mirror of https://github.com/mkerrisk/man-pages
mount_namespaces.7: wfix: use numbered cross-references in list of restrictions in NOTES
Done to make the list easier to navigate. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk
parent
906ab4945c
commit
ababc346b3
|
|
@ -1045,7 +1045,7 @@ see
|
||||||
.\"
|
.\"
|
||||||
.SS Restrictions on mount namespaces
|
.SS Restrictions on mount namespaces
|
||||||
Note the following points with respect to mount namespaces:
|
Note the following points with respect to mount namespaces:
|
||||||
.IP * 3
|
.IP [1] 4
|
||||||
Each mount namespace has an owner user namespace.
|
Each mount namespace has an owner user namespace.
|
||||||
As explained above, when a new mount namespace is created,
|
As explained above, when a new mount namespace is created,
|
||||||
its mount list is initialized as a copy of the mount list
|
its mount list is initialized as a copy of the mount list
|
||||||
|
|
@ -1054,13 +1054,13 @@ If the new namespace and the namespace from which the mount list
|
||||||
was copied are owned by different user namespaces,
|
was copied are owned by different user namespaces,
|
||||||
then the new mount namespace is considered
|
then the new mount namespace is considered
|
||||||
.IR "less privileged" .
|
.IR "less privileged" .
|
||||||
.IP *
|
.IP [2]
|
||||||
When creating a less privileged mount namespace,
|
When creating a less privileged mount namespace,
|
||||||
shared mounts are reduced to slave mounts.
|
shared mounts are reduced to slave mounts.
|
||||||
This ensures that mappings performed in less
|
This ensures that mappings performed in less
|
||||||
privileged mount namespaces will not propagate to more privileged
|
privileged mount namespaces will not propagate to more privileged
|
||||||
mount namespaces.
|
mount namespaces.
|
||||||
.IP *
|
.IP [3]
|
||||||
Mounts that come as a single unit from a more privileged mount namespace are
|
Mounts that come as a single unit from a more privileged mount namespace are
|
||||||
locked together and may not be separated in a less privileged mount
|
locked together and may not be separated in a less privileged mount
|
||||||
namespace.
|
namespace.
|
||||||
|
|
@ -1148,8 +1148,8 @@ command above, which is performed in the initial mount namespace,
|
||||||
makes the original
|
makes the original
|
||||||
.I /etc/shadow
|
.I /etc/shadow
|
||||||
file once more visible in that namespace.
|
file once more visible in that namespace.
|
||||||
.IP *
|
.IP [4]
|
||||||
Following on from the previous point,
|
Following on from point [3],
|
||||||
note that it is possible to unmount an entire subtree of mounts that
|
note that it is possible to unmount an entire subtree of mounts that
|
||||||
propagated as a unit into a less privileged mount namespace,
|
propagated as a unit into a less privileged mount namespace,
|
||||||
as illustrated in the following example.
|
as illustrated in the following example.
|
||||||
|
|
@ -1199,7 +1199,7 @@ ns2# \fBgrep /mnt /proc/self/mountinfo | sed \(aqs/ \- .*//\(aq\fP
|
||||||
.IP
|
.IP
|
||||||
Of note in the above output is that the propagation type of the mount
|
Of note in the above output is that the propagation type of the mount
|
||||||
.I /mnt
|
.I /mnt
|
||||||
has been reduced to slave, as explained near the start of this subsection.
|
has been reduced to slave, as explained in point [2].
|
||||||
This means that submount events will propagate from the master
|
This means that submount events will propagate from the master
|
||||||
.I /mnt
|
.I /mnt
|
||||||
in "ns1", but propagation will not occur in the opposite direction.
|
in "ns1", but propagation will not occur in the opposite direction.
|
||||||
|
|
@ -1261,7 +1261,7 @@ ns2# \fBgrep /mnt /proc/self/mountinfo\fP
|
||||||
1241 1240 0:57 / /mnt/x/y rw,relatime
|
1241 1240 0:57 / /mnt/x/y rw,relatime
|
||||||
.EE
|
.EE
|
||||||
.in
|
.in
|
||||||
.IP *
|
.IP [5]
|
||||||
The
|
The
|
||||||
.BR mount (2)
|
.BR mount (2)
|
||||||
flags
|
flags
|
||||||
|
|
@ -1301,7 +1301,7 @@ mount: /mnt/dir: permission denied.
|
||||||
.EE
|
.EE
|
||||||
.in
|
.in
|
||||||
.RE
|
.RE
|
||||||
.IP *
|
.IP [6]
|
||||||
.\" (As of 3.18-rc1 (in Al Viro's 2014-08-30 vfs.git#for-next tree))
|
.\" (As of 3.18-rc1 (in Al Viro's 2014-08-30 vfs.git#for-next tree))
|
||||||
A file or directory that is a mount point in one namespace that is not
|
A file or directory that is a mount point in one namespace that is not
|
||||||
a mount point in another namespace, may be renamed, unlinked, or removed
|
a mount point in another namespace, may be renamed, unlinked, or removed
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue