* [PATCH 02/16] Manual pages: cap_get_file.3, getcap.8, setcap.8: SEE ALSO: add user_namespaces(7)
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 03/16] Manual pages: setcap.8: Formatting fix: use bold for function name Michael Kerrisk (man-pages)
` (13 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
Since namespaces are mentioned in this page, it's wise also to have
a reference to the relevant page that explains the concept.
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
doc/cap_get_file.3 | 3 ++-
doc/getcap.8 | 1 +
doc/setcap.8 | 1 +
3 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/doc/cap_get_file.3 b/doc/cap_get_file.3
index a99ab40..9c115a6 100644
--- a/doc/cap_get_file.3
+++ b/doc/cap_get_file.3
@@ -136,4 +136,5 @@ Permitted or Inheritable flag enabled.
.BR cap_from_text (3),
.BR cap_get_proc (3),
.BR cap_init (3),
-.BR capabilities (7)
+.BR capabilities (7),
+.BR user_namespaces (7)
diff --git a/doc/getcap.8 b/doc/getcap.8
index 0547ff9..497699c 100644
--- a/doc/getcap.8
+++ b/doc/getcap.8
@@ -32,4 +32,5 @@ https://bugzilla.kernel.org/buglist.cgi?component=libcap&list_id=1047723&product
.BR cap_get_file (3),
.BR cap_to_text (3),
.BR capabilities (7),
+.BR user_namespaces (7),
.BR setcap (8)
diff --git a/doc/setcap.8 b/doc/setcap.8
index da95afb..99e3c36 100644
--- a/doc/setcap.8
+++ b/doc/setcap.8
@@ -59,4 +59,5 @@ https://bugzilla.kernel.org/buglist.cgi?component=libcap&list_id=1047723&product
.BR cap_from_text (3),
.BR cap_get_file (3),
.BR capabilities (7),
+.BR user_namespaces (7),
.BR getcap (8)
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 03/16] Manual pages: setcap.8: Formatting fix: use bold for function name
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 02/16] Manual pages: cap_get_file.3, getcap.8, setcap.8: SEE ALSO: add user_namespaces(7) Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 04/16] Manual pages: cap_from_text.3: typo fix Michael Kerrisk (man-pages)
` (12 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
doc/setcap.8 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/setcap.8 b/doc/setcap.8
index 99e3c36..90aa13f 100644
--- a/doc/setcap.8
+++ b/doc/setcap.8
@@ -25,7 +25,7 @@ argument is also verified.
The
.I capabilities
are specified in the form described in
-.IR cap_from_text (3).
+.BR cap_from_text (3).
.PP
The special capability string,
.BR '\-' ,
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 04/16] Manual pages: cap_from_text.3: typo fix
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 02/16] Manual pages: cap_get_file.3, getcap.8, setcap.8: SEE ALSO: add user_namespaces(7) Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 03/16] Manual pages: setcap.8: Formatting fix: use bold for function name Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 05/16] Manual pages: cap_get_file.3, getcap.8, setcap.8: clarify "namespace" Michael Kerrisk (man-pages)
` (11 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
doc/cap_from_text.3 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/cap_from_text.3 b/doc/cap_from_text.3
index 455a52d..e59ca59 100644
--- a/doc/cap_from_text.3
+++ b/doc/cap_from_text.3
@@ -172,7 +172,7 @@ The example program below demonstrates the use of
.BR cap_from_text ()
and
.BR cap_to_text ().
-The following shell session shows a some example runs:
+The following shell session shows some example runs:
.nf
$ ./a.out "cap_chown=p cap_chown+e"
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 05/16] Manual pages: cap_get_file.3, getcap.8, setcap.8: clarify "namespace"
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
` (2 preceding siblings ...)
