1 # SOME DESCRIPTIVE TITLE
2 # Copyright (C) YEAR Free Software Foundation, Inc.
3 # This file is distributed under the same license as the PACKAGE package.
4 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
9 "Project-Id-Version: PACKAGE VERSION\n"
10 "POT-Creation-Date: 2012-04-25 05:36+0900\n"
11 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
12 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13 "Language-Team: LANGUAGE <LL@li.org>\n"
16 "Content-Type: text/plain; charset=UTF-8\n"
17 "Content-Transfer-Encoding: 8bit\n"
20 #: build/C/man2/acct.2:32 build/C/man5/acct.5:23
26 #: build/C/man2/acct.2:32
32 #: build/C/man2/acct.2:32 build/C/man5/acct.5:23 build/C/man7/capabilities.7:46 build/C/man2/capget.2:11 build/C/man7/cpuset.7:24 build/C/man7/credentials.7:25 build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getpid.2:23 build/C/man2/getpriority.2:46 build/C/man2/getresuid.2:27 build/C/man2/getrlimit.2:64 build/C/man2/getrusage.2:39 build/C/man2/getsid.2:25 build/C/man2/getuid.2:26 build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:25 build/C/man2/ipc.2:26 build/C/man2/seteuid.2:27 build/C/man2/setfsgid.2:29 build/C/man2/setfsuid.2:29 build/C/man2/setgid.2:27 build/C/man2/setpgid.2:46 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:43 build/C/man2/setsid.2:29 build/C/man2/setuid.2:28 build/C/man7/svipc.7:25 build/C/man3/ulimit.3:27
38 #: build/C/man2/acct.2:32 build/C/man5/acct.5:23 build/C/man7/capabilities.7:46 build/C/man2/capget.2:11 build/C/man7/cpuset.7:24 build/C/man7/credentials.7:25 build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getpid.2:23 build/C/man2/getpriority.2:46 build/C/man2/getresuid.2:27 build/C/man2/getrlimit.2:64 build/C/man2/getrusage.2:39 build/C/man2/getsid.2:25 build/C/man2/getuid.2:26 build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:25 build/C/man2/ipc.2:26 build/C/man2/seteuid.2:27 build/C/man2/setfsgid.2:29 build/C/man2/setfsuid.2:29 build/C/man2/setgid.2:27 build/C/man2/setpgid.2:46 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:43 build/C/man2/setsid.2:29 build/C/man2/setuid.2:28 build/C/man7/svipc.7:25 build/C/man3/ulimit.3:27
40 msgid "Linux Programmer's Manual"
44 #: build/C/man2/acct.2:33 build/C/man5/acct.5:24 build/C/man7/capabilities.7:47 build/C/man2/capget.2:12 build/C/man7/cpuset.7:25 build/C/man7/credentials.7:26 build/C/man2/getgid.2:26 build/C/man2/getgroups.2:32 build/C/man2/getpid.2:24 build/C/man2/getpriority.2:47 build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:65 build/C/man2/getrusage.2:40 build/C/man2/getsid.2:26 build/C/man2/getuid.2:27 build/C/man2/iopl.2:34 build/C/man2/ioprio_set.2:26 build/C/man2/ipc.2:27 build/C/man2/seteuid.2:28 build/C/man2/setfsgid.2:30 build/C/man2/setfsuid.2:30 build/C/man2/setgid.2:28 build/C/man2/setpgid.2:47 build/C/man2/setresuid.2:27 build/C/man2/setreuid.2:44 build/C/man2/setsid.2:30 build/C/man2/setuid.2:29 build/C/man7/svipc.7:26 build/C/man3/ulimit.3:28
50 #: build/C/man2/acct.2:35
51 msgid "acct - switch process accounting on or off"
55 #: build/C/man2/acct.2:35 build/C/man5/acct.5:26 build/C/man2/capget.2:14 build/C/man2/getgid.2:28 build/C/man2/getgroups.2:34 build/C/man2/getpid.2:26 build/C/man2/getpriority.2:49 build/C/man2/getresuid.2:30 build/C/man2/getrlimit.2:67 build/C/man2/getrusage.2:42 build/C/man2/getsid.2:28 build/C/man2/getuid.2:29 build/C/man2/iopl.2:36 build/C/man2/ioprio_set.2:28 build/C/man2/ipc.2:29 build/C/man2/seteuid.2:30 build/C/man2/setfsgid.2:32 build/C/man2/setfsuid.2:32 build/C/man2/setgid.2:30 build/C/man2/setpgid.2:49 build/C/man2/setresuid.2:29 build/C/man2/setreuid.2:46 build/C/man2/setsid.2:32 build/C/man2/setuid.2:31 build/C/man7/svipc.7:28 build/C/man3/ulimit.3:30
61 #: build/C/man2/acct.2:39
63 msgid "B<#include E<lt>unistd.hE<gt>>\n"
67 #: build/C/man2/acct.2:41
69 msgid "B<int acct(const char *>I<filename>B<);>\n"
73 #: build/C/man2/acct.2:47 build/C/man2/getgroups.2:48 build/C/man2/getrlimit.2:84 build/C/man2/getsid.2:36 build/C/man2/seteuid.2:42 build/C/man2/setpgid.2:69 build/C/man2/setreuid.2:58
74 msgid "Feature Test Macro Requirements for glibc (see B<feature_test_macros>(7)):"
78 #: build/C/man2/acct.2:51
79 msgid "B<acct>(): _BSD_SOURCE || (_XOPEN_SOURCE && _XOPEN_SOURCE\\ E<lt>\\ 500)"
83 #: build/C/man2/acct.2:51 build/C/man5/acct.5:28 build/C/man7/capabilities.7:49 build/C/man2/capget.2:20 build/C/man7/cpuset.7:27 build/C/man7/credentials.7:28 build/C/man2/getgid.2:36 build/C/man2/getgroups.2:52 build/C/man2/getpid.2:34 build/C/man2/getpriority.2:57 build/C/man2/getresuid.2:38 build/C/man2/getrlimit.2:88 build/C/man2/getrusage.2:48 build/C/man2/getsid.2:49 build/C/man2/getuid.2:37 build/C/man2/iopl.2:40 build/C/man2/ioprio_set.2:33 build/C/man2/ipc.2:35 build/C/man2/seteuid.2:51 build/C/man2/setfsgid.2:37 build/C/man2/setfsuid.2:37 build/C/man2/setgid.2:36 build/C/man2/setpgid.2:96 build/C/man2/setresuid.2:37 build/C/man2/setreuid.2:68 build/C/man2/setsid.2:39 build/C/man2/setuid.2:37 build/C/man7/svipc.7:36 build/C/man3/ulimit.3:34
89 #: build/C/man2/acct.2:60
91 "The B<acct>() system call enables or disables process accounting. If "
92 "called with the name of an existing file as its argument, accounting is "
93 "turned on, and records for each terminating process are appended to "
94 "I<filename> as it terminates. An argument of NULL causes accounting to be "
99 #: build/C/man2/acct.2:60 build/C/man2/capget.2:152 build/C/man2/getgroups.2:92 build/C/man2/getpriority.2:105 build/C/man2/getresuid.2:49 build/C/man2/getrlimit.2:430 build/C/man2/getrusage.2:180 build/C/man2/getsid.2:57 build/C/man2/iopl.2:65 build/C/man2/ioprio_set.2:139 build/C/man2/seteuid.2:65 build/C/man2/setfsgid.2:67 build/C/man2/setfsuid.2:67 build/C/man2/setgid.2:51 build/C/man2/setpgid.2:170 build/C/man2/setresuid.2:64 build/C/man2/setreuid.2:89 build/C/man2/setsid.2:50 build/C/man2/setuid.2:68 build/C/man3/ulimit.3:67
105 #: build/C/man2/acct.2:65 build/C/man2/capget.2:157 build/C/man2/getresuid.2:54 build/C/man2/getrusage.2:185 build/C/man2/iopl.2:70 build/C/man2/seteuid.2:70 build/C/man2/setgid.2:56 build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:94 build/C/man2/setuid.2:73
107 "On success, zero is returned. On error, -1 is returned, and I<errno> is set "
112 #: build/C/man2/acct.2:65 build/C/man2/capget.2:171 build/C/man7/cpuset.7:1099 build/C/man2/getgid.2:42 build/C/man2/getgroups.2:106 build/C/man2/getpid.2:42 build/C/man2/getpriority.2:118 build/C/man2/getresuid.2:54 build/C/man2/getrlimit.2:435 build/C/man2/getrusage.2:185 build/C/man2/getsid.2:62 build/C/man2/getuid.2:43 build/C/man2/iopl.2:70 build/C/man2/ioprio_set.2:159 build/C/man2/seteuid.2:70 build/C/man2/setgid.2:56 build/C/man2/setpgid.2:191 build/C/man2/setresuid.2:69 build/C/man2/setreuid.2:94 build/C/man2/setsid.2:57 build/C/man2/setuid.2:73 build/C/man3/ulimit.3:74
118 #: build/C/man2/acct.2:66 build/C/man7/cpuset.7:1115 build/C/man7/cpuset.7:1122 build/C/man7/cpuset.7:1128 build/C/man7/cpuset.7:1136 build/C/man7/cpuset.7:1143 build/C/man2/getpriority.2:138 build/C/man2/setpgid.2:192
124 #: build/C/man2/acct.2:77
126 "Write permission is denied for the specified file, or search permission is "
127 "denied for one of the directories in the path prefix of I<filename> (see "
128 "also B<path_resolution>(7)), or I<filename> is not a regular file."
132 #: build/C/man2/acct.2:77 build/C/man2/capget.2:172 build/C/man7/cpuset.7:1171 build/C/man2/getgroups.2:107 build/C/man2/getresuid.2:55 build/C/man2/getrlimit.2:436 build/C/man2/getrusage.2:186
138 #: build/C/man2/acct.2:81
139 msgid "I<filename> points outside your accessible address space."
143 #: build/C/man2/acct.2:81 build/C/man7/cpuset.7:1237 build/C/man7/cpuset.7:1245
149 #: build/C/man2/acct.2:85
150 msgid "Error writing to the file I<filename>."
154 #: build/C/man2/acct.2:85
160 #: build/C/man2/acct.2:89
161 msgid "I<filename> is a directory."
165 #: build/C/man2/acct.2:89
171 #: build/C/man2/acct.2:93
172 msgid "Too many symbolic links were encountered in resolving I<filename>."
176 #: build/C/man2/acct.2:93 build/C/man7/cpuset.7:1250 build/C/man7/cpuset.7:1257 build/C/man7/cpuset.7:1262
178 msgid "B<ENAMETOOLONG>"
182 #: build/C/man2/acct.2:97
183 msgid "I<filename> was too long."
187 #: build/C/man2/acct.2:97
193 #: build/C/man2/acct.2:100
194 msgid "The system limit on the total number of open files has been reached."
198 #: build/C/man2/acct.2:100 build/C/man7/cpuset.7:1274 build/C/man7/cpuset.7:1279
204 #: build/C/man2/acct.2:103
205 msgid "The specified filename does not exist."
209 #: build/C/man2/acct.2:103 build/C/man7/cpuset.7:1286 build/C/man2/getgroups.2:127
215 #: build/C/man2/acct.2:106 build/C/man2/getgroups.2:130
216 msgid "Out of memory."
220 #: build/C/man2/acct.2:106 build/C/man2/iopl.2:75
226 #: build/C/man2/acct.2:112
228 "BSD process accounting has not been enabled when the operating system kernel "
229 "was compiled. The kernel configuration parameter controlling this feature "
230 "is B<CONFIG_BSD_PROCESS_ACCT>."
234 #: build/C/man2/acct.2:112 build/C/man7/cpuset.7:1313
240 #: build/C/man2/acct.2:117
241 msgid "A component used as a directory in I<filename> is not in fact a directory."
245 #: build/C/man2/acct.2:117 build/C/man2/capget.2:183 build/C/man2/capget.2:188 build/C/man7/cpuset.7:1318 build/C/man2/getgroups.2:130 build/C/man2/getpriority.2:150 build/C/man2/getrlimit.2:452 build/C/man2/getsid.2:63 build/C/man2/iopl.2:78 build/C/man2/ioprio_set.2:169 build/C/man2/seteuid.2:73 build/C/man2/setgid.2:57 build/C/man2/setpgid.2:206 build/C/man2/setresuid.2:77 build/C/man2/setreuid.2:95 build/C/man2/setsid.2:58 build/C/man2/setuid.2:83 build/C/man3/ulimit.3:75
251 #: build/C/man2/acct.2:123
253 "The calling process has insufficient privilege to enable process "
254 "accounting. On Linux the B<CAP_SYS_PACCT> capability is required."
258 #: build/C/man2/acct.2:123
264 #: build/C/man2/acct.2:127
265 msgid "I<filename> refers to a file on a read-only file system."
269 #: build/C/man2/acct.2:127
275 #: build/C/man2/acct.2:130
276 msgid "There are no more free file structures or we ran out of memory."
280 #: build/C/man2/acct.2:130 build/C/man5/acct.5:152 build/C/man7/capabilities.7:1002 build/C/man2/capget.2:210 build/C/man7/credentials.7:232 build/C/man2/getgid.2:44 build/C/man2/getgroups.2:133 build/C/man2/getpid.2:44 build/C/man2/getpriority.2:158 build/C/man2/getresuid.2:66 build/C/man2/getrlimit.2:473 build/C/man2/getrusage.2:194 build/C/man2/getsid.2:78 build/C/man2/getuid.2:45 build/C/man2/iopl.2:85 build/C/man2/ioprio_set.2:186 build/C/man2/ipc.2:46 build/C/man2/seteuid.2:89 build/C/man2/setfsgid.2:78 build/C/man2/setfsuid.2:78 build/C/man2/setgid.2:74 build/C/man2/setpgid.2:225 build/C/man2/setresuid.2:83 build/C/man2/setreuid.2:111 build/C/man2/setsid.2:64 build/C/man2/setuid.2:90 build/C/man3/ulimit.3:78
282 msgid "CONFORMING TO"
285 #. SVr4 documents an EBUSY error condition, but no EISDIR or ENOSYS.
286 #. Also AIX and HP-UX document EBUSY (attempt is made
287 #. to enable accounting when it is already enabled), as does Solaris
288 #. (attempt is made to enable accounting using the same file that is
289 #. currently being used).
291 #: build/C/man2/acct.2:137
292 msgid "SVr4, 4.3BSD (but not POSIX)."
296 #: build/C/man2/acct.2:137 build/C/man5/acct.5:156 build/C/man7/capabilities.7:1007 build/C/man2/capget.2:212 build/C/man7/cpuset.7:1340 build/C/man7/credentials.7:238 build/C/man2/getgid.2:46 build/C/man2/getgroups.2:141 build/C/man2/getpid.2:46 build/C/man2/getpriority.2:161 build/C/man2/getresuid.2:69 build/C/man2/getrlimit.2:496 build/C/man2/getrusage.2:205 build/C/man2/getsid.2:80 build/C/man2/getuid.2:47 build/C/man2/getuid.2:57 build/C/man2/iopl.2:89 build/C/man2/ioprio_set.2:188 build/C/man2/ipc.2:50 build/C/man2/seteuid.2:91 build/C/man2/setfsgid.2:82 build/C/man2/setfsuid.2:82 build/C/man2/setgid.2:64 build/C/man2/setpgid.2:247 build/C/man2/setresuid.2:86 build/C/man2/setreuid.2:117 build/C/man2/setsid.2:66 build/C/man2/setuid.2:95
302 #: build/C/man2/acct.2:140
304 "No accounting is produced for programs running when a system crash occurs. "
305 "In particular, nonterminating processes are never accounted for."
309 #: build/C/man2/acct.2:143
311 "The structure of the records written to the accounting file is described in "
316 #: build/C/man2/acct.2:143 build/C/man5/acct.5:173 build/C/man7/capabilities.7:1055 build/C/man2/capget.2:219 build/C/man7/cpuset.7:1487 build/C/man7/credentials.7:250 build/C/man2/getgid.2:62 build/C/man2/getgroups.2:171 build/C/man2/getpid.2:98 build/C/man2/getpriority.2:223 build/C/man2/getresuid.2:85 build/C/man2/getrlimit.2:620 build/C/man2/getrusage.2:245 build/C/man2/getsid.2:83 build/C/man2/getuid.2:73 build/C/man2/iopl.2:98 build/C/man2/ioprio_set.2:317 build/C/man2/ipc.2:58 build/C/man2/seteuid.2:117 build/C/man2/setfsgid.2:110 build/C/man2/setfsuid.2:110 build/C/man2/setgid.2:76 build/C/man2/setpgid.2:315 build/C/man2/setresuid.2:106 build/C/man2/setreuid.2:157 build/C/man2/setsid.2:83 build/C/man2/setuid.2:118 build/C/man7/svipc.7:320 build/C/man3/ulimit.3:83
322 #: build/C/man2/acct.2:144
327 #: build/C/man5/acct.5:23
333 #: build/C/man5/acct.5:26
334 msgid "acct - process accounting file"
338 #: build/C/man5/acct.5:28
339 msgid "B<#include E<lt>sys/acct.hE<gt>>"
343 #: build/C/man5/acct.5:34
345 "If the kernel is built with the process accounting option enabled "
346 "(B<CONFIG_BSD_PROCESS_ACCT>), then calling B<acct>(2) starts process "
347 "accounting, for example:"
351 #: build/C/man5/acct.5:37
352 msgid "acct(\"/var/log/pacct\");"
356 #: build/C/man5/acct.5:45
358 "When process accounting is enabled, the kernel writes a record to the "
359 "accounting file as each process on the system terminates. This record "
360 "contains information about the terminated process, and is defined in "
361 "I<E<lt>sys/acct.hE<gt>> as follows:"
365 #: build/C/man5/acct.5:49
367 msgid "#define ACCT_COMM 16\n"
371 #: build/C/man5/acct.5:51
373 msgid "typedef u_int16_t comp_t;\n"
377 #: build/C/man5/acct.5:75
381 " char ac_flag; /* Accounting flags */\n"
382 " u_int16_t ac_uid; /* Accounting user ID */\n"
383 " u_int16_t ac_gid; /* Accounting group ID */\n"
384 " u_int16_t ac_tty; /* Controlling terminal */\n"
385 " u_int32_t ac_btime; /* Process creation time\n"
386 " (seconds since the Epoch) */\n"
387 " comp_t ac_utime; /* User CPU time */\n"
388 " comp_t ac_stime; /* System CPU time */\n"
389 " comp_t ac_etime; /* Elapsed time */\n"
390 " comp_t ac_mem; /* Average memory usage (kB) */\n"
391 " comp_t ac_io; /* Characters transferred (unused) */\n"
392 " comp_t ac_rw; /* Blocks read or written (unused) */\n"
393 " comp_t ac_minflt; /* Minor page faults */\n"
394 " comp_t ac_majflt; /* Major page faults */\n"
395 " comp_t ac_swaps; /* Number of swaps (unused) */\n"
396 " u_int32_t ac_exitcode; /* Process termination status\n"
397 " (see wait(2)) */\n"
398 " char ac_comm[ACCT_COMM+1];\n"
399 " /* Command name (basename of last\n"
400 " executed command; null-terminated) */\n"
401 " char ac_pad[I<X>]; /* padding bytes */\n"
406 #: build/C/man5/acct.5:82
409 "enum { /* Bits that may be set in ac_flag field */\n"
410 " AFORK = 0x01, /* Has executed fork, but no exec */\n"
411 " ASU = 0x02, /* Used superuser privileges */\n"
412 " ACORE = 0x08, /* Dumped core */\n"
413 " AXSIG = 0x10 /* Killed by a signal */\n"
418 #: build/C/man5/acct.5:92
420 "The I<comp_t> data type is a floating-point value consisting of a 3-bit, "
421 "base-8 exponent, and a 13-bit mantissa. A value, I<c>, of this type can be "
422 "converted to a (long) integer as follows:"
426 #: build/C/man5/acct.5:95
428 msgid " v = (c & 0x1fff) E<lt>E<lt> (((c E<gt>E<gt> 13) & 0x7) * 3);\n"
432 #: build/C/man5/acct.5:105
434 "The I<ac_utime>, I<ac_stime>, and I<ac_etime> fields measure time in \"clock "
435 "ticks\"; divide these values by I<sysconf(_SC_CLK_TCK)> to convert them to "
440 #: build/C/man5/acct.5:105
442 msgid "Version 3 Accounting File Format"
446 #: build/C/man5/acct.5:120
448 "Since kernel 2.6.8, an optional alternative version of the accounting file "
449 "can be produced if the B<CONFIG_BSD_PROCESS_ACCT_V3> option is set when "
450 "building the kernel. With this option is set, the records written to the "
451 "accounting file contain additional fields, and the width of I<c_uid> and "
452 "I<ac_gid> fields is widened from 16 to 32 bits (in line with the increased "
453 "size of UID and GIDs in Linux 2.4 and later). The records are defined as "
458 #: build/C/man5/acct.5:145
462 " char ac_flag; /* Flags */\n"
463 " char ac_version; /* Always set to ACCT_VERSION (3) */\n"
464 " u_int16_t ac_tty; /* Controlling terminal */\n"
465 " u_int32_t ac_exitcode; /* Process termination status */\n"
466 " u_int32_t ac_uid; /* Real user ID */\n"
467 " u_int32_t ac_gid; /* Real group ID */\n"
468 " u_int32_t ac_pid; /* Process ID */\n"
469 " u_int32_t ac_ppid; /* Parent process ID */\n"
470 " u_int32_t ac_btime; /* Process creation time */\n"
471 " float ac_etime; /* Elapsed time */\n"
472 " comp_t ac_utime; /* User CPU time */\n"
473 " comp_t ac_stime; /* System time */\n"
474 " comp_t ac_mem; /* Average memory usage (kB) */\n"
475 " comp_t ac_io; /* Characters transferred (unused) */\n"
476 " comp_t ac_rw; /* Blocks read or written\n"
478 " comp_t ac_minflt; /* Minor page faults */\n"
479 " comp_t ac_majflt; /* Major page faults */\n"
480 " comp_t ac_swaps; /* Number of swaps (unused) */\n"
481 " char ac_comm[ACCT_COMM]; /* Command name */\n"
486 #: build/C/man5/acct.5:148 build/C/man7/cpuset.7:1337 build/C/man2/getresuid.2:59 build/C/man2/getrlimit.2:468 build/C/man2/getsid.2:74 build/C/man2/ioprio_set.2:183 build/C/man2/setfsgid.2:74 build/C/man2/setfsuid.2:74 build/C/man2/setresuid.2:81
492 #: build/C/man5/acct.5:152
493 msgid "The I<acct_v3> structure is defined in glibc since version 2.6."
497 #: build/C/man5/acct.5:156
499 "Process accounting originated on BSD. Although it is present on most "
500 "systems, it is not standardized, and the details vary somewhat between "
505 #: build/C/man5/acct.5:159
507 "Records in the accounting file are ordered by termination time of the "
512 #: build/C/man5/acct.5:166
514 "In kernels up to and including 2.6.9, a separate accounting record is "
515 "written for each thread created using the NPTL threading library; since "
516 "Linux 2.6.10, a single accounting record is written for the entire process "
517 "on termination of the last thread in the process."
521 #: build/C/man5/acct.5:173
523 "The I<proc/sys/kernel/acct> file, described in B<proc>(5), defines settings "
524 "that control the behavior of process accounting when disk space runs low."
528 #: build/C/man5/acct.5:177
529 msgid "B<lastcomm>(1), B<acct>(2), B<accton>(8), B<sa>(8)"
533 #: build/C/man7/capabilities.7:46
539 #: build/C/man7/capabilities.7:46
545 #: build/C/man7/capabilities.7:49
546 msgid "capabilities - overview of Linux capabilities"
550 #: build/C/man7/capabilities.7:61
552 "For the purpose of performing permission checks, traditional UNIX "
553 "implementations distinguish two categories of processes: I<privileged> "
554 "processes (whose effective user ID is 0, referred to as superuser or root), "
555 "and I<unprivileged> processes (whose effective UID is nonzero). Privileged "
556 "processes bypass all kernel permission checks, while unprivileged processes "
557 "are subject to full permission checking based on the process's credentials "
558 "(usually: effective UID, effective GID, and supplementary group list)."
562 #: build/C/man7/capabilities.7:68
564 "Starting with kernel 2.2, Linux divides the privileges traditionally "
565 "associated with superuser into distinct units, known as I<capabilities>, "
566 "which can be independently enabled and disabled. Capabilities are a "
567 "per-thread attribute."
571 #: build/C/man7/capabilities.7:68
573 msgid "Capabilities List"
577 #: build/C/man7/capabilities.7:71
579 "The following list shows the capabilities implemented on Linux, and the "
580 "operations or behaviors that each capability permits:"
584 #: build/C/man7/capabilities.7:71
586 msgid "B<CAP_AUDIT_CONTROL> (since Linux 2.6.11)"
590 #: build/C/man7/capabilities.7:75
592 "Enable and disable kernel auditing; change auditing filter rules; retrieve "
593 "auditing status and filtering rules."
597 #: build/C/man7/capabilities.7:75
599 msgid "B<CAP_AUDIT_WRITE> (since Linux 2.6.11)"
603 #: build/C/man7/capabilities.7:78
604 msgid "Write records to kernel auditing log."
608 #: build/C/man7/capabilities.7:78
614 #: build/C/man7/capabilities.7:82
615 msgid "Make arbitrary changes to file UIDs and GIDs (see B<chown>(2))."
619 #: build/C/man7/capabilities.7:82
621 msgid "B<CAP_DAC_OVERRIDE>"
625 #: build/C/man7/capabilities.7:86
627 "Bypass file read, write, and execute permission checks. (DAC is an "
628 "abbreviation of \"discretionary access control\".)"
632 #: build/C/man7/capabilities.7:86
634 msgid "B<CAP_DAC_READ_SEARCH>"
638 #: build/C/man7/capabilities.7:90
640 "Bypass file read permission checks and directory read and execute permission "
645 #: build/C/man7/capabilities.7:90
647 msgid "B<CAP_FOWNER>"
651 #: build/C/man7/capabilities.7:94 build/C/man7/capabilities.7:104 build/C/man7/capabilities.7:108 build/C/man7/capabilities.7:110 build/C/man7/capabilities.7:112 build/C/man7/capabilities.7:182 build/C/man7/capabilities.7:184 build/C/man7/capabilities.7:186 build/C/man7/capabilities.7:188 build/C/man7/capabilities.7:190 build/C/man7/capabilities.7:192 build/C/man7/capabilities.7:194 build/C/man7/capabilities.7:196 build/C/man7/capabilities.7:198 build/C/man7/capabilities.7:222 build/C/man7/capabilities.7:224 build/C/man7/capabilities.7:270 build/C/man7/capabilities.7:280 build/C/man7/capabilities.7:286 build/C/man7/capabilities.7:291 build/C/man7/capabilities.7:297 build/C/man7/capabilities.7:304 build/C/man7/capabilities.7:307 build/C/man7/capabilities.7:315 build/C/man7/capabilities.7:317 build/C/man7/capabilities.7:326 build/C/man7/capabilities.7:333 build/C/man7/capabilities.7:336 build/C/man7/capabilities.7:340 build/C/man7/capabilities.7:343 build/C/man7/capabilities.7:346 build/C/man7/capabilities.7:353 build/C/man7/capabilities.7:358 build/C/man7/capabilities.7:364 build/C/man7/capabilities.7:368 build/C/man7/capabilities.7:372 build/C/man7/capabilities.7:376 build/C/man7/capabilities.7:380 build/C/man7/capabilities.7:407 build/C/man7/capabilities.7:412 build/C/man7/capabilities.7:417 build/C/man7/capabilities.7:420 build/C/man7/capabilities.7:423 build/C/man7/capabilities.7:432 build/C/man7/capabilities.7:436 build/C/man7/capabilities.7:472 build/C/man7/capabilities.7:474 build/C/man7/capabilities.7:478 build/C/man7/capabilities.7:480 build/C/man7/capabilities.7:483 build/C/man7/capabilities.7:487 build/C/man7/capabilities.7:489 build/C/man7/capabilities.7:491 build/C/man7/capabilities.7:493 build/C/man7/capabilities.7:502 build/C/man7/capabilities.7:509 build/C/man7/capabilities.7:514 build/C/man7/capabilities.7:519 build/C/man7/capabilities.7:729 build/C/man7/capabilities.7:737 build/C/man7/capabilities.7:1044 build/C/man7/capabilities.7:1049 build/C/man7/cpuset.7:539 build/C/man7/cpuset.7:544 build/C/man7/cpuset.7:549 build/C/man7/cpuset.7:725 build/C/man7/cpuset.7:729 build/C/man7/cpuset.7:926 build/C/man7/cpuset.7:929 build/C/man7/cpuset.7:933 build/C/man7/cpuset.7:937 build/C/man7/cpuset.7:941 build/C/man7/credentials.7:123 build/C/man7/credentials.7:129 build/C/man7/credentials.7:141 build/C/man7/credentials.7:163 build/C/man7/credentials.7:180 build/C/man7/credentials.7:212 build/C/man7/credentials.7:215 build/C/man7/credentials.7:225 build/C/man7/credentials.7:228
657 #: build/C/man7/capabilities.7:104
659 "Bypass permission checks on operations that normally require the file system "
660 "UID of the process to match the UID of the file (e.g., B<chmod>(2), "
661 "B<utime>(2)), excluding those operations covered by B<CAP_DAC_OVERRIDE> and "
662 "B<CAP_DAC_READ_SEARCH>;"
666 #: build/C/man7/capabilities.7:108
667 msgid "set extended file attributes (see B<chattr>(1)) on arbitrary files;"
671 #: build/C/man7/capabilities.7:110
672 msgid "set Access Control Lists (ACLs) on arbitrary files;"
676 #: build/C/man7/capabilities.7:112
677 msgid "ignore directory sticky bit on file deletion;"
681 #: build/C/man7/capabilities.7:119
682 msgid "specify B<O_NOATIME> for arbitrary files in B<open>(2) and B<fcntl>(2)."
686 #: build/C/man7/capabilities.7:121
688 msgid "B<CAP_FSETID>"
692 #: build/C/man7/capabilities.7:127
694 "Don't clear set-user-ID and set-group-ID permission bits when a file is "
695 "modified; set the set-group-ID bit for a file whose GID does not match the "
696 "file system or any of the supplementary GIDs of the calling process."
700 #: build/C/man7/capabilities.7:127
702 msgid "B<CAP_IPC_LOCK>"
705 #. FIXME As at Linux 3.2, there are some strange uses of this capability
706 #. in other places; they probably should be replaced with something else.
708 #: build/C/man7/capabilities.7:136
709 msgid "Lock memory (B<mlock>(2), B<mlockall>(2), B<mmap>(2), B<shmctl>(2))."
713 #: build/C/man7/capabilities.7:136
715 msgid "B<CAP_IPC_OWNER>"
719 #: build/C/man7/capabilities.7:139
720 msgid "Bypass permission checks for operations on System V IPC objects."
724 #: build/C/man7/capabilities.7:139
729 #. FIXME CAP_KILL also has an effect for threads + setting child
730 #. termination signal to other than SIGCHLD: without this
731 #. capability, the termination signal reverts to SIGCHLD
732 #. if the child does an exec(). What is the rationale
735 #: build/C/man7/capabilities.7:152
737 "Bypass permission checks for sending signals (see B<kill>(2)). This "
738 "includes use of the B<ioctl>(2) B<KDSIGACCEPT> operation."
742 #: build/C/man7/capabilities.7:152
744 msgid "B<CAP_LEASE> (since Linux 2.4)"
748 #: build/C/man7/capabilities.7:156
749 msgid "Establish leases on arbitrary files (see B<fcntl>(2))."
753 #: build/C/man7/capabilities.7:156
755 msgid "B<CAP_LINUX_IMMUTABLE>"
758 #. These attributes are now available on ext2, ext3, Reiserfs, XFS, JFS
760 #: build/C/man7/capabilities.7:165
762 "Set the B<FS_APPEND_FL> and B<FS_IMMUTABLE_FL> i-node flags (see "
767 #: build/C/man7/capabilities.7:165
769 msgid "B<CAP_MAC_ADMIN> (since Linux 2.6.25)"
773 #: build/C/man7/capabilities.7:169
775 "Override Mandatory Access Control (MAC). Implemented for the Smack Linux "
776 "Security Module (LSM)."
780 #: build/C/man7/capabilities.7:169
782 msgid "B<CAP_MAC_OVERRIDE> (since Linux 2.6.25)"
786 #: build/C/man7/capabilities.7:173
787 msgid "Allow MAC configuration or state changes. Implemented for the Smack LSM."
791 #: build/C/man7/capabilities.7:173
793 msgid "B<CAP_MKNOD> (since Linux 2.4)"
797 #: build/C/man7/capabilities.7:177
798 msgid "Create special files using B<mknod>(2)."
