(split) LDP: Update POT and ja.po to LDP v3.54

[linuxjm/LDP_man-pages.git] / po4a / process / po / process.pot

# SOME DESCRIPTIVE TITLE
# Copyright (C) YEAR Free Software Foundation, Inc.
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2013-09-28 04:06+0900\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. type: TH
#: build/C/man2/acct.2:31 build/C/man5/acct.5:25
#, no-wrap
msgid "ACCT"
msgstr ""

#. type: TH
#: build/C/man2/acct.2:31
#, no-wrap
msgid "2008-06-16"
msgstr ""

#. type: TH
#: build/C/man2/acct.2:31 build/C/man5/acct.5:25 build/C/man7/capabilities.7:48 build/C/man2/capget.2:15 build/C/man7/cpuset.7:25 build/C/man7/credentials.7:27 build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getpid.2:25 build/C/man2/getpriority.2:48 build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:64 build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26 build/C/man2/getuid.2:26 build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:24 build/C/man2/ipc.2:25 build/C/man2/seteuid.2:29 build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29 build/C/man2/setpgid.2:48 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setsid.2:30 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man3/ulimit.3:27
#, no-wrap
msgid "Linux"
msgstr ""

#. type: TH
#: build/C/man2/acct.2:31 build/C/man5/acct.5:25 build/C/man7/capabilities.7:48 build/C/man2/capget.2:15 build/C/man7/cpuset.7:25 build/C/man7/credentials.7:27 build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getpid.2:25 build/C/man2/getpriority.2:48 build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:64 build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26 build/C/man2/getuid.2:26 build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:24 build/C/man2/ipc.2:25 build/C/man2/seteuid.2:29 build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29 build/C/man2/setpgid.2:48 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setsid.2:30 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man3/ulimit.3:27
#, no-wrap
msgid "Linux Programmer's Manual"
msgstr ""

#. type: SH
#: build/C/man2/acct.2:32 build/C/man5/acct.5:26 build/C/man7/capabilities.7:49 build/C/man2/capget.2:16 build/C/man7/cpuset.7:26 build/C/man7/credentials.7:28 build/C/man2/getgid.2:26 build/C/man2/getgroups.2:32 build/C/man2/getpid.2:26 build/C/man2/getpriority.2:49 build/C/man2/getresuid.2:29 build/C/man2/getrlimit.2:65 build/C/man2/getrusage.2:40 build/C/man2/getsid.2:27 build/C/man2/getuid.2:27 build/C/man2/iopl.2:34 build/C/man2/ioprio_set.2:25 build/C/man2/ipc.2:26 build/C/man2/seteuid.2:30 build/C/man2/setfsgid.2:32 build/C/man2/setfsuid.2:32 build/C/man2/setgid.2:30 build/C/man2/setpgid.2:49 build/C/man2/setresuid.2:27 build/C/man2/setreuid.2:46 build/C/man2/setsid.2:31 build/C/man2/setuid.2:31 build/C/man7/svipc.7:41 build/C/man3/ulimit.3:28
#, no-wrap
msgid "NAME"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:34
msgid "acct - switch process accounting on or off"
msgstr ""

#. type: SH
#: build/C/man2/acct.2:34 build/C/man5/acct.5:28 build/C/man2/capget.2:18 build/C/man2/getgid.2:28 build/C/man2/getgroups.2:34 build/C/man2/getpid.2:28 build/C/man2/getpriority.2:51 build/C/man2/getresuid.2:31 build/C/man2/getrlimit.2:67 build/C/man2/getrusage.2:42 build/C/man2/getsid.2:29 build/C/man2/getuid.2:29 build/C/man2/iopl.2:36 build/C/man2/ioprio_set.2:27 build/C/man2/ipc.2:28 build/C/man2/seteuid.2:32 build/C/man2/setfsgid.2:34 build/C/man2/setfsuid.2:34 build/C/man2/setgid.2:32 build/C/man2/setpgid.2:51 build/C/man2/setresuid.2:29 build/C/man2/setreuid.2:48 build/C/man2/setsid.2:33 build/C/man2/setuid.2:33 build/C/man7/svipc.7:43 build/C/man3/ulimit.3:30
#, no-wrap
msgid "SYNOPSIS"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:38
#, no-wrap
msgid "B<#include E<lt>unistd.hE<gt>>\n"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:40
#, no-wrap
msgid "B<int acct(const char *>I<filename>B<);>\n"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:46 build/C/man2/getgroups.2:48 build/C/man2/getrlimit.2:84 build/C/man2/getsid.2:37 build/C/man2/seteuid.2:44 build/C/man2/setpgid.2:71 build/C/man2/setreuid.2:60
msgid "Feature Test Macro Requirements for glibc (see B<feature_test_macros>(7)):"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:50
msgid "B<acct>(): _BSD_SOURCE || (_XOPEN_SOURCE && _XOPEN_SOURCE\\ E<lt>\\ 500)"
msgstr ""

#. type: SH
#: build/C/man2/acct.2:50 build/C/man5/acct.5:30 build/C/man7/capabilities.7:51 build/C/man2/capget.2:24 build/C/man7/cpuset.7:28 build/C/man7/credentials.7:30 build/C/man2/getgid.2:36 build/C/man2/getgroups.2:52 build/C/man2/getpid.2:36 build/C/man2/getpriority.2:59 build/C/man2/getresuid.2:39 build/C/man2/getrlimit.2:88 build/C/man2/getrusage.2:48 build/C/man2/getsid.2:50 build/C/man2/getuid.2:37 build/C/man2/iopl.2:40 build/C/man2/ioprio_set.2:35 build/C/man2/ipc.2:34 build/C/man2/seteuid.2:53 build/C/man2/setfsgid.2:38 build/C/man2/setfsuid.2:38 build/C/man2/setgid.2:38 build/C/man2/setpgid.2:98 build/C/man2/setresuid.2:37 build/C/man2/setreuid.2:70 build/C/man2/setsid.2:40 build/C/man2/setuid.2:39 build/C/man7/svipc.7:49 build/C/man3/ulimit.3:34
#, no-wrap
msgid "DESCRIPTION"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:60
msgid ""
"The B<acct>()  system call enables or disables process accounting.  If "
"called with the name of an existing file as its argument, accounting is "
"turned on, and records for each terminating process are appended to "
"I<filename> as it terminates.  An argument of NULL causes accounting to be "
"turned off."
msgstr ""

#. type: SH
#: build/C/man2/acct.2:60 build/C/man2/capget.2:160 build/C/man2/getgroups.2:92 build/C/man2/getpriority.2:107 build/C/man2/getresuid.2:50 build/C/man2/getrlimit.2:430 build/C/man2/getrusage.2:181 build/C/man2/getsid.2:58 build/C/man2/iopl.2:66 build/C/man2/ioprio_set.2:149 build/C/man2/seteuid.2:67 build/C/man2/setfsgid.2:68 build/C/man2/setfsuid.2:68 build/C/man2/setgid.2:53 build/C/man2/setpgid.2:172 build/C/man2/setresuid.2:64 build/C/man2/setreuid.2:91 build/C/man2/setsid.2:51 build/C/man2/setuid.2:70 build/C/man3/ulimit.3:67
#, no-wrap
msgid "RETURN VALUE"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:65 build/C/man2/capget.2:165 build/C/man2/getresuid.2:55 build/C/man2/getrusage.2:186 build/C/man2/iopl.2:71 build/C/man2/seteuid.2:72 build/C/man2/setgid.2:58 build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:96 build/C/man2/setuid.2:75
msgid ""
"On success, zero is returned.  On error, -1 is returned, and I<errno> is set "
"appropriately."
msgstr ""

#. type: SH
#: build/C/man2/acct.2:65 build/C/man2/capget.2:179 build/C/man7/cpuset.7:1100 build/C/man2/getgid.2:42 build/C/man2/getgroups.2:106 build/C/man2/getpid.2:44 build/C/man2/getpriority.2:120 build/C/man2/getresuid.2:55 build/C/man2/getrlimit.2:435 build/C/man2/getrusage.2:186 build/C/man2/getsid.2:63 build/C/man2/getuid.2:43 build/C/man2/iopl.2:71 build/C/man2/ioprio_set.2:169 build/C/man2/seteuid.2:72 build/C/man2/setgid.2:58 build/C/man2/setpgid.2:193 build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:96 build/C/man2/setsid.2:58 build/C/man2/setuid.2:75 build/C/man3/ulimit.3:74
#, no-wrap
msgid "ERRORS"
msgstr ""

#. type: TP
#: build/C/man2/acct.2:66 build/C/man7/cpuset.7:1116 build/C/man7/cpuset.7:1123 build/C/man7/cpuset.7:1129 build/C/man7/cpuset.7:1137 build/C/man7/cpuset.7:1144 build/C/man2/getpriority.2:140 build/C/man2/setpgid.2:194
#, no-wrap
msgid "B<EACCES>"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:77
msgid ""
"Write permission is denied for the specified file, or search permission is "
"denied for one of the directories in the path prefix of I<filename> (see "
"also B<path_resolution>(7)), or I<filename> is not a regular file."
msgstr ""

#. type: TP
#: build/C/man2/acct.2:77 build/C/man2/capget.2:180 build/C/man7/cpuset.7:1172 build/C/man2/getgroups.2:107 build/C/man2/getresuid.2:56 build/C/man2/getrlimit.2:436 build/C/man2/getrusage.2:187
#, no-wrap
msgid "B<EFAULT>"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:81
msgid "I<filename> points outside your accessible address space."
msgstr ""

#. type: TP
#: build/C/man2/acct.2:81 build/C/man7/cpuset.7:1238 build/C/man7/cpuset.7:1246
#, no-wrap
msgid "B<EIO>"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:85
msgid "Error writing to the file I<filename>."
msgstr ""

#. type: TP
#: build/C/man2/acct.2:85
#, no-wrap
msgid "B<EISDIR>"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:89
msgid "I<filename> is a directory."
msgstr ""

#. type: TP
#: build/C/man2/acct.2:89
#, no-wrap
msgid "B<ELOOP>"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:93
msgid "Too many symbolic links were encountered in resolving I<filename>."
msgstr ""

#. type: TP
#: build/C/man2/acct.2:93 build/C/man7/cpuset.7:1251 build/C/man7/cpuset.7:1258 build/C/man7/cpuset.7:1263
#, no-wrap
msgid "B<ENAMETOOLONG>"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:97
msgid "I<filename> was too long."
msgstr ""

#. type: TP
#: build/C/man2/acct.2:97
#, no-wrap
msgid "B<ENFILE>"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:100
msgid "The system limit on the total number of open files has been reached."
msgstr ""

#. type: TP
#: build/C/man2/acct.2:100 build/C/man7/cpuset.7:1275 build/C/man7/cpuset.7:1280
#, no-wrap
msgid "B<ENOENT>"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:103
msgid "The specified filename does not exist."
msgstr ""

#. type: TP
#: build/C/man2/acct.2:103 build/C/man7/cpuset.7:1287 build/C/man2/getgroups.2:127
#, no-wrap
msgid "B<ENOMEM>"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:106 build/C/man2/getgroups.2:130
msgid "Out of memory."
msgstr ""

#. type: TP
#: build/C/man2/acct.2:106 build/C/man2/iopl.2:76
#, no-wrap
msgid "B<ENOSYS>"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:112
msgid ""
"BSD process accounting has not been enabled when the operating system kernel "
"was compiled.  The kernel configuration parameter controlling this feature "
"is B<CONFIG_BSD_PROCESS_ACCT>."
msgstr ""

#. type: TP
#: build/C/man2/acct.2:112 build/C/man7/cpuset.7:1314
#, no-wrap
msgid "B<ENOTDIR>"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:117
msgid "A component used as a directory in I<filename> is not in fact a directory."
msgstr ""

#. type: TP
#: build/C/man2/acct.2:117 build/C/man2/capget.2:191 build/C/man2/capget.2:196 build/C/man7/cpuset.7:1319 build/C/man2/getgroups.2:130 build/C/man2/getpriority.2:152 build/C/man2/getrlimit.2:452 build/C/man2/getsid.2:64 build/C/man2/iopl.2:79 build/C/man2/ioprio_set.2:179 build/C/man2/seteuid.2:75 build/C/man2/setgid.2:59 build/C/man2/setpgid.2:208 build/C/man2/setresuid.2:77 build/C/man2/setreuid.2:97 build/C/man2/setsid.2:59 build/C/man2/setuid.2:85 build/C/man3/ulimit.3:75
#, no-wrap
msgid "B<EPERM>"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:123
msgid ""
"The calling process has insufficient privilege to enable process "
"accounting.  On Linux the B<CAP_SYS_PACCT> capability is required."
msgstr ""

#. type: TP
#: build/C/man2/acct.2:123
#, no-wrap
msgid "B<EROFS>"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:127
msgid "I<filename> refers to a file on a read-only filesystem."
msgstr ""

#. type: TP
#: build/C/man2/acct.2:127
#, no-wrap
msgid "B<EUSERS>"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:130
msgid "There are no more free file structures or we ran out of memory."
msgstr ""

#. type: SH
#: build/C/man2/acct.2:130 build/C/man5/acct.5:153 build/C/man7/capabilities.7:1079 build/C/man2/capget.2:218 build/C/man7/credentials.7:234 build/C/man2/getgid.2:44 build/C/man2/getgroups.2:133 build/C/man2/getpid.2:46 build/C/man2/getpriority.2:160 build/C/man2/getresuid.2:67 build/C/man2/getrlimit.2:473 build/C/man2/getrusage.2:195 build/C/man2/getsid.2:79 build/C/man2/getuid.2:45 build/C/man2/iopl.2:87 build/C/man2/ioprio_set.2:196 build/C/man2/ipc.2:45 build/C/man2/seteuid.2:91 build/C/man2/setfsgid.2:75 build/C/man2/setfsuid.2:75 build/C/man2/setgid.2:66 build/C/man2/setpgid.2:227 build/C/man2/setresuid.2:83 build/C/man2/setreuid.2:113 build/C/man2/setsid.2:65 build/C/man2/setuid.2:92 build/C/man3/ulimit.3:78
#, no-wrap
msgid "CONFORMING TO"
msgstr ""

#.  SVr4 documents an EBUSY error condition, but no EISDIR or ENOSYS.
#.  Also AIX and HP-UX document EBUSY (attempt is made
#.  to enable accounting when it is already enabled), as does Solaris
#.  (attempt is made to enable accounting using the same file that is
#.  currently being used).
#. type: Plain text
#: build/C/man2/acct.2:137
msgid "SVr4, 4.3BSD (but not POSIX)."
msgstr ""

#. type: SH
#: build/C/man2/acct.2:137 build/C/man5/acct.5:157 build/C/man7/capabilities.7:1085 build/C/man2/capget.2:220 build/C/man7/cpuset.7:1341 build/C/man7/credentials.7:240 build/C/man2/getgid.2:46 build/C/man2/getgroups.2:141 build/C/man2/getpid.2:48 build/C/man2/getpriority.2:163 build/C/man2/getresuid.2:70 build/C/man2/getrlimit.2:496 build/C/man2/getrusage.2:206 build/C/man2/getsid.2:81 build/C/man2/getuid.2:47 build/C/man2/iopl.2:91 build/C/man2/ioprio_set.2:198 build/C/man2/ipc.2:49 build/C/man2/seteuid.2:93 build/C/man2/setfsgid.2:79 build/C/man2/setfsuid.2:79 build/C/man2/setgid.2:68 build/C/man2/setpgid.2:249 build/C/man2/setresuid.2:86 build/C/man2/setreuid.2:119 build/C/man2/setsid.2:67 build/C/man2/setuid.2:97
#, no-wrap
msgid "NOTES"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:140
msgid ""
"No accounting is produced for programs running when a system crash occurs.  "
"In particular, nonterminating processes are never accounted for."
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:143
msgid ""
"The structure of the records written to the accounting file is described in "
"B<acct>(5)."
msgstr ""

#. type: SH
#: build/C/man2/acct.2:143 build/C/man5/acct.5:174 build/C/man7/capabilities.7:1141 build/C/man2/capget.2:228 build/C/man7/cpuset.7:1488 build/C/man7/credentials.7:251 build/C/man2/getgid.2:62 build/C/man2/getgroups.2:171 build/C/man2/getpid.2:100 build/C/man2/getpriority.2:232 build/C/man2/getresuid.2:86 build/C/man2/getrlimit.2:656 build/C/man2/getrusage.2:246 build/C/man2/getsid.2:84 build/C/man2/getuid.2:73 build/C/man2/iopl.2:100 build/C/man2/ioprio_set.2:346 build/C/man2/ipc.2:57 build/C/man2/seteuid.2:124 build/C/man2/setfsgid.2:123 build/C/man2/setfsuid.2:131 build/C/man2/setgid.2:78 build/C/man2/setpgid.2:317 build/C/man2/setresuid.2:106 build/C/man2/setreuid.2:159 build/C/man2/setsid.2:84 build/C/man2/setuid.2:120 build/C/man7/svipc.7:331 build/C/man3/ulimit.3:83
#, no-wrap
msgid "SEE ALSO"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:145
msgid "B<acct>(5)"
msgstr ""

#. type: SH
#: build/C/man2/acct.2:145 build/C/man5/acct.5:179 build/C/man7/capabilities.7:1161 build/C/man2/capget.2:232 build/C/man7/cpuset.7:1505 build/C/man7/credentials.7:282 build/C/man2/getgid.2:67 build/C/man2/getgroups.2:178 build/C/man2/getpid.2:110 build/C/man2/getpriority.2:240 build/C/man2/getresuid.2:92 build/C/man2/getrlimit.2:674 build/C/man2/getrusage.2:253 build/C/man2/getsid.2:88 build/C/man2/getuid.2:78 build/C/man2/iopl.2:104 build/C/man2/ioprio_set.2:354 build/C/man2/ipc.2:70 build/C/man2/seteuid.2:131 build/C/man2/setfsgid.2:128 build/C/man2/setfsuid.2:136 build/C/man2/setgid.2:84 build/C/man2/setpgid.2:324 build/C/man2/setresuid.2:115 build/C/man2/setreuid.2:167 build/C/man2/setsid.2:91 build/C/man2/setuid.2:127 build/C/man7/svipc.7:348 build/C/man3/ulimit.3:88
#, no-wrap
msgid "COLOPHON"
msgstr ""

#. type: Plain text
#: build/C/man2/acct.2:152 build/C/man5/acct.5:186 build/C/man7/capabilities.7:1168 build/C/man2/capget.2:239 build/C/man7/cpuset.7:1512 build/C/man7/credentials.7:289 build/C/man2/getgid.2:74 build/C/man2/getgroups.2:185 build/C/man2/getpid.2:117 build/C/man2/getpriority.2:247 build/C/man2/getresuid.2:99 build/C/man2/getrlimit.2:681 build/C/man2/getrusage.2:260 build/C/man2/getsid.2:95 build/C/man2/getuid.2:85 build/C/man2/iopl.2:111 build/C/man2/ioprio_set.2:361 build/C/man2/ipc.2:77 build/C/man2/seteuid.2:138 build/C/man2/setfsgid.2:135 build/C/man2/setfsuid.2:143 build/C/man2/setgid.2:91 build/C/man2/setpgid.2:331 build/C/man2/setresuid.2:122 build/C/man2/setreuid.2:174 build/C/man2/setsid.2:98 build/C/man2/setuid.2:134 build/C/man7/svipc.7:355 build/C/man3/ulimit.3:95
msgid ""
"This page is part of release 3.54 of the Linux I<man-pages> project.  A "
"description of the project, and information about reporting bugs, can be "
"found at \\%http://www.kernel.org/doc/man-pages/."
msgstr ""

#. type: TH
#: build/C/man5/acct.5:25
#, no-wrap
msgid "2008-06-15"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:28
msgid "acct - process accounting file"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:30
msgid "B<#include E<lt>sys/acct.hE<gt>>"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:36
msgid ""
"If the kernel is built with the process accounting option enabled "
"(B<CONFIG_BSD_PROCESS_ACCT>), then calling B<acct>(2)  starts process "
"accounting, for example:"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:39
msgid "acct(\"/var/log/pacct\");"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:47
msgid ""
"When process accounting is enabled, the kernel writes a record to the "
"accounting file as each process on the system terminates.  This record "
"contains information about the terminated process, and is defined in "
"I<E<lt>sys/acct.hE<gt>> as follows:"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:51
#, no-wrap
msgid "#define ACCT_COMM 16\n"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:53
#, no-wrap
msgid "typedef u_int16_t comp_t;\n"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:77
#, no-wrap
msgid ""
"struct acct {\n"
"    char ac_flag;           /* Accounting flags */\n"
"    u_int16_t ac_uid;       /* Accounting user ID */\n"
"    u_int16_t ac_gid;       /* Accounting group ID */\n"
"    u_int16_t ac_tty;       /* Controlling terminal */\n"
"    u_int32_t ac_btime;     /* Process creation time\n"
"                               (seconds since the Epoch) */\n"
"    comp_t    ac_utime;     /* User CPU time */\n"
"    comp_t    ac_stime;     /* System CPU time */\n"
"    comp_t    ac_etime;     /* Elapsed time */\n"
"    comp_t    ac_mem;       /* Average memory usage (kB) */\n"
"    comp_t    ac_io;        /* Characters transferred (unused) */\n"
"    comp_t    ac_rw;        /* Blocks read or written (unused) */\n"
"    comp_t    ac_minflt;    /* Minor page faults */\n"
"    comp_t    ac_majflt;    /* Major page faults */\n"
"    comp_t    ac_swaps;     /* Number of swaps (unused) */\n"
"    u_int32_t ac_exitcode;  /* Process termination status\n"
"                               (see wait(2)) */\n"
"    char      ac_comm[ACCT_COMM+1];\n"
"                            /* Command name (basename of last\n"
"                               executed command; null-terminated) */\n"
"    char      ac_pad[I<X>];    /* padding bytes */\n"
"};\n"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:84
#, no-wrap
msgid ""
"enum {          /* Bits that may be set in ac_flag field */\n"
"    AFORK = 0x01,           /* Has executed fork, but no exec */\n"
"    ASU   = 0x02,           /* Used superuser privileges */\n"
"    ACORE = 0x08,           /* Dumped core */\n"
"    AXSIG = 0x10            /* Killed by a signal */\n"
"};\n"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:94
msgid ""
"The I<comp_t> data type is a floating-point value consisting of a 3-bit, "
"base-8 exponent, and a 13-bit mantissa.  A value, I<c>, of this type can be "
"converted to a (long) integer as follows:"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:97
#, no-wrap
msgid "    v = (c & 0x1fff) E<lt>E<lt> (((c E<gt>E<gt> 13) & 0x7) * 3);\n"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:107
msgid ""
"The I<ac_utime>, I<ac_stime>, and I<ac_etime> fields measure time in \"clock "
"ticks\"; divide these values by I<sysconf(_SC_CLK_TCK)> to convert them to "
"seconds."
msgstr ""

#. type: SS
#: build/C/man5/acct.5:107
#, no-wrap
msgid "Version 3 accounting file format"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:122
msgid ""
"Since kernel 2.6.8, an optional alternative version of the accounting file "
"can be produced if the B<CONFIG_BSD_PROCESS_ACCT_V3> option is set when "
"building the kernel.  With this option is set, the records written to the "
"accounting file contain additional fields, and the width of I<c_uid> and "
"I<ac_gid> fields is widened from 16 to 32 bits (in line with the increased "
"size of UID and GIDs in Linux 2.4 and later).  The records are defined as "
"follows:"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:147
#, no-wrap
msgid ""
"struct acct_v3 {\n"
"    char      ac_flag;      /* Flags */\n"
"    char      ac_version;   /* Always set to ACCT_VERSION (3) */\n"
"    u_int16_t ac_tty;       /* Controlling terminal */\n"
"    u_int32_t ac_exitcode;  /* Process termination status */\n"
"    u_int32_t ac_uid;       /* Real user ID */\n"
"    u_int32_t ac_gid;       /* Real group ID */\n"
"    u_int32_t ac_pid;       /* Process ID */\n"
"    u_int32_t ac_ppid;      /* Parent process ID */\n"
"    u_int32_t ac_btime;     /* Process creation time */\n"
"    float     ac_etime;     /* Elapsed time */\n"
"    comp_t    ac_utime;     /* User CPU time */\n"
"    comp_t    ac_stime;     /* System time */\n"
"    comp_t    ac_mem;       /* Average memory usage (kB) */\n"
"    comp_t    ac_io;        /* Characters transferred (unused) */\n"
"    comp_t    ac_rw;        /* Blocks read or written\n"
"                               (unused) */\n"
"    comp_t    ac_minflt;    /* Minor page faults */\n"
"    comp_t    ac_majflt;    /* Major page faults */\n"
"    comp_t    ac_swaps;     /* Number of swaps (unused) */\n"
"    char      ac_comm[ACCT_COMM]; /* Command name */\n"
"};\n"
msgstr ""

#. type: SH
#: build/C/man5/acct.5:149 build/C/man7/cpuset.7:1338 build/C/man2/getresuid.2:60 build/C/man2/getrlimit.2:468 build/C/man2/getsid.2:75 build/C/man2/ioprio_set.2:193 build/C/man2/setfsgid.2:71 build/C/man2/setfsuid.2:71 build/C/man2/setresuid.2:81
#, no-wrap
msgid "VERSIONS"
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:153
msgid "The I<acct_v3> structure is defined in glibc since version 2.6."
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:157
msgid ""
"Process accounting originated on BSD.  Although it is present on most "
"systems, it is not standardized, and the details vary somewhat between "
"systems."
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:160
msgid ""
"Records in the accounting file are ordered by termination time of the "
"process."
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:167
msgid ""
"In kernels up to and including 2.6.9, a separate accounting record is "
"written for each thread created using the NPTL threading library; since "
"Linux 2.6.10, a single accounting record is written for the entire process "
"on termination of the last thread in the process."
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:174
msgid ""
"The I<proc/sys/kernel/acct> file, described in B<proc>(5), defines settings "
"that control the behavior of process accounting when disk space runs low."
msgstr ""

#. type: Plain text
#: build/C/man5/acct.5:179
msgid "B<lastcomm>(1), B<acct>(2), B<accton>(8), B<sa>(8)"
msgstr ""

#. type: TH
#: build/C/man7/capabilities.7:48
#, no-wrap
msgid "CAPABILITIES"
msgstr ""

#. type: TH
#: build/C/man7/capabilities.7:48
#, no-wrap
msgid "2013-07-21"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:51
msgid "capabilities - overview of Linux capabilities"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:63
msgid ""
"For the purpose of performing permission checks, traditional UNIX "
"implementations distinguish two categories of processes: I<privileged> "
"processes (whose effective user ID is 0, referred to as superuser or root), "
"and I<unprivileged> processes (whose effective UID is nonzero).  Privileged "
"processes bypass all kernel permission checks, while unprivileged processes "
"are subject to full permission checking based on the process's credentials "
"(usually: effective UID, effective GID, and supplementary group list)."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:70
msgid ""
"Starting with kernel 2.2, Linux divides the privileges traditionally "
"associated with superuser into distinct units, known as I<capabilities>, "
"which can be independently enabled and disabled.  Capabilities are a "
"per-thread attribute."
msgstr ""

#. type: SS
#: build/C/man7/capabilities.7:70
#, no-wrap
msgid "Capabilities list"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:73
msgid ""
"The following list shows the capabilities implemented on Linux, and the "
"operations or behaviors that each capability permits:"
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:73
#, no-wrap
msgid "B<CAP_AUDIT_CONTROL> (since Linux 2.6.11)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:77
msgid ""
"Enable and disable kernel auditing; change auditing filter rules; retrieve "
"auditing status and filtering rules."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:77
#, no-wrap
msgid "B<CAP_AUDIT_WRITE> (since Linux 2.6.11)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:80
msgid "Write records to kernel auditing log."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:80
#, no-wrap
msgid "B<CAP_BLOCK_SUSPEND> (since Linux 3.5)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:86
msgid ""
"Employ features that can block system suspend (B<epoll>(7)  B<EPOLLWAKEUP>, "
"I</proc/sys/wake_lock>)."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:86
#, no-wrap
msgid "B<CAP_CHOWN>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:90
msgid "Make arbitrary changes to file UIDs and GIDs (see B<chown>(2))."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:90
#, no-wrap
msgid "B<CAP_DAC_OVERRIDE>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:94
msgid ""
"Bypass file read, write, and execute permission checks.  (DAC is an "
"abbreviation of \"discretionary access control\".)"
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:94
#, no-wrap
msgid "B<CAP_DAC_READ_SEARCH>"
msgstr ""

#. type: IP
#: build/C/man7/capabilities.7:98 build/C/man7/capabilities.7:101 build/C/man7/capabilities.7:111 build/C/man7/capabilities.7:121 build/C/man7/capabilities.7:125 build/C/man7/capabilities.7:127 build/C/man7/capabilities.7:129 build/C/man7/capabilities.7:199 build/C/man7/capabilities.7:201 build/C/man7/capabilities.7:203 build/C/man7/capabilities.7:205 build/C/man7/capabilities.7:207 build/C/man7/capabilities.7:209 build/C/man7/capabilities.7:211 build/C/man7/capabilities.7:213 build/C/man7/capabilities.7:215 build/C/man7/capabilities.7:239 build/C/man7/capabilities.7:241 build/C/man7/capabilities.7:287 build/C/man7/capabilities.7:297 build/C/man7/capabilities.7:303 build/C/man7/capabilities.7:308 build/C/man7/capabilities.7:314 build/C/man7/capabilities.7:321 build/C/man7/capabilities.7:324 build/C/man7/capabilities.7:332 build/C/man7/capabilities.7:334 build/C/man7/capabilities.7:343 build/C/man7/capabilities.7:350 build/C/man7/capabilities.7:353 build/C/man7/capabilities.7:357 build/C/man7/capabilities.7:360 build/C/man7/capabilities.7:363 build/C/man7/capabilities.7:370 build/C/man7/capabilities.7:375 build/C/man7/capabilities.7:381 build/C/man7/capabilities.7:385 build/C/man7/capabilities.7:389 build/C/man7/capabilities.7:393 build/C/man7/capabilities.7:397 build/C/man7/capabilities.7:424 build/C/man7/capabilities.7:429 build/C/man7/capabilities.7:434 build/C/man7/capabilities.7:437 build/C/man7/capabilities.7:440 build/C/man7/capabilities.7:449 build/C/man7/capabilities.7:453 build/C/man7/capabilities.7:479 build/C/man7/capabilities.7:484 build/C/man7/capabilities.7:487 build/C/man7/capabilities.7:492 build/C/man7/capabilities.7:495 build/C/man7/capabilities.7:498 build/C/man7/capabilities.7:501 build/C/man7/capabilities.7:504 build/C/man7/capabilities.7:509 build/C/man7/capabilities.7:511 build/C/man7/capabilities.7:517 build/C/man7/capabilities.7:525 build/C/man7/capabilities.7:527 build/C/man7/capabilities.7:531 build/C/man7/capabilities.7:533 build/C/man7/capabilities.7:536 build/C/man7/capabilities.7:540 build/C/man7/capabilities.7:542 build/C/man7/capabilities.7:544 build/C/man7/capabilities.7:546 build/C/man7/capabilities.7:555 build/C/man7/capabilities.7:562 build/C/man7/capabilities.7:567 build/C/man7/capabilities.7:572 build/C/man7/capabilities.7:577 build/C/man7/capabilities.7:600 build/C/man7/capabilities.7:607 build/C/man7/capabilities.7:806 build/C/man7/capabilities.7:814 build/C/man7/capabilities.7:1130 build/C/man7/capabilities.7:1135 build/C/man7/cpuset.7:540 build/C/man7/cpuset.7:545 build/C/man7/cpuset.7:550 build/C/man7/cpuset.7:726 build/C/man7/cpuset.7:730 build/C/man7/cpuset.7:927 build/C/man7/cpuset.7:930 build/C/man7/cpuset.7:934 build/C/man7/cpuset.7:938 build/C/man7/cpuset.7:942 build/C/man7/credentials.7:125 build/C/man7/credentials.7:131 build/C/man7/credentials.7:143 build/C/man7/credentials.7:165 build/C/man7/credentials.7:182 build/C/man7/credentials.7:214 build/C/man7/credentials.7:217 build/C/man7/credentials.7:227 build/C/man7/credentials.7:230
#, no-wrap
msgid "*"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:101
msgid ""
"Bypass file read permission checks and directory read and execute permission "
"checks;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:104
msgid "Invoke B<open_by_handle_at>(2)."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:107
#, no-wrap
msgid "B<CAP_FOWNER>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:121
msgid ""
"Bypass permission checks on operations that normally require the filesystem "
"UID of the process to match the UID of the file (e.g., B<chmod>(2), "
"B<utime>(2)), excluding those operations covered by B<CAP_DAC_OVERRIDE> and "
"B<CAP_DAC_READ_SEARCH>;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:125
msgid "set extended file attributes (see B<chattr>(1))  on arbitrary files;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:127
msgid "set Access Control Lists (ACLs) on arbitrary files;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:129
msgid "ignore directory sticky bit on file deletion;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:136
msgid "specify B<O_NOATIME> for arbitrary files in B<open>(2)  and B<fcntl>(2)."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:138
#, no-wrap
msgid "B<CAP_FSETID>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:144
msgid ""
"Don't clear set-user-ID and set-group-ID permission bits when a file is "
"modified; set the set-group-ID bit for a file whose GID does not match the "
"filesystem or any of the supplementary GIDs of the calling process."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:144
#, no-wrap
msgid "B<CAP_IPC_LOCK>"
msgstr ""