2020-07-16 10:18 ` [PATCH 04/16] Manual pages: cap_from_text.3: typo fix Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 06/16] Manual pages: cap_get_file.3: Remove stray macros that have no effect Michael Kerrisk (man-pages)
` (10 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
In these pages, the "namespace" that is being mentioned is the
"user namespace". Make this clearer by adding the word "user".
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
doc/cap_get_file.3 | 2 +-
doc/getcap.8 | 2 +-
doc/setcap.8 | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/doc/cap_get_file.3 b/doc/cap_get_file.3
index 9c115a6..42255ee 100644
--- a/doc/cap_get_file.3
+++ b/doc/cap_get_file.3
@@ -69,7 +69,7 @@ capability state to any file type other than a regular file are
undefined.
.PP
A capability set held in memory can be associated with the rootid in
-use in a specific namespace. It is possible to get and set this value
+use in a specific user namespace. It is possible to get and set this value
(in the memory copy) with
.BR cap_get_nsowner ()
and
diff --git a/doc/getcap.8 b/doc/getcap.8
index 497699c..d867203 100644
--- a/doc/getcap.8
+++ b/doc/getcap.8
@@ -13,7 +13,7 @@ displays the name and capabilities of each specified
prints quick usage.
.TP 4
.B \-n
-prints any non-zero namespace rootid value found to be associated with
+prints any non-zero user namespace rootid value found to be associated with
a file's capabilities.
.TP 4
.B \-r
diff --git a/doc/setcap.8 b/doc/setcap.8
index 90aa13f..ae044aa 100644
--- a/doc/setcap.8
+++ b/doc/setcap.8
@@ -15,7 +15,7 @@ to the
specified. The optional
.B \-n <rootid>
argument can be used to set the file capability for use only in a
-namespace with this rootid owner. The
+user namespace with this rootid owner. The
.B \-v
option is used to verify that the specified capabilities are currently
associated with the file. If \-v and \-n are supplied, the
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 06/16] Manual pages: cap_get_file.3: Remove stray macros that have no effect
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
` (3 preceding siblings ...)
2020-07-16 10:18 ` [PATCH 05/16] Manual pages: cap_get_file.3, getcap.8, setcap.8: clarify "namespace" Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 07/16] Manual pages: cap_get_proc.3: s/UNCERTAIN/CAP_MODE_UNCERTAIN/ Michael Kerrisk (man-pages)
` (9 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
These macros give warnings from 'mandoc -T lint'.
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
doc/cap_get_file.3 | 2 --
1 file changed, 2 deletions(-)
diff --git a/doc/cap_get_file.3 b/doc/cap_get_file.3
index 42255ee..c028148 100644
--- a/doc/cap_get_file.3
+++ b/doc/cap_get_file.3
@@ -6,8 +6,6 @@
cap_get_file, cap_set_file, cap_get_fd, cap_set_fd \- capability
manipulation on files
.SH SYNOPSIS
-.B
-.sp
.B #include <sys/capability.h>
.sp
.BI "cap_t cap_get_file(const char *" path_p );
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 07/16] Manual pages: cap_get_proc.3: s/UNCERTAIN/CAP_MODE_UNCERTAIN/
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
` (4 preceding siblings ...)
2020-07-16 10:18 ` [PATCH 06/16] Manual pages: cap_get_file.3: Remove stray macros that have no effect Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 08/16] Manual pages: cap_get_proc.3: formatting fix Michael Kerrisk (man-pages)
` (8 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
Use the proper name of the constant in DESCRIPTION.
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
doc/cap_get_proc.3 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/cap_get_proc.3 b/doc/cap_get_proc.3
index b0a61d1..ded1491 100644
--- a/doc/cap_get_proc.3
+++ b/doc/cap_get_proc.3
@@ -168,7 +168,7 @@ returns
which
.BR cap_get_name ()
declares as
-.IR "UNCERTAIN" .
+.BR CAP_MODE_UNCERTAIN .
Supported modes are:
.BR CAP_MODE_NOPRIV ", " CAP_MODE_PURE1E_INIT " and " CAP_MODE_PURE1E .
