mirror of https://github.com/mkerrisk/man-pages
clone.2, namespaces.7, pid_namespaces.7, user_namespaces.7: wfix "file system" ==> "filesystem"
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
85e34225be
commit
ab3311aa06
|
@ -453,7 +453,7 @@ For security reasons,
|
||||||
.\" https://lwn.net/Articles/543273/
|
.\" https://lwn.net/Articles/543273/
|
||||||
.\" The fix actually went into 3.9 and into 3.8.3. However, user namespaces
|
.\" The fix actually went into 3.9 and into 3.8.3. However, user namespaces
|
||||||
.\" were, for practical purposes, unusable in earlier 3.8.x because of the
|
.\" were, for practical purposes, unusable in earlier 3.8.x because of the
|
||||||
.\" various file systems that didn't support userns.
|
.\" various filesystems that didn't support userns.
|
||||||
.BR CLONE_NEWUSER
|
.BR CLONE_NEWUSER
|
||||||
cannot be specified in conjunction with
|
cannot be specified in conjunction with
|
||||||
.BR CLONE_FS .
|
.BR CLONE_FS .
|
||||||
|
|
|
@ -116,7 +116,7 @@ lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 uts -> uts:[4026531838]
|
||||||
Bind mounting (see
|
Bind mounting (see
|
||||||
.BR mount (2))
|
.BR mount (2))
|
||||||
one of the files in this directory
|
one of the files in this directory
|
||||||
to somewhere else in the file system keeps
|
to somewhere else in the filesystem keeps
|
||||||
the corresponding namespace of the process specified by
|
the corresponding namespace of the process specified by
|
||||||
.I pid
|
.I pid
|
||||||
alive even if all processes currently in the namespace terminate.
|
alive even if all processes currently in the namespace terminate.
|
||||||
|
@ -182,11 +182,11 @@ and (since Linux 2.6.30)
|
||||||
POSIX message queues (see
|
POSIX message queues (see
|
||||||
.BR mq_overview (7).
|
.BR mq_overview (7).
|
||||||
The common characteristic of these IPC mechanisms is that IPC
|
The common characteristic of these IPC mechanisms is that IPC
|
||||||
objects are identified by mechanisms other than file system
|
objects are identified by mechanisms other than filesystem
|
||||||
pathnames.
|
pathnames.
|
||||||
|
|
||||||
Each IPC namespace has its own set of System V IPC identifiers and
|
Each IPC namespace has its own set of System V IPC identifiers and
|
||||||
its own POSIX message queue file system.
|
its own POSIX message queue filesystem.
|
||||||
Objects created in an IPC namespace are visible to all other processes
|
Objects created in an IPC namespace are visible to all other processes
|
||||||
that are members of that namespace,
|
that are members of that namespace,
|
||||||
but are not visible to processes in other IPC namespaces.
|
but are not visible to processes in other IPC namespaces.
|
||||||
|
@ -252,9 +252,9 @@ option.
|
||||||
.\" ==================== Mount namespaces ====================
|
.\" ==================== Mount namespaces ====================
|
||||||
.\"
|
.\"
|
||||||
.SS Mount namespaces (CLONE_NEWNS)
|
.SS Mount namespaces (CLONE_NEWNS)
|
||||||
Mount namespaces isolate the set of file system mount points,
|
Mount namespaces isolate the set of filesystem mount points,
|
||||||
meaning that processes in different mount namespaces can
|
meaning that processes in different mount namespaces can
|
||||||
have different views of the file system hierarchy.
|
have different views of the filesystem hierarchy.
|
||||||
The set of mounts in a mount namespace is modified using
|
The set of mounts in a mount namespace is modified using
|
||||||
.BR mount (2)
|
.BR mount (2)
|
||||||
and
|
and
|
||||||
|
@ -263,13 +263,13 @@ and
|
||||||
The
|
The
|
||||||
.IR /proc/[pid]/mounts
|
.IR /proc/[pid]/mounts
|
||||||
file (present since Linux 2.4.19)
|
file (present since Linux 2.4.19)
|
||||||
lists all the file systems currently mounted in the
|
lists all the filesystems currently mounted in the
|
||||||
process's mount namespace.
|
process's mount namespace.
|
||||||
The format of this file is documented in
|
The format of this file is documented in
|
||||||
.BR fstab (5).
|
.BR fstab (5).
|
||||||
Since kernel version 2.6.15, this file is pollable:
|
Since kernel version 2.6.15, this file is pollable:
|
||||||
after opening the file for reading, a change in this file
|
after opening the file for reading, a change in this file
|
||||||
(i.e., a file system mount or unmount) causes
|
(i.e., a filesystem mount or unmount) causes
|
||||||
.BR select (2)
|
.BR select (2)
|
||||||
to mark the file descriptor as readable, and
|
to mark the file descriptor as readable, and
|
||||||
.BR poll (2)
|
.BR poll (2)
|
||||||
|
@ -300,14 +300,14 @@ The name of the mounted device
|
||||||
(or "nodevice" if there is no corresponding device).
|
(or "nodevice" if there is no corresponding device).
|
||||||
.TP
|
.TP
|
||||||
(2)
|
(2)
|
||||||
The mount point within the file system tree.
|
The mount point within the filesystem tree.
