1 # SOME DESCRIPTIVE TITLE
2 # Copyright (C) YEAR Free Software Foundation, Inc.
3 # This file is distributed under the same license as the PACKAGE package.
4 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
9 "Project-Id-Version: PACKAGE VERSION\n"
10 "POT-Creation-Date: 2013-04-30 20:29+0900\n"
11 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
12 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13 "Language-Team: LANGUAGE <LL@li.org>\n"
16 "Content-Type: text/plain; charset=UTF-8\n"
17 "Content-Transfer-Encoding: 8bit\n"
20 #: build/C/man2/acct.2:31 build/C/man5/acct.5:25
26 #: build/C/man2/acct.2:31
32 #: build/C/man2/acct.2:31 build/C/man5/acct.5:25 build/C/man7/capabilities.7:48 build/C/man2/capget.2:15 build/C/man7/cpuset.7:25 build/C/man7/credentials.7:27 build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getpid.2:25 build/C/man2/getpriority.2:48 build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:64 build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26 build/C/man2/getuid.2:26 build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:24 build/C/man2/ipc.2:25 build/C/man2/seteuid.2:29 build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29 build/C/man2/setpgid.2:48 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setsid.2:30 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man3/ulimit.3:27
38 #: build/C/man2/acct.2:31 build/C/man5/acct.5:25 build/C/man7/capabilities.7:48 build/C/man2/capget.2:15 build/C/man7/cpuset.7:25 build/C/man7/credentials.7:27 build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getpid.2:25 build/C/man2/getpriority.2:48 build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:64 build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26 build/C/man2/getuid.2:26 build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:24 build/C/man2/ipc.2:25 build/C/man2/seteuid.2:29 build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29 build/C/man2/setpgid.2:48 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setsid.2:30 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man3/ulimit.3:27
40 msgid "Linux Programmer's Manual"
44 #: build/C/man2/acct.2:32 build/C/man5/acct.5:26 build/C/man7/capabilities.7:49 build/C/man2/capget.2:16 build/C/man7/cpuset.7:26 build/C/man7/credentials.7:28 build/C/man2/getgid.2:26 build/C/man2/getgroups.2:32 build/C/man2/getpid.2:26 build/C/man2/getpriority.2:49 build/C/man2/getresuid.2:29 build/C/man2/getrlimit.2:65 build/C/man2/getrusage.2:40 build/C/man2/getsid.2:27 build/C/man2/getuid.2:27 build/C/man2/iopl.2:34 build/C/man2/ioprio_set.2:25 build/C/man2/ipc.2:26 build/C/man2/seteuid.2:30 build/C/man2/setfsgid.2:32 build/C/man2/setfsuid.2:32 build/C/man2/setgid.2:30 build/C/man2/setpgid.2:49 build/C/man2/setresuid.2:27 build/C/man2/setreuid.2:46 build/C/man2/setsid.2:31 build/C/man2/setuid.2:31 build/C/man7/svipc.7:41 build/C/man3/ulimit.3:28
50 #: build/C/man2/acct.2:34
51 msgid "acct - switch process accounting on or off"
55 #: build/C/man2/acct.2:34 build/C/man5/acct.5:28 build/C/man2/capget.2:18 build/C/man2/getgid.2:28 build/C/man2/getgroups.2:34 build/C/man2/getpid.2:28 build/C/man2/getpriority.2:51 build/C/man2/getresuid.2:31 build/C/man2/getrlimit.2:67 build/C/man2/getrusage.2:42 build/C/man2/getsid.2:29 build/C/man2/getuid.2:29 build/C/man2/iopl.2:36 build/C/man2/ioprio_set.2:27 build/C/man2/ipc.2:28 build/C/man2/seteuid.2:32 build/C/man2/setfsgid.2:34 build/C/man2/setfsuid.2:34 build/C/man2/setgid.2:32 build/C/man2/setpgid.2:51 build/C/man2/setresuid.2:29 build/C/man2/setreuid.2:48 build/C/man2/setsid.2:33 build/C/man2/setuid.2:33 build/C/man7/svipc.7:43 build/C/man3/ulimit.3:30
61 #: build/C/man2/acct.2:38
63 msgid "B<#include E<lt>unistd.hE<gt>>\n"
67 #: build/C/man2/acct.2:40
69 msgid "B<int acct(const char *>I<filename>B<);>\n"
73 #: build/C/man2/acct.2:46 build/C/man2/getgroups.2:48 build/C/man2/getrlimit.2:84 build/C/man2/getsid.2:37 build/C/man2/seteuid.2:44 build/C/man2/setpgid.2:71 build/C/man2/setreuid.2:60
74 msgid "Feature Test Macro Requirements for glibc (see B<feature_test_macros>(7)):"
78 #: build/C/man2/acct.2:50
79 msgid "B<acct>(): _BSD_SOURCE || (_XOPEN_SOURCE && _XOPEN_SOURCE\\ E<lt>\\ 500)"
83 #: build/C/man2/acct.2:50 build/C/man5/acct.5:30 build/C/man7/capabilities.7:51 build/C/man2/capget.2:24 build/C/man7/cpuset.7:28 build/C/man7/credentials.7:30 build/C/man2/getgid.2:36 build/C/man2/getgroups.2:52 build/C/man2/getpid.2:36 build/C/man2/getpriority.2:59 build/C/man2/getresuid.2:39 build/C/man2/getrlimit.2:88 build/C/man2/getrusage.2:48 build/C/man2/getsid.2:50 build/C/man2/getuid.2:37 build/C/man2/iopl.2:40 build/C/man2/ioprio_set.2:35 build/C/man2/ipc.2:34 build/C/man2/seteuid.2:53 build/C/man2/setfsgid.2:39 build/C/man2/setfsuid.2:39 build/C/man2/setgid.2:38 build/C/man2/setpgid.2:98 build/C/man2/setresuid.2:37 build/C/man2/setreuid.2:70 build/C/man2/setsid.2:40 build/C/man2/setuid.2:39 build/C/man7/svipc.7:49 build/C/man3/ulimit.3:34
89 #: build/C/man2/acct.2:59
91 "The B<acct>() system call enables or disables process accounting. If "
92 "called with the name of an existing file as its argument, accounting is "
93 "turned on, and records for each terminating process are appended to "
94 "I<filename> as it terminates. An argument of NULL causes accounting to be "
99 #: build/C/man2/acct.2:59 build/C/man2/capget.2:160 build/C/man2/getgroups.2:92 build/C/man2/getpriority.2:107 build/C/man2/getresuid.2:50 build/C/man2/getrlimit.2:430 build/C/man2/getrusage.2:181 build/C/man2/getsid.2:58 build/C/man2/iopl.2:66 build/C/man2/ioprio_set.2:149 build/C/man2/seteuid.2:67 build/C/man2/setfsgid.2:69 build/C/man2/setfsuid.2:69 build/C/man2/setgid.2:53 build/C/man2/setpgid.2:172 build/C/man2/setresuid.2:64 build/C/man2/setreuid.2:91 build/C/man2/setsid.2:51 build/C/man2/setuid.2:70 build/C/man3/ulimit.3:67
105 #: build/C/man2/acct.2:64 build/C/man2/capget.2:165 build/C/man2/getresuid.2:55 build/C/man2/getrusage.2:186 build/C/man2/iopl.2:71 build/C/man2/seteuid.2:72 build/C/man2/setgid.2:58 build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:96 build/C/man2/setuid.2:75
107 "On success, zero is returned. On error, -1 is returned, and I<errno> is set "
112 #: build/C/man2/acct.2:64 build/C/man2/capget.2:179 build/C/man7/cpuset.7:1100 build/C/man2/getgid.2:42 build/C/man2/getgroups.2:106 build/C/man2/getpid.2:44 build/C/man2/getpriority.2:120 build/C/man2/getresuid.2:55 build/C/man2/getrlimit.2:435 build/C/man2/getrusage.2:186 build/C/man2/getsid.2:63 build/C/man2/getuid.2:43 build/C/man2/iopl.2:71 build/C/man2/ioprio_set.2:169 build/C/man2/seteuid.2:72 build/C/man2/setgid.2:58 build/C/man2/setpgid.2:193 build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:96 build/C/man2/setsid.2:58 build/C/man2/setuid.2:75 build/C/man3/ulimit.3:74
118 #: build/C/man2/acct.2:65 build/C/man7/cpuset.7:1116 build/C/man7/cpuset.7:1123 build/C/man7/cpuset.7:1129 build/C/man7/cpuset.7:1137 build/C/man7/cpuset.7:1144 build/C/man2/getpriority.2:140 build/C/man2/setpgid.2:194
124 #: build/C/man2/acct.2:76
126 "Write permission is denied for the specified file, or search permission is "
127 "denied for one of the directories in the path prefix of I<filename> (see "
128 "also B<path_resolution>(7)), or I<filename> is not a regular file."
132 #: build/C/man2/acct.2:76 build/C/man2/capget.2:180 build/C/man7/cpuset.7:1172 build/C/man2/getgroups.2:107 build/C/man2/getresuid.2:56 build/C/man2/getrlimit.2:436 build/C/man2/getrusage.2:187
138 #: build/C/man2/acct.2:80
139 msgid "I<filename> points outside your accessible address space."
143 #: build/C/man2/acct.2:80 build/C/man7/cpuset.7:1238 build/C/man7/cpuset.7:1246
149 #: build/C/man2/acct.2:84
150 msgid "Error writing to the file I<filename>."
154 #: build/C/man2/acct.2:84
160 #: build/C/man2/acct.2:88
161 msgid "I<filename> is a directory."
165 #: build/C/man2/acct.2:88
171 #: build/C/man2/acct.2:92
172 msgid "Too many symbolic links were encountered in resolving I<filename>."
176 #: build/C/man2/acct.2:92 build/C/man7/cpuset.7:1251 build/C/man7/cpuset.7:1258 build/C/man7/cpuset.7:1263
178 msgid "B<ENAMETOOLONG>"
182 #: build/C/man2/acct.2:96
183 msgid "I<filename> was too long."
187 #: build/C/man2/acct.2:96
193 #: build/C/man2/acct.2:99
194 msgid "The system limit on the total number of open files has been reached."
198 #: build/C/man2/acct.2:99 build/C/man7/cpuset.7:1275 build/C/man7/cpuset.7:1280
204 #: build/C/man2/acct.2:102
205 msgid "The specified filename does not exist."
209 #: build/C/man2/acct.2:102 build/C/man7/cpuset.7:1287 build/C/man2/getgroups.2:127
215 #: build/C/man2/acct.2:105 build/C/man2/getgroups.2:130
216 msgid "Out of memory."
220 #: build/C/man2/acct.2:105 build/C/man2/iopl.2:76
226 #: build/C/man2/acct.2:111
228 "BSD process accounting has not been enabled when the operating system kernel "
229 "was compiled. The kernel configuration parameter controlling this feature "
230 "is B<CONFIG_BSD_PROCESS_ACCT>."
234 #: build/C/man2/acct.2:111 build/C/man7/cpuset.7:1314
240 #: build/C/man2/acct.2:116
241 msgid "A component used as a directory in I<filename> is not in fact a directory."
245 #: build/C/man2/acct.2:116 build/C/man2/capget.2:191 build/C/man2/capget.2:196 build/C/man7/cpuset.7:1319 build/C/man2/getgroups.2:130 build/C/man2/getpriority.2:152 build/C/man2/getrlimit.2:452 build/C/man2/getsid.2:64 build/C/man2/iopl.2:79 build/C/man2/ioprio_set.2:179 build/C/man2/seteuid.2:75 build/C/man2/setgid.2:59 build/C/man2/setpgid.2:208 build/C/man2/setresuid.2:77 build/C/man2/setreuid.2:97 build/C/man2/setsid.2:59 build/C/man2/setuid.2:85 build/C/man3/ulimit.3:75
251 #: build/C/man2/acct.2:122
253 "The calling process has insufficient privilege to enable process "
254 "accounting. On Linux the B<CAP_SYS_PACCT> capability is required."
258 #: build/C/man2/acct.2:122
264 #: build/C/man2/acct.2:126
265 msgid "I<filename> refers to a file on a read-only file system."
269 #: build/C/man2/acct.2:126
275 #: build/C/man2/acct.2:129
276 msgid "There are no more free file structures or we ran out of memory."
280 #: build/C/man2/acct.2:129 build/C/man5/acct.5:153 build/C/man7/capabilities.7:1070 build/C/man2/capget.2:218 build/C/man7/credentials.7:234 build/C/man2/getgid.2:44 build/C/man2/getgroups.2:133 build/C/man2/getpid.2:46 build/C/man2/getpriority.2:160 build/C/man2/getresuid.2:67 build/C/man2/getrlimit.2:473 build/C/man2/getrusage.2:195 build/C/man2/getsid.2:79 build/C/man2/getuid.2:45 build/C/man2/iopl.2:87 build/C/man2/ioprio_set.2:196 build/C/man2/ipc.2:45 build/C/man2/seteuid.2:91 build/C/man2/setfsgid.2:80 build/C/man2/setfsuid.2:80 build/C/man2/setgid.2:66 build/C/man2/setpgid.2:227 build/C/man2/setresuid.2:83 build/C/man2/setreuid.2:113 build/C/man2/setsid.2:65 build/C/man2/setuid.2:92 build/C/man3/ulimit.3:78
282 msgid "CONFORMING TO"
285 #. SVr4 documents an EBUSY error condition, but no EISDIR or ENOSYS.
286 #. Also AIX and HP-UX document EBUSY (attempt is made
287 #. to enable accounting when it is already enabled), as does Solaris
288 #. (attempt is made to enable accounting using the same file that is
289 #. currently being used).
291 #: build/C/man2/acct.2:136
292 msgid "SVr4, 4.3BSD (but not POSIX)."
296 #: build/C/man2/acct.2:136 build/C/man5/acct.5:157 build/C/man7/capabilities.7:1076 build/C/man2/capget.2:220 build/C/man7/cpuset.7:1341 build/C/man7/credentials.7:240 build/C/man2/getgid.2:46 build/C/man2/getgroups.2:141 build/C/man2/getpid.2:48 build/C/man2/getpriority.2:163 build/C/man2/getresuid.2:70 build/C/man2/getrlimit.2:496 build/C/man2/getrusage.2:206 build/C/man2/getsid.2:81 build/C/man2/getuid.2:47 build/C/man2/iopl.2:91 build/C/man2/ioprio_set.2:198 build/C/man2/ipc.2:49 build/C/man2/seteuid.2:93 build/C/man2/setfsgid.2:84 build/C/man2/setfsuid.2:84 build/C/man2/setgid.2:68 build/C/man2/setpgid.2:249 build/C/man2/setresuid.2:86 build/C/man2/setreuid.2:119 build/C/man2/setsid.2:67 build/C/man2/setuid.2:97
302 #: build/C/man2/acct.2:139
304 "No accounting is produced for programs running when a system crash occurs. "
305 "In particular, nonterminating processes are never accounted for."
309 #: build/C/man2/acct.2:142
311 "The structure of the records written to the accounting file is described in "
316 #: build/C/man2/acct.2:142 build/C/man5/acct.5:174 build/C/man7/capabilities.7:1132 build/C/man2/capget.2:228 build/C/man7/cpuset.7:1488 build/C/man7/credentials.7:251 build/C/man2/getgid.2:62 build/C/man2/getgroups.2:171 build/C/man2/getpid.2:100 build/C/man2/getpriority.2:232 build/C/man2/getresuid.2:86 build/C/man2/getrlimit.2:656 build/C/man2/getrusage.2:246 build/C/man2/getsid.2:84 build/C/man2/getuid.2:73 build/C/man2/iopl.2:100 build/C/man2/ioprio_set.2:346 build/C/man2/ipc.2:57 build/C/man2/seteuid.2:124 build/C/man2/setfsgid.2:112 build/C/man2/setfsuid.2:112 build/C/man2/setgid.2:78 build/C/man2/setpgid.2:317 build/C/man2/setresuid.2:106 build/C/man2/setreuid.2:159 build/C/man2/setsid.2:84 build/C/man2/setuid.2:120 build/C/man7/svipc.7:331 build/C/man3/ulimit.3:83
322 #: build/C/man2/acct.2:144
327 #: build/C/man2/acct.2:144 build/C/man5/acct.5:179 build/C/man7/capabilities.7:1152 build/C/man2/capget.2:232 build/C/man7/cpuset.7:1505 build/C/man7/credentials.7:282 build/C/man2/getgid.2:67 build/C/man2/getgroups.2:178 build/C/man2/getpid.2:110 build/C/man2/getpriority.2:240 build/C/man2/getresuid.2:92 build/C/man2/getrlimit.2:674 build/C/man2/getrusage.2:253 build/C/man2/getsid.2:88 build/C/man2/getuid.2:78 build/C/man2/iopl.2:104 build/C/man2/ioprio_set.2:354 build/C/man2/ipc.2:70 build/C/man2/seteuid.2:131 build/C/man2/setfsgid.2:117 build/C/man2/setfsuid.2:117 build/C/man2/setgid.2:84 build/C/man2/setpgid.2:324 build/C/man2/setresuid.2:115 build/C/man2/setreuid.2:167 build/C/man2/setsid.2:91 build/C/man2/setuid.2:127 build/C/man7/svipc.7:348 build/C/man3/ulimit.3:88
333 #: build/C/man2/acct.2:151 build/C/man5/acct.5:186 build/C/man7/capabilities.7:1159 build/C/man2/capget.2:239 build/C/man7/cpuset.7:1512 build/C/man7/credentials.7:289 build/C/man2/getgid.2:74 build/C/man2/getgroups.2:185 build/C/man2/getpid.2:117 build/C/man2/getpriority.2:247 build/C/man2/getresuid.2:99 build/C/man2/getrlimit.2:681 build/C/man2/getrusage.2:260 build/C/man2/getsid.2:95 build/C/man2/getuid.2:85 build/C/man2/iopl.2:111 build/C/man2/ioprio_set.2:361 build/C/man2/ipc.2:77 build/C/man2/seteuid.2:138 build/C/man2/setfsgid.2:124 build/C/man2/setfsuid.2:124 build/C/man2/setgid.2:91 build/C/man2/setpgid.2:331 build/C/man2/setresuid.2:122 build/C/man2/setreuid.2:174 build/C/man2/setsid.2:98 build/C/man2/setuid.2:134 build/C/man7/svipc.7:355 build/C/man3/ulimit.3:95
335 "This page is part of release 3.51 of the Linux I<man-pages> project. A "
336 "description of the project, and information about reporting bugs, can be "
337 "found at http://www.kernel.org/doc/man-pages/."
341 #: build/C/man5/acct.5:25
347 #: build/C/man5/acct.5:28
348 msgid "acct - process accounting file"
352 #: build/C/man5/acct.5:30
353 msgid "B<#include E<lt>sys/acct.hE<gt>>"
357 #: build/C/man5/acct.5:36
359 "If the kernel is built with the process accounting option enabled "
360 "(B<CONFIG_BSD_PROCESS_ACCT>), then calling B<acct>(2) starts process "
361 "accounting, for example:"
365 #: build/C/man5/acct.5:39
366 msgid "acct(\"/var/log/pacct\");"
370 #: build/C/man5/acct.5:47
372 "When process accounting is enabled, the kernel writes a record to the "
373 "accounting file as each process on the system terminates. This record "
374 "contains information about the terminated process, and is defined in "
375 "I<E<lt>sys/acct.hE<gt>> as follows:"
379 #: build/C/man5/acct.5:51
381 msgid "#define ACCT_COMM 16\n"
385 #: build/C/man5/acct.5:53
387 msgid "typedef u_int16_t comp_t;\n"
391 #: build/C/man5/acct.5:77
395 " char ac_flag; /* Accounting flags */\n"
396 " u_int16_t ac_uid; /* Accounting user ID */\n"
397 " u_int16_t ac_gid; /* Accounting group ID */\n"
398 " u_int16_t ac_tty; /* Controlling terminal */\n"
399 " u_int32_t ac_btime; /* Process creation time\n"
400 " (seconds since the Epoch) */\n"
401 " comp_t ac_utime; /* User CPU time */\n"
402 " comp_t ac_stime; /* System CPU time */\n"
403 " comp_t ac_etime; /* Elapsed time */\n"
404 " comp_t ac_mem; /* Average memory usage (kB) */\n"
405 " comp_t ac_io; /* Characters transferred (unused) */\n"
406 " comp_t ac_rw; /* Blocks read or written (unused) */\n"
407 " comp_t ac_minflt; /* Minor page faults */\n"
408 " comp_t ac_majflt; /* Major page faults */\n"
409 " comp_t ac_swaps; /* Number of swaps (unused) */\n"
410 " u_int32_t ac_exitcode; /* Process termination status\n"
411 " (see wait(2)) */\n"
412 " char ac_comm[ACCT_COMM+1];\n"
413 " /* Command name (basename of last\n"
414 " executed command; null-terminated) */\n"
415 " char ac_pad[I<X>]; /* padding bytes */\n"
420 #: build/C/man5/acct.5:84
423 "enum { /* Bits that may be set in ac_flag field */\n"
424 " AFORK = 0x01, /* Has executed fork, but no exec */\n"
425 " ASU = 0x02, /* Used superuser privileges */\n"
426 " ACORE = 0x08, /* Dumped core */\n"
427 " AXSIG = 0x10 /* Killed by a signal */\n"
432 #: build/C/man5/acct.5:94
434 "The I<comp_t> data type is a floating-point value consisting of a 3-bit, "
435 "base-8 exponent, and a 13-bit mantissa. A value, I<c>, of this type can be "
436 "converted to a (long) integer as follows:"
440 #: build/C/man5/acct.5:97
442 msgid " v = (c & 0x1fff) E<lt>E<lt> (((c E<gt>E<gt> 13) & 0x7) * 3);\n"
446 #: build/C/man5/acct.5:107
448 "The I<ac_utime>, I<ac_stime>, and I<ac_etime> fields measure time in \"clock "
449 "ticks\"; divide these values by I<sysconf(_SC_CLK_TCK)> to convert them to "
454 #: build/C/man5/acct.5:107
456 msgid "Version 3 accounting file format"
460 #: build/C/man5/acct.5:122
462 "Since kernel 2.6.8, an optional alternative version of the accounting file "
463 "can be produced if the B<CONFIG_BSD_PROCESS_ACCT_V3> option is set when "
464 "building the kernel. With this option is set, the records written to the "
465 "accounting file contain additional fields, and the width of I<c_uid> and "
466 "I<ac_gid> fields is widened from 16 to 32 bits (in line with the increased "
467 "size of UID and GIDs in Linux 2.4 and later). The records are defined as "
472 #: build/C/man5/acct.5:147
476 " char ac_flag; /* Flags */\n"
477 " char ac_version; /* Always set to ACCT_VERSION (3) */\n"
478 " u_int16_t ac_tty; /* Controlling terminal */\n"
479 " u_int32_t ac_exitcode; /* Process termination status */\n"
480 " u_int32_t ac_uid; /* Real user ID */\n"
481 " u_int32_t ac_gid; /* Real group ID */\n"
482 " u_int32_t ac_pid; /* Process ID */\n"
483 " u_int32_t ac_ppid; /* Parent process ID */\n"
484 " u_int32_t ac_btime; /* Process creation time */\n"
485 " float ac_etime; /* Elapsed time */\n"
486 " comp_t ac_utime; /* User CPU time */\n"
487 " comp_t ac_stime; /* System time */\n"
488 " comp_t ac_mem; /* Average memory usage (kB) */\n"
489 " comp_t ac_io; /* Characters transferred (unused) */\n"
490 " comp_t ac_rw; /* Blocks read or written\n"
492 " comp_t ac_minflt; /* Minor page faults */\n"
493 " comp_t ac_majflt; /* Major page faults */\n"
494 " comp_t ac_swaps; /* Number of swaps (unused) */\n"
495 " char ac_comm[ACCT_COMM]; /* Command name */\n"
500 #: build/C/man5/acct.5:149 build/C/man7/cpuset.7:1338 build/C/man2/getresuid.2:60 build/C/man2/getrlimit.2:468 build/C/man2/getsid.2:75 build/C/man2/ioprio_set.2:193 build/C/man2/setfsgid.2:76 build/C/man2/setfsuid.2:76 build/C/man2/setresuid.2:81
506 #: build/C/man5/acct.5:153
507 msgid "The I<acct_v3> structure is defined in glibc since version 2.6."
511 #: build/C/man5/acct.5:157
513 "Process accounting originated on BSD. Although it is present on most "
514 "systems, it is not standardized, and the details vary somewhat between "
519 #: build/C/man5/acct.5:160
521 "Records in the accounting file are ordered by termination time of the "
526 #: build/C/man5/acct.5:167
528 "In kernels up to and including 2.6.9, a separate accounting record is "
529 "written for each thread created using the NPTL threading library; since "
530 "Linux 2.6.10, a single accounting record is written for the entire process "
531 "on termination of the last thread in the process."
535 #: build/C/man5/acct.5:174
537 "The I<proc/sys/kernel/acct> file, described in B<proc>(5), defines settings "
538 "that control the behavior of process accounting when disk space runs low."
542 #: build/C/man5/acct.5:179
543 msgid "B<lastcomm>(1), B<acct>(2), B<accton>(8), B<sa>(8)"
547 #: build/C/man7/capabilities.7:48
553 #: build/C/man7/capabilities.7:48
559 #: build/C/man7/capabilities.7:51
560 msgid "capabilities - overview of Linux capabilities"
564 #: build/C/man7/capabilities.7:63
566 "For the purpose of performing permission checks, traditional UNIX "
567 "implementations distinguish two categories of processes: I<privileged> "
568 "processes (whose effective user ID is 0, referred to as superuser or root), "
569 "and I<unprivileged> processes (whose effective UID is nonzero). Privileged "
570 "processes bypass all kernel permission checks, while unprivileged processes "
571 "are subject to full permission checking based on the process's credentials "
572 "(usually: effective UID, effective GID, and supplementary group list)."
576 #: build/C/man7/capabilities.7:70
578 "Starting with kernel 2.2, Linux divides the privileges traditionally "
579 "associated with superuser into distinct units, known as I<capabilities>, "
580 "which can be independently enabled and disabled. Capabilities are a "
581 "per-thread attribute."
585 #: build/C/man7/capabilities.7:70
587 msgid "Capabilities list"
591 #: build/C/man7/capabilities.7:73
593 "The following list shows the capabilities implemented on Linux, and the "
594 "operations or behaviors that each capability permits:"
598 #: build/C/man7/capabilities.7:73
600 msgid "B<CAP_AUDIT_CONTROL> (since Linux 2.6.11)"
604 #: build/C/man7/capabilities.7:77
606 "Enable and disable kernel auditing; change auditing filter rules; retrieve "
607 "auditing status and filtering rules."
611 #: build/C/man7/capabilities.7:77
613 msgid "B<CAP_AUDIT_WRITE> (since Linux 2.6.11)"
617 #: build/C/man7/capabilities.7:80
618 msgid "Write records to kernel auditing log."
622 #: build/C/man7/capabilities.7:80
624 msgid "B<CAP_BLOCK_SUSPEND> (since Linux 3.5)"
628 #: build/C/man7/capabilities.7:86
630 "Employ features that can block system suspend (B<epoll>(7) B<EPOLLWAKEUP>, "
631 "I</proc/sys/wake_lock>)."
635 #: build/C/man7/capabilities.7:86
641 #: build/C/man7/capabilities.7:90
642 msgid "Make arbitrary changes to file UIDs and GIDs (see B<chown>(2))."
646 #: build/C/man7/capabilities.7:90
648 msgid "B<CAP_DAC_OVERRIDE>"
652 #: build/C/man7/capabilities.7:94
654 "Bypass file read, write, and execute permission checks. (DAC is an "
655 "abbreviation of \"discretionary access control\".)"
659 #: build/C/man7/capabilities.7:94
661 msgid "B<CAP_DAC_READ_SEARCH>"
665 #: build/C/man7/capabilities.7:98
667 "Bypass file read permission checks and directory read and execute permission "
672 #: build/C/man7/capabilities.7:98
674 msgid "B<CAP_FOWNER>"
678 #: build/C/man7/capabilities.7:102 build/C/man7/capabilities.7:112 build/C/man7/capabilities.7:116 build/C/man7/capabilities.7:118 build/C/man7/capabilities.7:120 build/C/man7/capabilities.7:190 build/C/man7/capabilities.7:192 build/C/man7/capabilities.7:194 build/C/man7/capabilities.7:196 build/C/man7/capabilities.7:198 build/C/man7/capabilities.7:200 build/C/man7/capabilities.7:202 build/C/man7/capabilities.7:204 build/C/man7/capabilities.7:206 build/C/man7/capabilities.7:230 build/C/man7/capabilities.7:232 build/C/man7/capabilities.7:278 build/C/man7/capabilities.7:288 build/C/man7/capabilities.7:294 build/C/man7/capabilities.7:299 build/C/man7/capabilities.7:305 build/C/man7/capabilities.7:312 build/C/man7/capabilities.7:315 build/C/man7/capabilities.7:323 build/C/man7/capabilities.7:325 build/C/man7/capabilities.7:334 build/C/man7/capabilities.7:341 build/C/man7/capabilities.7:344 build/C/man7/capabilities.7:348 build/C/man7/capabilities.7:351 build/C/man7/capabilities.7:354 build/C/man7/capabilities.7:361 build/C/man7/capabilities.7:366 build/C/man7/capabilities.7:372 build/C/man7/capabilities.7:376 build/C/man7/capabilities.7:380 build/C/man7/capabilities.7:384 build/C/man7/capabilities.7:388 build/C/man7/capabilities.7:415 build/C/man7/capabilities.7:420 build/C/man7/capabilities.7:425 build/C/man7/capabilities.7:428 build/C/man7/capabilities.7:431 build/C/man7/capabilities.7:440 build/C/man7/capabilities.7:444 build/C/man7/capabilities.7:470 build/C/man7/capabilities.7:475 build/C/man7/capabilities.7:478 build/C/man7/capabilities.7:483 build/C/man7/capabilities.7:486 build/C/man7/capabilities.7:489 build/C/man7/capabilities.7:492 build/C/man7/capabilities.7:495 build/C/man7/capabilities.7:500 build/C/man7/capabilities.7:502 build/C/man7/capabilities.7:508 build/C/man7/capabilities.7:516 build/C/man7/capabilities.7:518 build/C/man7/capabilities.7:522 build/C/man7/capabilities.7:524 build/C/man7/capabilities.7:527 build/C/man7/capabilities.7:531 build/C/man7/capabilities.7:533 build/C/man7/capabilities.7:535 build/C/man7/capabilities.7:537 build/C/man7/capabilities.7:546 build/C/man7/capabilities.7:553 build/C/man7/capabilities.7:558 build/C/man7/capabilities.7:563 build/C/man7/capabilities.7:568 build/C/man7/capabilities.7:591 build/C/man7/capabilities.7:598 build/C/man7/capabilities.7:797 build/C/man7/capabilities.7:805 build/C/man7/capabilities.7:1121 build/C/man7/capabilities.7:1126 build/C/man7/cpuset.7:540 build/C/man7/cpuset.7:545 build/C/man7/cpuset.7:550 build/C/man7/cpuset.7:726 build/C/man7/cpuset.7:730 build/C/man7/cpuset.7:927 build/C/man7/cpuset.7:930 build/C/man7/cpuset.7:934 build/C/man7/cpuset.7:938 build/C/man7/cpuset.7:942 build/C/man7/credentials.7:125 build/C/man7/credentials.7:131 build/C/man7/credentials.7:143 build/C/man7/credentials.7:165 build/C/man7/credentials.7:182 build/C/man7/credentials.7:214 build/C/man7/credentials.7:217 build/C/man7/credentials.7:227 build/C/man7/credentials.7:230
684 #: build/C/man7/capabilities.7:112
686 "Bypass permission checks on operations that normally require the file system "
687 "UID of the process to match the UID of the file (e.g., B<chmod>(2), "
688 "B<utime>(2)), excluding those operations covered by B<CAP_DAC_OVERRIDE> and "
689 "B<CAP_DAC_READ_SEARCH>;"
693 #: build/C/man7/capabilities.7:116
694 msgid "set extended file attributes (see B<chattr>(1)) on arbitrary files;"
698 #: build/C/man7/capabilities.7:118
699 msgid "set Access Control Lists (ACLs) on arbitrary files;"
703 #: build/C/man7/capabilities.7:120
704 msgid "ignore directory sticky bit on file deletion;"
708 #: build/C/man7/capabilities.7:127
709 msgid "specify B<O_NOATIME> for arbitrary files in B<open>(2) and B<fcntl>(2)."
713 #: build/C/man7/capabilities.7:129
715 msgid "B<CAP_FSETID>"
719 #: build/C/man7/capabilities.7:135
721 "Don't clear set-user-ID and set-group-ID permission bits when a file is "
722 "modified; set the set-group-ID bit for a file whose GID does not match the "
723 "file system or any of the supplementary GIDs of the calling process."
727 #: build/C/man7/capabilities.7:135
729 msgid "B<CAP_IPC_LOCK>"
732 #. FIXME As at Linux 3.2, there are some strange uses of this capability
733 #. in other places; they probably should be replaced with something else.
735 #: build/C/man7/capabilities.7:144
736 msgid "Lock memory (B<mlock>(2), B<mlockall>(2), B<mmap>(2), B<shmctl>(2))."
740 #: build/C/man7/capabilities.7:144
742 msgid "B<CAP_IPC_OWNER>"
746 #: build/C/man7/capabilities.7:147
747 msgid "Bypass permission checks for operations on System V IPC objects."
751 #: build/C/man7/capabilities.7:147
756 #. FIXME CAP_KILL also has an effect for threads + setting child
757 #. termination signal to other than SIGCHLD: without this
758 #. capability, the termination signal reverts to SIGCHLD
759 #. if the child does an exec(). What is the rationale
762 #: build/C/man7/capabilities.7:160
764 "Bypass permission checks for sending signals (see B<kill>(2)). This "
765 "includes use of the B<ioctl>(2) B<KDSIGACCEPT> operation."
