mirror of https://github.com/mkerrisk/man-pages
setns.2: Fix CLONE_NEWNS restriction info
Threads are allowed to switch mount namespaces if the filesystem details aren't being shared. That's the purpose of the check in the kernel quoted by the comment: if (fs->users != 1) return -EINVAL; It's been this way since the code was originally merged in v3.8. Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
9914d8bdb8
commit
5dd76c4449
|
@ -131,8 +131,12 @@ capabilities in its own user namespace and
|
|||
.BR CAP_SYS_ADMIN
|
||||
in the user namespace that owns the target mount namespace.
|
||||
.IP
|
||||
A process may not be reassociated with a new mount namespace if it is
|
||||
multithreaded.
|
||||
A process can't join a new mount namespace if it is sharing
|
||||
filesystem-related attributes
|
||||
(the attributes whose sharing is controlled by the
|
||||
.BR clone (2)
|
||||
.B CLONE_FS
|
||||
flag) with another process.
|
||||
.\" Above check is in fs/namespace.c:mntns_install() [3.8 source]
|
||||
.IP
|
||||
See
|
||||
|
|
Loading…
Reference in New Issue