802 #: build/C/man7/capabilities.7:177
804 msgid "B<CAP_NET_ADMIN>"
808 #: build/C/man7/capabilities.7:180
809 msgid "Perform various network-related operations:"
813 #: build/C/man7/capabilities.7:184
814 msgid "interface configuration;"
818 #: build/C/man7/capabilities.7:186
819 msgid "administration of IP firewall, masquerading, and accounting"
823 #: build/C/man7/capabilities.7:188
824 msgid "modify routing tables;"
828 #: build/C/man7/capabilities.7:190
829 msgid "bind to any address for transparent proxying;"
833 #: build/C/man7/capabilities.7:192
834 msgid "set type-of-service (TOS)"
838 #: build/C/man7/capabilities.7:194
839 msgid "clear driver statistics;"
843 #: build/C/man7/capabilities.7:196
844 msgid "set promiscuous mode;"
848 #: build/C/man7/capabilities.7:198
849 msgid "enabling multicasting;"
853 #: build/C/man7/capabilities.7:209
855 "use B<setsockopt>(2) to set the following socket options: B<SO_DEBUG>, "
856 "B<SO_MARK>, B<SO_PRIORITY> (for a priority outside the range 0 to 6), "
857 "B<SO_RCVBUFFORCE>, and B<SO_SNDBUFFORCE>."
861 #: build/C/man7/capabilities.7:211
863 msgid "B<CAP_NET_BIND_SERVICE>"
867 #: build/C/man7/capabilities.7:215
869 "Bind a socket to Internet domain privileged ports (port numbers less than "
874 #: build/C/man7/capabilities.7:215
876 msgid "B<CAP_NET_BROADCAST>"
880 #: build/C/man7/capabilities.7:218
881 msgid "(Unused) Make socket broadcasts, and listen to multicasts."
885 #: build/C/man7/capabilities.7:218
887 msgid "B<CAP_NET_RAW>"
891 #: build/C/man7/capabilities.7:224
892 msgid "use RAW and PACKET sockets;"
896 #: build/C/man7/capabilities.7:226
897 msgid "bind to any address for transparent proxying."
901 #: build/C/man7/capabilities.7:229
903 msgid "B<CAP_SETGID>"
907 #: build/C/man7/capabilities.7:233
909 "Make arbitrary manipulations of process GIDs and supplementary GID list; "
910 "forge GID when passing socket credentials via UNIX domain sockets."
914 #: build/C/man7/capabilities.7:233
916 msgid "B<CAP_SETFCAP> (since Linux 2.6.24)"
920 #: build/C/man7/capabilities.7:236
921 msgid "Set file capabilities."
925 #: build/C/man7/capabilities.7:236
927 msgid "B<CAP_SETPCAP>"
931 #: build/C/man7/capabilities.7:247
933 "If file capabilities are not supported: grant or remove any capability in "
934 "the caller's permitted capability set to or from any other process. (This "
935 "property of B<CAP_SETPCAP> is not available when the kernel is configured to "
936 "support file capabilities, since B<CAP_SETPCAP> has entirely different "
937 "semantics for such kernels.)"
941 #: build/C/man7/capabilities.7:257
943 "If file capabilities are supported: add any capability from the calling "
944 "thread's bounding set to its inheritable set; drop capabilities from the "
945 "bounding set (via B<prctl>(2) B<PR_CAPBSET_DROP>); make changes to the "
946 "I<securebits> flags."
950 #: build/C/man7/capabilities.7:257
952 msgid "B<CAP_SETUID>"
955 #. FIXME CAP_SETUID also an effect in exec(); document this.
957 #: build/C/man7/capabilities.7:266
959 "Make arbitrary manipulations of process UIDs (B<setuid>(2), B<setreuid>(2), "
960 "B<setresuid>(2), B<setfsuid>(2)); make forged UID when passing socket "
961 "credentials via UNIX domain sockets."
965 #: build/C/man7/capabilities.7:266
967 msgid "B<CAP_SYS_ADMIN>"
971 #: build/C/man7/capabilities.7:280
973 "Perform a range of system administration operations including: "
974 "B<quotactl>(2), B<mount>(2), B<umount>(2), B<swapon>(2), B<swapoff>(2), "
975 "B<sethostname>(2), and B<setdomainname>(2);"
979 #: build/C/man7/capabilities.7:286
981 "perform privileged B<syslog>(2) operations (since Linux 2.6.37, "
982 "B<CAP_SYSLOG> should be used to permit such operations);"
986 #: build/C/man7/capabilities.7:291
987 msgid "perform B<VM86_REQUEST_IRQ> B<vm86>(2) command;"
991 #: build/C/man7/capabilities.7:297
993 "perform B<IPC_SET> and B<IPC_RMID> operations on arbitrary System V IPC "
998 #: build/C/man7/capabilities.7:304
1000 "perform operations on I<trusted> and I<security> Extended Attributes (see "
1005 #: build/C/man7/capabilities.7:307
1006 msgid "use B<lookup_dcookie>(2);"
1010 #: build/C/man7/capabilities.7:315
1012 "use B<ioprio_set>(2) to assign B<IOPRIO_CLASS_RT> and (before Linux 2.6.25) "
1013 "B<IOPRIO_CLASS_IDLE> I/O scheduling classes;"
1017 #: build/C/man7/capabilities.7:317
1018 msgid "forge UID when passing socket credentials;"
1022 #: build/C/man7/capabilities.7:326
1024 "exceed I</proc/sys/fs/file-max>, the system-wide limit on the number of open "
1025 "files, in system calls that open files (e.g., B<accept>(2), B<execve>(2), "
1026 "B<open>(2), B<pipe>(2));"
1030 #: build/C/man7/capabilities.7:333
1032 "employ B<CLONE_*> flags that create new namespaces with B<clone>(2) and "
1037 #: build/C/man7/capabilities.7:336
1038 msgid "call B<perf_event_open>(2);"
1042 #: build/C/man7/capabilities.7:340
1043 msgid "access privileged I<perf> event information;"
1047 #: build/C/man7/capabilities.7:343
1048 msgid "call B<setns>(2);"
1052 #: build/C/man7/capabilities.7:346
1053 msgid "call B<fanotify_init>(2);"
1057 #: build/C/man7/capabilities.7:353
1058 msgid "perform B<KEYCTL_CHOWN> and B<KEYCTL_SETPERM> B<keyctl>(2) operations;"
1062 #: build/C/man7/capabilities.7:358
1063 msgid "perform B<madvise>(2) B<MADV_HWPOISON> operation;"
1067 #: build/C/man7/capabilities.7:364
1069 "employ the B<TIOCSTI> B<ioctl>(2) to insert characters into the input queue "
1070 "of a terminal other than the caller's controlling terminal."
1074 #: build/C/man7/capabilities.7:368
1075 msgid "employ the obsolete B<nfsservctl>(2); system call;"
1079 #: build/C/man7/capabilities.7:372
1080 msgid "employ the obsolete B<bdflush>(2) system call;"
1084 #: build/C/man7/capabilities.7:376
1085 msgid "perform various privileged block-device B<ioctl>(2) operations;"
1089 #: build/C/man7/capabilities.7:380
1090 msgid "perform various privileged file-system B<ioctl>(2) operations;"
1094 #: build/C/man7/capabilities.7:382
1095 msgid "perform administrative operations on many device drivers."
1099 #: build/C/man7/capabilities.7:384
1101 msgid "B<CAP_SYS_BOOT>"
1105 #: build/C/man7/capabilities.7:390
1106 msgid "Use B<reboot>(2) and B<kexec_load>(2)."
1110 #: build/C/man7/capabilities.7:390
1112 msgid "B<CAP_SYS_CHROOT>"
1116 #: build/C/man7/capabilities.7:394
1117 msgid "Use B<chroot>(2)."
1121 #: build/C/man7/capabilities.7:394
1123 msgid "B<CAP_SYS_MODULE>"
1127 #: build/C/man7/capabilities.7:403
1129 "Load and unload kernel modules (see B<init_module>(2) and "
1130 "B<delete_module>(2)); in kernels before 2.6.25: drop capabilities from the "
1131 "system-wide capability bounding set."
1135 #: build/C/man7/capabilities.7:403
1137 msgid "B<CAP_SYS_NICE>"
1141 #: build/C/man7/capabilities.7:412
1143 "Raise process nice value (B<nice>(2), B<setpriority>(2)) and change the "
1144 "nice value for arbitrary processes;"
1148 #: build/C/man7/capabilities.7:417
1150 "set real-time scheduling policies for calling process, and set scheduling "
1151 "policies and priorities for arbitrary processes (B<sched_setscheduler>(2), "
1152 "B<sched_setparam>(2));"
1156 #: build/C/man7/capabilities.7:420
1157 msgid "set CPU affinity for arbitrary processes (B<sched_setaffinity>(2));"
1161 #: build/C/man7/capabilities.7:423
1163 "set I/O scheduling class and priority for arbitrary processes "
1164 "(B<ioprio_set>(2));"
1167 #. FIXME CAP_SYS_NICE also has the following effect for
1168 #. migrate_pages(2):
1169 #. do_migrate_pages(mm, &old, &new,
1170 #. capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
1172 #: build/C/man7/capabilities.7:432
1174 "apply B<migrate_pages>(2) to arbitrary processes and allow processes to be "
1175 "migrated to arbitrary nodes;"
1179 #: build/C/man7/capabilities.7:436
1180 msgid "apply B<move_pages>(2) to arbitrary processes;"
1184 #: build/C/man7/capabilities.7:443
1185 msgid "use the B<MPOL_MF_MOVE_ALL> flag with B<mbind>(2) and B<move_pages>(2)."
1189 #: build/C/man7/capabilities.7:445
1191 msgid "B<CAP_SYS_PACCT>"
1195 #: build/C/man7/capabilities.7:449
1196 msgid "Use B<acct>(2)."
1200 #: build/C/man7/capabilities.7:449
1202 msgid "B<CAP_SYS_PTRACE>"
1206 #: build/C/man7/capabilities.7:456
1208 "Trace arbitrary processes using B<ptrace>(2); apply B<get_robust_list>(2) "
1209 "to arbitrary processes."
1213 #: build/C/man7/capabilities.7:456
1215 msgid "B<CAP_SYS_RAWIO>"
1219 #: build/C/man7/capabilities.7:468
1221 "Perform I/O port operations (B<iopl>(2) and B<ioperm>(2)); access "
1222 "I</proc/kcore>; employ the B<FIBMAP> B<ioctl>(2) operation."
1226 #: build/C/man7/capabilities.7:468
1228 msgid "B<CAP_SYS_RESOURCE>"
1232 #: build/C/man7/capabilities.7:474
1233 msgid "Use reserved space on ext2 file systems;"
1237 #: build/C/man7/capabilities.7:478
1238 msgid "make B<ioctl>(2) calls controlling ext3 journaling;"
1242 #: build/C/man7/capabilities.7:480
1243 msgid "override disk quota limits;"
1247 #: build/C/man7/capabilities.7:483
1248 msgid "increase resource limits (see B<setrlimit>(2));"
1252 #: build/C/man7/capabilities.7:487
1253 msgid "override B<RLIMIT_NPROC> resource limit;"
1257 #: build/C/man7/capabilities.7:489
1258 msgid "override maximum number of consoles on console allocation;"
1262 #: build/C/man7/capabilities.7:491
1263 msgid "override maximum number of keymaps;"
1267 #: build/C/man7/capabilities.7:493
1268 msgid "allow more than 64hz interrupts from the real-time clock;"
1272 #: build/C/man7/capabilities.7:502
1274 "raise I<msg_qbytes> limit for a System V message queue above the limit in "
1275 "I</proc/sys/kernel/msgmnb> (see B<msgop>(2) and B<msgctl>(2));"
1279 #: build/C/man7/capabilities.7:509
1281 "override the I</proc/sys/fs/pipe-size-max> limit when setting the capacity "
1282 "of a pipe using the B<F_SETPIPE_SZ> B<fcntl>(2) command."
1286 #: build/C/man7/capabilities.7:514
1288 "use B<F_SETPIPE_SZ> to increase the capacity of a pipe above the limit "
1289 "specified by I</proc/sys/fs/pipe-max-size>;"
1293 #: build/C/man7/capabilities.7:519
1295 "override I</proc/sys/fs/mqueue/queues_max> limit when creating POSIX message "
1296 "queues (see B<mq_overview>(7));"
1300 #: build/C/man7/capabilities.7:524
1301 msgid "employ B<prctl>(2) B<PR_SET_MM> operation."
1305 #: build/C/man7/capabilities.7:526
1307 msgid "B<CAP_SYS_TIME>"
1311 #: build/C/man7/capabilities.7:533
1313 "Set system clock (B<settimeofday>(2), B<stime>(2), B<adjtimex>(2)); set "
1314 "real-time (hardware) clock."
1318 #: build/C/man7/capabilities.7:533
1320 msgid "B<CAP_SYS_TTY_CONFIG>"
1324 #: build/C/man7/capabilities.7:540
1326 "Use B<vhangup>(2); employ various privileged B<ioctl>(2) operations on "
1327 "virtual terminals."
1331 #: build/C/man7/capabilities.7:540
1333 msgid "B<CAP_SYSLOG> (since Linux 2.6.37)"
1337 #: build/C/man7/capabilities.7:548
1339 "Perform privileged B<syslog>(2) operations. See B<syslog>(2) for "
1340 "information on which operations require privilege."
1344 #: build/C/man7/capabilities.7:548
1346 msgid "B<CAP_WAKE_ALARM> (since Linux 3.0)"
1350 #: build/C/man7/capabilities.7:556
1352 "Trigger something that will wake up the system (set B<CLOCK_REALTIME_ALARM> "
1353 "and B<CLOCK_BOOTTIME_ALARM> timers)."
1357 #: build/C/man7/capabilities.7:556
1359 msgid "Past and Current Implementation"
1363 #: build/C/man7/capabilities.7:558
1364 msgid "A full implementation of capabilities requires that:"
1368 #: build/C/man7/capabilities.7:558 build/C/man7/capabilities.7:701 build/C/man7/capabilities.7:848 build/C/man7/capabilities.7:901
1374 #: build/C/man7/capabilities.7:562
1376 "For all privileged operations, the kernel must check whether the thread has "
1377 "the required capability in its effective set."
1381 #: build/C/man7/capabilities.7:562 build/C/man7/capabilities.7:706 build/C/man7/capabilities.7:854 build/C/man7/capabilities.7:907
1387 #: build/C/man7/capabilities.7:565
1389 "The kernel must provide system calls allowing a thread's capability sets to "
1390 "be changed and retrieved."
1394 #: build/C/man7/capabilities.7:565 build/C/man7/capabilities.7:857 build/C/man7/capabilities.7:911
1400 #: build/C/man7/capabilities.7:568
1402 "The file system must support attaching capabilities to an executable file, "
1403 "so that a process gains those capabilities when the file is executed."
1407 #: build/C/man7/capabilities.7:572
1409 "Before kernel 2.6.24, only the first two of these requirements are met; "
1410 "since kernel 2.6.24, all three requirements are met."
1414 #: build/C/man7/capabilities.7:572
1416 msgid "Thread Capability Sets"
1420 #: build/C/man7/capabilities.7:575
1422 "Each thread has three capability sets containing zero or more of the above "
1427 #: build/C/man7/capabilities.7:575
1429 msgid "I<Permitted>:"
1433 #: build/C/man7/capabilities.7:583
1435 "This is a limiting superset for the effective capabilities that the thread "
1436 "may assume. It is also a limiting superset for the capabilities that may be "
1437 "added to the inheritable set by a thread that does not have the "
1438 "B<CAP_SETPCAP> capability in its effective set."
1442 #: build/C/man7/capabilities.7:589
1444 "If a thread drops a capability from its permitted set, it can never "
1445 "reacquire that capability (unless it B<execve>(2)s either a set-user-ID-root "
1446 "program, or a program whose associated file capabilities grant that "
1451 #: build/C/man7/capabilities.7:589
1453 msgid "I<Inheritable>:"
1457 #: build/C/man7/capabilities.7:596
1459 "This is a set of capabilities preserved across an B<execve>(2). It provides "
1460 "a mechanism for a process to assign capabilities to the permitted set of the "
1461 "new program during an B<execve>(2)."
1465 #: build/C/man7/capabilities.7:596 build/C/man7/capabilities.7:638
1467 msgid "I<Effective>:"
1471 #: build/C/man7/capabilities.7:600
1473 "This is the set of capabilities used by the kernel to perform permission "
1474 "checks for the thread."
1478 #: build/C/man7/capabilities.7:606
1480 "A child created via B<fork>(2) inherits copies of its parent's capability "
1481 "sets. See below for a discussion of the treatment of capabilities during "
1486 #: build/C/man7/capabilities.7:611
1488 "Using B<capset>(2), a thread may manipulate its own capability sets (see "
1493 #: build/C/man7/capabilities.7:611
1495 msgid "File Capabilities"
1499 #: build/C/man7/capabilities.7:626
1501 "Since kernel 2.6.24, the kernel supports associating capability sets with an "
1502 "executable file using B<setcap>(8). The file capability sets are stored in "
1503 "an extended attribute (see B<setxattr>(2)) named I<security.capability>. "
1504 "Writing to this extended attribute requires the B<CAP_SETFCAP> capability. "
1505 "The file capability sets, in conjunction with the capability sets of the "
1506 "thread, determine the capabilities of a thread after an B<execve>(2)."
1510 #: build/C/man7/capabilities.7:628
1511 msgid "The three file capability sets are:"
1515 #: build/C/man7/capabilities.7:628
1517 msgid "I<Permitted> (formerly known as I<forced>):"
1521 #: build/C/man7/capabilities.7:632
1523 "These capabilities are automatically permitted to the thread, regardless of "
1524 "the thread's inheritable capabilities."
1528 #: build/C/man7/capabilities.7:632
1530 msgid "I<Inheritable> (formerly known as I<allowed>):"
1534 #: build/C/man7/capabilities.7:638
1536 "This set is ANDed with the thread's inheritable set to determine which "
1537 "inheritable capabilities are enabled in the permitted set of the thread "
1538 "after the B<execve>(2)."
1542 #: build/C/man7/capabilities.7:648
1544 "This is not a set, but rather just a single bit. If this bit is set, then "
1545 "during an B<execve>(2) all of the new permitted capabilities for the thread "
1546 "are also raised in the effective set. If this bit is not set, then after an "
1547 "B<execve>(2), none of the new permitted capabilities is in the new effective "
1552 #: build/C/man7/capabilities.7:664
1554 "Enabling the file effective capability bit implies that any file permitted "
1555 "or inheritable capability that causes a thread to acquire the corresponding "
1556 "permitted capability during an B<execve>(2) (see the transformation rules "
1557 "described below) will also acquire that capability in its effective set. "
1558 "Therefore, when assigning capabilities to a file (B<setcap>(8), "
1559 "B<cap_set_file>(3), B<cap_set_fd>(3)), if we specify the effective flag as "
1560 "being enabled for any capability, then the effective flag must also be "
1561 "specified as enabled for all other capabilities for which the corresponding "
1562 "permitted or inheritable flags is enabled."
1566 #: build/C/man7/capabilities.7:664
1568 msgid "Transformation of Capabilities During execve()"
1572 #: build/C/man7/capabilities.7:670
1574 "During an B<execve>(2), the kernel calculates the new capabilities of the "
1575 "process using the following algorithm:"
1579 #: build/C/man7/capabilities.7:675
1582 "P'(permitted) = (P(inheritable) & F(inheritable)) |\n"
1583 " (F(permitted) & cap_bset)\n"
1587 #: build/C/man7/capabilities.7:677
1589 msgid "P'(effective) = F(effective) ? P'(permitted) : 0\n"
1593 #: build/C/man7/capabilities.7:679
1595 msgid "P'(inheritable) = P(inheritable) [i.e., unchanged]\n"
1599 #: build/C/man7/capabilities.7:683
1604 #: build/C/man7/capabilities.7:684
1610 #: build/C/man7/capabilities.7:687
1611 msgid "denotes the value of a thread capability set before the B<execve>(2)"
1615 #: build/C/man7/capabilities.7:687
1621 #: build/C/man7/capabilities.7:690
1622 msgid "denotes the value of a capability set after the B<execve>(2)"
1626 #: build/C/man7/capabilities.7:690
1632 #: build/C/man7/capabilities.7:692
1633 msgid "denotes a file capability set"
1637 #: build/C/man7/capabilities.7:692
1643 #: build/C/man7/capabilities.7:694
1644 msgid "is the value of the capability bounding set (described below)."
1648 #: build/C/man7/capabilities.7:696
1650 msgid "Capabilities and execution of programs by root"
1654 #: build/C/man7/capabilities.7:701
1656 "In order to provide an all-powerful I<root> using capability sets, during an "
1661 #: build/C/man7/capabilities.7:706
1663 "If a set-user-ID-root program is being executed, or the real user ID of the "
1664 "process is 0 (root) then the file inheritable and permitted sets are "
1665 "defined to be all ones (i.e., all capabilities enabled)."
1669 #: build/C/man7/capabilities.7:709
1671 "If a set-user-ID-root program is being executed, then the file effective bit "
1672 "is defined to be one (enabled)."
1675 #. If a process with real UID 0, and nonzero effective UID does an
1676 #. exec(), then it gets all capabilities in its
1677 #. permitted set, and no effective capabilities
1679 #: build/C/man7/capabilities.7:724
1681 "The upshot of the above rules, combined with the capabilities "
1682 "transformations described above, is that when a process B<execve>(2)s a "
1683 "set-user-ID-root program, or when a process with an effective UID of 0 "
1684 "B<execve>(2)s a program, it gains all capabilities in its permitted and "
1685 "effective capability sets, except those masked out by the capability "
1686 "bounding set. This provides semantics that are the same as those provided "
1687 "by traditional UNIX systems."
1691 #: build/C/man7/capabilities.7:724
1693 msgid "Capability bounding set"
1697 #: build/C/man7/capabilities.7:729
1699 "The capability bounding set is a security mechanism that can be used to "
1700 "limit the capabilities that can be gained during an B<execve>(2). The "
1701 "bounding set is used in the following ways:"
1705 #: build/C/man7/capabilities.7:737
1707 "During an B<execve>(2), the capability bounding set is ANDed with the file "
1708 "permitted capability set, and the result of this operation is assigned to "
1709 "the thread's permitted capability set. The capability bounding set thus "
1710 "places a limit on the permitted capabilities that may be granted by an "
1715 #: build/C/man7/capabilities.7:749
1717 "(Since Linux 2.6.25) The capability bounding set acts as a limiting "
1718 "superset for the capabilities that a thread can add to its inheritable set "
1719 "using B<capset>(2). This means that if a capability is not in the bounding "
1720 "set, then a thread can't add this capability to its inheritable set, even if "
1721 "it was in its permitted capabilities, and thereby cannot have this "
1722 "capability preserved in its permitted set when it B<execve>(2)s a file that "
1723 "has the capability in its inheritable set."
1727 #: build/C/man7/capabilities.7:756
1729 "Note that the bounding set masks the file permitted capabilities, but not "
1730 "the inherited capabilities. If a thread maintains a capability in its "
1731 "inherited set that is not in its bounding set, then it can still gain that "
1732 "capability in its permitted set by executing a file that has the capability "
1733 "in its inherited set."
1737 #: build/C/man7/capabilities.7:759
1739 "Depending on the kernel version, the capability bounding set is either a "
1740 "system-wide attribute, or a per-process attribute."
1744 #: build/C/man7/capabilities.7:761
1745 msgid "B<Capability bounding set prior to Linux 2.6.25>"
1749 #: build/C/man7/capabilities.7:769
1751 "In kernels before 2.6.25, the capability bounding set is a system-wide "
1752 "attribute that affects all threads on the system. The bounding set is "
1753 "accessible via the file I</proc/sys/kernel/cap-bound>. (Confusingly, this "
1754 "bit mask parameter is expressed as a signed decimal number in "
1755 "I</proc/sys/kernel/cap-bound>.)"
1759 #: build/C/man7/capabilities.7:776
1761 "Only the B<init> process may set capabilities in the capability bounding "
1762 "set; other than that, the superuser (more precisely: programs with the "
1763 "B<CAP_SYS_MODULE> capability) may only clear capabilities from this set."
1767 #: build/C/man7/capabilities.7:785
1769 "On a standard system the capability bounding set always masks out the "
1770 "B<CAP_SETPCAP> capability. To remove this restriction (dangerous!), modify "
1771 "the definition of B<CAP_INIT_EFF_SET> in I<include/linux/capability.h> and "
1772 "rebuild the kernel."
1776 #: build/C/man7/capabilities.7:789
1778 "The system-wide capability bounding set feature was added to Linux starting "
1779 "with kernel version 2.2.11."
1783 #: build/C/man7/capabilities.7:791
1784 msgid "B<Capability bounding set from Linux 2.6.25 onward>"
1788 #: build/C/man7/capabilities.7:796
1790 "From Linux 2.6.25, the I<capability bounding set> is a per-thread "
1791 "attribute. (There is no longer a system-wide capability bounding set.)"
1795 #: build/C/man7/capabilities.7:801
1797 "The bounding set is inherited at B<fork>(2) from the thread's parent, and "
1798 "is preserved across an B<execve>(2)."
1802 #: build/C/man7/capabilities.7:814
1804 "A thread may remove capabilities from its capability bounding set using the "
1805 "B<prctl>(2) B<PR_CAPBSET_DROP> operation, provided it has the "
1806 "B<CAP_SETPCAP> capability. Once a capability has been dropped from the "
1807 "bounding set, it cannot be restored to that set. A thread can determine if "
1808 "a capability is in its bounding set using the B<prctl>(2) "
1809 "B<PR_CAPBSET_READ> operation."
1813 #: build/C/man7/capabilities.7:832
1815 "Removing capabilities from the bounding set is only supported if file "
1816 "capabilities are compiled into the kernel. In kernels before Linux 2.6.33, "
1817 "file capabilities were an optional feature configurable via the "
1818 "CONFIG_SECURITY_FILE_CAPABILITIES option. Since Linux 2.6.33, the "
1819 "configuration option has been removed and file capabilities are always part "
1820 "of the kernel. When file capabilities are compiled into the kernel, the "
1821 "B<init> process (the ancestor of all processes) begins with a full bounding "
1822 "set. If file capabilities are not compiled into the kernel, then B<init> "
1823 "begins with a full bounding set minus B<CAP_SETPCAP>, because this "
1824 "capability has a different meaning when there are no file capabilities."
1828 #: build/C/man7/capabilities.7:839
1830 "Removing a capability from the bounding set does not remove it from the "
1831 "thread's inherited set. However it does prevent the capability from being "
1832 "added back into the thread's inherited set in the future."
1836 #: build/C/man7/capabilities.7:839
1838 msgid "Effect of User ID Changes on Capabilities"
1842 #: build/C/man7/capabilities.7:848
1844 "To preserve the traditional semantics for transitions between 0 and nonzero "
1845 "user IDs, the kernel makes the following changes to a thread's capability "
1846 "sets on changes to the thread's real, effective, saved set, and file system "
1847 "user IDs (using B<setuid>(2), B<setresuid>(2), or similar):"
1851 #: build/C/man7/capabilities.7:854
1853 "If one or more of the real, effective or saved set user IDs was previously "
1854 "0, and as a result of the UID changes all of these IDs have a nonzero value, "
1855 "then all capabilities are cleared from the permitted and effective "
1860 #: build/C/man7/capabilities.7:857
1862 "If the effective user ID is changed from 0 to nonzero, then all capabilities "
1863 "are cleared from the effective set."
1867 #: build/C/man7/capabilities.7:860
1869 "If the effective user ID is changed from nonzero to 0, then the permitted "
1870 "set is copied to the effective set."
1874 #: build/C/man7/capabilities.7:860 build/C/man7/capabilities.7:915
1880 #: build/C/man7/capabilities.7:878
1882 "If the file system user ID is changed from 0 to nonzero (see B<setfsuid>(2)) "
1883 "then the following capabilities are cleared from the effective set: "
1884 "B<CAP_CHOWN>, B<CAP_DAC_OVERRIDE>, B<CAP_DAC_READ_SEARCH>, B<CAP_FOWNER>, "
1885 "B<CAP_FSETID>, B<CAP_LINUX_IMMUTABLE> (since Linux 2.2.30), "
1886 "B<CAP_MAC_OVERRIDE>, and B<CAP_MKNOD> (since Linux 2.2.30). If the file "
1887 "system UID is changed from nonzero to 0, then any of these capabilities that "
1888 "are enabled in the permitted set are enabled in the effective set."
1892 #: build/C/man7/capabilities.7:886
1894 "If a thread that has a 0 value for one or more of its user IDs wants to "
1895 "prevent its permitted capability set being cleared when it resets all of its "
1896 "user IDs to nonzero values, it can do so using the B<prctl>(2) "
1897 "B<PR_SET_KEEPCAPS> operation."
1901 #: build/C/man7/capabilities.7:886
1903 msgid "Programmatically adjusting capability sets"
1907 #: build/C/man7/capabilities.7:901
1909 "A thread can retrieve and change its capability sets using the B<capget>(2) "
1910 "and B<capset>(2) system calls. However, the use of B<cap_get_proc>(3) and "
1911 "B<cap_set_proc>(3), both provided in the I<libcap> package, is preferred for "
1912 "this purpose. The following rules govern changes to the thread capability "
1917 #: build/C/man7/capabilities.7:907
1919 "If the caller does not have the B<CAP_SETPCAP> capability, the new "
1920 "inheritable set must be a subset of the combination of the existing "
1921 "inheritable and permitted sets."
1925 #: build/C/man7/capabilities.7:911
1927 "(Since kernel 2.6.25) The new inheritable set must be a subset of the "
1928 "combination of the existing inheritable set and the capability bounding set."
1932 #: build/C/man7/capabilities.7:915
1934 "The new permitted set must be a subset of the existing permitted set (i.e., "
1935 "it is not possible to acquire permitted capabilities that the thread does "
1936 "not currently have)."
1940 #: build/C/man7/capabilities.7:917
1941 msgid "The new effective set must be a subset of the new permitted set."
1945 #: build/C/man7/capabilities.7:917
1947 msgid "The \"securebits\" flags: establishing a capabilities-only environment"
1950 #. For some background:
1951 #. see http://lwn.net/Articles/280279/ and
1952 #. http://article.gmane.org/gmane.linux.kernel.lsm/5476/
1954 #: build/C/man7/capabilities.7:928
1956 "Starting with kernel 2.6.26, and with a kernel in which file capabilities "
1957 "are enabled, Linux implements a set of per-thread I<securebits> flags that "
1958 "can be used to disable special handling of capabilities for UID 0 "
1959 "(I<root>). These flags are as follows:"
1963 #: build/C/man7/capabilities.7:928
1965 msgid "B<SECBIT_KEEP_CAPS>"
1969 #: build/C/man7/capabilities.7:940
1971 "Setting this flag allows a thread that has one or more 0 UIDs to retain its "
1972 "capabilities when it switches all of its UIDs to a nonzero value. If this "
1973 "flag is not set, then such a UID switch causes the thread to lose all "
1974 "capabilities. This flag is always cleared on an B<execve>(2). (This flag "
1975 "provides the same functionality as the older B<prctl>(2) B<PR_SET_KEEPCAPS> "
1980 #: build/C/man7/capabilities.7:940
1982 msgid "B<SECBIT_NO_SETUID_FIXUP>"
1986 #: build/C/man7/capabilities.7:947
1988 "Setting this flag stops the kernel from adjusting capability sets when the "
1989 "threads's effective and file system UIDs are switched between zero and "
1990 "nonzero values. (See the subsection I<Effect of User ID Changes on "
1995 #: build/C/man7/capabilities.7:947
1997 msgid "B<SECBIT_NOROOT>"
2001 #: build/C/man7/capabilities.7:955
2003 "If this bit is set, then the kernel does not grant capabilities when a "
2004 "set-user-ID-root program is executed, or when a process with an effective or "
2005 "real UID of 0 calls B<execve>(2). (See the subsection I<Capabilities and "
2006 "execution of programs by root>.)"
2010 #: build/C/man7/capabilities.7:965
2012 "Each of the above \"base\" flags has a companion \"locked\" flag. Setting "
2013 "any of the \"locked\" flags is irreversible, and has the effect of "
2014 "preventing further changes to the corresponding \"base\" flag. The locked "
2015 "flags are: B<SECBIT_KEEP_CAPS_LOCKED>, B<SECBIT_NO_SETUID_FIXUP_LOCKED>, and "
2016 "B<SECBIT_NOROOT_LOCKED>."
2020 #: build/C/man7/capabilities.7:977
2022 "The I<securebits> flags can be modified and retrieved using the B<prctl>(2) "
2023 "B<PR_SET_SECUREBITS> and B<PR_GET_SECUREBITS> operations. The "
2024 "B<CAP_SETPCAP> capability is required to modify the flags."
2028 #: build/C/man7/capabilities.7:986
2030 "The I<securebits> flags are inherited by child processes. During an "
2031 "B<execve>(2), all of the flags are preserved, except B<SECBIT_KEEP_CAPS> "
2032 "which is always cleared."