#.  FIXME As at Linux 3.2, there are some strange uses of this capability
#.  in other places; they probably should be replaced with something else.
#. type: Plain text
#: build/C/man7/capabilities.7:153
msgid "Lock memory (B<mlock>(2), B<mlockall>(2), B<mmap>(2), B<shmctl>(2))."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:153
#, no-wrap
msgid "B<CAP_IPC_OWNER>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:156
msgid "Bypass permission checks for operations on System V IPC objects."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:156
#, no-wrap
msgid "B<CAP_KILL>"
msgstr ""

#.  FIXME CAP_KILL also has an effect for threads + setting child
#.        termination signal to other than SIGCHLD: without this
#.        capability, the termination signal reverts to SIGCHLD
#.        if the child does an exec().  What is the rationale
#.        for this?
#. type: Plain text
#: build/C/man7/capabilities.7:169
msgid ""
"Bypass permission checks for sending signals (see B<kill>(2)).  This "
"includes use of the B<ioctl>(2)  B<KDSIGACCEPT> operation."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:169
#, no-wrap
msgid "B<CAP_LEASE> (since Linux 2.4)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:173
msgid "Establish leases on arbitrary files (see B<fcntl>(2))."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:173
#, no-wrap
msgid "B<CAP_LINUX_IMMUTABLE>"
msgstr ""

#.  These attributes are now available on ext2, ext3, Reiserfs, XFS, JFS
#. type: Plain text
#: build/C/man7/capabilities.7:182
msgid ""
"Set the B<FS_APPEND_FL> and B<FS_IMMUTABLE_FL> i-node flags (see "
"B<chattr>(1))."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:182
#, no-wrap
msgid "B<CAP_MAC_ADMIN> (since Linux 2.6.25)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:186
msgid ""
"Override Mandatory Access Control (MAC).  Implemented for the Smack Linux "
"Security Module (LSM)."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:186
#, no-wrap
msgid "B<CAP_MAC_OVERRIDE> (since Linux 2.6.25)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:190
msgid "Allow MAC configuration or state changes.  Implemented for the Smack LSM."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:190
#, no-wrap
msgid "B<CAP_MKNOD> (since Linux 2.4)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:194
msgid "Create special files using B<mknod>(2)."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:194
#, no-wrap
msgid "B<CAP_NET_ADMIN>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:197
msgid "Perform various network-related operations:"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:201
msgid "interface configuration;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:203
msgid "administration of IP firewall, masquerading, and accounting;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:205
msgid "modify routing tables;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:207
msgid "bind to any address for transparent proxying;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:209
msgid "set type-of-service (TOS)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:211
msgid "clear driver statistics;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:213
msgid "set promiscuous mode;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:215
msgid "enabling multicasting;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:226
msgid ""
"use B<setsockopt>(2)  to set the following socket options: B<SO_DEBUG>, "
"B<SO_MARK>, B<SO_PRIORITY> (for a priority outside the range 0 to 6), "
"B<SO_RCVBUFFORCE>, and B<SO_SNDBUFFORCE>."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:228
#, no-wrap
msgid "B<CAP_NET_BIND_SERVICE>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:232
msgid ""
"Bind a socket to Internet domain privileged ports (port numbers less than "
"1024)."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:232
#, no-wrap
msgid "B<CAP_NET_BROADCAST>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:235
msgid "(Unused)  Make socket broadcasts, and listen to multicasts."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:235
#, no-wrap
msgid "B<CAP_NET_RAW>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:241
msgid "use RAW and PACKET sockets;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:243
msgid "bind to any address for transparent proxying."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:246
#, no-wrap
msgid "B<CAP_SETGID>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:250
msgid ""
"Make arbitrary manipulations of process GIDs and supplementary GID list; "
"forge GID when passing socket credentials via UNIX domain sockets."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:250
#, no-wrap
msgid "B<CAP_SETFCAP> (since Linux 2.6.24)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:253
msgid "Set file capabilities."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:253
#, no-wrap
msgid "B<CAP_SETPCAP>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:264
msgid ""
"If file capabilities are not supported: grant or remove any capability in "
"the caller's permitted capability set to or from any other process.  (This "
"property of B<CAP_SETPCAP> is not available when the kernel is configured to "
"support file capabilities, since B<CAP_SETPCAP> has entirely different "
"semantics for such kernels.)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:274
msgid ""
"If file capabilities are supported: add any capability from the calling "
"thread's bounding set to its inheritable set; drop capabilities from the "
"bounding set (via B<prctl>(2)  B<PR_CAPBSET_DROP>); make changes to the "
"I<securebits> flags."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:274
#, no-wrap
msgid "B<CAP_SETUID>"
msgstr ""

#.  FIXME CAP_SETUID also an effect in exec(); document this.
#. type: Plain text
#: build/C/man7/capabilities.7:283
msgid ""
"Make arbitrary manipulations of process UIDs (B<setuid>(2), B<setreuid>(2), "
"B<setresuid>(2), B<setfsuid>(2)); make forged UID when passing socket "
"credentials via UNIX domain sockets."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:283
#, no-wrap
msgid "B<CAP_SYS_ADMIN>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:297
msgid ""
"Perform a range of system administration operations including: "
"B<quotactl>(2), B<mount>(2), B<umount>(2), B<swapon>(2), B<swapoff>(2), "
"B<sethostname>(2), and B<setdomainname>(2);"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:303
msgid ""
"perform privileged B<syslog>(2)  operations (since Linux 2.6.37, "
"B<CAP_SYSLOG> should be used to permit such operations);"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:308
msgid "perform B<VM86_REQUEST_IRQ> B<vm86>(2)  command;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:314
msgid ""
"perform B<IPC_SET> and B<IPC_RMID> operations on arbitrary System V IPC "
"objects;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:321
msgid ""
"perform operations on I<trusted> and I<security> Extended Attributes (see "
"B<attr>(5));"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:324
msgid "use B<lookup_dcookie>(2);"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:332
msgid ""
"use B<ioprio_set>(2)  to assign B<IOPRIO_CLASS_RT> and (before Linux 2.6.25)  "
"B<IOPRIO_CLASS_IDLE> I/O scheduling classes;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:334
msgid "forge UID when passing socket credentials;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:343
msgid ""
"exceed I</proc/sys/fs/file-max>, the system-wide limit on the number of open "
"files, in system calls that open files (e.g., B<accept>(2), B<execve>(2), "
"B<open>(2), B<pipe>(2));"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:350
msgid ""
"employ B<CLONE_*> flags that create new namespaces with B<clone>(2)  and "
"B<unshare>(2);"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:353
msgid "call B<perf_event_open>(2);"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:357
msgid "access privileged I<perf> event information;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:360
msgid "call B<setns>(2);"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:363
msgid "call B<fanotify_init>(2);"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:370
msgid "perform B<KEYCTL_CHOWN> and B<KEYCTL_SETPERM> B<keyctl>(2)  operations;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:375
msgid "perform B<madvise>(2)  B<MADV_HWPOISON> operation;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:381
msgid ""
"employ the B<TIOCSTI> B<ioctl>(2)  to insert characters into the input queue "
"of a terminal other than the caller's controlling terminal."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:385
msgid "employ the obsolete B<nfsservctl>(2)  system call;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:389
msgid "employ the obsolete B<bdflush>(2)  system call;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:393
msgid "perform various privileged block-device B<ioctl>(2)  operations;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:397
msgid "perform various privileged filesystem B<ioctl>(2)  operations;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:399
msgid "perform administrative operations on many device drivers."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:401
#, no-wrap
msgid "B<CAP_SYS_BOOT>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:407
msgid "Use B<reboot>(2)  and B<kexec_load>(2)."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:407
#, no-wrap
msgid "B<CAP_SYS_CHROOT>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:411
msgid "Use B<chroot>(2)."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:411
#, no-wrap
msgid "B<CAP_SYS_MODULE>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:420
msgid ""
"Load and unload kernel modules (see B<init_module>(2)  and "
"B<delete_module>(2)); in kernels before 2.6.25: drop capabilities from the "
"system-wide capability bounding set."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:420
#, no-wrap
msgid "B<CAP_SYS_NICE>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:429
msgid ""
"Raise process nice value (B<nice>(2), B<setpriority>(2))  and change the "
"nice value for arbitrary processes;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:434
msgid ""
"set real-time scheduling policies for calling process, and set scheduling "
"policies and priorities for arbitrary processes (B<sched_setscheduler>(2), "
"B<sched_setparam>(2));"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:437
msgid "set CPU affinity for arbitrary processes (B<sched_setaffinity>(2));"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:440
msgid ""
"set I/O scheduling class and priority for arbitrary processes "
"(B<ioprio_set>(2));"
msgstr ""

#.  FIXME CAP_SYS_NICE also has the following effect for
#.  migrate_pages(2):
#.      do_migrate_pages(mm, &old, &new,
#.          capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
#. type: Plain text
#: build/C/man7/capabilities.7:449
msgid ""
"apply B<migrate_pages>(2)  to arbitrary processes and allow processes to be "
"migrated to arbitrary nodes;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:453
msgid "apply B<move_pages>(2)  to arbitrary processes;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:460
msgid "use the B<MPOL_MF_MOVE_ALL> flag with B<mbind>(2)  and B<move_pages>(2)."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:462
#, no-wrap
msgid "B<CAP_SYS_PACCT>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:466
msgid "Use B<acct>(2)."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:466
#, no-wrap
msgid "B<CAP_SYS_PTRACE>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:475
msgid ""
"Trace arbitrary processes using B<ptrace>(2); apply B<get_robust_list>(2)  "
"to arbitrary processes; inspect processes using B<kcmp>(2)."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:475
#, no-wrap
msgid "B<CAP_SYS_RAWIO>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:484
msgid "Perform I/O port operations (B<iopl>(2)  and B<ioperm>(2));"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:487
msgid "access I</proc/kcore>;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:492
msgid "employ the B<FIBMAP> B<ioctl>(2)  operation;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:495
msgid ""
"open devices for accessing x86 model-specific registers (MSRs, see "
"B<msr>(4))"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:498
msgid "update I</proc/sys/vm/mmap_min_addr>;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:501
msgid ""
"create memory mappings at addresses below the value specified by "
"I</proc/sys/vm/mmap_min_addr>;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:504
msgid "map files in I</proc/bus/pci>;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:509
msgid "open I</dev/mem> and I</dev/kmem>;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:511
msgid "perform various SCSI device commands;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:517
msgid "perform certain operations on B<hpsa>(4)  and B<cciss>(4)  devices;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:519
msgid "perform a range of device-specific operations on other devices."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:521
#, no-wrap
msgid "B<CAP_SYS_RESOURCE>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:527
msgid "Use reserved space on ext2 filesystems;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:531
msgid "make B<ioctl>(2)  calls controlling ext3 journaling;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:533
msgid "override disk quota limits;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:536
msgid "increase resource limits (see B<setrlimit>(2));"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:540
msgid "override B<RLIMIT_NPROC> resource limit;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:542
msgid "override maximum number of consoles on console allocation;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:544
msgid "override maximum number of keymaps;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:546
msgid "allow more than 64hz interrupts from the real-time clock;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:555
msgid ""
"raise I<msg_qbytes> limit for a System V message queue above the limit in "
"I</proc/sys/kernel/msgmnb> (see B<msgop>(2)  and B<msgctl>(2));"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:562
msgid ""
"override the I</proc/sys/fs/pipe-size-max> limit when setting the capacity "
"of a pipe using the B<F_SETPIPE_SZ> B<fcntl>(2)  command."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:567
msgid ""
"use B<F_SETPIPE_SZ> to increase the capacity of a pipe above the limit "
"specified by I</proc/sys/fs/pipe-max-size>;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:572
msgid ""
"override I</proc/sys/fs/mqueue/queues_max> limit when creating POSIX message "
"queues (see B<mq_overview>(7));"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:577
msgid "employ B<prctl>(2)  B<PR_SET_MM> operation;"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:582
msgid ""
"set I</proc/PID/oom_score_adj> to a value lower than the value last set by a "
"process with B<CAP_SYS_RESOURCE>."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:584
#, no-wrap
msgid "B<CAP_SYS_TIME>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:591
msgid ""
"Set system clock (B<settimeofday>(2), B<stime>(2), B<adjtimex>(2)); set "
"real-time (hardware) clock."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:591
#, no-wrap
msgid "B<CAP_SYS_TTY_CONFIG>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:598
msgid ""
"Use B<vhangup>(2); employ various privileged B<ioctl>(2)  operations on "
"virtual terminals."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:598
#, no-wrap
msgid "B<CAP_SYSLOG> (since Linux 2.6.37)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:607
msgid ""
"Perform privileged B<syslog>(2)  operations.  See B<syslog>(2)  for "
"information on which operations require privilege."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:617
msgid ""
"View kernel addresses exposed via I</proc> and other interfaces when "
"I</proc/sys/kernel/kptr_restrict> has the value 1.  (See the discussion of "
"the I<kptr_restrict> in B<proc>(5).)"
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:617
#, no-wrap
msgid "B<CAP_WAKE_ALARM> (since Linux 3.0)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:625
msgid ""
"Trigger something that will wake up the system (set B<CLOCK_REALTIME_ALARM> "
"and B<CLOCK_BOOTTIME_ALARM> timers)."
msgstr ""

#. type: SS
#: build/C/man7/capabilities.7:625
#, no-wrap
msgid "Past and current implementation"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:627
msgid "A full implementation of capabilities requires that:"
msgstr ""

#. type: IP
#: build/C/man7/capabilities.7:627 build/C/man7/capabilities.7:778 build/C/man7/capabilities.7:925 build/C/man7/capabilities.7:978
#, no-wrap
msgid "1."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:631
msgid ""
"For all privileged operations, the kernel must check whether the thread has "
"the required capability in its effective set."
msgstr ""

#. type: IP
#: build/C/man7/capabilities.7:631 build/C/man7/capabilities.7:783 build/C/man7/capabilities.7:931 build/C/man7/capabilities.7:984
#, no-wrap
msgid "2."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:634
msgid ""
"The kernel must provide system calls allowing a thread's capability sets to "
"be changed and retrieved."
msgstr ""

#. type: IP
#: build/C/man7/capabilities.7:634 build/C/man7/capabilities.7:934 build/C/man7/capabilities.7:988
#, no-wrap
msgid "3."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:637
msgid ""
"The filesystem must support attaching capabilities to an executable file, so "
"that a process gains those capabilities when the file is executed."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:641
msgid ""
"Before kernel 2.6.24, only the first two of these requirements are met; "
"since kernel 2.6.24, all three requirements are met."
msgstr ""

#. type: SS
#: build/C/man7/capabilities.7:641
#, no-wrap
msgid "Thread capability sets"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:644
msgid ""
"Each thread has three capability sets containing zero or more of the above "
"capabilities:"
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:644
#, no-wrap
msgid "I<Permitted>:"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:652
msgid ""
"This is a limiting superset for the effective capabilities that the thread "
"may assume.  It is also a limiting superset for the capabilities that may be "
"added to the inheritable set by a thread that does not have the "
"B<CAP_SETPCAP> capability in its effective set."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:658
msgid ""
"If a thread drops a capability from its permitted set, it can never "
"reacquire that capability (unless it B<execve>(2)s either a set-user-ID-root "
"program, or a program whose associated file capabilities grant that "
"capability)."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:658
#, no-wrap
msgid "I<Inheritable>:"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:665
msgid ""
"This is a set of capabilities preserved across an B<execve>(2).  It provides "
"a mechanism for a process to assign capabilities to the permitted set of the "
"new program during an B<execve>(2)."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:665 build/C/man7/capabilities.7:715
#, no-wrap
msgid "I<Effective>:"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:669
msgid ""
"This is the set of capabilities used by the kernel to perform permission "
"checks for the thread."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:675
msgid ""
"A child created via B<fork>(2)  inherits copies of its parent's capability "
"sets.  See below for a discussion of the treatment of capabilities during "
"B<execve>(2)."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:679
msgid ""
"Using B<capset>(2), a thread may manipulate its own capability sets (see "
"below)."
msgstr ""

#.  commit 73efc0394e148d0e15583e13712637831f926720
#. type: Plain text
#: build/C/man7/capabilities.7:688
msgid ""
"Since Linux 3.2, the file I</proc/sys/kernel/cap_last_cap> exposes the "
"numerical value of the highest capability supported by the running kernel; "
"this can be used to determine the highest bit that may be set in a "
"capability set."
msgstr ""

#. type: SS
#: build/C/man7/capabilities.7:688
#, no-wrap
msgid "File capabilities"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:703
msgid ""
"Since kernel 2.6.24, the kernel supports associating capability sets with an "
"executable file using B<setcap>(8).  The file capability sets are stored in "
"an extended attribute (see B<setxattr>(2))  named I<security.capability>.  "
"Writing to this extended attribute requires the B<CAP_SETFCAP> capability.  "
"The file capability sets, in conjunction with the capability sets of the "
"thread, determine the capabilities of a thread after an B<execve>(2)."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:705
msgid "The three file capability sets are:"
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:705
#, no-wrap
msgid "I<Permitted> (formerly known as I<forced>):"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:709
msgid ""
"These capabilities are automatically permitted to the thread, regardless of "
"the thread's inheritable capabilities."
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:709
#, no-wrap
msgid "I<Inheritable> (formerly known as I<allowed>):"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:715
msgid ""
"This set is ANDed with the thread's inheritable set to determine which "
"inheritable capabilities are enabled in the permitted set of the thread "
"after the B<execve>(2)."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:725
msgid ""
"This is not a set, but rather just a single bit.  If this bit is set, then "
"during an B<execve>(2)  all of the new permitted capabilities for the thread "
"are also raised in the effective set.  If this bit is not set, then after an "
"B<execve>(2), none of the new permitted capabilities is in the new effective "
"set."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:741
msgid ""
"Enabling the file effective capability bit implies that any file permitted "
"or inheritable capability that causes a thread to acquire the corresponding "
"permitted capability during an B<execve>(2)  (see the transformation rules "
"described below) will also acquire that capability in its effective set.  "
"Therefore, when assigning capabilities to a file (B<setcap>(8), "
"B<cap_set_file>(3), B<cap_set_fd>(3)), if we specify the effective flag as "
"being enabled for any capability, then the effective flag must also be "
"specified as enabled for all other capabilities for which the corresponding "
"permitted or inheritable flags is enabled."
msgstr ""

#. type: SS
#: build/C/man7/capabilities.7:741
#, no-wrap
msgid "Transformation of capabilities during execve()"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:747
msgid ""
"During an B<execve>(2), the kernel calculates the new capabilities of the "
"process using the following algorithm:"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:752
#, no-wrap
msgid ""
"P'(permitted) = (P(inheritable) & F(inheritable)) |\n"
"                (F(permitted) & cap_bset)\n"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:754
#, no-wrap
msgid "P'(effective) = F(effective) ? P'(permitted) : 0\n"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:756
#, no-wrap
msgid "P'(inheritable) = P(inheritable)    [i.e., unchanged]\n"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:760
msgid "where:"
msgstr ""

#. type: IP
#: build/C/man7/capabilities.7:761
#, no-wrap
msgid "P"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:764
msgid "denotes the value of a thread capability set before the B<execve>(2)"
msgstr ""

#. type: IP
#: build/C/man7/capabilities.7:764
#, no-wrap
msgid "P'"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:767
msgid "denotes the value of a capability set after the B<execve>(2)"
msgstr ""

#. type: IP
#: build/C/man7/capabilities.7:767
#, no-wrap
msgid "F"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:769
msgid "denotes a file capability set"
msgstr ""

#. type: IP
#: build/C/man7/capabilities.7:769
#, no-wrap
msgid "cap_bset"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:771
msgid "is the value of the capability bounding set (described below)."
msgstr ""

#. type: SS
#: build/C/man7/capabilities.7:773
#, no-wrap
msgid "Capabilities and execution of programs by root"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:778
msgid ""
"In order to provide an all-powerful I<root> using capability sets, during an "
"B<execve>(2):"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:783
msgid ""
"If a set-user-ID-root program is being executed, or the real user ID of the "
"process is 0 (root)  then the file inheritable and permitted sets are "
"defined to be all ones (i.e., all capabilities enabled)."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:786
msgid ""
"If a set-user-ID-root program is being executed, then the file effective bit "
"is defined to be one (enabled)."
msgstr ""

#.  If a process with real UID 0, and nonzero effective UID does an
#.  exec(), then it gets all capabilities in its
#.  permitted set, and no effective capabilities
#. type: Plain text
#: build/C/man7/capabilities.7:801
msgid ""
"The upshot of the above rules, combined with the capabilities "
"transformations described above, is that when a process B<execve>(2)s a "
"set-user-ID-root program, or when a process with an effective UID of 0 "
"B<execve>(2)s a program, it gains all capabilities in its permitted and "
"effective capability sets, except those masked out by the capability "
"bounding set.  This provides semantics that are the same as those provided "
"by traditional UNIX systems."
msgstr ""

#. type: SS
#: build/C/man7/capabilities.7:801
#, no-wrap
msgid "Capability bounding set"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:806
msgid ""
"The capability bounding set is a security mechanism that can be used to "
"limit the capabilities that can be gained during an B<execve>(2).  The "
"bounding set is used in the following ways:"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:814
msgid ""
"During an B<execve>(2), the capability bounding set is ANDed with the file "
"permitted capability set, and the result of this operation is assigned to "
"the thread's permitted capability set.  The capability bounding set thus "
"places a limit on the permitted capabilities that may be granted by an "
"executable file."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:826
msgid ""
"(Since Linux 2.6.25)  The capability bounding set acts as a limiting "
"superset for the capabilities that a thread can add to its inheritable set "
"using B<capset>(2).  This means that if a capability is not in the bounding "
"set, then a thread can't add this capability to its inheritable set, even if "
"it was in its permitted capabilities, and thereby cannot have this "
"capability preserved in its permitted set when it B<execve>(2)s a file that "
"has the capability in its inheritable set."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:833
msgid ""
"Note that the bounding set masks the file permitted capabilities, but not "
"the inherited capabilities.  If a thread maintains a capability in its "
"inherited set that is not in its bounding set, then it can still gain that "
"capability in its permitted set by executing a file that has the capability "
"in its inherited set."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:836
msgid ""
"Depending on the kernel version, the capability bounding set is either a "
"system-wide attribute, or a per-process attribute."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:838
msgid "B<Capability bounding set prior to Linux 2.6.25>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:846
msgid ""
"In kernels before 2.6.25, the capability bounding set is a system-wide "
"attribute that affects all threads on the system.  The bounding set is "
"accessible via the file I</proc/sys/kernel/cap-bound>.  (Confusingly, this "
"bit mask parameter is expressed as a signed decimal number in "
"I</proc/sys/kernel/cap-bound>.)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:853
msgid ""
"Only the B<init> process may set capabilities in the capability bounding "
"set; other than that, the superuser (more precisely: programs with the "
"B<CAP_SYS_MODULE> capability) may only clear capabilities from this set."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:862
msgid ""
"On a standard system the capability bounding set always masks out the "
"B<CAP_SETPCAP> capability.  To remove this restriction (dangerous!), modify "
"the definition of B<CAP_INIT_EFF_SET> in I<include/linux/capability.h> and "
"rebuild the kernel."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:866
msgid ""
"The system-wide capability bounding set feature was added to Linux starting "
"with kernel version 2.2.11."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:868
msgid "B<Capability bounding set from Linux 2.6.25 onward>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:873
msgid ""
"From Linux 2.6.25, the I<capability bounding set> is a per-thread "
"attribute.  (There is no longer a system-wide capability bounding set.)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:878
msgid ""
"The bounding set is inherited at B<fork>(2)  from the thread's parent, and "
"is preserved across an B<execve>(2)."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:891
msgid ""
"A thread may remove capabilities from its capability bounding set using the "
"B<prctl>(2)  B<PR_CAPBSET_DROP> operation, provided it has the "
"B<CAP_SETPCAP> capability.  Once a capability has been dropped from the "
"bounding set, it cannot be restored to that set.  A thread can determine if "
"a capability is in its bounding set using the B<prctl>(2)  "
"B<PR_CAPBSET_READ> operation."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:909
msgid ""
"Removing capabilities from the bounding set is supported only if file "
"capabilities are compiled into the kernel.  In kernels before Linux 2.6.33, "
"file capabilities were an optional feature configurable via the "
"CONFIG_SECURITY_FILE_CAPABILITIES option.  Since Linux 2.6.33, the "
"configuration option has been removed and file capabilities are always part "
"of the kernel.  When file capabilities are compiled into the kernel, the "
"B<init> process (the ancestor of all processes) begins with a full bounding "
"set.  If file capabilities are not compiled into the kernel, then B<init> "
"begins with a full bounding set minus B<CAP_SETPCAP>, because this "
"capability has a different meaning when there are no file capabilities."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:916
msgid ""
"Removing a capability from the bounding set does not remove it from the "
"thread's inherited set.  However it does prevent the capability from being "
"added back into the thread's inherited set in the future."
msgstr ""

#. type: SS
#: build/C/man7/capabilities.7:916
#, no-wrap
msgid "Effect of user ID changes on capabilities"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:925
msgid ""
"To preserve the traditional semantics for transitions between 0 and nonzero "
"user IDs, the kernel makes the following changes to a thread's capability "
"sets on changes to the thread's real, effective, saved set, and filesystem "
"user IDs (using B<setuid>(2), B<setresuid>(2), or similar):"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:931
msgid ""
"If one or more of the real, effective or saved set user IDs was previously "
"0, and as a result of the UID changes all of these IDs have a nonzero value, "
"then all capabilities are cleared from the permitted and effective "
"capability sets."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:934
msgid ""
"If the effective user ID is changed from 0 to nonzero, then all capabilities "
"are cleared from the effective set."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:937
msgid ""
"If the effective user ID is changed from nonzero to 0, then the permitted "
"set is copied to the effective set."
msgstr ""

#. type: IP
#: build/C/man7/capabilities.7:937 build/C/man7/capabilities.7:992
#, no-wrap
msgid "4."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:955
msgid ""
"If the filesystem user ID is changed from 0 to nonzero (see B<setfsuid>(2))  "
"then the following capabilities are cleared from the effective set: "
"B<CAP_CHOWN>, B<CAP_DAC_OVERRIDE>, B<CAP_DAC_READ_SEARCH>, B<CAP_FOWNER>, "
"B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (since Linux 2.2.30), "
"B<CAP_MAC_OVERRIDE>, and B<CAP_MKNOD> (since Linux 2.2.30).  If the "
"filesystem UID is changed from nonzero to 0, then any of these capabilities "
"that are enabled in the permitted set are enabled in the effective set."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:963
msgid ""
"If a thread that has a 0 value for one or more of its user IDs wants to "
"prevent its permitted capability set being cleared when it resets all of its "
"user IDs to nonzero values, it can do so using the B<prctl>(2)  "
"B<PR_SET_KEEPCAPS> operation."
msgstr ""

#. type: SS
#: build/C/man7/capabilities.7:963
#, no-wrap
msgid "Programmatically adjusting capability sets"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:978
msgid ""
"A thread can retrieve and change its capability sets using the B<capget>(2)  "
"and B<capset>(2)  system calls.  However, the use of B<cap_get_proc>(3)  and "
"B<cap_set_proc>(3), both provided in the I<libcap> package, is preferred for "
"this purpose.  The following rules govern changes to the thread capability "
"sets:"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:984
msgid ""
"If the caller does not have the B<CAP_SETPCAP> capability, the new "
"inheritable set must be a subset of the combination of the existing "
"inheritable and permitted sets."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:988
msgid ""
"(Since Linux 2.6.25)  The new inheritable set must be a subset of the "
"combination of the existing inheritable set and the capability bounding set."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:992
msgid ""
"The new permitted set must be a subset of the existing permitted set (i.e., "
"it is not possible to acquire permitted capabilities that the thread does "
"not currently have)."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:994
msgid "The new effective set must be a subset of the new permitted set."
msgstr ""

#. type: SS
#: build/C/man7/capabilities.7:994
#, no-wrap
msgid "The securebits flags: establishing a capabilities-only environment"
msgstr ""

#.  For some background:
#.        see http://lwn.net/Articles/280279/ and
#.        http://article.gmane.org/gmane.linux.kernel.lsm/5476/
#. type: Plain text
#: build/C/man7/capabilities.7:1005
msgid ""
"Starting with kernel 2.6.26, and with a kernel in which file capabilities "
"are enabled, Linux implements a set of per-thread I<securebits> flags that "
"can be used to disable special handling of capabilities for UID 0 "
"(I<root>).  These flags are as follows:"
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:1005
#, no-wrap
msgid "B<SECBIT_KEEP_CAPS>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1017
msgid ""
"Setting this flag allows a thread that has one or more 0 UIDs to retain its "
"capabilities when it switches all of its UIDs to a nonzero value.  If this "
"flag is not set, then such a UID switch causes the thread to lose all "
"capabilities.  This flag is always cleared on an B<execve>(2).  (This flag "
"provides the same functionality as the older B<prctl>(2)  B<PR_SET_KEEPCAPS> "
"operation.)"
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:1017
#, no-wrap
msgid "B<SECBIT_NO_SETUID_FIXUP>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1024
msgid ""
"Setting this flag stops the kernel from adjusting capability sets when the "
"threads's effective and filesystem UIDs are switched between zero and "
"nonzero values.  (See the subsection I<Effect of User ID Changes on "
"Capabilities>.)"
msgstr ""

