mirror of https://github.com/mkerrisk/man-pages
capabilities.7: Explain term "namespace root user ID"
Confirmed with Serge Hallyn that: "nsroot" means the UID 0 in the namespace as it would be mapped into the initial userns. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
12dce73121
commit
7da0c87a78
|
@ -962,9 +962,11 @@ with version 2 capabilities, but serve a different purpose:
|
||||||
to support namespaced file capabilities (described below).
|
to support namespaced file capabilities (described below).
|
||||||
As with version 2 file capabilities,
|
As with version 2 file capabilities,
|
||||||
the capability masks are 64 bits in size.
|
the capability masks are 64 bits in size.
|
||||||
In addition, the namespace root user ID is encoded in the
|
In addition, the root user ID of namespace is encoded in the
|
||||||
.I security.capability
|
.I security.capability
|
||||||
extended attribute.
|
extended attribute.
|
||||||
|
(A namespace's root user ID is the value that user ID 0
|
||||||
|
inside that namespace maps to in the initial user namespace.)
|
||||||
.\"
|
.\"
|
||||||
.SS Transformation of capabilities during execve()
|
.SS Transformation of capabilities during execve()
|
||||||
.PP
|
.PP
|
||||||
|
|
Loading…
Reference in New Issue