LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
To: lkml <linux-kernel@vger.kernel.org>
Cc: mtk.manpages@gmail.com
Subject: man-pages-3.82 is released
Date: Tue, 31 Mar 2015 09:12:52 +0200	[thread overview]
Message-ID: <551A48F4.8020705@gmail.com> (raw)

Gidday,

The Linux man-pages maintainer proudly announces:

    man-pages-3.82 - man pages for Linux

Tarball download:
    http://www.kernel.org/doc/man-pages/download.html
Git repository:
    https://git.kernel.org/cgit/docs/man-pages/man-pages.git/
Online changelog:
    http://man7.org/linux/man-pages/changelog.html#release_3.82

A short summary of the release is blogged at:
http://linux-man-pages.blogspot.com/2015/03/man-pages-382-is-released.html

A selection of changes in this release that may be interesting
for readers of this list is shown below.

Cheers,

Michael

==================== Changes in man-pages-3.82 ====================

Released: 2015-03-29, Paris

Contributors
------------

The following people contributed patches/fixes or (noted in brackets
in the changelog below) reports, notes, and ideas that have been
incorporated in changes in this release:

Alban Crequy <alban.crequy@gmail.com>
Andy Lutomirski <luto@amacapital.net>
Bert Wesarg <bert.wesarg@googlemail.com>
Bill Pemberton <wfp5p@worldbroken.com>
Chris Delozier <c.s.delozier@gmail.com>
David Madore <david.madore@ens.fr>
Dmitry Deshevoy <mityada@gmail.com>
Eric W. Biederman <ebiederm@xmission.com>
Heinrich Schuchardt <xypron.glpk@gmx.de>
Jakub Wilk <ubanus@users.sf.net>
Jann Horn <jann@thejh.net>
Jason Vas Dias <jason.vas.dias@gmail.com>
Josh Triplett <josh@joshtriplett.org>
J William Piggott <elseifthen@gmx.com>
Kees Cook <keescook@chromium.org>
Konstantin Shemyak <konstantin@shemyak.com>
Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Matt Turner <mattst88@gmail.com>
Michael Kerrisk <mtk.manpages@gmail.com>
Michael Witten <mfwitten@gmail.com>
Mikael Pettersson <mikpelinux@gmail.com>
Namhyung Kim <namhyung@gmail.com>
Nicolas FRANCOIS <nicolas.francois@centraliens.net>
Paul E Condon <pecondon@mesanetworks.net>
Peter Adkins <peter.adkins@kernelpicnic.net>
Scot Doyle <lkml14@scotdoyle.com>
Shawn Landden <shawn@churchofgit.com>
Stéphane Aulery <saulery@free.fr>
Stephen Smalley <sds@tycho.nsa.gov>
Taisuke Yamada <tai@rakugaki.org>
Torvald Riegel <triegel@redhat.com>
Vincent Lefevre <vincent@vinc17.net>
<ygrex@ygrex.ru>
Yuri Kozlov <yuray@komyakino.ru>

Apologies if I missed anyone!


New and rewritten pages
-----------------------

nptl.7
    Michael Kerrisk
        New page with details of the NPTL POSIX threads implementation


Newly documented interfaces in existing pages
---------------------------------------------

user_namespaces.7
    Eric W. Biederman  [Michael Kerrisk]
        Document /proc/[pid]/setgroups


Changes to individual pages
---------------------------

clone.2
    Josh Triplett
        Document that clone() silently ignores CLONE_PID and CLONE_STOPPED
            Normally, system calls return EINVAL for flags they don't support.
            Explicitly document that clone does *not* produce an error for
            these two obsolete flags.

getgroups.2
    Michael Kerrisk  [Shawn Landden]
        Add discussion of NPTL credential-changing mechanism
            At the kernel level, credentials (UIDs and GIDs) are a per-thread
            attribute. NPTL uses a signal-based mechanism to ensure that
            when one thread changes its credentials, all other threads change
            credentials to the same values. By this means, the NPTL
            implementation conforms to the POSIX requirement that the threads
            in a process share credentials.

