1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
|
==================== Changes in man-pages-3.82 ====================
Released: ????-??-??, Paris
Eric W. Biederman <ebiederm@xmission.com>
Heinrich Schuchardt <xypron.glpk@gmx.de>
Jakub Wilk <ubanus@users.sf.net>
Jann Horn <jann@thejh.net>
Jason Vas Dias <jason.vas.dias@gmail.com>
Josh Triplett <josh@joshtriplett.org>
J William Piggott <elseifthen@gmx.com>
Kees Cook <keescook@chromium.org>
Konstantin Shemyak <konstantin@shemyak.com>
Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Matt Turner <mattst88@gmail.com>
Michael Kerrisk <mtk.manpages@gmail.com>
Michael Witten <mfwitten@gmail.com>
Mikael Pettersson <mikpelinux@gmail.com>
Namhyung Kim <namhyung@gmail.com>
Nicolas FRANCOIS <nicolas.francois@centraliens.net>
Paul E Condon <pecondon@mesanetworks.net>
Peter Adkins <peter.adkins@kernelpicnic.net>
Scot Doyle <lkml14@scotdoyle.com>
Shawn Landden <shawn@churchofgit.com>
Stéphane Aulery <saulery@free.fr>
Stephen Smalley <sds@tycho.nsa.gov>
Taisuke Yamada <tai@rakugaki.org>
Torvald Riegel <triegel@redhat.com>
Vincent Lefevre <vincent@vinc17.net>
<ygrex@ygrex.ru>
Yuri Kozlov <yuray@komyakino.ru>
Contributors
------------
The following people contributed patches/fixes or (noted in brackets
in the changelog below) reports, notes, and ideas that have been
incorporated in changes in this release:
Alban Crequy <alban.crequy@gmail.com>
Andy Lutomirski <luto@amacapital.net>
Bert Wesarg <bert.wesarg@googlemail.com>
Bill Pemberton <wfp5p@worldbroken.com>
Chris Delozier <c.s.delozier@gmail.com>
David Madore <david.madore@ens.fr>
Dmitry Deshevoy <mityada@gmail.com>
Eric W. Biederman <ebiederm@xmission.com>
Heinrich Schuchardt <xypron.glpk@gmx.de>
Jakub Wilk <ubanus@users.sf.net>
Jann Horn <jann@thejh.net>
Jason Vas Dias <jason.vas.dias@gmail.com>
Josh Triplett <josh@joshtriplett.org>
J William Piggott <elseifthen@gmx.com>
Kees Cook <keescook@chromium.org>
Konstantin Shemyak <konstantin@shemyak.com>
Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Matt Turner <mattst88@gmail.com>
Michael Kerrisk <mtk.manpages@gmail.com>
Michael Witten <mfwitten@gmail.com>
Mikael Pettersson <mikpelinux@gmail.com>
Namhyung Kim <namhyung@gmail.com>
Nicolas FRANCOIS <nicolas.francois@centraliens.net>
Paul E Condon <pecondon@mesanetworks.net>
Peter Adkins <peter.adkins@kernelpicnic.net>
Scot Doyle <lkml14@scotdoyle.com>
Shawn Landden <shawn@churchofgit.com>
Stéphane Aulery <saulery@free.fr>
Stephen Smalley <sds@tycho.nsa.gov>
Taisuke Yamada <tai@rakugaki.org>
Torvald Riegel <triegel@redhat.com>
Vincent Lefevre <vincent@vinc17.net>
<ygrex@ygrex.ru>
Yuri Kozlov <yuray@komyakino.ru>
Apologies if I missed anyone!
New and rewritten pages
-----------------------
nptl.7
Michael Kerrisk
New page with details of the NPTL POSIX threads implementation
Newly documented interfaces in existing pages
---------------------------------------------
user_namespaces.7
Eric W. Biederman [Michael Kerrisk]
Document /proc/[pid]/setgroups
Changes to individual pages
---------------------------
intro.1
Stéphane Aulery
Prompt is not % but $
Stéphane Aulery
Various improvements
- Add reference to other common shells dash(1), ksh(1)
- Add a reference to stdout(3)
- Separate cp and mv descriptions
- Add examples of special cases of cd
- Add su(1) and shutdown(8) references for section Logout
and poweroff
- Move Control-D to section Logout and poweroff
- Fix some little formatting errors
Stéphane Aulery
Add cross references cited
Stéphane Aulery
Order SEE ALSO section
clone.2
Josh Triplett
Document that clone() silently ignores CLONE_PID and CLONE_STOPPED
Normally, system calls return EINVAL for flags they don't support.
