1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
|
==================== Changes in man-pages-4.07 ====================
Released: ????-??-??, Ulm
Contributors
------------
The following people contributed patches/fixes or (noted in brackets
in the changelog below) reports, notes, and ideas that have been
incorporated in changes in this release:
Alec Leamas <leamas.alec@gmail.com>
Andrey Vagin <avagin@openvz.org>
Andy Lutomirski <luto@amacapital.net>
Carsten Grohmann <carstengrohmann@gmx.de>
Chris Gassib <position0x45@hotmail.com>
Christoph Hellwig <hch@lst.de>
Darren Hart <dvhart@infradead.org>
Darrick J. Wong <darrick.wong@oracle.com>
Élie Bouttier <elie@bouttier.eu>
Eric Biggers <ebiggers3@gmail.com>
Eric W. Biederman <ebiederm@xmission.com>
Florian Weimer <fweimer@redhat.com>
Håkon Sandsmark <hsandsma@cisco.com>
Iustin Pop <iustin@k1024.org>
Jacob Willoughby <jacob@spacemonkey.com>
Jakub Wilk <jwilk@jwilk.net>
James H Cownie <james.h.cownie@intel.com>
Jann Horn <jann@thejh.net>
John Wiersba <jrw32982@yahoo.com>
Jörn Engel <joern@purestorage.com>
Josh Triplett <josh@kernel.org>
Kai Mäkisara <kai.makisara@kolumbus.fi>
Kees Cook <keescook@chromium.org>
Keno Fischer <keno@juliacomputing.com>
Li Peng <lip@dtdream.com>
Marko Kevac <marko@kevac.org>
Marko Myllynen <myllynen@redhat.com>
Michael Kerrisk <mtk.manpages@gmail.com>
Michał Zegan <webczat_200@poczta.onet.pl>
Miklos Szeredi <mszeredi@redhat.com>
Mitch Walker <mitch@gearnine.com>
Neven Sajko <nsajko@gmail.com>
Nikos Mavrogiannopoulos <nmav@redhat.com>
Omar Sandoval <osandov@fb.com>
Ori Avtalion <ori@avtalion.name>
Rahul Bedarkar <rahulbedarkar89@gmail.com>
Robin Kuzmin <kuzmin.robin@gmail.com>
Rob Landley <rob@landley.net>
Shawn Landden <shawn@churchofgit.com>
Stefan Puiu <stefan.puiu@gmail.com>
Stephen Smalley <sds@tycho.nsa.gov>
Szabolcs Nagy <szabolcs.nagy@arm.com>
Thomas Gleixner <tglx@linutronix.de>
Tobias Stoeckmann <tobias@stoeckmann.org>
Tom Callaway <tcallawa@redhat.com>
Tom Gundersen <teg@jklm.no>
Vince Weaver <vincent.weaver@maine.edu>
W. Trevor King <wking@tremily.us>
"Yuming Ma(马玉明)" <mayuming@le.com>
Apologies if I missed anyone!
New and rewritten pages
-----------------------
ioctl_fideduperange.2
Darrick J. Wong [Christoph Hellwig, Michael Kerrisk]
New page documenting the FIDEDUPERANGE ioctl
Document the FIDEDUPERANGE ioctl, formerly known as
BTRFS_IOC_EXTENT_SAME.
ioctl_ficlonerange.2
Darrick J. Wong [Christoph Hellwig, Michael Kerrisk]
New page documenting FICLONE and FICLONERANGE ioctls
Document the FICLONE and FICLONERANGE ioctls, formerly known as
the BTRFS_IOC_CLONE and BTRFS_IOC_CLONE_RANGE ioctls.
nextup.3
Michael Kerrisk
New page documenting nextup(), nextdown(), and related functions
mount_namespaces.7
Michael Kerrisk [Michael Kerrisk]
New page describing mount namespaces
Newly documented interfaces in existing pages
---------------------------------------------
mount.2
Michael Kerrisk
Document flags used to set propagation type
Document MS_SHARED, MS_PRIVATE, MS_SLAVE, and MS_UNBINDABLE.
