LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

mount_namespaces.7: Tweak discussion of "less privileged" mount namespace 

Eric Biederman:

    I hate to nitpick, but I am going to say that when I read
    the text above the phrase "mount namespace of the process
    that created the new mount namespace" feels wrong.

    Either you use unshare(2) and the mount namespace of the
    process that created the mount namespace changes.

    Or you use clone(2) and you could argue it is the new child
    that created the mount namespace.

    Having a different mount namespace at the end of the
    creation operation feels like it makes your phrase confusing
    about what the starting mount namespace is.  I hate to use
    references that are ambiguous when things are changing.

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2019-10-08 23:30:55 +02:00
parent 534755eed9
commit 19416046c5
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
man7/mount_namespaces.7
View File

@ -82,10 +82,11 @@ mount point list seen in the other namespace
Note the following points with respect to mount namespaces:
.IP * 3
Each mount namespace has an owner user namespace.
As noted above, when a new mount namespace is created,
it inherits a copy of the mount points from the mount namespace
of the process that created the new mount namespace.
If the two mount namespaces are owned by different user namespaces,
As explained above, when a new mount namespace is created,
its mount point list is initialized as a copy of the mount point list
of another mount namespace.
If the new namespaces and the namespace from which the mount point list
was copied are owned by different user namespaces,
then the new mount namespace is considered
.IR "less privileged" .
.IP *