QNX Neutrino 6.6

New entries

acl_add_perm()
Add a permission to an access control list (ACL) permissions set
acl_calc_mask()
Calculate the group class mask for an access control list (ACL)
acl_clear_perms()
Clear all permissions from an ACL permissions set
acl_copy_entry()
Copy the contents of one ACL entry into another
acl_copy_ext()
Copy an ACL from system space to user space
acl_copy_int()
Copy an ACL from user space to system space
acl_create_entry()
Create an entry in an access control list
acl_delete_entry()
Delete an entry from an access control list (ACL)
acl_del_perm()
Delete a permission from an ACL permissions set
acl_dup()
Duplicate an access control list (ACL) in a working storage area
acl_free()
Free the working storage area allocated for an access control list (ACL) data object
acl_from_text()
Create an access control list (ACL) from text
acl_get_entry()
Get an entry in an access control list (ACL)
acl_get_fd()
Get the access control list associated with a file descriptor
acl_get_file()
Get the ACL for a given path
acl_get_permset()
Get a permissions set from an ACL entry
acl_get_qualifier()
Get the qualifier from an ACL entry
acl_get_tag_type()
Get the type of tag from an ACL entry
acl_init()
Allocate and initialize an access control list (ACL) working storage area
acl_set_fd()
Set the access ACL for the object associated with a file descriptor
acl_set_file()
Set the access control list for a path
acl_set_permset()
Set the permissions set in an ACL entry
acl_set_qualifier()
Set the qualifier for an ACL entry
acl_set_tag_type()
Set the tag type of an ACL entry
acl_size()
Determine the size of the external form of an ACL
acl_to_text()
Convert an access control list (ACL) into text
acl_valid()
Validate an access control list (ACL)
aio_read64()
Asynchronously read from a file
aio_write64()
Asynchronously write to a file
aiocb64
Asynchronous I/O control block
ConnectClientInfoAble()
Store extended information about a client connection, including abilities
ClientInfoExtFree()
Free the structure used for extended information about a client connection
ConnectClientInfoExt()
Store extended information about a client connection
dhcpctl*()
Functions for controlling DHCP
dirent64
Data structure for a directory entry
fdistrusted()
Determine if a file is trusted
fs_crypto_check()
Determine if the underlying filesystem supports encryption
fs_crypto_domain_add()
Create a domain
fs_crypto_domain_key_change()
Change the key for a domain
fs_crypto_domain_key_check()
Determine if a given domain key is valid
fs_crypto_domain_key_size()
Return the size of keys used for filesystem encryption
fs_crypto_domain_lock()
Lock a domain
fs_crypto_domain_query()
Get status information for a domain
fs_crypto_domain_remove()
Destroy a domain
fs_crypto_domain_unlock()
Unlock a domain
fs_crypto_enable()
Enable encryption support on a filesystem
fs_crypto_enable_option()
Enable encryption support on a filesystem
fs_crypto_file_get_domain()
Get the domain for a file or directory
fs_crypto_file_set_domain()
Set the domain for a file or directory
fs_crypto_key_gen()
Generate an encryption key from a password
fs_crypto_migrate_control()
Control encryption migration within the filesystem
fs_crypto_migrate_path()
Mark an entire directory for migration into an encrypted domain
fs_crypto_migrate_status()
Get the status of migration in the filesystem
fs_crypto_migrate_tag()
Mark a file for migration into an encrypted domain
fs_crypto_set_logging()
Set the logging destination and verbosity.
gettid()
Get the thread ID
grantpt()
Grant access to a slave pseudo-terminal device
InterruptCharacteristic(), InterruptCharacteristic_r()
Get or set a characteristic associated with an interrupt
inotify_add_watch()
Add or update a watch for filesystem events associated with a path
inotify_event
Structure that describes a watched filesystem event
inotify_init()
Initialize the inode notify system
inotify_rm_watch()
Remove the watch associated with the given watch descriptor
iofunc_acl()
Handle an _IO_ACL message
iofunc_acl_default()
Default handler for the acl callout
iofunc_client_info_able()
Store information about a client connection, including abilities.
iofunc_client_info_ext()
Store information about a client connection. This function is an extended version of iofunc_client_info()—which is now deprecated—that can handle more than NGROUPS_MAX supplementary groups.
iofunc_client_info_ext_free()
Free the structure used for information about a client connection
iofunc_devctl_verify()
Perform validation that's common to all handlers for _IO_DEVCTL messages
isblank()
Test a character to see if it's a blank character
iswblank()
Test a wide character to see if it's a blank character
hwi_next_item()
Find the next item in the hwinfo structure
hwi_next_tag()
Find the next tag in the hwinfo structure
lio_listio64()
Initiate a list of I/O requests
lldiv()
Perform division on long long integers
lockf64()
Lock or unlock a section of a file
memset_s()
Securely set memory to a given value
OMAPI
Object Management Application Programming Interface
posix_fadvise(), posix_fadvise64()
Provide advisory information about the expected use of a file
posix_fallocate(), posix_fallocate64()
Allocate space for a file on the filesystem
posix_madvise()
Provide advisory information about the expected use of memory
posix_openpt()
Open a pseudo-terminal device
procmgr_ability()
Control a process's ability to perform certain operations
procmgr_timer_tolerance()
Get or set the default timer tolerance for a process
pthread_attr_getstack()
Get the thread-creation stack attributes
pthread_attr_setstack()
Set the thread-creation stack attributes
ptsname()
Get the name of a slave pseudo-terminal device
ptsname_r()
Get the name of a slave pseudo-terminal device (reentrant)
readdir64()
Read a directory entry
set_lowest_fd()
Specify the lowest acceptable file descriptor
slog2c()
Log a constant string in a slog2 buffer
slog2f()
Log a printf-style string in a slog2 buffer
slog2fa()
Log a printf-style string in a slog2 buffer
slog2_get_verbosity()
Get the verbosity level for the entire buffer set
slog2_register()
Register and allocate a new slog2 buffer set
slog2_reset()
Reset the state of slogger2 for the process
slog2_set_default_buffer()
Set the default slog2 logging buffer
slog2_set_verbosity()
Set the verbosity level for the entire buffer set
strnlen()
Compute the length of a string, to a maximum number of bytes
sysmgr_runstate_burst()
Ask the system to turn on dynamically offlined CPUs
truncate64()
Truncate a file to a specified length
unlockpt()
Unlock a pseudo-terminal master/slave pair
vslog2f()
Log a printf-style string in a slog2 buffer (varargs)
waitfor()
Wait for a path to appear

