LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

user_namespaces.7: Correct user namespace rules for mounting /proc 

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2016-06-26 16:31:44 +02:00
parent 7e52299f66
commit 687d3f4aef
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
man7/user_namespaces.7
View File

@ -264,10 +264,18 @@ and mount the following types of filesystems:
.PP
Holding
.B CAP_SYS_ADMIN
within the user namespace associated with a process's cgroup namespace
within the PID namespace associated with a process's cgroup namespace
allows (since Linux 4.6)
that process to mount cgroup filesystems.
Holding
.B CAP_SYS_ADMIN
within the user namespace associated with a process's PID namespace
allows (since Linux 3.8)
that process to mount
.I /proc
filesystems.
Note however, that mounting block-based filesystems can be done
only by a process that holds
.BR CAP_SYS_ADMIN