From 6be09bd8825e63a9d84e606726222fbc284f2527 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Mon, 25 Feb 2013 14:00:44 +0100 Subject: [PATCH] namespaces.7: srcfix Signed-off-by: Michael Kerrisk --- man7/namespaces.7 | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/man7/namespaces.7 b/man7/namespaces.7 index 158a76459..424657a05 100644 --- a/man7/namespaces.7 +++ b/man7/namespaces.7 @@ -36,6 +36,9 @@ One use of namespaces is to implement containers. This page describes the various namespaces and the associated .I /proc files, and summarizes the APIs for working with namespaces. +.\" +.\" ==================== The namespaces API ==================== +.\" .SS The namespaces API As well as various .I /proc @@ -86,6 +89,9 @@ in most cases requires the capability. User namespaces are the exception: since Linux 3.8, no privilege is required to create a user namespace. +.\" +.\" ==================== The /proc/[pid]/ns/ directory ==================== +.\" .SS The /proc/[pid]/ns/ directory Each process has a .IR /proc/[pid]/ns/ @@ -163,6 +169,9 @@ This file is a handle for the user namespace of the process. .TP .IR /proc/[pid]/ns/uts " (since Linux 3.0)" This file is a handle for the IPC namespace of the process. +.\" +.\" ==================== IPC namespaces ==================== +.\" .SS IPC namespaces (CLONE_NEWIPC) IPC namespaces isolate certain IPC resources, namely, System V IPC objects (see @@ -189,6 +198,9 @@ all IPC objects in the namespace are automatically destroyed. Use of IPC namespaces requires a kernel that is configured with the .B CONFIG_IPC_NS option. +.\" +.\" ==================== Network namespaces ==================== +.\" .SS Network namespaces (CLONE_NEWNET) Network namespaces provide isolation of the system resources associated with networking: network devices, IP addresses, IP routing tables, @@ -220,6 +232,9 @@ initial network namespace (not to the parent of the process). Use of network namespaces requires a kernel that is configured with the .B CONFIG_NET_NS option. +.\" +.\" ==================== Mount namespaces ==================== +.\" .SS Mount namespaces (CLONE_NEWNS) Mount namespaces isolate the set of file system mount points, meaning that processes in different mount namespaces can @@ -279,6 +294,9 @@ Optional statistics and configuration information. Currently (as at Linux 2.6.26), only NFS file systems export information via this field. .RE +.\" +.\" ==================== PID namespaces ==================== +.\" .SS PID namespaces (CLONE_NEWPID) PID namespaces isolate the process ID number space, meaning that processes in different PID namespaces can have the same PID. @@ -466,6 +484,9 @@ the receiving process's PID namespace. Use of PID namespaces requires a kernel that is configured with the .B CONFIG_PID_NS option. +.\" +.\" ==================== User namespaces ==================== +.\" .SS User namespaces (CLONE_NEWUSER) User namespaces isolate security-related identifiers, in particular, user IDs, group IDs, keys (see @@ -723,10 +744,13 @@ the set-user-ID (set-group-ID) bit is silently ignored: the new program is executed, but the process's effective user (group) ID is left unchanged. (This mirrors the semantics of executing a set-user-ID or set-group-ID -program that resides on a filesystem that was mounted with the +program that resides on a file system that was mounted with the .BR MS_NOSUID flag (see .BR mount (2).) +.\" +.\" ==================== UTS namespaces ==================== +.\" .SS UTS namespaces (CLONE_NEWUTS) UTS namespaces provide isolation of two system identifiers: the hostname and the NIS domain name.