LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

mount_namespaces.7: Clarify description of "less privileged" mount namespaces 

The current text talks about "parent mount namespaces", but there
is no such concept. As confirmed by Eric Biederman, what is mean
here is "the mount namespace this mount namespace started as a
copy of". So, this change writes up Eric's description in a more
detailed way.

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2019-10-08 16:20:59 +02:00
parent 93cc3b3827
commit a0c9733194
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
man7/mount_namespaces.7
View File

@ -70,10 +70,13 @@ mount point list seen in the other namespace
.SS Restrictions on mount namespaces
Note the following points with respect to mount namespaces:
.IP * 3
A mount namespace has an owner user namespace.
A mount namespace whose owner user namespace is different from
the owner user namespace of its parent mount namespace is
considered a less privileged mount namespace.
Each mount namespace has an owner user namespace.
As noted above, when a new mount namespace is created,
it inherits a copy of the mount points from the mount namespace
of the process that created the new mount namespace.
If the two mount namespaces are owned by different user namespaces,
then the new mount namespace is considered
.IR "less privileged" .
.IP *
When creating a less privileged mount namespace,
shared mounts are reduced to slave mounts.