From patchwork Mon Jul 20 09:13:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673315 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 78DC813B1 for ; Mon, 20 Jul 2020 09:13:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 617F621775 for ; Mon, 20 Jul 2020 09:13:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hewszE40" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727908AbgGTJNw (ORCPT ); Mon, 20 Jul 2020 05:13:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35636 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727901AbgGTJNv (ORCPT ); Mon, 20 Jul 2020 05:13:51 -0400 Received: from mail-wr1-x444.google.com (mail-wr1-x444.google.com [IPv6:2a00:1450:4864:20::444]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 28692C061794 for ; Mon, 20 Jul 2020 02:13:51 -0700 (PDT) Received: by mail-wr1-x444.google.com with SMTP id f18so17095911wrs.0 for ; Mon, 20 Jul 2020 02:13:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=nYM8lhuIO+90nSea2a+iPtNF7ryh1E4kDMdV0kFEIiU=; b=hewszE40dXil9en5tvvBUP9rsmkzQ1u8Uf80lQG6bvMMQJh1Dnumulqc21vlK4hJ0C DpyEiOmnaokm/lfIWV81iLZXkof2FHIBHakLrHdyZTqrbhngEQrNHpwwc6ooijcVP20J W9DCi3FpUnpTnFvplh11TRKB7M1H+vA/6rWl0zxbLz031/ZzGeH+X8NFen/oj3u0bhvV AVNgv+f/JOfQjY+0MqYwht1MCwC5n1ZU4ZSj/LLeCIv7rGKf7OQdrGR+4HPRMwXXxvqX xP4pCuhYeWzKwe+rG2woLCvdtUOz1+m7vF92TXBzcEO6og5DWSTczWdaCk+EpYqqF7Kk pXFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=nYM8lhuIO+90nSea2a+iPtNF7ryh1E4kDMdV0kFEIiU=; b=t1pUuyU+izJWjkjWTJIdaM76YrIYsUesfMfRfRCwbFDrqMYWo3GTVGYgTD3ADMVNIm 2yapji2rg2jAweUe0CTzm39YRoT60J/JkEqtVBDD6lwv7p3rFFVrFNGZF6QTTjUmlF+Z 7DwmfbX1wA0Fo31W3ZoFk/VYkNiC0a07FRZ9ZarXClC+RJWnq3iuVjI0ZiX/yCrv506A BhxYrbNGcoFRIczqoHXvFpNM7QUGCogp+vDQ35pQbhx5ZSsXfupAWu+8+k62qX6S8Wz7 5eLg4N7xXJct034FByS3ysBpLSkSpk8lRn7M5c0nkXGLmszkZxu3w2LD6dBBX4zy/46a eRlg== X-Gm-Message-State: AOAM531hFMaLm7AKMaXlQ5X25m43aOzJrTNNnUVUK3H4pSSnU9XNuyck Q675l7YPT7eNFtnsXJraXh+x2cAi X-Google-Smtp-Source: ABdhPJy9DlIy4+Kbq5CCNpM+r3w/K7MNGYG//oa10Si7CY8TErhvQeJP6PlbzCDCpH6VzPh0Zvi5OA== X-Received: by 2002:a5d:4401:: with SMTP id z1mr5248900wrq.305.1595236429827; Mon, 20 Jul 2020 02:13:49 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id i14sm794366wrc.19.2020.07.20.02.13.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:13:49 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 01/15] Manual pages: various pages: Use "\-" for real minus signs Date: Mon, 20 Jul 2020 11:13:14 +0200 Message-Id: <20200720091328.290336-2-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Signed-off-by: Michael Kerrisk (man-pages) --- doc/cap_get_proc.3 | 8 ++++---- doc/capsh.1 | 14 +++++++------- doc/getpcaps.8 | 6 +++--- doc/libpsx.3 | 6 +++--- 4 files changed, 17 insertions(+), 17 deletions(-) diff --git a/doc/cap_get_proc.3 b/doc/cap_get_proc.3 index fda00e0..fce8f59 100644 --- a/doc/cap_get_proc.3 +++ b/doc/cap_get_proc.3 @@ -242,11 +242,11 @@ is packaged with a separate POSIX semantics system call library: If your program uses POSIX threads, to achieve meaningful POSIX semantics capability manipulation, you should link your program with: .sp -.B ld ... -lcap -lpsx -lpthread --wrap=pthread_create +.B ld ... \-lcap \-lpsx \-lpthread \-\-wrap=pthread_create .sp or, .sp -.B gcc ... -lcap -lpsx -lpthread -Wl,-wrap,pthread_create +.B gcc ... \-lcap \-lpsx \-lpthread \-Wl,\-wrap,pthread_create .sp When linked this way, due to linker magic, libcap uses .BR psx_syscall "(3) and " psx_syscall6 (3) @@ -362,10 +362,10 @@ Note, the above sequence can be performed by the .B capsh tool as follows: .sp -.B sudo /sbin/capsh --user=nobody --mode=NOPRIV --print +.B sudo /sbin/capsh \-\-user=nobody \-\-mode=NOPRIV \-\-print .sp where -.B --print +.B \-\-print displays the resulting privilege state. .SH "SEE ALSO" .BR libcap (3), diff --git a/doc/capsh.1 b/doc/capsh.1 index 0b987f0..242727c 100644 --- a/doc/capsh.1 +++ b/doc/capsh.1 @@ -107,7 +107,7 @@ preparations for setting the uid without dropping capabilities in the process. Following this command the prevailing effective capabilities will be lowered. .TP -.BI \-\-is-uid= +.BI \-\-is\-uid= Exit with status 1 unless the current .IR uid " equals " . .TP @@ -120,7 +120,7 @@ using the .BR setgid (2) system call. .TP -.BI \-\-is-gid= +.BI \-\-is\-gid= Exit with status 1 unless the current .IR gid " equals " . .TP @@ -129,7 +129,7 @@ Set the supplementary groups to the numerical list provided. The groups are set with the .BR setgroups (2) system call. See -.B --user +.B \-\-user for a more convenient way of doing this. .TP .BI \-\-keep= <0|1> @@ -152,7 +152,7 @@ the current process. In all cases, is deactivated when an .BR exec () is performed. See -.B --secbits +.B \-\-secbits for ways to disable this feature. .TP .BI \-\-secbits= N @@ -225,18 +225,18 @@ will cause capsh to promptly exit with a status of 1 when run on kernel 2.6.27. However, when run on kernel 2.6.38 it will silently succeed. .TP -.BI \-\-has-p= xxx +.BI \-\-has\-p= xxx Exit with status 1 unless the .I permitted vector has capability .B xxx raised. .TP -.B \-\-has-ambient +.B \-\-has\-ambient Performs a check to see if the running kernel supports ambient capabilities. If not, the capsh command exits with status 1. .TP -.BI \-\-has-a= xxx +.BI \-\-has\-a= xxx Exit with status 1 unless the .I ambient vector has capability diff --git a/doc/getpcaps.8 b/doc/getpcaps.8 index 53d342e..7b73e86 100644 --- a/doc/getpcaps.8 +++ b/doc/getpcaps.8 @@ -24,13 +24,13 @@ format. .PP Optional arguments: .PP -.BR --help " or " --usage +.BR \-\-help " or " \-\-usage Displays usage information and exits. .PP -.BR --ugly " or " --legacy +.BR \-\-ugly " or " \-\-legacy Displays output in a somewhat ugly legacy format. .PP -.B --verbose +.B \-\-verbose Displays usage in a legacy-like format but not quite so ugly in modern default terminal fonts. .SH SEE ALSO diff --git a/doc/libpsx.3 b/doc/libpsx.3 index 615fceb..a907d8b 100644 --- a/doc/libpsx.3 +++ b/doc/libpsx.3 @@ -11,9 +11,9 @@ psx_syscall3, psx_syscall6 \- POSIX semantics for system calls .sp Link with one of these: .sp -.I ld ... -lpsx -lpthread --wrap=pthread_create +.I ld ... \-lpsx \-lpthread \-\-wrap=pthread_create .sp -.I gcc ... -lpsx -lpthread -Wl,-wrap,pthread_create +.I gcc ... \-lpsx \-lpthread \-Wl,\-wrap,pthread_create .SH DESCRIPTION The .B libpsx @@ -58,7 +58,7 @@ and functions. .SH RETURN VALUE The return value for system call functions is generally the value -returned by the kernel, or -1 in the case of an error. In such cases +returned by the kernel, or \-1 in the case of an error. In such cases .BR errno (3) is set to the detailed error value. The .BR psx_syscall3 " and " psx_syscall6 From patchwork Mon Jul 20 09:13:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673317 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E5FC713B6 for ; Mon, 20 Jul 2020 09:13:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C4E492080D for ; Mon, 20 Jul 2020 09:13:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="FPlB57LW" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727106AbgGTJN4 (ORCPT ); Mon, 20 Jul 2020 05:13:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727912AbgGTJN4 (ORCPT ); Mon, 20 Jul 2020 05:13:56 -0400 Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [IPv6:2a00:1450:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C36C0C061794 for ; Mon, 20 Jul 2020 02:13:55 -0700 (PDT) Received: by mail-wr1-x443.google.com