mirror of https://github.com/mkerrisk/man-pages
user_namespaces.7: Fixes to example
While toying around with the userns_child_exec example program on the user_namespaces(7) man page, I noticed two things: * In the EXAMPLE section, we need to mount the new /proc before looking at /proc/$$/status, otherwise the latter will print information about the outer namespace's PID 1 (i.e., the real init). So the two paragraphs need to be swapped. * In the program source, make sure to close pipe_fd[0] in the child before exec'ing. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
a110286b58
commit
a2b1485b5f
|
@ -970,22 +970,6 @@ bash$ \fBecho $$\fP
|
||||||
1
|
1
|
||||||
.fi
|
.fi
|
||||||
.in
|
.in
|
||||||
|
|
||||||
Inside the user namespace, the shell has user and group ID 0,
|
|
||||||
and a full set of permitted and effective capabilities:
|
|
||||||
|
|
||||||
.in +4n
|
|
||||||
.nf
|
|
||||||
bash$ \fBcat /proc/$$/status | egrep '^[UG]id'\fP
|
|
||||||
Uid: 0 0 0 0
|
|
||||||
Gid: 0 0 0 0
|
|
||||||
bash$ \fBcat /proc/$$/status | egrep '^Cap(Prm|Inh|Eff)'\fP
|
|
||||||
CapInh: 0000000000000000
|
|
||||||
CapPrm: 0000001fffffffff
|
|
||||||
CapEff: 0000001fffffffff
|
|
||||||
.fi
|
|
||||||
.in
|
|
||||||
|
|
||||||
Mounting a new
|
Mounting a new
|
||||||
.I /proc
|
.I /proc
|
||||||
filesystem and listing all of the processes visible
|
filesystem and listing all of the processes visible
|
||||||
|
@ -1001,6 +985,21 @@ bash$ \fBps ax\fP
|
||||||
22 pts/3 R+ 0:00 ps ax
|
22 pts/3 R+ 0:00 ps ax
|
||||||
.fi
|
.fi
|
||||||
.in
|
.in
|
||||||
|
|
||||||
|
Inside the user namespace, the shell has user and group ID 0,
|
||||||
|
and a full set of permitted and effective capabilities:
|
||||||
|
|
||||||
|
.in +4n
|
||||||
|
.nf
|
||||||
|
bash$ \fBcat /proc/$$/status | egrep '^[UG]id'\fP
|
||||||
|
Uid: 0 0 0 0
|
||||||
|
Gid: 0 0 0 0
|
||||||
|
bash$ \fBcat /proc/$$/status | egrep '^Cap(Prm|Inh|Eff)'\fP
|
||||||
|
CapInh: 0000000000000000
|
||||||
|
CapPrm: 0000001fffffffff
|
||||||
|
CapEff: 0000001fffffffff
|
||||||
|
.fi
|
||||||
|
.in
|
||||||
.SS Program source
|
.SS Program source
|
||||||
\&
|
\&
|
||||||
.nf
|
.nf
|
||||||
|
@ -1178,6 +1177,8 @@ childFunc(void *arg)
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
close(args\->pipe_fd[0]);
|
||||||
|
|
||||||
/* Execute a shell command */
|
/* Execute a shell command */
|
||||||
|
|
||||||
printf("About to exec %s\\n", args\->argv[0]);
|
printf("About to exec %s\\n", args\->argv[0]);
|
||||||
|
|
Loading…
Reference in New Issue