The output is unchanged, except the font change for a punctuation
mark (kexec_load.2 and keyctl.2) and removing quotation marks around a
single argument (keyctl.2).
Signed-off-by: Bjarni Ingi Gislason <bjarniig@xxxxxxxxx>
---
man2/kcmp.2 | 28 ++++----
man2/kexec_load.2 | 32 ++++-----
man2/keyctl.2 | 176 +++++++++++++++++++++++-----------------------
3 files changed, 118 insertions(+), 118 deletions(-)
diff --git a/man2/kcmp.2 b/man2/kcmp.2
index bf454bdfa..2fdcc76e8 100644
--- a/man2/kcmp.2
+++ b/man2/kcmp.2
@@ -64,7 +64,7 @@ The
argument specifies which resource is to be compared in the two processes.
It has one of the following values:
.TP
-.BR KCMP_FILE
+.B KCMP_FILE
Check whether a file descriptor
.I idx1
in the process
@@ -83,7 +83,7 @@ open file description can occur as a result of
or passing file descriptors via a domain socket (see
.BR unix (7)).
.TP
-.BR KCMP_FILES
+.B KCMP_FILES
Check whether the processes share the same set of open file descriptors.
The arguments
.I idx1
@@ -91,11 +91,11 @@ and
.I idx2
are ignored.
See the discussion of the
-.BR CLONE_FILES
+.B CLONE_FILES
flag in
.BR clone (2).
.TP
-.BR KCMP_FS
+.B KCMP_FS
Check whether the processes share the same filesystem information
(i.e., file mode creation mask, working directory, and filesystem root).
The arguments
@@ -104,11 +104,11 @@ and
.I idx2
are ignored.
See the discussion of the
-.BR CLONE_FS
+.B CLONE_FS
flag in
.BR clone (2).
.TP
-.BR KCMP_IO
+.B KCMP_IO
Check whether the processes share I/O context.
The arguments
.I idx1
@@ -116,11 +116,11 @@ and
.I idx2
are ignored.
See the discussion of the
-.BR CLONE_IO
+.B CLONE_IO
flag in
.BR clone (2).
.TP
-.BR KCMP_SIGHAND
+.B KCMP_SIGHAND
Check whether the processes share the same table of signal dispositions.
The arguments
.I idx1
@@ -128,11 +128,11 @@ and
.I idx2
are ignored.
See the discussion of the
-.BR CLONE_SIGHAND
+.B CLONE_SIGHAND
flag in
.BR clone (2).
.TP
-.BR KCMP_SYSVSEM
+.B KCMP_SYSVSEM
Check whether the processes share the same
list of System\ V semaphore undo operations.
The arguments
@@ -141,11 +141,11 @@ and
.I idx2
are ignored.
See the discussion of the
-.BR CLONE_SYSVSEM
+.B CLONE_SYSVSEM
flag in
.BR clone (2).
.TP
-.BR KCMP_VM
+.B KCMP_VM
Check whether the processes share the same address space.
The arguments
.I idx1
@@ -153,7 +153,7 @@ and
.I idx2
are ignored.
See the discussion of the
-.BR CLONE_VM
+.B CLONE_VM
flag in
.BR clone (2).
.TP
@@ -201,7 +201,7 @@ Note the
is not protected against false positives which may occur if
the processes are currently running.
One should stop the processes by sending
-.BR SIGSTOP
+.B SIGSTOP
(see
.BR signal (7))
prior to inspection with this system call to obtain meaningful results.
diff --git a/man2/kexec_load.2 b/man2/kexec_load.2
index bcb38b952..94795d02f 100644
--- a/man2/kexec_load.2
+++ b/man2/kexec_load.2
@@ -133,7 +133,7 @@ The kernel image defined by
is copied from the calling process into
the kernel either in regular
memory or in reserved memory (if
-.BR KEXEC_ON_CRASH
+.B KEXEC_ON_CRASH
is set).
The kernel first performs various sanity checks on the
information passed in
@@ -170,7 +170,7 @@ is less than
then the excess bytes in the kernel buffer are zeroed out.