with SMTP id q5so17045177wru.6 for ; Mon, 20 Jul 2020 02:13:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ABvjT7IUEPxXaer7HfCvBTOQieEMtzVplcRO8FaOpAY=; b=FPlB57LWw64zQmwTlhcPByyUZh2YOb/dLQjVMyGMo3z2jNpe1XkGXnXMiO5jMF1azX OCBt0rpudSYb3ATErpQqr/ypexKUlqG4JCr+8TIQOHmc+DnNpsBxDwN23dZomNyp3lDC PZA0W0TFDaP7HZSsuQcgAUuWSqG5LeMy7X5HI/3xDP4w7Haf9mqfIno4WmLBNIf8b8Bu 2v6GoLZU5TTPIUlxs6FE32x5QUEf+S/v/2sNrDRoevYSfoOmXhnE9NrgOtsDcWXfoFc2 2TlrACK8BqIdY3xv8xpVNcZP0Xr2BG37ckhg12pLDPMsyJwa0zv/R0KKVVmMMbswncwC TwjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ABvjT7IUEPxXaer7HfCvBTOQieEMtzVplcRO8FaOpAY=; b=CF3yJZ8how9nTnu8JhltMaXVSylovhClrGQgFG0Ylvh+l/jXru/uE0/4Vxapx3AB6s y8YSXturP9umqA6IKG1SWLV8phESJgYLqp5Lx8ogPuZFawh45DSPIzWxVpj1pM7c/AiZ P2TRDdg/rMjTdhM16B9e0XhkR0XgxPYy/X7dAXh9mXwCSwHB9hA4aDhxHtoOC1EBk5Q3 o4XnO8NdTrAKTkXLqROwkl10780mbf1pHqdXYjjYbQ2V1CJvDgn6UC8hAVhj1NtgV/Ui KvfmnhBdYZUd8siTns9gJuoY0WXh9yHSZKPRXCODK7OFBoJUPbSNupX7oYNdM0ye1AEl 94qw== X-Gm-Message-State: AOAM531Hu6OEDuDiu0TSxkuDyDBnfh5WfieF9eNb9+0UyjVTVSHjtMLo kt/6qs4AVb8fNftPdsIdD1A= X-Google-Smtp-Source: ABdhPJxxTlzYaPkk4Hvu15GMj2+PJQvSnGSGqV5tkqxt5jQAfL4KxlTsXhoQxRBFZX1MreGQA8VSaA== X-Received: by 2002:a5d:6603:: with SMTP id n3mr22084475wru.142.1595236434521; Mon, 20 Jul 2020 02:13:54 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id f17sm33894994wme.14.2020.07.20.02.13.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:13:53 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 02/15] Manual pages: cap_init.3: Formatting fix Date: Mon, 20 Jul 2020 11:13:15 +0200 Message-Id: <20200720091328.290336-3-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Use nonbreaking space inside 'char *'. In addition to prevent a line break between these two tokens, the space is not widened when performing line fill. (The filling makes it look weird.) Signed-off-by: Michael Kerrisk (man-pages) --- doc/cap_init.3 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/cap_init.3 b/doc/cap_init.3 index 96cfea6..362db66 100644 --- a/doc/cap_init.3 +++ b/doc/cap_init.3 @@ -41,7 +41,7 @@ The argument may identify either a .I cap_t entity, or a -.I char * +.I "char\ *" entity allocated by the .BR cap_to_text () function. From patchwork Mon Jul 20 09:13:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673319 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5A36B13B6 for ; Mon, 20 Jul 2020 09:14:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4400B21775 for ; Mon, 20 Jul 2020 09:14:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="mz3s/4Kr" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727825AbgGTJOA (ORCPT ); Mon, 20 Jul 2020 05:14:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35664 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726730AbgGTJOA (ORCPT ); Mon, 20 Jul 2020 05:14:00 -0400 Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com [IPv6:2a00:1450:4864:20::344]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4D830C061794 for ; Mon, 20 Jul 2020 02:14:00 -0700 (PDT) Received: by mail-wm1-x344.google.com with SMTP id f139so24407622wmf.5 for ; Mon, 20 Jul 2020 02:14:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=bF9hzSMekhnYTvDWrdjETwLqrkTUGZdsErU4TckjJv4=; b=mz3s/4KrHoVYtfGXuTkFtAEa2Z6FukqbeV/8bAKCtDHTd+aX/ahcGojeNkbeB01fQn UZpH5IPiUXymoPKJF9jABf9EJHshxGFRWTMblBtw+qd6wUW/A+zKVOWeHRbhns/6R3mN fv+0EFC+pmOCcevwvH1DohSUunUG325dH9DmbZ4w2t5jJCQPXvcb54uVQGnCPxNcKbNt AxARgZ7dY+mUh0QcDKJ0tmE9aScbScYd7WvpokZR40Kcn/k5Yo1wjvfQ47T+e33X0jDX R77od2uTrfz4BvoNq4+akjiFx34lacP6h3Xi5SHIPxWiDFVHRGrxKBALhKjJQUPQ3Lai Z8jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bF9hzSMekhnYTvDWrdjETwLqrkTUGZdsErU4TckjJv4=; b=TQtuuAZHa0EF2KrPNizJGMN/UzvQ2J+xuGoiFNP0LAWpflcVDtR2TcLRXzcWfKisLw rKTDgCdj0ph21+xCvj0rGOKAREjMATWC8y/VFIDnFqux8q6QiEr3HJtEQFbpthxhnzG2 u+A+Kv7cjRA9UVgAi95RdHxe8ly/x0ToOOrax81mL9DNEjMeaKovDdVwGzT93g5brU/A nH7clKSlczsBjGwHAWu2X2exvq/MMwbWxXvSAWEc8Re6ljY+uTWYn/V3pZm/XOO+ov+4 s8fj3O+4OEqVsagPljdiCW5pOMCDVuMYVM7qbBG7UPQeOgD5T7u0Fiwh5YJIwYdQK4dQ kGiw== X-Gm-Message-State: AOAM532F749vHBULNCW1jNrYxq8Mkxfd0lKyOKTe7/MZ7axVCNIrBWJb b1lwpRbePYbl2HxCYPoqMr4= X-Google-Smtp-Source: ABdhPJzb8zEGIOJXHUpHlSWsajTPt1prapTTmkj9YwK5o01BD1Rv7ub8RxeEdgaf4Z/NHp5EY3F7Jw== X-Received: by 2002:a1c:48d7:: with SMTP id v206mr19899115wma.145.1595236438960; Mon, 20 Jul 2020 02:13:58 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id y189sm34486552wmd.27.2020.07.20.02.13.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:13:58 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 03/15] Manual pages: capsh.1: Various minor wording and formatting fixes Date: Mon, 20 Jul 2020 11:13:16 +0200 Message-Id: <20200720091328.290336-4-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Signed-off-by: Michael Kerrisk (man-pages) --- doc/capsh.1 | 47 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/doc/capsh.1 b/doc/capsh.1 index 242727c..f19a3ea 100644 --- a/doc/capsh.1 +++ b/doc/capsh.1 @@ -10,7 +10,8 @@ this tool. This tool provides a handy wrapper for certain types of capability testing and environment creation. It also provides some debugging features useful for summarizing capability state. .SH OPTIONS -The tool takes a number of optional arguments, acting on them in the +.B capsh +takes a number of optional arguments, acting on them in the order they are provided. They are as follows: .TP 22 .B \-\-help @@ -30,7 +31,7 @@ for specific commands. .B == Execute .B capsh -again with remaining arguments. Useful for testing +again with the remaining arguments. Useful for testing .BR exec () behavior. .TP @@ -44,11 +45,12 @@ is a text-representation of capability state as per .TP .BI \-\-drop= cap-list Remove the listed capabilities from the prevailing bounding set. The -capabilities are a comma separated list of capabilities as recognized +capabilities are a comma-separated list of capabilities as recognized by the .BR cap_from_name (3) -function. Use of this feature requires that the capsh program is -operating with +function. Use of this feature requires that +.B capsh +is operating with .B CAP_SETPCAP in its effective set. .TP @@ -57,7 +59,9 @@ Set the inheritable set of capabilities for the current process to equal those provided in the comma separated list. For this action to succeed, the prevailing process should already have each of these capabilities in the union of the current inheritable and permitted -capability sets, or the capsh program is operating with +capability sets, or +.B capsh +should be operating with .B CAP_SETPCAP in its effective set. .TP @@ -73,7 +77,7 @@ and set them all using and .BR cap_setgroups (3). Following this command, the effective capabilities will be cleared, -but the permitted set will not be so the running program is still +but the permitted set will not be, so the running program is still privileged. .TP .B \-\-modes @@ -87,7 +91,9 @@ security mode. This is a set of securebits and prevailing capability arrangement recommended for its pre-determined security stance. .TP .BR \-\-inmode= -Confirm that the prevailing mode is so named, or exit with a status 1. +Confirm that the prevailing mode is that specified in +.IR , +or exit with a status 1. .TP .BI \-\-uid= id Force all @@ -156,9 +162,12 @@ is performed. See for ways to disable this feature. .TP .BI \-\-secbits= N -Set the security-bits for the program, this is via -.BR prctl "(2), " PR_SET_SECUREBITS -API, and the list of supported