mirror of https://github.com/mkerrisk/man-pages
user_namespaces.7: Document /proc/PID/projid_map
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
6486faa956
commit
213e259e97
|
@ -669,6 +669,48 @@ Writes that violate the above rules fail with the error
|
|||
.\"
|
||||
.\" ============================================================
|
||||
.\"
|
||||
.SS Project ID mappings: projid_map
|
||||
Similarly to user and group ID mappings,
|
||||
it is possible to create project ID mappings for a user namespace.
|
||||
(Project IDs are used for disk quotas; see
|
||||
.BR setquota (8)
|
||||
and
|
||||
.BR quotactl (2).)
|
||||
.PP
|
||||
Project ID mappings are defined by writing to the
|
||||
.I /proc/[pid]/projid_map
|
||||
file (present since
|
||||
.\" commit f76d207a66c3a53defea67e7d36c3eb1b7d6d61d
|
||||
Linux 3.7).
|
||||
.PP
|
||||
The validity rules for writing to the
|
||||
.I /proc/[pid]/projid_map
|
||||
file are as for writing to the
|
||||
.I uid_map
|
||||
file; violation of these rules causes
|
||||
.BR write (2)
|
||||
to fail with the error
|
||||
.BR EINVAL .
|
||||
.PP
|
||||
The permission rules for writing to the
|
||||
.I /proc/[pid]/projid_map
|
||||
file are as follows:
|
||||
.IP 1. 3
|
||||
The writing process must either be in the user namespace of the process
|
||||
.I pid
|
||||
or be in the parent user namespace of the process
|
||||
.IR pid .
|
||||
.IP 2.
|
||||
The mapped project IDs must in turn have a mapping
|
||||
in the parent user namespace.
|
||||
.PP
|
||||
Violation of these rules causes
|
||||
.BR write (2)
|
||||
to fail with the error
|
||||
.BR EPERM .
|
||||
.\"
|
||||
.\" ============================================================
|
||||
.\"
|
||||
.SS Interaction with system calls that change process UIDs or GIDs
|
||||
In a user namespace where the
|
||||
.I uid_map
|
||||
|
|
Loading…
Reference in New Issue