +134,17 @@ Reduce on-disk updates of inode timestamps (atime, mtime, ctime) by maintaining these changes only in memory. The on-disk timestamps are updated only when: .RS -.IP \(bu 3 +.IP \[bu] 3 the inode needs to be updated for some change unrelated to file timestamps; -.IP \(bu +.IP \[bu] the application employs .BR fsync (2), .BR syncfs (2), or .BR sync (2); -.IP \(bu +.IP \[bu] an undeleted inode is evicted from memory; or -.IP \(bu +.IP \[bu] more than 24 hours have passed since the inode was written to disk. .RE .IP @@ -292,16 +292,16 @@ meaning that all mounts of the same filesystem share those flags. (Previously, all of the flags were per-superblock.) .PP The per-mount-point flags are as follows: -.IP \(bu 3 +.IP \[bu] 3 Since Linux 2.4: .BR MS_NODEV ", " MS_NOEXEC ", and " MS_NOSUID flags are settable on a per-mount-point basis. -.IP \(bu +.IP \[bu] Additionally, since Linux 2.6.16: .B MS_NOATIME and .BR MS_NODIRATIME . -.IP \(bu +.IP \[bu] Additionally, since Linux 2.6.20: .BR MS_RELATIME . .PP diff --git a/man2/mount_setattr.2 b/man2/mount_setattr.2 index 463b2c1bf..d233fa51f 100644 --- a/man2/mount_setattr.2 +++ b/man2/mount_setattr.2 @@ -544,13 +544,13 @@ or set and the flag is locked. Mount attributes become locked on a mount if: .RS -.IP \(bu 3 +.IP \[bu] 3 A new mount or mount tree is created causing mount propagation across user namespaces (i.e., propagation to a mount namespace owned by a different user namespace). The kernel will lock the aforementioned flags to prevent these sensitive properties from being altered. -.IP \(bu +.IP \[bu] A new mount and user namespace pair is created. This happens for example when specifying .B CLONE_NEWUSER | CLONE_NEWNS @@ -609,7 +609,7 @@ This encompasses the user and group IDs associated with inodes and also the following .BR xattr (7) keys: -.IP \(bu 3 +.IP \[bu] 3 .IR security.capability , whenever filesystem capabilities are stored or returned in the @@ -618,7 +618,7 @@ format, which stores a root user ID alongside the capabilities (see .BR capabilities (7)). -.IP \(bu +.IP \[bu] .I system.posix_acl_access and .IR system.posix_acl_default , @@ -629,7 +629,7 @@ or entries. .PP The following conditions must be met in order to create an ID-mapped mount: -.IP \(bu 3 +.IP \[bu] 3 The caller must have the .B CAP_SYS_ADMIN capability in the user namespace the filesystem was mounted in. @@ -637,51 +637,51 @@ capability in the user namespace the filesystem was mounted in. .\" Christian Brauner .\" Note, currently no filesystems mountable in non-initial user namespaces .\" support ID-mapped mounts. -.IP \(bu +.IP \[bu] The underlying filesystem must support ID-mapped mounts. Currently, the following filesystems support ID-mapped mounts: .\" fs_flags = FS_ALLOW_IDMAP in kernel sources .IP .RS .PD 0 -.IP \(bu 3 +.IP \[bu] 3 .BR xfs (5) (since Linux 5.12) -.IP \(bu +.IP \[bu] .BR ext4 (5) (since Linux 5.12) -.IP \(bu +.IP \[bu] .B FAT (since Linux 5.12) -.IP \(bu +.IP \[bu] .BR btrfs (5) (since Linux 5.15) .\" commit 5b9b26f5d0b88b74001dcfe4ab8a8f2f4e744112 -.IP \(bu +.IP \[bu] .B ntfs3 (since Linux 5.15) .\" commit 82cae269cfa953032fbb8980a7d554d60fb00b17 -.IP \(bu +.IP \[bu] .B f2fs (since Linux 5.18) .\" commit 984fc4e76d63345499f01c0c198a4b44860cf027 -.IP \(bu +.IP \[bu] .B erofs (since Linux 5.19) .\" commit 6c459b78d4793afbba6d864c466cc5cd2932459d -.IP \(bu +.IP \[bu] .B overlayfs (ID-mapped lower and upper layers supported since Linux 5.19) .PD .RE -.IP \(bu 3 +.IP \[bu] 3 The mount must not already be ID-mapped. This also implies that the ID mapping of a mount cannot be altered. -.IP \(bu +.IP \[bu] The mount must be a detached mount; that is, it must have been created by calling -.IP \(bu +.IP \[bu] The mount must not have any writers. .\" commit 1bbcd277a53e08d619ffeec56c5c9287f2bf42f .BR open_tree (2) @@ -731,7 +731,7 @@ for the sake of ID mapping a mount. .PP ID-mapped mounts can be useful in the following and a variety of other scenarios: -.IP \(bu 3 +.IP \[bu] 3 Sharing files or filesystems between multiple users or multiple machines, especially in complex scenarios. @@ -744,25 +744,25 @@ and use it on multiple computers where they are assigned different user IDs and group IDs. This effectively makes it possible to assign random user IDs and group IDs at login time. -.IP \(bu +.IP \[bu] Sharing files or filesystems from the host with unprivileged containers. This allows a user to avoid having to change ownership permanently through .BR chown (2). -.IP \(bu +.IP \[bu] ID mapping a container's root filesystem. Users don't need to change ownership permanently through .BR chown (2). Especially for large root filesystems, using .BR chown (2) can be prohibitively expensive. -.IP \(bu +.IP \[bu] Sharing files or filesystems between containers with non-overlapping ID mappings. -.IP \(bu +.IP \[bu] Implementing discretionary access (DAC) permission checking for filesystems lacking a concept of ownership. -.IP \(bu +.IP \[bu] Efficiently changing ownership on a per-mount basis. In contrast to .BR chown (2), @@ -775,7 +775,7 @@ With ID-mapped mounts, a single .BR mount_setattr () system call will be sufficient to change the ownership of all files. -.IP \(bu +.IP \[bu] Taking the current ownership into account. ID mappings specify precisely what a user or group ID is supposed to be mapped to. @@ -784,7 +784,7 @@ This contrasts with the system call which cannot by itself take the current ownership of the files it changes into account. It simply changes the ownership to the specified user ID and group ID. -.IP \(bu +.IP \[bu] Locally and temporarily restricted ownership changes. ID-mapped mounts make it possible to change ownership locally, restricting the ownership changes to specific mounts, @@ -821,7 +821,7 @@ and let .I ksize be the size of the structure which the kernel supports, then there are three cases to consider: -.IP \(bu 3 +.IP \[bu] 3 If .I ksize equals @@ -829,7 +829,7 @@ equals then there is no version mismatch and .I attr can be used verbatim. -.IP \(bu +.IP \[bu] If .I ksize is larger than @@ -841,7 +841,7 @@ the kernel treats all of the extension fields not provided by the user-space application as having zero values. This provides backwards-compatibility. -.IP \(bu +.IP \[bu] If .I ksize is smaller than diff --git a/man2/move_pages.2 b/man2/move_pages.2 index a37c7e6af..1c0851531 100644 --- a/man2/move_pages.2 +++ b/man2/move_pages.2 @@ -55,13 +55,13 @@ is 0, then moves pages of the calling process. .PP To move pages in another process requires the following privileges: -.IP \(bu 3 +.IP \[bu] 3 Up to and including Linux 4.12: the caller must be privileged .RB ( CAP_SYS_NICE ) or the real or effective user ID of the calling process must match the real or saved-set user ID of the target process. -.IP \(bu +.IP \[bu] The older rules allowed the caller to discover various virtual address choices made by the kernel that could lead to the defeat of address-space-layout randomization diff --git a/man2/mremap.2 b/man2/mremap.2 index 934cbbe33..b8e65cd2f 100644 --- a/man2/mremap.2 +++ b/man2/mremap.2 @@ -170,10 +170,10 @@ whole address space requested, but those mappings are of different types. An invalid argument was given. Possible causes are: .RS -.IP \(bu 3 +.IP \[bu] 3 \fIold_address\fP was not page aligned; -.IP \(bu +.IP \[bu] a value other than .B MREMAP_MAYMOVE or @@ -182,15 +182,15 @@ or .B MREMAP_DONTUNMAP was specified in .IR flags ; -.IP \(bu +.IP \[bu] .I new_size was zero; -.IP \(bu +.IP \[bu] .I new_size or .I new_address was invalid; -.IP \(bu +.IP \[bu] the new address range specified by .I new_address and @@ -199,29 +199,29 @@ overlapped the old address range specified by .I old_address and .IR old_size ; -.IP \(bu +.IP \[bu] .B MREMAP_FIXED or .B MREMAP_DONTUNMAP was specified without also specifying .BR MREMAP_MAYMOVE ; -.IP \(bu +.IP \[bu] .B MREMAP_DONTUNMAP was specified, but one or more pages in the range specified by .I old_address and .I old_size were not private anonymous; -.IP \(bu +.IP \[bu] .B MREMAP_DONTUNMAP was specified and .I old_size was not equal to .IR new_size ; -.IP \(bu +.IP \[bu] \fIold_size\fP was zero and \fIold_address\fP does not refer to a shareable mapping (but see BUGS); -.IP \(bu +.IP \[bu] \fIold_size\fP was zero and the .B MREMAP_MAYMOVE flag was not specified. @@ -231,12 +231,12 @@ flag was not specified. Not enough memory was available to complete the operation. Possible causes are: .RS -.IP \(bu 3 +.IP \[bu] 3 The memory area cannot be expanded at the current virtual address, and the .B MREMAP_MAYMOVE flag is not set in \fIflags\fP. Or, there is not enough (virtual) memory available. -.IP \(bu +.IP \[bu] .B MREMAP_DONTUNMAP was used causing a new mapping to be created that would exceed the (virtual) memory available. @@ -292,7 +292,7 @@ argument. Possible applications for .B MREMAP_DONTUNMAP include: -.IP \(bu 3 +.IP \[bu] 3 Non-cooperative .BR userfaultfd (2): an application can yank out a virtual address range using @@ -301,7 +301,7 @@ and then employ a .BR userfaultfd (2) handler to handle the page faults that subsequently occur as other threads in the process touch pages in the yanked range. -.IP \(bu +.IP \[bu] Garbage collection: .B MREMAP_DONTUNMAP can be used in conjunction with diff --git a/man2/msgget.2 b/man2/msgget.2 index 4a03f665f..fb6caee48 100644 --- a/man2/msgget.2 +++ b/man2/msgget.2 @@ -90,22 +90,22 @@ then its associated data structure (see .BR msgctl (2)) is initialized as follows: -.IP \(bu 3 +.IP \[bu] 3 .I msg_perm.cuid and .I msg_perm.uid are set to the effective user ID of the calling process. -.IP \(bu +.IP \[bu] .I msg_perm.cgid and .I msg_perm.gid are set to the effective group ID of the calling process. -.IP \(bu +.IP \[bu] The least significant 9 bits of .I msg_perm.mode are set to the least significant 9 bits of .IR msgflg . -.IP \(bu +.IP \[bu] .IR msg_qnum , .IR msg_lspid , .IR msg_lrpid , @@ -113,10 +113,10 @@ are set to the least significant 9 bits of and .I msg_rtime are set to 0. -.IP \(bu +.IP \[bu] .I msg_ctime is set to the current time. -.IP \(bu +.IP \[bu] .I msg_qbytes is set to the system limit .BR MSGMNB . diff --git a/man2/msgop.2 b/man2/msgop.2 index 6a3efae6e..964889ae5 100644 --- a/man2/msgop.2 +++ b/man2/msgop.2 @@ -95,12 +95,12 @@ bytes, but this limit can be modified using .BR msgctl (2). A message queue is considered to be full if either of the following conditions is true: -.IP \(bu 3 +.IP \[bu] 3 Adding a new message to the queue would cause the total number of bytes in the queue to exceed the queue's maximum size (the .I msg_qbytes field). -.IP \(bu +.IP \[bu] Adding another message to the queue would cause the total number of messages in the queue to exceed the queue's maximum size (the .I msg_qbytes @@ -124,14 +124,14 @@ then the call instead fails with the error A blocked .BR msgsnd () call may also fail if: -.IP \(bu 3 +.IP \[bu] 3 the queue is removed, in which case the system call fails with .I errno set to .BR EIDRM ; or -.IP \(bu +.IP \[bu] a signal is caught, in which case the system call fails with .I errno @@ -146,13 +146,13 @@ flag when establishing a signal handler.) .PP Upon successful completion the message queue data structure is updated as follows: -.IP \(bu 3 +.IP \[bu] 3 .I msg_lspid is set to the process ID of the calling process. -.IP \(bu +.IP \[bu] .I msg_qnum is incremented by 1. -.IP \(bu +.IP \[bu] .I msg_stime is set to the current time. .SS msgrcv() @@ -198,12 +198,12 @@ is specified in the .I msgtyp argument specifies the type of message requested, as follows: -.IP \(bu 3 +.IP \[bu] 3 If .I msgtyp is 0, then the first message in the queue is read. -.IP \(bu +.IP \[bu] If .I msgtyp is greater than 0, @@ -217,7 +217,7 @@ in which case the first message in the queue of type not equal to .I msgtyp will be read. -.IP \(bu +.IP \[bu] If .I msgtyp is less than 0, @@ -285,15 +285,15 @@ If no message of the requested type is available and isn't specified in .IR msgflg , the calling process is blocked until one of the following conditions occurs: -.IP \(bu 3 +.IP \[bu] 3 A message of the desired type is placed in the queue. -.IP \(bu +.IP \[bu] The message queue is removed from the system. In this case, the system call fails with .I errno set to .BR EIDRM . -.IP \(bu +.IP \[bu] The calling process catches a signal. In this case, the system call fails with .I errno diff --git a/man2/open.2 b/man2/open.2 index 41111c2a4..aefcae1e6 100644 --- a/man2/open.2 +++ b/man2/open.2 @@ -502,11 +502,11 @@ when the file is .IP This flag can be employed only if one of the following conditions is true: .RS -.IP \(bu 3 +.IP \[bu] 3 The effective UID of the process .\" Strictly speaking: the filesystem UID matches the owner UID of the file. -.IP \(bu +.IP \[bu] The calling process has the .B CAP_FOWNER capability in its user namespace and @@ -617,40 +617,40 @@ The following operations .I can be performed on the resulting file descriptor: .RS -.IP \(bu 3 +.IP \[bu] 3 .BR close (2). -.IP \(bu +.IP \[bu] .BR fchdir (2), if the file descriptor refers to a directory (since Linux 3.5). .\" commit 332a2e1244bd08b9e3ecd378028513396a004a24 -.IP \(bu +.IP \[bu] .BR fstat (2) (since Linux 3.6). -.IP \(bu +.IP \[bu] .\" fstat(): commit 55815f70147dcfa3ead5738fd56d3574e2e3c1c2 .BR fstatfs (2) (since Linux 3.12). .\" fstatfs(): commit 9d05746e7b16d8565dddbe3200faa1e669d23bbf -.IP \(bu +.IP \[bu] Duplicating the file descriptor .RB ( dup (2), .BR fcntl (2) .BR F_DUPFD , etc.). -.IP \(bu +.IP \[bu] Getting and setting file descriptor flags .RB ( fcntl (2) .B F_GETFD and .BR F_SETFD ). -.IP \(bu +.IP \[bu] Retrieving open file status flags using the .BR fcntl (2) .B F_GETFL operation: the returned flags will include the bit .BR O_PATH . -.IP \(bu +.IP \[bu] Passing the file descriptor as the .I dirfd argument of @@ -663,7 +663,7 @@ with (or via procfs using .BR AT_SYMLINK_FOLLOW ) even if the file is not a directory. -.IP \(bu +.IP \[bu] Passing the file descriptor to another process via a UNIX domain socket (see .B SCM_RIGHTS @@ -843,7 +843,7 @@ There are two main use cases for .\" Inspired by http://lwn.net/Articles/559147/ .BR O_TMPFILE : .RS -.IP \(bu 3 +.IP \[bu] 3 Improved .BR tmpfile (3) functionality: race-free creation of temporary files that @@ -851,7 +851,7 @@ functionality: race-free creation of temporary files that (2) can never be reached via any pathname; (3) are not subject to symlink attacks; and (4) do not require the caller to devise unique names. -.IP \(bu +.IP \[bu] Creating a file that is initially invisible, which is then populated with data and adjusted to have appropriate filesystem attributes .RB ( fchown (2), @@ -914,13 +914,13 @@ The argument is used in conjunction with the .I pathname argument as follows: -.IP \(bu 3 +.IP \[bu] 3 If the pathname given in .I pathname is absolute, then .I dirfd is ignored. -.IP \(bu +.IP \[bu] If the pathname given in .I pathname is relative and @@ -932,7 +932,7 @@ then is interpreted relative to the current working directory of the calling process (like .BR open ()). -.IP \(bu +.IP \[bu] If the pathname given in .I pathname is relative, then it is interpreted relative to the directory @@ -1678,10 +1678,10 @@ and The use of the .I dirfd file descriptor also has other benefits: -.IP \(bu 3 +.IP \[bu] 3 the file descriptor is a stable reference to the directory, even if the directory is renamed; and -.IP \(bu +.IP \[bu] the open file descriptor prevents the underlying filesystem from being dismounted, just as when a process has a current working directory on a filesystem. diff --git a/man2/open_by_handle_at.2 b/man2/open_by_handle_at.2 index 3278248ed..20fd4519f 100644 --- a/man2/open_by_handle_at.2 +++ b/man2/open_by_handle_at.2 @@ -126,7 +126,7 @@ and .I dirfd arguments identify the file for which a handle is to be obtained. There are four distinct cases: -.IP \(bu 3 +.IP \[bu] 3 If .I pathname is a nonempty string containing an absolute pathname, @@ -134,7 +134,7 @@ then a handle is returned for the file referred to by that pathname. In this case, .I dirfd is ignored. -.IP \(bu +.IP \[bu] If .I pathname is a nonempty string containing a relative pathname and @@ -145,7 +145,7 @@ then .I pathname is interpreted relative to the current working directory of the caller, and a handle is returned for the file to which it refers. -.IP \(bu +.IP \[bu] If .I pathname is a nonempty string containing a relative pathname and @@ -158,7 +158,7 @@ and a handle is returned for the file to which it refers. (See .BR openat (2) for an explanation of why "directory file descriptors" are useful.) -.IP \(bu +.IP \[bu] If .I pathname is an empty string and diff --git a/man2/openat2.2 b/man2/openat2.2 index 205dc3930..3ffd06ae7 100644 --- a/man2/openat2.2 +++ b/man2/openat2.2 @@ -251,7 +251,7 @@ for more details.) Unknowingly opening magic links can be risky for some applications. Examples of such risks include the following: .RS -.IP \(bu 3 +.IP \[bu] 3 If the process opening a pathname is a controlling process that currently has no controlling terminal (see .BR credentials (7)), @@ -259,7 +259,7 @@ then opening a magic link inside .IR /proc/ pid /fd that happens to refer to a terminal would cause the process to acquire a controlling terminal. -.IP \(bu +.IP \[bu] .\" From https://lwn.net/Articles/796868/: .\" The presence of this flag will prevent a path lookup operation .\" from traversing through one of these magic links, thus blocking @@ -503,7 +503,7 @@ be the size of the structure as specified by the user-space application, and .I ksize be the size of the structure which the kernel supports, then there are three cases to consider: -.IP \(bu 3 +.IP \[bu] 3 If .I ksize equals @@ -511,7 +511,7 @@ equals then there is no version mismatch and .I how can be used verbatim. -.IP \(bu +.IP \[bu] If .I ksize is larger than @@ -524,7 +524,7 @@ the kernel treats all of the extension fields not provided by the user-space application as having zero values. This provides backwards-compatibility. -.IP \(bu +.IP \[bu] If .I ksize is smaller than diff --git a/man2/perf_event_open.2 b/man2/perf_event_open.2 index a978bd1cb..df515f7d1 100644 --- a/man2/perf_event_open.2 +++ b/man2/perf_event_open.2 @@ -1598,7 +1598,7 @@ data, the error results. .PP Here is the layout of the data returned by a read: -.IP \(bu 3 +.IP \[bu] 3 If .B PERF_FORMAT_GROUP was specified to allow reading all events in a group at once: @@ -1617,7 +1617,7 @@ struct read_format { }; .EE .in -.IP \(bu +.IP \[bu] If .B PERF_FORMAT_GROUP was diff --git a/man2/pidfd_getfd.2 b/man2/pidfd_getfd.2 index bc79fa658..097ec27e8 100644 --- a/man2/pidfd_getfd.2 +++ b/man2/pidfd_getfd.2 @@ -121,19 +121,19 @@ is similar to the use of messages described in .BR unix (7), but differs in the following respects: -.IP \(bu 3 +.IP \[bu] 3 In order to pass a file descriptor using an .B SCM_RIGHTS message, the two processes must first establish a UNIX domain socket connection. -.IP \(bu +.IP \[bu] The use of .B SCM_RIGHTS requires cooperation on the part of the process whose file descriptor is being copied. By contrast, no such cooperation is necessary when using .BR pidfd_getfd (). -.IP \(bu +.IP \[bu] The ability to use .BR pidfd_getfd () is restricted by a diff --git a/man2/pidfd_open.2 b/man2/pidfd_open.2 index a3e70c76c..f0ba89cdb 100644 --- a/man2/pidfd_open.2 +++ b/man2/pidfd_open.2 @@ -107,14 +107,14 @@ call, its PID will not have been recycled and the returned file descriptor will refer to the resulting zombie process. Note, however, that this is guaranteed only if the following conditions hold true: -.IP \(bu 3 +.IP \[bu] 3 the disposition of .B SIGCHLD has not been explicitly set to .B SIG_IGN (see .BR sigaction (2)); -.IP \(bu +.IP \[bu] the .B SA_NOCLDWAIT flag was not specified while establishing a handler for @@ -124,7 +124,7 @@ or while setting the disposition of that signal to (see .BR sigaction (2)); and -.IP \(bu +.IP \[bu] the zombie process was not reaped elsewhere in the program (e.g., either by an asynchronously executed signal handler or by .BR wait (2) @@ -146,12 +146,12 @@ A PID file descriptor returned by with the .B CLONE_PID flag) can be used for the following purposes: -.IP \(bu 3 +.IP \[bu] 3 The .BR pidfd_send_signal (2) system call can be used to send a signal to the process referred to by a PID file descriptor. -.IP \(bu +.IP \[bu] A PID file descriptor can be monitored using .BR poll (2), .BR select (2), @@ -164,21 +164,21 @@ nothing can be read from the file descriptor .RB ( read (2) on the file descriptor fails with the error .BR EINVAL ). -.IP \(bu +.IP \[bu] If the PID file descriptor refers to a child of the calling process, then it can be waited on using .BR waitid (2). -.IP \(bu +.IP \[bu] The .BR pidfd_getfd (2) system call can be used to obtain a duplicate of a file descriptor of another process referred to by a PID file descriptor. -.IP \(bu +.IP \[bu] A PID file descriptor can be used as the argument of .BR setns (2) in order to move into one or more of the same namespaces as the process referred to by the file descriptor. -.IP \(bu +.IP \[bu] A PID file descriptor can be used as the argument of .BR process_madvise (2) in order to provide advice on the memory usage patterns of the process diff --git a/man2/pidfd_send_signal.2 b/man2/pidfd_send_signal.2 index 05153919e..30ccfa446 100644 --- a/man2/pidfd_send_signal.2 +++ b/man2/pidfd_send_signal.2 @@ -52,20 +52,20 @@ implicitly supplied when a signal is sent using .BR kill (2): .PP .PD 0 -.IP \(bu 3 +.IP \[bu] 3 .I si_signo is set to the signal number; -.IP \(bu +.IP \[bu] .I si_errno is set to 0; -.IP \(bu +.IP \[bu] .I si_code is set to .BR SI_USER ; -.IP \(bu +.IP \[bu] .I si_pid is set to the caller's PID; and -.IP \(bu +.IP \[bu] .I si_uid is set to the caller's real user ID. .PD @@ -131,15 +131,15 @@ The argument is a PID file descriptor, a file descriptor that refers to process. Such a file descriptor can be obtained in any of the following ways: -.IP \(bu 3 +.IP \[bu] 3 by opening a .IR /proc/ pid directory; -.IP \(bu +.IP \[bu] using .BR pidfd_open (2); or -.IP \(bu +.IP \[bu] via the PID file descriptor that is returned by a call to .BR clone (2) or diff --git a/man2/pipe.2 b/man2/pipe.2 index 363b199d0..26e7df626 100644 --- a/man2/pipe.2 +++ b/man2/pipe.2 @@ -85,7 +85,7 @@ to the pipe is dealt with as a separate packet, and from the pipe will read one packet at a time. Note the following points: .RS -.IP \(bu 3 +.IP \[bu] 3 Writes of greater than .B PIPE_BUF bytes (see @@ -95,7 +95,7 @@ The constant .B PIPE_BUF is defined in .IR <limits.h> . -.IP \(bu +.IP \[bu] If a .BR read (2) specifies a buffer size that is smaller than the next packet, @@ -105,7 +105,7 @@ Specifying a buffer size of .B PIPE_BUF will be sufficient to read the largest possible packets (see the previous point). -.IP \(bu +.IP \[bu] Zero-length packets are not supported. (A .BR read (2) diff --git a/man2/pivot_root.2 b/man2/pivot_root.2 index 3aff7f6cb..ee5b1fae6 100644 --- a/man2/pivot_root.2 +++ b/man2/pivot_root.2 @@ -47,29 +47,29 @@ and thus it should be followed by a \fBchdir("/")\fP call. .PP The following restrictions apply: -.IP \(bu 3 +.IP \[bu] 3 .I new_root and .I put_old must be directories. -.IP \(bu +.IP \[bu] .I new_root and .I put_old must not be on the same mount as the current root. -.IP \(bu +.IP \[bu] \fIput_old\fP must be at or underneath \fInew_root\fP; that is, adding some nonnegative number of "\fI/..\fP" suffixes to the pathname pointed to by .I put_old must yield the same directory as \fInew_root\fP. -.IP \(bu +.IP \[bu] .I new_root must be a path to a mount point, but can't be .IR """/""" . A path that is not already a mount point can be converted into one by bind mounting the path onto itself. -.IP \(bu +.IP \[bu] The propagation type of the parent mount of .I new_root and the parent mount of the current root directory must not be @@ -81,7 +81,7 @@ is an existing mount point, its propagation type must not be These restrictions ensure that .BR pivot_root () never propagates any changes to another mount namespace. -.IP \(bu +.IP \[bu] The current root directory must be a mount point. .SH RETURN VALUE On success, zero is returned. diff --git a/man2/poll.2 b/man2/poll.2 index b46a67d0b..be6de0607 100644 --- a/man2/poll.2 +++ b/man2/poll.2 @@ -116,11 +116,11 @@ argument specifies the number of milliseconds that .BR poll () should block waiting for a file descriptor to become ready. The call will block until either: -.IP \(bu 3 +.IP \[bu] 3 a file descriptor becomes ready; -.IP \(bu +.IP \[bu] the call is interrupted by a signal handler; or -.IP \(bu +.IP \[bu] the timeout expires. .PP Note that the @@ -150,14 +150,14 @@ There is data to read. There is some exceptional condition on the file descriptor. Possibilities include: .RS -.IP \(bu 3 +.IP \[bu] 3 There is out-of-band data on a TCP socket (see .BR tcp (7)). -.IP \(bu +.IP \[bu] A pseudoterminal master in packet mode has seen a state change on the slave (see .BR ioctl_tty (2)). -.IP \(bu +.IP \[bu] A .I cgroup.events file has been modified (see @@ -461,14 +461,14 @@ The program loops, repeatedly using to monitor the file descriptors, printing the number of ready file descriptors on return. For each ready file descriptor, the program: -.IP \(bu 3 +.IP \[bu] 3 displays the returned .I revents field in a human-readable form; -.IP \(bu +.IP \[bu] if the file descriptor is readable, reads some data from it, and displays that data on standard output; and -.IP \(bu +.IP \[bu] if the file descriptor was not readable, but some other event occurred (presumably .BR POLLHUP ), @@ -517,7 +517,7 @@ All file descriptors closed; bye In the above output, we see that .BR poll () returned three times: -.IP \(bu 3 +.IP \[bu] 3 On the first return, the bits returned in the .I revents field were @@ -526,7 +526,7 @@ indicating that the file descriptor is readable, and .BR POLLHUP , indicating that the other end of the FIFO has been closed. The program then consumed some of the available input. -.IP \(bu +.IP \[bu] The second return from .BR poll () also indicated @@ -534,7 +534,7 @@ also indicated and .BR POLLHUP ; the program then consumed the last of the available input. -.IP \(bu +.IP \[bu] On the final return, .BR poll () indicated only diff --git a/man2/prctl.2 b/man2/prctl.2 index 95f0afa01..561a7a8b8 100644 --- a/man2/prctl.2 +++ b/man2/prctl.2 @@ -258,17 +258,17 @@ However, it is reset to the current value contained in the file in the following circumstances: .\" See kernel/cred.c::commit_creds() (Linux 3.18 sources) .RS -.IP \(bu 3 +.IP \[bu] 3 The process's effective user or group ID is changed. -.IP \(bu +.IP \[bu] The process's filesystem user or group ID is changed (see .BR credentials (7)). -.IP \(bu +.IP \[bu] The process executes .RB ( execve (2)) a set-user-ID or set-group-ID program, resulting in a change of either the effective user ID or the effective group ID. -.IP \(bu +.IP \[bu] The process executes .RB ( execve (2)) a program that has file capabilities (see @@ -1595,23 +1595,23 @@ structure (see .BR sigaction (2)) associated with the signal: .RS -.IP \(bu 3 +.IP \[bu] 3 .I si_signo will contain .BR SIGSYS . -.IP \(bu +.IP \[bu] .I si_call_addr will show the address of the system call instruction. -.IP \(bu +.IP \[bu] .I si_syscall and .I si_arch will indicate which system call was attempted. -.IP \(bu +.IP \[bu] .I si_code will contain .BR SYS_USER_DISPATCH . -.IP \(bu +.IP \[bu] .I si_errno will be set to 0. .RE @@ -1706,7 +1706,7 @@ Irrespective of which mode is set, addresses passed to certain interfaces must always be untagged: .RS -.IP \(bu 3 +.IP \[bu] 3 .BR brk (2), .BR mmap (2), .BR shmat (2), @@ -1719,7 +1719,7 @@ argument of (Prior to Linux 5.6 these accepted tagged addresses, but the behaviour may not be what you expect. Don't rely on it.) -.IP \(bu +.IP \[bu] \(oqpolymorphic\(cq interfaces that accept pointers to arbitrary types cast to a .I void * @@ -2176,17 +2176,17 @@ is .BR PR_SET_MM , and one of the following is true .RS -.IP \(bu 3 +.IP \[bu] 3 .I arg4 or .I arg5 is nonzero; -.IP \(bu +.IP \[bu] .I arg3 is greater than .B TASK_SIZE (the limit on the size of the user address space for this architecture); -.IP \(bu +.IP \[bu] .I arg2 is .BR PR_SET_MM_START_CODE , @@ -2196,7 +2196,7 @@ is or .BR PR_SET_MM_START_STACK , and the permissions of the corresponding memory area are not as required; -.IP \(bu +.IP \[bu] .I arg2 is .B PR_SET_MM_START_BRK @@ -2362,18 +2362,18 @@ is .B PR_SET_SYSCALL_USER_DISPATCH and one of the following is true: .RS -.IP \(bu 3 +.IP \[bu] 3 .I arg2 is .B PR_SYS_DISPATCH_OFF and the remaining arguments are not 0; -.IP \(bu +.IP \[bu] .I arg2 is .B PR_SYS_DISPATCH_ON and the memory range specified is outside the address space of the process. -.IP \(bu +.IP \[bu] .I arg2 is invalid. .RE diff --git a/man2/ptrace.2 b/man2/ptrace.2 index f57909a66..55d9fd36d 100644 --- a/man2/ptrace.2 +++ b/man2/ptrace.2 @@ -2189,7 +2189,7 @@ at completion of the call, it appears as though the occurred in the thread group leader, regardless of which thread did the .BR execve (2).) This resetting of the thread ID looks very confusing to tracers: -.IP \(bu 3 +.IP \[bu] 3 All other threads stop in .B PTRACE_EVENT_EXIT stop, if the @@ -2199,7 +2199,7 @@ Then all other threads except the thread group leader report death as if they exited via .BR _exit (2) with exit code 0. -.IP \(bu +.IP \[bu] The execing tracee changes its thread ID while it is in the .BR execve (2). (Remember, under ptrace, the "pid" returned from @@ -2207,13 +2207,13 @@ The execing tracee changes its thread ID while it is in the or fed into ptrace calls, is the tracee's thread ID.) That is, the tracee's thread ID is reset to be the same as its process ID, which is the same as the thread group leader's thread ID. -.IP \(bu +.IP \[bu] Then a .B PTRACE_EVENT_EXEC stop happens, if the .B PTRACE_O_TRACEEXEC option was turned on. -.IP \(bu +.IP \[bu] If the thread group leader has reported its .B PTRACE_EVENT_EXIT stop by this time, @@ -2353,7 +2353,7 @@ Many of these bugs have been fixed, but as of Linux 2.6.38 several still exist; see BUGS below. .PP As of Linux 2.6.38, the following is believed to work correctly: -.IP \(bu 3 +.IP \[bu] 3 exit/death by signal is reported first to the tracer, then, when the tracer consumes the .BR waitpid (2) @@ -2625,13 +2625,13 @@ Deny access if .I neither of the following is true: .RS -.IP \(bu 3 +.IP \[bu] 3 The real, effective, and saved-set user IDs of the target match the caller's user ID, .I and the real, effective, and saved-set group IDs of the target match the caller's group ID. -.IP \(bu +.IP \[bu] The caller has the .B CAP_SYS_PTRACE capability in the user namespace of the target. @@ -2672,12 +2672,12 @@ Deny access if .I neither of the following is true: .RS -.IP \(bu 3 +.IP \[bu] 3 The caller and the target process are in the same user namespace, and the caller's capabilities are a superset of the target process's .I permitted capabilities. -.IP \(bu +.IP \[bu] The caller has the .B CAP_SYS_PTRACE capability in the target process's user namespace. @@ -2715,14 +2715,14 @@ to gain additional credentials that may exist in memory and thus expand the scope of the attack. .PP More precisely, the Yama LSM limits two types of operations: -.IP \(bu 3 +.IP \[bu] 3 Any operation that performs a ptrace access mode .B PTRACE_MODE_ATTACH check\[em]for example, .BR ptrace () .BR PTRACE_ATTACH . (See the "Ptrace access mode checking" discussion above.) -.IP \(bu +.IP \[bu] .BR ptrace () .BR PTRACE_TRACEME . .PP diff --git a/man2/quotactl.2 b/man2/quotactl.2 index 437259a11..47655d516 100644 --- a/man2/quotactl.2 +++ b/man2/quotactl.2 @@ -777,17 +777,17 @@ Instead of one can use .IR <linux/dqblk_xfs.h> , taking into account that there are several naming discrepancies: -.IP \(bu 3 +.IP \[bu] 3 Quota enabling flags (of format .BR XFS_QUOTA_[UGP]DQ_{ACCT,ENFD} ) are defined without a leading "X", as .BR FS_QUOTA_[UGP]DQ_{ACCT,ENFD} . -.IP \(bu +.IP \[bu] The same is true for .B XFS_{USER,GROUP,PROJ}_QUOTA quota type flags, which are defined as .BR FS_{USER,GROUP,PROJ}_QUOTA . -.IP \(bu +.IP \[bu] The .I dqblk_xfs.h header file defines its own diff --git a/man2/rename.2 b/man2/rename.2 index 6af25af36..08e7958f3 100644 --- a/man2/rename.2 +++ b/man2/rename.2 @@ -187,19 +187,19 @@ can't be employed together with requires support from the underlying filesystem. Support for various filesystems was added as follows: .RS -.IP \(bu 3 +.IP \[bu] 3 ext4 (Linux 3.15); .