Michael Kerrisk
Document the MS_REC flag
ptrace.2
Michael Kerrisk [Kees Cook, Jann Horn, Eric W. Biederman, Stephen Smalley]
Document ptrace access modes
proc.5
Michael Kerrisk
Document /proc/[pid]/timerslack_ns
Michael Kerrisk
Document /proc/PID/status 'Ngid' field
Michael Kerrisk
Document /proc/PID/status fields: 'NStgid', 'NSpid', 'NSpgid', 'NSsid'
Michael Kerrisk
Document /proc/PID/status 'Umask' field
New and changed links
---------------------
nextdown.3
nextdownf.3
nextdownl.3
nextupf.3
nextupl.3
Michael Kerrisk
New links to nextup(3)
Changes to individual pages
---------------------------
ldd.1
Michael Kerrisk
Add a little more detail on why ldd is unsafe with untrusted executables
Michael Kerrisk
Add more detail on the output of ldd
localedef.1
Marko Myllynen
Drop --old-style description
The glibc upstream decided to drop localedef(1) --old-style
option [1] altogether, I think we can do the same with
localedef(1), the option hasn't done anything in over 16
years and I doubt anyone uses it.
add_key.2
Mitch Walker
Empty payloads are not allowed in user-defined keys
chroot.2
Michael Kerrisk
SEE ALSO: add pivot_root(2)
clone.2
Michael Kerrisk
Add reference to mount_namespaces(7) under CLONE_NEWNS description
fork.2
Michael Kerrisk
Add ENOMEM error for PID namespace where "init" has died
futex.2
Michael Kerrisk
Correct an ENOSYS error description
Since Linux 4.5, FUTEX_CLOCK_REALTIME is allowed with FUTEX_WAIT.
Michael Kerrisk [Darren Hart]
Remove crufty text about FUTEX_WAIT_BITSET interpretation of timeout
Since Linux 4.5, FUTEX_WAIT also understands
FUTEX_CLOCK_REALTIME.
Michael Kerrisk [Thomas Gleixner]
Explain how to get equivalent of FUTEX_WAIT with an absolute timeout
Michael Kerrisk
Describe FUTEX_BITSET_MATCH_ANY
Describe FUTEX_BITSET_MATCH_ANY and FUTEX_WAIT and FUTEX_WAKE
equivalences.
Michael Kerrisk
Note that at least one bit must be set in mask for BITSET operations
At least one bit must be set in the 'val3' mask supplied for the
FUTEX_WAIT_BITSET and FUTEX_WAKE_BITSET operations.
Michael Kerrisk [Thomas Gleixner, Darren Hart]
Fix descriptions of various timeouts
Michael Kerrisk
Clarify clock default and choices for FUTEX_WAIT
getitimer.2
Michael Kerrisk
Substantial rewrites to various parts of the page
Michael Kerrisk [Tom Callaway]
Change license to note that page may be modified
The page as originally written carried text that said the page may
be freely distributed but made no statement about modification.
In the 20+ years since it was first written, the page has in fact
seen repeated, sometimes substantial, modifications, and only a
small portion of the original text remains. One could I suppose
rewrite the last few pieces that remain from the original,
but as the largest contributor to the pages existing text,
I'm just going to relicense it to explicitly note that
modification is permitted. (I presume the failure by the
original author to grant permission to modify was simply an
oversight; certainly, the large number of people who have
changed the page have taken that to be the case.)
See also https://bugzilla.kernel.org/show_bug.cgi?id=118311
get_mempolicy.2
Michael Kerrisk [Jörn Engel]
Correct rounding to 'maxnodes' (bits, not bytes)
Michael Kerrisk [Jörn Engel]
Fix prototype for get_mempolicy()
In numaif.h, 'addr' is typed as 'void *'
getpriority.2
Michael Kerrisk
Make discussion of RLIMIT_NICE more prominent
The discussion of RLIMIT_NICE was hidden under the EPERM error,
where it was difficult to find. Place some relevant text in
DESCRIPTION.