getpid.2
    Michael Kerrisk
        Note that getppid() returns 0 if parent is in different PID namespace

getsockopt.2
    Konstantin Shemyak
        Note RETURN VALUE details when netfilter is involved

msgop.2
    Bill Pemberton
        Add an example program

open.2
    Michael Kerrisk  [Jason Vas Dias]
        Mention blocking semantics for FIFO opens
            See https://bugzilla.kernel.org/show_bug.cgi?id=95191

seccomp.2
    Jann Horn  [Kees Cook, Mikael Pettersson, Andy Lutomirski]
        Add note about alarm(2) not being sufficient to limit runtime
    Jann Horn
        Explain blacklisting problems, expand example

setgid.2
    Michael Kerrisk  [Shawn Landden]
        Add discussion of NPTL credential-changing mechanism
            At the kernel level, credentials (UIDs and GIDs) are a per-thread
            attribute. NPTL uses a signal-based mechanism to ensure that
            when one thread changes its credentials, all other threads change
            credentials to the same values. By this means, the NPTL
            implementation conforms to the POSIX requirement that the threads
            in a process share credentials.

setresuid.2
    Michael Kerrisk  [Shawn Landden]
        Add discussion of NPTL credential-changing mechanism
            At the kernel level, credentials (UIDs and GIDs) are a per-thread
            attribute. NPTL uses a signal-based mechanism to ensure that
            when one thread changes its credentials, all other threads change
            credentials to the same values. By this means, the NPTL
            implementation conforms to the POSIX requirement that the threads
            in a process share credentials.

setreuid.2
    Michael Kerrisk  [Shawn Landden]
        Add discussion of NPTL credential-changing mechanism
            At the kernel level, credentials (UIDs and GIDs) are a per-thread
            attribute. NPTL uses a signal-based mechanism to ensure that
            when one thread changes its credentials, all other threads change
            credentials to the same values. By this means, the NPTL
            implementation conforms to the POSIX requirement that the threads
            in a process share credentials.

setuid.2
    Michael Kerrisk  [Shawn Landden]
        Add discussion of NPTL credential-changing mechanism
            At the kernel level, credentials (UIDs and GIDs) are a per-thread
            attribute. NPTL uses a signal-based mechanism to ensure that
            when one thread changes its credentials, all other threads change
            credentials to the same values. By this means, the NPTL
            implementation conforms to the POSIX requirement that the threads
            in a process share credentials.

sigaction.2
    Michael Kerrisk
        Add discussion of rt_sigaction(2)
    Michael Kerrisk
        Note treatment of signals used internally by NPTL
            The glibc wrapper gives an EINVAL error on attempts to change the
            disposition of either of the two real-time signals used by NPTL.

sigpending.2
    Michael Kerrisk
        Add discussion of rt_sigpending(2)

sigprocmask.2
    Michael Kerrisk
        Add discussion of rt_sigprocmask(2)
    Michael Kerrisk
        Note treatment of signals used internally by NPTL
            The glibc wrapper silently ignores attempts to block the two
            real-time signals used by NPTL.

sigreturn.2
    Michael Kerrisk
        Add discussion of rt_sigreturn(2)

sigsuspend.2
    Michael Kerrisk
        Add discussion of rt_sigsuspend(2)

sigwaitinfo.2
    Michael Kerrisk
        Note treatment of signals used internally by NPTL
            The glibc wrappers silently ignore attempts to wait for
            signals used by NPTL.
    Michael Kerrisk
        Add discussion of rt_sigtimedwait(2)

syscall.2
    Jann Horn
        Add x32 ABI

umount.2
    Eric W. Biederman
        Document the effect of shared subtrees on umount(2)
    Eric W. Biederman
        Correct the description of MNT_DETACH

dlopen.3
    Michael Kerrisk
        Amend error in description of dlclose() behavior
            The current text says that unloading depends on whether
            the reference count falls to zero *and no other libraries
            are using symbols in this library*. That latter text has
            been there since man-pages-1.29, but it seems rather dubious.
            How could the implementation know whether other libraries
            are still using symbols in this library? Furthermore, no
            other implementation's man page mentions this point.
            Seems best to drop this point.
    Michael Kerrisk
        Add some details for RTLD_DEFAULT
    Michael Kerrisk
        Add some details on RTLD_NEXT and preloading
    Michael Kerrisk
        RTLD_NEXT works for symbols generally, not just functions
            The common use case is for functions, but RTLD_NEXT
            also applies to variable symbols.
    Michael Kerrisk
        dlclose() recursively closes dependent libraries
            Note that dlclose() recursively closes dependent libraries
            that were loaded by dlopen()

console_codes.4
    Scot Doyle
        Add Console Private CSI sequence 15
            An undocumented escape sequence in drivers/tty/vt/vt.c brings the
            previously accessed virtual terminal to the foreground.
            mtk: Patch misattributed to Taisuke Yamada in Git commit
            because of a muck up on my part.