.PP
In case of a normal kexec (i.e., the
-.BR KEXEC_ON_CRASH
+.B KEXEC_ON_CRASH
flag is not set), the segment data is loaded in any available memory
and is moved to the final destination at kexec reboot time (e.g., when the
.BR kexec (8)
@@ -179,7 +179,7 @@ command is executed with the
option).
.PP
In case of kexec on panic (i.e., the
-.BR KEXEC_ON_CRASH
+.B KEXEC_ON_CRASH
flag is set), the segment data is
loaded to reserved memory at the time of the call, and, after a crash,
the kexec mechanism simply passes control to that kernel.
@@ -201,34 +201,34 @@ and the initrd (initial RAM disk)
to be loaded from file referred to by the file descriptor
.IR initrd_fd .
The
-.IR cmdline
+.I cmdline
argument is a pointer to a buffer containing the command line
for the new kernel.
The
-.IR cmdline_len
+.I cmdline_len
argument specifies size of the buffer.
The last byte in the buffer must be a null byte (\(aq\\0\(aq).
.PP
The
-.IR flags
+.I flags
argument is a bit mask which modifies the behavior of the call.
The following values can be specified in
.IR flags :
.TP
-.BR KEXEC_FILE_UNLOAD
+.B KEXEC_FILE_UNLOAD
Unload the currently loaded kernel.
.TP
-.BR KEXEC_FILE_ON_CRASH
+.B KEXEC_FILE_ON_CRASH
Load the new kernel in the memory region reserved for the crash kernel
(as for
-.BR KEXEC_ON_CRASH).
+.BR KEXEC_ON_CRASH ).
This kernel is booted if the currently running kernel crashes.
.TP
-.BR KEXEC_FILE_NO_INITRAMFS
+.B KEXEC_FILE_NO_INITRAMFS
Loading initrd/initramfs is optional.
Specify this flag if no initramfs is being loaded.
If this flag is set, the value passed in
-.IR initrd_fd
+.I initrd_fd
is ignored.
.PP
The
@@ -291,9 +291,9 @@ entries exceeds the value in the corresponding
field.
.TP
.B EINVAL
-.IR nr_segments
+.I nr_segments
exceeds
-.BR KEXEC_SEGMENT_MAX
+.B KEXEC_SEGMENT_MAX
(16).
.TP
.B EINVAL
@@ -323,7 +323,7 @@ Could not allocate memory.
.TP
.B EPERM
The caller does not have the
-.BR CAP_SYS_BOOT
+.B CAP_SYS_BOOT
capability.
.SH VERSIONS
The
@@ -344,6 +344,6 @@ Call them using
.BR kexec (8)
.PP
The kernel source files
-.IR Documentation/kdump/kdump.txt
+.I Documentation/kdump/kdump.txt
and
-.IR Documentation/admin-guide/kernel-parameters.txt
+.I Documentation/admin-guide/kernel-parameters.txt
diff --git a/man2/keyctl.2 b/man2/keyctl.2
index 75964dffd..69df345cb 100644
--- a/man2/keyctl.2
+++ b/man2/keyctl.2
@@ -158,9 +158,9 @@ The caller must have
permission on a keyring in order for it to be found.
.IP
The arguments
-.IR arg4
+.I arg4
and
-.IR arg5
+.I arg5
are ignored.
.IP
This operation is exposed by
@@ -207,7 +207,7 @@ The arguments
.IR arg3 ,
.IR arg4 ,
and
-.IR arg5
+.I arg5
are ignored.
.IP
This operation is exposed by
@@ -262,9 +262,9 @@ Further attempts to use the key will fail with the error
.BR EKEYREVOKED .
.IP
The caller must have
-.IR write
+.I write
or
-.IR setattr
+.I setattr
permission on the key.
.\" Keys with the KEY_FLAG_KEEP bit set cause an EPERM
.\" error for KEYCTL_REVOKE. Does this need to be documented?
@@ -274,7 +274,7 @@ The arguments
.IR arg3 ,
.IR arg4 ,
and
-.IR arg5
+.I arg5
are ignored.
.IP
This operation is exposed by
@@ -343,13 +343,13 @@ capability, it can change permissions only for the keys it owns.
The key must grant
.I setattr
permission to the caller
-.IR regardless
+.I regardless
of the caller's capabilities.