Michael Kerrisk
Note that getpriority()/setpriority deal with same attribute as nice(2)
Michael Kerrisk [Robin Kuzmin]
Clarify equivalence between lower nice value and higher priority
get_robust_list.2
Michael Kerrisk
get_robust_list() is governed by PTRACE_MODE_READ_REALCREDS
ioctl.2
Michael Kerrisk
SEE ALSO: add ioctl_fideduperange(2) and ioctl_ficlonerange(2)
kcmp.2
Michael Kerrisk
kcmp() is governed by PTRACE_MODE_READ_REALCREDS
Shawn Landden
Note about SECURITY_YAMA
kill.2
Michael Kerrisk [John Wiersba]
Clarify the meaning if sig==0
lookup_dcookie.2
Michael Kerrisk
SEE ALSO: add oprofile(1)
mmap.2
Michael Kerrisk [Rahul Bedarkar]
EXAMPLE: for completeness, add munmap() and close() calls
mount.2
Michael Kerrisk
Restructure discussion of 'mountflags' into functional groups
The existing text makes no differentiation between different
"classes" of mount flags. However, certain flags such as
MS_REMOUNT, MS_BIND, MS_MOVE, etc. determine the general
type of operation that mount() performs. Furthermore, the
choice of which class of operation to perform is performed in
a certain order, and that order is significant if multiple
flags are specified. Restructure and extend the text to
reflect these details.
Michael Kerrisk
Relocate text on multimounting and mount stacking to NOTES
The text was somewhat out of place in its previous location;
NOTES is a better location.
Michael Kerrisk
Remove version numbers attached to flags that are modifiable on remount
This information was simply bogus. Mea culpa.
Michael Kerrisk
Refer reader to mount_namespaces(7) for details on propagation types
Michael Kerrisk
SEE ALSO: s/namespaces(7)/mount_namespaces(7)/
Omar Sandoval
MS_BIND still ignores mountflags
This is clear from the do_mount() function in the kernel as of v4.6.
Michael Kerrisk
Note the default treatment of ATIME flags during MS_REMOUNT
The behavior changed in Linux 3.17.
Michael Kerrisk
Clarify that MS_MOVE ignores remaining bits in 'mountflags'
Michael Kerrisk
Note kernel version that added MS_MOVE
Michael Kerrisk
MS_NOSUID also disables file capabilities
Michael Kerrisk
Relocate/demote/rework text on MS_MGC_VAL
The use of this constant has not been needed for 15 years now.
Michael Kerrisk
Clarify that 'source' and 'target' are pathnames, and can refer to files
Michael Kerrisk
Update example list of filesystem types
Put more modern examples in; remove many older examples.
Michael Kerrisk
MS_LAZYTIME and MS_RELATIME can be changed on remount
Michael Kerrisk
Explicitly note that MS_DIRSYNC setting cannot be changed on remount
Michael Kerrisk
Move text describing 'data' argument higher up in page
In preparation for other reworking.
Michael Kerrisk
Since Linux 2.6.26, bind mounts can be made read-only
open.2
Eric Biggers
Refer to correct functions in description of O_TMPFILE
pciconfig_read.2
Michael Kerrisk [Tom Callaway]
Change license to note that page may be modified
Niki Rahimi, the author of this page, has agreed that it's okay
to change the license to note that the page can be modified.
See https://bugzilla.kernel.org/show_bug.cgi?id=118311
perf_event_open.2
Michael Kerrisk
If pid > 0, the operation is governed by PTRACE_MODE_READ_REALCREDS
Jann Horn
Document new perf_event_paranoid default
Keno Fischer [Vince Weaver]
Add a note that dyn_size is omitted if size == 0
The perf_output_sample_ustack in kernel/events/core.c only writes
a single 64 bit word if it can't dump the user registers. From the
current version of the man page, I would have expected two 64 bit
words (one for size, one for dyn_size). Change the man page to
make this behavior explicit.
prctl.2
Michael Kerrisk
Some wording improvements in timer slack description
Michael Kerrisk
Refer reader to discussion of /proc/[pid]/timerslack_ns
Under discussion of PR_SET_TIMERSLACK, refer the reader to
the /proc/[pid]/timerslack_ns file, documented in proc(5).
preadv2.2
Michael Kerrisk
New link to readv(2)
This link should have been added in the previous release...
process_vm_readv.2
Michael Kerrisk
Rephrase permission rules in terms of a ptrace access mode check
ptrace.2
Michael Kerrisk [Jann Horn]
Update Yama ptrace_scope documentation
Reframe the discussion in terms of PTRACE_MODE_ATTACH checks,
and make a few other minor tweaks and additions.