Explicitly document that clone does *not* produce an error for
these two obsolete flags.
Michael Kerrisk
Small rewording of explanation of clone() wrt threads
Clone has so many effects that it's an oversimplification to say
that the *main* use of clone is to create a thread. (In fact,
the use of clone() to create new processes may well be more
common, since glibc's fork() is a wrapper that calls clone().)
getgroups.2
Michael Kerrisk [Shawn Landden]
Add discussion of NPTL credential-changing mechanism
At the kernel level, credentials (UIDs and GIDs) are a per-thread
attribute. NPTL uses a signal-based mechanism to ensure that
when one thread changes its credentials, all other threads change
credentials to the same values. By this means, the NPTL
implementation conforms to the POSIX requirement that the threads
in a process share credentials.
Michael Kerrisk
ERRORS: add EPERM for the case where /proc/PID/setgroups is "deny"
Michael Kerrisk
Note capability associated with EPERM error for setgroups(2)
Michael Kerrisk
Refer reader to user_namespaces(7) for discussion of /proc/PID/setgroups
The discussion of /proc/PID/setgroups has moved from
proc(5) to user_namespaces(7).
getpid.2
Michael Kerrisk
Note that getppid() returns 0 if parent is in different PID namespace
getsockopt.2
Konstantin Shemyak
Note RETURN VALUE details when netfilter is involved
ioctl_list.2
Heinrich Schuchardt
SEE ALSO ioctl_fat.2
Add FAT_IOCTL_GET_VOLUME_ID
SEE ALSO ioctl_fat.2
Heinrich Schuchardt
include/linux/ext2_fs.h
Include linux/ext2_fs.h does not contain any ioctl definitions
anymore.
Request codes EXT2_IOC* have been replaced by FS_IOC* in
linux/fs.h.
Some definitions of FS_IOC_* use long* but the actual code expects
int* (see fs/ext2/ioctl.c).
msgop.2
Bill Pemberton
Remove EAGAIN as msgrcv() errno
The list of errnos for msgrcv() lists both EAGAIN and ENOMSG as
the errno for no message available with the IPC_NOWAIT flag.
ENOMSG is the errno that will be set.
Bill Pemberton
Add an example program
open.2
Michael Kerrisk [Jason Vas Dias]
Mention blocking semantics for FIFO opens
See https://bugzilla.kernel.org/show_bug.cgi?id=95191
seccomp.2
Jann Horn [Kees Cook, Mikael Pettersson, Andy Lutomirski]
Add note about alarm(2) not being sufficient to limit runtime
Jann Horn
Explain blacklisting problems, expand example
Michael Kerrisk [Kees Cook]
Add mention of libseccomp
setgid.2
Michael Kerrisk
Clarify that setgid() changes all GIDs when caller has CAP_SETGID
Michael Kerrisk [Shawn Landden]
Add discussion of NPTL credential-changing mechanism
At the kernel level, credentials (UIDs and GIDs) are a per-thread
attribute. NPTL uses a signal-based mechanism to ensure that
when one thread changes its credentials, all other threads change
credentials to the same values. By this means, the NPTL
implementation conforms to the POSIX requirement that the threads
in a process share credentials.
setresuid.2
Michael Kerrisk [Shawn Landden]
Add discussion of NPTL credential-changing mechanism
At the kernel level, credentials (UIDs and GIDs) are a per-thread
attribute. NPTL uses a signal-based mechanism to ensure that
when one thread changes its credentials, all other threads change
credentials to the same values. By this means, the NPTL
implementation conforms to the POSIX requirement that the threads
in a process share credentials.
setreuid.2
Michael Kerrisk [Shawn Landden]
Add discussion of NPTL credential-changing mechanism
At the kernel level, credentials (UIDs and GIDs) are a per-thread
attribute. NPTL uses a signal-based mechanism to ensure that
when one thread changes its credentials, all other threads change
credentials to the same values. By this means, the NPTL
implementation conforms to the POSIX requirement that the threads
in a process share credentials.