2036 #: build/C/man7/capabilities.7:991
2038 "An application can use the following call to lock itself, and all of its "
2039 "descendants, into an environment where the only way of gaining capabilities "
2040 "is by executing a program with associated file capabilities:"
2044 #: build/C/man7/capabilities.7:1000
2047 "prctl(PR_SET_SECUREBITS,\n"
2048 " SECBIT_KEEP_CAPS_LOCKED |\n"
2049 " SECBIT_NO_SETUID_FIXUP |\n"
2050 " SECBIT_NO_SETUID_FIXUP_LOCKED |\n"
2051 " SECBIT_NOROOT |\n"
2052 " SECBIT_NOROOT_LOCKED);\n"
2056 #: build/C/man7/capabilities.7:1007
2058 "No standards govern capabilities, but the Linux capability implementation is "
2059 "based on the withdrawn POSIX.1e draft standard; see "
2060 "I<http://wt.xpilot.org/publications/posix.1e/>."
2064 #: build/C/man7/capabilities.7:1011
2066 "Since kernel 2.5.27, capabilities are an optional kernel component, and can "
2067 "be enabled/disabled via the CONFIG_SECURITY_CAPABILITIES kernel "
2068 "configuration option."
2072 #: build/C/man7/capabilities.7:1018
2074 "The I</proc/PID/task/TID/status> file can be used to view the capability "
2075 "sets of a thread. The I</proc/PID/status> file shows the capability sets of "
2076 "a process's main thread."
2080 #: build/C/man7/capabilities.7:1033
2082 "The I<libcap> package provides a suite of routines for setting and getting "
2083 "capabilities that is more comfortable and less likely to change than the "
2084 "interface provided by B<capset>(2) and B<capget>(2). This package also "
2085 "provides the B<setcap>(8) and B<getcap>(8) programs. It can be found at"
2089 #: build/C/man7/capabilities.7:1035
2090 msgid "I<http://www.kernel.org/pub/linux/libs/security/linux-privs>."
2094 #: build/C/man7/capabilities.7:1044
2096 "Before kernel 2.6.24, and since kernel 2.6.24 if file capabilities are not "
2097 "enabled, a thread with the B<CAP_SETPCAP> capability can manipulate the "
2098 "capabilities of threads other than itself. However, this is only "
2099 "theoretically possible, since no thread ever has B<CAP_SETPCAP> in either of "
2104 #: build/C/man7/capabilities.7:1049
2106 "In the pre-2.6.25 implementation the system-wide capability bounding set, "
2107 "I</proc/sys/kernel/cap-bound>, always masks out this capability, and this "
2108 "can not be changed without modifying the kernel source and rebuilding."
2112 #: build/C/man7/capabilities.7:1055
2114 "If file capabilities are disabled in the current implementation, then "
2115 "B<init> starts out with this capability removed from its per-process "
2116 "bounding set, and that bounding set is inherited by all other processes "
2117 "created on the system."
2121 #: build/C/man7/capabilities.7:1072
2123 "B<capget>(2), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), "
2124 "B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), "
2125 "B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), "
2126 "B<libcap>(3), B<credentials>(7), B<pthreads>(7), B<getcap>(8), B<setcap>(8)"
2130 #: build/C/man7/capabilities.7:1075
2132 "Comments on the purposes of various capabilities in "
2133 "I<include/linux/capability.h> in the kernel source"
2137 #: build/C/man2/capget.2:11
2143 #: build/C/man2/capget.2:11
2149 #: build/C/man2/capget.2:14
2150 msgid "capget, capset - set/get capabilities of thread(s)"
2154 #: build/C/man2/capget.2:16
2155 msgid "B<#include E<lt>sys/capability.hE<gt>>"
2159 #: build/C/man2/capget.2:18
2160 msgid "B<int capget(cap_user_header_t >I<hdrp>B<, cap_user_data_t >I<datap>B<);>"
2164 #: build/C/man2/capget.2:20
2166 "B<int capset(cap_user_header_t >I<hdrp>B<, const cap_user_data_t "
2171 #: build/C/man2/capget.2:31
2173 "As of Linux 2.2, the power of the superuser (root) has been partitioned into "
2174 "a set of discrete capabilities. Each thread has a set of effective "
2175 "capabilities identifying which capabilities (if any) it may currently "
2176 "exercise. Each thread also has a set of inheritable capabilities that may "
2177 "be passed through an B<execve>(2) call, and a set of permitted capabilities "
2178 "that it can make effective or inheritable."
2182 #: build/C/man2/capget.2:40
2184 "These two functions are the raw kernel interface for getting and setting "
2185 "thread capabilities. Not only are these system calls specific to Linux, but "
2186 "the kernel API is likely to change and use of these functions (in particular "
2187 "the format of the I<cap_user_*_t> types) is subject to extension with each "
2188 "kernel revision, but old programs will keep working."
2192 #: build/C/man2/capget.2:51
2194 "The portable interfaces are B<cap_set_proc>(3) and B<cap_get_proc>(3); if "
2195 "possible you should use those interfaces in applications. If you wish to "
2196 "use the Linux extensions in applications, you should use the easier-to-use "
2197 "interfaces B<capsetp>(3) and B<capgetp>(3)."
2201 #: build/C/man2/capget.2:51
2203 msgid "Current details"
2207 #: build/C/man2/capget.2:54
2209 "Now that you have been warned, some current kernel details. The structures "
2210 "are defined as follows."
2214 #: build/C/man2/capget.2:59
2217 "#define _LINUX_CAPABILITY_VERSION_1 0x19980330\n"
2218 "#define _LINUX_CAPABILITY_U32S_1 1\n"
2222 #: build/C/man2/capget.2:62
2225 "#define _LINUX_CAPABILITY_VERSION_2 0x20071026\n"
2226 "#define _LINUX_CAPABILITY_U32S_2 2\n"
2230 #: build/C/man2/capget.2:67
2233 "typedef struct __user_cap_header_struct {\n"
2236 "} *cap_user_header_t;\n"
2240 #: build/C/man2/capget.2:73
2243 "typedef struct __user_cap_data_struct {\n"
2244 " __u32 effective;\n"
2245 " __u32 permitted;\n"
2246 " __u32 inheritable;\n"
2247 "} *cap_user_data_t;\n"
2251 #: build/C/man2/capget.2:88
2253 "I<effective, permitted, inheritable> are bitmasks of the capabilities "
2254 "defined in I<capability(7).> Note the I<CAP_*> values are bit indexes and "
2255 "need to be bit-shifted before ORing into the bit fields. To define the "
2256 "structures for passing to the system call you have to use the I<struct "
2257 "__user_cap_header_struct> and I<struct __user_cap_data_struct> names because "
2258 "the typedefs are only pointers."
2262 #: build/C/man2/capget.2:100
2264 "Kernels prior to 2.6.25 prefer 32-bit capabilities with version "
2265 "B<_LINUX_CAPABILITY_VERSION_1>, and kernels 2.6.25+ prefer 64-bit "
2266 "capabilities with version B<_LINUX_CAPABILITY_VERSION_2>. Note, 64-bit "
2267 "capabilities use I<datap>[0] and I<datap>[1], whereas 32-bit capabilities "
2268 "use only I<datap>[0]."
2272 #: build/C/man2/capget.2:104
2274 "Another change affecting the behavior of these system calls is kernel "
2275 "support for file capabilities (VFS capability support). This support is "
2276 "currently a compile time option (added in kernel 2.6.24)."
2280 #: build/C/man2/capget.2:111
2282 "For B<capget>() calls, one can probe the capabilities of any process by "
2283 "specifying its process ID with the I<hdrp-E<gt>pid> field value."
2287 #: build/C/man2/capget.2:111
2289 msgid "With VFS Capability Support"
2293 #: build/C/man2/capget.2:123
2295 "VFS Capability support creates a file-attribute method for adding "
2296 "capabilities to privileged executables. This privilege model obsoletes "
2297 "kernel support for one process asynchronously setting the capabilities of "
2298 "another. That is, with VFS support, for B<capset>() calls the only "
2299 "permitted values for I<hdrp-E<gt>pid> are 0 or B<getpid>(2), which are "
2304 #: build/C/man2/capget.2:123
2306 msgid "Without VFS Capability Support"
2310 #: build/C/man2/capget.2:149
2312 "When the kernel does not support VFS capabilities, B<capset>() calls can "
2313 "operate on the capabilities of the thread specified by the I<pid> field of "
2314 "I<hdrp> when that is nonzero, or on the capabilities of the calling thread "
2315 "if I<pid> is 0. If I<pid> refers to a single-threaded process, then I<pid> "
2316 "can be specified as a traditional process ID; operating on a thread of a "
2317 "multithreaded process requires a thread ID of the type returned by "
2318 "B<gettid>(2). For B<capset>(), I<pid> can also be: -1, meaning perform the "
2319 "change on all threads except the caller and B<init>(8); or a value less than "
2320 "-1, in which case the change is applied to all members of the process group "
2321 "whose ID is -I<pid>."
2325 #: build/C/man2/capget.2:152
2326 msgid "For details on the data, see B<capabilities>(7)."
2330 #: build/C/man2/capget.2:171
2332 "The calls will fail with the error B<EINVAL>, and set the I<version> field "
2333 "of I<hdrp> to the kernel preferred value of B<_LINUX_CAPABILITY_VERSION_?> "
2334 "when an unsupported I<version> value is specified. In this way, one can "
2335 "probe what the current preferred capability revision is."
2339 #: build/C/man2/capget.2:180
2341 "Bad memory address. I<hdrp> must not be NULL. I<datap> may be NULL only "
2342 "when the user is trying to determine the preferred capability version format "
2343 "supported by the kernel."
2347 #: build/C/man2/capget.2:180 build/C/man7/cpuset.7:1179 build/C/man7/cpuset.7:1188 build/C/man7/cpuset.7:1197 build/C/man7/cpuset.7:1207 build/C/man7/cpuset.7:1216 build/C/man7/cpuset.7:1223 build/C/man7/cpuset.7:1230 build/C/man2/getgroups.2:114 build/C/man2/getgroups.2:121 build/C/man2/getpriority.2:119 build/C/man2/getrlimit.2:440 build/C/man2/getrusage.2:190 build/C/man2/iopl.2:71 build/C/man2/ioprio_set.2:160 build/C/man2/setpgid.2:200
2353 #: build/C/man2/capget.2:183
2354 msgid "One of the arguments was invalid."
2358 #: build/C/man2/capget.2:188
2360 "An attempt was made to add a capability to the Permitted set, or to set a "
2361 "capability in the Effective or Inheritable sets that is not in the Permitted "
2366 #: build/C/man2/capget.2:207
2368 "The caller attempted to use B<capset>() to modify the capabilities of a "
2369 "thread other than itself, but lacked sufficient privilege. For kernels "
2370 "supporting VFS capabilities, this is never permitted. For kernels lacking "
2371 "VFS support, the B<CAP_SETPCAP> capability is required. (A bug in kernels "
2372 "before 2.6.11 meant that this error could also occur if a thread without "
2373 "this capability tried to change its own capabilities by specifying the "
2374 "I<pid> field as a nonzero value (i.e., the value returned by B<getpid>(2)) "
2379 #: build/C/man2/capget.2:207 build/C/man7/cpuset.7:1329 build/C/man2/getpriority.2:127 build/C/man2/getrlimit.2:464 build/C/man2/getsid.2:69 build/C/man2/ioprio_set.2:177 build/C/man2/setpgid.2:215
2385 #: build/C/man2/capget.2:210
2386 msgid "No such thread."
2390 #: build/C/man2/capget.2:212 build/C/man2/ioprio_set.2:188
2391 msgid "These system calls are Linux-specific."
2395 #: build/C/man2/capget.2:217
2397 "The portable interface to the capability querying and setting functions is "
2398 "provided by the I<libcap> library and is available here:"
2402 #: build/C/man2/capget.2:219
2403 msgid "http://www.kernel.org/pub/linux/libs/security/linux-privs"
2407 #: build/C/man2/capget.2:222
2408 msgid "B<clone>(2), B<gettid>(2), B<capabilities>(7)"
2412 #: build/C/man7/cpuset.7:24
2418 #: build/C/man7/cpuset.7:24
2424 #: build/C/man7/cpuset.7:27
2425 msgid "cpuset - confine processes to processor and memory node subsets"
2429 #: build/C/man7/cpuset.7:34
2431 "The cpuset file system is a pseudo-file-system interface to the kernel "
2432 "cpuset mechanism, which is used to control the processor placement and "
2433 "memory placement of processes. It is commonly mounted at I</dev/cpuset>."
2437 #: build/C/man7/cpuset.7:51
2439 "On systems with kernels compiled with built in support for cpusets, all "
2440 "processes are attached to a cpuset, and cpusets are always present. If a "
2441 "system supports cpusets, then it will have the entry B<nodev cpuset> in the "
2442 "file I</proc/filesystems>. By mounting the cpuset file system (see the "
2443 "B<EXAMPLE> section below), the administrator can configure the cpusets on a "
2444 "system to control the processor and memory placement of processes on that "
2445 "system. By default, if the cpuset configuration on a system is not modified "
2446 "or if the cpuset file system is not even mounted, then the cpuset mechanism, "
2447 "though present, has no affect on the system's behavior."
2451 #: build/C/man7/cpuset.7:53
2452 msgid "A cpuset defines a list of CPUs and memory nodes."
2456 #: build/C/man7/cpuset.7:62
2458 "The CPUs of a system include all the logical processing units on which a "
2459 "process can execute, including, if present, multiple processor cores within "
2460 "a package and Hyper-Threads within a processor core. Memory nodes include "
2461 "all distinct banks of main memory; small and SMP systems typically have just "
2462 "one memory node that contains all the system's main memory, while NUMA "
2463 "(non-uniform memory access) systems have multiple memory nodes."
2467 #: build/C/man7/cpuset.7:72
2469 "Cpusets are represented as directories in a hierarchical pseudo-file system, "
2470 "where the top directory in the hierarchy (I</dev/cpuset>) represents the "
2471 "entire system (all online CPUs and memory nodes) and any cpuset that is the "
2472 "child (descendant) of another parent cpuset contains a subset of that "
2473 "parent's CPUs and memory nodes. The directories and files representing "
2474 "cpusets have normal file-system permissions."
2478 #: build/C/man7/cpuset.7:83
2480 "Every process in the system belongs to exactly one cpuset. A process is "
2481 "confined to only run on the CPUs in the cpuset it belongs to, and to "
2482 "allocate memory only on the memory nodes in that cpuset. When a process "
2483 "B<fork>(2)s, the child process is placed in the same cpuset as its parent. "
2484 "With sufficient privilege, a process may be moved from one cpuset to another "
2485 "and the allowed CPUs and memory nodes of an existing cpuset may be changed."
2489 #: build/C/man7/cpuset.7:91
2491 "When the system begins booting, a single cpuset is defined that includes all "
2492 "CPUs and memory nodes on the system, and all processes are in that cpuset. "
2493 "During the boot process, or later during normal system operation, other "
2494 "cpusets may be created, as subdirectories of this top cpuset, under the "
2495 "control of the system administrator, and processes may be placed in these "
2500 #: build/C/man7/cpuset.7:113
2502 "Cpusets are integrated with the B<sched_setaffinity>(2) scheduling affinity "
2503 "mechanism and the B<mbind>(2) and B<set_mempolicy>(2) memory-placement "
2504 "mechanisms in the kernel. Neither of these mechanisms let a process make "
2505 "use of a CPU or memory node that is not allowed by that process's cpuset. "
2506 "If changes to a process's cpuset placement conflict with these other "
2507 "mechanisms, then cpuset placement is enforced even if it means overriding "
2508 "these other mechanisms. The kernel accomplishes this overriding by silently "
2509 "restricting the CPUs and memory nodes requested by these other mechanisms to "
2510 "those allowed by the invoking process's cpuset. This can result in these "
2511 "other calls returning an error, if for example, such a call ends up "
2512 "requesting an empty set of CPUs or memory nodes, after that request is "
2513 "restricted to the invoking process's cpuset."
2517 #: build/C/man7/cpuset.7:119
2519 "Typically, a cpuset is used to manage the CPU and memory-node confinement "
2520 "for a set of cooperating processes such as a batch scheduler job, and these "
2521 "other mechanisms are used to manage the placement of individual processes or "
2522 "memory regions within that set or job."
2526 #: build/C/man7/cpuset.7:119
2532 #: build/C/man7/cpuset.7:124
2534 "Each directory below I</dev/cpuset> represents a cpuset and contains a fixed "
2535 "set of pseudo-files describing the state of that cpuset."
2539 #: build/C/man7/cpuset.7:134
2541 "New cpusets are created using the B<mkdir>(2) system call or the "
2542 "B<mkdir>(1) command. The properties of a cpuset, such as its flags, "
2543 "allowed CPUs and memory nodes, and attached processes, are queried and "
2544 "modified by reading or writing to the appropriate file in that cpuset's "
2545 "directory, as listed below."
2549 #: build/C/man7/cpuset.7:140
2551 "The pseudo-files in each cpuset directory are automatically created when the "
2552 "cpuset is created, as a result of the B<mkdir>(2) invocation. It is not "
2553 "possible to directly add or remove these pseudo-files."
2557 #: build/C/man7/cpuset.7:148
2559 "A cpuset directory that contains no child cpuset directories, and has no "
2560 "attached processes, can be removed using B<rmdir>(2) or B<rmdir>(1). It is "
2561 "not necessary, or possible, to remove the pseudo-files inside the directory "
2562 "before removing it."
2566 #: build/C/man7/cpuset.7:162
2568 "The pseudo-files in each cpuset directory are small text files that may be "
2569 "read and written using traditional shell utilities such as B<cat>(1), and "
2570 "B<echo>(1), or from a program by using file I/O library functions or system "
2571 "calls, such as B<open>(2), B<read>(2), B<write>(2), and B<close>(2)."
2574 #. ====================== tasks ======================
2576 #: build/C/man7/cpuset.7:167
2578 "The pseudo-files in a cpuset directory represent internal kernel state and "
2579 "do not have any persistent image on disk. Each of these per-cpuset files is "
2580 "listed and described below."
2584 #: build/C/man7/cpuset.7:167
2590 #: build/C/man7/cpuset.7:177
2592 "List of the process IDs (PIDs) of the processes in that cpuset. The list is "
2593 "formatted as a series of ASCII decimal numbers, each followed by a newline. "
2594 "A process may be added to a cpuset (automatically removing it from the "
2595 "cpuset that previously contained it) by writing its PID to that cpuset's "
2596 "I<tasks> file (with or without a trailing newline.)"
2599 #. =================== notify_on_release ===================
2601 #: build/C/man7/cpuset.7:185
2603 "B<Warning:> only one PID may be written to the I<tasks> file at a time. If "
2604 "a string is written that contains more than one PID, only the first one will "
2609 #: build/C/man7/cpuset.7:185
2611 msgid "I<notify_on_release>"
2614 #. ====================== cpus ======================
2616 #: build/C/man7/cpuset.7:194
2618 "Flag (0 or 1). If set (1), that cpuset will receive special handling after "
2619 "it is released, that is, after all processes cease using it (i.e., terminate "
2620 "or are moved to a different cpuset) and all child cpuset directories have "
2621 "been removed. See the B<Notify On Release> section, below."
2625 #: build/C/man7/cpuset.7:194
2631 #: build/C/man7/cpuset.7:201
2633 "List of the physical numbers of the CPUs on which processes in that cpuset "
2634 "are allowed to execute. See B<List Format> below for a description of the "
2635 "format of I<cpus>."
2638 #. ==================== cpu_exclusive ====================
2640 #: build/C/man7/cpuset.7:207
2642 "The CPUs allowed to a cpuset may be changed by writing a new list to its "
2647 #: build/C/man7/cpuset.7:207
2649 msgid "I<cpu_exclusive>"
2653 #: build/C/man7/cpuset.7:214
2655 "Flag (0 or 1). If set (1), the cpuset has exclusive use of its CPUs (no "
2656 "sibling or cousin cpuset may overlap CPUs). By default this is off (0). "
2657 "Newly created cpusets also initially default this to off (0)."
2660 #. ====================== mems ======================
2662 #: build/C/man7/cpuset.7:236
2664 "Two cpusets are I<sibling> cpusets if they share the same parent cpuset in "
2665 "the I</dev/cpuset> hierarchy. Two cpusets are I<cousin> cpusets if neither "
2666 "is the ancestor of the other. Regardless of the I<cpu_exclusive> setting, "
2667 "if one cpuset is the ancestor of another, and if both of these cpusets have "
2668 "nonempty I<cpus>, then their I<cpus> must overlap, because the I<cpus> of "
2669 "any cpuset are always a subset of the I<cpus> of its parent cpuset."
2673 #: build/C/man7/cpuset.7:236
2678 #. ==================== mem_exclusive ====================
2680 #: build/C/man7/cpuset.7:244
2682 "List of memory nodes on which processes in this cpuset are allowed to "
2683 "allocate memory. See B<List Format> below for a description of the format "
2688 #: build/C/man7/cpuset.7:244
2690 msgid "I<mem_exclusive>"
2694 #: build/C/man7/cpuset.7:252
2696 "Flag (0 or 1). If set (1), the cpuset has exclusive use of its memory nodes "
2697 "(no sibling or cousin may overlap). Also if set (1), the cpuset is a "
2698 "B<Hardwall> cpuset (see below.) By default this is off (0). Newly created "
2699 "cpusets also initially default this to off (0)."
2702 #. ==================== mem_hardwall ====================
2704 #: build/C/man7/cpuset.7:260
2706 "Regardless of the I<mem_exclusive> setting, if one cpuset is the ancestor of "
2707 "another, then their memory nodes must overlap, because the memory nodes of "
2708 "any cpuset are always a subset of the memory nodes of that cpuset's parent "
2713 #: build/C/man7/cpuset.7:260
2715 msgid "I<mem_hardwall> (since Linux 2.6.26)"
2718 #. ==================== memory_migrate ====================
2720 #: build/C/man7/cpuset.7:271
2722 "Flag (0 or 1). If set (1), the cpuset is a B<Hardwall> cpuset (see below.) "
2723 "Unlike B<mem_exclusive>, there is no constraint on whether cpusets marked "
2724 "B<mem_hardwall> may have overlapping memory nodes with sibling or cousin "
2725 "cpusets. By default this is off (0). Newly created cpusets also initially "
2726 "default this to off (0)."
2730 #: build/C/man7/cpuset.7:271
2732 msgid "I<memory_migrate> (since Linux 2.6.16)"
2735 #. ==================== memory_pressure ====================
2737 #: build/C/man7/cpuset.7:278
2739 "Flag (0 or 1). If set (1), then memory migration is enabled. By default "
2740 "this is off (0). See the B<Memory Migration> section, below."
2744 #: build/C/man7/cpuset.7:278
2746 msgid "I<memory_pressure> (since Linux 2.6.16)"
2749 #. ================= memory_pressure_enabled =================
2751 #: build/C/man7/cpuset.7:291
2753 "A measure of how much memory pressure the processes in this cpuset are "
2754 "causing. See the B<Memory Pressure> section, below. Unless "
2755 "I<memory_pressure_enabled> is enabled, always has value zero (0). This file "
2756 "is read-only. See the B<WARNINGS> section, below."
2760 #: build/C/man7/cpuset.7:291
2762 msgid "I<memory_pressure_enabled> (since Linux 2.6.16)"
2765 #. ================== memory_spread_page ==================
2767 #: build/C/man7/cpuset.7:303
2769 "Flag (0 or 1). This file is only present in the root cpuset, normally "
2770 "I</dev/cpuset>. If set (1), the I<memory_pressure> calculations are enabled "
2771 "for all cpusets in the system. By default this is off (0). See the "
2772 "B<Memory Pressure> section, below."
2776 #: build/C/man7/cpuset.7:303
2778 msgid "I<memory_spread_page> (since Linux 2.6.17)"
2781 #. ================== memory_spread_slab ==================
2783 #: build/C/man7/cpuset.7:313
2785 "Flag (0 or 1). If set (1), pages in the kernel page cache (file-system "
2786 "buffers) are uniformly spread across the cpuset. By default this is off (0) "
2787 "in the top cpuset, and inherited from the parent cpuset in newly created "
2788 "cpusets. See the B<Memory Spread> section, below."
2792 #: build/C/man7/cpuset.7:313
2794 msgid "I<memory_spread_slab> (since Linux 2.6.17)"
2797 #. ================== sched_load_balance ==================
2799 #: build/C/man7/cpuset.7:324
2801 "Flag (0 or 1). If set (1), the kernel slab caches for file I/O (directory "
2802 "and inode structures) are uniformly spread across the cpuset. By default "
2803 "this is off (0) in the top cpuset, and inherited from the parent cpuset in "
2804 "newly created cpusets. See the B<Memory Spread> section, below."
2808 #: build/C/man7/cpuset.7:324
2810 msgid "I<sched_load_balance> (since Linux 2.6.24)"
2813 #. ================== sched_relax_domain_level ==================
2815 #: build/C/man7/cpuset.7:338
2817 "Flag (0 or 1). If set (1, the default) the kernel will automatically load "
2818 "balance processes in that cpuset over the allowed CPUs in that cpuset. If "
2819 "cleared (0) the kernel will avoid load balancing processes in this cpuset, "
2820 "I<unless> some other cpuset with overlapping CPUs has its "
2821 "I<sched_load_balance> flag set. See B<Scheduler Load Balancing>, below, for "
2826 #: build/C/man7/cpuset.7:338
2828 msgid "I<sched_relax_domain_level> (since Linux 2.6.26)"
2831 #. ================== proc cpuset ==================
2833 #: build/C/man7/cpuset.7:358
2835 "Integer, between -1 and a small positive value. The "
2836 "I<sched_relax_domain_level> controls the width of the range of CPUs over "
2837 "which the kernel scheduler performs immediate rebalancing of runnable tasks "
2838 "across CPUs. If I<sched_load_balance> is disabled, then the setting of "
2839 "I<sched_relax_domain_level> does not matter, as no such load balancing is "
2840 "done. If I<sched_load_balance> is enabled, then the higher the value of the "
2841 "I<sched_relax_domain_level>, the wider the range of CPUs over which "
2842 "immediate load balancing is attempted. See B<Scheduler Relax Domain Level>, "
2843 "below, for further details."
2846 #. ================== proc status ==================
2848 #: build/C/man7/cpuset.7:366
2850 "In addition to the above pseudo-files in each directory below "
2851 "I</dev/cpuset>, each process has a pseudo-file, "
2852 "I</proc/E<lt>pidE<gt>/cpuset>, that displays the path of the process's "
2853 "cpuset directory relative to the root of the cpuset file system."
2857 #: build/C/man7/cpuset.7:377
2859 "Also the I</proc/E<lt>pidE<gt>/status> file for each process has four added "
2860 "lines, displaying the process's I<Cpus_allowed> (on which CPUs it may be "
2861 "scheduled) and I<Mems_allowed> (on which memory nodes it may obtain memory), "
2862 "in the two formats B<Mask Format> and B<List Format> (see below) as shown "
2863 "in the following example:"
2867 #: build/C/man7/cpuset.7:384
2870 "Cpus_allowed: ffffffff,ffffffff,ffffffff,ffffffff\n"
2871 "Cpus_allowed_list: 0-127\n"
2872 "Mems_allowed: ffffffff,ffffffff\n"
2873 "Mems_allowed_list: 0-63\n"
2876 #. ================== EXTENDED CAPABILITIES ==================
2878 #: build/C/man7/cpuset.7:390
2880 "The \"allowed\" fields were added in Linux 2.6.24; the \"allowed_list\" "
2881 "fields were added in Linux 2.6.26."
2885 #: build/C/man7/cpuset.7:390
2887 msgid "EXTENDED CAPABILITIES"
2890 #. ================== Exclusive Cpusets ==================
2892 #: build/C/man7/cpuset.7:398
2894 "In addition to controlling which I<cpus> and I<mems> a process is allowed to "
2895 "use, cpusets provide the following extended capabilities."
2899 #: build/C/man7/cpuset.7:398
2901 msgid "Exclusive Cpusets"
2905 #: build/C/man7/cpuset.7:405
2907 "If a cpuset is marked I<cpu_exclusive> or I<mem_exclusive>, no other cpuset, "
2908 "other than a direct ancestor or descendant, may share any of the same CPUs "
2912 #. ================== Hardwall ==================
2914 #: build/C/man7/cpuset.7:431
2916 "A cpuset that is I<mem_exclusive> restricts kernel allocations for buffer "
2917 "cache pages and other internal kernel data pages commonly shared by the "
2918 "kernel across multiple users. All cpusets, whether I<mem_exclusive> or not, "
2919 "restrict allocations of memory for user space. This enables configuring a "
2920 "system so that several independent jobs can share common kernel data, while "
2921 "isolating each job's user allocation in its own cpuset. To do this, "
2922 "construct a large I<mem_exclusive> cpuset to hold all the jobs, and "
2923 "construct child, non-I<mem_exclusive> cpusets for each individual job. Only "
2924 "a small amount of kernel memory, such as requests from interrupt handlers, "
2925 "is allowed to be placed on memory nodes outside even a I<mem_exclusive> "
2930 #: build/C/man7/cpuset.7:431
2936 #: build/C/man7/cpuset.7:446
2938 "A cpuset that has I<mem_exclusive> or I<mem_hardwall> set is a I<hardwall> "
2939 "cpuset. A I<hardwall> cpuset restricts kernel allocations for page, buffer, "
2940 "and other data commonly shared by the kernel across multiple users. All "
2941 "cpusets, whether I<hardwall> or not, restrict allocations of memory for user "
2946 #: build/C/man7/cpuset.7:457
2948 "This enables configuring a system so that several independent jobs can share "
2949 "common kernel data, such as file system pages, while isolating each job's "
2950 "user allocation in its own cpuset. To do this, construct a large "
2951 "I<hardwall> cpuset to hold all the jobs, and construct child cpusets for "
2952 "each individual job which are not I<hardwall> cpusets."
2955 #. ================== Notify On Release ==================
2957 #: build/C/man7/cpuset.7:463
2959 "Only a small amount of kernel memory, such as requests from interrupt "
2960 "handlers, is allowed to be taken outside even a I<hardwall> cpuset."
2964 #: build/C/man7/cpuset.7:463
2966 msgid "Notify On Release"
2970 #: build/C/man7/cpuset.7:475
2972 "If the I<notify_on_release> flag is enabled (1) in a cpuset, then whenever "
2973 "the last process in the cpuset leaves (exits or attaches to some other "
2974 "cpuset) and the last child cpuset of that cpuset is removed, the kernel "
2975 "will run the command I</sbin/cpuset_release_agent>, supplying the pathname "
2976 "(relative to the mount point of the cpuset file system) of the abandoned "
2977 "cpuset. This enables automatic removal of abandoned cpusets."
2981 #: build/C/man7/cpuset.7:483
2983 "The default value of I<notify_on_release> in the root cpuset at system boot "
2984 "is disabled (0). The default value of other cpusets at creation is the "
2985 "current value of their parent's I<notify_on_release> setting."
2989 #: build/C/man7/cpuset.7:491
2991 "The command I</sbin/cpuset_release_agent> is invoked, with the name "
2992 "(I</dev/cpuset> relative path) of the to-be-released cpuset in I<argv[1]>."
2996 #: build/C/man7/cpuset.7:495
2998 "The usual contents of the command I</sbin/cpuset_release_agent> is simply "
3003 #: build/C/man7/cpuset.7:500
3007 "rmdir /dev/cpuset/$1\n"
3010 #. ================== Memory Pressure ==================
3012 #: build/C/man7/cpuset.7:508
3014 "As with other flag values below, this flag can be changed by writing an "
3015 "ASCII number 0 or 1 (with optional trailing newline) into the file, to "
3016 "clear or set the flag, respectively."
3020 #: build/C/man7/cpuset.7:508
3022 msgid "Memory Pressure"
3026 #: build/C/man7/cpuset.7:514
3028 "The I<memory_pressure> of a cpuset provides a simple per-cpuset running "
3029 "average of the rate that the processes in a cpuset are attempting to free up "
3030 "in-use memory on the nodes of the cpuset to satisfy additional memory "
3035 #: build/C/man7/cpuset.7:518
3037 "This enables batch managers that are monitoring jobs running in dedicated "
3038 "cpusets to efficiently detect what level of memory pressure that job is "
3043 #: build/C/man7/cpuset.7:525
3045 "This is useful both on tightly managed systems running a wide mix of "
3046 "submitted jobs, which may choose to terminate or reprioritize jobs that are "
3047 "trying to use more memory than allowed on the nodes assigned them, and with "
3048 "tightly coupled, long-running, massively parallel scientific computing jobs "
3049 "that will dramatically fail to meet required performance goals if they start "
3050 "to use more memory than allowed to them."
