[PATCH] man/man2const/TIOCLINUX.2const: Document CAP_SYS_ADMIN requirement for TIOCL_SETSEL modes

[PATCH] man/man2const/TIOCLINUX.2const: Document CAP_SYS_ADMIN requirement for TIOCL_SETSEL modes

[Günther Noack]

CAP_SYS_ADMIN was previously required for the entire TIOCL_SETSEL
subcode, but is now only needed for a subset of the selection modes,
since linux.git 2f83e38a095f ("tty: Permit some TIOCL_SETSEL modes
without CAP_SYS_ADMIN").

The CAP_SYS_ADMIN requirement for TIOCL_SELMOUSEREPORT was further
corrected in linux.git ee6a44da3c87 ("tty: Require CAP_SYS_ADMIN for
all usages of TIOCL_SELMOUSEREPORT").

Link: <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=2f83e38a095f8bf7c6029883d894668b03b9bd93>
Link: <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ee6a44da3c87cf64d67dd02be8c0127a5bf56175>
Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
 man/man2const/TIOCLINUX.2const | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/man/man2const/TIOCLINUX.2const b/man/man2const/TIOCLINUX.2const
index 61f1c596d..f48132ea1 100644
--- a/man/man2const/TIOCLINUX.2const
+++ b/man/man2const/TIOCLINUX.2const
@@ -72,18 +72,30 @@ may be one of the following operations:
 Select character-by-character.
 The indicated screen characters are highlighted
 and saved in a kernel buffer.
+.IP
+Since Linux 6.7, using this selection mode requires the
+.B CAP_SYS_ADMIN
+capability.
 .TP
 .B TIOCL_SELWORD
 Select word-by-word,
 expanding the selection outwards to align with word boundaries.
 The indicated screen characters are highlighted
 and saved in a kernel buffer.
+.IP
+Since Linux 6.7, using this selection mode requires the
+.B CAP_SYS_ADMIN
+capability.
 .TP
 .B TIOCL_SELLINE
 Select line-by-line,
 expanding the selection outwards to select full lines.
 The indicated screen characters are highlighted
 and saved in a kernel buffer.
+.IP
+Since Linux 6.7, using this selection mode requires the
+.B CAP_SYS_ADMIN
+capability.
 .TP
 .B TIOCL_SELPOINTER
 Show the pointer at position
@@ -118,11 +130,11 @@ If mouse reporting is not enabled for the terminal,
 this operation yields an
 .B EINVAL
 error.
-.RE
 .IP
-Since Linux 6.7, using this subcode requires the
+Since Linux 6.12.26, using this selection mode requires the
 .B CAP_SYS_ADMIN
 capability.
+.RE
 .TP
 .BR subcode = TIOCL_PASTESEL
 Paste selection.
-- 
2.49.0

Re: [PATCH] man/man2const/TIOCLINUX.2const: Document CAP_SYS_ADMIN requirement for TIOCL_SETSEL modes

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 3353 bytes --]

Hi Günther,

On Thu, May 01, 2025 at 01:00:23PM +0200, Günther Noack wrote:
> CAP_SYS_ADMIN was previously required for the entire TIOCL_SETSEL
> subcode, but is now only needed for a subset of the selection modes,
> since linux.git 2f83e38a095f ("tty: Permit some TIOCL_SETSEL modes
> without CAP_SYS_ADMIN").
> 
> The CAP_SYS_ADMIN requirement for TIOCL_SELMOUSEREPORT was further
> corrected in linux.git ee6a44da3c87 ("tty: Require CAP_SYS_ADMIN for
> all usages of TIOCL_SELMOUSEREPORT").