Michael Kerrisk
SEE ALSO: add credentials(7)
setuid.2
Michael Kerrisk
Clarify that setuid() changes all UIDs when caller has CAP_SETUID
Michael Kerrisk [Shawn Landden]
Add discussion of NPTL credential-changing mechanism
At the kernel level, credentials (UIDs and GIDs) are a per-thread
attribute. NPTL uses a signal-based mechanism to ensure that
when one thread changes its credentials, all other threads change
credentials to the same values. By this means, the NPTL
implementation conforms to the POSIX requirement that the threads
in a process share credentials.
sigaction.2
Michael Kerrisk
Add discussion of rt_sigaction(2)
Michael Kerrisk
Note treatment of signals used internally by NPTL
The glibc wrapper gives an EINVAL error on attempts to change the
disposition of either of the two real-time signals used by NPTL.
sigpending.2
Michael Kerrisk
Add discussion of rt_sigpending(2)
sigprocmask.2
Michael Kerrisk
Add discussion of rt_sigprocmask(2)
Michael Kerrisk
Note treatment of signals used internally by NPTL
The glibc wrapper silently ignores attempts to block the two
real-time signals used by NPTL.
sigreturn.2
Michael Kerrisk
Add discussion of rt_sigreturn(2)
sigsuspend.2
Michael Kerrisk
Add discussion of rt_sigsuspend(2)
sigwaitinfo.2
Michael Kerrisk
Note treatment of signals used internally by NPTL
The glibc wrappers silently ignore attempts to wait for
signals used by NPTL.
Michael Kerrisk
Add discussion of rt_sigtimedwait(2)
socket.2
Heinrich Schuchardt
SEE ALSO close(2)
The description mentions close(2). Hence it should also be
referenced in the SEE ALSO section.
syscall.2
Jann Horn
Add x32 ABI
umount.2
Eric W. Biederman
Document the effect of shared subtrees on umount(2)
Eric W. Biederman
Correct the description of MNT_DETACH
I recently realized that I had been reasoning improperly about
what umount(MNT_DETACH) did based on an insufficient description
in the umount.2 man page, that matched my intuition but not the
implementation.
When there are no submounts, MNT_DETACH is essentially harmless to
applications. Where there are submounts, MNT_DETACH changes what
is visible to applications using the detach directories.
Michael Kerrisk
Move "shared mount + umount" text to a subsection in NOTES
aio_return.3
Stéphane Aulery
Document the return value on error
Reported by Alexander Holler <holler@ahsoftware.de>
clock.3
Stéphane Aulery
CLOCKS_PER_SEC = 1000000 is required by XSI, not POSIX
Debian Bug #728213 reported by Tanaka Akira <akr@fsij.org>
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728213
dlopen.3
Michael Kerrisk
Amend error in description of dlclose() behavior
The current text says that unloading depends on whether
the reference count falls to zero *and no other libraries
are using symbols in this library*. That latter text has
been there since man-pages-1.29, but it seems rather dubious.
How could the implementation know whether other libraries
are still using symbols in this library? Furthermore, no
other implementation's man page mentions this point.
Seems best to drop this point.
Michael Kerrisk
Add some details for RTLD_DEFAULT
Michael Kerrisk
Add some details on RTLD_NEXT and preloading
Michael Kerrisk
RTLD_NEXT works for symbols generally, not just functions
The common use case is for functions, but RTLD_NEXT
also applies to variable symbols.