\" ext4: commit 0a7c3937a1f23f8cb5fc77ae01661e9968a51d0c -.IP \(bu +.IP \[bu] btrfs, tmpfs, and cifs (Linux 3.17); -.IP \(bu +.IP \[bu] xfs (Linux 4.0); .\" btrfs: commit 80ace85c915d0f41016f82917218997b72431258 .\" tmpfs: commit 3b69ff51d087d265aa4af3a532fc4f20bf33e718 .\" cifs: commit 7c33d5972ce382bcc506d16235f1e9b7d22cbef8 .\" .\" gfs2 in Linux 4.2? -.IP \(bu +.IP \[bu] Support for many other filesystems was added in Linux 4.9, including ext2, minix, reiserfs, jfs, vfat, and bpf. .\" Also affs, bfs, exofs, hfs, hfsplus, jffs2, logfs, msdos, diff --git a/man2/request_key.2 b/man2/request_key.2 index b1f8cce7e..e78321e3c 100644 --- a/man2/request_key.2 +++ b/man2/request_key.2 @@ -113,7 +113,7 @@ beginning with the keyring set via the .B KEYCTL_SET_REQKEY_KEYRING operation and continuing in the order shown below until it finds the first keyring that exists: -.IP \(bu 3 +.IP \[bu] 3 .\" 8bbf4976b59fc9fc2861e79cab7beb3f6d647640 The requestor keyring .RB ( KEY_REQKEY_DEFL_REQUESTOR_KEYRING , @@ -123,28 +123,28 @@ since Linux 2.6.29). .\" If I understand correctly, we'll only get here if .\" 'dest_keyring' is zero, in which case KEY_REQKEY_DEFL_REQUESTOR_KEYRING .\" won't refer to a keyring. Have I misunderstood? -.IP \(bu +.IP \[bu] The thread-specific keyring .RB ( KEY_REQKEY_DEFL_THREAD_KEYRING ; see .BR thread\-keyring (7)). -.IP \(bu +.IP \[bu] The process-specific keyring .RB ( KEY_REQKEY_DEFL_PROCESS_KEYRING ; see .BR process\-keyring (7)). -.IP \(bu +.IP \[bu] The session-specific keyring .RB ( KEY_REQKEY_DEFL_SESSION_KEYRING ; see .BR session\-keyring (7)). -.IP \(bu +.IP \[bu] The session keyring for the process's user ID .RB ( KEY_REQKEY_DEFL_USER_SESSION_KEYRING ; see .BR user\-session\-keyring (7)). This keyring is expected to always exist. -.IP \(bu +.IP \[bu] The UID-specific keyring .RB ( KEY_REQKEY_DEFL_USER_KEYRING ; see @@ -225,13 +225,13 @@ the context from which associated key requests may be satisfied. .IP The authorization key is constructed as follows: .RS -.IP \(bu 3 +.IP \[bu] 3 The key type is .IR """.request_key_auth""" . -.IP \(bu +.IP \[bu] The key's UID and GID are the same as the corresponding filesystem IDs of the requesting process. -.IP \(bu +.IP \[bu] The key grants .IR view , .IR read , @@ -240,14 +240,14 @@ and permissions to the key possessor as well as .I view permission for the key user. -.IP \(bu +.IP \[bu] The description (name) of the key is the hexadecimal string representing the ID of the key that is to be instantiated in the requesting program. -.IP \(bu +.IP \[bu] The payload of the key is taken from the data specified in .IR callout_info . -.IP \(bu +.IP \[bu] Internally, the kernel also records the PID of the process that called .BR request_key (). .RE @@ -298,14 +298,14 @@ which are shown as hexadecimal values). .IP (4) The program spawned in the previous step: .RS -.IP \(bu 3 +.IP \[bu] 3 Assumes the authority to instantiate the key U using the .BR keyctl (2) .B KEYCTL_ASSUME_AUTHORITY operation (typically via the .BR keyctl_assume_authority (3) function). -.IP \(bu +.IP \[bu] Obtains the callout data from the payload of the authorization key V (using the .BR keyctl (2) @@ -314,7 +314,7 @@ operation (or, more commonly, the .BR keyctl_read (3) function) with a key ID value of .BR KEY_SPEC_REQKEY_AUTH_KEY ). -.IP \(bu +.IP \[bu] Instantiates the key (or execs another program that performs that task), specifying the payload and destination keyring. diff --git a/man2/rt_sigqueueinfo.2 b/man2/rt_sigqueueinfo.2 index ebf3c2659..0f6a2e19e 100644 --- a/man2/rt_sigqueueinfo.2 +++ b/man2/rt_sigqueueinfo.2 @@ -72,7 +72,7 @@ codes in the Linux kernel source file If the signal is being sent to any process other than the caller itself, the following restrictions apply: .RS -.IP \(bu 3 +.IP \[bu] 3 The code can't be a value greater than or equal to zero. In particular, it can't be .BR SI_USER , @@ -81,7 +81,7 @@ which is used by the kernel to indicate a signal sent by and nor can it be .BR SI_KERNEL , which is used to indicate a signal generated by the kernel. -.IP \(bu +.IP \[bu] The code can't (since Linux 2.6.39) be .BR SI_TKILL , which is used by the kernel to indicate a signal sent using diff --git a/man2/seccomp.2 b/man2/seccomp.2 index aacdfbb01..32706397f 100644 --- a/man2/seccomp.2 +++ b/man2/seccomp.2 @@ -565,23 +565,23 @@ structure (see .BR sigaction (2)) associated with signal: .RS -.IP \(bu 3 +.IP \[bu] 3 .I si_signo will contain .BR SIGSYS . -.IP \(bu +.IP \[bu] .I si_call_addr will show the address of the system call instruction. -.IP \(bu +.IP \[bu] .I si_syscall and .I si_arch will indicate which system call was attempted. -.IP \(bu +.IP \[bu] .I si_code will contain .BR SYS_SECCOMP . -.IP \(bu +.IP \[bu] .I si_errno will contain the .B SECCOMP_RET_DATA @@ -742,11 +742,11 @@ file, and whether kernel auditing is enabled .IR audit=1 ). .\" or auditing could be enabled via the netlink API (AUDIT_SET) The rules are as follows: -.IP \(bu 3 +.IP \[bu] 3 If the action is .BR SECCOMP_RET_ALLOW , the action is not logged. -.IP \(bu +.IP \[bu] Otherwise, if the action is either .B SECCOMP_RET_KILL_PROCESS or @@ -754,18 +754,18 @@ or and that action appears in the .I actions_logged file, the action is logged. -.IP \(bu +.IP \[bu] Otherwise, if the filter has requested logging (the .B SECCOMP_FILTER_FLAG_LOG flag) and the action appears in the .I actions_logged file, the action is logged. -.IP \(bu +.IP \[bu] Otherwise, if kernel auditing is enabled and the process is being audited .RB ( autrace (8)), the action is logged. -.IP \(bu +.IP \[bu] Otherwise, the action is not logged. .SH RETURN VALUE On success, @@ -900,22 +900,22 @@ Architecture support for seccomp BPF filtering .\" Check by grepping for HAVE_ARCH_SECCOMP_FILTER in Kconfig files in .\" kernel source. Last checked in Linux 4.16-rc source. is available on the following architectures: -.IP \(bu 3 +.IP \[bu] 3 x86-64, i386, x32 (since Linux 3.5) .PD 0 -.IP \(bu +.IP \[bu] ARM (since Linux 3.8) -.IP \(bu +.IP \[bu] s390 (since Linux 3.8) -.IP \(bu +.IP \[bu] MIPS (since Linux 3.16) -.IP \(bu +.IP \[bu] ARM-64 (since Linux 3.19) -.IP \(bu +.IP \[bu] PowerPC (since Linux 4.3) -.IP \(bu +.IP \[bu] Tile (since Linux 4.3) -.IP \(bu +.IP \[bu] PA-RISC (since Linux 4.6) .\" User mode Linux since Linux 4.6 .PD @@ -923,7 +923,7 @@ PA-RISC (since Linux 4.6) .SS Caveats There are various subtleties to consider when applying seccomp filters to a program, including the following: -.IP \(bu 3 +.IP \[bu] 3 Some traditional system calls have user-space implementations in the .BR vdso (7) on many architectures. @@ -938,14 +938,14 @@ seccomp filtering for these system calls will have no effect. .BR vdso (7) implementations may fall back to invoking the true system call, in which case seccomp filters would see the system call.) -.IP \(bu +.IP \[bu] Seccomp filtering is based on system call numbers. However, applications typically do not directly invoke system calls, but instead call wrapper functions in the C library which in turn invoke the system calls. Consequently, one must be aware of the following: .RS -.IP \(bu 3 +.IP \[bu] 3 The glibc wrappers for some traditional system calls may actually employ system calls with different names in the kernel. For example, the @@ -956,12 +956,12 @@ system call, and the .BR fork (2) wrapper function actually calls .BR clone (2). -.IP \(bu +.IP \[bu] The behavior of wrapper functions may vary across architectures, according to the range of system calls provided on those architectures. In other words, the same wrapper function may invoke different system calls on different architectures. -.IP \(bu +.IP \[bu] Finally, the behavior of wrapper functions can change across glibc versions. For example, in older versions, the glibc wrapper function for .BR open (2) @@ -987,7 +987,7 @@ filters if the bugs occur in rarely used application code paths. .\" .SS Seccomp-specific BPF details Note the following BPF details specific to seccomp filters: -.IP \(bu 3 +.IP \[bu] 3 The .B BPF_H and @@ -995,13 +995,13 @@ and size modifiers are not supported: all operations must load and store (4-byte) words .RB ( BPF_W ). -.IP \(bu +.IP \[bu] To access the contents of the .I seccomp_data buffer, use the .B BPF_ABS addressing mode modifier. -.IP \(bu +.IP \[bu] The .B BPF_LEN addressing mode modifier yields an immediate mode operand @@ -1014,11 +1014,11 @@ The first three arguments are a system call number, a numeric architecture identifier, and an error number. The program uses these values to construct a BPF filter that is used at run time to perform the following checks: -.IP \(bu 3 +.IP \[bu] 3 If the program is not running on the specified architecture, the BPF filter causes system calls to fail with the error .BR ENOSYS . -.IP \(bu +.IP \[bu] If the program attempts to execute the system call with the specified number, the BPF filter causes the system call to fail, with .I errno diff --git a/man2/seccomp_unotify.2 b/man2/seccomp_unotify.2 index 2fab339b1..ff5f23f6c 100644 --- a/man2/seccomp_unotify.2 +++ b/man2/seccomp_unotify.2 @@ -77,7 +77,7 @@ is as follows: The target establishes a seccomp filter in the usual manner, but with two differences: .RS -.IP \(bu 3 +.IP \[bu] 3 The .BR seccomp (2) .I flags @@ -101,7 +101,7 @@ Only one "listening" seccomp filter can be installed for a thread. .\" suddenly it might break if a container manager is trying to listen to it .\" too, etc. I expect it won't be needed soon, but I do think it'll change. .\" -.IP \(bu +.IP \[bu] In cases where it is appropriate, the seccomp filter returns the action value .BR SECCOMP_RET_USER_NOTIF . This return value will trigger a notification event. @@ -336,12 +336,12 @@ This is a cookie for the notification. Each such cookie is guaranteed to be unique for the corresponding seccomp filter. .RS -.IP \(bu 3 +.IP \[bu] 3 The cookie can be used with the .B SECCOMP_IOCTL_NOTIF_ID_VALID .BR ioctl (2) operation described below. -.IP \(bu +.IP \[bu] When returning a notification response to the kernel, the supervisor must include the cookie value in the .I seccomp_notif_resp @@ -539,7 +539,7 @@ Tell the kernel to execute the target's system call. .RE .PP Two kinds of response are possible: -.IP \(bu 3 +.IP \[bu] 3 A response to the kernel telling it to execute the target's system call. In this case, the @@ -562,7 +562,7 @@ be executed normally in the target. The .B SECCOMP_USER_NOTIF_FLAG_CONTINUE flag should be used with caution; see NOTES. -.IP \(bu +.IP \[bu] A spoofed return value for the target's system call. In this case, the kernel does not execute the target's system call, instead causing the system call to return a spoofed value as specified by @@ -906,7 +906,7 @@ flag can be monitored using and .BR select (2). These interfaces indicate that the file descriptor is ready as follows: -.IP \(bu 3 +.IP \[bu] 3 When a notification is pending, these interfaces indicate that the file descriptor is readable. Following such an indication, a subsequent @@ -917,7 +917,7 @@ or else failing with the error .B EINTR if the target has been killed by a signal or its system call has been interrupted by a signal handler. -.IP \(bu +.IP \[bu] After the notification has been received (i.e., by the .B SECCOMP_IOCTL_NOTIF_RECV .BR ioctl (2) @@ -926,7 +926,7 @@ meaning that a notification response can be sent using the .B SECCOMP_IOCTL_NOTIF_SEND .BR ioctl (2) operation. -.IP \(bu +.IP \[bu] After the last thread using the filter has terminated and been reaped using .BR waitpid (2) (or similar), @@ -1205,7 +1205,7 @@ the supervisor examines the memory of the target process (using to discover the pathname argument that was supplied to the .BR mkdir (2) call, and performs one of the following actions: -.IP \(bu 3 +.IP \[bu] 3 If the pathname begins with the prefix "/tmp/", then the supervisor attempts to create the specified directory, and then spoofs a return for the target process based on the return @@ -1214,7 +1214,7 @@ value of the supervisor's call. In the event that that call succeeds, the spoofed success return value is the length of the pathname. -.IP \(bu +.IP \[bu] If the pathname begins with "./" (i.e., it is a relative pathname), the supervisor sends a .B SECCOMP_USER_NOTIF_FLAG_CONTINUE @@ -1222,7 +1222,7 @@ response to the kernel to say that the kernel should execute the target process's .BR mkdir (2) call. -.IP \(bu +.IP \[bu] If the pathname begins with some other prefix, the supervisor spoofs an error return for the target process, so that the target process's diff --git a/man2/select.2 b/man2/select.2 index 5e31bc892..7718b7506 100644 --- a/man2/select.2 +++ b/man2/select.2 @@ -205,11 +205,11 @@ structure (shown below) that specifies the interval that should block waiting for a file descriptor to become ready. The call will block until either: .RS -.IP \(bu 3 +.IP \[bu] 3 a file descriptor becomes ready; -.IP \(bu +.IP \[bu] the call is interrupted by a signal handler; or -.IP \(bu +.IP \[bu] the timeout expires. .RE .IP @@ -243,7 +243,7 @@ The operation of and .BR pselect () is identical, other than these three differences: -.IP \(bu 3 +.IP \[bu] 3 .BR select () uses a timeout that is a .I struct timeval @@ -252,14 +252,14 @@ uses a timeout that is a uses a .I struct timespec (with seconds and nanoseconds). -.IP \(bu +.IP \[bu] .BR select () may update the .I timeout argument to indicate how much time was left. .BR pselect () does not change this argument. -.IP \(bu +.IP \[bu] .BR select () has no .I sigmask diff --git a/man2/semget.2 b/man2/semget.2 index cda93cb9e..a22ebcd75 100644 --- a/man2/semget.2 +++ b/man2/semget.2 @@ -95,29 +95,29 @@ initializes the set's associated data structure, (see .BR semctl (2)), as follows: -.IP \(bu 3 +.IP \[bu] 3 .I sem_perm.cuid and .I sem_perm.uid are set to the effective user ID of the calling process. -.IP \(bu +.IP \[bu] .I sem_perm.cgid and .I sem_perm.gid are set to the effective group ID of the calling process. -.IP \(bu +.IP \[bu] The least significant 9 bits of .I sem_perm.mode are set to the least significant 9 bits of .IR semflg . -.IP \(bu +.IP \[bu] .I sem_nsems is set to the value of .IR nsems . -.IP \(bu +.IP \[bu] .I sem_otime is set to 0. -.IP \(bu +.IP \[bu] .I sem_ctime is set to the current time. .PP diff --git a/man2/semop.2 b/man2/semop.2 index 1a878f2da..7a1416a26 100644 --- a/man2/semop.2 +++ b/man2/semop.2 @@ -142,12 +142,12 @@ Otherwise, (the count of threads waiting until this semaphore's value becomes zero) is incremented by one and the thread sleeps until one of the following occurs: -.IP \(bu 3 +.IP \[bu] 3 .I semval becomes 0, at which time the value of .I semzcnt is decremented. -.IP \(bu +.IP \[bu] The semaphore set is removed: .BR semop () @@ -155,7 +155,7 @@ fails, with .I errno set to .BR EIDRM . -.IP \(bu +.IP \[bu] The calling thread catches a signal: the value of .I semzcnt @@ -207,19 +207,19 @@ Otherwise, (the counter of threads waiting for this semaphore's value to increase) is incremented by one and the thread sleeps until one of the following occurs: -.IP \(bu 3 +.IP \[bu] 3 .I semval becomes greater than or equal to the absolute value of .IR sem_op : the operation now proceeds, as described above. -.IP \(bu +.IP \[bu] The semaphore set is removed from the system: .BR semop () fails, with .I errno set to .BR EIDRM . -.IP \(bu +.IP \[bu] The calling thread catches a signal: the value of .I semncnt diff --git a/man2/setns.2 b/man2/setns.2 index 1a7ede0a0..4de32d5c5 100644 --- a/man2/setns.2 +++ b/man2/setns.2 @@ -23,11 +23,11 @@ system call allows the calling thread to move into different namespaces. The .I fd argument is one of the following: -.IP \(bu 3 +.IP \[bu] 3 a file descriptor referring to one of the magic links in a .IR /proc/ pid /ns/ directory (or a bind mount to such a link); -.IP \(bu +.IP \[bu] a PID file descriptor (see .BR pidfd_open (2)). .PP diff --git a/man2/shmget.2 b/man2/shmget.2 index cdb2d3bee..e12915dd8 100644 --- a/man2/shmget.2 +++ b/man2/shmget.2 @@ -161,33 +161,33 @@ its associated data structure, (see .BR shmctl (2)), is initialized as follows: -.IP \(bu 3 +.IP \[bu] 3 .I shm_perm.cuid and .I shm_perm.uid are set to the effective user ID of the calling process. -.IP \(bu +.IP \[bu] .I shm_perm.cgid and .I shm_perm.gid are set to the effective group ID of the calling process. -.IP \(bu +.IP \[bu] The least significant 9 bits of .I shm_perm.mode are set to the least significant 9 bit of .IR shmflg . -.IP \(bu +.IP \[bu] .I shm_segsz is set to the value of .IR size . -.IP \(bu +.IP \[bu] .IR shm_lpid , .IR shm_nattch , .IR shm_atime , and .I shm_dtime are set to 0. -.IP \(bu +.IP \[bu] .I shm_ctime is set to the current time. .PP diff --git a/man2/shmop.2 b/man2/shmop.2 index 980a44e80..6ab2e063a 100644 --- a/man2/shmop.2 +++ b/man2/shmop.2 @@ -40,13 +40,13 @@ to the address space of the calling process. The attaching address is specified by .I shmaddr with one of the following criteria: -.IP \(bu 3 +.IP \[bu] 3 If .I shmaddr is NULL, the system chooses a suitable (unused) page-aligned address to attach the segment. -.IP \(bu +.IP \[bu] If .I shmaddr isn't NULL @@ -58,7 +58,7 @@ the attach occurs at the address equal to .I shmaddr rounded down to the nearest multiple of .BR SHMLBA . -.IP \(bu +.IP \[bu] Otherwise, .I shmaddr must be a page-aligned address at which the attach occurs. @@ -108,13 +108,13 @@ call updates the members of the structure (see .BR shmctl (2)) associated with the shared memory segment as follows: -.IP \(bu 3 +.IP \[bu] 3 .I shm_atime is set to the current time. -.IP \(bu +.IP \[bu] .I shm_lpid is set to the process-ID of the calling process. -.IP \(bu +.IP \[bu] .I shm_nattch is incremented by one. .\" @@ -135,13 +135,13 @@ On a successful call, the system updates the members of the .I shmid_ds structure associated with the shared memory segment as follows: -.IP \(bu 3 +.IP \[bu] 3 .I shm_dtime is set to the current time. -.IP \(bu +.IP \[bu] .I shm_lpid is set to the process-ID of the calling process. -.IP \(bu +.IP \[bu] .I shm_nattch is decremented by one. If it becomes 0 and the segment is marked for deletion, diff --git a/man2/sigaction.2 b/man2/sigaction.2 index dfb94fe4f..0b1c872c2 100644 --- a/man2/sigaction.2 +++ b/man2/sigaction.2 @@ -114,13 +114,13 @@ Some further details of the purpose of this field can be found in specifies the action to be associated with .I signum and can be one of the following: -.IP \(bu 3 +.IP \[bu] 3 .B SIG_DFL for the default action. -.IP \(bu +.IP \[bu] .B SIG_IGN to ignore this signal. -.IP \(bu +.IP \[bu] A pointer to a signal handling function. This function receives the signal number as its only argument. .PP @@ -387,7 +387,7 @@ are defined for all signals. is generally unused on Linux.) The rest of the struct may be a union, so that one should read only the fields that are meaningful for the given signal: -.IP \(bu 3 +.IP \[bu] 3 Signals sent with .BR kill (2) and @@ -402,7 +402,7 @@ with the values specified by the sender of the signal; see .BR sigqueue (3) for more details. -.IP \(bu +.IP \[bu] Signals sent by POSIX.1b timers (since Linux 2.6) fill in .I si_overrun and @@ -418,7 +418,7 @@ field is the timer overrun count; this is the same information as is obtained by a call to .BR timer_getoverrun (2). These fields are nonstandard Linux extensions. -.IP \(bu +.IP \[bu] Signals sent for message queue notification (see the description of .B SIGEV_SIGNAL in @@ -433,7 +433,7 @@ supplied to with the process ID of the message sender; and .IR si_uid , with the real user ID of the message sender. -.IP \(bu +.IP \[bu] .B SIGCHLD fills in .IR si_pid ", " si_uid ", " si_status ", " si_utime ", and " si_stime , @@ -480,7 +480,7 @@ of the (configurable) system jiffy (see .\" But note that these fields still don't return the times of .\" waited-for children (as is done by getrusage() and times() .\" and wait4()). Solaris 8 does include child times. -.IP \(bu +.IP \[bu] .BR SIGILL , .BR SIGFPE , .BR SIGSEGV , @@ -544,7 +544,7 @@ suberror of .B SIGSEGV populates .IR si_pkey . -.IP \(bu +.IP \[bu] .BR SIGIO / SIGPOLL (the two names are synonyms on Linux) fills in @@ -564,7 +564,7 @@ for further details, see the description of .B F_SETSIG in .BR fcntl (2). -.IP \(bu +.IP \[bu] .BR SIGSYS , generated (since Linux 3.5) .\" commit a0727e8ce513fe6890416da960181ceb10fbfae6 @@ -613,15 +613,15 @@ the definitions of most of these symbols are obtained from by defining feature test macros (before including .I any header file) as follows: -.IP \(bu 3 +.IP \[bu] 3 .B _XOPEN_SOURCE with the value 500 or greater; -.IP \(bu +.IP \[bu] .B _XOPEN_SOURCE and .BR _XOPEN_SOURCE_EXTENDED ; or -.IP \(bu +.IP \[bu] .B _POSIX_C_SOURCE with the value 200809L or greater. .PP diff --git a/man2/signal.2 b/man2/signal.2 index cd351fcd4..b21abc3b8 100644 --- a/man2/signal.2 +++ b/man2/signal.2 @@ -219,11 +219,11 @@ sa.sa_flags = SA_RESTART; .in .PP The situation on Linux is as follows: -.IP \(bu 3 +.IP \[bu] 3 The kernel's .BR signal () system call provides System\ V semantics. -.IP \(bu +.IP \[bu] By default, in glibc 2 and later, the .BR signal () wrapper function does not invoke the kernel system call. diff --git a/man2/splice.2 b/man2/splice.2 index 136137c75..38d8f703b 100644 --- a/man2/splice.2 +++ b/man2/splice.2 @@ -35,13 +35,13 @@ The following semantics apply for .I fd_in and .IR off_in : -.IP \(bu 3 +.IP \[bu] 3 If .I fd_in refers to a pipe, then .I off_in must be NULL. -.IP \(bu +.IP \[bu] If .I fd_in does not refer to a pipe and @@ -50,7 +50,7 @@ is NULL, then bytes are read from .I fd_in starting from the file offset, and the file offset is adjusted appropriately. -.IP \(bu +.IP \[bu] If .I fd_in does not refer to a pipe and diff --git a/man2/syscall.2 b/man2/syscall.2 index d7b744862..3eba62182 100644 --- a/man2/syscall.2 +++ b/man2/syscall.2 @@ -198,7 +198,7 @@ xtensa syscall a2 a2 - - .TE .PP Notes: -.IP \(bu 3 +.IP \[bu] 3 On a few architectures, a register is used as a boolean (0 indicating no error, and \-1 indicating an error) to signal that the @@ -214,31 +214,31 @@ On powerpc64, the summary overflow bit in field 0 of the condition register .RI ( cr0 ) is used. -.IP \(bu +.IP \[bu] .I NR is the system call number. -.IP \(bu +.IP \[bu] For s390 and s390x, .I NR (the system call number) may be passed directly with .I "svc\ NR" if it is less than 256. -.IP \(bu +.IP \[bu] On SuperH additional trap numbers are supported for historic reasons, but .BR trapa #31 is the recommended "unified" ABI. -.IP \(bu +.IP \[bu] The x32 ABI shares syscall table with x86-64 ABI, but there are some nuances: .RS -.IP \(bu 3 +.IP \[bu] 3 In order to indicate that a system call is called under the x32 ABI, an additional bit, .BR __X32_SYSCALL_BIT , is bitwise-ORed with the system call number. The ABI used by a process affects some process behaviors, including signal handling or system call restarting. -.IP \(bu +.IP \[bu] Since x32 has different sizes for .I long and pointer types, layouts of some (but not all; @@ -267,7 +267,7 @@ but passes an 8-byte .I pos argument in a single register and not two, as is done in every other ABI. .RE -.IP \(bu +.IP \[bu] Some architectures (namely, Alpha, IA-64, MIPS, SuperH, sparc/32, and sparc/64) use an additional register ("Retval2" in the above table) @@ -325,7 +325,7 @@ xtensa a6 a3 a4 a5 a8 a9 - .TE .PP Notes: -.IP \(bu 3 +.IP \[bu] 3 The mips/o32 system call convention passes arguments 5 through 8 on the user stack. .if t \{\ diff --git a/man2/syscalls.2 b/man2/syscalls.2 index 209b16eb7..405629c23 100644 --- a/man2/syscalls.2 +++ b/man2/syscalls.2 @@ -69,16 +69,16 @@ column indicates the kernel version for those system calls that were new in Linux 2.2, or have appeared since that kernel version. Note the following points: -.IP \(bu 3 +.IP \[bu] 3 Where no kernel version is indicated, the system call appeared in Linux 1.0 or earlier. -.IP \(bu +.IP \[bu] Where a system call is marked "1.2" this means the system call probably appeared in a Linux 1.1.x kernel version, and first appeared in a stable kernel with 1.2. (Development of the 1.2 kernel was initiated from a branch of kernel 1.0.6 via the 1.1.x unstable kernel series.) -.IP \(bu +.IP \[bu] Where a system call is marked "2.0" this means the system call probably appeared in a Linux 1.3.x kernel version, and first appeared in a stable kernel with Linux 2.0. @@ -94,25 +94,25 @@ via the Linux 1.3.x unstable kernel series.) .\" timestamps of some files in Linux 1.3.0 seem to be older .\" than those in Linux 1.2.10. All of this suggests .\" that there might not have been a clean branch point. -.IP \(bu +.IP \[bu] Where a system call is marked "2.2" this means the system call probably appeared in a Linux 2.1.x kernel version, and first appeared in a stable kernel with Linux 2.2.0. (Development of the Linux 2.2 kernel was initiated from a branch of kernel Linux 2.0.21 via the Linux 2.1.x unstable kernel series.) -.IP \(bu +.IP \[bu] Where a system call is marked "2.4" this means the system call probably appeared in a Linux 2.3.x kernel version, and first appeared in a stable kernel with Linux 2.4.0. (Development of the Linux 2.4 kernel was initiated from a branch of Linux 2.2.8 via the Linux 2.3.x unstable kernel series.) -.IP \(bu +.IP \[bu] Where a system call is marked "2.6" this means the system call probably appeared in a Linux 2.5.x kernel version, and first appeared in a stable kernel with Linux 2.6.0. (Development of Linux 2.6 was initiated from a branch of Linux 2.4.15 via the Linux 2.5.x unstable kernel series.) -.IP \(bu +.IP \[bu] Starting with Linux 2.6.0, the development model changed, and new system calls may appear in each Linux 2.6.x release. In this case, the exact version number where the system call appeared @@ -121,7 +121,7 @@ This convention continues with the Linux 3.x kernel series, which followed on from Linux 2.6.39; and the Linux 4.x kernel series, which followed on from Linux 3.19; and the Linux 5.x kernel series, which followed on from Linux 4.20. -.IP \(bu +.IP \[bu] In some cases, a system call was added to a stable kernel series after it branched from the previous stable kernel series, and then backported into the earlier stable kernel series. @@ -898,9 +898,9 @@ since been removed from the kernel: AVR32 (port removed in Linux 4.12) .RS .PD 0 -.IP \(bu 3 +.IP \[bu] 3 .BR pread (2) -.IP \(bu +.IP \[bu] .BR pwrite (2) .PD .RE @@ -908,22 +908,22 @@ AVR32 (port removed in Linux 4.12) Blackfin (port removed in Linux 4.17) .RS .PD 0 -.IP \(bu 3 +.IP \[bu] 3 .BR bfin_spinlock (2) (added in Linux 2.6.22) -.IP \(bu +.IP \[bu] .BR dma_memcpy (2) (added in Linux 2.6.22) -.IP \(bu +.IP \[bu] .BR pread (2) (added in Linux 2.6.22) -.IP \(bu +.IP \[bu] .BR pwrite (2) (added in Linux 2.6.22) -.IP \(bu +.IP \[bu] .BR sram_alloc (2) (added in Linux 2.6.22) -.IP \(bu +.IP \[bu] .BR sram_free (2) (added in Linux 2.6.22) .PD @@ -932,16 +932,16 @@ Blackfin (port removed in Linux 4.17) Metag (port removed in Linux 4.17) .RS .PD 0 -.IP \(bu 3 +.IP \[bu] 3 .BR metag_get_tls (2) (add in Linux 3.9) -.IP \(bu +.IP \[bu] .BR metag_set_fpu_flags (2) (add in Linux 3.9) -.IP \(bu +.IP \[bu] .BR metag_set_tls (2) (add in Linux 3.9) -.IP \(bu +.IP \[bu] .BR metag_setglobalbit (2) (add in Linux 3.9) .PD @@ -950,7 +950,7 @@ Metag (port removed in Linux 4.17) Tile (port removed in Linux 4.17) .RS .PD 0 -.IP \(bu 3 +.IP \[bu] 3 .BR cmpxchg_badaddr (2) (added in Linux 2.6.36) .PD @@ -988,7 +988,7 @@ system call is invoked, and that ABI compatibility is preserved for old binaries.) Examples of systems calls that exist in multiple versions are the following: -.IP \(bu 3 +.IP \[bu] 3 By now there are three different versions of .BR stat (2): .IR sys_stat () @@ -1009,7 +1009,7 @@ A similar story applies for .BR lstat (2) and .BR fstat (2). -.IP \(bu +.IP \[bu] Similarly, the defines .IR __NR_oldolduname , .IR __NR_olduname , @@ -1020,14 +1020,14 @@ refer to the routines .IR sys_uname (), and .IR sys_newuname (). -.IP \(bu +.IP \[bu] In Linux 2.0, a new version of .BR vm86 (2) appeared, with the old and the new kernel routines being named .IR sys_vm86old () and .IR sys_vm86 (). -.IP \(bu +.IP \[bu] In Linux 2.4, a new version of .BR getrlimit (2) appeared, with the old and the new kernel routines being named @@ -1038,7 +1038,7 @@ and .IR sys_getrlimit () (slot .IR __NR_ugetrlimit ). -.IP \(bu +.IP \[bu] Linux 2.4 increased the size of user and group IDs from 16 to 32 bits. .\" 64-bit off_t changes: ftruncate64, *stat64, .