mirror of https://github.com/mkerrisk/man-pages
namespaces.7: srcfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
fd4eb520d6
commit
6be09bd882
|
@ -36,6 +36,9 @@ One use of namespaces is to implement containers.
|
|||
This page describes the various namespaces and the associated
|
||||
.I /proc
|
||||
files, and summarizes the APIs for working with namespaces.
|
||||
.\"
|
||||
.\" ==================== The namespaces API ====================
|
||||
.\"
|
||||
.SS The namespaces API
|
||||
As well as various
|
||||
.I /proc
|
||||
|
@ -86,6 +89,9 @@ in most cases requires the
|
|||
capability.
|
||||
User namespaces are the exception: since Linux 3.8,
|
||||
no privilege is required to create a user namespace.
|
||||
.\"
|
||||
.\" ==================== The /proc/[pid]/ns/ directory ====================
|
||||
.\"
|
||||
.SS The /proc/[pid]/ns/ directory
|
||||
Each process has a
|
||||
.IR /proc/[pid]/ns/
|
||||
|
@ -163,6 +169,9 @@ This file is a handle for the user namespace of the process.
|
|||
.TP
|
||||
.IR /proc/[pid]/ns/uts " (since Linux 3.0)"
|
||||
This file is a handle for the IPC namespace of the process.
|
||||
.\"
|
||||
.\" ==================== IPC namespaces ====================
|
||||
.\"
|
||||
.SS IPC namespaces (CLONE_NEWIPC)
|
||||
IPC namespaces isolate certain IPC resources,
|
||||
namely, System V IPC objects (see
|
||||
|
@ -189,6 +198,9 @@ all IPC objects in the namespace are automatically destroyed.
|
|||
Use of IPC namespaces requires a kernel that is configured with the
|
||||
.B CONFIG_IPC_NS
|
||||
option.
|
||||
.\"
|
||||
.\" ==================== Network namespaces ====================
|
||||
.\"
|
||||
.SS Network namespaces (CLONE_NEWNET)
|
||||
Network namespaces provide isolation of the system resources associated
|
||||
with networking: network devices, IP addresses, IP routing tables,
|
||||
|
@ -220,6 +232,9 @@ initial network namespace (not to the parent of the process).
|
|||
Use of network namespaces requires a kernel that is configured with the
|
||||
.B CONFIG_NET_NS
|
||||
option.
|
||||
.\"
|
||||
.\" ==================== Mount namespaces ====================
|
||||
.\"
|
||||
.SS Mount namespaces (CLONE_NEWNS)
|
||||
Mount namespaces isolate the set of file system mount points,
|
||||
meaning that processes in different mount namespaces can
|
||||
|
@ -279,6 +294,9 @@ Optional statistics and configuration information.
|
|||
Currently (as at Linux 2.6.26), only NFS file systems export
|
||||
information via this field.
|
||||
.RE
|
||||
.\"
|
||||
.\" ==================== PID namespaces ====================
|
||||
.\"
|
||||
.SS PID namespaces (CLONE_NEWPID)
|
||||
PID namespaces isolate the process ID number space,
|
||||
meaning that processes in different PID namespaces can have the same PID.
|
||||
|
@ -466,6 +484,9 @@ the receiving process's PID namespace.
|
|||
Use of PID namespaces requires a kernel that is configured with the
|
||||
.B CONFIG_PID_NS
|
||||
option.
|
||||
.\"
|
||||
.\" ==================== User namespaces ====================
|
||||
.\"
|
||||
.SS User namespaces (CLONE_NEWUSER)
|
||||
User namespaces isolate security-related identifiers, in particular,
|
||||
user IDs, group IDs, keys (see
|
||||
|
@ -723,10 +744,13 @@ the set-user-ID (set-group-ID) bit is silently ignored:
|
|||
the new program is executed,
|
||||
but the process's effective user (group) ID is left unchanged.
|
||||
(This mirrors the semantics of executing a set-user-ID or set-group-ID
|
||||
program that resides on a filesystem that was mounted with the
|
||||
program that resides on a file system that was mounted with the
|
||||
.BR MS_NOSUID
|
||||
flag (see
|
||||
.BR mount (2).)
|
||||
.\"
|
||||
.\" ==================== UTS namespaces ====================
|
||||
.\"
|
||||
.SS UTS namespaces (CLONE_NEWUTS)
|
||||
UTS namespaces provide isolation of two system identifiers:
|
||||
the hostname and the NIS domain name.
|
||||
|
|
Loading…
Reference in New Issue