mirror of https://github.com/mkerrisk/man-pages
user_namespaces.7: srcfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
627e4074b4
commit
d6842bf18d
|
@ -93,6 +93,9 @@ in
|
||||||
Use of user namespaces requires a kernel that is configured with the
|
Use of user namespaces requires a kernel that is configured with the
|
||||||
.B CONFIG_USER_NS
|
.B CONFIG_USER_NS
|
||||||
option.
|
option.
|
||||||
|
.\"
|
||||||
|
.\" ============================================================
|
||||||
|
.\"
|
||||||
.SS Interaction of user namespaces and other types of namespaces
|
.SS Interaction of user namespaces and other types of namespaces
|
||||||
Starting in Linux 3.8, unprivileged processes can create user namespaces,
|
Starting in Linux 3.8, unprivileged processes can create user namespaces,
|
||||||
and mount, PID, IPC, network, and UTS namespaces can be created with just the
|
and mount, PID, IPC, network, and UTS namespaces can be created with just the
|
||||||
|
@ -124,6 +127,9 @@ privileged operations that operate on global
|
||||||
resources isolated by the namespace,
|
resources isolated by the namespace,
|
||||||
the permission checks are performed according to the process's capabilities
|
the permission checks are performed according to the process's capabilities
|
||||||
in the user namespace that the kernel associated with the new namespace.
|
in the user namespace that the kernel associated with the new namespace.
|
||||||
|
.\"
|
||||||
|
.\" ============================================================
|
||||||
|
.\"
|
||||||
.SS Capabilities
|
.SS Capabilities
|
||||||
A process may have a capability either
|
A process may have a capability either
|
||||||
because that capability is present in its effective capability set,
|
because that capability is present in its effective capability set,
|
||||||
|
@ -151,6 +157,9 @@ further removed descendant user namespaces as well.
|
||||||
.\" As a rough approximation, this means that
|
.\" As a rough approximation, this means that
|
||||||
.\" the user who creates a user namespace
|
.\" the user who creates a user namespace
|
||||||
.\" has all capabilities inside that namespace and its descendants.
|
.\" has all capabilities inside that namespace and its descendants.
|
||||||
|
.\"
|
||||||
|
.\" ============================================================
|
||||||
|
.\"
|
||||||
.SS User and group ID mappings: uid_map and gid_map
|
.SS User and group ID mappings: uid_map and gid_map
|
||||||
The
|
The
|
||||||
.IR /proc/[pid]/uid_map
|
.IR /proc/[pid]/uid_map
|
||||||
|
@ -228,6 +237,9 @@ that created this user namespace.
|
||||||
.IP (3)
|
.IP (3)
|
||||||
The length of the range of user IDs that is mapped between the two
|
The length of the range of user IDs that is mapped between the two
|
||||||
user namespaces.
|
user namespaces.
|
||||||
|
.\"
|
||||||
|
.\" ============================================================
|
||||||
|
.\"
|
||||||
.SS Defining user and group ID mappings: writing to uid_map and gid_map
|
.SS Defining user and group ID mappings: writing to uid_map and gid_map
|
||||||
.PP
|
.PP
|
||||||
After the creation of a new user namespace, the
|
After the creation of a new user namespace, the
|
||||||
|
@ -327,6 +339,9 @@ in the parent user namespace.
|
||||||
.PP
|
.PP
|
||||||
Writes that violate the above rules fail with the error
|
Writes that violate the above rules fail with the error
|
||||||
.BR EPERM .
|
.BR EPERM .
|
||||||
|
.\"
|
||||||
|
.\" ============================================================
|
||||||
|
.\"
|
||||||
.SS Set-user-ID and set-group-ID programs
|
.SS Set-user-ID and set-group-ID programs
|
||||||
.PP
|
.PP
|
||||||
When a process inside a user namespace executes
|
When a process inside a user namespace executes
|
||||||
|
|
Loading…
Reference in New Issue