\" fcntl64 (because of the flock structure), getdents64, *statfs64 @@ -1050,7 +1050,7 @@ To support this change, a range of system calls were added .BR setresuid32 (2)), superseding earlier calls of the same name without the "32" suffix. -.IP \(bu +.IP \[bu] Linux 2.4 added support for applications on 32-bit architectures to access large files (i.e., files for which the sizes and file offsets can't be represented in 32 bits.) @@ -1073,7 +1073,7 @@ On newer platforms that only have 64-bit file access and 32-bit UIDs/GIDs the UID/GID and file access system calls. On platforms (typically, 32-bit platforms) where the *64 and *32 calls exist, the other versions are obsolete. -.IP \(bu +.IP \[bu] The .I rt_sig* calls were added in Linux 2.2 to support the addition @@ -1081,7 +1081,7 @@ of real-time signals (see .BR signal (7)). These system calls supersede the older system calls of the same name without the "rt_" prefix. -.IP \(bu +.IP \[bu] The .BR select (2) and diff --git a/man2/timer_create.2 b/man2/timer_create.2 index a7c4f93f9..6d49da17f 100644 --- a/man2/timer_create.2 +++ b/man2/timer_create.2 @@ -282,7 +282,7 @@ option. Part of the implementation of the POSIX timers API is provided by glibc. .\" See nptl/sysdeps/unix/sysv/linux/timer_create.c In particular: -.IP \(bu 3 +.IP \[bu] 3 Much of the functionality for .B SIGEV_THREAD is implemented within glibc, rather than the kernel. @@ -296,14 +296,14 @@ value of .B SIGEV_THREAD_ID along with a real-time signal that is reserved by the implementation (see .BR nptl (7)). -.IP \(bu +.IP \[bu] The implementation of the default case where .I evp is NULL is handled inside glibc, which invokes the underlying system call with a suitably populated .I sigevent structure. -.IP \(bu +.IP \[bu] The timer IDs presented at user level are maintained by glibc, which maps these IDs to the timer IDs employed by the kernel. .\" See the glibc source file kernel-posix-timers.h for the structure diff --git a/man2/timerfd_create.2 b/man2/timerfd_create.2 index d7d47296f..315f3fe35 100644 --- a/man2/timerfd_create.2 +++ b/man2/timerfd_create.2 @@ -502,7 +502,7 @@ to rearm the timer (without first doing a on the file descriptor). .PP In this case the following occurs: -.IP \(bu 3 +.IP \[bu] 3 The .BR timerfd_settime () returns \-1 with @@ -511,7 +511,7 @@ set to .BR ECANCELED . (This enables the caller to know that the previous timer was affected by a discontinuous change to the clock.) -.IP \(bu +.IP \[bu] The timer .I "is successfully rearmed" with the settings provided in the second diff --git a/man2/utimensat.2 b/man2/utimensat.2 index 7f43aab7b..0ea9ebe9e 100644 --- a/man2/utimensat.2 +++ b/man2/utimensat.2 @@ -113,15 +113,15 @@ is NULL, or both fields specify .BR UTIME_NOW ), either: -.IP \(bu 3 +.IP \[bu] 3 the caller must have write access to the file; .\" 2.6.22 was broken here -- for futimens() the check is .\" based on whether or not the file descriptor is writable, .\" not on whether the caller's effective UID has write .\" permission for the file referred to by the descriptor. -.IP \(bu +.IP \[bu] the caller's effective user ID must match the owner of the file; or -.IP \(bu +.IP \[bu] the caller must have appropriate privileges. .PP To make any change other than setting both timestamps to the @@ -340,13 +340,13 @@ field is .BR UTIME_OMIT ) and either: .RS -.IP \(bu 3 +.IP \[bu] 3 the caller's effective user ID does not match the owner of file, and the caller is not privileged (Linux: does not have the .B CAP_FOWNER capability); or, -.IP \(bu +.IP \[bu] .\" Linux 2.6.22 was broken here: .\" it was not consistent with the old utimes() implementation, .\" since the case when both tv_nsec fields are UTIME_NOW, was not @@ -463,7 +463,7 @@ and before Linux 2.6.26. These bugs are either nonconformances with the POSIX.1 draft specification or inconsistencies with historical Linux behavior. -.IP \(bu 3 +.IP \[bu] 3 POSIX.1 specifies that if one of the .I tv_nsec fields has the value @@ -478,7 +478,7 @@ Instead, the value of the field is required to be 0 (or the error .B EINVAL results). -.IP \(bu +.IP \[bu] Various bugs mean that for the purposes of permission checking, the case where both .I tv_nsec @@ -580,7 +580,7 @@ value is returned in case of an error. .\" .BR UTIME_NOW . .\" Instead, the call fails with the error .\" .BR EPERM . -.IP \(bu +.IP \[bu] POSIX.1 says that a process that has \fIwrite access to the file\fP can make a call with .I times diff --git a/man2/vfork.2 b/man2/vfork.2 index 0ab54f5ad..5e6b8226c 100644 --- a/man2/vfork.2 +++ b/man2/vfork.2 @@ -167,11 +167,11 @@ and .BR vfork (), there are various reasons why Linux and other systems have retained .BR vfork (): -.IP \(bu 3 +.IP \[bu] 3 Some performance-critical applications require the small performance advantage conferred by .BR vfork (). -.IP \(bu +.IP \[bu] .BR vfork () can be implemented on systems that lack a memory-management unit (MMU), but .BR fork (2) @@ -189,7 +189,7 @@ is designed to be implementable on systems that lack an MMU.) .\" http://developers.sun.com/solaris/articles/subprocess/subprocess.html .\" http://mailman.uclinux.org/pipermail/uclinux-dev/2009-April/000684.html .\" -.IP \(bu +.IP \[bu] On systems where memory is constrained, .BR vfork () avoids the need to temporarily commit memory (see the description of diff --git a/man3/__setfpucw.3 b/man3/__setfpucw.3 index 0b7a4f99c..64efa658c 100644 --- a/man3/__setfpucw.3 +++ b/man3/__setfpucw.3 @@ -57,11 +57,11 @@ can be used. Set FPU control word on the i386 architecture to .RS .PD 0 -.IP \(bu 3 +.IP \[bu] 3 extended precision -.IP \(bu +.IP \[bu] rounding to nearest -.IP \(bu +.IP \[bu] exceptions on overflow, zero divide and NaN .PD .RE diff --git a/man3/aio_suspend.3 b/man3/aio_suspend.3 index 2b33ddfa9..32a08c510 100644 --- a/man3/aio_suspend.3 +++ b/man3/aio_suspend.3 @@ -22,13 +22,13 @@ Real-time library The .BR aio_suspend () function suspends the calling thread until one of the following occurs: -.IP \(bu 3 +.IP \[bu] 3 One or more of the asynchronous I/O requests in the list .I aiocb_list has completed. -.IP \(bu +.IP \[bu] A signal is delivered. -.IP \(bu +.IP \[bu] .I timeout is not NULL and the specified time interval has passed. (For details of the diff --git a/man3/backtrace.3 b/man3/backtrace.3 index f078bf67a..c98d3eb1b 100644 --- a/man3/backtrace.3 +++ b/man3/backtrace.3 @@ -161,17 +161,17 @@ These functions are GNU extensions. These functions make some assumptions about how a function's return address is stored on the stack. Note the following: -.IP \(bu 3 +.IP \[bu] 3 Omission of the frame pointers (as implied by any of .BR gcc (1)'s nonzero optimization levels) may cause these assumptions to be violated. -.IP \(bu +.IP \[bu] Inlined functions do not have stack frames. -.IP \(bu +.IP \[bu] Tail-call optimization causes one stack frame to replace another. -.IP \(bu +.IP \[bu] .BR backtrace () and .BR backtrace_symbols_fd () diff --git a/man3/bzero.3 b/man3/bzero.3 index 5d41dd041..0d7171bf8 100644 --- a/man3/bzero.3 +++ b/man3/bzero.3 @@ -102,7 +102,7 @@ are never optimized away by the compiler. The .BR explicit_bzero () function does not solve all problems associated with erasing sensitive data: -.IP \(bu 3 +.IP \[bu] 3 The .BR explicit_bzero () function does @@ -115,7 +115,7 @@ a register and in "scratch" stack areas. The .BR explicit_bzero () function is not aware of these copies, and can't erase them. -.IP \(bu +.IP \[bu] In some circumstances, .BR explicit_bzero () can diff --git a/man3/dlopen.3 b/man3/dlopen.3 index 907a4088a..5a97e510f 100644 --- a/man3/dlopen.3 +++ b/man3/dlopen.3 @@ -68,32 +68,32 @@ Otherwise, the dynamic linker searches for the object as follows (see .BR ld.so (8) for further details): -.IP \(bu 3 +.IP \[bu] 3 (ELF only) If the calling object (i.e., the shared library or executable from which .BR dlopen () is called) contains a DT_RPATH tag, and does not contain a DT_RUNPATH tag, then the directories listed in the DT_RPATH tag are searched. -.IP \(bu +.IP \[bu] If, at the time that the program was started, the environment variable .B LD_LIBRARY_PATH was defined to contain a colon-separated list of directories, then these are searched. (As a security measure, this variable is ignored for set-user-ID and set-group-ID programs.) -.IP \(bu +.IP \[bu] (ELF only) If the calling object contains a DT_RUNPATH tag, then the directories listed in that tag are searched. -.IP \(bu +.IP \[bu] The cache file .I /etc/ld.so.cache (maintained by .BR ldconfig (8)) is checked to see whether it contains an entry for .IR filename . -.IP \(bu +.IP \[bu] The directories .I /lib and diff --git a/man3/duplocale.3 b/man3/duplocale.3 index 67e3343b3..a069c827f 100644 --- a/man3/duplocale.3 +++ b/man3/duplocale.3 @@ -62,11 +62,11 @@ function were added in glibc 2.3. POSIX.1-2008. .SH NOTES Duplicating a locale can serve the following purposes: -.IP \(bu 3 +.IP \[bu] 3 To create a copy of a locale object in which one of more categories are to be modified (using .BR newlocale (3)). -.IP \(bu +.IP \[bu] To obtain a handle for the current locale which can used in other functions that employ a locale handle, such as .BR toupper_l (3). diff --git a/man3/exit.3 b/man3/exit.3 index 2fd463cb7..885335846 100644 --- a/man3/exit.3 +++ b/man3/exit.3 @@ -130,7 +130,7 @@ After the exit status must be transmitted to the parent process. There are three cases: -.IP \(bu 3 +.IP \[bu] 3 If the parent has set .BR SA_NOCLDWAIT , or has set the @@ -138,10 +138,10 @@ or has set the handler to .BR SIG_IGN , the status is discarded and the child dies immediately. -.IP \(bu +.IP \[bu] If the parent was waiting on the child, it is notified of the exit status and the child dies immediately. -.IP \(bu +.IP \[bu] Otherwise, the child becomes a "zombie" process: most of the process resources are recycled, diff --git a/man3/fopencookie.3 b/man3/fopencookie.3 index ec05fd840..6c82ce6be 100644 --- a/man3/fopencookie.3 +++ b/man3/fopencookie.3 @@ -32,10 +32,10 @@ which provides a stream interface to data that is stored in a buffer in memory. .PP In order to create a custom stream the programmer must: -.IP \(bu 3 +.IP \[bu] 3 Implement four "hook" functions that are used internally by the standard I/O library when performing I/O on the stream. -.IP \(bu +.IP \[bu] Define a "cookie" data type, a structure that provides bookkeeping information (e.g., where to store data) used by the aforementioned hook functions. @@ -46,7 +46,7 @@ when passed to .BR fopencookie ()), but automatically supplies the cookie as the first argument when calling the hook functions. -.IP \(bu +.IP \[bu] Call .BR fopencookie () to open a new stream and associate the cookie and hook functions diff --git a/man3/fpathconf.3 b/man3/fpathconf.3 index a28238c01..ec42d95bb 100644 --- a/man3/fpathconf.3 +++ b/man3/fpathconf.3 @@ -157,7 +157,7 @@ or must refer to a terminal. .SH RETURN VALUE The return value of these functions is one of the following: -.IP \(bu 3 +.IP \[bu] 3 On error, \-1 is returned and .I errno is set to indicate the error @@ -166,7 +166,7 @@ is set to indicate the error indicating that .I name is invalid). -.IP \(bu +.IP \[bu] If .I name corresponds to a maximum or minimum limit, and that limit is indeterminate, @@ -178,13 +178,13 @@ is not changed. to zero before the call, and then check whether .I errno is nonzero when \-1 is returned.) -.IP \(bu +.IP \[bu] If .I name corresponds to an option, a positive value is returned if the option is supported, and \-1 is returned if the option is not supported. -.IP \(bu +.IP \[bu] Otherwise, the current value of the option or limit is returned. This value will not be more restrictive than diff --git a/man3/ftw.3 b/man3/ftw.3 index d0ad329ad..4c14e1489 100644 --- a/man3/ftw.3 +++ b/man3/ftw.3 @@ -307,7 +307,7 @@ is never called for a directory that would be a descendant of itself. is an older function that offers a subset of the functionality of .BR nftw (). The notable differences are as follows: -.IP \(bu 3 +.IP \[bu] 3 .BR ftw () has no .I flags @@ -317,11 +317,11 @@ It behaves the same as when is called with .I flags specified as zero. -.IP \(bu +.IP \[bu] The callback function, .IR fn (), is not supplied with a fourth argument. -.IP \(bu +.IP \[bu] The range of values that is passed via the .I typeflag argument supplied to diff --git a/man3/getaddrinfo.3 b/man3/getaddrinfo.3 index b63bd78aa..b98e3616a 100644 --- a/man3/getaddrinfo.3 +++ b/man3/getaddrinfo.3 @@ -330,7 +330,7 @@ official name of the host. The remaining fields of each returned .I addrinfo structure are initialized as follows: -.IP \(bu 3 +.IP \[bu] 3 The .IR ai_family , .IR ai_socktype , @@ -353,7 +353,7 @@ or and .I ai_protocol returns the protocol for the socket. -.IP \(bu +.IP \[bu] A pointer to the socket address is placed in the .I ai_addr field, and the length of the socket address, in bytes, diff --git a/man3/getaddrinfo_a.3 b/man3/getaddrinfo_a.3 index b9f239db3..f92a1bea1 100644 --- a/man3/getaddrinfo_a.3 +++ b/man3/getaddrinfo_a.3 @@ -169,13 +169,13 @@ The argument specifies the size of the array .IR list . The call blocks until one of the following occurs: -.IP \(bu 3 +.IP \[bu] 3 One or more of the operations in .I list completes. -.IP \(bu +.IP \[bu] The call is interrupted by a signal that is caught. -.IP \(bu +.IP \[bu] The time interval specified in .I timeout elapses. diff --git a/man3/getenv.3 b/man3/getenv.3 index 0d4c19d23..b9f9ed2c2 100644 --- a/man3/getenv.3 +++ b/man3/getenv.3 @@ -51,14 +51,14 @@ function is just like except that it returns NULL in cases where "secure execution" is required. Secure execution is required if one of the following conditions was true when the program run by the calling process was loaded: -.IP \(bu 3 +.IP \[bu] 3 the process's effective user ID did not match its real user ID or the process's effective group ID did not match its real group ID (typically this is the result of executing a set-user-ID or set-group-ID program); -.IP \(bu +.IP \[bu] the effective capability bit was set on the executable file; or -.IP \(bu +.IP \[bu] the process has a nonempty permitted capability set. .PP Secure execution may also be required if triggered diff --git a/man3/getopt.3 b/man3/getopt.3 index ef31a697c..f5d5fa79a 100644 --- a/man3/getopt.3 +++ b/man3/getopt.3 @@ -175,14 +175,14 @@ can detect two kinds of errors: and (2) a missing option argument (i.e., an option at the end of the command line without an expected argument). Such errors are handled and reported as follows: -.IP \(bu 3 +.IP \[bu] 3 By default, .BR getopt () prints an error message on standard error, places the erroneous option character in .IR optopt , and returns \[aq]?\[aq] as the function result. -.IP \(bu +.IP \[bu] If the caller has set the global variable .I opterr to zero, then @@ -193,7 +193,7 @@ the function return value is \[aq]?\[aq]. (By default, .I opterr has a nonzero value.) -.IP \(bu +.IP \[bu] If the first character (following any optional \[aq]+\[aq] or \[aq]\-\[aq] described above) of \fIoptstring\fP diff --git a/man3/iconv.3 b/man3/iconv.3 index 852535966..0ee4b0bcb 100644 --- a/man3/iconv.3 +++ b/man3/iconv.3 @@ -72,21 +72,21 @@ function can also convert a sequence of input bytes to an update to the conversion state without producing any output bytes; such input is called a \fIshift sequence\fP. The conversion can stop for four reasons: -.IP \(bu 3 +.IP \[bu] 3 An invalid multibyte sequence is encountered in the input. In this case, it sets \fIerrno\fP to \fBEILSEQ\fP and returns .IR (size_t)\ \-1 . \fI*inbuf\fP is left pointing to the beginning of the invalid multibyte sequence. -.IP \(bu +.IP \[bu] The input byte sequence has been entirely converted, that is, \fI*inbytesleft\fP has gone down to 0. In this case, .BR iconv () returns the number of nonreversible conversions performed during this call. -.IP \(bu +.IP \[bu] An incomplete multibyte sequence is encountered in the input, and the input byte sequence terminates after it. In this case, it sets \fIerrno\fP to @@ -94,7 +94,7 @@ In this case, it sets \fIerrno\fP to .IR (size_t)\ \-1 . \fI*inbuf\fP is left pointing to the beginning of the incomplete multibyte sequence. -.IP \(bu +.IP \[bu] The output buffer has no more room for the next converted character. In this case, it sets \fIerrno\fP to \fBE2BIG\fP and returns .IR (size_t)\ \-1 . diff --git a/man3/ilogb.3 b/man3/ilogb.3 index 8228f8fc6..f6e016fd1 100644 --- a/man3/ilogb.3 +++ b/man3/ilogb.3 @@ -133,13 +133,13 @@ C99, POSIX.1-2001, POSIX.1-2008. .\" Bug raised: http://sources.redhat.com/bugzilla/show_bug.cgi?id=6794 Before glibc 2.16, the following bugs existed in the glibc implementation of these functions: -.IP \(bu 3 +.IP \[bu] 3 The domain error case where .I x is 0 or a NaN did not cause .I errno to be set or (on some architectures) raise a floating-point exception. -.IP \(bu +.IP \[bu] The domain error case where .I x is an infinity did not cause diff --git a/man3/inet_net_pton.3 b/man3/inet_net_pton.3 index 6010e3bb7..4eda6e005 100644 --- a/man3/inet_net_pton.3 +++ b/man3/inet_net_pton.3 @@ -183,34 +183,34 @@ an explicit size value, then that size becomes the return value of Otherwise, the return value, .IR bits , is inferred as follows: -.IP \(bu 3 +.IP \[bu] 3 If the most significant byte of the network number is greater than or equal to 240, then .I bits is 32. -.IP \(bu +.IP \[bu] Otherwise, if the most significant byte of the network number is greater than or equal to 224, then .I bits is 4. -.IP \(bu +.IP \[bu] Otherwise, if the most significant byte of the network number is greater than or equal to 192, then .I bits is 24. -.IP \(bu +.IP \[bu] Otherwise, if the most significant byte of the network number is greater than or equal to 128, then .I bits is 16. -.IP \(bu +.IP \[bu] Otherwise, .I bits is 8. diff --git a/man3/inet_pton.3 b/man3/inet_pton.3 index 0a12b12d9..1169bac28 100644 --- a/man3/inet_pton.3 +++ b/man3/inet_pton.3 @@ -64,14 +64,14 @@ which must be (16) bytes (128 bits) long. The allowed formats for IPv6 addresses follow these rules: .RS -.IP \(bu 3 +.IP \[bu] 3 The preferred format is .IR x:x:x:x:x:x:x:x . This form consists of eight hexadecimal numbers, each of which expresses a 16-bit value (i.e., each .I x can be up to 4 hex digits). -.IP \(bu +.IP \[bu] A series of contiguous zero values in the preferred format can be abbreviated to .IR :: . @@ -84,7 +84,7 @@ can be abbreviated as .IR ::1 . The wildcard address, consisting of all zeros, can be written as .IR :: . -.IP \(bu +.IP \[bu] An alternate format is useful for expressing IPv4-mapped IPv6 addresses. This form is written as .IR x:x:x:x:x:x:d.d.d.d , diff --git a/man3/intro.3 b/man3/intro.3 index d6d91f6bd..fd2ac01f5 100644 --- a/man3/intro.3 +++ b/man3/intro.3 @@ -80,11 +80,11 @@ see Section 3 of this manual is organized into subsections that reflect the complex structure of the standard C library and its many implementations: -.IP \(bu 3 +.IP \[bu] 3 3const -.IP \(bu +.IP \[bu] 3head -.IP \(bu +.IP \[bu] 3type .PP This difficult history frequently makes it a poor example to follow diff --git a/man3/mallopt.3 b/man3/mallopt.3 index 513904ef8..f4f31eda3 100644 --- a/man3/mallopt.3 +++ b/man3/mallopt.3 @@ -285,13 +285,13 @@ to modify the program break. (The measurement unit for this parameter is bytes.) This parameter has an effect in the following circumstances: .RS -.IP \(bu 3 +.IP \[bu] 3 When the program break is increased, then .B M_TOP_PAD bytes are added to the .BR sbrk (2) request. -.IP \(bu +.IP \[bu] When the heap is trimmed as a consequence of calling .BR free (3) (see the discussion of diff --git a/man3/mbsnrtowcs.3 b/man3/mbsnrtowcs.3 index 5df6aaeed..2ec6a0ee0 100644 --- a/man3/mbsnrtowcs.3 +++ b/man3/mbsnrtowcs.3 @@ -79,7 +79,7 @@ by one and by the number of bytes consumed. The conversion can stop for three reasons: -.IP \(bu 3 +.IP \[bu] 3 An invalid multibyte sequence has been encountered. In this case, .I *src @@ -90,7 +90,7 @@ and .I errno is set to .BR EILSEQ . -.IP \(bu +.IP \[bu] The .I nms limit forces a stop, @@ -106,7 +106,7 @@ next multibyte sequence to be converted, and the number of wide characters written to .I dest is returned. -.IP \(bu +.IP \[bu] The multibyte string has been completely converted, including the terminating null wide character (\[aq]\e0\[aq]) (which has the side effect of bringing back diff --git a/man3/mbsrtowcs.3 b/man3/mbsrtowcs.3 index e29ea35fb..fc52d661d 100644 --- a/man3/mbsrtowcs.3 +++ b/man3/mbsrtowcs.3 @@ -51,7 +51,7 @@ by one and .I *src by the number of bytes consumed. The conversion can stop for three reasons: -.IP \(bu 3 +.IP \[bu] 3 An invalid multibyte sequence has been encountered. In this case, .I *src @@ -62,7 +62,7 @@ and .I errno is set to .BR EILSEQ . -.IP \(bu +.IP \[bu] .I len non-L\[aq]\e0\[aq] wide characters have been stored at .IR dest . @@ -73,7 +73,7 @@ multibyte sequence to be converted, and the number of wide characters written to .I dest is returned. -.IP \(bu +.IP \[bu] The multibyte string has been completely converted, including the terminating null wide character (\[aq]\e0\[aq]), which has the side effect of bringing back diff --git a/man3/mbstowcs.3 b/man3/mbstowcs.3 index 166af33bc..376006fca 100644 --- a/man3/mbstowcs.3 +++ b/man3/mbstowcs.3 @@ -43,12 +43,12 @@ The sequence of characters in the string .I src shall begin in the initial shift state. The conversion can stop for three reasons: -.IP \(bu 3 +.IP \[bu] 3 An invalid multibyte sequence has been encountered. In this case, .I (size_t)\ \-1 is returned. -.IP \(bu +.IP \[bu] .I n non-L\[aq]\e0\[aq] wide characters have been stored at .IR dest . @@ -56,7 +56,7 @@ In this case, the number of wide characters written to .I dest is returned, but the shift state at this point is lost. -.IP \(bu +.IP \[bu] The multibyte string has been completely converted, including the terminating null character (\[aq]\e0\[aq]). In this case, the number of wide characters written to diff --git a/man3/newlocale.3 b/man3/newlocale.3 index 70dbc7528..3ba72a77d 100644 --- a/man3/newlocale.3 +++ b/man3/newlocale.3 @@ -38,13 +38,13 @@ returning a reference to the new or modified object as the function result. Whether the call creates a new object or modifies an existing object is determined by the value of .IR base : -.IP \(bu 3 +.IP \[bu] 3 If .I base is .IR "(locale_t)\ 0" , a new object is created. -.IP \(bu +.IP \[bu] If .I base refers to valid existing locale object diff --git a/man3/posix_fallocate.3 b/man3/posix_fallocate.3 index ea0933bd5..b0d7ce5ae 100644 --- a/man3/posix_fallocate.3 +++ b/man3/posix_fallocate.3 @@ -147,16 +147,16 @@ system call, which is MT-safe. If the underlying filesystem does not support .BR fallocate (2), then the operation is emulated with the following caveats: -.IP \(bu 3 +.IP \[bu] 3 The emulation is inefficient. -.IP \(bu +.IP \[bu] There is a race condition where concurrent writes from another thread or process could be overwritten with null bytes. -.IP \(bu +.IP \[bu] There is a race condition where concurrent file size increases by another thread or process could result in a file whose size is smaller than expected. -.IP \(bu +.IP \[bu] If .I fd has been opened with the diff --git a/man3/posix_spawn.3 b/man3/posix_spawn.3 index 7509f2fce..1a6daaf82 100644 --- a/man3/posix_spawn.3 +++ b/man3/posix_spawn.3 @@ -168,7 +168,7 @@ Before glibc 2.24, the child process is created using instead of .BR fork (2) when either of the following is true: -.IP \(bu 3 +.IP \[bu] 3 the .I spawn-flags element of the attributes object pointed to by @@ -176,7 +176,7 @@ element of the attributes object pointed to by contains the GNU-specific flag .BR POSIX_SPAWN_USEVFORK ; or -.IP \(bu +.IP \[bu] .I file_actions is NULL and the .I spawn-flags @@ -306,7 +306,7 @@ of the object pointed to by Set the scheduling policy algorithm and parameters of the child, as follows: .RS -.IP \(bu 3 +.IP \[bu] 3 The scheduling policy is set to the value specified in the .I spawn-schedpolicy attribute @@ -315,7 +315,7 @@ attribute .\" .BR posix_spawnattr_setpolicy (3)) of the object pointed to by .IR attrp . -.IP \(bu +.IP \[bu] The scheduling parameters are set to the value specified in the .I spawn-schedparam attribute diff --git a/man3/psignal.3 b/man3/psignal.3 index 067b1d7f6..08229ed69 100644 --- a/man3/psignal.3 +++ b/man3/psignal.3 @@ -103,11 +103,11 @@ POSIX.1-2008, 4.3BSD. Up to glibc 2.12, .BR psiginfo () had the following bugs: -.IP \(bu 3 +.IP \[bu] 3 In some circumstances, a trailing newline is not printed. .\" FIXME . http://sourceware.org/bugzilla/show_bug.cgi?id=12107 .\" Reportedly now fixed; check glibc 2.13 -.IP \(bu +.IP \[bu] Additional details are not displayed for real-time signals. .\" FIXME . http://sourceware.org/bugzilla/show_bug.cgi?id=12108 .\" Reportedly now fixed; check glibc 2.13 diff --git a/man3/pthread_atfork.3 b/man3/pthread_atfork.3 index 71e2ea48e..1875bbdb4 100644 --- a/man3/pthread_atfork.3 +++ b/man3/pthread_atfork.3 @@ -25,17 +25,17 @@ The handlers are executed in the context of the thread that calls .BR fork (2). .PP Three kinds of handler can be registered: -.IP \(bu 3 +.IP \[bu] 3 .I prepare specifies a handler that is executed in the parent process before .BR fork (2) processing starts. -.IP \(bu +.IP \[bu] .I parent specifies a handler that is executed in the parent process after .BR fork (2) processing completes. -.IP \(bu +.IP \[bu] .I child specifies a handler that is executed in the child process after .BR fork (2) diff --git a/man3/pthread_attr_setsigmask_np.3 b/man3/pthread_attr_setsigmask_np.3 index 07c13adac..ff9b0355b 100644 --- a/man3/pthread_attr_setsigmask_np.3 +++ b/man3/pthread_attr_setsigmask_np.3 @@ -108,18 +108,18 @@ that can be used to manipulate and inspect signal sets, see In the absence of .BR pthread_attr_setsigmask_np () it is possible to create a thread with a desired signal mask as follows: -.IP \(bu 3 +.IP \[bu] 3 The creating thread uses .BR pthread_sigmask (3) to save its current signal mask and set its mask to block all signals. -.IP \(bu +.IP \[bu] The new thread is then created using .BR pthread_create (); the new thread will inherit the creating thread's signal mask. -.IP \(bu +.IP \[bu] The new thread sets its signal mask to the desired value using .BR pthread_sigmask (3). -.IP \(bu +.IP \[bu] The creating thread restores its signal mask to the original value. .PP Following the above steps, diff --git a/man3/pthread_cleanup_push.3 b/man3/pthread_cleanup_push.3 index adfbce911..e76bcf282 100644 --- a/man3/pthread_cleanup_push.3 +++ b/man3/pthread_cleanup_push.3 @@ -47,11 +47,11 @@ is nonzero. .PP A cancelation clean-up handler is popped from the stack and executed in the following circumstances: -.IP \(bu 3 +.IP \[bu] 3 When a thread is canceled, all of the stacked clean-up handlers are popped and executed in the reverse of the order in which they were pushed onto the stack. -.IP \(bu +.IP \[bu] When a thread terminates by calling .BR pthread_exit (3), all clean-up handlers are executed as described in the preceding point. @@ -61,7 +61,7 @@ called if the thread terminates by performing a .I return from the thread start function.) -.IP \(bu +.IP \[bu] When a thread calls .BR pthread_cleanup_pop () with a nonzero diff --git a/man3/pthread_create.3 b/man3/pthread_create.3 index 4fa3965f1..5c872641d 100644 --- a/man3/pthread_create.3 +++ b/man3/pthread_create.3 @@ -30,13 +30,13 @@ is passed as the sole argument of .IR start_routine (). .PP The new thread terminates in one of the following ways: -.IP \(bu 3 +.IP \[bu] 3 It calls .BR pthread_exit (3), specifying an exit status value that is available to another thread in the same process that calls .BR pthread_join (3). -.IP \(bu +.IP \[bu] It returns from .IR start_routine (). This is equivalent to calling @@ -44,10 +44,10 @@ This is equivalent to calling with the value supplied in the .I return statement. -.IP \(bu +.IP \[bu] It is canceled (see .BR pthread_cancel (3)). -.IP \(bu +.IP \[bu] Any of the threads in the process calls .BR exit (3), or the main thread performs a return from diff --git a/man3/pthread_getattr_default_np.3 b/man3/pthread_getattr_default_np.3 index 29c795f83..27f9a618f 100644 --- a/man3/pthread_getattr_default_np.3 +++ b/man3/pthread_getattr_default_np.3 @@ -29,13 +29,13 @@ The default attributes are set using the attributes supplied in .IR *attr , a previously initialized thread attributes object. Note the following details about the supplied attributes object: -.IP \(bu 3 +.IP \[bu] 3 The attribute settings in the object must be valid. -.IP \(bu +.IP \[bu] The .I stack address attribute must not be set in the object. -.IP \(bu +.IP \[bu] Setting the .I stack size attribute to zero means leave the default stack size unchanged. diff --git a/man3/pthread_getattr_np.3 b/man3/pthread_getattr_np.3 index dc3b590a8..a1c1b9e7e 100644 --- a/man3/pthread_getattr_np.3 +++ b/man3/pthread_getattr_np.3 @@ -31,13 +31,13 @@ the corresponding attribute values passed in the object that was used to create the thread using .BR pthread_create (3). In particular, the following attributes may differ: -.IP \(bu 3 +.IP \[bu] 3 the detach state, since a joinable thread may have detached itself after creation; -.IP \(bu +.IP \[bu] the stack size, which the implementation may align to a suitable boundary. -.IP \(bu +.IP \[bu] and the guard size, which the implementation may round upward to a multiple of the page size, or ignore (i.e., treat as 0), diff --git a/man3/readdir_r.3 b/man3/readdir_r.3 index 31eab8547..cb4cea710 100644 --- a/man3/readdir_r.3 +++ b/man3/readdir_r.3 @@ -60,14 +60,14 @@ instead of Furthermore, since glibc 2.24, glibc deprecates .BR readdir_r (). The reasons are as follows: -.IP \(bu 3 +.IP \[bu] 3 On systems where .B NAME_MAX is undefined, calling .BR readdir_r () may be unsafe because the interface does not allow the caller to specify the length of the buffer used for the returned directory entry. -.IP \(bu +.IP \[bu] On some systems, .BR readdir_r () can't read directory entries with very long names. @@ -81,7 +81,7 @@ On some other systems, may return a success status, but the returned .I d_name field may not be null terminated or may be truncated. -.IP \(bu +.IP \[bu] In the current POSIX.1 specification (POSIX.1-2008), .BR readdir (3) is not required to be thread-safe. @@ -98,7 +98,7 @@ using with external synchronization is still preferable to the use of .BR readdir_r (), for the reasons given in the points above. -.IP \(bu +.IP \[bu] It is expected that a future version of POSIX.1 .