cf8bfe6d2a
proc.5, namespaces.7: Move /proc/[pid]/mountstat text from proc.5 to namespaces.7
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
4716a1dd65
proc.5, namespaces.7: Move /proc/[pid]/mountstats from proc.5 to namespaces.7
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
357002ecdf
proc.5, namespaces.7: Move /proc/[pid]/mounts from proc.5 to namespaces.7
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
020357e8e4
namespaces.7: New page providing overview of Linux namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
a7d96776a1
capabilities.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
5bea231de3
capabilities.7: Document CAP_SETUID and CAP_SETGID for user namespace mappings
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
c67d3814e7
capabilities.7: Since Linux 3.8, user namespaces no longer require CAP_SYS_ADMIN
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
76f8f97395
unshare.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
36ec1f75e4
unshare.2: Clarify that unshare(CLONE_NEWUSER) does confer capabilities on the caller
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
c79b7a8184
unshare.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
3d02560dbb
unshare.2: SEE ALSO: add proc(5)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
f919b6e410
unshare.2: Add an example program
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
e939d607ea
unshare.2: SEE ALSO: add unshare(1)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
2193656a7c
unshare.2: Add some details to CLONE_NEWPID description
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
37ee2d61e5
unshare.2: Add details to CLONE_NEWPID and CLONE_NEWUSER documentation
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
8f141c5e3c
unshare.2: Document CLONE_NEWPID
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
c2cd5a7fd9
unshare.2: Document CLONE_NEWUSER
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
eb359a0988
unshare.2: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
667f4c7891
unshare.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
040eaa70ed
clone.2: SEE ALSO: add proc(5)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
730e9c01cf
clone.2: Document behavior of clone(CLONE_NEWUSER | CLONE_NEWXXX)
...
Based on email exchanges with Eric Biederman
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
a0efdddb73
clone.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
fefbcba85c
clone.2: Note capability requirements for using CLONE_NEWUSER before Linux 3.8
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
4d2b3ed7c1
clone.2: Correct kernel version where CLONE_NEWUSER first appeared
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
642ce311ba
clone.2: Note that CLONE_NEWUSER needs CONFIG_USER_NS
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
06b3045839
clone.2: Rework Eric's CLONE_NEWUSER patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
57ef8c39e7
clone.2: grfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
70d21f174e
clone.2: Describe the user namespace (CLONE_NEWUSER)
...
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
7612b8a7e1
setns.2: setns() into a user namespace grants all capabilities in that namespace
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
3c98ab169f
setns.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
268a93cb30
setns.2: Specify kernel version on each CLONE_NEW* flag
...
And remove text on flags from VERSIONS.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
773f59eb02
setns.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
81714b4f86
setns.2: Rework discussion of restrictions on changing user namespace
...
After comments from Eric Biederman
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
21bfe3e933
setns.2: Clarify capabilities required for reassociating with a mount namespace
...
Based on comments from Eric Biederman.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
2a9f74a936
setns.2: SEE ALSO: Add unshare(2)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
f16c7698e2
setns.2: Clarify wording in CLONE_NEWPID discussion
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
49af76fed3
setns.2: Various fixes for text on PID, user, and mount namespace support
...
After comments from Eric Biederman
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
cd7e05aa16
setns.2: Fixes for text on PID, user, and mount namespace support
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
99fd2fe3b5
setns.2: Document the PID, user, and mount namespace support
...
Document CLONE_NEWPID, CLONE_NEWUSER, and CLONE_NEWNS flags.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
0bafc69241
proc.5: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
fbb59ce750
proc.5: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
84d22d07fc
proc.5: Document change of /proc/PID/ns/* files to symlinks in Linux 3.8
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
d41f83cce4
proc.5: Add detail on /proc/PID/ns bind mounted files
...
Opening a file bind mounted to a /proc/PID/ns/xxx file
also yields a descriptor that can be passed to setns().
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
91935e7807
proc.5: Rework discussion of /proc/PIC/ns/* files
...
Rather than repeat the same text six times,
refactor it to occur in just one place.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
f34f018219
proc.5: srcfix: Added FIXME (/proc/PID/projid_map)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
6b1eaf53bc
proc.5: Further improvements to /proc/PID/{uid_map,gid_map} text
...
After review by Eric Biederman.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
a2f479dee9
proc.5: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
98ea417334
proc.5: Clarify details of nonoverlapping ranges for /proc/PID/{uid_map,gid_map}
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
3d33f6ceb7
proc.5: Note capability requirements for writing to /proc/PID/{uid_map,gid_map}
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
d0ebf39885
proc.5: Rework text describing line limit in /proc/PID/{uid_map,gid_map}
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
Michael Kerrisk