bits and their meaning can be found in +Set the security-bits for the program. +This is done using the +.BR prctl (2) +.B PR_SET_SECUREBITS +operation. +The list of supported bits and their meaning can be found in the .B header file. The program will list these bits via the @@ -221,7 +230,9 @@ $ \fBcapsh \-\-decode=3\fP As the kernel evolves, more capabilities are added. This option can be used to verify the existence of a capability on the system. For example, .BI \-\-supports= cap_syslog -will cause capsh to promptly exit with a status of 1 when run on +will cause +.B capsh +to promptly exit with a status of 1 when run on kernel 2.6.27. However, when run on kernel 2.6.38 it will silently succeed. .TP @@ -234,7 +245,9 @@ raised. .TP .B \-\-has\-ambient Performs a check to see if the running kernel supports ambient -capabilities. If not, the capsh command exits with status 1. +capabilities. If not, +.B capsh +exits with status 1. .TP .BI \-\-has\-a= xxx Exit with status 1 unless the @@ -252,8 +265,12 @@ Removes the specified ambient capability from the running process. .B \-\-noamb Drops all ambient capabilities from the running process. .SH "EXIT STATUS" -Following successful execution the tool exits with status 0. Following -an error, the tool immediately exits with status 1. +Following successful execution, +.B capsh +exits with status 0. Following +an error, +.B capsh +immediately exits with status 1. .SH AUTHOR Written by Andrew G. Morgan . .SH "REPORTING BUGS" From patchwork Mon Jul 20 09:13:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673321 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DD8AD13B1 for ; Mon, 20 Jul 2020 09:14:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C621522482 for ; Mon, 20 Jul 2020 09:14:05 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="iRkBtTnI" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726730AbgGTJOF (ORCPT ); Mon, 20 Jul 2020 05:14:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35676 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726601AbgGTJOF (ORCPT ); Mon, 20 Jul 2020 05:14:05 -0400 Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8C87C061794 for ; Mon, 20 Jul 2020 02:14:04 -0700 (PDT) Received: by mail-wr1-x433.google.com with SMTP id q5so17045656wru.6 for ; Mon, 20 Jul 2020 02:14:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=tJ3Uay5d4eTa1DbxGGqauoSNym5hcuAwJGYEpSnyrMw=; b=iRkBtTnImHWRevfyfJbyJQ4w4MCag8YjkJXOH/IDEiWvKhsOiXJo2p1qoDA8EvDPRW a8FCPJMKZ7GmVlNBNzdtjBOMhbRlW46OjxVeQgvZQVahG3dVYbN4z6cyDZI3C/KKQgnA YO8JBJimGfjTNyPavEZVUyl8lQtsro6GOLcr1PQJjZege9cID9N+Wf6UXqUA+PaJ5wmm HzB4eghk7O95a893RJB7KogX/Pfm9WWc5pSCauEKLJZvD3/bHM5ONZ2yjBbDKiPEOBAG VvsZw6hKVdxFR4X/2FmkelLcBvengRRIETp48ccz+aOPTjmfiFhMwFOe8b/OwvpD2kOA inxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=tJ3Uay5d4eTa1DbxGGqauoSNym5hcuAwJGYEpSnyrMw=; b=U1bg/4gfCFT3cqhzfw1mymg835tJUsnczw6syIZmFZEA+XFI40Haa3LMi+hkQnv77R LhIa2Jbaj5inVmlTQsskDrmwi6phFAp3kkMqNuW+S2UTcQVap9rvwuCUvrcmd2AFiwdz RkAznOJ4Gy8AxqdDwammZUb56DuX00PR/FHUZCQkzg6q0IGnB9ErG+MT0yzG21b4jHR7 ki1wEwTBKXU7A5RxvrV2i6LgoUD4CsYko/o0U8r44Vpca+Hv9MYOGffgBxYwdycO62RS xexAtBfSF/9rZlfltjUAG4G4Ukz//dFWquNULCopalKiiPKKPlXCKWIFMTWsXT2rrkDT soKg== X-Gm-Message-State: AOAM530d5QR6mhJPJaYQ84kHuoGT7CoV3QR7AXIM36EQqYjwsqnVkmmb gwH69KMUlOWcKgw4IJKwwgzsI22c X-Google-Smtp-Source: ABdhPJx1GNySsH6mpmvWdgo41xyZ/HBTYGqtOgknlYtGvNtZhRBJEP6eVnHStqosoyAjzCPlJVVxMQ== X-Received: by 2002:a5d:4b4f:: with SMTP id w15mr20833907wrs.84.1595236443510; Mon, 20 Jul 2020 02:14:03 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id v15sm11779143wrm.23.2020.07.20.02.14.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:14:03 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 04/15] Manual pages: cap_copy_ext.3: Typo fix Date: Mon, 20 Jul 2020 11:13:17 +0200 Message-Id: <20200720091328.290336-5-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Signed-off-by: Michael Kerrisk (man-pages) --- doc/cap_copy_ext.3 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/cap_copy_ext.3 b/doc/cap_copy_ext.3 index 18c2fe6..acbb487 100644 --- a/doc/cap_copy_ext.3 +++ b/doc/cap_copy_ext.3 @@ -34,7 +34,7 @@ function in order to hold the capability data record created from .BR cap_copy_ext () copies a capability state in working storage, identified by .IR cap_p , -from system managed space to user-managed space (pointed to by +from system-managed space to user-managed space (pointed to by .IR ext_p ) and returns the length of the resulting data record. The size parameter represents the maximum size, in bytes, of the resulting data record. The From patchwork Mon Jul 20 09:13:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673323 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B5EA813B6 for ; Mon, 20 Jul 2020 09:14:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9DDA721775 for ; Mon, 20 Jul 2020 09:14:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hugiiYax" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727901AbgGTJOK (ORCPT ); Mon, 20 Jul 2020 05:14:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35688 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726520AbgGTJOJ (ORCPT ); Mon, 20 Jul 2020 05:14:09 -0400 Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 56660C0619D2 for ; Mon, 20 Jul 2020 02:14:09 -0700 (PDT) Received: by mail-wr1-x42d.google.com with SMTP id f7so17070307wrw.1 for ; Mon, 20 Jul 2020 02:14:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=D2nQooP4o+BuZxfzQ8Tr4E2ZORfz0zIXUzVB4dg40AM=; b=hugiiYaxnU8M+Yrd+BVixY3vqdkOanQKHHBvPdATMGmW1OXNJM7mIUekPuPTbTjDjy 5YQY3kMa51KcutH6TOPVxqKfbbJEU2kNCua9qNkHkqRk6NsDuFvg6R7aPeYyps/+aw/C b5PVO9r0LuV2nO6O+SHQQ9If7s1HyxEKiKdYFNmMCCXHaX3Or6tEJLPACY746787/sz2 1MyJjnc4Yuzc60SI+f7Ykjs8woJPW8Addsti2H+egK53mxbS/rtlvbCMOv4US5AlPov6 PqptAj3+KO4oEO6LttDwnCkyVpXywvDGcpg0SziAFD4pFBASa5tUoB7PS+SGsdEJhY22 tiRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=D2nQooP4o+BuZxfzQ8Tr4E2ZORfz0zIXUzVB4dg40AM=; b=IlCwphum4/8RvIZ3+kgr91xJkL9xSPvw3bZFLWY5+S6hKsDTAwNgUYYfdY9UnDS4ae P3BMRqyjXhsEZz1kguHCW9g0cVGm4GHoQpEplAqpjjS/vu1SVRZ0absPyLbATX0jzqtu 3+beQqCQCH5DwHUYqomx1v7sybytyIN7XWAp6vjA6avPcH97cudizB+HcHjpshlczYAp vsoPHTjFyXo4GXbewM3tYJNRPBRqweP7j+9FzZjOUnZH6MoRlMsqVeD2Ycq//vS8MCYq 5uDlBXCUnzSLkunPEF0zlX63iAVAs58hQQoevoo4v9lRq+3EuJSaxI152WtgE0lT/rQG OMoQ== X-Gm-Message-State: AOAM5301UwfADBWukS6d593EMniQIxa7hl/FlNmI70oEFggxcdW606sL RKLEK01F9QtaSy/nwrGcX88= X-Google-Smtp-Source: ABdhPJxKGHYrS0gJ3F9oZFk12hUnijlFqHltniuPTQc/vDWCUH9upfJNO2u+CChjY6Lnoi+2i3PrZA== X-Received: by 2002:adf:cc85:: with SMTP id p5mr21046473wrj.273.1595236448044; Mon, 20 Jul 2020 02:14:08 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id n18sm2339485wrw.45.2020.07.20.02.14.