mirror of https://github.com/mkerrisk/man-pages
user_namespaces.7: srcfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
627e4074b4
commit
d6842bf18d
|
@ -93,6 +93,9 @@ in
|
|||
Use of user namespaces requires a kernel that is configured with the
|
||||
.B CONFIG_USER_NS
|
||||
option.
|
||||
.\"
|
||||
.\" ============================================================
|
||||
.\"
|
||||
.SS Interaction of user namespaces and other types of namespaces
|
||||
Starting in Linux 3.8, unprivileged processes can create user namespaces,
|
||||
and mount, PID, IPC, network, and UTS namespaces can be created with just the
|
||||
|
@ -124,6 +127,9 @@ privileged operations that operate on global
|
|||
resources isolated by the namespace,
|
||||
the permission checks are performed according to the process's capabilities
|
||||
in the user namespace that the kernel associated with the new namespace.
|
||||
.\"
|
||||
.\" ============================================================
|
||||
.\"
|
||||
.SS Capabilities
|
||||
A process may have a capability either
|
||||
because that capability is present in its effective capability set,
|
||||
|
@ -151,6 +157,9 @@ further removed descendant user namespaces as well.
|
|||
.\" As a rough approximation, this means that
|
||||
.\" the user who creates a user namespace
|
||||
.\" has all capabilities inside that namespace and its descendants.
|
||||
.\"
|
||||
.\" ============================================================
|
||||
.\"
|
||||
.SS User and group ID mappings: uid_map and gid_map
|
||||
The
|
||||
.IR /proc/[pid]/uid_map
|
||||
|
@ -228,6 +237,9 @@ that created this user namespace.
|
|||
.IP (3)
|
||||
The length of the range of user IDs that is mapped between the two
|
||||
user namespaces.
|
||||
.\"
|
||||
.\" ============================================================
|
||||
.\"
|
||||
.SS Defining user and group ID mappings: writing to uid_map and gid_map
|
||||
.PP
|
||||
After the creation of a new user namespace, the
|
||||
|
@ -327,6 +339,9 @@ in the parent user namespace.
|
|||
.PP
|
||||
Writes that violate the above rules fail with the error
|
||||
.BR EPERM .
|
||||
.\"
|
||||
.\" ============================================================
|
||||
.\"
|
||||
.SS Set-user-ID and set-group-ID programs
|
||||
.PP
|
||||
When a process inside a user namespace executes
|
||||
|
|
Loading…
Reference in New Issue