\" FIXME . .\" http://www.austingroupbugs.net/view.php?id=696 diff --git a/man3/setjmp.3 b/man3/setjmp.3 index 8842b9395..c66a42503 100644 --- a/man3/setjmp.3 +++ b/man3/setjmp.3 @@ -212,17 +212,17 @@ Consequently, the values of automatic variables are unspecified after a call to .BR longjmp () if they meet all the following criteria: -.IP \(bu 3 +.IP \[bu] 3 they are local to the function that made the corresponding .BR setjmp () call; -.IP \(bu +.IP \[bu] their values are changed between the calls to .BR setjmp () and .BR longjmp (); and -.IP \(bu +.IP \[bu] they are not declared as .IR volatile . .PP @@ -302,12 +302,12 @@ that occur upon a return from the initial call to the behavior is undefined if the program subsequently makes a call to a non-async-signal-safe function. The only way of avoiding undefined behavior is to ensure one of the following: -.IP \(bu 3 +.IP \[bu] 3 After long jumping from the signal handler, the program does not call any non-async-signal-safe functions and does not return from the initial call to .IR main (). -.IP \(bu +.IP \[bu] Any signal whose handler performs a long jump must be blocked during .I every call to a non-async-signal-safe function and diff --git a/man3/setlocale.3 b/man3/setlocale.3 index 43b649840..314dfa0f4 100644 --- a/man3/setlocale.3 +++ b/man3/setlocale.3 @@ -153,20 +153,20 @@ setlocale(LC_ALL, ""); .in .PP after program initialization, and then: -.IP \(bu 3 +.IP \[bu] 3 using the values returned from a .BR localeconv (3) call for locale-dependent information; -.IP \(bu +.IP \[bu] using the multibyte and wide character functions for text processing if .BR "MB_CUR_MAX > 1" ; -.IP \(bu +.IP \[bu] using .BR strcoll (3) and .BR strxfrm (3) to compare strings; and -.IP \(bu +.IP \[bu] using .BR wcscoll (3) and diff --git a/man3/sigpause.3 b/man3/sigpause.3 index af752cb65..78b0608b2 100644 --- a/man3/sigpause.3 +++ b/man3/sigpause.3 @@ -102,11 +102,11 @@ or is defined. Otherwise, the System V version is used, and feature test macros must be defined as follows to obtain the declaration: -.IP \(bu 3 +.IP \[bu] 3 Since glibc 2.26: _XOPEN_SOURCE >= 500 .\" || (_XOPEN_SOURCE && _XOPEN_SOURCE_EXTENDED) -.IP \(bu +.IP \[bu] glibc 2.25 and earlier: _XOPEN_SOURCE .PP Since glibc 2.19, only the System V version is exposed by diff --git a/man3/sigwait.3 b/man3/sigwait.3 index 1015b75b9..321a182fe 100644 --- a/man3/sigwait.3 +++ b/man3/sigwait.3 @@ -46,12 +46,12 @@ The operation of is the same as .BR sigwaitinfo (2), except that: -.IP \(bu 3 +.IP \[bu] 3 .BR sigwait () returns only the signal number, rather than a .I siginfo_t structure describing the signal. -.IP \(bu +.IP \[bu] The return values of the two functions are different. .SH RETURN VALUE On success, diff --git a/man3/sscanf.3 b/man3/sscanf.3 index 4a13b9dd2..5813e2672 100644 --- a/man3/sscanf.3 +++ b/man3/sscanf.3 @@ -105,17 +105,17 @@ meaning that the input was inappropriate (see below). .PP A directive is one of the following: .TP -\(bu +\[bu] A sequence of white-space characters (space, tab, newline, etc.; see .BR isspace (3)). This directive matches any amount of white space, including none, in the input. .TP -\(bu +\[bu] An ordinary character (i.e., one other than white space or \[aq]%\[aq]). This character must exactly match the next character of input. .TP -\(bu +\[bu] A conversion specification, which commences with a \[aq]%\[aq] (percent) character. A sequence of characters from the input is converted according to @@ -134,7 +134,7 @@ begins with either the character \[aq]%\[aq] or the character sequence "\fB%\fP\fIn\fP\fB$\fP" (see below for the distinction) followed by: .TP -\(bu +\[bu] An optional \[aq]*\[aq] assignment-suppression character: .BR sscanf () reads input as directed by the conversion specification, @@ -145,7 +145,7 @@ argument is required, and this specification is not included in the count of successful assignments returned by .BR scanf (). .TP -\(bu +\[bu] For decimal conversions, an optional quote character (\[aq]). This specifies that the input number may include thousands' separators as defined by the @@ -156,7 +156,7 @@ category of the current locale. The quote character may precede or follow the \[aq]*\[aq] assignment-suppression character. .TP -\(bu +\[bu] An optional \[aq]m\[aq] character. This is used with string conversions .RI ( %s , @@ -175,7 +175,7 @@ The caller should subsequently .BR free (3) this buffer when it is no longer required. .TP -\(bu +\[bu] An optional decimal integer which specifies the .IR "maximum field width" . Reading of characters stops either when this maximum is reached or @@ -187,7 +187,7 @@ String input conversions store a terminating null byte (\[aq]\e0\[aq]) to mark the end of the input; the maximum field width does not include this terminator. .TP -\(bu +\[bu] An optional .IR "type modifier character" . For example, the @@ -201,7 +201,7 @@ argument refers to a rather than a pointer to an .IR int . .TP -\(bu +\[bu] A .I "conversion specifier" that specifies the type of input conversion to be performed. @@ -641,12 +641,12 @@ As well as being standardized by POSIX, the modifier has the following further advantages over the use of .BR a : -.IP \(bu 3 +.IP \[bu] 3 It may also be applied to .B %c conversion specifiers (e.g., .BR %3mc ). -.IP \(bu +.IP \[bu] It avoids ambiguity with respect to the .B %a floating-point conversion specifier (and is unaffected by diff --git a/man3/strcmp.3 b/man3/strcmp.3 index 5a48a745f..8a2ee35f9 100644 --- a/man3/strcmp.3 +++ b/man3/strcmp.3 @@ -37,18 +37,18 @@ The comparison is done using unsigned characters. .PP .BR strcmp () returns an integer indicating the result of the comparison, as follows: -.IP \(bu 3 +.IP \[bu] 3 0, if the .I s1 and .I s2 are equal; -.IP \(bu +.IP \[bu] a negative value if .I s1 is less than .IR s2 ; -.IP \(bu +.IP \[bu] a positive value if .I s1 is greater than diff --git a/man3/strsep.3 b/man3/strsep.3 index 0a3bc635d..794ddbec5 100644 --- a/man3/strsep.3 +++ b/man3/strsep.3 @@ -96,11 +96,11 @@ conforms to C99 and hence is more portable. .SH BUGS Be cautious when using this function. If you do use it, note that: -.IP \(bu 3 +.IP \[bu] 3 This function modifies its first argument. -.IP \(bu +.IP \[bu] This function cannot be used on constant strings. -.IP \(bu +.IP \[bu] The identity of the delimiting character is lost. .SH EXAMPLES The program below is a port of the one found in diff --git a/man3/strtok.3 b/man3/strtok.3 index 4b184f806..9c80c2823 100644 --- a/man3/strtok.3 +++ b/man3/strtok.3 @@ -189,13 +189,13 @@ that is being used to parse .SH BUGS Be cautious when using these functions. If you do use them, note that: -.IP \(bu 3 +.IP \[bu] 3 These functions modify their first argument. -.IP \(bu +.IP \[bu] These functions cannot be used on constant strings. -.IP \(bu +.IP \[bu] The identity of the delimiting byte is lost. -.IP \(bu +.IP \[bu] The .BR strtok () function uses a static buffer while parsing, so it's not thread safe. diff --git a/man3/sysconf.3 b/man3/sysconf.3 index dd22275ea..2650cfa86 100644 --- a/man3/sysconf.3 +++ b/man3/sysconf.3 @@ -311,7 +311,7 @@ See also The return value of .BR sysconf () is one of the following: -.IP \(bu 3 +.IP \[bu] 3 On error, \-1 is returned and .I errno is set to indicate the error @@ -320,7 +320,7 @@ is set to indicate the error indicating that .I name is invalid). -.IP \(bu +.IP \[bu] If .I name corresponds to a maximum or minimum limit, and that limit is indeterminate, @@ -332,13 +332,13 @@ is not changed. to zero before the call, and then check whether .I errno is nonzero when \-1 is returned.) -.IP \(bu +.IP \[bu] If .I name corresponds to an option, a positive value is returned if the option is supported, and \-1 is returned if the option is not supported. -.IP \(bu +.IP \[bu] Otherwise, the current value of the option or limit is returned. This value will not be more restrictive than diff --git a/man3/system.3 b/man3/system.3 index ecd30fbb7..414968fd7 100644 --- a/man3/system.3 +++ b/man3/system.3 @@ -62,23 +62,23 @@ returns a status indicating whether a shell is available on the system. The return value of .BR system () is one of the following: -.IP \(bu 3 +.IP \[bu] 3 If .I command is NULL, then a nonzero value if a shell is available, or 0 if no shell is available. -.IP \(bu +.IP \[bu] If a child process could not be created, or its status could not be retrieved, the return value is \-1 and .I errno is set to indicate the error. -.IP \(bu +.IP \[bu] If a shell could not be executed in the child process, then the return value is as though the child shell terminated by calling .BR _exit (2) with the status 127. -.IP \(bu +.IP \[bu] If all system calls succeed, then the return value is the termination status of the child shell used to execute diff --git a/man3/termios.3 b/man3/termios.3 index cb983d190..2d7fc69a5 100644 --- a/man3/termios.3 +++ b/man3/termios.3 @@ -702,14 +702,14 @@ By default, is set. .PP In canonical mode: -.IP \(bu 3 +.IP \[bu] 3 Input is made available line by line. An input line is available when one of the line delimiters is typed (NL, EOL, EOL2; or EOF at the start of line). Except in the case of EOF, the line delimiter is included in the buffer returned by .BR read (2). -.IP \(bu +.IP \[bu] Line editing is enabled (ERASE, KILL; and if the .B IEXTEN @@ -722,7 +722,7 @@ requested fewer bytes than are available in the current line of input, then only as many bytes as requested are read, and the remaining characters will be available for a future .BR read (2). -.IP \(bu +.IP \[bu] The maximum line length is 4096 chars (including the terminating newline character); lines longer than 4096 chars are truncated. @@ -786,11 +786,11 @@ the timer is restarted after each further byte is received. .BR read (2) returns when any of the following conditions is met: .RS -.IP \(bu 3 +.IP \[bu] 3 MIN bytes have been received. -.IP \(bu +.IP \[bu] The interbyte timer expires. -.IP \(bu +.IP \[bu] The number of bytes requested by .BR read (2) has been received. diff --git a/man3/wcsnrtombs.3 b/man3/wcsnrtombs.3 index 3752f8a92..2b9d38781 100644 --- a/man3/wcsnrtombs.3 +++ b/man3/wcsnrtombs.3 @@ -79,7 +79,7 @@ number of bytes written and .I *src by one. The conversion can stop for three reasons: -.IP \(bu 3 +.IP \[bu] 3 A wide character has been encountered that can not be represented as a multibyte sequence (according to the current locale). In this case, @@ -91,7 +91,7 @@ and .I errno is set to .BR EILSEQ . -.IP \(bu +.IP \[bu] .I nwc wide characters have been converted without encountering a null wide character (L\[aq]\e0\[aq]), @@ -103,7 +103,7 @@ to the next wide character to be converted, and the number of bytes written to .I dest is returned. -.IP \(bu +.IP \[bu] The wide-character string has been completely converted, including the terminating null wide character (which has the side effect of bringing back .I *ps diff --git a/man3/wcsrtombs.3 b/man3/wcsrtombs.3 index 0bc8b753c..5503b99c5 100644 --- a/man3/wcsrtombs.3 +++ b/man3/wcsrtombs.3 @@ -52,7 +52,7 @@ number of bytes written and .I *src by one. The conversion can stop for three reasons: -.IP \(bu 3 +.IP \[bu] 3 A wide character has been encountered that can not be represented as a multibyte sequence (according to the current locale). In this case, @@ -64,7 +64,7 @@ and .I errno is set to .BR EILSEQ . -.IP \(bu +.IP \[bu] The length limit forces a stop. In this case, .I *src @@ -73,7 +73,7 @@ to the next wide character to be converted, and the number of bytes written to .I dest is returned. -.IP \(bu +.IP \[bu] The wide-character string has been completely converted, including the terminating null wide character (L\[aq]\e0\[aq]), which has the side effect of bringing back diff --git a/man3/wcstombs.3 b/man3/wcstombs.3 index 142862374..f13218d97 100644 --- a/man3/wcstombs.3 +++ b/man3/wcstombs.3 @@ -41,18 +41,18 @@ The sequence of characters placed in .I dest begins in the initial shift state. The conversion can stop for three reasons: -.IP \(bu 3 +.IP \[bu] 3 A wide character has been encountered that can not be represented as a multibyte sequence (according to the current locale). In this case, .I (size_t)\ \-1 is returned. -.IP \(bu +.IP \[bu] The length limit forces a stop. In this case, the number of bytes written to .I dest is returned, but the shift state at this point is lost. -.IP \(bu +.IP \[bu] The wide-character string has been completely converted, including the terminating null wide character (L\[aq]\e0\[aq]). In this case, the conversion ends in the initial shift state. diff --git a/man3/wprintf.3 b/man3/wprintf.3 index 99f8ad5e1..38feff7f1 100644 --- a/man3/wprintf.3 +++ b/man3/wprintf.3 @@ -109,15 +109,15 @@ the functions except for the following differences: .TP -.B \(bu +.B \[bu] The .I format string is a wide-character string. .TP -.B \(bu +.B \[bu] The output consists of wide characters, not bytes. .TP -.B \(bu +.B \[bu] .BR swprintf () and .BR vswprintf () diff --git a/man4/fuse.4 b/man4/fuse.4 index dc1ec8a85..0d9ed06ac 100644 --- a/man4/fuse.4 +++ b/man4/fuse.4 @@ -471,11 +471,11 @@ operations on the provided filesystem's files and directories to fail with .BR EIO . Among the possible incorrect uses are: .RS -.IP \(bu 3 +.IP \[bu] 3 changing .I mode & S_IFMT for an inode that has previously been reported to the kernel; or -.IP \(bu +.IP \[bu] giving replies to the kernel that are shorter than what the kernel expected. .RE .TP diff --git a/man4/initrd.4 b/man4/initrd.4 index 20d561829..08df8e6a9 100644 --- a/man4/initrd.4 +++ b/man4/initrd.4 @@ -419,7 +419,7 @@ from the CD-ROM. .\" .\" .SH NOTES -.IP \(bu 3 +.IP \[bu] 3 With the current kernel, any filesystems that remain mounted when .I /dev/ram0 is moved from @@ -430,7 +430,7 @@ continue to be accessible. However, the .I /proc/mounts entries are not updated. -.IP \(bu +.IP \[bu] With the current kernel, if directory .I /initrd does not exist, then @@ -447,7 +447,7 @@ is fully unmounted, then .I /dev/ram0 will remain in memory. -.IP \(bu +.IP \[bu] Users of .I /dev/initrd should not depend on the behavior given in the above notes. diff --git a/man4/lirc.4 b/man4/lirc.4 index 68f665fc7..d4461d479 100644 --- a/man4/lirc.4 +++ b/man4/lirc.4 @@ -259,10 +259,10 @@ is 0) timeout packages in .BR LIRC_MODE_MODE2 . The behavior of this operation has varied across kernel versions: .RS -.IP \(bu 3 +.IP \[bu] 3 Since Linux 5.17: timeout packages are always enabled and this ioctl is a no-op. -.IP \(bu +.IP \[bu] Since Linux 4.16: timeout packages are enabled by default. Each time the @@ -271,7 +271,7 @@ device is opened, the .B LIRC_SET_REC_TIMEOUT operation can be used to disable (and, if desired, to later re-enable) the timeout on the file descriptor. -.IP \(bu +.IP \[bu] In Linux 4.15 and earlier: timeout packages are disabled by default, and enabling them (via .BR LIRC_SET_REC_TIMEOUT ) diff --git a/man4/loop.4 b/man4/loop.4 index 9002d6717..5f923d1ba 100644 --- a/man4/loop.4 +++ b/man4/loop.4 @@ -199,16 +199,16 @@ can do, .B LOOP_CONFIGURE can also be used to do the following: .RS -.IP \(bu 3 +.IP \[bu] 3 set the correct block size immediately by setting .IR loop_config.block_size ; -.IP \(bu +.IP \[bu] explicitly request direct I/O mode by setting .B LO_FLAGS_DIRECT_IO in .IR loop_config.info.lo_flags ; and -.IP \(bu +.IP \[bu] explicitly request read-only mode by setting .B LO_FLAGS_READ_ONLY in diff --git a/man4/rtc.4 b/man4/rtc.4 index 769ff7804..55dc1ff6b 100644 --- a/man4/rtc.4 +++ b/man4/rtc.4 @@ -66,12 +66,12 @@ requests listed below. .PP Besides tracking the date and time, many RTCs can also generate interrupts -.IP \(bu 3 +.IP \[bu] 3 on every clock update (i.e., once per second); -.IP \(bu +.IP \[bu] at periodic intervals with a frequency that can be set to any power-of-2 multiple in the range 2 Hz to 8192 Hz; -.IP \(bu +.IP \[bu] on reaching a previously specified alarm time. .PP Each of those interrupt sources can be enabled or disabled separately. @@ -31,11 +31,11 @@ where is the number of the physical drive in order of detection, and .I partition_number is as follows: -.IP \(bu 3 +.IP \[bu] 3 partition 0 is the whole drive -.IP \(bu +.IP \[bu] partitions 1\[en]4 are the DOS "primary" partitions -.IP \(bu +.IP \[bu] partitions 5\[en]8 are the DOS "extended" (or "logical") partitions .PP For example, @@ -886,7 +886,7 @@ the nonrewind SCSI tape devices .\" Several other .\" people have also contributed to the driver. .SH NOTES -.IP \(bu 3 +.IP \[bu] 3 When exchanging data between systems, both systems have to agree on the physical tape block size. The parameters of a drive after startup @@ -906,26 +906,26 @@ exchanging data with a foreign system. The drawback of this is that a fairly large tape block size has to be used to get acceptable data transfer rates on the SCSI bus. -.IP \(bu +.IP \[bu] Many programs (e.g., .BR tar (1)) allow the user to specify the blocking factor on the command line. Note that this determines the physical block size on tape only in variable-block mode. -.IP \(bu +.IP \[bu] In order to use SCSI tape drives, the basic SCSI driver, a SCSI-adapter driver and the SCSI tape driver must be either configured into the kernel or loaded as modules. If the SCSI-tape driver is not present, the drive is recognized but the tape support described in this page is not available. -.IP \(bu +.IP \[bu] The driver writes error messages to the console/log. The SENSE codes written into some messages are automatically translated to text if verbose SCSI messages are enabled in kernel configuration. -.IP \(bu +.IP \[bu] The driver's internal buffering allows good throughput in fixed-block mode also with small .BR read (2) diff --git a/man5/core.5 b/man5/core.5 index 4b8c8290b..816712149 100644 --- a/man5/core.5 +++ b/man5/core.5 @@ -26,7 +26,7 @@ for details. .PP There are various circumstances in which a core dump file is not produced: -.IP \(bu 3 +.IP \[bu] 3 The process does not have permission to write the core file. (By default, the core file is called .I core @@ -43,18 +43,18 @@ or if a file with the same name exists and is not writable or is not a regular file (e.g., it is a directory or a symbolic link). -.IP \(bu +.IP \[bu] A (writable, regular) file with the same name as would be used for the core dump already exists, but there is more than one hard link to that file. -.IP \(bu +.IP \[bu] The filesystem where the core dump file would be created is full; or has run out of inodes; or is mounted read-only; or the user has reached their quota for the filesystem. -.IP \(bu +.IP \[bu] The directory in which the core dump file is to be created does not exist. -.IP \(bu +.IP \[bu] The .B RLIMIT_CORE (core file size) or @@ -70,14 +70,14 @@ in However, .B RLIMIT_CORE will be ignored if the system is configured to pipe core dumps to a program. -.IP \(bu +.IP \[bu] The binary being executed by the process does not have read permission enabled. (This is a security measure to ensure that an executable whose contents are not readable does not produce a\[em]possibly readable\[em]core dump containing an image of the executable.) -.IP \(bu +.IP \[bu] The process is executing a set-user-ID (set-group-ID) program that is owned by a user (group) other than the real user (group) ID of the process, @@ -92,7 +92,7 @@ operation, and the description of the .\" and PR_SET_DUMPABLE to this page? file in .BR proc (5).) -.IP \(bu +.IP \[bu] .I /proc/sys/kernel/core_pattern is empty and .I /proc/sys/kernel/core_uses_pid @@ -109,7 +109,7 @@ and such files are hidden unless one uses the .BR ls (1) .I \-a option. -.IP \(bu +.IP \[bu] (Since Linux 3.7) .\" commit 046d662f481830e652ac34cd112249adde16452a The kernel was configured without the @@ -287,33 +287,33 @@ the executable name. Instead of being written to a file, the core dump is given as standard input to the program. Note the following points: -.IP \(bu 3 +.IP \[bu] 3 The program must be specified using an absolute pathname (or a pathname relative to the root directory, \fI/\fP), and must immediately follow the '|' character. -.IP \(bu +.IP \[bu] The command-line arguments can include any of the % specifiers listed above. For example, to pass the PID of the process that is being dumped, specify .I %p in an argument. -.IP \(bu +.IP \[bu] The process created to run the program runs as user and group .IR root . -.IP \(bu +.IP \[bu] Running as .I root does not confer any exceptional security bypasses. Namely, LSMs (e.g., SELinux) are still active and may prevent the handler from accessing details about the crashed process via .IR /proc/ pid. -.IP \(bu +.IP \[bu] The program pathname is interpreted with respect to the initial mount namespace as it is always executed there. It is not affected by the settings (e.g., root directory, mount namespace, current working directory) of the crashing process. -.IP \(bu +.IP \[bu] The process runs in the initial namespaces (PID, mount, user, and so on) and not in the namespaces of the crashing process. @@ -322,7 +322,7 @@ One can utilize specifiers such as to find the right .IR /proc/ pid directory and probe/enter the crashing process's namespaces if needed. -.IP \(bu +.IP \[bu] The process starts with its current working directory as the root directory. If desired, it is possible change to the working directory of @@ -330,11 +330,11 @@ the dumping process by employing the value provided by the .I %P specifier to change to the location of the dumping process via .IR /proc/ pid /cwd . -.IP \(bu +.IP \[bu] Command-line arguments can be supplied to the program (since Linux 2.6.24), delimited by white space (up to a total line length of 128 bytes). -.IP \(bu +.IP \[bu] The .B RLIMIT_CORE limit is not enforced for core dumps that are piped to a program diff --git a/man5/locale.5 b/man5/locale.5 index 77771438e..b0a21560f 100644 --- a/man5/locale.5 +++ b/man5/locale.5 @@ -58,32 +58,32 @@ provided locale definition file should be used as a reference to follow common glibc conventions. .SS Locale category sections The following category sections are defined by POSIX: -.IP \(bu 3 +.IP \[bu] 3 .B LC_CTYPE -.IP \(bu +.IP \[bu] .B LC_COLLATE -.IP \(bu +.IP \[bu] .B LC_MESSAGES -.IP \(bu +.IP \[bu] .B LC_MONETARY -.IP \(bu +.IP \[bu] .B LC_NUMERIC -.IP \(bu +.IP \[bu] .B LC_TIME .PP In addition, since glibc 2.2, the GNU C library supports the following nonstandard categories: -.IP \(bu 3 +.IP \[bu] 3 .B LC_ADDRESS -.IP \(bu +.IP \[bu] .B LC_IDENTIFICATION -.IP \(bu +.IP \[bu] .B LC_MEASUREMENT -.IP \(bu +.IP \[bu] .B LC_NAME -.IP \(bu +.IP \[bu] .B LC_PAPER -.IP \(bu +.IP \[bu] .B LC_TELEPHONE .PP See @@ -1262,7 +1262,7 @@ and states at https://sourceware.org/glibc/wiki/Locales the following: -.IP \(bu 3 +.IP \[bu] 3 The value of the second .I week list item specifies the base of the @@ -1270,14 +1270,14 @@ list item specifies the base of the and .I day lists. -.IP \(bu +.IP \[bu] .I first_weekday specifies the offset of the first day-of-week in the .I abday and .I day lists. -.IP \(bu +.IP \[bu] For compatibility reasons, all glibc locales should set the value of the second .I week diff --git a/man5/nscd.conf.5 b/man5/nscd.conf.5 index fa330d296..154a99b6c 100644 --- a/man5/nscd.conf.5 +++ b/man5/nscd.conf.5 @@ -299,25 +299,25 @@ the value of the attribute. .PP Please consider the following advice carefully: -.IP \(bu 3 +.IP \[bu] 3 If your application will make a second request for the same name, after more than 1 TTL but before .B reload\-count TTLs, and is sensitive to the latency of a cache miss, then reloading may be a good idea for you. -.IP \(bu +.IP \[bu] If your name service is configured to return very short TTLs, and your applications only make requests rarely under normal circumstances, then reloading may result in additional load on your backing name service without any benefit to applications, which is probably a bad idea for you. -.IP \(bu +.IP \[bu] If your name service capacity is limited, reloading may have the surprising effect of increasing load on your name service instead of reducing it, and may be a bad idea for you. -.IP \(bu +.IP \[bu] Setting .B reload\-count to diff --git a/man5/nsswitch.conf.5 b/man5/nsswitch.conf.5 index 4d0cbc9dc..53b590fd2 100644 --- a/man5/nsswitch.conf.5 +++ b/man5/nsswitch.conf.5 @@ -122,11 +122,11 @@ services: nis [NOTFOUND=return] files .PP The first column is the database name. The remaining columns specify: -.IP \(bu 3 +.IP \[bu] 3 One or more service specifications, for example, "files", "db", or "nis". The order of the services on the line determines the order in which those services will be queried, in turn, until a result is found. -.IP \(bu +.IP \[bu] Optional actions to perform if a particular result is obtained from the preceding service, for example, "[NOTFOUND=return]". .PP diff --git a/man5/proc.5 b/man5/proc.5 index 6efdc51cb..7d09da6bb 100644 --- a/man5/proc.5 +++ b/man5/proc.5 @@ -245,12 +245,12 @@ things work as expected for the container "root" user. .IP The process's "dumpable" attribute may change for the following reasons: .RS -.IP \(bu 3 +.IP \[bu] 3 The attribute was explicitly set via the .BR prctl (2) .B PR_SET_DUMPABLE operation. -.IP \(bu +.IP \[bu] The attribute was reset to the value in the file .I /proc/sys/fs/suid_dumpable (described below), for the reasons described in @@ -1653,7 +1653,7 @@ with increases (+) or decreases (\-) for factors including: .\" See mm/oom_kill.c::oom_badness() after Linux 2.6.36 .\" commit a63d83f427fbce97a6cea0db2e64b0eb8435cd10 .RS -.IP \(bu 3 +.IP \[bu] 3 whether the process is privileged (\-). .\" More precisely, if it has CAP_SYS_ADMIN or (pre 2.6.36) CAP_SYS_RESOURCE .RE @@ -1661,16 +1661,16 @@ whether the process is privileged (\-). Before Linux 2.6.36 the following factors were also used in the calculation of oom_score: .RS -.IP \(bu 3 +.IP \[bu] 3 whether the process creates a lot of children using .BR fork (2) (+); -.IP \(bu +.IP \[bu] whether the process has been running a long time, or has used a lot of CPU time (\-); -.IP \(bu +.IP \[bu] whether the process has a low nice value (i.e., > 0) (+); and -.IP \(bu +.IP \[bu] whether the process is making direct hardware access (\-). .\" More precisely, if it has CAP_SYS_RAWIO .RE @@ -4316,16 +4316,16 @@ pseudo-file. This value is not reliable, for the following reasons: .\" See kernel commit 9c240d757658a3ae9968dd309e674c61f07c7f48 .RS -.IP \(bu 3 +.IP \[bu] 3 The CPU will not wait for I/O to complete; iowait is the time that a task is waiting for I/O to complete. When a CPU goes into idle state for outstanding task I/O, another task will be scheduled on this CPU. -.IP \(bu +.IP \[bu] On a multi-core CPU, the task waiting for I/O to complete is not running on any CPU, so the iowait of each CPU is difficult to calculate. -.IP \(bu +.IP \[bu] The value in this field may .I decrease in certain conditions. @@ -4484,19 +4484,19 @@ The file contains six numbers, .I want_pages (pages requested by system) and two dummy values. .RS -.IP \(bu 3 +.IP \[bu] 3 .I nr_dentry is the number of allocated dentries (dcache entries). This field is unused in Linux 2.2. -.IP \(bu +.IP \[bu] .I nr_unused is the number of unused dentries. -.IP \(bu +.IP \[bu] .I age_limit .\" looks like this is unused in Linux 2.2 to Linux 2.6 is the age in seconds after which dcache entries can be reclaimed when memory is short. -.IP \(bu +.IP \[bu] .I want_pages .\" looks like this is unused in Linux 2.2 to Linux 2.6 is nonzero when the kernel has called shrink_dcache_pages() and the @@ -4725,28 +4725,28 @@ When the value in this file is 1, a hard link can be created to a target file only if one of the following conditions is true: .RS -.IP \(bu 3 +.IP \[bu] 3 The calling process has the .B CAP_FOWNER capability in its user namespace and the file UID has a mapping in the namespace. -.IP \(bu +.IP \[bu] The filesystem UID of the process creating the link matches the owner (UID) of the target file (as described in .BR credentials (7), a process's filesystem UID is normally the same as its effective UID). -.IP \(bu +.IP \[bu] All of the following conditions are true: .RS 4 -.IP \(bu 3 +.IP \[bu] 3 the target is a regular file; -.IP \(bu +.IP \[bu] the target file does not have its set-user-ID mode bit enabled; -.IP \(bu +.IP \[bu] the target file does not have both its set-group-ID and group-executable mode bits enabled; and -.IP \(bu +.IP \[bu] the caller has permission to read and write the target file (either via the file's permissions mask or because it has suitable capabilities). @@ -4801,15 +4801,15 @@ no restrictions are placed on following symbolic links When the value in this file is 1, symbolic links are followed only in the following circumstances: .RS -.IP \(bu 3 +.IP \[bu] 3 the filesystem UID of the process following the link matches the owner (UID) of the symbolic link (as described in .BR credentials (7), a process's filesystem UID is normally the same as its effective UID); -.IP \(bu +.IP \[bu] the link is not in a sticky world-writable directory; or -.IP \(bu +.IP \[bu] the symbolic link and its parent directory have the same owner (UID) .RE .IP @@ -5890,18 +5890,18 @@ CommitLimit = (total_RAM \- total_huge_TLB) * .IP where: .RS -.IP \(bu 3 +.IP \[bu] 3 .I total_RAM is the total amount of RAM on the system; -.IP \(bu +.IP \[bu] .I total_huge_TLB is the amount of memory set aside for huge pages; -.IP \(bu +.IP \[bu] .I overcommit_ratio is the value in .IR /proc/sys/vm/overcommit_ratio ; and -.IP \(bu +.IP \[bu] .I total_swap is the amount of swap space. .RE diff --git a/man5/rpc.5 b/man5/rpc.5 index 29bc354a6..cecc2f607 100644 --- a/man5/rpc.5 +++ b/man5/rpc.5 @@ -20,11 +20,11 @@ can be used in place of RPC program numbers. Each line has the following information: .PP .PD 0 -.IP \(bu 3 +.IP \[bu] 3 name of server for the RPC program -.IP \(bu +.IP \[bu] RPC program number -.IP \(bu +.IP \[bu] aliases .PD .PP diff --git a/man5/slabinfo.5 b/man5/slabinfo.5 index 6f286d3d9..5ee659f8e 100644 --- a/man5/slabinfo.5 +++ b/man5/slabinfo.5 @@ -39,11 +39,11 @@ The next line lists the names of the columns in the remaining lines. Each of the remaining lines displays information about a specified cache. Following the cache name, the output shown in each line shows three components for each cache: -.IP \(bu 3 +.IP \[bu] 3 statistics -.IP \(bu +.IP \[bu] tunables -.IP \(bu +.IP \[bu] slabdata .PP The statistics are as follows: diff --git a/man5/tmpfs.5 b/man5/tmpfs.5 index 1efdbd5fc..09d955898 100644 --- a/man5/tmpfs.5 +++ b/man5/tmpfs.5 @@ -27,13 +27,13 @@ $ sudo mount \-t tmpfs \-o size=10M tmpfs /mnt/mytmpfs A .B tmpfs filesystem has the following properties: -.IP \(bu 3 +.IP \[bu] 3 The filesystem can employ swap space when physical memory pressure demands it. -.IP \(bu +.IP \[bu] The filesystem consumes only as much physical memory and swap space as is required to store the current contents of the filesystem. -.IP \(bu +.IP \[bu] During a remount operation .RI ( "mount\ \-o\ remount" ), the filesystem size can be changed diff --git a/man7/bpf-helpers.7 b/man7/bpf-helpers.7 index 46441f0f2..14523f025 100644 --- a/man7/bpf-helpers.7 +++ b/man7/bpf-helpers.7 @@ -184,26 +184,26 @@ In the above: .INDENT 7.0 .INDENT 3.5 .INDENT 0.0 -.IP \(bu 2 +.IP \[bu] 2 \fBtelnet\fP is the name of the current task. -.IP \(bu 2 +.IP \[bu] 2 \fB470\fP is the PID of the current task. -.IP \(bu 2 +.IP \[bu] 2 \fB001\fP is the CPU number on which the task is running. -.IP \(bu 2 +.IP \[bu] 2 In \fB\&.N..