.\" FIXME Above, is it really intended that a privileged process can't
.\" override the lack of the 'setattr' permission?
.IP
The permissions in
-.IR arg3
+.I arg3
specify masks of available operations
for each of the following user categories:
.RS
@@ -361,21 +361,21 @@ This is the permission granted to a process that possesses the key
see
.BR keyrings (7).
.TP
-.IR user
+.I user
This is the permission granted to a process
whose filesystem UID matches the UID of the key.
.TP
-.IR group
+.I group
This is the permission granted to a process
whose filesystem GID or any of its supplementary GIDs
matches the GID of the key.
.TP
-.IR other
+.I other
This is the permission granted to other processes
that do not match the
-.IR user
+.I user
and
-.IR group
+.I group
categories.
.RE
.IP
@@ -383,17 +383,17 @@ The
.IR user ,
.IR group ,
and
-.IR other
+.I other
categories are exclusive: if a process matches the
-.IR user
+.I user
category, it will not receive permissions granted in the
-.IR group
+.I group
category; if a process matches the
.I user
or
-.IR group
+.I group
category, then it will not receive permissions granted in the
-.IR other
+.I other
category.
.IP
The
@@ -402,7 +402,7 @@ category grants permissions that are cumulative with the grants from the
.IR user ,
.IR group ,
or
-.IR other
+.I other
category.
.IP
Each permission mask is eight bits in size,
@@ -410,11 +410,11 @@ with only six bits currently used.
The available permissions are:
.RS
.TP
-.IR view
+.I view
This permission allows reading attributes of a key.
.IP
This permission is required for the
-.BR KEYCTL_DESCRIBE
+.B KEYCTL_DESCRIBE
operation.
.IP
The permission bits for each category are
@@ -424,11 +424,11 @@ The permission bits for each category are
and
.BR KEY_OTH_VIEW .
.TP
-.IR read
+.I read
This permission allows reading a key's payload.
.IP
This permission is required for the
-.BR KEYCTL_READ
+.B KEYCTL_READ
operation.
.IP
The permission bits for each category are
@@ -438,7 +438,7 @@ The permission bits for each category are
and
.BR KEY_OTH_READ .
.TP
-.IR write
+.I write
This permission allows update or instantiation of a key's payload.
For a keyring, it allows keys to be linked and unlinked from the keyring,
.IP
@@ -448,7 +448,7 @@ This permission is required for the
.BR KEYCTL_CLEAR ,
.BR KEYCTL_LINK ,
and
-.BR KEYCTL_UNLINK
+.B KEYCTL_UNLINK
operations.
.IP
The permission bits for each category are
@@ -458,7 +458,7 @@ The permission bits for each category are
and
.BR KEY_OTH_WRITE .
.TP
-.IR search
+.I search
This permission allows keyrings to be searched and keys to be found.
Searches can recurse only into nested keyrings that have
.I search
@@ -469,7 +469,7 @@ This permission is required for the
.BR KEYCTL_JOIN_SESSION_KEYRING ,
.BR KEYCTL_SEARCH ,
and
-.BR KEYCTL_INVALIDATE
+.B KEYCTL_INVALIDATE
operations.
.IP
The permission bits for each category are
@@ -479,13 +479,13 @@ The permission bits for each category are
and
.BR KEY_OTH_SEARCH .
.TP
-.IR link
+.I link
This permission allows a key or keyring to be linked to.
.IP
This permission is required for the
-.BR KEYCTL_LINK
+.B KEYCTL_LINK
and
-.BR KEYCTL_SESSION_TO_PARENT
+.B KEYCTL_SESSION_TO_PARENT
operations.
.IP
The permission bits for each category are
@@ -502,7 +502,7 @@ This permission is required for the
.BR KEYCTL_REVOKE ,
.BR KEYCTL_CHOWN ,
and
-.BR KEYCTL_SETPERM
+.B KEYCTL_SETPERM
operations.
.IP
The permission bits for each category are
@@ -516,7 +516,7 @@ and
As a convenience, the following macros are defined as masks for
all of the permission bits in each of the user categories:
.BR KEY_POS_ALL ,
-.BR KEY_USR_ALL,
+.BR KEY_USR_ALL ,
.BR KEY_GRP_ALL ,
and
.BR KEY_OTH_ALL .