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:14:07 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 05/15] Manual pages; cap_get_file.3: Fix some clumsily worded text Date: Mon, 20 Jul 2020 11:13:18 +0200 Message-Id: <20200720091328.290336-6-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Make the text a bit easier to read, and also fix the terms used. Signed-off-by: Michael Kerrisk (man-pages) --- doc/cap_get_file.3 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/cap_get_file.3 b/doc/cap_get_file.3 index c028148..ceacbaf 100644 --- a/doc/cap_get_file.3 +++ b/doc/cap_get_file.3 @@ -57,12 +57,12 @@ A NULL value for .IR cap_p is used to indicate that capabilities for the file should be deleted. For these functions to succeed, the calling process must have the -effective capability, -.BR CAP_SETFCAP , -enabled and either the effective user ID of the process must match the +.BR CAP_SETFCAP +capability in its effective set +and either the effective user ID of the process must match the file owner or the calling process must have the .B CAP_FOWNER -flag in its effective capability set. The effects of writing the +capability in its effective capability set. The effects of writing the capability state to any file type other than a regular file are undefined. .PP From patchwork Mon Jul 20 09:13:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673325 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B4A6F13B1 for ; Mon, 20 Jul 2020 09:14:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 94C7221775 for ; Mon, 20 Jul 2020 09:14:14 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="LZku9RrT" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726520AbgGTJOO (ORCPT ); Mon, 20 Jul 2020 05:14:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35700 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726492AbgGTJON (ORCPT ); Mon, 20 Jul 2020 05:14:13 -0400 Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1BD6C061794 for ; Mon, 20 Jul 2020 02:14:13 -0700 (PDT) Received: by mail-wm1-x32e.google.com with SMTP id c80so21522435wme.0 for ; Mon, 20 Jul 2020 02:14:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=mBMMpk2qHCVqK9+G1JkJ/e3L+uEemx5nyjpX9rZHTOg=; b=LZku9RrTsIxxYXfkhsdY8wPu7O7BIS3Q+dBYK4z7QwhkjqzDHvUCrhvmSbMO77rgRt 3D28Zs2n39YB+Qh/TaCsNLdgv5Jezn2PjbQjlX678wjOMl6oYHDtTmupeJ4fjxFhaJHH 05fvzEK24yksg/IxDU3guE3nY0P9/7ONAo/3n5CUVqQTdQAxs0khSY0ur6ZneZP2uNWM Zs8e5xh1SpuFqol6soAg33IJyD7xt8bEnSvzf1UW7CFpYZ3HGZ/xzqKaBSlsM4rPXCiy qFCUh3NHDdpRjCg75aVMPOdQfwzjYZuS2tse0USjbE+FNTNc9OJnjfrNOnB7eppJaLud dzNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mBMMpk2qHCVqK9+G1JkJ/e3L+uEemx5nyjpX9rZHTOg=; b=j6kZKoHsV2Z5RfQyEXUU/N49NCpOfEi8HNKkJOti0HoAnBepKgI4e4zjX5Mf4d5sTR yCQM2WymzzJ5Xayy2Jn099RIjPyiwXMRpxrq/zUGcwAjKYjP46h1sUlMhh/2JS2JjR4x BM+Td0lQojmWUBvukS0pb5BEhHG6z6WTDE+NzsSDgzXN3H3seZ/tvOPVxDvfpIt0Ts9Y JCG+kZSqWWVoPhPGLl81lZw5vJ91H3lL4EUPD19ST+AGVxHuPSFIoSyo4V585P5j6r1B 60bcujyfgfbpd/XjUuQAmcoM1UkzWnjAXLCcD7p8U3tMTTqw9mbVFADcYwacj0YdDlLA uuwQ== X-Gm-Message-State: AOAM532otP6vabJNJeU568QDhR1ZYJTtIVNTRRFhyxdp49U0tDjGUtIm Z9FQrUD7LJZ9XJQx7V4U2GQ= X-Google-Smtp-Source: ABdhPJz5d2qhGDyPah9v3gxRWYQPCU5sHxqqNiYrVDrNQ0AdKj238IkHQpla040CzSltq9AkrDyOTQ== X-Received: by 2002:a7b:c936:: with SMTP id h22mr19801099wml.114.1595236452458; Mon, 20 Jul 2020 02:14:12 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id d13sm31489032wrq.89.2020.07.20.02.14.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:14:12 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 06/15] Manual pages: getcap.8: Add missing word Date: Mon, 20 Jul 2020 11:13:19 +0200 Message-Id: <20200720091328.290336-7-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Signed-off-by: Michael Kerrisk (man-pages) --- doc/getcap.8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/getcap.8 b/doc/getcap.8 index d867203..367d010 100644 --- a/doc/getcap.8 +++ b/doc/getcap.8 @@ -6,7 +6,7 @@ getcap \- examine file capabilities \fBgetcap\fP [\-v] [\-n] [\-r] [\-h] \fIfilename\fP [ ... ] .SH DESCRIPTION .B getcap -displays the name and capabilities of each specified +displays the name and capabilities of each specified file. .SH OPTIONS .TP 4 .B \-h From patchwork Mon Jul 20 09:13:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673327 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1D26C1510 for ; Mon, 20 Jul 2020 09:14:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EFAB92080D for ; Mon, 20 Jul 2020 09:14:20 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="rvb8GzIH" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728010AbgGTJOT (ORCPT ); Mon, 20 Jul 2020 05:14:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35718 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726492AbgGTJOS (ORCPT ); Mon, 20 Jul 2020 05:14:18 -0400 Received: from mail-wr1-x442.google.com (mail-wr1-x442.google.com [IPv6:2a00:1450:4864:20::442]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 25DE1C061794 for ; Mon, 20 Jul 2020 02:14:18 -0700 (PDT) Received: by mail-wr1-x442.google.com with SMTP id o11so17046412wrv.9 for ; Mon, 20 Jul 2020 02:14:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=sx7WzXi8t9iKijcQLqMcZUMKtCWBmlWEZDj1w8g4xrg=; b=rvb8GzIHCr8917x7PZuhUXdPgL/1eJkAWe57JBJOJ7m1Ej6j2VXY6WGo2RdJziwCj5 4QkcncjW6uYhcN+v94GqP01FsPpOBOieYX4yPEG2T7PniOwJjqujsbEXHNkC2cbn1Gjc OfQWJQ7Pj/ldRSHigZfqOCi1ZPhLsYg1r7qM/ksleA0Gz86yzRNm4QHrZVzxbkr51Bu6 XSRbUMsqKw/i/rXENwJdJKgpfsZtoa/lkxLFHU4s78FSqvVqsAJ5YkiibZ+GMePE6kXQ ARVPoxkxt5fs9EkJ32oEG1DUuSdkSffKNd3LvtVFwqWNRXTzuXXSCOU2P7aAcr1PnIK5 EW0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=sx7WzXi8t9iKijcQLqMcZUMKtCWBmlWEZDj1w8g4xrg=; b=mYtoCMpMgjM/vs6erbIFurjYxffR+woVOtVvCKDsh58dlvQ0A2DkPdKbgfsd7Hq58A YfUANQN6DrUzau/Q8AH2V+U9snn5pwTu8uogBNvpYFd0BeEI4V8IOlINFc4Di8J1zcw5 RQ2sWbid2xOLU/654Rzqhd3moq8qUF3uEU/S+HwZbyoy/2WGRdmWwDXxRL1GNlp26oIJ zHA38IpWDIrnr0up0S6FeSyy8FYcfmVReFsEzqnKPs9x4AJgnzZKtVx6LneeBenmRC3A HtLVhIR9K7GClZSnLyTxmYikuA9sR0v/hH9mG06gzvCsGQKRfUk95hgPSAObchAiv/lh WGRg== X-Gm-Message-State: AOAM5305FWJPiYoxhc3ChKWyUiFzZtXtZEPn5D4X4DQ2l45lsHUxOw1B c0bFLLwZj1RbEGp2D5TFzeQ= X-Google-Smtp-Source: ABdhPJxjnTh03KRx7IJaU7jg4zjIg5d2BHLhX9K4VAwYj5xItqfDGwla2k7wSNANdbLdaWysQrBlKQ== X-Received: by 2002:a5d:61c8:: with SMTP id q8mr11329182wrv.160.1595236456888; Mon, 20 Jul 2020 02:14:16 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id y189sm34488914wmd.27.2020.07.20.02.14.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:14:16 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 07/15] Manual pages: getcap.8: Fix a clumsily worded sentence Date: Mon, 20 Jul 2020 11:13:20 +0200 Message-Id: <20200720091328.290336-8-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Signed-off-by: Michael Kerrisk (man-pages) --- doc/getcap.8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/getcap.8 b/doc/getcap.8 index 367d010..2ad8092 100644 --- a/doc/getcap.8 +++ b/doc/getcap.8 @@ -20,7 +20,7 @@ a file's capabilities. enables recursive search. .TP 4 .B \-v -enables to display all searched entries, even if it has no file-capabilities. +display all searched entries, even if the have no file-capabilities. .TP 4 .IR filename One file per line. From patchwork Mon Jul 20 09:13:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673329 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E693C13B1 for ; Mon, 20 Jul 2020 09:14:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CEF6721775 for ; Mon, 20 Jul 2020 09:14:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="fRFly6is" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728025AbgGTJOX (ORCPT ); Mon, 20 Jul 2020 05:14:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35730 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726492AbgGTJOW (ORCPT ); Mon, 20 Jul 2020 05:14:22 -0400 Received: from mail-wm1-x343.google.com (mail-wm1-x343.google.com [IPv6:2a00:1450:4864:20::343]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A01BFC0619D2 for ; Mon, 20 Jul 2020 02:14:22 -0700 (PDT) Received: by mail-wm1-x343.google.com with SMTP id l2so24439129wmf.0 for ; Mon, 20 Jul 2020 