769 #: build/C/man7/capabilities.7:160
771 msgid "B<CAP_LEASE> (since Linux 2.4)"
775 #: build/C/man7/capabilities.7:164
776 msgid "Establish leases on arbitrary files (see B<fcntl>(2))."
780 #: build/C/man7/capabilities.7:164
782 msgid "B<CAP_LINUX_IMMUTABLE>"
785 #. These attributes are now available on ext2, ext3, Reiserfs, XFS, JFS
787 #: build/C/man7/capabilities.7:173
789 "Set the B<FS_APPEND_FL> and B<FS_IMMUTABLE_FL> i-node flags (see "
794 #: build/C/man7/capabilities.7:173
796 msgid "B<CAP_MAC_ADMIN> (since Linux 2.6.25)"
800 #: build/C/man7/capabilities.7:177
802 "Override Mandatory Access Control (MAC). Implemented for the Smack Linux "
803 "Security Module (LSM)."
807 #: build/C/man7/capabilities.7:177
809 msgid "B<CAP_MAC_OVERRIDE> (since Linux 2.6.25)"
813 #: build/C/man7/capabilities.7:181
814 msgid "Allow MAC configuration or state changes. Implemented for the Smack LSM."
818 #: build/C/man7/capabilities.7:181
820 msgid "B<CAP_MKNOD> (since Linux 2.4)"
824 #: build/C/man7/capabilities.7:185
825 msgid "Create special files using B<mknod>(2)."
829 #: build/C/man7/capabilities.7:185
831 msgid "B<CAP_NET_ADMIN>"
835 #: build/C/man7/capabilities.7:188
836 msgid "Perform various network-related operations:"
840 #: build/C/man7/capabilities.7:192
841 msgid "interface configuration;"
845 #: build/C/man7/capabilities.7:194
846 msgid "administration of IP firewall, masquerading, and accounting;"
850 #: build/C/man7/capabilities.7:196
851 msgid "modify routing tables;"
855 #: build/C/man7/capabilities.7:198
856 msgid "bind to any address for transparent proxying;"
860 #: build/C/man7/capabilities.7:200
861 msgid "set type-of-service (TOS)"
865 #: build/C/man7/capabilities.7:202
866 msgid "clear driver statistics;"
870 #: build/C/man7/capabilities.7:204
871 msgid "set promiscuous mode;"
875 #: build/C/man7/capabilities.7:206
876 msgid "enabling multicasting;"
880 #: build/C/man7/capabilities.7:217
882 "use B<setsockopt>(2) to set the following socket options: B<SO_DEBUG>, "
883 "B<SO_MARK>, B<SO_PRIORITY> (for a priority outside the range 0 to 6), "
884 "B<SO_RCVBUFFORCE>, and B<SO_SNDBUFFORCE>."
888 #: build/C/man7/capabilities.7:219
890 msgid "B<CAP_NET_BIND_SERVICE>"
894 #: build/C/man7/capabilities.7:223
896 "Bind a socket to Internet domain privileged ports (port numbers less than "
901 #: build/C/man7/capabilities.7:223
903 msgid "B<CAP_NET_BROADCAST>"
907 #: build/C/man7/capabilities.7:226
908 msgid "(Unused) Make socket broadcasts, and listen to multicasts."
912 #: build/C/man7/capabilities.7:226
914 msgid "B<CAP_NET_RAW>"
918 #: build/C/man7/capabilities.7:232
919 msgid "use RAW and PACKET sockets;"
923 #: build/C/man7/capabilities.7:234
924 msgid "bind to any address for transparent proxying."
928 #: build/C/man7/capabilities.7:237
930 msgid "B<CAP_SETGID>"
934 #: build/C/man7/capabilities.7:241
936 "Make arbitrary manipulations of process GIDs and supplementary GID list; "
937 "forge GID when passing socket credentials via UNIX domain sockets."
941 #: build/C/man7/capabilities.7:241
943 msgid "B<CAP_SETFCAP> (since Linux 2.6.24)"
947 #: build/C/man7/capabilities.7:244
948 msgid "Set file capabilities."
952 #: build/C/man7/capabilities.7:244
954 msgid "B<CAP_SETPCAP>"
958 #: build/C/man7/capabilities.7:255
960 "If file capabilities are not supported: grant or remove any capability in "
961 "the caller's permitted capability set to or from any other process. (This "
962 "property of B<CAP_SETPCAP> is not available when the kernel is configured to "
963 "support file capabilities, since B<CAP_SETPCAP> has entirely different "
964 "semantics for such kernels.)"
968 #: build/C/man7/capabilities.7:265
970 "If file capabilities are supported: add any capability from the calling "
971 "thread's bounding set to its inheritable set; drop capabilities from the "
972 "bounding set (via B<prctl>(2) B<PR_CAPBSET_DROP>); make changes to the "
973 "I<securebits> flags."
977 #: build/C/man7/capabilities.7:265
979 msgid "B<CAP_SETUID>"
982 #. FIXME CAP_SETUID also an effect in exec(); document this.
984 #: build/C/man7/capabilities.7:274
986 "Make arbitrary manipulations of process UIDs (B<setuid>(2), B<setreuid>(2), "
987 "B<setresuid>(2), B<setfsuid>(2)); make forged UID when passing socket "
988 "credentials via UNIX domain sockets."
992 #: build/C/man7/capabilities.7:274
994 msgid "B<CAP_SYS_ADMIN>"
998 #: build/C/man7/capabilities.7:288
1000 "Perform a range of system administration operations including: "
1001 "B<quotactl>(2), B<mount>(2), B<umount>(2), B<swapon>(2), B<swapoff>(2), "
1002 "B<sethostname>(2), and B<setdomainname>(2);"
1006 #: build/C/man7/capabilities.7:294
1008 "perform privileged B<syslog>(2) operations (since Linux 2.6.37, "
1009 "B<CAP_SYSLOG> should be used to permit such operations);"
1013 #: build/C/man7/capabilities.7:299
1014 msgid "perform B<VM86_REQUEST_IRQ> B<vm86>(2) command;"
1018 #: build/C/man7/capabilities.7:305
1020 "perform B<IPC_SET> and B<IPC_RMID> operations on arbitrary System V IPC "
1025 #: build/C/man7/capabilities.7:312
1027 "perform operations on I<trusted> and I<security> Extended Attributes (see "
1032 #: build/C/man7/capabilities.7:315
1033 msgid "use B<lookup_dcookie>(2);"
1037 #: build/C/man7/capabilities.7:323
1039 "use B<ioprio_set>(2) to assign B<IOPRIO_CLASS_RT> and (before Linux 2.6.25) "
1040 "B<IOPRIO_CLASS_IDLE> I/O scheduling classes;"
1044 #: build/C/man7/capabilities.7:325
1045 msgid "forge UID when passing socket credentials;"
1049 #: build/C/man7/capabilities.7:334
1051 "exceed I</proc/sys/fs/file-max>, the system-wide limit on the number of open "
1052 "files, in system calls that open files (e.g., B<accept>(2), B<execve>(2), "
1053 "B<open>(2), B<pipe>(2));"
1057 #: build/C/man7/capabilities.7:341
1059 "employ B<CLONE_*> flags that create new namespaces with B<clone>(2) and "
1064 #: build/C/man7/capabilities.7:344
1065 msgid "call B<perf_event_open>(2);"
1069 #: build/C/man7/capabilities.7:348
1070 msgid "access privileged I<perf> event information;"
1074 #: build/C/man7/capabilities.7:351
1075 msgid "call B<setns>(2);"
1079 #: build/C/man7/capabilities.7:354
1080 msgid "call B<fanotify_init>(2);"
1084 #: build/C/man7/capabilities.7:361
1085 msgid "perform B<KEYCTL_CHOWN> and B<KEYCTL_SETPERM> B<keyctl>(2) operations;"
1089 #: build/C/man7/capabilities.7:366
1090 msgid "perform B<madvise>(2) B<MADV_HWPOISON> operation;"
1094 #: build/C/man7/capabilities.7:372
1096 "employ the B<TIOCSTI> B<ioctl>(2) to insert characters into the input queue "
1097 "of a terminal other than the caller's controlling terminal."
1101 #: build/C/man7/capabilities.7:376
1102 msgid "employ the obsolete B<nfsservctl>(2) system call;"
1106 #: build/C/man7/capabilities.7:380
1107 msgid "employ the obsolete B<bdflush>(2) system call;"
1111 #: build/C/man7/capabilities.7:384
1112 msgid "perform various privileged block-device B<ioctl>(2) operations;"
1116 #: build/C/man7/capabilities.7:388
1117 msgid "perform various privileged file-system B<ioctl>(2) operations;"
1121 #: build/C/man7/capabilities.7:390
1122 msgid "perform administrative operations on many device drivers."
1126 #: build/C/man7/capabilities.7:392
1128 msgid "B<CAP_SYS_BOOT>"
1132 #: build/C/man7/capabilities.7:398
1133 msgid "Use B<reboot>(2) and B<kexec_load>(2)."
1137 #: build/C/man7/capabilities.7:398
1139 msgid "B<CAP_SYS_CHROOT>"
1143 #: build/C/man7/capabilities.7:402
1144 msgid "Use B<chroot>(2)."
1148 #: build/C/man7/capabilities.7:402
1150 msgid "B<CAP_SYS_MODULE>"
1154 #: build/C/man7/capabilities.7:411
1156 "Load and unload kernel modules (see B<init_module>(2) and "
1157 "B<delete_module>(2)); in kernels before 2.6.25: drop capabilities from the "
1158 "system-wide capability bounding set."
1162 #: build/C/man7/capabilities.7:411
1164 msgid "B<CAP_SYS_NICE>"
1168 #: build/C/man7/capabilities.7:420
1170 "Raise process nice value (B<nice>(2), B<setpriority>(2)) and change the "
1171 "nice value for arbitrary processes;"
1175 #: build/C/man7/capabilities.7:425
1177 "set real-time scheduling policies for calling process, and set scheduling "
1178 "policies and priorities for arbitrary processes (B<sched_setscheduler>(2), "
1179 "B<sched_setparam>(2));"
1183 #: build/C/man7/capabilities.7:428
1184 msgid "set CPU affinity for arbitrary processes (B<sched_setaffinity>(2));"
1188 #: build/C/man7/capabilities.7:431
1190 "set I/O scheduling class and priority for arbitrary processes "
1191 "(B<ioprio_set>(2));"
1194 #. FIXME CAP_SYS_NICE also has the following effect for
1195 #. migrate_pages(2):
1196 #. do_migrate_pages(mm, &old, &new,
1197 #. capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
1199 #: build/C/man7/capabilities.7:440
1201 "apply B<migrate_pages>(2) to arbitrary processes and allow processes to be "
1202 "migrated to arbitrary nodes;"
1206 #: build/C/man7/capabilities.7:444
1207 msgid "apply B<move_pages>(2) to arbitrary processes;"
1211 #: build/C/man7/capabilities.7:451
1212 msgid "use the B<MPOL_MF_MOVE_ALL> flag with B<mbind>(2) and B<move_pages>(2)."
1216 #: build/C/man7/capabilities.7:453
1218 msgid "B<CAP_SYS_PACCT>"
1222 #: build/C/man7/capabilities.7:457
1223 msgid "Use B<acct>(2)."
1227 #: build/C/man7/capabilities.7:457
1229 msgid "B<CAP_SYS_PTRACE>"
1233 #: build/C/man7/capabilities.7:466
1235 "Trace arbitrary processes using B<ptrace>(2); apply B<get_robust_list>(2) "
1236 "to arbitrary processes; inspect processes using B<kcmp>(2)."
1240 #: build/C/man7/capabilities.7:466
1242 msgid "B<CAP_SYS_RAWIO>"
1246 #: build/C/man7/capabilities.7:475
1247 msgid "Perform I/O port operations (B<iopl>(2) and B<ioperm>(2));"
1251 #: build/C/man7/capabilities.7:478
1252 msgid "access I</proc/kcore>;"
1256 #: build/C/man7/capabilities.7:483
1257 msgid "employ the B<FIBMAP> B<ioctl>(2) operation;"
1261 #: build/C/man7/capabilities.7:486
1263 "open devices for accessing x86 model-specific registers (MSRs, see "
1268 #: build/C/man7/capabilities.7:489
1269 msgid "update I</proc/sys/vm/mmap_min_addr>;"
1273 #: build/C/man7/capabilities.7:492
1275 "create memory mappings at addresses below the value specified by "
1276 "I</proc/sys/vm/mmap_min_addr>;"
1280 #: build/C/man7/capabilities.7:495
1281 msgid "map files in I</proc/bus/pci>;"
1285 #: build/C/man7/capabilities.7:500
1286 msgid "open I</dev/mem> and I</dev/kmem>;"
1290 #: build/C/man7/capabilities.7:502
1291 msgid "perform various SCSI device commands;"
1295 #: build/C/man7/capabilities.7:508
1296 msgid "perform certain operations on B<hpsa>(4) and B<cciss>(4) devices;"
1300 #: build/C/man7/capabilities.7:510
1301 msgid "perform a range of device-specific operations on other devices."
1305 #: build/C/man7/capabilities.7:512
1307 msgid "B<CAP_SYS_RESOURCE>"
1311 #: build/C/man7/capabilities.7:518
1312 msgid "Use reserved space on ext2 file systems;"
1316 #: build/C/man7/capabilities.7:522
1317 msgid "make B<ioctl>(2) calls controlling ext3 journaling;"
1321 #: build/C/man7/capabilities.7:524
1322 msgid "override disk quota limits;"
1326 #: build/C/man7/capabilities.7:527
1327 msgid "increase resource limits (see B<setrlimit>(2));"
1331 #: build/C/man7/capabilities.7:531
1332 msgid "override B<RLIMIT_NPROC> resource limit;"
1336 #: build/C/man7/capabilities.7:533
1337 msgid "override maximum number of consoles on console allocation;"
1341 #: build/C/man7/capabilities.7:535
1342 msgid "override maximum number of keymaps;"
1346 #: build/C/man7/capabilities.7:537
1347 msgid "allow more than 64hz interrupts from the real-time clock;"
1351 #: build/C/man7/capabilities.7:546
1353 "raise I<msg_qbytes> limit for a System V message queue above the limit in "
1354 "I</proc/sys/kernel/msgmnb> (see B<msgop>(2) and B<msgctl>(2));"
1358 #: build/C/man7/capabilities.7:553
1360 "override the I</proc/sys/fs/pipe-size-max> limit when setting the capacity "
1361 "of a pipe using the B<F_SETPIPE_SZ> B<fcntl>(2) command."
1365 #: build/C/man7/capabilities.7:558
1367 "use B<F_SETPIPE_SZ> to increase the capacity of a pipe above the limit "
1368 "specified by I</proc/sys/fs/pipe-max-size>;"
1372 #: build/C/man7/capabilities.7:563
1374 "override I</proc/sys/fs/mqueue/queues_max> limit when creating POSIX message "
1375 "queues (see B<mq_overview>(7));"
1379 #: build/C/man7/capabilities.7:568
1380 msgid "employ B<prctl>(2) B<PR_SET_MM> operation;"
1384 #: build/C/man7/capabilities.7:573
1386 "set I</proc/PID/oom_score_adj> to a value lower than the value last set by a "
1387 "process with B<CAP_SYS_RESOURCE>."
1391 #: build/C/man7/capabilities.7:575
1393 msgid "B<CAP_SYS_TIME>"
1397 #: build/C/man7/capabilities.7:582
1399 "Set system clock (B<settimeofday>(2), B<stime>(2), B<adjtimex>(2)); set "
1400 "real-time (hardware) clock."
1404 #: build/C/man7/capabilities.7:582
1406 msgid "B<CAP_SYS_TTY_CONFIG>"
1410 #: build/C/man7/capabilities.7:589
1412 "Use B<vhangup>(2); employ various privileged B<ioctl>(2) operations on "
1413 "virtual terminals."
1417 #: build/C/man7/capabilities.7:589
1419 msgid "B<CAP_SYSLOG> (since Linux 2.6.37)"
1423 #: build/C/man7/capabilities.7:598
1425 "Perform privileged B<syslog>(2) operations. See B<syslog>(2) for "
1426 "information on which operations require privilege."
1430 #: build/C/man7/capabilities.7:608
1432 "View kernel addresses exposed via I</proc> and other interfaces when "
1433 "I</proc/sys/kernel/kptr_restrict> has the value 1. (See the discussion of "
1434 "the I<kptr_restrict> in B<proc>(5).)"
1438 #: build/C/man7/capabilities.7:608
1440 msgid "B<CAP_WAKE_ALARM> (since Linux 3.0)"
1444 #: build/C/man7/capabilities.7:616
1446 "Trigger something that will wake up the system (set B<CLOCK_REALTIME_ALARM> "
1447 "and B<CLOCK_BOOTTIME_ALARM> timers)."
1451 #: build/C/man7/capabilities.7:616
1453 msgid "Past and current implementation"
1457 #: build/C/man7/capabilities.7:618
1458 msgid "A full implementation of capabilities requires that:"
1462 #: build/C/man7/capabilities.7:618 build/C/man7/capabilities.7:769 build/C/man7/capabilities.7:916 build/C/man7/capabilities.7:969
1468 #: build/C/man7/capabilities.7:622
1470 "For all privileged operations, the kernel must check whether the thread has "
1471 "the required capability in its effective set."
1475 #: build/C/man7/capabilities.7:622 build/C/man7/capabilities.7:774 build/C/man7/capabilities.7:922 build/C/man7/capabilities.7:975
1481 #: build/C/man7/capabilities.7:625
1483 "The kernel must provide system calls allowing a thread's capability sets to "
1484 "be changed and retrieved."
1488 #: build/C/man7/capabilities.7:625 build/C/man7/capabilities.7:925 build/C/man7/capabilities.7:979
1494 #: build/C/man7/capabilities.7:628
1496 "The file system must support attaching capabilities to an executable file, "
1497 "so that a process gains those capabilities when the file is executed."
1501 #: build/C/man7/capabilities.7:632
1503 "Before kernel 2.6.24, only the first two of these requirements are met; "
1504 "since kernel 2.6.24, all three requirements are met."
1508 #: build/C/man7/capabilities.7:632
1510 msgid "Thread capability sets"
1514 #: build/C/man7/capabilities.7:635
1516 "Each thread has three capability sets containing zero or more of the above "
1521 #: build/C/man7/capabilities.7:635
1523 msgid "I<Permitted>:"
1527 #: build/C/man7/capabilities.7:643
1529 "This is a limiting superset for the effective capabilities that the thread "
1530 "may assume. It is also a limiting superset for the capabilities that may be "
1531 "added to the inheritable set by a thread that does not have the "
1532 "B<CAP_SETPCAP> capability in its effective set."
1536 #: build/C/man7/capabilities.7:649
1538 "If a thread drops a capability from its permitted set, it can never "
1539 "reacquire that capability (unless it B<execve>(2)s either a set-user-ID-root "
1540 "program, or a program whose associated file capabilities grant that "
1545 #: build/C/man7/capabilities.7:649
1547 msgid "I<Inheritable>:"
1551 #: build/C/man7/capabilities.7:656
1553 "This is a set of capabilities preserved across an B<execve>(2). It provides "
1554 "a mechanism for a process to assign capabilities to the permitted set of the "
1555 "new program during an B<execve>(2)."
1559 #: build/C/man7/capabilities.7:656 build/C/man7/capabilities.7:706
1561 msgid "I<Effective>:"
1565 #: build/C/man7/capabilities.7:660
1567 "This is the set of capabilities used by the kernel to perform permission "
1568 "checks for the thread."
1572 #: build/C/man7/capabilities.7:666
1574 "A child created via B<fork>(2) inherits copies of its parent's capability "
1575 "sets. See below for a discussion of the treatment of capabilities during "
1580 #: build/C/man7/capabilities.7:670
1582 "Using B<capset>(2), a thread may manipulate its own capability sets (see "
1586 #. commit 73efc0394e148d0e15583e13712637831f926720
1588 #: build/C/man7/capabilities.7:679
1590 "Since Linux 3.2, the file I</proc/sys/kernel/cap_last_cap> exposes the "
1591 "numerical value of the highest capability supported by the running kernel; "
1592 "this can be used to determine the highest bit that may be set in a "
1597 #: build/C/man7/capabilities.7:679
1599 msgid "File capabilities"
1603 #: build/C/man7/capabilities.7:694
1605 "Since kernel 2.6.24, the kernel supports associating capability sets with an "
1606 "executable file using B<setcap>(8). The file capability sets are stored in "
1607 "an extended attribute (see B<setxattr>(2)) named I<security.capability>. "
1608 "Writing to this extended attribute requires the B<CAP_SETFCAP> capability. "
1609 "The file capability sets, in conjunction with the capability sets of the "
1610 "thread, determine the capabilities of a thread after an B<execve>(2)."
1614 #: build/C/man7/capabilities.7:696
1615 msgid "The three file capability sets are:"
1619 #: build/C/man7/capabilities.7:696
1621 msgid "I<Permitted> (formerly known as I<forced>):"
1625 #: build/C/man7/capabilities.7:700
1627 "These capabilities are automatically permitted to the thread, regardless of "
1628 "the thread's inheritable capabilities."
1632 #: build/C/man7/capabilities.7:700
1634 msgid "I<Inheritable> (formerly known as I<allowed>):"
1638 #: build/C/man7/capabilities.7:706
1640 "This set is ANDed with the thread's inheritable set to determine which "
1641 "inheritable capabilities are enabled in the permitted set of the thread "
1642 "after the B<execve>(2)."
1646 #: build/C/man7/capabilities.7:716
1648 "This is not a set, but rather just a single bit. If this bit is set, then "
1649 "during an B<execve>(2) all of the new permitted capabilities for the thread "
1650 "are also raised in the effective set. If this bit is not set, then after an "
1651 "B<execve>(2), none of the new permitted capabilities is in the new effective "
1656 #: build/C/man7/capabilities.7:732
1658 "Enabling the file effective capability bit implies that any file permitted "
1659 "or inheritable capability that causes a thread to acquire the corresponding "
1660 "permitted capability during an B<execve>(2) (see the transformation rules "
1661 "described below) will also acquire that capability in its effective set. "
1662 "Therefore, when assigning capabilities to a file (B<setcap>(8), "
1663 "B<cap_set_file>(3), B<cap_set_fd>(3)), if we specify the effective flag as "
1664 "being enabled for any capability, then the effective flag must also be "
1665 "specified as enabled for all other capabilities for which the corresponding "
1666 "permitted or inheritable flags is enabled."
1670 #: build/C/man7/capabilities.7:732
1672 msgid "Transformation of capabilities during execve()"
1676 #: build/C/man7/capabilities.7:738
1678 "During an B<execve>(2), the kernel calculates the new capabilities of the "
1679 "process using the following algorithm:"
1683 #: build/C/man7/capabilities.7:743
1686 "P'(permitted) = (P(inheritable) & F(inheritable)) |\n"
1687 " (F(permitted) & cap_bset)\n"
1691 #: build/C/man7/capabilities.7:745
1693 msgid "P'(effective) = F(effective) ? P'(permitted) : 0\n"
1697 #: build/C/man7/capabilities.7:747
1699 msgid "P'(inheritable) = P(inheritable) [i.e., unchanged]\n"
1703 #: build/C/man7/capabilities.7:751
1708 #: build/C/man7/capabilities.7:752
1714 #: build/C/man7/capabilities.7:755
1715 msgid "denotes the value of a thread capability set before the B<execve>(2)"
1719 #: build/C/man7/capabilities.7:755
1725 #: build/C/man7/capabilities.7:758
1726 msgid "denotes the value of a capability set after the B<execve>(2)"
1730 #: build/C/man7/capabilities.7:758
1736 #: build/C/man7/capabilities.7:760
1737 msgid "denotes a file capability set"
1741 #: build/C/man7/capabilities.7:760
1747 #: build/C/man7/capabilities.7:762
1748 msgid "is the value of the capability bounding set (described below)."
1752 #: build/C/man7/capabilities.7:764
1754 msgid "Capabilities and execution of programs by root"
1758 #: build/C/man7/capabilities.7:769
1760 "In order to provide an all-powerful I<root> using capability sets, during an "
1765 #: build/C/man7/capabilities.7:774
1767 "If a set-user-ID-root program is being executed, or the real user ID of the "
1768 "process is 0 (root) then the file inheritable and permitted sets are "
1769 "defined to be all ones (i.e., all capabilities enabled)."
1773 #: build/C/man7/capabilities.7:777
1775 "If a set-user-ID-root program is being executed, then the file effective bit "
1776 "is defined to be one (enabled)."
1779 #. If a process with real UID 0, and nonzero effective UID does an
1780 #. exec(), then it gets all capabilities in its
1781 #. permitted set, and no effective capabilities
1783 #: build/C/man7/capabilities.7:792
1785 "The upshot of the above rules, combined with the capabilities "
1786 "transformations described above, is that when a process B<execve>(2)s a "
1787 "set-user-ID-root program, or when a process with an effective UID of 0 "
1788 "B<execve>(2)s a program, it gains all capabilities in its permitted and "
1789 "effective capability sets, except those masked out by the capability "
1790 "bounding set. This provides semantics that are the same as those provided "
1791 "by traditional UNIX systems."
1795 #: build/C/man7/capabilities.7:792
1797 msgid "Capability bounding set"
1801 #: build/C/man7/capabilities.7:797
1803 "The capability bounding set is a security mechanism that can be used to "
1804 "limit the capabilities that can be gained during an B<execve>(2). The "
1805 "bounding set is used in the following ways:"
1809 #: build/C/man7/capabilities.7:805
1811 "During an B<execve>(2), the capability bounding set is ANDed with the file "
1812 "permitted capability set, and the result of this operation is assigned to "
1813 "the thread's permitted capability set. The capability bounding set thus "
1814 "places a limit on the permitted capabilities that may be granted by an "
1819 #: build/C/man7/capabilities.7:817
1821 "(Since Linux 2.6.25) The capability bounding set acts as a limiting "
1822 "superset for the capabilities that a thread can add to its inheritable set "
1823 "using B<capset>(2). This means that if a capability is not in the bounding "
1824 "set, then a thread can't add this capability to its inheritable set, even if "
1825 "it was in its permitted capabilities, and thereby cannot have this "
1826 "capability preserved in its permitted set when it B<execve>(2)s a file that "
1827 "has the capability in its inheritable set."
1831 #: build/C/man7/capabilities.7:824
1833 "Note that the bounding set masks the file permitted capabilities, but not "
1834 "the inherited capabilities. If a thread maintains a capability in its "
1835 "inherited set that is not in its bounding set, then it can still gain that "
1836 "capability in its permitted set by executing a file that has the capability "
1837 "in its inherited set."
1841 #: build/C/man7/capabilities.7:827
1843 "Depending on the kernel version, the capability bounding set is either a "
1844 "system-wide attribute, or a per-process attribute."
1848 #: build/C/man7/capabilities.7:829
1849 msgid "B<Capability bounding set prior to Linux 2.6.25>"
1853 #: build/C/man7/capabilities.7:837
1855 "In kernels before 2.6.25, the capability bounding set is a system-wide "
1856 "attribute that affects all threads on the system. The bounding set is "
1857 "accessible via the file I</proc/sys/kernel/cap-bound>. (Confusingly, this "
1858 "bit mask parameter is expressed as a signed decimal number in "
1859 "I</proc/sys/kernel/cap-bound>.)"
1863 #: build/C/man7/capabilities.7:844
1865 "Only the B<init> process may set capabilities in the capability bounding "
1866 "set; other than that, the superuser (more precisely: programs with the "
1867 "B<CAP_SYS_MODULE> capability) may only clear capabilities from this set."
1871 #: build/C/man7/capabilities.7:853
1873 "On a standard system the capability bounding set always masks out the "
1874 "B<CAP_SETPCAP> capability. To remove this restriction (dangerous!), modify "
1875 "the definition of B<CAP_INIT_EFF_SET> in I<include/linux/capability.h> and "
1876 "rebuild the kernel."
1880 #: build/C/man7/capabilities.7:857
1882 "The system-wide capability bounding set feature was added to Linux starting "
1883 "with kernel version 2.2.11."
1887 #: build/C/man7/capabilities.7:859
1888 msgid "B<Capability bounding set from Linux 2.6.25 onward>"
1892 #: build/C/man7/capabilities.7:864
1894 "From Linux 2.6.25, the I<capability bounding set> is a per-thread "
1895 "attribute. (There is no longer a system-wide capability bounding set.)"
1899 #: build/C/man7/capabilities.7:869
1901 "The bounding set is inherited at B<fork>(2) from the thread's parent, and "
1902 "is preserved across an B<execve>(2)."
1906 #: build/C/man7/capabilities.7:882
1908 "A thread may remove capabilities from its capability bounding set using the "
1909 "B<prctl>(2) B<PR_CAPBSET_DROP> operation, provided it has the "
1910 "B<CAP_SETPCAP> capability. Once a capability has been dropped from the "
1911 "bounding set, it cannot be restored to that set. A thread can determine if "
1912 "a capability is in its bounding set using the B<prctl>(2) "
1913 "B<PR_CAPBSET_READ> operation."
1917 #: build/C/man7/capabilities.7:900
1919 "Removing capabilities from the bounding set is supported only if file "
1920 "capabilities are compiled into the kernel. In kernels before Linux 2.6.33, "
1921 "file capabilities were an optional feature configurable via the "
1922 "CONFIG_SECURITY_FILE_CAPABILITIES option. Since Linux 2.6.33, the "
1923 "configuration option has been removed and file capabilities are always part "
1924 "of the kernel. When file capabilities are compiled into the kernel, the "
1925 "B<init> process (the ancestor of all processes) begins with a full bounding "
1926 "set. If file capabilities are not compiled into the kernel, then B<init> "
1927 "begins with a full bounding set minus B<CAP_SETPCAP>, because this "
1928 "capability has a different meaning when there are no file capabilities."
1932 #: build/C/man7/capabilities.7:907
1934 "Removing a capability from the bounding set does not remove it from the "
1935 "thread's inherited set. However it does prevent the capability from being "
1936 "added back into the thread's inherited set in the future."
1940 #: build/C/man7/capabilities.7:907
1942 msgid "Effect of user ID changes on capabilities"
1946 #: build/C/man7/capabilities.7:916
1948 "To preserve the traditional semantics for transitions between 0 and nonzero "
1949 "user IDs, the kernel makes the following changes to a thread's capability "
1950 "sets on changes to the thread's real, effective, saved set, and file system "
1951 "user IDs (using B<setuid>(2), B<setresuid>(2), or similar):"
1955 #: build/C/man7/capabilities.7:922
1957 "If one or more of the real, effective or saved set user IDs was previously "
1958 "0, and as a result of the UID changes all of these IDs have a nonzero value, "
1959 "then all capabilities are cleared from the permitted and effective "
1964 #: build/C/man7/capabilities.7:925
1966 "If the effective user ID is changed from 0 to nonzero, then all capabilities "
1967 "are cleared from the effective set."
1971 #: build/C/man7/capabilities.7:928
1973 "If the effective user ID is changed from nonzero to 0, then the permitted "
1974 "set is copied to the effective set."
1978 #: build/C/man7/capabilities.7:928 build/C/man7/capabilities.7:983
1984 #: build/C/man7/capabilities.7:946
1986 "If the file system user ID is changed from 0 to nonzero (see B<setfsuid>(2)) "
1987 "then the following capabilities are cleared from the effective set: "
1988 "B<CAP_CHOWN>, B<CAP_DAC_OVERRIDE>, B<CAP_DAC_READ_SEARCH>, B<CAP_FOWNER>, "
1989 "B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (since Linux 2.2.30), "
1990 "B<CAP_MAC_OVERRIDE>, and B<CAP_MKNOD> (since Linux 2.2.30). If the file "
1991 "system UID is changed from nonzero to 0, then any of these capabilities that "
1992 "are enabled in the permitted set are enabled in the effective set."
1996 #: build/C/man7/capabilities.7:954
1998 "If a thread that has a 0 value for one or more of its user IDs wants to "
1999 "prevent its permitted capability set being cleared when it resets all of its "
2000 "user IDs to nonzero values, it can do so using the B<prctl>(2) "
2001 "B<PR_SET_KEEPCAPS> operation."
2005 #: build/C/man7/capabilities.7:954
2007 msgid "Programmatically adjusting capability sets"
2011 #: build/C/man7/capabilities.7:969
2013 "A thread can retrieve and change its capability sets using the B<capget>(2) "
2014 "and B<capset>(2) system calls. However, the use of B<cap_get_proc>(3) and "
2015 "B<cap_set_proc>(3), both provided in the I<libcap> package, is preferred for "
2016 "this purpose. The following rules govern changes to the thread capability "
2021 #: build/C/man7/capabilities.7:975
2023 "If the caller does not have the B<CAP_SETPCAP> capability, the new "
2024 "inheritable set must be a subset of the combination of the existing "
2025 "inheritable and permitted sets."
2029 #: build/C/man7/capabilities.7:979
2031 "(Since Linux 2.6.25) The new inheritable set must be a subset of the "
2032 "combination of the existing inheritable set and the capability bounding set."
2036 #: build/C/man7/capabilities.7:983
2038 "The new permitted set must be a subset of the existing permitted set (i.e., "
2039 "it is not possible to acquire permitted capabilities that the thread does "
2040 "not currently have)."
2044 #: build/C/man7/capabilities.7:985
2045 msgid "The new effective set must be a subset of the new permitted set."
2049 #: build/C/man7/capabilities.7:985
2051 msgid "The securebits flags: establishing a capabilities-only environment"
2054 #. For some background:
2055 #. see http://lwn.net/Articles/280279/ and
2056 #. http://article.gmane.org/gmane.linux.kernel.lsm/5476/
2058 #: build/C/man7/capabilities.7:996
2060 "Starting with kernel 2.6.26, and with a kernel in which file capabilities "
2061 "are enabled, Linux implements a set of per-thread I<securebits> flags that "
2062 "can be used to disable special handling of capabilities for UID 0 "
2063 "(I<root>). These flags are as follows:"
2067 #: build/C/man7/capabilities.7:996
2069 msgid "B<SECBIT_KEEP_CAPS>"
2073 #: build/C/man7/capabilities.7:1008
2075 "Setting this flag allows a thread that has one or more 0 UIDs to retain its "
2076 "capabilities when it switches all of its UIDs to a nonzero value. If this "
2077 "flag is not set, then such a UID switch causes the thread to lose all "
2078 "capabilities. This flag is always cleared on an B<execve>(2). (This flag "
2079 "provides the same functionality as the older B<prctl>(2) B<PR_SET_KEEPCAPS> "
2084 #: build/C/man7/capabilities.7:1008
2086 msgid "B<SECBIT_NO_SETUID_FIXUP>"
2090 #: build/C/man7/capabilities.7:1015
2092 "Setting this flag stops the kernel from adjusting capability sets when the "
2093 "threads's effective and file system UIDs are switched between zero and "
2094 "nonzero values. (See the subsection I<Effect of User ID Changes on "
2099 #: build/C/man7/capabilities.7:1015
2101 msgid "B<SECBIT_NOROOT>"
2105 #: build/C/man7/capabilities.7:1023
2107 "If this bit is set, then the kernel does not grant capabilities when a "
2108 "set-user-ID-root program is executed, or when a process with an effective or "
2109 "real UID of 0 calls B<execve>(2). (See the subsection I<Capabilities and "
2110 "execution of programs by root>.)"
2114 #: build/C/man7/capabilities.7:1033
2116 "Each of the above \"base\" flags has a companion \"locked\" flag. Setting "
2117 "any of the \"locked\" flags is irreversible, and has the effect of "
2118 "preventing further changes to the corresponding \"base\" flag. The locked "
2119 "flags are: B<SECBIT_KEEP_CAPS_LOCKED>, B<SECBIT_NO_SETUID_FIXUP_LOCKED>, and "
2120 "B<SECBIT_NOROOT_LOCKED>."
2124 #: build/C/man7/capabilities.7:1045
2126 "The I<securebits> flags can be modified and retrieved using the B<prctl>(2) "
2127 "B<PR_SET_SECUREBITS> and B<PR_GET_SECUREBITS> operations. The "
2128 "B<CAP_SETPCAP> capability is required to modify the flags."
2132 #: build/C/man7/capabilities.7:1054
2134 "The I<securebits> flags are inherited by child processes. During an "
2135 "B<execve>(2), all of the flags are preserved, except B<SECBIT_KEEP_CAPS> "
2136 "which is always cleared."
2140 #: build/C/man7/capabilities.7:1059
2142 "An application can use the following call to lock itself, and all of its "
2143 "descendants, into an environment where the only way of gaining capabilities "
2144 "is by executing a program with associated file capabilities:"
2148 #: build/C/man7/capabilities.7:1068
2151 "prctl(PR_SET_SECUREBITS,\n"
2152 " SECBIT_KEEP_CAPS_LOCKED |\n"
2153 " SECBIT_NO_SETUID_FIXUP |\n"
2154 " SECBIT_NO_SETUID_FIXUP_LOCKED |\n"
2155 " SECBIT_NOROOT |\n"
2156 " SECBIT_NOROOT_LOCKED);\n"
2160 #: build/C/man7/capabilities.7:1076
2162 "No standards govern capabilities, but the Linux capability implementation is "
2163 "based on the withdrawn POSIX.1e draft standard; see E<.UR "
2164 "http://wt.tuxomania.net\\:/publications\\:/posix.1e/> E<.UE .>"
2168 #: build/C/man7/capabilities.7:1080
2170 "Since kernel 2.5.27, capabilities are an optional kernel component, and can "
2171 "be enabled/disabled via the CONFIG_SECURITY_CAPABILITIES kernel "
2172 "configuration option."
2175 #. 7b9a7ec565505699f503b4fcf61500dceb36e744
2177 #: build/C/man7/capabilities.7:1094
2179 "The I</proc/PID/task/TID/status> file can be used to view the capability "
2180 "sets of a thread. The I</proc/PID/status> file shows the capability sets of "
2181 "a process's main thread. Before Linux 3.8, nonexistent capabilities were "
2182 "shown as being enabled (1) in these sets. Since Linux 3.8, all non-existent "
2183 "capabilities (above B<CAP_LAST_CAP>) are shown as disabled (0)."
2187 #: build/C/man7/capabilities.7:1109
2189 "The I<libcap> package provides a suite of routines for setting and getting "
2190 "capabilities that is more comfortable and less likely to change than the "
2191 "interface provided by B<capset>(2) and B<capget>(2). This package also "
2192 "provides the B<setcap>(8) and B<getcap>(8) programs. It can be found at"
2196 #: build/C/man7/capabilities.7:1112
2199 "http://www.kernel.org\\:/pub\\:/linux\\:/libs\\:/security\\:/linux-privs> "
2204 #: build/C/man7/capabilities.7:1121
2206 "Before kernel 2.6.24, and since kernel 2.6.24 if file capabilities are not "
2207 "enabled, a thread with the B<CAP_SETPCAP> capability can manipulate the "
2208 "capabilities of threads other than itself. However, this is only "
2209 "theoretically possible, since no thread ever has B<CAP_SETPCAP> in either of "
2214 #: build/C/man7/capabilities.7:1126
2216 "In the pre-2.6.25 implementation the system-wide capability bounding set, "
2217 "I</proc/sys/kernel/cap-bound>, always masks out this capability, and this "
2218 "can not be changed without modifying the kernel source and rebuilding."
2222 #: build/C/man7/capabilities.7:1132
2224 "If file capabilities are disabled in the current implementation, then "
2225 "B<init> starts out with this capability removed from its per-process "
2226 "bounding set, and that bounding set is inherited by all other processes "
2227 "created on the system."
2231 #: build/C/man7/capabilities.7:1149
2233 "B<capget>(2), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), "
2234 "B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), "
2235 "B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), "
2236 "B<libcap>(3), B<credentials>(7), B<pthreads>(7), B<getcap>(8), B<setcap>(8)"
2240 #: build/C/man7/capabilities.7:1152
2241 msgid "I<include/linux/capability.h> in the Linux kernel source tree"
2245 #: build/C/man2/capget.2:15
2251 #: build/C/man2/capget.2:15
2257 #: build/C/man2/capget.2:18
2258 msgid "capget, capset - set/get capabilities of thread(s)"
2262 #: build/C/man2/capget.2:20
2263 msgid "B<#include E<lt>sys/capability.hE<gt>>"
2267 #: build/C/man2/capget.2:22
2268 msgid "B<int capget(cap_user_header_t >I<hdrp>B<, cap_user_data_t >I<datap>B<);>"
2272 #: build/C/man2/capget.2:24
2274 "B<int capset(cap_user_header_t >I<hdrp>B<, const cap_user_data_t "
2279 #: build/C/man2/capget.2:35
2281 "As of Linux 2.2, the power of the superuser (root) has been partitioned into "
2282 "a set of discrete capabilities. Each thread has a set of effective "
2283 "capabilities identifying which capabilities (if any) it may currently "
2284 "exercise. Each thread also has a set of inheritable capabilities that may "
2285 "be passed through an B<execve>(2) call, and a set of permitted capabilities "
2286 "that it can make effective or inheritable."
2290 #: build/C/man2/capget.2:44
2292 "These two system calls are the raw kernel interface for getting and setting "
2293 "thread capabilities. Not only are these system calls specific to Linux, but "
2294 "the kernel API is likely to change and use of these system calls (in "
2295 "particular the format of the I<cap_user_*_t> types) is subject to extension "
2296 "with each kernel revision, but old programs will keep working."
2300 #: build/C/man2/capget.2:55
2302 "The portable interfaces are B<cap_set_proc>(3) and B<cap_get_proc>(3); if "
2303 "possible you should use those interfaces in applications. If you wish to "
2304 "use the Linux extensions in applications, you should use the easier-to-use "
2305 "interfaces B<capsetp>(3) and B<capgetp>(3)."
2309 #: build/C/man2/capget.2:55
2311 msgid "Current details"
2315 #: build/C/man2/capget.2:58
2317 "Now that you have been warned, some current kernel details. The structures "
2318 "are defined as follows."
2322 #: build/C/man2/capget.2:63
2325 "#define _LINUX_CAPABILITY_VERSION_1 0x19980330\n"
2326 "#define _LINUX_CAPABILITY_U32S_1 1\n"
2330 #: build/C/man2/capget.2:66
2333 "#define _LINUX_CAPABILITY_VERSION_2 0x20071026\n"
2334 "#define _LINUX_CAPABILITY_U32S_2 2\n"
2338 #: build/C/man2/capget.2:71
2341 "typedef struct __user_cap_header_struct {\n"
2344 "} *cap_user_header_t;\n"
2348 #: build/C/man2/capget.2:77
2351 "typedef struct __user_cap_data_struct {\n"
2352 " __u32 effective;\n"
2353 " __u32 permitted;\n"
2354 " __u32 inheritable;\n"
2355 "} *cap_user_data_t;\n"
2359 #: build/C/man2/capget.2:96
2361 "The I<effective>, I<permitted>, and I<inheritable> fields are bit masks of "
2362 "the capabilities defined in I<capability(7).> Note the B<CAP_*> values are "
2363 "bit indexes and need to be bit-shifted before ORing into the bit fields. To "
2364 "define the structures for passing to the system call you have to use the "
2365 "I<struct __user_cap_header_struct> and I<struct __user_cap_data_struct> "
2366 "names because the typedefs are only pointers."
2370 #: build/C/man2/capget.2:108
2372 "Kernels prior to 2.6.25 prefer 32-bit capabilities with version "
2373 "B<_LINUX_CAPABILITY_VERSION_1>, and kernels 2.6.25+ prefer 64-bit "
2374 "capabilities with version B<_LINUX_CAPABILITY_VERSION_2>. Note, 64-bit "
2375 "capabilities use I<datap>[0] and I<datap>[1], whereas 32-bit capabilities "
2376 "use only I<datap>[0]."
2380 #: build/C/man2/capget.2:112
2382 "Another change affecting the behavior of these system calls is kernel "
2383 "support for file capabilities (VFS capability support). This support is "
2384 "currently a compile time option (added in kernel 2.6.24)."
2388 #: build/C/man2/capget.2:119
2390 "For B<capget>() calls, one can probe the capabilities of any process by "
2391 "specifying its process ID with the I<hdrp-E<gt>pid> field value."
2395 #: build/C/man2/capget.2:119
2397 msgid "With VFS capability support"
2401 #: build/C/man2/capget.2:131
2403 "VFS Capability support creates a file-attribute method for adding "
2404 "capabilities to privileged executables. This privilege model obsoletes "
2405 "kernel support for one process asynchronously setting the capabilities of "
2406 "another. That is, with VFS support, for B<capset>() calls the only "
2407 "permitted values for I<hdrp-E<gt>pid> are 0 or B<getpid>(2), which are "
2412 #: build/C/man2/capget.2:131
2414 msgid "Without VFS capability support"
2418 #: build/C/man2/capget.2:157
2420 "When the kernel does not support VFS capabilities, B<capset>() calls can "
2421 "operate on the capabilities of the thread specified by the I<pid> field of "
2422 "I<hdrp> when that is nonzero, or on the capabilities of the calling thread "
2423 "if I<pid> is 0. If I<pid> refers to a single-threaded process, then I<pid> "
2424 "can be specified as a traditional process ID; operating on a thread of a "
2425 "multithreaded process requires a thread ID of the type returned by "
2426 "B<gettid>(2). For B<capset>(), I<pid> can also be: -1, meaning perform the "
2427 "change on all threads except the caller and B<init>(8); or a value less than "
2428 "-1, in which case the change is applied to all members of the process group "
2429 "whose ID is -I<pid>."
2433 #: build/C/man2/capget.2:160
2434 msgid "For details on the data, see B<capabilities>(7)."
2438 #: build/C/man2/capget.2:179
2440 "The calls will fail with the error B<EINVAL>, and set the I<version> field "
2441 "of I<hdrp> to the kernel preferred value of B<_LINUX_CAPABILITY_VERSION_?> "
2442 "when an unsupported I<version> value is specified. In this way, one can "
2443 "probe what the current preferred capability revision is."
2447 #: build/C/man2/capget.2:188
2449 "Bad memory address. I<hdrp> must not be NULL. I<datap> may be NULL only "
2450 "when the user is trying to determine the preferred capability version format "
2451 "supported by the kernel."
2455 #: build/C/man2/capget.2:188 build/C/man7/cpuset.7:1180 build/C/man7/cpuset.7:1189 build/C/man7/cpuset.7:1198 build/C/man7/cpuset.7:1208 build/C/man7/cpuset.7:1217 build/C/man7/cpuset.7:1224 build/C/man7/cpuset.7:1231 build/C/man2/getgroups.2:114 build/C/man2/getgroups.2:121 build/C/man2/getpriority.2:121 build/C/man2/getrlimit.2:440 build/C/man2/getrusage.2:191 build/C/man2/iopl.2:72 build/C/man2/ioprio_set.2:170 build/C/man2/setpgid.2:202
2461 #: build/C/man2/capget.2:191
2462 msgid "One of the arguments was invalid."
2466 #: build/C/man2/capget.2:196
2468 "An attempt was made to add a capability to the Permitted set, or to set a "
2469 "capability in the Effective or Inheritable sets that is not in the Permitted "
2474 #: build/C/man2/capget.2:215
2476 "The caller attempted to use B<capset>() to modify the capabilities of a "
2477 "thread other than itself, but lacked sufficient privilege. For kernels "
2478 "supporting VFS capabilities, this is never permitted. For kernels lacking "
2479 "VFS support, the B<CAP_SETPCAP> capability is required. (A bug in kernels "
2480 "before 2.6.11 meant that this error could also occur if a thread without "
2481 "this capability tried to change its own capabilities by specifying the "
2482 "I<pid> field as a nonzero value (i.e., the value returned by B<getpid>(2)) "
2487 #: build/C/man2/capget.2:215 build/C/man7/cpuset.7:1330 build/C/man2/getpriority.2:129 build/C/man2/getrlimit.2:464 build/C/man2/getsid.2:70 build/C/man2/ioprio_set.2:187 build/C/man2/setpgid.2:217
2493 #: build/C/man2/capget.2:218
2494 msgid "No such thread."
2498 #: build/C/man2/capget.2:220 build/C/man2/ioprio_set.2:198
2499 msgid "These system calls are Linux-specific."
2503 #: build/C/man2/capget.2:225
2505 "The portable interface to the capability querying and setting functions is "
2506 "provided by the I<libcap> library and is available here:"
2510 #: build/C/man2/capget.2:228
2513 "http://git.kernel.org/cgit\\:/linux\\:/kernel\\:/git\\:/morgan\\:\\:/libcap.git> "
2518 #: build/C/man2/capget.2:232
2519 msgid "B<clone>(2), B<gettid>(2), B<capabilities>(7)"
2523 #: build/C/man7/cpuset.7:25
2529 #: build/C/man7/cpuset.7:25 build/C/man2/getpriority.2:48 build/C/man2/ioprio_set.2:24 build/C/man7/svipc.7:40
2535 #: build/C/man7/cpuset.7:28
2536 msgid "cpuset - confine processes to processor and memory node subsets"
2540 #: build/C/man7/cpuset.7:35
2542 "The cpuset file system is a pseudo-file-system interface to the kernel "
2543 "cpuset mechanism, which is used to control the processor placement and "
2544 "memory placement of processes. It is commonly mounted at I</dev/cpuset>."
2548 #: build/C/man7/cpuset.7:52
2550 "On systems with kernels compiled with built in support for cpusets, all "
2551 "processes are attached to a cpuset, and cpusets are always present. If a "
2552 "system supports cpusets, then it will have the entry B<nodev cpuset> in the "
2553 "file I</proc/filesystems>. By mounting the cpuset file system (see the "
2554 "B<EXAMPLE> section below), the administrator can configure the cpusets on a "
2555 "system to control the processor and memory placement of processes on that "
2556 "system. By default, if the cpuset configuration on a system is not modified "
2557 "or if the cpuset file system is not even mounted, then the cpuset mechanism, "
2558 "though present, has no affect on the system's behavior."
2562 #: build/C/man7/cpuset.7:54
2563 msgid "A cpuset defines a list of CPUs and memory nodes."
2567 #: build/C/man7/cpuset.7:63
2569 "The CPUs of a system include all the logical processing units on which a "
2570 "process can execute, including, if present, multiple processor cores within "
2571 "a package and Hyper-Threads within a processor core. Memory nodes include "
2572 "all distinct banks of main memory; small and SMP systems typically have just "
2573 "one memory node that contains all the system's main memory, while NUMA "
2574 "(non-uniform memory access) systems have multiple memory nodes."
2578 #: build/C/man7/cpuset.7:73
2580 "Cpusets are represented as directories in a hierarchical pseudo-file system, "
2581 "where the top directory in the hierarchy (I</dev/cpuset>) represents the "
2582 "entire system (all online CPUs and memory nodes) and any cpuset that is the "
2583 "child (descendant) of another parent cpuset contains a subset of that "
2584 "parent's CPUs and memory nodes. The directories and files representing "
2585 "cpusets have normal file-system permissions."
2589 #: build/C/man7/cpuset.7:84
2591 "Every process in the system belongs to exactly one cpuset. A process is "
2592 "confined to run only on the CPUs in the cpuset it belongs to, and to "
2593 "allocate memory only on the memory nodes in that cpuset. When a process "
2594 "B<fork>(2)s, the child process is placed in the same cpuset as its parent. "
2595 "With sufficient privilege, a process may be moved from one cpuset to another "
2596 "and the allowed CPUs and memory nodes of an existing cpuset may be changed."
2600 #: build/C/man7/cpuset.7:92
2602 "When the system begins booting, a single cpuset is defined that includes all "
2603 "CPUs and memory nodes on the system, and all processes are in that cpuset. "
2604 "During the boot process, or later during normal system operation, other "
2605 "cpusets may be created, as subdirectories of this top cpuset, under the "
2606 "control of the system administrator, and processes may be placed in these "
2611 #: build/C/man7/cpuset.7:114
2613 "Cpusets are integrated with the B<sched_setaffinity>(2) scheduling affinity "
2614 "mechanism and the B<mbind>(2) and B<set_mempolicy>(2) memory-placement "
2615 "mechanisms in the kernel. Neither of these mechanisms let a process make "
2616 "use of a CPU or memory node that is not allowed by that process's cpuset. "
2617 "If changes to a process's cpuset placement conflict with these other "
2618 "mechanisms, then cpuset placement is enforced even if it means overriding "
2619 "these other mechanisms. The kernel accomplishes this overriding by silently "
2620 "restricting the CPUs and memory nodes requested by these other mechanisms to "
2621 "those allowed by the invoking process's cpuset. This can result in these "
2622 "other calls returning an error, if for example, such a call ends up "
2623 "requesting an empty set of CPUs or memory nodes, after that request is "
2624 "restricted to the invoking process's cpuset."
2628 #: build/C/man7/cpuset.7:120
2630 "Typically, a cpuset is used to manage the CPU and memory-node confinement "
2631 "for a set of cooperating processes such as a batch scheduler job, and these "
2632 "other mechanisms are used to manage the placement of individual processes or "
2633 "memory regions within that set or job."
2637 #: build/C/man7/cpuset.7:120
2643 #: build/C/man7/cpuset.7:125
2645 "Each directory below I</dev/cpuset> represents a cpuset and contains a fixed "
2646 "set of pseudo-files describing the state of that cpuset."
2650 #: build/C/man7/cpuset.7:135
2652 "New cpusets are created using the B<mkdir>(2) system call or the "
2653 "B<mkdir>(1) command. The properties of a cpuset, such as its flags, "
2654 "allowed CPUs and memory nodes, and attached processes, are queried and "
2655 "modified by reading or writing to the appropriate file in that cpuset's "
2656 "directory, as listed below."
2660 #: build/C/man7/cpuset.7:141
2662 "The pseudo-files in each cpuset directory are automatically created when the "
2663 "cpuset is created, as a result of the B<mkdir>(2) invocation. It is not "
2664 "possible to directly add or remove these pseudo-files."
2668 #: build/C/man7/cpuset.7:149
2670 "A cpuset directory that contains no child cpuset directories, and has no "
2671 "attached processes, can be removed using B<rmdir>(2) or B<rmdir>(1). It is "
2672 "not necessary, or possible, to remove the pseudo-files inside the directory "
2673 "before removing it."
2677 #: build/C/man7/cpuset.7:163
2679 "The pseudo-files in each cpuset directory are small text files that may be "
2680 "read and written using traditional shell utilities such as B<cat>(1), and "
2681 "B<echo>(1), or from a program by using file I/O library functions or system "
2682 "calls, such as B<open>(2), B<read>(2), B<write>(2), and B<close>(2)."
2685 #. ====================== tasks ======================
2687 #: build/C/man7/cpuset.7:168
2689 "The pseudo-files in a cpuset directory represent internal kernel state and "
2690 "do not have any persistent image on disk. Each of these per-cpuset files is "
2691 "listed and described below."
2695 #: build/C/man7/cpuset.7:168
2701 #: build/C/man7/cpuset.7:178
2703 "List of the process IDs (PIDs) of the processes in that cpuset. The list is "
2704 "formatted as a series of ASCII decimal numbers, each followed by a newline. "
2705 "A process may be added to a cpuset (automatically removing it from the "
2706 "cpuset that previously contained it) by writing its PID to that cpuset's "
2707 "I<tasks> file (with or without a trailing newline.)"
2710 #. =================== notify_on_release ===================
2712 #: build/C/man7/cpuset.7:186
2714 "B<Warning:> only one PID may be written to the I<tasks> file at a time. If "
2715 "a string is written that contains more than one PID, only the first one will "
2720 #: build/C/man7/cpuset.7:186
2722 msgid "I<notify_on_release>"
2725 #. ====================== cpus ======================
2727 #: build/C/man7/cpuset.7:195
2729 "Flag (0 or 1). If set (1), that cpuset will receive special handling after "
2730 "it is released, that is, after all processes cease using it (i.e., terminate "
2731 "or are moved to a different cpuset) and all child cpuset directories have "
2732 "been removed. See the B<Notify On Release> section, below."
2736 #: build/C/man7/cpuset.7:195
2738 msgid "I<cpuset.cpus>"
2742 #: build/C/man7/cpuset.7:202
2744 "List of the physical numbers of the CPUs on which processes in that cpuset "
2745 "are allowed to execute. See B<List Format> below for a description of the "
2746 "format of I<cpus>."
2749 #. ==================== cpu_exclusive ====================
2751 #: build/C/man7/cpuset.7:208
2753 "The CPUs allowed to a cpuset may be changed by writing a new list to its "
2758 #: build/C/man7/cpuset.7:208
2760 msgid "I<cpuset.cpu_exclusive>"
2764 #: build/C/man7/cpuset.7:215
2766 "Flag (0 or 1). If set (1), the cpuset has exclusive use of its CPUs (no "
2767 "sibling or cousin cpuset may overlap CPUs). By default this is off (0). "
2768 "Newly created cpusets also initially default this to off (0)."
2771 #. ====================== mems ======================
2773 #: build/C/man7/cpuset.7:237
2775 "Two cpusets are I<sibling> cpusets if they share the same parent cpuset in "
2776 "the I</dev/cpuset> hierarchy. Two cpusets are I<cousin> cpusets if neither "
2777 "is the ancestor of the other. Regardless of the I<cpu_exclusive> setting, "
2778 "if one cpuset is the ancestor of another, and if both of these cpusets have "
2779 "nonempty I<cpus>, then their I<cpus> must overlap, because the I<cpus> of "
2780 "any cpuset are always a subset of the I<cpus> of its parent cpuset."
2784 #: build/C/man7/cpuset.7:237
2786 msgid "I<cpuset.mems>"
2789 #. ==================== mem_exclusive ====================
2791 #: build/C/man7/cpuset.7:245
2793 "List of memory nodes on which processes in this cpuset are allowed to "
2794 "allocate memory. See B<List Format> below for a description of the format "
2799 #: build/C/man7/cpuset.7:245
2801 msgid "I<cpuset.mem_exclusive>"
2805 #: build/C/man7/cpuset.7:253
2807 "Flag (0 or 1). If set (1), the cpuset has exclusive use of its memory nodes "
2808 "(no sibling or cousin may overlap). Also if set (1), the cpuset is a "
2809 "B<Hardwall> cpuset (see below.) By default this is off (0). Newly created "
2810 "cpusets also initially default this to off (0)."
2813 #. ==================== mem_hardwall ====================
2815 #: build/C/man7/cpuset.7:261
2817 "Regardless of the I<mem_exclusive> setting, if one cpuset is the ancestor of "
2818 "another, then their memory nodes must overlap, because the memory nodes of "
2819 "any cpuset are always a subset of the memory nodes of that cpuset's parent "
2824 #: build/C/man7/cpuset.7:261
2826 msgid "I<cpuset.mem_hardwall> (since Linux 2.6.26)"
2829 #. ==================== memory_migrate ====================
2831 #: build/C/man7/cpuset.7:272
2833 "Flag (0 or 1). If set (1), the cpuset is a B<Hardwall> cpuset (see below.) "
2834 "Unlike B<mem_exclusive>, there is no constraint on whether cpusets marked "
2835 "B<mem_hardwall> may have overlapping memory nodes with sibling or cousin "
2836 "cpusets. By default this is off (0). Newly created cpusets also initially "
2837 "default this to off (0)."
2841 #: build/C/man7/cpuset.7:272
2843 msgid "I<cpuset.memory_migrate> (since Linux 2.6.16)"
2846 #. ==================== memory_pressure ====================
2848 #: build/C/man7/cpuset.7:279
2850 "Flag (0 or 1). If set (1), then memory migration is enabled. By default "
2851 "this is off (0). See the B<Memory Migration> section, below."
2855 #: build/C/man7/cpuset.7:279
2857 msgid "I<cpuset.memory_pressure> (since Linux 2.6.16)"
2860 #. ================= memory_pressure_enabled =================
2862 #: build/C/man7/cpuset.7:292
2864 "A measure of how much memory pressure the processes in this cpuset are "
2865 "causing. See the B<Memory Pressure> section, below. Unless "
2866 "I<memory_pressure_enabled> is enabled, always has value zero (0). This file "
2867 "is read-only. See the B<WARNINGS> section, below."
2871 #: build/C/man7/cpuset.7:292
2873 msgid "I<cpuset.memory_pressure_enabled> (since Linux 2.6.16)"
2876 #. ================== memory_spread_page ==================
2878 #: build/C/man7/cpuset.7:304
2880 "Flag (0 or 1). This file is present only in the root cpuset, normally "
2881 "I</dev/cpuset>. If set (1), the I<memory_pressure> calculations are enabled "
2882 "for all cpusets in the system. By default this is off (0). See the "
2883 "B<Memory Pressure> section, below."
2887 #: build/C/man7/cpuset.7:304
2889 msgid "I<cpuset.memory_spread_page> (since Linux 2.6.17)"
2892 #. ================== memory_spread_slab ==================
2894 #: build/C/man7/cpuset.7:314
2896 "Flag (0 or 1). If set (1), pages in the kernel page cache (file-system "
2897 "buffers) are uniformly spread across the cpuset. By default this is off (0) "
2898 "in the top cpuset, and inherited from the parent cpuset in newly created "
2899 "cpusets. See the B<Memory Spread> section, below."
2903 #: build/C/man7/cpuset.7:314
2905 msgid "I<cpuset.memory_spread_slab> (since Linux 2.6.17)"
2908 #. ================== sched_load_balance ==================
2910 #: build/C/man7/cpuset.7:325
2912 "Flag (0 or 1). If set (1), the kernel slab caches for file I/O (directory "
2913 "and inode structures) are uniformly spread across the cpuset. By default "
2914 "this is off (0) in the top cpuset, and inherited from the parent cpuset in "
2915 "newly created cpusets. See the B<Memory Spread> section, below."
2919 #: build/C/man7/cpuset.7:325
2921 msgid "I<cpuset.sched_load_balance> (since Linux 2.6.24)"
2924 #. ================== sched_relax_domain_level ==================
2926 #: build/C/man7/cpuset.7:339
2928 "Flag (0 or 1). If set (1, the default) the kernel will automatically load "
2929 "balance processes in that cpuset over the allowed CPUs in that cpuset. If "
2930 "cleared (0) the kernel will avoid load balancing processes in this cpuset, "
2931 "I<unless> some other cpuset with overlapping CPUs has its "
2932 "I<sched_load_balance> flag set. See B<Scheduler Load Balancing>, below, for "
2937 #: build/C/man7/cpuset.7:339
2939 msgid "I<cpuset.sched_relax_domain_level> (since Linux 2.6.26)"
2942 #. ================== proc cpuset ==================
2944 #: build/C/man7/cpuset.7:359
2946 "Integer, between -1 and a small positive value. The "
2947 "I<sched_relax_domain_level> controls the width of the range of CPUs over "
2948 "which the kernel scheduler performs immediate rebalancing of runnable tasks "
2949 "across CPUs. If I<sched_load_balance> is disabled, then the setting of "
2950 "I<sched_relax_domain_level> does not matter, as no such load balancing is "
2951 "done. If I<sched_load_balance> is enabled, then the higher the value of the "
2952 "I<sched_relax_domain_level>, the wider the range of CPUs over which "
2953 "immediate load balancing is attempted. See B<Scheduler Relax Domain Level>, "
2954 "below, for further details."
2957 #. ================== proc status ==================
2959 #: build/C/man7/cpuset.7:367
2961 "In addition to the above pseudo-files in each directory below "
2962 "I</dev/cpuset>, each process has a pseudo-file, "
2963 "I</proc/E<lt>pidE<gt>/cpuset>, that displays the path of the process's "
2964 "cpuset directory relative to the root of the cpuset file system."
2968 #: build/C/man7/cpuset.7:378
2970 "Also the I</proc/E<lt>pidE<gt>/status> file for each process has four added "
2971 "lines, displaying the process's I<Cpus_allowed> (on which CPUs it may be "
2972 "scheduled) and I<Mems_allowed> (on which memory nodes it may obtain memory), "
2973 "in the two formats B<Mask Format> and B<List Format> (see below) as shown "
2974 "in the following example:"
2978 #: build/C/man7/cpuset.7:385
2981 "Cpus_allowed: ffffffff,ffffffff,ffffffff,ffffffff\n"
2982 "Cpus_allowed_list: 0-127\n"
2983 "Mems_allowed: ffffffff,ffffffff\n"
2984 "Mems_allowed_list: 0-63\n"
2987 #. ================== EXTENDED CAPABILITIES ==================
2989 #: build/C/man7/cpuset.7:391
2991 "The \"allowed\" fields were added in Linux 2.6.24; the \"allowed_list\" "
2992 "fields were added in Linux 2.6.26."
2996 #: build/C/man7/cpuset.7:391
2998 msgid "EXTENDED CAPABILITIES"
3001 #. ================== Exclusive Cpusets ==================
3003 #: build/C/man7/cpuset.7:399
3005 "In addition to controlling which I<cpus> and I<mems> a process is allowed to "
3006 "use, cpusets provide the following extended capabilities."
3010 #: build/C/man7/cpuset.7:399
3012 msgid "Exclusive cpusets"
3016 #: build/C/man7/cpuset.7:406
3018 "If a cpuset is marked I<cpu_exclusive> or I<mem_exclusive>, no other cpuset, "
3019 "other than a direct ancestor or descendant, may share any of the same CPUs "
3023 #. ================== Hardwall ==================
3025 #: build/C/man7/cpuset.7:432
3027 "A cpuset that is I<mem_exclusive> restricts kernel allocations for buffer "
3028 "cache pages and other internal kernel data pages commonly shared by the "
3029 "kernel across multiple users. All cpusets, whether I<mem_exclusive> or not, "
3030 "restrict allocations of memory for user space. This enables configuring a "
3031 "system so that several independent jobs can share common kernel data, while "
3032 "isolating each job's user allocation in its own cpuset. To do this, "
3033 "construct a large I<mem_exclusive> cpuset to hold all the jobs, and "
3034 "construct child, non-I<mem_exclusive> cpusets for each individual job. Only "
3035 "a small amount of kernel memory, such as requests from interrupt handlers, "
3036 "is allowed to be placed on memory nodes outside even a I<mem_exclusive> "
3041 #: build/C/man7/cpuset.7:432
3047 #: build/C/man7/cpuset.7:447
3049 "A cpuset that has I<mem_exclusive> or I<mem_hardwall> set is a I<hardwall> "
3050 "cpuset. A I<hardwall> cpuset restricts kernel allocations for page, buffer, "
3051 "and other data commonly shared by the kernel across multiple users. All "
3052 "cpusets, whether I<hardwall> or not, restrict allocations of memory for user "
3057 #: build/C/man7/cpuset.7:458
3059 "This enables configuring a system so that several independent jobs can share "
3060 "common kernel data, such as file system pages, while isolating each job's "
3061 "user allocation in its own cpuset. To do this, construct a large "
3062 "I<hardwall> cpuset to hold all the jobs, and construct child cpusets for "
3063 "each individual job which are not I<hardwall> cpusets."
3066 #. ================== Notify On Release ==================
3068 #: build/C/man7/cpuset.7:464
3070 "Only a small amount of kernel memory, such as requests from interrupt "
3071 "handlers, is allowed to be taken outside even a I<hardwall> cpuset."
3075 #: build/C/man7/cpuset.7:464
3077 msgid "Notify on release"
3081 #: build/C/man7/cpuset.7:476
3083 "If the I<notify_on_release> flag is enabled (1) in a cpuset, then whenever "
3084 "the last process in the cpuset leaves (exits or attaches to some other "
3085 "cpuset) and the last child cpuset of that cpuset is removed, the kernel "
3086 "will run the command I</sbin/cpuset_release_agent>, supplying the pathname "
3087 "(relative to the mount point of the cpuset file system) of the abandoned "
3088 "cpuset. This enables automatic removal of abandoned cpusets."
