On 1 February 2018 at 19:03, Stefan Hajnoczi <stefa...@redhat.com> wrote:
> On Tue, Jan 30, 2018 at 10:31:54PM +0100, Michael Kerrisk (man-pages) wrote:
>> Hi Stefan,
>>
>> Ping on the below please, since it either blocks the man-pages release
>> I'd current
Hi Stefan,
Ping on the below please, since it either blocks the man-pages release
I'd currently like to make, or I must remove the vsock.7 page for this
release.
Thanks,
Michael
On 26 January 2018 at 22:47, Michael Kerrisk (man-pages)
<mtk.manpa...@gmail.com> wrote:
> Stefan,
>
Stefan,
I've just now noted that your page came with no license. What license
do you want to use Please see
https://www.kernel.org/doc/man-pages/licenses.html
Thanks,
Michael
On 30 November 2017 at 12:21, Stefan Hajnoczi wrote:
> The AF_VSOCK address family has been
Hi Christoph,
On 01/10/2018 04:58 PM, Christoph Hellwig wrote:
> Hi all,
>
> this series adds support for the IOCB_CMD_POLL operation to poll for the
> readyness of file descriptors using the aio subsystem. The API is based
> on patches that existed in RHAS2.1 and RHEL3, which means it already
Hello Mahesh,
On 12/28/2017 01:45 AM, Mahesh Bandewar (महेश बंडेवार) wrote:
> On Wed, Dec 27, 2017 at 12:23 PM, Michael Kerrisk (man-pages)
> <mtk.manpa...@gmail.com> wrote:
>> Hello Mahesh,
>>
>> On 27 December 2017 at 18:09, Mahesh Bandewar (महेश बंडेवार)
Hello Mahesh,
On 12/05/2017 11:31 PM, Mahesh Bandewar wrote:
> From: Mahesh Bandewar
>
> Add a sysctl variable kernel.controlled_userns_caps_whitelist. This
> takes input as capability mask expressed as two comma separated hex
> u32 words. The mask, however, is stored in
Hello Mahesh,
On 27 December 2017 at 18:09, Mahesh Bandewar (महेश बंडेवार)
wrote:
> Hello James,
>
> Seems like I missed your name to be added into the review of this
> patch series. Would you be willing be pull this into the security
> tree? Serge Hallyn has already ACKed
On 12/06/2017 03:06 PM, Jorgen S. Hansen wrote:
>
>> On Dec 5, 2017, at 11:56 AM, Stefan Hajnoczi wrote:
>>
>> The AF_VSOCK address family has been available since Linux 3.9 without a
>> corresponding man page.
>>
>> This patch adds vsock.7 and describes its use along the
Hello Stefan,
Thanks for this page!
I have applied your patch, and made a few tweaks, but
I have some minor questions. Please see below.
On 12/05/2017 11:56 AM, Stefan Hajnoczi wrote:
> The AF_VSOCK address family has been available since Linux 3.9 without a
> corresponding man page.
>
> This
[Adding Neil, who wrote the original text. Maybe he has also some
suggested improvement.]
Hello Petr and Tobias,
Thank you both for your reports about the incorrect documentation. See below.
On 15 November 2017 at 16:14, Petr Malat wrote:
> Hi!
> Generic SO_RXQ_OVFL helpers
[CC widended]
Tobias,
On 7 August 2017 at 13:53, Tobias Klausmann wrote:
> Hi!
>
> This bug pertains to the manpage as visible on man7.org right
> now.
>
> The socket(7) man page has this paragraph:
>
>SO_RXQ_OVFL (since Linux 2.6.33)
> Indicates
On 11/14/2016 11:36 PM, Rick Jones wrote:
>> Lets change the example so others don't propagate the problem further.
>>
>> Signed-off-by David Wilder
>>
>> --- man7/netlink.7.orig 2016-11-14 13:30:36.522101156 -0800
>> +++ man7/netlink.7 2016-11-14 13:30:51.002086354 -0800
On 11/14/2016 11:20 PM, dwilder wrote:
> The example code in netlink(7) (for reading netlink message) suggests
> using
> a 4k read buffer with recvmsg. This can cause truncated messages on
> systems
> using a page size is >4096. Please see:
> linux/include/linux/netlink.h (in the kernel
On 04/19/2017 10:13 PM, Eric Dumazet wrote:
> On Wed, 2017-04-19 at 20:48 +0200, Michael Kerrisk (man-pages) wrote:
>> Hi Eric,
>>
>> [reodering for clarity]
>>
>>>> On 02/19/2017 09:55 PM, Michael Kerrisk (man-pages) wrote:
>>>>> [CC += Eri
Hi Eric,
[reodering for clarity]
>> On 02/19/2017 09:55 PM, Michael Kerrisk (man-pages) wrote:
>>> [CC += Eric, so that he might review]
>>>
>>> Hello Francois,
>>>
>>> On 02/18/2017 05:06 AM, Francois Saint-Jacques wrote:
>>>> Th
Ping Eric!
Would you have a chance to review the proposed text below, please.