#. type: TP
#: build/C/man7/capabilities.7:1024
#, no-wrap
msgid "B<SECBIT_NOROOT>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1032
msgid ""
"If this bit is set, then the kernel does not grant capabilities when a "
"set-user-ID-root program is executed, or when a process with an effective or "
"real UID of 0 calls B<execve>(2).  (See the subsection I<Capabilities and "
"execution of programs by root>.)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1042
msgid ""
"Each of the above \"base\" flags has a companion \"locked\" flag.  Setting "
"any of the \"locked\" flags is irreversible, and has the effect of "
"preventing further changes to the corresponding \"base\" flag.  The locked "
"flags are: B<SECBIT_KEEP_CAPS_LOCKED>, B<SECBIT_NO_SETUID_FIXUP_LOCKED>, and "
"B<SECBIT_NOROOT_LOCKED>."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1054
msgid ""
"The I<securebits> flags can be modified and retrieved using the B<prctl>(2)  "
"B<PR_SET_SECUREBITS> and B<PR_GET_SECUREBITS> operations.  The "
"B<CAP_SETPCAP> capability is required to modify the flags."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1063
msgid ""
"The I<securebits> flags are inherited by child processes.  During an "
"B<execve>(2), all of the flags are preserved, except B<SECBIT_KEEP_CAPS> "
"which is always cleared."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1068
msgid ""
"An application can use the following call to lock itself, and all of its "
"descendants, into an environment where the only way of gaining capabilities "
"is by executing a program with associated file capabilities:"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1077
#, no-wrap
msgid ""
"prctl(PR_SET_SECUREBITS,\n"
"        SECBIT_KEEP_CAPS_LOCKED |\n"
"        SECBIT_NO_SETUID_FIXUP |\n"
"        SECBIT_NO_SETUID_FIXUP_LOCKED |\n"
"        SECBIT_NOROOT |\n"
"        SECBIT_NOROOT_LOCKED);\n"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1085
msgid ""
"No standards govern capabilities, but the Linux capability implementation is "
"based on the withdrawn POSIX.1e draft standard; see E<.UR "
"http://wt.tuxomania.net\\:/publications\\:/posix.1e/> E<.UE .>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1089
msgid ""
"Since kernel 2.5.27, capabilities are an optional kernel component, and can "
"be enabled/disabled via the CONFIG_SECURITY_CAPABILITIES kernel "
"configuration option."
msgstr ""

#.  7b9a7ec565505699f503b4fcf61500dceb36e744
#. type: Plain text
#: build/C/man7/capabilities.7:1103
msgid ""
"The I</proc/PID/task/TID/status> file can be used to view the capability "
"sets of a thread.  The I</proc/PID/status> file shows the capability sets of "
"a process's main thread.  Before Linux 3.8, nonexistent capabilities were "
"shown as being enabled (1) in these sets.  Since Linux 3.8, all non-existent "
"capabilities (above B<CAP_LAST_CAP>)  are shown as disabled (0)."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1118
msgid ""
"The I<libcap> package provides a suite of routines for setting and getting "
"capabilities that is more comfortable and less likely to change than the "
"interface provided by B<capset>(2)  and B<capget>(2).  This package also "
"provides the B<setcap>(8)  and B<getcap>(8)  programs.  It can be found at"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1121
msgid ""
"E<.UR "
"http://www.kernel.org\\:/pub\\:/linux\\:/libs\\:/security\\:/linux-privs> "
"E<.UE .>"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1130
msgid ""
"Before kernel 2.6.24, and since kernel 2.6.24 if file capabilities are not "
"enabled, a thread with the B<CAP_SETPCAP> capability can manipulate the "
"capabilities of threads other than itself.  However, this is only "
"theoretically possible, since no thread ever has B<CAP_SETPCAP> in either of "
"these cases:"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1135
msgid ""
"In the pre-2.6.25 implementation the system-wide capability bounding set, "
"I</proc/sys/kernel/cap-bound>, always masks out this capability, and this "
"can not be changed without modifying the kernel source and rebuilding."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1141
msgid ""
"If file capabilities are disabled in the current implementation, then "
"B<init> starts out with this capability removed from its per-process "
"bounding set, and that bounding set is inherited by all other processes "
"created on the system."
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1158
msgid ""
"B<capget>(2), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), "
"B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), "
"B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), "
"B<libcap>(3), B<credentials>(7), B<pthreads>(7), B<getcap>(8), B<setcap>(8)"
msgstr ""

#. type: Plain text
#: build/C/man7/capabilities.7:1161
msgid "I<include/linux/capability.h> in the Linux kernel source tree"
msgstr ""

#. type: TH
#: build/C/man2/capget.2:15
#, no-wrap
msgid "CAPGET"
msgstr ""

#. type: TH
#: build/C/man2/capget.2:15
#, no-wrap
msgid "2013-03-11"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:18
msgid "capget, capset - set/get capabilities of thread(s)"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:20
msgid "B<#include E<lt>sys/capability.hE<gt>>"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:22
msgid "B<int capget(cap_user_header_t >I<hdrp>B<, cap_user_data_t >I<datap>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:24
msgid ""
"B<int capset(cap_user_header_t >I<hdrp>B<, const cap_user_data_t "
">I<datap>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:35
msgid ""
"As of Linux 2.2, the power of the superuser (root) has been partitioned into "
"a set of discrete capabilities.  Each thread has a set of effective "
"capabilities identifying which capabilities (if any) it may currently "
"exercise.  Each thread also has a set of inheritable capabilities that may "
"be passed through an B<execve>(2)  call, and a set of permitted capabilities "
"that it can make effective or inheritable."
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:44
msgid ""
"These two system calls are the raw kernel interface for getting and setting "
"thread capabilities.  Not only are these system calls specific to Linux, but "
"the kernel API is likely to change and use of these system calls (in "
"particular the format of the I<cap_user_*_t> types) is subject to extension "
"with each kernel revision, but old programs will keep working."
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:55
msgid ""
"The portable interfaces are B<cap_set_proc>(3)  and B<cap_get_proc>(3); if "
"possible you should use those interfaces in applications.  If you wish to "
"use the Linux extensions in applications, you should use the easier-to-use "
"interfaces B<capsetp>(3)  and B<capgetp>(3)."
msgstr ""

#. type: SS
#: build/C/man2/capget.2:55
#, no-wrap
msgid "Current details"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:58
msgid ""
"Now that you have been warned, some current kernel details.  The structures "
"are defined as follows."
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:63
#, no-wrap
msgid ""
"#define _LINUX_CAPABILITY_VERSION_1  0x19980330\n"
"#define _LINUX_CAPABILITY_U32S_1     1\n"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:66
#, no-wrap
msgid ""
"#define _LINUX_CAPABILITY_VERSION_2  0x20071026\n"
"#define _LINUX_CAPABILITY_U32S_2     2\n"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:71
#, no-wrap
msgid ""
"typedef struct __user_cap_header_struct {\n"
"   __u32 version;\n"
"   int pid;\n"
"} *cap_user_header_t;\n"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:77
#, no-wrap
msgid ""
"typedef struct __user_cap_data_struct {\n"
"   __u32 effective;\n"
"   __u32 permitted;\n"
"   __u32 inheritable;\n"
"} *cap_user_data_t;\n"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:96
msgid ""
"The I<effective>, I<permitted>, and I<inheritable> fields are bit masks of "
"the capabilities defined in I<capability(7).> Note the B<CAP_*> values are "
"bit indexes and need to be bit-shifted before ORing into the bit fields.  To "
"define the structures for passing to the system call you have to use the "
"I<struct __user_cap_header_struct> and I<struct __user_cap_data_struct> "
"names because the typedefs are only pointers."
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:108
msgid ""
"Kernels prior to 2.6.25 prefer 32-bit capabilities with version "
"B<_LINUX_CAPABILITY_VERSION_1>, and kernels 2.6.25+ prefer 64-bit "
"capabilities with version B<_LINUX_CAPABILITY_VERSION_2>.  Note, 64-bit "
"capabilities use I<datap>[0] and I<datap>[1], whereas 32-bit capabilities "
"use only I<datap>[0]."
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:112
msgid ""
"Another change affecting the behavior of these system calls is kernel "
"support for file capabilities (VFS capability support).  This support is "
"currently a compile time option (added in kernel 2.6.24)."
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:119
msgid ""
"For B<capget>()  calls, one can probe the capabilities of any process by "
"specifying its process ID with the I<hdrp-E<gt>pid> field value."
msgstr ""

#. type: SS
#: build/C/man2/capget.2:119
#, no-wrap
msgid "With VFS capability support"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:131
msgid ""
"VFS Capability support creates a file-attribute method for adding "
"capabilities to privileged executables.  This privilege model obsoletes "
"kernel support for one process asynchronously setting the capabilities of "
"another.  That is, with VFS support, for B<capset>()  calls the only "
"permitted values for I<hdrp-E<gt>pid> are 0 or B<getpid>(2), which are "
"equivalent."
msgstr ""

#. type: SS
#: build/C/man2/capget.2:131
#, no-wrap
msgid "Without VFS capability support"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:157
msgid ""
"When the kernel does not support VFS capabilities, B<capset>()  calls can "
"operate on the capabilities of the thread specified by the I<pid> field of "
"I<hdrp> when that is nonzero, or on the capabilities of the calling thread "
"if I<pid> is 0.  If I<pid> refers to a single-threaded process, then I<pid> "
"can be specified as a traditional process ID; operating on a thread of a "
"multithreaded process requires a thread ID of the type returned by "
"B<gettid>(2).  For B<capset>(), I<pid> can also be: -1, meaning perform the "
"change on all threads except the caller and B<init>(8); or a value less than "
"-1, in which case the change is applied to all members of the process group "
"whose ID is -I<pid>."
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:160
msgid "For details on the data, see B<capabilities>(7)."
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:179
msgid ""
"The calls will fail with the error B<EINVAL>, and set the I<version> field "
"of I<hdrp> to the kernel preferred value of B<_LINUX_CAPABILITY_VERSION_?> "
"when an unsupported I<version> value is specified.  In this way, one can "
"probe what the current preferred capability revision is."
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:188
msgid ""
"Bad memory address.  I<hdrp> must not be NULL.  I<datap> may be NULL only "
"when the user is trying to determine the preferred capability version format "
"supported by the kernel."
msgstr ""

#. type: TP
#: build/C/man2/capget.2:188 build/C/man7/cpuset.7:1180 build/C/man7/cpuset.7:1189 build/C/man7/cpuset.7:1198 build/C/man7/cpuset.7:1208 build/C/man7/cpuset.7:1217 build/C/man7/cpuset.7:1224 build/C/man7/cpuset.7:1231 build/C/man2/getgroups.2:114 build/C/man2/getgroups.2:121 build/C/man2/getpriority.2:121 build/C/man2/getrlimit.2:440 build/C/man2/getrusage.2:191 build/C/man2/iopl.2:72 build/C/man2/ioprio_set.2:170 build/C/man2/setpgid.2:202
#, no-wrap
msgid "B<EINVAL>"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:191
msgid "One of the arguments was invalid."
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:196
msgid ""
"An attempt was made to add a capability to the Permitted set, or to set a "
"capability in the Effective or Inheritable sets that is not in the Permitted "
"set."
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:215
msgid ""
"The caller attempted to use B<capset>()  to modify the capabilities of a "
"thread other than itself, but lacked sufficient privilege.  For kernels "
"supporting VFS capabilities, this is never permitted.  For kernels lacking "
"VFS support, the B<CAP_SETPCAP> capability is required.  (A bug in kernels "
"before 2.6.11 meant that this error could also occur if a thread without "
"this capability tried to change its own capabilities by specifying the "
"I<pid> field as a nonzero value (i.e., the value returned by B<getpid>(2))  "
"instead of 0.)"
msgstr ""

#. type: TP
#: build/C/man2/capget.2:215 build/C/man7/cpuset.7:1330 build/C/man2/getpriority.2:129 build/C/man2/getrlimit.2:464 build/C/man2/getsid.2:70 build/C/man2/ioprio_set.2:187 build/C/man2/setpgid.2:217
#, no-wrap
msgid "B<ESRCH>"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:218
msgid "No such thread."
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:220 build/C/man2/ioprio_set.2:198
msgid "These system calls are Linux-specific."
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:225
msgid ""
"The portable interface to the capability querying and setting functions is "
"provided by the I<libcap> library and is available here:"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:228
msgid ""
"E<.UR "
"http://git.kernel.org/cgit\\:/linux\\:/kernel\\:/git\\:/morgan\\:\\:/libcap.git> "
"E<.UE>"
msgstr ""

#. type: Plain text
#: build/C/man2/capget.2:232
msgid "B<clone>(2), B<gettid>(2), B<capabilities>(7)"
msgstr ""

#. type: TH
#: build/C/man7/cpuset.7:25
#, no-wrap
msgid "CPUSET"
msgstr ""

#. type: TH
#: build/C/man7/cpuset.7:25 build/C/man2/getpriority.2:48 build/C/man2/ioprio_set.2:24 build/C/man7/svipc.7:40
#, no-wrap
msgid "2013-02-12"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:28
msgid "cpuset - confine processes to processor and memory node subsets"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:35
msgid ""
"The cpuset filesystem is a pseudo-filesystem interface to the kernel cpuset "
"mechanism, which is used to control the processor placement and memory "
"placement of processes.  It is commonly mounted at I</dev/cpuset>."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:52
msgid ""
"On systems with kernels compiled with built in support for cpusets, all "
"processes are attached to a cpuset, and cpusets are always present.  If a "
"system supports cpusets, then it will have the entry B<nodev cpuset> in the "
"file I</proc/filesystems>.  By mounting the cpuset filesystem (see the "
"B<EXAMPLE> section below), the administrator can configure the cpusets on a "
"system to control the processor and memory placement of processes on that "
"system.  By default, if the cpuset configuration on a system is not modified "
"or if the cpuset filesystem is not even mounted, then the cpuset mechanism, "
"though present, has no affect on the system's behavior."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:54
msgid "A cpuset defines a list of CPUs and memory nodes."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:63
msgid ""
"The CPUs of a system include all the logical processing units on which a "
"process can execute, including, if present, multiple processor cores within "
"a package and Hyper-Threads within a processor core.  Memory nodes include "
"all distinct banks of main memory; small and SMP systems typically have just "
"one memory node that contains all the system's main memory, while NUMA "
"(non-uniform memory access) systems have multiple memory nodes."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:73
msgid ""
"Cpusets are represented as directories in a hierarchical pseudo-filesystem, "
"where the top directory in the hierarchy (I</dev/cpuset>)  represents the "
"entire system (all online CPUs and memory nodes)  and any cpuset that is the "
"child (descendant) of another parent cpuset contains a subset of that "
"parent's CPUs and memory nodes.  The directories and files representing "
"cpusets have normal filesystem permissions."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:84
msgid ""
"Every process in the system belongs to exactly one cpuset.  A process is "
"confined to run only on the CPUs in the cpuset it belongs to, and to "
"allocate memory only on the memory nodes in that cpuset.  When a process "
"B<fork>(2)s, the child process is placed in the same cpuset as its parent.  "
"With sufficient privilege, a process may be moved from one cpuset to another "
"and the allowed CPUs and memory nodes of an existing cpuset may be changed."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:92
msgid ""
"When the system begins booting, a single cpuset is defined that includes all "
"CPUs and memory nodes on the system, and all processes are in that cpuset.  "
"During the boot process, or later during normal system operation, other "
"cpusets may be created, as subdirectories of this top cpuset, under the "
"control of the system administrator, and processes may be placed in these "
"other cpusets."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:114
msgid ""
"Cpusets are integrated with the B<sched_setaffinity>(2)  scheduling affinity "
"mechanism and the B<mbind>(2)  and B<set_mempolicy>(2)  memory-placement "
"mechanisms in the kernel.  Neither of these mechanisms let a process make "
"use of a CPU or memory node that is not allowed by that process's cpuset.  "
"If changes to a process's cpuset placement conflict with these other "
"mechanisms, then cpuset placement is enforced even if it means overriding "
"these other mechanisms.  The kernel accomplishes this overriding by silently "
"restricting the CPUs and memory nodes requested by these other mechanisms to "
"those allowed by the invoking process's cpuset.  This can result in these "
"other calls returning an error, if for example, such a call ends up "
"requesting an empty set of CPUs or memory nodes, after that request is "
"restricted to the invoking process's cpuset."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:120
msgid ""
"Typically, a cpuset is used to manage the CPU and memory-node confinement "
"for a set of cooperating processes such as a batch scheduler job, and these "
"other mechanisms are used to manage the placement of individual processes or "
"memory regions within that set or job."
msgstr ""

#. type: SH
#: build/C/man7/cpuset.7:120
#, no-wrap
msgid "FILES"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:125
msgid ""
"Each directory below I</dev/cpuset> represents a cpuset and contains a fixed "
"set of pseudo-files describing the state of that cpuset."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:135
msgid ""
"New cpusets are created using the B<mkdir>(2)  system call or the "
"B<mkdir>(1)  command.  The properties of a cpuset, such as its flags, "
"allowed CPUs and memory nodes, and attached processes, are queried and "
"modified by reading or writing to the appropriate file in that cpuset's "
"directory, as listed below."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:141
msgid ""
"The pseudo-files in each cpuset directory are automatically created when the "
"cpuset is created, as a result of the B<mkdir>(2)  invocation.  It is not "
"possible to directly add or remove these pseudo-files."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:149
msgid ""
"A cpuset directory that contains no child cpuset directories, and has no "
"attached processes, can be removed using B<rmdir>(2)  or B<rmdir>(1).  It is "
"not necessary, or possible, to remove the pseudo-files inside the directory "
"before removing it."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:163
msgid ""
"The pseudo-files in each cpuset directory are small text files that may be "
"read and written using traditional shell utilities such as B<cat>(1), and "
"B<echo>(1), or from a program by using file I/O library functions or system "
"calls, such as B<open>(2), B<read>(2), B<write>(2), and B<close>(2)."
msgstr ""

#.  ====================== tasks ======================
#. type: Plain text
#: build/C/man7/cpuset.7:168
msgid ""
"The pseudo-files in a cpuset directory represent internal kernel state and "
"do not have any persistent image on disk.  Each of these per-cpuset files is "
"listed and described below."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:168
#, no-wrap
msgid "I<tasks>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:178
msgid ""
"List of the process IDs (PIDs) of the processes in that cpuset.  The list is "
"formatted as a series of ASCII decimal numbers, each followed by a newline.  "
"A process may be added to a cpuset (automatically removing it from the "
"cpuset that previously contained it) by writing its PID to that cpuset's "
"I<tasks> file (with or without a trailing newline.)"
msgstr ""

#.  =================== notify_on_release ===================
#. type: Plain text
#: build/C/man7/cpuset.7:186
msgid ""
"B<Warning:> only one PID may be written to the I<tasks> file at a time.  If "
"a string is written that contains more than one PID, only the first one will "
"be used."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:186
#, no-wrap
msgid "I<notify_on_release>"
msgstr ""

#.  ====================== cpus ======================
#. type: Plain text
#: build/C/man7/cpuset.7:195
msgid ""
"Flag (0 or 1).  If set (1), that cpuset will receive special handling after "
"it is released, that is, after all processes cease using it (i.e., terminate "
"or are moved to a different cpuset)  and all child cpuset directories have "
"been removed.  See the B<Notify On Release> section, below."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:195
#, no-wrap
msgid "I<cpuset.cpus>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:202
msgid ""
"List of the physical numbers of the CPUs on which processes in that cpuset "
"are allowed to execute.  See B<List Format> below for a description of the "
"format of I<cpus>."
msgstr ""

#.  ==================== cpu_exclusive ====================
#. type: Plain text
#: build/C/man7/cpuset.7:208
msgid ""
"The CPUs allowed to a cpuset may be changed by writing a new list to its "
"I<cpus> file."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:208
#, no-wrap
msgid "I<cpuset.cpu_exclusive>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:215
msgid ""
"Flag (0 or 1).  If set (1), the cpuset has exclusive use of its CPUs (no "
"sibling or cousin cpuset may overlap CPUs).  By default this is off (0).  "
"Newly created cpusets also initially default this to off (0)."
msgstr ""

#.  ====================== mems ======================
#. type: Plain text
#: build/C/man7/cpuset.7:237
msgid ""
"Two cpusets are I<sibling> cpusets if they share the same parent cpuset in "
"the I</dev/cpuset> hierarchy.  Two cpusets are I<cousin> cpusets if neither "
"is the ancestor of the other.  Regardless of the I<cpu_exclusive> setting, "
"if one cpuset is the ancestor of another, and if both of these cpusets have "
"nonempty I<cpus>, then their I<cpus> must overlap, because the I<cpus> of "
"any cpuset are always a subset of the I<cpus> of its parent cpuset."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:237
#, no-wrap
msgid "I<cpuset.mems>"
msgstr ""

#.  ==================== mem_exclusive ====================
#. type: Plain text
#: build/C/man7/cpuset.7:245
msgid ""
"List of memory nodes on which processes in this cpuset are allowed to "
"allocate memory.  See B<List Format> below for a description of the format "
"of I<mems>."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:245
#, no-wrap
msgid "I<cpuset.mem_exclusive>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:253
msgid ""
"Flag (0 or 1).  If set (1), the cpuset has exclusive use of its memory nodes "
"(no sibling or cousin may overlap).  Also if set (1), the cpuset is a "
"B<Hardwall> cpuset (see below.)  By default this is off (0).  Newly created "
"cpusets also initially default this to off (0)."
msgstr ""

#.  ==================== mem_hardwall ====================
#. type: Plain text
#: build/C/man7/cpuset.7:261
msgid ""
"Regardless of the I<mem_exclusive> setting, if one cpuset is the ancestor of "
"another, then their memory nodes must overlap, because the memory nodes of "
"any cpuset are always a subset of the memory nodes of that cpuset's parent "
"cpuset."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:261
#, no-wrap
msgid "I<cpuset.mem_hardwall> (since Linux 2.6.26)"
msgstr ""

#.  ==================== memory_migrate ====================
#. type: Plain text
#: build/C/man7/cpuset.7:272
msgid ""
"Flag (0 or 1).  If set (1), the cpuset is a B<Hardwall> cpuset (see below.)  "
"Unlike B<mem_exclusive>, there is no constraint on whether cpusets marked "
"B<mem_hardwall> may have overlapping memory nodes with sibling or cousin "
"cpusets.  By default this is off (0).  Newly created cpusets also initially "
"default this to off (0)."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:272
#, no-wrap
msgid "I<cpuset.memory_migrate> (since Linux 2.6.16)"
msgstr ""

#.  ==================== memory_pressure ====================
#. type: Plain text
#: build/C/man7/cpuset.7:279
msgid ""
"Flag (0 or 1).  If set (1), then memory migration is enabled.  By default "
"this is off (0).  See the B<Memory Migration> section, below."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:279
#, no-wrap
msgid "I<cpuset.memory_pressure> (since Linux 2.6.16)"
msgstr ""

#.  ================= memory_pressure_enabled =================
#. type: Plain text
#: build/C/man7/cpuset.7:292
msgid ""
"A measure of how much memory pressure the processes in this cpuset are "
"causing.  See the B<Memory Pressure> section, below.  Unless "
"I<memory_pressure_enabled> is enabled, always has value zero (0).  This file "
"is read-only.  See the B<WARNINGS> section, below."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:292
#, no-wrap
msgid "I<cpuset.memory_pressure_enabled> (since Linux 2.6.16)"
msgstr ""

#.  ================== memory_spread_page ==================
#. type: Plain text
#: build/C/man7/cpuset.7:304
msgid ""
"Flag (0 or 1).  This file is present only in the root cpuset, normally "
"I</dev/cpuset>.  If set (1), the I<memory_pressure> calculations are enabled "
"for all cpusets in the system.  By default this is off (0).  See the "
"B<Memory Pressure> section, below."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:304
#, no-wrap
msgid "I<cpuset.memory_spread_page> (since Linux 2.6.17)"
msgstr ""

#.  ================== memory_spread_slab ==================
#. type: Plain text
#: build/C/man7/cpuset.7:314
msgid ""
"Flag (0 or 1).  If set (1), pages in the kernel page cache (filesystem "
"buffers) are uniformly spread across the cpuset.  By default this is off (0) "
"in the top cpuset, and inherited from the parent cpuset in newly created "
"cpusets.  See the B<Memory Spread> section, below."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:314
#, no-wrap
msgid "I<cpuset.memory_spread_slab> (since Linux 2.6.17)"
msgstr ""

#.  ================== sched_load_balance ==================
#. type: Plain text
#: build/C/man7/cpuset.7:325
msgid ""
"Flag (0 or 1).  If set (1), the kernel slab caches for file I/O (directory "
"and inode structures) are uniformly spread across the cpuset.  By default "
"this is off (0) in the top cpuset, and inherited from the parent cpuset in "
"newly created cpusets.  See the B<Memory Spread> section, below."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:325
#, no-wrap
msgid "I<cpuset.sched_load_balance> (since Linux 2.6.24)"
msgstr ""

#.  ================== sched_relax_domain_level ==================
#. type: Plain text
#: build/C/man7/cpuset.7:339
msgid ""
"Flag (0 or 1).  If set (1, the default) the kernel will automatically load "
"balance processes in that cpuset over the allowed CPUs in that cpuset.  If "
"cleared (0) the kernel will avoid load balancing processes in this cpuset, "
"I<unless> some other cpuset with overlapping CPUs has its "
"I<sched_load_balance> flag set.  See B<Scheduler Load Balancing>, below, for "
"further details."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:339
#, no-wrap
msgid "I<cpuset.sched_relax_domain_level> (since Linux 2.6.26)"
msgstr ""

#.  ================== proc cpuset ==================
#. type: Plain text
#: build/C/man7/cpuset.7:359
msgid ""
"Integer, between -1 and a small positive value.  The "
"I<sched_relax_domain_level> controls the width of the range of CPUs over "
"which the kernel scheduler performs immediate rebalancing of runnable tasks "
"across CPUs.  If I<sched_load_balance> is disabled, then the setting of "
"I<sched_relax_domain_level> does not matter, as no such load balancing is "
"done.  If I<sched_load_balance> is enabled, then the higher the value of the "
"I<sched_relax_domain_level>, the wider the range of CPUs over which "
"immediate load balancing is attempted.  See B<Scheduler Relax Domain Level>, "
"below, for further details."
msgstr ""

#.  ================== proc status ==================
#. type: Plain text
#: build/C/man7/cpuset.7:367
msgid ""
"In addition to the above pseudo-files in each directory below "
"I</dev/cpuset>, each process has a pseudo-file, "
"I</proc/E<lt>pidE<gt>/cpuset>, that displays the path of the process's "
"cpuset directory relative to the root of the cpuset filesystem."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:378
msgid ""
"Also the I</proc/E<lt>pidE<gt>/status> file for each process has four added "
"lines, displaying the process's I<Cpus_allowed> (on which CPUs it may be "
"scheduled) and I<Mems_allowed> (on which memory nodes it may obtain memory), "
"in the two formats B<Mask Format> and B<List Format> (see below)  as shown "
"in the following example:"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:385
#, no-wrap
msgid ""
"Cpus_allowed:   ffffffff,ffffffff,ffffffff,ffffffff\n"
"Cpus_allowed_list:     0-127\n"
"Mems_allowed:   ffffffff,ffffffff\n"
"Mems_allowed_list:     0-63\n"
msgstr ""

#.  ================== EXTENDED CAPABILITIES ==================
#. type: Plain text
#: build/C/man7/cpuset.7:391
msgid ""
"The \"allowed\" fields were added in Linux 2.6.24; the \"allowed_list\" "
"fields were added in Linux 2.6.26."
msgstr ""

#. type: SH
#: build/C/man7/cpuset.7:391
#, no-wrap
msgid "EXTENDED CAPABILITIES"
msgstr ""

#.  ================== Exclusive Cpusets ==================
#. type: Plain text
#: build/C/man7/cpuset.7:399
msgid ""
"In addition to controlling which I<cpus> and I<mems> a process is allowed to "
"use, cpusets provide the following extended capabilities."
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:399
#, no-wrap
msgid "Exclusive cpusets"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:406
msgid ""
"If a cpuset is marked I<cpu_exclusive> or I<mem_exclusive>, no other cpuset, "
"other than a direct ancestor or descendant, may share any of the same CPUs "
"or memory nodes."
msgstr ""

#.  ================== Hardwall ==================
#. type: Plain text
#: build/C/man7/cpuset.7:432
msgid ""
"A cpuset that is I<mem_exclusive> restricts kernel allocations for buffer "
"cache pages and other internal kernel data pages commonly shared by the "
"kernel across multiple users.  All cpusets, whether I<mem_exclusive> or not, "
"restrict allocations of memory for user space.  This enables configuring a "
"system so that several independent jobs can share common kernel data, while "
"isolating each job's user allocation in its own cpuset.  To do this, "
"construct a large I<mem_exclusive> cpuset to hold all the jobs, and "
"construct child, non-I<mem_exclusive> cpusets for each individual job.  Only "
"a small amount of kernel memory, such as requests from interrupt handlers, "
"is allowed to be placed on memory nodes outside even a I<mem_exclusive> "
"cpuset."
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:432
#, no-wrap
msgid "Hardwall"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:447
msgid ""
"A cpuset that has I<mem_exclusive> or I<mem_hardwall> set is a I<hardwall> "
"cpuset.  A I<hardwall> cpuset restricts kernel allocations for page, buffer, "
"and other data commonly shared by the kernel across multiple users.  All "
"cpusets, whether I<hardwall> or not, restrict allocations of memory for user "
"space."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:458
msgid ""
"This enables configuring a system so that several independent jobs can share "
"common kernel data, such as filesystem pages, while isolating each job's "
"user allocation in its own cpuset.  To do this, construct a large "
"I<hardwall> cpuset to hold all the jobs, and construct child cpusets for "
"each individual job which are not I<hardwall> cpusets."
msgstr ""

#.  ================== Notify On Release ==================
#. type: Plain text
#: build/C/man7/cpuset.7:464
msgid ""
"Only a small amount of kernel memory, such as requests from interrupt "
"handlers, is allowed to be taken outside even a I<hardwall> cpuset."
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:464
#, no-wrap
msgid "Notify on release"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:476
msgid ""
"If the I<notify_on_release> flag is enabled (1) in a cpuset, then whenever "
"the last process in the cpuset leaves (exits or attaches to some other "
"cpuset)  and the last child cpuset of that cpuset is removed, the kernel "
"will run the command I</sbin/cpuset_release_agent>, supplying the pathname "
"(relative to the mount point of the cpuset filesystem) of the abandoned "
"cpuset.  This enables automatic removal of abandoned cpusets."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:484
msgid ""
"The default value of I<notify_on_release> in the root cpuset at system boot "
"is disabled (0).  The default value of other cpusets at creation is the "
"current value of their parent's I<notify_on_release> setting."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:492
msgid ""
"The command I</sbin/cpuset_release_agent> is invoked, with the name "
"(I</dev/cpuset> relative path)  of the to-be-released cpuset in I<argv[1]>."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:496
msgid ""
"The usual contents of the command I</sbin/cpuset_release_agent> is simply "
"the shell script:"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:501
#, no-wrap
msgid ""
"#!/bin/sh\n"
"rmdir /dev/cpuset/$1\n"
msgstr ""