@@ -558,13 +558,13 @@ contains the following information about the key:
.in
.IP
In the above,
-.IR type
+.I type
and
-.IR description
+.I description
are strings,
-.IR uid
+.I uid
and
-.IR gid
+.I gid
are decimal strings, and
.I perm
is a hexadecimal permissions mask.
@@ -572,10 +572,10 @@ The descriptive string is written with the following format:
.IP
%s;%d;%d;%08x;%s
.IP
-.BR "Note: the intention is that the descriptive string should"
-.BR "be extensible in future kernel versions".
+.B Note: the intention is that the descriptive string should
+.B be extensible in future kernel versions.
In particular, the
-.IR description
+.I description
field will not contain semicolons;
.\" FIXME But, the kernel does not enforce the requirement
.\" that the key description contains no semicolons!
@@ -588,7 +588,7 @@ This allows future semicolon-delimited fields to be inserted
in the descriptive string in the future.
.IP
Writing to the buffer is attempted only when
-.IR arg3
+.I arg3
is non-NULL and the specified buffer size
is large enough to accept the descriptive string
(including the terminating null byte).
@@ -631,7 +631,7 @@ The arguments
.IR arg3 ,
.IR arg4 ,
and
-.IR arg5
+.I arg5
are ignored.
.IP
This operation is exposed by
@@ -643,11 +643,11 @@ via the function
Create a link from a keyring to a key.
.IP
The key to be linked is specified in
-.IR arg2
+.I arg2
(cast to
.IR key_serial_t );
the keyring is specified in
-.IR arg3
+.I arg3
(cast to
.IR key_serial_t ).
.IP
@@ -670,9 +670,9 @@ permission on the key being added and
permission on the keyring.
.IP
The arguments
-.IR arg4
+.I arg4
and
-.IR arg5
+.I arg5
are ignored.
.IP
This operation is exposed by
@@ -702,9 +702,9 @@ If the last link to a key is removed,
then that key will be scheduled for destruction.
.IP
The arguments
-.IR arg4
+.I arg4
and
-.IR arg5
+.I arg5
are ignored.
.IP
This operation is exposed by
@@ -718,7 +718,7 @@ returning its ID and optionally linking it to a specified keyring.
.IP
The tree to be searched is specified by passing
the ID of the head keyring in
-.IR arg2
+.I arg2
(cast to
.IR key_serial_t ).
The search is performed breadth-first and recursively.
@@ -806,7 +806,7 @@ For example, a keyring will return an array of
.I key_serial_t
entries representing the IDs of all the keys that are linked to it.
The
-.IR "user"
+.I user
key type will return its data as is.
If a key type does not implement this function,
the operation fails with the error
@@ -924,12 +924,12 @@ should contain one of the following values,
to specify the new default keyring:
.RS
.TP
-.BR KEY_REQKEY_DEFL_NO_CHANGE
+.B KEY_REQKEY_DEFL_NO_CHANGE
Don't change the default keyring.
This can be used to discover the current default keyring
(without changing it).
.TP
-.BR KEY_REQKEY_DEFL_DEFAULT
+.B KEY_REQKEY_DEFL_DEFAULT
This selects the default behaviour,
which is to use the thread-specific keyring if there is one,
otherwise the process-specific keyring if there is one,
@@ -937,27 +937,27 @@ otherwise the session keyring if there is one,
otherwise the UID-specific session keyring,
otherwise the user-specific keyring.
.TP
-.BR KEY_REQKEY_DEFL_THREAD_KEYRING
+.B KEY_REQKEY_DEFL_THREAD_KEYRING
Use the thread-specific keyring
.RB ( thread-keyring (7))
as the new default keyring.
.TP
-.BR KEY_REQKEY_DEFL_PROCESS_KEYRING
+.B KEY_REQKEY_DEFL_PROCESS_KEYRING
Use the process-specific keyring
.RB ( process-keyring (7))
as the new default keyring.
.TP
-.BR KEY_REQKEY_DEFL_SESSION_KEYRING
+.B KEY_REQKEY_DEFL_SESSION_KEYRING
Use the session-specific keyring
.RB ( session-keyring (7))
as the new default keyring.
