pid_namespaces.7: /proc shows mounts according to PID namespace of mounting process

Reported-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-03-01 09:49:21 +01:00 · 2013-03-01 09:49:21 +01:00 · bac6162841
parent 805685dc1b
commit bac6162841
1 changed files with 15 additions and 6 deletions
--- a/man7/pid_namespaces.7
+++ b/man7/pid_namespaces.7
@ -225,6 +225,15 @@ the calling thread.
 .\" ============================================================
 .\"
 .SS /proc and PID namespaces
+A
+.I /proc
+file system shows (in the
+.I /proc/PID
+directories) only processes visible in the PID namespace
+of the process that performed the mount, even if the
+.I /proc
+file system is viewed from processes in other namespaces.
+
 After creating a new PID namespace,
 it is useful for the child to change its root directory
 and mount a new procfs instance at
@ -232,12 +241,6 @@ and mount a new procfs instance at
 so that tools such as
 .BR ps (1)
 work correctly.
-From a shell, the command to mount
-.I /proc
-is:
-
-    $ mount -t proc proc /proc
-
 If a new mount namespace is simultaneously created by including
 .BR CLONE_NEWNS
 in the
@ -250,6 +253,12 @@ then it isn't necessary to change the root directory:
 a new procfs instance can be mounted directly over
 .IR /proc .

+From a shell, the command to mount
+.I /proc
+is:
+
+    $ mount -t proc proc /proc
+
 Calling
 .BR readlink (2)
 on the path