LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity
11,825 Commits 1 Branch 197 Tags 93 MiB
Commit Graph

11825 Commits

Author SHA1 Message Date
Michael Kerrisk f7ee0f5180 pid_namespaces.7: Fix kernel version number for reboot() in pidns discussion 
Should be 3.4, not 3.9, as per comments from Eric Biederman

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 78d6b55b9c pid_namespaces.7: Refer to reboot(2) for a discussion of reboot() inside a PID namespace 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 29368ba01f reboot.2: Tweak text on reboot in PID namesapces 
Reviewed-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmai>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 50f31881ac reboot.2: Document effect of reboot() inside PID namespaces 
Reported-by: Justin Cormack <justin@street-vision.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 2b91ac7916 reboot.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk eb25716ff8 svipc.7: Refer to namespaces(7) for info on System V IPC and IPC namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk f344e055a6 namespaces.7: Document /proc interfaces that are distinct in each IPC namespace 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 7d8d64eb14 namespaces.7: Remove repetitious text under network namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 63f66893e5 user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk c3f29a89b5 user_namespaces.7: Move discussion of availability of user namespaces to NOTES 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk b6462f7519 user_namespaces.7: SEE ALSO: add newgidmap(1), newuidmap(1), subgid(5), subuid(5) 
Pages in the "shadow" package

Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 77f9548830 user_namespaces.7: execve(2) will drop capabilities unless the caller's UID maps to 0 
Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 550d1c537c user_namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 0ac408439b user_namespaces.7: Some subsystems don't support user namespaces in some kernel versions 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 6b92803065 user_namespaces.7: srcfix: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 3b44624fa4 user_namespaces.7: Minor fixes in various places 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 8a87c8b32f user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 589e43bb00 user_namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk d68c5f1184 user_namespaces.7: Clarify some capabilities details 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 0666f549da user_namespaces.7: Note treatment of "securebits" flags 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 37909beed2 user_namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk d916d9d073 user_namespaces.7: Rewrote and reorganized various pieces 
Mainly the pieces on capabilities, nested namespaces
and namespace membership.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk c9195dede4 user_namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 3a9ff754df user_namespaces.7: SEE ALSO: remove unshare(1) (which is mentioned in namespaces(7)) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 96ec9d12e6 user_namespaces.7: Clarify that the child of clone() gets all privileges in new userns 
Nothing special happens for the children of unshare(2).

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk c94eb4a68d user_namespaces.7: Add reference to Documentation/namespaces/resource-control.txt 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk cf7d22a535 user_namespaces.7: Further reworking of text on nested namespaces and capabilities 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk c0098e767d user_namespaces.7: Relocate text on capabilities of initial process in userns 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 20e4a14719 user_namespaces.7: Explain uid_map and gid_map in the initial user namespace 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 3e2a37ec85 user_namespaces.7: Add more detail on unmapped UIDs and GIDs exposed to user space 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 6eda94413b user_namespaces.7: Reorganize various pieces of DESCRIPTION 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 30f3ddd6dd user_namespaces.7: Remove duplicated text on EPERM + mapping required in parent userns 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 1863e45128 user_namespaces.7: Move a misplaced rule re writing to map files 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk f00071920e clone.2: EINVAL if (CLONE_NEWUSER|CLONE_NEWPID) && (CLONE_THREAD|CLONE_PARENT) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 4dd85833c1 unshare.2: Document use of CLONE_THREAD, CLONE_SIGHAND, and CLONE_VM 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Eric W. Biederman 98029e6531 pid_namespaces.7: Add much more detail on CLONE_NEWPID + multhreaded processes 
CLONE_NEWPID doesn't mix with CLONE_THREAD, CLONE_VM,
and CLONE_SIGHAND.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk bd23efc759 pid_namespaces.7: Further reworking of text on CLONE_NEWPID and threads 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk e0fd534919 pid_namespaces.7: Rework text on threads and CLONE_NEWPID 
Adapted text from Eric Biederman.

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 7cd5151990 pid_namespaces.7: SEE ALSO: remove unshare(1) (which is mentioned in namespaces(7)) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 81ccc85366 pid_namespaces.7: Mention unshare()+fork() failure case if "init" terminates 
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 5597d425e9 pid_namespaces.7: Explain use for readlink() from /proc/self 
Reported-by: Rob Landley <rob@landley.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:01 -07:00
Michael Kerrisk 47832b6dfc pid_namespaces.7: Clarify text on failure cases with CLONE_VM + multithreaded 
Reported-by: Rob Landley <rob@landley.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:00 -07:00
Michael Kerrisk 837ddeb969 pid_namespaces.7: wfix 
Reported-by: Rob Landley <rob@landley.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:00 -07:00
Michael Kerrisk 36b04745db pid_namespaces.7: Mention suspend/resume of containers in intro text 
Reported-by: Rob Landley <rob@landley.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:00 -07:00
Michael Kerrisk cbf542aa98 pid_namespaces.7: tfix 
Reported-by: Rob Landley <rob@landley.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:00 -07:00
Michael Kerrisk bac6162841 pid_namespaces.7: /proc shows mounts according to PID namespace of mounting process 
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:00 -07:00
Michael Kerrisk 805685dc1b pid_namespaces.7: Note the shell command used for mount procfs 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:00 -07:00
Michael Kerrisk ec411de6d5 pid_namespaces.7: Other call sequences fail with multiple threads and CLONE_NEWPID 
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:00 -07:00
Michael Kerrisk 2a4b78e7e2 pid_namespaces.7: Mention PR_SET_CHILD_SUBREAPER in discussion of reparenting to init 
Reported-by: Vasily Kulikov <segoon@openwall.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:00 -07:00
Michael Kerrisk fa88d1a483 namespaces.7, pid_namespaces.7: Add pointer to example program in user_namespaces(7) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:00 -07:00