Michael Kerrisk
5bea231de3
capabilities.7: Document CAP_SETUID and CAP_SETGID for user namespace mappings
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
Michael Kerrisk
c67d3814e7
capabilities.7: Since Linux 3.8, user namespaces no longer require CAP_SYS_ADMIN
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
Michael Kerrisk
76f8f97395
unshare.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
Michael Kerrisk
36ec1f75e4
unshare.2: Clarify that unshare(CLONE_NEWUSER) does confer capabilities on the caller
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:57 -07:00
Michael Kerrisk
c79b7a8184
unshare.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
3d02560dbb
unshare.2: SEE ALSO: add proc(5)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
f919b6e410
unshare.2: Add an example program
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
e939d607ea
unshare.2: SEE ALSO: add unshare(1)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
2193656a7c
unshare.2: Add some details to CLONE_NEWPID description
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Eric W. Biederman
37ee2d61e5
unshare.2: Add details to CLONE_NEWPID and CLONE_NEWUSER documentation
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
8f141c5e3c
unshare.2: Document CLONE_NEWPID
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
c2cd5a7fd9
unshare.2: Document CLONE_NEWUSER
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
eb359a0988
unshare.2: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
667f4c7891
unshare.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
040eaa70ed
clone.2: SEE ALSO: add proc(5)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
730e9c01cf
clone.2: Document behavior of clone(CLONE_NEWUSER | CLONE_NEWXXX)
...
Based on email exchanges with Eric Biederman
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
a0efdddb73
clone.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
fefbcba85c
clone.2: Note capability requirements for using CLONE_NEWUSER before Linux 3.8
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
4d2b3ed7c1
clone.2: Correct kernel version where CLONE_NEWUSER first appeared
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
642ce311ba
clone.2: Note that CLONE_NEWUSER needs CONFIG_USER_NS
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
06b3045839
clone.2: Rework Eric's CLONE_NEWUSER patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
57ef8c39e7
clone.2: grfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Eric W. Biederman
70d21f174e
clone.2: Describe the user namespace (CLONE_NEWUSER)
...
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
7612b8a7e1
setns.2: setns() into a user namespace grants all capabilities in that namespace
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
3c98ab169f
setns.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
268a93cb30
setns.2: Specify kernel version on each CLONE_NEW* flag
...
And remove text on flags from VERSIONS.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
773f59eb02
setns.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
81714b4f86
setns.2: Rework discussion of restrictions on changing user namespace
...
After comments from Eric Biederman
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
21bfe3e933
setns.2: Clarify capabilities required for reassociating with a mount namespace
...
Based on comments from Eric Biederman.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
2a9f74a936
setns.2: SEE ALSO: Add unshare(2)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
f16c7698e2
setns.2: Clarify wording in CLONE_NEWPID discussion
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
49af76fed3
setns.2: Various fixes for text on PID, user, and mount namespace support
...
After comments from Eric Biederman
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
cd7e05aa16
setns.2: Fixes for text on PID, user, and mount namespace support
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Eric W. Biederman
99fd2fe3b5
setns.2: Document the PID, user, and mount namespace support
...
Document CLONE_NEWPID, CLONE_NEWUSER, and CLONE_NEWNS flags.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
0bafc69241
proc.5: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
fbb59ce750
proc.5: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
84d22d07fc
proc.5: Document change of /proc/PID/ns/* files to symlinks in Linux 3.8
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:56 -07:00
Michael Kerrisk
d41f83cce4
proc.5: Add detail on /proc/PID/ns bind mounted files
...
Opening a file bind mounted to a /proc/PID/ns/xxx file
also yields a descriptor that can be passed to setns().
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
Michael Kerrisk
91935e7807
proc.5: Rework discussion of /proc/PIC/ns/* files
...
Rather than repeat the same text six times,
refactor it to occur in just one place.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
Michael Kerrisk
f34f018219
proc.5: srcfix: Added FIXME (/proc/PID/projid_map)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
Michael Kerrisk
6b1eaf53bc
proc.5: Further improvements to /proc/PID/{uid_map,gid_map} text
...
After review by Eric Biederman.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
Michael Kerrisk
a2f479dee9
proc.5: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
Michael Kerrisk
98ea417334
proc.5: Clarify details of nonoverlapping ranges for /proc/PID/{uid_map,gid_map}
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
Michael Kerrisk
3d33f6ceb7
proc.5: Note capability requirements for writing to /proc/PID/{uid_map,gid_map}
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
Michael Kerrisk
d0ebf39885
proc.5: Rework text describing line limit in /proc/PID/{uid_map,gid_map}
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
Michael Kerrisk
23be33af33
proc.5: Clarify mapping provided by uid_map and gid_map
...
Add a sentence to emphasize that these files provide a mapping
based on the user namespace of the file opener.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
Eric W. Biederman
ec1dd85da2
proc.5: Document /proc/PID/ns/{user,pid,mnt}
...
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
Michael Kerrisk
ccdc8958ae
proc.5: Correct kernel version number for /proc/PID/{uid_map,gid_map}
...
These files were introduced in 3.5, not 3.6.
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00
Michael Kerrisk
8b69f9c729
proc.5: Describe format for lines in /proc/PID/uid_map file
2014-09-13 20:15:55 -07:00
Michael Kerrisk
149eeb7b5e
proc.5: Rework Eric's text on uid_map and gid_map
...
Consolidate the similar uid_map and gidmap text into one
piece.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:55 -07:00