user_namespaces.7: Document /proc/PID/projid_map

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2021-08-16 01:59:42 +02:00 · 2021-08-16 01:59:42 +02:00 · 213e259e97
parent 6486faa956
commit 213e259e97
1 changed files with 42 additions and 0 deletions
--- a/man7/user_namespaces.7
+++ b/man7/user_namespaces.7
@ -669,6 +669,48 @@ Writes that violate the above rules fail with the error
 .\"
 .\" ============================================================
 .\"
+.SS Project ID mappings: projid_map
+Similarly to user and group ID mappings,
+it is possible to create project ID mappings for a user namespace.
+(Project IDs are used for disk quotas; see
+.BR setquota (8)
+and
+.BR quotactl (2).)
+.PP
+Project ID mappings are defined by writing to the
+.I /proc/[pid]/projid_map
+file (present since
+.\" commit f76d207a66c3a53defea67e7d36c3eb1b7d6d61d
+Linux 3.7).
+.PP
+The validity rules for writing to the
+.I /proc/[pid]/projid_map
+file are as for writing to the
+.I uid_map
+file; violation of these rules causes
+.BR write (2)
+to fail with the error
+.BR EINVAL .
+.PP
+The permission rules for writing to the
+.I /proc/[pid]/projid_map
+file are as follows:
+.IP 1. 3
+The writing process must either be in the user namespace of the process
+.I pid
+or be in the parent user namespace of the process
+.IR pid .
+.IP 2.
+The mapped project IDs must in turn have a mapping
+in the parent user namespace.
+.PP
+Violation of these rules causes
+.BR write (2)
+to fail with the error
+.BR EPERM .
+.\"
+.\" ============================================================
+.\"
 .SS Interaction with system calls that change process UIDs or GIDs
 In a user namespace where the
 .I uid_map