LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity
11,853 Commits 1 Branch 197 Tags 93 MiB
Commit Graph

11853 Commits

Author SHA1 Message Date
Michael Kerrisk cdd25f2e76 unshare.2: Document EUSERS error 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 6fd119e727 clone.2: Document EUSERS error 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk e56b6c42d1 user_namespaces.7: Document maximum nesting depth for user namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 8f99aa89d9 user_namespaces.7: Minor tweaks to example program 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 8db3776096 setns.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk ff8531686a pid_namespaces.7: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk ab3311aa06 clone.2, namespaces.7, pid_namespaces.7, user_namespaces.7: wfix "file system" ==> "filesystem" 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 85e34225be setns.2: A process can't join a new userns if it shares CLONE_FS attributes 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 08e54e516c unshare.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 6f6808f9fd unshare.2: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 4c3d7431b4 unshare.2: CLONE_NEWUSER implies CLONE_FS 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk f647dc5e28 unshare.2: Remove obsolete reference to "Restrictions" text in user_namespaces(7) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk f22abd505d user_namespaces.7: Remove discussion of flags that can't be used with CLONE_NEWUSER 
That information is better put into individual pages.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 5e72cf7d10 clone.2: Improve discussion of flags that can't be specified with CLONE_NEWUSER 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 9d64e39ec8 semop.2: Refer to clone(2) for semantics of CLONE_SYSVSEM and semadj lists 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 5ada4b9491 clone.2: Add more detail on the meaning of CLONE_SYVSEM 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 0d829b7610 unshare.2: Clarify semantics of CLONE_SYSVSEM 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk ea2d20ebcc unshare.2: CLONE_SYSVSEM does not require CAP_SYS_ADMIN 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 3c881e7c07 unshare.2: CLONE_NEWPID automatically implies CLONE_THREAD 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 88f487166c unshare.2: CLONE_NEWUSER implies CLONE_THREAD 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 5afd65d175 unshare.2: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk f231195fce unshare.2: srcfix: update FIXMEs 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk d34e564554 clone.2: Note restrictions on CLONE_NEWUSER with other CLONE_* flags 
Refer to user_namespaces(7) for restrictions on CLONE_NEWUSER
with other CLONE_* flags.

Also: document EINVAL error for CLONE_NEWUSER|CLONE_FS.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 333446b9a6 unshare.2: Note restrictions on CLONE_NEWUSER with other CLONE_* flags 
Refer to user_namespaces(7) for restrictions on CLONE_NEWUSER
with other CLONE_* flags.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 714e9a7874 user_namespaces.7: Document restrictions on CLONE_NEWUSER with other CLONE_* flags 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 1f1d2a8d2b mq_overview.7: Refer to namespaces(7) for info on POSIX MQs and IPC namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 19b06c778d capabilities.7: Refer reader to user_namespaces(7) for a discussion of capabilities 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk c3b49118b9 capabilities.7: setns() needs CAP_SYS_ADMIN in the *target* namespace 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk f7ee0f5180 pid_namespaces.7: Fix kernel version number for reboot() in pidns discussion 
Should be 3.4, not 3.9, as per comments from Eric Biederman

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 78d6b55b9c pid_namespaces.7: Refer to reboot(2) for a discussion of reboot() inside a PID namespace 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 29368ba01f reboot.2: Tweak text on reboot in PID namesapces 
Reviewed-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmai>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 50f31881ac reboot.2: Document effect of reboot() inside PID namespaces 
Reported-by: Justin Cormack <justin@street-vision.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 2b91ac7916 reboot.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk eb25716ff8 svipc.7: Refer to namespaces(7) for info on System V IPC and IPC namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk f344e055a6 namespaces.7: Document /proc interfaces that are distinct in each IPC namespace 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 7d8d64eb14 namespaces.7: Remove repetitious text under network namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 63f66893e5 user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk c3f29a89b5 user_namespaces.7: Move discussion of availability of user namespaces to NOTES 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk b6462f7519 user_namespaces.7: SEE ALSO: add newgidmap(1), newuidmap(1), subgid(5), subuid(5) 
Pages in the "shadow" package

Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 77f9548830 user_namespaces.7: execve(2) will drop capabilities unless the caller's UID maps to 0 
Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 550d1c537c user_namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 0ac408439b user_namespaces.7: Some subsystems don't support user namespaces in some kernel versions 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 6b92803065 user_namespaces.7: srcfix: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 3b44624fa4 user_namespaces.7: Minor fixes in various places 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 8a87c8b32f user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 589e43bb00 user_namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk d68c5f1184 user_namespaces.7: Clarify some capabilities details 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 0666f549da user_namespaces.7: Note treatment of "securebits" flags 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 37909beed2 user_namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk d916d9d073 user_namespaces.7: Rewrote and reorganized various pieces 
Mainly the pieces on capabilities, nested namespaces
and namespace membership.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00