[PATCH v2 2/2] execve.2, proc.5, mount_namespaces.7, unix.7: srcfix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Signed-off-by: Alejandro Colomar <alx.manpages@xxxxxxxxx>
---

This is what I removed in v2.

 man2/execve.2           |   6 +--
 man5/proc.5             | 105 ++++++++++++++++++++--------------------
 man7/mount_namespaces.7 |   6 +--
 man7/unix.7             |   2 +-
 4 files changed, 60 insertions(+), 59 deletions(-)

diff --git a/man2/execve.2 b/man2/execve.2
index 5e995f289..0e21853f7 100644
--- a/man2/execve.2
+++ b/man2/execve.2
@@ -70,7 +70,7 @@ The
 .I argv
 array must be terminated by a NULL pointer.
 (Thus, in the new program,
-.IR argv[argc]
+.I argv[argc]
 will be NULL.)
 .PP
 \fIenvp\fP is an array of pointers to strings, conventionally of the form
@@ -221,7 +221,7 @@ in
 .BR prctl (2).
 Note that changes to the "dumpable" attribute may cause ownership
 of files in the process's
-.IR /proc/[pid]
+.I /proc/[pid]
 directory to change to
 .IR root:root ,
 as described in
@@ -356,7 +356,7 @@ argument of
 starting at
 .IR argv[1] .
 Note that there is no way to get the
-.IR argv[0]
+.I argv[0]
 that was passed to the
 .BR execve ()
 call.
diff --git a/man5/proc.5 b/man5/proc.5
index 744ee04c9..09dc2b382 100644
--- a/man5/proc.5
+++ b/man5/proc.5
@@ -84,7 +84,7 @@ filesystem supports the following mount options:
 .BR hidepid "=\fIn\fP (since Linux 3.3)"
 .\" commit 0499680a42141d86417a8fbaa8c8db806bea1201
 This option controls who can access the information in
-.IR /proc/[pid]
+.I /proc/[pid]
 directories.
 The argument,
 .IR n ,
@@ -93,37 +93,37 @@ is one of the following values:
 .TP 4
 0
 Everybody may access all
-.IR /proc/[pid]
+.I /proc/[pid]
 directories.
 This is the traditional behavior,
 and the default if this mount option is not specified.
 .TP
 1
 Users may not access files and subdirectories inside any
-.IR /proc/[pid]
+.I /proc/[pid]
 directories but their own (the
-.IR /proc/[pid]
+.I /proc/[pid]
 directories themselves remain visible).
 Sensitive files such as
-.IR /proc/[pid]/cmdline
+.I /proc/[pid]/cmdline
 and
-.IR /proc/[pid]/status
+.I /proc/[pid]/status
 are now protected against other users.
 This makes it impossible to learn whether any user is running a
 specific program
 (so long as the program doesn't otherwise reveal itself by its behavior).
 .\" As an additional bonus, since
-.\" .IR /proc/[pid]/cmdline
+.\" .I /proc/[pid]/cmdline
 .\" is inaccessible for other users,
 .\" poorly written programs passing sensitive information via
 .\" program arguments are now protected against local eavesdroppers.
 .TP
 2
 As for mode 1, but in addition the
-.IR /proc/[pid]
+.I /proc/[pid]
 directories belonging to other users become invisible.
 This means that
-.IR /proc/[pid]
+.I /proc/[pid]
 entries can no longer be used to discover the PIDs on the system.
 This doesn't hide the fact that a process with a specific PID value exists
 (it can be learned by other means, for example, by "kill \-0 $PID"),
@@ -131,7 +131,7 @@ but it hides a process's UID and GID,
 which could otherwise be learned by employing
 .BR stat (2)
 on a
-.IR /proc/[pid]
+.I /proc/[pid]
 directory.
 This greatly complicates an attacker's task of gathering
 information about running processes (e.g., discovering whether
@@ -159,7 +159,7 @@ Underneath
 .IR /proc ,
 there are the following general groups of files and subdirectories:
 .TP
-.IR /proc/[pid] " subdirectories"
+.I /proc/[pid] " subdirectories"
 Each one of these subdirectories contains files and subdirectories
 exposing information about the process with the corresponding process ID.
 .IP
@@ -185,11 +185,11 @@ with
 to view the contents of
 .IR /proc ).
 .TP
-.IR /proc/[tid] " subdirectories"
+.I /proc/[tid] " subdirectories"
 Each one of these subdirectories contains files and subdirectories
 exposing information about the thread with the corresponding thread ID.
 The contents of these directories are the same as the corresponding
-.IR /proc/[pid]/task/[tid]
+.I /proc/[pid]/task/[tid]
 directories.