Michael Kerrisk
dlclose() recursively closes dependent libraries
Note that dlclose() recursively closes dependent libraries
that were loaded by dlopen()
Michael Kerrisk
Rename second dlopen() argument from "flag" to "flags"
This is more consistent with other such arguments
Michael Kerrisk
Reformat text on RTLD_DEFAULT and RTLD_NEXT
fmemopen.3
Ma Shimiao
ATTRIBUTES: Note functions that are thread-safe
The markings match glibc markings.
fpathconf.3
Ma Shimiao
ATTRIBUTES: Note functions that are thread-safe
The marking matches glibc marking.
fputwc.3
Ma Shimiao
ATTRIBUTES: Note functions that are thread-safe
The marking matches glibc marking.
fputws.3
Ma Shimiao
ATTRIBUTES: Note function that is thread-safe
The marking matches glibc marking.
fseek.3
Ma Shimiao
ATTRIBUTES: Note functions that are thread-safe
The markings match glibc markings.
fseeko.3
Ma Shimiao
ATTRIBUTES: Note functions that are thread-safe
The markings match glibc markings.
gcvt.3
Ma Shimiao
ATTRIBUTES: Note function that is thread-safe
The marking matches glibc marking.
getline.3
Ma Shimiao
ATTRIBUTES: Note functions that are thread-safe
The marking matches glibc marking.
getwchar.3
Ma Shimiao
ATTRIBUTES: Note function that is thread-safe
The marking matches glibc marking.
hypot.3
Ma Shimiao
ATTRIBUTES: Note functions that are thread-safe
The markings match glibc markings.
iconv_open.3
Ma Shimiao
ATTRIBUTES: Note function that is thread-safe
The marking matches glibc marking.
if_nameindex.3
Ma Shimiao
ATTRIBUTES: Note functions that are thread-safe
The markings match glibc markings.
initgroups.3
Ma Shimiao
ATTRIBUTES: Note function that is thread-safe
The markings match glibc markings.
mq_open.3
Torvald Riegel
Add EINVAL error case for invalid name
This behavior is implementation-defined by POSIX. If the name
doesn't start with a '/', glibc returns EINVAL without attempting
the syscall.
popen.3
Ma Shimiao
ATTRIBUTES: Note functions that are thread-safe
The marking matches glibc marking.
pthread_kill.3
Michael Kerrisk
Note treatment of signals used internally by NPTL
The glibc pthread_kill() function gives an error on attempts
to send either of the real-time signals used by NPTL.
pthread_sigmask.3
Michael Kerrisk
Note treatment of signals used internally by NPTL
The glibc implementation silently ignores attempts to block the two
real-time signals used by NPTL.
pthread_sigqueue.3
Michael Kerrisk
Note treatment of signals used internally by NPTL
The glibc pthread_sigqueue() function gives an error on attempts
to send either of the real-time signals used by NPTL.
resolver.3
Stéphane Aulery [Jakub Wilk]
Document missing options used by _res structure indicate defaults
Missing options: RES_INSECURE1, RES_INSECURE2, RES_NOALIASES,
USE_INET6, ROTATE, NOCHECKNAME, RES_KEEPTSIG, BLAST, USEBSTRING,
NOIP6DOTINT, USE_EDNS0, SNGLKUP, SNGLKUPREOP, RES_USE_DNSSEC,
NOTLDQUERY, DEFAULT
Written from the glibc source and resolv.conf.5.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527136
Stéphane Aulery
RES_IGNTC is implemented
rint.3
Matt Turner
Document that halfway cases are rounded to even
Per IEEE-754 rounding rules.
The round(3) page describes the behavior of rint and nearbyint
in the halfway cases by saying:
These functions round x to the nearest integer, but round
halfway cases away from zero [...], instead of to the
nearest even integer like rint(3)
sigqueue.3
Michael Kerrisk
NOTES: add "C library/kernel ABI differences" subheading
Michael Kerrisk
Clarify version info (mention rt_sigqueueinfo())
sigsetops.3
Michael Kerrisk
Note treatment of signals used internally by NPTL
The glibc sigfillset() function excludes the two real-time
signals used by NPTL.
sigwait.3
Michael Kerrisk
Note treatment of signals used internally by NPTL
The glibc sigwait() silently ignore attempts to wait for
signals used by NPTL.
strcoll.3
Ma Shimiao
ATTRIBUTES: Note function that is thread-safe
The markings match glibc markings.
strdup.3
Ma Shimiao
ATTRIBUTES: Note functions that are thread-safe
The marking matches glibc marking.