\fP, each character refers to a set of options (whether irqs are enabled, scheduling options, whether hard/softirqs are running, level of preempt_disabled respectively). \fBN\fP means that \fBTIF_NEED_RESCHED\fP and \fBPREEMPT_NEED_RESCHED\fP are set. -.IP \(bu 2 +.IP \[bu] 2 \fB419421.045894\fP is a timestamp. -.IP \(bu 2 +.IP \[bu] 2 \fB0x00000001\fP is a fake value used by BPF for the instruction pointer register. -.IP \(bu 2 +.IP \[bu] 2 \fB<formatted msg>\fP is the message formatted with \fIfmt\fP\&. .UNINDENT @@ -752,11 +752,11 @@ and can be used with programs attached to TC or XDP as well, where it allows for passing data to user space listeners. Data can be: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 Only custom structs, -.IP \(bu 2 +.IP \[bu] 2 Only the packet payload, or -.IP \(bu 2 +.IP \[bu] 2 A combination of both. .UNINDENT .TP @@ -854,13 +854,13 @@ to the helper). .sp This is flexible enough to be used in several ways: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 With \fIfrom_size\fP == 0, \fIto_size\fP > 0 and \fIseed\fP set to checksum, it can be used when pushing new data. -.IP \(bu 2 +.IP \[bu] 2 With \fIfrom_size\fP > 0, \fIto_size\fP == 0 and \fIseed\fP set to checksum, it can be used when removing data from a packet. -.IP \(bu 2 +.IP \[bu] 2 With \fIfrom_size\fP > 0, \fIto_size\fP > 0 and \fIseed\fP set to 0, it can be used to compute a diff. Note that \fIfrom_size\fP and \fIto_size\fP do not need to be equal. @@ -987,11 +987,11 @@ Check whether \fIskb\fP is a descendant of the cgroup2 held by .B Return The return value depends on the result of the test, and can be: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 0, if the \fIskb\fP failed the cgroup2 descendant test. -.IP \(bu 2 +.IP \[bu] 2 1, if the \fIskb\fP succeeded the cgroup2 descendant test. -.IP \(bu 2 +.IP \[bu] 2 A negative error code, if an error occurred. .UNINDENT .UNINDENT @@ -1060,11 +1060,11 @@ subset of the cgroup2 hierarchy. The cgroup2 to test is held by .B Return The return value depends on the result of the test, and can be: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 1, if current task belongs to the cgroup2. -.IP \(bu 2 +.IP \[bu] 2 0, if current task does not belong to the cgroup2. -.IP \(bu 2 +.IP \[bu] 2 A negative error code, if an error occurred. .UNINDENT .UNINDENT @@ -1332,9 +1332,9 @@ The option value of length \fIoptlen\fP is pointed by \fIoptval\fP\&. .sp \fIbpf_socket\fP should be one of the following: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fBstruct bpf_sock_ops\fP for \fBBPF_PROG_TYPE_SOCK_OPS\fP\&. -.IP \(bu 2 +.IP \[bu] 2 \fBstruct bpf_sock_addr\fP for \fBBPF_CGROUP_INET4_CONNECT\fP and \fBBPF_CGROUP_INET6_CONNECT\fP\&. .UNINDENT @@ -1342,20 +1342,20 @@ and \fBBPF_CGROUP_INET6_CONNECT\fP\&. This helper actually implements a subset of \fBsetsockopt()\fP\&. It supports the following \fIlevel\fPs: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fBSOL_SOCKET\fP, which supports the following \fIoptname\fPs: \fBSO_RCVBUF\fP, \fBSO_SNDBUF\fP, \fBSO_MAX_PACING_RATE\fP, \fBSO_PRIORITY\fP, \fBSO_RCVLOWAT\fP, \fBSO_MARK\fP, \fBSO_BINDTODEVICE\fP, \fBSO_KEEPALIVE\fP\&. -.IP \(bu 2 +.IP \[bu] 2 \fBIPPROTO_TCP\fP, which supports the following \fIoptname\fPs: \fBTCP_CONGESTION\fP, \fBTCP_BPF_IW\fP, \fBTCP_BPF_SNDCWND_CLAMP\fP, \fBTCP_SAVE_SYN\fP, \fBTCP_KEEPIDLE\fP, \fBTCP_KEEPINTVL\fP, \fBTCP_KEEPCNT\fP, \fBTCP_SYNCNT\fP, \fBTCP_USER_TIMEOUT\fP, \fBTCP_NOTSENT_LOWAT\fP\&. -.IP \(bu 2 +.IP \[bu] 2 \fBIPPROTO_IP\fP, which supports \fIoptname\fP \fBIP_TOS\fP\&. -.IP \(bu 2 +.IP \[bu] 2 \fBIPPROTO_IPV6\fP, which supports \fIoptname\fP \fBIPV6_TCLASS\fP\&. .UNINDENT .TP @@ -1374,18 +1374,18 @@ By default, the helper will reset any offloaded checksum indicator of the skb to CHECKSUM_NONE. This can be avoided by the following flag: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_F_ADJ_ROOM_NO_CSUM_RESET\fP: Do not reset offloaded checksum data of the skb to CHECKSUM_NONE. .UNINDENT .sp There are two supported modes at this time: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_ADJ_ROOM_MAC\fP: Adjust room at the mac layer (room space is added or removed between the layer 2 and layer 3 headers). -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_ADJ_ROOM_NET\fP: Adjust room at the network layer (room space is added or removed between the layer 3 and layer 4 headers). @@ -1393,23 +1393,23 @@ layer 4 headers). .sp The following flags are supported at this time: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_F_ADJ_ROOM_FIXED_GSO\fP: Do not adjust gso_size. Adjusting mss in this way is not allowed for datagrams. -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_F_ADJ_ROOM_ENCAP_L3_IPV4\fP, \fBBPF_F_ADJ_ROOM_ENCAP_L3_IPV6\fP: Any new space is reserved to hold a tunnel header. Configure skb offsets and other fields accordingly. -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_F_ADJ_ROOM_ENCAP_L4_GRE\fP, \fBBPF_F_ADJ_ROOM_ENCAP_L4_UDP\fP: Use with ENCAP_L3 flags to further specify the tunnel type. -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_F_ADJ_ROOM_ENCAP_L2\fP(\fIlen\fP): Use with ENCAP_L3/L4 flags to further specify the tunnel type; \fIlen\fP is the length of the inner MAC header. -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_F_ADJ_ROOM_ENCAP_L2_ETH\fP: Use with BPF_F_ADJ_ROOM_ENCAP_L2 flag to further specify the L2 type as Ethernet. @@ -1616,9 +1616,9 @@ The retrieved value is stored in the structure pointed by .sp \fIbpf_socket\fP should be one of the following: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fBstruct bpf_sock_ops\fP for \fBBPF_PROG_TYPE_SOCK_OPS\fP\&. -.IP \(bu 2 +.IP \[bu] 2 \fBstruct bpf_sock_addr\fP for \fBBPF_CGROUP_INET4_CONNECT\fP and \fBBPF_CGROUP_INET6_CONNECT\fP\&. .UNINDENT @@ -1626,12 +1626,12 @@ and \fBBPF_CGROUP_INET6_CONNECT\fP\&. This helper actually implements a subset of \fBgetsockopt()\fP\&. It supports the following \fIlevel\fPs: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fBIPPROTO_TCP\fP, which supports \fIoptname\fP \fBTCP_CONGESTION\fP\&. -.IP \(bu 2 +.IP \[bu] 2 \fBIPPROTO_IP\fP, which supports \fIoptname\fP \fBIP_TOS\fP\&. -.IP \(bu 2 +.IP \[bu] 2 \fBIPPROTO_IPV6\fP, which supports \fIoptname\fP \fBIPV6_TCLASS\fP\&. .UNINDENT .TP @@ -1688,13 +1688,13 @@ supported in the current kernel. .sp \fIargval\fP is a flag array which can combine these flags: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_SOCK_OPS_RTO_CB_FLAG\fP (retransmission time out) -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_SOCK_OPS_RETRANS_CB_FLAG\fP (retransmission) -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_SOCK_OPS_STATE_CB_FLAG\fP (TCP state change) -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_SOCK_OPS_RTT_CB_FLAG\fP (every RTT) .UNINDENT .sp @@ -1710,15 +1710,15 @@ callback: Here are some examples of where one could call such eBPF program: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 When RTO fires. -.IP \(bu 2 +.IP \[bu] 2 When a packet is retransmitted. -.IP \(bu 2 +.IP \[bu] 2 When the connection terminates. -.IP \(bu 2 +.IP \[bu] 2 When a packet is sent. -.IP \(bu 2 +.IP \[bu] 2 When a packet is received. .UNINDENT .TP @@ -1756,11 +1756,11 @@ the next \fIbytes\fP (number of bytes) of message \fImsg\fP\&. .sp For example, this helper can be used in the following cases: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 A single \fBsendmsg\fP() or \fBsendfile\fP() system call contains multiple logical messages that the eBPF program is supposed to read and for which it should apply a verdict. -.IP \(bu 2 +.IP \[bu] 2 An eBPF program only cares to read the first \fIbytes\fP of a \fImsg\fP\&. If the message has a large payload, then setting up and calling the eBPF program repeatedly for all bytes, even @@ -2022,11 +2022,11 @@ ingress). .TP .B Return .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 < 0 if any input argument is invalid -.IP \(bu 2 +.IP \[bu] 2 0 on success (packet is forwarded, nexthop neighbor exists) -.IP \(bu 2 +.IP \[bu] 2 > 0 one of \fBBPF_FIB_LKUP_RET_\fP codes explaining why the packet is not forwarded or needs assist from full stack .UNINDENT @@ -2565,55 +2565,55 @@ spinlock can (and must) later be released with a call to Spinlocks in BPF programs come with a number of restrictions and constraints: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fBbpf_spin_lock\fP objects are only allowed inside maps of types \fBBPF_MAP_TYPE_HASH\fP and \fBBPF_MAP_TYPE_ARRAY\fP (this list could be extended in the future). -.IP \(bu 2 +.IP \[bu] 2 BTF description of the map is mandatory. -.IP \(bu 2 +.IP \[bu] 2 The BPF program can take ONE lock at a time, since taking two or more could cause dead locks. -.IP \(bu 2 +.IP \[bu] 2 Only one \fBstruct bpf_spin_lock\fP is allowed per map element. -.IP \(bu 2 +.IP \[bu] 2 When the lock is taken, calls (either BPF to BPF or helpers) are not allowed. -.IP \(bu 2 +.IP \[bu] 2 The \fBBPF_LD_ABS\fP and \fBBPF_LD_IND\fP instructions are not allowed inside a spinlock\-ed region. -.IP \(bu 2 +.IP \[bu] 2 The BPF program MUST call \fBbpf_spin_unlock\fP() to release the lock, on all execution paths, before it returns. -.IP \(bu 2 +.IP \[bu] 2 The BPF program can access \fBstruct bpf_spin_lock\fP only via the \fBbpf_spin_lock\fP() and \fBbpf_spin_unlock\fP() helpers. Loading or storing data into the \fBstruct bpf_spin_lock\fP \fIlock\fP\fB;\fP field of a map is not allowed. -.IP \(bu 2 +.IP \[bu] 2 To use the \fBbpf_spin_lock\fP() helper, the BTF description of the map value must be a struct and have \fBstruct bpf_spin_lock\fP \fIanyname\fP\fB;\fP field at the top level. Nested lock inside another struct is not allowed. -.IP \(bu 2 +.IP \[bu] 2 The \fBstruct bpf_spin_lock\fP \fIlock\fP field in a map value must be aligned on a multiple of 4 bytes in that value. -.IP \(bu 2 +.IP \[bu] 2 Syscall with command \fBBPF_MAP_LOOKUP_ELEM\fP does not copy the \fBbpf_spin_lock\fP field to user space. -.IP \(bu 2 +.IP \[bu] 2 Syscall with command \fBBPF_MAP_UPDATE_ELEM\fP, or update from a BPF program, do not update the \fBbpf_spin_lock\fP field. -.IP \(bu 2 +.IP \[bu] 2 \fBbpf_spin_lock\fP cannot be on the stack or inside a networking packet (it can only be inside of a map values). -.IP \(bu 2 +.IP \[bu] 2 \fBbpf_spin_lock\fP is available to root only. -.IP \(bu 2 +.IP \[bu] 2 Tracing programs and socket filter programs cannot use \fBbpf_spin_lock\fP() due to insufficient preemption checks (but this may change in the future). -.IP \(bu 2 +.IP \[bu] 2 \fBbpf_spin_lock\fP is not allowed in inner maps of map\-in\-map. .UNINDENT .TP @@ -3281,11 +3281,11 @@ selection. .sp \fIflags\fP argument can combination of following values: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_SK_LOOKUP_F_REPLACE\fP to override the previous socket selection, potentially done by a BPF program that ran before us. -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_SK_LOOKUP_F_NO_REUSEPORT\fP to skip load\-balancing within reuseport group for the socket being selected. @@ -3296,20 +3296,20 @@ On success \fIctx\->sk\fP will point to the selected socket. .B Return 0 on success, or a negative errno in case of failure. .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fB\-EAFNOSUPPORT\fP if socket family (\fIsk\->family\fP) is not compatible with packet family (\fIctx\->family\fP). -.IP \(bu 2 +.IP \[bu] 2 \fB\-EEXIST\fP if socket has been already selected, potentially by another program, and \fBBPF_SK_LOOKUP_F_REPLACE\fP flag was not specified. -.IP \(bu 2 +.IP \[bu] 2 \fB\-EINVAL\fP if unsupported flags were specified. -.IP \(bu 2 +.IP \[bu] 2 \fB\-EPROTOTYPE\fP if socket L4 protocol (\fIsk\->protocol\fP) doesn\[aq]t match packet protocol (\fIctx\->protocol\fP). -.IP \(bu 2 +.IP \[bu] 2 \fB\-ESOCKTNOSUPPORT\fP if socket is not in allowed state (TCP listening or UDP unconnected). .UNINDENT @@ -3490,13 +3490,13 @@ Nothing. Always succeeds. Query various characteristics of provided ring buffer. What exactly is queries is determined by \fIflags\fP: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_RB_AVAIL_DATA\fP: Amount of data not yet consumed. -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_RB_RING_SIZE\fP: The size of ring buffer. -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_RB_CONS_POS\fP: Consumer position (can wrap around). -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_RB_PROD_POS\fP: Producer(s) position (can wrap around). .UNINDENT .sp @@ -3529,16 +3529,16 @@ stack instead of just egressing at tc. .sp There are three supported level settings at this time: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_CSUM_LEVEL_INC\fP: Increases skb\->csum_level for skbs with CHECKSUM_UNNECESSARY. -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_CSUM_LEVEL_DEC\fP: Decreases skb\->csum_level for skbs with CHECKSUM_UNNECESSARY. -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_CSUM_LEVEL_RESET\fP: Resets skb\->csum_level to 0 and sets CHECKSUM_NONE to force checksum validation by the stack. -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_CSUM_LEVEL_QUERY\fP: No\-op, returns the current skb\->csum_level. .UNINDENT @@ -3686,7 +3686,7 @@ of a header option. .sp Supported flags: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_LOAD_HDR_OPT_TCP_SYN\fP to search from the saved_syn packet or the just\-received syn packet. .UNINDENT @@ -4166,9 +4166,9 @@ MTU value in your BPF\-code. .TP .B Return .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 0 on success, and populate MTU value in \fImtu_len\fP pointer. -.IP \(bu 2 +.IP \[bu] 2 < 0 if any input argument is invalid (\fImtu_len\fP not updated) .UNINDENT .sp @@ -4176,9 +4176,9 @@ MTU violations return positive values, but also populate MTU value in \fImtu_len\fP pointer, as this can be needed for implementing PMTU handing: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_MTU_CHK_RET_FRAG_NEEDED\fP -.IP \(bu 2 +.IP \[bu] 2 \fBBPF_MTU_CHK_RET_SEGS_TOOBIG\fP .UNINDENT .UNINDENT @@ -4378,11 +4378,11 @@ Expects BPF program context \fIctx\fP as a first argument. .TP .B Supported for the following program types: .INDENT 7.0 -.IP \(bu 2 +.IP \[bu] 2 kprobe/uprobe; -.IP \(bu 2 +.IP \[bu] 2 tracepoint; -.IP \(bu 2 +.IP \[bu] 2 perf_event. .UNINDENT .UNINDENT @@ -4992,9 +4992,9 @@ within a struct bpf_dynptr. Example usage for most of the eBPF helpers listed in this manual page are available within the Linux kernel sources, at the following locations: .INDENT 0.0 -.IP \(bu 2 +.IP \[bu] 2 \fIsamples/bpf/\fP -.IP \(bu 2 +.IP \[bu] 2 \fItools/testing/selftests/bpf/\fP .UNINDENT .SH LICENSE @@ -5030,23 +5030,23 @@ check by yourself what helper functions exist in your kernel, or what types of programs they can support, here are some files among the kernel tree that you may be interested in: .INDENT 0.0 -.IP \(bu 2 +.IP \[bu] 2 \fIinclude/uapi/linux/bpf.h\fP is the main BPF header. It contains the full list of all helper functions, as well as many other BPF definitions including most of the flags, structs or constants used by the helpers. -.IP \(bu 2 +.IP \[bu] 2 \fInet/core/filter.c\fP contains the definition of most network\-related helper functions, and the list of program types from which they can be used. -.IP \(bu 2 +.IP \[bu] 2 \fIkernel/trace/bpf_trace.c\fP is the equivalent for most tracing program\-related helpers. -.IP \(bu 2 +.IP \[bu] 2 \fIkernel/bpf/verifier.c\fP contains the functions used to check that valid types of eBPF maps are used with a given helper function. -.IP \(bu 2 +.IP \[bu] 2 \fIkernel/bpf/\fP directory contains other files in which additional helpers are defined (for cgroups, sockmaps, etc.). -.IP \(bu 2 +.IP \[bu] 2 The bpftool utility can be used to probe the availability of helper functions on the system (as well as supported program and map types, and a number of other parameters). To do so, run \fBbpftool feature probe\fP (see diff --git a/man7/capabilities.7 b/man7/capabilities.7 index 7c4268adf..663e27d38 100644 --- a/man7/capabilities.7 +++ b/man7/capabilities.7 @@ -85,12 +85,12 @@ capability. .\" commit 124ea650d3072b005457faed69909221c2905a1f .PD 0 .RS -.IP \(bu 3 +.IP \[bu] 3 Update .I /proc/sys/kernel/ns_last_pid (see .BR pid_namespaces (7)); -.IP \(bu +.IP \[bu] employ the .I set_tid feature of @@ -98,7 +98,7 @@ feature of .\" FIXME There is also some use case relating to .\" prctl_set_mm_exe_file(); in the 5.9 sources, see .\" prctl_set_mm_map(). -.IP \(bu +.IP \[bu] read the contents of the symbolic links in .IR /proc/ pid /map_files for other processes. @@ -121,13 +121,13 @@ Bypass file read, write, and execute permission checks. .B CAP_DAC_READ_SEARCH .PD 0 .RS -.IP \(bu 3 +.IP \[bu] 3 Bypass file read permission checks and directory read and execute permission checks; -.IP \(bu +.IP \[bu] invoke .BR open_by_handle_at (2); -.IP \(bu +.IP \[bu] use the .BR linkat (2) .B AT_EMPTY_PATH @@ -138,7 +138,7 @@ flag to create a link to a file referred to by a file descriptor. .B CAP_FOWNER .PD 0 .RS -.IP \(bu 3 +.IP \[bu] 3 Bypass permission checks on operations that normally require the filesystem UID of the process to match the UID of the file (e.g., @@ -148,19 +148,19 @@ excluding those operations covered by .B CAP_DAC_OVERRIDE and .BR CAP_DAC_READ_SEARCH ; -.IP \(bu +.IP \[bu] set inode flags (see .BR ioctl_iflags (2)) on arbitrary files; -.IP \(bu +.IP \[bu] set Access Control Lists (ACLs) on arbitrary files; -.IP \(bu +.IP \[bu] ignore directory sticky bit on file deletion; -.IP \(bu +.IP \[bu] modify .I user extended attributes on sticky directory owned by any user; -.IP \(bu +.IP \[bu] specify .B O_NOATIME for arbitrary files in @@ -173,10 +173,10 @@ and .B CAP_FSETID .PD 0 .RS -.IP \(bu 3 +.IP \[bu] 3 Don't clear set-user-ID and set-group-ID mode bits when a file is modified; -.IP \(bu +.IP \[bu] set the set-group-ID bit for a file whose GID does not match the filesystem or any of the supplementary GIDs of the calling process. .RE @@ -187,13 +187,13 @@ the filesystem or any of the supplementary GIDs of the calling process. .\" in other places; they probably should be replaced with something else. .PD 0 .RS -.IP \(bu 3 +.IP \[bu] 3 Lock memory .RB ( mlock (2), .BR mlockall (2), .BR mmap (2), .BR shmctl (2)); -.IP \(bu +.IP \[bu] Allocate memory using huge pages .RB ( memfd_create (2), .BR mmap (2), @@ -245,23 +245,23 @@ Create special files using Perform various network-related operations: .PD 0 .RS -.IP \(bu 3 +.IP \[bu] 3 interface configuration; -.IP \(bu +.IP \[bu] administration of IP firewall, masquerading, and accounting; -.IP \(bu +.IP \[bu] modify routing tables; -.IP \(bu +.IP \[bu] bind to any address for transparent proxying; -.IP \(bu +.IP \[bu] set type-of-service (TOS); -.IP \(bu +.IP \[bu] clear driver statistics; -.IP \(bu +.IP \[bu] set promiscuous mode; -.IP \(bu +.IP \[bu] enabling multicasting; -.IP \(bu +.IP \[bu] use .BR setsockopt (2) to set the following socket options: @@ -287,9 +287,9 @@ Bind a socket to Internet domain privileged ports .B CAP_NET_RAW .PD 0 .RS -.IP \(bu 3 +.IP \[bu] 3 Use RAW and PACKET sockets; -.IP \(bu +.IP \[bu] bind to any address for transparent proxying. .RE .PD @@ -298,11 +298,11 @@ bind to any address for transparent proxying. .BR CAP_PERFMON " (since Linux 5.8)" Employ various performance-monitoring mechanisms, including: .RS -.IP \(bu 3 +.IP \[bu] 3 .PD 0 call .BR perf_event_open (2); -.IP \(bu +.IP \[bu] employ various BPF operations that have performance implications. .RE .PD @@ -317,11 +317,11 @@ See also the kernel source file .B CAP_SETGID .RS .PD 0 -.IP \(bu 3 +.IP \[bu] 3 Make arbitrary manipulations of process GIDs and supplementary GID list; -.IP \(bu +.IP \[bu] forge GID when passing socket credentials via UNIX domain sockets; -.IP \(bu +.IP \[bu] write a group ID mapping in a user namespace (see .BR user_namespaces (7)). .PD @@ -360,15 +360,15 @@ has entirely different semantics for such kernels.) .B CAP_SETUID .RS .PD 0 -.IP \(bu 3 +.IP \[bu] 3 Make arbitrary manipulations of process UIDs .RB ( setuid (2), .BR setreuid (2), .BR setresuid (2), .BR setfsuid (2)); -.IP \(bu +.IP \[bu] forge UID when passing socket credentials via UNIX domain sockets; -.IP \(bu +.IP \[bu] write a user ID mapping in a user namespace (see .BR user_namespaces (7)). .PD @@ -383,7 +383,7 @@ below. .IP .PD 0 .RS -.IP \(bu 3 +.IP \[bu] 3 Perform a range of system administration operations including: .BR quotactl (2), .BR mount (2), @@ -394,53 +394,53 @@ Perform a range of system administration operations including: .BR sethostname (2), and .BR setdomainname (2); -.IP \(bu +.IP \[bu] perform privileged .BR syslog (2) operations (since Linux 2.6.37, .B CAP_SYSLOG should be used to permit such operations); -.IP \(bu +.IP \[bu] perform .B VM86_REQUEST_IRQ .BR vm86 (2) command; -.IP \(bu +.IP \[bu] access the same checkpoint/restore functionality that is governed by .B CAP_CHECKPOINT_RESTORE (but the latter, weaker capability is preferred for accessing that functionality). -.IP \(bu +.IP \[bu] perform the same BPF operations as are governed by .B CAP_BPF (but the latter, weaker capability is preferred for accessing that functionality). -.IP \(bu +.IP \[bu] employ the same performance monitoring mechanisms as are governed by .B CAP_PERFMON (but the latter, weaker capability is preferred for accessing that functionality). -.IP \(bu +.IP \[bu] perform .B IPC_SET and .B IPC_RMID operations on arbitrary System V IPC objects; -.IP \(bu +.IP \[bu] override .B RLIMIT_NPROC resource limit; -.IP \(bu +.IP \[bu] perform operations on .I trusted and .I security extended attributes (see .BR xattr (7)); -.IP \(bu +.IP \[bu] use .BR lookup_dcookie (2); -.IP \(bu +.IP \[bu] use .BR ioprio_set (2) to assign @@ -448,9 +448,9 @@ to assign and (before Linux 2.6.25) .B IOPRIO_CLASS_IDLE I/O scheduling classes; -.IP \(bu +.IP \[bu] forge PID when passing socket credentials via UNIX domain sockets; -.IP \(bu +.IP \[bu] exceed .IR /proc/sys/fs/file\-max , the system-wide limit on the number of open files, @@ -459,7 +459,7 @@ in system calls that open files (e.g., .BR execve (2), .BR open (2), .BR pipe (2)); -.IP \(bu +.IP \[bu] employ .B CLONE_* flags that create new namespaces with @@ -468,11 +468,11 @@ and .BR unshare (2) (but, since Linux 3.8, creating user namespaces does not require any capability); -.IP \(bu +.IP \[bu] access privileged .I perf event information; -.IP \(bu +.IP \[bu] call .BR setns (2) (requires @@ -480,73 +480,73 @@ call in the .I target namespace); -.IP \(bu +.IP \[bu] call .BR fanotify_init (2); -.IP \(bu +.IP \[bu] perform privileged .B KEYCTL_CHOWN and .B KEYCTL_SETPERM .BR keyctl (2) operations; -.IP \(bu +.IP \[bu] perform .BR madvise (2) .B MADV_HWPOISON operation; -.IP \(bu +.IP \[bu] employ the .B TIOCSTI .BR ioctl (2) to insert characters into the input queue of a terminal other than the caller's controlling terminal; -.IP \(bu +.IP \[bu] employ the obsolete .BR nfsservctl (2) system call; -.IP \(bu +.IP \[bu] employ the obsolete .BR bdflush (2) system call; -.IP \(bu +.IP \[bu] perform various privileged block-device .BR ioctl (2) operations; -.IP \(bu +.IP \[bu] perform various privileged filesystem .BR ioctl (2) operations; -.IP \(bu +.IP \[bu] perform privileged .BR ioctl (2) operations on the .I /dev/random device (see .BR random (4)); -.IP \(bu +.IP \[bu] install a .BR seccomp (2) filter without first having to set the .I no_new_privs thread attribute; -.IP \(bu +.IP \[bu] modify allow/deny rules for device control groups; -.IP \(bu +.IP \[bu] employ the .BR ptrace (2) .B PTRACE_SECCOMP_GET_FILTER operation to dump tracee's seccomp filters; -.IP \(bu +.IP \[bu] employ the .BR ptrace (2) .B PTRACE_SETOPTIONS operation to suspend the tracee's seccomp protections (i.e., the .B PTRACE_O_SUSPEND_SECCOMP flag); -.IP \(bu +.IP \[bu] perform administrative operations on many device drivers; -.IP \(bu +.IP \[bu] modify autogroup nice values by writing to .IR /proc/ pid /autogroup (see @@ -563,10 +563,10 @@ and .B CAP_SYS_CHROOT .RS .PD 0 -.IP \(bu 3 +.IP \[bu] 3 Use .BR chroot (2); -.IP \(bu +.IP \[bu] change mount namespaces using .BR setns (2). .PD @@ -575,13 +575,13 @@ change mount namespaces using .B CAP_SYS_MODULE .RS .PD 0 -.IP \(bu 3 +.IP \[bu] 3 Load and unload kernel modules (see .BR init_module (2) and .BR delete_module (2)); -.IP \(bu +.IP \[bu] before Linux 2.6.25: drop capabilities from the system-wide capability bounding set. .PD @@ -590,24 +590,24 @@ drop capabilities from the system-wide capability bounding set. .B CAP_SYS_NICE .PD 0 .RS -.IP \(bu 3 +.IP \[bu] 3 Lower the process nice value .RB ( nice (2), .BR setpriority (2)) and change the nice value for arbitrary processes; -.IP \(bu +.IP \[bu] set real-time scheduling policies for calling process, and set scheduling policies and priorities for arbitrary processes .RB ( sched_setscheduler (2), .BR sched_setparam (2), .BR sched_setattr (2)); -.IP \(bu +.IP \[bu] set CPU affinity for arbitrary processes .RB ( sched_setaffinity (2)); -.IP \(bu +.IP \[bu] set I/O scheduling class and priority for arbitrary processes .RB ( ioprio_set (2)); -.IP \(bu +.IP \[bu] apply .BR migrate_pages (2) to arbitrary processes and allow processes @@ -618,11 +618,11 @@ to be migrated to arbitrary nodes; .\" capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); .\" .\" Document this. -.IP \(bu +.IP \[bu] apply .BR move_pages (2) to arbitrary processes; -.IP \(bu +.IP \[bu] use the .B MPOL_MF_MOVE_ALL flag with @@ -639,19 +639,19 @@ Use .B CAP_SYS_PTRACE .PD 0 .RS -.IP \(bu 3 +.IP \[bu] 3 Trace arbitrary processes using .BR ptrace (2); -.IP \(bu +.IP \[bu] apply .BR get_robust_list (2) to arbitrary processes; -.IP \(bu +.IP \[bu] transfer data to or from the memory of arbitrary processes using .BR process_vm_readv (2) and .BR process_vm_writev (2); -.IP \(bu +.IP \[bu] inspect processes using .BR kcmp (2). .RE @@ -660,45 +660,45 @@ inspect processes using .B CAP_SYS_RAWIO .PD 0 .RS -.IP \(bu 3 +.IP \[bu] 3 Perform I/O port operations .RB ( iopl (2) and .BR ioperm (2)); -.IP \(bu +.IP \[bu] access .IR /proc/kcore ; -.IP \(bu +.IP \[bu] employ the .B FIBMAP .BR ioctl (2) operation; -.IP \(bu +.IP \[bu] open devices for accessing x86 model-specific registers (MSRs, see .BR msr (4)); -.IP \(bu +.IP \[bu] update .IR /proc/sys/vm/mmap_min_addr ; -.IP \(bu +.IP \[bu] create memory mappings at addresses below the value specified by .IR /proc/sys/vm/mmap_min_addr ; -.IP \(bu +.IP \[bu] map files in .IR /proc/bus/pci ; -.IP \(bu +.IP \[bu] open .I /dev/mem and .IR /dev/kmem ; -.IP \(bu +.IP \[bu] perform various SCSI device commands; -.IP \(bu +.IP \[bu] perform certain operations on .BR hpsa (4) and .BR cciss (4) devices; -.IP \(bu +.IP \[bu] perform a range of device-specific operations on other devices. .RE .PD @@ -706,28 +706,28 @@ perform a range of device-specific operations on other devices. .B CAP_SYS_RESOURCE .PD 0 .RS -.IP \(bu 3 +.IP \[bu] 3 Use reserved space on ext2 filesystems; -.IP \(bu +.IP \[bu] make .BR ioctl (2) calls controlling ext3 journaling; -.IP \(bu +.IP \[bu] override disk quota limits; -.IP \(bu +.IP \[bu] increase resource limits (see .BR setrlimit (2)); -.IP \(bu +.IP \[bu] override .B RLIMIT_NPROC resource limit; -.IP \(bu +.IP \[bu] override maximum number of consoles on console allocation; -.IP \(bu +.IP \[bu] override maximum number of keymaps; -.IP \(bu +.IP \[bu] allow more than 64hz interrupts from the real-time clock; -.IP \(bu +.IP \[bu] raise .I msg_qbytes limit for a System V message queue above the limit in @@ -736,26 +736,26 @@ limit for a System V message queue above the limit in .BR msgop (2) and .BR msgctl (2)); -.IP \(bu +.IP \[bu] allow the .B RLIMIT_NOFILE resource limit on the number of "in-flight" file descriptors to be bypassed when passing file descriptors to another process via a UNIX domain socket (see .BR unix (7)); -.IP \(bu +.IP \[bu] override the .I /proc/sys/fs/pipe\-size\-max limit when setting the capacity of a pipe using the .B F_SETPIPE_SZ .BR fcntl (2) command; -.IP \(bu +.IP \[bu] use .B F_SETPIPE_SZ to increase the capacity of a pipe above the limit specified by .IR /proc/sys/fs/pipe\-max\-size ; -.IP \(bu +.IP \[bu] override .IR /proc/sys/fs/mqueue/queues_max , .IR /proc/sys/fs/mqueue/msg_max , @@ -763,12 +763,12 @@ and .I /proc/sys/fs/mqueue/msgsize_max limits when creating POSIX message queues (see .BR mq_overview (7)); -.IP \(bu +.IP \[bu] employ the .BR prctl (2) .B PR_SET_MM operation; -.IP \(bu +.IP \[bu] set .IR /proc/ pid /oom_score_adj to a value lower than the value last set by a process with @@ -793,14 +793,14 @@ operations on virtual terminals. .BR CAP_SYSLOG " (since Linux 2.6.37)" .RS .PD 0 -.IP \(bu 3 +.IP \[bu] 3 Perform privileged .BR syslog (2) operations. See .BR syslog (2) for information on which operations require privilege. -.IP \(bu +.IP \[bu] View kernel addresses exposed via .I /proc and other interfaces when @@ -822,14 +822,14 @@ timers). .