proc.5
    Taisuke Yamada
        Document /proc/PID/status VmPin field
            See https://bugs.launchpad.net/bugs/1071746
    Michael Kerrisk
        Document (the obsolete) /proc/PID/seccomp
    Taisuke Yamada
        Fix SELinux /proc/pid/attr/current example
            Since the /proc/pid/attr API was added to the kernel, there
            have been a couple of changes to the SELinux handling of
            /proc/pid/attr/current.  Fix the SELinux /proc/pid/attr/current
            example text to reflect these changes and note which kernel
            versions first included the changes.

feature_test_macros.7
    Michael Kerrisk
        Update discussion of _FORTIFY_SOURCE
            Since the initial implementation a lot more checks were added.
            Describe all the checks would be too verbose (and would soon
            fall out of date as more checks are added). So instead, describe
            the kinds of checks that are done more generally.
            Also a few other minor edits to the text.

packet.7
    Michael Kerrisk
        Remove mention of needing UID 0 to create packet socket
            The existing text makes no sense. The check is based
            purely on a capability check. (Kernel function
            net/packet/af_packet.c::packet_create()

signal.7
    Michael Kerrisk
        Note when Linux added realtime signals
    Michael Kerrisk
        Correct the range of realtime signals
    Michael Kerrisk
        Summarize 2.2 system call changes that resulted from larger signal sets

tcp.7
    Peter Adkins
        Document removal of TCP_SYNQ_HSIZE
            Looking over the man page for 'tcp' I came across a reference to
            tuning the 'TCP_SYNQ_HSIZE' parameter when increasing
            'tcp_max_syn_backlog' above 1024. However, this static sizing was
            removed back in Linux 2.6.20 in favor of dynamic scaling - as
            part of commit 72a3effaf633bcae9034b7e176bdbd78d64a71db.

user_namespaces.7
    Eric W. Biederman
        Update the documentation to reflect the fixes for negative groups
            Files with access permissions such as rwx---rwx give fewer
            permissions to their group then they do to everyone else.  Which
            means dropping groups with setgroups(0, NULL) actually grants a
            process privileges.

            The unprivileged setting of gid_map turned out not to be safe
            after this change.  Privileged setting of gid_map can be
            interpreted as meaning yes it is ok to drop groups. [ Eric
            additionally noted: Setting of gid_map with privilege has been
            clarified to mean that dropping groups is ok.  This allows
            existing programs that set gid_map with privilege to work
            without changes.  That is, newgidmap(1) continues to work
            unchanged.]

            To prevent this problem and future problems, user namespaces were
            changed in such a way as to guarantee a user can not obtain
            credentials without privilege that they could not obtain without
            the help of user namespaces.

            This meant testing the effective user ID and not the filesystem
            user ID, as setresuid(2) and setregid(2) allow setting any process
            UID or GID (except the supplementary groups) to the effective ID.

            Furthermore, to preserve in some form the useful applications
            that have been setting gid_map without privilege, the file
            /proc/[pid]/setgroups was added to allow disabling setgroups(2).
            With setgroups(2) permanently disabled in a user namespace, it
            again becomes safe to allow writes to gid_map without privilege.
    Michael Kerrisk
        Rework some text describing permission rules for updating map files
            No (intentional) change to the facts, but this restructuring
            should make the meaning easier to grasp.
    Michael Kerrisk
        Update kernel version associated with 5-line limit for map files
            As at Linux 3.18, the limit is still five lines, so mention the
            more recent kernel version in the text.
    Michael Kerrisk  [Alban Crequy]
        Handle /proc/PID/setgroups in the example program
    Michael Kerrisk
        Rework text describing restrictions on updating /proc/PID/setgroups
            No (intentional) changes to factual description, but the
            restructured text is hopefully easier to grasp.
    Michael Kerrisk
        Explain why the /proc/PID/setgroups file was added

ldconfig.8
    Michael Kerrisk
        Note use of /lib64 and /usr/lib64 on some 64-bit architectures

ld.so.8
    Michael Kerrisk
        Note the use of /lib64 and /usr/lib64 on some 64-bit architectures


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/

                 reply	other threads:[~2015-03-31  7:12 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=551A48F4.8020705@gmail.com \
    --to=mtk.manpages@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --subject='Re: man-pages-3.82 is released' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).