3092 #: build/C/man7/cpuset.7:484
3094 "The default value of I<notify_on_release> in the root cpuset at system boot "
3095 "is disabled (0). The default value of other cpusets at creation is the "
3096 "current value of their parent's I<notify_on_release> setting."
3100 #: build/C/man7/cpuset.7:492
3102 "The command I</sbin/cpuset_release_agent> is invoked, with the name "
3103 "(I</dev/cpuset> relative path) of the to-be-released cpuset in I<argv[1]>."
3107 #: build/C/man7/cpuset.7:496
3109 "The usual contents of the command I</sbin/cpuset_release_agent> is simply "
3114 #: build/C/man7/cpuset.7:501
3118 "rmdir /dev/cpuset/$1\n"
3121 #. ================== Memory Pressure ==================
3123 #: build/C/man7/cpuset.7:509
3125 "As with other flag values below, this flag can be changed by writing an "
3126 "ASCII number 0 or 1 (with optional trailing newline) into the file, to "
3127 "clear or set the flag, respectively."
3131 #: build/C/man7/cpuset.7:509
3133 msgid "Memory pressure"
3137 #: build/C/man7/cpuset.7:515
3139 "The I<memory_pressure> of a cpuset provides a simple per-cpuset running "
3140 "average of the rate that the processes in a cpuset are attempting to free up "
3141 "in-use memory on the nodes of the cpuset to satisfy additional memory "
3146 #: build/C/man7/cpuset.7:519
3148 "This enables batch managers that are monitoring jobs running in dedicated "
3149 "cpusets to efficiently detect what level of memory pressure that job is "
3154 #: build/C/man7/cpuset.7:526
3156 "This is useful both on tightly managed systems running a wide mix of "
3157 "submitted jobs, which may choose to terminate or reprioritize jobs that are "
3158 "trying to use more memory than allowed on the nodes assigned them, and with "
3159 "tightly coupled, long-running, massively parallel scientific computing jobs "
3160 "that will dramatically fail to meet required performance goals if they start "
3161 "to use more memory than allowed to them."
3165 #: build/C/man7/cpuset.7:531
3167 "This mechanism provides a very economical way for the batch manager to "
3168 "monitor a cpuset for signs of memory pressure. It's up to the batch manager "
3169 "or other user code to decide what action to take if it detects signs of "
3174 #: build/C/man7/cpuset.7:538
3176 "Unless memory pressure calculation is enabled by setting the pseudo-file "
3177 "I</dev/cpuset/cpuset.memory_pressure_enabled>, it is not computed for any "
3178 "cpuset, and reads from any I<memory_pressure> always return zero, as "
3179 "represented by the ASCII string \"0\\en\". See the B<WARNINGS> section, "
3184 #: build/C/man7/cpuset.7:540
3185 msgid "A per-cpuset, running average is employed for the following reasons:"
3189 #: build/C/man7/cpuset.7:545
3191 "Because this meter is per-cpuset rather than per-process or per virtual "
3192 "memory region, the system load imposed by a batch scheduler monitoring this "
3193 "metric is sharply reduced on large systems, because a scan of the tasklist "
3194 "can be avoided on each set of queries."
3198 #: build/C/man7/cpuset.7:550
3200 "Because this meter is a running average rather than an accumulating counter, "
3201 "a batch scheduler can detect memory pressure with a single read, instead of "
3202 "having to read and accumulate results for a period of time."
3206 #: build/C/man7/cpuset.7:556
3208 "Because this meter is per-cpuset rather than per-process, the batch "
3209 "scheduler can obtain the key information\\(emmemory pressure in a "
3210 "cpuset\\(emwith a single read, rather than having to query and accumulate "
3211 "results over all the (dynamically changing) set of processes in the cpuset."
3215 #: build/C/man7/cpuset.7:564
3217 "The I<memory_pressure> of a cpuset is calculated using a per-cpuset simple "
3218 "digital filter that is kept within the kernel. For each cpuset, this filter "
3219 "tracks the recent rate at which processes attached to that cpuset enter the "
3220 "kernel direct reclaim code."
3224 #: build/C/man7/cpuset.7:573
3226 "The kernel direct reclaim code is entered whenever a process has to satisfy "
3227 "a memory page request by first finding some other page to repurpose, due to "
3228 "lack of any readily available already free pages. Dirty file system pages "
3229 "are repurposed by first writing them to disk. Unmodified file system buffer "
3230 "pages are repurposed by simply dropping them, though if that page is needed "
3231 "again, it will have to be reread from disk."
3234 #. ================== Memory Spread ==================
3236 #: build/C/man7/cpuset.7:581
3238 "The I<cpuset.memory_pressure> file provides an integer number representing "
3239 "the recent (half-life of 10 seconds) rate of entries to the direct reclaim "
3240 "code caused by any process in the cpuset, in units of reclaims attempted per "
3241 "second, times 1000."
3245 #: build/C/man7/cpuset.7:581
3247 msgid "Memory spread"
3251 #: build/C/man7/cpuset.7:589
3253 "There are two Boolean flag files per cpuset that control where the kernel "
3254 "allocates pages for the file-system buffers and related in-kernel data "
3255 "structures. They are called I<cpuset.memory_spread_page> and "
3256 "I<cpuset.memory_spread_slab>."
3260 #: build/C/man7/cpuset.7:596
3262 "If the per-cpuset Boolean flag file I<cpuset.memory_spread_page> is set, "
3263 "then the kernel will spread the file-system buffers (page cache) evenly over "
3264 "all the nodes that the faulting process is allowed to use, instead of "
3265 "preferring to put those pages on the node where the process is running."
3269 #: build/C/man7/cpuset.7:604
3271 "If the per-cpuset Boolean flag file I<cpuset.memory_spread_slab> is set, "
3272 "then the kernel will spread some file-system-related slab caches, such as "
3273 "those for inodes and directory entries, evenly over all the nodes that the "
3274 "faulting process is allowed to use, instead of preferring to put those pages "
3275 "on the node where the process is running."
3279 #: build/C/man7/cpuset.7:609
3281 "The setting of these flags does not affect the data segment (see B<brk>(2)) "
3282 "or stack segment pages of a process."
3286 #: build/C/man7/cpuset.7:617
3288 "By default, both kinds of memory spreading are off and the kernel prefers to "
3289 "allocate memory pages on the node local to where the requesting process is "
3290 "running. If that node is not allowed by the process's NUMA memory policy or "
3291 "cpuset configuration or if there are insufficient free memory pages on that "
3292 "node, then the kernel looks for the nearest node that is allowed and has "
3293 "sufficient free memory."
3297 #: build/C/man7/cpuset.7:620
3299 "When new cpusets are created, they inherit the memory spread settings of "
3304 #: build/C/man7/cpuset.7:635
3306 "Setting memory spreading causes allocations for the affected page or slab "
3307 "caches to ignore the process's NUMA memory policy and be spread instead. "
3308 "However, the effect of these changes in memory placement caused by "
3309 "cpuset-specified memory spreading is hidden from the B<mbind>(2) or "
3310 "B<set_mempolicy>(2) calls. These two NUMA memory policy calls always "
3311 "appear to behave as if no cpuset-specified memory spreading is in effect, "
3312 "even if it is. If cpuset memory spreading is subsequently turned off, the "
3313 "NUMA memory policy most recently specified by these calls is automatically "
3318 #: build/C/man7/cpuset.7:644
3320 "Both I<cpuset.memory_spread_page> and I<cpuset.memory_spread_slab> are "
3321 "Boolean flag files. By default they contain \"0\", meaning that the feature "
3322 "is off for that cpuset. If a \"1\" is written to that file, that turns the "
3327 #: build/C/man7/cpuset.7:647
3329 "Cpuset-specified memory spreading behaves similarly to what is known (in "
3330 "other contexts) as round-robin or interleave memory placement."
3334 #: build/C/man7/cpuset.7:650
3336 "Cpuset-specified memory spreading can provide substantial performance "
3337 "improvements for jobs that:"
3341 #: build/C/man7/cpuset.7:650
3347 #: build/C/man7/cpuset.7:654
3349 "need to place thread-local data on memory nodes close to the CPUs which are "
3350 "running the threads that most frequently access that data; but also"
3354 #: build/C/man7/cpuset.7:654
3360 #: build/C/man7/cpuset.7:657
3362 "need to access large file-system data sets that must to be spread across the "
3363 "several nodes in the job's cpuset in order to fit."
3366 #. ================== Memory Migration ==================
3368 #: build/C/man7/cpuset.7:664
3370 "Without this policy, the memory allocation across the nodes in the job's "
3371 "cpuset can become very uneven, especially for jobs that might have just a "
3372 "single thread initializing or reading in the data set."
3376 #: build/C/man7/cpuset.7:664
3378 msgid "Memory migration"
3382 #: build/C/man7/cpuset.7:673
3384 "Normally, under the default setting (disabled) of I<cpuset.memory_migrate>, "
3385 "once a page is allocated (given a physical page of main memory) then that "
3386 "page stays on whatever node it was allocated, so long as it remains "
3387 "allocated, even if the cpuset's memory-placement policy I<mems> subsequently "
3392 #: build/C/man7/cpuset.7:679
3394 "When memory migration is enabled in a cpuset, if the I<mems> setting of the "
3395 "cpuset is changed, then any memory page in use by any process in the cpuset "
3396 "that is on a memory node that is no longer allowed will be migrated to a "
3397 "memory node that is allowed."
3401 #: build/C/man7/cpuset.7:685
3403 "Furthermore, if a process is moved into a cpuset with I<memory_migrate> "
3404 "enabled, any memory pages it uses that were on memory nodes allowed in its "
3405 "previous cpuset, but which are not allowed in its new cpuset, will be "
3406 "migrated to a memory node allowed in the new cpuset."
3409 #. ================== Scheduler Load Balancing ==================
3411 #: build/C/man7/cpuset.7:693
3413 "The relative placement of a migrated page within the cpuset is preserved "
3414 "during these migration operations if possible. For example, if the page was "
3415 "on the second valid node of the prior cpuset, then the page will be placed "
3416 "on the second valid node of the new cpuset, if possible."
3420 #: build/C/man7/cpuset.7:693
3422 msgid "Scheduler load balancing"
3426 #: build/C/man7/cpuset.7:700
3428 "The kernel scheduler automatically load balances processes. If one CPU is "
3429 "underutilized, the kernel will look for processes on other more overloaded "
3430 "CPUs and move those processes to the underutilized CPU, within the "
3431 "constraints of such placement mechanisms as cpusets and "
3432 "B<sched_setaffinity>(2)."
3436 #: build/C/man7/cpuset.7:713
3438 "The algorithmic cost of load balancing and its impact on key shared kernel "
3439 "data structures such as the process list increases more than linearly with "
3440 "the number of CPUs being balanced. For example, it costs more to load "
3441 "balance across one large set of CPUs than it does to balance across two "
3442 "smaller sets of CPUs, each of half the size of the larger set. (The precise "
3443 "relationship between the number of CPUs being balanced and the cost of load "
3444 "balancing depends on implementation details of the kernel process scheduler, "
3445 "which is subject to change over time, as improved kernel scheduler "
3446 "algorithms are implemented.)"
3450 #: build/C/man7/cpuset.7:719
3452 "The per-cpuset flag I<sched_load_balance> provides a mechanism to suppress "
3453 "this automatic scheduler load balancing in cases where it is not needed and "
3454 "suppressing it would have worthwhile performance benefits."
3458 #: build/C/man7/cpuset.7:723
3460 "By default, load balancing is done across all CPUs, except those marked "
3461 "isolated using the kernel boot time \"isolcpus=\" argument. (See "
3462 "B<Scheduler Relax Domain Level>, below, to change this default.)"
3466 #: build/C/man7/cpuset.7:726
3468 "This default load balancing across all CPUs is not well suited to the "
3469 "following two situations:"
3473 #: build/C/man7/cpuset.7:730
3475 "On large systems, load balancing across many CPUs is expensive. If the "
3476 "system is managed using cpusets to place independent jobs on separate sets "
3477 "of CPUs, full load balancing is unnecessary."
3481 #: build/C/man7/cpuset.7:734
3483 "Systems supporting real-time on some CPUs need to minimize system overhead "
3484 "on those CPUs, including avoiding process load balancing if that is not "
3489 #: build/C/man7/cpuset.7:744
3491 "When the per-cpuset flag I<sched_load_balance> is enabled (the default "
3492 "setting), it requests load balancing across all the CPUs in that cpuset's "
3493 "allowed CPUs, ensuring that load balancing can move a process (not otherwise "
3494 "pinned, as by B<sched_setaffinity>(2)) from any CPU in that cpuset to any "
3499 #: build/C/man7/cpuset.7:753
3501 "When the per-cpuset flag I<sched_load_balance> is disabled, then the "
3502 "scheduler will avoid load balancing across the CPUs in that cpuset, "
3503 "I<except> in so far as is necessary because some overlapping cpuset has "
3504 "I<sched_load_balance> enabled."
3508 #: build/C/man7/cpuset.7:761
3510 "So, for example, if the top cpuset has the flag I<sched_load_balance> "
3511 "enabled, then the scheduler will load balance across all CPUs, and the "
3512 "setting of the I<sched_load_balance> flag in other cpusets has no effect, as "
3513 "we're already fully load balancing."
3517 #: build/C/man7/cpuset.7:766
3519 "Therefore in the above two situations, the flag I<sched_load_balance> should "
3520 "be disabled in the top cpuset, and only some of the smaller, child cpusets "
3521 "would have this flag enabled."
3525 #: build/C/man7/cpuset.7:774
3527 "When doing this, you don't usually want to leave any unpinned processes in "
3528 "the top cpuset that might use nontrivial amounts of CPU, as such processes "
3529 "may be artificially constrained to some subset of CPUs, depending on the "
3530 "particulars of this flag setting in descendant cpusets. Even if such a "
3531 "process could use spare CPU cycles in some other CPUs, the kernel scheduler "
3532 "might not consider the possibility of load balancing that process to the "
3536 #. ================== Scheduler Relax Domain Level ==================
3538 #: build/C/man7/cpuset.7:780
3540 "Of course, processes pinned to a particular CPU can be left in a cpuset that "
3541 "disables I<sched_load_balance> as those processes aren't going anywhere else "
3546 #: build/C/man7/cpuset.7:780
3548 msgid "Scheduler relax domain level"
3552 #: build/C/man7/cpuset.7:801
3554 "The kernel scheduler performs immediate load balancing whenever a CPU "
3555 "becomes free or another task becomes runnable. This load balancing works to "
3556 "ensure that as many CPUs as possible are usefully employed running tasks. "
3557 "The kernel also performs periodic load balancing off the software clock "
3558 "described in I<time>(7). The setting of I<sched_relax_domain_level> applies "
3559 "only to immediate load balancing. Regardless of the "
3560 "I<sched_relax_domain_level> setting, periodic load balancing is attempted "
3561 "over all CPUs (unless disabled by turning off I<sched_load_balance>.) In "
3562 "any case, of course, tasks will be scheduled to run only on CPUs allowed by "
3563 "their cpuset, as modified by B<sched_setaffinity>(2) system calls."
3567 #: build/C/man7/cpuset.7:809
3569 "On small systems, such as those with just a few CPUs, immediate load "
3570 "balancing is useful to improve system interactivity and to minimize wasteful "
3571 "idle CPU cycles. But on large systems, attempting immediate load balancing "
3572 "across a large number of CPUs can be more costly than it is worth, depending "
3573 "on the particular performance characteristics of the job mix and the "
3578 #: build/C/man7/cpuset.7:817
3580 "The exact meaning of the small integer values of I<sched_relax_domain_level> "
3581 "will depend on internal implementation details of the kernel scheduler code "
3582 "and on the non-uniform architecture of the hardware. Both of these will "
3583 "evolve over time and vary by system architecture and kernel version."
3587 #: build/C/man7/cpuset.7:822
3589 "As of this writing, when this capability was introduced in Linux 2.6.26, on "
3590 "certain popular architectures, the positive values of "
3591 "I<sched_relax_domain_level> have the following meanings."
3595 #: build/C/man7/cpuset.7:824
3601 #: build/C/man7/cpuset.7:827
3603 "Perform immediate load balancing across Hyper-Thread siblings on the same "
3608 #: build/C/man7/cpuset.7:827
3614 #: build/C/man7/cpuset.7:829
3615 msgid "Perform immediate load balancing across other cores in the same package."
3619 #: build/C/man7/cpuset.7:829
3625 #: build/C/man7/cpuset.7:832
3627 "Perform immediate load balancing across other CPUs on the same node or "
3632 #: build/C/man7/cpuset.7:832
3638 #: build/C/man7/cpuset.7:835
3640 "Perform immediate load balancing across over several (implementation detail) "
3641 "nodes [On NUMA systems]."
3645 #: build/C/man7/cpuset.7:835
3651 #: build/C/man7/cpuset.7:838
3653 "Perform immediate load balancing across over all CPUs in system [On NUMA "
3658 #: build/C/man7/cpuset.7:847
3660 "The I<sched_relax_domain_level> value of zero (0) always means don't perform "
3661 "immediate load balancing, hence that load balancing is done only "
3662 "periodically, not immediately when a CPU becomes available or another task "
3667 #: build/C/man7/cpuset.7:855
3669 "The I<sched_relax_domain_level> value of minus one (-1) always means use "
3670 "the system default value. The system default value can vary by architecture "
3671 "and kernel version. This system default value can be changed by kernel "
3672 "boot-time \"relax_domain_level=\" argument."
3676 #: build/C/man7/cpuset.7:863
3678 "In the case of multiple overlapping cpusets which have conflicting "
3679 "I<sched_relax_domain_level> values, then the highest such value applies to "
3680 "all CPUs in any of the overlapping cpusets. In such cases, the value "
3681 "B<minus one (-1)> is the lowest value, overridden by any other value, and "
3682 "the value B<zero (0)> is the next lowest value."
3686 #: build/C/man7/cpuset.7:863
3691 #. ================== Mask Format ==================
3693 #: build/C/man7/cpuset.7:867
3694 msgid "The following formats are used to represent sets of CPUs and memory nodes."
3698 #: build/C/man7/cpuset.7:867
3704 #: build/C/man7/cpuset.7:872
3706 "The B<Mask Format> is used to represent CPU and memory-node bit masks in the "
3707 "I</proc/E<lt>pidE<gt>/status> file."
3711 #: build/C/man7/cpuset.7:880
3713 "This format displays each 32-bit word in hexadecimal (using ASCII characters "
3714 "\"0\" - \"9\" and \"a\" - \"f\"); words are filled with leading zeros, if "
3715 "required. For masks longer than one word, a comma separator is used between "
3716 "words. Words are displayed in big-endian order, which has the most "
3717 "significant bit first. The hex digits within a word are also in big-endian "
3722 #: build/C/man7/cpuset.7:883
3724 "The number of 32-bit words displayed is the minimum number needed to display "
3725 "all bits of the bit mask, based on the size of the bit mask."
3729 #: build/C/man7/cpuset.7:885
3730 msgid "Examples of the B<Mask Format>:"
3734 #: build/C/man7/cpuset.7:893
3737 "00000001 # just bit 0 set\n"
3738 "40000000,00000000,00000000 # just bit 94 set\n"
3739 "00000001,00000000,00000000 # just bit 64 set\n"
3740 "000000ff,00000000 # bits 32-39 set\n"
3741 "00000000,000E3862 # 1,5,6,11-13,17-19 set\n"
3745 #: build/C/man7/cpuset.7:897
3746 msgid "A mask with bits 0, 1, 2, 4, 8, 16, 32, and 64 set displays as:"
3750 #: build/C/man7/cpuset.7:901
3752 msgid "00000001,00000001,00010117\n"
3755 #. ================== List Format ==================
3757 #: build/C/man7/cpuset.7:908
3759 "The first \"1\" is for bit 64, the second for bit 32, the third for bit 16, "
3760 "the fourth for bit 8, the fifth for bit 4, and the \"7\" is for bits 2, 1, "
3765 #: build/C/man7/cpuset.7:908
3771 #: build/C/man7/cpuset.7:915
3773 "The B<List Format> for I<cpus> and I<mems> is a comma-separated list of CPU "
3774 "or memory-node numbers and ranges of numbers, in ASCII decimal."
3778 #: build/C/man7/cpuset.7:917
3779 msgid "Examples of the B<List Format>:"
3783 #: build/C/man7/cpuset.7:922
3786 "0-4,9 # bits 0, 1, 2, 3, 4, and 9 set\n"
3787 "0-2,7,12-14 # bits 0, 1, 2, 7, 12, 13, and 14 set\n"
3790 #. ================== RULES ==================
3792 #: build/C/man7/cpuset.7:925
3798 #: build/C/man7/cpuset.7:927
3799 msgid "The following rules apply to each cpuset:"
3803 #: build/C/man7/cpuset.7:930
3805 "Its CPUs and memory nodes must be a (possibly equal) subset of its "
3810 #: build/C/man7/cpuset.7:934
3811 msgid "It can be marked I<cpu_exclusive> only if its parent is."
3815 #: build/C/man7/cpuset.7:938
3816 msgid "It can be marked I<mem_exclusive> only if its parent is."
3820 #: build/C/man7/cpuset.7:942
3821 msgid "If it is I<cpu_exclusive>, its CPUs may not overlap any sibling."
3824 #. ================== PERMISSIONS ==================
3826 #: build/C/man7/cpuset.7:947
3827 msgid "If it is I<memory_exclusive>, its memory nodes may not overlap any sibling."
3831 #: build/C/man7/cpuset.7:947
3837 #: build/C/man7/cpuset.7:952
3839 "The permissions of a cpuset are determined by the permissions of the "
3840 "directories and pseudo-files in the cpuset file system, normally mounted at "
3845 #: build/C/man7/cpuset.7:961
3847 "For instance, a process can put itself in some other cpuset (than its "
3848 "current one) if it can write the I<tasks> file for that cpuset. This "
3849 "requires execute permission on the encompassing directories and write "
3850 "permission on the I<tasks> file."
3854 #: build/C/man7/cpuset.7:968
3856 "An additional constraint is applied to requests to place some other process "
3857 "in a cpuset. One process may not attach another to a cpuset unless it would "
3858 "have permission to send that process a signal (see B<kill>(2))."
3862 #: build/C/man7/cpuset.7:979
3864 "A process may create a child cpuset if it can access and write the parent "
3865 "cpuset directory. It can modify the CPUs or memory nodes in a cpuset if it "
3866 "can access that cpuset's directory (execute permissions on the each of the "
3867 "parent directories) and write the corresponding I<cpus> or I<mems> file."
3871 #: build/C/man7/cpuset.7:1000
3873 "There is one minor difference between the manner in which these permissions "
3874 "are evaluated and the manner in which normal file-system operation "
3875 "permissions are evaluated. The kernel interprets relative pathnames "
3876 "starting at a process's current working directory. Even if one is operating "
3877 "on a cpuset file, relative pathnames are interpreted relative to the "
3878 "process's current working directory, not relative to the process's current "
3879 "cpuset. The only ways that cpuset paths relative to a process's current "
3880 "cpuset can be used are if either the process's current working directory is "
3881 "its cpuset (it first did a B<cd> or B<chdir>(2) to its cpuset directory "
3882 "beneath I</dev/cpuset>, which is a bit unusual) or if some user code "
3883 "converts the relative cpuset path to a full file-system path."
3886 #. ================== WARNINGS ==================
3888 #: build/C/man7/cpuset.7:1015
3890 "In theory, this means that user code should specify cpusets using absolute "
3891 "pathnames, which requires knowing the mount point of the cpuset file system "
3892 "(usually, but not necessarily, I</dev/cpuset>). In practice, all user level "
3893 "code that this author is aware of simply assumes that if the cpuset file "
3894 "system is mounted, then it is mounted at I</dev/cpuset>. Furthermore, it is "
3895 "common practice for carefully written user code to verify the presence of "
3896 "the pseudo-file I</dev/cpuset/tasks> in order to verify that the cpuset "
3897 "pseudo-file system is currently mounted."
3901 #: build/C/man7/cpuset.7:1015
3907 #: build/C/man7/cpuset.7:1016
3909 msgid "Enabling memory_pressure"
3913 #: build/C/man7/cpuset.7:1025
3915 "By default, the per-cpuset file I<cpuset.memory_pressure> always contains "
3916 "zero (0). Unless this feature is enabled by writing \"1\" to the "
3917 "pseudo-file I</dev/cpuset/cpuset.memory_pressure_enabled>, the kernel does "
3918 "not compute per-cpuset I<memory_pressure>."
3922 #: build/C/man7/cpuset.7:1025
3924 msgid "Using the echo command"
3927 #. Gack! csh(1)'s echo does this
3929 #: build/C/man7/cpuset.7:1036
3931 "When using the B<echo> command at the shell prompt to change the values of "
3932 "cpuset files, beware that the built-in B<echo> command in some shells does "
3933 "not display an error message if the B<write>(2) system call fails. For "
3934 "example, if the command:"
3938 #: build/C/man7/cpuset.7:1040
3940 msgid "echo 19 E<gt> cpuset.mems\n"
3944 #: build/C/man7/cpuset.7:1053
3946 "failed because memory node 19 was not allowed (perhaps the current system "
3947 "does not have a memory node 19), then the B<echo> command might not display "
3948 "any error. It is better to use the B</bin/echo> external command to change "
3949 "cpuset file settings, as this command will display B<write>(2) errors, as "
3954 #: build/C/man7/cpuset.7:1058
3957 "/bin/echo 19 E<gt> cpuset.mems\n"
3958 "/bin/echo: write error: Invalid argument\n"
3961 #. ================== EXCEPTIONS ==================
3963 #: build/C/man7/cpuset.7:1061
3969 #: build/C/man7/cpuset.7:1062
3971 msgid "Memory placement"
3975 #: build/C/man7/cpuset.7:1065
3977 "Not all allocations of system memory are constrained by cpusets, for the "
3978 "following reasons."
3982 #: build/C/man7/cpuset.7:1080
3984 "If hot-plug functionality is used to remove all the CPUs that are currently "
3985 "assigned to a cpuset, then the kernel will automatically update the "
3986 "I<cpus_allowed> of all processes attached to CPUs in that cpuset to allow "
3987 "all CPUs. When memory hot-plug functionality for removing memory nodes is "
3988 "available, a similar exception is expected to apply there as well. In "
3989 "general, the kernel prefers to violate cpuset placement, rather than "
3990 "starving a process that has had all its allowed CPUs or memory nodes taken "
3991 "offline. User code should reconfigure cpusets to refer only to online CPUs "
3992 "and memory nodes when using hot-plug to add or remove such resources."
3996 #: build/C/man7/cpuset.7:1088
3998 "A few kernel-critical, internal memory-allocation requests, marked "
3999 "GFP_ATOMIC, must be satisfied immediately. The kernel may drop some request "
4000 "or malfunction if one of these allocations fail. If such a request cannot "
4001 "be satisfied within the current process's cpuset, then we relax the cpuset, "
4002 "and look for memory anywhere we can find it. It's better to violate the "
4003 "cpuset than stress the kernel."
4007 #: build/C/man7/cpuset.7:1092
4009 "Allocations of memory requested by kernel drivers while processing an "
4010 "interrupt lack any relevant process context, and are not confined by "
4015 #: build/C/man7/cpuset.7:1092
4017 msgid "Renaming cpusets"
4020 #. ================== ERRORS ==================
4022 #: build/C/man7/cpuset.7:1100
4024 "You can use the B<rename>(2) system call to rename cpusets. Only simple "
4025 "renaming is supported; that is, changing the name of a cpuset directory is "
4026 "permitted, but moving a directory into a different directory is not "
4031 #: build/C/man7/cpuset.7:1104
4033 "The Linux kernel implementation of cpusets sets I<errno> to specify the "
4034 "reason for a failed system call affecting cpusets."
4038 #: build/C/man7/cpuset.7:1109
4040 "The possible I<errno> settings and their meaning when set on a failed cpuset "
4041 "call are as listed below."
4045 #: build/C/man7/cpuset.7:1109
4051 #: build/C/man7/cpuset.7:1116
4053 "Attempted a B<write>(2) on a special cpuset file with a length larger than "
4054 "some kernel-determined upper limit on the length of such writes."
4058 #: build/C/man7/cpuset.7:1123
4060 "Attempted to B<write>(2) the process ID (PID) of a process to a cpuset "
4061 "I<tasks> file when one lacks permission to move that process."
4065 #: build/C/man7/cpuset.7:1129
4067 "Attempted to add, using B<write>(2), a CPU or memory node to a cpuset, when "
4068 "that CPU or memory node was not already in its parent."
4072 #: build/C/man7/cpuset.7:1137
4074 "Attempted to set, using B<write>(2), I<cpuset.cpu_exclusive> or "
4075 "I<cpuset.mem_exclusive> on a cpuset whose parent lacks the same setting."
4079 #: build/C/man7/cpuset.7:1144
4080 msgid "Attempted to B<write>(2) a I<cpuset.memory_pressure> file."
4084 #: build/C/man7/cpuset.7:1147
4085 msgid "Attempted to create a file in a cpuset directory."
4089 #: build/C/man7/cpuset.7:1147 build/C/man7/cpuset.7:1152 build/C/man7/cpuset.7:1157
4095 #: build/C/man7/cpuset.7:1152
4096 msgid "Attempted to remove, using B<rmdir>(2), a cpuset with attached processes."
4100 #: build/C/man7/cpuset.7:1157
4101 msgid "Attempted to remove, using B<rmdir>(2), a cpuset with child cpusets."
4105 #: build/C/man7/cpuset.7:1162
4107 "Attempted to remove a CPU or memory node from a cpuset that is also in a "
4108 "child of that cpuset."
4112 #: build/C/man7/cpuset.7:1162 build/C/man7/cpuset.7:1167
4118 #: build/C/man7/cpuset.7:1167
4119 msgid "Attempted to create, using B<mkdir>(2), a cpuset that already exists."
4123 #: build/C/man7/cpuset.7:1172
4124 msgid "Attempted to B<rename>(2) a cpuset to a name that already exists."
4128 #: build/C/man7/cpuset.7:1180
4130 "Attempted to B<read>(2) or B<write>(2) a cpuset file using a buffer that "
4131 "is outside the writing processes accessible address space."
4135 #: build/C/man7/cpuset.7:1189
4137 "Attempted to change a cpuset, using B<write>(2), in a way that would violate "
4138 "a I<cpu_exclusive> or I<mem_exclusive> attribute of that cpuset or any of "
4143 #: build/C/man7/cpuset.7:1198
4145 "Attempted to B<write>(2) an empty I<cpuset.cpus> or I<cpuset.mems> list to "
4146 "a cpuset which has attached processes or child cpusets."
4150 #: build/C/man7/cpuset.7:1208
4152 "Attempted to B<write>(2) a I<cpuset.cpus> or I<cpuset.mems> list which "
4153 "included a range with the second number smaller than the first number."
4157 #: build/C/man7/cpuset.7:1217
4159 "Attempted to B<write>(2) a I<cpuset.cpus> or I<cpuset.mems> list which "
4160 "included an invalid character in the string."
4164 #: build/C/man7/cpuset.7:1224
4166 "Attempted to B<write>(2) a list to a I<cpuset.cpus> file that did not "
4167 "include any online CPUs."
4171 #: build/C/man7/cpuset.7:1231
4173 "Attempted to B<write>(2) a list to a I<cpuset.mems> file that did not "
4174 "include any online memory nodes."
4178 #: build/C/man7/cpuset.7:1238
4180 "Attempted to B<write>(2) a list to a I<cpuset.mems> file that included a "
4181 "node that held no memory."
4185 #: build/C/man7/cpuset.7:1246
4187 "Attempted to B<write>(2) a string to a cpuset I<tasks> file that does not "
4188 "begin with an ASCII decimal integer."
4192 #: build/C/man7/cpuset.7:1251
4193 msgid "Attempted to B<rename>(2) a cpuset into a different directory."
4197 #: build/C/man7/cpuset.7:1258
4199 "Attempted to B<read>(2) a I</proc/E<lt>pidE<gt>/cpuset> file for a cpuset "
4200 "path that is longer than the kernel page size."
4204 #: build/C/man7/cpuset.7:1263
4206 "Attempted to create, using B<mkdir>(2), a cpuset whose base directory name "
4207 "is longer than 255 characters."
4211 #: build/C/man7/cpuset.7:1270
4213 "Attempted to create, using B<mkdir>(2), a cpuset whose full pathname, "
4214 "including the mount point (typically \"/dev/cpuset/\") prefix, is longer "
4215 "than 4095 characters."
4219 #: build/C/man7/cpuset.7:1270
4225 #: build/C/man7/cpuset.7:1275
4227 "The cpuset was removed by another process at the same time as a B<write>(2) "
4228 "was attempted on one of the pseudo-files in the cpuset directory."
4232 #: build/C/man7/cpuset.7:1280
4234 "Attempted to create, using B<mkdir>(2), a cpuset in a parent cpuset that "
4239 #: build/C/man7/cpuset.7:1287
4241 "Attempted to B<access>(2) or B<open>(2) a nonexistent file in a cpuset "
4246 #: build/C/man7/cpuset.7:1292
4248 "Insufficient memory is available within the kernel; can occur on a variety "
4249 "of system calls affecting cpusets, but only if the system is extremely short "
4254 #: build/C/man7/cpuset.7:1292 build/C/man7/cpuset.7:1304
4260 #: build/C/man7/cpuset.7:1304
4262 "Attempted to B<write>(2) the process ID (PID) of a process to a cpuset "
4263 "I<tasks> file when the cpuset had an empty I<cpuset.cpus> or empty "
4264 "I<cpuset.mems> setting."
4268 #: build/C/man7/cpuset.7:1314
4270 "Attempted to B<write>(2) an empty I<cpuset.cpus> or I<cpuset.mems> setting "
4271 "to a cpuset that has tasks attached."
4275 #: build/C/man7/cpuset.7:1319
4276 msgid "Attempted to B<rename>(2) a nonexistent cpuset."
4280 #: build/C/man7/cpuset.7:1322
4281 msgid "Attempted to remove a file from a cpuset directory."
