Re: [PATCH] vsock.7: document VSOCK socket address family

On 1 February 2018 at 19:03, Stefan Hajnoczi <stefa...@redhat.com> wrote: > On Tue, Jan 30, 2018 at 10:31:54PM +0100, Michael Kerrisk (man-pages) wrote: >> Hi Stefan, >> >> Ping on the below please, since it either blocks the man-pages release >> I'd current

Re: [PATCH] vsock.7: document VSOCK socket address family

Hi Stefan, Ping on the below please, since it either blocks the man-pages release I'd currently like to make, or I must remove the vsock.7 page for this release. Thanks, Michael On 26 January 2018 at 22:47, Michael Kerrisk (man-pages) <mtk.manpa...@gmail.com> wrote: > Stefan, >

Re: [PATCH] vsock.7: document VSOCK socket address family

Stefan, I've just now noted that your page came with no license. What license do you want to use Please see https://www.kernel.org/doc/man-pages/licenses.html Thanks, Michael On 30 November 2017 at 12:21, Stefan Hajnoczi wrote: > The AF_VSOCK address family has been

Re: aio poll, io_pgetevents and a new in-kernel poll API V2

Hi Christoph, On 01/10/2018 04:58 PM, Christoph Hellwig wrote: > Hi all, > > this series adds support for the IOCB_CMD_POLL operation to poll for the > readyness of file descriptors using the aio subsystem. The API is based > on patches that existed in RHAS2.1 and RHEL3, which means it already

Re: [PATCHv3 0/2] capability controlled user-namespaces

Hello Mahesh, On 12/28/2017 01:45 AM, Mahesh Bandewar (महेश बंडेवार) wrote: > On Wed, Dec 27, 2017 at 12:23 PM, Michael Kerrisk (man-pages) > <mtk.manpa...@gmail.com> wrote: >> Hello Mahesh, >> >> On 27 December 2017 at 18:09, Mahesh Bandewar (महेश बंडेवार)

Re: [PATCHv3 1/2] capability: introduce sysctl for controlled user-ns capability whitelist

Hello Mahesh, On 12/05/2017 11:31 PM, Mahesh Bandewar wrote: > From: Mahesh Bandewar > > Add a sysctl variable kernel.controlled_userns_caps_whitelist. This > takes input as capability mask expressed as two comma separated hex > u32 words. The mask, however, is stored in

Re: [PATCHv3 0/2] capability controlled user-namespaces

Hello Mahesh, On 27 December 2017 at 18:09, Mahesh Bandewar (महेश बंडेवार) wrote: > Hello James, > > Seems like I missed your name to be added into the review of this > patch series. Would you be willing be pull this into the security > tree? Serge Hallyn has already ACKed

Re: [PATCH v2] vsock.7: document VSOCK socket address family

On 12/06/2017 03:06 PM, Jorgen S. Hansen wrote: > >> On Dec 5, 2017, at 11:56 AM, Stefan Hajnoczi wrote: >> >> The AF_VSOCK address family has been available since Linux 3.9 without a >> corresponding man page. >> >> This patch adds vsock.7 and describes its use along the

Re: [PATCH v2] vsock.7: document VSOCK socket address family

Hello Stefan, Thanks for this page! I have applied your patch, and made a few tweaks, but I have some minor questions. Please see below. On 12/05/2017 11:56 AM, Stefan Hajnoczi wrote: > The AF_VSOCK address family has been available since Linux 3.9 without a > corresponding man page. > > This

Re: Incorrect behaviour or documentation problem of SO_RXQ_OVFL

[Adding Neil, who wrote the original text. Maybe he has also some suggested improvement.] Hello Petr and Tobias, Thank you both for your reports about the incorrect documentation. See below. On 15 November 2017 at 16:14, Petr Malat wrote: > Hi! > Generic SO_RXQ_OVFL helpers

Re: Bug in socket(7) man page

[CC widended] Tobias, On 7 August 2017 at 13:53, Tobias Klausmann wrote: > Hi! > > This bug pertains to the manpage as visible on man7.org right > now. > > The socket(7) man page has this paragraph: > >SO_RXQ_OVFL (since Linux 2.6.33) > Indicates

Re: [patch] netlink.7: srcfix Change buffer size in example code about reading netlink message.