.PP
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 08/16] Manual pages: cap_get_proc.3: formatting fix
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
` (5 preceding siblings ...)
2020-07-16 10:18 ` [PATCH 07/16] Manual pages: cap_get_proc.3: s/UNCERTAIN/CAP_MODE_UNCERTAIN/ Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 09/16] Manual pages: capsh.1: spelling fixes Michael Kerrisk (man-pages)
` (7 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
doc/cap_get_proc.3 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/doc/cap_get_proc.3 b/doc/cap_get_proc.3
index ded1491..f90c4f5 100644
--- a/doc/cap_get_proc.3
+++ b/doc/cap_get_proc.3
@@ -261,7 +261,8 @@ The library also supports the deprecated functions:
.BR capgetp ()
attempts to obtain the capabilities of some other process; storing the
capabilities in a pre-allocated
-.IR cap_d . See
+.IR cap_d .
+See
.BR cap_init ()
for information on allocating an empty capability set. This function,
.BR capgetp (),
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 09/16] Manual pages: capsh.1: spelling fixes
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
` (6 preceding siblings ...)
2020-07-16 10:18 ` [PATCH 08/16] Manual pages: cap_get_proc.3: formatting fix Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 10/16] Manual pages: capsh.1: Remove stray .TP macro Michael Kerrisk (man-pages)
` (6 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
doc/capsh.1 | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/capsh.1 b/doc/capsh.1
index cd30dc3..24e80b7 100644
--- a/doc/capsh.1
+++ b/doc/capsh.1
@@ -103,7 +103,7 @@ effective set.
use the
.BR cap_setuid (3)
function to set the uid of the current process. This performs all
-prepations for setting the uid without dropping capabilities in the
+preparations for setting the uid without dropping capabilities in the
process. Following this command the prevailing effective capabilities
will be lowered.
.TP
@@ -242,7 +242,7 @@ vector has capability
raised.
.TP
.BI \-\-addamb= xxx
-Adds the specificed ambient capability to the running process.
+Adds the specified ambient capability to the running process.
.TP
.BI \-\-delamb= xxx
Removes the specified ambient capability from the running process.
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 10/16] Manual pages: capsh.1: Remove stray .TP macro
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
` (7 preceding siblings ...)
2020-07-16 10:18 ` [PATCH 09/16] Manual pages: capsh.1: spelling fixes Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 11/16] Manual pages: capsh.1: Correct/update the Cap field example for /proc/PID/status Michael Kerrisk (man-pages)
` (5 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
doc/capsh.1 | 2 --
1 file changed, 2 deletions(-)
diff --git a/doc/capsh.1 b/doc/capsh.1
index 24e80b7..522e719 100644
--- a/doc/capsh.1
+++ b/doc/capsh.1
@@ -249,8 +249,6 @@ Removes the specified ambient capability from the running process.
.TP
.B \-\-noamb
Drops all ambient capabilities from the running process.
-.TP
-
.SH "EXIT STATUS"
Following successful execution the tool exits with status 0. Following
an error, the tool immediately exits with status 1.
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 11/16] Manual pages: capsh.1: Correct/update the Cap field example for /proc/PID/status
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
` (8 preceding siblings ...)
2020-07-16 10:18 ` [PATCH 10/16] Manual pages: capsh.1: Remove stray .TP macro Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 12/16] Manual pages: capsh.1: Update the capsh --decode example Michael Kerrisk (man-pages)
` (4 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
The /proc/1/status output shown for --decode=N is bogus
(e.g., ffffffffffffffff == 64 capability bits). Furthermore,
showing CAP_SETPCAP as missing from CapEff is historical,
and ceased to be actual more than 10 years ago.
Replace with a more current example, and also add the CapAmb field.
This change renders some of the following text obsolete;
that will be fixed in the next patch.