02:14:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fPZvTaCiahAPdjFb+17oWG371m27PZyMBdW5TOckVTo=; b=fRFly6isaWXsVuJJTlE2lDMzNPRbP/8BXdtfLqVDK739uaoljlx+LRCHbBdpjDZIaC cxbJuuEhkvr5FRrYFjsBBx7DaDOqbj4cP3rJhrsR32BTBLwmeVJ6WKO2dvn73bzZoBd/ SmKfuzzE2/M3LSY5Q+0L3tgb1JaCqnY+/ncTOjJnVbu5+2UF8/hxU2jsDAW9k4DqUONL S1L/sylA1JO8wKMKGNw8k3maTm+widNnQZtHs9FVKplYt13+If/Zs6+GFDRmgg56BFO1 LA1WQGny/s41Df/szFCctnY2YSXAG0khp9AV5qFPaZGR9oQCHgoi7Cjm7s1+9/LyLsCn 9Bbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fPZvTaCiahAPdjFb+17oWG371m27PZyMBdW5TOckVTo=; b=FHw9AUTZ9wR+qvm7ES7gVjxPRox/kQ1oeOSMYH/8mICNwLPq9T3YPQ4NT10QqQXahn fHgPZ4mA6dZJw75maYrY8zkfGZK/XAQwXsy3x61xmaB4vIWo15gNNTac9foVoiTe+9yR 1H8uGGim5u1o8PSWl5PxZyIS83eRZRuZNa6d0A3Afw6jyPA5jiCK3Jr9tCOgV1M+OAV0 WdkB+E6Vk5w3JMstRuFRwlgbvIsagu85sokWJz8ZXQamQRQKFdHHdQfMsXuc6yCLRTUF R32fUv/O6bCLPFUyBFMrkPYhWJrh+L4iF12KEhwuaRI+ULu7Nnr583hP5xnICBtL9AKn 34FA== X-Gm-Message-State: AOAM530j69jhKo+4mpnajjr3v0QBMfpRbArN1PUj1FcPIHEI68blZ6xY vU46XEhsIUfiiWLno7ctk48= X-Google-Smtp-Source: ABdhPJyiGxiYcVL7IMYuU7LqNPwmakZu+Qg/18P8bvuhvY4TS2SEu7ZFbcOjmzL2XH08OmF+hbgH+w== X-Received: by 2002:a05:600c:c1:: with SMTP id u1mr21095184wmm.48.1595236461389; Mon, 20 Jul 2020 02:14:21 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id 31sm12152560wrp.87.2020.07.20.02.14.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:14:20 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 08/15] Manual pages: getpcaps.8: Format options as a hanging list Date: Mon, 20 Jul 2020 11:13:21 +0200 Message-Id: <20200720091328.290336-9-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Make the options list more readable. Signed-off-by: Michael Kerrisk (man-pages) --- doc/getpcaps.8 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/getpcaps.8 b/doc/getpcaps.8 index 7b73e86..fb3bc65 100644 --- a/doc/getpcaps.8 +++ b/doc/getpcaps.8 @@ -23,13 +23,13 @@ the format. .PP Optional arguments: -.PP +.TP .BR \-\-help " or " \-\-usage Displays usage information and exits. -.PP +.TP .BR \-\-ugly " or " \-\-legacy Displays output in a somewhat ugly legacy format. -.PP +.TP .B \-\-verbose Displays usage in a legacy-like format but not quite so ugly in modern default terminal fonts. From patchwork Mon Jul 20 09:13:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673331 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 15AA613B1 for ; Mon, 20 Jul 2020 09:14:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EFD5921775 for ; Mon, 20 Jul 2020 09:14:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="cn08oZ5x" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727912AbgGTJO2 (ORCPT ); Mon, 20 Jul 2020 05:14:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35748 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728069AbgGTJO1 (ORCPT ); Mon, 20 Jul 2020 05:14:27 -0400 Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44969C0619D4 for ; Mon, 20 Jul 2020 02:14:27 -0700 (PDT) Received: by mail-wm1-x32c.google.com with SMTP id q15so21518073wmj.2 for ; Mon, 20 Jul 2020 02:14:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=9iIMCTOKKxeAH1WnqSQ9w5juFzPfT424/VCQldW4pX0=; b=cn08oZ5xfgQPVEPyEwI5g1xtTTnItB81ZZg15DE0NArj7hwjnUBC3PtrFpIklGgI7x FtRMeibW4Hh98Pfo+TFWEHWMul8/CRdmmltV7PppP7NhL3J56k2wIcbiB3BFH/1+KcfJ 5gnOfhIjNvRgJ7Hhw/Bi4sZJZlQtJCxqxd6wI3epRrcfy3AoA7o0aMXj4cg+8lDimeQ3 MBW6ngefbh5g63QPAF60BeLd1+20yxRZOx8XwWLaMZRdnnovBasByxXBLMyyOsdOGAxR uTF/CknI5ZU4ZX/GOvMLyas16Vo7n1eLUqXDkfbC8alNkugKjIHKvorbOUM+jzr8w0cd 3qLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=9iIMCTOKKxeAH1WnqSQ9w5juFzPfT424/VCQldW4pX0=; b=thS5g3LhX+9H+0CvRFy57YS37yJXk3/JzKis1dhOizjq+u+WJWOhqn/KiOeDNaWum4 lYkm8rhKSAs3ttVHyZU667J/lXefVjP34dlfRN+I/CdIPJ9tY4lDcXpo7aQynGNMrrs2 P94rz/ZzFRakSTLDyfQvZgZ20TkS3DTcOJS4v9PFOivQgDzanI0SnyUFTT7KbTjuKkwB eSZEc4lP5TwoCfJ35uqDX6xYbn8rnS5zGyauZbF+hI4DJbEvYZW1mv0aX+aQcPOQ6koD 8zJvVIkAftlhVqbXGQm5jKltzGG9gaYyGU4qeq9Jrww+KSiBZaiIn9HcAvo2KTTUFRM2 F+lQ== X-Gm-Message-State: AOAM531+sujTGeCHEiO7Cb/IPqiC0OKi6WVAUKCyLbe8At35Bs+Rm6N/ Xx5Dtzn1up39dXJpgY1Afkmdwkme X-Google-Smtp-Source: ABdhPJxgrfh9c3mw9UJJkigm1F6HeghBMyAL3TqCdpTdBX7b4M9otR2Qaz7+GabRjhI0Fihg2Ifk2w== X-Received: by 2002:a1c:e405:: with SMTP id b5mr11939114wmh.54.1595236466037; Mon, 20 Jul 2020 02:14:26 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id p11sm7494814wre.32.2020.07.20.02.14.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:14:25 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 09/15] Manual pages: getpcaps.8: Remove a stray .br macro Date: Mon, 20 Jul 2020 11:13:22 +0200 Message-Id: <20200720091328.290336-10-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Signed-off-by: Michael Kerrisk (man-pages) --- doc/getpcaps.8 | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/getpcaps.8 b/doc/getpcaps.8 index fb3bc65..dadd365 100644 --- a/doc/getpcaps.8 +++ b/doc/getpcaps.8 @@ -36,7 +36,6 @@ default terminal fonts. .SH SEE ALSO .BR capabilities (7), .BR capsh "(8), " setcap "(8) and " getcap (8). -.br .SH AUTHOR This manual page was originally written by Robert Bihlmeyer , for the Debian GNU/Linux system (but may be used From patchwork Mon Jul 20 09:13:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673333 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AB6A813B1 for ; Mon, 20 Jul 2020 09:14:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 944DA21775 for ; Mon, 20 Jul 2020 09:14:33 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="j7fuV2jR" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728068AbgGTJOc (ORCPT ); Mon, 20 Jul 2020 05:14:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35760 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728017AbgGTJOc (ORCPT ); Mon, 20 Jul 2020 05:14:32 -0400 Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com [IPv6:2a00:1450:4864:20::344]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B5FC3C061794 for ; Mon, 20 Jul 2020 02:14:31 -0700 (PDT) Received: by mail-wm1-x344.google.com with SMTP id o8so21501651wmh.4 for ; Mon, 20 Jul 2020 02:14:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=TQD9WNkofnPQBa2RWhECI/xI2EodkzfZH+akEIki+5o=; b=j7fuV2jRSNRGjgS4S7UZWcX+t9RkW3BNzQA5J/9QehMoc671FnR2WlPZEevV1KtjnX OhUd++8/x0T11pFKZ6B7tgAa6HFmAYfBKGimTdjUb93Yymkk13yhgm5uh59ypz9MeFKY WbGCpjz2YBzTous3oREN7pIDGjO49NmdssqJLQhHTl39CYvkhw8J3XdowWzMlhtlKkqk sOMyepaYd8RLoJT46pUCNoaaKddbFCO+MmLsJXNBQ05u3m6TrA/lxa96ODRkbtPXHcuS 8oRHgKOXXRxGAZpWsE10kAUjkhx4AZmWQxi3kSWyQw1CRoWEaZC12M54xNHFrS7wal8V UL3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TQD9WNkofnPQBa2RWhECI/xI2EodkzfZH+akEIki+5o=; b=dr3oUYy3iJWuy4FxHfeylhK/0qi7esQUtaIrkAKu62uTWofxDTyUM+6Zyp5Sx/4RLi RmoRm3SaOEfem1HBIytjXGtDdnfTHEHpPef8CXPNJviDX0Jm+klEzLw5bVcoE1Jor943 /s7nM3A3VD81fjjyrIc4T2Zi31FgdgyJ3yLYU2se+olEU+v6/c8kZ5esrQsAIJzvfJjX fdR/9IcEKoEeMw8ziEuHhb6XDQQvwKd/9EBzdgCyYWa4ceYB2ZN6J0WNtcvnvykK+vtU ikxrLRoZEUoOBV9XSbAJil0ShvfR40z5L4WLOR7FfaaPe/HdzET5ugoWLaAMloXerK/P lxtg== X-Gm-Message-State: AOAM530dPKlC1vk+KFUJJjLIyV3Ig+/WvkSSddoEYVujDI5aFaTH+ICa Uxc+WBfQFO48K7asQ/n8gPc79fYo X-Google-Smtp-Source: ABdhPJxdJN20MQK+tPFSVeHLK1QRIU3CwqPEj9dd/5hynR4EtmgMSV6pTIMeypMpUS0kKRbVY+22ww== X-Received: by 2002:a1c:4987:: with SMTP id w129mr20539457wma.9.1595236470499; Mon, 20 Jul 2020 02:14:30 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id j16sm32736748wrt.7.2020.07.20.02.14.