3054 #: build/C/man7/cpuset.7:530
3056 "This mechanism provides a very economical way for the batch manager to "
3057 "monitor a cpuset for signs of memory pressure. It's up to the batch manager "
3058 "or other user code to decide what action to take if it detects signs of "
3063 #: build/C/man7/cpuset.7:537
3065 "Unless memory pressure calculation is enabled by setting the pseudo-file "
3066 "I</dev/cpuset/memory_pressure_enabled>, it is not computed for any cpuset, "
3067 "and reads from any I<memory_pressure> always return zero, as represented by "
3068 "the ASCII string \"0\\en\". See the B<WARNINGS> section, below."
3072 #: build/C/man7/cpuset.7:539
3073 msgid "A per-cpuset, running average is employed for the following reasons:"
3077 #: build/C/man7/cpuset.7:544
3079 "Because this meter is per-cpuset rather than per-process or per virtual "
3080 "memory region, the system load imposed by a batch scheduler monitoring this "
3081 "metric is sharply reduced on large systems, because a scan of the tasklist "
3082 "can be avoided on each set of queries."
3086 #: build/C/man7/cpuset.7:549
3088 "Because this meter is a running average rather than an accumulating counter, "
3089 "a batch scheduler can detect memory pressure with a single read, instead of "
3090 "having to read and accumulate results for a period of time."
3094 #: build/C/man7/cpuset.7:555
3096 "Because this meter is per-cpuset rather than per-process, the batch "
3097 "scheduler can obtain the key information\\(emmemory pressure in a "
3098 "cpuset\\(emwith a single read, rather than having to query and accumulate "
3099 "results over all the (dynamically changing) set of processes in the cpuset."
3103 #: build/C/man7/cpuset.7:563
3105 "The I<memory_pressure> of a cpuset is calculated using a per-cpuset simple "
3106 "digital filter that is kept within the kernel. For each cpuset, this filter "
3107 "tracks the recent rate at which processes attached to that cpuset enter the "
3108 "kernel direct reclaim code."
3112 #: build/C/man7/cpuset.7:572
3114 "The kernel direct reclaim code is entered whenever a process has to satisfy "
3115 "a memory page request by first finding some other page to repurpose, due to "
3116 "lack of any readily available already free pages. Dirty file system pages "
3117 "are repurposed by first writing them to disk. Unmodified file system buffer "
3118 "pages are repurposed by simply dropping them, though if that page is needed "
3119 "again, it will have to be reread from disk."
3122 #. ================== Memory Spread ==================
3124 #: build/C/man7/cpuset.7:580
3126 "The I<memory_pressure> file provides an integer number representing the "
3127 "recent (half-life of 10 seconds) rate of entries to the direct reclaim code "
3128 "caused by any process in the cpuset, in units of reclaims attempted per "
3129 "second, times 1000."
3133 #: build/C/man7/cpuset.7:580
3135 msgid "Memory Spread"
3139 #: build/C/man7/cpuset.7:588
3141 "There are two Boolean flag files per cpuset that control where the kernel "
3142 "allocates pages for the file-system buffers and related in-kernel data "
3143 "structures. They are called I<memory_spread_page> and "
3144 "I<memory_spread_slab>."
3148 #: build/C/man7/cpuset.7:595
3150 "If the per-cpuset Boolean flag file I<memory_spread_page> is set, then the "
3151 "kernel will spread the file-system buffers (page cache) evenly over all the "
3152 "nodes that the faulting process is allowed to use, instead of preferring to "
3153 "put those pages on the node where the process is running."
3157 #: build/C/man7/cpuset.7:603
3159 "If the per-cpuset Boolean flag file I<memory_spread_slab> is set, then the "
3160 "kernel will spread some file-system-related slab caches, such as those for "
3161 "inodes and directory entries, evenly over all the nodes that the faulting "
3162 "process is allowed to use, instead of preferring to put those pages on the "
3163 "node where the process is running."
3167 #: build/C/man7/cpuset.7:608
3169 "The setting of these flags does not affect the data segment (see B<brk>(2)) "
3170 "or stack segment pages of a process."
3174 #: build/C/man7/cpuset.7:616
3176 "By default, both kinds of memory spreading are off and the kernel prefers to "
3177 "allocate memory pages on the node local to where the requesting process is "
3178 "running. If that node is not allowed by the process's NUMA memory policy or "
3179 "cpuset configuration or if there are insufficient free memory pages on that "
3180 "node, then the kernel looks for the nearest node that is allowed and has "
3181 "sufficient free memory."
3185 #: build/C/man7/cpuset.7:619
3187 "When new cpusets are created, they inherit the memory spread settings of "
3192 #: build/C/man7/cpuset.7:634
3194 "Setting memory spreading causes allocations for the affected page or slab "
3195 "caches to ignore the process's NUMA memory policy and be spread instead. "
3196 "However, the effect of these changes in memory placement caused by "
3197 "cpuset-specified memory spreading is hidden from the B<mbind>(2) or "
3198 "B<set_mempolicy>(2) calls. These two NUMA memory policy calls always "
3199 "appear to behave as if no cpuset-specified memory spreading is in effect, "
3200 "even if it is. If cpuset memory spreading is subsequently turned off, the "
3201 "NUMA memory policy most recently specified by these calls is automatically "
3206 #: build/C/man7/cpuset.7:643
3208 "Both I<memory_spread_page> and I<memory_spread_slab> are Boolean flag "
3209 "files. By default they contain \"0\", meaning that the feature is off for "
3210 "that cpuset. If a \"1\" is written to that file, that turns the named "
3215 #: build/C/man7/cpuset.7:646
3217 "Cpuset-specified memory spreading behaves similarly to what is known (in "
3218 "other contexts) as round-robin or interleave memory placement."
3222 #: build/C/man7/cpuset.7:649
3224 "Cpuset-specified memory spreading can provide substantial performance "
3225 "improvements for jobs that:"
3229 #: build/C/man7/cpuset.7:649
3235 #: build/C/man7/cpuset.7:653
3237 "need to place thread-local data on memory nodes close to the CPUs which are "
3238 "running the threads that most frequently access that data; but also"
3242 #: build/C/man7/cpuset.7:653
3248 #: build/C/man7/cpuset.7:656
3250 "need to access large file-system data sets that must to be spread across the "
3251 "several nodes in the job's cpuset in order to fit."
3254 #. ================== Memory Migration ==================
3256 #: build/C/man7/cpuset.7:663
3258 "Without this policy, the memory allocation across the nodes in the job's "
3259 "cpuset can become very uneven, especially for jobs that might have just a "
3260 "single thread initializing or reading in the data set."
3264 #: build/C/man7/cpuset.7:663
3266 msgid "Memory Migration"
3270 #: build/C/man7/cpuset.7:672
3272 "Normally, under the default setting (disabled) of I<memory_migrate>, once a "
3273 "page is allocated (given a physical page of main memory) then that page "
3274 "stays on whatever node it was allocated, so long as it remains allocated, "
3275 "even if the cpuset's memory-placement policy I<mems> subsequently changes."
3279 #: build/C/man7/cpuset.7:678
3281 "When memory migration is enabled in a cpuset, if the I<mems> setting of the "
3282 "cpuset is changed, then any memory page in use by any process in the cpuset "
3283 "that is on a memory node that is no longer allowed will be migrated to a "
3284 "memory node that is allowed."
3288 #: build/C/man7/cpuset.7:684
3290 "Furthermore, if a process is moved into a cpuset with I<memory_migrate> "
3291 "enabled, any memory pages it uses that were on memory nodes allowed in its "
3292 "previous cpuset, but which are not allowed in its new cpuset, will be "
3293 "migrated to a memory node allowed in the new cpuset."
3296 #. ================== Scheduler Load Balancing ==================
3298 #: build/C/man7/cpuset.7:692
3300 "The relative placement of a migrated page within the cpuset is preserved "
3301 "during these migration operations if possible. For example, if the page was "
3302 "on the second valid node of the prior cpuset, then the page will be placed "
3303 "on the second valid node of the new cpuset, if possible."
3307 #: build/C/man7/cpuset.7:692
3309 msgid "Scheduler Load Balancing"
3313 #: build/C/man7/cpuset.7:699
3315 "The kernel scheduler automatically load balances processes. If one CPU is "
3316 "underutilized, the kernel will look for processes on other more overloaded "
3317 "CPUs and move those processes to the underutilized CPU, within the "
3318 "constraints of such placement mechanisms as cpusets and "
3319 "B<sched_setaffinity>(2)."
3323 #: build/C/man7/cpuset.7:712
3325 "The algorithmic cost of load balancing and its impact on key shared kernel "
3326 "data structures such as the process list increases more than linearly with "
3327 "the number of CPUs being balanced. For example, it costs more to load "
3328 "balance across one large set of CPUs than it does to balance across two "
3329 "smaller sets of CPUs, each of half the size of the larger set. (The precise "
3330 "relationship between the number of CPUs being balanced and the cost of load "
3331 "balancing depends on implementation details of the kernel process scheduler, "
3332 "which is subject to change over time, as improved kernel scheduler "
3333 "algorithms are implemented.)"
3337 #: build/C/man7/cpuset.7:718
3339 "The per-cpuset flag I<sched_load_balance> provides a mechanism to suppress "
3340 "this automatic scheduler load balancing in cases where it is not needed and "
3341 "suppressing it would have worthwhile performance benefits."
3345 #: build/C/man7/cpuset.7:722
3347 "By default, load balancing is done across all CPUs, except those marked "
3348 "isolated using the kernel boot time \"isolcpus=\" argument. (See "
3349 "B<Scheduler Relax Domain Level>, below, to change this default.)"
3353 #: build/C/man7/cpuset.7:725
3355 "This default load balancing across all CPUs is not well suited to the "
3356 "following two situations:"
3360 #: build/C/man7/cpuset.7:729
3362 "On large systems, load balancing across many CPUs is expensive. If the "
3363 "system is managed using cpusets to place independent jobs on separate sets "
3364 "of CPUs, full load balancing is unnecessary."
3368 #: build/C/man7/cpuset.7:733
3370 "Systems supporting real-time on some CPUs need to minimize system overhead "
3371 "on those CPUs, including avoiding process load balancing if that is not "
3376 #: build/C/man7/cpuset.7:743
3378 "When the per-cpuset flag I<sched_load_balance> is enabled (the default "
3379 "setting), it requests load balancing across all the CPUs in that cpuset's "
3380 "allowed CPUs, ensuring that load balancing can move a process (not otherwise "
3381 "pinned, as by B<sched_setaffinity>(2)) from any CPU in that cpuset to any "
3386 #: build/C/man7/cpuset.7:752
3388 "When the per-cpuset flag I<sched_load_balance> is disabled, then the "
3389 "scheduler will avoid load balancing across the CPUs in that cpuset, "
3390 "I<except> in so far as is necessary because some overlapping cpuset has "
3391 "I<sched_load_balance> enabled."
3395 #: build/C/man7/cpuset.7:760
3397 "So, for example, if the top cpuset has the flag I<sched_load_balance> "
3398 "enabled, then the scheduler will load balance across all CPUs, and the "
3399 "setting of the I<sched_load_balance> flag in other cpusets has no effect, as "
3400 "we're already fully load balancing."
3404 #: build/C/man7/cpuset.7:765
3406 "Therefore in the above two situations, the flag I<sched_load_balance> should "
3407 "be disabled in the top cpuset, and only some of the smaller, child cpusets "
3408 "would have this flag enabled."
3412 #: build/C/man7/cpuset.7:773
3414 "When doing this, you don't usually want to leave any unpinned processes in "
3415 "the top cpuset that might use nontrivial amounts of CPU, as such processes "
3416 "may be artificially constrained to some subset of CPUs, depending on the "
3417 "particulars of this flag setting in descendant cpusets. Even if such a "
3418 "process could use spare CPU cycles in some other CPUs, the kernel scheduler "
3419 "might not consider the possibility of load balancing that process to the "
3423 #. ================== Scheduler Relax Domain Level ==================
3425 #: build/C/man7/cpuset.7:779
3427 "Of course, processes pinned to a particular CPU can be left in a cpuset that "
3428 "disables I<sched_load_balance> as those processes aren't going anywhere else "
3433 #: build/C/man7/cpuset.7:779
3435 msgid "Scheduler Relax Domain Level"
3439 #: build/C/man7/cpuset.7:800
3441 "The kernel scheduler performs immediate load balancing whenever a CPU "
3442 "becomes free or another task becomes runnable. This load balancing works to "
3443 "ensure that as many CPUs as possible are usefully employed running tasks. "
3444 "The kernel also performs periodic load balancing off the software clock "
3445 "described in I<time>(7). The setting of I<sched_relax_domain_level> only "
3446 "applies to immediate load balancing. Regardless of the "
3447 "I<sched_relax_domain_level> setting, periodic load balancing is attempted "
3448 "over all CPUs (unless disabled by turning off I<sched_load_balance>.) In "
3449 "any case, of course, tasks will only be scheduled to run on CPUs allowed by "
3450 "their cpuset, as modified by B<sched_setaffinity>(2) system calls."
3454 #: build/C/man7/cpuset.7:808
3456 "On small systems, such as those with just a few CPUs, immediate load "
3457 "balancing is useful to improve system interactivity and to minimize wasteful "
3458 "idle CPU cycles. But on large systems, attempting immediate load balancing "
3459 "across a large number of CPUs can be more costly than it is worth, depending "
3460 "on the particular performance characteristics of the job mix and the "
3465 #: build/C/man7/cpuset.7:816
3467 "The exact meaning of the small integer values of I<sched_relax_domain_level> "
3468 "will depend on internal implementation details of the kernel scheduler code "
3469 "and on the non-uniform architecture of the hardware. Both of these will "
3470 "evolve over time and vary by system architecture and kernel version."
3474 #: build/C/man7/cpuset.7:821
3476 "As of this writing, when this capability was introduced in Linux 2.6.26, on "
3477 "certain popular architectures, the positive values of "
3478 "I<sched_relax_domain_level> have the following meanings."
3482 #: build/C/man7/cpuset.7:823
3488 #: build/C/man7/cpuset.7:826
3490 "Perform immediate load balancing across Hyper-Thread siblings on the same "
3495 #: build/C/man7/cpuset.7:826
3501 #: build/C/man7/cpuset.7:828
3502 msgid "Perform immediate load balancing across other cores in the same package."
3506 #: build/C/man7/cpuset.7:828
3512 #: build/C/man7/cpuset.7:831
3514 "Perform immediate load balancing across other CPUs on the same node or "
3519 #: build/C/man7/cpuset.7:831
3525 #: build/C/man7/cpuset.7:834
3527 "Perform immediate load balancing across over several (implementation detail) "
3528 "nodes [On NUMA systems]."
3532 #: build/C/man7/cpuset.7:834
3538 #: build/C/man7/cpuset.7:837
3540 "Perform immediate load balancing across over all CPUs in system [On NUMA "
3545 #: build/C/man7/cpuset.7:846
3547 "The I<sched_relax_domain_level> value of zero (0) always means don't perform "
3548 "immediate load balancing, hence that load balancing is only done "
3549 "periodically, not immediately when a CPU becomes available or another task "
3554 #: build/C/man7/cpuset.7:854
3556 "The I<sched_relax_domain_level> value of minus one (-1) always means use "
3557 "the system default value. The system default value can vary by architecture "
3558 "and kernel version. This system default value can be changed by kernel "
3559 "boot-time \"relax_domain_level=\" argument."
3563 #: build/C/man7/cpuset.7:862
3565 "In the case of multiple overlapping cpusets which have conflicting "
3566 "I<sched_relax_domain_level> values, then the highest such value applies to "
3567 "all CPUs in any of the overlapping cpusets. In such cases, the value "
3568 "B<minus one (-1)> is the lowest value, overridden by any other value, and "
3569 "the value B<zero (0)> is the next lowest value."
3573 #: build/C/man7/cpuset.7:862
3578 #. ================== Mask Format ==================
3580 #: build/C/man7/cpuset.7:866
3581 msgid "The following formats are used to represent sets of CPUs and memory nodes."
3585 #: build/C/man7/cpuset.7:866
3591 #: build/C/man7/cpuset.7:871
3593 "The B<Mask Format> is used to represent CPU and memory-node bitmasks in the "
3594 "I</proc/E<lt>pidE<gt>/status> file."
3598 #: build/C/man7/cpuset.7:879
3600 "This format displays each 32-bit word in hexadecimal (using ASCII characters "
3601 "\"0\" - \"9\" and \"a\" - \"f\"); words are filled with leading zeros, if "
3602 "required. For masks longer than one word, a comma separator is used between "
3603 "words. Words are displayed in big-endian order, which has the most "
3604 "significant bit first. The hex digits within a word are also in big-endian "
3609 #: build/C/man7/cpuset.7:882
3611 "The number of 32-bit words displayed is the minimum number needed to display "
3612 "all bits of the bitmask, based on the size of the bitmask."
3616 #: build/C/man7/cpuset.7:884
3617 msgid "Examples of the B<Mask Format>:"
3621 #: build/C/man7/cpuset.7:892
3624 "00000001 # just bit 0 set\n"
3625 "40000000,00000000,00000000 # just bit 94 set\n"
3626 "00000001,00000000,00000000 # just bit 64 set\n"
3627 "000000ff,00000000 # bits 32-39 set\n"
3628 "00000000,000E3862 # 1,5,6,11-13,17-19 set\n"
3632 #: build/C/man7/cpuset.7:896
3633 msgid "A mask with bits 0, 1, 2, 4, 8, 16, 32, and 64 set displays as:"
3637 #: build/C/man7/cpuset.7:900
3639 msgid "00000001,00000001,00010117\n"
3642 #. ================== List Format ==================
3644 #: build/C/man7/cpuset.7:907
3646 "The first \"1\" is for bit 64, the second for bit 32, the third for bit 16, "
3647 "the fourth for bit 8, the fifth for bit 4, and the \"7\" is for bits 2, 1, "
3652 #: build/C/man7/cpuset.7:907
3658 #: build/C/man7/cpuset.7:914
3660 "The B<List Format> for I<cpus> and I<mems> is a comma-separated list of CPU "
3661 "or memory-node numbers and ranges of numbers, in ASCII decimal."
3665 #: build/C/man7/cpuset.7:916
3666 msgid "Examples of the B<List Format>:"
3670 #: build/C/man7/cpuset.7:921
3673 "0-4,9 # bits 0, 1, 2, 3, 4, and 9 set\n"
3674 "0-2,7,12-14 # bits 0, 1, 2, 7, 12, 13, and 14 set\n"
3677 #. ================== RULES ==================
3679 #: build/C/man7/cpuset.7:924
3685 #: build/C/man7/cpuset.7:926
3686 msgid "The following rules apply to each cpuset:"
3690 #: build/C/man7/cpuset.7:929
3692 "Its CPUs and memory nodes must be a (possibly equal) subset of its "
3697 #: build/C/man7/cpuset.7:933
3698 msgid "It can only be marked I<cpu_exclusive> if its parent is."
3702 #: build/C/man7/cpuset.7:937
3703 msgid "It can only be marked I<mem_exclusive> if its parent is."
3707 #: build/C/man7/cpuset.7:941
3708 msgid "If it is I<cpu_exclusive>, its CPUs may not overlap any sibling."
3711 #. ================== PERMISSIONS ==================
3713 #: build/C/man7/cpuset.7:946
3714 msgid "If it is I<memory_exclusive>, its memory nodes may not overlap any sibling."
3718 #: build/C/man7/cpuset.7:946
3724 #: build/C/man7/cpuset.7:951
3726 "The permissions of a cpuset are determined by the permissions of the "
3727 "directories and pseudo-files in the cpuset file system, normally mounted at "
3732 #: build/C/man7/cpuset.7:960
3734 "For instance, a process can put itself in some other cpuset (than its "
3735 "current one) if it can write the I<tasks> file for that cpuset. This "
3736 "requires execute permission on the encompassing directories and write "
3737 "permission on the I<tasks> file."
3741 #: build/C/man7/cpuset.7:967
3743 "An additional constraint is applied to requests to place some other process "
3744 "in a cpuset. One process may not attach another to a cpuset unless it would "
3745 "have permission to send that process a signal (see B<kill>(2))."
3749 #: build/C/man7/cpuset.7:978
3751 "A process may create a child cpuset if it can access and write the parent "
3752 "cpuset directory. It can modify the CPUs or memory nodes in a cpuset if it "
3753 "can access that cpuset's directory (execute permissions on the each of the "
3754 "parent directories) and write the corresponding I<cpus> or I<mems> file."
3758 #: build/C/man7/cpuset.7:999
3760 "There is one minor difference between the manner in which these permissions "
3761 "are evaluated and the manner in which normal file-system operation "
3762 "permissions are evaluated. The kernel interprets relative pathnames "
3763 "starting at a process's current working directory. Even if one is operating "
3764 "on a cpuset file, relative pathnames are interpreted relative to the "
3765 "process's current working directory, not relative to the process's current "
3766 "cpuset. The only ways that cpuset paths relative to a process's current "
3767 "cpuset can be used are if either the process's current working directory is "
3768 "its cpuset (it first did a B<cd> or B<chdir>(2) to its cpuset directory "
3769 "beneath I</dev/cpuset>, which is a bit unusual) or if some user code "
3770 "converts the relative cpuset path to a full file-system path."
3773 #. ================== WARNINGS ==================
3775 #: build/C/man7/cpuset.7:1014
3777 "In theory, this means that user code should specify cpusets using absolute "
3778 "pathnames, which requires knowing the mount point of the cpuset file system "
3779 "(usually, but not necessarily, I</dev/cpuset>). In practice, all user level "
3780 "code that this author is aware of simply assumes that if the cpuset file "
3781 "system is mounted, then it is mounted at I</dev/cpuset>. Furthermore, it is "
3782 "common practice for carefully written user code to verify the presence of "
3783 "the pseudo-file I</dev/cpuset/tasks> in order to verify that the cpuset "
3784 "pseudo-file system is currently mounted."
3788 #: build/C/man7/cpuset.7:1014
3794 #: build/C/man7/cpuset.7:1015
3796 msgid "Enabling memory_pressure"
3800 #: build/C/man7/cpuset.7:1024
3802 "By default, the per-cpuset file I<memory_pressure> always contains zero "
3803 "(0). Unless this feature is enabled by writing \"1\" to the pseudo-file "
3804 "I</dev/cpuset/memory_pressure_enabled>, the kernel does not compute "
3805 "per-cpuset I<memory_pressure>."
3809 #: build/C/man7/cpuset.7:1024
3811 msgid "Using the echo command"
3814 #. Gack! csh(1)'s echo does this
3816 #: build/C/man7/cpuset.7:1035
3818 "When using the B<echo> command at the shell prompt to change the values of "
3819 "cpuset files, beware that the built-in B<echo> command in some shells does "
3820 "not display an error message if the B<write>(2) system call fails. For "
3821 "example, if the command:"
3825 #: build/C/man7/cpuset.7:1039
3827 msgid "echo 19 E<gt> mems\n"
3831 #: build/C/man7/cpuset.7:1052
3833 "failed because memory node 19 was not allowed (perhaps the current system "
3834 "does not have a memory node 19), then the B<echo> command might not display "
3835 "any error. It is better to use the B</bin/echo> external command to change "
3836 "cpuset file settings, as this command will display B<write>(2) errors, as "
3841 #: build/C/man7/cpuset.7:1057
3844 "/bin/echo 19 E<gt> mems\n"
3845 "/bin/echo: write error: Invalid argument\n"
3848 #. ================== EXCEPTIONS ==================
3850 #: build/C/man7/cpuset.7:1060
3856 #: build/C/man7/cpuset.7:1061
3858 msgid "Memory placement"
3862 #: build/C/man7/cpuset.7:1064
3864 "Not all allocations of system memory are constrained by cpusets, for the "
3865 "following reasons."
3869 #: build/C/man7/cpuset.7:1079
3871 "If hot-plug functionality is used to remove all the CPUs that are currently "
3872 "assigned to a cpuset, then the kernel will automatically update the "
3873 "I<cpus_allowed> of all processes attached to CPUs in that cpuset to allow "
3874 "all CPUs. When memory hot-plug functionality for removing memory nodes is "
3875 "available, a similar exception is expected to apply there as well. In "
3876 "general, the kernel prefers to violate cpuset placement, rather than "
3877 "starving a process that has had all its allowed CPUs or memory nodes taken "
3878 "offline. User code should reconfigure cpusets to only refer to online CPUs "
3879 "and memory nodes when using hot-plug to add or remove such resources."
3883 #: build/C/man7/cpuset.7:1087
3885 "A few kernel-critical, internal memory-allocation requests, marked "
3886 "GFP_ATOMIC, must be satisfied immediately. The kernel may drop some request "
3887 "or malfunction if one of these allocations fail. If such a request cannot "
3888 "be satisfied within the current process's cpuset, then we relax the cpuset, "
3889 "and look for memory anywhere we can find it. It's better to violate the "
3890 "cpuset than stress the kernel."
3894 #: build/C/man7/cpuset.7:1091
3896 "Allocations of memory requested by kernel drivers while processing an "
3897 "interrupt lack any relevant process context, and are not confined by "
3902 #: build/C/man7/cpuset.7:1091
3904 msgid "Renaming cpusets"
3907 #. ================== ERRORS ==================
3909 #: build/C/man7/cpuset.7:1099
3911 "You can use the B<rename>(2) system call to rename cpusets. Only simple "
3912 "renaming is supported; that is, changing the name of a cpuset directory is "
3913 "permitted, but moving a directory into a different directory is not "
3918 #: build/C/man7/cpuset.7:1103
3920 "The Linux kernel implementation of cpusets sets I<errno> to specify the "
3921 "reason for a failed system call affecting cpusets."
3925 #: build/C/man7/cpuset.7:1108
3927 "The possible I<errno> settings and their meaning when set on a failed cpuset "
3928 "call are as listed below."
3932 #: build/C/man7/cpuset.7:1108
3938 #: build/C/man7/cpuset.7:1115
3940 "Attempted a B<write>(2) on a special cpuset file with a length larger than "
3941 "some kernel-determined upper limit on the length of such writes."
3945 #: build/C/man7/cpuset.7:1122
3947 "Attempted to B<write>(2) the process ID (PID) of a process to a cpuset "
3948 "I<tasks> file when one lacks permission to move that process."
3952 #: build/C/man7/cpuset.7:1128
3954 "Attempted to add, using B<write>(2), a CPU or memory node to a cpuset, when "
3955 "that CPU or memory node was not already in its parent."
3959 #: build/C/man7/cpuset.7:1136
3961 "Attempted to set, using B<write>(2), I<cpu_exclusive> or I<mem_exclusive> on "
3962 "a cpuset whose parent lacks the same setting."
3966 #: build/C/man7/cpuset.7:1143
3967 msgid "Attempted to B<write>(2) a I<memory_pressure> file."
3971 #: build/C/man7/cpuset.7:1146
3972 msgid "Attempted to create a file in a cpuset directory."
3976 #: build/C/man7/cpuset.7:1146 build/C/man7/cpuset.7:1151 build/C/man7/cpuset.7:1156
3982 #: build/C/man7/cpuset.7:1151
3983 msgid "Attempted to remove, using B<rmdir>(2), a cpuset with attached processes."
3987 #: build/C/man7/cpuset.7:1156
3988 msgid "Attempted to remove, using B<rmdir>(2), a cpuset with child cpusets."
3992 #: build/C/man7/cpuset.7:1161
3994 "Attempted to remove a CPU or memory node from a cpuset that is also in a "
3995 "child of that cpuset."
3999 #: build/C/man7/cpuset.7:1161 build/C/man7/cpuset.7:1166
4005 #: build/C/man7/cpuset.7:1166
4006 msgid "Attempted to create, using B<mkdir>(2), a cpuset that already exists."
4010 #: build/C/man7/cpuset.7:1171
4011 msgid "Attempted to B<rename>(2) a cpuset to a name that already exists."
4015 #: build/C/man7/cpuset.7:1179
4017 "Attempted to B<read>(2) or B<write>(2) a cpuset file using a buffer that "
4018 "is outside the writing processes accessible address space."
4022 #: build/C/man7/cpuset.7:1188
4024 "Attempted to change a cpuset, using B<write>(2), in a way that would violate "
4025 "a I<cpu_exclusive> or I<mem_exclusive> attribute of that cpuset or any of "
4030 #: build/C/man7/cpuset.7:1197
4032 "Attempted to B<write>(2) an empty I<cpus> or I<mems> list to a cpuset which "
4033 "has attached processes or child cpusets."
4037 #: build/C/man7/cpuset.7:1207
4039 "Attempted to B<write>(2) a I<cpus> or I<mems> list which included a range "
4040 "with the second number smaller than the first number."
4044 #: build/C/man7/cpuset.7:1216
4046 "Attempted to B<write>(2) a I<cpus> or I<mems> list which included an "
4047 "invalid character in the string."
4051 #: build/C/man7/cpuset.7:1223
4053 "Attempted to B<write>(2) a list to a I<cpus> file that did not include any "
4058 #: build/C/man7/cpuset.7:1230
4060 "Attempted to B<write>(2) a list to a I<mems> file that did not include any "
4061 "online memory nodes."
4065 #: build/C/man7/cpuset.7:1237
4067 "Attempted to B<write>(2) a list to a I<mems> file that included a node that "
4072 #: build/C/man7/cpuset.7:1245
4074 "Attempted to B<write>(2) a string to a cpuset I<tasks> file that does not "
4075 "begin with an ASCII decimal integer."
4079 #: build/C/man7/cpuset.7:1250
4080 msgid "Attempted to B<rename>(2) a cpuset into a different directory."
4084 #: build/C/man7/cpuset.7:1257
4086 "Attempted to B<read>(2) a I</proc/E<lt>pidE<gt>/cpuset> file for a cpuset "
4087 "path that is longer than the kernel page size."
4091 #: build/C/man7/cpuset.7:1262
4093 "Attempted to create, using B<mkdir>(2), a cpuset whose base directory name "
4094 "is longer than 255 characters."
4098 #: build/C/man7/cpuset.7:1269
4100 "Attempted to create, using B<mkdir>(2), a cpuset whose full pathname, "
4101 "including the mount point (typically \"/dev/cpuset/\") prefix, is longer "
4102 "than 4095 characters."
4106 #: build/C/man7/cpuset.7:1269
4112 #: build/C/man7/cpuset.7:1274
4114 "The cpuset was removed by another process at the same time as a B<write>(2) "
4115 "was attempted on one of the pseudo-files in the cpuset directory."
4119 #: build/C/man7/cpuset.7:1279
4121 "Attempted to create, using B<mkdir>(2), a cpuset in a parent cpuset that "
4126 #: build/C/man7/cpuset.7:1286
4128 "Attempted to B<access>(2) or B<open>(2) a nonexistent file in a cpuset "
4133 #: build/C/man7/cpuset.7:1291
4135 "Insufficient memory is available within the kernel; can occur on a variety "
4136 "of system calls affecting cpusets, but only if the system is extremely short "
4141 #: build/C/man7/cpuset.7:1291 build/C/man7/cpuset.7:1303
4147 #: build/C/man7/cpuset.7:1303
4149 "Attempted to B<write>(2) the process ID (PID) of a process to a cpuset "
4150 "I<tasks> file when the cpuset had an empty I<cpus> or empty I<mems> setting."
4154 #: build/C/man7/cpuset.7:1313
4156 "Attempted to B<write>(2) an empty I<cpus> or I<mems> setting to a cpuset "
4157 "that has tasks attached."
4161 #: build/C/man7/cpuset.7:1318
4162 msgid "Attempted to B<rename>(2) a nonexistent cpuset."
4166 #: build/C/man7/cpuset.7:1321
4167 msgid "Attempted to remove a file from a cpuset directory."
4171 #: build/C/man7/cpuset.7:1321
4177 #: build/C/man7/cpuset.7:1329
4179 "Specified a I<cpus> or I<mems> list to the kernel which included a number "
4180 "too large for the kernel to set in its bitmasks."
4183 #. ================== VERSIONS ==================
4185 #: build/C/man7/cpuset.7:1337
4187 "Attempted to B<write>(2) the process ID (PID) of a nonexistent process to a "
4188 "cpuset I<tasks> file."
4191 #. ================== NOTES ==================
4193 #: build/C/man7/cpuset.7:1340
4194 msgid "Cpusets appeared in version 2.6.12 of the Linux kernel."
4197 #. ================== BUGS ==================
4199 #: build/C/man7/cpuset.7:1351
4201 "Despite its name, the I<pid> parameter is actually a thread ID, and each "
4202 "thread in a threaded group can be attached to a different cpuset. The value "
4203 "returned from a call to B<gettid>(2) can be passed in the argument I<pid>."
4207 #: build/C/man7/cpuset.7:1351 build/C/man2/getrlimit.2:576 build/C/man2/ioprio_set.2:308 build/C/man2/setfsgid.2:102 build/C/man2/setfsuid.2:102
4212 #. ================== EXAMPLE ==================
4214 #: build/C/man7/cpuset.7:1364
4216 "I<memory_pressure> cpuset files can be opened for writing, creation, or "
4217 "truncation, but then the B<write>(2) fails with I<errno> set to B<EACCES>, "
4218 "and the creation and truncation options on B<open>(2) have no effect."
