From a2fc45a9f8892b100b8290d630fc662d72119d29 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Mon, 7 Oct 2019 10:50:05 +0300
Subject: [PATCH] mount_namespaces.7: It may be desirable to disable
 propagation after creating a namespace

After creating a new mount namespace, it may be desirable to
disable mount propagation. Give the reader a more explicit
hint about this.

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man7/mount_namespaces.7 | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/man7/mount_namespaces.7 b/man7/mount_namespaces.7
index 4dd7f4421..e8a45407b 100644
--- a/man7/mount_namespaces.7
+++ b/man7/mount_namespaces.7
@@ -1077,6 +1077,26 @@ To prevent this, one can use the
 option to
 .BR unshare (1).
 .PP
+An application that creates a new mount namespace directly using
+.BR clone (2)
+or
+.BR unshare (2)
+may desire to prevent propagation of mount events to other mount namespaces
+(as is is done by
+.BR unshare (1)).
+This can be done by changing the propagation type of
+mount points in the new namesapace to either
+.BR MS_SLAVE
+or
+.BR MS_PRIVATE .
+using a call such as the following:
+.IP
+.in +4n
+.EX
+mount(NULL, "/", MS_SLAVE | MS_REC, NULL);
+.EE
+.in
+.PP
 For a discussion of propagation types when moving mounts
 .RB ( MS_MOVE )
 and creating bind mounts