4285 #: build/C/man7/cpuset.7:1322
4291 #: build/C/man7/cpuset.7:1330
4293 "Specified a I<cpuset.cpus> or I<cpuset.mems> list to the kernel which "
4294 "included a number too large for the kernel to set in its bit masks."
4297 #. ================== VERSIONS ==================
4299 #: build/C/man7/cpuset.7:1338
4301 "Attempted to B<write>(2) the process ID (PID) of a nonexistent process to a "
4302 "cpuset I<tasks> file."
4305 #. ================== NOTES ==================
4307 #: build/C/man7/cpuset.7:1341
4308 msgid "Cpusets appeared in version 2.6.12 of the Linux kernel."
4311 #. ================== BUGS ==================
4313 #: build/C/man7/cpuset.7:1352
4315 "Despite its name, the I<pid> parameter is actually a thread ID, and each "
4316 "thread in a threaded group can be attached to a different cpuset. The value "
4317 "returned from a call to B<gettid>(2) can be passed in the argument I<pid>."
4321 #: build/C/man7/cpuset.7:1352 build/C/man2/getpriority.2:225 build/C/man2/getrlimit.2:525 build/C/man2/ioprio_set.2:337 build/C/man2/setfsgid.2:104 build/C/man2/setfsuid.2:104
4326 #. ================== EXAMPLE ==================
4328 #: build/C/man7/cpuset.7:1365
4330 "I<cpuset.memory_pressure> cpuset files can be opened for writing, creation, "
4331 "or truncation, but then the B<write>(2) fails with I<errno> set to "
4332 "B<EACCES>, and the creation and truncation options on B<open>(2) have no "
4337 #: build/C/man7/cpuset.7:1365 build/C/man2/getrlimit.2:600
4343 #: build/C/man7/cpuset.7:1368
4345 "The following examples demonstrate querying and setting cpuset options using "
4350 #: build/C/man7/cpuset.7:1368
4352 msgid "Creating and attaching to a cpuset."
4356 #: build/C/man7/cpuset.7:1371
4358 "To create a new cpuset and attach the current command shell to it, the steps "
4363 #: build/C/man7/cpuset.7:1373 build/C/man7/cpuset.7:1412
4369 #: build/C/man7/cpuset.7:1375
4370 msgid "mkdir /dev/cpuset (if not already done)"
4374 #: build/C/man7/cpuset.7:1375 build/C/man7/cpuset.7:1418
4380 #: build/C/man7/cpuset.7:1377
4381 msgid "mount -t cpuset none /dev/cpuset (if not already done)"
4385 #: build/C/man7/cpuset.7:1377 build/C/man7/cpuset.7:1421
4391 #: build/C/man7/cpuset.7:1380
4392 msgid "Create the new cpuset using B<mkdir>(1)."
4396 #: build/C/man7/cpuset.7:1380 build/C/man7/cpuset.7:1424
4402 #: build/C/man7/cpuset.7:1382
4403 msgid "Assign CPUs and memory nodes to the new cpuset."
4407 #: build/C/man7/cpuset.7:1382 build/C/man7/cpuset.7:1429
4413 #: build/C/man7/cpuset.7:1384
4414 msgid "Attach the shell to the new cpuset."
4418 #: build/C/man7/cpuset.7:1389
4420 "For example, the following sequence of commands will set up a cpuset named "
4421 "\"Charlie\", containing just CPUs 2 and 3, and memory node 1, and then "
4422 "attach the current shell to that cpuset."
4426 #: build/C/man7/cpuset.7:1403
4429 "$B< mkdir /dev/cpuset>\n"
4430 "$B< mount -t cpuset cpuset /dev/cpuset>\n"
4431 "$B< cd /dev/cpuset>\n"
4432 "$B< mkdir Charlie>\n"
4434 "$B< /bin/echo 2-3 E<gt> cpuset.cpus>\n"
4435 "$B< /bin/echo 1 E<gt> cpuset.mems>\n"
4436 "$B< /bin/echo $$ E<gt> tasks>\n"
4437 "# The current shell is now running in cpuset Charlie\n"
4438 "# The next line should display '/Charlie'\n"
4439 "$B< cat /proc/self/cpuset>\n"
4443 #: build/C/man7/cpuset.7:1405
4445 msgid "Migrating a job to different memory nodes."
4449 #: build/C/man7/cpuset.7:1410
4451 "To migrate a job (the set of processes attached to a cpuset) to different "
4452 "CPUs and memory nodes in the system, including moving the memory pages "
4453 "currently allocated to that job, perform the following steps."
4457 #: build/C/man7/cpuset.7:1418
4459 "Let's say we want to move the job in cpuset I<alpha> (CPUs 4-7 and memory "
4460 "nodes 2-3) to a new cpuset I<beta> (CPUs 16-19 and memory nodes 8-9)."
4464 #: build/C/man7/cpuset.7:1421
4465 msgid "First create the new cpuset I<beta>."
4469 #: build/C/man7/cpuset.7:1424
4470 msgid "Then allow CPUs 16-19 and memory nodes 8-9 in I<beta>."
4474 #: build/C/man7/cpuset.7:1429
4475 msgid "Then enable I<memory_migration> in I<beta>."
4479 #: build/C/man7/cpuset.7:1434
4480 msgid "Then move each process from I<alpha> to I<beta>."
4484 #: build/C/man7/cpuset.7:1437
4485 msgid "The following sequence of commands accomplishes this."
4489 #: build/C/man7/cpuset.7:1447
4492 "$B< cd /dev/cpuset>\n"
4495 "$B< /bin/echo 16-19 E<gt> cpuset.cpus>\n"
4496 "$B< /bin/echo 8-9 E<gt> cpuset.mems>\n"
4497 "$B< /bin/echo 1 E<gt> cpuset.memory_migrate>\n"
4498 "$B< while read i; do /bin/echo $i; done E<lt> ../alpha/tasks E<gt> tasks>\n"
4502 #: build/C/man7/cpuset.7:1456
4504 "The above should move any processes in I<alpha> to I<beta>, and any memory "
4505 "held by these processes on memory nodes 2-3 to memory nodes 8-9, "
4510 #: build/C/man7/cpuset.7:1458
4511 msgid "Notice that the last step of the above sequence did not do:"
4515 #: build/C/man7/cpuset.7:1462
4517 msgid "$B< cp ../alpha/tasks tasks>\n"
4521 #: build/C/man7/cpuset.7:1473
4523 "The I<while> loop, rather than the seemingly easier use of the B<cp>(1) "
4524 "command, was necessary because only one process PID at a time may be written "
4525 "to the I<tasks> file."
4529 #: build/C/man7/cpuset.7:1481
4531 "The same effect (writing one PID at a time) as the I<while> loop can be "
4532 "accomplished more efficiently, in fewer keystrokes and in syntax that works "
4533 "on any shell, but alas more obscurely, by using the B<-u> (unbuffered) "
4534 "option of B<sed>(1):"
4538 #: build/C/man7/cpuset.7:1485
4540 msgid "$B< sed -un p E<lt> ../alpha/tasks E<gt> tasks>\n"
4544 #: build/C/man7/cpuset.7:1502
4546 "B<taskset>(1), B<get_mempolicy>(2), B<getcpu>(2), B<mbind>(2), "
4547 "B<sched_getaffinity>(2), B<sched_setaffinity>(2), B<sched_setscheduler>(2), "
4548 "B<set_mempolicy>(2), B<CPU_SET>(3), B<proc>(5), B<numa>(7), "
4549 "B<migratepages>(8), B<numactl>(8)"
4553 #: build/C/man7/cpuset.7:1505
4554 msgid "I<Documentation/cpusets.txt> in the Linux kernel source tree"
4558 #: build/C/man7/credentials.7:27
4564 #: build/C/man7/credentials.7:27
4570 #: build/C/man7/credentials.7:30
4571 msgid "credentials - process identifiers"
4575 #: build/C/man7/credentials.7:31
4577 msgid "Process ID (PID)"
4581 #: build/C/man7/credentials.7:41
4583 "Each process has a unique nonnegative integer identifier that is assigned "
4584 "when the process is created using B<fork>(2). A process can obtain its PID "
4585 "using B<getpid>(2). A PID is represented using the type I<pid_t> (defined "
4586 "in I<E<lt>sys/types.hE<gt>>)."
4589 #. .BR sched_rr_get_interval (2),
4590 #. .BR sched_getaffinity (2),
4591 #. .BR sched_setaffinity (2),
4592 #. .BR sched_getparam (2),
4593 #. .BR sched_setparam (2),
4594 #. .BR sched_setscheduler (2),
4595 #. .BR sched_getscheduler (2),
4600 #: build/C/man7/credentials.7:62
4602 "PIDs are used in a range of system calls to identify the process affected by "
4603 "the call, for example: B<kill>(2), B<ptrace>(2), B<setpriority>(2) "
4604 "B<setpgid>(2), B<setsid>(2), B<sigqueue>(3), and B<waitpid>(2)."
4608 #: build/C/man7/credentials.7:65
4609 msgid "A process's PID is preserved across an B<execve>(2)."
4613 #: build/C/man7/credentials.7:65
4615 msgid "Parent process ID (PPID)"
4619 #: build/C/man7/credentials.7:73
4621 "A process's parent process ID identifies the process that created this "
4622 "process using B<fork>(2). A process can obtain its PPID using "
4623 "B<getppid>(2). A PPID is represented using the type I<pid_t>."
4627 #: build/C/man7/credentials.7:76
4628 msgid "A process's PPID is preserved across an B<execve>(2)."
4632 #: build/C/man7/credentials.7:76
4634 msgid "Process group ID and session ID"
4638 #: build/C/man7/credentials.7:84
4640 "Each process has a session ID and a process group ID, both represented using "
4641 "the type I<pid_t>. A process can obtain its session ID using B<getsid>(2), "
4642 "and its process group ID using B<getpgrp>(2)."
4646 #: build/C/man7/credentials.7:90
4648 "A child created by B<fork>(2) inherits its parent's session ID and process "
4649 "group ID. A process's session ID and process group ID are preserved across "
4654 #: build/C/man7/credentials.7:103
4656 "Sessions and process groups are abstractions devised to support shell job "
4657 "control. A process group (sometimes called a \"job\") is a collection of "
4658 "processes that share the same process group ID; the shell creates a new "
4659 "process group for the process(es) used to execute single command or pipeline "
4660 "(e.g., the two processes created to execute the command \"ls\\ |\\ wc\" are "
4661 "placed in the same process group). A process's group membership can be set "
4662 "using B<setpgid>(2). The process whose process ID is the same as its "
4663 "process group ID is the I<process group leader> for that group."
4667 #: build/C/man7/credentials.7:115
4669 "A session is a collection of processes that share the same session ID. All "
4670 "of the members of a process group also have the same session ID (i.e., all "
4671 "of the members of a process group always belong to the same session, so that "
4672 "sessions and process groups form a strict two-level hierarchy of processes.) "
4673 "A new session is created when a process calls B<setsid>(2), which creates a "
4674 "new session whose session ID is the same as the PID of the process that "
4675 "called B<setsid>(2). The creator of the session is called the I<session "
4680 #: build/C/man7/credentials.7:115
4682 msgid "User and group identifiers"
4686 #: build/C/man7/credentials.7:123
4688 "Each process has various associated user and groups IDs. These IDs are "
4689 "integers, respectively represented using the types I<uid_t> and I<gid_t> "
4690 "(defined in I<E<lt>sys/types.hE<gt>>)."
4694 #: build/C/man7/credentials.7:125
4695 msgid "On Linux, each process has the following user and group identifiers:"
4699 #: build/C/man7/credentials.7:131
4701 "Real user ID and real group ID. These IDs determine who owns the process. "
4702 "A process can obtain its real user (group) ID using B<getuid>(2) "
4707 #: build/C/man7/credentials.7:143
4709 "Effective user ID and effective group ID. These IDs are used by the kernel "
4710 "to determine the permissions that the process will have when accessing "
4711 "shared resources such as message queues, shared memory, and semaphores. On "
4712 "most UNIX systems, these IDs also determine the permissions when accessing "
4713 "files. However, Linux uses the file system IDs described below for this "
4714 "task. A process can obtain its effective user (group) ID using "
4715 "B<geteuid>(2) (B<getegid>(2))."
4719 #: build/C/man7/credentials.7:165
4721 "Saved set-user-ID and saved set-group-ID. These IDs are used in set-user-ID "
4722 "and set-group-ID programs to save a copy of the corresponding effective IDs "
4723 "that were set when the program was executed (see B<execve>(2)). A "
4724 "set-user-ID program can assume and drop privileges by switching its "
4725 "effective user ID back and forth between the values in its real user ID and "
4726 "saved set-user-ID. This switching is done via calls to B<seteuid>(2), "
4727 "B<setreuid>(2), or B<setresuid>(2). A set-group-ID program performs the "
4728 "analogous tasks using B<setegid>(2), B<setregid>(2), or B<setresgid>(2). A "
4729 "process can obtain its saved set-user-ID (set-group-ID) using "
4730 "B<getresuid>(2) (B<getresgid>(2))."
4734 #: build/C/man7/credentials.7:182
4736 "File system user ID and file system group ID (Linux-specific). These IDs, "
4737 "in conjunction with the supplementary group IDs described below, are used to "
4738 "determine permissions for accessing files; see B<path_resolution>(7) for "
4739 "details. Whenever a process's effective user (group) ID is changed, the "
4740 "kernel also automatically changes the file system user (group) ID to the "
4741 "same value. Consequently, the file system IDs normally have the same values "
4742 "as the corresponding effective ID, and the semantics for file-permission "
4743 "checks are thus the same on Linux as on other UNIX systems. The file system "
4744 "IDs can be made to differ from the effective IDs by calling B<setfsuid>(2) "
4745 "and B<setfsgid>(2)."
4748 #. Since kernel 2.6.4, the limit is visible via the read-only file
4749 #. /proc/sys/kernel/ngroups_max.
4750 #. As at 2.6.22-rc2, this file is still read-only.
4752 #: build/C/man7/credentials.7:201
4754 "Supplementary group IDs. This is a set of additional group IDs that are "
4755 "used for permission checks when accessing files and other shared resources. "
4756 "On Linux kernels before 2.6.4, a process can be a member of up to 32 "
4757 "supplementary groups; since kernel 2.6.4, a process can be a member of up to "
4758 "65536 supplementary groups. The call I<sysconf(_SC_NGROUPS_MAX)> can be "
4759 "used to determine the number of supplementary groups of which a process may "
4760 "be a member. A process can obtain its set of supplementary group IDs using "
4761 "B<getgroups>(2), and can modify the set using B<setgroups>(2)."
4765 #: build/C/man7/credentials.7:211
4767 "A child process created by B<fork>(2) inherits copies of its parent's user "
4768 "and groups IDs. During an B<execve>(2), a process's real user and group ID "
4769 "and supplementary group IDs are preserved; the effective and saved set IDs "
4770 "may be changed, as described in B<execve>(2)."
4774 #: build/C/man7/credentials.7:214
4776 "Aside from the purposes noted above, a process's user IDs are also employed "
4777 "in a number of other contexts:"
4781 #: build/C/man7/credentials.7:217
4782 msgid "when determining the permissions for sending signals\\(emsee B<kill>(2);"
4786 #: build/C/man7/credentials.7:227
4788 "when determining the permissions for setting process-scheduling parameters "
4789 "(nice value, real time scheduling policy and priority, CPU affinity, I/O "
4790 "priority) using B<setpriority>(2), B<sched_setaffinity>(2), "
4791 "B<sched_setscheduler>(2), B<sched_setparam>(2), and B<ioprio_set>(2);"
4795 #: build/C/man7/credentials.7:230
4796 msgid "when checking resource limits; see B<getrlimit>(2);"
4800 #: build/C/man7/credentials.7:234
4802 "when checking the limit on the number of inotify instances that the process "
4803 "may create; see B<inotify>(7)."
4807 #: build/C/man7/credentials.7:240
4809 "Process IDs, parent process IDs, process group IDs, and session IDs are "
4810 "specified in POSIX.1-2001. The real, effective, and saved set user and "
4811 "groups IDs, and the supplementary group IDs, are specified in POSIX.1-2001. "
4812 "The file system user and group IDs are a Linux extension."
4816 #: build/C/man7/credentials.7:251
4818 "The POSIX threads specification requires that credentials are shared by all "
4819 "of the threads in a process. However, at the kernel level, Linux maintains "
4820 "separate user and group credentials for each thread. The NPTL threading "
4821 "implementation does some work to ensure that any change to user or group "
4822 "credentials (e.g., calls to B<setuid>(2), B<setresuid>(2)) is carried "
4823 "through to all of the POSIX threads in a process."
4827 #: build/C/man7/credentials.7:282
4829 "B<bash>(1), B<csh>(1), B<ps>(1), B<access>(2), B<execve>(2), "
4830 "B<faccessat>(2), B<fork>(2), B<getpgrp>(2), B<getpid>(2), B<getppid>(2), "
4831 "B<getsid>(2), B<kill>(2), B<killpg>(2), B<setegid>(2), B<seteuid>(2), "
4832 "B<setfsgid>(2), B<setfsuid>(2), B<setgid>(2), B<setgroups>(2), "
4833 "B<setresgid>(2), B<setresuid>(2), B<setuid>(2), B<waitpid>(2), "
4834 "B<euidaccess>(3), B<initgroups>(3), B<tcgetpgrp>(3), B<tcsetpgrp>(3), "
4835 "B<capabilities>(7), B<path_resolution>(7), B<unix>(7)"
4839 #: build/C/man2/getgid.2:25
4845 #: build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getresuid.2:28 build/C/man2/getuid.2:26 build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setuid.2:30
4851 #: build/C/man2/getgid.2:28
4852 msgid "getgid, getegid - get group identity"
4856 #: build/C/man2/getgid.2:30 build/C/man2/getgroups.2:38 build/C/man2/getpid.2:32 build/C/man2/getresuid.2:35 build/C/man2/getsid.2:31 build/C/man2/getuid.2:31 build/C/man2/seteuid.2:36 build/C/man2/setgid.2:36 build/C/man2/setpgid.2:53 build/C/man2/setresuid.2:33 build/C/man2/setreuid.2:52 build/C/man2/setsid.2:36 build/C/man2/setuid.2:37
4857 msgid "B<#include E<lt>unistd.hE<gt>>"
4861 #: build/C/man2/getgid.2:32 build/C/man2/getgroups.2:36 build/C/man2/getpid.2:30 build/C/man2/getuid.2:33 build/C/man2/seteuid.2:34 build/C/man2/setgid.2:34 build/C/man2/setreuid.2:50 build/C/man2/setuid.2:35
4862 msgid "B<#include E<lt>sys/types.hE<gt>>"
4866 #: build/C/man2/getgid.2:34
4867 msgid "B<gid_t getgid(void);>"
4871 #: build/C/man2/getgid.2:36
4872 msgid "B<gid_t getegid(void);>"
4876 #: build/C/man2/getgid.2:39
4877 msgid "B<getgid>() returns the real group ID of the calling process."
4881 #: build/C/man2/getgid.2:42
4882 msgid "B<getegid>() returns the effective group ID of the calling process."
4886 #: build/C/man2/getgid.2:44 build/C/man2/getpid.2:46 build/C/man2/getuid.2:45
4887 msgid "These functions are always successful."
4891 #: build/C/man2/getgid.2:46 build/C/man2/getuid.2:47
4892 msgid "POSIX.1-2001, 4.3BSD."
4896 #: build/C/man2/getgid.2:62
4898 "The original Linux B<getgid>() and B<getegid>() system calls supported "
4899 "only 16-bit group IDs. Subsequently, Linux 2.4 added B<getgid32>() and "
4900 "B<getegid32>(), supporting 32-bit IDs. The glibc B<getgid>() and "
4901 "B<getegid>() wrapper functions transparently deal with the variations "
4902 "across kernel versions."
4906 #: build/C/man2/getgid.2:67
4907 msgid "B<getresgid>(2), B<setgid>(2), B<setregid>(2), B<credentials>(7)"
4911 #: build/C/man2/getgroups.2:31
4917 #: build/C/man2/getgroups.2:34
4918 msgid "getgroups, setgroups - get/set list of supplementary group IDs"
4922 #: build/C/man2/getgroups.2:40
4923 msgid "B<int getgroups(int >I<size>B<, gid_t >I<list>B<[]);>"
4927 #: build/C/man2/getgroups.2:42
4928 msgid "B<#include E<lt>grp.hE<gt>>"
4932 #: build/C/man2/getgroups.2:44
4933 msgid "B<int setgroups(size_t >I<size>B<, const gid_t *>I<list>B<);>"
4937 #: build/C/man2/getgroups.2:52
4938 msgid "B<setgroups>(): _BSD_SOURCE"
4942 #: build/C/man2/getgroups.2:70
4944 "B<getgroups>() returns the supplementary group IDs of the calling process "
4945 "in I<list>. The argument I<size> should be set to the maximum number of "
4946 "items that can be stored in the buffer pointed to by I<list>. If the "
4947 "calling process is a member of more than I<size> supplementary groups, then "
4948 "an error results. It is unspecified whether the effective group ID of the "
4949 "calling process is included in the returned list. (Thus, an application "
4950 "should also call B<getegid>(2) and add or remove the resulting value.)"
4954 #: build/C/man2/getgroups.2:81
4956 "If I<size> is zero, I<list> is not modified, but the total number of "
4957 "supplementary group IDs for the process is returned. This allows the caller "
4958 "to determine the size of a dynamically allocated I<list> to be used in a "
4959 "further call to B<getgroups>()."
4963 #: build/C/man2/getgroups.2:92
4965 "B<setgroups>() sets the supplementary group IDs for the calling process. "
4966 "Appropriate privileges (Linux: the B<CAP_SETGID> capability) are required. "
4967 "The I<size> argument specifies the number of supplementary group IDs in the "
4968 "buffer pointed to by I<list>."
4972 #: build/C/man2/getgroups.2:99
4974 "On success, B<getgroups>() returns the number of supplementary group IDs. "
4975 "On error, -1 is returned, and I<errno> is set appropriately."
4979 #: build/C/man2/getgroups.2:106
4981 "On success, B<setgroups>() returns 0. On error, -1 is returned, and "
4982 "I<errno> is set appropriately."
4986 #: build/C/man2/getgroups.2:111
4987 msgid "I<list> has an invalid address."
4991 #: build/C/man2/getgroups.2:114
4992 msgid "B<getgroups>() can additionally fail with the following error:"
4996 #: build/C/man2/getgroups.2:118
4997 msgid "I<size> is less than the number of supplementary group IDs, but is not zero."
5001 #: build/C/man2/getgroups.2:121
5002 msgid "B<setgroups>() can additionally fail with the following errors:"
5006 #: build/C/man2/getgroups.2:127
5008 "I<size> is greater than B<NGROUPS_MAX> (32 before Linux 2.6.4; 65536 since "
5013 #: build/C/man2/getgroups.2:133
5014 msgid "The calling process has insufficient privilege."
5018 #: build/C/man2/getgroups.2:141
5020 "SVr4, 4.3BSD. The B<getgroups>() function is in POSIX.1-2001. Since "
5021 "B<setgroups>() requires privilege, it is not covered by POSIX.1-2001."
5025 #: build/C/man2/getgroups.2:149
5027 "A process can have up to B<NGROUPS_MAX> supplementary group IDs in addition "
5028 "to the effective group ID. The set of supplementary group IDs is inherited "
5029 "from the parent process, and preserved across an B<execve>(2)."
5033 #: build/C/man2/getgroups.2:152
5035 "The maximum number of supplementary group IDs can be found using "
5040 #: build/C/man2/getgroups.2:156
5043 " long ngroups_max;\n"
5044 " ngroups_max = sysconf(_SC_NGROUPS_MAX);\n"
5048 #: build/C/man2/getgroups.2:161
5050 "The maximum return value of B<getgroups>() cannot be larger than one more "
5055 #: build/C/man2/getgroups.2:171
5057 "The original Linux B<getgroups>() system call supported only 16-bit group "
5058 "IDs. Subsequently, Linux 2.4 added B<getgroups32>(), supporting 32-bit "
5059 "IDs. The glibc B<getgroups>() wrapper function transparently deals with "
5060 "the variation across kernel versions."
5064 #: build/C/man2/getgroups.2:178
5066 "B<getgid>(2), B<setgid>(2), B<getgrouplist>(3), B<initgroups>(3), "
5067 "B<capabilities>(7), B<credentials>(7)"
5071 #: build/C/man2/getpid.2:25
5077 #: build/C/man2/getpid.2:25
5083 #: build/C/man2/getpid.2:28
5084 msgid "getpid, getppid - get process identification"
5088 #: build/C/man2/getpid.2:34
5089 msgid "B<pid_t getpid(void);>"
5093 #: build/C/man2/getpid.2:36
5094 msgid "B<pid_t getppid(void);>"
5098 #: build/C/man2/getpid.2:41
5100 "B<getpid>() returns the process ID of the calling process. (This is often "
5101 "used by routines that generate unique temporary filenames.)"
5105 #: build/C/man2/getpid.2:44
5106 msgid "B<getppid>() returns the process ID of the parent of the calling process."
5110 #: build/C/man2/getpid.2:48
5111 msgid "POSIX.1-2001, 4.3BSD, SVr4."
5114 #. The following program demonstrates this "feature":
5116 #. #define _GNU_SOURCE
5117 #. #include <sys/syscall.h>
5118 #. #include <sys/wait.h>
5119 #. #include <stdio.h>
5120 #. #include <stdlib.h>
5121 #. #include <unistd.h>
5124 #. main(int argc, char *argv[])
5126 #. /* The following statement fills the getpid() cache */
5128 #. printf("parent PID = %ld
5129 #. ", (long) getpid());
5131 #. if (syscall(SYS_fork) == 0) {
5132 #. if (getpid() != syscall(SYS_getpid))
5133 #. printf("child getpid() mismatch: getpid()=%ld; "
5134 #. "syscall(SYS_getpid)=%ld
5136 #. (long) getpid(), (long) syscall(SYS_getpid));
5137 #. exit(EXIT_SUCCESS);
5142 #: build/C/man2/getpid.2:100
5144 "Since glibc version 2.3.4, the glibc wrapper function for B<getpid>() "
5145 "caches PIDs, so as to avoid additional system calls when a process calls "
5146 "B<getpid>() repeatedly. Normally this caching is invisible, but its "
5147 "correct operation relies on support in the wrapper functions for B<fork>(2), "
5148 "B<vfork>(2), and B<clone>(2): if an application bypasses the glibc wrappers "
5149 "for these system calls by using B<syscall>(2), then a call to B<getpid>() "
5150 "in the child will return the wrong value (to be precise: it will return the "
5151 "PID of the parent process). See also B<clone>(2) for discussion of a case "
5152 "where B<getpid>() may return the wrong value even when invoking B<clone>(2) "
5153 "via the glibc wrapper function."
5157 #: build/C/man2/getpid.2:110
5159 "B<clone>(2), B<fork>(2), B<kill>(2), B<exec>(3), B<mkstemp>(3), "
5160 "B<tempnam>(3), B<tmpfile>(3), B<tmpnam>(3), B<credentials>(7)"
5164 #: build/C/man2/getpriority.2:48
5170 #: build/C/man2/getpriority.2:51
5171 msgid "getpriority, setpriority - get/set program scheduling priority"
5175 #: build/C/man2/getpriority.2:53 build/C/man2/getrlimit.2:69 build/C/man2/getrusage.2:44
5176 msgid "B<#include E<lt>sys/time.hE<gt>>"
5180 #: build/C/man2/getpriority.2:55 build/C/man2/getrlimit.2:71 build/C/man2/getrusage.2:46
5181 msgid "B<#include E<lt>sys/resource.hE<gt>>"
5185 #: build/C/man2/getpriority.2:57
5186 msgid "B<int getpriority(int >I<which>B<, int >I<who>B<);>"
5190 #: build/C/man2/getpriority.2:59
5191 msgid "B<int setpriority(int >I<which>B<, int >I<who>B<, int >I<prio>B<);>"
5195 #: build/C/man2/getpriority.2:70
5197 "The scheduling priority of the process, process group, or user, as indicated "
5198 "by I<which> and I<who> is obtained with the B<getpriority>() call and set "
5199 "with the B<setpriority>() call."
5203 #: build/C/man2/getpriority.2:97
5205 "The value I<which> is one of B<PRIO_PROCESS>, B<PRIO_PGRP>, or B<PRIO_USER>, "
5206 "and I<who> is interpreted relative to I<which> (a process identifier for "
5207 "B<PRIO_PROCESS>, process group identifier for B<PRIO_PGRP>, and a user ID "
5208 "for B<PRIO_USER>). A zero value for I<who> denotes (respectively) the "
5209 "calling process, the process group of the calling process, or the real user "
5210 "ID of the calling process. I<Prio> is a value in the range -20 to 19 (but "
5211 "see the Notes below). The default priority is 0; lower priorities cause "
5212 "more favorable scheduling."
5216 #: build/C/man2/getpriority.2:107
5218 "The B<getpriority>() call returns the highest priority (lowest numerical "
5219 "value) enjoyed by any of the specified processes. The B<setpriority>() "
5220 "call sets the priorities of all of the specified processes to the specified "
5221 "value. Only the superuser may lower priorities."
5225 #: build/C/man2/getpriority.2:120
5227 "Since B<getpriority>() can legitimately return the value -1, it is "
5228 "necessary to clear the external variable I<errno> prior to the call, then "
5229 "check it afterward to determine if -1 is an error or a legitimate value. "
5230 "The B<setpriority>() call returns 0 if there is no error, or -1 if there "
5235 #: build/C/man2/getpriority.2:129
5236 msgid "I<which> was not one of B<PRIO_PROCESS>, B<PRIO_PGRP>, or B<PRIO_USER>."
5240 #: build/C/man2/getpriority.2:136
5241 msgid "No process was located using the I<which> and I<who> values specified."
5245 #: build/C/man2/getpriority.2:140
5246 msgid "In addition to the errors indicated above, B<setpriority>() may fail if:"
5250 #: build/C/man2/getpriority.2:152
5252 "The caller attempted to lower a process priority, but did not have the "
5253 "required privilege (on Linux: did not have the B<CAP_SYS_NICE> capability). "
5254 "Since Linux 2.6.12, this error occurs only if the caller attempts to set a "
5255 "process priority outside the range of the B<RLIMIT_NICE> soft resource limit "
5256 "of the target process; see B<getrlimit>(2) for details."
5260 #: build/C/man2/getpriority.2:160
5262 "A process was located, but its effective user ID did not match either the "
5263 "effective or the real user ID of the caller, and was not privileged (on "
5264 "Linux: did not have the B<CAP_SYS_NICE> capability). But see NOTES below."
5268 #: build/C/man2/getpriority.2:163
5269 msgid "SVr4, 4.4BSD (these function calls first appeared in 4.2BSD), POSIX.1-2001."
5273 #: build/C/man2/getpriority.2:169
5275 "A child created by B<fork>(2) inherits its parent's nice value. The nice "
5276 "value is preserved across B<execve>(2)."
5280 #: build/C/man2/getpriority.2:180
5282 "The degree to which their relative nice value affects the scheduling of "
5283 "processes varies across UNIX systems, and, on Linux, across kernel "
5284 "versions. Starting with kernel 2.6.23, Linux adopted an algorithm that "
5285 "causes relative differences in nice values to have a much stronger effect. "
5286 "This causes very low nice values (+19) to truly provide little CPU to a "
5287 "process whenever there is any other higher priority load on the system, and "
5288 "makes high nice values (-20) deliver most of the CPU to applications that "
5289 "require it (e.g., some audio applications)."
5293 #: build/C/man2/getpriority.2:195
5295 "The details on the condition for B<EPERM> depend on the system. The above "
5296 "description is what POSIX.1-2001 says, and seems to be followed on all "
5297 "System V-like systems. Linux kernels before 2.6.12 required the real or "
5298 "effective user ID of the caller to match the real user of the process I<who> "
5299 "(instead of its effective user ID). Linux 2.6.12 and later require the "
5300 "effective user ID of the caller to match the real or effective user ID of "
5301 "the process I<who>. All BSD-like systems (SunOS 4.1.3, Ultrix 4.2, 4.3BSD, "
5302 "FreeBSD 4.3, OpenBSD-2.5, ...) behave in the same manner as Linux 2.6.12 and "
5307 #: build/C/man2/getpriority.2:211
5309 "The actual priority range varies between kernel versions. Linux before "
5310 "1.3.36 had -infinity..15. Since kernel 1.3.43, Linux has the range "
5311 "-20..19. Within the kernel, nice values are actually represented using the "
5312 "corresponding range 40..1 (since negative numbers are error codes) and these "
5313 "are the values employed by the B<setpriority>() and B<getpriority>() "
5314 "system calls. The glibc wrapper functions for these system calls handle the "
5315 "translations between the user-land and kernel representations of the nice "
5316 "value according to the formula I<unice\\ =\\ 20\\ -\\ knice>."
5320 #: build/C/man2/getpriority.2:213
5321 msgid "On some systems, the range of nice values is -20..20."
5325 #: build/C/man2/getpriority.2:225
5327 "Including I<E<lt>sys/time.hE<gt>> is not required these days, but increases "
5328 "portability. (Indeed, I<E<lt>sys/resource.hE<gt>> defines the I<rusage> "
5329 "structure with fields of type I<struct timeval> defined in "
5330 "I<E<lt>sys/time.hE<gt>>.)"
5334 #: build/C/man2/getpriority.2:232
5336 "According to POSIX, the nice value is a per-process setting. However, under "
5337 "the current Linux/NPTL implementation of POSIX threads, the nice value is a "
5338 "per-thread attribute: different threads in the same process can have "
5339 "different nice values. Portable applications should avoid relying on the "
5340 "Linux behavior, which may be made standards conformant in the future."