 .IP
 The
@@ -276,7 +276,7 @@ The attribute was reset to the value in the file
 .RE
 .IP
 Resetting the "dumpable" attribute to 1 reverts the ownership of the
-.IR /proc/[pid]/*
+.I /proc/[pid]/*
 files to the process's effective UID and GID.
 Note, however, that if the effective UID or GID is subsequently modified,
 then the "dumpable" attribute may be reset, as described in
@@ -380,7 +380,7 @@ any file creation calls it may make, but the attribute will persist
 across multiple file creation calls within a program unless it is
 explicitly reset.
 In SELinux, a process can set only its own
-.IR /proc/[pid]/attr/fscreate
+.I /proc/[pid]/attr/fscreate
 attribute.
 .TP
 .IR /proc/[pid]/attr/keycreate " (since Linux 2.6.18)"
@@ -469,7 +469,7 @@ Clearing the PG_Referenced and ACCESSED/YOUNG bits provides a method
 to measure approximately how much memory a process is using.
 One first inspects the values in the "Referenced" fields
 for the VMAs shown in
-.IR /proc/[pid]/smaps
+.I /proc/[pid]/smaps
 to get an idea of the memory footprint of the
 process.
 One then clears the PG_Referenced and ACCESSED/YOUNG bits
@@ -490,7 +490,7 @@ This is used (in conjunction with
 .IR /proc/[pid]/pagemap )
 by the check-point restore system to discover which pages of a process
 have been dirtied since the file
-.IR /proc/[pid]/clear_refs
+.I /proc/[pid]/clear_refs
 was written to.
 .TP
 5 (since Linux 4.0)
@@ -500,11 +500,11 @@ current resident set size value.
 .RE
 .IP
 Writing any value to
-.IR /proc/[pid]/clear_refs
+.I /proc/[pid]/clear_refs
 other than those listed above has no effect.
 .IP
 The
-.IR /proc/[pid]/clear_refs
+.I /proc/[pid]/clear_refs
 file is present only if the
 .B CONFIG_PROC_PAGE_MONITOR
 kernel configuration option is enabled.
@@ -726,7 +726,7 @@ is surrounded by square brackets.
 .IP
 For example, an epoll file descriptor will have a symbolic link
 whose content is the string
-.IR "anon_inode:[eventpoll]" .
+.IR anon_inode:[eventpoll] .
 .IP
 .\"The following was still true as at kernel 2.6.13
 In a multithreaded process, the contents of this directory
@@ -740,7 +740,7 @@ and programs that write to a file named as a command-line argument,
 but don't send their output to standard output
 if no argument is supplied, can nevertheless be made to use
 standard input or standard output by using
-.IR /proc/[pid]/fd
+.I /proc/[pid]/fd
 files as command-line arguments.
 For example, assuming that
 .I \-i
@@ -779,7 +779,7 @@ which respectively link to the files
 .IR 0 ,
 .IR 1 ,
 and
-.IR 2
+.I 2
 in
 .IR /proc/self/fd .
 Thus the example command above could be written as:
@@ -1352,7 +1352,7 @@ Offset field in the ELF program headers
 There are additional helpful pseudo-paths:
 .RS
 .TP
-.IR [stack]
+.I [stack]
 The initial process's (also known as the main thread's) stack.
 .TP
 .IR [stack:<tid>] " (from Linux 3.4 to 4.4)"
@@ -1362,17 +1362,17 @@ A thread's stack (where the
 .IR <tid>
 is a thread ID).
 It corresponds to the
-.IR /proc/[pid]/task/[tid]/
+.I /proc/[pid]/task/[tid]/
 path.
 This field was removed in Linux 4.5, since providing this information
 for a process with large numbers of threads is expensive.
 .TP
-.IR [vdso]
+.I [vdso]
 The virtual dynamically linked shared object.
 See
 .BR vdso (7).
 .TP
-.IR [heap]
+.I [heap]
 The process's heap.
 .in
 .RE
@@ -1423,7 +1423,7 @@ in the process's mount namespace (see
 It supplies various information
 (e.g., propagation state, root of mount for bind mounts,
 identifier for each mount and its parent) that is missing from the (older)
-.IR /proc/[pid]/mounts
+.I /proc/[pid]/mounts
 file, and fixes various other problems with that file
 (e.g., nonextensibility,
 failure to distinguish per-mount versus per-superblock options).
@@ -1731,9 +1731,9 @@ scaled linearly with
 .IR oom_score_adj .
 .IP
 Writing to
-.IR /proc/[pid]/oom_score_adj
+.I /proc/[pid]/oom_score_adj
 or
-.IR /proc/[pid]/oom_adj
+.I /proc/[pid]/oom_adj
 will change the other with its scaled value.
