LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

namespaces.7: srcfix 

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2013-02-25 14:00:44 +01:00
parent fd4eb520d6
commit 6be09bd882
1 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
man7/namespaces.7
View File

@ -36,6 +36,9 @@ One use of namespaces is to implement containers.
This page describes the various namespaces and the associated
.I /proc
files, and summarizes the APIs for working with namespaces.
.\"
.\" ==================== The namespaces API ====================
.\"
.SS The namespaces API
As well as various
.I /proc
@ -86,6 +89,9 @@ in most cases requires the
capability.
User namespaces are the exception: since Linux 3.8,
no privilege is required to create a user namespace.
.\"
.\" ==================== The /proc/[pid]/ns/ directory ====================
.\"
.SS The /proc/[pid]/ns/ directory
Each process has a
.IR /proc/[pid]/ns/
@ -163,6 +169,9 @@ This file is a handle for the user namespace of the process.
.TP
.IR /proc/[pid]/ns/uts " (since Linux 3.0)"
This file is a handle for the IPC namespace of the process.
.\"
.\" ==================== IPC namespaces ====================
.\"
.SS IPC namespaces (CLONE_NEWIPC)
IPC namespaces isolate certain IPC resources,
namely, System V IPC objects (see
@ -189,6 +198,9 @@ all IPC objects in the namespace are automatically destroyed.
Use of IPC namespaces requires a kernel that is configured with the
.B CONFIG_IPC_NS
option.
.\"
.\" ==================== Network namespaces ====================
.\"
.SS Network namespaces (CLONE_NEWNET)
Network namespaces provide isolation of the system resources associated
with networking: network devices, IP addresses, IP routing tables,
@ -220,6 +232,9 @@ initial network namespace (not to the parent of the process).
Use of network namespaces requires a kernel that is configured with the
.B CONFIG_NET_NS
option.
.\"
.\" ==================== Mount namespaces ====================
.\"
.SS Mount namespaces (CLONE_NEWNS)
Mount namespaces isolate the set of file system mount points,
meaning that processes in different mount namespaces can
@ -279,6 +294,9 @@ Optional statistics and configuration information.
Currently (as at Linux 2.6.26), only NFS file systems export
information via this field.
.RE
.\"
.\" ==================== PID namespaces ====================
.\"
.SS PID namespaces (CLONE_NEWPID)
PID namespaces isolate the process ID number space,
meaning that processes in different PID namespaces can have the same PID.
@ -466,6 +484,9 @@ the receiving process's PID namespace.
Use of PID namespaces requires a kernel that is configured with the
.B CONFIG_PID_NS
option.
.\"
.\" ==================== User namespaces ====================
.\"
.SS User namespaces (CLONE_NEWUSER)
User namespaces isolate security-related identifiers, in particular,
user IDs, group IDs, keys (see
@ -723,10 +744,13 @@ the set-user-ID (set-group-ID) bit is silently ignored:
the new program is executed,
but the process's effective user (group) ID is left unchanged.
(This mirrors the semantics of executing a set-user-ID or set-group-ID
program that resides on a filesystem that was mounted with the
program that resides on a file system that was mounted with the
.BR MS_NOSUID
flag (see
.BR mount (2).)
.\"
.\" ==================== UTS namespaces ====================
.\"
.SS UTS namespaces (CLONE_NEWUTS)
UTS namespaces provide isolation of two system identifiers:
the hostname and the NIS domain name.