LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity
11,724 Commits 1 Branch 197 Tags 93 MiB
Commit Graph

11724 Commits

Author SHA1 Message Date
Michael Kerrisk 6cfec3d80a user_namespaces.7: Improvements from Andy Lutomirski 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-14 21:29:42 -07:00
Eric W. Biederman b10c74ff25 user_namespaces.7: Add "Restrictions on mount namespaces" section 
Light edits by mtk

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 7aba437aa1 user_namespaces.7: Only single-threaded processes can join another user namespace 
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 258e6b6c7a namespaces.7: wfix 
Reported-by: Vitaly Rybnikov <frodox@zoho.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Serge E. Hallyn 1191a90d12 user_namespaces.7: Improve discussion of handling of capabilities during execve(2) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 11d8ef176b user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 0b497138b9 namespaces.7: Add table of namespaces to top of page 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 309abda4a0 namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk c6d54e1fd6 namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk beb9df9ed3 namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 6c21c0f947 user_namespaces.7: Say a little less about execve(2) and user ID mappings 
The existing discussion under user and group ID mappings
probably suffices.

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 0ea90cb46d user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 99f04bb1e9 user_namespaces.7: Note that user namespaces isolate the root directory 
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk c0d02ab07a user_namespaces.7: XFS support for user namespaces was added in Linux 3.11 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk ed8bd8452c user_namespaces.7: Rework text on filesystem support for user namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk bc92175773 user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 1005b0062e user_namespaces.7: Remove a confused sentence 
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk e63259f20e setns.2: ERRORS: Add EINVAL for two cases of joining a new user namespace 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 6bab36f87c unshare.2: Add kernel version number for text on CLONE_NEWUSER implying CLONE_FS 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk ac0079383d clone.2: Document EPERM error when using CLONE_NEWUSER from chrooted caller 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 40a47a161b unshare.2: Document EPERM error when using CLONE_NEWUSER from chrooted caller 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk cdd25f2e76 unshare.2: Document EUSERS error 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 6fd119e727 clone.2: Document EUSERS error 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk e56b6c42d1 user_namespaces.7: Document maximum nesting depth for user namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 8f99aa89d9 user_namespaces.7: Minor tweaks to example program 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 8db3776096 setns.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk ff8531686a pid_namespaces.7: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk ab3311aa06 clone.2, namespaces.7, pid_namespaces.7, user_namespaces.7: wfix "file system" ==> "filesystem" 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 85e34225be setns.2: A process can't join a new userns if it shares CLONE_FS attributes 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 08e54e516c unshare.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 6f6808f9fd unshare.2: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 4c3d7431b4 unshare.2: CLONE_NEWUSER implies CLONE_FS 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk f647dc5e28 unshare.2: Remove obsolete reference to "Restrictions" text in user_namespaces(7) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk f22abd505d user_namespaces.7: Remove discussion of flags that can't be used with CLONE_NEWUSER 
That information is better put into individual pages.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 5e72cf7d10 clone.2: Improve discussion of flags that can't be specified with CLONE_NEWUSER 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 9d64e39ec8 semop.2: Refer to clone(2) for semantics of CLONE_SYSVSEM and semadj lists 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 5ada4b9491 clone.2: Add more detail on the meaning of CLONE_SYVSEM 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 0d829b7610 unshare.2: Clarify semantics of CLONE_SYSVSEM 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk ea2d20ebcc unshare.2: CLONE_SYSVSEM does not require CAP_SYS_ADMIN 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 3c881e7c07 unshare.2: CLONE_NEWPID automatically implies CLONE_THREAD 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 88f487166c unshare.2: CLONE_NEWUSER implies CLONE_THREAD 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 5afd65d175 unshare.2: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk f231195fce unshare.2: srcfix: update FIXMEs 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk d34e564554 clone.2: Note restrictions on CLONE_NEWUSER with other CLONE_* flags 
Refer to user_namespaces(7) for restrictions on CLONE_NEWUSER
with other CLONE_* flags.

Also: document EINVAL error for CLONE_NEWUSER|CLONE_FS.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 333446b9a6 unshare.2: Note restrictions on CLONE_NEWUSER with other CLONE_* flags 
Refer to user_namespaces(7) for restrictions on CLONE_NEWUSER
with other CLONE_* flags.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 714e9a7874 user_namespaces.7: Document restrictions on CLONE_NEWUSER with other CLONE_* flags 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 1f1d2a8d2b mq_overview.7: Refer to namespaces(7) for info on POSIX MQs and IPC namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 19b06c778d capabilities.7: Refer reader to user_namespaces(7) for a discussion of capabilities 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk c3b49118b9 capabilities.7: setns() needs CAP_SYS_ADMIN in the *target* namespace 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk f7ee0f5180 pid_namespaces.7: Fix kernel version number for reboot() in pidns discussion 
Should be 3.4, not 3.9, as per comments from Eric Biederman

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00