.TP
-.BR KEY_REQKEY_DEFL_USER_KEYRING
+.B KEY_REQKEY_DEFL_USER_KEYRING
Use the UID-specific keyring
.RB ( user-keyring (7))
as the new default keyring.
.TP
-.BR KEY_REQKEY_DEFL_USER_SESSION_KEYRING
+.B KEY_REQKEY_DEFL_USER_SESSION_KEYRING
Use the UID-specific session keyring
.RB ( user-session-keyring (7))
as the new default keyring.
@@ -981,7 +981,7 @@ The arguments
.IR arg3 ,
.IR arg4 ,
and
-.IR arg5
+.I arg5
are ignored.
.IP
The setting controlled by this operation is inherited by the child of
@@ -1030,9 +1030,9 @@ This operation cannot be used to set timeouts on revoked, expired,
or negatively instantiated keys.
.IP
The arguments
-.IR arg4
+.I arg4
and
-.IR arg5
+.I arg5
are ignored.
.IP
This operation is exposed by
@@ -1068,7 +1068,7 @@ Authority over a key can be assumed only if the calling thread has present
in its keyrings the authorization key that is
associated with the specified key.
(In other words, the
-.BR KEYCTL_ASSUME_AUTHORITY
+.B KEYCTL_ASSUME_AUTHORITY
operation is available only from a
.BR request-key (8)-style
program; see
@@ -1091,7 +1091,7 @@ is 0, then the currently assumed authority is cleared (divested),
and the value 0 is returned.
.IP
The
-.BR KEYCTL_ASSUME_AUTHORITY
+.B KEYCTL_ASSUME_AUTHORITY
mechanism allows a program such as
.BR request-key (8)
to assume the necessary authority to instantiate a new uninstantiated key
@@ -1106,7 +1106,7 @@ The arguments
.IR arg3 ,
.IR arg4 ,
and
-.IR arg5
+.I arg5
are ignored.
.IP
This operation is exposed by
@@ -1135,7 +1135,7 @@ the size of the buffer must be provided in
If
.I arg3
is specified as NULL or the buffer size specified in
-.IR arg4
+.I arg4
is too small, the full size of the security label string
(including the terminating null byte)
is returned as the function result,
@@ -1201,7 +1201,7 @@ The arguments
.IR arg3 ,
.IR arg4 ,
and
-.IR arg5
+.I arg5
are ignored.
.IP
This operation is exposed by
@@ -1214,7 +1214,7 @@ via the function
Mark a key as negatively instantiated and set an expiration timer
on the key.
This operation provides a superset of the functionality of the earlier
-.BR KEYCTL_NEGATE
+.B KEYCTL_NEGATE
operation.
.IP
The ID of the key that is to be negatively instantiated is specified in
@@ -1277,7 +1277,7 @@ via a vector of buffers.
This operation is the same as
.BR KEYCTL_INSTANTIATE ,
but the payload data is specified as an array of
-.IR iovec
+.I iovec
structures:
.IP
.in +4n
@@ -1290,11 +1290,11 @@ struct iovec {
.in
.IP
The pointer to the payload vector is specified in
-.IR arg3
+.I arg3
(cast as
.IR "const struct iovec\ *" ).
The number of items in the vector is specified in
-.IR arg4
+.I arg4
(cast as
.IR "unsigned int" ).
.IP
@@ -1345,7 +1345,7 @@ The arguments
.IR arg3 ,
.IR arg4 ,
and
-.IR arg5
+.I arg5
are ignored.
.IP
This operation is exposed by
@@ -1370,7 +1370,7 @@ The ID of the destination keyring is specified in
.IR key_serial_t ).
.IP
The caller must have the
-.BR CAP_SETUID
+.B CAP_SETUID
capability in its user namespace in order to fetch the persistent keyring
for a user ID that does not match either the real or effective user ID
of the caller.
@@ -1405,9 +1405,9 @@ everything it pins can then be garbage collected.
Persistent keyrings were added to Linux in kernel version 3.13.
.IP
The arguments
-.IR arg4
+.I arg4
and
-.IR arg5
+.I arg5
are ignored.
