mirror of https://github.com/mkerrisk/man-pages
clone.2, namespaces.7: Move some CLONE_NEWNET text from clone.2 to namespaces.7
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
9343f8e7c3
commit
73680728d1
|
@ -346,10 +346,11 @@ When a network namespace is freed
|
||||||
(i.e., when the last process in the namespace terminates),
|
(i.e., when the last process in the namespace terminates),
|
||||||
its physical network devices are moved back to the
|
its physical network devices are moved back to the
|
||||||
initial network namespace (not to the parent of the process).
|
initial network namespace (not to the parent of the process).
|
||||||
|
For further information on network namespaces, see
|
||||||
|
.BR namespaces (7).
|
||||||
|
|
||||||
Use of this flag requires: a kernel configured with the
|
Use of this flag requires
|
||||||
.B CONFIG_NET_NS
|
that the process be privileged
|
||||||
option and that the process be privileged
|
|
||||||
.RB ( CAP_SYS_ADMIN ).
|
.RB ( CAP_SYS_ADMIN ).
|
||||||
.TP
|
.TP
|
||||||
.BR CLONE_NEWNS " (since Linux 2.4.19)"
|
.BR CLONE_NEWNS " (since Linux 2.4.19)"
|
||||||
|
|
|
@ -201,6 +201,30 @@ directory,
|
||||||
.I /sys/class/net
|
.I /sys/class/net
|
||||||
directory, port numbers, and so on.
|
directory, port numbers, and so on.
|
||||||
|
|
||||||
|
A network namespace provides an isolated view of the networking stack
|
||||||
|
(network device interfaces, IPv4 and IPv6 protocol stacks,
|
||||||
|
IP routing tables, firewall rules, the
|
||||||
|
.I /proc/net
|
||||||
|
and
|
||||||
|
.I /sys/class/net
|
||||||
|
directory trees, sockets, etc.).
|
||||||
|
A physical network device can live in exactly one
|
||||||
|
network namespace.
|
||||||
|
A virtual network device ("veth") pair provides a pipe-like abstraction
|
||||||
|
.\" FIXME Add pointer to veth(4) page when it is eventually completed
|
||||||
|
that can be used to create tunnels between network namespaces,
|
||||||
|
and can be used to create a bridge to a physical network device
|
||||||
|
in another namespace.
|
||||||
|
|
||||||
|
When a network namespace is freed
|
||||||
|
(i.e., when the last process in the namespace terminates),
|
||||||
|
its physical network devices are moved back to the
|
||||||
|
initial network namespace (not to the parent of the process).
|
||||||
|
|
||||||
|
Use of network namespaces requires a kernel that is configured with the
|
||||||
|
.B CONFIG_NET_NS
|
||||||
|
option.
|
||||||
|
|
||||||
.SS Mount namespaces (CLONE_NEWNS)
|
.SS Mount namespaces (CLONE_NEWNS)
|
||||||
|
|
||||||
Mount namespaces isolate the set of file system mount points,
|
Mount namespaces isolate the set of file system mount points,
|
||||||
|
|
Loading…
Reference in New Issue