Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp394836ybp; Thu, 10 Oct 2019 20:43:01 -0700 (PDT) X-Google-Smtp-Source: APXvYqym1x/9XAhH8FFq46bs0ZyN1asiMLTB62dIbyXFGNZPC6+O+vopP+IzWcyeuKOvf9o8iW48 X-Received: by 2002:a05:6402:649:: with SMTP id u9mr11123166edx.200.1570765381754; Thu, 10 Oct 2019 20:43:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570765381; cv=none; d=google.com; s=arc-20160816; b=C5x3mJ6LHUDICg98ZpAo9gLFEsNZMU6mPwAy1NyQ0CoLRMeOlJ+XPLSqv54TXQ29gg sxlfjyn38eHmn2AIxmb7CCImC4hzvQUQeG9HiDb579or2/3M+IsJ1g6n+ey1xc1nR5WY 2Vt50k1qaVOIpWjISluNCHgXeYX8CCfuQ7SDIE5gPVLWxrl7j271rDIe++xFV9LaFQph 94WN9gbKEh5gKktXuEBmmiSs05ztaMJhdFJ6Og1j9a6s3q9x7cNtiKhetTg48mycIJxy BLV6LDLbkqlIZqtOIlrmcmfrzPik+WNggJCTtFaM3lBrP6fU3gk6wfe5mET/frrr4o2K 7gJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :subject:to:from:date; bh=BzOiiQXSSRz4oSMYR5lEEiRdHlX15XFlv+oAL9leI9Y=; b=lV4eLHKj7q6ZXPNKACIlY4xc8MwZ5QvNGgAeDlYf53Si1BYr52AiM11+x9wBvJDqGG rRb2XB1lc0cCyZSMZYA3OzqSUdYl4VI33m0kwJRvrmikz/1iJRi8usFU6OMXfx9Koxa5 duTa4mSk9LoByeyhAi6Sws960eWNUpY8DH2Gbo4L3O5ZDoTc4NzkLkK2YLoN8Qw+vxTm VI9zyH6M3/eAyHZ4NslwLQchltns49b9qP+M/a9W8Xc+31ifBx28qG497UPK3gBSXZI/ v8ts0AqsvxzdJbWGsgG+mR5ftydURTic3SKNnLk55X6jGTz0l1SDKccW18Bt4eNuzLwn J9dA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f1si4225612eje.338.2019.10.10.20.42.37; Thu, 10 Oct 2019 20:43:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726073AbfJKDme (ORCPT + 99 others); Thu, 10 Oct 2019 23:42:34 -0400 Received: from trent.utfs.org ([94.185.90.103]:51652 "EHLO trent.utfs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726009AbfJKDme (ORCPT ); Thu, 10 Oct 2019 23:42:34 -0400 X-Greylist: delayed 372 seconds by postgrey-1.27 at vger.kernel.org; Thu, 10 Oct 2019 23:42:33 EDT Received: from localhost (localhost [IPv6:::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by trent.utfs.org (Postfix) with ESMTPS id C7D7B5FD09; Fri, 11 Oct 2019 05:36:16 +0200 (CEST) Date: Thu, 10 Oct 2019 20:36:16 -0700 (PDT) From: Christian Kujau To: Micah Morton , Jonathan Corbet , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [TYPO] SafeSetID.rst: Remove spurious '???' characters Message-ID: User-Agent: Alpine 2.21.99999 (DEB 352 2019-06-22) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org While reading SafeSetID.rst I stumbled across those things. This patch removes these spurious '???' characters. Signed-off-by: Christian Kujau diff --git a/Documentation/admin-guide/LSM/SafeSetID.rst b/Documentation/admin-guide/LSM/SafeSetID.rst index 212434ef65ad..7bff07ce4fdd 100644 --- a/Documentation/admin-guide/LSM/SafeSetID.rst +++ b/Documentation/admin-guide/LSM/SafeSetID.rst @@ -56,7 +56,7 @@ setid capabilities from the application completely and refactor the process spawning semantics in the application (e.g. by using a privileged helper program to do process spawning and UID/GID transitions). Unfortunately, there are a number of semantics around process spawning that would be affected by this, such -as fork() calls where the program doesn???t immediately call exec() after the +as fork() calls where the program doesn't immediately call exec() after the fork(), parent processes specifying custom environment variables or command line args for spawned child processes, or inheritance of file handles across a fork()/exec(). Because of this, as solution that uses a privileged helper in @@ -72,7 +72,7 @@ own user namespace, and only approved UIDs/GIDs could be mapped back to the initial system user namespace, affectively preventing privilege escalation. Unfortunately, it is not generally feasible to use user namespaces in isolation, without pairing them with other namespace types, which is not always an option. -Linux checks for capabilities based off of the user namespace that ???owns??? some +Linux checks for capabilities based off of the user namespace that "owns" some entity. For example, Linux has the notion that network namespaces are owned by the user namespace in which they were created. A consequence of this is that capability checks for access to a given network namespace are done by checking -- BOFH excuse #451: astropneumatic oscillations in the water-cooling