\" .SS Past and current implementation A full implementation of capabilities requires that: -.IP \(bu 3 +.IP \[bu] 3 For all privileged operations, the kernel must check whether the thread has the required capability in its effective set. -.IP \(bu +.IP \[bu] The kernel must provide system calls allowing a thread's capability sets to be changed and retrieved. -.IP \(bu +.IP \[bu] The filesystem must support attaching capabilities to an executable file, so that a process gains those capabilities when the file is executed. .PP @@ -839,12 +839,12 @@ since Linux 2.6.24, all three requirements are met. .SS Notes to kernel developers When adding a new kernel feature that should be governed by a capability, consider the following points. -.IP \(bu 3 +.IP \[bu] 3 The goal of capabilities is divide the power of superuser into pieces, such that if a program that has one or more capabilities is compromised, its power to do damage to the system would be less than the same program running with root privilege. -.IP \(bu +.IP \[bu] You have the choice of either creating a new capability for your new feature, or associating the feature with one of the existing capabilities. In order to keep the set of capabilities to a manageable size, @@ -852,7 +852,7 @@ the latter option is preferable, unless there are compelling reasons to take the former option. (There is also a technical limit: the size of capability sets is currently limited to 64 bits.) -.IP \(bu +.IP \[bu] To determine which existing capability might best be associated with your new feature, review the list of capabilities above in order to find a "silo" into which your new feature best fits. @@ -860,7 +860,7 @@ One approach to take is to determine if there are other features requiring capabilities that will always be used along with the new feature. If the new feature is useless without these other features, you should use the same capability as the other features. -.IP \(bu +.IP \[bu] .I Don't choose .B CAP_SYS_ADMIN @@ -878,7 +878,7 @@ The only new features that should be associated with are ones that .I closely match existing uses in that silo. -.IP \(bu +.IP \[bu] If you have determined that it really is necessary to create a new capability for your feature, don't make or name it as a "single-use" capability. @@ -1102,11 +1102,11 @@ extended attribute is automatically created as (or converted to) a version 3 .RB ( VFS_CAP_REVISION_3 ) attribute if both of the following are true: -.IP \(bu 3 +.IP \[bu] 3 The thread writing the attribute resides in a noninitial user namespace. (More precisely: the thread resides in a user namespace other than the one from which the underlying filesystem was mounted.) -.IP \(bu +.IP \[bu] The thread has the .B CAP_SETFCAP capability over the file inode, @@ -1209,13 +1209,13 @@ denotes a file capability set .PP Note the following details relating to the above capability transformation rules: -.IP \(bu 3 +.IP \[bu] 3 The ambient capability set is present only since Linux 4.3. When determining the transformation of the ambient set during .BR execve (2), a privileged file is one that has capabilities or has the set-user-ID or set-group-ID bit set. -.IP \(bu +.IP \[bu] Prior to Linux 2.6.25, the bounding set was a system-wide attribute shared by all threads. That system-wide value was employed to calculate the new permitted set during @@ -1370,7 +1370,7 @@ The capability bounding set is a security mechanism that can be used to limit the capabilities that can be gained during an .BR execve (2). The bounding set is used in the following ways: -.IP \(bu 3 +.IP \[bu] 3 During an .BR execve (2), the capability bounding set is ANDed with the file permitted @@ -1378,7 +1378,7 @@ capability set, and the result of this operation is assigned to the thread's permitted capability set. The capability bounding set thus places a limit on the permitted capabilities that may be granted by an executable file. -.IP \(bu +.IP \[bu] (Since Linux 2.6.25) The capability bounding set acts as a limiting superset for the capabilities that a thread can add to its inheritable set using @@ -1491,19 +1491,19 @@ and filesystem user IDs (using .BR setuid (2), .BR setresuid (2), or similar): -.IP \(bu 3 +.IP \[bu] 3 If one or more of the real, effective, or saved set user IDs was previously 0, and as a result of the UID changes all of these IDs have a nonzero value, then all capabilities are cleared from the permitted, effective, and ambient capability sets. -.IP \(bu +.IP \[bu] If the effective user ID is changed from 0 to nonzero, then all capabilities are cleared from the effective set. -.IP \(bu +.IP \[bu] If the effective user ID is changed from nonzero to 0, then the permitted set is copied to the effective set. -.IP \(bu +.IP \[bu] If the filesystem user ID is changed from 0 to nonzero (see .BR setfsuid (2)), then the following capabilities are cleared from the effective set: @@ -1544,21 +1544,21 @@ both provided in the package, is preferred for this purpose. The following rules govern changes to the thread capability sets: -.IP \(bu 3 +.IP \[bu] 3 If the caller does not have the .B CAP_SETPCAP capability, the new inheritable set must be a subset of the combination of the existing inheritable and permitted sets. -.IP \(bu +.IP \[bu] (Since Linux 2.6.25) The new inheritable set must be a subset of the combination of the existing inheritable set and the capability bounding set. -.IP \(bu +.IP \[bu] The new permitted set must be a subset of the existing permitted set (i.e., it is not possible to acquire permitted capabilities that the thread does not currently have). -.IP \(bu +.IP \[bu] The new effective set must be a subset of the new permitted set. .SS The securebits flags: establishing a capabilities-only environment .\" For some background: @@ -1824,14 +1824,14 @@ However, this is only theoretically possible, since no thread ever has .B CAP_SETPCAP in either of these cases: -.IP \(bu 3 +.IP \[bu] 3 In the pre-2.6.25 implementation the system-wide capability bounding set, .IR /proc/sys/kernel/cap\-bound , always masks out the .B CAP_SETPCAP capability, and this can not be changed without modifying the kernel source and rebuilding the kernel. -.IP \(bu +.IP \[bu] If file capabilities are disabled (i.e., the kernel .B CONFIG_SECURITY_FILE_CAPABILITIES option is disabled), then diff --git a/man7/cgroup_namespaces.7 b/man7/cgroup_namespaces.7 index 1b154005b..b1b0c4129 100644 --- a/man7/cgroup_namespaces.7 +++ b/man7/cgroup_namespaces.7 @@ -168,13 +168,13 @@ Use of cgroup namespaces requires a kernel that is configured with the option. .PP The virtualization provided by cgroup namespaces serves a number of purposes: -.IP \(bu 3 +.IP \[bu] 3 It prevents information leaks whereby cgroup directory paths outside of a container would otherwise be visible to processes in the container. Such leakages could, for example, reveal information about the container framework to containerized applications. -.IP \(bu +.IP \[bu] It eases tasks such as container migration. The virtualization provided by cgroup namespaces allows containers to be isolated from knowledge of @@ -184,17 +184,17 @@ Without such isolation, the full cgroup pathnames (displayed in would need to be replicated on the target system when migrating a container; those pathnames would also need to be unique, so that they don't conflict with other pathnames on the target system. -.IP \(bu +.IP \[bu] It allows better confinement of containerized processes, because it is possible to mount the container's cgroup filesystems such that the container processes can't gain access to ancestor cgroup directories. Consider, for example, the following scenario: .RS -.IP \(bu 3 +.IP \[bu] 3 We have a cgroup directory, .IR /cg/1 , that is owned by user ID 9000. -.IP \(bu +.IP \[bu] We have a process, .IR X , also owned by user ID 9000, diff --git a/man7/cgroups.7 b/man7/cgroups.7 index cd68ff77d..7670ab9a5 100644 --- a/man7/cgroups.7 +++ b/man7/cgroups.7 @@ -559,20 +559,20 @@ under both the v1 and the v2 hierarchies. .PP The new behaviors in cgroups v2 are summarized here, and in some cases elaborated in the following subsections. -.IP \(bu 3 +.IP \[bu] 3 Cgroups v2 provides a unified hierarchy against which all controllers are mounted. -.IP \(bu +.IP \[bu] "Internal" processes are not permitted. With the exception of the root cgroup, processes may reside only in leaf nodes (cgroups that do not themselves contain child cgroups). The details are somewhat more subtle than this, and are described below. -.IP \(bu +.IP \[bu] Active cgroups must be specified via the files .I cgroup.controllers and .IR cgroup.subtree_control . -.IP \(bu +.IP \[bu] The .I tasks file has been removed. @@ -581,7 +581,7 @@ In addition, the file that is employed by the .I cpuset controller has been removed. -.IP \(bu +.IP \[bu] An improved mechanism for notification of empty cgroups is provided by the .I cgroup.events file. @@ -920,14 +920,14 @@ The cgroups v2 release-notification mechanism offers the following advantages over the cgroups v1 .I release_agent mechanism: -.IP \(bu 3 +.IP \[bu] 3 It allows for cheaper notification, since a single process can monitor multiple .I cgroup.events files (using the techniques described earlier). By contrast, the cgroups v1 mechanism requires the expense of creating a process for each notification. -.IP \(bu +.IP \[bu] Notification for different cgroup subhierarchies can be delegated to different processes. By contrast, the cgroups v1 mechanism allows only one release agent @@ -1114,7 +1114,7 @@ The effect of this mount option is to cause cgroup namespaces to automatically become delegation boundaries. More specifically, the following restrictions apply for processes inside the cgroup namespace: -.IP \(bu 3 +.IP \[bu] 3 Writes to controller interface files in the root directory of the namespace will fail with the error .BR EPERM . @@ -1124,7 +1124,7 @@ files in the root directory of the cgroup namespace such as and .IR cgroup.subtree_control , and can create subhierarchy underneath the root directory. -.IP \(bu +.IP \[bu] Attempts to migrate processes across the namespace boundary are denied (with the error .BR ENOENT ). @@ -1151,7 +1151,7 @@ Even if a cgroup namespace was employed, because both hierarchies are owned by the unprivileged user .IR cecilia , the following illegitimate actions could be performed: -.IP \(bu 3 +.IP \[bu] 3 A process in the inferior hierarchy could change the resource controller settings in the root directory of that hierarchy. (These resource controller settings are intended to allow control to @@ -1159,7 +1159,7 @@ be exercised from the .I parent cgroup; a process inside the child cgroup should not be allowed to modify them.) -.IP \(bu +.IP \[bu] A process inside the inferior hierarchy could move processes into and out of the inferior hierarchy if the cgroups in the superior hierarchy were somehow visible. @@ -1208,11 +1208,11 @@ A nonprivileged process (i.e., the delegatee) can write the PID of a "target" process into a .I cgroup.procs file only if all of the following are true: -.IP \(bu 3 +.IP \[bu] 3 The writer has write permission on the .I cgroup.procs file in the destination cgroup. -.IP \(bu +.IP \[bu] The writer has write permission on the .I cgroup.procs file in the nearest common ancestor of the source and destination cgroups. @@ -1222,12 +1222,12 @@ This requirement is not enforced for cgroups v1 hierarchies, with the consequence that containment in v1 is less strict than in v2. (For example, in cgroups v1 the user that owns two distinct delegated subhierarchies can move a process between the hierarchies.) -.IP \(bu +.IP \[bu] If the cgroup v2 filesystem was mounted with the .I nsdelegate option, the writer must be able to see the source and destination cgroups from its cgroup namespace. -.IP \(bu +.IP \[bu] In cgroups v1: the effective UID of the writer (i.e., the delegatee) matches the real user ID or the saved set-user-ID of the target process. @@ -1248,10 +1248,10 @@ instead, the delegater must place the first process .SH CGROUPS VERSION 2 THREAD MODE Among the restrictions imposed by cgroups v2 that were not present in cgroups v1 are the following: -.IP \(bu 3 +.IP \[bu] 3 .IR "No thread-granularity control" : all of the threads of a process must be in the same cgroup. -.IP \(bu +.IP \[bu] .IR "No internal processes" : a cgroup can't both have member processes and exercise controllers on child cgroups. @@ -1278,17 +1278,17 @@ To accommodate such use cases, Linux 4.14 added for cgroups v2. .PP Thread mode allows the following: -.IP \(bu 3 +.IP \[bu] 3 The creation of .I threaded subtrees in which the threads of a process may be spread across cgroups inside the tree. (A threaded subtree may contain multiple multithreaded processes.) -.IP \(bu +.IP \[bu] The concept of .IR "threaded controllers" , which can distribute resources across the cgroups in a threaded subtree. -.IP \(bu +.IP \[bu] A relaxation of the "no internal processes rule", so that, within a threaded subtree, a cgroup can both contain member threads and @@ -1343,7 +1343,7 @@ possible future extensions to the thread mode model .SS Threaded versus domain controllers With the addition of threads mode, cgroups v2 now distinguishes two types of resource controllers: -.IP \(bu 3 +.IP \[bu] 3 .I Threaded .\" In the kernel source, look for ".threaded[ \t]*= true" in .\" initializations of struct cgroup_subsys @@ -1356,7 +1356,7 @@ As at Linux 4.19, the following controllers are threaded: .IR perf_event , and .IR pids . -.IP \(bu +.IP \[bu] .I Domain controllers: these controllers support only process granularity for resource control. @@ -1378,19 +1378,19 @@ that currently has the type .IR domain . This has the following effects: .RS -.IP \(bu 3 +.IP \[bu] 3 The type of the cgroup .I y/z becomes .IR threaded . -.IP \(bu +.IP \[bu] The type of the parent cgroup, .IR y , becomes .IR "domain threaded" . The parent cgroup is the root of a threaded subtree (also known as the "threaded root"). -.IP \(bu +.IP \[bu] All other cgroups under .I y that were not already of type @@ -1434,12 +1434,12 @@ we (1.1) enable one or more threaded controllers and (These two steps can be done in either order.) This has the following consequences: .RS -.IP \(bu 3 +.IP \[bu] 3 The type of .I z becomes .IR "domain threaded" . -.IP \(bu +.IP \[bu] All of the descendant cgroups of .I x that were not already of type @@ -1498,17 +1498,17 @@ As with writing to some containment rules apply when writing to the .I cgroup.threads file: -.IP \(bu 3 +.IP \[bu] 3 The writer must have write permission on the cgroup.threads file in the destination cgroup. -.IP \(bu +.IP \[bu] The writer must have write permission on the .I cgroup.procs file in the common ancestor of the source and destination cgroups. (In some cases, the common ancestor may be the source or destination cgroup itself.) -.IP \(bu +.IP \[bu] The source and destination cgroups must be in the same threaded subtree. (Outside a threaded subtree, an attempt to move a thread by writing its thread ID to the @@ -1551,7 +1551,7 @@ and exercise controllers on child cgroups. A number of rules apply when writing to the .I cgroup.type file: -.IP \(bu 3 +.IP \[bu] 3 Only the string .I """threaded""" may be written. @@ -1559,30 +1559,30 @@ In other words, the only explicit transition that is possible is to convert a .I domain cgroup to type .IR threaded . -.IP \(bu +.IP \[bu] The effect of writing .I """threaded""" depends on the current value in .IR cgroup.type , as follows: .RS -.IP \(bu 3 +.IP \[bu] 3 .I domain or .IR "domain threaded" : start the creation of a threaded subtree (whose root is the parent of this cgroup) via the first of the pathways described above; -.IP \(bu +.IP \[bu] .IR "domain\ invalid" : convert this cgroup (which is inside a threaded subtree) to a usable (i.e., .IR threaded ) state; -.IP \(bu +.IP \[bu] .IR threaded : no effect (a "no-op"). .RE -.IP \(bu +.IP \[bu] We can't write to a .I cgroup.type file if the parent's type is @@ -1594,13 +1594,13 @@ state in a top-down manner. There are also some constraints that must be satisfied in order to create a threaded subtree rooted at the cgroup .IR x : -.IP \(bu 3 +.IP \[bu] 3 There can be no member processes in the descendant cgroups of .IR x . (The cgroup .I x can itself have member processes.) -.IP \(bu +.IP \[bu] No domain controllers may be enabled in .IR x 's .I cgroup.subtree_control @@ -1618,11 +1618,11 @@ According to the pathways described above, the type of a cgroup can change to .I domain threaded in either of the following cases: -.IP \(bu 3 +.IP \[bu] 3 The string .I """threaded""" is written to a child cgroup. -.IP \(bu +.IP \[bu] A threaded controller is enabled inside the cgroup and a process is made a member of the cgroup. .PP @@ -1647,14 +1647,14 @@ cgroup .I x reverts to the type .IR domain : -.IP \(bu 3 +.IP \[bu] 3 All .I domain invalid descendants of .I x that are not in lower-level threaded subtrees revert to the type .IR domain . -.IP \(bu +.IP \[bu] The root cgroups in any lower-level threaded subtrees revert to the type .IR "domain threaded" . .\" @@ -1670,10 +1670,10 @@ If the string is written to the .I cgroup.type file of one of the children of the root cgroup, then -.IP \(bu 3 +.IP \[bu] 3 The type of that cgroup becomes .IR threaded . -.IP \(bu +.IP \[bu] The type of any descendants of that cgroup that are not part of lower-level threaded subtrees changes to .IR "domain invalid" . @@ -1780,11 +1780,11 @@ If multiple cgroups v1 controllers are bound to the same hierarchy, then each will show the same hierarchy ID in this field. The value in this field will be 0 if: .RS -.IP \(bu 3 +.IP \[bu] 3 the controller is not mounted on a cgroups v1 hierarchy; -.IP \(bu +.IP \[bu] the controller is bound to the cgroups v2 single unified hierarchy; or -.IP \(bu +.IP \[bu] the controller is disabled (see below). .RE .IP [3] diff --git a/man7/cpuset.7 b/man7/cpuset.7 index 57a21f62c..dffb3563e 100644 --- a/man7/cpuset.7 +++ b/man7/cpuset.7 @@ -519,17 +519,17 @@ always return zero, as represented by the ASCII string "0\en". See the \fBWARNINGS\fR section, below. .PP A per-cpuset, running average is employed for the following reasons: -.IP \(bu 3 +.IP \[bu] 3 Because this meter is per-cpuset rather than per-process or per virtual memory region, the system load imposed by a batch scheduler monitoring this metric is sharply reduced on large systems, because a scan of the tasklist can be avoided on each set of queries. -.IP \(bu +.IP \[bu] Because this meter is a running average rather than an accumulating counter, a batch scheduler can detect memory pressure with a single read, instead of having to read and accumulate results for a period of time. -.IP \(bu +.IP \[bu] Because this meter is per-cpuset rather than per-process, the batch scheduler can obtain the key information\[em]memory pressure in a cpuset\[em]with a single read, rather than having to @@ -629,11 +629,11 @@ Cpuset-specified memory spreading behaves similarly to what is known .PP Cpuset-specified memory spreading can provide substantial performance improvements for jobs that: -.IP \(bu 3 +.IP \[bu] 3 need to place thread-local data on memory nodes close to the CPUs which are running the threads that most frequently access that data; but also -.IP \(bu +.IP \[bu] need to access large filesystem data sets that must to be spread across the several nodes in the job's cpuset in order to fit. .PP @@ -705,11 +705,11 @@ marked isolated using the kernel boot time "isolcpus=" argument. .PP This default load balancing across all CPUs is not well suited to the following two situations: -.IP \(bu 3 +.IP \[bu] 3 On large systems, load balancing across many CPUs is expensive. If the system is managed using cpusets to place independent jobs on separate sets of CPUs, full load balancing is unnecessary. -.IP \(bu +.IP \[bu] Systems supporting real-time on some CPUs need to minimize system overhead on those CPUs, including avoiding process load balancing if that is not needed. @@ -911,22 +911,22 @@ Examples of the \fBList Format\fR: .\" ================== RULES ================== .SH RULES The following rules apply to each cpuset: -.IP \(bu 3 +.IP \[bu] 3 Its CPUs and memory nodes must be a (possibly equal) subset of its parent's. -.IP \(bu +.IP \[bu] It can be marked .I cpu_exclusive only if its parent is. -.IP \(bu +.IP \[bu] It can be marked .I mem_exclusive only if its parent is. -.IP \(bu +.IP \[bu] If it is .IR cpu_exclusive , its CPUs may not overlap any sibling. -.IP \(bu +.IP \[bu] If it is .IR mem_exclusive , its memory nodes may not overlap any sibling. diff --git a/man7/credentials.7 b/man7/credentials.7 index 535248f96..02f8f8aa3 100644 --- a/man7/credentials.7 +++ b/man7/credentials.7 @@ -154,13 +154,13 @@ and .IR <sys/types.h> ). .PP On Linux, each process has the following user and group identifiers: -.IP \(bu 3 +.IP \[bu] 3 Real user ID and real group ID. These IDs determine who owns the process. A process can obtain its real user (group) ID using .BR getuid (2) .RB ( getgid (2)). -.IP \(bu +.IP \[bu] Effective user ID and effective group ID. These IDs are used by the kernel to determine the permissions that the process will have when accessing shared resources such @@ -172,7 +172,7 @@ for this task. A process can obtain its effective user (group) ID using .BR geteuid (2) .RB ( getegid (2)). -.IP \(bu +.IP \[bu] Saved set-user-ID and saved set-group-ID. These IDs are used in set-user-ID and set-group-ID programs to save a copy of the corresponding effective IDs that were set when @@ -194,7 +194,7 @@ or A process can obtain its saved set-user-ID (set-group-ID) using .BR getresuid (2) .RB ( getresgid (2)). -.IP \(bu +.IP \[bu] Filesystem user ID and filesystem group ID (Linux-specific). These IDs, in conjunction with the supplementary group IDs described below, are used to determine permissions for accessing files; see @@ -211,7 +211,7 @@ by calling .BR setfsuid (2) and .BR setfsgid (2). -.IP \(bu +.IP \[bu] Supplementary group IDs. This is a set of additional group IDs that are used for permission checks when accessing files and other shared resources. @@ -241,10 +241,10 @@ the effective and saved set IDs may be changed, as described in .PP Aside from the purposes noted above, a process's user IDs are also employed in a number of other contexts: -.IP \(bu 3 +.IP \[bu] 3 when determining the permissions for sending signals (see .BR kill (2)); -.IP \(bu +.IP \[bu] when determining the permissions for setting process-scheduling parameters (nice value, real time scheduling policy and priority, CPU affinity, I/O priority) using @@ -255,10 +255,10 @@ scheduling policy and priority, CPU affinity, I/O priority) using .BR sched_setattr (2), and .BR ioprio_set (2); -.IP \(bu +.IP \[bu] when checking resource limits (see .BR getrlimit (2)); -.IP \(bu +.IP \[bu] when checking the limit on the number of inotify instances that the process may create (see .BR inotify (7)). diff --git a/man7/environ.7 b/man7/environ.7 index be71add29..3d4f707d6 100644 --- a/man7/environ.7 +++ b/man7/environ.7 @@ -198,7 +198,7 @@ command shall be valid. Note that the behavior of many programs and library routines is influenced by the presence or value of certain environment variables. Examples include the following: -.IP \(bu 3 +.IP \[bu] 3 The variables .BR LANG ", " LANGUAGE ", " NLSPATH ", " LOCPATH , .BR LC_ALL ", " LC_MESSAGES , @@ -207,37 +207,37 @@ and so on influence locale handling; see .BR gettext (3), and .BR locale (7). -.IP \(bu +.IP \[bu] .B TMPDIR influences the path prefix of names created by .BR tempnam (3) and other routines, and the temporary directory used by .BR sort (1) and other programs. -.IP \(bu +.IP \[bu] .BR LD_LIBRARY_PATH ", " LD_PRELOAD , and other .B LD_* variables influence the behavior of the dynamic loader/linker. See also .BR ld.so (8). -.IP \(bu +.IP \[bu] .B POSIXLY_CORRECT makes certain programs and library routines follow the prescriptions of POSIX. -.IP \(bu +.IP \[bu] The behavior of .BR malloc (3) is influenced by .B MALLOC_* variables. -.IP \(bu +.IP \[bu] The variable .B HOSTALIASES gives the name of a file containing aliases to be used with .BR gethostbyname (3). -.IP \(bu +.IP \[bu] .BR TZ " and " TZDIR give timezone information used by .BR tzset (3) @@ -248,14 +248,14 @@ and through that by functions like .BR strftime (3). See also .BR tzselect (8). -.IP \(bu +.IP \[bu] .B TERMCAP gives information on how to address a given terminal (or gives the name of a file containing such information). -.IP \(bu +.IP \[bu] .BR COLUMNS " and " LINES tell applications about the window size, possibly overriding the actual size. -.IP \(bu +.IP \[bu] .BR PRINTER " or " LPDEST may specify the desired printer to use. See diff --git a/man7/epoll.7 b/man7/epoll.7 index bc5fa9b27..ffb409a51 100644 --- a/man7/epoll.7 +++ b/man7/epoll.7 @@ -29,14 +29,14 @@ API is the .IR instance , an in-kernel data structure which, from a user-space perspective, can be considered as a container for two lists: -.IP \(bu 3 +.IP \[bu] 3 The .I interest list (sometimes also called the .B epoll set): the set of file descriptors that the process has registered an interest in monitoring. -.IP \(bu +.IP \[bu] The .I ready list: the set of file descriptors that are "ready" for I/O. @@ -50,7 +50,7 @@ The following system calls are provided to create and manage an .B epoll instance: -.IP \(bu 3 +.IP \[bu] 3 .BR epoll_create (2) creates a new .B epoll @@ -59,13 +59,13 @@ instance and returns a file descriptor referring to that instance. .BR epoll_create1 (2) extends the functionality of .BR epoll_create (2).) -.IP \(bu +.IP \[bu] Interest in particular file descriptors is then registered via .BR epoll_ctl (2), which adds items to the interest list of the .B epoll instance. -.IP \(bu +.IP \[bu] .BR epoll_wait (2) waits for I/O events, blocking the calling thread if no events are currently available. @@ -355,7 +355,7 @@ calling with .BR EPOLL_CTL_MOD . .SS Questions and answers -.IP \(bu 3 +.IP \[bu] 3 What is the key used to distinguish the file descriptors registered in an interest list? .IP @@ -363,7 +363,7 @@ The key is the combination of the file descriptor number and the open file description (also known as an "open file handle", the kernel's internal representation of an open file). -.IP \(bu +.IP \[bu] What happens if you register the same file descriptor on an .B epoll instance twice? @@ -397,7 +397,7 @@ This can be a useful technique for filtering events, if the duplicate file descriptors are registered with different .I events masks. -.IP \(bu +.IP \[bu] Can two .B epoll instances wait for the same file descriptor? @@ -407,7 +407,7 @@ file descriptors? .IP Yes, and events would be reported to both. However, careful programming may be needed to do this correctly. -.IP \(bu +.IP \[bu] Is the .B epoll file descriptor itself poll/epoll/selectable? @@ -417,7 +417,7 @@ If an .B epoll file descriptor has events waiting, then it will indicate as being readable. -.IP \(bu +.IP \[bu] What happens if one attempts to put an .B epoll file descriptor into its own file descriptor set? @@ -431,14 +431,14 @@ However, you can add an file descriptor inside another .B epoll file descriptor set. -.IP \(bu +.IP \[bu] Can I send an .B epoll file descriptor over a UNIX domain socket to another process? .IP Yes, but it does not make sense to do this, since the receiving process would not have copies of the file descriptors in the interest list. -.IP \(bu +.IP \[bu] Will closing a file descriptor cause it to be removed from all .B epoll interest lists? @@ -477,13 +477,13 @@ behind the scenes by library functions that used .BR dup (2) or .BR fork (2)). -.IP \(bu +.IP \[bu] If more than one event occurs between .BR epoll_wait (2) calls, are they combined or reported separately? .IP They will be combined. -.IP \(bu +.IP \[bu] Does an operation on a file descriptor affect the already collected but not yet reported events? .IP @@ -491,7 +491,7 @@ You can do two operations on an existing file descriptor. Remove would be meaningless for this case. Modify will reread available I/O. -.IP \(bu +.IP \[bu] Do I need to continuously read/write a file descriptor until .B EAGAIN @@ -530,7 +530,7 @@ The same is true when writing using (Avoid this latter technique if you cannot guarantee that the monitored file descriptor always refers to a stream-oriented file.) .SS Possible pitfalls and ways to avoid them -.IP \(bu 3 +.IP \[bu] 3 .B Starvation (edge-triggered) .IP If there is a large amount of I/O space, @@ -546,7 +546,7 @@ remember which files need to be processed but still round robin amongst all the ready files. This also supports ignoring subsequent events you receive for file descriptors that are already ready. -.IP \(bu +.IP \[bu] .B If using an event cache... .IP If you use an event cache or store all the file descriptors returned from diff --git a/man7/fanotify.7 b/man7/fanotify.7 index 43580d347..6ebb98ada 100644 --- a/man7/fanotify.7 +++ b/man7/fanotify.7 @@ -968,7 +968,7 @@ events. .PP As of Linux 3.17, the following bugs exist: -.IP \(bu 3 +.IP \[bu] 3 On Linux, a filesystem object may be accessible through multiple paths, for example, a part of a filesystem may be remounted using the .I \-\-bind @@ -977,7 +977,7 @@ option of A listener that marked a mount will be notified only of events that were triggered for a filesystem object using the same mount. Any other event will pass unnoticed. -.IP \(bu +.IP \[bu] .\" FIXME . A patch was proposed. When an event is generated, no check is made to see whether the user ID of the @@ -986,7 +986,7 @@ before passing a file descriptor for that file. This poses a security risk, when the .B CAP_SYS_ADMIN capability is set for programs executed by unprivileged users. -.IP \(bu +.IP \[bu] If a call to .BR read (2) processes multiple events from the fanotify queue and an error occurs, diff --git a/man7/feature_test_macros.7 b/man7/feature_test_macros.7 index bb13e7913..6c0d70cd0 100644 --- a/man7/feature_test_macros.7 +++ b/man7/feature_test_macros.7 @@ -129,7 +129,7 @@ in glibc 2.\fIx\fP, > 0. .PP First, though, a summary of a few details for the impatient: -.IP \(bu 3 +.IP \[bu] 3 The macros that you most likely need to use in modern source code are .B _POSIX_C_SOURCE (for definitions from various versions of POSIX.1), @@ -139,13 +139,13 @@ The macros that you most likely need to use in modern source code are (for GNU and/or Linux specific stuff), and .B _DEFAULT_SOURCE (to get definitions that would normally be provided by default). -.IP \(bu +.IP \[bu] Certain macros are defined with default values. Thus, although one or more macros may be indicated as being required in the SYNOPSIS of a man page, it may not be necessary to define them explicitly. Full details of the defaults are given later in this man page. -.IP \(bu +.IP \[bu] Defining .B _XOPEN_SOURCE with a value of 600 or greater produces the same effects as defining @@ -167,7 +167,7 @@ it is implicit that the following has the same effect: _XOPEN_SOURCE >= 600 .EE .in -.IP \(bu +.IP \[bu] Defining .B _XOPEN_SOURCE with a value of 700 or greater produces the same effects as defining @@ -208,20 +208,20 @@ flag. .B _POSIX_C_SOURCE Defining this macro causes header files to expose definitions as follows: .RS -.IP \(bu 3 +.IP \[bu] 3 The value 1 exposes definitions conforming to POSIX.1-1990 and ISO C (1990). -.IP \(bu +.IP \[bu] The value 2 or greater additionally exposes definitions for POSIX.2-1992. -.IP \(bu +.IP \[bu] The value 199309L or greater additionally exposes definitions for POSIX.1b (real-time extensions). .