LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

user_namespaces.7: Move discussion of availability of user namespaces to NOTES 

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2013-03-22 07:19:11 +01:00
parent b6462f7519
commit c3f29a89b5
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
man7/user_namespaces.7
View File

@ -46,20 +46,6 @@ while at the same time having a user ID of 0 inside the namespace;
in other words,
the process has full privileges for operations inside the user namespace,
but is unprivileged for operations outside the namespace.
Use of user namespaces requires a kernel that is configured with the
.B CONFIG_USER_NS
option.
User namespaces require support in a range of subsystems across
the kernel.
When an unsupported subsystem is configured into the kernel,
it is not possible to configure user namespaces support.
As at Linux 3.8, most relevant subsystems support user namespaces,
but there are a number of file systems that do not.
Linux 3.9 added user namespaces support for many of the remaining
unsupported file systems:
Plan 9 (9P), Andrew File System (AFS), Ceph, CIFS, CODA, NFS, and OCFS2.
XFS support for user namespaces is not yet available.
.\"
.\" ============================================================
.\"
@ -574,6 +560,20 @@ because of their potential to confuse set-user-ID-root applications.
In general, it becomes safe to allow the root user in a user namespace to
use those features because it is impossible, while in a user namespace,
to gain more privilege than the root user of a user namespace has.
.SS Availability
Use of user namespaces requires a kernel that is configured with the
.B CONFIG_USER_NS
option.
User namespaces require support in a range of subsystems across
the kernel.
When an unsupported subsystem is configured into the kernel,
it is not possible to configure user namespaces support.
As at Linux 3.8, most relevant subsystems support user namespaces,
but there are a number of file systems that do not.
Linux 3.9 added user namespaces support for many of the remaining
unsupported file systems:
Plan 9 (9P), Andrew File System (AFS), Ceph, CIFS, CODA, NFS, and OCFS2.
XFS support for user namespaces is not yet available.
.SH EXAMPLE
The program below is designed to allow experimenting with
user namespaces, as well as other types of namespaces.