Discontinued

We've deprecated our version of SNMP:

Use a third-party solution instead.

Changed content

ChannelCreate()
  • There's a new _NTO_CHF_PRIVATE flag that you can use to mark the channel as being private.
  • More than one channel in a process can now have one or both of _NTO_CHF_COID_DISCONNECT and _NTO_CHF_THREAD_DEATH set.
clock_settime(), ClockTime()
The ability to set the system time is now controlled by the PROCMGR_AID_CLOCKSET ability, which you can set by calling procmgr_ability().
ClockPeriod()
  • The ability to change the clock period is now controlled by the PROCMGR_AID_CLOCKPERIOD ability, which you can set by calling procmgr_ability().
  • This function now returns the period for all valid clock IDs.
confstr()
  • The ability to set configuration strings is now controlled by the PROCMGR_AID_CONFSET ability, which you can set by calling procmgr_ability().
  • The documentation now states that if the value, including the terminating NULL, is greater than len bytes long, it's truncated to len - 1 bytes and terminated with a NULL character.
ConnectAttach()
The ability to establish a connection between a process and a channel is now controlled by the PROCMGR_AID_CONNECTION ability, which you can set by calling procmgr_ability().
ConnectClientInfo()
We've described the flags member of the _client_info structure.
ConnectFlags()
  • There's a new _NTO_COF_INSECURE flag that the kernel sets if the client program replaces its process image (e.g., by calling exec*()) with a setuid or setgid binary. Until the process that owns the channel clears this flag, calls to MsgDeliverEvent() fail with an error of EACCES. ConnectFlags() now fails with an error of EINVAL if the mask includes any invalid bits.
  • The ability to change the connection flags on a coid for another process with a different user ID is now controlled by the PROCMGR_AID_CONNECTION ability, which you can set by calling procmgr_ability().
crypt()
We've deprecated the version of this function in libc. You should use the improved version that's in liblogin.
devctl()
This function returns ENXIO if there's no such device or address (e.g., there's no media available to be loaded in the device represented by the file descriptor).
dlopen()
The ability to load shared objects is now controlled by the PROCMGR_AID_PROT_EXEC ability, which you can set by calling procmgr_ability().
errno
  • EALREADY is now defined as EALREADY_NEW, so that EALREADY and EBUSY have different values, as specified by POSIX. For more information, see "Changes to EALREADY" in the documentation for errno.
  • We've added the numerical value for each error code, and indicated which constants are defined by POSIX.
execl(), execle(), execlp(), execlpe(), execv(), execve(), execvp(), execvpe()
The ability to create child processes is now controlled by the PROCMGR_AID_SPAWN ability, which you can set by calling procmgr_ability().
flock()
You no longer have to open a file with write permission in order to apply a lock on it.
fork()
  • The ability to fork processes is now controlled by the PROCMGR_AID_FORK ability, which you can set by calling procmgr_ability().
  • You can now fork a multithreaded process. The child process has a single thread, regardless of the number that the parent process has.
    Note: If your program uses mutexes, you need to register a pthread_atfork() handler that locks all the mutexes before you fork.
fscanf(), fwscanf()
Note that these functions are generally considered to be unsafe for string handling. We've improved the examples by adding limits to the number of characters to be read.
getaddrinfo()
This function is now thread-safe, as required by POSIX.
getgrouplist()
This function no longer ignores the basegid argument, but automatically adds it to the list of group IDs.
getgroups()
This function can now return up to sysconf(_SC_NGROUPS_MAX) group IDs. The limit used to be NGROUPS_MAX.
getifaddrs()
This function can set errno to ENOMEM if the system is out of memory, or the interface list was growing while getifaddrs() was executing.
getnameinfo()
This function is now thread-safe, as required by POSIX.
getpgid(), getsid()
The ability to get the group ID or session ID of a process outside the calling process's session is now controlled by the PROCMGR_AID_GETID ability, which you can set by calling procmgr_ability().
getsockopt()
You can now use the SO_BINDTODEVICE option for UDP, TCP, and RAW sockets.
h_errno
This variable is now thread-safe.
initgroups()
This function can now handle up to sysconf(_SC_NGROUPS_MAX) group IDs. The limit used to be NGROUPS_MAX.
InterruptAttach()
  • The ability to attach interrupt handlers and events is now controlled by the PROCMGR_AID_INTERRUPT ability. Threads that call these functions (except for InterruptHookIdle()) also need I/O privileges, which are controlled by the PROCMGR_AID_IO ability. Use procmgr_ability() to enable these abilities.
