LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

mount_namespaces.7: Clarify description of "less privileged" mount namespaces 

The current text talks about "parent mount namespaces", but there
is no such concept. As confirmed by Eric Biederman, what is mean
here is "the mount namespace this mount namespace started as a
copy of". So, this change writes up Eric's description in a more
detailed way.

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2019-10-08 16:20:59 +02:00
parent 93cc3b3827
commit a0c9733194
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
man7/mount_namespaces.7
View File

@ -70,10 +70,13 @@ mount point list seen in the other namespace
.SS Restrictions on mount namespaces .SS Restrictions on mount namespaces
Note the following points with respect to mount namespaces: Note the following points with respect to mount namespaces:
.IP * 3 .IP * 3
A mount namespace has an owner user namespace. Each mount namespace has an owner user namespace.
A mount namespace whose owner user namespace is different from As noted above, when a new mount namespace is created,
the owner user namespace of its parent mount namespace is it inherits a copy of the mount points from the mount namespace
considered a less privileged mount namespace. of the process that created the new mount namespace.
If the two mount namespaces are owned by different user namespaces,
then the new mount namespace is considered
.IR "less privileged" .
.IP * .IP *
When creating a less privileged mount namespace, When creating a less privileged mount namespace,
shared mounts are reduced to slave mounts. shared mounts are reduced to slave mounts.