Marko Myllynen
390fcba268
iso_8859-8.7: Charset pages unification, minor cleanups
...
- adjust references
- remove stray comments
- cosmetics
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-10-01 12:04:20 +02:00
Marko Myllynen
0773f72dd1
iso_8859-7.7: Charset pages unification, minor cleanups
...
- adjust references
- remove stray comments
- cosmetics
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-10-01 12:04:20 +02:00
Marko Myllynen
dd7a03e293
iso_8859-6.7: Charset pages unification, minor cleanups
...
- adjust references
- remove stray comments
- cosmetics
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-10-01 12:04:20 +02:00
Marko Myllynen
7b9b9bc8e7
iso_8859-5.7: Charset pages unification, minor cleanups
...
- adjust references
- remove stray comments
- cosmetics
2014-10-01 12:04:20 +02:00
Marko Myllynen
99a7634b9f
iso_8859-4.7: Charset pages unification, minor cleanups
...
- adjust references
- remove stray comments
- cosmetics
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-10-01 12:04:20 +02:00
Marko Myllynen
117b0331af
iso_8859-3.7: Charset pages unification, minor cleanups
...
- adjust references
- remove stray comments
- cosmetics
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-10-01 12:04:20 +02:00
Marko Myllynen
6b006d3814
iso_8859-2.7: Charset pages unification, minor cleanups
...
- adjust references
- remove stray comments, streamline description
(charsets(7) and Wikipedia provide more detailed
and up-to-date description)
- cosmetics
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-10-01 12:04:20 +02:00
Marko Myllynen
963ae1794d
iso_8859-1.7: Charset pages unification, minor cleanups
...
- adjust references
- remove stray comments, streamline description
(charsets(7) and Wikipedia provide more detailed
and up-to-date description)
- cosmetics
2014-10-01 12:04:20 +02:00
Marko Myllynen
5661f357d0
koi8-u.7: Charset pages unification, minor cleanups
...
- adjust references
- remove stray comments, streamline description
(charsets(7) and Wikipedia provide more detailed
and up-to-date description)
- list differences between koi8-r.7 vs koi8-u.7
- cosmetics
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-10-01 12:04:20 +02:00
Marko Myllynen
0ccc2026da
koi8-r.7: Charset pages unification, minor cleanups
...
- adjust references
- remove stray comments, streamline description
(charsets(7) and Wikipedia provide more detailed
and up-to-date description)
- list differences between koi8-r.7 vs koi8-u.7
- cosmetics
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-10-01 12:04:20 +02:00
Marko Myllynen
f916b177e3
cp1251.7: Charset pages unification, minor cleanups
...
- adjust references
- remove stray comments
- cosmetics
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-10-01 12:04:20 +02:00
Marko Myllynen
c5f415c63c
armscii-8.7: Charset pages unification, minor cleanups
...
- adjust references
- remove stray comments
- cosmetics
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-10-01 12:04:20 +02:00
Marko Myllynen
5ef5222a35
ascii.7: Charset pages unification, minor cleanups
...
This and the follow-up patches will provide unification of
charset pages, minor cleanups, and some unifying cosmetic
changes. References are adjusted so that all pages include
a reference to charsets(7), which contains a description of
these sets, stray comments are removed, some obsolete
statements (like ISO 8859-1 being the de-facto ASCII
replacement) are removed, and some minor reformatting
to minimize diff's between the pages are done.
The actual substance, the character tables, remain unchanged.
This series changes the following pages (under man7): ascii,
armscii, cp1251, koi8-r, koi8-u, and all of iso_8859-*.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-10-01 12:04:20 +02:00
Marko Myllynen
eee7bea60e
cp1252.7: New page documenting CP 1252
...
CP 1252 is probably one of the most used Windows Code Pages so
let's add a page for it alongside with the already provided
CP 1251 page.
Table generated from /usr/share/i18n/charmaps/CP1252.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-10-01 12:04:20 +02:00
Wieland Hoffmann
b23c9a79d9
namespaces.7: tfix: CLONE_IPC -> CLONE_NEWIPC
...
CLONE_NEWIPC is the correct constant, as can be seen in the detailed
list of namespaces & their corresponding constants, as well as the
clone(2) man page and include/uapi/linux/sched.h in the Linux source tree.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-23 04:23:11 +02:00
Michael Kerrisk
f19db8531d
sched.7: SEE ALSO: add taskset(1)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-21 19:51:48 +02:00
Michael Kerrisk
f5d401ddda
Removed trailing white space at end of lines
2014-09-21 11:24:24 +02:00
Michael Kerrisk
daf084cc33
clone.2, flock.2, getpid.2, getunwind.2, mount.2, reboot.2, semop.2, seteuid.2, setgid.2, setns.2, setresuid.2, setreuid.2, setuid.2, uname.2, unshare.2, clock.3, drand48.3, proc.5, capabilities.7, credentials.7, mq_overview.7, namespaces.7, pid_namespaces.7, svipc.7, user_namespaces.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-21 11:23:07 +02:00
Michael Kerrisk
c228b4b4d1
namespaces.7, pid_namespaces.7, user_namespaces.7: srcfix: Add LICENSE_START tag
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-16 09:05:40 +02:00
Michael Kerrisk
fd0a5c693d
namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-15 10:39:50 +02:00
Michael Kerrisk
1a1d8762eb
pid_namespaces.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-15 10:36:50 +02:00
Michael Kerrisk
09fcbb82f1
user_namespaces.7: spfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-14 21:29:47 -07:00
Michael Kerrisk
672e7505d6
user_namespaces.7: wfix
...