  • We've listed where to look for interrupt vector numbers for your board.
InterruptAttach(), InterruptAttachEvent(), InterruptHookIdle(), InterruptHookTrace()
The ability to attach interrupt handlers and events is now controlled by the PROCMGR_AID_INTERRUPT ability. Threads that call these functions (except for InterruptHookIdle()) also need I/O privileges, which are controlled by the PROCMGR_AID_IO ability. Use procmgr_ability() to enable these abilities.
iofunc_attr_init()
In general, there isn't a "correct" set of permissions to use for the resource; you should restrict them according to what you want other processes and users to be able to do with your resource manager.
iofunc_ocb_calloc()
This function sets errno to ENFILE if it can't allocate the OCB. If you override this function in your resource manager, your replacement function should do the same.
iofunc_mmap()
The io_mmap_t structure now includes a new input field, required_prot, and a new output field, allowed_prot.
iofunc_stat(), iofunc_stat_default()
These functions now return an errno value if an error occurred.
iofunc_write_verify()
This function now returns EBADMSG if the length of the message is invalid.
isalnum(), isalpha(), isblank(), iscntrl(), isdigit(), isgraph(), islower(), isprint(), ispunct(), isspace(), isupper(), isxdigit()
Note that these functions take an integer argument, but the value must be representable as an unsigned char or be EOF; the behavior for other values is undefined.
iswalnum(), iswalpha(), iswblank(), iswcntrl(), iswdigit(), iswgraph(), iswlower(), iswprint(), iswpunct(), iswspace(), iswupper(), iswxdigit()
Note that these functions take a wint_t argument, but the value must be a wide-character code that corresponds to a valid character in the current locale, or must be WEOF; the behavior for other values is undefined.
kill()
The ability to send signals is now controlled by the PROCMGR_AID_SIGNAL ability, which you can set by calling procmgr_ability().
malloc()
  • The heap is protected by such security measures as address space layout randomization (ASLR) and heap cookies.
  • The MALLOC_MEMORY_BANDCONFIG environment variable is now ignored.
mallopt()
We've replaced libmalloc with librcheck.
memalign()
This function now indicates an error of EINVAL if the given alignment is greater than the value of the MALLOC_MAX_ALIGNMENT environment variable.
memccpy()
In order to conform to POSIX, this function now converts its c argument into an unsigned char.
memcpyv()
We've improved the example.
mlock(), mlockall()
The ability to lock memory is now controlled by the PROCMGR_AID_MEM_LOCK ability, which you can set by calling procmgr_ability().
mmap()
  • The ability to do certain operations is now controlled by procmgr_ability():
    The ability to: Is controlled by:
    Map fixed addresses PROCMGR_AID_MAP_FIXED
    Map physical memory PROCMGR_AID_MEM_PHYS
    Map memory as executable PROCMGR_AID_PROT_EXEC
  • This function gives an error of EACCES if you specify PROT_EXEC for a memory-mapped file mapping, the file doesn't have execute permission for the client process, and procnto was started with the -mX option.
mmap_device_io(), mmap_device_memory()
In order to map physical memory, your process needs to have the PROCMGR_AID_MEM_PHYS ability enabled. See procmgr_ability().
mprotect()
This function gives an error of EACCES if you specify PROT_EXEC for a memory-mapped file mapping, the file doesn't have execute permission for the client process, and procnto was started with the -mX option.
MsgDeliverEvent()
  • As a convenience, you can specify a rcvid of 0 to target the event at the active thread.
  • If the client program replaces its process image (e.g., by calling exec*()) with a setuid or setgid binary, the kernel now sets the _NTO_COF_INSECURE flag on the channel. Until the process that owns the channel uses ConnectFlags() to clear this flag, calls to MsgDeliverEvent() fail with an error of EACCES.
_msg_info
There's a new _NTO_MI_CONSTRAINED flag that indicates that the message was received from a resource-constrained client.
MsgKeyData()
  • The ability to pass the data is now controlled by the PROCMGR_AID_KEYDATA ability, which you can set by calling procmgr_ability().
  • Depending on your system's security requirements, you can use as a key a statistically random number returned by rand() or a value read from the more secure random number generator, /dev/random.
MsgReply(), MsgReplyv()
These functions indicate an error of ENOREMOTE if the reply has to go across the network, and Qnet isn't running.
open()
The supported flags now include:
  • O_NOFOLLOW — if the last component in the path is a symlink, make the open fail with an error of ELOOP.
  • O_NOSYMLINK — if any component in the path is a symlink, make the open fail with an error of ELOOP.