#.  ================== Memory Pressure ==================
#. type: Plain text
#: build/C/man7/cpuset.7:509
msgid ""
"As with other flag values below, this flag can be changed by writing an "
"ASCII number 0 or 1 (with optional trailing newline)  into the file, to "
"clear or set the flag, respectively."
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:509
#, no-wrap
msgid "Memory pressure"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:515
msgid ""
"The I<memory_pressure> of a cpuset provides a simple per-cpuset running "
"average of the rate that the processes in a cpuset are attempting to free up "
"in-use memory on the nodes of the cpuset to satisfy additional memory "
"requests."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:519
msgid ""
"This enables batch managers that are monitoring jobs running in dedicated "
"cpusets to efficiently detect what level of memory pressure that job is "
"causing."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:526
msgid ""
"This is useful both on tightly managed systems running a wide mix of "
"submitted jobs, which may choose to terminate or reprioritize jobs that are "
"trying to use more memory than allowed on the nodes assigned them, and with "
"tightly coupled, long-running, massively parallel scientific computing jobs "
"that will dramatically fail to meet required performance goals if they start "
"to use more memory than allowed to them."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:531
msgid ""
"This mechanism provides a very economical way for the batch manager to "
"monitor a cpuset for signs of memory pressure.  It's up to the batch manager "
"or other user code to decide what action to take if it detects signs of "
"memory pressure."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:538
msgid ""
"Unless memory pressure calculation is enabled by setting the pseudo-file "
"I</dev/cpuset/cpuset.memory_pressure_enabled>, it is not computed for any "
"cpuset, and reads from any I<memory_pressure> always return zero, as "
"represented by the ASCII string \"0\\en\".  See the B<WARNINGS> section, "
"below."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:540
msgid "A per-cpuset, running average is employed for the following reasons:"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:545
msgid ""
"Because this meter is per-cpuset rather than per-process or per virtual "
"memory region, the system load imposed by a batch scheduler monitoring this "
"metric is sharply reduced on large systems, because a scan of the tasklist "
"can be avoided on each set of queries."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:550
msgid ""
"Because this meter is a running average rather than an accumulating counter, "
"a batch scheduler can detect memory pressure with a single read, instead of "
"having to read and accumulate results for a period of time."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:556
msgid ""
"Because this meter is per-cpuset rather than per-process, the batch "
"scheduler can obtain the key information\\(emmemory pressure in a "
"cpuset\\(emwith a single read, rather than having to query and accumulate "
"results over all the (dynamically changing)  set of processes in the cpuset."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:564
msgid ""
"The I<memory_pressure> of a cpuset is calculated using a per-cpuset simple "
"digital filter that is kept within the kernel.  For each cpuset, this filter "
"tracks the recent rate at which processes attached to that cpuset enter the "
"kernel direct reclaim code."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:573
msgid ""
"The kernel direct reclaim code is entered whenever a process has to satisfy "
"a memory page request by first finding some other page to repurpose, due to "
"lack of any readily available already free pages.  Dirty filesystem pages "
"are repurposed by first writing them to disk.  Unmodified filesystem buffer "
"pages are repurposed by simply dropping them, though if that page is needed "
"again, it will have to be reread from disk."
msgstr ""

#.  ================== Memory Spread ==================
#. type: Plain text
#: build/C/man7/cpuset.7:581
msgid ""
"The I<cpuset.memory_pressure> file provides an integer number representing "
"the recent (half-life of 10 seconds) rate of entries to the direct reclaim "
"code caused by any process in the cpuset, in units of reclaims attempted per "
"second, times 1000."
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:581
#, no-wrap
msgid "Memory spread"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:589
msgid ""
"There are two Boolean flag files per cpuset that control where the kernel "
"allocates pages for the filesystem buffers and related in-kernel data "
"structures.  They are called I<cpuset.memory_spread_page> and "
"I<cpuset.memory_spread_slab>."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:596
msgid ""
"If the per-cpuset Boolean flag file I<cpuset.memory_spread_page> is set, "
"then the kernel will spread the filesystem buffers (page cache) evenly over "
"all the nodes that the faulting process is allowed to use, instead of "
"preferring to put those pages on the node where the process is running."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:604
msgid ""
"If the per-cpuset Boolean flag file I<cpuset.memory_spread_slab> is set, "
"then the kernel will spread some filesystem-related slab caches, such as "
"those for inodes and directory entries, evenly over all the nodes that the "
"faulting process is allowed to use, instead of preferring to put those pages "
"on the node where the process is running."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:609
msgid ""
"The setting of these flags does not affect the data segment (see B<brk>(2))  "
"or stack segment pages of a process."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:617
msgid ""
"By default, both kinds of memory spreading are off and the kernel prefers to "
"allocate memory pages on the node local to where the requesting process is "
"running.  If that node is not allowed by the process's NUMA memory policy or "
"cpuset configuration or if there are insufficient free memory pages on that "
"node, then the kernel looks for the nearest node that is allowed and has "
"sufficient free memory."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:620
msgid ""
"When new cpusets are created, they inherit the memory spread settings of "
"their parent."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:635
msgid ""
"Setting memory spreading causes allocations for the affected page or slab "
"caches to ignore the process's NUMA memory policy and be spread instead.  "
"However, the effect of these changes in memory placement caused by "
"cpuset-specified memory spreading is hidden from the B<mbind>(2)  or "
"B<set_mempolicy>(2)  calls.  These two NUMA memory policy calls always "
"appear to behave as if no cpuset-specified memory spreading is in effect, "
"even if it is.  If cpuset memory spreading is subsequently turned off, the "
"NUMA memory policy most recently specified by these calls is automatically "
"reapplied."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:644
msgid ""
"Both I<cpuset.memory_spread_page> and I<cpuset.memory_spread_slab> are "
"Boolean flag files.  By default they contain \"0\", meaning that the feature "
"is off for that cpuset.  If a \"1\" is written to that file, that turns the "
"named feature on."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:647
msgid ""
"Cpuset-specified memory spreading behaves similarly to what is known (in "
"other contexts) as round-robin or interleave memory placement."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:650
msgid ""
"Cpuset-specified memory spreading can provide substantial performance "
"improvements for jobs that:"
msgstr ""

#. type: IP
#: build/C/man7/cpuset.7:650
#, no-wrap
msgid "a)"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:654
msgid ""
"need to place thread-local data on memory nodes close to the CPUs which are "
"running the threads that most frequently access that data; but also"
msgstr ""

#. type: IP
#: build/C/man7/cpuset.7:654
#, no-wrap
msgid "b)"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:657
msgid ""
"need to access large filesystem data sets that must to be spread across the "
"several nodes in the job's cpuset in order to fit."
msgstr ""

#.  ================== Memory Migration ==================
#. type: Plain text
#: build/C/man7/cpuset.7:664
msgid ""
"Without this policy, the memory allocation across the nodes in the job's "
"cpuset can become very uneven, especially for jobs that might have just a "
"single thread initializing or reading in the data set."
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:664
#, no-wrap
msgid "Memory migration"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:673
msgid ""
"Normally, under the default setting (disabled) of I<cpuset.memory_migrate>, "
"once a page is allocated (given a physical page of main memory) then that "
"page stays on whatever node it was allocated, so long as it remains "
"allocated, even if the cpuset's memory-placement policy I<mems> subsequently "
"changes."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:679
msgid ""
"When memory migration is enabled in a cpuset, if the I<mems> setting of the "
"cpuset is changed, then any memory page in use by any process in the cpuset "
"that is on a memory node that is no longer allowed will be migrated to a "
"memory node that is allowed."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:685
msgid ""
"Furthermore, if a process is moved into a cpuset with I<memory_migrate> "
"enabled, any memory pages it uses that were on memory nodes allowed in its "
"previous cpuset, but which are not allowed in its new cpuset, will be "
"migrated to a memory node allowed in the new cpuset."
msgstr ""

#.  ================== Scheduler Load Balancing ==================
#. type: Plain text
#: build/C/man7/cpuset.7:693
msgid ""
"The relative placement of a migrated page within the cpuset is preserved "
"during these migration operations if possible.  For example, if the page was "
"on the second valid node of the prior cpuset, then the page will be placed "
"on the second valid node of the new cpuset, if possible."
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:693
#, no-wrap
msgid "Scheduler load balancing"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:700
msgid ""
"The kernel scheduler automatically load balances processes.  If one CPU is "
"underutilized, the kernel will look for processes on other more overloaded "
"CPUs and move those processes to the underutilized CPU, within the "
"constraints of such placement mechanisms as cpusets and "
"B<sched_setaffinity>(2)."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:713
msgid ""
"The algorithmic cost of load balancing and its impact on key shared kernel "
"data structures such as the process list increases more than linearly with "
"the number of CPUs being balanced.  For example, it costs more to load "
"balance across one large set of CPUs than it does to balance across two "
"smaller sets of CPUs, each of half the size of the larger set.  (The precise "
"relationship between the number of CPUs being balanced and the cost of load "
"balancing depends on implementation details of the kernel process scheduler, "
"which is subject to change over time, as improved kernel scheduler "
"algorithms are implemented.)"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:719
msgid ""
"The per-cpuset flag I<sched_load_balance> provides a mechanism to suppress "
"this automatic scheduler load balancing in cases where it is not needed and "
"suppressing it would have worthwhile performance benefits."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:723
msgid ""
"By default, load balancing is done across all CPUs, except those marked "
"isolated using the kernel boot time \"isolcpus=\" argument.  (See "
"B<Scheduler Relax Domain Level>, below, to change this default.)"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:726
msgid ""
"This default load balancing across all CPUs is not well suited to the "
"following two situations:"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:730
msgid ""
"On large systems, load balancing across many CPUs is expensive.  If the "
"system is managed using cpusets to place independent jobs on separate sets "
"of CPUs, full load balancing is unnecessary."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:734
msgid ""
"Systems supporting real-time on some CPUs need to minimize system overhead "
"on those CPUs, including avoiding process load balancing if that is not "
"needed."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:744
msgid ""
"When the per-cpuset flag I<sched_load_balance> is enabled (the default "
"setting), it requests load balancing across all the CPUs in that cpuset's "
"allowed CPUs, ensuring that load balancing can move a process (not otherwise "
"pinned, as by B<sched_setaffinity>(2))  from any CPU in that cpuset to any "
"other."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:753
msgid ""
"When the per-cpuset flag I<sched_load_balance> is disabled, then the "
"scheduler will avoid load balancing across the CPUs in that cpuset, "
"I<except> in so far as is necessary because some overlapping cpuset has "
"I<sched_load_balance> enabled."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:761
msgid ""
"So, for example, if the top cpuset has the flag I<sched_load_balance> "
"enabled, then the scheduler will load balance across all CPUs, and the "
"setting of the I<sched_load_balance> flag in other cpusets has no effect, as "
"we're already fully load balancing."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:766
msgid ""
"Therefore in the above two situations, the flag I<sched_load_balance> should "
"be disabled in the top cpuset, and only some of the smaller, child cpusets "
"would have this flag enabled."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:774
msgid ""
"When doing this, you don't usually want to leave any unpinned processes in "
"the top cpuset that might use nontrivial amounts of CPU, as such processes "
"may be artificially constrained to some subset of CPUs, depending on the "
"particulars of this flag setting in descendant cpusets.  Even if such a "
"process could use spare CPU cycles in some other CPUs, the kernel scheduler "
"might not consider the possibility of load balancing that process to the "
"underused CPU."
msgstr ""

#.  ================== Scheduler Relax Domain Level ==================
#. type: Plain text
#: build/C/man7/cpuset.7:780
msgid ""
"Of course, processes pinned to a particular CPU can be left in a cpuset that "
"disables I<sched_load_balance> as those processes aren't going anywhere else "
"anyway."
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:780
#, no-wrap
msgid "Scheduler relax domain level"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:801
msgid ""
"The kernel scheduler performs immediate load balancing whenever a CPU "
"becomes free or another task becomes runnable.  This load balancing works to "
"ensure that as many CPUs as possible are usefully employed running tasks.  "
"The kernel also performs periodic load balancing off the software clock "
"described in I<time>(7).  The setting of I<sched_relax_domain_level> applies "
"only to immediate load balancing.  Regardless of the "
"I<sched_relax_domain_level> setting, periodic load balancing is attempted "
"over all CPUs (unless disabled by turning off I<sched_load_balance>.)  In "
"any case, of course, tasks will be scheduled to run only on CPUs allowed by "
"their cpuset, as modified by B<sched_setaffinity>(2)  system calls."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:809
msgid ""
"On small systems, such as those with just a few CPUs, immediate load "
"balancing is useful to improve system interactivity and to minimize wasteful "
"idle CPU cycles.  But on large systems, attempting immediate load balancing "
"across a large number of CPUs can be more costly than it is worth, depending "
"on the particular performance characteristics of the job mix and the "
"hardware."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:817
msgid ""
"The exact meaning of the small integer values of I<sched_relax_domain_level> "
"will depend on internal implementation details of the kernel scheduler code "
"and on the non-uniform architecture of the hardware.  Both of these will "
"evolve over time and vary by system architecture and kernel version."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:822
msgid ""
"As of this writing, when this capability was introduced in Linux 2.6.26, on "
"certain popular architectures, the positive values of "
"I<sched_relax_domain_level> have the following meanings."
msgstr ""

#. type: IP
#: build/C/man7/cpuset.7:824
#, no-wrap
msgid "B<(1)>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:827
msgid ""
"Perform immediate load balancing across Hyper-Thread siblings on the same "
"core."
msgstr ""

#. type: IP
#: build/C/man7/cpuset.7:827
#, no-wrap
msgid "B<(2)>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:829
msgid "Perform immediate load balancing across other cores in the same package."
msgstr ""

#. type: IP
#: build/C/man7/cpuset.7:829
#, no-wrap
msgid "B<(3)>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:832
msgid ""
"Perform immediate load balancing across other CPUs on the same node or "
"blade."
msgstr ""

#. type: IP
#: build/C/man7/cpuset.7:832
#, no-wrap
msgid "B<(4)>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:835
msgid ""
"Perform immediate load balancing across over several (implementation detail) "
"nodes [On NUMA systems]."
msgstr ""

#. type: IP
#: build/C/man7/cpuset.7:835
#, no-wrap
msgid "B<(5)>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:838
msgid ""
"Perform immediate load balancing across over all CPUs in system [On NUMA "
"systems]."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:847
msgid ""
"The I<sched_relax_domain_level> value of zero (0) always means don't perform "
"immediate load balancing, hence that load balancing is done only "
"periodically, not immediately when a CPU becomes available or another task "
"becomes runnable."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:855
msgid ""
"The I<sched_relax_domain_level> value of minus one (-1)  always means use "
"the system default value.  The system default value can vary by architecture "
"and kernel version.  This system default value can be changed by kernel "
"boot-time \"relax_domain_level=\" argument."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:863
msgid ""
"In the case of multiple overlapping cpusets which have conflicting "
"I<sched_relax_domain_level> values, then the highest such value applies to "
"all CPUs in any of the overlapping cpusets.  In such cases, the value "
"B<minus one (-1)> is the lowest value, overridden by any other value, and "
"the value B<zero (0)> is the next lowest value."
msgstr ""

#. type: SH
#: build/C/man7/cpuset.7:863
#, no-wrap
msgid "FORMATS"
msgstr ""

#.  ================== Mask Format ==================
#. type: Plain text
#: build/C/man7/cpuset.7:867
msgid "The following formats are used to represent sets of CPUs and memory nodes."
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:867
#, no-wrap
msgid "Mask format"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:872
msgid ""
"The B<Mask Format> is used to represent CPU and memory-node bit masks in the "
"I</proc/E<lt>pidE<gt>/status> file."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:880
msgid ""
"This format displays each 32-bit word in hexadecimal (using ASCII characters "
"\"0\" - \"9\" and \"a\" - \"f\"); words are filled with leading zeros, if "
"required.  For masks longer than one word, a comma separator is used between "
"words.  Words are displayed in big-endian order, which has the most "
"significant bit first.  The hex digits within a word are also in big-endian "
"order."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:883
msgid ""
"The number of 32-bit words displayed is the minimum number needed to display "
"all bits of the bit mask, based on the size of the bit mask."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:885
msgid "Examples of the B<Mask Format>:"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:893
#, no-wrap
msgid ""
"00000001                        # just bit 0 set\n"
"40000000,00000000,00000000      # just bit 94 set\n"
"00000001,00000000,00000000      # just bit 64 set\n"
"000000ff,00000000               # bits 32-39 set\n"
"00000000,000E3862               # 1,5,6,11-13,17-19 set\n"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:897
msgid "A mask with bits 0, 1, 2, 4, 8, 16, 32, and 64 set displays as:"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:901
#, no-wrap
msgid "00000001,00000001,00010117\n"
msgstr ""

#.  ================== List Format ==================
#. type: Plain text
#: build/C/man7/cpuset.7:908
msgid ""
"The first \"1\" is for bit 64, the second for bit 32, the third for bit 16, "
"the fourth for bit 8, the fifth for bit 4, and the \"7\" is for bits 2, 1, "
"and 0."
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:908
#, no-wrap
msgid "List format"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:915
msgid ""
"The B<List Format> for I<cpus> and I<mems> is a comma-separated list of CPU "
"or memory-node numbers and ranges of numbers, in ASCII decimal."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:917
msgid "Examples of the B<List Format>:"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:922
#, no-wrap
msgid ""
"0-4,9           # bits 0, 1, 2, 3, 4, and 9 set\n"
"0-2,7,12-14     # bits 0, 1, 2, 7, 12, 13, and 14 set\n"
msgstr ""

#.  ================== RULES ==================
#. type: SH
#: build/C/man7/cpuset.7:925
#, no-wrap
msgid "RULES"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:927
msgid "The following rules apply to each cpuset:"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:930
msgid ""
"Its CPUs and memory nodes must be a (possibly equal)  subset of its "
"parent's."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:934
msgid "It can be marked I<cpu_exclusive> only if its parent is."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:938
msgid "It can be marked I<mem_exclusive> only if its parent is."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:942
msgid "If it is I<cpu_exclusive>, its CPUs may not overlap any sibling."
msgstr ""

#.  ================== PERMISSIONS ==================
#. type: Plain text
#: build/C/man7/cpuset.7:947
msgid "If it is I<memory_exclusive>, its memory nodes may not overlap any sibling."
msgstr ""

#. type: SH
#: build/C/man7/cpuset.7:947
#, no-wrap
msgid "PERMISSIONS"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:952
msgid ""
"The permissions of a cpuset are determined by the permissions of the "
"directories and pseudo-files in the cpuset filesystem, normally mounted at "
"I</dev/cpuset>."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:961
msgid ""
"For instance, a process can put itself in some other cpuset (than its "
"current one) if it can write the I<tasks> file for that cpuset.  This "
"requires execute permission on the encompassing directories and write "
"permission on the I<tasks> file."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:968
msgid ""
"An additional constraint is applied to requests to place some other process "
"in a cpuset.  One process may not attach another to a cpuset unless it would "
"have permission to send that process a signal (see B<kill>(2))."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:979
msgid ""
"A process may create a child cpuset if it can access and write the parent "
"cpuset directory.  It can modify the CPUs or memory nodes in a cpuset if it "
"can access that cpuset's directory (execute permissions on the each of the "
"parent directories) and write the corresponding I<cpus> or I<mems> file."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1000
msgid ""
"There is one minor difference between the manner in which these permissions "
"are evaluated and the manner in which normal filesystem operation "
"permissions are evaluated.  The kernel interprets relative pathnames "
"starting at a process's current working directory.  Even if one is operating "
"on a cpuset file, relative pathnames are interpreted relative to the "
"process's current working directory, not relative to the process's current "
"cpuset.  The only ways that cpuset paths relative to a process's current "
"cpuset can be used are if either the process's current working directory is "
"its cpuset (it first did a B<cd> or B<chdir>(2)  to its cpuset directory "
"beneath I</dev/cpuset>, which is a bit unusual)  or if some user code "
"converts the relative cpuset path to a full filesystem path."
msgstr ""

#.  ================== WARNINGS ==================
#. type: Plain text
#: build/C/man7/cpuset.7:1015
msgid ""
"In theory, this means that user code should specify cpusets using absolute "
"pathnames, which requires knowing the mount point of the cpuset filesystem "
"(usually, but not necessarily, I</dev/cpuset>).  In practice, all user level "
"code that this author is aware of simply assumes that if the cpuset "
"filesystem is mounted, then it is mounted at I</dev/cpuset>.  Furthermore, "
"it is common practice for carefully written user code to verify the presence "
"of the pseudo-file I</dev/cpuset/tasks> in order to verify that the cpuset "
"pseudo-filesystem is currently mounted."
msgstr ""

#. type: SH
#: build/C/man7/cpuset.7:1015
#, no-wrap
msgid "WARNINGS"
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:1016
#, no-wrap
msgid "Enabling memory_pressure"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1025
msgid ""
"By default, the per-cpuset file I<cpuset.memory_pressure> always contains "
"zero (0).  Unless this feature is enabled by writing \"1\" to the "
"pseudo-file I</dev/cpuset/cpuset.memory_pressure_enabled>, the kernel does "
"not compute per-cpuset I<memory_pressure>."
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:1025
#, no-wrap
msgid "Using the echo command"
msgstr ""

#.  Gack!  csh(1)'s echo does this
#. type: Plain text
#: build/C/man7/cpuset.7:1036
msgid ""
"When using the B<echo> command at the shell prompt to change the values of "
"cpuset files, beware that the built-in B<echo> command in some shells does "
"not display an error message if the B<write>(2)  system call fails.  For "
"example, if the command:"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1040
#, no-wrap
msgid "echo 19 E<gt> cpuset.mems\n"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1053
msgid ""
"failed because memory node 19 was not allowed (perhaps the current system "
"does not have a memory node 19), then the B<echo> command might not display "
"any error.  It is better to use the B</bin/echo> external command to change "
"cpuset file settings, as this command will display B<write>(2)  errors, as "
"in the example:"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1058
#, no-wrap
msgid ""
"/bin/echo 19 E<gt> cpuset.mems\n"
"/bin/echo: write error: Invalid argument\n"
msgstr ""

#.  ================== EXCEPTIONS ==================
#. type: SH
#: build/C/man7/cpuset.7:1061
#, no-wrap
msgid "EXCEPTIONS"
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:1062
#, no-wrap
msgid "Memory placement"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1065
msgid ""
"Not all allocations of system memory are constrained by cpusets, for the "
"following reasons."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1080
msgid ""
"If hot-plug functionality is used to remove all the CPUs that are currently "
"assigned to a cpuset, then the kernel will automatically update the "
"I<cpus_allowed> of all processes attached to CPUs in that cpuset to allow "
"all CPUs.  When memory hot-plug functionality for removing memory nodes is "
"available, a similar exception is expected to apply there as well.  In "
"general, the kernel prefers to violate cpuset placement, rather than "
"starving a process that has had all its allowed CPUs or memory nodes taken "
"offline.  User code should reconfigure cpusets to refer only to online CPUs "
"and memory nodes when using hot-plug to add or remove such resources."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1088
msgid ""
"A few kernel-critical, internal memory-allocation requests, marked "
"GFP_ATOMIC, must be satisfied immediately.  The kernel may drop some request "
"or malfunction if one of these allocations fail.  If such a request cannot "
"be satisfied within the current process's cpuset, then we relax the cpuset, "
"and look for memory anywhere we can find it.  It's better to violate the "
"cpuset than stress the kernel."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1092
msgid ""
"Allocations of memory requested by kernel drivers while processing an "
"interrupt lack any relevant process context, and are not confined by "
"cpusets."
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:1092
#, no-wrap
msgid "Renaming cpusets"
msgstr ""

#.  ================== ERRORS ==================
#. type: Plain text
#: build/C/man7/cpuset.7:1100
msgid ""
"You can use the B<rename>(2)  system call to rename cpusets.  Only simple "
"renaming is supported; that is, changing the name of a cpuset directory is "
"permitted, but moving a directory into a different directory is not "
"permitted."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1104
msgid ""
"The Linux kernel implementation of cpusets sets I<errno> to specify the "
"reason for a failed system call affecting cpusets."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1109
msgid ""
"The possible I<errno> settings and their meaning when set on a failed cpuset "
"call are as listed below."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:1109
#, no-wrap
msgid "B<E2BIG>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1116
msgid ""
"Attempted a B<write>(2)  on a special cpuset file with a length larger than "
"some kernel-determined upper limit on the length of such writes."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1123
msgid ""
"Attempted to B<write>(2)  the process ID (PID) of a process to a cpuset "
"I<tasks> file when one lacks permission to move that process."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1129
msgid ""
"Attempted to add, using B<write>(2), a CPU or memory node to a cpuset, when "
"that CPU or memory node was not already in its parent."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1137
msgid ""
"Attempted to set, using B<write>(2), I<cpuset.cpu_exclusive> or "
"I<cpuset.mem_exclusive> on a cpuset whose parent lacks the same setting."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1144
msgid "Attempted to B<write>(2)  a I<cpuset.memory_pressure> file."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1147
msgid "Attempted to create a file in a cpuset directory."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:1147 build/C/man7/cpuset.7:1152 build/C/man7/cpuset.7:1157
#, no-wrap
msgid "B<EBUSY>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1152
msgid "Attempted to remove, using B<rmdir>(2), a cpuset with attached processes."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1157
msgid "Attempted to remove, using B<rmdir>(2), a cpuset with child cpusets."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1162
msgid ""
"Attempted to remove a CPU or memory node from a cpuset that is also in a "
"child of that cpuset."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:1162 build/C/man7/cpuset.7:1167
#, no-wrap
msgid "B<EEXIST>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1167
msgid "Attempted to create, using B<mkdir>(2), a cpuset that already exists."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1172
msgid "Attempted to B<rename>(2)  a cpuset to a name that already exists."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1180
msgid ""
"Attempted to B<read>(2)  or B<write>(2)  a cpuset file using a buffer that "
"is outside the writing processes accessible address space."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1189
msgid ""
"Attempted to change a cpuset, using B<write>(2), in a way that would violate "
"a I<cpu_exclusive> or I<mem_exclusive> attribute of that cpuset or any of "
"its siblings."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1198
msgid ""
"Attempted to B<write>(2)  an empty I<cpuset.cpus> or I<cpuset.mems> list to "
"a cpuset which has attached processes or child cpusets."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1208
msgid ""
"Attempted to B<write>(2)  a I<cpuset.cpus> or I<cpuset.mems> list which "
"included a range with the second number smaller than the first number."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1217
msgid ""
"Attempted to B<write>(2)  a I<cpuset.cpus> or I<cpuset.mems> list which "
"included an invalid character in the string."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1224
msgid ""
"Attempted to B<write>(2)  a list to a I<cpuset.cpus> file that did not "
"include any online CPUs."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1231
msgid ""
"Attempted to B<write>(2)  a list to a I<cpuset.mems> file that did not "
"include any online memory nodes."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1238
msgid ""
"Attempted to B<write>(2)  a list to a I<cpuset.mems> file that included a "
"node that held no memory."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1246
msgid ""
"Attempted to B<write>(2)  a string to a cpuset I<tasks> file that does not "
"begin with an ASCII decimal integer."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1251
msgid "Attempted to B<rename>(2)  a cpuset into a different directory."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1258
msgid ""
"Attempted to B<read>(2)  a I</proc/E<lt>pidE<gt>/cpuset> file for a cpuset "
"path that is longer than the kernel page size."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1263
msgid ""
"Attempted to create, using B<mkdir>(2), a cpuset whose base directory name "
"is longer than 255 characters."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1270
msgid ""
"Attempted to create, using B<mkdir>(2), a cpuset whose full pathname, "
"including the mount point (typically \"/dev/cpuset/\") prefix, is longer "
"than 4095 characters."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:1270
#, no-wrap
msgid "B<ENODEV>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1275
msgid ""
"The cpuset was removed by another process at the same time as a B<write>(2)  "
"was attempted on one of the pseudo-files in the cpuset directory."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1280
msgid ""
"Attempted to create, using B<mkdir>(2), a cpuset in a parent cpuset that "
"doesn't exist."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1287
msgid ""
"Attempted to B<access>(2)  or B<open>(2)  a nonexistent file in a cpuset "
"directory."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1292
msgid ""
"Insufficient memory is available within the kernel; can occur on a variety "
"of system calls affecting cpusets, but only if the system is extremely short "
"of memory."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:1292 build/C/man7/cpuset.7:1304
#, no-wrap
msgid "B<ENOSPC>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1304
msgid ""
"Attempted to B<write>(2)  the process ID (PID)  of a process to a cpuset "
"I<tasks> file when the cpuset had an empty I<cpuset.cpus> or empty "
"I<cpuset.mems> setting."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1314
msgid ""
"Attempted to B<write>(2)  an empty I<cpuset.cpus> or I<cpuset.mems> setting "
"to a cpuset that has tasks attached."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1319
msgid "Attempted to B<rename>(2)  a nonexistent cpuset."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1322
msgid "Attempted to remove a file from a cpuset directory."
msgstr ""

#. type: TP
#: build/C/man7/cpuset.7:1322
#, no-wrap
msgid "B<ERANGE>"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1330
msgid ""
"Specified a I<cpuset.cpus> or I<cpuset.mems> list to the kernel which "
"included a number too large for the kernel to set in its bit masks."
msgstr ""

#.  ================== VERSIONS ==================
#. type: Plain text
#: build/C/man7/cpuset.7:1338
msgid ""
"Attempted to B<write>(2)  the process ID (PID) of a nonexistent process to a "
"cpuset I<tasks> file."
msgstr ""

#.  ================== NOTES ==================
#. type: Plain text
#: build/C/man7/cpuset.7:1341
msgid "Cpusets appeared in version 2.6.12 of the Linux kernel."
msgstr ""

#.  ================== BUGS ==================
#. type: Plain text
#: build/C/man7/cpuset.7:1352
msgid ""
"Despite its name, the I<pid> parameter is actually a thread ID, and each "
"thread in a threaded group can be attached to a different cpuset.  The value "
"returned from a call to B<gettid>(2)  can be passed in the argument I<pid>."
msgstr ""

#. type: SH
#: build/C/man7/cpuset.7:1352 build/C/man2/getpriority.2:225 build/C/man2/getrlimit.2:525 build/C/man2/ioprio_set.2:337 build/C/man2/setfsgid.2:106 build/C/man2/setfsuid.2:114
#, no-wrap
msgid "BUGS"
msgstr ""

#.  ================== EXAMPLE ==================
#. type: Plain text
#: build/C/man7/cpuset.7:1365
msgid ""
"I<cpuset.memory_pressure> cpuset files can be opened for writing, creation, "
"or truncation, but then the B<write>(2)  fails with I<errno> set to "
"B<EACCES>, and the creation and truncation options on B<open>(2)  have no "
"effect."
msgstr ""

#. type: SH
#: build/C/man7/cpuset.7:1365 build/C/man2/getrlimit.2:600
#, no-wrap
msgid "EXAMPLE"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1368
msgid ""
"The following examples demonstrate querying and setting cpuset options using "
"shell commands."
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:1368
#, no-wrap
msgid "Creating and attaching to a cpuset."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1371
msgid ""
"To create a new cpuset and attach the current command shell to it, the steps "
"are:"
msgstr ""

#. type: IP
#: build/C/man7/cpuset.7:1373 build/C/man7/cpuset.7:1412
#, no-wrap
msgid "1)"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1375
msgid "mkdir /dev/cpuset (if not already done)"
msgstr ""

#. type: IP
#: build/C/man7/cpuset.7:1375 build/C/man7/cpuset.7:1418
#, no-wrap
msgid "2)"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1377
msgid "mount -t cpuset none /dev/cpuset (if not already done)"
msgstr ""

#. type: IP
#: build/C/man7/cpuset.7:1377 build/C/man7/cpuset.7:1421
#, no-wrap
msgid "3)"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1380
msgid "Create the new cpuset using B<mkdir>(1)."
msgstr ""