In these commit references, it would be interesting to include the
commit date (when there are more than one, to get an idea of the
chronology).  This git alias might be useful for you to produce these
references:

	$ grep -A1 '\<ref\>' /etc/gitconfig 
		ref = show --no-patch --abbrev=12 --date=short \
			--format=tformat:'%C(auto)%h%C(reset) %C(white)(%cd%x3B \"%C(reset)%C(auto)%s%C(reset)%C(white)\")%C(reset)'
	$ git ref 2f83e38a095f ee6a44da3c87
	2f83e38a095f (2025-01-13; "tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN")
	ee6a44da3c87 (2025-04-11; "tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT")

> 
> Link: <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=2f83e38a095f8bf7c6029883d894668b03b9bd93>
> Link: <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ee6a44da3c87cf64d67dd02be8c0127a5bf56175>
> Signed-off-by: Günther Noack <gnoack3000@gmail.com>
> ---
>  man/man2const/TIOCLINUX.2const | 16 ++++++++++++++--
>  1 file changed, 14 insertions(+), 2 deletions(-)
> 
> diff --git a/man/man2const/TIOCLINUX.2const b/man/man2const/TIOCLINUX.2const
> index 61f1c596d..f48132ea1 100644
> --- a/man/man2const/TIOCLINUX.2const
> +++ b/man/man2const/TIOCLINUX.2const
> @@ -72,18 +72,30 @@ may be one of the following operations:
>  Select character-by-character.
>  The indicated screen characters are highlighted
>  and saved in a kernel buffer.
> +.IP
> +Since Linux 6.7, using this selection mode requires the
> +.B CAP_SYS_ADMIN
> +capability.
>  .TP
>  .B TIOCL_SELWORD
>  Select word-by-word,
>  expanding the selection outwards to align with word boundaries.
>  The indicated screen characters are highlighted
>  and saved in a kernel buffer.
> +.IP
> +Since Linux 6.7, using this selection mode requires the
> +.B CAP_SYS_ADMIN
> +capability.
>  .TP
>  .B TIOCL_SELLINE
>  Select line-by-line,
>  expanding the selection outwards to select full lines.
>  The indicated screen characters are highlighted
>  and saved in a kernel buffer.
> +.IP
> +Since Linux 6.7, using this selection mode requires the
> +.B CAP_SYS_ADMIN
> +capability.
>  .TP
>  .B TIOCL_SELPOINTER
>  Show the pointer at position
> @@ -118,11 +130,11 @@ If mouse reporting is not enabled for the terminal,
>  this operation yields an
>  .B EINVAL
>  error.
> -.RE
>  .IP
> -Since Linux 6.7, using this subcode requires the
> +Since Linux 6.12.26, using this selection mode requires the
>  .B CAP_SYS_ADMIN
>  capability.

I'm not sure I understand this part.  Was it required since 6.7 and now
it's only since 6.12.26?  How can that be?


Have a lovely day!
Alex

> +.RE
>  .TP
>  .BR subcode = TIOCL_PASTESEL
>  Paste selection.
> -- 
> 2.49.0
> 

-- 
<https://www.alejandro-colomar.es/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH] man/man2const/TIOCLINUX.2const: Document CAP_SYS_ADMIN requirement for TIOCL_SETSEL modes

[Günther Noack]

Hello Alejandro!

On Thu, May 01, 2025 at 05:05:33PM +0200, Alejandro Colomar wrote:
> On Thu, May 01, 2025 at 01:00:23PM +0200, Günther Noack wrote:
> > CAP_SYS_ADMIN was previously required for the entire TIOCL_SETSEL
> > subcode, but is now only needed for a subset of the selection modes,
> > since linux.git 2f83e38a095f ("tty: Permit some TIOCL_SETSEL modes
> > without CAP_SYS_ADMIN").
> > 
> > The CAP_SYS_ADMIN requirement for TIOCL_SELMOUSEREPORT was further
> > corrected in linux.git ee6a44da3c87 ("tty: Require CAP_SYS_ADMIN for
> > all usages of TIOCL_SELMOUSEREPORT").
> 
> In these commit references, it would be interesting to include the
> commit date (when there are more than one, to get an idea of the
> chronology).  This git alias might be useful for you to produce these
> references:
> 
> 	$ grep -A1 '\<ref\>' /etc/gitconfig 
> 		ref = show --no-patch --abbrev=12 --date=short \
> 			--format=tformat:'%C(auto)%h%C(reset) %C(white)(%cd%x3B \"%C(reset)%C(auto)%s%C(reset)%C(white)\")%C(reset)'
> 	$ git ref 2f83e38a095f ee6a44da3c87
> 	2f83e38a095f (2025-01-13; "tty: Permit some TIOCL_SETSEL modes without CAP_SYS_ADMIN")
> 	ee6a44da3c87 (2025-04-11; "tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT")

Thanks, that's a useful alias.