tzset.3
J William Piggott
Add 'std' quoting information
ulimit.3
Ma Shimiao
ATTRIBUTES: Note function that is thread-safe
The marking matches glibc marking.
wcstombs.3
Ma Shimiao
ATTRIBUTES: Note function that is thread-safe
The marking matches glibc marking.
wctob.3
Ma Shimiao
ATTRIBUTES: Note function that is thread-safe
The marking matches glibc marking.
xdr.3
Taisuke Yamada
Clarified incompatibility and correct usage of XDR API
See http://bugs.debian.org/628099
console_codes.4
Scot Doyle
Add Console Private CSI sequence 15
An undocumented escape sequence in drivers/tty/vt/vt.c brings the
previously accessed virtual terminal to the foreground.
mtk: Patch misattributed to Taisuke Yamada in Git commit
because of a muck up on my part.
Michael Kerrisk
Add kernel version number for CSI sequence 15
random.4
Michael Kerrisk
Fix permissions shown for the devices
These days, the devices are RW for everyone.
filesystems.5
Michael Kerrisk
Remove dubious claim about comparative performance of ext2
Perhaps it was the best filesystem performance-wise in
the 20th century, when that text was written. That probably
ceased to be true quite a long time ago, though.
Stéphane Aulery
Add cross references for ext filesystems
Stéphane Aulery
Specifies the scope of this list and its limits.
host.conf.5
hosts.5
resolv.conf.5
Stéphane Aulery [Paul E Condon]
Cross references of these pages.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298259
host.conf.5
Stéphane Aulery
Rework discussion of nospoof, spoofalert, spoof and RESOLV_SPOOF_CHECK
The keywords and environment variables "nospoof", "spoofalert",
"spoof" and RESOLV_SPOOF_CHECK were added to glibc 2.0.7 but
never implemented
Move descriptions to historical section and reorder it for clarity
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773443
hosts.5
Stéphane Aulery [Vincent Lefevre]
Mention 127.0.1.1 for FQDN and IPv6 examples
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=562890
proc.5
Taisuke Yamada
Document /proc/PID/status VmPin field
See https://bugs.launchpad.net/bugs/1071746
Michael Kerrisk
Document (the obsolete) /proc/PID/seccomp
Michael Kerrisk
Replace description of 'uid_map' with a reference to user_namespaces(7)
All of the information in proc(5) was also present in
user_namespaces(7), but the latter was more detailed
and up to date.
Taisuke Yamada
Fix SELinux /proc/pid/attr/current example
Since the /proc/pid/attr API was added to the kernel, there
have been a couple of changes to the SELinux handling of
/proc/pid/attr/current. Fix the SELinux /proc/pid/attr/current
example text to reflect these changes and note which kernel
versions first included the changes.
securetty.5
Stéphane Aulery [Nicolas FRANCOIS]
Note that the pam_securetty module also uses this file
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528015
This patch is a modified version of the one proposed without
parts specific to Debian.
boot.7
Michael Witten
Copy edit
While a lot of the changes are issues of presentation,
there are also issues of grammar and punctuation.
Michael Witten
Mention `systemd(1)' and its related `bootup(7)'
It's important that the reader receive contemporary information.
credentials.7
Michael Kerrisk
SEE ALSO: add pthreads(7)
Michael Kerrisk
Add reference to nptl(7)
feature_test_macros.7
Michael Kerrisk
Update discussion of _FORTIFY_SOURCE
Since the initial implementation a lot more checks were added.
Describe all the checks would be too verbose (and would soon
fall out of date as more checks are added). So instead, describe
the kinds of checks that are done more generally.
Also a few other minor edits to the text.
hier.7
Stéphane Aulery
First patch of a series to achieve compliance with FHS 2.3
Stéphane Aulery
SGML and XML directories are separated in FHS 2.3
Stéphane Aulery
Add missing directories defined by FHS 2.3
Stéphane Aulery
Identify which directories are optional
Stéphane Aulery
Document /initrd, /lost+found and /sys
Ubuntu Bug #70094 reported by Brian Beck
https://bugs.launchpad.net/ubuntu/+source/manpages/+bug/70094
Stéphane Aulery
Explain YP, which is not obvious
ipv6.7
Stéphane Aulery [David Madore]
SOL_IPV6 and other SOL_* options socket are not portable
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472447
man-pages.7
Michael Kerrisk [Bill Pemberton]
Add indent(1) command that produces desired formatting for example code
Stéphane Aulery
Improve description of sections in accordance with intro pages
packet.7
Michael Kerrisk
Rework description of fanout algorithms as list
Michael Kerrisk
Remove mention of needing UID 0 to create packet socket
The existing text makes no sense. The check is based
purely on a capability check. (Kernel function
net/packet/af_packet.c::packet_create()
Michael Kerrisk
Remove text about ancient glibc not defining SOL_PACKET
This was fixed in glibc 2.1.1, which is a long while ago.
And in any case, there is nothing special about this case;
it's just one of those times when glibc lags.
Michael Kerrisk
Rework description of 'sockaddr_ll' fields as a list
Michael Kerrisk
Various minor edits
pthreads.7
Michael Kerrisk
Add references to nptl(7)
raw.7
Michael Kerrisk
Rephrase "Linux 2.2" language to "Linux 2.2 or later"
The man page was written in the LInux 2.2 timeframe, and
some phrasing was not future-proof.
signal.7
Michael Kerrisk
Note when Linux added realtime signals
Michael Kerrisk
Correct the range of realtime signals
Michael Kerrisk
Summarize 2.2 system call changes that resulted from larger signal sets
Michael Kerrisk
SEE ALSO: add nptl(7)
tcp.7
Peter Adkins
Document removal of TCP_SYNQ_HSIZE
Looking over the man page for 'tcp' I came across a reference to
tuning the 'TCP_SYNQ_HSIZE' parameter when increasing
'tcp_max_syn_backlog' above 1024. However, this static sizing was
removed back in Linux 2.6.20 in favor of dynamic scaling - as
part of commit 72a3effaf633bcae9034b7e176bdbd78d64a71db.
user_namespaces.7
Eric W. Biederman
Update the documentation to reflect the fixes for negative groups
Files with access permissions such as rwx---rwx give fewer
permissions to their group then they do to everyone else. Which
means dropping groups with setgroups(0, NULL) actually grants a
process privileges.
The unprivileged setting of gid_map turned out not to be safe
after this change. Privileged setting of gid_map can be
interpreted as meaning yes it is ok to drop groups. [ Eric
additionally noted: Setting of gid_map with privilege has been
clarified to mean that dropping groups is ok. This allows
existing programs that set gid_map with privilege to work
without changes. That is, newgidmap(1) continues to work
unchanged.]
To prevent this problem and future problems, user namespaces were
changed in such a way as to guarantee a user can not obtain
credentials without privilege that they could not obtain without
the help of user namespaces.
This meant testing the effective user ID and not the filesystem
user ID, as setresuid(2) and setregid(2) allow setting any process
UID or GID (except the supplementary groups) to the effective ID.
Furthermore, to preserve in some form the useful applications
that have been setting gid_map without privilege, the file
/proc/[pid]/setgroups was added to allow disabling setgroups(2).
With setgroups(2) permanently disabled in a user namespace, it
again becomes safe to allow writes to gid_map without privilege.
Michael Kerrisk
Rework some text describing permission rules for updating map files
No (intentional) change to the facts, but this restructuring
should make the meaning easier to grasp.
Michael Kerrisk
Update kernel version associated with 5-line limit for map files
As at Linux 3.18, the limit is still five lines, so mention the
more recent kernel version in the text.
Michael Kerrisk [Alban Crequy]
Handle /proc/PID/setgroups in the example program
Michael Kerrisk
Rework text describing restrictions on updating /proc/PID/setgroups
No (intentional) changes to factual description, but the
restructured text is hopefully easier to grasp.
Michael Kerrisk
Explain why the /proc/PID/setgroups file was added
ldconfig.8
Michael Kerrisk
Note use of /lib64 and /usr/lib64 on some 64-bit architectures
ld.so.8
Michael Kerrisk
Note the use of /lib64 and /usr/lib64 on some 64-bit architectures
|
