From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
Cc: linux-man <linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
lkml <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: Documenting reboot(2) changes for PID namespace in 3.9
Date: Tue, 12 Mar 2013 00:20:52 -0700 [thread overview]
Message-ID: <87620xccdn.fsf@xmission.com> (raw)
In-Reply-To: <CAKgNAkg8+gx8K6W=g1LStESRO=vgtvQtt2Q-+LG5R6Tk3ncYZQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> (Michael Kerrisk's message of "Tue, 12 Mar 2013 08:07:44 +0100")
"Michael Kerrisk (man-pages)" <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> writes:
> Li,
>
> Regarding your commit 923c7538236564c46ee80c253a416705321f13e3 , I
> plan to apply the following patch to the reboot(2) manual page. Does
> it look okay to you?
You have documented the behavior as of 3.4.
The change in 3.9 is to allow that same behavior in a pid_namespace
created with a user namespace. Aka in 3.9 the permission
check changed from capable(CAP_SYS_BOOT) to ns_capable(pid_ns->user_ns, CAP_SYS_BOOT);
Eric
> Thanks,
>
> Michael
>
> diff --git a/man2/reboot.2 b/man2/reboot.2
> index 8347870..1c17b85 100644
> --- a/man2/reboot.2
> +++ b/man2/reboot.2
> @@ -24,7 +24,7 @@
> .\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> .\" Added notes on capability requirements
> .\"
> -.TH REBOOT 2 2010-10-31 "Linux" "Linux Programmer's Manual"
> +.TH REBOOT 2 2013-03-12 "Linux" "Linux Programmer's Manual"
> .SH NAME
> reboot \- reboot or enable/disable Ctrl-Alt-Del
> .SH SYNOPSIS
> @@ -147,6 +147,26 @@ For the i386 architecture, the additional
> argument does not do
> anything at present (2.1.122), but the type of reboot can be
> determined by kernel command-line arguments ("reboot=...") to be
> either warm or cold, and either hard or through the BIOS.
> +.SS Behavior inside PID namespaces
> +.\" commit commit 923c7538236564c46ee80c253a416705321f13e3
> +Since Linux 3.9, when
^^^ 3.4
> +.BR reboot ()
> +is called from a PID namespace (see
> +.BR pid_namespaces (7))
> +other than the initial PID namespace,
> +the effect of the call is to send a signal to the namespace "init" process.
> +.BR LINUX_REBOOT_CMD_RESTART
> +and
> +.BR LINUX_REBOOT_CMD_RESTART2
> +cause a
> +.BR SIGHUP
> +signal to be sent.
> +.BR LINUX_REBOOT_CMD_POWER_OFF
> +and
> +.BR LINUX_REBOOT_CMD_HALT
> +cause a
> +.B SIGINT
> +signal to be sent.
> .SH RETURN VALUE
> For the values of
> .I cmd
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: mtk.manpages@gmail.com
Cc: Li Zefan <lizefan@huawei.com>,
linux-man <linux-man@vger.kernel.org>,
Linux Containers <containers@lists.linux-foundation.org>,
lkml <linux-kernel@vger.kernel.org>
Subject: Re: Documenting reboot(2) changes for PID namespace in 3.9
Date: Tue, 12 Mar 2013 00:20:52 -0700 [thread overview]
Message-ID: <87620xccdn.fsf@xmission.com> (raw)
In-Reply-To: <CAKgNAkg8+gx8K6W=g1LStESRO=vgtvQtt2Q-+LG5R6Tk3ncYZQ@mail.gmail.com> (Michael Kerrisk's message of "Tue, 12 Mar 2013 08:07:44 +0100")
"Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com> writes:
> Li,
>
> Regarding your commit 923c7538236564c46ee80c253a416705321f13e3 , I
> plan to apply the following patch to the reboot(2) manual page. Does
> it look okay to you?
You have documented the behavior as of 3.4.
The change in 3.9 is to allow that same behavior in a pid_namespace
created with a user namespace. Aka in 3.9 the permission
check changed from capable(CAP_SYS_BOOT) to ns_capable(pid_ns->user_ns, CAP_SYS_BOOT);
Eric
> Thanks,
>
> Michael
>
> diff --git a/man2/reboot.2 b/man2/reboot.2
> index 8347870..1c17b85 100644
> --- a/man2/reboot.2
> +++ b/man2/reboot.2
> @@ -24,7 +24,7 @@
> .\" Modified, 27 May 2004, Michael Kerrisk <mtk.manpages@gmail.com>
> .\" Added notes on capability requirements
> .\"
> -.TH REBOOT 2 2010-10-31 "Linux" "Linux Programmer's Manual"
> +.TH REBOOT 2 2013-03-12 "Linux" "Linux Programmer's Manual"
> .SH NAME
> reboot \- reboot or enable/disable Ctrl-Alt-Del
> .SH SYNOPSIS
> @@ -147,6 +147,26 @@ For the i386 architecture, the additional
> argument does not do
> anything at present (2.1.122), but the type of reboot can be
> determined by kernel command-line arguments ("reboot=...") to be
> either warm or cold, and either hard or through the BIOS.
> +.SS Behavior inside PID namespaces
> +.\" commit commit 923c7538236564c46ee80c253a416705321f13e3
> +Since Linux 3.9, when
^^^ 3.4
> +.BR reboot ()
> +is called from a PID namespace (see
> +.BR pid_namespaces (7))
> +other than the initial PID namespace,
> +the effect of the call is to send a signal to the namespace "init" process.
> +.BR LINUX_REBOOT_CMD_RESTART
> +and
> +.BR LINUX_REBOOT_CMD_RESTART2
> +cause a
> +.BR SIGHUP
> +signal to be sent.
> +.BR LINUX_REBOOT_CMD_POWER_OFF
> +and
> +.BR LINUX_REBOOT_CMD_HALT
> +cause a
> +.B SIGINT
> +signal to be sent.
> .SH RETURN VALUE
> For the values of
> .I cmd
next prev parent reply other threads:[~2013-03-12 7:20 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-12 7:07 Documenting reboot(2) changes for PID namespace in 3.9 Michael Kerrisk (man-pages)
2013-03-12 7:07 ` Michael Kerrisk (man-pages)
[not found] ` <CAKgNAkg8+gx8K6W=g1LStESRO=vgtvQtt2Q-+LG5R6Tk3ncYZQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-03-12 7:20 ` Eric W. Biederman [this message]
2013-03-12 7:20 ` Eric W. Biederman
[not found] ` <87620xccdn.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-03-14 10:14 ` Michael Kerrisk (man-pages)
2013-03-14 10:14 ` Michael Kerrisk (man-pages)
2013-03-14 10:14 ` Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87620xccdn.fsf@xmission.com \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.