Note that the O_ASYNC flag isn't currently supported.

pathmgr_symlink()
  • The ability to create the symbolic link is now controlled by the PROCMGR_AID_PATHSPACE ability, which you can set by calling procmgr_ability().
  • Note that you can get some surprising results if you create a symbolic link to a directory that's a symbolic link to somewhere else. For more information, see "Symbolic links" in the Working with Filesystems chapter of the QNX Neutrino User's Guide.
poll()
If the remote end of a socket is closed, poll() now indicates both POLLIN and POLLHUP events.
posix_memalign()
This function now indicates an error of EINVAL if the given alignment is greater than the value of the MALLOC_MAX_ALIGNMENT environment variable.
posix_spawn(), posix_spawnp()
  • The ability to do certain operations is controlled by procmgr_ability():
    The ability to: Is controlled by:
    Spawn new processes PROCMGR_AID_SPAWN
    Set the group ID of the child process PROCMGR_AID_SPAWN_SETGID
    Set the user ID of the child process PROCMGR_AID_SPAWN_SETUID
    Create a new application ID for the child process PROCMGR_AID_CHILD_NEWAPP
  • The following flags are new:
    • POSIX_SPAWN_SETSID
    • POSIX_SPAWN_DEBUG
    • POSIX_SPAWN_EXEC
    • POSIX_SPAWN_NEWAPP
    • POSIX_SPAWN_SEARCH_PATH
    • POSIX_SPAWN_CHECK_SCRIPT
    • POSIX_SPAWN_PADDR64_SAFE
    • POSIX_SPAWN_TCSETPGROUP
  • Note that in the QNX Neutrino implementation, fork handlers aren't run when you call these functions.
procmgr_event_notify(), procmgr_event_trigger()
  • The ability to trigger privileged events is now controlled by the PROCMGR_AID_EVENT ability, which you can set by calling procmgr_ability().
  • There's a new PROCMGR_EVENT_TOD event that's triggered when a process changed the time of day.
procmgr_session()
  • The ability to use the PROCMGR_SESSION_SETSID event is now controlled by the PROCMGR_AID_PGRP ability; the ability to use the PROCMGR_SESSION_SETPGRP, PROCMGR_SESSION_SIGNAL_PID, PROCMGR_SESSION_SIGNAL_PGRP, and PROCMGR_SESSION_SIGNAL_LEADER events is now controlled by the PROCMGR_AID_SESSION ability. You can set these abilities by calling procmgr_ability().
  • The node descriptor that you pass to this function must currently be ND_LOCAL_NODE, or you'll get an error of ENOREMOTE.
pthread_cond_timedwait(), pthread_cond_wait()
This functions give an error of EINVAL if the mutex has died.
pthread_kill()
The ability to send a signal to a thread is now controlled by the PROCMGR_AID_SIGNAL ability, which you can set by calling procmgr_ability().
pthread_mutex_lock()
  • This function gives an error of EINVAL if the mutex has died.
  • The sample code now checks for errors.
pthread_mutex_setprioceiling(), pthread_mutexattr_setprioceiling(), pthread_mutexattr_setprotocol()
The ability to set a mutex's priority ceiling to a value that's above the maximum priority for an unprivileged process is now controlled by the PROCMGR_AID_PRIORITY ability, which you can set by calling procmgr_ability().
pthread_mutex_timedlock(), pthread_mutex_timedlock_monotonic(), pthread_mutex_trylock()
This functions give an error of EINVAL if the mutex has died.
pthread_setschedparam(), pthread_setschedprio()
  • In order to set a thread's priority to a value above the maximum allowed for an unprivileged process, a process must now have the PROCMGR_AID_PRIORITY ability enabled. See procmgr_ability().
  • You can wrap the new priority in one these macros to specify how to handle out-of-range priority requests:
    • SCHED_PRIO_LIMIT_ERROR(prio) — indicate an error
    • SCHED_PRIO_LIMIT_SATURATE(prio) — use the maximum allowed priority (reach a "maximum saturation point")