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
doc/capsh.1 | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/doc/capsh.1 b/doc/capsh.1
index 522e719..916353a 100644
--- a/doc/capsh.1
+++ b/doc/capsh.1
@@ -198,10 +198,11 @@ This is a convenience feature. If you look at
there are some capability related fields of the following form:
.nf
- CapInh: 0000000000000000
- CapPrm: ffffffffffffffff
- CapEff: fffffffffffffeff
- CapBnd: ffffffffffffffff
+CapInh: 0000000000000000
+CapPrm: 0000003fffffffff
+CapEff: 0000003fffffffff
+CapBnd: 0000003fffffffff
+CapAmb: 0000000000000000
.fi
This option provides a quick way to decode a capability vector
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 12/16] Manual pages: capsh.1: Update the capsh --decode example
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
` (9 preceding siblings ...)
2020-07-16 10:18 ` [PATCH 11/16] Manual pages: capsh.1: Correct/update the Cap field example for /proc/PID/status Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 13/16] Manual pages: capsh.1: Describe the argument of --secbits in more detail Michael Kerrisk (man-pages)
` (3 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
With the update to the output of /proc/1/status in the previous patch,
the example no longer matches. So, add a different example.
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
doc/capsh.1 | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/doc/capsh.1 b/doc/capsh.1
index 916353a..fd6a5ba 100644
--- a/doc/capsh.1
+++ b/doc/capsh.1
@@ -206,15 +206,13 @@ CapAmb: 0000000000000000
.fi
This option provides a quick way to decode a capability vector
-represented in this form. For example, the missing capability from
-this effective set is 0x0100. By running:
+represented in this hexadecimal form.
+Here's an example that decodes the two lowest capability bits:
+.IP
.nf
-
- capsh \-\-decode=0x0100
-
+$ \fBcapsh \-\-decode=3\fP
+0x0000000000000003=cap_chown,cap_dac_override
.fi
-we observe that the missing capability is:
-.BR cap_setpcap .
.TP
.BI \-\-supports= xxx
As the kernel evolves, more capabilities are added. This option can be used
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 13/16] Manual pages: capsh.1: Describe the argument of --secbits in more detail
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
` (10 preceding siblings ...)
2020-07-16 10:18 ` [PATCH 12/16] Manual pages: capsh.1: Update the capsh --decode example Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 14/16] pam_cap.c: Spelling fix in output string Michael Kerrisk (man-pages)
` (2 subsequent siblings)
14 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
The page currently gives the reader no clue about the format of the
argument.
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
doc/capsh.1 | 3 +++
1 file changed, 3 insertions(+)
diff --git a/doc/capsh.1 b/doc/capsh.1
index fd6a5ba..0b987f0 100644
--- a/doc/capsh.1
+++ b/doc/capsh.1
@@ -164,6 +164,9 @@ the
header file. The program will list these bits via the
.B \-\-print
command.
+The argument is expressed as a numeric bitmask,
+in any of the formats permitted by
+.BR strtoul (3).
.TP
.BI \-\-chroot= path
Execute the
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 14/16] pam_cap.c: Spelling fix in output string
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
` (11 preceding siblings ...)
2020-07-16 10:18 ` [PATCH 13/16] Manual pages: capsh.1: Describe the argument of --secbits in more detail Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 15/16] Various source files: spelling fixes on comments Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 16/16] capsh.c: Spelling fixes in usage() message Michael Kerrisk (man-pages)
14 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
pam_cap/pam_cap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
index 3030692..6927f7b 100644
--- a/pam_cap/pam_cap.c
+++ b/pam_cap/pam_cap.c
@@ -321,7 +321,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
} else {
- D(("there are no capabilities restrctions on this user"));
+ D(("there are no capabilities restrictions on this user"));
return PAM_IGNORE;
}
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 15/16] Various source files: spelling fixes on comments
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
` (12 preceding siblings ...)
