From: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
To: mtk.manpages@gmail.com, Andrew Morgan <morgan@kernel.org>
Cc: linux-security-module@vger.kernel.org
Subject: [PATCH 03/15] Manual pages: capsh.1: Various minor wording and formatting fixes
Date: Mon, 20 Jul 2020 11:13:16 +0200 [thread overview]
Message-ID: <20200720091328.290336-4-mtk.manpages@gmail.com> (raw)
In-Reply-To: <20200720091328.290336-1-mtk.manpages@gmail.com>
Signed-off-by: Michael Kerrisk (man-pages) <mtk.manpages@gmail.com>
---
doc/capsh.1 | 47 ++++++++++++++++++++++++++++++++---------------
1 file changed, 32 insertions(+), 15 deletions(-)
diff --git a/doc/capsh.1 b/doc/capsh.1
index 242727c..f19a3ea 100644
--- a/doc/capsh.1
+++ b/doc/capsh.1
@@ -10,7 +10,8 @@ this tool. This tool provides a handy wrapper for certain types
of capability testing and environment creation. It also provides some
debugging features useful for summarizing capability state.
.SH OPTIONS
-The tool takes a number of optional arguments, acting on them in the
+.B capsh
+takes a number of optional arguments, acting on them in the
order they are provided. They are as follows:
.TP 22
.B \-\-help
@@ -30,7 +31,7 @@ for specific commands.
.B ==
Execute
.B capsh
-again with remaining arguments. Useful for testing
+again with the remaining arguments. Useful for testing
.BR exec ()
behavior.
.TP
@@ -44,11 +45,12 @@ is a text-representation of capability state as per
.TP
.BI \-\-drop= cap-list
Remove the listed capabilities from the prevailing bounding set. The
-capabilities are a comma separated list of capabilities as recognized
+capabilities are a comma-separated list of capabilities as recognized
by the
.BR cap_from_name (3)
-function. Use of this feature requires that the capsh program is
-operating with
+function. Use of this feature requires that
+.B capsh
+is operating with
.B CAP_SETPCAP
in its effective set.
.TP
@@ -57,7 +59,9 @@ Set the inheritable set of capabilities for the current process to
equal those provided in the comma separated list. For this action to
succeed, the prevailing process should already have each of these
capabilities in the union of the current inheritable and permitted
-capability sets, or the capsh program is operating with
+capability sets, or
+.B capsh
+should be operating with
.B CAP_SETPCAP
in its effective set.
.TP
@@ -73,7 +77,7 @@ and set them all using
and
.BR cap_setgroups (3).
Following this command, the effective capabilities will be cleared,
-but the permitted set will not be so the running program is still
+but the permitted set will not be, so the running program is still
privileged.
.TP
.B \-\-modes
@@ -87,7 +91,9 @@ security mode. This is a set of securebits and prevailing capability
arrangement recommended for its pre-determined security stance.
.TP
.BR \-\-inmode= <mode>
-Confirm that the prevailing mode is so named, or exit with a status 1.
+Confirm that the prevailing mode is that specified in
+.IR <mode> ,
+or exit with a status 1.
.TP
.BI \-\-uid= id
Force all
@@ -156,9 +162,12 @@ is performed. See
for ways to disable this feature.
.TP
.BI \-\-secbits= N
-Set the security-bits for the program, this is via
-.BR prctl "(2), " PR_SET_SECUREBITS
-API, and the list of supported bits and their meaning can be found in
+Set the security-bits for the program.
+This is done using the
+.BR prctl (2)
+.B PR_SET_SECUREBITS
+operation.
+The list of supported bits and their meaning can be found in
the
.B <sys/secbits.h>
header file. The program will list these bits via the
@@ -221,7 +230,9 @@ $ \fBcapsh \-\-decode=3\fP
As the kernel evolves, more capabilities are added. This option can be used
to verify the existence of a capability on the system. For example,
.BI \-\-supports= cap_syslog
-will cause capsh to promptly exit with a status of 1 when run on
+will cause
+.B capsh
+to promptly exit with a status of 1 when run on
kernel 2.6.27. However, when run on kernel 2.6.38 it will silently
succeed.