    If procnto was started with a -P option ending with s or S, out-of-range priority requests by default "saturate" at the maximum allowed value.

pthread_sigmask()
The ability to change the signal mask is now controlled by the PROCMGR_AID_SIGNAL ability, which you can set by calling procmgr_ability().
readdir_r()
Some filesystems support names that are longer than the value of NAME_MAX. You can use pathconf() with _PC_NAME_MAX to determine the maximum number of bytes (not including the terminating null) allowed in a file name for a particular filesystem.
resmgr_attach()
  • The flags field in the resmgr_attr_t structure has a new flag, RESMGR_FLAG_RCM, that makes the resource manager automatically adopt the client's resource constraint mode when handling a request.
  • The ability to add names to the pathname space is now controlled by the PROCMGR_AID_PATHSPACE ability, which you can set by calling procmgr_ability().
  • Note that if multiple registrations are made with _RESMGR_FLAG_BEFORE or _RESMGR_FLAG_AFTER, then all BEFORE registrations are resolved first in FIFO order, followed by the non-flagged registrations in LIFO order, and then all AFTER registrations in LIFO order.
rsrcdbmgr_attach(), rsrcdbmgr_detach()
The ability to reserve a system resource for a process or return one to the resource database is now controlled by the PROCMGR_AID_RSRCDBMGR ability, which you can set by calling procmgr_ability().
scanf()
Note that this function is generally considered to be unsafe for string handling. We've improved the example by adding limits to the number of characters to be read.
SchedCtl()
  • In order to perform certain privileged operations, your process must now have the PROCMGR_AID_APS_ROOT ability enabled (see procmgr_ability()).
  • The SCHED_APS_SCHEDPOL_BMP_SAFETY scheduling policy has been discontinued. If you try to choose this policy, SchedCtl() now indicates an error of EINVAL.
SchedGet(), SchedSet()
In order to get or set the scheduling policy for a thread whose real or saved user ID is different from the calling process's real or effective user ID, the calling process must now have the PROCMGR_AID_SCHEDULE ability enabled. See procmgr_ability().
sched_param
When you're setting the priority, you can wrap the new priority in one these macros to specify how to handle out-of-range priority requests:
  • SCHED_PRIO_LIMIT_ERROR(p) — indicate an error
  • SCHED_PRIO_LIMIT_SATURATE(p) — use the maximum allowed priority (reach a "maximum saturation point")

If procnto was started with a -P option ending with s or S, out-of-range priority requests by default "saturate" at the maximum allowed value.