On 11/14/2016 11:36 PM, Rick Jones wrote: >> Lets change the example so others don't propagate the problem further. >> >> Signed-off-by David Wilder >> >> --- man7/netlink.7.orig 2016-11-14 13:30:36.522101156 -0800 >> +++ man7/netlink.7 2016-11-14 13:30:51.002086354 -0800

Re: [patch] netlink.7: srcfix Change buffer size in example code about reading netlink message.

On 11/14/2016 11:20 PM, dwilder wrote: > The example code in netlink(7) (for reading netlink message) suggests > using > a 4k read buffer with recvmsg. This can cause truncated messages on > systems > using a page size is >4096. Please see: > linux/include/linux/netlink.h (in the kernel

Re: [patch] socket.7: Document SO_INCOMING_CPU

On 04/19/2017 10:13 PM, Eric Dumazet wrote: > On Wed, 2017-04-19 at 20:48 +0200, Michael Kerrisk (man-pages) wrote: >> Hi Eric, >> >> [reodering for clarity] >> >>>> On 02/19/2017 09:55 PM, Michael Kerrisk (man-pages) wrote: >>>>> [CC += Eri

Re: [patch] socket.7: Document SO_INCOMING_CPU

Hi Eric, [reodering for clarity] >> On 02/19/2017 09:55 PM, Michael Kerrisk (man-pages) wrote: >>> [CC += Eric, so that he might review] >>> >>> Hello Francois, >>> >>> On 02/18/2017 05:06 AM, Francois Saint-Jacques wrote: >>>> Th

Re: [patch] socket.7: Document SO_INCOMING_CPU

Ping Eric! Would you have a chance to review the proposed text below, please. Thanks, Michael On 02/19/2017 09:55 PM, Michael Kerrisk (man-pages) wrote: > [CC += Eric, so that he might review] > > Hello Francois, > > On 02/18/2017 05:06 AM, Francois Saint-Jacques wrote: >&g

Re: [patch] socket.7: Document SO_INCOMING_CPU

[CC += Eric, so that he might review] Hello Francois, On 02/18/2017 05:06 AM, Francois Saint-Jacques wrote: > This socket option is undocumented. Applies on the latest version > (man-pages-4.09-511). > > diff --git a/man7/socket.7 b/man7/socket.7 > index 3efd7a5d8..1a3ffa253 100644 > ---

Re: [PATCH v2 00/10] userns: sysctl limits for namespaces

On 26 July 2016 at 18:52, Kees Cook <keesc...@chromium.org> wrote: > On Tue, Jul 26, 2016 at 8:06 AM, Eric W. Biederman > <ebied...@xmission.com> wrote: >> "Michael Kerrisk (man-pages)" <mtk.manpa...@gmail.com> writes: >> >>> Hello Eric,

Re: [PATCH v2 00/10] userns: sysctl limits for namespaces

Hello Eric, I realized I had a question after the last mail. On 07/21/2016 06:39 PM, Eric W. Biederman wrote: This patchset addresses two use cases: - Implement a sane upper bound on the number of namespaces. - Provide a way for sandboxes to limit the attack surface from namespaces. Can

Re: [PATCH v2 00/10] userns: sysctl limits for namespaces

Hello Eric, On 07/21/2016 06:39 PM, Eric W. Biederman wrote: This patchset addresses two use cases: - Implement a sane upper bound on the number of namespaces. - Provide a way for sandboxes to limit the attack surface from namespaces. The maximum sane case I can imagine is if every process

