user_namespaces.7: Minor fixes in various places

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-03-15 07:18:53 +01:00 · 2013-03-15 07:18:53 +01:00 · 3b44624fa4
parent 8a87c8b32f
commit 3b44624fa4
1 changed files with 11 additions and 12 deletions
--- a/man7/user_namespaces.7
+++ b/man7/user_namespaces.7
@ -65,7 +65,7 @@ with the
 .BR CLONE_NEWUSER
 flag.

-Each process is member of exactly one user namespace.
+Each process is a member of exactly one user namespace.
 A process created via
 .BR fork (2)
 or
@ -105,8 +105,7 @@ Likewise, a process that creates a new user namespace using
 .BR unshare (2)
 or joins an existing user namespace using
 .BR setns (2)
-gains a full set of capabilities in that namespace,
-and its securebits flags are cleared.
+gains a full set of capabilities in that namespace.
 On the other hand,
 that process has no capabilities in the parent (in the case of
 .BR clone (2))
@ -163,8 +162,8 @@ For example, it may execute a set-user-ID program or an
 executable with associated file capabilities.
 In addition,
 a process may gain capabilities via the effect of
-.BR clone (2)
-.BR unshare (2)
+.BR clone (2),
+.BR unshare (2),
 or
 .BR setns (2),
 as already described.
@ -276,7 +275,7 @@ user IDs between two user namespaces.
 The specification in each line takes the form of
 three numbers delimited by white space.
 The first two numbers specify the starting user ID in
-each user namespace.
+each of the two user namespaces.
 The third number specifies the length of the mapped range.
 In detail, the fields are interpreted as follows:
 .IP (1) 4
@ -318,13 +317,13 @@ System calls that return user IDs (group IDs)\(emfor example,
 .BR getgid (2),
 and the credential fields in the structure returned by
 .BR stat (2)\(emreturn
-the user ID (group ID) mapped into the current user namespace.
+the user ID (group ID) mapped into the caller's user namespace.

 When a process accesses a file, its user and group IDs
 are mapped into the initial user namespace for the purpose of permission
 checking and assigning IDs when creating a file.
 When a process retrieves file user and group IDs via
-.BR stat (2)
+.BR stat (2),
 the IDs are mapped in the opposite direction,
 to produce values relative to the process user and group ID mappings.

@ -495,7 +494,7 @@ field in the
 received with a signal (see
 .BR sigaction (2)),
 credentials written to the process accounting file (see
-.BR acct (5),
+.BR acct (5)),
 and credentials returned with POSIX message queue notifications (see
 .BR mq_notify (3)).

@ -528,7 +527,7 @@ but the process's effective user (group) ID is left unchanged.
 (This mirrors the semantics of executing a set-user-ID or set-group-ID
 program that resides on a file system that was mounted with the
 .BR MS_NOSUID
-flag (see
+flag, as described in
 .BR mount (2).)
 .\"
 .\" ============================================================
@ -583,9 +582,9 @@ and PID
 .RI ( \-p )
 namespaces, with user ID
 .RI ( \-M )
-and group ID 1000
+and group ID
 .RI ( \-G )
-mapped to 0 inside the user namespace:
+1000 mapped to 0 inside the user namespace:

 .in +4n
 .nf