sched_setparam(), sched_setscheduler(), SchedSet(), setprio()
In order to set a thread's priority to a value above the maximum allowed for an unprivileged process, a process must now have the PROCMGR_AID_PRIORITY ability enabled. See procmgr_ability().
setegid(), setgid(), setregid(), setgroups()
The ability to set a process's group ID, effective group ID, real and effective group IDs, or supplementary group IDs is now controlled by the PROCMGR_AID_SETGID ability, which you can set by calling procmgr_ability().
setgroups()
This function can now handle up to sysconf(_SC_NGROUPS_MAX) group IDs. The limit used to be NGROUPS_MAX.
seteuid(), setreuid(), setuid()
The ability to set a process's user ID, effective user ID, or both is now controlled by the PROCMGR_AID_SETUID ability, which you can set by calling procmgr_ability().
setpgrp()
The ability to is now controlled by the PROCMGR_AID_PGRP ability, which you can set by calling procmgr_ability(). This ability is enabled by default (for POSIX conformance).
setprio()
You can wrap the new priority in one these macros to specify how to handle out-of-range priority requests:
  • SCHED_PRIO_LIMIT_ERROR(prio) — indicate an error
  • SCHED_PRIO_LIMIT_SATURATE(prio) — use the maximum allowed priority (reach a "maximum saturation point")

If procnto was started with a -P option ending with s or S, out-of-range priority requests by default "saturate" at the maximum allowed value.

setrlimit()
  • In order to raise the value of a hard limit, the process must now have the PROCMGR_AID_RLIMIT ability enabled. See procmgr_ability().
  • There's a new RLIMIT_FREEMEM resource that you can use to limit the total memory usage.
setsid()
The ability to create new sessions is now controlled by the PROCMGR_AID_PGRP ability, which you can set by calling procmgr_ability().
shm_ctl(), shm_ctl_special()
  • The ability to use the SHMCTL_GLOBAL flag is now controlled by the PROCMGR_AID_MEM_GLOBAL ability, which you can set by calling procmgr_ability().
  • There's a new SHMCTL_NODEFRAG flag that you can use with SHMCTL_PHYS | SHMCTL_ANON to specify that you want physically contiguous memory, but not so much that you're willing to wait for defragmentation. If contiguous memory isn't immediately available, the call gives an error of ENOMEM, and you can retry with just SHMCTL_ANON if you're willing to accept discontiguity.
  • There's a new SHMCTL_REPEAT flag that you can use to create a strided physical object.
  • These functions set errno to more explanatory values.
  • On x86 platforms, SHMCTL_LAZYWRITE now causes Write Combining to be used.
sigaction(), signal()
The ability to specify the action for a signal is now controlled by the PROCMGR_AID_SIGNAL ability, which you can set by calling procmgr_ability().
SignalAction()
  • The ability to specify the action for a signal is now controlled by the PROCMGR_AID_SIGNAL ability, which you can set by calling procmgr_ability().
  • Note that the sigstub argument can be NULL if act is also NULL.
  • Note that SIGDEADLK and SIGEMT refer to the same signal.
SignalKill()
  • The ability to send signals is now controlled by the PROCMGR_AID_SIGNAL ability, which you can set by calling procmgr_ability().
  • There's a new SIG_APPID flag that you can OR into the signo argument. This tells SignalKill() to send the signal to all the processes with an application ID that matches the pid argument.
  • If the node descriptor is for a remote node, but the network manager isn't running, you get an error of ENOREMOTE.
SignalProcmask(), sigprocmask()
The ability to change the signal mask is now controlled by the PROCMGR_AID_SIGNAL ability, which you can set by calling procmgr_ability().
sigqueue()
The ability to send signals is now controlled by the PROCMGR_AID_SIGNAL ability, which you can set by calling procmgr_ability().
socketpair()
We've made the example clearer.
spawn(), spawnl(), spawnle(), spawnlp(), spawnlpe(), spawnp(), spawnv(), spawnve(), spawnvp(), spawnvpe()
  • The ability to create child processes is now controlled by the PROCMGR_AID_SPAWN ability, and the ability to create a new application ID for the child process is controlled by the PROCMGR_AID_CHILD_NEWAPP ability. You can set these abilities by calling procmgr_ability().
  • There's a new SPAWN_NEWAPP flag that makes spawn*() assign a new application ID to the process. If you don't set this flag, the process inherits the parent's application ID.
strtok_r()
Note that you might want to keep a copy of the original string because strtok_r() is likely to modify it.
SyncCtl()
The ability to attach a pulse to a mutex is now controlled by the PROCMGR_AID_CONNECTION ability, which you can set by calling procmgr_ability().
SyncMutexEvent()
  • The ability to attach a pulse to a mutex is now controlled by the PROCMGR_AID_CONNECTION ability, which you can set by calling procmgr_ability().
  • The documentation now explains that the event is delivered when a mutex moves to the DEAD state. There's also a description of how you might manage the death of a process that has a mutex locked.
SyncTypeCreate(), SyncTypeCreate_r()
These functions give an error of EBUSY if the given synchronization object was previously initialized but hasn't been destroyed.
sysmgr_reboot()
The ability to reboot your computer is now controlled by the PROCMGR_AID_REBOOT ability, which you can set by calling procmgr_ability().
SYSPAGE_ENTRY()
You can use this function to query CPU-specific information, such as whether or not the processor supports NEON.
tcsetpgrp()
The ability to set the process group ID is now controlled by the PROCMGR_AID_SESSION ability, which you can set by calling procmgr_ability().
ThreadCreate()
We've documented the __guardsize and __prealloc members of the _thread_attr structure.
ThreadCtl()
  • There's a new _NTO_TCTL_IO_PRIV command that's similar to _NTO_TCTL_IO but also requests that the thread be put into System (privileged) execution mode on ARM targets.
  • There's a new command, _NTO_TCTL_RCM_GET_AND_SET, that you can use to enter or leave resource-constrained mode.
  • On ARMv7 targets, the _NTO_TCTL_ALIGN_FAULT command is now ignored; you can no longer control the alignment-fault behavior on a per-thread basis on these targets. You can set the global behavior by using the -ad or -ae option to procnto*.
  • The ability to superlock the process's memory and request I/O privileges by using PROCMGR_AID_IO is now controlled by the PROCMGR_AID_IO ability, which you can set by calling procmgr_ability().
timer_create(), TimerCreate(), timer_getexpstatus(), timer_getoverrun(), timer_gettime(), TimerInfo()
The ability to create a timer that sends a pulse is now controlled by the PROCMGR_AID_TIMER ability, which you can set by calling procmgr_ability().
TimerInfo()
  • The ability to get timer information is now controlled by the PROCMGR_AID_TIMER ability, which you can set by calling procmgr_ability().
  • The flags argument has a new bit: _NTO_TI_REPORT_TOLERANCE. If you specify it, the function stores the timer tolerance in the otime.interval_nsec member of the _timer_info structure.
  • If the timer is a precise timer, _NTO_TI_PRECISE is set in the flags member of the _timer_info structure.
timer_settime(), TimerSettime()
The following flags are new (as QNX Neutrino extensions for timer_settime()):
  • TIMER_PRECISE — override any default tolerance that was set for the process (see procmgr_timer_tolerance()).
  • TIMER_TOLERANCE — specify the amount of the tolerance to allow the kernel in low-power situations.
TimerTimeout(), timer_timeout()
You can OR TIMER_TOLERANCE into the flags argument if you want to specify the amount of the tolerance to allow the kernel in low-power situations. You can't use TIMER_TOLERANCE and TIMER_ABSTIME in the same call.

