From ababc346b30a04c8aef91f08e0cd06380796820a Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Fri, 20 Aug 2021 23:25:35 +0200 Subject: [PATCH] mount_namespaces.7: wfix: use numbered cross-references in list of restrictions in NOTES Done to make the list easier to navigate. Signed-off-by: Michael Kerrisk --- man7/mount_namespaces.7 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/man7/mount_namespaces.7 b/man7/mount_namespaces.7 index 2571ecb6d..826faf00a 100644 --- a/man7/mount_namespaces.7 +++ b/man7/mount_namespaces.7 @@ -1045,7 +1045,7 @@ see .\" .SS Restrictions on mount namespaces Note the following points with respect to mount namespaces: -.IP * 3 +.IP [1] 4 Each mount namespace has an owner user namespace. As explained above, when a new mount namespace is created, its mount list is initialized as a copy of the mount list @@ -1054,13 +1054,13 @@ If the new namespace and the namespace from which the mount list was copied are owned by different user namespaces, then the new mount namespace is considered .IR "less privileged" . -.IP * +.IP [2] When creating a less privileged mount namespace, shared mounts are reduced to slave mounts. This ensures that mappings performed in less privileged mount namespaces will not propagate to more privileged mount namespaces. -.IP * +.IP [3] Mounts that come as a single unit from a more privileged mount namespace are locked together and may not be separated in a less privileged mount namespace. @@ -1148,8 +1148,8 @@ command above, which is performed in the initial mount namespace, makes the original .I /etc/shadow file once more visible in that namespace. -.IP * -Following on from the previous point, +.IP [4] +Following on from point [3], note that it is possible to unmount an entire subtree of mounts that propagated as a unit into a less privileged mount namespace, as illustrated in the following example. @@ -1199,7 +1199,7 @@ ns2# \fBgrep /mnt /proc/self/mountinfo | sed \(aqs/ \- .*//\(aq\fP .IP Of note in the above output is that the propagation type of the mount .I /mnt -has been reduced to slave, as explained near the start of this subsection. +has been reduced to slave, as explained in point [2]. This means that submount events will propagate from the master .I /mnt in "ns1", but propagation will not occur in the opposite direction. @@ -1261,7 +1261,7 @@ ns2# \fBgrep /mnt /proc/self/mountinfo\fP 1241 1240 0:57 / /mnt/x/y rw,relatime .EE .in -.IP * +.IP [5] The .BR mount (2) flags @@ -1301,7 +1301,7 @@ mount: /mnt/dir: permission denied. .EE .in .RE -.IP * +.IP [6] .\" (As of 3.18-rc1 (in Al Viro's 2014-08-30 vfs.git#for-next tree)) A file or directory that is a mount point in one namespace that is not a mount point in another namespace, may be renamed, unlinked, or removed