Michael Kerrisk, Jann Horn
Note that user namespaces can be used to bypass Yama protections
Michael Kerrisk
Note that PTRACE_SEIZE is subject to a ptrace access mode check
Michael Kerrisk
Rephrase PTRACE_ATTACH permissions in terms of ptrace access mode check
pwritev2.2
Michael Kerrisk
New link to readv(2)
This link should have been added in the previous release...
quotactl.2
Michael Kerrisk [Jacob Willoughby]
'dqb_curspace' is in bytes, not blocks
This error appears to have been injected into glibc
when copying some headers from BSD.
See https://bugs.debian.org/825548
recv.2
Michael Kerrisk [Tom Gundersen]
With pending 0-length datagram read() and recv() with flags == 0 differ
setfsgid.2
setfsuid.2
Jann Horn [Michael Kerrisk]
Fix note about errors from the syscall wrapper
See sysdeps/unix/sysv/linux/i386/setfsuid.c in glibc-2.2.1.
(This code is not present in modern glibc anymore.)
Michael Kerrisk
Move glibc wrapper notes to "C library/kernel differences" subsection
sysinfo.2
Michael Kerrisk
Rewrite and update various pieces
umask.2
Michael Kerrisk
NOTES: Mention /proc/PID/status 'Umask' field
umount.2
Michael Kerrisk
SEE ALSO: add mount_namespaces(7)
unshare.2
Michael Kerrisk
Add reference to mount_namespaces(7) under CLONE_NEWNS description
utimensat.2
Michael Kerrisk [Rob Landley]
Note that the glibc wrapper disallows pathname==NULL
wait.2
Michael Kerrisk
Since Linux 4.7, __WALL is implied if child being ptraced
Michael Kerrisk
waitid() now (since Linux 4.7) also supports __WNOTHREAD/__WCLONE/__WALL
assert.3
Nikos Mavrogiannopoulos
Improved description
Removed text referring to text not being helpful to users. Provide
the error text instead to allow the reader to determine whether it
is helpful. Recommend against using NDEBUG for programs to
exhibit deterministic behavior. Moved description ahead of
recommendations.
Michael Kerrisk
Clarify details of message printed by assert()
fmax.3
fmin.3
Michael Kerrisk
SEE ALSO: add fdim(3)
getauxval.3
Cownie, James H
Correct AT_HWCAP result description
inet_pton.3
Stefan Puiu
Mention byte order
Come to think of it, this probably applies to IPv6 as well. Moving to
the paragraph before:
malloc_hook.3
Michael Kerrisk
glibc 2.24 removes __malloc_initialize_hook
memmem.3
Michael Kerrisk [Shawn Landden]
Note that memmem() is present on some other systems
mkdtemp.3
mktemp.3
Michael Kerrisk
SEE ALSO: add mktemp(1)
printf.3
Michael Kerrisk [Shawn Landden]
Note support in other C libraries for %m and %n
strcasecmp.3
Michael Kerrisk [Ori Avtalion]
Make details of strncasecmp() comparison clearer
strcat.3
Michael Kerrisk
Add a program that shows the performance characteristics of strcat()
In honor of Joel Spolksy's visit to Munich, let's start educating
Schlemiel The Painter.
strtoul.3
Michael Kerrisk
SEE ALSO: add a64l(3)
strxfrm.3
Michael Kerrisk [Florian Weimer]
Remove NOTES section
strxfrm() and strncpy() are not precisely equivalent in the
POSIX locale, so this NOTES section was not really correct.
See https://bugzilla.kernel.org/show_bug.cgi?id=104221
console_codes.4
console_ioctl.4
tty.4
vcs.4
charsets.7
Marko Myllynen
Remove console(4) references
0f9e647 removed the obsolete console(4) page but we still have few
references to it. The patch below removes them or converts to refs
to concole_ioctl(4) where appropriate.
console_ioctl.4
Michael Kerrisk [Chris Gassib]
The argument to KDGETMODE is an 'int'
lirc.4
Alec Leamas
Update after upstreamed lirc.h, bugfixes.
st.4
Kai Mäkisara
Fix description of read() when block is larger than request
Kai Mäkisara
Update MTMKPART for kernels >= 4.6
Update the description of the MTMKPART operation of MTIOCTOP to match
the changes in kernel version 4.6.
charmap.5
Marko Myllynen
Clarify keyword syntax
Updates charmap(5) to match the syntax all the glibc
charmap files are using currently.
elf.5
Michael Kerrisk
SEE ALSO: add readelf(1)
locale.5
Marko Myllynen
Document missing keywords, minor updates
Marko Myllynen
Clarify keyword syntax
Marko Myllynen
Adjust conformance
proc.5
namespaces.7
Michael Kerrisk
Move /proc/PID/mounts information to proc(5)
There was partial duplication, and some extra information
in namespaces(7). Move everything to proc(5).
proc.5
Michael Kerrisk
/proc/PID/fd/* are governed by PTRACE_MODE_READ_FSCREDS
Permission to dereference/readlink /proc/PID/fd/* symlinks is
governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Michael Kerrisk
/proc/PID/timerslack_ns is governed by PTRACE_MODE_ATTACH_FSCREDS
Permission to access /proc/PID/timerslack_ns is governed by
a PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.
Michael Kerrisk
Document /proc/PID/{maps,mem,pagemap} access mode checks
Permission to access /proc/PID/{maps,pagemap} is governed by a
PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Permission to access /proc/PID/mem is governed by a
PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.
Michael Kerrisk
Note /proc/PID/stat fields that are governed by PTRACE_MODE_READ_FSCREDS
Michael Kerrisk
/proc/PID/{cwd,exe,root} are governed by PTRACE_MODE_READ_FSCREDS
Permission to dereference/readlink /proc/PID/{cwd,exe,root} is
governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Michael Kerrisk
/proc/PID/io is governed by PTRACE_MODE_READ_FSCREDS
Permission to access /proc/PID/io is governed by
a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Michael Kerrisk
/proc/PID/{personality,stack,syscall} are governed by PTRACE_MODE_ATTACH_FSCREDS
Permission to access /proc/PID/{personality,stack,syscall} is
governed by a PTRACE_MODE_ATTACH_FSCREDS ptrace access mode check.
Michael Kerrisk
/proc/PID/{auxv,environ,wchan} are governed by PTRACE_MODE_READ_FSCREDS
Permission to access /proc/PID/{auxv,environ,wchan} is governed by
a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Michael Kerrisk
Move shared subtree /proc/PID/mountinfo fields to mount_namespaces(7)
Move information on shared subtree fields in /proc/PID/mountinfo
to mount_namespaces(7).
Michael Kerrisk ["Yuming Ma(马玉明)"]
Note that /proc/net is now virtualized per network namespace
Michael Kerrisk
Add references to mount_namespaces(7)
repertoiremap.5
Marko Myllynen
Clarify keyword syntax
utmp.5
Michael Kerrisk
SEE ALSO: add logname(1)
capabilities.7
Michael Kerrisk [Andy Lutomirski]
Note on SECURE_NO_CAP_AMBIENT_RAISE for capabilities-only environment
Michael Kerrisk
Add a detail on use of securebits
cgroup_namespaces.7
Michael Kerrisk
SEE ALSO: add namespaces(7)
cgroups.7
Michael Kerrisk
ERRORS: add mount(2) EBUSY error
cp1251.7
cp1252.7
iso_8859-1.7
iso_8859-15.7
iso_8859-5.7
koi8-r.7
koi8-u.7
Marko Myllynen
Add some charset references
Add some references to related charsets here and there.
credentials.7
Michael Kerrisk
SEE ALSO: add runuser(1)
SEE ALSO: add newgrp(1)
SEE ALSO: add sudo(8)
feature_test_macros.7
Michael Kerrisk
Emphasize that applications should not directly include <features.h>
man-pages.7
Michael Kerrisk
Clarify which sections man-pages provides man pages for
Michael Kerrisk [Josh Triplett]
Add a few more details on formatting conventions
Add some more details for Section 1 and 8 formatting.
