From 19416046c54fb023f2daaf8c84644ad11d8fb068 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Tue, 8 Oct 2019 23:30:55 +0200 Subject: [PATCH] mount_namespaces.7: Tweak discussion of "less privileged" mount namespace Eric Biederman: I hate to nitpick, but I am going to say that when I read the text above the phrase "mount namespace of the process that created the new mount namespace" feels wrong. Either you use unshare(2) and the mount namespace of the process that created the mount namespace changes. Or you use clone(2) and you could argue it is the new child that created the mount namespace. Having a different mount namespace at the end of the creation operation feels like it makes your phrase confusing about what the starting mount namespace is. I hate to use references that are ambiguous when things are changing. Reported-by: Eric W. Biederman Signed-off-by: Michael Kerrisk --- man7/mount_namespaces.7 | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/man7/mount_namespaces.7 b/man7/mount_namespaces.7 index 0edf33b17..4bcda5ddf 100644 --- a/man7/mount_namespaces.7 +++ b/man7/mount_namespaces.7 @@ -82,10 +82,11 @@ mount point list seen in the other namespace Note the following points with respect to mount namespaces: .IP * 3 Each mount namespace has an owner user namespace. -As noted above, when a new mount namespace is created, -it inherits a copy of the mount points from the mount namespace -of the process that created the new mount namespace. -If the two mount namespaces are owned by different user namespaces, +As explained above, when a new mount namespace is created, +its mount point list is initialized as a copy of the mount point list +of another mount namespace. +If the new namespaces and the namespace from which the mount point list +was copied are owned by different user namespaces, then the new mount namespace is considered .IR "less privileged" . .IP *