2020-07-16 10:18 ` [PATCH 14/16] pam_cap.c: Spelling fix in output string Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 10:18 ` [PATCH 16/16] capsh.c: Spelling fixes in usage() message Michael Kerrisk (man-pages)
14 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
libcap/cap_proc.c | 6 +++---
libcap/include/uapi/linux/capability.h | 2 +-
libcap/include/uapi/linux/securebits.h | 2 +-
psx/include/sys/psx_syscall.h | 2 +-
psx/psx.c | 6 +++---
5 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/libcap/cap_proc.c b/libcap/cap_proc.c
index 1c97beb..3929f66 100644
--- a/libcap/cap_proc.c
+++ b/libcap/cap_proc.c
@@ -75,7 +75,7 @@ static struct syscaller_s singlethread = {
static int _libcap_overrode_syscalls = 1;
/*
- * psx_load_syscalls() is weakly defined so we can have it overriden
+ * psx_load_syscalls() is weakly defined so we can have it overridden
* by libpsx if that library is linked. Specifically, when libcap
* calls psx_load_sycalls() it is prepared to override the default
* values for the syscalls that libcap uses to change security state.
@@ -238,7 +238,7 @@ cap_t cap_get_pid(pid_t pid)
/*
* set the caps on a specific process/pg etc.. The kernel has long
- * since deprecated this asynchronus interface. DON'T EXPECT THIS TO
+ * since deprecated this asynchronous interface. DON'T EXPECT THIS TO
* EVER WORK AGAIN.
*/
@@ -468,7 +468,7 @@ static int _cap_set_mode(struct syscaller_s *sc, cap_mode_t flavor)
* set, these modes cannot be undone by the affected process tree and
* can only be done by "cap_setpcap" permitted processes. Note, a side
* effect of this function, whether it succeeds or fails, is to clear
- * atleast the CAP_EFFECTIVE flags for the current process.
+ * at least the CAP_EFFECTIVE flags for the current process.
*/
int cap_set_mode(cap_mode_t flavor)
{
diff --git a/libcap/include/uapi/linux/capability.h b/libcap/include/uapi/linux/capability.h
index 3281e73..b9ae18b 100644
--- a/libcap/include/uapi/linux/capability.h
+++ b/libcap/include/uapi/linux/capability.h
@@ -368,7 +368,7 @@ struct vfs_ns_cap_data {
#define CAP_AUDIT_READ 37
-/* Alow system performace and observability privileged opeations using
+/* Alow system performance and observability privileged operations using
* perf_events, i915_perf and other kernel subsystems. */
#define CAP_PERFMON 38
diff --git a/libcap/include/uapi/linux/securebits.h b/libcap/include/uapi/linux/securebits.h
index 6dae4e9..e9b1309 100644
--- a/libcap/include/uapi/linux/securebits.h
+++ b/libcap/include/uapi/linux/securebits.h
@@ -22,7 +22,7 @@
#define SECBIT_NOROOT_LOCKED (issecure_mask(SECURE_NOROOT_LOCKED))
/* When set, setuid to/from uid 0 does not trigger capability-"fixup".
- When unset, to provide compatiblility with old programs relying on
+ When unset, to provide compatibility with old programs relying on
set*uid to gain/lose privilege, transitions to/from uid 0 cause
capabilities to be gained/lost. */
#define SECURE_NO_SETUID_FIXUP 2
diff --git a/psx/include/sys/psx_syscall.h b/psx/include/sys/psx_syscall.h
index c089a88..8044fbd 100644
--- a/psx/include/sys/psx_syscall.h
+++ b/psx/include/sys/psx_syscall.h
@@ -35,7 +35,7 @@ int __real_pthread_create(pthread_t *thread, const pthread_attr_t *attr,
/*
* psx_syscall performs the specified syscall on all psx registered
- * threads. The mecanism by which this occurs is much less efficient
+ * threads. The mechanism by which this occurs is much less efficient
* than a standard system call on Linux, so it should only be used
* when POSIX semantics are required to change process relevant
* security state.