#. type: IP
#: build/C/man7/cpuset.7:1380 build/C/man7/cpuset.7:1424
#, no-wrap
msgid "4)"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1382
msgid "Assign CPUs and memory nodes to the new cpuset."
msgstr ""

#. type: IP
#: build/C/man7/cpuset.7:1382 build/C/man7/cpuset.7:1429
#, no-wrap
msgid "5)"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1384
msgid "Attach the shell to the new cpuset."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1389
msgid ""
"For example, the following sequence of commands will set up a cpuset named "
"\"Charlie\", containing just CPUs 2 and 3, and memory node 1, and then "
"attach the current shell to that cpuset."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1403
#, no-wrap
msgid ""
"$B< mkdir /dev/cpuset>\n"
"$B< mount -t cpuset cpuset /dev/cpuset>\n"
"$B< cd /dev/cpuset>\n"
"$B< mkdir Charlie>\n"
"$B< cd Charlie>\n"
"$B< /bin/echo 2-3 E<gt> cpuset.cpus>\n"
"$B< /bin/echo 1 E<gt> cpuset.mems>\n"
"$B< /bin/echo $$ E<gt> tasks>\n"
"# The current shell is now running in cpuset Charlie\n"
"# The next line should display '/Charlie'\n"
"$B< cat /proc/self/cpuset>\n"
msgstr ""

#. type: SS
#: build/C/man7/cpuset.7:1405
#, no-wrap
msgid "Migrating a job to different memory nodes."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1410
msgid ""
"To migrate a job (the set of processes attached to a cpuset)  to different "
"CPUs and memory nodes in the system, including moving the memory pages "
"currently allocated to that job, perform the following steps."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1418
msgid ""
"Let's say we want to move the job in cpuset I<alpha> (CPUs 4-7 and memory "
"nodes 2-3) to a new cpuset I<beta> (CPUs 16-19 and memory nodes 8-9)."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1421
msgid "First create the new cpuset I<beta>."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1424
msgid "Then allow CPUs 16-19 and memory nodes 8-9 in I<beta>."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1429
msgid "Then enable I<memory_migration> in I<beta>."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1434
msgid "Then move each process from I<alpha> to I<beta>."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1437
msgid "The following sequence of commands accomplishes this."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1447
#, no-wrap
msgid ""
"$B< cd /dev/cpuset>\n"
"$B< mkdir beta>\n"
"$B< cd beta>\n"
"$B< /bin/echo 16-19 E<gt> cpuset.cpus>\n"
"$B< /bin/echo 8-9 E<gt> cpuset.mems>\n"
"$B< /bin/echo 1 E<gt> cpuset.memory_migrate>\n"
"$B< while read i; do /bin/echo $i; done E<lt> ../alpha/tasks E<gt> tasks>\n"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1456
msgid ""
"The above should move any processes in I<alpha> to I<beta>, and any memory "
"held by these processes on memory nodes 2-3 to memory nodes 8-9, "
"respectively."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1458
msgid "Notice that the last step of the above sequence did not do:"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1462
#, no-wrap
msgid "$B< cp ../alpha/tasks tasks>\n"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1473
msgid ""
"The I<while> loop, rather than the seemingly easier use of the B<cp>(1)  "
"command, was necessary because only one process PID at a time may be written "
"to the I<tasks> file."
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1481
msgid ""
"The same effect (writing one PID at a time) as the I<while> loop can be "
"accomplished more efficiently, in fewer keystrokes and in syntax that works "
"on any shell, but alas more obscurely, by using the B<-u> (unbuffered) "
"option of B<sed>(1):"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1485
#, no-wrap
msgid "$B< sed -un p E<lt> ../alpha/tasks E<gt> tasks>\n"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1502
msgid ""
"B<taskset>(1), B<get_mempolicy>(2), B<getcpu>(2), B<mbind>(2), "
"B<sched_getaffinity>(2), B<sched_setaffinity>(2), B<sched_setscheduler>(2), "
"B<set_mempolicy>(2), B<CPU_SET>(3), B<proc>(5), B<numa>(7), "
"B<migratepages>(8), B<numactl>(8)"
msgstr ""

#. type: Plain text
#: build/C/man7/cpuset.7:1505
msgid "I<Documentation/cpusets.txt> in the Linux kernel source tree"
msgstr ""

#. type: TH
#: build/C/man7/credentials.7:27
#, no-wrap
msgid "CREDENTIALS"
msgstr ""

#. type: TH
#: build/C/man7/credentials.7:27
#, no-wrap
msgid "2008-06-03"
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:30
msgid "credentials - process identifiers"
msgstr ""

#. type: SS
#: build/C/man7/credentials.7:31
#, no-wrap
msgid "Process ID (PID)"
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:41
msgid ""
"Each process has a unique nonnegative integer identifier that is assigned "
"when the process is created using B<fork>(2).  A process can obtain its PID "
"using B<getpid>(2).  A PID is represented using the type I<pid_t> (defined "
"in I<E<lt>sys/types.hE<gt>>)."
msgstr ""

#.  .BR sched_rr_get_interval (2),
#.  .BR sched_getaffinity (2),
#.  .BR sched_setaffinity (2),
#.  .BR sched_getparam (2),
#.  .BR sched_setparam (2),
#.  .BR sched_setscheduler (2),
#.  .BR sched_getscheduler (2),
#.  .BR getsid (2),
#.  .BR waitid (2),
#.  .BR wait4 (2),
#. type: Plain text
#: build/C/man7/credentials.7:62
msgid ""
"PIDs are used in a range of system calls to identify the process affected by "
"the call, for example: B<kill>(2), B<ptrace>(2), B<setpriority>(2)  "
"B<setpgid>(2), B<setsid>(2), B<sigqueue>(3), and B<waitpid>(2)."
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:65
msgid "A process's PID is preserved across an B<execve>(2)."
msgstr ""

#. type: SS
#: build/C/man7/credentials.7:65
#, no-wrap
msgid "Parent process ID (PPID)"
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:73
msgid ""
"A process's parent process ID identifies the process that created this "
"process using B<fork>(2).  A process can obtain its PPID using "
"B<getppid>(2).  A PPID is represented using the type I<pid_t>."
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:76
msgid "A process's PPID is preserved across an B<execve>(2)."
msgstr ""

#. type: SS
#: build/C/man7/credentials.7:76
#, no-wrap
msgid "Process group ID and session ID"
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:84
msgid ""
"Each process has a session ID and a process group ID, both represented using "
"the type I<pid_t>.  A process can obtain its session ID using B<getsid>(2), "
"and its process group ID using B<getpgrp>(2)."
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:90
msgid ""
"A child created by B<fork>(2)  inherits its parent's session ID and process "
"group ID.  A process's session ID and process group ID are preserved across "
"an B<execve>(2)."
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:103
msgid ""
"Sessions and process groups are abstractions devised to support shell job "
"control.  A process group (sometimes called a \"job\") is a collection of "
"processes that share the same process group ID; the shell creates a new "
"process group for the process(es) used to execute single command or pipeline "
"(e.g., the two processes created to execute the command \"ls\\ |\\ wc\" are "
"placed in the same process group).  A process's group membership can be set "
"using B<setpgid>(2).  The process whose process ID is the same as its "
"process group ID is the I<process group leader> for that group."
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:115
msgid ""
"A session is a collection of processes that share the same session ID.  All "
"of the members of a process group also have the same session ID (i.e., all "
"of the members of a process group always belong to the same session, so that "
"sessions and process groups form a strict two-level hierarchy of processes.)  "
"A new session is created when a process calls B<setsid>(2), which creates a "
"new session whose session ID is the same as the PID of the process that "
"called B<setsid>(2).  The creator of the session is called the I<session "
"leader>."
msgstr ""

#. type: SS
#: build/C/man7/credentials.7:115
#, no-wrap
msgid "User and group identifiers"
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:123
msgid ""
"Each process has various associated user and groups IDs.  These IDs are "
"integers, respectively represented using the types I<uid_t> and I<gid_t> "
"(defined in I<E<lt>sys/types.hE<gt>>)."
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:125
msgid "On Linux, each process has the following user and group identifiers:"
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:131
msgid ""
"Real user ID and real group ID.  These IDs determine who owns the process.  "
"A process can obtain its real user (group) ID using B<getuid>(2)  "
"(B<getgid>(2))."
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:143
msgid ""
"Effective user ID and effective group ID.  These IDs are used by the kernel "
"to determine the permissions that the process will have when accessing "
"shared resources such as message queues, shared memory, and semaphores.  On "
"most UNIX systems, these IDs also determine the permissions when accessing "
"files.  However, Linux uses the filesystem IDs described below for this "
"task.  A process can obtain its effective user (group) ID using "
"B<geteuid>(2)  (B<getegid>(2))."
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:165
msgid ""
"Saved set-user-ID and saved set-group-ID.  These IDs are used in set-user-ID "
"and set-group-ID programs to save a copy of the corresponding effective IDs "
"that were set when the program was executed (see B<execve>(2)).  A "
"set-user-ID program can assume and drop privileges by switching its "
"effective user ID back and forth between the values in its real user ID and "
"saved set-user-ID.  This switching is done via calls to B<seteuid>(2), "
"B<setreuid>(2), or B<setresuid>(2).  A set-group-ID program performs the "
"analogous tasks using B<setegid>(2), B<setregid>(2), or B<setresgid>(2).  A "
"process can obtain its saved set-user-ID (set-group-ID) using "
"B<getresuid>(2)  (B<getresgid>(2))."
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:182
msgid ""
"Filesystem user ID and filesystem group ID (Linux-specific).  These IDs, in "
"conjunction with the supplementary group IDs described below, are used to "
"determine permissions for accessing files; see B<path_resolution>(7)  for "
"details.  Whenever a process's effective user (group) ID is changed, the "
"kernel also automatically changes the filesystem user (group) ID to the same "
"value.  Consequently, the filesystem IDs normally have the same values as "
"the corresponding effective ID, and the semantics for file-permission checks "
"are thus the same on Linux as on other UNIX systems.  The filesystem IDs can "
"be made to differ from the effective IDs by calling B<setfsuid>(2)  and "
"B<setfsgid>(2)."
msgstr ""

#.  Since kernel 2.6.4, the limit is visible via the read-only file
#.  /proc/sys/kernel/ngroups_max.
#.  As at 2.6.22-rc2, this file is still read-only.
#. type: Plain text
#: build/C/man7/credentials.7:201
msgid ""
"Supplementary group IDs.  This is a set of additional group IDs that are "
"used for permission checks when accessing files and other shared resources.  "
"On Linux kernels before 2.6.4, a process can be a member of up to 32 "
"supplementary groups; since kernel 2.6.4, a process can be a member of up to "
"65536 supplementary groups.  The call I<sysconf(_SC_NGROUPS_MAX)> can be "
"used to determine the number of supplementary groups of which a process may "
"be a member.  A process can obtain its set of supplementary group IDs using "
"B<getgroups>(2), and can modify the set using B<setgroups>(2)."
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:211
msgid ""
"A child process created by B<fork>(2)  inherits copies of its parent's user "
"and groups IDs.  During an B<execve>(2), a process's real user and group ID "
"and supplementary group IDs are preserved; the effective and saved set IDs "
"may be changed, as described in B<execve>(2)."
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:214
msgid ""
"Aside from the purposes noted above, a process's user IDs are also employed "
"in a number of other contexts:"
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:217
msgid "when determining the permissions for sending signals\\(emsee B<kill>(2);"
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:227
msgid ""
"when determining the permissions for setting process-scheduling parameters "
"(nice value, real time scheduling policy and priority, CPU affinity, I/O "
"priority) using B<setpriority>(2), B<sched_setaffinity>(2), "
"B<sched_setscheduler>(2), B<sched_setparam>(2), and B<ioprio_set>(2);"
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:230
msgid "when checking resource limits; see B<getrlimit>(2);"
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:234
msgid ""
"when checking the limit on the number of inotify instances that the process "
"may create; see B<inotify>(7)."
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:240
msgid ""
"Process IDs, parent process IDs, process group IDs, and session IDs are "
"specified in POSIX.1-2001.  The real, effective, and saved set user and "
"groups IDs, and the supplementary group IDs, are specified in POSIX.1-2001.  "
"The filesystem user and group IDs are a Linux extension."
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:251
msgid ""
"The POSIX threads specification requires that credentials are shared by all "
"of the threads in a process.  However, at the kernel level, Linux maintains "
"separate user and group credentials for each thread.  The NPTL threading "
"implementation does some work to ensure that any change to user or group "
"credentials (e.g., calls to B<setuid>(2), B<setresuid>(2))  is carried "
"through to all of the POSIX threads in a process."
msgstr ""

#. type: Plain text
#: build/C/man7/credentials.7:282
msgid ""
"B<bash>(1), B<csh>(1), B<ps>(1), B<access>(2), B<execve>(2), "
"B<faccessat>(2), B<fork>(2), B<getpgrp>(2), B<getpid>(2), B<getppid>(2), "
"B<getsid>(2), B<kill>(2), B<killpg>(2), B<setegid>(2), B<seteuid>(2), "
"B<setfsgid>(2), B<setfsuid>(2), B<setgid>(2), B<setgroups>(2), "
"B<setresgid>(2), B<setresuid>(2), B<setuid>(2), B<waitpid>(2), "
"B<euidaccess>(3), B<initgroups>(3), B<tcgetpgrp>(3), B<tcsetpgrp>(3), "
"B<capabilities>(7), B<path_resolution>(7), B<unix>(7)"
msgstr ""

#. type: TH
#: build/C/man2/getgid.2:25
#, no-wrap
msgid "GETGID"
msgstr ""

#. type: TH
#: build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getresuid.2:28 build/C/man2/getuid.2:26 build/C/man2/setgid.2:29 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setuid.2:30
#, no-wrap
msgid "2010-11-22"
msgstr ""

#. type: Plain text
#: build/C/man2/getgid.2:28
msgid "getgid, getegid - get group identity"
msgstr ""

#. type: Plain text
#: build/C/man2/getgid.2:30 build/C/man2/getgroups.2:38 build/C/man2/getpid.2:32 build/C/man2/getresuid.2:35 build/C/man2/getsid.2:31 build/C/man2/getuid.2:31 build/C/man2/seteuid.2:36 build/C/man2/setgid.2:36 build/C/man2/setpgid.2:53 build/C/man2/setresuid.2:33 build/C/man2/setreuid.2:52 build/C/man2/setsid.2:36 build/C/man2/setuid.2:37
msgid "B<#include E<lt>unistd.hE<gt>>"
msgstr ""

#. type: Plain text
#: build/C/man2/getgid.2:32 build/C/man2/getgroups.2:36 build/C/man2/getpid.2:30 build/C/man2/getuid.2:33 build/C/man2/seteuid.2:34 build/C/man2/setgid.2:34 build/C/man2/setreuid.2:50 build/C/man2/setuid.2:35
msgid "B<#include E<lt>sys/types.hE<gt>>"
msgstr ""

#. type: Plain text
#: build/C/man2/getgid.2:34
msgid "B<gid_t getgid(void);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getgid.2:36
msgid "B<gid_t getegid(void);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getgid.2:39
msgid "B<getgid>()  returns the real group ID of the calling process."
msgstr ""

#. type: Plain text
#: build/C/man2/getgid.2:42
msgid "B<getegid>()  returns the effective group ID of the calling process."
msgstr ""

#. type: Plain text
#: build/C/man2/getgid.2:44 build/C/man2/getpid.2:46 build/C/man2/getuid.2:45
msgid "These functions are always successful."
msgstr ""

#. type: Plain text
#: build/C/man2/getgid.2:46 build/C/man2/getuid.2:47
msgid "POSIX.1-2001, 4.3BSD."
msgstr ""

#. type: Plain text
#: build/C/man2/getgid.2:62
msgid ""
"The original Linux B<getgid>()  and B<getegid>()  system calls supported "
"only 16-bit group IDs.  Subsequently, Linux 2.4 added B<getgid32>()  and "
"B<getegid32>(), supporting 32-bit IDs.  The glibc B<getgid>()  and "
"B<getegid>()  wrapper functions transparently deal with the variations "
"across kernel versions."
msgstr ""

#. type: Plain text
#: build/C/man2/getgid.2:67
msgid "B<getresgid>(2), B<setgid>(2), B<setregid>(2), B<credentials>(7)"
msgstr ""

#. type: TH
#: build/C/man2/getgroups.2:31
#, no-wrap
msgid "GETGROUPS"
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:34
msgid "getgroups, setgroups - get/set list of supplementary group IDs"
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:40
msgid "B<int getgroups(int >I<size>B<, gid_t >I<list>B<[]);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:42
msgid "B<#include E<lt>grp.hE<gt>>"
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:44
msgid "B<int setgroups(size_t >I<size>B<, const gid_t *>I<list>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:52
msgid "B<setgroups>(): _BSD_SOURCE"
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:70
msgid ""
"B<getgroups>()  returns the supplementary group IDs of the calling process "
"in I<list>.  The argument I<size> should be set to the maximum number of "
"items that can be stored in the buffer pointed to by I<list>.  If the "
"calling process is a member of more than I<size> supplementary groups, then "
"an error results.  It is unspecified whether the effective group ID of the "
"calling process is included in the returned list.  (Thus, an application "
"should also call B<getegid>(2)  and add or remove the resulting value.)"
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:81
msgid ""
"If I<size> is zero, I<list> is not modified, but the total number of "
"supplementary group IDs for the process is returned.  This allows the caller "
"to determine the size of a dynamically allocated I<list> to be used in a "
"further call to B<getgroups>()."
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:92
msgid ""
"B<setgroups>()  sets the supplementary group IDs for the calling process.  "
"Appropriate privileges (Linux: the B<CAP_SETGID> capability) are required.  "
"The I<size> argument specifies the number of supplementary group IDs in the "
"buffer pointed to by I<list>."
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:99
msgid ""
"On success, B<getgroups>()  returns the number of supplementary group IDs.  "
"On error, -1 is returned, and I<errno> is set appropriately."
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:106
msgid ""
"On success, B<setgroups>()  returns 0.  On error, -1 is returned, and "
"I<errno> is set appropriately."
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:111
msgid "I<list> has an invalid address."
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:114
msgid "B<getgroups>()  can additionally fail with the following error:"
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:118
msgid "I<size> is less than the number of supplementary group IDs, but is not zero."
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:121
msgid "B<setgroups>()  can additionally fail with the following errors:"
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:127
msgid ""
"I<size> is greater than B<NGROUPS_MAX> (32 before Linux 2.6.4; 65536 since "
"Linux 2.6.4)."
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:133
msgid "The calling process has insufficient privilege."
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:141
msgid ""
"SVr4, 4.3BSD.  The B<getgroups>()  function is in POSIX.1-2001.  Since "
"B<setgroups>()  requires privilege, it is not covered by POSIX.1-2001."
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:149
msgid ""
"A process can have up to B<NGROUPS_MAX> supplementary group IDs in addition "
"to the effective group ID.  The set of supplementary group IDs is inherited "
"from the parent process, and preserved across an B<execve>(2)."
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:152
msgid ""
"The maximum number of supplementary group IDs can be found using "
"B<sysconf>(3):"
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:156
#, no-wrap
msgid ""
"    long ngroups_max;\n"
"    ngroups_max = sysconf(_SC_NGROUPS_MAX);\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:161
msgid ""
"The maximum return value of B<getgroups>()  cannot be larger than one more "
"than this value."
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:171
msgid ""
"The original Linux B<getgroups>()  system call supported only 16-bit group "
"IDs.  Subsequently, Linux 2.4 added B<getgroups32>(), supporting 32-bit "
"IDs.  The glibc B<getgroups>()  wrapper function transparently deals with "
"the variation across kernel versions."
msgstr ""

#. type: Plain text
#: build/C/man2/getgroups.2:178
msgid ""
"B<getgid>(2), B<setgid>(2), B<getgrouplist>(3), B<initgroups>(3), "
"B<capabilities>(7), B<credentials>(7)"
msgstr ""

#. type: TH
#: build/C/man2/getpid.2:25
#, no-wrap
msgid "GETPID"
msgstr ""

#. type: TH
#: build/C/man2/getpid.2:25
#, no-wrap
msgid "2008-09-23"
msgstr ""

#. type: Plain text
#: build/C/man2/getpid.2:28
msgid "getpid, getppid - get process identification"
msgstr ""

#. type: Plain text
#: build/C/man2/getpid.2:34
msgid "B<pid_t getpid(void);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getpid.2:36
msgid "B<pid_t getppid(void);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getpid.2:41
msgid ""
"B<getpid>()  returns the process ID of the calling process.  (This is often "
"used by routines that generate unique temporary filenames.)"
msgstr ""

#. type: Plain text
#: build/C/man2/getpid.2:44
msgid "B<getppid>()  returns the process ID of the parent of the calling process."
msgstr ""

#. type: Plain text
#: build/C/man2/getpid.2:48
msgid "POSIX.1-2001, 4.3BSD, SVr4."
msgstr ""

#.  The following program demonstrates this "feature":
#
#.  #define _GNU_SOURCE
#.  #include <sys/syscall.h>
#.  #include <sys/wait.h>
#.  #include <stdio.h>
#.  #include <stdlib.h>
#.  #include <unistd.h>
#
#.  int
#.  main(int argc, char *argv[])
#.  {
#.     /* The following statement fills the getpid() cache */
#
#.     printf("parent PID = %ld
#. ", (long) getpid());
#
#.     if (syscall(SYS_fork) == 0) {
#.         if (getpid() != syscall(SYS_getpid))
#.             printf("child getpid() mismatch: getpid()=%ld; "
#.                     "syscall(SYS_getpid)=%ld
#. ",
#.                     (long) getpid(), (long) syscall(SYS_getpid));
#.         exit(EXIT_SUCCESS);
#.     }
#.     wait(NULL);
#. }
#. type: Plain text
#: build/C/man2/getpid.2:100
msgid ""
"Since glibc version 2.3.4, the glibc wrapper function for B<getpid>()  "
"caches PIDs, so as to avoid additional system calls when a process calls "
"B<getpid>()  repeatedly.  Normally this caching is invisible, but its "
"correct operation relies on support in the wrapper functions for B<fork>(2), "
"B<vfork>(2), and B<clone>(2): if an application bypasses the glibc wrappers "
"for these system calls by using B<syscall>(2), then a call to B<getpid>()  "
"in the child will return the wrong value (to be precise: it will return the "
"PID of the parent process).  See also B<clone>(2)  for discussion of a case "
"where B<getpid>()  may return the wrong value even when invoking B<clone>(2)  "
"via the glibc wrapper function."
msgstr ""

#. type: Plain text
#: build/C/man2/getpid.2:110
msgid ""
"B<clone>(2), B<fork>(2), B<kill>(2), B<exec>(3), B<mkstemp>(3), "
"B<tempnam>(3), B<tmpfile>(3), B<tmpnam>(3), B<credentials>(7)"
msgstr ""

#. type: TH
#: build/C/man2/getpriority.2:48
#, no-wrap
msgid "GETPRIORITY"
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:51
msgid "getpriority, setpriority - get/set program scheduling priority"
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:53 build/C/man2/getrlimit.2:69 build/C/man2/getrusage.2:44
msgid "B<#include E<lt>sys/time.hE<gt>>"
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:55 build/C/man2/getrlimit.2:71 build/C/man2/getrusage.2:46
msgid "B<#include E<lt>sys/resource.hE<gt>>"
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:57
msgid "B<int getpriority(int >I<which>B<, int >I<who>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:59
msgid "B<int setpriority(int >I<which>B<, int >I<who>B<, int >I<prio>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:70
msgid ""
"The scheduling priority of the process, process group, or user, as indicated "
"by I<which> and I<who> is obtained with the B<getpriority>()  call and set "
"with the B<setpriority>()  call."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:97
msgid ""
"The value I<which> is one of B<PRIO_PROCESS>, B<PRIO_PGRP>, or B<PRIO_USER>, "
"and I<who> is interpreted relative to I<which> (a process identifier for "
"B<PRIO_PROCESS>, process group identifier for B<PRIO_PGRP>, and a user ID "
"for B<PRIO_USER>).  A zero value for I<who> denotes (respectively) the "
"calling process, the process group of the calling process, or the real user "
"ID of the calling process.  I<Prio> is a value in the range -20 to 19 (but "
"see the Notes below).  The default priority is 0; lower priorities cause "
"more favorable scheduling."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:107
msgid ""
"The B<getpriority>()  call returns the highest priority (lowest numerical "
"value)  enjoyed by any of the specified processes.  The B<setpriority>()  "
"call sets the priorities of all of the specified processes to the specified "
"value.  Only the superuser may lower priorities."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:120
msgid ""
"Since B<getpriority>()  can legitimately return the value -1, it is "
"necessary to clear the external variable I<errno> prior to the call, then "
"check it afterward to determine if -1 is an error or a legitimate value.  "
"The B<setpriority>()  call returns 0 if there is no error, or -1 if there "
"is."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:129
msgid "I<which> was not one of B<PRIO_PROCESS>, B<PRIO_PGRP>, or B<PRIO_USER>."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:136
msgid "No process was located using the I<which> and I<who> values specified."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:140
msgid "In addition to the errors indicated above, B<setpriority>()  may fail if:"
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:152
msgid ""
"The caller attempted to lower a process priority, but did not have the "
"required privilege (on Linux: did not have the B<CAP_SYS_NICE> capability).  "
"Since Linux 2.6.12, this error occurs only if the caller attempts to set a "
"process priority outside the range of the B<RLIMIT_NICE> soft resource limit "
"of the target process; see B<getrlimit>(2)  for details."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:160
msgid ""
"A process was located, but its effective user ID did not match either the "
"effective or the real user ID of the caller, and was not privileged (on "
"Linux: did not have the B<CAP_SYS_NICE> capability).  But see NOTES below."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:163
msgid "SVr4, 4.4BSD (these function calls first appeared in 4.2BSD), POSIX.1-2001."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:169
msgid ""
"A child created by B<fork>(2)  inherits its parent's nice value.  The nice "
"value is preserved across B<execve>(2)."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:180
msgid ""
"The degree to which their relative nice value affects the scheduling of "
"processes varies across UNIX systems, and, on Linux, across kernel "
"versions.  Starting with kernel 2.6.23, Linux adopted an algorithm that "
"causes relative differences in nice values to have a much stronger effect.  "
"This causes very low nice values (+19) to truly provide little CPU to a "
"process whenever there is any other higher priority load on the system, and "
"makes high nice values (-20) deliver most of the CPU to applications that "
"require it (e.g., some audio applications)."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:195
msgid ""
"The details on the condition for B<EPERM> depend on the system.  The above "
"description is what POSIX.1-2001 says, and seems to be followed on all "
"System V-like systems.  Linux kernels before 2.6.12 required the real or "
"effective user ID of the caller to match the real user of the process I<who> "
"(instead of its effective user ID).  Linux 2.6.12 and later require the "
"effective user ID of the caller to match the real or effective user ID of "
"the process I<who>.  All BSD-like systems (SunOS 4.1.3, Ultrix 4.2, 4.3BSD, "
"FreeBSD 4.3, OpenBSD-2.5, ...) behave in the same manner as Linux 2.6.12 and "
"later."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:211
msgid ""
"The actual priority range varies between kernel versions.  Linux before "
"1.3.36 had -infinity..15.  Since kernel 1.3.43, Linux has the range "
"-20..19.  Within the kernel, nice values are actually represented using the "
"corresponding range 40..1 (since negative numbers are error codes) and these "
"are the values employed by the B<setpriority>()  and B<getpriority>()  "
"system calls.  The glibc wrapper functions for these system calls handle the "
"translations between the user-land and kernel representations of the nice "
"value according to the formula I<unice\\ =\\ 20\\ -\\ knice>."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:213
msgid "On some systems, the range of nice values is -20..20."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:225
msgid ""
"Including I<E<lt>sys/time.hE<gt>> is not required these days, but increases "
"portability.  (Indeed, I<E<lt>sys/resource.hE<gt>> defines the I<rusage> "
"structure with fields of type I<struct timeval> defined in "
"I<E<lt>sys/time.hE<gt>>.)"
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:232
msgid ""
"According to POSIX, the nice value is a per-process setting.  However, under "
"the current Linux/NPTL implementation of POSIX threads, the nice value is a "
"per-thread attribute: different threads in the same process can have "
"different nice values.  Portable applications should avoid relying on the "
"Linux behavior, which may be made standards conformant in the future."
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:237
msgid "B<nice>(1), B<renice>(1), B<fork>(2), B<capabilities>(7)"
msgstr ""

#. type: Plain text
#: build/C/man2/getpriority.2:240
msgid ""
"I<Documentation/scheduler/sched-nice-design.txt> in the Linux kernel source "
"tree (since Linux 2.6.23)"
msgstr ""

#. type: TH
#: build/C/man2/getresuid.2:28
#, no-wrap
msgid "GETRESUID"
msgstr ""

#. type: Plain text
#: build/C/man2/getresuid.2:31
msgid "getresuid, getresgid - get real, effective and saved user/group IDs"
msgstr ""

#. type: Plain text
#: build/C/man2/getresuid.2:33 build/C/man2/setresuid.2:31
msgid "B<#define _GNU_SOURCE> /* See feature_test_macros(7) */"
msgstr ""

#. type: Plain text
#: build/C/man2/getresuid.2:37
msgid "B<int getresuid(uid_t *>I<ruid>B<, uid_t *>I<euid>B<, uid_t *>I<suid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getresuid.2:39
msgid "B<int getresgid(gid_t *>I<rgid>B<, gid_t *>I<egid>B<, gid_t *>I<sgid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getresuid.2:50
msgid ""
"B<getresuid>()  returns the real UID, the effective UID, and the saved "
"set-user-ID of the calling process, in the arguments I<ruid>, I<euid>, and "
"I<suid>, respectively.  B<getresgid>()  performs the analogous task for the "
"process's group IDs."
msgstr ""

#. type: Plain text
#: build/C/man2/getresuid.2:60
msgid ""
"One of the arguments specified an address outside the calling program's "
"address space."
msgstr ""

#. type: Plain text
#: build/C/man2/getresuid.2:62
msgid "These system calls appeared on Linux starting with kernel 2.1.44."
msgstr ""

#. type: Plain text
#: build/C/man2/getresuid.2:67
msgid ""
"The prototypes are given by glibc since version 2.3.2, provided "
"B<_GNU_SOURCE> is defined."
msgstr ""

#. type: Plain text
#: build/C/man2/getresuid.2:70 build/C/man2/setresuid.2:86
msgid "These calls are nonstandard; they also appear on HP-UX and some of the BSDs."
msgstr ""

#. type: Plain text
#: build/C/man2/getresuid.2:86
msgid ""
"The original Linux B<getresuid>()  and B<getresgid>()  system calls "
"supported only 16-bit user and group IDs.  Subsequently, Linux 2.4 added "
"B<getresuid32>()  and B<getresgid32>(), supporting 32-bit IDs.  The glibc "
"B<getresuid>()  and B<getresgid>()  wrapper functions transparently deal "
"with the variations across kernel versions."
msgstr ""

#. type: Plain text
#: build/C/man2/getresuid.2:92
msgid ""
"B<getuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), "
"B<credentials>(7)"
msgstr ""

#. type: TH
#: build/C/man2/getrlimit.2:64
#, no-wrap
msgid "GETRLIMIT"
msgstr ""