If you're setting an expiration time (i.e., you didn't specify TIMER_TOLERANCE), you can OR in TIMER_PRECISE to override any default tolerance that was set for the process.

tm
Note that the tm_zone pointer in this structure could become stale or invalid after the next call to tzset().
tolower(), toupper()
Note that these functions take an integer argument, but the value must be representable as an unsigned char or be EOF; the behavior for other values is undefined.
towlower(), towupper()
Note that these functions take a wint_t argument, but the value must be a wide-character code that corresponds to a valid character in the current locale, or must be WEOF; the behavior for other values is undefined.
TraceEvent()
  • The ability to add handlers for trace events or allocate the instrumented kernel's trace buffers is now controlled by the PROCMGR_AID_TRACE ability, which you can set by calling procmgr_ability().
  • There's a new _NTO_TRACE_SETBUFFER command that you can use to specify some previously allocated physical memory to use as the trace buffer. The intended application is to place the buffer in an area of memory that will be preserved across system resets, facilitating post-crash analysis.
UNIX-domain protocol family
We now support abstract Unix-domain sockets, which are indicated by an address whose leading byte is '\0'. They don't create nodes in the path space, which in turn means they don't need to be unlinked.
vfscanf(), vfwscanf(), vscanf(), vwscanf()
Note that these functions are generally considered to be unsafe for string handling. We've improved the examples by adding limits to the number of characters to be read.
wait(), wait3(), wait4(), waitid(), waitpid()
The ability to wait for the status of a terminated child process whose real or saved user ID is different from the calling process's real or effective user ID is now controlled by the PROCMGR_AID_WAIT ability, which you can set by calling procmgr_ability().
wscanf()
Note that this function is generally considered to be unsafe for string handling.