> > Link: <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=2f83e38a095f8bf7c6029883d894668b03b9bd93>
> > Link: <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=ee6a44da3c87cf64d67dd02be8c0127a5bf56175>
> > Signed-off-by: Günther Noack <gnoack3000@gmail.com>
> > ---
> >  man/man2const/TIOCLINUX.2const | 16 ++++++++++++++--
> >  1 file changed, 14 insertions(+), 2 deletions(-)
> > 
> > diff --git a/man/man2const/TIOCLINUX.2const b/man/man2const/TIOCLINUX.2const
> > index 61f1c596d..f48132ea1 100644
> > --- a/man/man2const/TIOCLINUX.2const
> > +++ b/man/man2const/TIOCLINUX.2const
> > @@ -72,18 +72,30 @@ may be one of the following operations:
> >  Select character-by-character.
> >  The indicated screen characters are highlighted
> >  and saved in a kernel buffer.
> > +.IP
> > +Since Linux 6.7, using this selection mode requires the
> > +.B CAP_SYS_ADMIN
> > +capability.
> >  .TP
> >  .B TIOCL_SELWORD
> >  Select word-by-word,
> >  expanding the selection outwards to align with word boundaries.
> >  The indicated screen characters are highlighted
> >  and saved in a kernel buffer.
> > +.IP
> > +Since Linux 6.7, using this selection mode requires the
> > +.B CAP_SYS_ADMIN
> > +capability.
> >  .TP
> >  .B TIOCL_SELLINE
> >  Select line-by-line,
> >  expanding the selection outwards to select full lines.
> >  The indicated screen characters are highlighted
> >  and saved in a kernel buffer.
> > +.IP
> > +Since Linux 6.7, using this selection mode requires the
> > +.B CAP_SYS_ADMIN
> > +capability.
> >  .TP
> >  .B TIOCL_SELPOINTER
> >  Show the pointer at position
> > @@ -118,11 +130,11 @@ If mouse reporting is not enabled for the terminal,
> >  this operation yields an
> >  .B EINVAL
> >  error.
> > -.RE
> >  .IP
> > -Since Linux 6.7, using this subcode requires the
> > +Since Linux 6.12.26, using this selection mode requires the
> >  .B CAP_SYS_ADMIN
> >  capability.
> 
> I'm not sure I understand this part.  Was it required since 6.7 and now
> it's only since 6.12.26?  How can that be?

Legitimate question.  For the TIOCL_SELMOUSEREPORT selection mode, the
requirement was briefly lifted (but in a confusing way due to an
implementation mistake).

The way that the diff came out is slightly misleading.  Note that the
.RE "moved", which really means that this text is now talking about
the TIOCL_SELMOUSEREPORT selection mode instead of the TIOCL_SETSEL
subcode - so we are now documenting the more fine-grained selection
modes instead of the more coarse grained TIOCL_SETSEL subcode.

For the selection modes, we had three cases:

 1. The selection modes which continue to require CAP_SYS_ADMIN.
    For these this is true before and after these kernel patches,
    so this is "required since Linux 6.7", as before.

 2. The selection modes which do not require CAP_SYS_ADMIN any more.
    For these, I dropped the remark.
    
 3. The TIOCL_SELMOUSEREPORT selection mode.  For this one, we had an
    unfortunate back-and-forth for when CAP_SYS_ADMIN is required:

    - It used to not be required.
    - It was required in 6.7+
    - After 2f83e38a095f, which aimed to loosen the requirement, it
      was *sometimes required* (unintentional and really too confusing
      to describe in a man page, IMHO)
    - After ee6a44da3c87 (coming up in Linux 6.12.26), it requires
      CAP_SYS_ADMIN again.

