LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity
13,194 Commits 1 Branch 197 Tags 93 MiB
Commit Graph

73 Commits

Author SHA1 Message Date
Michael Kerrisk 3ef9fdd1a9 user_namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-03-03 15:49:16 +01:00
Michael Kerrisk 74412268b4 user_namespaces.7: Update kernel version associated with 5-line limit for map files 
As at Linux 3.18, the limit is still five lines, so mention the
more recent kernel version in the text.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-03-03 13:20:28 +01:00
Michael Kerrisk 374215d5c6 user_namespaces.7: tfix 
Reported-by: Stéphane Aulery <saulery@free.fr>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-03-02 17:22:26 +01:00
Michael Kerrisk 1c3c805bcd user_namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-16 07:54:02 +01:00
Mike Frysinger dba9ebf2b4 user_namespaces(7): tfix 
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-12-30 22:15:28 +01:00
Mike Frysinger 445d38c9b5 user_namespaces(7): tfix: drop spurious underline 
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-11-11 06:39:06 +01:00
Michael Kerrisk f5d401ddda Removed trailing white space at end of lines 2014-09-21 11:24:24 +02:00
Michael Kerrisk daf084cc33 clone.2, flock.2, getpid.2, getunwind.2, mount.2, reboot.2, semop.2, seteuid.2, setgid.2, setns.2, setresuid.2, setreuid.2, setuid.2, uname.2, unshare.2, clock.3, drand48.3, proc.5, capabilities.7, credentials.7, mq_overview.7, namespaces.7, pid_namespaces.7, svipc.7, user_namespaces.7: tstamp 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-21 11:23:07 +02:00
Michael Kerrisk c228b4b4d1 namespaces.7, pid_namespaces.7, user_namespaces.7: srcfix: Add LICENSE_START tag 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-16 09:05:40 +02:00
Michael Kerrisk 09fcbb82f1 user_namespaces.7: spfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-14 21:29:47 -07:00
Michael Kerrisk 672e7505d6 user_namespaces.7: wfix 
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-14 21:29:47 -07:00
Eric W. Biederman 890a86d330 user_namespaces.7: Clarify the meaning of "Mounts that come as a single unit" 
Quoting Eric Biederman:

The importance of [mounts coming across as a dingle unit] is [to]
allow the global root to mount over things and not have to worry
that someone from a user namespace root can peek underneath.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-14 21:29:47 -07:00
Michael Kerrisk 576233f00e user_namespaces.7: Additions from Andy Lutomirski 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-14 21:29:47 -07:00
Michael Kerrisk 6cfec3d80a user_namespaces.7: Improvements from Andy Lutomirski 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-14 21:29:42 -07:00
Eric W. Biederman b10c74ff25 user_namespaces.7: Add "Restrictions on mount namespaces" section 
Light edits by mtk

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 7aba437aa1 user_namespaces.7: Only single-threaded processes can join another user namespace 
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Serge E. Hallyn 1191a90d12 user_namespaces.7: Improve discussion of handling of capabilities during execve(2) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 11d8ef176b user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 6c21c0f947 user_namespaces.7: Say a little less about execve(2) and user ID mappings 
The existing discussion under user and group ID mappings
probably suffices.

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 0ea90cb46d user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 99f04bb1e9 user_namespaces.7: Note that user namespaces isolate the root directory 
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk c0d02ab07a user_namespaces.7: XFS support for user namespaces was added in Linux 3.11 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk ed8bd8452c user_namespaces.7: Rework text on filesystem support for user namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk bc92175773 user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 1005b0062e user_namespaces.7: Remove a confused sentence 
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk e56b6c42d1 user_namespaces.7: Document maximum nesting depth for user namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 8f99aa89d9 user_namespaces.7: Minor tweaks to example program 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk ab3311aa06 clone.2, namespaces.7, pid_namespaces.7, user_namespaces.7: wfix "file system" ==> "filesystem" 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk f22abd505d user_namespaces.7: Remove discussion of flags that can't be used with CLONE_NEWUSER 
That information is better put into individual pages.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 714e9a7874 user_namespaces.7: Document restrictions on CLONE_NEWUSER with other CLONE_* flags 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 63f66893e5 user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk c3f29a89b5 user_namespaces.7: Move discussion of availability of user namespaces to NOTES 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk b6462f7519 user_namespaces.7: SEE ALSO: add newgidmap(1), newuidmap(1), subgid(5), subuid(5) 
Pages in the "shadow" package

Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 77f9548830 user_namespaces.7: execve(2) will drop capabilities unless the caller's UID maps to 0 
Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 550d1c537c user_namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 0ac408439b user_namespaces.7: Some subsystems don't support user namespaces in some kernel versions 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 6b92803065 user_namespaces.7: srcfix: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 3b44624fa4 user_namespaces.7: Minor fixes in various places 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 8a87c8b32f user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 589e43bb00 user_namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk d68c5f1184 user_namespaces.7: Clarify some capabilities details 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 0666f549da user_namespaces.7: Note treatment of "securebits" flags 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 37909beed2 user_namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk d916d9d073 user_namespaces.7: Rewrote and reorganized various pieces 
Mainly the pieces on capabilities, nested namespaces
and namespace membership.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk c9195dede4 user_namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 3a9ff754df user_namespaces.7: SEE ALSO: remove unshare(1) (which is mentioned in namespaces(7)) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 96ec9d12e6 user_namespaces.7: Clarify that the child of clone() gets all privileges in new userns 
Nothing special happens for the children of unshare(2).

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk c94eb4a68d user_namespaces.7: Add reference to Documentation/namespaces/resource-control.txt 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk cf7d22a535 user_namespaces.7: Further reworking of text on nested namespaces and capabilities 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk c0098e767d user_namespaces.7: Relocate text on capabilities of initial process in userns 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00