.IP
This operation is exposed by
@@ -1424,7 +1424,7 @@ The
.I arg2
argument is a pointer to a set of parameters containing
serial numbers for three
-.IR """user"""
+.I """user"""
keys used in the Diffie-Hellman calculation,
packaged in a structure of the following form:
.IP
@@ -1476,7 +1476,7 @@ the kernel MPI implementation,
and allows access to secure or acceleration hardware.
.IP
Adding support for DH computation to the
-.BR keyctl()
+.B keyctl()
system call was considered a good fit due to the DH algorithm's use
for deriving shared keys;
it also allows the type of the key to determine
@@ -1556,11 +1556,11 @@ and
.\" commit 6563c91fd645556c7801748f15bc727c77fcd311
.\" commit 7228b66aaf723a623e578aa4db7d083bb39546c9
Apply a key-linking restriction to the keyring with the ID provided in
-.IR arg2
+.I arg2
(cast to
.IR key_serial_t ).
The caller must have
-.IR setattr
+.I setattr
permission on the key.
If
.I arg3
@@ -1674,13 +1674,13 @@ and there was an error during crypto module initialization.
.B EDEADLK
.I operation
was
-.BR KEYCTL_LINK
+.B KEYCTL_LINK
and the requested link would result in a cycle.
.TP
.B EDEADLK
.I operation
was
-.BR KEYCTL_RESTRICT_KEYRING
+.B KEYCTL_RESTRICT_KEYRING
and the requested keyring restriction would result in a cycle.
.TP
.B EDQUOT
@@ -1690,7 +1690,7 @@ linking it to the keyring.
.B EEXIST
.I operation
was
-.BR KEYCTL_RESTRICT_KEYRING
+.B KEYCTL_RESTRICT_KEYRING
and keyring provided in
.I arg2
argument already has a restriction set.
@@ -1742,9 +1742,9 @@ and an invalid permission bit was specified in
.B EINVAL
.I operation
was
-.BR KEYCTL_SEARCH
+.B KEYCTL_SEARCH
and the size of the description in
-.IR arg4
+.I arg4
(including the terminating null byte) exceeded 4096 bytes.
size of the string (including the terminating null byte) specified in
.I arg3
@@ -1813,7 +1813,7 @@ A revoked key was found or specified.
.B ELOOP
.I operation
was
-.BR KEYCTL_LINK
+.B KEYCTL_LINK
and the requested link would cause the maximum nesting depth
for keyrings to be exceeded.
.TP
@@ -1835,9 +1835,9 @@ exceeds
(which is 64 currently).
.TP
.BR ENFILE " (Linux kernels before 3.13)"
-.IR operation
+.I operation
was
-.BR KEYCTL_LINK
+.B KEYCTL_LINK
and the keyring is full.
(Before Linux 3.13,
.\" commit b2a4df200d570b2c33a57e1ebfa5896e4bc81b69
@@ -1930,7 +1930,7 @@ capability.
.B EPERM
.I operation
was
-.BR KEYCTL_SESSION_TO_PARENT
+.B KEYCTL_SESSION_TO_PARENT
and either:
all of the UIDs (GIDs) of the parent process do not match
the effective UID (GID) of the calling process;
@@ -1954,7 +1954,7 @@ This system call is a nonstandard Linux extension.
.SH NOTES
No wrapper for this system call is provided in glibc.
A wrapper is provided in the
-.IR libkeyutils
+.I libkeyutils
library.
When employing the wrapper in that library, link with
.IR \-lkeyutils .
@@ -2060,7 +2060,7 @@ we can see that this was translated to the ID of the destination keyring
.RI ( 0256e6a6 )
shown in the log output above;
we can also see the newly created key with the name
-.IR mykey
+.I mykey
and ID
.IR 20d035bf .
.PP
@@ -2280,6 +2280,6 @@ main(int argc, char *argv[])
.BR request\-key (8)
.PP
The kernel source files under
-.IR Documentation/security/keys/
+.I Documentation/security/keys/
(or, before Linux 4.13, in the file
.IR Documentation/security/keys.txt ).
--
2.20.1
--
Bjarni I. Gislason