5344 #: build/C/man2/getpriority.2:237
5345 msgid "B<nice>(1), B<renice>(1), B<fork>(2), B<capabilities>(7)"
5349 #: build/C/man2/getpriority.2:240
5351 "I<Documentation/scheduler/sched-nice-design.txt> in the Linux kernel source "
5352 "tree (since Linux 2.6.23)"
5356 #: build/C/man2/getresuid.2:28
5362 #: build/C/man2/getresuid.2:31
5363 msgid "getresuid, getresgid - get real, effective and saved user/group IDs"
5367 #: build/C/man2/getresuid.2:33 build/C/man2/setresuid.2:31
5368 msgid "B<#define _GNU_SOURCE> /* See feature_test_macros(7) */"
5372 #: build/C/man2/getresuid.2:37
5373 msgid "B<int getresuid(uid_t *>I<ruid>B<, uid_t *>I<euid>B<, uid_t *>I<suid>B<);>"
5377 #: build/C/man2/getresuid.2:39
5378 msgid "B<int getresgid(gid_t *>I<rgid>B<, gid_t *>I<egid>B<, gid_t *>I<sgid>B<);>"
5382 #: build/C/man2/getresuid.2:50
5384 "B<getresuid>() returns the real UID, the effective UID, and the saved "
5385 "set-user-ID of the calling process, in the arguments I<ruid>, I<euid>, and "
5386 "I<suid>, respectively. B<getresgid>() performs the analogous task for the "
5387 "process's group IDs."
5391 #: build/C/man2/getresuid.2:60
5393 "One of the arguments specified an address outside the calling program's "
5398 #: build/C/man2/getresuid.2:62
5399 msgid "These system calls appeared on Linux starting with kernel 2.1.44."
5403 #: build/C/man2/getresuid.2:67
5405 "The prototypes are given by glibc since version 2.3.2, provided "
5406 "B<_GNU_SOURCE> is defined."
5410 #: build/C/man2/getresuid.2:70 build/C/man2/setresuid.2:86
5411 msgid "These calls are nonstandard; they also appear on HP-UX and some of the BSDs."
5415 #: build/C/man2/getresuid.2:86
5417 "The original Linux B<getresuid>() and B<getresgid>() system calls "
5418 "supported only 16-bit user and group IDs. Subsequently, Linux 2.4 added "
5419 "B<getresuid32>() and B<getresgid32>(), supporting 32-bit IDs. The glibc "
5420 "B<getresuid>() and B<getresgid>() wrapper functions transparently deal "
5421 "with the variations across kernel versions."
5425 #: build/C/man2/getresuid.2:92
5427 "B<getuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), "
5432 #: build/C/man2/getrlimit.2:64
5438 #: build/C/man2/getrlimit.2:64 build/C/man2/setsid.2:30
5444 #: build/C/man2/getrlimit.2:67
5445 msgid "getrlimit, setrlimit, prlimit - get/set resource limits"
5449 #: build/C/man2/getrlimit.2:73
5450 msgid "B<int getrlimit(int >I<resource>B<, struct rlimit *>I<rlim>B<);>"
5454 #: build/C/man2/getrlimit.2:75
5455 msgid "B<int setrlimit(int >I<resource>B<, const struct rlimit *>I<rlim>B<);>"
5459 #: build/C/man2/getrlimit.2:78
5461 "B<int prlimit(pid_t >I<pid>B<, int >I<resource>B<, const struct rlimit "
5462 "*>I<new_limit>B<,>"
5466 #: build/C/man2/getrlimit.2:80
5467 msgid "B< struct rlimit *>I<old_limit>B<);>"
5471 #: build/C/man2/getrlimit.2:88
5472 msgid "B<prlimit>(): _GNU_SOURCE && _FILE_OFFSET_BITS == 64"
5476 #: build/C/man2/getrlimit.2:97
5478 "The B<getrlimit>() and B<setrlimit>() system calls get and set resource "
5479 "limits respectively. Each resource has an associated soft and hard limit, "
5480 "as defined by the I<rlimit> structure:"
5484 #: build/C/man2/getrlimit.2:104
5488 " rlim_t rlim_cur; /* Soft limit */\n"
5489 " rlim_t rlim_max; /* Hard limit (ceiling for rlim_cur) */\n"
5494 #: build/C/man2/getrlimit.2:115
5496 "The soft limit is the value that the kernel enforces for the corresponding "
5497 "resource. The hard limit acts as a ceiling for the soft limit: an "
5498 "unprivileged process may set only its soft limit to a value in the range "
5499 "from 0 up to the hard limit, and (irreversibly) lower its hard limit. A "
5500 "privileged process (under Linux: one with the B<CAP_SYS_RESOURCE> "
5501 "capability) may make arbitrary changes to either limit value."
5505 #: build/C/man2/getrlimit.2:122
5507 "The value B<RLIM_INFINITY> denotes no limit on a resource (both in the "
5508 "structure returned by B<getrlimit>() and in the structure passed to "
5513 #: build/C/man2/getrlimit.2:126
5514 msgid "The I<resource> argument must be one of:"
5518 #: build/C/man2/getrlimit.2:126
5520 msgid "B<RLIMIT_AS>"
5523 #. since 2.0.27 / 2.1.12
5525 #: build/C/man2/getrlimit.2:146
5527 "The maximum size of the process's virtual memory (address space) in bytes. "
5528 "This limit affects calls to B<brk>(2), B<mmap>(2) and B<mremap>(2), which "
5529 "fail with the error B<ENOMEM> upon exceeding this limit. Also automatic "
5530 "stack expansion will fail (and generate a B<SIGSEGV> that kills the process "
5531 "if no alternate stack has been made available via B<sigaltstack>(2)). Since "
5532 "the value is a I<long>, on machines with a 32-bit I<long> either this limit "
5533 "is at most 2 GiB, or this resource is unlimited."
5537 #: build/C/man2/getrlimit.2:146
5539 msgid "B<RLIMIT_CORE>"
5543 #: build/C/man2/getrlimit.2:153
5545 "Maximum size of I<core> file. When 0 no core dump files are created. When "
5546 "nonzero, larger dumps are truncated to this size."
5550 #: build/C/man2/getrlimit.2:153
5552 msgid "B<RLIMIT_CPU>"
5556 #: build/C/man2/getrlimit.2:173
5558 "CPU time limit in seconds. When the process reaches the soft limit, it is "
5559 "sent a B<SIGXCPU> signal. The default action for this signal is to "
5560 "terminate the process. However, the signal can be caught, and the handler "
5561 "can return control to the main program. If the process continues to consume "
5562 "CPU time, it will be sent B<SIGXCPU> once per second until the hard limit is "
5563 "reached, at which time it is sent B<SIGKILL>. (This latter point describes "
5564 "Linux behavior. Implementations vary in how they treat processes which "
5565 "continue to consume CPU time after reaching the soft limit. Portable "
5566 "applications that need to catch this signal should perform an orderly "
5567 "termination upon first receipt of B<SIGXCPU>.)"
5571 #: build/C/man2/getrlimit.2:173
5573 msgid "B<RLIMIT_DATA>"
5577 #: build/C/man2/getrlimit.2:184
5579 "The maximum size of the process's data segment (initialized data, "
5580 "uninitialized data, and heap). This limit affects calls to B<brk>(2) and "
5581 "B<sbrk>(2), which fail with the error B<ENOMEM> upon encountering the soft "
5582 "limit of this resource."
5586 #: build/C/man2/getrlimit.2:184
5588 msgid "B<RLIMIT_FSIZE>"
5592 #: build/C/man2/getrlimit.2:196
5594 "The maximum size of files that the process may create. Attempts to extend a "
5595 "file beyond this limit result in delivery of a B<SIGXFSZ> signal. By "
5596 "default, this signal terminates a process, but a process can catch this "
5597 "signal instead, in which case the relevant system call (e.g., B<write>(2), "
5598 "B<truncate>(2)) fails with the error B<EFBIG>."
5602 #: build/C/man2/getrlimit.2:196
5604 msgid "B<RLIMIT_LOCKS> (Early Linux 2.4 only)"
5607 #. to be precise: Linux 2.4.0-test9; no longer in 2.4.25 / 2.5.65
5609 #: build/C/man2/getrlimit.2:204
5611 "A limit on the combined number of B<flock>(2) locks and B<fcntl>(2) leases "
5612 "that this process may establish."
5616 #: build/C/man2/getrlimit.2:204
5618 msgid "B<RLIMIT_MEMLOCK>"
5622 #: build/C/man2/getrlimit.2:242
5624 "The maximum number of bytes of memory that may be locked into RAM. In "
5625 "effect this limit is rounded down to the nearest multiple of the system page "
5626 "size. This limit affects B<mlock>(2) and B<mlockall>(2) and the "
5627 "B<mmap>(2) B<MAP_LOCKED> operation. Since Linux 2.6.9 it also affects the "
5628 "B<shmctl>(2) B<SHM_LOCK> operation, where it sets a maximum on the total "
5629 "bytes in shared memory segments (see B<shmget>(2)) that may be locked by "
5630 "the real user ID of the calling process. The B<shmctl>(2) B<SHM_LOCK> "
5631 "locks are accounted for separately from the per-process memory locks "
5632 "established by B<mlock>(2), B<mlockall>(2), and B<mmap>(2) B<MAP_LOCKED>; a "
5633 "process can lock bytes up to this limit in each of these two categories. In "
5634 "Linux kernels before 2.6.9, this limit controlled the amount of memory that "
5635 "could be locked by a privileged process. Since Linux 2.6.9, no limits are "
5636 "placed on the amount of memory that a privileged process may lock, and this "
5637 "limit instead governs the amount of memory that an unprivileged process may "
5642 #: build/C/man2/getrlimit.2:242
5644 msgid "B<RLIMIT_MSGQUEUE> (Since Linux 2.6.8)"
5648 #: build/C/man2/getrlimit.2:250
5650 "Specifies the limit on the number of bytes that can be allocated for POSIX "
5651 "message queues for the real user ID of the calling process. This limit is "
5652 "enforced for B<mq_open>(3). Each message queue that the user creates counts "
5653 "(until it is removed) against this limit according to the formula:"
5657 #: build/C/man2/getrlimit.2:254
5660 " bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) +\n"
5661 " attr.mq_maxmsg * attr.mq_msgsize\n"
5665 #: build/C/man2/getrlimit.2:262
5667 "where I<attr> is the I<mq_attr> structure specified as the fourth argument "
5672 #: build/C/man2/getrlimit.2:268
5674 "The first addend in the formula, which includes I<sizeof(struct msg_msg *)> "
5675 "(4 bytes on Linux/i386), ensures that the user cannot create an unlimited "
5676 "number of zero-length messages (such messages nevertheless each consume some "
5677 "system memory for bookkeeping overhead)."
5681 #: build/C/man2/getrlimit.2:268
5683 msgid "B<RLIMIT_NICE> (since Linux 2.6.12, but see BUGS below)"
5687 #: build/C/man2/getrlimit.2:281
5689 "Specifies a ceiling to which the process's nice value can be raised using "
5690 "B<setpriority>(2) or B<nice>(2). The actual ceiling for the nice value is "
5691 "calculated as I<20\\ -\\ rlim_cur>. (This strangeness occurs because "
5692 "negative numbers cannot be specified as resource limit values, since they "
5693 "typically have special meanings. For example, B<RLIM_INFINITY> typically is "
5698 #: build/C/man2/getrlimit.2:281
5700 msgid "B<RLIMIT_NOFILE>"
5704 #: build/C/man2/getrlimit.2:295
5706 "Specifies a value one greater than the maximum file descriptor number that "
5707 "can be opened by this process. Attempts (B<open>(2), B<pipe>(2), B<dup>(2), "
5708 "etc.) to exceed this limit yield the error B<EMFILE>. (Historically, this "
5709 "limit was named B<RLIMIT_OFILE> on BSD.)"
5713 #: build/C/man2/getrlimit.2:295
5715 msgid "B<RLIMIT_NPROC>"
5719 #: build/C/man2/getrlimit.2:303
5721 "The maximum number of processes (or, more precisely on Linux, threads) that "
5722 "can be created for the real user ID of the calling process. Upon "
5723 "encountering this limit, B<fork>(2) fails with the error B<EAGAIN>."
5727 #: build/C/man2/getrlimit.2:303
5729 msgid "B<RLIMIT_RSS>"
5732 #. As at kernel 2.6.12, this limit still does nothing in 2.6 though
5733 #. talk of making it do something has surfaced from time to time in LKML
5736 #: build/C/man2/getrlimit.2:315
5738 "Specifies the limit (in pages) of the process's resident set (the number of "
5739 "virtual pages resident in RAM). This limit has effect only in Linux 2.4.x, "
5740 "x E<lt> 30, and there affects only calls to B<madvise>(2) specifying "
5745 #: build/C/man2/getrlimit.2:315
5747 msgid "B<RLIMIT_RTPRIO> (Since Linux 2.6.12, but see BUGS)"
5751 #: build/C/man2/getrlimit.2:322
5753 "Specifies a ceiling on the real-time priority that may be set for this "
5754 "process using B<sched_setscheduler>(2) and B<sched_setparam>(2)."
5758 #: build/C/man2/getrlimit.2:322
5760 msgid "B<RLIMIT_RTTIME> (Since Linux 2.6.25)"
5764 #: build/C/man2/getrlimit.2:334
5766 "Specifies a limit (in microseconds) on the amount of CPU time that a "
5767 "process scheduled under a real-time scheduling policy may consume without "
5768 "making a blocking system call. For the purpose of this limit, each time a "
5769 "process makes a blocking system call, the count of its consumed CPU time is "
5770 "reset to zero. The CPU time count is not reset if the process continues "
5771 "trying to use the CPU but is preempted, its time slice expires, or it calls "
5772 "B<sched_yield>(2)."
5776 #: build/C/man2/getrlimit.2:345
5778 "Upon reaching the soft limit, the process is sent a B<SIGXCPU> signal. If "
5779 "the process catches or ignores this signal and continues consuming CPU time, "
5780 "then B<SIGXCPU> will be generated once each second until the hard limit is "
5781 "reached, at which point the process is sent a B<SIGKILL> signal."
5785 #: build/C/man2/getrlimit.2:348
5787 "The intended use of this limit is to stop a runaway real-time process from "
5788 "locking up the system."
5792 #: build/C/man2/getrlimit.2:348
5794 msgid "B<RLIMIT_SIGPENDING> (Since Linux 2.6.8)"
5797 #. This replaces the /proc/sys/kernel/rtsig-max system-wide limit
5798 #. that was present in kernels <= 2.6.7. MTK Dec 04
5800 #: build/C/man2/getrlimit.2:362
5802 "Specifies the limit on the number of signals that may be queued for the real "
5803 "user ID of the calling process. Both standard and real-time signals are "
5804 "counted for the purpose of checking this limit. However, the limit is "
5805 "enforced only for B<sigqueue>(3); it is always possible to use B<kill>(2) "
5806 "to queue one instance of any of the signals that are not already queued to "
5811 #: build/C/man2/getrlimit.2:362
5813 msgid "B<RLIMIT_STACK>"
5817 #: build/C/man2/getrlimit.2:370
5819 "The maximum size of the process stack, in bytes. Upon reaching this limit, "
5820 "a B<SIGSEGV> signal is generated. To handle this signal, a process must "
5821 "employ an alternate signal stack (B<sigaltstack>(2))."
5825 #: build/C/man2/getrlimit.2:375
5827 "Since Linux 2.6.23, this limit also determines the amount of space used for "
5828 "the process's command-line arguments and environment variables; for details, "
5833 #: build/C/man2/getrlimit.2:375
5838 #. commit c022a0acad534fd5f5d5f17280f6d4d135e74e81
5839 #. Author: Jiri Slaby <jslaby@suse.cz>
5840 #. Date: Tue May 4 18:03:50 2010 +0200
5842 #: build/C/man2/getrlimit.2:386
5844 "The Linux-specific B<prlimit>() system call combines and extends the "
5845 "functionality of B<setrlimit>() and B<getrlimit>(). It can be used to both "
5846 "set and get the resource limits of an arbitrary process."
5850 #: build/C/man2/getrlimit.2:393
5852 "The I<resource> argument has the same meaning as for B<setrlimit>() and "
5857 #: build/C/man2/getrlimit.2:411
5859 "If the I<new_limit> argument is a not NULL, then the I<rlimit> structure to "
5860 "which it points is used to set new values for the soft and hard limits for "
5861 "I<resource>. If the I<old_limit> argument is a not NULL, then a successful "
5862 "call to B<prlimit>() places the previous soft and hard limits for "
5863 "I<resource> in the I<rlimit> structure pointed to by I<old_limit>."
5866 #. FIXME this permission check is strange
5867 #. Asked about this on LKML, 7 Nov 2010
5868 #. "Inconsistent credential checking in prlimit() syscall"
5870 #: build/C/man2/getrlimit.2:430
5872 "The I<pid> argument specifies the ID of the process on which the call is to "
5873 "operate. If I<pid> is 0, then the call applies to the calling process. To "
5874 "set or get the resources of a process other than itself, the caller must "
5875 "have the B<CAP_SYS_RESOURCE> capability, or the real, effective, and saved "
5876 "set user IDs of the target process must match the real user ID of the caller "
5877 "I<and> the real, effective, and saved set group IDs of the target process "
5878 "must match the real group ID of the caller."
5882 #: build/C/man2/getrlimit.2:435
5884 "On success, these system calls return 0. On error, -1 is returned, and "
5885 "I<errno> is set appropriately."
5889 #: build/C/man2/getrlimit.2:440
5891 "A pointer argument points to a location outside the accessible address "
5896 #: build/C/man2/getrlimit.2:452
5898 "The value specified in I<resource> is not valid; or, for B<setrlimit>() or "
5899 "B<prlimit>(): I<rlim-E<gt>rlim_cur> was greater than I<rlim-E<gt>rlim_max>."
5903 #: build/C/man2/getrlimit.2:464
5905 "An unprivileged process tried to raise the hard limit; the "
5906 "B<CAP_SYS_RESOURCE> capability is required to do this. Or, the caller tried "
5907 "to increase the hard B<RLIMIT_NOFILE> limit above the current kernel maximum "
5908 "(B<NR_OPEN>). Or, the calling process did not have permission to set limits "
5909 "for the process specified by I<pid>."
5913 #: build/C/man2/getrlimit.2:468
5914 msgid "Could not find a process with the ID specified in I<pid>."
5918 #: build/C/man2/getrlimit.2:473
5920 "The B<prlimit>() system call is available since Linux 2.6.36. Library "
5921 "support is available since glibc 2.13."
5925 #: build/C/man2/getrlimit.2:477
5926 msgid "B<getrlimit>(), B<setrlimit>(): SVr4, 4.3BSD, POSIX.1-2001."
5930 #: build/C/man2/getrlimit.2:480
5931 msgid "B<prlimit>(): Linux-specific."
5935 #: build/C/man2/getrlimit.2:496
5937 "B<RLIMIT_MEMLOCK> and B<RLIMIT_NPROC> derive from BSD and are not specified "
5938 "in POSIX.1-2001; they are present on the BSDs and Linux, but on few other "
5939 "implementations. B<RLIMIT_RSS> derives from BSD and is not specified in "
5940 "POSIX.1-2001; it is nevertheless present on most implementations. "
5941 "B<RLIMIT_MSGQUEUE>, B<RLIMIT_NICE>, B<RLIMIT_RTPRIO>, B<RLIMIT_RTTIME>, and "
5942 "B<RLIMIT_SIGPENDING> are Linux-specific."
5946 #: build/C/man2/getrlimit.2:502
5948 "A child process created via B<fork>(2) inherits its parent's resource "
5949 "limits. Resource limits are preserved across B<execve>(2)."
5953 #: build/C/man2/getrlimit.2:511
5955 "One can set the resource limits of the shell using the built-in I<ulimit> "
5956 "command (I<limit> in B<csh>(1)). The shell's resource limits are inherited "
5957 "by the processes that it creates to execute commands."
5961 #: build/C/man2/getrlimit.2:516
5963 "Since Linux 2.6.24, the resource limits of any process can be inspected via "
5964 "I</proc/[pid]/limits>; see B<proc>(5)."
5968 #: build/C/man2/getrlimit.2:525
5970 "Ancient systems provided a B<vlimit>() function with a similar purpose to "
5971 "B<setrlimit>(). For backward compatibility, glibc also provides "
5972 "B<vlimit>(). All new applications should be written using B<setrlimit>()."
5975 #. FIXME prlimit() does not suffer
5976 #. https://bugzilla.kernel.org/show_bug.cgi?id=5042
5977 #. http://sources.redhat.com/bugzilla/show_bug.cgi?id=12201
5978 #. Since versions 2.13, glibc has library implementations of
5979 #. getrlimit() and setrlimit() that use prlimit() to work around
5982 #: build/C/man2/getrlimit.2:540
5984 "In older Linux kernels, the B<SIGXCPU> and B<SIGKILL> signals delivered when "
5985 "a process encountered the soft and hard B<RLIMIT_CPU> limits were delivered "
5986 "one (CPU) second later than they should have been. This was fixed in kernel "
5990 #. see http://marc.theaimsgroup.com/?l=linux-kernel&m=114008066530167&w=2
5992 #: build/C/man2/getrlimit.2:548
5994 "In 2.6.x kernels before 2.6.17, a B<RLIMIT_CPU> limit of 0 is wrongly "
5995 "treated as \"no limit\" (like B<RLIM_INFINITY>). Since Linux 2.6.17, "
5996 "setting a limit of 0 does have an effect, but is actually treated as a limit "
6000 #. See https://lwn.net/Articles/145008/
6002 #: build/C/man2/getrlimit.2:553
6004 "A kernel bug means that B<RLIMIT_RTPRIO> does not work in kernel 2.6.12; the "
6005 "problem is fixed in kernel 2.6.13."
6008 #. see http://marc.theaimsgroup.com/?l=linux-kernel&m=112256338703880&w=2
6010 #: build/C/man2/getrlimit.2:564
6012 "In kernel 2.6.12, there was an off-by-one mismatch between the priority "
6013 "ranges returned by B<getpriority>(2) and B<RLIMIT_NICE>. This had the "
6014 "effect that the actual ceiling for the nice value was calculated as I<19\\ "
6015 "-\\ rlim_cur>. This was fixed in kernel 2.6.13."
6018 #. The relevant patch, sent to LKML, seems to be
6019 #. http://thread.gmane.org/gmane.linux.kernel/273462
6020 #. From: Roland McGrath <roland <at> redhat.com>
6021 #. Subject: [PATCH 7/7] make RLIMIT_CPU/SIGXCPU per-process
6022 #. Date: 2005-01-23 23:27:46 GMT
6023 #. Tested Solaris 10, FreeBSD 9, OpenBSD 5.0
6024 #. FIXME https://bugzilla.kernel.org/show_bug.cgi?id=50951
6026 #: build/C/man2/getrlimit.2:591
6028 "Since Linux 2.6.12, if a process reaches its soft B<RLIMIT_CPU> limit and "
6029 "has a handler installed for B<SIGXCPU>, then, in addition to invoking the "
6030 "signal handler, the kernel increases the soft limit by one second. This "
6031 "behavior repeats if the process continues to consume CPU time, until the "
6032 "hard limit is reached, at which point the process is killed. Other "
6033 "implementations do not change the B<RLIMIT_CPU> soft limit in this manner, "
6034 "and the Linux behavior is probably not standards conformant; portable "
6035 "applications should avoid relying on this Linux-specific behavior. The "
6036 "Linux-specific B<RLIMIT_RTTIME> limit exhibits the same behavior when the "
6037 "soft limit is encountered."
6041 #: build/C/man2/getrlimit.2:600
6043 "Kernels before 2.4.22 did not diagnose the error B<EINVAL> for "
6044 "B<setrlimit>() when I<rlim-E<gt>rlim_cur> was greater than "
6045 "I<rlim-E<gt>rlim_max>."
6049 #: build/C/man2/getrlimit.2:603
6050 msgid "The program below demonstrates the use of B<prlimit>()."
6054 #: build/C/man2/getrlimit.2:612
6057 "#define _GNU_SOURCE\n"
6058 "#define _FILE_OFFSET_BITS 64\n"
6059 "#include E<lt>stdio.hE<gt>\n"
6060 "#include E<lt>time.hE<gt>\n"
6061 "#include E<lt>stdlib.hE<gt>\n"
6062 "#include E<lt>unistd.hE<gt>\n"
6063 "#include E<lt>sys/resource.hE<gt>\n"
6067 #: build/C/man2/getrlimit.2:615
6070 "#define errExit(msg) \tdo { perror(msg); exit(EXIT_FAILURE); \\e\n"
6075 #: build/C/man2/getrlimit.2:622
6079 "main(int argc, char *argv[])\n"
6081 " struct rlimit old, new;\n"
6082 " struct rlimit *newp;\n"
6087 #: build/C/man2/getrlimit.2:628
6090 " if (!(argc == 2 || argc == 4)) {\n"
6091 " fprintf(stderr, \"Usage: %s E<lt>pidE<gt> [E<lt>new-soft-limitE<gt> "
6093 " \"E<lt>new-hard-limitE<gt>]\\en\", argv[0]);\n"
6094 " exit(EXIT_FAILURE);\n"
6099 #: build/C/man2/getrlimit.2:630
6101 msgid " pid = atoi(argv[1]); /* PID of target process */\n"
6105 #: build/C/man2/getrlimit.2:637
6109 " if (argc == 4) {\n"
6110 " new.rlim_cur = atoi(argv[2]);\n"
6111 " new.rlim_max = atoi(argv[3]);\n"
6117 #: build/C/man2/getrlimit.2:640
6120 " /* Set CPU time limit of target process; retrieve and display\n"
6121 " previous limit */\n"
6125 #: build/C/man2/getrlimit.2:645
6128 " if (prlimit(pid, RLIMIT_CPU, newp, &old) == -1)\n"
6129 " errExit(\"prlimit-1\");\n"
6130 " printf(\"Previous limits: soft=%lld; hard=%lld\\en\",\n"
6131 " (long long) old.rlim_cur, (long long) old.rlim_max);\n"
6135 #: build/C/man2/getrlimit.2:647
6137 msgid " /* Retrieve and display new CPU time limit */\n"
6141 #: build/C/man2/getrlimit.2:652
6144 " if (prlimit(pid, RLIMIT_CPU, NULL, &old) == -1)\n"
6145 " errExit(\"prlimit-2\");\n"
6146 " printf(\"New limits: soft=%lld; hard=%lld\\en\",\n"
6147 " (long long) old.rlim_cur, (long long) old.rlim_max);\n"
6151 #: build/C/man2/getrlimit.2:655
6154 " exit(EXIT_FAILURE);\n"
6159 #: build/C/man2/getrlimit.2:674
6161 "B<prlimit>(1), B<dup>(2), B<fcntl>(2), B<fork>(2), B<getrusage>(2), "
6162 "B<mlock>(2), B<mmap>(2), B<open>(2), B<quotactl>(2), B<sbrk>(2), "
6163 "B<shmctl>(2), B<malloc>(3), B<sigqueue>(3), B<ulimit>(3), B<core>(5), "
6164 "B<capabilities>(7), B<signal>(7)"
6168 #: build/C/man2/getrusage.2:39
6174 #: build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26 build/C/man2/setpgid.2:48
6180 #: build/C/man2/getrusage.2:42
6181 msgid "getrusage - get resource usage"
6185 #: build/C/man2/getrusage.2:48
6186 msgid "B<int getrusage(int >I<who>B<, struct rusage *>I<usage>B<);>"
6190 #: build/C/man2/getrusage.2:54
6192 "B<getrusage>() returns resource usage measures for I<who>, which can be one "
6197 #: build/C/man2/getrusage.2:54
6199 msgid "B<RUSAGE_SELF>"
6203 #: build/C/man2/getrusage.2:58
6205 "Return resource usage statistics for the calling process, which is the sum "
6206 "of resources used by all threads in the process."
6210 #: build/C/man2/getrusage.2:58
6212 msgid "B<RUSAGE_CHILDREN>"
6216 #: build/C/man2/getrusage.2:65
6218 "Return resource usage statistics for all children of the calling process "
6219 "that have terminated and been waited for. These statistics will include the "
6220 "resources used by grandchildren, and further removed descendants, if all of "
6221 "the intervening descendants waited on their terminated children."
6225 #: build/C/man2/getrusage.2:65
6227 msgid "B<RUSAGE_THREAD> (since Linux 2.6.26)"
6231 #: build/C/man2/getrusage.2:68
6232 msgid "Return resource usage statistics for the calling thread."
6236 #: build/C/man2/getrusage.2:72
6238 "The resource usages are returned in the structure pointed to by I<usage>, "
6239 "which has the following form:"
6243 #: build/C/man2/getrusage.2:93
6247 " struct timeval ru_utime; /* user CPU time used */\n"
6248 " struct timeval ru_stime; /* system CPU time used */\n"
6249 " long ru_maxrss; /* maximum resident set size */\n"
6250 " long ru_ixrss; /* integral shared memory size */\n"
6251 " long ru_idrss; /* integral unshared data size */\n"
6252 " long ru_isrss; /* integral unshared stack size */\n"
6253 " long ru_minflt; /* page reclaims (soft page faults) */\n"
6254 " long ru_majflt; /* page faults (hard page faults) */\n"
6255 " long ru_nswap; /* swaps */\n"
6256 " long ru_inblock; /* block input operations */\n"
6257 " long ru_oublock; /* block output operations */\n"
6258 " long ru_msgsnd; /* IPC messages sent */\n"
6259 " long ru_msgrcv; /* IPC messages received */\n"
6260 " long ru_nsignals; /* signals received */\n"
6261 " long ru_nvcsw; /* voluntary context switches */\n"
6262 " long ru_nivcsw; /* involuntary context switches */\n"
6267 #: build/C/man2/getrusage.2:101
6269 "Not all fields are completed; unmaintained fields are set to zero by the "
6270 "kernel. (The unmaintained fields are provided for compatibility with other "
6271 "systems, and because they may one day be supported on Linux.) The fields "
6272 "are interpreted as follows:"
6276 #: build/C/man2/getrusage.2:101
6282 #: build/C/man2/getrusage.2:107
6284 "This is the total amount of time spent executing in user mode, expressed in "
6285 "a I<timeval> structure (seconds plus microseconds)."
6289 #: build/C/man2/getrusage.2:107
6295 #: build/C/man2/getrusage.2:113
6297 "This is the total amount of time spent executing in kernel mode, expressed "
6298 "in a I<timeval> structure (seconds plus microseconds)."
6302 #: build/C/man2/getrusage.2:113
6304 msgid "I<ru_maxrss> (since Linux 2.6.32)"
6308 #: build/C/man2/getrusage.2:120
6310 "This is the maximum resident set size used (in kilobytes). For "
6311 "B<RUSAGE_CHILDREN>, this is the resident set size of the largest child, not "
6312 "the maximum resident set size of the process tree."
6316 #: build/C/man2/getrusage.2:120
6318 msgid "I<ru_ixrss> (unmaintained)"
6321 #. On some systems, this field records the number of signals received.
6323 #: build/C/man2/getrusage.2:126 build/C/man2/getrusage.2:131 build/C/man2/getrusage.2:136 build/C/man2/getrusage.2:148 build/C/man2/getrusage.2:160 build/C/man2/getrusage.2:166 build/C/man2/getrusage.2:170
6324 msgid "This field is currently unused on Linux."
6328 #: build/C/man2/getrusage.2:126
6330 msgid "I<ru_idrss> (unmaintained)"
6334 #: build/C/man2/getrusage.2:131
6336 msgid "I<ru_isrss> (unmaintained)"
6340 #: build/C/man2/getrusage.2:136
6342 msgid "I<ru_minflt>"
6346 #: build/C/man2/getrusage.2:141
6348 "The number of page faults serviced without any I/O activity; here I/O "
6349 "activity is avoided by ``reclaiming'' a page frame from the list of pages "
6350 "awaiting reallocation."
6354 #: build/C/man2/getrusage.2:141
6356 msgid "I<ru_majflt>"
6360 #: build/C/man2/getrusage.2:144
6361 msgid "The number of page faults serviced that required I/O activity."
6365 #: build/C/man2/getrusage.2:144
6367 msgid "I<ru_nswap> (unmaintained)"
6371 #: build/C/man2/getrusage.2:148
6373 msgid "I<ru_inblock> (since Linux 2.6.22)"
6377 #: build/C/man2/getrusage.2:151
6378 msgid "The number of times the file system had to perform input."
6382 #: build/C/man2/getrusage.2:151
6384 msgid "I<ru_oublock> (since Linux 2.6.22)"
6388 #: build/C/man2/getrusage.2:154
6389 msgid "The number of times the file system had to perform output."
6393 #: build/C/man2/getrusage.2:154
6395 msgid "I<ru_msgsnd> (unmaintained)"
6399 #: build/C/man2/getrusage.2:160
6401 msgid "I<ru_msgrcv> (unmaintained)"
6405 #: build/C/man2/getrusage.2:166
6407 msgid "I<ru_nsignals> (unmaintained)"
6411 #: build/C/man2/getrusage.2:170
6413 msgid "I<ru_nvcsw> (since Linux 2.6)"
6417 #: build/C/man2/getrusage.2:175
6419 "The number of times a context switch resulted due to a process voluntarily "
6420 "giving up the processor before its time slice was completed (usually to "
6421 "await availability of a resource)."
6425 #: build/C/man2/getrusage.2:175
6427 msgid "I<ru_nivcsw> (since Linux 2.6)"
6431 #: build/C/man2/getrusage.2:180
6433 "The number of times a context switch resulted due to a higher priority "
6434 "process becoming runnable or because the current process exceeded its time "
6439 #: build/C/man2/getrusage.2:191
6440 msgid "I<usage> points outside the accessible address space."
6444 #: build/C/man2/getrusage.2:195
6445 msgid "I<who> is invalid."
6449 #: build/C/man2/getrusage.2:203
6451 "SVr4, 4.3BSD. POSIX.1-2001 specifies B<getrusage>(), but specifies only the "
6452 "fields I<ru_utime> and I<ru_stime>."
6456 #: build/C/man2/getrusage.2:206
6457 msgid "B<RUSAGE_THREAD> is Linux-specific."