Errata

abs()
The behavior of this function is undefined if the result can't be represented as an int.
bt_sprnf_addrs()
This function returns -1 and sets errno if an error occurred.
Cancellation points
POSIX specifies a list of functions that must have cancellation points that occur when a thread is executing, and another of functions that may have cancellation points. No other function defined by POSIX can have cancellation points.

The following functions must have cancellation points but weren't marked as having them in the documentation:

The following functions are defined by POSIX, are not permitted by POSIX to be cancellation points, but were marked as such in the documentation:

The following functions have cancellation points:

ConnectDetach()
We've clarified what happens if client threads are SEND- or REPLY-blocked on the connection being detached.
devctl()
This function returns ENOTTY, not ENOSYS, if the device doesn't support the given command.
dup2()
  • We've corrected the list of error codes.
  • This call:
    dup_filedes = dup2( filedes, filedes2 );
        

    isn't necessarily the same as:

    close( filedes2 );
    dup_filedes = fcntl( filedes, F_DUPFD, filedes2 );
        
InterruptStatus()
We've corrected the synopsis.
iofunc_open_default()
This function doesn't call resmgr_open_bind() directly; it calls iofunc_ocb_attach(), which calls resmgr_open_bind() in turn.
mbtowc()
This function isn't safe to use in multithreaded programs; use mbrtowc() instead.
MsgDeliverEvent()
We've corrected the description of the circumstances that could cause an error of ESRVRFAULT.
MsgRead(), MsgReadv(), MsgReceive(), MsgReceivePulse(), MsgReceivePulsev(), MsgReceivev(), MsgWrite(), MsgWritev()
We've corrected the description of the circumstances that could cause an error of EFAULT.
MsgSend(), MsgSendnc(), MsgSendPulse(), MsgSendsv(), MsgSendsvnc(), MsgSendv(), MsgSendvnc(), MsgSendvs(), MsgSendvsnc()
We've corrected the description of the circumstances that could cause an error of ESRVRFAULT.
munmap_flags()
We've corrected the names of the UNMAP_INIT_REQUIRED and UNMAP_INIT_OPTIONAL flags.
name_attach(), name_open()
A server that calls name_attach() receives an _IO_CONNECT message when a client calls name_open() only if the global name service, gns, is running.
poll()
Not all managers support POLLWRBAND.
posix_mem_offset()
We've corrected the description of this function.
printf()
It isn't true that if you give a precision specifier of *, but there's no precision value in the argument list, a precision of 0 is used. The compiler gives you a warning if you don't provide the right number of arguments or if the argument types don't match those indicated by the format string.
pthread_cond_destroy()
If another thread is blocked on the condition variable, this function doesn't return EBUSY; instead, that thread becomes unblocked.
realpath()
If resolved_name is NULL, the function allocates a buffer of the size indicated by _PC_PATH_MAX for storing the real path information in. You're responsible for freeing the memory.
sbrk()
We've corrected the example.
sched_param
The sched_ss_init_budget must be smaller than sched_ss_repl_period.
sigaction(), SignalAction()
If you set the action for SIGCHLD to SIG_DFL, the signal is ignored, but the process's children can still become zombies. They don't become zombies if you set the action for SIGCHLD to SIG_IGN.
signal()
If you want to terminate your program from a signal handler, call _exit(), not exit().
strptime()
The classification for this function is POSIX 1003.1 XSI.
SyncDestroy()
The owner of a locked mutex is able to destroy it.
SyncTypeCreate()
  • You should treat the sync_t synchronization object as opaque.
  • The names of the members of the _sync_attr structure start with two underscores.
  • The synchronization object isn't always local to the process.
tcsetsid()
Both arguments to this function are declared as const.
tell64()
The classification for this function is QNX Neutrino.
ThreadCreate()
  • The names of the members of the _thread_attr structure all start with two underscores (__).
  • If the __stackaddr member of the thread attributes structure is NULL, then the __stacksize member specifies the minimum size of stack to dynamically allocate. If you set __stacksize to zero, then a system-defined amount is used.
  • If the __stackaddr member of the thread attributes structure isn't NULL, then if the __stacksize member is less than PTHREAD_STACK_MIN, the call fails with an error of EINVAL.
TimerTimeout(), timer_timeout()
You can OR TIMER_ABSTIME into the flags argument if you want to set an absolute expiration time.
umount()
This function sets errno if an error occurs.