\" 199506L functionality is available only since glibc 2.1 -.IP \(bu +.IP \[bu] The value 199506L or greater additionally exposes definitions for POSIX.1c (threads). -.IP \(bu +.IP \[bu] (Since glibc 2.3.3) The value 200112L or greater additionally exposes definitions corresponding to the POSIX.1-2001 base specification (excluding the XSI extension). @@ -229,7 +229,7 @@ This value also causes C95 (since glibc 2.12) and C99 (since glibc 2.10) features to be exposed (in other words, the equivalent of defining .BR _ISOC99_SOURCE ). -.IP \(bu +.IP \[bu] (Since glibc 2.10) The value 200809L or greater additionally exposes definitions corresponding to the POSIX.1-2008 base specification (excluding the XSI extension). @@ -247,17 +247,17 @@ feature test macro requirements in the man pages. .B _XOPEN_SOURCE Defining this macro causes header files to expose definitions as follows: .RS -.IP \(bu 3 +.IP \[bu] 3 Defining with any value exposes definitions conforming to POSIX.1, POSIX.2, and XPG4. -.IP \(bu +.IP \[bu] The value 500 or greater additionally exposes definitions for SUSv2 (UNIX 98). -.IP \(bu +.IP \[bu] (Since glibc 2.2) The value 600 or greater additionally exposes definitions for SUSv3 (UNIX 03; i.e., the POSIX.1-2001 base specification plus the XSI extension) and C99 definitions. -.IP \(bu +.IP \[bu] (Since glibc 2.10) The value 700 or greater additionally exposes definitions for SUSv4 (i.e., the POSIX.1-2008 base specification plus the XSI extension). @@ -276,10 +276,10 @@ nor is explicitly defined, then the following macros are implicitly defined: .RS -.IP \(bu 3 +.IP \[bu] 3 .B _POSIX_SOURCE is defined with the value 1. -.IP \(bu +.IP \[bu] .B _POSIX_C_SOURCE is defined, according to the value of .BR _XOPEN_SOURCE : @@ -712,41 +712,41 @@ and either is not defined or .B _XOPEN_SOURCE is defined with a value of 500 or more, then -.IP \(bu 3 +.IP \[bu] 3 .B _POSIX_SOURCE is defined with the value 1; and -.IP \(bu +.IP \[bu] .B _POSIX_C_SOURCE is defined with one of the following values: .RS 3 -.IP \(bu 3 +.IP \[bu] 3 2, if .B _XOPEN_SOURCE is defined with a value less than 500; -.IP \(bu +.IP \[bu] 199506L, if .B _XOPEN_SOURCE is defined with a value greater than or equal to 500 and less than 600; or -.IP \(bu +.IP \[bu] (since glibc 2.4) 200112L, if .B _XOPEN_SOURCE is defined with a value greater than or equal to 600 and less than 700. -.IP \(bu +.IP \[bu] (Since glibc 2.10) 200809L, if .B _XOPEN_SOURCE is defined with a value greater than or equal to 700. -.IP \(bu +.IP \[bu] Older versions of glibc do not know about the values 200112L and 200809L for .BR _POSIX_C_SOURCE , and the setting of this macro will depend on the glibc version. -.IP \(bu +.IP \[bu] If .B _XOPEN_SOURCE is undefined, then the setting of diff --git a/man7/inotify.7 b/man7/inotify.7 index 265b73f52..62112e052 100644 --- a/man7/inotify.7 +++ b/man7/inotify.7 @@ -16,7 +16,7 @@ When a directory is monitored, inotify will return events for the directory itself, and for files inside the directory. .PP The following system calls are used with this API: -.IP \(bu 3 +.IP \[bu] 3 .BR inotify_init (2) creates an inotify instance and returns a file descriptor referring to the inotify instance. @@ -27,7 +27,7 @@ is like but has a .I flags argument that provides access to some extra functionality. -.IP \(bu +.IP \[bu] .BR inotify_add_watch (2) manipulates the "watch list" associated with an inotify instance. Each item ("watch") in the watch list specifies the pathname of @@ -40,16 +40,16 @@ Each watch has a unique "watch descriptor", an integer returned by .BR inotify_add_watch (2) when the watch is created. -.IP \(bu +.IP \[bu] When events occur for monitored files and directories, those events are made available to the application as structured data that can be read from the inotify file descriptor using .BR read (2) (see below). -.IP \(bu +.IP \[bu] .BR inotify_rm_watch (2) removes an item from an inotify watch list. -.IP \(bu +.IP \[bu] When all file descriptors referring to an inotify instance have been closed (using .BR close (2)), @@ -259,10 +259,10 @@ an event can be generated for activity on any link to the file (in the same or a different directory). .PP When monitoring a directory: -.IP \(bu 3 +.IP \[bu] 3 the events marked above with an asterisk (*) can occur both for the directory itself and for objects inside the directory; and -.IP \(bu +.IP \[bu] the events marked with a plus sign (+) occur only for objects inside the directory (not for the directory itself). .PP @@ -90,24 +90,24 @@ is the IP protocol in the IP header to be received or sent. Valid values for .I protocol include: -.IP \(bu 3 +.IP \[bu] 3 0 and .B IPPROTO_TCP for .BR tcp (7) stream sockets; -.IP \(bu +.IP \[bu] 0 and .B IPPROTO_UDP for .BR udp (7) datagram sockets; -.IP \(bu +.IP \[bu] .B IPPROTO_SCTP for .BR sctp (7) stream sockets; and -.IP \(bu +.IP \[bu] .B IPPROTO_UDPLITE for .BR udplite (7) @@ -1148,16 +1148,16 @@ is, the range used for .IR "ephemeral ports" . An ephemeral port is allocated to a socket in the following circumstances: .RS -.IP \(bu 3 +.IP \[bu] 3 the port number in a socket address is specified as 0 when calling .BR bind (2); -.IP \(bu +.IP \[bu] .BR listen (2) is called on a stream socket that was not previously bound; -.IP \(bu +.IP \[bu] .BR connect (2) was called on a socket that was not previously bound; -.IP \(bu +.IP \[bu] .BR sendto (2) is called on a datagram socket that was not previously bound. .RE diff --git a/man7/ipc_namespaces.7 b/man7/ipc_namespaces.7 index b129e69b0..ec670697b 100644 --- a/man7/ipc_namespaces.7 +++ b/man7/ipc_namespaces.7 @@ -28,10 +28,10 @@ but are not visible to processes in other IPC namespaces. The following .I /proc interfaces are distinct in each IPC namespace: -.IP \(bu 3 +.IP \[bu] 3 The POSIX message queue interfaces in .IR /proc/sys/fs/mqueue . -.IP \(bu +.IP \[bu] The System V IPC interfaces in .IR /proc/sys/kernel , namely: @@ -44,7 +44,7 @@ namely: .IR shmmni , and .IR shm_rmid_forced . -.IP \(bu +.IP \[bu] The System V IPC interfaces in .IR /proc/sysvipc . .PP diff --git a/man7/kernel_lockdown.7 b/man7/kernel_lockdown.7 index 7976a29c1..8bcd603b9 100644 --- a/man7/kernel_lockdown.7 +++ b/man7/kernel_lockdown.7 @@ -50,44 +50,44 @@ kprobes .PP and the ability to directly configure and control devices, so as to prevent the use of a device to access or modify a kernel image: -.IP \(bu 3 +.IP \[bu] 3 The use of module parameters that directly specify hardware parameters to drivers through the kernel command line or when loading a module. -.IP \(bu +.IP \[bu] The use of direct PCI BAR access. -.IP \(bu +.IP \[bu] The use of the ioperm and iopl instructions on x86. -.IP \(bu +.IP \[bu] The use of the KD*IO console ioctls. -.IP \(bu +.IP \[bu] The use of the TIOCSSERIAL serial ioctl. -.IP \(bu +.IP \[bu] The alteration of MSR registers on x86. -.IP \(bu +.IP \[bu] The replacement of the PCMCIA CIS. -.IP \(bu +.IP \[bu] The overriding of ACPI tables. -.IP \(bu +.IP \[bu] The use of ACPI error injection. -.IP \(bu +.IP \[bu] The specification of the ACPI RDSP address. -.IP \(bu +.IP \[bu] The use of ACPI custom methods. .PP Certain facilities are restricted: -.IP \(bu 3 +.IP \[bu] 3 Only validly signed modules may be loaded (waived if the module file being loaded is vouched for by IMA appraisal). -.IP \(bu +.IP \[bu] Only validly signed binaries may be kexec'd (waived if the binary image file to be executed is vouched for by IMA appraisal). -.IP \(bu +.IP \[bu] Unencrypted hibernation/suspend to swap are disallowed as the kernel image is saved to a medium that can then be accessed. -.IP \(bu +.IP \[bu] Use of debugfs is not permitted as this allows a whole range of actions including direct configuration of, access to and driving of hardware. -.IP \(bu +.IP \[bu] IMA requires the addition of the "secure_boot" rules to the policy, whether or not they are specified on the command line, for both the built-in and custom policies in secure boot lockdown mode. diff --git a/man7/keyrings.7 b/man7/keyrings.7 index 772abd4ed..4f5e1a55b 100644 --- a/man7/keyrings.7 +++ b/man7/keyrings.7 @@ -353,13 +353,13 @@ thus making the user keyring and anything it contains possessed by default. .\""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" .SS Access rights Each key has the following security-related attributes: -.IP \(bu 3 +.IP \[bu] 3 The owning user ID -.IP \(bu +.IP \[bu] The ID of a group that is permitted to access the key -.IP \(bu +.IP \[bu] A security label -.IP \(bu +.IP \[bu] A permissions mask .PP The permissions mask contains four sets of rights. diff --git a/man7/landlock.7 b/man7/landlock.7 index 2b9c2f957..0818b4bf9 100644 --- a/man7/landlock.7 +++ b/man7/landlock.7 @@ -23,13 +23,13 @@ A Landlock security policy is a set of access rights tied to a file hierarchy. Such policy can be configured and enforced by processes for themselves using three system calls: -.IP \(bu 2 +.IP \[bu] 2 .BR landlock_create_ruleset (2) creates a new ruleset; -.IP \(bu +.IP \[bu] .BR landlock_add_rule (2) adds a new rule to a ruleset; -.IP \(bu +.IP \[bu] .BR landlock_restrict_self (2) enforces a ruleset on the calling thread. .PP diff --git a/man7/man-pages.7 b/man7/man-pages.7 index 317da357b..501ae74d9 100644 --- a/man7/man-pages.7 +++ b/man7/man-pages.7 @@ -483,11 +483,11 @@ be separated by blank lines. However, blank lines (achieved using .IR .PP ) may be added in the following cases: -.IP \(bu 3 +.IP \[bu] 3 to separate long lists of function prototypes into related groups (see for example .BR list (3)); -.IP \(bu +.IP \[bu] in other cases that may improve readability. .PP In the SYNOPSIS, a long function prototype may need to be @@ -543,19 +543,19 @@ This wording is consistent with the wording used in both POSIX.1 and FreeBSD. .SS ATTRIBUTES .\" See man-pages commit c466875ecd64ed3d3cd3e578406851b7dfb397bf Note the following: -.IP \(bu 3 +.IP \[bu] 3 Wrap the table in this section in a .IR ".ad\ l" / .ad pair to disable text filling and a .IR .nh / .hy pair to disable hyphenation. -.IP \(bu +.IP \[bu] Ensure that the table occupies the full page width through the use of an .I lbx description for one of the columns (usually the first column, though in some cases the last column if it contains a lot of text). -.IP \(bu +.IP \[bu] Make free use of .IR T{ / T} macro pairs to allow table cells to be broken over multiple lines @@ -771,11 +771,11 @@ please write all new pages and patches according to these conventions. .PP Aside from the well-known spelling differences, there are a few other subtleties to watch for: -.IP \(bu 3 +.IP \[bu] 3 American English tends to use the forms "backward", "upward", "toward", and so on rather than the British forms "backwards", "upwards", "towards", and so on. -.IP \(bu +.IP \[bu] Opinions are divided on "acknowledgement" vs "acknowledgment". The latter is predominant, but not universal usage in American English. POSIX and the BSD license use the former spelling. @@ -1077,11 +1077,11 @@ This guideline applies also to code examples. .PP The use of real minus signs serves the following purposes: .\" https://lore.kernel.org/linux-man/20210121061158.5ul7226fgbrmodbt@localhost.localdomain/ -.IP \(bu 3 +.IP \[bu] 3 To provide better renderings on various targets other than ASCII terminals, notably in PDF and on Unicode/UTF\-8-capable terminals. -.IP \(bu +.IP \[bu] To generate glyphs that when copied from rendered pages will produce real minus signs when pasted into a terminal. .PP @@ -1113,22 +1113,22 @@ to get a nicely rendered tilde when rendering to PDF. Manual pages may include example programs demonstrating how to use a system call or library function. However, note the following: -.IP \(bu 3 +.IP \[bu] 3 Example programs should be written in C. -.IP \(bu +.IP \[bu] An example program is necessary and useful only if it demonstrates something beyond what can easily be provided in a textual description of the interface. An example program that does nothing other than call an interface usually serves little purpose. -.IP \(bu +.IP \[bu] Example programs should ideally be short (e.g., a good example can often be provided in less than 100 lines of code), though in some cases longer programs may be necessary to properly illustrate the use of an API. -.IP \(bu +.IP \[bu] Expressive code is appreciated. -.IP \(bu +.IP \[bu] Comments should included where helpful. Complete sentences in free-standing comments should be terminated by a period. @@ -1136,18 +1136,18 @@ Periods should generally be omitted in "tag" comments (i.e., comments that are placed on the same line of code); such comments are in any case typically brief phrases rather than complete sentences. -.IP \(bu +.IP \[bu] Example programs should do error checking after system calls and library function calls. -.IP \(bu +.IP \[bu] Example programs should be complete, and compile without warnings when compiled with \fIcc\ \-Wall\fP. -.IP \(bu +.IP \[bu] Where possible and appropriate, example programs should allow experimentation, by varying their behavior based on inputs (ideally from command-line arguments, or alternatively, via input read by the program). -.IP \(bu +.IP \[bu] Example programs should be laid out according to Kernighan and Ritchie style, with 4-space indents. (Avoid the use of TAB characters in source code!) @@ -1159,7 +1159,7 @@ something close to the preferred style: indent \-npro \-kr \-i4 \-ts4 \-sob \-l72 \-ss \-nut \-psl prog.c .EE .in -.IP \(bu +.IP \[bu] For consistency, all example programs should terminate using either of: .IP .in +4n @@ -1178,7 +1178,7 @@ exit(1); return n; .EE .in -.IP \(bu +.IP \[bu] If there is extensive explanatory text before the program source code, mark off the source code with a subsection heading @@ -1195,11 +1195,11 @@ Always do this if the explanatory text includes a shell session log. .PP If you include a shell session log demonstrating the use of a program or other system feature: -.IP \(bu 3 +.IP \[bu] 3 Place the session log above the source code listing. -.IP \(bu +.IP \[bu] Indent the session log by four spaces. -.IP \(bu +.IP \[bu] Boldface the user input text, to distinguish it from output produced by the system. .PP diff --git a/man7/mount_namespaces.7 b/man7/mount_namespaces.7 index 47152ae2d..cfd639c52 100644 --- a/man7/mount_namespaces.7 +++ b/man7/mount_namespaces.7 @@ -38,12 +38,12 @@ with the flag. When a new mount namespace is created, its mount list is initialized as follows: -.IP \(bu 3 +.IP \[bu] 3 If the namespace is created using .BR clone (2), the mount list of the child's namespace is a copy of the mount list in the parent process's mount namespace. -.IP \(bu +.IP \[bu] If the namespace is created using .BR unshare (2), the mount list of the new namespace is a copy of diff --git a/man7/mq_overview.7 b/man7/mq_overview.7 index c7d4c6537..0330c4828 100644 --- a/man7/mq_overview.7 +++ b/man7/mq_overview.7 @@ -169,13 +169,13 @@ The definition of .B HARD_MSGMAX has changed across kernel versions: .RS -.IP \(bu 3 +.IP \[bu] 3 Up to Linux 2.6.32: .I 131072\~/\~sizeof(void\~*) -.IP \(bu +.IP \[bu] Linux 2.6.33 to Linux 3.4: .I (32768\~*\~sizeof(void\~*) / 4) -.IP \(bu +.IP \[bu] Since Linux 3.5: .\" commit 5b5c4d1a1440e94994c73dddbad7be0676cd8b9a 65,536 @@ -223,12 +223,12 @@ The upper limit for .I msgsize_max has varied across kernel versions: .RS -.IP \(bu 3 +.IP \[bu] 3 Before Linux 2.6.28, the upper limit is .BR INT_MAX . -.IP \(bu +.IP \[bu] From Linux 2.6.28 to Linux 3.4, the limit is 1,048,576. -.IP \(bu +.IP \[bu] Since Linux 3.5, the limit is 16,777,216 .RB ( HARD_MSGSIZEMAX ). .RE diff --git a/man7/namespaces.7 b/man7/namespaces.7 index e82bb4d15..97d9c1bce 100644 --- a/man7/namespaces.7 +++ b/man7/namespaces.7 @@ -311,48 +311,48 @@ The value in this file defines a per-user limit on the number of uts namespaces that may be created in the user namespace. .PP Note the following details about these files: -.IP \(bu 3 +.IP \[bu] 3 The values in these files are modifiable by privileged processes. -.IP \(bu +.IP \[bu] The values exposed by these files are the limits for the user namespace in which the opening process resides. -.IP \(bu +.IP \[bu] The limits are per-user. Each user in the same user namespace can create namespaces up to the defined limit. -.IP \(bu +.IP \[bu] The limits apply to all users, including UID 0. -.IP \(bu +.IP \[bu] These limits apply in addition to any other per-namespace limits (such as those for PID and user namespaces) that may be enforced. -.IP \(bu +.IP \[bu] Upon encountering these limits, .BR clone (2) and .BR unshare (2) fail with the error .BR ENOSPC . -.IP \(bu +.IP \[bu] For the initial user namespace, the default value in each of these files is half the limit on the number of threads that may be created .RI ( /proc/sys/kernel/threads\-max ). In all descendant user namespaces, the default value in each file is .BR MAXINT . -.IP \(bu +.IP \[bu] When a namespace is created, the object is also accounted against ancestor namespaces. More precisely: .RS -.IP \(bu 3 +.IP \[bu] 3 Each user namespace has a creator UID. -.IP \(bu +.IP \[bu] When a namespace is created, it is accounted against the creator UIDs in each of the ancestor user namespaces, and the kernel ensures that the corresponding namespace limit for the creator UID in the ancestor namespace is not exceeded. -.IP \(bu +.IP \[bu] The aforementioned point ensures that creating a new user namespace cannot be used as a means to escape the limits in force in the current user namespace. @@ -365,32 +365,32 @@ the namespace terminates or leaves the namespace. However, there are a number of other factors that may pin a namespace into existence even though it has no member processes. These factors include the following: -.IP \(bu 3 +.IP \[bu] 3 An open file descriptor or a bind mount exists for the corresponding .IR /proc/ pid /ns/* file. -.IP \(bu +.IP \[bu] The namespace is hierarchical (i.e., a PID or user namespace), and has a child namespace. -.IP \(bu +.IP \[bu] It is a user namespace that owns one or more nonuser namespaces. -.IP \(bu +.IP \[bu] It is a PID namespace, and there is a process that refers to the namespace via a .IR /proc/ pid /ns/pid_for_children symbolic link. -.IP \(bu +.IP \[bu] It is a time namespace, and there is a process that refers to the namespace via a .IR /proc/ pid /ns/time_for_children symbolic link. -.IP \(bu +.IP \[bu] It is an IPC namespace, and a corresponding mount of an .I mqueue filesystem (see .BR mq_overview (7)) refers to this namespace. -.IP \(bu +.IP \[bu] It is a PID namespace, and a corresponding mount of a .BR proc (5) filesystem refers to this namespace. diff --git a/man7/nptl.7 b/man7/nptl.7 index 784a55070..240684e63 100644 --- a/man7/nptl.7 +++ b/man7/nptl.7 @@ -26,10 +26,10 @@ which might interfere with the operation of the NPTL implementation, various glibc library functions and system call wrapper functions attempt to hide these signals from applications, as follows: -.IP \(bu 3 +.IP \[bu] 3 .B SIGRTMIN is defined with the value 34 (rather than 32). -.IP \(bu +.IP \[bu] The .BR sigwaitinfo (2), .BR sigtimedwait (2), @@ -37,13 +37,13 @@ and .BR sigwait (3) interfaces silently ignore requests to wait for these two signals if they are specified in the signal set argument of these calls. -.IP \(bu +.IP \[bu] The .BR sigprocmask (2) and .BR pthread_sigmask (3) interfaces silently ignore attempts to block these two signals. -.IP \(bu +.IP \[bu] The .BR sigaction (2), .BR pthread_kill (3), @@ -52,7 +52,7 @@ and interfaces fail with the error .B EINVAL (indicating an invalid signal number) if these signals are specified. -.IP \(bu +.IP \[bu] .BR sigfillset (3) does not include these two signals when it creates a full signal set. .\" diff --git a/man7/packet.7 b/man7/packet.7 index 4bfd55d9f..8eb3f56a3 100644 --- a/man7/packet.7 +++ b/man7/packet.7 @@ -297,7 +297,7 @@ The group is deleted when the last socket is closed. Fanout supports multiple algorithms to spread traffic between sockets, as follows: .RS -.IP \(bu 3 +.IP \[bu] 3 The default mode, .BR PACKET_FANOUT_HASH , sends packets from the same flow to the same socket to maintain @@ -305,21 +305,21 @@ per-flow ordering. For each packet, it chooses a socket by taking the packet flow hash modulo the number of sockets in the group, where a flow hash is a hash over network-layer address and optional transport-layer port fields. -.IP \(bu +.IP \[bu] The load-balance mode .B PACKET_FANOUT_LB implements a round-robin algorithm. -.IP \(bu +.IP \[bu] .B PACKET_FANOUT_CPU selects the socket based on the CPU that the packet arrived on. -.IP \(bu +.IP \[bu] .B PACKET_FANOUT_ROLLOVER processes all data on a single socket, moving to the next when one becomes backlogged. -.IP \(bu +.IP \[bu] .B PACKET_FANOUT_RND selects the socket using a pseudo-random number generator. -.IP \(bu +.IP \[bu] .B PACKET_FANOUT_QM .\" commit 2d36097d26b5991d71a2cf4a20c1a158f0f1bfcd (available since Linux 3.14) diff --git a/man7/pthreads.7 b/man7/pthreads.7 index aa00c50bc..e0aad9921 100644 --- a/man7/pthreads.7 +++ b/man7/pthreads.7 @@ -15,44 +15,44 @@ but each thread has its own stack (automatic variables). .PP POSIX.1 also requires that threads share a range of other attributes (i.e., these attributes are process-wide rather than per-thread): -.IP \(bu 3 +.IP \[bu] 3 process ID -.IP \(bu +.IP \[bu] parent process ID -.IP \(bu +.IP \[bu] process group ID and session ID -.IP \(bu +.IP \[bu] controlling terminal -.IP \(bu +.IP \[bu] user and group IDs -.IP \(bu +.IP \[bu] open file descriptors -.IP \(bu +.IP \[bu] record locks (see .BR fcntl (2)) -.IP \(bu +.IP \[bu] signal dispositions -.IP \(bu +.IP \[bu] file mode creation mask .RB ( umask (2)) -.IP \(bu +.IP \[bu] current directory .RB ( chdir (2)) and root directory .RB ( chroot (2)) -.IP \(bu +.IP \[bu] interval timers .RB ( setitimer (2)) and POSIX timers .RB ( timer_create (2)) -.IP \(bu +.IP \[bu] nice value .RB ( setpriority (2)) -.IP \(bu +.IP \[bu] resource limits .RB ( setrlimit (2)) -.IP \(bu +.IP \[bu] measurements of the consumption of CPU time .RB ( times (2)) and resources @@ -60,29 +60,29 @@ and resources .PP As well as the stack, POSIX.1 specifies that various other attributes are distinct for each thread, including: -.IP \(bu 3 +.IP \[bu] 3 thread ID (the .I pthread_t data type) -.IP \(bu +.IP \[bu] signal mask .RB ( pthread_sigmask (3)) -.IP \(bu +.IP \[bu] the .I errno variable -.IP \(bu +.IP \[bu] alternate signal stack .RB ( sigaltstack (2)) -.IP \(bu +.IP \[bu] real-time scheduling policy and priority .RB ( sched (7)) .PP The following Linux-specific features are also per-thread: -.IP \(bu 3 +.IP \[bu] 3 capabilities (see .BR capabilities (7)) -.IP \(bu +.IP \[bu] CPU affinity .RB ( sched_setaffinity (2)) .SS Pthreads function return values @@ -681,14 +681,14 @@ thread joining, and so on) are implemented using the Linux system call. .SS LinuxThreads The notable features of this implementation are the following: -.IP \(bu 3 +.IP \[bu] 3 In addition to the main (initial) thread, and the threads that the program creates using .BR pthread_create (3), the implementation creates a "manager" thread. This thread handles thread creation and termination. (Problems can result if this thread is inadvertently killed.) -.IP \(bu +.IP \[bu] Signals are used internally by the implementation. On Linux 2.2 and later, the first three real-time signals are used (see also @@ -700,7 +700,7 @@ and are used. Applications must avoid the use of whichever set of signals is employed by the implementation. -.IP \(bu +.IP \[bu] Threads do not share process IDs. (In effect, LinuxThreads threads are implemented as processes which share more information than usual, but which do not share a common process ID.) @@ -710,11 +710,11 @@ are visible as separate processes using .PP The LinuxThreads implementation deviates from the POSIX.1 specification in a number of ways, including the following: -.IP \(bu 3 +.IP \[bu] 3 Calls to .BR getpid (2) return a different value in each thread. -.IP \(bu +.IP \[bu] Calls to .BR getppid (2) in threads other than the main thread return the process ID of the @@ -723,7 +723,7 @@ manager thread; instead in these threads should return the same value as .BR getppid (2) in the main thread. -.IP \(bu +.IP \[bu] When one thread creates a new child process using .BR fork (2), any thread should be able to @@ -733,39 +733,39 @@ However, the implementation allows only the thread that created the child to .BR wait (2) on it. -.IP \(bu +.IP \[bu] When a thread calls .BR execve (2), all other threads are terminated (as required by POSIX.1). However, the resulting process has the same PID as the thread that called .BR execve (2): it should have the same PID as the main thread. -.IP \(bu +.IP \[bu] Threads do not share user and group IDs. This can cause complications with set-user-ID programs and can cause failures in Pthreads functions if an application changes its credentials using .BR seteuid (2) or similar. -.IP \(bu +.IP \[bu] Threads do not share a common session ID and process group ID. -.IP \(bu +.IP \[bu] Threads do not share record locks created using .BR fcntl (2). -.IP \(bu +.IP \[bu] The information returned by .BR times (2) and .BR getrusage (2) is per-thread rather than process-wide. -.IP \(bu +.IP \[bu] Threads do not share semaphore undo values (see .BR semop (2)). -.IP \(bu +.IP \[bu] Threads do not share interval timers. -.IP \(bu +.IP \[bu] Threads do not share a common nice value. -.IP \(bu +.IP \[bu] POSIX.1 distinguishes the notions of signals that are directed to the process as a whole and signals that are directed to individual threads. @@ -775,7 +775,7 @@ for example) should be handled by a single, arbitrarily selected thread within the process. LinuxThreads does not support the notion of process-directed signals: signals may be sent only to specific threads. -.IP \(bu +.IP \[bu] Threads have distinct alternate signal stack settings. However, a new thread's alternate signal stack settings are copied from the thread that created it, so that @@ -797,7 +797,7 @@ See for further details. .PP NPTL still has at least one nonconformance with POSIX.1: -.IP \(bu 3 +.IP \[bu] 3 Threads do not share a common nice value. .\" FIXME . bug report filed for NPTL nice nonconformance .\" http://bugzilla.kernel.org/show_bug.cgi?id=6258 @@ -806,26 +806,26 @@ Threads do not share a common nice value. .\" Monitor this to see if it makes it into mainline. .PP Some NPTL nonconformances occur only with older kernels: -.IP \(bu 3 +.IP \[bu] 3 The information returned by .BR times (2) and .BR getrusage (2) is per-thread rather than process-wide (fixed in Linux 2.6.9). -.IP \(bu +.IP \[bu] Threads do not share resource limits (fixed in Linux 2.6.10). -.IP \(bu +.IP \[bu] Threads do not share interval timers (fixed in Linux 2.6.12). -.IP \(bu +.IP \[bu] Only the main thread is permitted to start a new session using .BR setsid (2) (fixed in Linux 2.6.16). -.IP \(bu +.IP \[bu] Only the main thread is permitted to make the process into a process group leader using .BR setpgid (2) (fixed in Linux 2.6.16). -.IP \(bu +.IP \[bu] Threads have distinct alternate signal stack settings. However, a new thread's alternate signal stack settings are copied from the thread that created it, so that @@ -833,7 +833,7 @@ the threads initially share an alternate signal stack (fixed in Linux 2.6.16). .PP Note the following further points about the NPTL implementation: -.IP \(bu 3 +.IP \[bu] 3 If the stack size soft resource limit (see the description of .B RLIMIT_STACK in diff --git a/man7/queue.7 b/man7/queue.7 index 0123356f6..83851c7a1 100644 --- a/man7/queue.7 +++ b/man7/queue.7 @@ -30,13 +30,13 @@ CIRCLEQ doubly linked circular queues .PP All structures support the following functionality: -.IP \(bu 3 +.IP \[bu] 3 Insertion of a new entry at the head of the list. -.IP \(bu +.IP \[bu] Insertion of a new entry after any element in the list. -.IP \(bu +.IP \[bu] O(1) removal of an entry from the head of the list. -.IP \(bu +.IP \[bu] Forward traversal through the list. .\".IP * .