diff --git a/psx/psx.c b/psx/psx.c
index cabd342..b494072 100644
--- a/psx/psx.c
+++ b/psx/psx.c
@@ -29,7 +29,7 @@
#include <sys/syscall.h>
/*
- * psx_load_syscalls() is weakly defined so we can have it overriden
+ * psx_load_syscalls() is weakly defined so we can have it overridden
* by libpsx if it is linked. Specifically, when libcap calls
* psx_load_sycalls it will override their defaut values. As can be
* seen here this present function is a no-op. However, if libpsx is
@@ -272,7 +272,7 @@ static void _psx_forked_child(void) {
* The only way we can get here is if state is _PSX_INFORK and was
* previously _PSX_IDLE. However, none of the registered threads
* exist in this newly minted child process, so we have to reset
- * the tracking structure to avoid any confusion. We also skuttle
+ * the tracking structure to avoid any confusion. We also scuttle
* any chance of the PSX API working on more than one thread in
* the child by leaving the state as _PSX_INFORK. We do support
* all psx_syscall()s by reverting to them being direct in the
@@ -343,7 +343,7 @@ static void _psx_exiting(void *node) {
}
/*
- * _psx_start_fn is a trampolene for the intended start function, it
+ * _psx_start_fn is a trampoline for the intended start function, it
* is called blocked (_PSX_CREATE), but releases the block before
* calling starter->fn. Before releasing the block, the TLS specific
* attributes are initialized for use by the interrupt handler under
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 16/16] capsh.c: Spelling fixes in usage() message
2020-07-16 10:18 [PATCH 01/16] Manual pages: getcap.8, getpcaps.8, setcap.8: SEE ALSO: add capabilities(7) Michael Kerrisk (man-pages)
` (13 preceding siblings ...)
2020-07-16 10:18 ` [PATCH 15/16] Various source files: spelling fixes on comments Michael Kerrisk (man-pages)
@ 2020-07-16 10:18 ` Michael Kerrisk (man-pages)
2020-07-16 15:08 ` Andrew G. Morgan
14 siblings, 1 reply; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-16 10:18 UTC (permalink / raw)
To: mtk.manpages, Andrew G . Morgan; +Cc: linux-security-module
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
progs/capsh.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/progs/capsh.c b/progs/capsh.c
index 94bf57d..7bed98e 100644
--- a/progs/capsh.c
+++ b/progs/capsh.c
@@ -879,10 +879,10 @@ int main(int argc, char *argv[], char *envp[])
" --delamb=xxx remove xxx,... capabilities from ambient\n"
" --noamb reset (drop) all ambient capabilities\n"
" --caps=xxx set caps as per cap_from_text()\n"
- " --inh=xxx set xxx,.. inheritiable set\n"
+ " --inh=xxx set xxx,.. inheritable set\n"
" --secbits=<n> write a new value for securebits\n"
" --iab=... use cap_iab_from_text() to set iab\n"
- " --keep=<n> set keep-capabability bit to <n>\n"
+ " --keep=<n> set keep-capability bit to <n>\n"
" --uid=<n> set uid to <n> (hint: id <username>)\n"
" --cap-uid=<n> libcap cap_setuid() to change uid\n"
" --is-uid=<n> exit 1 if uid != <n>\n"
--
2.26.2
^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [PATCH 16/16] capsh.c: Spelling fixes in usage() message
2020-07-16 10:18 ` [PATCH 16/16] capsh.c: Spelling fixes in usage() message Michael Kerrisk (man-pages)
@ 2020-07-16 15:08 ` Andrew G. Morgan
2020-07-17 6:00 ` Michael Kerrisk (man-pages)
0 siblings, 1 reply; 18+ messages in thread
From: Andrew G. Morgan @ 2020-07-16 15:08 UTC (permalink / raw)
To: Michael Kerrisk (man-pages); +Cc: LSM List
Thanks! Applied all of them except 07_16. Instead, I've hopefully
clarified the intent of the text with some quotes.