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:14:29 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 10/15] Manual pages: getpcaps.8: SEE ALSO: fix section number for capsh Date: Mon, 20 Jul 2020 11:13:23 +0200 Message-Id: <20200720091328.290336-11-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: capsh is in Section 1, not Section 8. Also, reformat the SEE ALSO list in a more conventional way. Signed-off-by: Michael Kerrisk (man-pages) --- doc/getpcaps.8 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/getpcaps.8 b/doc/getpcaps.8 index dadd365..d519357 100644 --- a/doc/getpcaps.8 +++ b/doc/getpcaps.8 @@ -34,8 +34,10 @@ Displays output in a somewhat ugly legacy format. Displays usage in a legacy-like format but not quite so ugly in modern default terminal fonts. .SH SEE ALSO +.BR capsh (1), .BR capabilities (7), -.BR capsh "(8), " setcap "(8) and " getcap (8). +.BR getcap (8), +.BR setcap (8) .SH AUTHOR This manual page was originally written by Robert Bihlmeyer , for the Debian GNU/Linux system (but may be used From patchwork Mon Jul 20 09:13:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673335 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4653C13B1 for ; Mon, 20 Jul 2020 09:14:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2534322482 for ; Mon, 20 Jul 2020 09:14:37 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="eiofgWvI" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728088AbgGTJOg (ORCPT ); Mon, 20 Jul 2020 05:14:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35776 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728081AbgGTJOg (ORCPT ); Mon, 20 Jul 2020 05:14:36 -0400 Received: from mail-wr1-x441.google.com (mail-wr1-x441.google.com [IPv6:2a00:1450:4864:20::441]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1CD74C061794 for ; Mon, 20 Jul 2020 02:14:36 -0700 (PDT) Received: by mail-wr1-x441.google.com with SMTP id s10so16998941wrw.12 for ; Mon, 20 Jul 2020 02:14:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=0Tn3fVW3IjvsSlXxR30H4KOgdbvOUOH/p/mHP87uMh0=; b=eiofgWvIKdukvrnMmfGMxDJqM9erebbWFeeVMOOrjLkyHElYlstLc/1P2QWxJuo+RQ Uw6pzYKo5zSdBnqN/wS5aDeMcbilGem4GGZ6Cg/bXnjL0ozGVolV4PC+DdEADSmSp3/9 52Y4S0SyBq6IsH9NLAMyW+/Qdndf8QqfFv0uZqh2vuNa9373Ahxzr/G4zO6pluNWSvgi PeyopWueBUqENkq6ToapeDSwc7eBOXQ3ZvT7iP605QH6IXDCTNr9t7+pA8EA1FLDrKDE d/eseYrw2VozGnc2RMdf/oXLSLOM/eqf2TCPBcPzzhH0iIWxe8wWUUyplklyfrKmQEHK epZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=0Tn3fVW3IjvsSlXxR30H4KOgdbvOUOH/p/mHP87uMh0=; b=ilmkdfloUCXxgEoIucGG00M7d0T9EDoS1ApxYP492Beh+enJwJSN9krkR14JcYYFKj 9ol2mPiw8A+w9d/3ZRYe4XUbJ+d3tZOHPUaPIIM9quZoyIiDGBCd8qTN7b+dMP8nI2zv 4ZnnVCk0kRNAfHUIVChMr9UgEdLO4wP9+FtiUGioTd3dui2g3JJbSc3pdTHTIL0jZPIC JM3rtS9AqjM86OeZVTAXm/C8liBodg+WF60IgsSrLoJhgeM7Z1tw4VlKPBPrPJ1jFDxn wABovHdBX9N9eOu0Ch3qpQeRQ2zDRzGTTdSMZV+/T+DFWqvuosYwjs40oRvCeSiKsVoA v3Ag== X-Gm-Message-State: AOAM530fSeU2WIr3YhKEyjMyZviuMbTCrlKjMop2ZfNjnPjbvtmlQP6w X+hT76vE0knkKEK3lJv3S90= X-Google-Smtp-Source: ABdhPJwYZDz2FbPnQy8TUj+V46supWh9ob5bIs3LRop6j0a4fYKwi282VSp72T7zAKDI2YcNcn0X6Q== X-Received: by 2002:adf:bc07:: with SMTP id s7mr6854852wrg.254.1595236474824; Mon, 20 Jul 2020 02:14:34 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id u15sm32379032wrm.64.2020.07.20.02.14.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:14:34 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 11/15] Manual pages: setcap.8: Typo fix Date: Mon, 20 Jul 2020 11:13:24 +0200 Message-Id: <20200720091328.290336-12-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Signed-off-by: Michael Kerrisk (man-pages) --- doc/setcap.8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/setcap.8 b/doc/setcap.8 index ae044aa..582c781 100644 --- a/doc/setcap.8 +++ b/doc/setcap.8 @@ -39,7 +39,7 @@ is used to remove a capability set from a file. Note, setting an empty capability set is .B not the same as removing it. An empty set can be used to guarantee a file is not -executed with privilege inspite of the fact that the prevailing +executed with privilege in spite of the fact that the prevailing ambient+inheritable sets would otherwise bestow capabilities on executed binaries. .PP From patchwork Mon Jul 20 09:13:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673337 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 93D1213B6 for ; Mon, 20 Jul 2020 09:14:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7BFC72080D for ; Mon, 20 Jul 2020 09:14:41 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="mJO3d82H" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728093AbgGTJOl (ORCPT ); Mon, 20 Jul 2020 05:14:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35788 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728069AbgGTJOk (ORCPT ); Mon, 20 Jul 2020 05:14:40 -0400 Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com [IPv6:2a00:1450:4864:20::344]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7BE58C061794 for ; Mon, 20 Jul 2020 02:14:40 -0700 (PDT) Received: by mail-wm1-x344.google.com with SMTP id w3so24379751wmi.4 for ; Mon, 20 Jul 2020 02:14:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=nd5MRrfc4FbCz2nNbnQ3jrH4N68Vrj6ya5355SWWcsg=; b=mJO3d82HOX7escqUNf/bjOZNOI/7cbzcr4kKKXurp/8Rqy8cD0Rths4LRAvcsnQxTl 7wR5DGZ1Cu8FeU49YCwYl+YyDlGWJY3hxxCEYRkQqjue/34vuI3r4Qd4Zk5zhUv3kWyh ijSpDwmhir+UaFjgs3bjPavfr0o1Fb40ohsgv/G9xCGksivbt4V1+wIY1xuLjxTVuGWV qeZUtzpdTemhHu+TRIshZlq1PORXslbzmgpOQrCKGn/3tv1K7UgnPHeGGtEC/4vpzPrL un8V/1GtSmBHTOWUY4MljHu5qUbZC1fMmSoQSGTB1weUQ8sPdnQn8Yb1KQIdZwkC/8Jz E5VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=nd5MRrfc4FbCz2nNbnQ3jrH4N68Vrj6ya5355SWWcsg=; b=gqYmPhGoaw/j0rbcS0nx0SUGcdLRJT4YRor3DMEBtVtfqfDUggizwZOUE3aJxHXsaI ZrlhrPhZ7BDv9DmHw4ipvSxRPhHCQBabIrwyya6DgPSOTv+HOLK7nLN8AJHjHsFeRgdB E3tWOiX6rbYOs6dazIb0YrNrXS14Ni3UklEU7Z4XrGrETmomfbPMyxvKMSh5PLdVEhSM iT1zjbCgI3xfdP/UveRu3IIaNHDO4HbF60iiqhDyO/d6NBd8yWNbjO8zPP2aUpz7ZPUJ hI3eZHZL4A4HSW8s6GeX8BeBI4DHXR3U+ODlya5yShv4GxvCrZVoIWSAGBnPd27DWkMS 3etQ== X-Gm-Message-State: AOAM531T+rBa9Amdh0kl5b6qwNM9c3ezEPP3CJXN7tzSDaefUWq1mwQG pG4MrukNbcrYqZUH5kN3UinFj/RV X-Google-Smtp-Source: ABdhPJyLgxUtySV7KdCjEcZYwQ9nnzS0H95/AUhCeTdsbBAi1YN2lzrOlGh56xV6rjgzjwVJVzxG+w== X-Received: by 2002:a1c:f616:: with SMTP id w22mr19845011wmc.44.1595236479251; Mon, 20 Jul 2020 02:14:39 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id c24sm6036215wrb.11.2020.07.20.02.14.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:14:38 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 12/15] Manual pages: cap_get_file.3: NOTES: note the effect of the Ambient set Date: Mon, 20 Jul 2020 11:13:25 +0200 Message-Id: <20200720091328.290336-13-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: The addition of Ambient capabilities in Linux 4.3 rendered the text on the effect of the Effective bit during execve(2) out-of-date. Fix that. Also add a couple of paragraph breaks to improve readability. Signed-off-by: Michael Kerrisk (man-pages) --- doc/cap_get_file.3 | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/doc/cap_get_file.3 b/doc/cap_get_file.3 index ceacbaf..dc7b571 100644 --- a/doc/cap_get_file.3 +++ b/doc/cap_get_file.3 @@ -103,13 +103,18 @@ or These functions are specified by withdrawn POSIX.1e draft specification. .SH NOTES Support for file capabilities is provided on Linux since version 2.6.24. - +.PP On Linux, the file Effective set is a single bit. If it is enabled, then all Permitted capabilities are enabled in the Effective set of the calling process when the file is executed; -otherwise, no capabilities