#. type: TH
#: build/C/man2/getrlimit.2:64 build/C/man2/setsid.2:30
#, no-wrap
msgid "2013-02-11"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:67
msgid "getrlimit, setrlimit, prlimit - get/set resource limits"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:73
msgid "B<int getrlimit(int >I<resource>B<, struct rlimit *>I<rlim>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:75
msgid "B<int setrlimit(int >I<resource>B<, const struct rlimit *>I<rlim>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:78
msgid ""
"B<int prlimit(pid_t >I<pid>B<, int >I<resource>B<, const struct rlimit "
"*>I<new_limit>B<,>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:80
msgid "B< struct rlimit *>I<old_limit>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:88
msgid "B<prlimit>(): _GNU_SOURCE && _FILE_OFFSET_BITS == 64"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:97
msgid ""
"The B<getrlimit>()  and B<setrlimit>()  system calls get and set resource "
"limits respectively.  Each resource has an associated soft and hard limit, "
"as defined by the I<rlimit> structure:"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:104
#, no-wrap
msgid ""
"struct rlimit {\n"
"    rlim_t rlim_cur;  /* Soft limit */\n"
"    rlim_t rlim_max;  /* Hard limit (ceiling for rlim_cur) */\n"
"};\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:115
msgid ""
"The soft limit is the value that the kernel enforces for the corresponding "
"resource.  The hard limit acts as a ceiling for the soft limit: an "
"unprivileged process may set only its soft limit to a value in the range "
"from 0 up to the hard limit, and (irreversibly) lower its hard limit.  A "
"privileged process (under Linux: one with the B<CAP_SYS_RESOURCE> "
"capability) may make arbitrary changes to either limit value."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:122
msgid ""
"The value B<RLIM_INFINITY> denotes no limit on a resource (both in the "
"structure returned by B<getrlimit>()  and in the structure passed to "
"B<setrlimit>())."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:126
msgid "The I<resource> argument must be one of:"
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:126
#, no-wrap
msgid "B<RLIMIT_AS>"
msgstr ""

#.  since 2.0.27 / 2.1.12
#. type: Plain text
#: build/C/man2/getrlimit.2:146
msgid ""
"The maximum size of the process's virtual memory (address space) in bytes.  "
"This limit affects calls to B<brk>(2), B<mmap>(2)  and B<mremap>(2), which "
"fail with the error B<ENOMEM> upon exceeding this limit.  Also automatic "
"stack expansion will fail (and generate a B<SIGSEGV> that kills the process "
"if no alternate stack has been made available via B<sigaltstack>(2)).  Since "
"the value is a I<long>, on machines with a 32-bit I<long> either this limit "
"is at most 2 GiB, or this resource is unlimited."
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:146
#, no-wrap
msgid "B<RLIMIT_CORE>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:153
msgid ""
"Maximum size of I<core> file.  When 0 no core dump files are created.  When "
"nonzero, larger dumps are truncated to this size."
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:153
#, no-wrap
msgid "B<RLIMIT_CPU>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:173
msgid ""
"CPU time limit in seconds.  When the process reaches the soft limit, it is "
"sent a B<SIGXCPU> signal.  The default action for this signal is to "
"terminate the process.  However, the signal can be caught, and the handler "
"can return control to the main program.  If the process continues to consume "
"CPU time, it will be sent B<SIGXCPU> once per second until the hard limit is "
"reached, at which time it is sent B<SIGKILL>.  (This latter point describes "
"Linux behavior.  Implementations vary in how they treat processes which "
"continue to consume CPU time after reaching the soft limit.  Portable "
"applications that need to catch this signal should perform an orderly "
"termination upon first receipt of B<SIGXCPU>.)"
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:173
#, no-wrap
msgid "B<RLIMIT_DATA>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:184
msgid ""
"The maximum size of the process's data segment (initialized data, "
"uninitialized data, and heap).  This limit affects calls to B<brk>(2)  and "
"B<sbrk>(2), which fail with the error B<ENOMEM> upon encountering the soft "
"limit of this resource."
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:184
#, no-wrap
msgid "B<RLIMIT_FSIZE>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:196
msgid ""
"The maximum size of files that the process may create.  Attempts to extend a "
"file beyond this limit result in delivery of a B<SIGXFSZ> signal.  By "
"default, this signal terminates a process, but a process can catch this "
"signal instead, in which case the relevant system call (e.g., B<write>(2), "
"B<truncate>(2))  fails with the error B<EFBIG>."
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:196
#, no-wrap
msgid "B<RLIMIT_LOCKS> (Early Linux 2.4 only)"
msgstr ""

#.  to be precise: Linux 2.4.0-test9; no longer in 2.4.25 / 2.5.65
#. type: Plain text
#: build/C/man2/getrlimit.2:204
msgid ""
"A limit on the combined number of B<flock>(2)  locks and B<fcntl>(2)  leases "
"that this process may establish."
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:204
#, no-wrap
msgid "B<RLIMIT_MEMLOCK>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:242
msgid ""
"The maximum number of bytes of memory that may be locked into RAM.  In "
"effect this limit is rounded down to the nearest multiple of the system page "
"size.  This limit affects B<mlock>(2)  and B<mlockall>(2)  and the "
"B<mmap>(2)  B<MAP_LOCKED> operation.  Since Linux 2.6.9 it also affects the "
"B<shmctl>(2)  B<SHM_LOCK> operation, where it sets a maximum on the total "
"bytes in shared memory segments (see B<shmget>(2))  that may be locked by "
"the real user ID of the calling process.  The B<shmctl>(2)  B<SHM_LOCK> "
"locks are accounted for separately from the per-process memory locks "
"established by B<mlock>(2), B<mlockall>(2), and B<mmap>(2)  B<MAP_LOCKED>; a "
"process can lock bytes up to this limit in each of these two categories.  In "
"Linux kernels before 2.6.9, this limit controlled the amount of memory that "
"could be locked by a privileged process.  Since Linux 2.6.9, no limits are "
"placed on the amount of memory that a privileged process may lock, and this "
"limit instead governs the amount of memory that an unprivileged process may "
"lock."
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:242
#, no-wrap
msgid "B<RLIMIT_MSGQUEUE> (Since Linux 2.6.8)"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:250
msgid ""
"Specifies the limit on the number of bytes that can be allocated for POSIX "
"message queues for the real user ID of the calling process.  This limit is "
"enforced for B<mq_open>(3).  Each message queue that the user creates counts "
"(until it is removed)  against this limit according to the formula:"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:254
#, no-wrap
msgid ""
"    bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) +\n"
"            attr.mq_maxmsg * attr.mq_msgsize\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:262
msgid ""
"where I<attr> is the I<mq_attr> structure specified as the fourth argument "
"to B<mq_open>(3)."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:268
msgid ""
"The first addend in the formula, which includes I<sizeof(struct msg_msg\\ "
"*)> (4 bytes on Linux/i386), ensures that the user cannot create an "
"unlimited number of zero-length messages (such messages nevertheless each "
"consume some system memory for bookkeeping overhead)."
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:268
#, no-wrap
msgid "B<RLIMIT_NICE> (since Linux 2.6.12, but see BUGS below)"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:281
msgid ""
"Specifies a ceiling to which the process's nice value can be raised using "
"B<setpriority>(2)  or B<nice>(2).  The actual ceiling for the nice value is "
"calculated as I<20\\ -\\ rlim_cur>.  (This strangeness occurs because "
"negative numbers cannot be specified as resource limit values, since they "
"typically have special meanings.  For example, B<RLIM_INFINITY> typically is "
"the same as -1.)"
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:281
#, no-wrap
msgid "B<RLIMIT_NOFILE>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:295
msgid ""
"Specifies a value one greater than the maximum file descriptor number that "
"can be opened by this process.  Attempts (B<open>(2), B<pipe>(2), B<dup>(2), "
"etc.)  to exceed this limit yield the error B<EMFILE>.  (Historically, this "
"limit was named B<RLIMIT_OFILE> on BSD.)"
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:295
#, no-wrap
msgid "B<RLIMIT_NPROC>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:303
msgid ""
"The maximum number of processes (or, more precisely on Linux, threads)  that "
"can be created for the real user ID of the calling process.  Upon "
"encountering this limit, B<fork>(2)  fails with the error B<EAGAIN>."
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:303
#, no-wrap
msgid "B<RLIMIT_RSS>"
msgstr ""

#.  As at kernel 2.6.12, this limit still does nothing in 2.6 though
#.  talk of making it do something has surfaced from time to time in LKML
#.        -- MTK, Jul 05
#. type: Plain text
#: build/C/man2/getrlimit.2:315
msgid ""
"Specifies the limit (in pages) of the process's resident set (the number of "
"virtual pages resident in RAM).  This limit has effect only in Linux 2.4.x, "
"x E<lt> 30, and there affects only calls to B<madvise>(2)  specifying "
"B<MADV_WILLNEED>."
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:315
#, no-wrap
msgid "B<RLIMIT_RTPRIO> (Since Linux 2.6.12, but see BUGS)"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:322
msgid ""
"Specifies a ceiling on the real-time priority that may be set for this "
"process using B<sched_setscheduler>(2)  and B<sched_setparam>(2)."
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:322
#, no-wrap
msgid "B<RLIMIT_RTTIME> (Since Linux 2.6.25)"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:334
msgid ""
"Specifies a limit (in microseconds)  on the amount of CPU time that a "
"process scheduled under a real-time scheduling policy may consume without "
"making a blocking system call.  For the purpose of this limit, each time a "
"process makes a blocking system call, the count of its consumed CPU time is "
"reset to zero.  The CPU time count is not reset if the process continues "
"trying to use the CPU but is preempted, its time slice expires, or it calls "
"B<sched_yield>(2)."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:345
msgid ""
"Upon reaching the soft limit, the process is sent a B<SIGXCPU> signal.  If "
"the process catches or ignores this signal and continues consuming CPU time, "
"then B<SIGXCPU> will be generated once each second until the hard limit is "
"reached, at which point the process is sent a B<SIGKILL> signal."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:348
msgid ""
"The intended use of this limit is to stop a runaway real-time process from "
"locking up the system."
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:348
#, no-wrap
msgid "B<RLIMIT_SIGPENDING> (Since Linux 2.6.8)"
msgstr ""

#.  This replaces the /proc/sys/kernel/rtsig-max system-wide limit
#.  that was present in kernels <= 2.6.7.  MTK Dec 04
#. type: Plain text
#: build/C/man2/getrlimit.2:362
msgid ""
"Specifies the limit on the number of signals that may be queued for the real "
"user ID of the calling process.  Both standard and real-time signals are "
"counted for the purpose of checking this limit.  However, the limit is "
"enforced only for B<sigqueue>(3); it is always possible to use B<kill>(2)  "
"to queue one instance of any of the signals that are not already queued to "
"the process."
msgstr ""

#. type: TP
#: build/C/man2/getrlimit.2:362
#, no-wrap
msgid "B<RLIMIT_STACK>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:370
msgid ""
"The maximum size of the process stack, in bytes.  Upon reaching this limit, "
"a B<SIGSEGV> signal is generated.  To handle this signal, a process must "
"employ an alternate signal stack (B<sigaltstack>(2))."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:375
msgid ""
"Since Linux 2.6.23, this limit also determines the amount of space used for "
"the process's command-line arguments and environment variables; for details, "
"see B<execve>(2)."
msgstr ""

#. type: SS
#: build/C/man2/getrlimit.2:375
#, no-wrap
msgid "prlimit()"
msgstr ""

#.  commit c022a0acad534fd5f5d5f17280f6d4d135e74e81
#.  Author: Jiri Slaby <jslaby@suse.cz>
#.  Date:   Tue May 4 18:03:50 2010 +0200
#. type: Plain text
#: build/C/man2/getrlimit.2:386
msgid ""
"The Linux-specific B<prlimit>()  system call combines and extends the "
"functionality of B<setrlimit>()  and B<getrlimit>().  It can be used to both "
"set and get the resource limits of an arbitrary process."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:393
msgid ""
"The I<resource> argument has the same meaning as for B<setrlimit>()  and "
"B<getrlimit>()."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:411
msgid ""
"If the I<new_limit> argument is a not NULL, then the I<rlimit> structure to "
"which it points is used to set new values for the soft and hard limits for "
"I<resource>.  If the I<old_limit> argument is a not NULL, then a successful "
"call to B<prlimit>()  places the previous soft and hard limits for "
"I<resource> in the I<rlimit> structure pointed to by I<old_limit>."
msgstr ""

#.  FIXME this permission check is strange
#.  Asked about this on LKML, 7 Nov 2010
#.      "Inconsistent credential checking in prlimit() syscall"
#. type: Plain text
#: build/C/man2/getrlimit.2:430
msgid ""
"The I<pid> argument specifies the ID of the process on which the call is to "
"operate.  If I<pid> is 0, then the call applies to the calling process.  To "
"set or get the resources of a process other than itself, the caller must "
"have the B<CAP_SYS_RESOURCE> capability, or the real, effective, and saved "
"set user IDs of the target process must match the real user ID of the caller "
"I<and> the real, effective, and saved set group IDs of the target process "
"must match the real group ID of the caller."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:435
msgid ""
"On success, these system calls return 0.  On error, -1 is returned, and "
"I<errno> is set appropriately."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:440
msgid ""
"A pointer argument points to a location outside the accessible address "
"space."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:452
msgid ""
"The value specified in I<resource> is not valid; or, for B<setrlimit>()  or "
"B<prlimit>(): I<rlim-E<gt>rlim_cur> was greater than I<rlim-E<gt>rlim_max>."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:464
msgid ""
"An unprivileged process tried to raise the hard limit; the "
"B<CAP_SYS_RESOURCE> capability is required to do this.  Or, the caller tried "
"to increase the hard B<RLIMIT_NOFILE> limit above the current kernel maximum "
"(B<NR_OPEN>).  Or, the calling process did not have permission to set limits "
"for the process specified by I<pid>."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:468
msgid "Could not find a process with the ID specified in I<pid>."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:473
msgid ""
"The B<prlimit>()  system call is available since Linux 2.6.36.  Library "
"support is available since glibc 2.13."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:477
msgid "B<getrlimit>(), B<setrlimit>(): SVr4, 4.3BSD, POSIX.1-2001."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:480
msgid "B<prlimit>(): Linux-specific."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:496
msgid ""
"B<RLIMIT_MEMLOCK> and B<RLIMIT_NPROC> derive from BSD and are not specified "
"in POSIX.1-2001; they are present on the BSDs and Linux, but on few other "
"implementations.  B<RLIMIT_RSS> derives from BSD and is not specified in "
"POSIX.1-2001; it is nevertheless present on most implementations.  "
"B<RLIMIT_MSGQUEUE>, B<RLIMIT_NICE>, B<RLIMIT_RTPRIO>, B<RLIMIT_RTTIME>, and "
"B<RLIMIT_SIGPENDING> are Linux-specific."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:502
msgid ""
"A child process created via B<fork>(2)  inherits its parent's resource "
"limits.  Resource limits are preserved across B<execve>(2)."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:511
msgid ""
"One can set the resource limits of the shell using the built-in I<ulimit> "
"command (I<limit> in B<csh>(1)).  The shell's resource limits are inherited "
"by the processes that it creates to execute commands."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:516
msgid ""
"Since Linux 2.6.24, the resource limits of any process can be inspected via "
"I</proc/[pid]/limits>; see B<proc>(5)."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:525
msgid ""
"Ancient systems provided a B<vlimit>()  function with a similar purpose to "
"B<setrlimit>().  For backward compatibility, glibc also provides "
"B<vlimit>().  All new applications should be written using B<setrlimit>()."
msgstr ""

#.  FIXME prlimit() does not suffer
#.  https://bugzilla.kernel.org/show_bug.cgi?id=5042
#.  http://sources.redhat.com/bugzilla/show_bug.cgi?id=12201
#.  Since versions 2.13, glibc has library implementations of
#.  getrlimit() and setrlimit() that use prlimit() to work around
#.  this bug.
#. type: Plain text
#: build/C/man2/getrlimit.2:540
msgid ""
"In older Linux kernels, the B<SIGXCPU> and B<SIGKILL> signals delivered when "
"a process encountered the soft and hard B<RLIMIT_CPU> limits were delivered "
"one (CPU) second later than they should have been.  This was fixed in kernel "
"2.6.8."
msgstr ""

#.  see http://marc.theaimsgroup.com/?l=linux-kernel&m=114008066530167&w=2
#. type: Plain text
#: build/C/man2/getrlimit.2:548
msgid ""
"In 2.6.x kernels before 2.6.17, a B<RLIMIT_CPU> limit of 0 is wrongly "
"treated as \"no limit\" (like B<RLIM_INFINITY>).  Since Linux 2.6.17, "
"setting a limit of 0 does have an effect, but is actually treated as a limit "
"of 1 second."
msgstr ""

#.  See https://lwn.net/Articles/145008/
#. type: Plain text
#: build/C/man2/getrlimit.2:553
msgid ""
"A kernel bug means that B<RLIMIT_RTPRIO> does not work in kernel 2.6.12; the "
"problem is fixed in kernel 2.6.13."
msgstr ""

#.  see http://marc.theaimsgroup.com/?l=linux-kernel&m=112256338703880&w=2
#. type: Plain text
#: build/C/man2/getrlimit.2:564
msgid ""
"In kernel 2.6.12, there was an off-by-one mismatch between the priority "
"ranges returned by B<getpriority>(2)  and B<RLIMIT_NICE>.  This had the "
"effect that the actual ceiling for the nice value was calculated as I<19\\ "
"-\\ rlim_cur>.  This was fixed in kernel 2.6.13."
msgstr ""

#.  The relevant patch, sent to LKML, seems to be
#.  http://thread.gmane.org/gmane.linux.kernel/273462
#.  From: Roland McGrath <roland <at> redhat.com>
#.  Subject: [PATCH 7/7] make RLIMIT_CPU/SIGXCPU per-process
#.  Date: 2005-01-23 23:27:46 GMT
#.  Tested Solaris 10, FreeBSD 9, OpenBSD 5.0
#.  FIXME https://bugzilla.kernel.org/show_bug.cgi?id=50951
#. type: Plain text
#: build/C/man2/getrlimit.2:591
msgid ""
"Since Linux 2.6.12, if a process reaches its soft B<RLIMIT_CPU> limit and "
"has a handler installed for B<SIGXCPU>, then, in addition to invoking the "
"signal handler, the kernel increases the soft limit by one second.  This "
"behavior repeats if the process continues to consume CPU time, until the "
"hard limit is reached, at which point the process is killed.  Other "
"implementations do not change the B<RLIMIT_CPU> soft limit in this manner, "
"and the Linux behavior is probably not standards conformant; portable "
"applications should avoid relying on this Linux-specific behavior.  The "
"Linux-specific B<RLIMIT_RTTIME> limit exhibits the same behavior when the "
"soft limit is encountered."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:600
msgid ""
"Kernels before 2.4.22 did not diagnose the error B<EINVAL> for "
"B<setrlimit>()  when I<rlim-E<gt>rlim_cur> was greater than "
"I<rlim-E<gt>rlim_max>."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:603
msgid "The program below demonstrates the use of B<prlimit>()."
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:612
#, no-wrap
msgid ""
"#define _GNU_SOURCE\n"
"#define _FILE_OFFSET_BITS 64\n"
"#include E<lt>stdio.hE<gt>\n"
"#include E<lt>time.hE<gt>\n"
"#include E<lt>stdlib.hE<gt>\n"
"#include E<lt>unistd.hE<gt>\n"
"#include E<lt>sys/resource.hE<gt>\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:615
#, no-wrap
msgid ""
"#define errExit(msg) \tdo { perror(msg); exit(EXIT_FAILURE); \\e\n"
"                        } while (0)\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:622
#, no-wrap
msgid ""
"int\n"
"main(int argc, char *argv[])\n"
"{\n"
"    struct rlimit old, new;\n"
"    struct rlimit *newp;\n"
"    pid_t pid;\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:628
#, no-wrap
msgid ""
"    if (!(argc == 2 || argc == 4)) {\n"
"        fprintf(stderr, \"Usage: %s E<lt>pidE<gt> [E<lt>new-soft-limitE<gt> "
"\"\n"
"                \"E<lt>new-hard-limitE<gt>]\\en\", argv[0]);\n"
"        exit(EXIT_FAILURE);\n"
"    }\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:630
#, no-wrap
msgid "    pid = atoi(argv[1]);        /* PID of target process */\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:637
#, no-wrap
msgid ""
"    newp = NULL;\n"
"    if (argc == 4) {\n"
"        new.rlim_cur = atoi(argv[2]);\n"
"        new.rlim_max = atoi(argv[3]);\n"
"        newp = &new;\n"
"    }\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:640
#, no-wrap
msgid ""
"    /* Set CPU time limit of target process; retrieve and display\n"
"       previous limit */\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:645
#, no-wrap
msgid ""
"    if (prlimit(pid, RLIMIT_CPU, newp, &old) == -1)\n"
"        errExit(\"prlimit-1\");\n"
"    printf(\"Previous limits: soft=%lld; hard=%lld\\en\",\n"
"            (long long) old.rlim_cur, (long long) old.rlim_max);\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:647
#, no-wrap
msgid "    /* Retrieve and display new CPU time limit */\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:652
#, no-wrap
msgid ""
"    if (prlimit(pid, RLIMIT_CPU, NULL, &old) == -1)\n"
"        errExit(\"prlimit-2\");\n"
"    printf(\"New limits: soft=%lld; hard=%lld\\en\",\n"
"            (long long) old.rlim_cur, (long long) old.rlim_max);\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:655
#, no-wrap
msgid ""
"    exit(EXIT_FAILURE);\n"
"}\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getrlimit.2:674
msgid ""
"B<prlimit>(1), B<dup>(2), B<fcntl>(2), B<fork>(2), B<getrusage>(2), "
"B<mlock>(2), B<mmap>(2), B<open>(2), B<quotactl>(2), B<sbrk>(2), "
"B<shmctl>(2), B<malloc>(3), B<sigqueue>(3), B<ulimit>(3), B<core>(5), "
"B<capabilities>(7), B<signal>(7)"
msgstr ""

#. type: TH
#: build/C/man2/getrusage.2:39
#, no-wrap
msgid "GETRUSAGE"
msgstr ""

#. type: TH
#: build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26
#, no-wrap
msgid "2010-09-26"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:42
msgid "getrusage - get resource usage"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:48
msgid "B<int getrusage(int >I<who>B<, struct rusage *>I<usage>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:54
msgid ""
"B<getrusage>()  returns resource usage measures for I<who>, which can be one "
"of the following:"
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:54
#, no-wrap
msgid "B<RUSAGE_SELF>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:58
msgid ""
"Return resource usage statistics for the calling process, which is the sum "
"of resources used by all threads in the process."
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:58
#, no-wrap
msgid "B<RUSAGE_CHILDREN>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:65
msgid ""
"Return resource usage statistics for all children of the calling process "
"that have terminated and been waited for.  These statistics will include the "
"resources used by grandchildren, and further removed descendants, if all of "
"the intervening descendants waited on their terminated children."
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:65
#, no-wrap
msgid "B<RUSAGE_THREAD> (since Linux 2.6.26)"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:68
msgid "Return resource usage statistics for the calling thread."
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:72
msgid ""
"The resource usages are returned in the structure pointed to by I<usage>, "
"which has the following form:"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:93
#, no-wrap
msgid ""
"struct rusage {\n"
"    struct timeval ru_utime; /* user CPU time used */\n"
"    struct timeval ru_stime; /* system CPU time used */\n"
"    long   ru_maxrss;        /* maximum resident set size */\n"
"    long   ru_ixrss;         /* integral shared memory size */\n"
"    long   ru_idrss;         /* integral unshared data size */\n"
"    long   ru_isrss;         /* integral unshared stack size */\n"
"    long   ru_minflt;        /* page reclaims (soft page faults) */\n"
"    long   ru_majflt;        /* page faults (hard page faults) */\n"
"    long   ru_nswap;         /* swaps */\n"
"    long   ru_inblock;       /* block input operations */\n"
"    long   ru_oublock;       /* block output operations */\n"
"    long   ru_msgsnd;        /* IPC messages sent */\n"
"    long   ru_msgrcv;        /* IPC messages received */\n"
"    long   ru_nsignals;      /* signals received */\n"
"    long   ru_nvcsw;         /* voluntary context switches */\n"
"    long   ru_nivcsw;        /* involuntary context switches */\n"
"};\n"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:101
msgid ""
"Not all fields are completed; unmaintained fields are set to zero by the "
"kernel.  (The unmaintained fields are provided for compatibility with other "
"systems, and because they may one day be supported on Linux.)  The fields "
"are interpreted as follows:"
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:101
#, no-wrap
msgid "I<ru_utime>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:107
msgid ""
"This is the total amount of time spent executing in user mode, expressed in "
"a I<timeval> structure (seconds plus microseconds)."
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:107
#, no-wrap
msgid "I<ru_stime>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:113
msgid ""
"This is the total amount of time spent executing in kernel mode, expressed "
"in a I<timeval> structure (seconds plus microseconds)."
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:113
#, no-wrap
msgid "I<ru_maxrss> (since Linux 2.6.32)"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:120
msgid ""
"This is the maximum resident set size used (in kilobytes).  For "
"B<RUSAGE_CHILDREN>, this is the resident set size of the largest child, not "
"the maximum resident set size of the process tree."
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:120
#, no-wrap
msgid "I<ru_ixrss> (unmaintained)"
msgstr ""

#.  On some systems, this field records the number of signals received.
#. type: Plain text
#: build/C/man2/getrusage.2:126 build/C/man2/getrusage.2:131 build/C/man2/getrusage.2:136 build/C/man2/getrusage.2:148 build/C/man2/getrusage.2:160 build/C/man2/getrusage.2:166 build/C/man2/getrusage.2:170
msgid "This field is currently unused on Linux."
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:126
#, no-wrap
msgid "I<ru_idrss> (unmaintained)"
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:131
#, no-wrap
msgid "I<ru_isrss> (unmaintained)"
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:136
#, no-wrap
msgid "I<ru_minflt>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:141
msgid ""
"The number of page faults serviced without any I/O activity; here I/O "
"activity is avoided by ``reclaiming'' a page frame from the list of pages "
"awaiting reallocation."
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:141
#, no-wrap
msgid "I<ru_majflt>"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:144
msgid "The number of page faults serviced that required I/O activity."
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:144
#, no-wrap
msgid "I<ru_nswap> (unmaintained)"
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:148
#, no-wrap
msgid "I<ru_inblock> (since Linux 2.6.22)"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:151
msgid "The number of times the filesystem had to perform input."
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:151
#, no-wrap
msgid "I<ru_oublock> (since Linux 2.6.22)"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:154
msgid "The number of times the filesystem had to perform output."
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:154
#, no-wrap
msgid "I<ru_msgsnd> (unmaintained)"
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:160
#, no-wrap
msgid "I<ru_msgrcv> (unmaintained)"
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:166
#, no-wrap
msgid "I<ru_nsignals> (unmaintained)"
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:170
#, no-wrap
msgid "I<ru_nvcsw> (since Linux 2.6)"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:175
msgid ""
"The number of times a context switch resulted due to a process voluntarily "
"giving up the processor before its time slice was completed (usually to "
"await availability of a resource)."
msgstr ""

#. type: TP
#: build/C/man2/getrusage.2:175
#, no-wrap
msgid "I<ru_nivcsw> (since Linux 2.6)"
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:180
msgid ""
"The number of times a context switch resulted due to a higher priority "
"process becoming runnable or because the current process exceeded its time "
"slice."
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:191
msgid "I<usage> points outside the accessible address space."
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:195
msgid "I<who> is invalid."
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:203
msgid ""
"SVr4, 4.3BSD.  POSIX.1-2001 specifies B<getrusage>(), but specifies only the "
"fields I<ru_utime> and I<ru_stime>."
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:206
msgid "B<RUSAGE_THREAD> is Linux-specific."
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:209
msgid "Resource usage metrics are preserved across an B<execve>(2)."
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:217
msgid ""
"Including I<E<lt>sys/time.hE<gt>> is not required these days, but increases "
"portability.  (Indeed, I<struct timeval> is defined in "
"I<E<lt>sys/time.hE<gt>>.)"
msgstr ""

#.  See the description of getrusage() in XSH.
#.  A similar statement was also in SUSv2.
#. type: Plain text
#: build/C/man2/getrusage.2:229
msgid ""
"In Linux kernel versions before 2.6.9, if the disposition of B<SIGCHLD> is "
"set to B<SIG_IGN> then the resource usages of child processes are "
"automatically included in the value returned by B<RUSAGE_CHILDREN>, although "
"POSIX.1-2001 explicitly prohibits this.  This nonconformance is rectified in "
"Linux 2.6.9 and later."
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:232
msgid ""
"The structure definition shown at the start of this page was taken from "
"4.3BSD Reno."
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:241
msgid ""
"Ancient systems provided a B<vtimes>()  function with a similar purpose to "
"B<getrusage>().  For backward compatibility, glibc also provides "
"B<vtimes>().  All new applications should be written using B<getrusage>()."
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:246
msgid "See also the description of I</proc/PID/stat> in B<proc>(5)."
msgstr ""

#. type: Plain text
#: build/C/man2/getrusage.2:253
msgid ""
"B<clock_gettime>(2), B<getrlimit>(2), B<times>(2), B<wait>(2), B<wait4>(2), "
"B<clock>(3)"
msgstr ""

#. type: TH
#: build/C/man2/getsid.2:26
#, no-wrap
msgid "GETSID"
msgstr ""

#. type: Plain text
#: build/C/man2/getsid.2:29
msgid "getsid - get session ID"
msgstr ""

#. type: Plain text
#: build/C/man2/getsid.2:33
msgid "B<pid_t getsid(pid_t>I< pid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getsid.2:42
msgid "B<getsid>():"
msgstr ""

#. type: Plain text
#: build/C/man2/getsid.2:45 build/C/man2/setpgid.2:79
msgid "_XOPEN_SOURCE\\ E<gt>=\\ 500 || _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED"
msgstr ""

#. type: Plain text
#: build/C/man2/getsid.2:47 build/C/man2/setpgid.2:81
msgid "|| /* Since glibc 2.12: */ _POSIX_C_SOURCE\\ E<gt>=\\ 200809L"
msgstr ""

#. type: Plain text
#: build/C/man2/getsid.2:58
msgid ""
"I<getsid(0)> returns the session ID of the calling process.  I<getsid(p)> "
"returns the session ID of the process with process ID I<p>.  (The session ID "
"of a process is the process group ID of the session leader.)"
msgstr ""

#. type: Plain text
#: build/C/man2/getsid.2:63
msgid ""
"On success, a session ID is returned.  On error, I<(pid_t)\\ -1> will be "
"returned, and I<errno> is set appropriately."
msgstr ""

#. type: Plain text
#: build/C/man2/getsid.2:70
msgid ""
"A process with process ID I<p> exists, but it is not in the same session as "
"the calling process, and the implementation considers this an error."
msgstr ""

#. type: Plain text
#: build/C/man2/getsid.2:75
msgid "No process with process ID I<p> was found."
msgstr ""

#.  Linux has this system call since Linux 1.3.44.
#.  There is libc support since libc 5.2.19.
#. type: Plain text
#: build/C/man2/getsid.2:79
msgid "This system call is available on Linux since version 2.0."
msgstr ""

#. type: Plain text
#: build/C/man2/getsid.2:81 build/C/man2/setgid.2:68 build/C/man2/setsid.2:67
msgid "SVr4, POSIX.1-2001."
msgstr ""

#. type: Plain text
#: build/C/man2/getsid.2:84
msgid "Linux does not return B<EPERM>."
msgstr ""

#. type: Plain text
#: build/C/man2/getsid.2:88
msgid "B<getpgid>(2), B<setsid>(2), B<credentials>(7)"
msgstr ""

#. type: TH
#: build/C/man2/getuid.2:26
#, no-wrap
msgid "GETUID"
msgstr ""

