The kernel imposes various restrictions on the changes that can be
made to the inheritable, ambient, and bounding sets. Warn the user
about that.
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
Source is current git content.
Output is from: test-groff -b -e -mandoc -T utf8 -rF0 -t -w w -z
[ "test-groff" is a developmental version of "groff" ]
Input file is ././disk-utils/sfdisk.8
troff: backtrace: file '<./disk-utils/sfdisk.8>':67
troff: <./disk-utils/sfdisk.8>:67: warning: trailing space
Input file is ././misc-utils/kill.1
troff: backtrace: '/home/bg/git/groff/build/s-tmac/an-ext.tmac':133: macro 'EE'
troff: backtrace: file '<./misc-utils/kill.1>':167
troff: <./misc-utils/kill.1>:167: warning: macro 'mF' not defined
troff: backtrace: '/home/bg/git/groff/build/s-tmac/an-ext.tmac':134: macro 'EE'
troff: backtrace: file '<./misc-utils/kill.1>':167
troff: <./misc-utils/kill.1>:167: warning: number register 'mE' not defined
troff: backtrace: '/home/bg/git/groff/build/s-tmac/an-ext.tmac':134: macro 'EE'
troff: backtrace: file '<./misc-utils/kill.1>':167
troff: <./misc-utils/kill.1>:167: warning: bad font number
troff: backtrace: '/home/bg/git/groff/build/s-tmac/an-ext.tmac':135: macro 'EE'
troff: backtrace: file '<./misc-utils/kill.1>':167
troff: <./misc-utils/kill.1>:167: warning: number register 'sP' not defined
troff: backtrace: '/home/bg/git/groff/build/s-tmac/an-ext.tmac':134: macro 'EE'
troff: backtrace: file '<./misc-utils/kill.1>':170
troff: <./misc-utils/kill.1>:170: warning: bad font number
Input file is ././sys-utils/ipcs.1
<./sys-utils/ipcs.1>:103 (macro BR): only 1 argument, but more are expected
Input file is ././sys-utils/mount.8
<./sys-utils/mount.8>:68 (macro RB): only 1 argument, but more are expected
troff: backtrace: '/home/bg/git/groff/build/s-tmac/an-old.tmac':467: macro 'RB'
troff: backtrace: file '<./sys-utils/mount.8>':68
troff: <./sys-utils/mount.8>:68: warning [p 1, 3.5i]: can't break line
an-old.tmac: <./sys-utils/mount.8>:201 (.RE): warning: extra .RE or .RS is missing before it; "an-RS-open" is 0.
<./sys-utils/mount.8>:453 (macro BR): only 1 argument, but more are expected
<./sys-utils/mount.8>:500 (macro BR): only 1 argument, but more are expected
<./sys-utils/mount.8>:1050 (macro BR): only 1 argument, but more are expected
Input file is ././sys-utils/setpriv.1
<./sys-utils/setpriv.1>:17 (macro BR): only 1 argument, but more are expected
<./sys-utils/setpriv.1>:154 (macro BR): only 1 argument, but more are expected
<./sys-utils/setpriv.1>:166 (macro BR): only 1 argument, but more are expected
Input file is ././sys-utils/umount.8
<./sys-utils/umount.8>:145 (macro IR): only 1 argument, but more are expected
Input file is ././sys-utils/unshare.1
<./sys-utils/unshare.1>:266 (macro BR): only 1 argument, but more are expected
[kzak@redhat.com: - add .RS to fix extra .RE in mount.8]
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Karel Zak <kzak@redhat.com>
Earlier, I patched various pages to consistently use EXAMPLE as a
section heading, rather than EXAMPLES. (At that time, both headings
occurred in util-linux, with roughly equal frequency.)
Since then, I've observed that EXAMPLES is the more common usage
across a large corpus of manual pages. So, in Linux the man-pages
project, I switched to using EXAMPLES also. This patch makes the same
change for util-linux.
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
There is value in ensuring that manual page sections use consistently
named sections, as far as possible, and also that sections have a
consistent order within manual pages. This is one of a series of patches
to place manual page sections in a consistent order.
In this patch, we ensure that the AUTHORS, COPYRIGHT, SEE ALSO, and
AVAILABILITY sections are always placed at the end of the page.
Testing that no gross editing mistake (causing accidental loss or addition
of text) was performed as follows:
$ cat $(grep '\.SH' -l $(find . -name '*.[1-9]') |sort) | sort > a
[Apply patch]
$ cat $(grep '\.SH' -l $(find . -name '*.[1-9]') |sort) | sort > b
$ diff a b
$ echo $?
0
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
The manual pages currently use a multitude of terms--"exit code",
"error code", "return code", "exit code", and so on--when what
is always meant is "exit status" (the POSIX term). This patch fixes
as many of these erroneous terms as I could find.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
There is quite some value (in terms of readability and user
expectations) if consistent names are used for the sections
within manual pages. This patch is one of a series to bring
about this consistency.
Currently we have OPTIONS (many) or OPTION (1 page, setpriv(1),
which actually supports multiple options!).
