mirror of https://github.com/mkerrisk/man-pages
mount_namespaces.7, user_namespaces.7: Migrate subsection on mount restrictions to mount_namespaces(7)
This section material in the user_namespaces(7) page was written before the creation of the mount_namespaces(7) manual page. Nowadays, this material properly belongs in the newer page. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
466247eb67
commit
4bfc202622
|
@ -65,6 +65,71 @@ in either mount namespace will not (by default) affect the
|
|||
mount point list seen in the other namespace
|
||||
(but see the following discussion of shared subtrees).
|
||||
.\"
|
||||
.\" ============================================================
|
||||
.\"
|
||||
.SS Restrictions on mount namespaces
|
||||
Note the following points with respect to mount namespaces:
|
||||
.IP * 3
|
||||
A mount namespace has an owner user namespace.
|
||||
A mount namespace whose owner user namespace is different from
|
||||
the owner user namespace of its parent mount namespace is
|
||||
considered a less privileged mount namespace.
|
||||
.IP *
|
||||
When creating a less privileged mount namespace,
|
||||
shared mounts are reduced to slave mounts.
|
||||
This ensures that mappings performed in less
|
||||
privileged mount namespaces will not propagate to more privileged
|
||||
mount namespaces.
|
||||
.IP *
|
||||
.\" FIXME .
|
||||
.\" What does "come as a single unit from more privileged mount" mean?
|
||||
Mounts that come as a single unit from more privileged mount are
|
||||
locked together and may not be separated in a less privileged mount
|
||||
namespace.
|
||||
(The
|
||||
.BR unshare (2)
|
||||
.B CLONE_NEWNS
|
||||
operation brings across all of the mounts from the original
|
||||
mount namespace as a single unit,
|
||||
and recursive mounts that propagate between
|
||||
mount namespaces propagate as a single unit.)
|
||||
.IP *
|
||||
The
|
||||
.BR mount (2)
|
||||
flags
|
||||
.BR MS_RDONLY ,
|
||||
.BR MS_NOSUID ,
|
||||
.BR MS_NOEXEC ,
|
||||
and the "atime" flags
|
||||
.RB ( MS_NOATIME ,
|
||||
.BR MS_NODIRATIME ,
|
||||
.BR MS_RELATIME )
|
||||
settings become locked
|
||||
.\" commit 9566d6742852c527bf5af38af5cbb878dad75705
|
||||
.\" Author: Eric W. Biederman <ebiederm@xmission.com>
|
||||
.\" Date: Mon Jul 28 17:26:07 2014 -0700
|
||||
.\"
|
||||
.\" mnt: Correct permission checks in do_remount
|
||||
.\"
|
||||
when propagated from a more privileged to
|
||||
a less privileged mount namespace,
|
||||
and may not be changed in the less privileged mount namespace.
|
||||
.IP *
|
||||
.\" (As of 3.18-rc1 (in Al Viro's 2014-08-30 vfs.git#for-next tree))
|
||||
A file or directory that is a mount point in one namespace that is not
|
||||
a mount point in another namespace, may be renamed, unlinked, or removed
|
||||
.RB ( rmdir (2))
|
||||
in the mount namespace in which it is not a mount point
|
||||
(subject to the usual permission checks).
|
||||
.IP
|
||||
Previously, attempting to unlink, rename, or remove a file or directory
|
||||
that was a mount point in another mount namespace would result in the error
|
||||
.BR EBUSY .
|
||||
That behavior had technical problems of enforcement (e.g., for NFS)
|
||||
and permitted denial-of-service attacks against more privileged users.
|
||||
(i.e., preventing individual files from being updated
|
||||
by bind mounting on top of them).
|
||||
.\"
|
||||
.SH SHARED SUBTREES
|
||||
After the implementation of mount namespaces was completed,
|
||||
experience showed that the isolation that they provided was,
|
||||
|
|
|
@ -354,71 +354,6 @@ a non-user namespace is associated; see
|
|||
.\"
|
||||
.\" ============================================================
|
||||
.\"
|
||||
.SS Restrictions on mount namespaces
|
||||
Note the following points with respect to mount namespaces:
|
||||
.IP * 3
|
||||
A mount namespace has an owner user namespace.
|
||||
A mount namespace whose owner user namespace is different from
|
||||
the owner user namespace of its parent mount namespace is
|
||||
considered a less privileged mount namespace.
|
||||
.IP *
|
||||
When creating a less privileged mount namespace,
|
||||
shared mounts are reduced to slave mounts.
|
||||
This ensures that mappings performed in less
|
||||
privileged mount namespaces will not propagate to more privileged
|
||||
mount namespaces.
|
||||
.IP *
|
||||
.\" FIXME .
|
||||
.\" What does "come as a single unit from more privileged mount" mean?
|
||||
Mounts that come as a single unit from more privileged mount are
|
||||
locked together and may not be separated in a less privileged mount
|
||||
namespace.
|
||||
(The
|
||||
.BR unshare (2)
|
||||
.B CLONE_NEWNS
|
||||
operation brings across all of the mounts from the original
|
||||
mount namespace as a single unit,
|
||||
and recursive mounts that propagate between
|
||||
mount namespaces propagate as a single unit.)
|
||||
.IP *
|
||||
The
|
||||
.BR mount (2)
|
||||
flags
|
||||
.BR MS_RDONLY ,
|
||||
.BR MS_NOSUID ,
|
||||
.BR MS_NOEXEC ,
|
||||
and the "atime" flags
|
||||
.RB ( MS_NOATIME ,
|
||||
.BR MS_NODIRATIME ,
|
||||
.BR MS_RELATIME )
|
||||
settings become locked
|
||||
.\" commit 9566d6742852c527bf5af38af5cbb878dad75705
|
||||
.\" Author: Eric W. Biederman <ebiederm@xmission.com>
|
||||
.\" Date: Mon Jul 28 17:26:07 2014 -0700
|
||||
.\"
|
||||
.\" mnt: Correct permission checks in do_remount
|
||||
.\"
|
||||
when propagated from a more privileged to
|
||||
a less privileged mount namespace,
|
||||
and may not be changed in the less privileged mount namespace.
|
||||
.IP *
|
||||
.\" (As of 3.18-rc1 (in Al Viro's 2014-08-30 vfs.git#for-next tree))
|
||||
A file or directory that is a mount point in one namespace that is not
|
||||
a mount point in another namespace, may be renamed, unlinked, or removed
|
||||
.RB ( rmdir (2))
|
||||
in the mount namespace in which it is not a mount point
|
||||
(subject to the usual permission checks).
|
||||
.IP
|
||||
Previously, attempting to unlink, rename, or remove a file or directory
|
||||
that was a mount point in another mount namespace would result in the error
|
||||
.BR EBUSY .
|
||||
That behavior had technical problems of enforcement (e.g., for NFS)
|
||||
and permitted denial-of-service attacks against more privileged users.
|
||||
(i.e., preventing individual files from being updated
|
||||
by bind mounting on top of them).
|
||||
.\"
|
||||
.\" ============================================================
|
||||
.\"
|
||||
.SS User and group ID mappings: uid_map and gid_map
|
||||
When a user namespace is created,
|
||||
it starts out without a mapping of user IDs (group IDs)
|
||||
|
|
Loading…
Reference in New Issue