 .IP
 The
@@ -1775,7 +1775,7 @@ PTE is soft-dirty
 54\(en0
 If the page is present in RAM (bit 63), then these bits
 provide the page frame number, which can be used to index
-.IR /proc/kpageflags
+.I /proc/kpageflags
 and
 .IR /proc/kpagecount .
 If the page is present in swap (bit 62),
@@ -1786,14 +1786,14 @@ Before Linux 3.11, bits 60\(en55 were
 used to encode the base-2 log of the page size.
 .IP
 To employ
-.IR /proc/[pid]/pagemap
+.I /proc/[pid]/pagemap
 efficiently, use
-.IR /proc/[pid]/maps
+.I /proc/[pid]/maps
 to determine which areas of memory are actually mapped and seek
 to skip over unmapped regions.
 .IP
 The
-.IR /proc/[pid]/pagemap
+.I /proc/[pid]/pagemap
 file is present only if the
 .B CONFIG_PROC_PAGE_MONITOR
 kernel configuration option is enabled.
@@ -2034,7 +2034,7 @@ encoded using the following two-letter codes:
     uw  - userfaultfd wprotect pages tracking (since Linux 4.3)
 .IP
 The
-.IR /proc/[pid]/smaps
+.I /proc/[pid]/smaps
 file is present only if the
 .B CONFIG_PROC_PAGE_MONITOR
 kernel configuration option is enabled.
@@ -2276,20 +2276,20 @@ see the description of
 in
 .BR getrlimit (2).
 .TP
-(26) \fIstartcode\fP \ %lu \ [PT]
+.RI "(26) " startcode "  %lu  [PT]"
 The address above which program text can run.
 .TP
-(27) \fIendcode\fP \ %lu \ [PT]
+.RI "(27) " endcode "  %lu  [PT]"
 The address below which program text can run.
 .TP
-(28) \fIstartstack\fP \ %lu \ [PT]
+.RI "(28) " startstack "  %lu  [PT]"
 The address of the start (i.e., bottom) of the stack.
 .TP
-(29) \fIkstkesp\fP \ %lu \ [PT]
+.RI "(29) " kstkesp "  %lu  [PT]"
 The current value of ESP (stack pointer), as found in the
 kernel stack page for the process.
 .TP
-(30) \fIkstkeip\fP \ %lu \ [PT]
+.RI "(30) " kstkeip "  %lu  [PT]"
 The current EIP (instruction pointer).
 .TP
 (31) \fIsignal\fP \ %lu
@@ -2316,7 +2316,7 @@ Obsolete, because it does not provide information on real-time signals; use
 .I /proc/[pid]/status
 instead.
 .TP
-(35) \fIwchan\fP \ %lu \ [PT]
+.RI "(35) " wchan "  %lu  [PT]"
 This is the "channel" in which the process is waiting.
 It is the address of a location in the kernel where the process is sleeping.
 The corresponding symbolic name can be found in
@@ -2362,42 +2362,42 @@ for a guest operating system), measured in clock ticks (divide by
 Guest time of the process's children, measured in clock ticks (divide by
 .IR sysconf(_SC_CLK_TCK) ).
 .TP
-(45) \fIstart_data\fP \ %lu \ (since Linux 3.3) \ [PT]
+.RI "(45) " start_data "  %lu  (since Linux 3.3)  [PT]"
 .\" commit b3f7f573a20081910e34e99cbc91831f4f02f1ff
 Address above which program initialized and
 uninitialized (BSS) data are placed.
 .TP
-(46) \fIend_data\fP \ %lu \ (since Linux 3.3) \ [PT]
+.RI "(46) " end_data "  %lu  (since Linux 3.3)  [PT]"
 .\" commit b3f7f573a20081910e34e99cbc91831f4f02f1ff
 Address below which program initialized and
 uninitialized (BSS) data are placed.
 .TP
-(47) \fIstart_brk\fP \ %lu \ (since Linux 3.3) \ [PT]
+.RI "(47) " start_brk "  %lu  (since Linux 3.3)  [PT]"
 .\" commit b3f7f573a20081910e34e99cbc91831f4f02f1ff
 Address above which program heap can be expanded with
 .BR brk (2).
 .TP
-(48) \fIarg_start\fP \ %lu \ (since Linux 3.5) \ [PT]
+.RI "(48) " arg_start "  %lu  (since Linux 3.5)  [PT]"
 .\" commit 5b172087f99189416d5f47fd7ab5e6fb762a9ba3
 Address above which program command-line arguments
 .RI ( argv )
 are placed.