#. type: Plain text
#: build/C/man2/getuid.2:29
msgid "getuid, geteuid - get user identity"
msgstr ""

#. type: Plain text
#: build/C/man2/getuid.2:35
msgid "B<uid_t getuid(void);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getuid.2:37
msgid "B<uid_t geteuid(void);>"
msgstr ""

#. type: Plain text
#: build/C/man2/getuid.2:40
msgid "B<getuid>()  returns the real user ID of the calling process."
msgstr ""

#. type: Plain text
#: build/C/man2/getuid.2:43
msgid "B<geteuid>()  returns the effective user ID of the calling process."
msgstr ""

#. type: SS
#: build/C/man2/getuid.2:48
#, no-wrap
msgid "History"
msgstr ""

#. type: Plain text
#: build/C/man2/getuid.2:57
msgid ""
"In UNIX V6 the B<getuid>()  call returned I<(euid E<lt>E<lt> 8) + uid>.  "
"UNIX V7 introduced separate calls B<getuid>()  and B<geteuid>()."
msgstr ""

#. type: Plain text
#: build/C/man2/getuid.2:73
msgid ""
"The original Linux B<getuid>()  and B<geteuid>()  system calls supported "
"only 16-bit user IDs.  Subsequently, Linux 2.4 added B<getuid32>()  and "
"B<geteuid32>(), supporting 32-bit IDs.  The glibc B<getuid>()  and "
"B<geteuid>()  wrapper functions transparently deal with the variations "
"across kernel versions."
msgstr ""

#. type: Plain text
#: build/C/man2/getuid.2:78
msgid "B<getresuid>(2), B<setreuid>(2), B<setuid>(2), B<credentials>(7)"
msgstr ""

#. type: TH
#: build/C/man2/iopl.2:33
#, no-wrap
msgid "IOPL"
msgstr ""

#. type: TH
#: build/C/man2/iopl.2:33
#, no-wrap
msgid "2013-03-15"
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:36
msgid "iopl - change I/O privilege level"
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:38
msgid "B<#include E<lt>sys/io.hE<gt>>"
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:40
msgid "B<int iopl(int >I<level>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:45
msgid ""
"B<iopl>()  changes the I/O privilege level of the calling process, as "
"specified by the two least significant bits in I<level>."
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:51
msgid ""
"This call is necessary to allow 8514-compatible X servers to run under "
"Linux.  Since these X servers require access to all 65536 I/O ports, the "
"B<ioperm>(2)  call is not sufficient."
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:55
msgid ""
"In addition to granting unrestricted I/O port access, running at a higher "
"I/O privilege level also allows the process to disable interrupts.  This "
"will probably crash the system, and is not recommended."
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:60
msgid "Permissions are inherited by B<fork>(2)  and B<execve>(2)."
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:62
msgid "The I/O privilege level for a normal process is 0."
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:66
msgid ""
"This call is mostly for the i386 architecture.  On many other architectures "
"it does not exist or will always return an error."
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:76
msgid "I<level> is greater than 3."
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:79
msgid "This call is unimplemented."
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:87
msgid ""
"The calling process has insufficient privilege to call B<iopl>(); the "
"B<CAP_SYS_RAWIO> capability is required to raise the I/O privilege level "
"above its current value."
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:91
msgid ""
"B<iopl>()  is Linux-specific and should not be used in programs that are "
"intended to be portable."
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:100
msgid ""
"Libc5 treats it as a system call and has a prototype in "
"I<E<lt>unistd.hE<gt>>.  Glibc1 does not have a prototype.  Glibc2 has a "
"prototype both in I<E<lt>sys/io.hE<gt>> and in I<E<lt>sys/perm.hE<gt>>.  "
"Avoid the latter, it is available on i386 only."
msgstr ""

#. type: Plain text
#: build/C/man2/iopl.2:104
msgid "B<ioperm>(2), B<outb>(2), B<capabilities>(7)"
msgstr ""

#. type: TH
#: build/C/man2/ioprio_set.2:24
#, no-wrap
msgid "IOPRIO_SET"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:27
msgid "ioprio_get, ioprio_set - get/set I/O scheduling class and priority"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:31
#, no-wrap
msgid ""
"B<int ioprio_get(int >I<which>B<, int >I<who>B<);>\n"
"B<int ioprio_set(int >I<which>B<, int >I<who>B<, int >I<ioprio>B<);>\n"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:35
msgid "I<Note>: There are no glibc wrappers for these system calls; see NOTES."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:42
msgid ""
"The B<ioprio_get>()  and B<ioprio_set>()  system calls respectively get and "
"set the I/O scheduling class and priority of one or more threads."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:54
msgid ""
"The I<which> and I<who> arguments identify the thread(s) on which the system "
"calls operate.  The I<which> argument determines how I<who> is interpreted, "
"and has one of the following values:"
msgstr ""

#. type: TP
#: build/C/man2/ioprio_set.2:54
#, no-wrap
msgid "B<IOPRIO_WHO_PROCESS>"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:61
msgid ""
"I<who> is a process ID or thread ID identifying a single process or thread.  "
"If I<who> is 0, then operate on the calling thread."
msgstr ""

#. type: TP
#: build/C/man2/ioprio_set.2:61
#, no-wrap
msgid "B<IOPRIO_WHO_PGRP>"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:68
msgid ""
"I<who> is a process group ID identifying all the members of a process "
"group.  If I<who> is 0, then operate on the process group of which the "
"caller is a member."
msgstr ""

#. type: TP
#: build/C/man2/ioprio_set.2:68
#, no-wrap
msgid "B<IOPRIO_WHO_USER>"
msgstr ""

#.  FIXME who==0 needs to be documented,
#.  See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652443
#. type: Plain text
#: build/C/man2/ioprio_set.2:75
msgid ""
"I<who> is a user ID identifying all of the processes that have a matching "
"real UID."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:98
msgid ""
"If I<which> is specified as B<IOPRIO_WHO_PGRP> or B<IOPRIO_WHO_USER> when "
"calling B<ioprio_get>(), and more than one process matches I<who>, then the "
"returned priority will be the highest one found among all of the matching "
"processes.  One priority is said to be higher than another one if it belongs "
"to a higher priority class (B<IOPRIO_CLASS_RT> is the highest priority "
"class; B<IOPRIO_CLASS_IDLE> is the lowest)  or if it belongs to the same "
"priority class as the other process but has a higher priority level (a lower "
"priority number means a higher priority level)."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:108
msgid ""
"The I<ioprio> argument given to B<ioprio_set>()  is a bit mask that "
"specifies both the scheduling class and the priority to be assigned to the "
"target process(es).  The following macros are used for assembling and "
"dissecting I<ioprio> values:"
msgstr ""

#. type: TP
#: build/C/man2/ioprio_set.2:108
#, no-wrap
msgid "B<IOPRIO_PRIO_VALUE(>I<class>B<, >I<data>B<)>"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:117
msgid ""
"Given a scheduling I<class> and priority (I<data>), this macro combines the "
"two values to produce an I<ioprio> value, which is returned as the result of "
"the macro."
msgstr ""

#. type: TP
#: build/C/man2/ioprio_set.2:117
#, no-wrap
msgid "B<IOPRIO_PRIO_CLASS(>I<mask>B<)>"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:129
msgid ""
"Given I<mask> (an I<ioprio> value), this macro returns its I/O class "
"component, that is, one of the values B<IOPRIO_CLASS_RT>, "
"B<IOPRIO_CLASS_BE>, or B<IOPRIO_CLASS_IDLE>."
msgstr ""

#. type: TP
#: build/C/man2/ioprio_set.2:129
#, no-wrap
msgid "B<IOPRIO_PRIO_DATA(>I<mask>B<)>"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:138
msgid ""
"Given I<mask> (an I<ioprio> value), this macro returns its priority "
"(I<data>)  component."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:141
msgid ""
"See the NOTES section for more information on scheduling classes and "
"priorities."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:149
msgid ""
"I/O priorities are supported for reads and for synchronous (B<O_DIRECT>, "
"B<O_SYNC>)  writes.  I/O priorities are not supported for asynchronous "
"writes because they are issued outside the context of the program dirtying "
"the memory, and thus program-specific priorities do not apply."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:162
msgid ""
"On success, B<ioprio_get>()  returns the I<ioprio> value of the process with "
"highest I/O priority of any of the processes that match the criteria "
"specified in I<which> and I<who>.  On error, -1 is returned, and I<errno> is "
"set to indicate the error."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:169
msgid ""
"On success, B<ioprio_set>()  returns 0.  On error, -1 is returned, and "
"I<errno> is set to indicate the error."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:179
msgid ""
"Invalid value for I<which> or I<ioprio>.  Refer to the NOTES section for "
"available scheduler classes and priority levels for I<ioprio>."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:187
msgid ""
"The calling process does not have the privilege needed to assign this "
"I<ioprio> to the specified process(es).  See the NOTES section for more "
"information on required privileges for B<ioprio_set>()."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:193
msgid ""
"No process(es) could be found that matched the specification in I<which> and "
"I<who>."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:196
msgid "These system calls have been available on Linux since kernel 2.6.13."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:201
msgid ""
"Glibc does not provide a wrapper for these system calls; call them using "
"B<syscall>(2)."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:220
msgid ""
"Two or more processes or threads can share an I/O context.  This will be the "
"case when B<clone>(2)  was called with the B<CLONE_IO> flag.  However, by "
"default, the distinct threads of a process will B<not> share the same I/O "
"context.  This means that if you want to change the I/O priority of all "
"threads in a process, you may need to call B<ioprio_set>()  on each of the "
"threads.  The thread ID that you would need for this operation is the one "
"that is returned by B<gettid>(2)  or B<clone>(2)."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:225
msgid ""
"These system calls have an effect only when used in conjunction with an I/O "
"scheduler that supports I/O priorities.  As at kernel 2.6.17 the only such "
"scheduler is the Completely Fair Queuing (CFQ) I/O scheduler."
msgstr ""

#. type: SS
#: build/C/man2/ioprio_set.2:225
#, no-wrap
msgid "Selecting an I/O scheduler"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:229
msgid ""
"I/O Schedulers are selected on a per-device basis via the special file "
"I</sys/block/E<lt>deviceE<gt>/queue/scheduler>."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:235
msgid ""
"One can view the current I/O scheduler via the I</sys> filesystem.  For "
"example, the following command displays a list of all schedulers currently "
"loaded in the kernel:"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:240
#, no-wrap
msgid ""
"$B< cat /sys/block/hda/queue/scheduler>\n"
"noop anticipatory deadline [cfq]\n"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:254
msgid ""
"The scheduler surrounded by brackets is the one actually in use for the "
"device (I<hda> in the example).  Setting another scheduler is done by "
"writing the name of the new scheduler to this file.  For example, the "
"following command will set the scheduler for the I<hda> device to I<cfq>:"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:260
#, no-wrap
msgid ""
"$B< su>\n"
"Password:\n"
"#B< echo cfq E<gt> /sys/block/hda/queue/scheduler>\n"
msgstr ""

#. type: SS
#: build/C/man2/ioprio_set.2:262
#, no-wrap
msgid "The Completely Fair Queuing (CFQ) I/O scheduler"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:268
msgid ""
"Since v3 (aka CFQ Time Sliced) CFQ implements I/O nice levels similar to "
"those of CPU scheduling.  These nice levels are grouped in three scheduling "
"classes each one containing one or more priority levels:"
msgstr ""

#. type: TP
#: build/C/man2/ioprio_set.2:268
#, no-wrap
msgid "B<IOPRIO_CLASS_RT> (1)"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:283
msgid ""
"This is the real-time I/O class.  This scheduling class is given higher "
"priority than any other class: processes from this class are given first "
"access to the disk every time.  Thus this I/O class needs to be used with "
"some care: one I/O real-time process can starve the entire system.  Within "
"the real-time class, there are 8 levels of class data (priority) that "
"determine exactly how much time this process needs the disk for on each "
"service.  The highest real-time priority level is 0; the lowest is 7.  In "
"the future this might change to be more directly mappable to performance, by "
"passing in a desired data rate instead."
msgstr ""

#. type: TP
#: build/C/man2/ioprio_set.2:283
#, no-wrap
msgid "B<IOPRIO_CLASS_BE> (2)"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:296
msgid ""
"This is the best-effort scheduling class, which is the default for any "
"process that hasn't set a specific I/O priority.  The class data (priority) "
"determines how much I/O bandwidth the process will get.  Best-effort "
"priority levels are analogous to CPU nice values (see B<getpriority>(2)).  "
"The priority level determines a priority relative to other processes in the "
"best-effort scheduling class.  Priority levels range from 0 (highest) to 7 "
"(lowest)."
msgstr ""

#. type: TP
#: build/C/man2/ioprio_set.2:296
#, no-wrap
msgid "B<IOPRIO_CLASS_IDLE> (3)"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:305
msgid ""
"This is the idle scheduling class.  Processes running at this level only get "
"I/O time when no-one else needs the disk.  The idle class has no class "
"data.  Attention is required when assigning this priority class to a "
"process, since it may become starved if higher priority processes are "
"constantly accessing the disk."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:309
msgid ""
"Refer to I<Documentation/block/ioprio.txt> for more information on the CFQ "
"I/O Scheduler and an example program."
msgstr ""

#. type: SS
#: build/C/man2/ioprio_set.2:309
#, no-wrap
msgid "Required permissions to set I/O priorities"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:312
msgid ""
"Permission to change a process's priority is granted or denied based on two "
"assertions:"
msgstr ""

#. type: TP
#: build/C/man2/ioprio_set.2:312
#, no-wrap
msgid "B<Process ownership>"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:320
msgid ""
"An unprivileged process may set only the I/O priority of a process whose "
"real UID matches the real or effective UID of the calling process.  A "
"process which has the B<CAP_SYS_NICE> capability can change the priority of "
"any process."
msgstr ""

#. type: TP
#: build/C/man2/ioprio_set.2:320
#, no-wrap
msgid "B<What is the desired priority>"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:332
msgid ""
"Attempts to set very high priorities (B<IOPRIO_CLASS_RT>)  require the "
"B<CAP_SYS_ADMIN> capability.  Kernel versions up to 2.6.24 also required "
"B<CAP_SYS_ADMIN> to set a very low priority (B<IOPRIO_CLASS_IDLE>), but "
"since Linux 2.6.25, this is no longer required."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:337
msgid ""
"A call to B<ioprio_set>()  must follow both rules, or the call will fail "
"with the error B<EPERM>."
msgstr ""

#.  6 May 07: Bug report raised:
#.  http://sources.redhat.com/bugzilla/show_bug.cgi?id=4464
#.  Ulrich Drepper replied that he wasn't going to add these
#.  to glibc.
#. type: Plain text
#: build/C/man2/ioprio_set.2:346
msgid ""
"Glibc does not yet provide a suitable header file defining the function "
"prototypes and macros described on this page.  Suitable definitions can be "
"found in I<linux/ioprio.h>."
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:351
msgid "B<ionice>(1), B<getpriority>(2), B<open>(2), B<capabilities>(7)"
msgstr ""

#. type: Plain text
#: build/C/man2/ioprio_set.2:354
msgid "I<Documentation/block/ioprio.txt> in the Linux kernel source tree"
msgstr ""

#. type: TH
#: build/C/man2/ipc.2:25
#, no-wrap
msgid "IPC"
msgstr ""

#. type: TH
#: build/C/man2/ipc.2:25
#, no-wrap
msgid "2012-10-16"
msgstr ""

#. type: Plain text
#: build/C/man2/ipc.2:28
msgid "ipc - System V IPC system calls"
msgstr ""

#. type: Plain text
#: build/C/man2/ipc.2:33
#, no-wrap
msgid ""
"B<int ipc(unsigned int >I<call>B<, int >I<first>B<, int >I<second>B<, int "
">I<third>B<,>\n"
"B<        void *>I<ptr>B<, long >I<fifth>B<);>\n"
msgstr ""

#. type: Plain text
#: build/C/man2/ipc.2:41
msgid ""
"B<ipc>()  is a common kernel entry point for the System V IPC calls for "
"messages, semaphores, and shared memory.  I<call> determines which IPC "
"function to invoke; the other arguments are passed through to the "
"appropriate call."
msgstr ""

#. type: Plain text
#: build/C/man2/ipc.2:45
msgid ""
"User programs should call the appropriate functions by their usual names.  "
"Only standard library implementors and kernel hackers need to know about "
"B<ipc>()."
msgstr ""

#. type: Plain text
#: build/C/man2/ipc.2:49
msgid ""
"B<ipc>()  is Linux-specific, and should not be used in programs intended to "
"be portable."
msgstr ""

#. type: Plain text
#: build/C/man2/ipc.2:57
msgid ""
"On some architectures\\(emfor example x86-64 and ARM\\(emthere is no "
"B<ipc>()  system call; instead B<msgctl>(2), B<semctl>(2), B<shmctl>(2), and "
"so on really are implemented as separate system calls."
msgstr ""

#. type: Plain text
#: build/C/man2/ipc.2:70
msgid ""
"B<msgctl>(2), B<msgget>(2), B<msgrcv>(2), B<msgsnd>(2), B<semctl>(2), "
"B<semget>(2), B<semop>(2), B<semtimedop>(2), B<shmat>(2), B<shmctl>(2), "
"B<shmdt>(2), B<shmget>(2)"
msgstr ""

#. type: TH
#: build/C/man2/seteuid.2:29
#, no-wrap
msgid "SETEUID"
msgstr ""

#. type: TH
#: build/C/man2/seteuid.2:29
#, no-wrap
msgid "2012-07-02"
msgstr ""

#. type: Plain text
#: build/C/man2/seteuid.2:32
msgid "seteuid, setegid - set effective user or group ID"
msgstr ""

#. type: Plain text
#: build/C/man2/seteuid.2:38
msgid "B<int seteuid(uid_t >I<euid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/seteuid.2:40
msgid "B<int setegid(gid_t >I<egid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/seteuid.2:49
msgid "B<seteuid>(), B<setegid>():"
msgstr ""

#. type: Plain text
#: build/C/man2/seteuid.2:51
msgid ""
"_BSD_SOURCE || _POSIX_C_SOURCE\\ E<gt>=\\ 200112L || _XOPEN_SOURCE\\ "
"E<gt>=\\ 600"
msgstr ""

#. type: Plain text
#: build/C/man2/seteuid.2:58
msgid ""
"B<seteuid>()  sets the effective user ID of the calling process.  "
"Unprivileged user processes may only set the effective user ID to the real "
"user ID, the effective user ID or the saved set-user-ID."
msgstr ""

#.  When
#.  .I euid
#.  equals \-1, nothing is changed.
#.  (This is an artifact of the implementation in glibc of seteuid()
#.  using setresuid(2).)
#. type: Plain text
#: build/C/man2/seteuid.2:67
msgid ""
"Precisely the same holds for B<setegid>()  with \"group\" instead of "
"\"user\"."
msgstr ""

#. type: Plain text
#: build/C/man2/seteuid.2:91
msgid ""
"The calling process is not privileged (Linux: does not have the "
"B<CAP_SETUID> capability in the case of B<seteuid>(), or the B<CAP_SETGID> "
"capability in the case of B<setegid>())  and I<euid> (respectively, I<egid>)  "
"is not the real user (group) ID, the effective user (group) ID, or the saved "
"set-user-ID (saved set-group-ID)."
msgstr ""

#. type: Plain text
#: build/C/man2/seteuid.2:93
msgid "4.3BSD, POSIX.1-2001."
msgstr ""

#. type: Plain text
#: build/C/man2/seteuid.2:99
msgid ""
"Setting the effective user (group) ID to the saved set-user-ID (saved "
"set-group-ID) is possible since Linux 1.1.37 (1.1.38).  On an arbitrary "
"system one should check B<_POSIX_SAVED_IDS>."
msgstr ""

#. type: Plain text
#: build/C/man2/seteuid.2:115
msgid ""
"Under libc4, libc5 and glibc 2.0 B<seteuid(>I<euid>B<)> is equivalent to "
"B<setreuid(-1,>I< euid>B<)> and hence may change the saved set-user-ID.  "
"Under glibc 2.1 and later it is equivalent to B<setresuid(-1,>I< euid>B<, "
"-1)> and hence does not change the saved set-user-ID.  Analogous remarks "
"hold for B<setegid>(), with the difference that the change in implementation "
"from B<setregid(-1,>I< egid>B<)> to B<setresgid(-1,>I< egid>B<, -1)> "
"occurred in glibc 2.2 or 2.3 (dependeing on the hardware architecture)."
msgstr ""

#. type: Plain text
#: build/C/man2/seteuid.2:124
msgid ""
"According to POSIX.1, B<seteuid>()  (B<setegid>())  need not permit I<euid> "
"(I<egid>)  to be the same value as the current effective user (group) ID, "
"and some implementations do not permit this."
msgstr ""

#. type: Plain text
#: build/C/man2/seteuid.2:131
msgid ""
"B<geteuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), "
"B<capabilities>(7), B<credentials>(7)"
msgstr ""

#. type: TH
#: build/C/man2/setfsgid.2:31
#, no-wrap
msgid "SETFSGID"
msgstr ""

#. type: TH
#: build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31
#, no-wrap
msgid "2013-08-08"
msgstr ""

#. type: Plain text
#: build/C/man2/setfsgid.2:34
msgid "setfsgid - set group identity used for filesystem checks"
msgstr ""

#. type: Plain text
#: build/C/man2/setfsgid.2:36 build/C/man2/setfsuid.2:36
msgid "B<#include E<lt>sys/fsuid.hE<gt>>"
msgstr ""

#. type: Plain text
#: build/C/man2/setfsgid.2:38
msgid "B<int setfsgid(uid_t >I<fsgid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/setfsgid.2:51
msgid ""
"The system call B<setfsgid>()  changes the value of the caller's filesystem "
"group ID\\(emthe group ID that the Linux kernel uses to check for all "
"accesses to the filesystem.  Normally, the value of the filesystem group ID "
"will shadow the value of the effective group ID.  In fact, whenever the "
"effective group ID is changed, the filesystem group ID will also be changed "
"to the new value of the effective group ID."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsgid.2:62
msgid ""
"Explicit calls to B<setfsuid>(2)  and B<setfsgid>()  are usually used only "
"by programs such as the Linux NFS server that need to change what user and "
"group ID is used for file access without a corresponding change in the real "
"and effective user and group IDs.  A change in the normal user IDs for a "
"program such as the NFS server is a security hole that can expose it to "
"unwanted signals.  (But see below.)"
msgstr ""

#. type: Plain text
#: build/C/man2/setfsgid.2:68
msgid ""
"B<setfsgid>()  will succeed only if the caller is the superuser or if "
"I<fsgid> matches either the caller's real group ID, effective group ID, "
"saved set-group-ID, or current the filesystem user ID."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsgid.2:71
msgid ""
"On both success and failure, this call returns the previous filesystem group "
"ID of the caller."
msgstr ""

#.  This system call is present since Linux 1.1.44
#.  and in libc since libc 4.7.6.
#. type: Plain text
#: build/C/man2/setfsgid.2:75 build/C/man2/setfsuid.2:75
msgid "This system call is present in Linux since version 1.2."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsgid.2:79
msgid ""
"B<setfsgid>()  is Linux-specific and should not be used in programs intended "
"to be portable."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsgid.2:85
msgid ""
"When glibc determines that the argument is not a valid group ID, it will "
"return -1 and set I<errno> to B<EINVAL> without attempting the system call."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsgid.2:96
msgid ""
"Note that at the time this system call was introduced, a process could send "
"a signal to a process with the same effective user ID.  Today signal "
"permission handling is slightly different.  See B<setfsuid>(2)  for a "
"discussion of why the use of both B<setfsuid>(2)  and B<setfsgid>()  is "
"nowadays unneeded."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsgid.2:106
msgid ""
"The original Linux B<setfsgid>()  system call supported only 16-bit group "
"IDs.  Subsequently, Linux 2.4 added B<setfsgid32>()  supporting 32-bit IDs.  "
"The glibc B<setfsgid>()  wrapper function transparently deals with the "
"variation across kernel versions."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsgid.2:123
msgid ""
"No error indications of any kind are returned to the caller, and the fact "
"that both successful and unsuccessful calls return the same value makes it "
"impossible to directly determine whether the call succeeded or failed.  "
"Instead, the caller must resort to looking at the return value from a "
"further call such as I<setfsgid(-1)> (which will always fail), in order to "
"determine if a preceding call to B<setfsgid>()  changed the filesystem group "
"ID.  At the very least, B<EPERM> should be returned when the call fails "
"(because the caller lacks the B<CAP_SETGID> capability)."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsgid.2:128
msgid "B<kill>(2), B<setfsuid>(2), B<capabilities>(7), B<credentials>(7)"
msgstr ""

#. type: TH
#: build/C/man2/setfsuid.2:31
#, no-wrap
msgid "SETFSUID"
msgstr ""

#. type: Plain text
#: build/C/man2/setfsuid.2:34
msgid "setfsuid - set user identity used for filesystem checks"
msgstr ""

#. type: Plain text
#: build/C/man2/setfsuid.2:38
msgid "B<int setfsuid(uid_t >I<fsuid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/setfsuid.2:51
msgid ""
"The system call B<setfsuid>()  changes the value of the caller's filesystem "
"user ID\\(emthe user ID that the Linux kernel uses to check for all accesses "
"to the filesystem.  Normally, the value of the filesystem user ID will "
"shadow the value of the effective user ID.  In fact, whenever the effective "
"user ID is changed, the filesystem user ID will also be changed to the new "
"value of the effective user ID."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsuid.2:62
msgid ""
"Explicit calls to B<setfsuid>()  and B<setfsgid>(2)  are usually used only "
"by programs such as the Linux NFS server that need to change what user and "
"group ID is used for file access without a corresponding change in the real "
"and effective user and group IDs.  A change in the normal user IDs for a "
"program such as the NFS server is a security hole that can expose it to "
"unwanted signals.  (But see below.)"
msgstr ""

#. type: Plain text
#: build/C/man2/setfsuid.2:68
msgid ""
"B<setfsuid>()  will succeed only if the caller is the superuser or if "
"I<fsuid> matches either the caller's real user ID, effective user ID, saved "
"set-user-ID, or current filesystem user ID."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsuid.2:71
msgid ""
"On both success and failure, this call returns the previous filesystem user "
"ID of the caller."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsuid.2:79
msgid ""
"B<setfsuid>()  is Linux-specific and should not be used in programs intended "
"to be portable."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsuid.2:85
msgid ""
"When glibc determines that the argument is not a valid user ID, it will "
"return -1 and set I<errno> to B<EINVAL> without attempting the system call."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsuid.2:104
msgid ""
"At the time when this system call was introduced, one process could send a "
"signal to another process with the same effective user ID.  This meant that "
"if a privilged process changed its effective user ID for the purpose of file "
"permission checking, then it could become vulnerable to receiving signals "
"sent by another (unprivileged) process with the same user ID.  The "
"filesystem user ID attribute was thus added to allow a process to change its "
"user ID for the purposes of file permission checking without at the same "
"time becoming vulnerable to receiving unwanted signals.  Since Linux 2.0, "
"signal permission handling is different (see B<kill>(2)), with the result "
"that a process change can change its effective user ID without being "
"vulnerable to receiving signals from unwanted processes.  Thus, "
"B<setfsuid>()  is nowadays unneeded and should be avoided in new "
"applications (likewise for B<setfsgid>(2))."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsuid.2:114
msgid ""
"The original Linux B<setfsuid>()  system call supported only 16-bit user "
"IDs.  Subsequently, Linux 2.4 added B<setfsuid32>()  supporting 32-bit IDs.  "
"The glibc B<setfsuid>()  wrapper function transparently deals with the "
"variation across kernel versions."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsuid.2:131
msgid ""
"No error indications of any kind are returned to the caller, and the fact "
"that both successful and unsuccessful calls return the same value makes it "
"impossible to directly determine whether the call succeeded or failed.  "
"Instead, the caller must resort to looking at the return value from a "
"further call such as I<setfsuid(-1)> (which will always fail), in order to "
"determine if a preceding call to B<setfsuid>()  changed the filesystem user "
"ID.  At the very least, B<EPERM> should be returned when the call fails "
"(because the caller lacks the B<CAP_SETUID> capability)."
msgstr ""

#. type: Plain text
#: build/C/man2/setfsuid.2:136
msgid "B<kill>(2), B<setfsgid>(2), B<capabilities>(7), B<credentials>(7)"
msgstr ""

#. type: TH
#: build/C/man2/setgid.2:29
#, no-wrap
msgid "SETGID"
msgstr ""

#. type: Plain text
#: build/C/man2/setgid.2:32
msgid "setgid - set group identity"
msgstr ""

#. type: Plain text
#: build/C/man2/setgid.2:38
msgid "B<int setgid(gid_t >I<gid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/setgid.2:43
msgid ""
"B<setgid>()  sets the effective group ID of the calling process.  If the "
"caller is the superuser, the real GID and saved set-group-ID are also set."
msgstr ""

#. type: Plain text
#: build/C/man2/setgid.2:53
msgid ""
"Under Linux, B<setgid>()  is implemented like the POSIX version with the "
"B<_POSIX_SAVED_IDS> feature.  This allows a set-group-ID program that is not "
"set-user-ID-root to drop all of its group privileges, do some un-privileged "
"work, and then reengage the original effective group ID in a secure manner."
msgstr ""

#. type: Plain text
#: build/C/man2/setgid.2:66
msgid ""
"The calling process is not privileged (does not have the B<CAP_SETGID> "
"capability), and I<gid> does not match the real group ID or saved "
"set-group-ID of the calling process."
msgstr ""

#. type: Plain text
#: build/C/man2/setgid.2:78
msgid ""
"The original Linux B<setgid>()  system call supported only 16-bit group "
"IDs.  Subsequently, Linux 2.4 added B<setgid32>()  supporting 32-bit IDs.  "
"The glibc B<setgid>()  wrapper function transparently deals with the "
"variation across kernel versions."
msgstr ""

#. type: Plain text
#: build/C/man2/setgid.2:84
msgid ""
"B<getgid>(2), B<setegid>(2), B<setregid>(2), B<capabilities>(7), "
"B<credentials>(7)"
msgstr ""

#. type: TH
#: build/C/man2/setpgid.2:48
#, no-wrap
msgid "SETPGID"
msgstr ""

#. type: TH
#: build/C/man2/setpgid.2:48
#, no-wrap
msgid "2013-07-31"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:51
msgid "setpgid, getpgid, setpgrp, getpgrp - set/get process group"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:55
msgid "B<int setpgid(pid_t >I<pid>B<, pid_t >I<pgid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:57
msgid "B<pid_t getpgid(pid_t >I<pid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:59
msgid "B<pid_t getpgrp(void);> /* POSIX.1 version */"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:62
msgid ""
"B<pid_t getpgrp(pid_t >I<pid>B<);\\ \\ \\ \\ \\ \\ \\ \\ \\ \\ \\ > /* BSD "
"version */"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:64
msgid "B<int setpgrp(void);> /* System V version */"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:67
msgid "B<int setpgrp(pid_t >I<pid>B<, pid_t >I<pgid>B<);\\ > /* BSD version */"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:76
msgid "B<getpgid>():"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:84
msgid "B<setpgrp>() (POSIX.1):"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:87
#, no-wrap
msgid ""
"    _SVID_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 ||\n"
"    _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED\n"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:91
msgid "B<setpgrp>()\\ (BSD), B<getpgrp>()\\ (BSD):"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:95
#, no-wrap
msgid ""
"    _BSD_SOURCE &&\n"
"        !\\ (_POSIX_SOURCE || _POSIX_C_SOURCE || _XOPEN_SOURCE ||\n"
"           _XOPEN_SOURCE_EXTENDED || _GNU_SOURCE || _SVID_SOURCE)\n"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:107
msgid ""
"All of these interfaces are available on Linux, and are used for getting and "
"setting the process group ID (PGID) of a process.  The preferred, "
"POSIX.1-specified ways of doing this are: B<getpgrp>(void), for retrieving "
"the calling process's PGID; and B<setpgid>(), for setting a process's PGID."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:132
msgid ""
"B<setpgid>()  sets the PGID of the process specified by I<pid> to I<pgid>.  "
"If I<pid> is zero, then the process ID of the calling process is used.  If "
"I<pgid> is zero, then the PGID of the process specified by I<pid> is made "
"the same as its process ID.  If B<setpgid>()  is used to move a process from "
"one process group to another (as is done by some shells when creating "
"pipelines), both process groups must be part of the same session (see "
"B<setsid>(2)  and B<credentials>(7)).  In this case, the I<pgid> specifies "
"an existing process group to be joined and the session ID of that group must "
"match the session ID of the joining process."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:137
msgid ""
"The POSIX.1 version of B<getpgrp>(), which takes no arguments, returns the "
"PGID of the calling process."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:148
msgid ""
"B<getpgid>()  returns the PGID of the process specified by I<pid>.  If "
"I<pid> is zero, the process ID of the calling process is used.  (Retrieving "
"the PGID of a process other than the caller is rarely necessary, and the "
"POSIX.1 B<getpgrp>()  is preferred for that task.)"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:153
msgid ""
"The System V-style B<setpgrp>(), which takes no arguments, is equivalent to "
"I<setpgid(0,\\ 0)>."
msgstr ""

#.  The true BSD setpgrp() system call differs in allowing the PGID
#.  to be set to arbitrary values, rather than being restricted to
#.  PGIDs in the same session.
#. type: Plain text
#: build/C/man2/setpgid.2:165
msgid ""
"The BSD-specific B<setpgrp>()  call, which takes arguments I<pid> and "
"I<pgid>, is equivalent to I<setpgid(pid, pgid)>."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:172
msgid ""
"The BSD-specific B<getpgrp>()  call, which takes a single I<pid> argument, "
"is equivalent to I<getpgid(pid)>."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:181
msgid ""
"On success, B<setpgid>()  and B<setpgrp>()  return zero.  On error, -1 is "
"returned, and I<errno> is set appropriately."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:185
msgid "The POSIX.1 B<getpgrp>()  always returns the PGID of the caller."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:193
msgid ""
"B<getpgid>(), and the BSD-specific B<getpgrp>()  return a process group on "
"success.  On error, -1 is returned, and I<errno> is set appropriately."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:202
msgid ""
"An attempt was made to change the process group ID of one of the children of "
"the calling process and the child had already performed an B<execve>(2)  "
"(B<setpgid>(), B<setpgrp>())."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:208
msgid "I<pgid> is less than 0 (B<setpgid>(), B<setpgrp>())."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:217
msgid ""
"An attempt was made to move a process into a process group in a different "
"session, or to change the process group ID of one of the children of the "
"calling process and the child was in a different session, or to change the "
"process group ID of a session leader (B<setpgid>(), B<setpgrp>())."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:227
msgid ""
"For B<getpgid>(): I<pid> does not match any process.  For B<setpgid>(): "
"I<pid> is not the calling process and not a child of the calling process."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:233
msgid ""
"B<setpgid>()  and the version of B<getpgrp>()  with no arguments conform to "
"POSIX.1-2001."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:242
msgid ""
"POSIX.1-2001 also specifies B<getpgid>()  and the version of B<setpgrp>()  "
"that takes no arguments.  (POSIX.1-2008 marks this B<setpgrp>()  "
"specification as obsolete.)"
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:249
msgid ""
"The version of B<getpgrp>()  with one argument and the version of "
"B<setpgrp>()  that takes two arguments derive from 4.2BSD, and are not "
"specified by POSIX.1."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:255
msgid ""
"A child created via B<fork>(2)  inherits its parent's process group ID.  The "
"PGID is preserved across an B<execve>(2)."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:258
msgid ""
"Each process group is a member of a session and each process is a member of "
"the session of which its process group is a member."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:285
msgid ""
"A session can have a controlling terminal.  At any time, one (and only one) "
"of the process groups in the session can be the foreground process group for "
"the terminal; the remaining process groups are in the background.  If a "
"signal is generated from the terminal (e.g., typing the interrupt key to "
"generate B<SIGINT>), that signal is sent to the foreground process group.  "
"(See B<termios>(3)  for a description of the characters that generate "
"signals.)  Only the foreground process group may B<read>(2)  from the "
"terminal; if a background process group tries to B<read>(2)  from the "
"terminal, then the group is sent a B<SIGTTIN> signal, which suspends it.  "
"The B<tcgetpgrp>(3)  and B<tcsetpgrp>(3)  functions are used to get/set the "
"foreground process group of the controlling terminal."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:293
msgid ""
"The B<setpgid>()  and B<getpgrp>()  calls are used by programs such as "
"B<bash>(1)  to create process groups in order to implement shell job "
"control."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:303
msgid ""
"If a session has a controlling terminal, and the B<CLOCAL> flag for that "
"terminal is not set, and a terminal hangup occurs, then the session leader "
"is sent a B<SIGHUP>.  If the session leader exits, then a B<SIGHUP> signal "
"will also be sent to each process in the foreground process group of the "
"controlling terminal."
msgstr ""

#.  exit.3 refers to the following text:
#. type: Plain text
#: build/C/man2/setpgid.2:317
msgid ""
"If the exit of the process causes a process group to become orphaned, and if "
"any member of the newly orphaned process group is stopped, then a B<SIGHUP> "
"signal followed by a B<SIGCONT> signal will be sent to each process in the "
"newly orphaned process group.  An orphaned process group is one in which the "
"parent of every member of process group is either itself also a member of "
"the process group or is a member of a process group in a different session "
"(see also B<credentials>(7))."
msgstr ""

#. type: Plain text
#: build/C/man2/setpgid.2:324
msgid ""
"B<getuid>(2), B<setsid>(2), B<tcgetpgrp>(3), B<tcsetpgrp>(3), B<termios>(3), "
"B<credentials>(7)"
msgstr ""

#. type: TH
#: build/C/man2/setresuid.2:26
#, no-wrap
msgid "SETRESUID"
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:29
msgid "setresuid, setresgid - set real, effective and saved user or group ID"
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:35
msgid "B<int setresuid(uid_t >I<ruid>B<, uid_t >I<euid>B<, uid_t >I<suid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:37
msgid "B<int setresgid(gid_t >I<rgid>B<, gid_t >I<egid>B<, gid_t >I<sgid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:41
msgid ""
"B<setresuid>()  sets the real user ID, the effective user ID, and the saved "
"set-user-ID of the calling process."
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:47
msgid ""
"Unprivileged user processes may change the real UID, effective UID, and "
"saved set-user-ID, each to one of: the current real UID, the current "
"effective UID or the current saved set-user-ID."
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:51
msgid ""
"Privileged processes (on Linux, those having the B<CAP_SETUID> capability)  "
"may set the real UID, effective UID, and saved set-user-ID to arbitrary "
"values."
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:53
msgid "If one of the arguments equals -1, the corresponding value is not changed."
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:57
msgid ""
"Regardless of what changes are made to the real UID, effective UID, and "
"saved set-user-ID, the filesystem UID is always set to the same value as the "
"(possibly new) effective UID."
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:64
msgid ""
"Completely analogously, B<setresgid>()  sets the real GID, effective GID, "
"and saved set-group-ID of the calling process (and always modifies the "
"filesystem GID to be the same as the effective GID), with the same "
"restrictions for unprivileged processes."
msgstr ""

#. type: TP
#: build/C/man2/setresuid.2:70 build/C/man2/setuid.2:76
#, no-wrap
msgid "B<EAGAIN>"
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:77
msgid ""
"I<uid> does not match the current UID and this call would bring that user ID "
"over its B<RLIMIT_NPROC> resource limit."
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:81
msgid ""
"The calling process is not privileged (did not have the B<CAP_SETUID> "
"capability) and tried to change the IDs to values that are not permitted."
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:83
msgid "These calls are available under Linux since Linux 2.1.44."
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:90
msgid ""
"Under HP-UX and FreeBSD, the prototype is found in I<E<lt>unistd.hE<gt>>.  "
"Under Linux the prototype is provided by glibc since version 2.3.2."
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:106
msgid ""
"The original Linux B<setresuid>()  and B<setresgid>()  system calls "
"supported only 16-bit user and group IDs.  Subsequently, Linux 2.4 added "
"B<setresuid32>()  and B<setresgid32>(), supporting 32-bit IDs.  The glibc "
"B<setresuid>()  and B<setresgid>()  wrapper functions transparently deal "
"with the variations across kernel versions."
msgstr ""

#. type: Plain text
#: build/C/man2/setresuid.2:115
msgid ""
"B<getresuid>(2), B<getuid>(2), B<setfsgid>(2), B<setfsuid>(2), "
"B<setreuid>(2), B<setuid>(2), B<capabilities>(7), B<credentials>(7)"
msgstr ""

#. type: TH
#: build/C/man2/setreuid.2:45
#, no-wrap
msgid "SETREUID"
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:48
msgid "setreuid, setregid - set real and/or effective user or group ID"
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:54
msgid "B<int setreuid(uid_t >I<ruid>B<, uid_t >I<euid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:56
msgid "B<int setregid(gid_t >I<rgid>B<, gid_t >I<egid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:64
msgid "B<setreuid>(), B<setregid>():"
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:68
msgid ""
"_BSD_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 || _XOPEN_SOURCE\\ &&\\ "
"_XOPEN_SOURCE_EXTENDED"
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:73
msgid "B<setreuid>()  sets real and effective user IDs of the calling process."
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:76
msgid ""
"Supplying a value of -1 for either the real or effective user ID forces the "
"system to leave that ID unchanged."
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:79
msgid ""
"Unprivileged processes may only set the effective user ID to the real user "
"ID, the effective user ID, or the saved set-user-ID."
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:82
msgid ""
"Unprivileged users may only set the real user ID to the real user ID or the "
"effective user ID."
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:86
msgid ""
"If the real user ID is set or the effective user ID is set to a value not "
"equal to the previous real user ID, the saved set-user-ID will be set to the "
"new effective user ID."
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:91
msgid ""
"Completely analogously, B<setregid>()  sets real and effective group ID's of "
"the calling process, and all of the above holds with \"group\" instead of "
"\"user\"."
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:113
msgid ""
"The calling process is not privileged (Linux: does not have the "
"B<CAP_SETUID> capability in the case of B<setreuid>(), or the B<CAP_SETGID> "
"capability in the case of B<setregid>())  and a change other than (i)  "
"swapping the effective user (group) ID with the real user (group) ID, or "
"(ii) setting one to the value of the other or (iii) setting the effective "
"user (group) ID to the value of the saved set-user-ID (saved set-group-ID) "
"was specified."
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:119
msgid ""
"POSIX.1-2001, 4.3BSD (the B<setreuid>()  and B<setregid>()  function calls "
"first appeared in 4.2BSD)."
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:123
msgid ""
"Setting the effective user (group) ID to the saved set-user-ID (saved "
"set-group-ID) is possible since Linux 1.1.37 (1.1.38)."
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:140
msgid ""
"POSIX.1 does not specify all of possible ID changes that are permitted on "
"Linux for an unprivileged process.  For B<setreuid>(), the effective user ID "
"can be made the same as the real user ID or the save set-user-ID, and it is "
"unspecified whether unprivileged processes may set the real user ID to the "
"real user ID, the effective user ID, or the saved set-user-ID.  For "
"B<setregid>(), the real group ID can be changed to the value of the saved "
"set-group-ID, and the effective group ID can be changed to the value of the "
"real group ID or the saved set-group-ID.  The precise details of what ID "
"changes are permitted vary across implementations."
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:143
msgid ""
"POSIX.1 makes no specification about the effect of these calls on the saved "
"set-user-ID and saved set-group-ID."
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:159
msgid ""
"The original Linux B<setreuid>()  and B<setregid>()  system calls supported "
"only 16-bit user and group IDs.  Subsequently, Linux 2.4 added "
"B<setreuid32>()  and B<setregid32>(), supporting 32-bit IDs.  The glibc "
"B<setreuid>()  and B<setregid>()  wrapper functions transparently deal with "
"the variations across kernel versions."
msgstr ""

#. type: Plain text
#: build/C/man2/setreuid.2:167
msgid ""
"B<getgid>(2), B<getuid>(2), B<seteuid>(2), B<setgid>(2), B<setresuid>(2), "
"B<setuid>(2), B<capabilities>(7)"
msgstr ""

#. type: TH
#: build/C/man2/setsid.2:30
#, no-wrap
msgid "SETSID"
msgstr ""

#. type: Plain text
#: build/C/man2/setsid.2:33
msgid "setsid - creates a session and sets the process group ID"
msgstr ""

#. type: Plain text
#: build/C/man2/setsid.2:38
msgid "B<pid_t setsid(void);>"
msgstr ""

#. type: Plain text
#: build/C/man2/setsid.2:51
msgid ""
"B<setsid>()  creates a new session if the calling process is not a process "
"group leader.  The calling process is the leader of the new session, the "
"process group leader of the new process group, and has no controlling "
"terminal.  The process group ID and session ID of the calling process are "
"set to the PID of the calling process.  The calling process will be the only "
"process in this new process group and in this new session."
msgstr ""

#. type: Plain text
#: build/C/man2/setsid.2:58
msgid ""
"On success, the (new) session ID of the calling process is returned.  On "
"error, I<(pid_t)\\ -1> is returned, and I<errno> is set to indicate the "
"error."
msgstr ""

#. type: Plain text
#: build/C/man2/setsid.2:65
msgid ""
"The process group ID of any process equals the PID of the calling process.  "
"Thus, in particular, B<setsid>()  fails if the calling process is already a "
"process group leader."
msgstr ""

#. type: Plain text
#: build/C/man2/setsid.2:73
msgid ""
"A child created via B<fork>(2)  inherits its parent's session ID.  The "
"session ID is preserved across an B<execve>(2)."
msgstr ""

#. type: Plain text
#: build/C/man2/setsid.2:84
msgid ""
"A process group leader is a process with process group ID equal to its PID.  "
"In order to be sure that B<setsid>()  will succeed, B<fork>(2)  and "
"B<_exit>(2), and have the child do B<setsid>()."
msgstr ""

#. type: Plain text
#: build/C/man2/setsid.2:91
msgid ""
"B<setsid>(1), B<getsid>(2), B<setpgid>(2), B<setpgrp>(2), B<tcgetsid>(3), "
"B<credentials>(7)"
msgstr ""

#. type: TH
#: build/C/man2/setuid.2:30
#, no-wrap
msgid "SETUID"
msgstr ""

#. type: Plain text
#: build/C/man2/setuid.2:33
msgid "setuid - set user identity"
msgstr ""

#. type: Plain text
#: build/C/man2/setuid.2:39
msgid "B<int setuid(uid_t >I<uid>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man2/setuid.2:44
msgid ""
"B<setuid>()  sets the effective user ID of the calling process.  If the "
"effective UID of the caller is root, the real UID and saved set-user-ID are "
"also set."
msgstr ""

#. type: Plain text
#: build/C/man2/setuid.2:53
msgid ""
"Under Linux, B<setuid>()  is implemented like the POSIX version with the "
"B<_POSIX_SAVED_IDS> feature.  This allows a set-user-ID (other than root) "
"program to drop all of its user privileges, do some un-privileged work, and "
"then reengage the original effective user ID in a secure manner."
msgstr ""

#. type: Plain text
#: build/C/man2/setuid.2:63
msgid ""
"If the user is root or the program is set-user-ID-root, special care must be "
"taken.  The B<setuid>()  function checks the effective user ID of the caller "
"and if it is the superuser, all process-related user ID's are set to "
"I<uid>.  After this has occurred, it is impossible for the program to regain "
"root privileges."
msgstr ""

#. type: Plain text
#: build/C/man2/setuid.2:70
msgid ""
"Thus, a set-user-ID-root program wishing to temporarily drop root "
"privileges, assume the identity of an unprivileged user, and then regain "
"root privileges afterward cannot use B<setuid>().  You can accomplish this "
"with B<seteuid>(2)."
msgstr ""

#. type: Plain text
#: build/C/man2/setuid.2:85
msgid ""
"The I<uid> does not match the current uid and I<uid> brings process over its "
"B<RLIMIT_NPROC> resource limit."
msgstr ""

#. type: Plain text
#: build/C/man2/setuid.2:92
msgid ""
"The user is not privileged (Linux: does not have the B<CAP_SETUID> "
"capability) and I<uid> does not match the real UID or saved set-user-ID of "
"the calling process."
msgstr ""

#.  SVr4 documents an additional EINVAL error condition.
#. type: Plain text
#: build/C/man2/setuid.2:97
msgid ""
"SVr4, POSIX.1-2001.  Not quite compatible with the 4.4BSD call, which sets "
"all of the real, saved, and effective user IDs."
msgstr ""

#. type: Plain text
#: build/C/man2/setuid.2:105
msgid ""
"Linux has the concept of the filesystem user ID, normally equal to the "
"effective user ID.  The B<setuid>()  call also sets the filesystem user ID "
"of the calling process.  See B<setfsuid>(2)."
msgstr ""

#. type: Plain text
#: build/C/man2/setuid.2:110
msgid ""
"If I<uid> is different from the old effective UID, the process will be "
"forbidden from leaving core dumps."
msgstr ""

#. type: Plain text
#: build/C/man2/setuid.2:120
msgid ""
"The original Linux B<setuid>()  system call supported only 16-bit user IDs.  "
"Subsequently, Linux 2.4 added B<setuid32>()  supporting 32-bit IDs.  The "
"glibc B<setuid>()  wrapper function transparently deals with the variation "
"across kernel versions."
msgstr ""

#. type: Plain text
#: build/C/man2/setuid.2:127
msgid ""
"B<getuid>(2), B<seteuid>(2), B<setfsuid>(2), B<setreuid>(2), "
"B<capabilities>(7), B<credentials>(7)"
msgstr ""

#. type: TH
#: build/C/man7/svipc.7:40
#, no-wrap
msgid "SVIPC"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:43
msgid "svipc - System V interprocess communication mechanisms"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:48
#, no-wrap
msgid ""
"B<#include E<lt>sys/msg.hE<gt>>\n"
"B<#include E<lt>sys/sem.hE<gt>>\n"
"B<#include E<lt>sys/shm.hE<gt>>\n"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:56
msgid ""
"This manual page refers to the Linux implementation of the System V "
"interprocess communication (IPC) mechanisms: message queues, semaphore sets, "
"and shared memory segments.  In the following, the word I<resource> means an "
"instantiation of one among such mechanisms."
msgstr ""

#. type: SS
#: build/C/man7/svipc.7:56
#, no-wrap
msgid "Resource access permissions"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:64
msgid ""
"For each resource, the system uses a common structure of type I<struct "
"ipc_perm> to store information needed in determining permissions to perform "
"an IPC operation.  The I<ipc_perm> structure includes the following members:"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:74
#, no-wrap
msgid ""
"struct ipc_perm {\n"
"    uid_t          cuid;   /* creator user ID */\n"
"    gid_t          cgid;   /* creator group ID */\n"
"    uid_t          uid;    /* owner user ID */\n"
"    gid_t          gid;    /* owner group ID */\n"
"    unsigned short mode;   /* r/w permissions */\n"
"};\n"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:84
msgid ""
"The I<mode> member of the I<ipc_perm> structure defines, with its lower 9 "
"bits, the access permissions to the resource for a process executing an IPC "
"system call.  The permissions are interpreted as follows:"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:88
#, no-wrap
msgid ""
"    0400    Read by user.\n"
"    0200    Write by user.\n"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:91
#, no-wrap
msgid ""
"    0040    Read by group.\n"
"    0020    Write by group.\n"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:94
#, no-wrap
msgid ""
"    0004    Read by others.\n"
"    0002    Write by others.\n"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:102
msgid ""
"Bits 0100, 0010, and 0001 (the execute bits) are unused by the system.  "
"Furthermore, \"write\" effectively means \"alter\" for a semaphore set."
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:105
msgid "The same system header file also defines the following symbolic constants:"
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:105
#, no-wrap
msgid "B<IPC_CREAT>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:108
msgid "Create entry if key doesn't exist."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:108
#, no-wrap
msgid "B<IPC_EXCL>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:111
msgid "Fail if key exists."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:111
#, no-wrap
msgid "B<IPC_NOWAIT>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:114
msgid "Error if request must wait."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:114
#, no-wrap
msgid "B<IPC_PRIVATE>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:117
msgid "Private key."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:117
#, no-wrap
msgid "B<IPC_RMID>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:120
msgid "Remove resource."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:120
#, no-wrap
msgid "B<IPC_SET>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:123
msgid "Set resource options."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:123
#, no-wrap
msgid "B<IPC_STAT>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:126
msgid "Get resource options."
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:135
msgid ""
"Note that B<IPC_PRIVATE> is a I<key_t> type, while all the other symbolic "
"constants are flag fields and can be OR'ed into an I<int> type variable."
msgstr ""

#. type: SS
#: build/C/man7/svipc.7:135
#, no-wrap
msgid "Message queues"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:143
msgid ""
"A message queue is uniquely identified by a positive integer (its I<msqid>)  "
"and has an associated data structure of type I<struct msqid_ds>, defined in "
"I<E<lt>sys/msg.hE<gt>>, containing the following members:"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:156
#, no-wrap
msgid ""
"struct msqid_ds {\n"
"    struct ipc_perm msg_perm;\n"
"    msgqnum_t       msg_qnum;    /* no of messages on queue */\n"
"    msglen_t        msg_qbytes;  /* bytes max on a queue */\n"
"    pid_t           msg_lspid;   /* PID of last msgsnd(2) call */\n"
"    pid_t           msg_lrpid;   /* PID of last msgrcv(2) call */\n"
"    time_t          msg_stime;   /* last msgsnd(2) time */\n"
"    time_t          msg_rtime;   /* last msgrcv(2) time */\n"
"    time_t          msg_ctime;   /* last change time */\n"
"};\n"
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:158
#, no-wrap
msgid "I<msg_perm>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:163
msgid ""
"I<ipc_perm> structure that specifies the access permissions on the message "
"queue."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:163
#, no-wrap
msgid "I<msg_qnum>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:166
msgid "Number of messages currently on the message queue."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:166
#, no-wrap
msgid "I<msg_qbytes>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:170
msgid "Maximum number of bytes of message text allowed on the message queue."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:170
#, no-wrap
msgid "I<msg_lspid>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:175
msgid "ID of the process that performed the last B<msgsnd>(2)  system call."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:175
#, no-wrap
msgid "I<msg_lrpid>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:180
msgid "ID of the process that performed the last B<msgrcv>(2)  system call."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:180
#, no-wrap
msgid "I<msg_stime>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:185
msgid "Time of the last B<msgsnd>(2)  system call."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:185
#, no-wrap
msgid "I<msg_rtime>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:190
msgid "Time of the last B<msgrcv>(2)  system call."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:190
#, no-wrap
msgid "I<msg_ctime>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:196
msgid ""
"Time of the last system call that changed a member of the I<msqid_ds> "
"structure."
msgstr ""

#. type: SS
#: build/C/man7/svipc.7:196
#, no-wrap
msgid "Semaphore sets"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:204
msgid ""
"A semaphore set is uniquely identified by a positive integer (its I<semid>)  "
"and has an associated data structure of type I<struct semid_ds>, defined in "
"I<E<lt>sys/sem.hE<gt>>, containing the following members:"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:213
#, no-wrap
msgid ""
"struct semid_ds {\n"
"    struct ipc_perm sem_perm;\n"
"    time_t          sem_otime;   /* last operation time */\n"
"    time_t          sem_ctime;   /* last change time */\n"
"    unsigned long   sem_nsems;   /* count of sems in set */\n"
"};\n"
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:215
#, no-wrap
msgid "I<sem_perm>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:220
msgid ""
"I<ipc_perm> structure that specifies the access permissions on the semaphore "
"set."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:220
#, no-wrap
msgid "I<sem_otime>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:225
msgid "Time of last B<semop>(2)  system call."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:225
#, no-wrap
msgid "I<sem_ctime>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:231
msgid ""
"Time of last B<semctl>(2)  system call that changed a member of the above "
"structure or of one semaphore belonging to the set."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:231
#, no-wrap
msgid "I<sem_nsems>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:239
msgid ""
"Number of semaphores in the set.  Each semaphore of the set is referenced by "
"a nonnegative integer ranging from B<0> to I<sem_nsems-1>."
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:243
msgid ""
"A semaphore is a data structure of type I<struct sem> containing the "
"following members:"
msgstr ""

#.     unsigned short semncnt; /* nr awaiting semval to increase */
#.     unsigned short semzcnt; /* nr awaiting semval = 0 */
#. type: Plain text
#: build/C/man7/svipc.7:252
#, no-wrap
msgid ""
"struct sem {\n"
"    int semval;  /* semaphore value */\n"
"    int sempid;  /* PID for last operation */\n"
"};\n"
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:254
#, no-wrap
msgid "I<semval>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:257
msgid "Semaphore value: a nonnegative integer."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:257
#, no-wrap
msgid "I<sempid>"
msgstr ""

#. .TP
#. .I semncnt
#. Number of processes suspended awaiting for
#. .I semval
#. to increase.
#. .TP
#. .I semznt
#. Number of processes suspended awaiting for
#. .I semval
#. to become zero.
#. type: Plain text
#: build/C/man7/svipc.7:271
msgid ""
"ID of the last process that performed a semaphore operation on this "
"semaphore."
msgstr ""

#. type: SS
#: build/C/man7/svipc.7:271
#, no-wrap
msgid "Shared memory segments"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:279
msgid ""
"A shared memory segment is uniquely identified by a positive integer (its "
"I<shmid>)  and has an associated data structure of type I<struct shmid_ds>, "
"defined in I<E<lt>sys/shm.hE<gt>>, containing the following members:"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:292
#, no-wrap
msgid ""
"struct shmid_ds {\n"
"    struct ipc_perm shm_perm;\n"
"    size_t          shm_segsz;   /* size of segment */\n"
"    pid_t           shm_cpid;    /* PID of creator */\n"
"    pid_t           shm_lpid;    /* PID, last operation */\n"
"    shmatt_t        shm_nattch;  /* no. of current attaches */\n"
"    time_t          shm_atime;   /* time of last attach */\n"
"    time_t          shm_dtime;   /* time of last detach */\n"
"    time_t          shm_ctime;   /* time of last change */\n"
"};\n"
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:294
#, no-wrap
msgid "I<shm_perm>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:299
msgid ""
"I<ipc_perm> structure that specifies the access permissions on the shared "
"memory segment."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:299
#, no-wrap
msgid "I<shm_segsz>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:302
msgid "Size in bytes of the shared memory segment."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:302
#, no-wrap
msgid "I<shm_cpid>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:305
msgid "ID of the process that created the shared memory segment."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:305
#, no-wrap
msgid "I<shm_lpid>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:312
msgid ""
"ID of the last process that executed a B<shmat>(2)  or B<shmdt>(2)  system "
"call."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:312
#, no-wrap
msgid "I<shm_nattch>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:315
msgid "Number of current alive attaches for this shared memory segment."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:315
#, no-wrap
msgid "I<shm_atime>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:320
msgid "Time of the last B<shmat>(2)  system call."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:320
#, no-wrap
msgid "I<shm_dtime>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:325
msgid "Time of the last B<shmdt>(2)  system call."
msgstr ""

#. type: TP
#: build/C/man7/svipc.7:325
#, no-wrap
msgid "I<shm_ctime>"
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:331
msgid "Time of the last B<shmctl>(2)  system call that changed I<shmid_ds>."
msgstr ""

#. type: Plain text
#: build/C/man7/svipc.7:348
msgid ""
"B<ipcmk>(1), B<ipcrm>(1), B<ipcs>(1), B<ipc>(2), B<msgctl>(2), B<msgget>(2), "
"B<msgrcv>(2), B<msgsnd>(2), B<semctl>(2), B<semget>(2), B<semop>(2), "
"B<shmat>(2), B<shmctl>(2), B<shmdt>(2), B<shmget>(2), B<ftok>(3)"
msgstr ""

#. type: TH
#: build/C/man3/ulimit.3:27
#, no-wrap
msgid "ULIMIT"
msgstr ""

#. type: TH
#: build/C/man3/ulimit.3:27
#, no-wrap
msgid "2008-08-06"
msgstr ""

#. type: Plain text
#: build/C/man3/ulimit.3:30
msgid "ulimit - get and set user limits"
msgstr ""

#. type: Plain text
#: build/C/man3/ulimit.3:32
msgid "B<#include E<lt>ulimit.hE<gt>>"
msgstr ""

#. type: Plain text
#: build/C/man3/ulimit.3:34
msgid "B<long ulimit(int >I<cmd>B<, long >I<newlimit>B<);>"
msgstr ""

#. type: Plain text
#: build/C/man3/ulimit.3:46
msgid ""
"Warning: This routine is obsolete.  Use B<getrlimit>(2), B<setrlimit>(2), "
"and B<sysconf>(3)  instead.  For the shell command B<ulimit>(), see "
"B<bash>(1)."
msgstr ""

#. type: Plain text
#: build/C/man3/ulimit.3:53
msgid ""
"The B<ulimit>()  call will get or set some limit for the calling process.  "
"The I<cmd> argument can have one of the following values."
msgstr ""

#. type: TP
#: build/C/man3/ulimit.3:53
#, no-wrap
msgid "B<UL_GETFSIZE>"
msgstr ""

#. type: Plain text
#: build/C/man3/ulimit.3:56
msgid "Return the limit on the size of a file, in units of 512 bytes."
msgstr ""

#. type: TP
#: build/C/man3/ulimit.3:56
#, no-wrap
msgid "B<UL_SETFSIZE>"
msgstr ""

#. type: Plain text
#: build/C/man3/ulimit.3:59
msgid "Set the limit on the size of a file."
msgstr ""

#. type: TP
#: build/C/man3/ulimit.3:59
#, no-wrap
msgid "B<3>"
msgstr ""

#. type: Plain text
#: build/C/man3/ulimit.3:63
msgid ""
"(Not implemented for Linux.)  Return the maximum possible address of the "
"data segment."
msgstr ""

#. type: TP
#: build/C/man3/ulimit.3:63
#, no-wrap
msgid "B<4>"
msgstr ""

#. type: Plain text
#: build/C/man3/ulimit.3:67
msgid ""
"(Implemented but no symbolic constant provided.)  Return the maximum number "
"of files that the calling process can open."
msgstr ""

#. type: Plain text
#: build/C/man3/ulimit.3:74
msgid ""
"On success, B<ulimit>()  returns a nonnegative value.  On error, -1 is "
"returned, and I<errno> is set appropriately."
msgstr ""

#. type: Plain text
#: build/C/man3/ulimit.3:78
msgid "A unprivileged process tried to increase a limit."
msgstr ""

#. type: Plain text
#: build/C/man3/ulimit.3:83
msgid "SVr4, POSIX.1-2001.  POSIX.1-2008 marks B<ulimit>()  as obsolete."
msgstr ""

#. type: Plain text
#: build/C/man3/ulimit.3:88
msgid "B<bash>(1), B<getrlimit>(2), B<setrlimit>(2), B<sysconf>(3)"
msgstr ""