LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

setns.2: Fix CLONE_NEWNS restriction info 

Threads are allowed to switch mount namespaces if the filesystem
details aren't being shared.  That's the purpose of the check in
the kernel quoted by the comment:

    if (fs->users != 1)
        return -EINVAL;

It's been this way since the code was originally merged in v3.8.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Mike Frysinger 2019-09-19 01:43:42 -04:00 committed by Michael Kerrisk
parent 9914d8bdb8
commit 5dd76c4449
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
man2/setns.2
View File

@ -131,8 +131,12 @@ capabilities in its own user namespace and
.BR CAP_SYS_ADMIN
in the user namespace that owns the target mount namespace.
.IP
A process may not be reassociated with a new mount namespace if it is
multithreaded.
A process can't join a new mount namespace if it is sharing
filesystem-related attributes
(the attributes whose sharing is controlled by the
.BR clone (2)
.B CLONE_FS
flag) with another process.
.\" Above check is in fs/namespace.c:mntns_install() [3.8 source]
.IP
See