Thanks,
Michael
On 02/19/2017 09:55 PM, Michael Kerrisk (man-pages) wrote:
> [CC += Eric, so that he might review]
>
> Hello Francois,
>
> On 02/18/2017 05:06 AM, Francois Saint-Jacques wrote:
>&g
[CC += Eric, so that he might review]
Hello Francois,
On 02/18/2017 05:06 AM, Francois Saint-Jacques wrote:
> This socket option is undocumented. Applies on the latest version
> (man-pages-4.09-511).
>
> diff --git a/man7/socket.7 b/man7/socket.7
> index 3efd7a5d8..1a3ffa253 100644
> ---
On 26 July 2016 at 18:52, Kees Cook <keesc...@chromium.org> wrote:
> On Tue, Jul 26, 2016 at 8:06 AM, Eric W. Biederman
> <ebied...@xmission.com> wrote:
>> "Michael Kerrisk (man-pages)" <mtk.manpa...@gmail.com> writes:
>>
>>> Hello Eric,
Hello Eric,
I realized I had a question after the last mail.
On 07/21/2016 06:39 PM, Eric W. Biederman wrote:
This patchset addresses two use cases:
- Implement a sane upper bound on the number of namespaces.
- Provide a way for sandboxes to limit the attack surface from
namespaces.
Can
Hello Eric,
On 07/21/2016 06:39 PM, Eric W. Biederman wrote:
This patchset addresses two use cases:
- Implement a sane upper bound on the number of namespaces.
- Provide a way for sandboxes to limit the attack surface from
namespaces.
The maximum sane case I can imagine is if every process
Hi Andrey,
On 06/10/2016 10:28 PM, Andrey Vagin wrote:
> Cc: Kir Kolyshkin
> Cc: Michael Kerrisk
> Cc: Herbert Xu
> Cc: Patrick McHardy
> Cc: Christophe Ricard
> Cc: Nicolas
Hello Benjamin,
On 03/22/2016 09:28 AM, Benjamin Poirier wrote:
> "IP_LEAVE_GROUP" does not exist. It was perhaps a confusion with
> MCAST_LEAVE_GROUP. Change the text to IP_DROP_MEMBERSHIP which has the same
> function as MCAST_LEAVE_GROUP and is documented in the ip.7 man page.
>
> Reference:
On 03/01/2016 11:10 AM, Vincent Bernat wrote:
> ❦ 1 mars 2016 11:03 +0100, "Michael Kerrisk (man-pages)"
> <mtk.manpa...@gmail.com> :
>
>> Once the SO_LOCK_FILTER option has been enabled,
>> attempts by an unpr
Hi Craig,
On 02/29/2016 06:36 PM, Craig Gallek wrote:
> From: Craig Gallek
Thanks for improvements. I've applied the patch and tweaked things
somewhat, but I have a few comments and queries below. I'd be
grateful if you'd check these, in case I have introduced any errors.
Hello Craig,
Thanks for putting this together. I have a few comments.
Would you please amend your patch and resend? (And include Alexei
in a "Reviewed-by" tag.)
On 02/25/2016 09:27 PM, Craig Gallek wrote:
> From: Craig Gallek
>
> Document the behavior and the first kernel
Hi Heinrich,
On 12/29/2015 11:22 PM, Heinrich Schuchardt wrote:
> IOCTL SIOCRTMSG does nothing but return EINVAL.
>
> So comment it as unused.
Can you say something about how you confirmed this?
It's not immediately obvious from the code.
Cheers,
Michael
> Signed-off-by: Heinrich Schuchardt
Hello Richard,
On 23 December 2015 at 20:30, richardvo...@gmail.com
wrote:
> From the context, it is apparent that in the code explaining ppoll in
> terms of poll, timeout_ts must be a pointer.
>
> Usage #1: ready = ppoll(, nfds, timeout_ts, );
>
> Usage #2:
HI Tycho
On 11 September 2015 at 02:21, Tycho Andersen
wrote:
> This patch adds a way for a process that is "real root" to access the
> seccomp filters of another process. The process first does a
> PTRACE_SECCOMP_GET_FILTER_FD to get an fd with that process'
On 11 September 2015 at 02:20, Tycho Andersen
wrote:
> seccomp uses eBPF as its underlying storage and execution format, and eBPF
> has features that seccomp would like to make use of in the future. This
> patch adds a formal seccomp type to the eBPF verifier.
>
>
On 11 September 2015 at 02:21, Tycho Andersen
wrote:
> This is the final bit needed to support seccomp filters created via the bpf
> syscall. The patch adds a new seccomp operation SECCOMP_MODE_FILTER_EBPF,
> which takes exactly one command (presumably to be expanded
On 09/04/2015 10:41 PM, Kees Cook wrote:
> On Fri, Sep 4, 2015 at 9:04 AM, Tycho Andersen
> wrote:
>> This is the final bit needed to support seccomp filters created via the bpf
>> syscall.
Hmm. Thanks Kees, for CCinf linux-api@. That really should have been done at
31 matches
Mail list logo