Separate out formatting discussion into commands, functions,
and "general".
namespaces.7
Michael Kerrisk
/proc/PID/ns/* are governed by PTRACE_MODE_READ_FSCREDS
Permission to dereference/readlink /proc/PID/ns/* symlinks is
governed by a PTRACE_MODE_READ_FSCREDS ptrace access mode check.
Michael Kerrisk
Nowadays, file changes in /proc/PID/mounts are notified differently
Exceptional condition for select(), (E)POLLPRI for (e)poll
Michael Kerrisk
Remove /proc/PID/mountstats description
This is a duplicate of information in proc(5).
Michael Kerrisk
Refer to new mount_namespaces(7) for information on mount namespaces
netlink.7
Andrey Vagin
Describe netlink socket options
Michael Kerrisk
Rework version information
(No changes in technical details.)
pid_namespaces.7
Michael Kerrisk
SEE ALSO: add namespaces(7)
unix.7
Michael Kerrisk
Move discussion on pathname socket permissions to DESCRIPTION
Michael Kerrisk
Expand discussion of socket permissions
Michael Kerrisk
Fix statement about permissions needed to connect to a UNIX doain socket
Read permission is not required (verified by experiment).
Michael Kerrisk
Clarify ownership and permissions assigned during socket creation
Michael Kerrisk [Carsten Grohmann]
Update text on socket permissions on other systems
At least some of the modern BSDs seem to check for write
permission on a socket. (I tested OpenBSD 5.9.) On Solaris 10,
some light testing suggested that write permission is still
not checked on that system.
Michael Kerrisk
Note that umask / permissions have no effect for abstract sockets
W. Trevor King
Fix example code: 'ret' check after accept populates 'data_socket'
Michael Kerrisk
Move some abstract socket details to a separate subsection
Michael Kerrisk
Note that abstract sockets automatically disappear when FDs are closed
user_namespaces.7
Michael Kerrisk [Michał Zegan]
Clarify meaning of privilege in a user namespace
Having privilege in a user NS only allows privileged
operations on resources governed by that user NS. Many
privileged operations relate to resources that have no
association with any namespace type, and only processes
with privilege in the initial user NS can perform those
operations.
See https://bugzilla.kernel.org/show_bug.cgi?id=120671
Michael Kerrisk [Michał Zegan]
List the mount operations permitted by CAP_SYS_ADMIN
List the mount operations permitted by CAP_SYS_ADMIN in a
noninitial userns.
See https://bugzilla.kernel.org/show_bug.cgi?id=120671
Michael Kerrisk [Michał Zegan]
CAP_SYS_ADMIN allows mounting cgroup filesystems
See https://bugzilla.kernel.org/show_bug.cgi?id=120671
Michael Kerrisk
Clarify details of CAP_SYS_ADMIN and cgroup v1 mounts
With respect to cgroups version 1, CAP_SYS_ADMIN in the user
namespace allows only *named* hierarchies to be mounted (and
not hierarchies that have a controller).
Michael Kerrisk
Clarify CAP_SYS_ADMIN details for mounting FS_USERNS_MOUNT filesystems
Michael Kerrisk
Correct user namespace rules for mounting /proc
Michael Kerrisk
Describe a concrete example of capability checking
Add a concrete example of how the kernel checks capabilities in
an associated user namespace when a process attempts a privileged
operation.
Michael Kerrisk
Correct kernel version where XFS added support for user namespaces
Linux 3.12, not 3.11.
Michael Kerrisk
SEE ALSO: add ptrace(2)
SEE ALSO: add cgroup_namespaces(7)
utf-8.7:
Shawn Landden
Include RFC 3629 and clarify endianness which is left ambiguous
The endianness is suggested by the order the bytes are displayed,
but the text is ambiguous.
|