4222 #: build/C/man7/cpuset.7:1364 build/C/man2/getrlimit.2:520
4228 #: build/C/man7/cpuset.7:1367
4230 "The following examples demonstrate querying and setting cpuset options using "
4235 #: build/C/man7/cpuset.7:1367
4237 msgid "Creating and attaching to a cpuset."
4241 #: build/C/man7/cpuset.7:1370
4243 "To create a new cpuset and attach the current command shell to it, the steps "
4248 #: build/C/man7/cpuset.7:1372 build/C/man7/cpuset.7:1411
4254 #: build/C/man7/cpuset.7:1374
4255 msgid "mkdir /dev/cpuset (if not already done)"
4259 #: build/C/man7/cpuset.7:1374 build/C/man7/cpuset.7:1417
4265 #: build/C/man7/cpuset.7:1376
4266 msgid "mount -t cpuset none /dev/cpuset (if not already done)"
4270 #: build/C/man7/cpuset.7:1376 build/C/man7/cpuset.7:1420
4276 #: build/C/man7/cpuset.7:1379
4277 msgid "Create the new cpuset using B<mkdir>(1)."
4281 #: build/C/man7/cpuset.7:1379 build/C/man7/cpuset.7:1423
4287 #: build/C/man7/cpuset.7:1381
4288 msgid "Assign CPUs and memory nodes to the new cpuset."
4292 #: build/C/man7/cpuset.7:1381 build/C/man7/cpuset.7:1428
4298 #: build/C/man7/cpuset.7:1383
4299 msgid "Attach the shell to the new cpuset."
4303 #: build/C/man7/cpuset.7:1388
4305 "For example, the following sequence of commands will set up a cpuset named "
4306 "\"Charlie\", containing just CPUs 2 and 3, and memory node 1, and then "
4307 "attach the current shell to that cpuset."
4311 #: build/C/man7/cpuset.7:1402
4314 "$B< mkdir /dev/cpuset>\n"
4315 "$B< mount -t cpuset cpuset /dev/cpuset>\n"
4316 "$B< cd /dev/cpuset>\n"
4317 "$B< mkdir Charlie>\n"
4319 "$B< /bin/echo 2-3 E<gt> cpus>\n"
4320 "$B< /bin/echo 1 E<gt> mems>\n"
4321 "$B< /bin/echo $$ E<gt> tasks>\n"
4322 "# The current shell is now running in cpuset Charlie\n"
4323 "# The next line should display '/Charlie'\n"
4324 "$B< cat /proc/self/cpuset>\n"
4328 #: build/C/man7/cpuset.7:1404
4330 msgid "Migrating a job to different memory nodes."
4334 #: build/C/man7/cpuset.7:1409
4336 "To migrate a job (the set of processes attached to a cpuset) to different "
4337 "CPUs and memory nodes in the system, including moving the memory pages "
4338 "currently allocated to that job, perform the following steps."
4342 #: build/C/man7/cpuset.7:1417
4344 "Let's say we want to move the job in cpuset I<alpha> (CPUs 4-7 and memory "
4345 "nodes 2-3) to a new cpuset I<beta> (CPUs 16-19 and memory nodes 8-9)."
4349 #: build/C/man7/cpuset.7:1420
4350 msgid "First create the new cpuset I<beta>."
4354 #: build/C/man7/cpuset.7:1423
4355 msgid "Then allow CPUs 16-19 and memory nodes 8-9 in I<beta>."
4359 #: build/C/man7/cpuset.7:1428
4360 msgid "Then enable I<memory_migration> in I<beta>."
4364 #: build/C/man7/cpuset.7:1433
4365 msgid "Then move each process from I<alpha> to I<beta>."
4369 #: build/C/man7/cpuset.7:1436
4370 msgid "The following sequence of commands accomplishes this."
4374 #: build/C/man7/cpuset.7:1446
4377 "$B< cd /dev/cpuset>\n"
4380 "$B< /bin/echo 16-19 E<gt> cpus>\n"
4381 "$B< /bin/echo 8-9 E<gt> mems>\n"
4382 "$B< /bin/echo 1 E<gt> memory_migrate>\n"
4383 "$B< while read i; do /bin/echo $i; done E<lt> ../alpha/tasks E<gt> tasks>\n"
4387 #: build/C/man7/cpuset.7:1455
4389 "The above should move any processes in I<alpha> to I<beta>, and any memory "
4390 "held by these processes on memory nodes 2-3 to memory nodes 8-9, "
4395 #: build/C/man7/cpuset.7:1457
4396 msgid "Notice that the last step of the above sequence did not do:"
4400 #: build/C/man7/cpuset.7:1461
4402 msgid "$B< cp ../alpha/tasks tasks>\n"
4406 #: build/C/man7/cpuset.7:1472
4408 "The I<while> loop, rather than the seemingly easier use of the B<cp>(1) "
4409 "command, was necessary because only one process PID at a time may be written "
4410 "to the I<tasks> file."
4414 #: build/C/man7/cpuset.7:1480
4416 "The same effect (writing one PID at a time) as the I<while> loop can be "
4417 "accomplished more efficiently, in fewer keystrokes and in syntax that works "
4418 "on any shell, but alas more obscurely, by using the B<-u> (unbuffered) "
4419 "option of B<sed>(1):"
4423 #: build/C/man7/cpuset.7:1484
4425 msgid "$B< sed -un p E<lt> ../alpha/tasks E<gt> tasks>\n"
4429 #: build/C/man7/cpuset.7:1501
4431 "B<taskset>(1), B<get_mempolicy>(2), B<getcpu>(2), B<mbind>(2), "
4432 "B<sched_getaffinity>(2), B<sched_setaffinity>(2), B<sched_setscheduler>(2), "
4433 "B<set_mempolicy>(2), B<CPU_SET>(3), B<proc>(5), B<numa>(7), "
4434 "B<migratepages>(8), B<numactl>(8)"
4438 #: build/C/man7/cpuset.7:1503
4439 msgid "The kernel source file I<Documentation/cpusets.txt>."
4443 #: build/C/man7/credentials.7:25
4449 #: build/C/man7/credentials.7:25
4455 #: build/C/man7/credentials.7:28
4456 msgid "credentials - process identifiers"
4460 #: build/C/man7/credentials.7:29
4462 msgid "Process ID (PID)"
4466 #: build/C/man7/credentials.7:39
4468 "Each process has a unique nonnegative integer identifier that is assigned "
4469 "when the process is created using B<fork>(2). A process can obtain its PID "
4470 "using B<getpid>(2). A PID is represented using the type I<pid_t> (defined "
4471 "in I<E<lt>sys/types.hE<gt>>)."
4474 #. .BR sched_rr_get_interval (2),
4475 #. .BR sched_getaffinity (2),
4476 #. .BR sched_setaffinity (2),
4477 #. .BR sched_getparam (2),
4478 #. .BR sched_setparam (2),
4479 #. .BR sched_setscheduler (2),
4480 #. .BR sched_getscheduler (2),
4485 #: build/C/man7/credentials.7:60
4487 "PIDs are used in a range of system calls to identify the process affected by "
4488 "the call, for example: B<kill>(2), B<ptrace>(2), B<setpriority>(2) "
4489 "B<setpgid>(2), B<setsid>(2), B<sigqueue>(3), and B<waitpid>(2)."
4493 #: build/C/man7/credentials.7:63
4494 msgid "A process's PID is preserved across an B<execve>(2)."
4498 #: build/C/man7/credentials.7:63
4500 msgid "Parent Process ID (PPID)"
4504 #: build/C/man7/credentials.7:71
4506 "A process's parent process ID identifies the process that created this "
4507 "process using B<fork>(2). A process can obtain its PPID using "
4508 "B<getppid>(2). A PPID is represented using the type I<pid_t>."
4512 #: build/C/man7/credentials.7:74
4513 msgid "A process's PPID is preserved across an B<execve>(2)."
4517 #: build/C/man7/credentials.7:74
4519 msgid "Process Group ID and Session ID"
4523 #: build/C/man7/credentials.7:82
4525 "Each process has a session ID and a process group ID, both represented using "
4526 "the type I<pid_t>. A process can obtain its session ID using B<getsid>(2), "
4527 "and its process group ID using B<getpgrp>(2)."
4531 #: build/C/man7/credentials.7:88
4533 "A child created by B<fork>(2) inherits its parent's session ID and process "
4534 "group ID. A process's session ID and process group ID are preserved across "
4539 #: build/C/man7/credentials.7:101
4541 "Sessions and process groups are abstractions devised to support shell job "
4542 "control. A process group (sometimes called a \"job\") is a collection of "
4543 "processes that share the same process group ID; the shell creates a new "
4544 "process group for the process(es) used to execute single command or pipeline "
4545 "(e.g., the two processes created to execute the command \"ls\\ |\\ wc\" are "
4546 "placed in the same process group). A process's group membership can be set "
4547 "using B<setpgid>(2). The process whose process ID is the same as its "
4548 "process group ID is the I<process group leader> for that group."
4552 #: build/C/man7/credentials.7:113
4554 "A session is a collection of processes that share the same session ID. All "
4555 "of the members of a process group also have the same session ID (i.e., all "
4556 "of the members of a process group always belong to the same session, so that "
4557 "sessions and process groups form a strict two-level hierarchy of processes.) "
4558 "A new session is created when a process calls B<setsid>(2), which creates a "
4559 "new session whose session ID is the same as the PID of the process that "
4560 "called B<setsid>(2). The creator of the session is called the I<session "
4565 #: build/C/man7/credentials.7:113
4567 msgid "User and Group Identifiers"
4571 #: build/C/man7/credentials.7:121
4573 "Each process has various associated user and groups IDs. These IDs are "
4574 "integers, respectively represented using the types I<uid_t> and I<gid_t> "
4575 "(defined in I<E<lt>sys/types.hE<gt>>)."
4579 #: build/C/man7/credentials.7:123
4580 msgid "On Linux, each process has the following user and group identifiers:"
4584 #: build/C/man7/credentials.7:129
4586 "Real user ID and real group ID. These IDs determine who owns the process. "
4587 "A process can obtain its real user (group) ID using B<getuid>(2) "
4592 #: build/C/man7/credentials.7:141
4594 "Effective user ID and effective group ID. These IDs are used by the kernel "
4595 "to determine the permissions that the process will have when accessing "
4596 "shared resources such as message queues, shared memory, and semaphores. On "
4597 "most UNIX systems, these IDs also determine the permissions when accessing "
4598 "files. However, Linux uses the file system IDs described below for this "
4599 "task. A process can obtain its effective user (group) ID using "
4600 "B<geteuid>(2) (B<getegid>(2))."
4604 #: build/C/man7/credentials.7:163
4606 "Saved set-user-ID and saved set-group-ID. These IDs are used in set-user-ID "
4607 "and set-group-ID programs to save a copy of the corresponding effective IDs "
4608 "that were set when the program was executed (see B<execve>(2)). A "
4609 "set-user-ID program can assume and drop privileges by switching its "
4610 "effective user ID back and forth between the values in its real user ID and "
4611 "saved set-user-ID. This switching is done via calls to B<seteuid>(2), "
4612 "B<setreuid>(2), or B<setresuid>(2). A set-group-ID program performs the "
4613 "analogous tasks using B<setegid>(2), B<setregid>(2), or B<setresgid>(2). A "
4614 "process can obtain its saved set-user-ID (set-group-ID) using "
4615 "B<getresuid>(2) (B<getresgid>(2))."
4619 #: build/C/man7/credentials.7:180
4621 "File system user ID and file system group ID (Linux-specific). These IDs, "
4622 "in conjunction with the supplementary group IDs described below, are used to "
4623 "determine permissions for accessing files; see B<path_resolution>(7) for "
4624 "details. Whenever a process's effective user (group) ID is changed, the "
4625 "kernel also automatically changes the file system user (group) ID to the "
4626 "same value. Consequently, the file system IDs normally have the same values "
4627 "as the corresponding effective ID, and the semantics for file-permission "
4628 "checks are thus the same on Linux as on other UNIX systems. The file system "
4629 "IDs can be made to differ from the effective IDs by calling B<setfsuid>(2) "
4630 "and B<setfsgid>(2)."
4633 #. Since kernel 2.6.4, the limit is visible via the read-only file
4634 #. /proc/sys/kernel/ngroups_max.
4635 #. As at 2.6.22-rc2, this file is still read-only.
4637 #: build/C/man7/credentials.7:199
4639 "Supplementary group IDs. This is a set of additional group IDs that are "
4640 "used for permission checks when accessing files and other shared resources. "
4641 "On Linux kernels before 2.6.4, a process can be a member of up to 32 "
4642 "supplementary groups; since kernel 2.6.4, a process can be a member of up to "
4643 "65536 supplementary groups. The call I<sysconf(_SC_NGROUPS_MAX)> can be "
4644 "used to determine the number of supplementary groups of which a process may "
4645 "be a member. A process can obtain its set of supplementary group IDs using "
4646 "B<getgroups>(2), and can modify the set using B<setgroups>(2)."
4650 #: build/C/man7/credentials.7:209
4652 "A child process created by B<fork>(2) inherits copies of its parent's user "
4653 "and groups IDs. During an B<execve>(2), a process's real user and group ID "
4654 "and supplementary group IDs are preserved; the effective and saved set IDs "
4655 "may be changed, as described in B<execve>(2)."
4659 #: build/C/man7/credentials.7:212
4661 "Aside from the purposes noted above, a process's user IDs are also employed "
4662 "in a number of other contexts:"
4666 #: build/C/man7/credentials.7:215
4667 msgid "when determining the permissions for sending signals\\(emsee B<kill>(2);"
4671 #: build/C/man7/credentials.7:225
4673 "when determining the permissions for setting process-scheduling parameters "
4674 "(nice value, real time scheduling policy and priority, CPU affinity, I/O "
4675 "priority) using B<setpriority>(2), B<sched_setaffinity>(2), "
4676 "B<sched_setscheduler>(2), B<sched_setparam>(2), and B<ioprio_set>(2);"
4680 #: build/C/man7/credentials.7:228
4681 msgid "when checking resource limits; see B<getrlimit>(2);"
4685 #: build/C/man7/credentials.7:232
4687 "when checking the limit on the number of inotify instances that the process "
4688 "may create; see B<inotify>(7)."
4692 #: build/C/man7/credentials.7:238
4694 "Process IDs, parent process IDs, process group IDs, and session IDs are "
4695 "specified in POSIX.1-2001. The real, effective, and saved set user and "
4696 "groups IDs, and the supplementary group IDs, are specified in POSIX.1-2001. "
4697 "The file system user and group IDs are a Linux extension."
4701 #: build/C/man7/credentials.7:250
4703 "The POSIX threads specification requires that credentials are shared by all "
4704 "of the threads in a process. However, at the kernel level, Linux maintains "
4705 "separate user and group credentials for each thread. The NPTL threading "
4706 "implementation does some work to ensure that any change to user or group "
4707 "credentials (e.g., calls to B<setuid>(2), B<setresuid>(2), etc.) is carried "
4708 "through to all of the POSIX threads in a process."
4712 #: build/C/man7/credentials.7:280
4714 "B<bash>(1), B<csh>(1), B<ps>(1), B<access>(2), B<execve>(2), "
4715 "B<faccessat>(2), B<fork>(2), B<getpgrp>(2), B<getpid>(2), B<getppid>(2), "
4716 "B<getsid>(2), B<kill>(2), B<killpg>(2), B<setegid>(2), B<seteuid>(2), "
4717 "B<setfsgid>(2), B<setfsuid>(2), B<setgid>(2), B<setgroups>(2), "
4718 "B<setresgid>(2), B<setresuid>(2), B<setuid>(2), B<waitpid>(2), "
4719 "B<euidaccess>(3), B<initgroups>(3), B<tcgetpgrp>(3), B<tcsetpgrp>(3), "
4720 "B<capabilities>(7), B<path_resolution>(7), B<unix>(7)"
4724 #: build/C/man2/getgid.2:25
4730 #: build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getresuid.2:27 build/C/man2/getuid.2:26 build/C/man2/setfsgid.2:29 build/C/man2/setfsuid.2:29 build/C/man2/setgid.2:27 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:43 build/C/man2/setuid.2:28
4736 #: build/C/man2/getgid.2:28
4737 msgid "getgid, getegid - get group identity"
4741 #: build/C/man2/getgid.2:30 build/C/man2/getgroups.2:38 build/C/man2/getpid.2:30 build/C/man2/getresuid.2:34 build/C/man2/getsid.2:30 build/C/man2/getuid.2:31 build/C/man2/seteuid.2:34 build/C/man2/setgid.2:34 build/C/man2/setpgid.2:51 build/C/man2/setresuid.2:33 build/C/man2/setreuid.2:50 build/C/man2/setsid.2:35 build/C/man2/setuid.2:35
4742 msgid "B<#include E<lt>unistd.hE<gt>>"
4746 #: build/C/man2/getgid.2:32 build/C/man2/getgroups.2:36 build/C/man2/getpid.2:28 build/C/man2/getuid.2:33 build/C/man2/seteuid.2:32 build/C/man2/setgid.2:32 build/C/man2/setreuid.2:48 build/C/man2/setuid.2:33
4747 msgid "B<#include E<lt>sys/types.hE<gt>>"
4751 #: build/C/man2/getgid.2:34
4752 msgid "B<gid_t getgid(void);>"
4756 #: build/C/man2/getgid.2:36
4757 msgid "B<gid_t getegid(void);>"
4761 #: build/C/man2/getgid.2:39
4762 msgid "B<getgid>() returns the real group ID of the calling process."
4766 #: build/C/man2/getgid.2:42
4767 msgid "B<getegid>() returns the effective group ID of the calling process."
4771 #: build/C/man2/getgid.2:44 build/C/man2/getpid.2:44 build/C/man2/getuid.2:45
4772 msgid "These functions are always successful."
4776 #: build/C/man2/getgid.2:46 build/C/man2/getuid.2:47
4777 msgid "POSIX.1-2001, 4.3BSD."
4781 #: build/C/man2/getgid.2:62
4783 "The original Linux B<getgid>() and B<getegid>() system calls supported "
4784 "only 16-bit group IDs. Subsequently, Linux 2.4 added B<getgid32>() and "
4785 "B<getegid32>(), supporting 32-bit IDs. The glibc B<getgid>() and "
4786 "B<getegid>() wrapper functions transparently deal with the variations "
4787 "across kernel versions."
4791 #: build/C/man2/getgid.2:66
4792 msgid "B<getresgid>(2), B<setgid>(2), B<setregid>(2), B<credentials>(7)"
4796 #: build/C/man2/getgroups.2:31
4802 #: build/C/man2/getgroups.2:34
4803 msgid "getgroups, setgroups - get/set list of supplementary group IDs"
4807 #: build/C/man2/getgroups.2:40
4808 msgid "B<int getgroups(int >I<size>B<, gid_t >I<list>B<[]);>"
4812 #: build/C/man2/getgroups.2:42
4813 msgid "B<#include E<lt>grp.hE<gt>>"
4817 #: build/C/man2/getgroups.2:44
4818 msgid "B<int setgroups(size_t >I<size>B<, const gid_t *>I<list>B<);>"
4822 #: build/C/man2/getgroups.2:52
4823 msgid "B<setgroups>(): _BSD_SOURCE"
4827 #: build/C/man2/getgroups.2:70
4829 "B<getgroups>() returns the supplementary group IDs of the calling process "
4830 "in I<list>. The argument I<size> should be set to the maximum number of "
4831 "items that can be stored in the buffer pointed to by I<list>. If the "
4832 "calling process is a member of more than I<size> supplementary groups, then "
4833 "an error results. It is unspecified whether the effective group ID of the "
4834 "calling process is included in the returned list. (Thus, an application "
4835 "should also call B<getegid>(2) and add or remove the resulting value.)"
4839 #: build/C/man2/getgroups.2:81
4841 "If I<size> is zero, I<list> is not modified, but the total number of "
4842 "supplementary group IDs for the process is returned. This allows the caller "
4843 "to determine the size of a dynamically allocated I<list> to be used in a "
4844 "further call to B<getgroups>()."
4848 #: build/C/man2/getgroups.2:92
4850 "B<setgroups>() sets the supplementary group IDs for the calling process. "
4851 "Appropriate privileges (Linux: the B<CAP_SETGID> capability) are required. "
4852 "The I<size> argument specifies the number of supplementary group IDs in the "
4853 "buffer pointed to by I<list>."
4857 #: build/C/man2/getgroups.2:99
4859 "On success, B<getgroups>() returns the number of supplementary group IDs. "
4860 "On error, -1 is returned, and I<errno> is set appropriately."
4864 #: build/C/man2/getgroups.2:106
4866 "On success, B<setgroups>() returns 0. On error, -1 is returned, and "
4867 "I<errno> is set appropriately."
4871 #: build/C/man2/getgroups.2:111
4872 msgid "I<list> has an invalid address."
4876 #: build/C/man2/getgroups.2:114
4877 msgid "B<getgroups>() can additionally fail with the following error:"
4881 #: build/C/man2/getgroups.2:118
4882 msgid "I<size> is less than the number of supplementary group IDs, but is not zero."
4886 #: build/C/man2/getgroups.2:121
4887 msgid "B<setgroups>() can additionally fail with the following errors:"
4891 #: build/C/man2/getgroups.2:127
4893 "I<size> is greater than B<NGROUPS_MAX> (32 before Linux 2.6.4; 65536 since "
4898 #: build/C/man2/getgroups.2:133
4899 msgid "The calling process has insufficient privilege."
4903 #: build/C/man2/getgroups.2:141
4905 "SVr4, 4.3BSD. The B<getgroups>() function is in POSIX.1-2001. Since "
4906 "B<setgroups>() requires privilege, it is not covered by POSIX.1-2001."
4910 #: build/C/man2/getgroups.2:149
4912 "A process can have up to B<NGROUPS_MAX> supplementary group IDs in addition "
4913 "to the effective group ID. The set of supplementary group IDs is inherited "
4914 "from the parent process, and preserved across an B<execve>(2)."
4918 #: build/C/man2/getgroups.2:152
4920 "The maximum number of supplementary group IDs can be found using "
4925 #: build/C/man2/getgroups.2:156
4928 " long ngroups_max;\n"
4929 " ngroups_max = sysconf(_SC_NGROUPS_MAX);\n"
4933 #: build/C/man2/getgroups.2:161
4935 "The maximum return value of B<getgroups>() cannot be larger than one more "
4940 #: build/C/man2/getgroups.2:171
4942 "The original Linux B<getgroups>() system call supported only 16-bit group "
4943 "IDs. Subsequently, Linux 2.4 added B<getgroups32>(), supporting 32-bit "
4944 "IDs. The glibc B<getgroups>() wrapper function transparently deals with "
4945 "the variation across kernel versions."
4949 #: build/C/man2/getgroups.2:177
4951 "B<getgid>(2), B<setgid>(2), B<getgrouplist>(3), B<initgroups>(3), "
4952 "B<capabilities>(7), B<credentials>(7)"
4956 #: build/C/man2/getpid.2:23
4962 #: build/C/man2/getpid.2:23
4968 #: build/C/man2/getpid.2:26
4969 msgid "getpid, getppid - get process identification"
4973 #: build/C/man2/getpid.2:32
4974 msgid "B<pid_t getpid(void);>"
4978 #: build/C/man2/getpid.2:34
4979 msgid "B<pid_t getppid(void);>"
4983 #: build/C/man2/getpid.2:39
4985 "B<getpid>() returns the process ID of the calling process. (This is often "
4986 "used by routines that generate unique temporary filenames.)"
4990 #: build/C/man2/getpid.2:42
4991 msgid "B<getppid>() returns the process ID of the parent of the calling process."
4995 #: build/C/man2/getpid.2:46
4996 msgid "POSIX.1-2001, 4.3BSD, SVr4."
4999 #. The following program demonstrates this "feature":
5001 #. #define _GNU_SOURCE
5002 #. #include <sys/syscall.h>
5003 #. #include <sys/wait.h>
5004 #. #include <stdio.h>
5005 #. #include <stdlib.h>
5006 #. #include <unistd.h>
5009 #. main(int argc, char *argv[])
5011 #. /* The following statement fills the getpid() cache */
5013 #. printf("parent PID = %ld
5014 #. ", (long) getpid());
5016 #. if (syscall(SYS_fork) == 0) {
5017 #. if (getpid() != syscall(SYS_getpid))
5018 #. printf("child getpid() mismatch: getpid()=%ld; "
5019 #. "syscall(SYS_getpid)=%ld
5021 #. (long) getpid(), (long) syscall(SYS_getpid));
5022 #. exit(EXIT_SUCCESS);
5027 #: build/C/man2/getpid.2:98
5029 "Since glibc version 2.3.4, the glibc wrapper function for B<getpid>() "
5030 "caches PIDs, so as to avoid additional system calls when a process calls "
5031 "B<getpid>() repeatedly. Normally this caching is invisible, but its "
5032 "correct operation relies on support in the wrapper functions for B<fork>(2), "
5033 "B<vfork>(2), and B<clone>(2): if an application bypasses the glibc wrappers "
5034 "for these system calls by using B<syscall>(2), then a call to B<getpid>() "
5035 "in the child will return the wrong value (to be precise: it will return the "
5036 "PID of the parent process). See also B<clone>(2) for discussion of a case "
5037 "where B<getpid>() may return the wrong value even when invoking B<clone>(2) "
5038 "via the glibc wrapper function."
5042 #: build/C/man2/getpid.2:107
5044 "B<clone>(2), B<fork>(2), B<kill>(2), B<exec>(3), B<mkstemp>(3), "
5045 "B<tempnam>(3), B<tmpfile>(3), B<tmpnam>(3), B<credentials>(7)"
5049 #: build/C/man2/getpriority.2:46
5055 #: build/C/man2/getpriority.2:46
5061 #: build/C/man2/getpriority.2:49
5062 msgid "getpriority, setpriority - get/set program scheduling priority"
5066 #: build/C/man2/getpriority.2:51 build/C/man2/getrlimit.2:69 build/C/man2/getrusage.2:44
5067 msgid "B<#include E<lt>sys/time.hE<gt>>"
5071 #: build/C/man2/getpriority.2:53 build/C/man2/getrlimit.2:71 build/C/man2/getrusage.2:46
5072 msgid "B<#include E<lt>sys/resource.hE<gt>>"
5076 #: build/C/man2/getpriority.2:55
5077 msgid "B<int getpriority(int >I<which>B<, int >I<who>B<);>"
5081 #: build/C/man2/getpriority.2:57
5082 msgid "B<int setpriority(int >I<which>B<, int >I<who>B<, int >I<prio>B<);>"
5086 #: build/C/man2/getpriority.2:68
5088 "The scheduling priority of the process, process group, or user, as indicated "
5089 "by I<which> and I<who> is obtained with the B<getpriority>() call and set "
5090 "with the B<setpriority>() call."
5094 #: build/C/man2/getpriority.2:95
5096 "The value I<which> is one of B<PRIO_PROCESS>, B<PRIO_PGRP>, or B<PRIO_USER>, "
5097 "and I<who> is interpreted relative to I<which> (a process identifier for "
5098 "B<PRIO_PROCESS>, process group identifier for B<PRIO_PGRP>, and a user ID "
5099 "for B<PRIO_USER>). A zero value for I<who> denotes (respectively) the "
5100 "calling process, the process group of the calling process, or the real user "
5101 "ID of the calling process. I<Prio> is a value in the range -20 to 19 (but "
5102 "see the Notes below). The default priority is 0; lower priorities cause "
5103 "more favorable scheduling."
5107 #: build/C/man2/getpriority.2:105
5109 "The B<getpriority>() call returns the highest priority (lowest numerical "
5110 "value) enjoyed by any of the specified processes. The B<setpriority>() "
5111 "call sets the priorities of all of the specified processes to the specified "
5112 "value. Only the superuser may lower priorities."
5116 #: build/C/man2/getpriority.2:118
5118 "Since B<getpriority>() can legitimately return the value -1, it is "
5119 "necessary to clear the external variable I<errno> prior to the call, then "
5120 "check it afterward to determine if -1 is an error or a legitimate value. "
5121 "The B<setpriority>() call returns 0 if there is no error, or -1 if there "
5126 #: build/C/man2/getpriority.2:127
5127 msgid "I<which> was not one of B<PRIO_PROCESS>, B<PRIO_PGRP>, or B<PRIO_USER>."
5131 #: build/C/man2/getpriority.2:134
5132 msgid "No process was located using the I<which> and I<who> values specified."
5136 #: build/C/man2/getpriority.2:138
5137 msgid "In addition to the errors indicated above, B<setpriority>() may fail if:"
5141 #: build/C/man2/getpriority.2:150
5143 "The caller attempted to lower a process priority, but did not have the "
5144 "required privilege (on Linux: did not have the B<CAP_SYS_NICE> capability). "
5145 "Since Linux 2.6.12, this error only occurs if the caller attempts to set a "
5146 "process priority outside the range of the B<RLIMIT_NICE> soft resource limit "
5147 "of the target process; see B<getrlimit>(2) for details."
5151 #: build/C/man2/getpriority.2:158
5153 "A process was located, but its effective user ID did not match either the "
5154 "effective or the real user ID of the caller, and was not privileged (on "
5155 "Linux: did not have the B<CAP_SYS_NICE> capability). But see NOTES below."
5159 #: build/C/man2/getpriority.2:161
5160 msgid "SVr4, 4.4BSD (these function calls first appeared in 4.2BSD), POSIX.1-2001."
5164 #: build/C/man2/getpriority.2:167
5166 "A child created by B<fork>(2) inherits its parent's nice value. The nice "
5167 "value is preserved across B<execve>(2)."
5171 #: build/C/man2/getpriority.2:178
5173 "The degree to which their relative nice value affects the scheduling of "
5174 "processes varies across UNIX systems, and, on Linux, across kernel "
5175 "versions. Starting with kernel 2.6.23, Linux adopted an algorithm that "
5176 "causes relative differences in nice values to have a much stronger effect. "
5177 "This causes very low nice values (+19) to truly provide little CPU to a "
5178 "process whenever there is any other higher priority load on the system, and "
5179 "makes high nice values (-20) deliver most of the CPU to applications that "
5180 "require it (e.g., some audio applications)."
5184 #: build/C/man2/getpriority.2:193
5186 "The details on the condition for B<EPERM> depend on the system. The above "
5187 "description is what POSIX.1-2001 says, and seems to be followed on all "
5188 "System V-like systems. Linux kernels before 2.6.12 required the real or "
5189 "effective user ID of the caller to match the real user of the process I<who> "
5190 "(instead of its effective user ID). Linux 2.6.12 and later require the "
5191 "effective user ID of the caller to match the real or effective user ID of "
5192 "the process I<who>. All BSD-like systems (SunOS 4.1.3, Ultrix 4.2, 4.3BSD, "
5193 "FreeBSD 4.3, OpenBSD-2.5, ...) behave in the same manner as Linux 2.6.12 and "
5198 #: build/C/man2/getpriority.2:209
5200 "The actual priority range varies between kernel versions. Linux before "
5201 "1.3.36 had -infinity..15. Since kernel 1.3.43 Linux has the range -20..19. "
5202 "Within the kernel, nice values are actually represented using the "
5203 "corresponding range 40..1 (since negative numbers are error codes) and these "
5204 "are the values employed by the B<setpriority>() and B<getpriority>() "
5205 "system calls. The glibc wrapper functions for these system calls handle the "
5206 "translations between the user-land and kernel representations of the nice "
5207 "value according to the formula I<unice\\ =\\ 20\\ -\\ knice>."
5211 #: build/C/man2/getpriority.2:211
5212 msgid "On some systems, the range of nice values is -20..20."
5216 #: build/C/man2/getpriority.2:223
5218 "Including I<E<lt>sys/time.hE<gt>> is not required these days, but increases "
5219 "portability. (Indeed, I<E<lt>sys/resource.hE<gt>> defines the I<rusage> "
5220 "structure with fields of type I<struct timeval> defined in "
5221 "I<E<lt>sys/time.hE<gt>>.)"
5225 #: build/C/man2/getpriority.2:228
5226 msgid "B<nice>(1), B<renice>(1), B<fork>(2), B<capabilities>(7)"
5230 #: build/C/man2/getpriority.2:230
5232 "I<Documentation/scheduler/sched-nice-design.txt> in the kernel source tree "
5233 "(since Linux 2.6.23)."