So for TIOCL_SELMOUSEREPORT, I am now saying it is required since
6.12.26 (an upcoming stable kernel).  But we can as well change it to
say "since 6.7" if that sounds better to you.  Maybe that would be
simpler and err on the safe side for users of the API.  (To be fair,
these interfaces are anyway only used by gpm and consolation. I am
mostly documenting it for completeness.)

Do you have a preference how to word this?  Should we say "since Linux
6.7" instead?

There are more details in the commit message of ee6a44da3c87
(2025-04-11; "tty: Require CAP_SYS_ADMIN for all usages of
TIOCL_SELMOUSEREPORT"), and in the related mail threads.


> > +.RE
    ^^^^
    The diff looks like I moved .RE,
    but I really moved the remark into a different indentation level.

> >  .TP
> >  .BR subcode = TIOCL_PASTESEL
> >  Paste selection.
> > -- 
> > 2.49.0

Thanks for the review!
–Günther

Re: [PATCH] man/man2const/TIOCLINUX.2const: Document CAP_SYS_ADMIN requirement for TIOCL_SETSEL modes

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 2862 bytes --]

Hello Günther!

On Thu, May 01, 2025 at 09:33:52PM +0200, Günther Noack wrote:
> > > @@ -118,11 +130,11 @@ If mouse reporting is not enabled for the terminal,
> > >  this operation yields an
> > >  .B EINVAL
> > >  error.
> > > -.RE
> > >  .IP
> > > -Since Linux 6.7, using this subcode requires the
> > > +Since Linux 6.12.26, using this selection mode requires the
> > >  .B CAP_SYS_ADMIN
> > >  capability.
> > 
> > I'm not sure I understand this part.  Was it required since 6.7 and now
> > it's only since 6.12.26?  How can that be?
> 
> Legitimate question.  For the TIOCL_SELMOUSEREPORT selection mode, the
> requirement was briefly lifted (but in a confusing way due to an
> implementation mistake).
> 
> The way that the diff came out is slightly misleading.  Note that the
> .RE "moved", which really means that this text is now talking about
> the TIOCL_SELMOUSEREPORT selection mode instead of the TIOCL_SETSEL
> subcode - so we are now documenting the more fine-grained selection
> modes instead of the more coarse grained TIOCL_SETSEL subcode.
> 
> For the selection modes, we had three cases:
> 
>  1. The selection modes which continue to require CAP_SYS_ADMIN.
>     For these this is true before and after these kernel patches,
>     so this is "required since Linux 6.7", as before.
> 
>  2. The selection modes which do not require CAP_SYS_ADMIN any more.
>     For these, I dropped the remark.
>     
>  3. The TIOCL_SELMOUSEREPORT selection mode.  For this one, we had an
>     unfortunate back-and-forth for when CAP_SYS_ADMIN is required:
> 
>     - It used to not be required.
>     - It was required in 6.7+
>     - After 2f83e38a095f, which aimed to loosen the requirement, it
>       was *sometimes required* (unintentional and really too confusing
>       to describe in a man page, IMHO)
>     - After ee6a44da3c87 (coming up in Linux 6.12.26), it requires
>       CAP_SYS_ADMIN again.

Hmmmm.

> So for TIOCL_SELMOUSEREPORT, I am now saying it is required since
> 6.12.26 (an upcoming stable kernel).

Makes sense.  However, 6.12.26 is a branch, and we would need to clarify
what's the state in 6.{13,14,15}, don't we?

>  But we can as well change it to
> say "since 6.7" if that sounds better to you.  Maybe that would be
> simpler and err on the safe side for users of the API.  (To be fair,
> these interfaces are anyway only used by gpm and consolation. I am
> mostly documenting it for completeness.)
> 
> Do you have a preference how to word this?  Should we say "since Linux
> 6.7" instead?

I don't have a preference.  Maybe since Linux 6.7 is easier than saying
since Linux 6.12.26, 6.13.x, 6.14.y, and 6.15.z.

