046de6a7d7
user_namespaces.7: New page splitting user namespace material out of namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
9552196ecb
namespaces.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
e67b117c39
namespaces.7: Document association between userns and other namespace types
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
16fe718f99
setns.2: wfix
2014-09-13 20:15:59 -07:00
e57c3979fe
setns.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
ec66fbfff5
setns.2: Reorganize text on user namespaces
...
And add reference to user_namespaces(7).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
5c8d010b84
setns.2, unshare.2: Add reference to pid_namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
5c67baab4f
setns.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
7fc8e5ece2
setns.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
edc3c3b4c0
setns.2: Attempt to rejoin current user namespace gives EINVAL
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
365d292a3c
clone.2, unshare.2, namespaces.7: clone() and unshare() fail (EPERM) if caller's UID/GID are not mapped
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
1d5adb6f9e
namespaces.7: Userns creation associates eff. GID of creator with the userns
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
5eb7f09d7c
namespaces.7: Move text on capabilities in user namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
7f76dc3079
namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
cda377d2bc
namespaces.7: Clarify use of 'single line' case when writing userns map files
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
e2eb61370e
namespaces.7: Note rules regarding capabilities and nested namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
9a80f81d04
namespaces.7: Clarify explanation of nested user namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
6be09bd882
namespaces.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
fd4eb520d6
namespaces.7: srcfix: Added FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
aa49742066
namespaces.7: Mapping files are empty when a user namespace is first created
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
b87dd2afb0
namespaces.7: User namespace ID mappings can be defined via any member process's map
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
b2e73e0ce8
namespaces.7: Clarify max # of bytes that can be written to a user namespace map
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
3fe8d14797
namespaces.7: Describe semantics of set-user/group-ID programs in a user namespace
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
e420879421
namespaces.7: Rewrite EPERM rules for writing to user namespace map file
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
1879c18c63
namespaces.7: spfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
d70ee6ff45
namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
6155c4554f
namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
4d2d9a106f
namespaces.7: Add further EINVAL cases for writes to userspace map files
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
0076479cdd
seteuid.2, setgid.2, setresuid.2, setreuid.2, setuid.2: EINVAL can occur if UID/GID is not valid in caller's user namespace
...
Also add namespaces(7) under SEE ALSO.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
8e5924c0a9
namespaces.7: Clarify a detail in permissions for writing to user namespace map files
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
cfc50babe7
namespaces.7: Violating rules for writing to user namespace map file yields EPERM
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
ed0ce71a31
namespaces.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
76f89cbea4
namespaces.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
d3c16a98d1
namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
147a0c9098
namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
b680649a5c
namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
291e9237d7
namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
029ae9e3f5
namespaces.7: SEE ALSO: add switch_root(8)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
c0004fb480
namespaces.7: Clarify details of sending signals to init from ancestor PID namespaces
...
After email from Eric Biederman
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
b16d757dfd
namespaces.7: When a PID namespace terminates, the other processes get SIGKILL
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
fc49d2ac6b
namespaces.7: Repair discussion of signals that can be sent to pidns init process
...
From outside a PID namespace, only the SIGKILL and SIGSTOP
signals can be sent to the init process.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
3c96796395
namespaces.7: Fixes to text on forking a process into a PID namespace with no "init"
...
Based on comments from Eric Biederman
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
bcf8010e24
namespaces.7: Trying to add a new process to a PID namespace with no "init" fails
...
If the PID namespace init process has terminated, then
setns() on a previously opened /proc/PID/ns/pid file
will succeed, but the subsequent fork() will fail with
ENOMEM.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
ed94b9b881
namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
53d63b8925
namespaces.7: Document effect of PID namespaces when passing credentials over a socket
...
PIDs passed via UNIX domain sockets are translated according to
the receiving process's namespace.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
86499a6b26
namespaces.7: SEE ALSO: Add nsenter(1), unshare(1)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
3c7103af43
namespaces.7: Remove text on "equivalence" between clone() and fork()+unshare()
...
The text probably doesn't help the readers understanding much,
and it's not quite accurate in the case of PID namespaces.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
84c35715ba
namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
ca29156707
namespaces.7: Explain why unshare() and setns() do not change caller's PID namespace
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
e13b53a611
namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
Michael Kerrisk