5237 #: build/C/man2/getresuid.2:27
5243 #: build/C/man2/getresuid.2:30
5244 msgid "getresuid, getresgid - get real, effective and saved user/group IDs"
5248 #: build/C/man2/getresuid.2:32 build/C/man2/setresuid.2:31
5249 msgid "B<#define _GNU_SOURCE> /* See feature_test_macros(7) */"
5253 #: build/C/man2/getresuid.2:36
5254 msgid "B<int getresuid(uid_t *>I<ruid>B<, uid_t *>I<euid>B<, uid_t *>I<suid>B<);>"
5258 #: build/C/man2/getresuid.2:38
5259 msgid "B<int getresgid(gid_t *>I<rgid>B<, gid_t *>I<egid>B<, gid_t *>I<sgid>B<);>"
5263 #: build/C/man2/getresuid.2:49
5265 "B<getresuid>() returns the real UID, the effective UID, and the saved "
5266 "set-user-ID of the calling process, in the arguments I<ruid>, I<euid>, and "
5267 "I<suid>, respectively. B<getresgid>() performs the analogous task for the "
5268 "process's group IDs."
5272 #: build/C/man2/getresuid.2:59
5274 "One of the arguments specified an address outside the calling program's "
5279 #: build/C/man2/getresuid.2:61
5280 msgid "These system calls appeared on Linux starting with kernel 2.1.44."
5284 #: build/C/man2/getresuid.2:66
5286 "The prototypes are given by glibc since version 2.3.2, provided "
5287 "B<_GNU_SOURCE> is defined."
5291 #: build/C/man2/getresuid.2:69 build/C/man2/setresuid.2:86
5292 msgid "These calls are nonstandard; they also appear on HP-UX and some of the BSDs."
5296 #: build/C/man2/getresuid.2:85
5298 "The original Linux B<getresuid>() and B<getresgid>() system calls "
5299 "supported only 16-bit user and group IDs. Subsequently, Linux 2.4 added "
5300 "B<getresuid32>() and B<getresgid32>(), supporting 32-bit IDs. The glibc "
5301 "B<getresuid>() and B<getresgid>() wrapper functions transparently deal "
5302 "with the variations across kernel versions."
5306 #: build/C/man2/getresuid.2:90
5308 "B<getuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), "
5313 #: build/C/man2/getrlimit.2:64
5319 #: build/C/man2/getrlimit.2:64
5325 #: build/C/man2/getrlimit.2:67
5326 msgid "getrlimit, setrlimit, prlimit - get/set resource limits"
5330 #: build/C/man2/getrlimit.2:73
5331 msgid "B<int getrlimit(int >I<resource>B<, struct rlimit *>I<rlim>B<);>"
5335 #: build/C/man2/getrlimit.2:75
5336 msgid "B<int setrlimit(int >I<resource>B<, const struct rlimit *>I<rlim>B<);>"
5340 #: build/C/man2/getrlimit.2:78
5342 "B<int prlimit(pid_t >I<pid>B<, int >I<resource>B<, const struct rlimit "
5343 "*>I<new_limit>B<,>"
5347 #: build/C/man2/getrlimit.2:80
5348 msgid "B< struct rlimit *>I<old_limit>B<);>"
5352 #: build/C/man2/getrlimit.2:88
5353 msgid "B<prlimit>(): _GNU_SOURCE && _FILE_OFFSET_BITS == 64"
5357 #: build/C/man2/getrlimit.2:97
5359 "The B<getrlimit>() and B<setrlimit>() system calls get and set resource "
5360 "limits respectively. Each resource has an associated soft and hard limit, "
5361 "as defined by the I<rlimit> structure:"
5365 #: build/C/man2/getrlimit.2:104
5369 " rlim_t rlim_cur; /* Soft limit */\n"
5370 " rlim_t rlim_max; /* Hard limit (ceiling for rlim_cur) */\n"
5375 #: build/C/man2/getrlimit.2:115
5377 "The soft limit is the value that the kernel enforces for the corresponding "
5378 "resource. The hard limit acts as a ceiling for the soft limit: an "
5379 "unprivileged process may only set its soft limit to a value in the range "
5380 "from 0 up to the hard limit, and (irreversibly) lower its hard limit. A "
5381 "privileged process (under Linux: one with the B<CAP_SYS_RESOURCE> "
5382 "capability) may make arbitrary changes to either limit value."
5386 #: build/C/man2/getrlimit.2:122
5388 "The value B<RLIM_INFINITY> denotes no limit on a resource (both in the "
5389 "structure returned by B<getrlimit>() and in the structure passed to "
5394 #: build/C/man2/getrlimit.2:126
5395 msgid "The I<resource> argument must be one of:"
5399 #: build/C/man2/getrlimit.2:126
5401 msgid "B<RLIMIT_AS>"
5404 #. since 2.0.27 / 2.1.12
5406 #: build/C/man2/getrlimit.2:146
5408 "The maximum size of the process's virtual memory (address space) in bytes. "
5409 "This limit affects calls to B<brk>(2), B<mmap>(2) and B<mremap>(2), which "
5410 "fail with the error B<ENOMEM> upon exceeding this limit. Also automatic "
5411 "stack expansion will fail (and generate a B<SIGSEGV> that kills the process "
5412 "if no alternate stack has been made available via B<sigaltstack>(2)). Since "
5413 "the value is a I<long>, on machines with a 32-bit I<long> either this limit "
5414 "is at most 2 GiB, or this resource is unlimited."
5418 #: build/C/man2/getrlimit.2:146
5420 msgid "B<RLIMIT_CORE>"
5424 #: build/C/man2/getrlimit.2:153
5426 "Maximum size of I<core> file. When 0 no core dump files are created. When "
5427 "nonzero, larger dumps are truncated to this size."
5431 #: build/C/man2/getrlimit.2:153
5433 msgid "B<RLIMIT_CPU>"
5437 #: build/C/man2/getrlimit.2:173
5439 "CPU time limit in seconds. When the process reaches the soft limit, it is "
5440 "sent a B<SIGXCPU> signal. The default action for this signal is to "
5441 "terminate the process. However, the signal can be caught, and the handler "
5442 "can return control to the main program. If the process continues to consume "
5443 "CPU time, it will be sent B<SIGXCPU> once per second until the hard limit is "
5444 "reached, at which time it is sent B<SIGKILL>. (This latter point describes "
5445 "Linux behavior. Implementations vary in how they treat processes which "
5446 "continue to consume CPU time after reaching the soft limit. Portable "
5447 "applications that need to catch this signal should perform an orderly "
5448 "termination upon first receipt of B<SIGXCPU>.)"
5452 #: build/C/man2/getrlimit.2:173
5454 msgid "B<RLIMIT_DATA>"
5458 #: build/C/man2/getrlimit.2:184
5460 "The maximum size of the process's data segment (initialized data, "
5461 "uninitialized data, and heap). This limit affects calls to B<brk>(2) and "
5462 "B<sbrk>(2), which fail with the error B<ENOMEM> upon encountering the soft "
5463 "limit of this resource."
5467 #: build/C/man2/getrlimit.2:184
5469 msgid "B<RLIMIT_FSIZE>"
5473 #: build/C/man2/getrlimit.2:196
5475 "The maximum size of files that the process may create. Attempts to extend a "
5476 "file beyond this limit result in delivery of a B<SIGXFSZ> signal. By "
5477 "default, this signal terminates a process, but a process can catch this "
5478 "signal instead, in which case the relevant system call (e.g., B<write>(2), "
5479 "B<truncate>(2)) fails with the error B<EFBIG>."
5483 #: build/C/man2/getrlimit.2:196
5485 msgid "B<RLIMIT_LOCKS> (Early Linux 2.4 only)"
5488 #. to be precise: Linux 2.4.0-test9; no longer in 2.4.25 / 2.5.65
5490 #: build/C/man2/getrlimit.2:204
5492 "A limit on the combined number of B<flock>(2) locks and B<fcntl>(2) leases "
5493 "that this process may establish."
5497 #: build/C/man2/getrlimit.2:204
5499 msgid "B<RLIMIT_MEMLOCK>"
5503 #: build/C/man2/getrlimit.2:242
5505 "The maximum number of bytes of memory that may be locked into RAM. In "
5506 "effect this limit is rounded down to the nearest multiple of the system page "
5507 "size. This limit affects B<mlock>(2) and B<mlockall>(2) and the "
5508 "B<mmap>(2) B<MAP_LOCKED> operation. Since Linux 2.6.9 it also affects the "
5509 "B<shmctl>(2) B<SHM_LOCK> operation, where it sets a maximum on the total "
5510 "bytes in shared memory segments (see B<shmget>(2)) that may be locked by "
5511 "the real user ID of the calling process. The B<shmctl>(2) B<SHM_LOCK> "
5512 "locks are accounted for separately from the per-process memory locks "
5513 "established by B<mlock>(2), B<mlockall>(2), and B<mmap>(2) B<MAP_LOCKED>; a "
5514 "process can lock bytes up to this limit in each of these two categories. In "
5515 "Linux kernels before 2.6.9, this limit controlled the amount of memory that "
5516 "could be locked by a privileged process. Since Linux 2.6.9, no limits are "
5517 "placed on the amount of memory that a privileged process may lock, and this "
5518 "limit instead governs the amount of memory that an unprivileged process may "
5523 #: build/C/man2/getrlimit.2:242
5525 msgid "B<RLIMIT_MSGQUEUE> (Since Linux 2.6.8)"
5529 #: build/C/man2/getrlimit.2:250
5531 "Specifies the limit on the number of bytes that can be allocated for POSIX "
5532 "message queues for the real user ID of the calling process. This limit is "
5533 "enforced for B<mq_open>(3). Each message queue that the user creates counts "
5534 "(until it is removed) against this limit according to the formula:"
5538 #: build/C/man2/getrlimit.2:254
5541 " bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) +\n"
5542 " attr.mq_maxmsg * attr.mq_msgsize\n"
5546 #: build/C/man2/getrlimit.2:262
5548 "where I<attr> is the I<mq_attr> structure specified as the fourth argument "
5553 #: build/C/man2/getrlimit.2:268
5555 "The first addend in the formula, which includes I<sizeof(struct msg_msg *)> "
5556 "(4 bytes on Linux/i386), ensures that the user cannot create an unlimited "
5557 "number of zero-length messages (such messages nevertheless each consume some "
5558 "system memory for bookkeeping overhead)."
5562 #: build/C/man2/getrlimit.2:268
5564 msgid "B<RLIMIT_NICE> (since Linux 2.6.12, but see BUGS below)"
5568 #: build/C/man2/getrlimit.2:281
5570 "Specifies a ceiling to which the process's nice value can be raised using "
5571 "B<setpriority>(2) or B<nice>(2). The actual ceiling for the nice value is "
5572 "calculated as I<20\\ -\\ rlim_cur>. (This strangeness occurs because "
5573 "negative numbers cannot be specified as resource limit values, since they "
5574 "typically have special meanings. For example, B<RLIM_INFINITY> typically is "
5579 #: build/C/man2/getrlimit.2:281
5581 msgid "B<RLIMIT_NOFILE>"
5585 #: build/C/man2/getrlimit.2:295
5587 "Specifies a value one greater than the maximum file descriptor number that "
5588 "can be opened by this process. Attempts (B<open>(2), B<pipe>(2), B<dup>(2), "
5589 "etc.) to exceed this limit yield the error B<EMFILE>. (Historically, this "
5590 "limit was named B<RLIMIT_OFILE> on BSD.)"
5594 #: build/C/man2/getrlimit.2:295
5596 msgid "B<RLIMIT_NPROC>"
5600 #: build/C/man2/getrlimit.2:303
5602 "The maximum number of processes (or, more precisely on Linux, threads) that "
5603 "can be created for the real user ID of the calling process. Upon "
5604 "encountering this limit, B<fork>(2) fails with the error B<EAGAIN>."
5608 #: build/C/man2/getrlimit.2:303
5610 msgid "B<RLIMIT_RSS>"
5613 #. As at kernel 2.6.12, this limit still does nothing in 2.6 though
5614 #. talk of making it do something has surfaced from time to time in LKML
5617 #: build/C/man2/getrlimit.2:315
5619 "Specifies the limit (in pages) of the process's resident set (the number of "
5620 "virtual pages resident in RAM). This limit only has effect in Linux 2.4.x, "
5621 "x E<lt> 30, and there only affects calls to B<madvise>(2) specifying "
5626 #: build/C/man2/getrlimit.2:315
5628 msgid "B<RLIMIT_RTPRIO> (Since Linux 2.6.12, but see BUGS)"
5632 #: build/C/man2/getrlimit.2:322
5634 "Specifies a ceiling on the real-time priority that may be set for this "
5635 "process using B<sched_setscheduler>(2) and B<sched_setparam>(2)."
5639 #: build/C/man2/getrlimit.2:322
5641 msgid "B<RLIMIT_RTTIME> (Since Linux 2.6.25)"
5645 #: build/C/man2/getrlimit.2:334
5647 "Specifies a limit (in microseconds) on the amount of CPU time that a "
5648 "process scheduled under a real-time scheduling policy may consume without "
5649 "making a blocking system call. For the purpose of this limit, each time a "
5650 "process makes a blocking system call, the count of its consumed CPU time is "
5651 "reset to zero. The CPU time count is not reset if the process continues "
5652 "trying to use the CPU but is preempted, its time slice expires, or it calls "
5653 "B<sched_yield>(2)."
5657 #: build/C/man2/getrlimit.2:345
5659 "Upon reaching the soft limit, the process is sent a B<SIGXCPU> signal. If "
5660 "the process catches or ignores this signal and continues consuming CPU time, "
5661 "then B<SIGXCPU> will be generated once each second until the hard limit is "
5662 "reached, at which point the process is sent a B<SIGKILL> signal."
5666 #: build/C/man2/getrlimit.2:348
5668 "The intended use of this limit is to stop a runaway real-time process from "
5669 "locking up the system."
5673 #: build/C/man2/getrlimit.2:348
5675 msgid "B<RLIMIT_SIGPENDING> (Since Linux 2.6.8)"
5678 #. This replaces the /proc/sys/kernel/rtsig-max system-wide limit
5679 #. that was present in kernels <= 2.6.7. MTK Dec 04
5681 #: build/C/man2/getrlimit.2:362
5683 "Specifies the limit on the number of signals that may be queued for the real "
5684 "user ID of the calling process. Both standard and real-time signals are "
5685 "counted for the purpose of checking this limit. However, the limit is only "
5686 "enforced for B<sigqueue>(3); it is always possible to use B<kill>(2) to "
5687 "queue one instance of any of the signals that are not already queued to the "
5692 #: build/C/man2/getrlimit.2:362
5694 msgid "B<RLIMIT_STACK>"
5698 #: build/C/man2/getrlimit.2:370
5700 "The maximum size of the process stack, in bytes. Upon reaching this limit, "
5701 "a B<SIGSEGV> signal is generated. To handle this signal, a process must "
5702 "employ an alternate signal stack (B<sigaltstack>(2))."
5706 #: build/C/man2/getrlimit.2:375
5708 "Since Linux 2.6.23, this limit also determines the amount of space used for "
5709 "the process's command-line arguments and environment variables; for details, "
5714 #: build/C/man2/getrlimit.2:375
5719 #. commit c022a0acad534fd5f5d5f17280f6d4d135e74e81
5720 #. Author: Jiri Slaby <jslaby@suse.cz>
5721 #. Date: Tue May 4 18:03:50 2010 +0200
5723 #: build/C/man2/getrlimit.2:386
5725 "The Linux-specific B<prlimit>() system call combines and extends the "
5726 "functionality of B<setrlimit>() and B<getrlimit>(). It can be used to both "
5727 "set and get the resource limits of an arbitrary process."
5731 #: build/C/man2/getrlimit.2:393
5733 "The I<resource> argument has the same meaning as for B<setrlimit>() and "
5738 #: build/C/man2/getrlimit.2:411
5740 "If the I<new_limit> argument is a not NULL, then the I<rlimit> structure to "
5741 "which it points is used to set new values for the soft and hard limits for "
5742 "I<resource>. If the I<old_limit> argument is a not NULL, then a successful "
5743 "call to B<prlimit>() places the previous soft and hard limits for "
5744 "I<resource> in the I<rlimit> structure pointed to by I<old_limit>."
5747 #. FIXME this permission check is strange
5748 #. Asked about this on LKML, 7 Nov 2010
5749 #. "Inconsistent credential checking in prlimit() syscall"
5751 #: build/C/man2/getrlimit.2:430
5753 "The I<pid> argument specifies the ID of the process on which the call is to "
5754 "operate. If I<pid> is 0, then the call applies to the calling process. To "
5755 "set or get the resources of a process other than itself, the caller must "
5756 "have the B<CAP_SYS_RESOURCE> capability, or the real, effective, and saved "
5757 "set user IDs of the target process must match the real user ID of the caller "
5758 "I<and> the real, effective, and saved set group IDs of the target process "
5759 "must match the real group ID of the caller."
5763 #: build/C/man2/getrlimit.2:435
5765 "On success, these system calls return 0. On error, -1 is returned, and "
5766 "I<errno> is set appropriately."
5770 #: build/C/man2/getrlimit.2:440
5772 "A pointer argument points to a location outside the accessible address "
5777 #: build/C/man2/getrlimit.2:452
5779 "The value specified in I<resource> is not valid; or, for B<setrlimit>() or "
5780 "B<prlimit>(): I<rlim-E<gt>rlim_cur> was greater than I<rlim-E<gt>rlim_max>."
5784 #: build/C/man2/getrlimit.2:464
5786 "An unprivileged process tried to raise the hard limit; the "
5787 "B<CAP_SYS_RESOURCE> capability is required to do this. Or, the caller tried "
5788 "to increase the hard B<RLIMIT_NOFILE> limit above the current kernel maximum "
5789 "(B<NR_OPEN>). Or, the calling process did not have permission to set limits "
5790 "for the process specified by I<pid>."
5794 #: build/C/man2/getrlimit.2:468
5795 msgid "Could not find a process with the ID specified in I<pid>."
5799 #: build/C/man2/getrlimit.2:473
5801 "The B<prlimit>() system call is available since Linux 2.6.36. Library "
5802 "support is available since glibc 2.13."
5806 #: build/C/man2/getrlimit.2:477
5807 msgid "B<getrlimit>(), B<setrlimit>(): SVr4, 4.3BSD, POSIX.1-2001."
5811 #: build/C/man2/getrlimit.2:480
5812 msgid "B<prlimit>(): Linux-specific."
5816 #: build/C/man2/getrlimit.2:496
5818 "B<RLIMIT_MEMLOCK> and B<RLIMIT_NPROC> derive from BSD and are not specified "
5819 "in POSIX.1-2001; they are present on the BSDs and Linux, but on few other "
5820 "implementations. B<RLIMIT_RSS> derives from BSD and is not specified in "
5821 "POSIX.1-2001; it is nevertheless present on most implementations. "
5822 "B<RLIMIT_MSGQUEUE>, B<RLIMIT_NICE>, B<RLIMIT_RTPRIO>, B<RLIMIT_RTTIME>, and "
5823 "B<RLIMIT_SIGPENDING> are Linux-specific."
5827 #: build/C/man2/getrlimit.2:502
5829 "A child process created via B<fork>(2) inherits its parent's resource "
5830 "limits. Resource limits are preserved across B<execve>(2)."
5834 #: build/C/man2/getrlimit.2:511
5836 "One can set the resource limits of the shell using the built-in I<ulimit> "
5837 "command (I<limit> in B<csh>(1)). The shell's resource limits are inherited "
5838 "by the processes that it creates to execute commands."
5842 #: build/C/man2/getrlimit.2:520
5844 "Ancient systems provided a B<vlimit>() function with a similar purpose to "
5845 "B<setrlimit>(). For backward compatibility, glibc also provides "
5846 "B<vlimit>(). All new applications should be written using B<setrlimit>()."
5850 #: build/C/man2/getrlimit.2:523
5851 msgid "The program below demonstrates the use of B<prlimit>()."
5855 #: build/C/man2/getrlimit.2:532
5858 "#define _GNU_SOURCE\n"
5859 "#define _FILE_OFFSET_BITS 64\n"
5860 "#include E<lt>stdio.hE<gt>\n"
5861 "#include E<lt>time.hE<gt>\n"
5862 "#include E<lt>stdlib.hE<gt>\n"
5863 "#include E<lt>unistd.hE<gt>\n"
5864 "#include E<lt>sys/resource.hE<gt>\n"
5868 #: build/C/man2/getrlimit.2:535
5871 "#define errExit(msg) \tdo { perror(msg); exit(EXIT_FAILURE); \\e\n"
5876 #: build/C/man2/getrlimit.2:542
5880 "main(int argc, char *argv[])\n"
5882 " struct rlimit old, new;\n"
5883 " struct rlimit *newp;\n"
5888 #: build/C/man2/getrlimit.2:548
5891 " if (!(argc == 2 || argc == 4)) {\n"
5892 " fprintf(stderr, \"Usage: %s E<lt>pidE<gt> [E<lt>new-soft-limitE<gt> "
5894 " \"E<lt>new-hard-limitE<gt>]\\en\", argv[0]);\n"
5895 " exit(EXIT_FAILURE);\n"
5900 #: build/C/man2/getrlimit.2:550
5902 msgid " pid = atoi(argv[1]); /* PID of target process */\n"
5906 #: build/C/man2/getrlimit.2:557
5910 " if (argc == 4) {\n"
5911 " new.rlim_cur = atoi(argv[2]);\n"
5912 " new.rlim_max = atoi(argv[3]);\n"
5918 #: build/C/man2/getrlimit.2:560
5921 " /* Set CPU time limit of target process; retrieve and display\n"
5922 " previous limit */\n"
5926 #: build/C/man2/getrlimit.2:565
5929 " if (prlimit(pid, RLIMIT_CPU, newp, &old) == -1)\n"
5930 " errExit(\"prlimit-1\");\n"
5931 " printf(\"Previous limits: soft=%lld; hard=%lld\\en\",\n"
5932 " (long long) old.rlim_cur, (long long) old.rlim_max);\n"
5936 #: build/C/man2/getrlimit.2:567
5938 msgid " /* Retrieve and display new CPU time limit */\n"
5942 #: build/C/man2/getrlimit.2:572
5945 " if (prlimit(pid, RLIMIT_CPU, NULL, &old) == -1)\n"
5946 " errExit(\"prlimit-2\");\n"
5947 " printf(\"New limits: soft=%lld; hard=%lld\\en\",\n"
5948 " (long long) old.rlim_cur, (long long) old.rlim_max);\n"
5952 #: build/C/man2/getrlimit.2:575
5955 " exit(EXIT_FAILURE);\n"
5959 #. FIXME prlimit() does not suffer
5960 #. https://bugzilla.kernel.org/show_bug.cgi?id=5042
5961 #. http://sources.redhat.com/bugzilla/show_bug.cgi?id=12201
5963 #: build/C/man2/getrlimit.2:588
5965 "In older Linux kernels, the B<SIGXCPU> and B<SIGKILL> signals delivered when "
5966 "a process encountered the soft and hard B<RLIMIT_CPU> limits were delivered "
5967 "one (CPU) second later than they should have been. This was fixed in kernel "
5971 #. see http://marc.theaimsgroup.com/?l=linux-kernel&m=114008066530167&w=2
5973 #: build/C/man2/getrlimit.2:596
5975 "In 2.6.x kernels before 2.6.17, a B<RLIMIT_CPU> limit of 0 is wrongly "
5976 "treated as \"no limit\" (like B<RLIM_INFINITY>). Since Linux 2.6.17, "
5977 "setting a limit of 0 does have an effect, but is actually treated as a limit "
5982 #: build/C/man2/getrlimit.2:600
5984 "A kernel bug means that B<RLIMIT_RTPRIO> does not work in kernel 2.6.12; the "
5985 "problem is fixed in kernel 2.6.13."
5988 #. see http://marc.theaimsgroup.com/?l=linux-kernel&m=112256338703880&w=2
5990 #: build/C/man2/getrlimit.2:611
5992 "In kernel 2.6.12, there was an off-by-one mismatch between the priority "
5993 "ranges returned by B<getpriority>(2) and B<RLIMIT_NICE>. This had the "
5994 "effect that the actual ceiling for the nice value was calculated as I<19\\ "
5995 "-\\ rlim_cur>. This was fixed in kernel 2.6.13."
5999 #: build/C/man2/getrlimit.2:620
6001 "Kernels before 2.4.22 did not diagnose the error B<EINVAL> for "
6002 "B<setrlimit>() when I<rlim-E<gt>rlim_cur> was greater than "
6003 "I<rlim-E<gt>rlim_max>."
6007 #: build/C/man2/getrlimit.2:636
6009 "B<dup>(2), B<fcntl>(2), B<fork>(2), B<getrusage>(2), B<mlock>(2), "
6010 "B<mmap>(2), B<open>(2), B<quotactl>(2), B<sbrk>(2), B<shmctl>(2), "
6011 "B<malloc>(3), B<sigqueue>(3), B<ulimit>(3), B<core>(5), B<capabilities>(7), "
6016 #: build/C/man2/getrusage.2:39
6022 #: build/C/man2/getrusage.2:39 build/C/man2/getsid.2:25 build/C/man2/setpgid.2:46
6028 #: build/C/man2/getrusage.2:42
6029 msgid "getrusage - get resource usage"
6033 #: build/C/man2/getrusage.2:48
6034 msgid "B<int getrusage(int >I<who>B<, struct rusage *>I<usage>B<);>"
6038 #: build/C/man2/getrusage.2:54
6040 "B<getrusage>() returns resource usage measures for I<who>, which can be one "
6045 #: build/C/man2/getrusage.2:54
6047 msgid "B<RUSAGE_SELF>"
6051 #: build/C/man2/getrusage.2:58
6053 "Return resource usage statistics for the calling process, which is the sum "
6054 "of resources used by all threads in the process."
6058 #: build/C/man2/getrusage.2:58
6060 msgid "B<RUSAGE_CHILDREN>"
6064 #: build/C/man2/getrusage.2:65
6066 "Return resource usage statistics for all children of the calling process "
6067 "that have terminated and been waited for. These statistics will include the "
6068 "resources used by grandchildren, and further removed descendants, if all of "
6069 "the intervening descendants waited on their terminated children."
6073 #: build/C/man2/getrusage.2:65
6075 msgid "B<RUSAGE_THREAD> (since Linux 2.6.26)"
6079 #: build/C/man2/getrusage.2:68
6080 msgid "Return resource usage statistics for the calling thread."
6084 #: build/C/man2/getrusage.2:72
6086 "The resource usages are returned in the structure pointed to by I<usage>, "
6087 "which has the following form:"
6091 #: build/C/man2/getrusage.2:93
6095 " struct timeval ru_utime; /* user CPU time used */\n"
6096 " struct timeval ru_stime; /* system CPU time used */\n"
6097 " long ru_maxrss; /* maximum resident set size */\n"
6098 " long ru_ixrss; /* integral shared memory size */\n"
6099 " long ru_idrss; /* integral unshared data size */\n"
6100 " long ru_isrss; /* integral unshared stack size */\n"
6101 " long ru_minflt; /* page reclaims (soft page faults) */\n"
6102 " long ru_majflt; /* page faults (hard page faults) */\n"
6103 " long ru_nswap; /* swaps */\n"
6104 " long ru_inblock; /* block input operations */\n"
6105 " long ru_oublock; /* block output operations */\n"
6106 " long ru_msgsnd; /* IPC messages sent */\n"
6107 " long ru_msgrcv; /* IPC messages received */\n"
6108 " long ru_nsignals; /* signals received */\n"
6109 " long ru_nvcsw; /* voluntary context switches */\n"
6110 " long ru_nivcsw; /* involuntary context switches */\n"
6115 #: build/C/man2/getrusage.2:101
6117 "Not all fields are completed; unmaintained fields are set to zero by the "
6118 "kernel. (The unmaintained fields are provided for compatibility with other "
6119 "systems, and because they may one day be supported on Linux.) The fields "
6120 "are interpreted as follows:"
6124 #: build/C/man2/getrusage.2:101
6130 #: build/C/man2/getrusage.2:107
6132 "This is the total amount of time spent executing in user mode, expressed in "
6133 "a I<timeval> structure (seconds plus microseconds)."
6137 #: build/C/man2/getrusage.2:107
6143 #: build/C/man2/getrusage.2:113
6145 "This is the total amount of time spent executing in kernel mode, expressed "
6146 "in a I<timeval> structure (seconds plus microseconds)."
6150 #: build/C/man2/getrusage.2:113
6152 msgid "I<ru_maxrss> (since Linux 2.6.32)"
6156 #: build/C/man2/getrusage.2:119
6158 "This is the maximum resident set size used (in kilobytes). For "
6159 "B<RUSAGE_CHILDREN>, this is the resident set size of the largest child, not "
6160 "the maximum resident set size of the process tree."
6164 #: build/C/man2/getrusage.2:119
6166 msgid "I<ru_ixrss> (unmaintained)"
6169 #. On some systems, this field records the number of signals received.
6171 #: build/C/man2/getrusage.2:125 build/C/man2/getrusage.2:130 build/C/man2/getrusage.2:135 build/C/man2/getrusage.2:147 build/C/man2/getrusage.2:159 build/C/man2/getrusage.2:165 build/C/man2/getrusage.2:169
6172 msgid "This field is currently unused on Linux."
6176 #: build/C/man2/getrusage.2:125
6178 msgid "I<ru_idrss> (unmaintained)"
6182 #: build/C/man2/getrusage.2:130
6184 msgid "I<ru_isrss> (unmaintained)"
6188 #: build/C/man2/getrusage.2:135
6190 msgid "I<ru_minflt>"
6194 #: build/C/man2/getrusage.2:140
6196 "The number of page faults serviced without any I/O activity; here I/O "
6197 "activity is avoided by ``reclaiming'' a page frame from the list of pages "
6198 "awaiting reallocation."
6202 #: build/C/man2/getrusage.2:140
6204 msgid "I<ru_majflt>"
6208 #: build/C/man2/getrusage.2:143
6209 msgid "The number of page faults serviced that required I/O activity."
6213 #: build/C/man2/getrusage.2:143
6215 msgid "I<ru_nswap> (unmaintained)"
6219 #: build/C/man2/getrusage.2:147
6221 msgid "I<ru_inblock> (since Linux 2.6.22)"
6225 #: build/C/man2/getrusage.2:150
6226 msgid "The number of times the file system had to perform input."
6230 #: build/C/man2/getrusage.2:150
6232 msgid "I<ru_oublock> (since Linux 2.6.22)"
6236 #: build/C/man2/getrusage.2:153
6237 msgid "The number of times the file system had to perform output."
6241 #: build/C/man2/getrusage.2:153
6243 msgid "I<ru_msgsnd> (unmaintained)"
6247 #: build/C/man2/getrusage.2:159
6249 msgid "I<ru_msgrcv> (unmaintained)"
6253 #: build/C/man2/getrusage.2:165
6255 msgid "I<ru_nsignals> (unmaintained)"
6259 #: build/C/man2/getrusage.2:169
6261 msgid "I<ru_nvcsw> (since Linux 2.6)"
6265 #: build/C/man2/getrusage.2:174
6267 "The number of times a context switch resulted due to a process voluntarily "
6268 "giving up the processor before its time slice was completed (usually to "
6269 "await availability of a resource)."
6273 #: build/C/man2/getrusage.2:174
6275 msgid "I<ru_nivcsw> (since Linux 2.6)"
6279 #: build/C/man2/getrusage.2:179
6281 "The number of times a context switch resulted due to a higher priority "
6282 "process becoming runnable or because the current process exceeded its time "
6287 #: build/C/man2/getrusage.2:190
6288 msgid "I<usage> points outside the accessible address space."
6292 #: build/C/man2/getrusage.2:194
6293 msgid "I<who> is invalid."
6297 #: build/C/man2/getrusage.2:202
6299 "SVr4, 4.3BSD. POSIX.1-2001 specifies B<getrusage>(), but only specifies the "
6300 "fields I<ru_utime> and I<ru_stime>."
6304 #: build/C/man2/getrusage.2:205
6305 msgid "B<RUSAGE_THREAD> is Linux-specific."
6309 #: build/C/man2/getrusage.2:208
6310 msgid "Resource usage metrics are preserved across an B<execve>(2)."
6314 #: build/C/man2/getrusage.2:216
6316 "Including I<E<lt>sys/time.hE<gt>> is not required these days, but increases "
6317 "portability. (Indeed, I<struct timeval> is defined in "
6318 "I<E<lt>sys/time.hE<gt>>.)"
6321 #. See the description of getrusage() in XSH.
6322 #. A similar statement was also in SUSv2.
6324 #: build/C/man2/getrusage.2:228
6326 "In Linux kernel versions before 2.6.9, if the disposition of B<SIGCHLD> is "
6327 "set to B<SIG_IGN> then the resource usages of child processes are "
6328 "automatically included in the value returned by B<RUSAGE_CHILDREN>, although "
6329 "POSIX.1-2001 explicitly prohibits this. This nonconformance is rectified in "
6330 "Linux 2.6.9 and later."
6334 #: build/C/man2/getrusage.2:231
6336 "The structure definition shown at the start of this page was taken from "
6341 #: build/C/man2/getrusage.2:240
6343 "Ancient systems provided a B<vtimes>() function with a similar purpose to "
6344 "B<getrusage>(). For backward compatibility, glibc also provides "
6345 "B<vtimes>(). All new applications should be written using B<getrusage>()."