.TP
@@ -234,7 +245,9 @@ raised.
.TP
.B \-\-has\-ambient
Performs a check to see if the running kernel supports ambient
-capabilities. If not, the capsh command exits with status 1.
+capabilities. If not,
+.B capsh
+exits with status 1.
.TP
.BI \-\-has\-a= xxx
Exit with status 1 unless the
@@ -252,8 +265,12 @@ Removes the specified ambient capability from the running process.
.B \-\-noamb
Drops all ambient capabilities from the running process.
.SH "EXIT STATUS"
-Following successful execution the tool exits with status 0. Following
-an error, the tool immediately exits with status 1.
+Following successful execution,
+.B capsh
+exits with status 0. Following
+an error,
+.B capsh
+immediately exits with status 1.
.SH AUTHOR
Written by Andrew G. Morgan <morgan@kernel.org>.
.SH "REPORTING BUGS"
--
2.26.2
next prev parent reply other threads:[~2020-07-20 9:14 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-20 9:13 [PATCH 00/15] [libcap] Manual pages: various fixes Michael Kerrisk (man-pages)
2020-07-20 9:13 ` [PATCH 01/15] Manual pages: various pages: Use "\-" for real minus signs Michael Kerrisk (man-pages)
2020-07-20 9:13 ` [PATCH 02/15] Manual pages: cap_init.3: Formatting fix Michael Kerrisk (man-pages)
2020-07-20 9:13 ` Michael Kerrisk (man-pages) [this message]
2020-07-20 9:13 ` [PATCH 04/15] Manual pages: cap_copy_ext.3: Typo fix Michael Kerrisk (man-pages)
2020-07-20 9:13 ` [PATCH 05/15] Manual pages; cap_get_file.3: Fix some clumsily worded text Michael Kerrisk (man-pages)
2020-07-20 9:13 ` [PATCH 06/15] Manual pages: getcap.8: Add missing word Michael Kerrisk (man-pages)
2020-07-20 9:13 ` [PATCH 07/15] Manual pages: getcap.8: Fix a clumsily worded sentence Michael Kerrisk (man-pages)
2020-07-20 9:13 ` [PATCH 08/15] Manual pages: getpcaps.8: Format options as a hanging list Michael Kerrisk (man-pages)
2020-07-20 9:13 ` [PATCH 09/15] Manual pages: getpcaps.8: Remove a stray .br macro Michael Kerrisk (man-pages)
2020-07-20 9:13 ` [PATCH 10/15] Manual pages: getpcaps.8: SEE ALSO: fix section number for capsh Michael Kerrisk (man-pages)
2020-07-20 9:13 ` [PATCH 11/15] Manual pages: setcap.8: Typo fix Michael Kerrisk (man-pages)
2020-07-20 9:13 ` [PATCH 12/15] Manual pages: cap_get_file.3: NOTES: note the effect of the Ambient set Michael Kerrisk (man-pages)
2020-07-20 15:36 ` Andrew G. Morgan
2020-07-20 20:21 ` Michael Kerrisk (man-pages)
2020-07-20 9:13 ` [PATCH 13/15] Manual pages: cap_get_proc.3: Update description of capsetp() Michael Kerrisk (man-pages)
2020-07-20 9:13 ` [PATCH 14/15] Manual pages: cap_get_proc.3, capsh.1: Use "UID" and "GID" consistently Michael Kerrisk (man-pages)
2020-07-20 9:13 ` [PATCH 15/15] Manual pages: capsh.1: Change .TP indent to the default Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200720091328.290336-4-mtk.manpages@gmail.com \
--to=mtk.manpages@gmail.com \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).