Cheers
Andrew
https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=34e4e00b983a2c0fc5f13b403871a8fb5860bb89
On Thu, Jul 16, 2020 at 3:19 AM Michael Kerrisk (man-pages)
<mtk.manpages@gmail.com> wrote:
>
> Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
> ---
> progs/capsh.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/progs/capsh.c b/progs/capsh.c
> index 94bf57d..7bed98e 100644
> --- a/progs/capsh.c
> +++ b/progs/capsh.c
> @@ -879,10 +879,10 @@ int main(int argc, char *argv[], char *envp[])
> " --delamb=xxx remove xxx,... capabilities from ambient\n"
> " --noamb reset (drop) all ambient capabilities\n"
> " --caps=xxx set caps as per cap_from_text()\n"
> - " --inh=xxx set xxx,.. inheritiable set\n"
> + " --inh=xxx set xxx,.. inheritable set\n"
> " --secbits=<n> write a new value for securebits\n"
> " --iab=... use cap_iab_from_text() to set iab\n"
> - " --keep=<n> set keep-capabability bit to <n>\n"
> + " --keep=<n> set keep-capability bit to <n>\n"
> " --uid=<n> set uid to <n> (hint: id <username>)\n"
> " --cap-uid=<n> libcap cap_setuid() to change uid\n"
> " --is-uid=<n> exit 1 if uid != <n>\n"
> --
> 2.26.2
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 16/16] capsh.c: Spelling fixes in usage() message
2020-07-16 15:08 ` Andrew G. Morgan
@ 2020-07-17 6:00 ` Michael Kerrisk (man-pages)
0 siblings, 0 replies; 18+ messages in thread
From: Michael Kerrisk (man-pages) @ 2020-07-17 6:00 UTC (permalink / raw)
To: Andrew G. Morgan; +Cc: LSM List
On Thu, 16 Jul 2020 at 17:08, Andrew G. Morgan <morgan@kernel.org> wrote:
>
> Thanks! Applied all of them except 07_16. Instead, I've hopefully
> clarified the intent of the text with some quotes.
Okay. Thanks, Andrew.
Cheers,
Michael
> https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=34e4e00b983a2c0fc5f13b403871a8fb5860bb89
>
> On Thu, Jul 16, 2020 at 3:19 AM Michael Kerrisk (man-pages)
> <mtk.manpages@gmail.com> wrote:
> >
> > Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
> > ---
> > progs/capsh.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/progs/capsh.c b/progs/capsh.c
> > index 94bf57d..7bed98e 100644
> > --- a/progs/capsh.c
> > +++ b/progs/capsh.c
> > @@ -879,10 +879,10 @@ int main(int argc, char *argv[], char *envp[])
> > " --delamb=xxx remove xxx,... capabilities from ambient\n"
> > " --noamb reset (drop) all ambient capabilities\n"
> > " --caps=xxx set caps as per cap_from_text()\n"
> > - " --inh=xxx set xxx,.. inheritiable set\n"
> > + " --inh=xxx set xxx,.. inheritable set\n"
> > " --secbits=<n> write a new value for securebits\n"
> > " --iab=... use cap_iab_from_text() to set iab\n"
> > - " --keep=<n> set keep-capabability bit to <n>\n"
> > + " --keep=<n> set keep-capability bit to <n>\n"
> > " --uid=<n> set uid to <n> (hint: id <username>)\n"
> > " --cap-uid=<n> libcap cap_setuid() to change uid\n"
> > " --is-uid=<n> exit 1 if uid != <n>\n"
> > --
> > 2.26.2
> >
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
^ permalink raw reply [flat|nested] 18+ messages in thread