|
||||||
.TP
|
.TP
|
||||||
(3)
|
(3)
|
||||||
The file system type.
|
The filesystem type.
|
||||||
.TP
|
.TP
|
||||||
(4)
|
(4)
|
||||||
Optional statistics and configuration information.
|
Optional statistics and configuration information.
|
||||||
Currently (as at Linux 2.6.26), only NFS file systems export
|
Currently (as at Linux 2.6.26), only NFS filesystems export
|
||||||
information via this field.
|
information via this field.
|
||||||
.RE
|
.RE
|
||||||
.\"
|
.\"
|
||||||
|
|
|
@ -225,7 +225,7 @@ the threads in a process can send signals to each other.
|
||||||
Similarly, it must be possible to see all of the threads
|
Similarly, it must be possible to see all of the threads
|
||||||
of a processes in the
|
of a processes in the
|
||||||
.BR proc (5)
|
.BR proc (5)
|
||||||
file system.
|
filesystem.
|
||||||
.IP *
|
.IP *
|
||||||
.BR CLONE_SIGHAND
|
.BR CLONE_SIGHAND
|
||||||
requires being in the same PID namespace;
|
requires being in the same PID namespace;
|
||||||
|
@ -285,12 +285,12 @@ Thus, call sequences such as the following will fail (with the error
|
||||||
.SS /proc and PID namespaces
|
.SS /proc and PID namespaces
|
||||||
A
|
A
|
||||||
.I /proc
|
.I /proc
|
||||||
file system shows (in the
|
filesystem shows (in the
|
||||||
.I /proc/PID
|
.I /proc/PID
|
||||||
directories) only processes visible in the PID namespace
|
directories) only processes visible in the PID namespace
|
||||||
of the process that performed the mount, even if the
|
of the process that performed the mount, even if the
|
||||||
.I /proc
|
.I /proc
|
||||||
file system is viewed from processes in other namespaces.
|
filesystem is viewed from processes in other namespaces.
|
||||||
|
|
||||||
After creating a new PID namespace,
|
After creating a new PID namespace,
|
||||||
it is useful for the child to change its root directory
|
it is useful for the child to change its root directory
|
||||||
|
|
|
@ -442,7 +442,7 @@ One of the following is true:
|
||||||
The data written to
|
The data written to
|
||||||
.I uid_map
|
.I uid_map
|
||||||
.RI ( gid_map )
|
.RI ( gid_map )
|
||||||
consists of a single line that maps the writing process's file system user ID
|
consists of a single line that maps the writing process's filesystem user ID
|
||||||
(group ID) in the parent user namespace to a user ID (group ID)
|
(group ID) in the parent user namespace to a user ID (group ID)
|
||||||
in the user namespace.
|
in the user namespace.
|
||||||
The usual case here is that this single line provides a mapping for user ID
|
The usual case here is that this single line provides a mapping for user ID
|
||||||
|
@ -534,7 +534,7 @@ the set-user-ID (set-group-ID) bit is silently ignored:
|
||||||
the new program is executed,
|
the new program is executed,
|
||||||
but the process's effective user (group) ID is left unchanged.
|
but the process's effective user (group) ID is left unchanged.
|
||||||
(This mirrors the semantics of executing a set-user-ID or set-group-ID
|
(This mirrors the semantics of executing a set-user-ID or set-group-ID
|
||||||
program that resides on a file system that was mounted with the
|
program that resides on a filesystem that was mounted with the
|
||||||
.BR MS_NOSUID
|
.BR MS_NOSUID
|
||||||
flag, as described in
|
flag, as described in
|
||||||
.BR mount (2).)
|
.BR mount (2).)
|
||||||
|
@ -570,9 +570,9 @@ the kernel.
|
||||||
When an unsupported subsystem is configured into the kernel,
|
When an unsupported subsystem is configured into the kernel,
|
||||||
it is not possible to configure user namespaces support.
|
it is not possible to configure user namespaces support.
|
||||||
As at Linux 3.8, most relevant subsystems support user namespaces,
|
As at Linux 3.8, most relevant subsystems support user namespaces,
|
||||||
but there are a number of file systems that do not.
|
but there are a number of filesystems that do not.
|
||||||
Linux 3.9 added user namespaces support for many of the remaining
|
Linux 3.9 added user namespaces support for many of the remaining
|
||||||
unsupported file systems:
|
unsupported filesystems:
|
||||||
Plan 9 (9P), Andrew File System (AFS), Ceph, CIFS, CODA, NFS, and OCFS2.
|
Plan 9 (9P), Andrew File System (AFS), Ceph, CIFS, CODA, NFS, and OCFS2.
|
||||||
XFS support for user namespaces is not yet available.
|
XFS support for user namespaces is not yet available.
|
||||||
.\"
|
.\"
|
||||||
|
@ -644,7 +644,7 @@ CapEff: 0000001fffffffff
|
||||||
|
|
||||||
Mounting a new
|
Mounting a new
|
||||||
.I /proc
|
.I /proc
|
||||||
file system and listing all of the processes visible
|
filesystem and listing all of the processes visible
|
||||||
in the new PID namespace shows that the shell can't see
|
in the new PID namespace shows that the shell can't see
|
||||||
any processes outside the PID namespace:
|
any processes outside the PID namespace:
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue