From 0a4d78bbe1f300ff639cf4277c9674d1d9277f76 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Mon, 6 Oct 2008 14:07:03 +0200 Subject: [PATCH] mount.2: Add description of namespace Describe per-process namespaces, including discussion of clone() and unshare CLONE_NEWNS, and /proc/PID/mounts. Signed-off-by: Michael Kerrisk --- man2/mount.2 | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/man2/mount.2 b/man2/mount.2 index 3b5407bb2..aeded11a6 100644 --- a/man2/mount.2 +++ b/man2/mount.2 @@ -34,6 +34,8 @@ .\" Enhanced descriptions of MS_MOVE, MS_BIND, and MS_REMOUNT .\" Modified 2004-06-17 by Michael Kerrisk .\" 2005-05-18, mtk, Added MNT_EXPIRE, plus a few other tidy-ups. +.\" 2008-10-06, mtk: move umount*() material into separate umount.2 page. +.\" 2008-10-06, mtk: Add discussion of namespaces. .\" .TH MOUNT 2 2008-10-06 "Linux" "Linux Programmer's Manual" .SH NAME @@ -373,6 +375,47 @@ would fail with Since Linux 2.4 the set-user-ID and set-group-ID bits are just silently ignored in this case. .\" The change is in patch-2.4.0-prerelease. +.SS Per-process Namespaces +Starting with kernel 2.4.19, Linux provides per-process namespaces. +A namespace is the set of file system mounts that are visible to a process. +Namespaces can be (and usually are) shared between multiple processes, +and changes to the namespace (i.e., mounts and unmounts) by one process +are visible to all other processes sharing the same namespace. +(The pre-2.4.19 situation can be considered as one in which there was +a single namespace was shared by every process on the system.) + +A child process created by +.BR fork (2) +shares its parent's namespace; +the namespace is preserved across an +.BR execve (2). + +A process can obtain a private namespace if: +it was created using the +.BR clone () +.BR CLONE_NEWNS +flag, +in which case its new namespace is initialized to be a +.I copy +of the namespace of the process that called +.BR clone (); +or it calls +.BR unshare (2) +with the +.BR CLONE_NEWNS +flag, +which causes the caller's namespace to obtain a private copy +of the namespace that it was previously sharing with other processes, +so that future mounts and unmounts by the caller are invisible +to other processes (except child processes that the caller +subsequently creates) and vice versa. + +The Linux-specific +.I /proc/PID/self +file exposes the list of mount points in the namespace of the process with +the specified ID; see +.BR proc (5) +for details. .SH "SEE ALSO" .BR umount (2), .BR path_resolution (7),