6461 #: build/C/man2/getrusage.2:209
6462 msgid "Resource usage metrics are preserved across an B<execve>(2)."
6466 #: build/C/man2/getrusage.2:217
6468 "Including I<E<lt>sys/time.hE<gt>> is not required these days, but increases "
6469 "portability. (Indeed, I<struct timeval> is defined in "
6470 "I<E<lt>sys/time.hE<gt>>.)"
6473 #. See the description of getrusage() in XSH.
6474 #. A similar statement was also in SUSv2.
6476 #: build/C/man2/getrusage.2:229
6478 "In Linux kernel versions before 2.6.9, if the disposition of B<SIGCHLD> is "
6479 "set to B<SIG_IGN> then the resource usages of child processes are "
6480 "automatically included in the value returned by B<RUSAGE_CHILDREN>, although "
6481 "POSIX.1-2001 explicitly prohibits this. This nonconformance is rectified in "
6482 "Linux 2.6.9 and later."
6486 #: build/C/man2/getrusage.2:232
6488 "The structure definition shown at the start of this page was taken from "
6493 #: build/C/man2/getrusage.2:241
6495 "Ancient systems provided a B<vtimes>() function with a similar purpose to "
6496 "B<getrusage>(). For backward compatibility, glibc also provides "
6497 "B<vtimes>(). All new applications should be written using B<getrusage>()."
6501 #: build/C/man2/getrusage.2:246
6502 msgid "See also the description of I</proc/PID/stat> in B<proc>(5)."
6506 #: build/C/man2/getrusage.2:253
6508 "B<clock_gettime>(2), B<getrlimit>(2), B<times>(2), B<wait>(2), B<wait4>(2), "
6513 #: build/C/man2/getsid.2:26
6519 #: build/C/man2/getsid.2:29
6520 msgid "getsid - get session ID"
6524 #: build/C/man2/getsid.2:33
6525 msgid "B<pid_t getsid(pid_t>I< pid>B<);>"
6529 #: build/C/man2/getsid.2:42
6530 msgid "B<getsid>():"
6534 #: build/C/man2/getsid.2:45 build/C/man2/setpgid.2:79
6535 msgid "_XOPEN_SOURCE\\ E<gt>=\\ 500 || _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED"
6539 #: build/C/man2/getsid.2:47 build/C/man2/setpgid.2:81
6540 msgid "|| /* Since glibc 2.12: */ _POSIX_C_SOURCE\\ E<gt>=\\ 200809L"
6544 #: build/C/man2/getsid.2:58
6546 "I<getsid(0)> returns the session ID of the calling process. I<getsid(p)> "
6547 "returns the session ID of the process with process ID I<p>. (The session ID "
6548 "of a process is the process group ID of the session leader.)"
6552 #: build/C/man2/getsid.2:63
6554 "On success, a session ID is returned. On error, I<(pid_t)\\ -1> will be "
6555 "returned, and I<errno> is set appropriately."
6559 #: build/C/man2/getsid.2:70
6561 "A process with process ID I<p> exists, but it is not in the same session as "
6562 "the calling process, and the implementation considers this an error."
6566 #: build/C/man2/getsid.2:75
6567 msgid "No process with process ID I<p> was found."
6570 #. Linux has this system call since Linux 1.3.44.
6571 #. There is libc support since libc 5.2.19.
6573 #: build/C/man2/getsid.2:79
6574 msgid "This system call is available on Linux since version 2.0."
6578 #: build/C/man2/getsid.2:81 build/C/man2/setgid.2:68 build/C/man2/setsid.2:67
6579 msgid "SVr4, POSIX.1-2001."
6583 #: build/C/man2/getsid.2:84
6584 msgid "Linux does not return B<EPERM>."
6588 #: build/C/man2/getsid.2:88
6589 msgid "B<getpgid>(2), B<setsid>(2), B<credentials>(7)"
6593 #: build/C/man2/getuid.2:26
6599 #: build/C/man2/getuid.2:29
6600 msgid "getuid, geteuid - get user identity"
6604 #: build/C/man2/getuid.2:35
6605 msgid "B<uid_t getuid(void);>"
6609 #: build/C/man2/getuid.2:37
6610 msgid "B<uid_t geteuid(void);>"
6614 #: build/C/man2/getuid.2:40
6615 msgid "B<getuid>() returns the real user ID of the calling process."
6619 #: build/C/man2/getuid.2:43
6620 msgid "B<geteuid>() returns the effective user ID of the calling process."
6624 #: build/C/man2/getuid.2:48
6630 #: build/C/man2/getuid.2:57
6632 "In UNIX V6 the B<getuid>() call returned I<(euid E<lt>E<lt> 8) + uid>. "
6633 "UNIX V7 introduced separate calls B<getuid>() and B<geteuid>()."
6637 #: build/C/man2/getuid.2:73
6639 "The original Linux B<getuid>() and B<geteuid>() system calls supported "
6640 "only 16-bit user IDs. Subsequently, Linux 2.4 added B<getuid32>() and "
6641 "B<geteuid32>(), supporting 32-bit IDs. The glibc B<getuid>() and "
6642 "B<geteuid>() wrapper functions transparently deal with the variations "
6643 "across kernel versions."
6647 #: build/C/man2/getuid.2:78
6648 msgid "B<getresuid>(2), B<setreuid>(2), B<setuid>(2), B<credentials>(7)"
6652 #: build/C/man2/iopl.2:33
6658 #: build/C/man2/iopl.2:33
6664 #: build/C/man2/iopl.2:36
6665 msgid "iopl - change I/O privilege level"
6669 #: build/C/man2/iopl.2:38
6670 msgid "B<#include E<lt>sys/io.hE<gt>>"
6674 #: build/C/man2/iopl.2:40
6675 msgid "B<int iopl(int >I<level>B<);>"
6679 #: build/C/man2/iopl.2:45
6681 "B<iopl>() changes the I/O privilege level of the calling process, as "
6682 "specified by the two least significant bits in I<level>."
6686 #: build/C/man2/iopl.2:51
6688 "This call is necessary to allow 8514-compatible X servers to run under "
6689 "Linux. Since these X servers require access to all 65536 I/O ports, the "
6690 "B<ioperm>(2) call is not sufficient."
6694 #: build/C/man2/iopl.2:55
6696 "In addition to granting unrestricted I/O port access, running at a higher "
6697 "I/O privilege level also allows the process to disable interrupts. This "
6698 "will probably crash the system, and is not recommended."
6702 #: build/C/man2/iopl.2:60
6703 msgid "Permissions are inherited by B<fork>(2) and B<execve>(2)."
6707 #: build/C/man2/iopl.2:62
6708 msgid "The I/O privilege level for a normal process is 0."
6712 #: build/C/man2/iopl.2:66
6714 "This call is mostly for the i386 architecture. On many other architectures "
6715 "it does not exist or will always return an error."
6719 #: build/C/man2/iopl.2:76
6720 msgid "I<level> is greater than 3."
6724 #: build/C/man2/iopl.2:79
6725 msgid "This call is unimplemented."
6729 #: build/C/man2/iopl.2:87
6731 "The calling process has insufficient privilege to call B<iopl>(); the "
6732 "B<CAP_SYS_RAWIO> capability is required to raise the I/O privilege level "
6733 "above its current value."
6737 #: build/C/man2/iopl.2:91
6739 "B<iopl>() is Linux-specific and should not be used in programs that are "
6740 "intended to be portable."
6744 #: build/C/man2/iopl.2:100
6746 "Libc5 treats it as a system call and has a prototype in "
6747 "I<E<lt>unistd.hE<gt>>. Glibc1 does not have a prototype. Glibc2 has a "
6748 "prototype both in I<E<lt>sys/io.hE<gt>> and in I<E<lt>sys/perm.hE<gt>>. "
6749 "Avoid the latter, it is available on i386 only."
6753 #: build/C/man2/iopl.2:104
6754 msgid "B<ioperm>(2), B<outb>(2), B<capabilities>(7)"
6758 #: build/C/man2/ioprio_set.2:24
6764 #: build/C/man2/ioprio_set.2:27
6765 msgid "ioprio_get, ioprio_set - get/set I/O scheduling class and priority"
6769 #: build/C/man2/ioprio_set.2:31
6772 "B<int ioprio_get(int >I<which>B<, int >I<who>B<);>\n"
6773 "B<int ioprio_set(int >I<which>B<, int >I<who>B<, int >I<ioprio>B<);>\n"
6777 #: build/C/man2/ioprio_set.2:35
6778 msgid "I<Note>: There are no glibc wrappers for these system calls; see NOTES."
6782 #: build/C/man2/ioprio_set.2:42
6784 "The B<ioprio_get>() and B<ioprio_set>() system calls respectively get and "
6785 "set the I/O scheduling class and priority of one or more threads."
6789 #: build/C/man2/ioprio_set.2:54
6791 "The I<which> and I<who> arguments identify the thread(s) on which the system "
6792 "calls operate. The I<which> argument determines how I<who> is interpreted, "
6793 "and has one of the following values:"
6797 #: build/C/man2/ioprio_set.2:54
6799 msgid "B<IOPRIO_WHO_PROCESS>"
6803 #: build/C/man2/ioprio_set.2:61
6805 "I<who> is a process ID or thread ID identifying a single process or thread. "
6806 "If I<who> is 0, then operate on the calling thread."
6810 #: build/C/man2/ioprio_set.2:61
6812 msgid "B<IOPRIO_WHO_PGRP>"
6816 #: build/C/man2/ioprio_set.2:68
6818 "I<who> is a process group ID identifying all the members of a process "
6819 "group. If I<who> is 0, then operate on the process group of which the "
6820 "caller is a member."
6824 #: build/C/man2/ioprio_set.2:68
6826 msgid "B<IOPRIO_WHO_USER>"
6829 #. FIXME who==0 needs to be documented,
6830 #. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652443
6832 #: build/C/man2/ioprio_set.2:75
6834 "I<who> is a user ID identifying all of the processes that have a matching "
6839 #: build/C/man2/ioprio_set.2:98
6841 "If I<which> is specified as B<IOPRIO_WHO_PGRP> or B<IOPRIO_WHO_USER> when "
6842 "calling B<ioprio_get>(), and more than one process matches I<who>, then the "
6843 "returned priority will be the highest one found among all of the matching "
6844 "processes. One priority is said to be higher than another one if it belongs "
6845 "to a higher priority class (B<IOPRIO_CLASS_RT> is the highest priority "
6846 "class; B<IOPRIO_CLASS_IDLE> is the lowest) or if it belongs to the same "
6847 "priority class as the other process but has a higher priority level (a lower "
6848 "priority number means a higher priority level)."
6852 #: build/C/man2/ioprio_set.2:108
6854 "The I<ioprio> argument given to B<ioprio_set>() is a bit mask that "
6855 "specifies both the scheduling class and the priority to be assigned to the "
6856 "target process(es). The following macros are used for assembling and "
6857 "dissecting I<ioprio> values:"
6861 #: build/C/man2/ioprio_set.2:108
6863 msgid "B<IOPRIO_PRIO_VALUE(>I<class>B<, >I<data>B<)>"
6867 #: build/C/man2/ioprio_set.2:117
6869 "Given a scheduling I<class> and priority (I<data>), this macro combines the "
6870 "two values to produce an I<ioprio> value, which is returned as the result of "
6875 #: build/C/man2/ioprio_set.2:117
6877 msgid "B<IOPRIO_PRIO_CLASS(>I<mask>B<)>"
6881 #: build/C/man2/ioprio_set.2:129
6883 "Given I<mask> (an I<ioprio> value), this macro returns its I/O class "
6884 "component, that is, one of the values B<IOPRIO_CLASS_RT>, "
6885 "B<IOPRIO_CLASS_BE>, or B<IOPRIO_CLASS_IDLE>."
6889 #: build/C/man2/ioprio_set.2:129
6891 msgid "B<IOPRIO_PRIO_DATA(>I<mask>B<)>"
6895 #: build/C/man2/ioprio_set.2:138
6897 "Given I<mask> (an I<ioprio> value), this macro returns its priority "
6898 "(I<data>) component."
6902 #: build/C/man2/ioprio_set.2:141
6904 "See the NOTES section for more information on scheduling classes and "
6909 #: build/C/man2/ioprio_set.2:149
6911 "I/O priorities are supported for reads and for synchronous (B<O_DIRECT>, "
6912 "B<O_SYNC>) writes. I/O priorities are not supported for asynchronous "
6913 "writes because they are issued outside the context of the program dirtying "
6914 "the memory, and thus program-specific priorities do not apply."
6918 #: build/C/man2/ioprio_set.2:162
6920 "On success, B<ioprio_get>() returns the I<ioprio> value of the process with "
6921 "highest I/O priority of any of the processes that match the criteria "
6922 "specified in I<which> and I<who>. On error, -1 is returned, and I<errno> is "
6923 "set to indicate the error."
6927 #: build/C/man2/ioprio_set.2:169
6929 "On success, B<ioprio_set>() returns 0. On error, -1 is returned, and "
6930 "I<errno> is set to indicate the error."
6934 #: build/C/man2/ioprio_set.2:179
6936 "Invalid value for I<which> or I<ioprio>. Refer to the NOTES section for "
6937 "available scheduler classes and priority levels for I<ioprio>."
6941 #: build/C/man2/ioprio_set.2:187
6943 "The calling process does not have the privilege needed to assign this "
6944 "I<ioprio> to the specified process(es). See the NOTES section for more "
6945 "information on required privileges for B<ioprio_set>()."
6949 #: build/C/man2/ioprio_set.2:193
6951 "No process(es) could be found that matched the specification in I<which> and "
6956 #: build/C/man2/ioprio_set.2:196
6957 msgid "These system calls have been available on Linux since kernel 2.6.13."
6961 #: build/C/man2/ioprio_set.2:201
6963 "Glibc does not provide a wrapper for these system calls; call them using "
6968 #: build/C/man2/ioprio_set.2:220
6970 "Two or more processes or threads can share an I/O context. This will be the "
6971 "case when B<clone>(2) was called with the B<CLONE_IO> flag. However, by "
6972 "default, the distinct threads of a process will B<not> share the same I/O "
6973 "context. This means that if you want to change the I/O priority of all "
6974 "threads in a process, you may need to call B<ioprio_set>() on each of the "
6975 "threads. The thread ID that you would need for this operation is the one "
6976 "that is returned by B<gettid>(2) or B<clone>(2)."
6980 #: build/C/man2/ioprio_set.2:225
6982 "These system calls have an effect only when used in conjunction with an I/O "
6983 "scheduler that supports I/O priorities. As at kernel 2.6.17 the only such "
6984 "scheduler is the Completely Fair Queuing (CFQ) I/O scheduler."
6988 #: build/C/man2/ioprio_set.2:225
6990 msgid "Selecting an I/O scheduler"
6994 #: build/C/man2/ioprio_set.2:229
6996 "I/O Schedulers are selected on a per-device basis via the special file "
6997 "I</sys/block/E<lt>deviceE<gt>/queue/scheduler>."
7001 #: build/C/man2/ioprio_set.2:235
7003 "One can view the current I/O scheduler via the I</sys> file system. For "
7004 "example, the following command displays a list of all schedulers currently "
7005 "loaded in the kernel:"
7009 #: build/C/man2/ioprio_set.2:240
7012 "$B< cat /sys/block/hda/queue/scheduler>\n"
7013 "noop anticipatory deadline [cfq]\n"
7017 #: build/C/man2/ioprio_set.2:254
7019 "The scheduler surrounded by brackets is the one actually in use for the "
7020 "device (I<hda> in the example). Setting another scheduler is done by "
7021 "writing the name of the new scheduler to this file. For example, the "
7022 "following command will set the scheduler for the I<hda> device to I<cfq>:"
7026 #: build/C/man2/ioprio_set.2:260
7031 "#B< echo cfq E<gt> /sys/block/hda/queue/scheduler>\n"
7035 #: build/C/man2/ioprio_set.2:262
7037 msgid "The Completely Fair Queuing (CFQ) I/O scheduler"
7041 #: build/C/man2/ioprio_set.2:268
7043 "Since v3 (aka CFQ Time Sliced) CFQ implements I/O nice levels similar to "
7044 "those of CPU scheduling. These nice levels are grouped in three scheduling "
7045 "classes each one containing one or more priority levels:"
7049 #: build/C/man2/ioprio_set.2:268
7051 msgid "B<IOPRIO_CLASS_RT> (1)"
7055 #: build/C/man2/ioprio_set.2:283
7057 "This is the real-time I/O class. This scheduling class is given higher "
7058 "priority than any other class: processes from this class are given first "
7059 "access to the disk every time. Thus this I/O class needs to be used with "
7060 "some care: one I/O real-time process can starve the entire system. Within "
7061 "the real-time class, there are 8 levels of class data (priority) that "
7062 "determine exactly how much time this process needs the disk for on each "
7063 "service. The highest real-time priority level is 0; the lowest is 7. In "
7064 "the future this might change to be more directly mappable to performance, by "
7065 "passing in a desired data rate instead."
7069 #: build/C/man2/ioprio_set.2:283
7071 msgid "B<IOPRIO_CLASS_BE> (2)"
7075 #: build/C/man2/ioprio_set.2:296
7077 "This is the best-effort scheduling class, which is the default for any "
7078 "process that hasn't set a specific I/O priority. The class data (priority) "
7079 "determines how much I/O bandwidth the process will get. Best-effort "
7080 "priority levels are analogous to CPU nice values (see B<getpriority>(2)). "
7081 "The priority level determines a priority relative to other processes in the "
7082 "best-effort scheduling class. Priority levels range from 0 (highest) to 7 "
7087 #: build/C/man2/ioprio_set.2:296
7089 msgid "B<IOPRIO_CLASS_IDLE> (3)"
7093 #: build/C/man2/ioprio_set.2:305
7095 "This is the idle scheduling class. Processes running at this level only get "
7096 "I/O time when no-one else needs the disk. The idle class has no class "
7097 "data. Attention is required when assigning this priority class to a "
7098 "process, since it may become starved if higher priority processes are "
7099 "constantly accessing the disk."
7103 #: build/C/man2/ioprio_set.2:309
7105 "Refer to I<Documentation/block/ioprio.txt> for more information on the CFQ "
7106 "I/O Scheduler and an example program."
7110 #: build/C/man2/ioprio_set.2:309
7112 msgid "Required permissions to set I/O priorities"
7116 #: build/C/man2/ioprio_set.2:312
7118 "Permission to change a process's priority is granted or denied based on two "
7123 #: build/C/man2/ioprio_set.2:312
7125 msgid "B<Process ownership>"
7129 #: build/C/man2/ioprio_set.2:320
7131 "An unprivileged process may set only the I/O priority of a process whose "
7132 "real UID matches the real or effective UID of the calling process. A "
7133 "process which has the B<CAP_SYS_NICE> capability can change the priority of "
7138 #: build/C/man2/ioprio_set.2:320
7140 msgid "B<What is the desired priority>"
7144 #: build/C/man2/ioprio_set.2:332
7146 "Attempts to set very high priorities (B<IOPRIO_CLASS_RT>) require the "
7147 "B<CAP_SYS_ADMIN> capability. Kernel versions up to 2.6.24 also required "
7148 "B<CAP_SYS_ADMIN> to set a very low priority (B<IOPRIO_CLASS_IDLE>), but "
7149 "since Linux 2.6.25, this is no longer required."
7153 #: build/C/man2/ioprio_set.2:337
7155 "A call to B<ioprio_set>() must follow both rules, or the call will fail "
7156 "with the error B<EPERM>."
7159 #. 6 May 07: Bug report raised:
7160 #. http://sources.redhat.com/bugzilla/show_bug.cgi?id=4464
7161 #. Ulrich Drepper replied that he wasn't going to add these
7164 #: build/C/man2/ioprio_set.2:346
7166 "Glibc does not yet provide a suitable header file defining the function "
7167 "prototypes and macros described on this page. Suitable definitions can be "
7168 "found in I<linux/ioprio.h>."
7172 #: build/C/man2/ioprio_set.2:351
7173 msgid "B<ionice>(1), B<getpriority>(2), B<open>(2), B<capabilities>(7)"
7177 #: build/C/man2/ioprio_set.2:354
7178 msgid "I<Documentation/block/ioprio.txt> in the Linux kernel source tree"
7182 #: build/C/man2/ipc.2:25
7188 #: build/C/man2/ipc.2:25
7194 #: build/C/man2/ipc.2:28
7195 msgid "ipc - System V IPC system calls"
7199 #: build/C/man2/ipc.2:33
7202 "B<int ipc(unsigned int >I<call>B<, int >I<first>B<, int >I<second>B<, int "
7204 "B< void *>I<ptr>B<, long >I<fifth>B<);>\n"
7208 #: build/C/man2/ipc.2:41
7210 "B<ipc>() is a common kernel entry point for the System V IPC calls for "
7211 "messages, semaphores, and shared memory. I<call> determines which IPC "
7212 "function to invoke; the other arguments are passed through to the "
7217 #: build/C/man2/ipc.2:45
7219 "User programs should call the appropriate functions by their usual names. "
7220 "Only standard library implementors and kernel hackers need to know about "
7225 #: build/C/man2/ipc.2:49
7227 "B<ipc>() is Linux-specific, and should not be used in programs intended to "
7232 #: build/C/man2/ipc.2:57
7234 "On some architectures\\(emfor example x86-64 and ARM\\(emthere is no "
7235 "B<ipc>() system call; instead B<msgctl>(2), B<semctl>(2), B<shmctl>(2), and "
7236 "so on really are implemented as separate system calls."
7240 #: build/C/man2/ipc.2:70
7242 "B<msgctl>(2), B<msgget>(2), B<msgrcv>(2), B<msgsnd>(2), B<semctl>(2), "
7243 "B<semget>(2), B<semop>(2), B<semtimedop>(2), B<shmat>(2), B<shmctl>(2), "
7244 "B<shmdt>(2), B<shmget>(2)"
7248 #: build/C/man2/seteuid.2:29
7254 #: build/C/man2/seteuid.2:29
7260 #: build/C/man2/seteuid.2:32
7261 msgid "seteuid, setegid - set effective user or group ID"
7265 #: build/C/man2/seteuid.2:38
7266 msgid "B<int seteuid(uid_t >I<euid>B<);>"
7270 #: build/C/man2/seteuid.2:40
7271 msgid "B<int setegid(gid_t >I<egid>B<);>"
7275 #: build/C/man2/seteuid.2:49
7276 msgid "B<seteuid>(), B<setegid>():"
7280 #: build/C/man2/seteuid.2:51
7282 "_BSD_SOURCE || _POSIX_C_SOURCE\\ E<gt>=\\ 200112L || _XOPEN_SOURCE\\ "
7287 #: build/C/man2/seteuid.2:58
7289 "B<seteuid>() sets the effective user ID of the calling process. "
7290 "Unprivileged user processes may only set the effective user ID to the real "
7291 "user ID, the effective user ID or the saved set-user-ID."
7296 #. equals \-1, nothing is changed.
7297 #. (This is an artifact of the implementation in glibc of seteuid()
7298 #. using setresuid(2).)
7300 #: build/C/man2/seteuid.2:67
7302 "Precisely the same holds for B<setegid>() with \"group\" instead of "
7307 #: build/C/man2/seteuid.2:91
7309 "The calling process is not privileged (Linux: does not have the "
7310 "B<CAP_SETUID> capability in the case of B<seteuid>(), or the B<CAP_SETGID> "
7311 "capability in the case of B<setegid>()) and I<euid> (respectively, I<egid>) "
7312 "is not the real user (group) ID, the effective user (group) ID, or the saved "
7313 "set-user-ID (saved set-group-ID)."
7317 #: build/C/man2/seteuid.2:93
7318 msgid "4.3BSD, POSIX.1-2001."
7322 #: build/C/man2/seteuid.2:99
7324 "Setting the effective user (group) ID to the saved set-user-ID (saved "
7325 "set-group-ID) is possible since Linux 1.1.37 (1.1.38). On an arbitrary "
7326 "system one should check B<_POSIX_SAVED_IDS>."
7330 #: build/C/man2/seteuid.2:115
7332 "Under libc4, libc5 and glibc 2.0 B<seteuid(>I<euid>B<)> is equivalent to "
7333 "B<setreuid(-1,>I< euid>B<)> and hence may change the saved set-user-ID. "
7334 "Under glibc 2.1 and later it is equivalent to B<setresuid(-1,>I< euid>B<, "
7335 "-1)> and hence does not change the saved set-user-ID. Analogous remarks "
7336 "hold for B<setegid>(), with the difference that the change in implementation "
7337 "from B<setregid(-1,>I< egid>B<)> to B<setresgid(-1,>I< egid>B<, -1)> "
7338 "occurred in glibc 2.2 or 2.3 (dependeing on the hardware architecture)."
7342 #: build/C/man2/seteuid.2:124
7344 "According to POSIX.1, B<seteuid>() (B<setegid>()) need not permit I<euid> "
7345 "(I<egid>) to be the same value as the current effective user (group) ID, "
7346 "and some implementations do not permit this."
7350 #: build/C/man2/seteuid.2:131
7352 "B<geteuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), "
7353 "B<capabilities>(7), B<credentials>(7)"
7357 #: build/C/man2/setfsgid.2:31
7363 #: build/C/man2/setfsgid.2:34
7364 msgid "setfsgid - set group identity used for file system checks"
7368 #: build/C/man2/setfsgid.2:37 build/C/man2/setfsuid.2:37
7369 msgid "B<#include E<lt>unistd.hE<gt>> /* glibc uses E<lt>sys/fsuid.hE<gt> */"
7373 #: build/C/man2/setfsgid.2:39
7374 msgid "B<int setfsgid(uid_t >I<fsgid>B<);>"
7378 #: build/C/man2/setfsgid.2:51
7380 "The system call B<setfsgid>() sets the group ID that the Linux kernel uses "
7381 "to check for all accesses to the file system. Normally, the value of "
7382 "I<fsgid> will shadow the value of the effective group ID. In fact, whenever "
7383 "the effective group ID is changed, I<fsgid> will also be changed to the new "
7384 "value of the effective group ID."
7388 #: build/C/man2/setfsgid.2:62
7390 "Explicit calls to B<setfsuid>(2) and B<setfsgid>() are usually used only "
7391 "by programs such as the Linux NFS server that need to change what user and "
7392 "group ID is used for file access without a corresponding change in the real "
7393 "and effective user and group IDs. A change in the normal user IDs for a "
7394 "program such as the NFS server is a security hole that can expose it to "
7395 "unwanted signals. (But see below.)"
7399 #: build/C/man2/setfsgid.2:69
7401 "B<setfsgid>() will succeed only if the caller is the superuser or if "
7402 "I<fsgid> matches either the real group ID, effective group ID, saved "
7403 "set-group-ID, or the current value of I<fsgid>."
7407 #: build/C/man2/setfsgid.2:76
7409 "On success, the previous value of I<fsgid> is returned. On error, the "
7410 "current value of I<fsgid> is returned."
7413 #. This system call is present since Linux 1.1.44
7414 #. and in libc since libc 4.7.6.
7416 #: build/C/man2/setfsgid.2:80 build/C/man2/setfsuid.2:80
7417 msgid "This system call is present in Linux since version 1.2."
7421 #: build/C/man2/setfsgid.2:84
7423 "B<setfsgid>() is Linux-specific and should not be used in programs intended "
7428 #: build/C/man2/setfsgid.2:90
7430 "When glibc determines that the argument is not a valid group ID, it will "
7431 "return -1 and set I<errno> to B<EINVAL> without attempting the system call."
7435 #: build/C/man2/setfsgid.2:94 build/C/man2/setfsuid.2:94
7437 "Note that at the time this system call was introduced, a process could send "
7438 "a signal to a process with the same effective user ID. Today signal "
7439 "permission handling is slightly different."
7443 #: build/C/man2/setfsgid.2:104
7445 "The original Linux B<setfsgid>() system call supported only 16-bit group "
7446 "IDs. Subsequently, Linux 2.4 added B<setfsgid32>() supporting 32-bit IDs. "
7447 "The glibc B<setfsgid>() wrapper function transparently deals with the "
7448 "variation across kernel versions."
7452 #: build/C/man2/setfsgid.2:112
7454 "No error messages of any kind are returned to the caller. At the very "
7455 "least, B<EPERM> should be returned when the call fails (because the caller "
7456 "lacks the B<CAP_SETGID> capability)."
7460 #: build/C/man2/setfsgid.2:117
7461 msgid "B<kill>(2), B<setfsuid>(2), B<capabilities>(7), B<credentials>(7)"
7465 #: build/C/man2/setfsuid.2:31
7471 #: build/C/man2/setfsuid.2:34
7472 msgid "setfsuid - set user identity used for file system checks"
7476 #: build/C/man2/setfsuid.2:39
7477 msgid "B<int setfsuid(uid_t >I<fsuid>B<);>"
7481 #: build/C/man2/setfsuid.2:51
7483 "The system call B<setfsuid>() sets the user ID that the Linux kernel uses "
7484 "to check for all accesses to the file system. Normally, the value of "
7485 "I<fsuid> will shadow the value of the effective user ID. In fact, whenever "
7486 "the effective user ID is changed, I<fsuid> will also be changed to the new "
7487 "value of the effective user ID."
7491 #: build/C/man2/setfsuid.2:62
7493 "Explicit calls to B<setfsuid>() and B<setfsgid>(2) are usually used only "
7494 "by programs such as the Linux NFS server that need to change what user and "
7495 "group ID is used for file access without a corresponding change in the real "
7496 "and effective user and group IDs. A change in the normal user IDs for a "
7497 "program such as the NFS server is a security hole that can expose it to "
7498 "unwanted signals. (But see below.)"
7502 #: build/C/man2/setfsuid.2:69
7504 "B<setfsuid>() will succeed only if the caller is the superuser or if "
7505 "I<fsuid> matches either the real user ID, effective user ID, saved "
7506 "set-user-ID, or the current value of I<fsuid>."
7510 #: build/C/man2/setfsuid.2:76
7512 "On success, the previous value of I<fsuid> is returned. On error, the "
7513 "current value of I<fsuid> is returned."
7517 #: build/C/man2/setfsuid.2:84
7519 "B<setfsuid>() is Linux-specific and should not be used in programs intended "
7524 #: build/C/man2/setfsuid.2:90
7526 "When glibc determines that the argument is not a valid user ID, it will "
7527 "return -1 and set I<errno> to B<EINVAL> without attempting the system call."
7531 #: build/C/man2/setfsuid.2:104
7533 "The original Linux B<setfsuid>() system call supported only 16-bit user "
7534 "IDs. Subsequently, Linux 2.4 added B<setfsuid32>() supporting 32-bit IDs. "
7535 "The glibc B<setfsuid>() wrapper function transparently deals with the "
7536 "variation across kernel versions."
7540 #: build/C/man2/setfsuid.2:112
7542 "No error messages of any kind are returned to the caller. At the very "
7543 "least, B<EPERM> should be returned when the call fails (because the caller "
7544 "lacks the B<CAP_SETUID> capability)."
7548 #: build/C/man2/setfsuid.2:117
7549 msgid "B<kill>(2), B<setfsgid>(2), B<capabilities>(7), B<credentials>(7)"
7553 #: build/C/man2/setgid.2:29
7559 #: build/C/man2/setgid.2:32
7560 msgid "setgid - set group identity"
7564 #: build/C/man2/setgid.2:38
7565 msgid "B<int setgid(gid_t >I<gid>B<);>"
7569 #: build/C/man2/setgid.2:43
7571 "B<setgid>() sets the effective group ID of the calling process. If the "
7572 "caller is the superuser, the real GID and saved set-group-ID are also set."
7576 #: build/C/man2/setgid.2:53
7578 "Under Linux, B<setgid>() is implemented like the POSIX version with the "
7579 "B<_POSIX_SAVED_IDS> feature. This allows a set-group-ID program that is not "
7580 "set-user-ID-root to drop all of its group privileges, do some un-privileged "
7581 "work, and then reengage the original effective group ID in a secure manner."
7585 #: build/C/man2/setgid.2:66
7587 "The calling process is not privileged (does not have the B<CAP_SETGID> "
7588 "capability), and I<gid> does not match the real group ID or saved "
7589 "set-group-ID of the calling process."
7593 #: build/C/man2/setgid.2:78
7595 "The original Linux B<setgid>() system call supported only 16-bit group "
7596 "IDs. Subsequently, Linux 2.4 added B<setgid32>() supporting 32-bit IDs. "
7597 "The glibc B<setgid>() wrapper function transparently deals with the "
7598 "variation across kernel versions."
7602 #: build/C/man2/setgid.2:84
7604 "B<getgid>(2), B<setegid>(2), B<setregid>(2), B<capabilities>(7), "
7609 #: build/C/man2/setpgid.2:48
7615 #: build/C/man2/setpgid.2:51
7616 msgid "setpgid, getpgid, setpgrp, getpgrp - set/get process group"
7620 #: build/C/man2/setpgid.2:55
7621 msgid "B<int setpgid(pid_t >I<pid>B<, pid_t >I<pgid>B<);>"
7625 #: build/C/man2/setpgid.2:57
7626 msgid "B<pid_t getpgid(pid_t >I<pid>B<);>"
7630 #: build/C/man2/setpgid.2:59
7631 msgid "B<pid_t getpgrp(void);> /* POSIX.1 version */"
7635 #: build/C/man2/setpgid.2:62
7637 "B<pid_t getpgrp(pid_t >I<pid>B<);\\ \\ \\ \\ \\ \\ \\ \\ \\ \\ \\ > /* BSD "
7642 #: build/C/man2/setpgid.2:64
7643 msgid "B<int setpgrp(void);> /* System V version */"
7647 #: build/C/man2/setpgid.2:67
7648 msgid "B<int setpgrp(pid_t >I<pid>B<, pid_t >I<pgid>B<);\\ > /* BSD version */"
7652 #: build/C/man2/setpgid.2:76
7653 msgid "B<getpgid>():"
7657 #: build/C/man2/setpgid.2:84
7658 msgid "B<setpgrp>() (POSIX.1):"
7662 #: build/C/man2/setpgid.2:87
7665 " _SVID_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 ||\n"
7666 " _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED\n"
7670 #: build/C/man2/setpgid.2:91
7671 msgid "B<setpgrp>()\\ (BSD), B<getpgrp>()\\ (BSD):"
7675 #: build/C/man2/setpgid.2:95
7679 " !\\ (_POSIX_SOURCE || _POSIX_C_SOURCE || _XOPEN_SOURCE ||\n"
7680 " _XOPEN_SOURCE_EXTENDED || _GNU_SOURCE || _SVID_SOURCE)\n"
7684 #: build/C/man2/setpgid.2:107
7686 "All of these interfaces are available on Linux, and are used for getting and "
7687 "setting the process group ID (PGID) of a process. The preferred, "
7688 "POSIX.1-specified ways of doing this are: B<getpgrp>(void), for retrieving "
7689 "the calling process's PGID; and B<setpgid>(), for setting a process's PGID."