6349 #: build/C/man2/getrusage.2:245
6350 msgid "See also the description of I</proc/PID/stat> in B<proc>(5)."
6354 #: build/C/man2/getrusage.2:251
6356 "B<clock_gettime>(2), B<getrlimit>(2), B<times>(2), B<wait>(2), B<wait4>(2), "
6361 #: build/C/man2/getsid.2:25
6367 #: build/C/man2/getsid.2:28
6368 msgid "getsid - get session ID"
6372 #: build/C/man2/getsid.2:32
6373 msgid "B<pid_t getsid(pid_t>I< pid>B<);>"
6377 #: build/C/man2/getsid.2:41
6378 msgid "B<getsid>():"
6382 #: build/C/man2/getsid.2:44 build/C/man2/setpgid.2:77
6383 msgid "_XOPEN_SOURCE\\ E<gt>=\\ 500 || _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED"
6387 #: build/C/man2/getsid.2:46 build/C/man2/setpgid.2:79
6388 msgid "|| /* Since glibc 2.12: */ _POSIX_C_SOURCE\\ E<gt>=\\ 200809L"
6392 #: build/C/man2/getsid.2:57
6394 "I<getsid(0)> returns the session ID of the calling process. I<getsid(p)> "
6395 "returns the session ID of the process with process ID I<p>. (The session ID "
6396 "of a process is the process group ID of the session leader.)"
6400 #: build/C/man2/getsid.2:62
6402 "On success, a session ID is returned. On error, I<(pid_t)\\ -1> will be "
6403 "returned, and I<errno> is set appropriately."
6407 #: build/C/man2/getsid.2:69
6409 "A process with process ID I<p> exists, but it is not in the same session as "
6410 "the calling process, and the implementation considers this an error."
6414 #: build/C/man2/getsid.2:74
6415 msgid "No process with process ID I<p> was found."
6418 #. Linux has this system call since Linux 1.3.44.
6419 #. There is libc support since libc 5.2.19.
6421 #: build/C/man2/getsid.2:78
6422 msgid "This system call is available on Linux since version 2.0."
6426 #: build/C/man2/getsid.2:80 build/C/man2/setgid.2:76 build/C/man2/setsid.2:66
6427 msgid "SVr4, POSIX.1-2001."
6431 #: build/C/man2/getsid.2:83
6432 msgid "Linux does not return B<EPERM>."
6436 #: build/C/man2/getsid.2:86
6437 msgid "B<getpgid>(2), B<setsid>(2), B<credentials>(7)"
6441 #: build/C/man2/getuid.2:26
6447 #: build/C/man2/getuid.2:29
6448 msgid "getuid, geteuid - get user identity"
6452 #: build/C/man2/getuid.2:35
6453 msgid "B<uid_t getuid(void);>"
6457 #: build/C/man2/getuid.2:37
6458 msgid "B<uid_t geteuid(void);>"
6462 #: build/C/man2/getuid.2:40
6463 msgid "B<getuid>() returns the real user ID of the calling process."
6467 #: build/C/man2/getuid.2:43
6468 msgid "B<geteuid>() returns the effective user ID of the calling process."
6472 #: build/C/man2/getuid.2:48
6478 #: build/C/man2/getuid.2:57
6480 "In UNIX V6 the B<getuid>() call returned I<(euid E<lt>E<lt> 8) + uid>. "
6481 "UNIX V7 introduced separate calls B<getuid>() and B<geteuid>()."
6485 #: build/C/man2/getuid.2:73
6487 "The original Linux B<getuid>() and B<geteuid>() system calls supported "
6488 "only 16-bit user IDs. Subsequently, Linux 2.4 added B<getuid32>() and "
6489 "B<geteuid32>(), supporting 32-bit IDs. The glibc B<getuid>() and "
6490 "B<geteuid>() wrapper functions transparently deal with the variations "
6491 "across kernel versions."
6495 #: build/C/man2/getuid.2:77
6496 msgid "B<getresuid>(2), B<setreuid>(2), B<setuid>(2), B<credentials>(7)"
6500 #: build/C/man2/iopl.2:33
6506 #: build/C/man2/iopl.2:33
6512 #: build/C/man2/iopl.2:36
6513 msgid "iopl - change I/O privilege level"
6517 #: build/C/man2/iopl.2:38
6518 msgid "B<#include E<lt>sys/io.hE<gt>>"
6522 #: build/C/man2/iopl.2:40
6523 msgid "B<int iopl(int >I<level>B<);>"
6527 #: build/C/man2/iopl.2:44
6529 "B<iopl>() changes the I/O privilege level of the calling process, as "
6530 "specified in I<level>."
6534 #: build/C/man2/iopl.2:50
6536 "This call is necessary to allow 8514-compatible X servers to run under "
6537 "Linux. Since these X servers require access to all 65536 I/O ports, the "
6538 "B<ioperm>(2) call is not sufficient."
6542 #: build/C/man2/iopl.2:54
6544 "In addition to granting unrestricted I/O port access, running at a higher "
6545 "I/O privilege level also allows the process to disable interrupts. This "
6546 "will probably crash the system, and is not recommended."
6550 #: build/C/man2/iopl.2:59
6551 msgid "Permissions are inherited by B<fork>(2) and B<execve>(2)."
6555 #: build/C/man2/iopl.2:61
6556 msgid "The I/O privilege level for a normal process is 0."
6560 #: build/C/man2/iopl.2:65
6562 "This call is mostly for the i386 architecture. On many other architectures "
6563 "it does not exist or will always return an error."
6567 #: build/C/man2/iopl.2:75
6568 msgid "I<level> is greater than 3."
6572 #: build/C/man2/iopl.2:78
6573 msgid "This call is unimplemented."
6577 #: build/C/man2/iopl.2:85
6579 "The calling process has insufficient privilege to call B<iopl>(); the "
6580 "B<CAP_SYS_RAWIO> capability is required."
6584 #: build/C/man2/iopl.2:89
6586 "B<iopl>() is Linux-specific and should not be used in processes intended to "
6591 #: build/C/man2/iopl.2:98
6593 "Libc5 treats it as a system call and has a prototype in "
6594 "I<E<lt>unistd.hE<gt>>. Glibc1 does not have a prototype. Glibc2 has a "
6595 "prototype both in I<E<lt>sys/io.hE<gt>> and in I<E<lt>sys/perm.hE<gt>>. "
6596 "Avoid the latter, it is available on i386 only."
6600 #: build/C/man2/iopl.2:100
6601 msgid "B<ioperm>(2), B<capabilities>(7)"
6605 #: build/C/man2/ioprio_set.2:25
6611 #: build/C/man2/ioprio_set.2:25
6617 #: build/C/man2/ioprio_set.2:28
6618 msgid "ioprio_get, ioprio_set - get/set I/O scheduling class and priority"
6622 #: build/C/man2/ioprio_set.2:32
6625 "B<int ioprio_get(int >I<which>B<, int >I<who>B<);>\n"
6626 "B<int ioprio_set(int >I<which>B<, int >I<who>B<, int >I<ioprio>B<);>\n"
6630 #: build/C/man2/ioprio_set.2:40
6632 "The B<ioprio_get>() and B<ioprio_set>() system calls respectively get and "
6633 "set the I/O scheduling class and priority of one or more processes."
6637 #: build/C/man2/ioprio_set.2:52
6639 "The I<which> and I<who> arguments identify the process(es) on which the "
6640 "system calls operate. The I<which> argument determines how I<who> is "
6641 "interpreted, and has one of the following values:"
6645 #: build/C/man2/ioprio_set.2:52
6647 msgid "B<IOPRIO_WHO_PROCESS>"
6651 #: build/C/man2/ioprio_set.2:56
6652 msgid "I<who> is a process ID identifying a single process."
6656 #: build/C/man2/ioprio_set.2:56
6658 msgid "B<IOPRIO_WHO_PGRP>"
6662 #: build/C/man2/ioprio_set.2:60
6663 msgid "I<who> is a process group ID identifying all the members of a process group."
6667 #: build/C/man2/ioprio_set.2:60
6669 msgid "B<IOPRIO_WHO_USER>"
6673 #: build/C/man2/ioprio_set.2:65
6675 "I<who> is a user ID identifying all of the processes that have a matching "
6680 #: build/C/man2/ioprio_set.2:88
6682 "If I<which> is specified as B<IOPRIO_WHO_PGRP> or B<IOPRIO_WHO_USER> when "
6683 "calling B<ioprio_get>(), and more than one process matches I<who>, then the "
6684 "returned priority will be the highest one found among all of the matching "
6685 "processes. One priority is said to be higher than another one if it belongs "
6686 "to a higher priority class (B<IOPRIO_CLASS_RT> is the highest priority "
6687 "class; B<IOPRIO_CLASS_IDLE> is the lowest) or if it belongs to the same "
6688 "priority class as the other process but has a higher priority level (a lower "
6689 "priority number means a higher priority level)."
6693 #: build/C/man2/ioprio_set.2:98
6695 "The I<ioprio> argument given to B<ioprio_set>() is a bit mask that "
6696 "specifies both the scheduling class and the priority to be assigned to the "
6697 "target process(es). The following macros are used for assembling and "
6698 "dissecting I<ioprio> values:"
6702 #: build/C/man2/ioprio_set.2:98
6704 msgid "B<IOPRIO_PRIO_VALUE(>I<class>B<, >I<data>B<)>"
6708 #: build/C/man2/ioprio_set.2:107
6710 "Given a scheduling I<class> and priority (I<data>), this macro combines the "
6711 "two values to produce an I<ioprio> value, which is returned as the result of "
6716 #: build/C/man2/ioprio_set.2:107
6718 msgid "B<IOPRIO_PRIO_CLASS(>I<mask>B<)>"
6722 #: build/C/man2/ioprio_set.2:119
6724 "Given I<mask> (an I<ioprio> value), this macro returns its I/O class "
6725 "component, that is, one of the values B<IOPRIO_CLASS_RT>, "
6726 "B<IOPRIO_CLASS_BE>, or B<IOPRIO_CLASS_IDLE>."
6730 #: build/C/man2/ioprio_set.2:119
6732 msgid "B<IOPRIO_PRIO_DATA(>I<mask>B<)>"
6736 #: build/C/man2/ioprio_set.2:128
6738 "Given I<mask> (an I<ioprio> value), this macro returns its priority "
6739 "(I<data>) component."
6743 #: build/C/man2/ioprio_set.2:131
6745 "See the NOTES section for more information on scheduling classes and "
6750 #: build/C/man2/ioprio_set.2:139
6752 "I/O priorities are supported for reads and for synchronous (B<O_DIRECT>, "
6753 "B<O_SYNC>) writes. I/O priorities are not supported for asynchronous "
6754 "writes because they are issued outside the context of the program dirtying "
6755 "the memory, and thus program-specific priorities do not apply."
6759 #: build/C/man2/ioprio_set.2:152
6761 "On success, B<ioprio_get>() returns the I<ioprio> value of the process with "
6762 "highest I/O priority of any of the processes that match the criteria "
6763 "specified in I<which> and I<who>. On error, -1 is returned, and I<errno> is "
6764 "set to indicate the error."
6768 #: build/C/man2/ioprio_set.2:159
6770 "On success, B<ioprio_set>() returns 0. On error, -1 is returned, and "
6771 "I<errno> is set to indicate the error."
6775 #: build/C/man2/ioprio_set.2:169
6777 "Invalid value for I<which> or I<ioprio>. Refer to the NOTES section for "
6778 "available scheduler classes and priority levels for I<ioprio>."
6782 #: build/C/man2/ioprio_set.2:177
6784 "The calling process does not have the privilege needed to assign this "
6785 "I<ioprio> to the specified process(es). See the NOTES section for more "
6786 "information on required privileges for B<ioprio_set>()."
6790 #: build/C/man2/ioprio_set.2:183
6792 "No process(es) could be found that matched the specification in I<which> and "
6797 #: build/C/man2/ioprio_set.2:186
6798 msgid "These system calls have been available on Linux since kernel 2.6.13."
6802 #: build/C/man2/ioprio_set.2:191
6804 "Glibc does not provide wrapper for these system calls; call them using "
6809 #: build/C/man2/ioprio_set.2:196
6811 "These system calls only have an effect when used in conjunction with an I/O "
6812 "scheduler that supports I/O priorities. As at kernel 2.6.17 the only such "
6813 "scheduler is the Completely Fair Queuing (CFQ) I/O scheduler."
6817 #: build/C/man2/ioprio_set.2:196
6819 msgid "Selecting an I/O Scheduler"
6823 #: build/C/man2/ioprio_set.2:200
6825 "I/O Schedulers are selected on a per-device basis via the special file "
6826 "I</sys/block/E<lt>deviceE<gt>/queue/scheduler>."
6830 #: build/C/man2/ioprio_set.2:206
6832 "One can view the current I/O scheduler via the I</sys> file system. For "
6833 "example, the following command displays a list of all schedulers currently "
6834 "loaded in the kernel:"
6838 #: build/C/man2/ioprio_set.2:211
6841 "$B< cat /sys/block/hda/queue/scheduler>\n"
6842 "noop anticipatory deadline [cfq]\n"
6846 #: build/C/man2/ioprio_set.2:225
6848 "The scheduler surrounded by brackets is the one actually in use for the "
6849 "device (I<hda> in the example). Setting another scheduler is done by "
6850 "writing the name of the new scheduler to this file. For example, the "
6851 "following command will set the scheduler for the I<hda> device to I<cfq>:"
6855 #: build/C/man2/ioprio_set.2:231
6860 "#B< echo cfq E<gt> /sys/block/hda/queue/scheduler>\n"
6864 #: build/C/man2/ioprio_set.2:233
6866 msgid "The Completely Fair Queuing (CFQ) I/O Scheduler"
6870 #: build/C/man2/ioprio_set.2:239
6872 "Since v3 (aka CFQ Time Sliced) CFQ implements I/O nice levels similar to "
6873 "those of CPU scheduling. These nice levels are grouped in three scheduling "
6874 "classes each one containing one or more priority levels:"
6878 #: build/C/man2/ioprio_set.2:239
6880 msgid "B<IOPRIO_CLASS_RT> (1)"
6884 #: build/C/man2/ioprio_set.2:254
6886 "This is the real-time I/O class. This scheduling class is given higher "
6887 "priority than any other class: processes from this class are given first "
6888 "access to the disk every time. Thus this I/O class needs to be used with "
6889 "some care: one I/O real-time process can starve the entire system. Within "
6890 "the real-time class, there are 8 levels of class data (priority) that "
6891 "determine exactly how much time this process needs the disk for on each "
6892 "service. The highest real-time priority level is 0; the lowest is 7. In "
6893 "the future this might change to be more directly mappable to performance, by "
6894 "passing in a desired data rate instead."
6898 #: build/C/man2/ioprio_set.2:254
6900 msgid "B<IOPRIO_CLASS_BE> (2)"
6904 #: build/C/man2/ioprio_set.2:267
6906 "This is the best-effort scheduling class, which is the default for any "
6907 "process that hasn't set a specific I/O priority. The class data (priority) "
6908 "determines how much I/O bandwidth the process will get. Best-effort "
6909 "priority levels are analogous to CPU nice values (see B<getpriority>(2)). "
6910 "The priority level determines a priority relative to other processes in the "
6911 "best-effort scheduling class. Priority levels range from 0 (highest) to 7 "
6916 #: build/C/man2/ioprio_set.2:267
6918 msgid "B<IOPRIO_CLASS_IDLE> (3)"
6922 #: build/C/man2/ioprio_set.2:276
6924 "This is the idle scheduling class. Processes running at this level only get "
6925 "I/O time when no-one else needs the disk. The idle class has no class "
6926 "data. Attention is required when assigning this priority class to a "
6927 "process, since it may become starved if higher priority processes are "
6928 "constantly accessing the disk."
6932 #: build/C/man2/ioprio_set.2:280
6934 "Refer to I<Documentation/block/ioprio.txt> for more information on the CFQ "
6935 "I/O Scheduler and an example program."
6939 #: build/C/man2/ioprio_set.2:280
6941 msgid "Required permissions to set I/O priorities"
6945 #: build/C/man2/ioprio_set.2:283
6947 "Permission to change a process's priority is granted or denied based on two "
6952 #: build/C/man2/ioprio_set.2:283
6954 msgid "B<Process ownership>"
6958 #: build/C/man2/ioprio_set.2:291
6960 "An unprivileged process may only set the I/O priority of a process whose "
6961 "real UID matches the real or effective UID of the calling process. A "
6962 "process which has the B<CAP_SYS_NICE> capability can change the priority of "
6967 #: build/C/man2/ioprio_set.2:291
6969 msgid "B<What is the desired priority>"
6973 #: build/C/man2/ioprio_set.2:303
6975 "Attempts to set very high priorities (B<IOPRIO_CLASS_RT>) require the "
6976 "B<CAP_SYS_ADMIN> capability. Kernel versions up to 2.6.24 also required "
6977 "B<CAP_SYS_ADMIN> to set a very low priority (B<IOPRIO_CLASS_IDLE>), but "
6978 "since Linux 2.6.25, this is no longer required."
6982 #: build/C/man2/ioprio_set.2:308
6984 "A call to B<ioprio_set>() must follow both rules, or the call will fail "
6985 "with the error B<EPERM>."
6988 #. 6 May 07: Bug report raised:
6989 #. http://sources.redhat.com/bugzilla/show_bug.cgi?id=4464
6990 #. Ulrich Drepper replied that he wasn't going to add these
6993 #: build/C/man2/ioprio_set.2:317
6995 "Glibc does not yet provide a suitable header file defining the function "
6996 "prototypes and macros described on this page. Suitable definitions can be "
6997 "found in I<linux/ioprio.h>."
7001 #: build/C/man2/ioprio_set.2:321
7002 msgid "B<getpriority>(2), B<open>(2), B<capabilities>(7)"
7006 #: build/C/man2/ioprio_set.2:322
7007 msgid "Documentation/block/ioprio.txt in the kernel source tree."
7011 #: build/C/man2/ipc.2:26
7017 #: build/C/man2/ipc.2:26
7023 #: build/C/man2/ipc.2:29
7024 msgid "ipc - System V IPC system calls"
7028 #: build/C/man2/ipc.2:34
7031 "B<int ipc(unsigned int >I<call>B<, int >I<first>B<, int >I<second>B<, int "
7033 "B< void *>I<ptr>B<, long >I<fifth>B<);>\n"
7037 #: build/C/man2/ipc.2:42
7039 "B<ipc>() is a common kernel entry point for the System V IPC calls for "
7040 "messages, semaphores, and shared memory. I<call> determines which IPC "
7041 "function to invoke; the other arguments are passed through to the "
7046 #: build/C/man2/ipc.2:46
7048 "User programs should call the appropriate functions by their usual names. "
7049 "Only standard library implementors and kernel hackers need to know about "
7054 #: build/C/man2/ipc.2:50
7056 "B<ipc>() is Linux-specific, and should not be used in programs intended to "
7061 #: build/C/man2/ipc.2:58
7063 "On a few architectures, for example ia64, there is no B<ipc>() system call; "
7064 "instead B<msgctl>(2), B<semctl>(2), B<shmctl>(2), and so on really are "
7065 "implemented as separate system calls."
7069 #: build/C/man2/ipc.2:70
7071 "B<msgctl>(2), B<msgget>(2), B<msgrcv>(2), B<msgsnd>(2), B<semctl>(2), "
7072 "B<semget>(2), B<semop>(2), B<semtimedop>(2), B<shmat>(2), B<shmctl>(2), "
7073 "B<shmdt>(2), B<shmget>(2)"
7077 #: build/C/man2/seteuid.2:27
7083 #: build/C/man2/seteuid.2:27
7089 #: build/C/man2/seteuid.2:30
7090 msgid "seteuid, setegid - set effective user or group ID"
7094 #: build/C/man2/seteuid.2:36
7095 msgid "B<int seteuid(uid_t >I<euid>B<);>"
7099 #: build/C/man2/seteuid.2:38
7100 msgid "B<int setegid(gid_t >I<egid>B<);>"
7104 #: build/C/man2/seteuid.2:47
7105 msgid "B<seteuid>(), B<setegid>():"
7109 #: build/C/man2/seteuid.2:49
7111 "_BSD_SOURCE || _POSIX_C_SOURCE\\ E<gt>=\\ 200112L || _XOPEN_SOURCE\\ "
7116 #: build/C/man2/seteuid.2:56
7118 "B<seteuid>() sets the effective user ID of the calling process. "
7119 "Unprivileged user processes may only set the effective user ID to the real "
7120 "user ID, the effective user ID or the saved set-user-ID."
7125 #. equals \-1, nothing is changed.
7126 #. (This is an artifact of the implementation in glibc of seteuid()
7127 #. using setresuid(2).)
7129 #: build/C/man2/seteuid.2:65
7131 "Precisely the same holds for B<setegid>() with \"group\" instead of "
7136 #: build/C/man2/seteuid.2:89
7138 "The calling process is not privileged (Linux: does not have the "
7139 "B<CAP_SETUID> capability in the case of B<seteuid>(), or the B<CAP_SETGID> "
7140 "capability in the case of B<setegid>()) and I<euid> (respectively, I<egid>) "
7141 "is not the real user (group) ID, the effective user (group) ID, or the saved "
7142 "set-user-ID (saved set-group-ID)."
7146 #: build/C/man2/seteuid.2:91
7147 msgid "4.3BSD, POSIX.1-2001."
7151 #: build/C/man2/seteuid.2:97
7153 "Setting the effective user (group) ID to the saved set-user-ID (saved "
7154 "set-group-ID) is possible since Linux 1.1.37 (1.1.38). On an arbitrary "
7155 "system one should check B<_POSIX_SAVED_IDS>."
7159 #: build/C/man2/seteuid.2:108
7161 "Under libc4, libc5 and glibc 2.0 B<seteuid(>I<euid>B<)> is equivalent to "
7162 "B<setreuid(-1,>I< euid>B<)> and hence may change the saved set-user-ID. "
7163 "Under glibc 2.1 and later it is equivalent to B<setresuid(-1,>I< euid>B<, "
7164 "-1)> and hence does not change the saved set-user-ID. Similar remarks hold "
7169 #: build/C/man2/seteuid.2:117
7171 "According to POSIX.1, B<seteuid>() (B<setegid>()) need not permit I<euid> "
7172 "(I<egid>) to be the same value as the current effective user (group) ID, "
7173 "and some implementations do not permit this."
7177 #: build/C/man2/seteuid.2:123
7179 "B<geteuid>(2), B<setresuid>(2), B<setreuid>(2), B<setuid>(2), "
7180 "B<capabilities>(7), B<credentials>(7)"
7184 #: build/C/man2/setfsgid.2:29
7190 #: build/C/man2/setfsgid.2:32
7191 msgid "setfsgid - set group identity used for file system checks"
7195 #: build/C/man2/setfsgid.2:35 build/C/man2/setfsuid.2:35
7196 msgid "B<#include E<lt>unistd.hE<gt>> /* glibc uses E<lt>sys/fsuid.hE<gt> */"
7200 #: build/C/man2/setfsgid.2:37
7201 msgid "B<int setfsgid(uid_t >I<fsgid>B<);>"
7205 #: build/C/man2/setfsgid.2:49
7207 "The system call B<setfsgid>() sets the group ID that the Linux kernel uses "
7208 "to check for all accesses to the file system. Normally, the value of "
7209 "I<fsgid> will shadow the value of the effective group ID. In fact, whenever "
7210 "the effective group ID is changed, I<fsgid> will also be changed to the new "
7211 "value of the effective group ID."
7215 #: build/C/man2/setfsgid.2:60
7217 "Explicit calls to B<setfsuid>(2) and B<setfsgid>() are usually only used "
7218 "by programs such as the Linux NFS server that need to change what user and "
7219 "group ID is used for file access without a corresponding change in the real "
7220 "and effective user and group IDs. A change in the normal user IDs for a "
7221 "program such as the NFS server is a security hole that can expose it to "
7222 "unwanted signals. (But see below.)"
7226 #: build/C/man2/setfsgid.2:67
7228 "B<setfsgid>() will only succeed if the caller is the superuser or if "
7229 "I<fsgid> matches either the real group ID, effective group ID, saved "
7230 "set-group-ID, or the current value of I<fsgid>."
7234 #: build/C/man2/setfsgid.2:74
7236 "On success, the previous value of I<fsgid> is returned. On error, the "
7237 "current value of I<fsgid> is returned."
7240 #. This system call is present since Linux 1.1.44
7241 #. and in libc since libc 4.7.6.
7243 #: build/C/man2/setfsgid.2:78 build/C/man2/setfsuid.2:78
7244 msgid "This system call is present in Linux since version 1.2."
7248 #: build/C/man2/setfsgid.2:82
7250 "B<setfsgid>() is Linux-specific and should not be used in programs intended "
7255 #: build/C/man2/setfsgid.2:88
7257 "When glibc determines that the argument is not a valid group ID, it will "
7258 "return -1 and set I<errno> to B<EINVAL> without attempting the system call."
7262 #: build/C/man2/setfsgid.2:92 build/C/man2/setfsuid.2:92
7264 "Note that at the time this system call was introduced, a process could send "
7265 "a signal to a process with the same effective user ID. Today signal "
7266 "permission handling is slightly different."
7270 #: build/C/man2/setfsgid.2:102
7272 "The original Linux B<setfsgid>() system call supported only 16-bit group "
7273 "IDs. Subsequently, Linux 2.4 added B<setfsgid32>() supporting 32-bit IDs. "
7274 "The glibc B<setfsgid>() wrapper function transparently deals with the "
7275 "variation across kernel versions."
7279 #: build/C/man2/setfsgid.2:110
7281 "No error messages of any kind are returned to the caller. At the very "
7282 "least, B<EPERM> should be returned when the call fails (because the caller "
7283 "lacks the B<CAP_SETGID> capability)."
7287 #: build/C/man2/setfsgid.2:114
7288 msgid "B<kill>(2), B<setfsuid>(2), B<capabilities>(7), B<credentials>(7)"
7292 #: build/C/man2/setfsuid.2:29
7298 #: build/C/man2/setfsuid.2:32
7299 msgid "setfsuid - set user identity used for file system checks"
7303 #: build/C/man2/setfsuid.2:37
7304 msgid "B<int setfsuid(uid_t >I<fsuid>B<);>"
7308 #: build/C/man2/setfsuid.2:49
7310 "The system call B<setfsuid>() sets the user ID that the Linux kernel uses "
7311 "to check for all accesses to the file system. Normally, the value of "
7312 "I<fsuid> will shadow the value of the effective user ID. In fact, whenever "
7313 "the effective user ID is changed, I<fsuid> will also be changed to the new "
7314 "value of the effective user ID."
7318 #: build/C/man2/setfsuid.2:60
7320 "Explicit calls to B<setfsuid>() and B<setfsgid>(2) are usually only used "
7321 "by programs such as the Linux NFS server that need to change what user and "
7322 "group ID is used for file access without a corresponding change in the real "
7323 "and effective user and group IDs. A change in the normal user IDs for a "
7324 "program such as the NFS server is a security hole that can expose it to "
7325 "unwanted signals. (But see below.)"
7329 #: build/C/man2/setfsuid.2:67
7331 "B<setfsuid>() will only succeed if the caller is the superuser or if "
7332 "I<fsuid> matches either the real user ID, effective user ID, saved "
7333 "set-user-ID, or the current value of I<fsuid>."
7337 #: build/C/man2/setfsuid.2:74
7339 "On success, the previous value of I<fsuid> is returned. On error, the "
7340 "current value of I<fsuid> is returned."
7344 #: build/C/man2/setfsuid.2:82
7346 "B<setfsuid>() is Linux-specific and should not be used in programs intended "
7351 #: build/C/man2/setfsuid.2:88
7353 "When glibc determines that the argument is not a valid user ID, it will "
7354 "return -1 and set I<errno> to B<EINVAL> without attempting the system call."
7358 #: build/C/man2/setfsuid.2:102
7360 "The original Linux B<setfsuid>() system call supported only 16-bit user "
7361 "IDs. Subsequently, Linux 2.4 added B<setfsuid32>() supporting 32-bit IDs. "
7362 "The glibc B<setfsuid>() wrapper function transparently deals with the "
7363 "variation across kernel versions."
7367 #: build/C/man2/setfsuid.2:110
7369 "No error messages of any kind are returned to the caller. At the very "
7370 "least, B<EPERM> should be returned when the call fails (because the caller "
7371 "lacks the B<CAP_SETUID> capability)."
7375 #: build/C/man2/setfsuid.2:114
7376 msgid "B<kill>(2), B<setfsgid>(2), B<capabilities>(7), B<credentials>(7)"
7380 #: build/C/man2/setgid.2:27
7386 #: build/C/man2/setgid.2:30
7387 msgid "setgid - set group identity"
7391 #: build/C/man2/setgid.2:36
7392 msgid "B<int setgid(gid_t >I<gid>B<);>"
7396 #: build/C/man2/setgid.2:41
7398 "B<setgid>() sets the effective group ID of the calling process. If the "
7399 "caller is the superuser, the real GID and saved set-group-ID are also set."
7403 #: build/C/man2/setgid.2:51
7405 "Under Linux, B<setgid>() is implemented like the POSIX version with the "
7406 "B<_POSIX_SAVED_IDS> feature. This allows a set-group-ID program that is not "
7407 "set-user-ID-root to drop all of its group privileges, do some un-privileged "
7408 "work, and then reengage the original effective group ID in a secure manner."
7412 #: build/C/man2/setgid.2:64
7414 "The calling process is not privileged (does not have the B<CAP_SETGID> "
7415 "capability), and I<gid> does not match the real group ID or saved "
7416 "set-group-ID of the calling process."
7420 #: build/C/man2/setgid.2:74
7422 "The original Linux B<setgid>() system call supported only 16-bit group "
7423 "IDs. Subsequently, Linux 2.4 added B<setgid32>() supporting 32-bit IDs. "
7424 "The glibc B<setgid>() wrapper function transparently deals with the "
7425 "variation across kernel versions."
7429 #: build/C/man2/setgid.2:81
7431 "B<getgid>(2), B<setegid>(2), B<setregid>(2), B<capabilities>(7), "
7436 #: build/C/man2/setpgid.2:46
7442 #: build/C/man2/setpgid.2:49
7443 msgid "setpgid, getpgid, setpgrp, getpgrp - set/get process group"
7447 #: build/C/man2/setpgid.2:53
7448 msgid "B<int setpgid(pid_t >I<pid>B<, pid_t >I<pgid>B<);>"
7452 #: build/C/man2/setpgid.2:55
7453 msgid "B<pid_t getpgid(pid_t >I<pid>B<);>"
7457 #: build/C/man2/setpgid.2:57
7458 msgid "B<pid_t getpgrp(void);> /* POSIX.1 version */"
7462 #: build/C/man2/setpgid.2:60
7464 "B<pid_t getpgrp(pid_t >I<pid>B<);\\ \\ \\ \\ \\ \\ \\ \\ \\ \\ \\ > /* BSD "
7469 #: build/C/man2/setpgid.2:62
7470 msgid "B<int setpgrp(void);> /* System V version */"
7474 #: build/C/man2/setpgid.2:65
7475 msgid "B<int setpgrp(pid_t >I<pid>B<, pid_t >I<pgid>B<);\\ > /* BSD version */"
7479 #: build/C/man2/setpgid.2:74
7480 msgid "B<getpgid>():"
7484 #: build/C/man2/setpgid.2:82
7485 msgid "B<setpgrp>() (POSIX.1):"
7489 #: build/C/man2/setpgid.2:85
7492 " _SVID_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 ||\n"
7493 " _XOPEN_SOURCE\\ &&\\ _XOPEN_SOURCE_EXTENDED\n"
7497 #: build/C/man2/setpgid.2:89
7498 msgid "B<setpgrp>()\\ (BSD), B<getpgrp>()\\ (BSD):"
7502 #: build/C/man2/setpgid.2:93
7506 " !\\ (_POSIX_SOURCE || _POSIX_C_SOURCE || _XOPEN_SOURCE ||\n"
7507 " _XOPEN_SOURCE_EXTENDED || _GNU_SOURCE || _SVID_SOURCE)\n"
7511 #: build/C/man2/setpgid.2:105
7513 "All of these interfaces are available on Linux, and are used for getting and "
7514 "setting the process group ID (PGID) of a process. The preferred, "
7515 "POSIX.1-specified ways of doing this are: B<getpgrp>(void), for retrieving "
7516 "the calling process's PGID; and B<setpgid>(), for setting a process's PGID."
7520 #: build/C/man2/setpgid.2:130
7522 "B<setpgid>() sets the PGID of the process specified by I<pid> to I<pgid>. "
7523 "If I<pid> is zero, then the process ID of the calling process is used. If "
7524 "I<pgid> is zero, then the PGID of the process specified by I<pid> is made "
7525 "the same as its process ID. If B<setpgid>() is used to move a process from "
7526 "one process group to another (as is done by some shells when creating "
7527 "pipelines), both process groups must be part of the same session (see "
7528 "B<setsid>(2) and B<credentials>(7)). In this case, the I<pgid> specifies "
7529 "an existing process group to be joined and the session ID of that group must "
7530 "match the session ID of the joining process."
