LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity
11,696 Commits 1 Branch 197 Tags 93 MiB
Commit Graph

68 Commits

Author SHA1 Message Date
Michael Kerrisk f344e055a6 namespaces.7: Document /proc interfaces that are distinct in each IPC namespace 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 7d8d64eb14 namespaces.7: Remove repetitious text under network namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk fa88d1a483 namespaces.7, pid_namespaces.7: Add pointer to example program in user_namespaces(7) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:00 -07:00
Michael Kerrisk 024d6a8449 namespaces.7: Remove PID namespaces material shifted to pid_namespaces(7) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk 67d1131fd9 namespaces.7: Remove userns material shifted to user_namespaces(7) 
The user namespaces section was getting long and unwieldy.
Split it into its own page, so that it can be better
structured with subtitles, etc.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk 9552196ecb namespaces.7: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk e67b117c39 namespaces.7: Document association between userns and other namespace types 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk 365d292a3c clone.2, unshare.2, namespaces.7: clone() and unshare() fail (EPERM) if caller's UID/GID are not mapped 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk 1d5adb6f9e namespaces.7: Userns creation associates eff. GID of creator with the userns 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk 5eb7f09d7c namespaces.7: Move text on capabilities in user namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk 7f76dc3079 namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk cda377d2bc namespaces.7: Clarify use of 'single line' case when writing userns map files 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk e2eb61370e namespaces.7: Note rules regarding capabilities and nested namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk 9a80f81d04 namespaces.7: Clarify explanation of nested user namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk 6be09bd882 namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk fd4eb520d6 namespaces.7: srcfix: Added FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk aa49742066 namespaces.7: Mapping files are empty when a user namespace is first created 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk b87dd2afb0 namespaces.7: User namespace ID mappings can be defined via any member process's map 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk b2e73e0ce8 namespaces.7: Clarify max # of bytes that can be written to a user namespace map 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk 3fe8d14797 namespaces.7: Describe semantics of set-user/group-ID programs in a user namespace 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:59 -07:00
Michael Kerrisk e420879421 namespaces.7: Rewrite EPERM rules for writing to user namespace map file 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 1879c18c63 namespaces.7: spfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk d70ee6ff45 namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 6155c4554f namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 4d2d9a106f namespaces.7: Add further EINVAL cases for writes to userspace map files 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 8e5924c0a9 namespaces.7: Clarify a detail in permissions for writing to user namespace map files 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk cfc50babe7 namespaces.7: Violating rules for writing to user namespace map file yields EPERM 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk ed0ce71a31 namespaces.7: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 76f89cbea4 namespaces.7: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk d3c16a98d1 namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 147a0c9098 namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk b680649a5c namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 291e9237d7 namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 029ae9e3f5 namespaces.7: SEE ALSO: add switch_root(8) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk c0004fb480 namespaces.7: Clarify details of sending signals to init from ancestor PID namespaces 
After email from Eric Biederman

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk b16d757dfd namespaces.7: When a PID namespace terminates, the other processes get SIGKILL 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk fc49d2ac6b namespaces.7: Repair discussion of signals that can be sent to pidns init process 
From outside a PID namespace, only the SIGKILL and SIGSTOP
signals can be sent to the init process.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 3c96796395 namespaces.7: Fixes to text on forking a process into a PID namespace with no "init" 
Based on comments from Eric Biederman

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk bcf8010e24 namespaces.7: Trying to add a new process to a PID namespace with no "init" fails 
If the PID namespace init process has terminated, then
setns() on a previously opened /proc/PID/ns/pid file
will succeed, but the subsequent fork() will fail with
ENOMEM.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk ed94b9b881 namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 53d63b8925 namespaces.7: Document effect of PID namespaces when passing credentials over a socket 
PIDs passed via UNIX domain sockets are translated according to
the receiving process's namespace.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 86499a6b26 namespaces.7: SEE ALSO: Add nsenter(1), unshare(1) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 3c7103af43 namespaces.7: Remove text on "equivalence" between clone() and fork()+unshare() 
The text probably doesn't help the readers understanding much,
and it's not quite accurate in the case of PID namespaces.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 84c35715ba namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk ca29156707 namespaces.7: Explain why unshare() and setns() do not change caller's PID namespace 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk e13b53a611 namespaces.7: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk e17d07c17b namespaces.7: Note treatment of PID namespace "init" process with respect to signals 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 33a3c1b8ec namespaces.7: Repair discussion of termination of "init" in PID namespace 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 110026abe4 namespaces.7: Document PID namespace case where getppid() can return 0 
getppid() can return 0 if parent is in a different namespace.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00
Michael Kerrisk 7091f8f392 namespaces.7: spfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:15:58 -07:00