\" Swapping the contents of two lists. @@ -51,21 +51,21 @@ Singly linked lists are ideal for applications with large datasets and few or no removals, or for implementing a LIFO queue. Singly linked lists add the following functionality: -.IP \(bu 3 +.IP \[bu] 3 O(n) removal of any entry in the list. .SS Singly linked tail queues (STAILQ) Singly linked tail queues add the following functionality: -.IP \(bu 3 +.IP \[bu] 3 Entries can be added at the end of a list. -.IP \(bu +.IP \[bu] O(n) removal of any entry in the list. -.IP \(bu +.IP \[bu] They may be concatenated. .PP However: -.IP \(bu 3 +.IP \[bu] 3 All list insertions must specify the head of the list. -.IP \(bu +.IP \[bu] Each head entry requires two pointers rather than one. .PP Singly linked tail queues are ideal for applications with @@ -74,45 +74,45 @@ or for implementing a FIFO queue. .SS Doubly linked data structures All doubly linked types of data structures (lists and tail queues) additionally allow: -.IP \(bu 3 +.IP \[bu] 3 Insertion of a new entry before any element in the list. -.IP \(bu +.IP \[bu] O(1) removal of any entry in the list. .PP However: -.IP \(bu 3 +.IP \[bu] 3 Each element requires two pointers rather than one. .SS Doubly linked lists (LIST) Linked lists are the simplest of the doubly linked data structures. They add the following functionality over the above: -.IP \(bu 3 +.IP \[bu] 3 They may be traversed backwards. .PP However: -.IP \(bu 3 +.IP \[bu] 3 To traverse backwards, an entry to begin the traversal and the list in which it is contained must be specified. .SS Doubly linked tail queues (TAILQ) Tail queues add the following functionality: -.IP \(bu 3 +.IP \[bu] 3 Entries can be added at the end of a list. -.IP \(bu +.IP \[bu] They may be traversed backwards, from tail to head. -.IP \(bu +.IP \[bu] They may be concatenated. .PP However: -.IP \(bu 3 +.IP \[bu] 3 All list insertions and removals must specify the head of the list. -.IP \(bu +.IP \[bu] Each head entry requires two pointers rather than one. .SS Doubly linked circular queues (CIRCLEQ) Circular queues add the following functionality over the above: -.IP \(bu 3 +.IP \[bu] 3 The first and last entries are connected. .PP However: -.IP \(bu 3 +.IP \[bu] 3 The termination condition for traversal is more complex. .SH STANDARDS Not in POSIX.1, POSIX.1-2001, or POSIX.1-2008. diff --git a/man7/random.7 b/man7/random.7 index 009148f0b..280e798c6 100644 --- a/man7/random.7 +++ b/man7/random.7 @@ -19,7 +19,7 @@ a cryptographically secure pseudorandom number generator (CSPRNG). It is designed for security, rather than speed. .PP The following interfaces provide access to output from the kernel CSPRNG: -.IP \(bu 3 +.IP \[bu] 3 The .I /dev/urandom and @@ -28,7 +28,7 @@ devices, both described in .BR random (4). These devices have been present on Linux since early times, and are also available on many other systems. -.IP \(bu +.IP \[bu] The Linux-specific .BR getrandom (2) system call, available since Linux 3.17. diff --git a/man7/rtld-audit.7 b/man7/rtld-audit.7 index 42c1795ea..ca47427c3 100644 --- a/man7/rtld-audit.7 +++ b/man7/rtld-audit.7 @@ -464,11 +464,11 @@ in the chapter .SH NOTES Note the following differences from the Solaris dynamic linker auditing API: -.IP \(bu 3 +.IP \[bu] 3 The Solaris .BR la_objfilter () interface is not supported by the GNU implementation. -.IP \(bu +.IP \[bu] The Solaris .BR la_symbind32 () and @@ -476,7 +476,7 @@ and functions do not provide a .I symname argument. -.IP \(bu +.IP \[bu] The Solaris .BR la_pltexit () function does not provide diff --git a/man7/sched.7 b/man7/sched.7 index 8b50f5461..568b74b42 100644 --- a/man7/sched.7 +++ b/man7/sched.7 @@ -137,15 +137,15 @@ it will always immediately preempt any currently running algorithm without time slicing. For threads scheduled under the \fBSCHED_FIFO\fP policy, the following rules apply: -.IP \(bu 3 +.IP \[bu] 3 A running \fBSCHED_FIFO\fP thread that has been preempted by another thread of higher priority will stay at the head of the list for its priority and will resume execution as soon as all threads of higher priority are blocked again. -.IP \(bu +.IP \[bu] When a blocked \fBSCHED_FIFO\fP thread becomes runnable, it will be inserted at the end of the list for its priority. -.IP \(bu +.IP \[bu] If a call to .BR sched_setscheduler (2), .BR sched_setparam (2), @@ -180,7 +180,7 @@ should result in the thread being placed at the end of the list for its priority. .\" In Linux 2.2.x and Linux 2.4.x, the thread is placed at the front of the queue .\" In Linux 2.0.x, the Right Thing happened: the thread went to the back -- MTK -.IP \(bu +.IP \[bu] A thread calling .BR sched_yield (2) will be put at the end of the list. @@ -492,7 +492,7 @@ When this flag is set, children created by .BR fork (2) do not inherit privileged scheduling policies. The reset-on-fork flag can be set by either: -.IP \(bu 3 +.IP \[bu] 3 ORing the .B SCHED_RESET_ON_FORK flag into the @@ -501,7 +501,7 @@ argument when calling .BR sched_setscheduler (2) (since Linux 2.6.32); or -.IP \(bu +.IP \[bu] specifying the .B SCHED_FLAG_RESET_ON_FORK flag in @@ -524,7 +524,7 @@ by creating multiple child processes. .PP More precisely, if the reset-on-fork flag is set, the following rules apply for subsequently created children: -.IP \(bu 3 +.IP \[bu] 3 If the calling thread has a scheduling policy of .B SCHED_FIFO or @@ -532,7 +532,7 @@ or the policy is reset to .B SCHED_OTHER in child processes. -.IP \(bu +.IP \[bu] If the calling process has a negative nice value, the nice value is reset to zero in child processes. .PP @@ -571,7 +571,7 @@ and .B SCHED_FIFO policies. The rules for changing scheduling policy and priority are as follows: -.IP \(bu 3 +.IP \[bu] 3 If an unprivileged thread has a nonzero .B RLIMIT_RTPRIO soft limit, then it can change its scheduling policy and priority, @@ -579,17 +579,17 @@ subject to the restriction that the priority cannot be set to a value higher than the maximum of its current priority and its .B RLIMIT_RTPRIO soft limit. -.IP \(bu +.IP \[bu] If the .B RLIMIT_RTPRIO soft limit is 0, then the only permitted changes are to lower the priority, or to switch to a non-real-time policy. -.IP \(bu +.IP \[bu] Subject to the same rules, another unprivileged thread can also make these changes, as long as the effective user ID of the thread making the change matches the real or effective user ID of the target thread. -.IP \(bu +.IP \[bu] Special rules apply for the .B SCHED_IDLE policy. @@ -832,11 +832,11 @@ Task groups have a hierarchical relationship, rooted under the initial task group on the system, known as the "root task group". Task groups are formed in the following circumstances: -.IP \(bu 3 +.IP \[bu] 3 All of the threads in a CPU cgroup form a task group. The parent of this task group is the task group of the corresponding parent cgroup. -.IP \(bu +.IP \[bu] If autogrouping is enabled, then all of the threads that are (implicitly) placed in an autogroup (i.e., the same session, as created by @@ -844,14 +844,14 @@ then all of the threads that are (implicitly) placed in an autogroup form a task group. Each new autogroup is thus a separate task group. The root task group is the parent of all such autogroups. -.IP \(bu +.IP \[bu] If autogrouping is enabled, then the root task group consists of all processes in the root CPU cgroup that were not otherwise implicitly placed into a new autogroup. -.IP \(bu +.IP \[bu] If autogrouping is disabled, then the root task group consists of all processes in the root CPU cgroup. -.IP \(bu +.IP \[bu] If group scheduling was disabled (i.e., the kernel was configured without .BR CONFIG_FAIR_GROUP_SCHED ), then all of the processes on the system are notionally placed diff --git a/man7/signal-safety.7 b/man7/signal-safety.7 index cc6af30b7..3d6ddc7eb 100644 --- a/man7/signal-safety.7 +++ b/man7/signal-safety.7 @@ -274,14 +274,14 @@ T} .TE .PP Notes: -.IP \(bu 3 +.IP \[bu] 3 POSIX.1-2001 and POSIX.1-2001 TC2 required the functions .BR fpathconf (3), .BR pathconf (3), and .BR sysconf (3) to be async-signal-safe, but this requirement was removed in POSIX.1-2008. -.IP \(bu +.IP \[bu] If a signal handler interrupts the execution of an unsafe function, and the handler terminates via a call to .BR longjmp (3) @@ -289,7 +289,7 @@ or .BR siglongjmp (3) and the program subsequently calls an unsafe function, then the behavior of the program is undefined. -.IP \(bu +.IP \[bu] POSIX.1-2001 TC1 clarified that if an application calls .BR fork (2) @@ -302,7 +302,7 @@ is likely to remove .BR fork (2) from the list of async-signal-safe functions. .\" -.IP \(bu +.IP \[bu] Asynchronous signal handlers that call functions which are cancelation points and nest over regions of deferred cancelation may trigger cancelation whose behavior is as if asynchronous cancelation had @@ -318,7 +318,7 @@ on entry and restores its value before returning. .SS Deviations in the GNU C library The following known deviations from the standard occur in the GNU C library: -.IP \(bu 3 +.IP \[bu] 3 Before glibc 2.24, .BR execl (3) and @@ -328,7 +328,7 @@ employed internally and were consequently not async-signal-safe. .\" https://sourceware.org/bugzilla/show_bug.cgi?id=19534 This was fixed in glibc 2.24. -.IP \(bu +.IP \[bu] .\" FIXME . https://sourceware.org/bugzilla/show_bug.cgi?id=13172 The glibc implementation of .BR aio_suspend (3) diff --git a/man7/signal.7 b/man7/signal.7 index 73accfd2d..ea279d0e2 100644 --- a/man7/signal.7 +++ b/man7/signal.7 @@ -136,7 +136,7 @@ to block execution until the signal is delivered, at which point the kernel returns information about the signal to the caller. There are two general ways to do this: -.IP \(bu 3 +.IP \[bu] 3 .BR sigwaitinfo (2), .BR sigtimedwait (2), and @@ -144,7 +144,7 @@ and suspend execution until one of the signals in a specified set is delivered. Each of these calls returns information about the delivered signal. -.IP \(bu +.IP \[bu] .BR signalfd (2) returns a file descriptor that can be used to read information about signals that are delivered to the caller. @@ -264,16 +264,16 @@ Various pieces of signal-related context are saved into a special frame that is created on the stack. The saved information includes: .RS -.IP \(bu 3 +.IP \[bu] 3 the program counter register (i.e., the address of the next instruction in the main program that should be executed when the signal handler returns); -.IP \(bu +.IP \[bu] architecture-specific register state required for resuming the interrupted program; -.IP \(bu +.IP \[bu] the thread's current signal mask; -.IP \(bu +.IP \[bu] the thread's alternate signal stack settings. .RE .IP @@ -512,7 +512,7 @@ SIGUNUSED 31 \- \- 31 .TE .PP Note the following: -.IP \(bu 3 +.IP \[bu] 3 Where defined, .B SIGUNUSED is synonymous with @@ -520,7 +520,7 @@ is synonymous with Since glibc 2.26, .B SIGUNUSED is no longer defined on any architecture. -.IP \(bu +.IP \[bu] Signal 29 is .BR SIGINFO / SIGPWR (synonyms for the same value) on Alpha but @@ -569,11 +569,11 @@ The default action for an unhandled real-time signal is to terminate the receiving process. .PP Real-time signals are distinguished by the following: -.IP \(bu 3 +.IP \[bu] 3 Multiple instances of real-time signals can be queued. By contrast, if multiple instances of a standard signal are delivered while that signal is currently blocked, then only one instance is queued. -.IP \(bu +.IP \[bu] If the signal is sent using .BR sigqueue (3), an accompanying value (either an integer or a pointer) can be sent @@ -593,7 +593,7 @@ and .I si_uid fields of this structure can be used to obtain the PID and real user ID of the process sending the signal. -.IP \(bu +.IP \[bu] Real-time signals are delivered in a guaranteed order. Multiple real-time signals of the same type are delivered in the order they were sent. @@ -653,9 +653,9 @@ Linux 2.0 and earlier Linux 2.2 and later .SS Interruption of system calls and library functions by signal handlers If a signal handler is invoked while a system call or library function call is blocked, then either: -.IP \(bu 3 +.IP \[bu] 3 the call is automatically restarted after the signal handler returns; or -.IP \(bu +.IP \[bu] the call fails with the error .BR EINTR . .PP @@ -675,7 +675,7 @@ flag was used; otherwise the call fails with the error .BR EINTR : .\" The following system calls use ERESTARTSYS, .\" so that they are restartable -.IP \(bu 3 +.IP \[bu] 3 .BR read (2), .BR readv (2), .BR write (2), @@ -691,18 +691,18 @@ then the call will return a success status (normally, the number of bytes transferred). Note that a (local) disk is not a slow device according to this definition; I/O operations on disk devices are not interrupted by signals. -.IP \(bu +.IP \[bu] .BR open (2), if it can block (e.g., when opening a FIFO; see .BR fifo (7)). -.IP \(bu +.IP \[bu] .BR wait (2), .BR wait3 (2), .BR wait4 (2), .BR waitid (2), and .BR waitpid (2). -.IP \(bu +.IP \[bu] Socket interfaces: .\" If a timeout (setsockopt()) is in effect on the socket, then these .\" system calls switch to using EINTR. Consequently, they and are not @@ -720,7 +720,7 @@ and .BR sendmsg (2), .\" FIXME What about sendmmsg()? unless a timeout has been set on the socket (see below). -.IP \(bu +.IP \[bu] File locking interfaces: .BR flock (2) and @@ -730,30 +730,30 @@ and .B F_OFD_SETLKW operations of .BR fcntl (2) -.IP \(bu +.IP \[bu] POSIX message queue interfaces: .BR mq_receive (3), .BR mq_timedreceive (3), .BR mq_send (3), and .BR mq_timedsend (3). -.IP \(bu +.IP \[bu] .BR futex (2) .B FUTEX_WAIT (since Linux 2.6.22; .\" commit 72c1bbf308c75a136803d2d76d0e18258be14c7a beforehand, always failed with .BR EINTR ). -.IP \(bu +.IP \[bu] .BR getrandom (2). -.IP \(bu +.IP \[bu] .BR pthread_mutex_lock (3), .BR pthread_cond_wait (3), and related APIs. -.IP \(bu +.IP \[bu] .BR futex (2) .BR FUTEX_WAIT_BITSET . -.IP \(bu +.IP \[bu] POSIX semaphore interfaces: .BR sem_wait (3) and @@ -762,7 +762,7 @@ and .\" as a consequence of the 2.6.22 changes in the futex() implementation beforehand, always failed with .BR EINTR ). -.IP \(bu +.IP \[bu] .BR read (2) from an .BR inotify (7) @@ -781,7 +781,7 @@ they always fail with the error when interrupted by a signal handler: .\" These are the system calls that give EINTR or ERESTARTNOHAND .\" on interruption by a signal handler. -.IP \(bu 3 +.IP \[bu] 3 "Input" socket interfaces, when a timeout .RB ( SO_RCVTIMEO ) has been set on the socket using @@ -795,7 +795,7 @@ has been set on the socket using argument), and .BR recvmsg (2). -.IP \(bu +.IP \[bu] "Output" socket interfaces, when a timeout .RB ( SO_RCVTIMEO ) has been set on the socket using @@ -806,14 +806,14 @@ has been set on the socket using and .BR sendmsg (2). .\" FIXME What about sendmmsg()? -.IP \(bu +.IP \[bu] Interfaces used to wait for signals: .BR pause (2), .BR sigsuspend (2), .BR sigtimedwait (2), and .BR sigwaitinfo (2). -.IP \(bu +.IP \[bu] File descriptor multiplexing interfaces: .BR epoll_wait (2), .BR epoll_pwait (2), @@ -822,7 +822,7 @@ File descriptor multiplexing interfaces: .BR select (2), and .BR pselect (2). -.IP \(bu +.IP \[bu] System V IPC interfaces: .\" On some other systems, SA_RESTART does restart these system calls .BR msgrcv (2), @@ -830,13 +830,13 @@ System V IPC interfaces: .BR semop (2), and .BR semtimedop (2). -.IP \(bu +.IP \[bu] Sleep interfaces: .BR clock_nanosleep (2), .BR nanosleep (2), and .BR usleep (3). -.IP \(bu +.IP \[bu] .BR io_getevents (2). .PP The @@ -863,7 +863,7 @@ This behavior is not sanctioned by POSIX.1, and doesn't occur on other systems. .PP The Linux interfaces that display this behavior are: -.IP \(bu 3 +.IP \[bu] 3 "Input" socket interfaces, when a timeout .RB ( SO_RCVTIMEO ) has been set on the socket using @@ -877,7 +877,7 @@ has been set on the socket using argument), and .BR recvmsg (2). -.IP \(bu +.IP \[bu] "Output" socket interfaces, when a timeout .RB ( SO_RCVTIMEO ) has been set on the socket using @@ -891,33 +891,33 @@ and if a send timeout .RB ( SO_SNDTIMEO ) has been set. -.IP \(bu +.IP \[bu] .BR epoll_wait (2), .BR epoll_pwait (2). -.IP \(bu +.IP \[bu] .BR semop (2), .BR semtimedop (2). -.IP \(bu +.IP \[bu] .BR sigtimedwait (2), .BR sigwaitinfo (2). -.IP \(bu +.IP \[bu] Linux 3.7 and earlier: .BR read (2) from an .BR inotify (7) file descriptor .\" commit 1ca39ab9d21ac93f94b9e3eb364ea9a5cf2aba06 -.IP \(bu +.IP \[bu] Linux 2.6.21 and earlier: .BR futex (2) .BR FUTEX_WAIT , .BR sem_timedwait (3), .BR sem_wait (3). -.IP \(bu +.IP \[bu] Linux 2.6.8 and earlier: .BR msgrcv (2), .BR msgsnd (2). -.IP \(bu +.IP \[bu] Linux 2.4 and earlier: .BR nanosleep (2). .SH STANDARDS diff --git a/man7/string_copying.7 b/man7/string_copying.7 index 55e63aa14..7e42a99f0 100644 --- a/man7/string_copying.7 +++ b/man7/string_copying.7 @@ -215,17 +215,17 @@ it makes sense to truncate. Remember to check the return value of such function calls. .PP Functions that truncate: -.IP \(bu 3 +.IP \[bu] 3 .BR stpecpy (3) is the most efficient string copy function that performs truncation. It only requires to check for truncation once after all chained calls. -.IP \(bu +.IP \[bu] .BR strlcpy (3bsd) and .BR strlcat (3bsd) are designed to crash if the input string is invalid (doesn't contain a terminating null byte). -.IP \(bu +.IP \[bu] .BR stpncpy (3) and .BR strncpy (3) @@ -313,15 +313,15 @@ also require that .I dst holds a string before the call. List of functions: -.IP \(bu 3 +.IP \[bu] 3 .PD 0 .BR stpcpy (3) -.IP \(bu +.IP \[bu] .BR strcpy "(3), \c" .BR strcat (3) -.IP \(bu +.IP \[bu] .BR stpecpy (3) -.IP \(bu +.IP \[bu] .BR strlcpy "(3bsd), \c" .BR strlcat (3bsd) .PD @@ -331,10 +331,10 @@ but create a character sequence as output. These functions have confusing names, and have a long history of misuse. List of functions: -.IP \(bu 3 +.IP \[bu] 3 .PD 0 .BR stpncpy (3) -.IP \(bu +.IP \[bu] .BR strncpy (3) .PD .PP @@ -347,22 +347,22 @@ holds a string before the call. .BR strncat (3) has an even more misleading name than the functions above. List of functions: -.IP \(bu 3 +.IP \[bu] 3 .PD 0 .BR zustr2stp (3) -.IP \(bu +.IP \[bu] .BR strncat (3) -.IP \(bu +.IP \[bu] .BR ustr2stp (3) .PD .PP Other functions operate on an input character sequence to create an output character sequence. List of functions: -.IP \(bu 3 +.IP \[bu] 3 .PD 0 .BR ustpcpy (3) -.IP \(bu +.IP \[bu] .BR zustr2stp (3) .PD .\" ----- DESCRIPTION :: Functions :: ---------------------------------/ @@ -506,12 +506,12 @@ It returns a pointer suitable for chaining. .SH RETURN VALUE The following functions return a pointer to the terminating null byte in the destination string. -.IP \(bu 3 +.IP \[bu] 3 .PD 0 .BR stpcpy (3) -.IP \(bu +.IP \[bu] .BR ustr2stp (3) -.IP \(bu +.IP \[bu] .BR zustr2stp (3) .PD .PP @@ -520,7 +520,7 @@ a pointer to the terminating null byte in the destination string, except when truncation occurs; if truncation occurs, it returns a pointer to the end of the destination buffer. -.IP \(bu 3 +.IP \[bu] 3 .BR stpecpy (3) .PP The following function returns @@ -529,23 +529,23 @@ in the destination character sequence; if truncation occurs, that pointer is equivalent to a pointer to the end of the destination buffer. -.IP \(bu 3 +.IP \[bu] 3 .BR stpncpy (3) .PP The following functions return a pointer to one after the last character in the destination character sequence. -.IP \(bu 3 +.IP \[bu] 3 .PD 0 .BR zustr2ustp (3) -.IP \(bu +.IP \[bu] .BR ustpcpy (3) .PD .PP The following functions return the length of the total string that they tried to create (as if truncation didn't occur). -.IP \(bu 3 +.IP \[bu] 3 .BR strlcpy (3bsd), .BR strlcat (3bsd) .PP @@ -553,13 +553,13 @@ The following functions return the .I dst pointer, which is useless. -.IP \(bu 3 +.IP \[bu] 3 .PD 0 .BR strcpy (3), .BR strcat (3) -.IP \(bu +.IP \[bu] .BR strncpy (3) -.IP \(bu +.IP \[bu] .BR strncat (3) .PD .\" ----- NOTES :: strscpy(9) -----------------------------------------/ diff --git a/man7/symlink.7 b/man7/symlink.7 index 1ddc03976..77fefb743 100644 --- a/man7/symlink.7 +++ b/man7/symlink.7 @@ -168,12 +168,12 @@ exceeded.) .PP There are three separate areas that need to be discussed. They are as follows: -.IP \(bu 3 +.IP \[bu] 3 Symbolic links used as filename arguments for system calls. -.IP \(bu +.IP \[bu] Symbolic links specified as command-line arguments to utilities that are not traversing a file tree. -.IP \(bu +.IP \[bu] Symbolic links encountered by utilities that are traversing a file tree (either specified on the command line or encountered as part of the file hierarchy walk). @@ -315,7 +315,7 @@ would change the ownership of itself. .PP There are some exceptions to this rule: -.IP \(bu 3 +.IP \[bu] 3 The .BR mv (1) and @@ -325,7 +325,7 @@ but respectively attempt to rename and delete them. (Note, if the symbolic link references a file via a relative path, moving it to another directory may very well cause it to stop working, since the path may no longer be correct.) -.IP \(bu +.IP \[bu] The .BR ls (1) command is also an exception to this rule. @@ -355,7 +355,7 @@ and .I \-L options affect its behavior even though it is not doing a walk of a file tree.) -.IP \(bu +.IP \[bu] The .BR file (1) command is also an exception to this rule. @@ -415,7 +415,7 @@ walk (where symbolic links that refer to directories are followed). .PP Certain conventions are (should be) followed as consistently as possible by commands that perform file tree walks: -.IP \(bu 3 +.IP \[bu] 3 A command can be made to follow any symbolic links named on the command line, regardless of the type of file they reference, by specifying the @@ -444,7 +444,7 @@ flag causes symbolic links specified on the command line to be dereferenced for the purposes of both the action to be performed and the tree walk, and it is as if the user had specified the name of the file to which the symbolic link pointed. -.IP \(bu +.IP \[bu] A command can be made to follow any symbolic links named on the command line, as well as any symbolic links encountered during the traversal, @@ -473,7 +473,7 @@ In addition, if any symbolic links are encountered in any file tree that .B chown traverses, they will be treated in the same fashion as .IR slink . -.IP \(bu +.IP \[bu] A command can be made to provide the default behavior by specifying the .I \-P @@ -504,7 +504,7 @@ The and .BR rm (1) commands have exceptions to these rules: -.IP \(bu 3 +.IP \[bu] 3 The .BR rm (1) command operates on the symbolic link, and not the file it references, @@ -517,7 +517,7 @@ command does not support the or .I \-P options. -.IP \(bu +.IP \[bu] To maintain compatibility with historic systems, the .BR ls (1) diff --git a/man7/time_namespaces.7 b/man7/time_namespaces.7 index 1316bff09..15ec3dbcd 100644 --- a/man7/time_namespaces.7 +++ b/man7/time_namespaces.7 @@ -8,7 +8,7 @@ time_namespaces \- overview of Linux time namespaces .SH DESCRIPTION Time namespaces virtualize the values of two system clocks: -.IP \(bu 3 +.IP \[bu] 3 .B CLOCK_MONOTONIC (and likewise .B CLOCK_MONOTONIC_COARSE @@ -16,7 +16,7 @@ and .BR CLOCK_MONOTONIC_RAW ), a nonsettable clock that represents monotonic time since\[em]as described by POSIX\[em]"some unspecified point in the past". -.IP \(bu +.IP \[bu] .B CLOCK_BOOTTIME (and likewise .BR CLOCK_BOOTTIME_ALARM ), @@ -147,11 +147,11 @@ An value is out of range. In particular; .RS -.IP \(bu 3 +.IP \[bu] 3 .I offset-secs can't be set to a value which would make the current time on the corresponding clock inside the namespace a negative value; and -.IP \(bu +.IP \[bu] .I offset-secs can't be set to a value such that the time on the corresponding clock inside the namespace would exceed half of the value of the kernel constant diff --git a/man7/unicode.7 b/man7/unicode.7 index e0e6ce7aa..5a358d5bb 100644 --- a/man7/unicode.7 +++ b/man7/unicode.7 @@ -195,7 +195,7 @@ Two other planes are reserved for private usage, plane 15 and plane 16 (Supplementary Private Use Area-B, range 0x100000 to 0x10fffd). .SS Literature -.IP \(bu 3 +.IP \[bu] 3 Information technology \[em] Universal Multiple-Octet Coded Character Set (UCS) \[em] Part 1: Architecture and Basic Multilingual Plane. International Standard ISO/IEC 10646-1, International Organization @@ -205,11 +205,11 @@ This is the official specification of UCS. Available from .UR http://www.iso.ch/ .UE . -.IP \(bu +.IP \[bu] The Unicode Standard, Version 3.0. The Unicode Consortium, Addison-Wesley, Reading, MA, 2000, ISBN 0-201-61633-5. -.IP \(bu +.IP \[bu] S.\& Harbison, G.\& Steele. C: A Reference Manual. Fourth edition, Prentice Hall, Englewood Cliffs, 1995, ISBN 0-13-326224-3. .IP @@ -219,19 +219,19 @@ edition covers the 1994 Amendment 1 to the ISO C90 standard, which adds a large number of new C library functions for handling wide and multibyte character encodings, but it does not yet cover ISO C99, which improved wide and multibyte character support even further. -.IP \(bu +.IP \[bu] Unicode Technical Reports. .RS .UR http://www.unicode.org\:/reports/ .UE .RE -.IP \(bu +.IP \[bu] Markus Kuhn: UTF-8 and Unicode FAQ for UNIX/Linux. .RS .UR http://www.cl.cam.ac.uk\:/\[ti]mgk25\:/unicode.html .UE .RE -.IP \(bu +.IP \[bu] Bruno Haible: Unicode HOWTO. .RS .UR http://www.tldp.org\:/HOWTO\:/Unicode\-HOWTO.html diff --git a/man7/unix.7 b/man7/unix.7 index d65ae000a..7c987fbd0 100644 --- a/man7/unix.7 +++ b/man7/unix.7 @@ -166,15 +166,15 @@ bytes of .SS Pathname sockets When binding a socket to a pathname, a few rules should be observed for maximum portability and ease of coding: -.IP \(bu 3 +.IP \[bu] 3 The pathname in .I sun_path should be null-terminated. -.IP \(bu +.IP \[bu] The length of the pathname, including the terminating null byte, should not exceed the size of .IR sun_path . -.IP \(bu +.IP \[bu] The .I addrlen argument that describes the enclosing diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7 index 6011829d9..6647b02bf 100644 --- a/man7/user_namespaces.7 +++ b/man7/user_namespaces.7 @@ -157,7 +157,7 @@ its original user namespace. .PP The rules for determining whether or not a process has a capability in a particular user namespace are as follows: -.IP \(bu 3 +.IP \[bu] 3 A process has a capability inside a user namespace if it is a member of that namespace and it has the capability in its effective capability set. @@ -173,11 +173,11 @@ or .BR setns (2), as already described. .\" In the 3.8 sources, see security/commoncap.c::cap_capable(): -.IP \(bu +.IP \[bu] If a process has a capability in a user namespace, then it has that capability in all child (and further removed descendant) namespaces as well. -.IP \(bu +.IP \[bu] .\" * The owner of the user namespace in the parent of the .\" * user namespace has all caps. When a user namespace is created, the kernel records the effective @@ -234,29 +234,29 @@ and mount the following types of filesystems: .PP .RS 4 .PD 0 -.IP \(bu 3 +.IP \[bu] 3 .I /proc (since Linux 3.8) -.IP \(bu +.IP \[bu] .I /sys (since Linux 3.8) -.IP \(bu +.IP \[bu] .I devpts (since Linux 3.9) -.IP \(bu +.IP \[bu] .BR tmpfs (5) (since Linux 3.9) -.IP \(bu +.IP \[bu] .I ramfs (since Linux 3.9) -.IP \(bu +.IP \[bu] .I mqueue (since Linux 3.9) -.IP \(bu +.IP \[bu] .I bpf .\" commit b2197755b2633e164a439682fb05a9b5ea48f706 (since Linux 4.4) -.IP \(bu +.IP \[bu] .I overlayfs .\" commit 92dbc9dedccb9759c7f9f2f0ae6242396376988f .\" commit 4cb2c00c43b3fe88b32f29df4f76da1b92c33224 @@ -499,12 +499,12 @@ The lines written to .I uid_map .RI ( gid_map ) must conform to the following validity rules: -.IP \(bu 3 +.IP \[bu] 3 The three fields must be valid numbers, and the last field must be greater than 0. -.IP \(bu +.IP \[bu] Lines are terminated by newline characters. -.IP \(bu +.IP \[bu] There is a limit on the number of lines in the file. In Linux 4.14 and earlier, this limit was (arbitrarily) .\" 5*12-byte records could fit in a 64B cache line @@ -519,7 +519,7 @@ and the write must be performed at the start of the file (i.e., and .BR pwrite (2) can't be used to write to nonzero offsets in the file). -.IP \(bu +.IP \[bu] The range of user IDs (group IDs) specified in each line cannot overlap with the ranges in any other lines. @@ -532,7 +532,7 @@ which prevented some otherwise valid maps from being created. Linux 3.9 and later .\" commit 0bd14b4fd72afd5df41e9fd59f356740f22fceba fix this limitation, allowing any valid set of nonoverlapping maps. -.IP \(bu +.IP \[bu] At least one line must be written to the file. .PP Writes that violate the above rules fail with the error @@ -542,21 +542,21 @@ In order for a process to write to the .IR /proc/ pid /uid_map .RI ( /proc/ pid /gid_map ) file, all of the following permission requirements must be met: -.IP \(bu 3 +.IP \[bu] 3 The writing process must have the .B CAP_SETUID .RB ( CAP_SETGID ) capability in the user namespace of the process .IR pid . -.IP \(bu +.IP \[bu] The writing process must either be in the user namespace of the process .I pid or be in the parent user namespace of the process .IR pid . -.IP \(bu +.IP \[bu] The mapped user IDs (group IDs) must in turn have a mapping in the parent user namespace. -.IP \(bu +.IP \[bu] If updating .IR /proc/ pid /uid_map to create a mapping that maps UID 0 in the parent namespace, @@ -598,7 +598,7 @@ capability, it could create a binary with namespaced file capabilities that would then be effective in the parent user namespace (because the root user IDs are the same in the two namespaces). .RE -.IP \(bu +.IP \[bu] One of the following two cases applies: .RS .IP (a) 5 @@ -610,7 +610,7 @@ capability in the .I parent user namespace. .RS -.IP \(bu 3 +.IP \[bu] 3 No further restrictions apply: the process can make mappings to arbitrary user IDs (group IDs) in the parent user namespace. @@ -619,7 +619,7 @@ in the parent user namespace. .I Or otherwise all of the following restrictions apply: .RS -.IP \(bu 3 +.IP \[bu] 3 The data written to .I uid_map .RI ( gid_map ) @@ -627,10 +627,10 @@ must consist of a single line that maps the writing process's effective user ID (group ID) in the parent user namespace to a user ID (group ID) in the user namespace. -.IP \(bu +.IP \[bu] The writing process must have the same effective user ID as the process that created the user namespace. -.IP \(bu +.IP \[bu] In the case of .IR gid_map , use of the @@ -675,12 +675,12 @@ to fail with the error The permission rules for writing to the .IR /proc/ pid /projid_map file are as follows: -.IP \(bu 3 +.IP \[bu] 3 The writing process must either be in the user namespace of the process .I pid or be in the parent user namespace of the process .IR pid . -.IP \(bu +.IP \[bu] The mapped project IDs must in turn have a mapping in the parent user namespace. .PP @@ -965,9 +965,9 @@ Within a user namespace, these capabilities allow a process to bypass the rules if the process has the relevant capability over the file, meaning that: -.IP \(bu 3 +.IP \[bu] 3 the process has the relevant effective capability in its user namespace; and -.IP \(bu +.IP \[bu] the file's user ID and group ID both have valid mappings in the user namespace. .PP diff --git a/man8/ld.so.8 b/man8/ld.so.8 index 05f66ae3d..1c9a13f56 100644 --- a/man8/ld.so.8 +++ b/man8/ld.so.8 @@ -102,13 +102,13 @@ linker option, this step is skipped. .\" .SS Dynamic string tokens In several places, the dynamic linker expands dynamic string tokens: -.IP \(bu 3 +.IP \[bu] 3 In the environment variables .BR LD_LIBRARY_PATH , .BR LD_PRELOAD , and .BR LD_AUDIT , -.IP \(bu +.IP \[bu] inside the values of the dynamic section tags .BR DT_NEEDED , .BR DT_RPATH , @@ -117,7 +117,7 @@ inside the values of the dynamic section tags and .B DT_DEPAUDIT of ELF binaries, -.IP \(bu +.IP \[bu] in the arguments to the .B ld.so command line options @@ -126,7 +126,7 @@ command line options and .B \-\-preload (see below), and -.IP \(bu +.IP \[bu] in the filename arguments to the .BR dlopen (3) and @@ -296,15 +296,15 @@ entry in the auxiliary vector (see .BR getauxval (3)) has a nonzero value. This entry may have a nonzero value for various reasons, including: -.IP \(bu 3 +.IP \[bu] 3 The process's real and effective user IDs differ, or the real and effective group IDs differ. This typically occurs as a result of executing a set-user-ID or set-group-ID program. -.IP \(bu +.IP \[bu] A process with a non-root user ID executed a binary that conferred capabilities to the process. -.IP \(bu +.IP \[bu] A nonzero value may have been set by a Linux Security Module. .\" .SS Environment variables |