diff options
author | Andrew G. Morgan <morgan@kernel.org> | 2021-08-29 15:36:06 -0700 |
---|---|---|
committer | Andrew G. Morgan <morgan@kernel.org> | 2021-08-29 15:43:17 -0700 |
commit | b9d56654dee6c8998fa477ffb20e8a5d01044f96 (patch) | |
tree | b06c07860f013c7365c2a0e7b45197b1fcd29455 | |
parent | b972c50c0989a81da308886e5d602c272e90f8cb (diff) | |
download | libcap2-b9d56654dee6c8998fa477ffb20e8a5d01044f96.tar.gz |
Update man pages.
Some fixes, some more efficient URLs, some more coherrent cross-references.
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
-rw-r--r-- | doc/cap_iab.3 | 27 | ||||
-rw-r--r-- | doc/capsh.1 | 16 | ||||
-rw-r--r-- | doc/getcap.8 | 12 | ||||
-rw-r--r-- | doc/getpcaps.8 | 17 | ||||
-rw-r--r-- | doc/setcap.8 | 8 |
5 files changed, 50 insertions, 30 deletions
diff --git a/doc/cap_iab.3 b/doc/cap_iab.3 index 7e87a0f..ebcc87f 100644 --- a/doc/cap_iab.3 +++ b/doc/cap_iab.3 @@ -1,4 +1,4 @@ -.TH CAP_IAB 3 "2021-03-10" "" "Linux Programmer's Manual" +.TH CAP_IAB 3 "2021-08-29" "" "Linux Programmer's Manual" .SH NAME .nf #include <sys/capability.h> @@ -60,8 +60,8 @@ from the handshake inheritance between pre-exec* process and file-capability bestowed executable of the traditional capability mechanism. .PP -The convolution rules for IAB style inheritance are: I'=I; A'= A & ~B; -P'=A & ~B. Where P etc are the pre-exec values and P' etc are the +The convolution rules for IAB style inheritance are: I'=I; A'=A&I; +P'=A&I&P. Where P etc are the pre-exec values and P' etc are the post-exec values. .PP With an understanding of these convolution rules, we can explain how @@ -87,8 +87,8 @@ cap_iab_t should be freed with .BR cap_iab_set_proc () can be used to set the IAB value carried by the current process. Such a setting will fail if the process is insufficiently capable. The -process requires CAP_SETPCAP and a superset of P values over the A and -I vectors. +process requires CAP_SETPCAP raised in the E flag and a superset of P +and I values over those in the A vectors. .sp .BR cap_iab_to_text () will convert an IAB set to a canonical text representation. The @@ -103,12 +103,12 @@ previous function). The returned IAB set should be freed with The text format accepted by .BR cap_iab_from_text () is a comma separated list of capability values. Each capability is -prefixed by nothing (or %) (Inh); ! (Bound); ^ (Amb). Or, some -combination thereof. Since the Amb vector is constrained to be no -greater than the Inh set, ^ is equivalent to %^. Further, unless B is -non-zero, % can be omitted. The following are legal text -representations: "!%cap_chown" (Bound but Inh), -"!cap_setuid,^cap_chown" (Bound, Inh+Amb). "cap_setuid,!cap_chown" +prefixed by nothing (or %) (Inh); ! (Bound, but think Blocked); ^ +(Amb). Or, some combination thereof. Since the Amb vector is +constrained to be no greater than the Inh vector, ^ is equivalent to +%^. Further, unless B is non-zero, % can be omitted. The following are +legal text representations: "!%cap_chown" (Bound but Inh), +"!cap_chown,^cap_chown" (Bound, Inh+Amb). "cap_setuid,!cap_chown" (Inh, Bound). As noted above, this text representation is the syntax for the \fIpam_cap.so\fP config file. .sp @@ -172,7 +172,10 @@ work. Instead the \fIpam_cap.so\fP config syntax was generalized into a whole set of libcap functions for bundling together all three naively inheritable capabilities: the IAB set. The support for this debuted in libcap-2.33. - +.SH "REPORTING BUGS" +Please report bugs via: +.TP +https://bugzilla.kernel.org/buglist.cgi?component=libcap&list_id=1090757 .SH "SEE ALSO" .BR libcap (3), .BR cap_launch (3), diff --git a/doc/capsh.1 b/doc/capsh.1 index 9bed928..87ce06e 100644 --- a/doc/capsh.1 +++ b/doc/capsh.1 @@ -1,4 +1,4 @@ -.TH CAPSH 1 "2021-07-01" "libcap 2" "User Commands" +.TH CAPSH 1 "2021-08-29" "libcap" "User Commands" .SH NAME capsh \- capability shell wrapper .SH SYNOPSIS @@ -282,9 +282,9 @@ raised. .BI \-\-has\-b= xxx Exit with status 1 unless the .I bounding -set vector has capability +vector has capability .B xxx -enabled. +in its (default) non-blocked state. .TP .BI \-\-iab= xxx Attempts to set the IAB tuple of inheritable capability vectors. @@ -311,12 +311,14 @@ Written by Andrew G. Morgan <morgan@kernel.org>. .SH "REPORTING BUGS" Please report bugs via: .TP -https://bugzilla.kernel.org/buglist.cgi?component=libcap&list_id=1047723&product=Tools&resolution=--- +https://bugzilla.kernel.org/buglist.cgi?component=libcap&list_id=1090757 .SH "SEE ALSO" .BR libcap (3), -.BR getcap (8), -.BR setcap (8), .BR cap_from_text (3), .BR cap_iab (3) +.BR capabilities (7), +.BR captree (8), +.BR getcap (8), +.BR getpcaps (8), and -.BR capabilities (7). +.BR setcap (8). diff --git a/doc/getcap.8 b/doc/getcap.8 index 04b601c..8b6d201 100644 --- a/doc/getcap.8 +++ b/doc/getcap.8 @@ -1,5 +1,5 @@ -.\" written by Andrew Main <zefram@dcs.warwick.ac.uk> -.TH GETCAP 8 "2020-01-07" +.\" originally written by Andrew Main <zefram@dcs.warwick.ac.uk> +.TH GETCAP 8 "2021-08-29" .SH NAME getcap \- examine file capabilities .SH SYNOPSIS @@ -28,10 +28,14 @@ One file per line. .SH "REPORTING BUGS" Please report bugs via: .TP -https://bugzilla.kernel.org/buglist.cgi?component=libcap&list_id=1047723&product=Tools&resolution=--- +https://bugzilla.kernel.org/buglist.cgi?component=libcap&list_id=1090757 .SH "SEE ALSO" +.BR capsh (1), .BR cap_get_file (3), .BR cap_to_text (3), .BR capabilities (7), .BR user_namespaces (7), -.BR setcap (8) +.BR captree (8), +.BR getpcaps (8) +and +.BR setcap (8). diff --git a/doc/getpcaps.8 b/doc/getpcaps.8 index 3926a8c..1c59ddc 100644 --- a/doc/getpcaps.8 +++ b/doc/getpcaps.8 @@ -1,5 +1,5 @@ .\" Hey, EMACS: -*- nroff -*- -.TH GETPCAPS 8 "2020-01-04" +.TH GETPCAPS 8 "2020-08-29" .\" Please adjust this date whenever revising the manpage. .SH NAME getpcaps \- display process capabilities @@ -36,15 +36,22 @@ default terminal fonts. .TP .B \-\-iab Displays IAB tuple capabilities from the process. The output format -here is unique. Double quotes encase the regular process capabilities -and square brackets encase the IAB tuple. +here is the text format described in \fBcap_iab\fR(3). Double +quotes encase the regular process capabilities and square brackets +encase the IAB tuple. This format is also used by \fBcaptree\fR(8). +.SH "REPORTING BUGS" +Please report bugs via: +.TP +https://bugzilla.kernel.org/buglist.cgi?component=libcap&list_id=1090757 .SH SEE ALSO .BR capsh (1), +.BR cap_from_text (3), +.BR cap_iab (3), .BR capabilities (7), +.BR captree (8), .BR getcap (8), -.BR setcap (8) and -.BR cap_iab (3). +.BR setcap (8). .SH AUTHOR This manual page was originally written by Robert Bihlmeyer <robbe@debian.org>, for the Debian GNU/Linux system (but may be used diff --git a/doc/setcap.8 b/doc/setcap.8 index 463752d..d652076 100644 --- a/doc/setcap.8 +++ b/doc/setcap.8 @@ -1,4 +1,4 @@ -.TH SETCAP 8 "2020-01-07" +.TH SETCAP 8 "2020-08-29" .SH NAME setcap \- set file capabilities .SH SYNOPSIS @@ -54,10 +54,14 @@ exit code is 1. .SH "REPORTING BUGS" Please report bugs via: .TP -https://bugzilla.kernel.org/buglist.cgi?component=libcap&list_id=1047723&product=Tools&resolution=--- +https://bugzilla.kernel.org/buglist.cgi?component=libcap&list_id=1090757 .SH "SEE ALSO" +.BR capsh (1), .BR cap_from_text (3), .BR cap_get_file (3), .BR capabilities (7), .BR user_namespaces (7), +.BR captree (8), .BR getcap (8) +and +.BR getpcaps (8). |