Let's standardize on OPTIONS (which is also what is
suggested in man-pages(7)).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
There is quite some value (in terms of readability and user
expectations) if consistent names are used for the sections
within manual pages. This patch is one of a series to bring
about this consistency.
In the Linux man-pages project, I long ago did away with the
AUTHOR(S) section, but I realize some projects like to keep this.
But, let's make sure that the section is consistently titled
across pages. Currently we have AUTHOR (47) or AUTHORS (41).
Let's standardize on the latter (which is also what is
suggested in man-pages(7)).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Change a HYPHEN-MINUS (code 0x55, 2D) to a minus (\-), if in front of
1) a name of an option
2) a negative number to be printed.
See man-pages(7) [Debian package "manpages"].
The output from "nroff" is unchanged.
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Two-fonts macros are made for two or more arguments.
Remove space at end of lines in the files "term-utils/{script.1,
scriptlive.1, scriptreplay.1}".
Put "\-\-summary" to the correct indent in the file
"term-utils/script.1"
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Clear environment in way like su(1), but PATH is set to hard-coded
defaults and /etc/login.defs is not used at all (I guess we want to
keep setpriv(1) simple).
If you need anything more advanced than use env(1).
Addresses: https://github.com/karelzak/util-linux/issues/325
Signed-off-by: Karel Zak <kzak@redhat.com>
Use the correct macro (I, B) for the font change of one argument, not
those that are used for alternating two fonts, like "BR", "IR", "RB",
or "RI".
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
When a process uses the syscall `prctl(PR_SET_PDEATHSIG, ...)`, it will
get notified with a process-defined signal as soon as its parent process
dies. This is for example being used by unshare(1)'s recently added
"--kill-child" option, causing the forked child to be killed as soon as
unshare itself dies.
Unfortunately, some LSMs will cause the parent death signal to be reset
when a process changes credentials, with the most important ones being
SELinux and AppArmor. The following command will thus not work as
expected:
unshare --fork --kill-child setpriv --reuid user <executable>
As soon as setpriv changes UID, the parent death signal is cleared and
the child will never get signalled when unshare gets killed.
Add a new option "--pdeathsig keep|clear|<signal>". Setting this flag
will cause us to either
- restore the previously active parent death signal as soon as the
setpriv has applied all credential changes
- clear the parent death signal
- set the parent death signal to "<signal>"
Furthermore, print out the currently set signal when dumping process
state.
[kzak@redhat.com: - small changes in codding style]
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Karel Zak <kzak@redhat.com>
The example given in the man page didn't work. Judging by commit
db663995bd, --inh-caps= used to be called
--caps= but the man page was not updated after the change was made.
Since commit fbd15c4d4 (setpriv: support setting unnamed capabilities,
2017-07-17), it is possible to name capabilities not only by name, but
also by their index. While using the human-readable name is usually
recommended, using the index may be required in case new capabilities
have been introduced to the kernel for which we have no name yet. The
newly introduce format format is not documented inside of setpriv(1),
though, which is being fixed in this commit.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Right now, we do not support modifying the set of ambient capabilities,
which has been introduced quite recently with Linux 4.3. As libcap-ng
does not yet provide any ability to modify this set, we do have to roll
our own support via `prctl`, which is now easy to do due to the
indirections introduced in the preceding commits. We add a new command
line argument "--ambient-caps", which uses the same syntax as both
"--inh-caps" and "--bounding-set" to specify either adding or dropping
capabilities.
This commit also adjusts documentation to mention the newly introduced
ability to modify the ambient capability set.
Based on a patch by Andy Lutomirski.
Reviewed-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Use consistent terminology for set-user-ID and set-group-ID bits.
There's much inconsistency in the pages. "suid",
"set-user-identifier", "setuid". Stick with one terminology,
"set-user-ID" and set-grout-ID, as suggested in man-pages(7).
Signed-off-by: <mtk.man-pages@gmail.com>
This patch does only the following:
* Order SEE ALSO entries first by section name, then alphabetically
within section
* Adds one or two missing commas in SEE ALSO lists
* Removes one or two periods that were (inconsistently) used
at the end of SEE ALSO lists.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
.. and add notes about differences between the utuils.
Reported-by: Lennart Poettering <lennart@poettering.net>
Signed-off-by: Karel Zak <kzak@redhat.com>
Mainly more option sorting, some formatting adjustments, and the adding
of a missing --version here and there.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
Also, for renice, adapt the descriptions to the behaviour: the -g,
-p and -u options do not actually need to be followed by any ID.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
The standard format is to seperate each entry with a comma, and
for each one to be on a line by itself. Most util-linux pages
follow this, but a few do not.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
This new command can set no_new_privs, uid, gid, groups, securebits,
inheritable caps, the cap bounding set, securebits, and selinux and
apparmor labels.
[kerolasa@iki.fi: a lot of small adjustment making the command to be good
fit to util-linux project]
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Michael Kerrisk (man-pages)
Bjarni Ingi Gislason
Karel Zak
Patrick Steinhardt
Sam Morris
Sebastian Schrader
Sébastien Helleu
J William Piggott
Benno Schulenberg
Mike Frysinger
Sami Kerola
Andy Lutomirski