7534 #: build/C/man2/setpgid.2:135
7536 "The POSIX.1 version of B<getpgrp>(), which takes no arguments, returns the "
7537 "PGID of the calling process."
7541 #: build/C/man2/setpgid.2:146
7543 "B<getpgid>() returns the PGID of the process specified by I<pid>. If "
7544 "I<pid> is zero, the process ID of the calling process is used. (Retrieving "
7545 "the PGID of a process other than the caller is rarely necessary, and the "
7546 "POSIX.1 B<getpgrp>() is preferred for that task.)"
7550 #: build/C/man2/setpgid.2:151
7552 "The System V-style B<setpgrp>(), which takes no arguments, is equivalent to "
7553 "I<setpgid(0,\\ 0)>."
7556 #. The true BSD setpgrp() system call differs in allowing the PGID
7557 #. to be set to arbitrary values, rather than being restricted to
7558 #. PGIDs in the same session.
7560 #: build/C/man2/setpgid.2:163
7562 "The BSD-specific B<setpgrp>() call, which takes arguments I<pid> and "
7563 "I<pgid>, is equivalent to I<setpgid(pid, pgid)>."
7567 #: build/C/man2/setpgid.2:170
7569 "The BSD-specific B<getpgrp>() call, which takes a single I<pid> argument, "
7570 "is equivalent to I<getpgid(pid)>."
7574 #: build/C/man2/setpgid.2:179
7576 "On success, B<setpgid>() and B<setpgrp>() return zero. On error, -1 is "
7577 "returned, and I<errno> is set appropriately."
7581 #: build/C/man2/setpgid.2:183
7582 msgid "The POSIX.1 B<getpgrp>() always returns the PGID of the caller."
7586 #: build/C/man2/setpgid.2:191
7588 "B<getpgid>(), and the BSD-specific B<getpgrp>() return a process group on "
7589 "success. On error, -1 is returned, and I<errno> is set appropriately."
7593 #: build/C/man2/setpgid.2:200
7595 "An attempt was made to change the process group ID of one of the children of "
7596 "the calling process and the child had already performed an B<execve>(2) "
7597 "(B<setpgid>(), B<setpgrp>())."
7601 #: build/C/man2/setpgid.2:206
7602 msgid "I<pgid> is less than 0 (B<setpgid>(), B<setpgrp>())."
7606 #: build/C/man2/setpgid.2:215
7608 "An attempt was made to move a process into a process group in a different "
7609 "session, or to change the process group ID of one of the children of the "
7610 "calling process and the child was in a different session, or to change the "
7611 "process group ID of a session leader (B<setpgid>(), B<setpgrp>())."
7615 #: build/C/man2/setpgid.2:225
7617 "For B<getpgid>(): I<pid> does not match any process. For B<setpgid>(): "
7618 "I<pid> is not the calling process and not a child of the calling process."
7622 #: build/C/man2/setpgid.2:231
7624 "B<setpgid>() and the version of B<getpgrp>() with no arguments conform to "
7629 #: build/C/man2/setpgid.2:240
7631 "POSIX.1-2001 also specifies B<getpgid>() and the version of B<setpgrp>() "
7632 "that takes no arguments. (POSIX.1-2008 marks this B<setpgrp>() "
7633 "specification as obsolete.)"
7637 #: build/C/man2/setpgid.2:247
7639 "The version of B<getpgrp>() with one argument and the version of "
7640 "B<setpgrp>() that takes two arguments derive from 4.2BSD, and are not "
7641 "specified by POSIX.1."
7645 #: build/C/man2/setpgid.2:253
7647 "A child created via B<fork>(2) inherits its parent's process group ID. The "
7648 "PGID is preserved across an B<execve>(2)."
7652 #: build/C/man2/setpgid.2:256
7654 "Each process group is a member of a session and each process is a member of "
7655 "the session of which its process group is a member."
7659 #: build/C/man2/setpgid.2:283
7661 "A session can have a controlling terminal. At any time, one (and only one) "
7662 "of the process groups in the session can be the foreground process group for "
7663 "the terminal; the remaining process groups are in the background. If a "
7664 "signal is generated from the terminal (e.g., typing the interrupt key to "
7665 "generate B<SIGINT>), that signal is sent to the foreground process group. "
7666 "(See B<termios>(3) for a description of the characters that generate "
7667 "signals.) Only the foreground process group may B<read>(2) from the "
7668 "terminal; if a background process group tries to B<read>(2) from the "
7669 "terminal, then the group is sent a B<SIGTSTP> signal, which suspends it. "
7670 "The B<tcgetpgrp>(3) and B<tcsetpgrp>(3) functions are used to get/set the "
7671 "foreground process group of the controlling terminal."
7675 #: build/C/man2/setpgid.2:291
7677 "The B<setpgid>() and B<getpgrp>() calls are used by programs such as "
7678 "B<bash>(1) to create process groups in order to implement shell job "
7683 #: build/C/man2/setpgid.2:301
7685 "If a session has a controlling terminal, and the B<CLOCAL> flag for that "
7686 "terminal is not set, and a terminal hangup occurs, then the session leader "
7687 "is sent a B<SIGHUP>. If the session leader exits, then a B<SIGHUP> signal "
7688 "will also be sent to each process in the foreground process group of the "
7689 "controlling terminal."
7692 #. exit.3 refers to the following text:
7694 #: build/C/man2/setpgid.2:315
7696 "If the exit of the process causes a process group to become orphaned, and if "
7697 "any member of the newly orphaned process group is stopped, then a B<SIGHUP> "
7698 "signal followed by a B<SIGCONT> signal will be sent to each process in the "
7699 "newly orphaned process group. An orphaned process group is one in which the "
7700 "parent of every member of process group is either itself also a member of "
7701 "the process group or is a member of a process group in a different session "
7702 "(see also B<credentials>(7))."
7706 #: build/C/man2/setpgid.2:321
7708 "B<getuid>(2), B<setsid>(2), B<tcgetpgrp>(3), B<tcsetpgrp>(3), B<termios>(3), "
7713 #: build/C/man2/setresuid.2:26
7719 #: build/C/man2/setresuid.2:29
7720 msgid "setresuid, setresgid - set real, effective and saved user or group ID"
7724 #: build/C/man2/setresuid.2:35
7725 msgid "B<int setresuid(uid_t >I<ruid>B<, uid_t >I<euid>B<, uid_t >I<suid>B<);>"
7729 #: build/C/man2/setresuid.2:37
7730 msgid "B<int setresgid(gid_t >I<rgid>B<, gid_t >I<egid>B<, gid_t >I<sgid>B<);>"
7734 #: build/C/man2/setresuid.2:41
7736 "B<setresuid>() sets the real user ID, the effective user ID, and the saved "
7737 "set-user-ID of the calling process."
7741 #: build/C/man2/setresuid.2:47
7743 "Unprivileged user processes may change the real UID, effective UID, and "
7744 "saved set-user-ID, each to one of: the current real UID, the current "
7745 "effective UID or the current saved set-user-ID."
7749 #: build/C/man2/setresuid.2:51
7751 "Privileged processes (on Linux, those having the B<CAP_SETUID> capability) "
7752 "may set the real UID, effective UID, and saved set-user-ID to arbitrary "
7757 #: build/C/man2/setresuid.2:53
7758 msgid "If one of the arguments equals -1, the corresponding value is not changed."
7762 #: build/C/man2/setresuid.2:57
7764 "Regardless of what changes are made to the real UID, effective UID, and "
7765 "saved set-user-ID, the file system UID is always set to the same value as "
7766 "the (possibly new) effective UID."
7770 #: build/C/man2/setresuid.2:64
7772 "Completely analogously, B<setresgid>() sets the real GID, effective GID, "
7773 "and saved set-group-ID of the calling process (and always modifies the file "
7774 "system GID to be the same as the effective GID), with the same restrictions "
7775 "for unprivileged processes."
7779 #: build/C/man2/setresuid.2:70 build/C/man2/setuid.2:74
7785 #: build/C/man2/setresuid.2:77
7787 "I<uid> does not match the current UID and this call would bring that user ID "
7788 "over its B<RLIMIT_NPROC> resource limit."
7792 #: build/C/man2/setresuid.2:81
7794 "The calling process is not privileged (did not have the B<CAP_SETUID> "
7795 "capability) and tried to change the IDs to values that are not permitted."
7799 #: build/C/man2/setresuid.2:83
7800 msgid "These calls are available under Linux since Linux 2.1.44."
7804 #: build/C/man2/setresuid.2:90
7806 "Under HP-UX and FreeBSD, the prototype is found in I<E<lt>unistd.hE<gt>>. "
7807 "Under Linux the prototype is provided by glibc since version 2.3.2."
7811 #: build/C/man2/setresuid.2:106
7813 "The original Linux B<setresuid>() and B<setresgid>() system calls "
7814 "supported only 16-bit user and group IDs. Subsequently, Linux 2.4 added "
7815 "B<setresuid32>() and B<setresgid32>(), supporting 32-bit IDs. The glibc "
7816 "B<setresuid>() and B<setresgid>() wrapper functions transparently deal "
7817 "with the variations across kernel versions."
7821 #: build/C/man2/setresuid.2:114
7823 "B<getresuid>(2), B<getuid>(2), B<setfsgid>(2), B<setfsuid>(2), "
7824 "B<setreuid>(2), B<setuid>(2), B<capabilities>(7), B<credentials>(7)"
7828 #: build/C/man2/setreuid.2:43
7834 #: build/C/man2/setreuid.2:46
7835 msgid "setreuid, setregid - set real and/or effective user or group ID"
7839 #: build/C/man2/setreuid.2:52
7840 msgid "B<int setreuid(uid_t >I<ruid>B<, uid_t >I<euid>B<);>"
7844 #: build/C/man2/setreuid.2:54
7845 msgid "B<int setregid(gid_t >I<rgid>B<, gid_t >I<egid>B<);>"
7849 #: build/C/man2/setreuid.2:62
7850 msgid "B<setreuid>(), B<setregid>():"
7854 #: build/C/man2/setreuid.2:66
7856 "_BSD_SOURCE || _XOPEN_SOURCE\\ E<gt>=\\ 500 || _XOPEN_SOURCE\\ &&\\ "
7857 "_XOPEN_SOURCE_EXTENDED"
7861 #: build/C/man2/setreuid.2:71
7862 msgid "B<setreuid>() sets real and effective user IDs of the calling process."
7866 #: build/C/man2/setreuid.2:74
7868 "Supplying a value of -1 for either the real or effective user ID forces the "
7869 "system to leave that ID unchanged."
7873 #: build/C/man2/setreuid.2:77
7875 "Unprivileged processes may only set the effective user ID to the real user "
7876 "ID, the effective user ID, or the saved set-user-ID."
7880 #: build/C/man2/setreuid.2:80
7882 "Unprivileged users may only set the real user ID to the real user ID or the "
7883 "effective user ID."
7887 #: build/C/man2/setreuid.2:84
7889 "If the real user ID is set or the effective user ID is set to a value not "
7890 "equal to the previous real user ID, the saved set-user-ID will be set to the "
7891 "new effective user ID."
7895 #: build/C/man2/setreuid.2:89
7897 "Completely analogously, B<setregid>() sets real and effective group ID's of "
7898 "the calling process, and all of the above holds with \"group\" instead of "
7903 #: build/C/man2/setreuid.2:111
7905 "The calling process is not privileged (Linux: does not have the "
7906 "B<CAP_SETUID> capability in the case of B<setreuid>(), or the B<CAP_SETGID> "
7907 "capability in the case of B<setregid>()) and a change other than (i) "
7908 "swapping the effective user (group) ID with the real user (group) ID, or "
7909 "(ii) setting one to the value of the other or (iii) setting the effective "
7910 "user (group) ID to the value of the saved set-user-ID (saved set-group-ID) "
7915 #: build/C/man2/setreuid.2:117
7917 "POSIX.1-2001, 4.3BSD (the B<setreuid>() and B<setregid>() function calls "
7918 "first appeared in 4.2BSD)."
7922 #: build/C/man2/setreuid.2:121
7924 "Setting the effective user (group) ID to the saved set-user-ID (saved "
7925 "set-group-ID) is possible since Linux 1.1.37 (1.1.38)."
7929 #: build/C/man2/setreuid.2:138
7931 "POSIX.1 does not specify all of possible ID changes that are permitted on "
7932 "Linux for an unprivileged process. For B<setreuid>(), the effective user ID "
7933 "can be made the same as the real user ID or the save set-user-ID, and it is "
7934 "unspecified whether unprivileged processes may set the real user ID to the "
7935 "real user ID, the effective user ID, or the saved set-user-ID. For "
7936 "B<setregid>(), the real group ID can be changed to the value of the saved "
7937 "set-group-ID, and the effective group ID can be changed to the value of the "
7938 "real group ID or the saved set-group-ID. The precise details of what ID "
7939 "changes are permitted vary across implementations."
7943 #: build/C/man2/setreuid.2:141
7945 "POSIX.1 makes no specification about the effect of these calls on the saved "
7946 "set-user-ID and saved set-group-ID."
7950 #: build/C/man2/setreuid.2:157
7952 "The original Linux B<setreuid>() and B<setregid>() system calls supported "
7953 "only 16-bit user and group IDs. Subsequently, Linux 2.4 added "
7954 "B<setreuid32>() and B<setregid32>(), supporting 32-bit IDs. The glibc "
7955 "B<setreuid>() and B<setregid>() wrapper functions transparently deal with "
7956 "the variations across kernel versions."
7960 #: build/C/man2/setreuid.2:164
7962 "B<getgid>(2), B<getuid>(2), B<seteuid>(2), B<setgid>(2), B<setresuid>(2), "
7963 "B<setuid>(2), B<capabilities>(7)"
7967 #: build/C/man2/setsid.2:29
7973 #: build/C/man2/setsid.2:29
7979 #: build/C/man2/setsid.2:32
7980 msgid "setsid - creates a session and sets the process group ID"
7984 #: build/C/man2/setsid.2:37
7985 msgid "B<pid_t setsid(void);>"
7989 #: build/C/man2/setsid.2:50
7991 "B<setsid>() creates a new session if the calling process is not a process "
7992 "group leader. The calling process is the leader of the new session, the "
7993 "process group leader of the new process group, and has no controlling tty. "
7994 "The process group ID and session ID of the calling process are set to the "
7995 "PID of the calling process. The calling process will be the only process in "
7996 "this new process group and in this new session."
8000 #: build/C/man2/setsid.2:57
8002 "On success, the (new) session ID of the calling process is returned. On "
8003 "error, I<(pid_t)\\ -1> is returned, and I<errno> is set to indicate the "
8008 #: build/C/man2/setsid.2:64
8010 "The process group ID of any process equals the PID of the calling process. "
8011 "Thus, in particular, B<setsid>() fails if the calling process is already a "
8012 "process group leader."
8016 #: build/C/man2/setsid.2:72
8018 "A child created via B<fork>(2) inherits its parent's session ID. The "
8019 "session ID is preserved across an B<execve>(2)."
8023 #: build/C/man2/setsid.2:83
8025 "A process group leader is a process with process group ID equal to its PID. "
8026 "In order to be sure that B<setsid>() will succeed, B<fork>(2) and "
8027 "B<_exit>(2), and have the child do B<setsid>()."
8031 #: build/C/man2/setsid.2:88
8033 "B<getsid>(2), B<setpgid>(2), B<setpgrp>(2), B<tcgetsid>(3), "
8038 #: build/C/man2/setuid.2:28
8044 #: build/C/man2/setuid.2:31
8045 msgid "setuid - set user identity"
8049 #: build/C/man2/setuid.2:37
8050 msgid "B<int setuid(uid_t >I<uid>B<);>"
8054 #: build/C/man2/setuid.2:42
8056 "B<setuid>() sets the effective user ID of the calling process. If the "
8057 "effective UID of the caller is root, the real UID and saved set-user-ID are "
8062 #: build/C/man2/setuid.2:51
8064 "Under Linux, B<setuid>() is implemented like the POSIX version with the "
8065 "B<_POSIX_SAVED_IDS> feature. This allows a set-user-ID (other than root) "
8066 "program to drop all of its user privileges, do some un-privileged work, and "
8067 "then reengage the original effective user ID in a secure manner."
8071 #: build/C/man2/setuid.2:61
8073 "If the user is root or the program is set-user-ID-root, special care must be "
8074 "taken. The B<setuid>() function checks the effective user ID of the caller "
8075 "and if it is the superuser, all process-related user ID's are set to "
8076 "I<uid>. After this has occurred, it is impossible for the program to regain "
8081 #: build/C/man2/setuid.2:68
8083 "Thus, a set-user-ID-root program wishing to temporarily drop root "
8084 "privileges, assume the identity of an unprivileged user, and then regain "
8085 "root privileges afterward cannot use B<setuid>(). You can accomplish this "
8086 "with B<seteuid>(2)."
8090 #: build/C/man2/setuid.2:83
8092 "The I<uid> does not match the current uid and I<uid> brings process over its "
8093 "B<RLIMIT_NPROC> resource limit."
8097 #: build/C/man2/setuid.2:90
8099 "The user is not privileged (Linux: does not have the B<CAP_SETUID> "
8100 "capability) and I<uid> does not match the real UID or saved set-user-ID of "
8101 "the calling process."
8104 #. SVr4 documents an additional EINVAL error condition.
8106 #: build/C/man2/setuid.2:95
8108 "SVr4, POSIX.1-2001. Not quite compatible with the 4.4BSD call, which sets "
8109 "all of the real, saved, and effective user IDs."
8113 #: build/C/man2/setuid.2:103
8115 "Linux has the concept of the file system user ID, normally equal to the "
8116 "effective user ID. The B<setuid>() call also sets the file system user ID "
8117 "of the calling process. See B<setfsuid>(2)."
8121 #: build/C/man2/setuid.2:108
8123 "If I<uid> is different from the old effective UID, the process will be "
8124 "forbidden from leaving core dumps."
8128 #: build/C/man2/setuid.2:118
8130 "The original Linux B<setuid>() system call supported only 16-bit user IDs. "
8131 "Subsequently, Linux 2.4 added B<setuid32>() supporting 32-bit IDs. The "
8132 "glibc B<setuid>() wrapper function transparently deals with the variation "
8133 "across kernel versions."
8137 #: build/C/man2/setuid.2:124
8139 "B<getuid>(2), B<seteuid>(2), B<setfsuid>(2), B<setreuid>(2), "
8140 "B<capabilities>(7), B<credentials>(7)"
8144 #: build/C/man7/svipc.7:25
8150 #: build/C/man7/svipc.7:25
8156 #: build/C/man7/svipc.7:28
8157 msgid "svipc - System V interprocess communication mechanisms"
8161 #: build/C/man7/svipc.7:35
8164 "B<#include E<lt>sys/types.hE<gt>>\n"
8165 "B<#include E<lt>sys/ipc.hE<gt>>\n"
8166 "B<#include E<lt>sys/msg.hE<gt>>\n"
8167 "B<#include E<lt>sys/sem.hE<gt>>\n"
8168 "B<#include E<lt>sys/shm.hE<gt>>\n"
8172 #: build/C/man7/svipc.7:43
8174 "This manual page refers to the Linux implementation of the System V "
8175 "interprocess communication (IPC) mechanisms: message queues, semaphore sets, "
8176 "and shared memory segments. In the following, the word I<resource> means an "
8177 "instantiation of one among such mechanisms."
8181 #: build/C/man7/svipc.7:43
8183 msgid "Resource Access Permissions"
8187 #: build/C/man7/svipc.7:53
8189 "For each resource, the system uses a common structure of type I<struct "
8190 "ipc_perm> to store information needed in determining permissions to perform "
8191 "an IPC operation. The I<ipc_perm> structure, defined by the "
8192 "I<E<lt>sys/ipc.hE<gt>> system header file, includes the following members:"
8196 #: build/C/man7/svipc.7:63
8199 "struct ipc_perm {\n"
8200 " uid_t cuid; /* creator user ID */\n"
8201 " gid_t cgid; /* creator group ID */\n"
8202 " uid_t uid; /* owner user ID */\n"
8203 " gid_t gid; /* owner group ID */\n"
8204 " unsigned short mode; /* r/w permissions */\n"
8209 #: build/C/man7/svipc.7:73
8211 "The I<mode> member of the I<ipc_perm> structure defines, with its lower 9 "
8212 "bits, the access permissions to the resource for a process executing an IPC "
8213 "system call. The permissions are interpreted as follows:"
8217 #: build/C/man7/svipc.7:77
8220 " 0400 Read by user.\n"
8221 " 0200 Write by user.\n"
8225 #: build/C/man7/svipc.7:80
8228 " 0040 Read by group.\n"
8229 " 0020 Write by group.\n"
8233 #: build/C/man7/svipc.7:83
8236 " 0004 Read by others.\n"
8237 " 0002 Write by others.\n"
8241 #: build/C/man7/svipc.7:91
8243 "Bits 0100, 0010, and 0001 (the execute bits) are unused by the system. "
8244 "Furthermore, \"write\" effectively means \"alter\" for a semaphore set."
8248 #: build/C/man7/svipc.7:94
8249 msgid "The same system header file also defines the following symbolic constants:"
8253 #: build/C/man7/svipc.7:94
8255 msgid "B<IPC_CREAT>"
8259 #: build/C/man7/svipc.7:97
8260 msgid "Create entry if key doesn't exist."
8264 #: build/C/man7/svipc.7:97
8270 #: build/C/man7/svipc.7:100
8271 msgid "Fail if key exists."
8275 #: build/C/man7/svipc.7:100
8277 msgid "B<IPC_NOWAIT>"
8281 #: build/C/man7/svipc.7:103
8282 msgid "Error if request must wait."
8286 #: build/C/man7/svipc.7:103
8288 msgid "B<IPC_PRIVATE>"
8292 #: build/C/man7/svipc.7:106
8293 msgid "Private key."
8297 #: build/C/man7/svipc.7:106
8303 #: build/C/man7/svipc.7:109
8304 msgid "Remove resource."
8308 #: build/C/man7/svipc.7:109
8314 #: build/C/man7/svipc.7:112
8315 msgid "Set resource options."
8319 #: build/C/man7/svipc.7:112
8325 #: build/C/man7/svipc.7:115
8326 msgid "Get resource options."
8330 #: build/C/man7/svipc.7:124
8332 "Note that B<IPC_PRIVATE> is a I<key_t> type, while all the other symbolic "
8333 "constants are flag fields and can be OR'ed into an I<int> type variable."
8337 #: build/C/man7/svipc.7:124
8339 msgid "Message Queues"
8343 #: build/C/man7/svipc.7:132
8345 "A message queue is uniquely identified by a positive integer (its I<msqid>) "
8346 "and has an associated data structure of type I<struct msqid_ds>, defined in "
8347 "I<E<lt>sys/msg.hE<gt>>, containing the following members:"
8351 #: build/C/man7/svipc.7:145
8354 "struct msqid_ds {\n"
8355 " struct ipc_perm msg_perm;\n"
8356 " msgqnum_t msg_qnum; /* no of messages on queue */\n"
8357 " msglen_t msg_qbytes; /* bytes max on a queue */\n"
8358 " pid_t msg_lspid; /* PID of last msgsnd(2) call */\n"
8359 " pid_t msg_lrpid; /* PID of last msgrcv(2) call */\n"
8360 " time_t msg_stime; /* last msgsnd(2) time */\n"
8361 " time_t msg_rtime; /* last msgrcv(2) time */\n"
8362 " time_t msg_ctime; /* last change time */\n"
8367 #: build/C/man7/svipc.7:147
8373 #: build/C/man7/svipc.7:152
8375 "I<ipc_perm> structure that specifies the access permissions on the message "
8380 #: build/C/man7/svipc.7:152
8386 #: build/C/man7/svipc.7:155
8387 msgid "Number of messages currently on the message queue."
8391 #: build/C/man7/svipc.7:155
8393 msgid "I<msg_qbytes>"
8397 #: build/C/man7/svipc.7:159
8398 msgid "Maximum number of bytes of message text allowed on the message queue."
8402 #: build/C/man7/svipc.7:159
8404 msgid "I<msg_lspid>"
8408 #: build/C/man7/svipc.7:164
8409 msgid "ID of the process that performed the last B<msgsnd>(2) system call."
8413 #: build/C/man7/svipc.7:164
8415 msgid "I<msg_lrpid>"
8419 #: build/C/man7/svipc.7:169
8420 msgid "ID of the process that performed the last B<msgrcv>(2) system call."
8424 #: build/C/man7/svipc.7:169
8426 msgid "I<msg_stime>"
8430 #: build/C/man7/svipc.7:174
8431 msgid "Time of the last B<msgsnd>(2) system call."
8435 #: build/C/man7/svipc.7:174
8437 msgid "I<msg_rtime>"
8441 #: build/C/man7/svipc.7:179
8442 msgid "Time of the last B<msgrcv>(2) system call."
8446 #: build/C/man7/svipc.7:179
8448 msgid "I<msg_ctime>"
8452 #: build/C/man7/svipc.7:185
8454 "Time of the last system call that changed a member of the I<msqid_ds> "
8459 #: build/C/man7/svipc.7:185
8461 msgid "Semaphore Sets"
8465 #: build/C/man7/svipc.7:193
8467 "A semaphore set is uniquely identified by a positive integer (its I<semid>) "
8468 "and has an associated data structure of type I<struct semid_ds>, defined in "
8469 "I<E<lt>sys/sem.hE<gt>>, containing the following members:"
8473 #: build/C/man7/svipc.7:202
8476 "struct semid_ds {\n"
8477 " struct ipc_perm sem_perm;\n"
8478 " time_t sem_otime; /* last operation time */\n"
8479 " time_t sem_ctime; /* last change time */\n"
8480 " unsigned long sem_nsems; /* count of sems in set */\n"
8485 #: build/C/man7/svipc.7:204
8491 #: build/C/man7/svipc.7:209
8493 "I<ipc_perm> structure that specifies the access permissions on the semaphore "
8498 #: build/C/man7/svipc.7:209
8500 msgid "I<sem_otime>"
8504 #: build/C/man7/svipc.7:214
8505 msgid "Time of last B<semop>(2) system call."
8509 #: build/C/man7/svipc.7:214
8511 msgid "I<sem_ctime>"
8515 #: build/C/man7/svipc.7:220
8517 "Time of last B<semctl>(2) system call that changed a member of the above "
8518 "structure or of one semaphore belonging to the set."
8522 #: build/C/man7/svipc.7:220
8524 msgid "I<sem_nsems>"
8528 #: build/C/man7/svipc.7:228
8530 "Number of semaphores in the set. Each semaphore of the set is referenced by "
8531 "a nonnegative integer ranging from B<0> to I<sem_nsems-1>."
8535 #: build/C/man7/svipc.7:232
8537 "A semaphore is a data structure of type I<struct sem> containing the "
8538 "following members:"
8541 #. unsigned short semncnt; /* nr awaiting semval to increase */
8542 #. unsigned short semzcnt; /* nr awaiting semval = 0 */
8544 #: build/C/man7/svipc.7:241
8548 " int semval; /* semaphore value */\n"
8549 " int sempid; /* PID for last operation */\n"
8554 #: build/C/man7/svipc.7:243
8560 #: build/C/man7/svipc.7:246
8561 msgid "Semaphore value: a nonnegative integer."
8565 #: build/C/man7/svipc.7:246
8572 #. Number of processes suspended awaiting for
8577 #. Number of processes suspended awaiting for
8581 #: build/C/man7/svipc.7:260
8583 "ID of the last process that performed a semaphore operation on this "
8588 #: build/C/man7/svipc.7:260
8590 msgid "Shared Memory Segments"
8594 #: build/C/man7/svipc.7:268
8596 "A shared memory segment is uniquely identified by a positive integer (its "
8597 "I<shmid>) and has an associated data structure of type I<struct shmid_ds>, "
8598 "defined in I<E<lt>sys/shm.hE<gt>>, containing the following members:"
8602 #: build/C/man7/svipc.7:281
8605 "struct shmid_ds {\n"
8606 " struct ipc_perm shm_perm;\n"
8607 " size_t shm_segsz; /* size of segment */\n"
8608 " pid_t shm_cpid; /* PID of creator */\n"
8609 " pid_t shm_lpid; /* PID, last operation */\n"
8610 " shmatt_t shm_nattch; /* no. of current attaches */\n"
8611 " time_t shm_atime; /* time of last attach */\n"
8612 " time_t shm_dtime; /* time of last detach */\n"
8613 " time_t shm_ctime; /* time of last change */\n"
8618 #: build/C/man7/svipc.7:283
8624 #: build/C/man7/svipc.7:288
8626 "I<ipc_perm> structure that specifies the access permissions on the shared "
8631 #: build/C/man7/svipc.7:288
8633 msgid "I<shm_segsz>"
8637 #: build/C/man7/svipc.7:291
8638 msgid "Size in bytes of the shared memory segment."
8642 #: build/C/man7/svipc.7:291
8648 #: build/C/man7/svipc.7:294
8649 msgid "ID of the process that created the shared memory segment."
8653 #: build/C/man7/svipc.7:294
8659 #: build/C/man7/svipc.7:301
8661 "ID of the last process that executed a B<shmat>(2) or B<shmdt>(2) system "
8666 #: build/C/man7/svipc.7:301
8668 msgid "I<shm_nattch>"
8672 #: build/C/man7/svipc.7:304
8673 msgid "Number of current alive attaches for this shared memory segment."
8677 #: build/C/man7/svipc.7:304
8679 msgid "I<shm_atime>"
8683 #: build/C/man7/svipc.7:309
8684 msgid "Time of the last B<shmat>(2) system call."
8688 #: build/C/man7/svipc.7:309
8690 msgid "I<shm_dtime>"
8694 #: build/C/man7/svipc.7:314
8695 msgid "Time of the last B<shmdt>(2) system call."
8699 #: build/C/man7/svipc.7:314
8701 msgid "I<shm_ctime>"
8705 #: build/C/man7/svipc.7:320
8706 msgid "Time of the last B<shmctl>(2) system call that changed I<shmid_ds>."
8710 #: build/C/man7/svipc.7:333
8712 "B<ipc>(2), B<msgctl>(2), B<msgget>(2), B<msgrcv>(2), B<msgsnd>(2), "
8713 "B<semctl>(2), B<semget>(2), B<semop>(2), B<shmat>(2), B<shmctl>(2), "
8714 "B<shmdt>(2), B<shmget>(2), B<ftok>(3)"
8718 #: build/C/man3/ulimit.3:27
8724 #: build/C/man3/ulimit.3:27
8730 #: build/C/man3/ulimit.3:30
8731 msgid "ulimit - get and set user limits"
8735 #: build/C/man3/ulimit.3:32
8736 msgid "B<#include E<lt>ulimit.hE<gt>>"
8740 #: build/C/man3/ulimit.3:34
8741 msgid "B<long ulimit(int >I<cmd>B<, long >I<newlimit>B<);>"
8745 #: build/C/man3/ulimit.3:46
8747 "Warning: This routine is obsolete. Use B<getrlimit>(2), B<setrlimit>(2), "
8748 "and B<sysconf>(3) instead. For the shell command B<ulimit>(), see "
8753 #: build/C/man3/ulimit.3:53
8755 "The B<ulimit>() call will get or set some limit for the calling process. "
8756 "The I<cmd> argument can have one of the following values."
8760 #: build/C/man3/ulimit.3:53
8762 msgid "B<UL_GETFSIZE>"
8766 #: build/C/man3/ulimit.3:56
8767 msgid "Return the limit on the size of a file, in units of 512 bytes."
8771 #: build/C/man3/ulimit.3:56
8773 msgid "B<UL_SETFSIZE>"
8777 #: build/C/man3/ulimit.3:59
8778 msgid "Set the limit on the size of a file."
8782 #: build/C/man3/ulimit.3:59
8788 #: build/C/man3/ulimit.3:63
8790 "(Not implemented for Linux.) Return the maximum possible address of the "
8795 #: build/C/man3/ulimit.3:63
8801 #: build/C/man3/ulimit.3:67
8803 "(Implemented but no symbolic constant provided.) Return the maximum number "
8804 "of files that the calling process can open."
8808 #: build/C/man3/ulimit.3:74
8810 "On success, B<ulimit>() returns a nonnegative value. On error, -1 is "
8811 "returned, and I<errno> is set appropriately."
8815 #: build/C/man3/ulimit.3:78
8816 msgid "A unprivileged process tried to increase a limit."
8820 #: build/C/man3/ulimit.3:83
8821 msgid "SVr4, POSIX.1-2001. POSIX.1-2008 marks B<ulimit>() as obsolete."
8825 #: build/C/man3/ulimit.3:87
8826 msgid "B<bash>(1), B<getrlimit>(2), B<setrlimit>(2), B<sysconf>(3)"
OSDN Git Service