> Thanks for the review!
> –Günther

You're welcome!  :)


Have a lovely night!
Alex

-- 
<https://www.alejandro-colomar.es/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH] man/man2const/TIOCLINUX.2const: Document CAP_SYS_ADMIN requirement for TIOCL_SETSEL modes

[Günther Noack]

Hello Alejandro!

On Thu, May 01, 2025 at 10:19:01PM +0200, Alejandro Colomar wrote:
> On Thu, May 01, 2025 at 09:33:52PM +0200, Günther Noack wrote:
> > > > @@ -118,11 +130,11 @@ If mouse reporting is not enabled for the terminal,
> > > >  this operation yields an
> > > >  .B EINVAL
> > > >  error.
> > > > -.RE
> > > >  .IP
> > > > -Since Linux 6.7, using this subcode requires the
> > > > +Since Linux 6.12.26, using this selection mode requires the
> > > >  .B CAP_SYS_ADMIN
> > > >  capability.
> > > 
> > > I'm not sure I understand this part.  Was it required since 6.7 and now
> > > it's only since 6.12.26?  How can that be?
> > 
> > Legitimate question.  For the TIOCL_SELMOUSEREPORT selection mode, the
> > requirement was briefly lifted (but in a confusing way due to an
> > implementation mistake).
> > 
> > The way that the diff came out is slightly misleading.  Note that the
> > .RE "moved", which really means that this text is now talking about
> > the TIOCL_SELMOUSEREPORT selection mode instead of the TIOCL_SETSEL
> > subcode - so we are now documenting the more fine-grained selection
> > modes instead of the more coarse grained TIOCL_SETSEL subcode.
> > 
> > For the selection modes, we had three cases:
> > 
> >  1. The selection modes which continue to require CAP_SYS_ADMIN.
> >     For these this is true before and after these kernel patches,
> >     so this is "required since Linux 6.7", as before.
> > 
> >  2. The selection modes which do not require CAP_SYS_ADMIN any more.
> >     For these, I dropped the remark.
> >     
> >  3. The TIOCL_SELMOUSEREPORT selection mode.  For this one, we had an
> >     unfortunate back-and-forth for when CAP_SYS_ADMIN is required:
> > 
> >     - It used to not be required.
> >     - It was required in 6.7+
> >     - After 2f83e38a095f, which aimed to loosen the requirement, it
> >       was *sometimes required* (unintentional and really too confusing
> >       to describe in a man page, IMHO)
> >     - After ee6a44da3c87 (coming up in Linux 6.12.26), it requires
> >       CAP_SYS_ADMIN again.
> 
> Hmmmm.
> 
> > So for TIOCL_SELMOUSEREPORT, I am now saying it is required since
> > 6.12.26 (an upcoming stable kernel).
> 
> Makes sense.  However, 6.12.26 is a branch, and we would need to clarify
> what's the state in 6.{13,14,15}, don't we?

Both patches are applied to all up-to-date versions of stable kernels.

6.7 to 6.11  (EOL) have none of the two patches:
             CAP_SYS_ADMIN is enforced broadly
6.12.26      (longterm) has both
6.13.12      (EOL) has only the first patch
6.14.5       (stable) has both
6.15         (not released yet) will have both


> >  But we can as well change it to
> > say "since 6.7" if that sounds better to you.  Maybe that would be
> > simpler and err on the safe side for users of the API.  (To be fair,
> > these interfaces are anyway only used by gpm and consolation. I am
> > mostly documenting it for completeness.)
> > 
> > Do you have a preference how to word this?  Should we say "since Linux
> > 6.7" instead?
> 
> I don't have a preference.  Maybe since Linux 6.7 is easier than saying
> since Linux 6.12.26, 6.13.x, 6.14.y, and 6.15.z.

Yes, I think so too.  I'll send a V2 that says "since Linux 6.7".  The
fact that we permitted some of these invocations without CAP_SYS_ADMIN
was a bug in hindsight and only a temporary state.

Thanks,
–Günther