mirror of https://github.com/mkerrisk/man-pages
mount_namespaces.7: wfix: use numbered cross-references in list of restrictions in NOTES
Done to make the list easier to navigate. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk
parent
906ab4945c
commit
ababc346b3
|
|
@ -1045,7 +1045,7 @@ see
|
|||
.\"
|
||||
.SS Restrictions on mount namespaces
|
||||
Note the following points with respect to mount namespaces:
|
||||
.IP * 3
|
||||
.IP [1] 4
|
||||
Each mount namespace has an owner user namespace.
|
||||
As explained above, when a new mount namespace is created,
|
||||
its mount list is initialized as a copy of the mount list
|
||||
|
|
@ -1054,13 +1054,13 @@ If the new namespace and the namespace from which the mount list
|
|||
was copied are owned by different user namespaces,
|
||||
then the new mount namespace is considered
|
||||
.IR "less privileged" .
|
||||
.IP *
|
||||
.IP [2]
|
||||
When creating a less privileged mount namespace,
|
||||
shared mounts are reduced to slave mounts.
|
||||
This ensures that mappings performed in less
|
||||
privileged mount namespaces will not propagate to more privileged
|
||||
mount namespaces.
|
||||
.IP *
|
||||
.IP [3]
|
||||
Mounts that come as a single unit from a more privileged mount namespace are
|
||||
locked together and may not be separated in a less privileged mount
|
||||
namespace.
|
||||
|
|
@ -1148,8 +1148,8 @@ command above, which is performed in the initial mount namespace,
|
|||
makes the original
|
||||
.I /etc/shadow
|
||||
file once more visible in that namespace.
|
||||
.IP *
|
||||
Following on from the previous point,
|
||||
.IP [4]
|
||||
Following on from point [3],
|
||||
note that it is possible to unmount an entire subtree of mounts that
|
||||
propagated as a unit into a less privileged mount namespace,
|
||||
as illustrated in the following example.
|
||||
|
|
@ -1199,7 +1199,7 @@ ns2# \fBgrep /mnt /proc/self/mountinfo | sed \(aqs/ \- .*//\(aq\fP
|
|||
.IP
|
||||
Of note in the above output is that the propagation type of the mount
|
||||
.I /mnt
|
||||
has been reduced to slave, as explained near the start of this subsection.
|
||||
has been reduced to slave, as explained in point [2].
|
||||
This means that submount events will propagate from the master
|
||||
.I /mnt
|
||||
in "ns1", but propagation will not occur in the opposite direction.
|
||||
|
|
@ -1261,7 +1261,7 @@ ns2# \fBgrep /mnt /proc/self/mountinfo\fP
|
|||
1241 1240 0:57 / /mnt/x/y rw,relatime
|
||||
.EE
|
||||
.in
|
||||
.IP *
|
||||
.IP [5]
|
||||
The
|
||||
.BR mount (2)
|
||||
flags
|
||||
|
|
@ -1301,7 +1301,7 @@ mount: /mnt/dir: permission denied.
|
|||
.EE
|
||||
.in
|
||||
.RE
|
||||
.IP *
|
||||
.IP [6]
|
||||
.\" (As of 3.18-rc1 (in Al Viro's 2014-08-30 vfs.git#for-next tree))
|
||||
A file or directory that is a mount point in one namespace that is not
|
||||
a mount point in another namespace, may be renamed, unlinked, or removed
|
||||
|
|
|
|||
Loading…
Reference in New Issue