 .TP
-(49) \fIarg_end\fP \ %lu \ (since Linux 3.5) \ [PT]
+.RI "(49) " arg_end "  %lu  (since Linux 3.5)  [PT]"
 .\" commit 5b172087f99189416d5f47fd7ab5e6fb762a9ba3
 Address below program command-line arguments
 .RI ( argv )
 are placed.
 .TP
-(50) \fIenv_start\fP \ %lu \ (since Linux 3.5) \ [PT]
+.RI "(50) " env_start "  %lu  (since Linux 3.5)  [PT]"
 .\" commit 5b172087f99189416d5f47fd7ab5e6fb762a9ba3
 Address above which program environment is placed.
 .TP
-(51) \fIenv_end\fP \ %lu \ (since Linux 3.5) \ [PT]
+.RI "(51) " env_end "  %lu  (since Linux 3.5)  [PT]"
 .\" commit 5b172087f99189416d5f47fd7ab5e6fb762a9ba3
 Address below which program environment is placed.
 .TP
-(52) \fIexit_code\fP \ %d \ (since Linux 3.5) \ [PT]
+.RI "(52) " exit_code "  %d  (since Linux 3.5)  [PT]"
 .\" commit 5b172087f99189416d5f47fd7ab5e6fb762a9ba3
 The thread's exit status in the form reported by
 .BR waitpid (2).
@@ -2985,7 +2985,7 @@ Permission to access this file is governed by a ptrace access mode
 check; see
 .BR ptrace (2).
 .TP
-.IR /proc/[tid]
+.I /proc/[tid]
 There  is a numerical subdirectory for each running thread
 that is not a thread group leader
 (i.e., a thread whose thread ID is not the same as its process ID);
@@ -2994,7 +2994,7 @@ Each one of these subdirectories contains files and subdirectories
 exposing information about the thread with the thread ID
 .IR tid .
 The contents of these directories are the same as the corresponding
-.IR /proc/[pid]/task/[tid]
+.I /proc/[pid]/task/[tid]
 directories.
 .IP
 The
@@ -4185,7 +4185,8 @@ is already a device known on this address or the address is invalid, an
 error will be returned.
 .TP
 .I /proc/scsi/[drivername]
-\fI[drivername]\fP can currently be NCR53c7xx, aha152x, aha1542, aha1740,
+.I [drivername]
+can currently be NCR53c7xx, aha152x, aha1542, aha1740,
 aic7xxx, buslogic, eata_dma, eata_pio, fdomain, in2000, pas16, qlogic,
 scsi_debug, seagate, t128, u15\-24f, ultrastore, or wd7000.
 These directories show up for all drivers that registered at least one
@@ -4771,7 +4772,7 @@ In effect,
 the value in this file determines whether core dump files are
 produced for set-user-ID or otherwise protected/tainted binaries.
 The "dumpable" setting also affects the ownership of files in a process's
-.IR /proc/[pid]
+.I /proc/[pid]
 directory, as described above.
 .IP
 Three different integer values can be specified:
diff --git a/man7/mount_namespaces.7 b/man7/mount_namespaces.7
index a1436192e..943181a34 100644
--- a/man7/mount_namespaces.7
+++ b/man7/mount_namespaces.7
@@ -39,11 +39,11 @@ The views provided by the
 .IR /proc/[pid]/mounts ,
 .IR /proc/[pid]/mountinfo ,
 and
-.IR /proc/[pid]/mountstats
+.I /proc/[pid]/mountstats
 files (all described in
 .BR proc (5))
 correspond to the mount namespace in which the process with the PID
-.IR [pid]
+.I [pid]
 resides.
 (All of the processes that reside in the same mount namespace
 will see the same view in these files.)
@@ -874,7 +874,7 @@ and do not have submounts under them are unmounted.
 The
 .I propagate_from:X
 tag is shown in the optional fields of a
-.IR /proc/[pid]/mountinfo
+.I /proc/[pid]/mountinfo
 record in cases where a process can't see a slave's immediate master
 (i.e., the pathname of the master is not reachable from
 the filesystem root directory)
diff --git a/man7/unix.7 b/man7/unix.7
index bd34ac2d9..79205910b 100644
--- a/man7/unix.7
+++ b/man7/unix.7
@@ -141,7 +141,7 @@ should not be inspected.
 .IR abstract :
 an abstract socket address is distinguished (from a pathname socket)
 by the fact that
-.IR sun_path[0]
+.I sun_path[0]
 is a null byte (\(aq\e0\(aq).
 The socket's address in this namespace is given by the additional
 bytes in
-- 
2.29.2




[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux