namespaces.7: srcfix

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2013-02-25 14:00:44 +01:00
parent fd4eb520d6
commit 6be09bd882
1 changed files with 25 additions and 1 deletions

View File

@ -36,6 +36,9 @@ One use of namespaces is to implement containers.
This page describes the various namespaces and the associated This page describes the various namespaces and the associated
.I /proc .I /proc
files, and summarizes the APIs for working with namespaces. files, and summarizes the APIs for working with namespaces.
.\"
.\" ==================== The namespaces API ====================
.\"
.SS The namespaces API .SS The namespaces API
As well as various As well as various
.I /proc .I /proc
@ -86,6 +89,9 @@ in most cases requires the
capability. capability.
User namespaces are the exception: since Linux 3.8, User namespaces are the exception: since Linux 3.8,
no privilege is required to create a user namespace. no privilege is required to create a user namespace.
.\"
.\" ==================== The /proc/[pid]/ns/ directory ====================
.\"
.SS The /proc/[pid]/ns/ directory .SS The /proc/[pid]/ns/ directory
Each process has a Each process has a
.IR /proc/[pid]/ns/ .IR /proc/[pid]/ns/
@ -163,6 +169,9 @@ This file is a handle for the user namespace of the process.
.TP .TP
.IR /proc/[pid]/ns/uts " (since Linux 3.0)" .IR /proc/[pid]/ns/uts " (since Linux 3.0)"
This file is a handle for the IPC namespace of the process. This file is a handle for the IPC namespace of the process.
.\"
.\" ==================== IPC namespaces ====================
.\"
.SS IPC namespaces (CLONE_NEWIPC) .SS IPC namespaces (CLONE_NEWIPC)
IPC namespaces isolate certain IPC resources, IPC namespaces isolate certain IPC resources,
namely, System V IPC objects (see namely, System V IPC objects (see
@ -189,6 +198,9 @@ all IPC objects in the namespace are automatically destroyed.
Use of IPC namespaces requires a kernel that is configured with the Use of IPC namespaces requires a kernel that is configured with the
.B CONFIG_IPC_NS .B CONFIG_IPC_NS
option. option.
.\"
.\" ==================== Network namespaces ====================
.\"
.SS Network namespaces (CLONE_NEWNET) .SS Network namespaces (CLONE_NEWNET)
Network namespaces provide isolation of the system resources associated Network namespaces provide isolation of the system resources associated
with networking: network devices, IP addresses, IP routing tables, with networking: network devices, IP addresses, IP routing tables,
@ -220,6 +232,9 @@ initial network namespace (not to the parent of the process).
Use of network namespaces requires a kernel that is configured with the Use of network namespaces requires a kernel that is configured with the
.B CONFIG_NET_NS .B CONFIG_NET_NS
option. option.
.\"
.\" ==================== Mount namespaces ====================
.\"
.SS Mount namespaces (CLONE_NEWNS) .SS Mount namespaces (CLONE_NEWNS)
Mount namespaces isolate the set of file system mount points, Mount namespaces isolate the set of file system mount points,
meaning that processes in different mount namespaces can meaning that processes in different mount namespaces can
@ -279,6 +294,9 @@ Optional statistics and configuration information.
Currently (as at Linux 2.6.26), only NFS file systems export Currently (as at Linux 2.6.26), only NFS file systems export
information via this field. information via this field.
.RE .RE
.\"
.\" ==================== PID namespaces ====================
.\"
.SS PID namespaces (CLONE_NEWPID) .SS PID namespaces (CLONE_NEWPID)
PID namespaces isolate the process ID number space, PID namespaces isolate the process ID number space,
meaning that processes in different PID namespaces can have the same PID. meaning that processes in different PID namespaces can have the same PID.
@ -466,6 +484,9 @@ the receiving process's PID namespace.
Use of PID namespaces requires a kernel that is configured with the Use of PID namespaces requires a kernel that is configured with the
.B CONFIG_PID_NS .B CONFIG_PID_NS
option. option.
.\"
.\" ==================== User namespaces ====================
.\"
.SS User namespaces (CLONE_NEWUSER) .SS User namespaces (CLONE_NEWUSER)
User namespaces isolate security-related identifiers, in particular, User namespaces isolate security-related identifiers, in particular,
user IDs, group IDs, keys (see user IDs, group IDs, keys (see
@ -723,10 +744,13 @@ the set-user-ID (set-group-ID) bit is silently ignored:
the new program is executed, the new program is executed,
but the process's effective user (group) ID is left unchanged. but the process's effective user (group) ID is left unchanged.
(This mirrors the semantics of executing a set-user-ID or set-group-ID (This mirrors the semantics of executing a set-user-ID or set-group-ID
program that resides on a filesystem that was mounted with the program that resides on a file system that was mounted with the
.BR MS_NOSUID .BR MS_NOSUID
flag (see flag (see
.BR mount (2).) .BR mount (2).)
.\"
.\" ==================== UTS namespaces ====================
.\"
.SS UTS namespaces (CLONE_NEWUTS) .SS UTS namespaces (CLONE_NEWUTS)
UTS namespaces provide isolation of two system identifiers: UTS namespaces provide isolation of two system identifiers:
the hostname and the NIS domain name. the hostname and the NIS domain name.