are enabled in the process's Effective set +otherwise, the process's Ambient capabilities +(or, before the Linux 4.3 addition of Ambient capabilities, no capabilities) +are enabled in the process's Effective set following an -.BR execve (2). +.BR execve (2) +(see +.BR capabilities (7)). +.PP Because the file Effective set is a single bit, if any capability is enabled in the Effective set of the .I cap_t From patchwork Mon Jul 20 09:13:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673339 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A899213B6 for ; Mon, 20 Jul 2020 09:14:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 91CF321775 for ; Mon, 20 Jul 2020 09:14:49 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gQOdvQc0" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728112AbgGTJOq (ORCPT ); Mon, 20 Jul 2020 05:14:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35802 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728069AbgGTJOq (ORCPT ); Mon, 20 Jul 2020 05:14:46 -0400 Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com [IPv6:2a00:1450:4864:20::344]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8E00AC061794 for ; Mon, 20 Jul 2020 02:14:45 -0700 (PDT) Received: by mail-wm1-x344.google.com with SMTP id c80so21524207wme.0 for ; Mon, 20 Jul 2020 02:14:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fiStrsNp0Nn8CO2onfVP2auDZ4lB9LnkFmz5jiXy/SM=; b=gQOdvQc0/Cssvayo3Ym3kvrz9uXGhBbrG9Qb0iJv4zyywxgFqXg0CJS4CJad+PzOV8 Dx7Njm35IBUbeHglAtUJqN6slwdlolh8dg4Q15NyiKIJzELWYMAHOp0hKaanekVdcjH4 vGCFrQm0JXxlKez1gzPw58P8XynkxTuXAarwj145QdXuPEnYc1o03h3xUM3pu4SKyaV0 WJhuhkga5lXQVwZtD6FgvZ2nAtgu+YZyJ8t10uZSp1MepPTPiKzZKbSTWAyXZ2sw4EVr jpBr1MRic7Q92fa3MuMzFQXfyH6mT01gyEXvP7wjaJOlZI602zqjbCO0lasJfqVwCYE3 LXmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fiStrsNp0Nn8CO2onfVP2auDZ4lB9LnkFmz5jiXy/SM=; b=B7QdJI0nqW3Ll89fRV5RPDHIcozwnnrok2zfkxaqZRBO4JwBHai0TgQXf7oe/ZtjyT 0SzWvDWWoHmhpbajqgupNpBkwexVPYBcPgOkNI/Z6LHRi/N7HcuQWD7hKqJxkaD4ca32 403OR6g5jkfZtELJRbgNBB8boCWtFPWoUUgWy74pp65UL8zUH6tbglbcWF+C+g8hvpse e40gF5PdccY2E0AU3q/W0yE2uuApmb4KcAcCBTDPcNPlf7TVm3N6c8pNugs35fZrG5aB x/cllDerA9hqkbYcaI3ApLaoXlSB3hhzT3Qd3HZWrOjTSXBhVysnOwnq3pWZML05eota 3PNA== X-Gm-Message-State: AOAM5328MoqiGZMI+oRTd9ig2hEOT/dbAx+gFQPqXP7r79BAzkmpmjI8 hVmAy4JNUkhV2iHPM/TAX10= X-Google-Smtp-Source: ABdhPJx9G1vCJbWN6Frd58VfvUTQxw+5ImAKfmh4vWcnb8LQ1T4ArKg7vivUGSh9bDTEW4+Y1CSsbw== X-Received: by 2002:a05:600c:21cb:: with SMTP id x11mr19595289wmj.141.1595236484297; Mon, 20 Jul 2020 02:14:44 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id w16sm34375905wrg.95.2020.07.20.02.14.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:14:43 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 13/15] Manual pages: cap_get_proc.3: Update description of capsetp() Date: Mon, 20 Jul 2020 11:13:26 +0200 Message-Id: <20200720091328.290336-14-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: The details currently provided for capsetp() were current before 2008, but ceased to be accurate with the 2008 addition of VFS file capabilities in 2008. Update the text accordingly. At the same time, add a subheading, a few paragraph breaks, and a few other wording tweaks to make the description of capgetp() and capsetp() more readable. Signed-off-by: Michael Kerrisk (man-pages) --- doc/cap_get_proc.3 | 40 +++++++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 13 deletions(-) diff --git a/doc/cap_get_proc.3 b/doc/cap_get_proc.3 index fce8f59..40475fd 100644 --- a/doc/cap_get_proc.3 +++ b/doc/cap_get_proc.3 @@ -251,7 +251,7 @@ or, When linked this way, due to linker magic, libcap uses .BR psx_syscall "(3) and " psx_syscall6 (3) to perform state setting system calls. -.PP +.SS capgetp() and capsetp() The library also supports the deprecated functions: .PP .BI "int capgetp(pid_t " pid ", cap_t " cap_d ); @@ -264,14 +264,20 @@ capabilities in a pre-allocated .IR cap_d . See .BR cap_init () -for information on allocating an empty capability set. This function, -.BR capgetp (), -is deprecated, you should use +for information on allocating an empty capability set. This function +is deprecated; you should use .BR cap_get_pid (). .PP .BR capsetp () -attempts to set the capabilities of some other process(es), -.IR pid . +attempts to set the capabilities of the calling porcess or of +some other process(es), +.IR pid . +Note that setting capabilities of another process is only possible on older +kernels that do not provide VFS support for setting file capabilities. +See +.BR capset (2) +for information on which kernels provide such support. +.PP If .I pid is positive it refers to a specific process; if it is zero, it refers @@ -280,29 +286,37 @@ calling process and process '1' (typically .BR init (8)); other negative values refer to the .I \-pid -process group. In order to use this function, the kernel must support +process group. +.PP +In order to use this function, the kernel must support it and the calling process must have .B CAP_SETPCAP raised in its Effective capability set. The capabilities set in the target process(es) are those contained in .IR cap_d . +.PP Kernels that support filesystem capabilities redefine the semantics of .B CAP_SETPCAP -and on such systems this function will always fail for any target not +and on such systems, +.BR capsetp () +will always fail for any target not equal to the calling process. .BR capsetp () returns zero for success, and \-1 on failure. - -Where supported by the kernel, the function +.PP +On kernels where it is (was) supported, .BR capsetp () should be used with care. It existed, primarily, to overcome an early lack of support for capabilities in the filesystems supported by -Linux. Note that, by default, the only processes that have +Linux. Note that on older kernels where +.BR capsetp () +could be used to set the capabilities of another process, +the only processes that had .B CAP_SETPCAP -available to them are processes started as a kernel thread. +available to them by default were processes started as kernel threads. (Typically this includes .BR init (8), -kflushd and kswapd.) You will need to recompile the kernel to modify +kflushd and kswapd.) A kernel recompilation was needed to modify this default. .SH EXAMPLE The code segment below raises the From patchwork Mon Jul 20 09:13:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673341 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B29A113B1 for ; Mon, 20 Jul 2020 09:14:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 92FA721775 for ; Mon, 20 Jul 2020 09:14:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="czx3JB5z" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728151AbgGTJOv (ORCPT ); Mon, 20 Jul 2020 05:14:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728135AbgGTJOu (ORCPT ); Mon, 20 Jul 2020 05:14:50 -0400 Received: from mail-wm1-x341.google.com (mail-wm1-x341.google.com [IPv6:2a00:1450:4864:20::341]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29D8CC0619D2 for ; Mon, 20 Jul 2020 02:14:50 -0700 (PDT) Received: by mail-wm1-x341.google.com with SMTP id o2so24451793wmh.2 for ; Mon, 20 Jul 2020 02:14:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=mh4/AXI1HeH1sQ86GcpnBemZk/ksViCceFobWSa5iOA=; b=czx3JB5zTSSRSBHnIA9XqEy+FwlkPZAvrcKPxy1awM0C40gzSA2FygYRL12w1eOBzE /14hePdai7LBHVcfUHG2BnbtcVOka5dr2jMm0BHM5mapyMocUiEZWHiOFbWQX0QXXkKZ MXF4YDGmKVSBfh40obccXbIunf8awM0VIdl392H8Ov22eh5heGrAH4WkSR65GSpQZVo0 akC0EvBstLake5kSHwdtZfrK7ZL602aB0+jwxGC3IRO79QF4QNVIH5WmQBso6ZWJgZLl eSejUEOSnN7lWTa5Fyov3kiyyl8UF3lIGybSlZqrQZ6iuQBPjGGb24/CxZklKJJNFeIs nXFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mh4/AXI1HeH1sQ86GcpnBemZk/ksViCceFobWSa5iOA=; b=Z+3Pepc1r6JxlWhx2PFGJWxGoFBwHY+lJ5e39AYSYkTAi6sq5AKVTXyhFiiO9wDL44 89OMa8jI8X8Dta64FzTJMyeQU37LR20z2OtS/leWlaNKvqhjwa+E5W5IumzzAvZIREKl FN4CDR8cvjwbn/n8It9RIc49Z+y1sE5HQ/4lDGFAenyfVqerwjRlDOOkaxHH/CqEWV8K pA4+mlGJELxX0D1SY2aqklPzckqI/MaVV77puBCfCWoeK7ReEr3kwZrOGlY95vyDYZIZ olg0pCRdWQvJgFOPEQnktF5muqRtRCWbycjUFaiwlE2scP4I6ZJz4EblXfUItq8JU4rN Er2g== X-Gm-Message-State: AOAM531uG94nu42kFBe1+Ae4SYnlf9c7X/fPf62ZJhB6O6rkHd0Kscco afROR8m8Ioy1iXMDHR5G5sA= X-Google-Smtp-Source: ABdhPJxMMf/I3JSvSHzPQFIBitUm/njjswgY/LnqcHRXEH8eI04DwqTeqUP9woQ9Z55tXVoPSHFOXA== X-Received: by 2002:a1c:14e:: with SMTP id 75mr21963069wmb.151.1595236488912; Mon, 20 Jul 2020 02:14:48 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id w7sm29870391wmc.32.2020.07.20.02.14.