mirror of https://github.com/mkerrisk/man-pages
mount.2: Add description of namespace
Describe per-process namespaces, including discussion of clone() and unshare CLONE_NEWNS, and /proc/PID/mounts. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
852ae8c875
commit
0a4d78bbe1
43
man2/mount.2
43
man2/mount.2
|
@ -34,6 +34,8 @@
|
|||
.\" Enhanced descriptions of MS_MOVE, MS_BIND, and MS_REMOUNT
|
||||
.\" Modified 2004-06-17 by Michael Kerrisk <mtk.manpages@gmail.com>
|
||||
.\" 2005-05-18, mtk, Added MNT_EXPIRE, plus a few other tidy-ups.
|
||||
.\" 2008-10-06, mtk: move umount*() material into separate umount.2 page.
|
||||
.\" 2008-10-06, mtk: Add discussion of namespaces.
|
||||
.\"
|
||||
.TH MOUNT 2 2008-10-06 "Linux" "Linux Programmer's Manual"
|
||||
.SH NAME
|
||||
|
@ -373,6 +375,47 @@ would fail with
|
|||
Since Linux 2.4 the set-user-ID and set-group-ID bits are
|
||||
just silently ignored in this case.
|
||||
.\" The change is in patch-2.4.0-prerelease.
|
||||
.SS Per-process Namespaces
|
||||
Starting with kernel 2.4.19, Linux provides per-process namespaces.
|
||||
A namespace is the set of file system mounts that are visible to a process.
|
||||
Namespaces can be (and usually are) shared between multiple processes,
|
||||
and changes to the namespace (i.e., mounts and unmounts) by one process
|
||||
are visible to all other processes sharing the same namespace.
|
||||
(The pre-2.4.19 situation can be considered as one in which there was
|
||||
a single namespace was shared by every process on the system.)
|
||||
|
||||
A child process created by
|
||||
.BR fork (2)
|
||||
shares its parent's namespace;
|
||||
the namespace is preserved across an
|
||||
.BR execve (2).
|
||||
|
||||
A process can obtain a private namespace if:
|
||||
it was created using the
|
||||
.BR clone ()
|
||||
.BR CLONE_NEWNS
|
||||
flag,
|
||||
in which case its new namespace is initialized to be a
|
||||
.I copy
|
||||
of the namespace of the process that called
|
||||
.BR clone ();
|
||||
or it calls
|
||||
.BR unshare (2)
|
||||
with the
|
||||
.BR CLONE_NEWNS
|
||||
flag,
|
||||
which causes the caller's namespace to obtain a private copy
|
||||
of the namespace that it was previously sharing with other processes,
|
||||
so that future mounts and unmounts by the caller are invisible
|
||||
to other processes (except child processes that the caller
|
||||
subsequently creates) and vice versa.
|
||||
|
||||
The Linux-specific
|
||||
.I /proc/PID/self
|
||||
file exposes the list of mount points in the namespace of the process with
|
||||
the specified ID; see
|
||||
.BR proc (5)
|
||||
for details.
|
||||
.SH "SEE ALSO"
|
||||
.BR umount (2),
|
||||
.BR path_resolution (7),
|
||||
|
|
Loading…
Reference in New Issue