7693 #: build/C/man2/setpgid.2:132
7695 "B<setpgid>() sets the PGID of the process specified by I<pid> to I<pgid>. "
7696 "If I<pid> is zero, then the process ID of the calling process is used. If "
7697 "I<pgid> is zero, then the PGID of the process specified by I<pid> is made "
7698 "the same as its process ID. If B<setpgid>() is used to move a process from "
7699 "one process group to another (as is done by some shells when creating "
7700 "pipelines), both process groups must be part of the same session (see "
7701 "B<setsid>(2) and B<credentials>(7)). In this case, the I<pgid> specifies "
7702 "an existing process group to be joined and the session ID of that group must "
7703 "match the session ID of the joining process."
7707 #: build/C/man2/setpgid.2:137
7709 "The POSIX.1 version of B<getpgrp>(), which takes no arguments, returns the "
7710 "PGID of the calling process."
7714 #: build/C/man2/setpgid.2:148
7716 "B<getpgid>() returns the PGID of the process specified by I<pid>. If "
7717 "I<pid> is zero, the process ID of the calling process is used. (Retrieving "
7718 "the PGID of a process other than the caller is rarely necessary, and the "
7719 "POSIX.1 B<getpgrp>() is preferred for that task.)"
7723 #: build/C/man2/setpgid.2:153
7725 "The System V-style B<setpgrp>(), which takes no arguments, is equivalent to "
7726 "I<setpgid(0,\\ 0)>."
7729 #. The true BSD setpgrp() system call differs in allowing the PGID
7730 #. to be set to arbitrary values, rather than being restricted to
7731 #. PGIDs in the same session.
7733 #: build/C/man2/setpgid.2:165
7735 "The BSD-specific B<setpgrp>() call, which takes arguments I<pid> and "
7736 "I<pgid>, is equivalent to I<setpgid(pid, pgid)>."
7740 #: build/C/man2/setpgid.2:172
7742 "The BSD-specific B<getpgrp>() call, which takes a single I<pid> argument, "
7743 "is equivalent to I<getpgid(pid)>."
7747 #: build/C/man2/setpgid.2:181
7749 "On success, B<setpgid>() and B<setpgrp>() return zero. On error, -1 is "
7750 "returned, and I<errno> is set appropriately."
7754 #: build/C/man2/setpgid.2:185
7755 msgid "The POSIX.1 B<getpgrp>() always returns the PGID of the caller."
7759 #: build/C/man2/setpgid.2:193
7761 "B<getpgid>(), and the BSD-specific B<getpgrp>() return a process group on "
7762 "success. On error, -1 is returned, and I<errno> is set appropriately."
7766 #: build/C/man2/setpgid.2:202
7768 "An attempt was made to change the process group ID of one of the children of "
7769 "the calling process and the child had already performed an B<execve>(2) "
7770 "(B<setpgid>(), B<setpgrp>())."
7774 #: build/C/man2/setpgid.2:208
7775 msgid "I<pgid> is less than 0 (B<setpgid>(), B<setpgrp>())."
7779 #: build/C/man2/setpgid.2:217
7781 "An attempt was made to move a process into a process group in a different "
7782 "session, or to change the process group ID of one of the children of the "
7783 "calling process and the child was in a different session, or to change the "
7784 "process group ID of a session leader (B<setpgid>(), B<setpgrp>())."
7788 #: build/C/man2/setpgid.2:227
7790 "For B<getpgid>(): I<pid> does not match any process. For B<setpgid>(): "
7791 "I<pid> is not the calling process and not a child of the calling process."
7795 #: build/C/man2/setpgid.2:233
7797 "B<setpgid>() and the version of B<getpgrp>() with no arguments conform to "
7802 #: build/C/man2/setpgid.2:242
7804 "POSIX.1-2001 also specifies B<getpgid>() and the version of B<setpgrp>() "
7805 "that takes no arguments. (POSIX.1-2008 marks this B<setpgrp>() "
7806 "specification as obsolete.)"
7810 #: build/C/man2/setpgid.2:249
7812 "The version of B<getpgrp>() with one argument and the version of "
7813 "B<setpgrp>() that takes two arguments derive from 4.2BSD, and are not "
7814 "specified by POSIX.1."
7818 #: build/C/man2/setpgid.2:255
7820 "A child created via B<fork>(2) inherits its parent's process group ID. The "
7821 "PGID is preserved across an B<execve>(2)."
7825 #: build/C/man2/setpgid.2:258
7827 "Each process group is a member of a session and each process is a member of "
7828 "the session of which its process group is a member."
7832 #: build/C/man2/setpgid.2:285
7834 "A session can have a controlling terminal. At any time, one (and only one) "
7835 "of the process groups in the session can be the foreground process group for "
7836 "the terminal; the remaining process groups are in the background. If a "
7837 "signal is generated from the terminal (e.g., typing the interrupt key to "
7838 "generate B<SIGINT>), that signal is sent to the foreground process group. "
7839 "(See B<termios>(3) for a description of the characters that generate "
7840 "signals.) Only the foreground process group may B<read>(2) from the "
7841 "terminal; if a background process group tries to B<read>(2) from the "
7842 "terminal, then the group is sent a B<SIGTSTP> signal, which suspends it. "
7843 "The B<tcgetpgrp>(3) and B<tcsetpgrp>(3) functions are used to get/set the "
7844 "foreground process group of the controlling terminal."
7848 #: build/C/man2/setpgid.2:293
7850 "The B<setpgid>() and B<getpgrp>() calls are used by programs such as "
7851 "B<bash>(1) to create process groups in order to implement shell job "
7856 #: build/C/man2/setpgid.2:303
7858 "If a session has a controlling terminal, and the B<CLOCAL> flag for that "
7859 "terminal is not set, and a terminal hangup occurs, then the session leader "
7860 "is sent a B<SIGHUP>. If the session leader exits, then a B<SIGHUP> signal "
7861 "will also be sent to each process in the foreground process group of the "
7862 "controlling terminal."
7865 #. exit.3 refers to the following text:
7867 #: build/C/man2/setpgid.2:317
7869 "If the exit of the process causes a process group to become orphaned, and if "
7870 "any member of the newly orphaned process group is stopped, then a B<SIGHUP> "
7871 "signal followed by a B<SIGCONT> signal will be sent to each process in the "
7872 "newly orphaned process group. An orphaned process group is one in which the "
7873 "parent of every member of process group is either itself also a member of "
7874 "the process group or is a member of a process group in a different session "
7875 "(see also B<credentials>(7))."
7879 #: build/C/man2/setpgid.2:324
7881 "B<getuid>(2), B<setsid>(2), B<tcgetpgrp>(3), B<tcsetpgrp>(3), B<termios>(3), "
7886 #: build/C/man2/setresuid.2:26
7892 #: build/C/man2/setresuid.2:29
7893 msgid "setresuid, setresgid - set real, effective and saved user or group ID"
7897 #: build/C/man2/setresuid.2:35
7898 msgid "B<int setresuid(uid_t >I<ruid>B<, uid_t >I<euid>B<, uid_t >I<suid>B<);>"
7902 #: build/C/man2/setresuid.2:37
7903 msgid "B<int setresgid(gid_t >I<rgid>B<, gid_t >I<egid>B<, gid_t >I<sgid>B<);>"
7907 #: build/C/man2/setresuid.2:41
7909 "B<setresuid>() sets the real user ID, the effective user ID, and the saved "
7910 "set-user-ID of the calling process."
7914 #: build/C/man2/setresuid.2:47
7916 "Unprivileged user processes may change the real UID, effective UID, and "
7917 "saved set-user-ID, each to one of: the current real UID, the current "
7918 "effective UID or the current saved set-user-ID."
7922 #: build/C/man2/setresuid.2:51
7924 "Privileged processes (on Linux, those having the B<CAP_SETUID> capability) "
7925 "may set the real UID, effective UID, and saved set-user-ID to arbitrary "
7930 #: build/C/man2/setresuid.2:53
7931 msgid "If one of the arguments equals -1, the corresponding value is not changed."
7935 #: build/C/man2/setresuid.2:57
7937 "Regardless of what changes are made to the real UID, effective UID, and "
7938 "saved set-user-ID, the file system UID is always set to the same value as "
7939 "the (possibly new) effective UID."
7943 #: build/C/man2/setresuid.2:64
7945 "Completely analogously, B<setresgid>() sets the real GID, effective GID, "
7946 "and saved set-group-ID of the calling process (and always modifies the file "
7947 "system GID to be the same as the effective GID), with the same restrictions "
7948 "for unprivileged processes."
7952 #: build/C/man2/setresuid.2:70 build/C/man2/setuid.2:76
7958 #: build/C/man2/setresuid.2:77
7960 "I<uid> does not match the current UID and this call would bring that user ID "
7961 "over its B<RLIMIT_NPROC> resource limit."
7965 #: build/C/man2/setresuid.2:81
7967 "The calling process is not privileged (did not have the B<CAP_SETUID> "
7968 "capability) and tried to change the IDs to values that are not permitted."
7972 #: build/C/man2/setresuid.2:83
7973 msgid "These calls are available under Linux since Linux 2.1.44."
7977 #: build/C/man2/setresuid.2:90
7979 "Under HP-UX and FreeBSD, the prototype is found in I<E<lt>unistd.hE<gt>>. "
7980 "Under Linux the prototype is provided by glibc since version 2.3.2."
7984 #: build/C/man2/setresuid.2:106
7986 "The original Linux B<setresuid>() and B<setresgid>() system calls "
7987 "supported only 16-bit user and group IDs. Subsequently, Linux 2.4 added "
7988 "B<setresuid32>() and B<setresgid32>(), supporting 32-bit IDs. The glibc "
7989 "B<setresuid>() and B<setresgid>() wrapper functions transparently deal "
7990 "with the variations across kernel versions."
7994 #: build/C/man2/setresuid.2:115
7996 "B<getresuid>(2), B<getuid>(2), B<setfsgid>(2), B<setfsuid>(2), "
7997 "B<setreuid>(2), B<setuid>(2), B<capabilities>(7), B<credentials>(7)"
8001 #: build/C/man2/setreuid.2:45
8007 #: build/C/man2/setreuid.2:48
8008 msgid "setreuid, setregid - set real and/or effective user or group ID"
8012 #: build/C/man2/setreuid.2:54
8013 msgid "B<int setreuid(uid_t >I<ruid>B<, uid_t >I<euid>B<);>"
8017 #: build/C/man2/setreuid.2:56
8018 msgid "B<int setregid(gid_t >I<rgid>B<, gid_t >I<egid>B<);>"
8022 #: build/C/man2/setreuid.2:64
8023 msgid "B<setreuid>(), B<setregid>():"
8027 #: build/C/man2/setreuid.2:68
8029 "_BSD_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 || _XOPEN_SOURCE\\ &&\\ "
8030 "_XOPEN_SOURCE_EXTENDED"
8034 #: build/C/man2/setreuid.2:73
8035 msgid "B<setreuid>() sets real and effective user IDs of the calling process."
8039 #: build/C/man2/setreuid.2:76
8041 "Supplying a value of -1 for either the real or effective user ID forces the "
8042 "system to leave that ID unchanged."
8046 #: build/C/man2/setreuid.2:79
8048 "Unprivileged processes may only set the effective user ID to the real user "
8049 "ID, the effective user ID, or the saved set-user-ID."
8053 #: build/C/man2/setreuid.2:82
8055 "Unprivileged users may only set the real user ID to the real user ID or the "
8056 "effective user ID."
8060 #: build/C/man2/setreuid.2:86
8062 "If the real user ID is set or the effective user ID is set to a value not "
8063 "equal to the previous real user ID, the saved set-user-ID will be set to the "
8064 "new effective user ID."
8068 #: build/C/man2/setreuid.2:91
8070 "Completely analogously, B<setregid>() sets real and effective group ID's of "
8071 "the calling process, and all of the above holds with \"group\" instead of "
8076 #: build/C/man2/setreuid.2:113
8078 "The calling process is not privileged (Linux: does not have the "
8079 "B<CAP_SETUID> capability in the case of B<setreuid>(), or the B<CAP_SETGID> "
8080 "capability in the case of B<setregid>()) and a change other than (i) "
8081 "swapping the effective user (group) ID with the real user (group) ID, or "
8082 "(ii) setting one to the value of the other or (iii) setting the effective "
8083 "user (group) ID to the value of the saved set-user-ID (saved set-group-ID) "
8088 #: build/C/man2/setreuid.2:119
8090 "POSIX.1-2001, 4.3BSD (the B<setreuid>() and B<setregid>() function calls "
8091 "first appeared in 4.2BSD)."
8095 #: build/C/man2/setreuid.2:123
8097 "Setting the effective user (group) ID to the saved set-user-ID (saved "
8098 "set-group-ID) is possible since Linux 1.1.37 (1.1.38)."
8102 #: build/C/man2/setreuid.2:140
8104 "POSIX.1 does not specify all of possible ID changes that are permitted on "
8105 "Linux for an unprivileged process. For B<setreuid>(), the effective user ID "
8106 "can be made the same as the real user ID or the save set-user-ID, and it is "
8107 "unspecified whether unprivileged processes may set the real user ID to the "
8108 "real user ID, the effective user ID, or the saved set-user-ID. For "
8109 "B<setregid>(), the real group ID can be changed to the value of the saved "
8110 "set-group-ID, and the effective group ID can be changed to the value of the "
8111 "real group ID or the saved set-group-ID. The precise details of what ID "
8112 "changes are permitted vary across implementations."
8116 #: build/C/man2/setreuid.2:143
8118 "POSIX.1 makes no specification about the effect of these calls on the saved "
8119 "set-user-ID and saved set-group-ID."
8123 #: build/C/man2/setreuid.2:159
8125 "The original Linux B<setreuid>() and B<setregid>() system calls supported "
8126 "only 16-bit user and group IDs. Subsequently, Linux 2.4 added "
8127 "B<setreuid32>() and B<setregid32>(), supporting 32-bit IDs. The glibc "
8128 "B<setreuid>() and B<setregid>() wrapper functions transparently deal with "
8129 "the variations across kernel versions."
8133 #: build/C/man2/setreuid.2:167
8135 "B<getgid>(2), B<getuid>(2), B<seteuid>(2), B<setgid>(2), B<setresuid>(2), "
8136 "B<setuid>(2), B<capabilities>(7)"
8140 #: build/C/man2/setsid.2:30
8146 #: build/C/man2/setsid.2:33
8147 msgid "setsid - creates a session and sets the process group ID"
8151 #: build/C/man2/setsid.2:38
8152 msgid "B<pid_t setsid(void);>"
8156 #: build/C/man2/setsid.2:51
8158 "B<setsid>() creates a new session if the calling process is not a process "
8159 "group leader. The calling process is the leader of the new session, the "
8160 "process group leader of the new process group, and has no controlling "
8161 "terminal. The process group ID and session ID of the calling process are "
8162 "set to the PID of the calling process. The calling process will be the only "
8163 "process in this new process group and in this new session."
8167 #: build/C/man2/setsid.2:58
8169 "On success, the (new) session ID of the calling process is returned. On "
8170 "error, I<(pid_t)\\ -1> is returned, and I<errno> is set to indicate the "
8175 #: build/C/man2/setsid.2:65
8177 "The process group ID of any process equals the PID of the calling process. "
8178 "Thus, in particular, B<setsid>() fails if the calling process is already a "
8179 "process group leader."
8183 #: build/C/man2/setsid.2:73
8185 "A child created via B<fork>(2) inherits its parent's session ID. The "
8186 "session ID is preserved across an B<execve>(2)."
8190 #: build/C/man2/setsid.2:84
8192 "A process group leader is a process with process group ID equal to its PID. "
8193 "In order to be sure that B<setsid>() will succeed, B<fork>(2) and "
8194 "B<_exit>(2), and have the child do B<setsid>()."
8198 #: build/C/man2/setsid.2:91
8200 "B<setsid>(1), B<getsid>(2), B<setpgid>(2), B<setpgrp>(2), B<tcgetsid>(3), "
8205 #: build/C/man2/setuid.2:30
8211 #: build/C/man2/setuid.2:33
8212 msgid "setuid - set user identity"
8216 #: build/C/man2/setuid.2:39
8217 msgid "B<int setuid(uid_t >I<uid>B<);>"
8221 #: build/C/man2/setuid.2:44
8223 "B<setuid>() sets the effective user ID of the calling process. If the "
8224 "effective UID of the caller is root, the real UID and saved set-user-ID are "
8229 #: build/C/man2/setuid.2:53
8231 "Under Linux, B<setuid>() is implemented like the POSIX version with the "
8232 "B<_POSIX_SAVED_IDS> feature. This allows a set-user-ID (other than root) "
8233 "program to drop all of its user privileges, do some un-privileged work, and "
8234 "then reengage the original effective user ID in a secure manner."
8238 #: build/C/man2/setuid.2:63
8240 "If the user is root or the program is set-user-ID-root, special care must be "
8241 "taken. The B<setuid>() function checks the effective user ID of the caller "
8242 "and if it is the superuser, all process-related user ID's are set to "
8243 "I<uid>. After this has occurred, it is impossible for the program to regain "
8248 #: build/C/man2/setuid.2:70
8250 "Thus, a set-user-ID-root program wishing to temporarily drop root "
8251 "privileges, assume the identity of an unprivileged user, and then regain "
8252 "root privileges afterward cannot use B<setuid>(). You can accomplish this "
8253 "with B<seteuid>(2)."
8257 #: build/C/man2/setuid.2:85
8259 "The I<uid> does not match the current uid and I<uid> brings process over its "
8260 "B<RLIMIT_NPROC> resource limit."
8264 #: build/C/man2/setuid.2:92
8266 "The user is not privileged (Linux: does not have the B<CAP_SETUID> "
8267 "capability) and I<uid> does not match the real UID or saved set-user-ID of "
8268 "the calling process."
8271 #. SVr4 documents an additional EINVAL error condition.
8273 #: build/C/man2/setuid.2:97
8275 "SVr4, POSIX.1-2001. Not quite compatible with the 4.4BSD call, which sets "
8276 "all of the real, saved, and effective user IDs."
8280 #: build/C/man2/setuid.2:105
8282 "Linux has the concept of the file system user ID, normally equal to the "
8283 "effective user ID. The B<setuid>() call also sets the file system user ID "
8284 "of the calling process. See B<setfsuid>(2)."
8288 #: build/C/man2/setuid.2:110
8290 "If I<uid> is different from the old effective UID, the process will be "
8291 "forbidden from leaving core dumps."
8295 #: build/C/man2/setuid.2:120
8297 "The original Linux B<setuid>() system call supported only 16-bit user IDs. "
8298 "Subsequently, Linux 2.4 added B<setuid32>() supporting 32-bit IDs. The "
8299 "glibc B<setuid>() wrapper function transparently deals with the variation "
8300 "across kernel versions."
8304 #: build/C/man2/setuid.2:127
8306 "B<getuid>(2), B<seteuid>(2), B<setfsuid>(2), B<setreuid>(2), "
8307 "B<capabilities>(7), B<credentials>(7)"
8311 #: build/C/man7/svipc.7:40
8317 #: build/C/man7/svipc.7:43
8318 msgid "svipc - System V interprocess communication mechanisms"
8322 #: build/C/man7/svipc.7:48
8325 "B<#include E<lt>sys/msg.hE<gt>>\n"
8326 "B<#include E<lt>sys/sem.hE<gt>>\n"
8327 "B<#include E<lt>sys/shm.hE<gt>>\n"
8331 #: build/C/man7/svipc.7:56
8333 "This manual page refers to the Linux implementation of the System V "
8334 "interprocess communication (IPC) mechanisms: message queues, semaphore sets, "
8335 "and shared memory segments. In the following, the word I<resource> means an "
8336 "instantiation of one among such mechanisms."
8340 #: build/C/man7/svipc.7:56
8342 msgid "Resource access permissions"
8346 #: build/C/man7/svipc.7:64
8348 "For each resource, the system uses a common structure of type I<struct "
8349 "ipc_perm> to store information needed in determining permissions to perform "
8350 "an IPC operation. The I<ipc_perm> structure includes the following members:"
8354 #: build/C/man7/svipc.7:74
8357 "struct ipc_perm {\n"
8358 " uid_t cuid; /* creator user ID */\n"
8359 " gid_t cgid; /* creator group ID */\n"
8360 " uid_t uid; /* owner user ID */\n"
8361 " gid_t gid; /* owner group ID */\n"
8362 " unsigned short mode; /* r/w permissions */\n"
8367 #: build/C/man7/svipc.7:84
8369 "The I<mode> member of the I<ipc_perm> structure defines, with its lower 9 "
8370 "bits, the access permissions to the resource for a process executing an IPC "
8371 "system call. The permissions are interpreted as follows:"
8375 #: build/C/man7/svipc.7:88
8378 " 0400 Read by user.\n"
8379 " 0200 Write by user.\n"
8383 #: build/C/man7/svipc.7:91
8386 " 0040 Read by group.\n"
8387 " 0020 Write by group.\n"
8391 #: build/C/man7/svipc.7:94
8394 " 0004 Read by others.\n"
8395 " 0002 Write by others.\n"
8399 #: build/C/man7/svipc.7:102
8401 "Bits 0100, 0010, and 0001 (the execute bits) are unused by the system. "
8402 "Furthermore, \"write\" effectively means \"alter\" for a semaphore set."
8406 #: build/C/man7/svipc.7:105
8407 msgid "The same system header file also defines the following symbolic constants:"
8411 #: build/C/man7/svipc.7:105
8413 msgid "B<IPC_CREAT>"
8417 #: build/C/man7/svipc.7:108
8418 msgid "Create entry if key doesn't exist."
8422 #: build/C/man7/svipc.7:108
8428 #: build/C/man7/svipc.7:111
8429 msgid "Fail if key exists."
8433 #: build/C/man7/svipc.7:111
8435 msgid "B<IPC_NOWAIT>"
8439 #: build/C/man7/svipc.7:114
8440 msgid "Error if request must wait."
8444 #: build/C/man7/svipc.7:114
8446 msgid "B<IPC_PRIVATE>"
8450 #: build/C/man7/svipc.7:117
8451 msgid "Private key."
8455 #: build/C/man7/svipc.7:117
8461 #: build/C/man7/svipc.7:120
8462 msgid "Remove resource."
8466 #: build/C/man7/svipc.7:120
8472 #: build/C/man7/svipc.7:123
8473 msgid "Set resource options."
8477 #: build/C/man7/svipc.7:123
8483 #: build/C/man7/svipc.7:126
8484 msgid "Get resource options."
8488 #: build/C/man7/svipc.7:135
8490 "Note that B<IPC_PRIVATE> is a I<key_t> type, while all the other symbolic "
8491 "constants are flag fields and can be OR'ed into an I<int> type variable."
8495 #: build/C/man7/svipc.7:135
8497 msgid "Message queues"
8501 #: build/C/man7/svipc.7:143
8503 "A message queue is uniquely identified by a positive integer (its I<msqid>) "
8504 "and has an associated data structure of type I<struct msqid_ds>, defined in "
8505 "I<E<lt>sys/msg.hE<gt>>, containing the following members:"
8509 #: build/C/man7/svipc.7:156
8512 "struct msqid_ds {\n"
8513 " struct ipc_perm msg_perm;\n"
8514 " msgqnum_t msg_qnum; /* no of messages on queue */\n"
8515 " msglen_t msg_qbytes; /* bytes max on a queue */\n"
8516 " pid_t msg_lspid; /* PID of last msgsnd(2) call */\n"
8517 " pid_t msg_lrpid; /* PID of last msgrcv(2) call */\n"
8518 " time_t msg_stime; /* last msgsnd(2) time */\n"
8519 " time_t msg_rtime; /* last msgrcv(2) time */\n"
8520 " time_t msg_ctime; /* last change time */\n"
8525 #: build/C/man7/svipc.7:158
8531 #: build/C/man7/svipc.7:163
8533 "I<ipc_perm> structure that specifies the access permissions on the message "
8538 #: build/C/man7/svipc.7:163
8544 #: build/C/man7/svipc.7:166
8545 msgid "Number of messages currently on the message queue."
8549 #: build/C/man7/svipc.7:166
8551 msgid "I<msg_qbytes>"
8555 #: build/C/man7/svipc.7:170
8556 msgid "Maximum number of bytes of message text allowed on the message queue."
8560 #: build/C/man7/svipc.7:170
8562 msgid "I<msg_lspid>"
8566 #: build/C/man7/svipc.7:175
8567 msgid "ID of the process that performed the last B<msgsnd>(2) system call."
8571 #: build/C/man7/svipc.7:175
8573 msgid "I<msg_lrpid>"
8577 #: build/C/man7/svipc.7:180
8578 msgid "ID of the process that performed the last B<msgrcv>(2) system call."
8582 #: build/C/man7/svipc.7:180
8584 msgid "I<msg_stime>"
8588 #: build/C/man7/svipc.7:185
8589 msgid "Time of the last B<msgsnd>(2) system call."
8593 #: build/C/man7/svipc.7:185
8595 msgid "I<msg_rtime>"
8599 #: build/C/man7/svipc.7:190
8600 msgid "Time of the last B<msgrcv>(2) system call."
8604 #: build/C/man7/svipc.7:190
8606 msgid "I<msg_ctime>"
8610 #: build/C/man7/svipc.7:196
8612 "Time of the last system call that changed a member of the I<msqid_ds> "
8617 #: build/C/man7/svipc.7:196
8619 msgid "Semaphore sets"
8623 #: build/C/man7/svipc.7:204
8625 "A semaphore set is uniquely identified by a positive integer (its I<semid>) "
8626 "and has an associated data structure of type I<struct semid_ds>, defined in "
8627 "I<E<lt>sys/sem.hE<gt>>, containing the following members:"
8631 #: build/C/man7/svipc.7:213
8634 "struct semid_ds {\n"
8635 " struct ipc_perm sem_perm;\n"
8636 " time_t sem_otime; /* last operation time */\n"
8637 " time_t sem_ctime; /* last change time */\n"
8638 " unsigned long sem_nsems; /* count of sems in set */\n"
8643 #: build/C/man7/svipc.7:215
8649 #: build/C/man7/svipc.7:220
8651 "I<ipc_perm> structure that specifies the access permissions on the semaphore "
8656 #: build/C/man7/svipc.7:220
8658 msgid "I<sem_otime>"
8662 #: build/C/man7/svipc.7:225
8663 msgid "Time of last B<semop>(2) system call."
8667 #: build/C/man7/svipc.7:225
8669 msgid "I<sem_ctime>"
8673 #: build/C/man7/svipc.7:231
8675 "Time of last B<semctl>(2) system call that changed a member of the above "
8676 "structure or of one semaphore belonging to the set."
8680 #: build/C/man7/svipc.7:231
8682 msgid "I<sem_nsems>"
8686 #: build/C/man7/svipc.7:239
8688 "Number of semaphores in the set. Each semaphore of the set is referenced by "
8689 "a nonnegative integer ranging from B<0> to I<sem_nsems-1>."
8693 #: build/C/man7/svipc.7:243
8695 "A semaphore is a data structure of type I<struct sem> containing the "
8696 "following members:"
8699 #. unsigned short semncnt; /* nr awaiting semval to increase */
8700 #. unsigned short semzcnt; /* nr awaiting semval = 0 */
8702 #: build/C/man7/svipc.7:252
8706 " int semval; /* semaphore value */\n"
8707 " int sempid; /* PID for last operation */\n"
8712 #: build/C/man7/svipc.7:254
8718 #: build/C/man7/svipc.7:257
8719 msgid "Semaphore value: a nonnegative integer."
8723 #: build/C/man7/svipc.7:257
8730 #. Number of processes suspended awaiting for
8735 #. Number of processes suspended awaiting for
8739 #: build/C/man7/svipc.7:271
8741 "ID of the last process that performed a semaphore operation on this "
8746 #: build/C/man7/svipc.7:271
8748 msgid "Shared memory segments"
8752 #: build/C/man7/svipc.7:279
8754 "A shared memory segment is uniquely identified by a positive integer (its "
8755 "I<shmid>) and has an associated data structure of type I<struct shmid_ds>, "
8756 "defined in I<E<lt>sys/shm.hE<gt>>, containing the following members:"
8760 #: build/C/man7/svipc.7:292
8763 "struct shmid_ds {\n"
8764 " struct ipc_perm shm_perm;\n"
8765 " size_t shm_segsz; /* size of segment */\n"
8766 " pid_t shm_cpid; /* PID of creator */\n"
8767 " pid_t shm_lpid; /* PID, last operation */\n"
8768 " shmatt_t shm_nattch; /* no. of current attaches */\n"
8769 " time_t shm_atime; /* time of last attach */\n"
8770 " time_t shm_dtime; /* time of last detach */\n"
8771 " time_t shm_ctime; /* time of last change */\n"
8776 #: build/C/man7/svipc.7:294
8782 #: build/C/man7/svipc.7:299
8784 "I<ipc_perm> structure that specifies the access permissions on the shared "
8789 #: build/C/man7/svipc.7:299
8791 msgid "I<shm_segsz>"
8795 #: build/C/man7/svipc.7:302
8796 msgid "Size in bytes of the shared memory segment."
8800 #: build/C/man7/svipc.7:302
8806 #: build/C/man7/svipc.7:305
8807 msgid "ID of the process that created the shared memory segment."
8811 #: build/C/man7/svipc.7:305
8817 #: build/C/man7/svipc.7:312
8819 "ID of the last process that executed a B<shmat>(2) or B<shmdt>(2) system "
8824 #: build/C/man7/svipc.7:312
8826 msgid "I<shm_nattch>"
8830 #: build/C/man7/svipc.7:315
8831 msgid "Number of current alive attaches for this shared memory segment."
8835 #: build/C/man7/svipc.7:315
8837 msgid "I<shm_atime>"
8841 #: build/C/man7/svipc.7:320
8842 msgid "Time of the last B<shmat>(2) system call."
8846 #: build/C/man7/svipc.7:320
8848 msgid "I<shm_dtime>"
8852 #: build/C/man7/svipc.7:325
8853 msgid "Time of the last B<shmdt>(2) system call."
8857 #: build/C/man7/svipc.7:325
8859 msgid "I<shm_ctime>"
8863 #: build/C/man7/svipc.7:331
8864 msgid "Time of the last B<shmctl>(2) system call that changed I<shmid_ds>."
8868 #: build/C/man7/svipc.7:348
8870 "B<ipcmk>(1), B<ipcrm>(1), B<ipcs>(1), B<ipc>(2), B<msgctl>(2), B<msgget>(2), "
8871 "B<msgrcv>(2), B<msgsnd>(2), B<semctl>(2), B<semget>(2), B<semop>(2), "
8872 "B<shmat>(2), B<shmctl>(2), B<shmdt>(2), B<shmget>(2), B<ftok>(3)"
8876 #: build/C/man3/ulimit.3:27
8882 #: build/C/man3/ulimit.3:27
8888 #: build/C/man3/ulimit.3:30
8889 msgid "ulimit - get and set user limits"
8893 #: build/C/man3/ulimit.3:32
8894 msgid "B<#include E<lt>ulimit.hE<gt>>"
8898 #: build/C/man3/ulimit.3:34
8899 msgid "B<long ulimit(int >I<cmd>B<, long >I<newlimit>B<);>"
8903 #: build/C/man3/ulimit.3:46
8905 "Warning: This routine is obsolete. Use B<getrlimit>(2), B<setrlimit>(2), "
8906 "and B<sysconf>(3) instead. For the shell command B<ulimit>(), see "
8911 #: build/C/man3/ulimit.3:53
8913 "The B<ulimit>() call will get or set some limit for the calling process. "
8914 "The I<cmd> argument can have one of the following values."
8918 #: build/C/man3/ulimit.3:53
8920 msgid "B<UL_GETFSIZE>"
8924 #: build/C/man3/ulimit.3:56
8925 msgid "Return the limit on the size of a file, in units of 512 bytes."
8929 #: build/C/man3/ulimit.3:56
8931 msgid "B<UL_SETFSIZE>"
8935 #: build/C/man3/ulimit.3:59
8936 msgid "Set the limit on the size of a file."
8940 #: build/C/man3/ulimit.3:59
8946 #: build/C/man3/ulimit.3:63
8948 "(Not implemented for Linux.) Return the maximum possible address of the "
8953 #: build/C/man3/ulimit.3:63
8959 #: build/C/man3/ulimit.3:67
8961 "(Implemented but no symbolic constant provided.) Return the maximum number "
8962 "of files that the calling process can open."
8966 #: build/C/man3/ulimit.3:74
8968 "On success, B<ulimit>() returns a nonnegative value. On error, -1 is "
8969 "returned, and I<errno> is set appropriately."
8973 #: build/C/man3/ulimit.3:78
8974 msgid "A unprivileged process tried to increase a limit."
8978 #: build/C/man3/ulimit.3:83
8979 msgid "SVr4, POSIX.1-2001. POSIX.1-2008 marks B<ulimit>() as obsolete."
8983 #: build/C/man3/ulimit.3:88
8984 msgid "B<bash>(1), B<getrlimit>(2), B<setrlimit>(2), B<sysconf>(3)"