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:14:48 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 14/15] Manual pages: cap_get_proc.3, capsh.1: Use "UID" and "GID" consistently Date: Mon, 20 Jul 2020 11:13:27 +0200 Message-Id: <20200720091328.290336-15-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Replace terms such as "uid" and "use-id" with the more conventional abbreviation UID. Similarly for GID. Signed-off-by: Michael Kerrisk (man-pages) --- doc/cap_get_proc.3 | 2 +- doc/capsh.1 | 18 ++++++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/doc/cap_get_proc.3 b/doc/cap_get_proc.3 index 40475fd..74e5e8c 100644 --- a/doc/cap_get_proc.3 +++ b/doc/cap_get_proc.3 @@ -349,7 +349,7 @@ effective capabilities for the caller: .fi Alternatively, to completely drop privilege in a program launched -setuid-root but wanting to run as a specific user-id etc. in such a +setuid-root but wanting to run as a specific user ID etc. in such a way that neither it, nor any of its children can acquire privilege again: .nf diff --git a/doc/capsh.1 b/doc/capsh.1 index f19a3ea..d124889 100644 --- a/doc/capsh.1 +++ b/doc/capsh.1 @@ -67,7 +67,7 @@ in its effective set. .TP .BI \-\-user= username Assume the identity of the named user. That is, look up the user's -.IR uid " and " gid +UID and GID with .BR getpwuid (3) and their group memberships with @@ -97,7 +97,7 @@ or exit with a status 1. .TP .BI \-\-uid= id Force all -.B uid +UID values to equal .I id using the @@ -108,18 +108,19 @@ effective set. .BR \-\-cap\-uid= use the .BR cap_setuid (3) -function to set the uid of the current process. This performs all -preparations for setting the uid without dropping capabilities in the +function to set the UID of the current process. This performs all +preparations for setting the UID without dropping capabilities in the process. Following this command the prevailing effective capabilities will be lowered. .TP .BI \-\-is\-uid= Exit with status 1 unless the current -.IR uid " equals " . +UID equals +.IR . .TP .BI \-\-gid= Force all -.B gid +GID values to equal .I id using the @@ -128,7 +129,8 @@ system call. .TP .BI \-\-is\-gid= Exit with status 1 unless the current -.IR gid " equals " . +GIQ equals +.IR . .TP .BI \-\-groups= Set the supplementary groups to the numerical list provided. The @@ -142,7 +144,7 @@ for a more convenient way of doing this. In a non-pure capability mode, the kernel provides liberal privilege to the super-user. However, it is normally the case that when the super-user changes -.I uid +UID to some lesser user, then capabilities are dropped. For these situations, the kernel can permit the process to retain its capabilities after a From patchwork Mon Jul 20 09:13:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Michael Kerrisk (man-pages)" X-Patchwork-Id: 11673343 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9758313B6 for ; Mon, 20 Jul 2020 09:14:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 801FF22B4E for ; Mon, 20 Jul 2020 09:14:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="JrUGZLGW" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728183AbgGTJO4 (ORCPT ); Mon, 20 Jul 2020 05:14:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35834 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728173AbgGTJOy (ORCPT ); Mon, 20 Jul 2020 05:14:54 -0400 Received: from mail-wr1-x442.google.com (mail-wr1-x442.google.com [IPv6:2a00:1450:4864:20::442]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8CDFDC061794 for ; Mon, 20 Jul 2020 02:14:54 -0700 (PDT) Received: by mail-wr1-x442.google.com with SMTP id f18so17099208wrs.0 for ; Mon, 20 Jul 2020 02:14:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dF76uqJM2CM/2J0mqmxABMRZvJOzxZK+RejceFf4EE8=; b=JrUGZLGWxyqaUyZsISXnLY5KLkpBj++/mxsn+kUuxsMW+xozGt22Bi/IPPXvmD0X+M AuJ8yX4Zg6MEiNyI0Lpr0DBGExUdsmMXcMOtw806fhFNWdB5nFiK1ePoHbcs+GjqF6Sn preYahYqTe+rb6PBs1FtBmBfYZHuHftnBQrZRgNOML0dkkH568CKOHBkdA0xmPCNeq2f cZDWdjBAB3MD7/IXzIEHzXHf+TRdQv3gUSCq2uhLoJYOTpkOoOIORFnwNtrXPbQOvxYK EhYxg1DjGIBgyw/xwGY/Q3HnCraMQWISmEMqs7NucLZLKZhLNHaRyCygD8zZIG1P0U9J v9GQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dF76uqJM2CM/2J0mqmxABMRZvJOzxZK+RejceFf4EE8=; b=M+x7dij7PlAOQuzaUZ8hsUZA8XKAWNKXIvHHdfbkXv7BxJ/mPuUqKIrcTvh1Etz50+ TNVxBKpQijfcDO7ILEY3hU6piCzIY8HFVG7D3IkYFuoyPTORoe0KcswHp3cKe11Hjocl 2vBrkQIh616vsRL7Oi+u/NafjDjMIn9N95aPc1Ih54bWrd/1wzTOgayfJJSTdYgxyJm1 6yDZaJZCgko4P/Ftkeu5Xxh5Q+eLDJi90NSlCayqQPo2qBQz0sHXvx+Zh8vVNJEZYM7r nBk7ovwunwrd9UTcT1Eq9GD+AbjCsm0QvWyfxeGRGHoXfHfV9gCZJM89SHqBaZDLgrmU bwPg== X-Gm-Message-State: AOAM530gVIKMYRrjGh3YkjyJkKY3yCD0VfDvfMgIfqEtNM3z3EoLWLFR egoNE/A613cVNmP1LkVErAU= X-Google-Smtp-Source: ABdhPJzkJpbMTo1kvo/0zthpd9mrpN623rsXpHDcLUiZTZuC05cX8lvphKB5Ej2Umbxkrmdfi2s5xQ== X-Received: by 2002:a5d:688d:: with SMTP id h13mr20735636wru.303.1595236493372; Mon, 20 Jul 2020 02:14:53 -0700 (PDT) Received: from bienne.fritz.box ([2001:a61:3adb:8201:9649:88f:51f8:6a21]) by smtp.gmail.com with ESMTPSA id f15sm30401827wrx.91.2020.07.20.02.14.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jul 2020 02:14:53 -0700 (PDT) From: "Michael Kerrisk (man-pages)" To: mtk.manpages@gmail.com, Andrew Morgan Cc: linux-security-module@vger.kernel.org Subject: [PATCH 15/15] Manual pages: capsh.1: Change .TP indent to the default Date: Mon, 20 Jul 2020 11:13:28 +0200 Message-Id: <20200720091328.290336-16-mtk.manpages@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com> References: <20200720091328.290336-1-mtk.manpages@gmail.com> MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Currently, the long list of options in this page is formatted as a hanging list with a very deep indent (22), which causes the rendered text to be rather narrow. That's uncomfortable when viewing on something other than an 80 column display, and also causes some ugliness in line breaks and line filling. Change to the more traditional default indentation for .TP. Signed-off-by: Michael Kerrisk (man-pages) --- doc/capsh.1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/capsh.1 b/doc/capsh.1 index d124889..b02793b 100644 --- a/doc/capsh.1 +++ b/doc/capsh.1 @@ -13,7 +13,7 @@ debugging features useful for summarizing capability state. .B capsh takes a number of optional arguments, acting on them in the order they are provided. They are as follows: -.TP 22 +.TP .B \-\-help Display the list of commands supported by .BR capsh .