Re: [PATCH] netlink.7: describe netlink socket options

Hi Andrey, On 06/10/2016 10:28 PM, Andrey Vagin wrote: > Cc: Kir Kolyshkin > Cc: Michael Kerrisk > Cc: Herbert Xu > Cc: Patrick McHardy > Cc: Christophe Ricard > Cc: Nicolas

Re: [PATCH] ip.7: Fix incorrect sockopt name

Hello Benjamin, On 03/22/2016 09:28 AM, Benjamin Poirier wrote: > "IP_LEAVE_GROUP" does not exist. It was perhaps a confusion with > MCAST_LEAVE_GROUP. Change the text to IP_DROP_MEMBERSHIP which has the same > function as MCAST_LEAVE_GROUP and is documented in the ip.7 man page. > > Reference:

Re: [PATCH v2] socket.7: Document some BPF-related socket options

On 03/01/2016 11:10 AM, Vincent Bernat wrote: > ❦ 1 mars 2016 11:03 +0100, "Michael Kerrisk (man-pages)" > <mtk.manpa...@gmail.com> : > >> Once the SO_LOCK_FILTER option has been enabled, >> attempts by an unpr

Re: [PATCH v2] socket.7: Document some BPF-related socket options

Hi Craig, On 02/29/2016 06:36 PM, Craig Gallek wrote: > From: Craig Gallek Thanks for improvements. I've applied the patch and tweaked things somewhat, but I have a few comments and queries below. I'd be grateful if you'd check these, in case I have introduced any errors.

Re: [PATCH] socket.7: Document some BPF-related socket options

Hello Craig, Thanks for putting this together. I have a few comments. Would you please amend your patch and resend? (And include Alexei in a "Reviewed-by" tag.) On 02/25/2016 09:27 PM, Craig Gallek wrote: > From: Craig Gallek > > Document the behavior and the first kernel

Re: [PATCH 1/1] include/uapi/linux/sockios.h: mark SIOCRTMSG unused

Hi Heinrich, On 12/29/2015 11:22 PM, Heinrich Schuchardt wrote: > IOCTL SIOCRTMSG does nothing but return EINVAL. > > So comment it as unused. Can you say something about how you confirmed this? It's not immediately obvious from the code. Cheers, Michael > Signed-off-by: Heinrich Schuchardt

Re: [patch] poll.2: timeout_ts is a pointer, so use -> not . for member access

Hello Richard, On 23 December 2015 at 20:30, richardvo...@gmail.com wrote: > From the context, it is apparent that in the code explaining ppoll in > terms of poll, timeout_ts must be a pointer. > > Usage #1: ready = ppoll(, nfds, timeout_ts, ); > > Usage #2:

Re: [PATCH v2 4/5] seccomp: add a way to access filters via bpf fds

HI Tycho On 11 September 2015 at 02:21, Tycho Andersen wrote: > This patch adds a way for a process that is "real root" to access the > seccomp filters of another process. The process first does a > PTRACE_SECCOMP_GET_FILTER_FD to get an fd with that process'

Re: [PATCH v2 1/5] ebpf: add a seccomp program type

On 11 September 2015 at 02:20, Tycho Andersen wrote: > seccomp uses eBPF as its underlying storage and execution format, and eBPF > has features that seccomp would like to make use of in the future. This > patch adds a formal seccomp type to the eBPF verifier. > >

Re: [PATCH v2 5/5] seccomp: add a way to attach a filter via eBPF fd

On 11 September 2015 at 02:21, Tycho Andersen wrote: > This is the final bit needed to support seccomp filters created via the bpf > syscall. The patch adds a new seccomp operation SECCOMP_MODE_FILTER_EBPF, > which takes exactly one command (presumably to be expanded

Re: [PATCH 5/6] seccomp: add a way to attach a filter via eBPF fd

On 09/04/2015 10:41 PM, Kees Cook wrote: > On Fri, Sep 4, 2015 at 9:04 AM, Tycho Andersen > wrote: >> This is the final bit needed to support seccomp filters created via the bpf >> syscall. Hmm. Thanks Kees, for CCinf linux-api@. That really should have been done at