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-14 21:29:47 -07:00
Eric W. Biederman
890a86d330
user_namespaces.7: Clarify the meaning of "Mounts that come as a single unit"
...
Quoting Eric Biederman:
The importance of [mounts coming across as a dingle unit] is [to]
allow the global root to mount over things and not have to worry
that someone from a user namespace root can peek underneath.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-14 21:29:47 -07:00
Michael Kerrisk
576233f00e
user_namespaces.7: Additions from Andy Lutomirski
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-14 21:29:47 -07:00
Michael Kerrisk
6cfec3d80a
user_namespaces.7: Improvements from Andy Lutomirski
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-14 21:29:42 -07:00
Eric W. Biederman
b10c74ff25
user_namespaces.7: Add "Restrictions on mount namespaces" section
...
Light edits by mtk
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
7aba437aa1
user_namespaces.7: Only single-threaded processes can join another user namespace
...
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
258e6b6c7a
namespaces.7: wfix
...
Reported-by: Vitaly Rybnikov <frodox@zoho.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Serge E. Hallyn
1191a90d12
user_namespaces.7: Improve discussion of handling of capabilities during execve(2)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
11d8ef176b
user_namespaces.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
0b497138b9
namespaces.7: Add table of namespaces to top of page
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
309abda4a0
namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
c6d54e1fd6
namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
beb9df9ed3
namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
6c21c0f947
user_namespaces.7: Say a little less about execve(2) and user ID mappings
...
The existing discussion under user and group ID mappings
probably suffices.
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
0ea90cb46d
user_namespaces.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
99f04bb1e9
user_namespaces.7: Note that user namespaces isolate the root directory
...
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
c0d02ab07a
user_namespaces.7: XFS support for user namespaces was added in Linux 3.11
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
ed8bd8452c
user_namespaces.7: Rework text on filesystem support for user namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
bc92175773
user_namespaces.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
1005b0062e
user_namespaces.7: Remove a confused sentence
...
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
e56b6c42d1
user_namespaces.7: Document maximum nesting depth for user namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
8f99aa89d9
user_namespaces.7: Minor tweaks to example program
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
ff8531686a
pid_namespaces.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:03 -07:00
Michael Kerrisk
ab3311aa06
clone.2, namespaces.7, pid_namespaces.7, user_namespaces.7: wfix "file system" ==> "filesystem"
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
Michael Kerrisk
f22abd505d
user_namespaces.7: Remove discussion of flags that can't be used with CLONE_NEWUSER
...
That information is better put into individual pages.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
Michael Kerrisk
714e9a7874
user_namespaces.7: Document restrictions on CLONE_NEWUSER with other CLONE_* flags
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
Michael Kerrisk
1f1d2a8d2b
mq_overview.7: Refer to namespaces(7) for info on POSIX MQs and IPC namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
Michael Kerrisk
19b06c778d
capabilities.7: Refer reader to user_namespaces(7) for a discussion of capabilities
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
Michael Kerrisk
c3b49118b9
capabilities.7: setns() needs CAP_SYS_ADMIN in the *target* namespace
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
Michael Kerrisk
f7ee0f5180
pid_namespaces.7: Fix kernel version number for reboot() in pidns discussion
...
Should be 3.4, not 3.9, as per comments from Eric Biederman
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
Michael Kerrisk
78d6b55b9c
pid_namespaces.7: Refer to reboot(2) for a discussion of reboot() inside a PID namespace
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
Michael Kerrisk
eb25716ff8
svipc.7: Refer to namespaces(7) for info on System V IPC and IPC namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
Michael Kerrisk
f344e055a6
namespaces.7: Document /proc interfaces that are distinct in each IPC namespace
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
Michael Kerrisk
7d8d64eb14
namespaces.7: Remove repetitious text under network namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
Michael Kerrisk
63f66893e5
user_namespaces.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
Michael Kerrisk
c3f29a89b5
user_namespaces.7: Move discussion of availability of user namespaces to NOTES
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:02 -07:00
Michael Kerrisk
b6462f7519
user_namespaces.7: SEE ALSO: add newgidmap(1), newuidmap(1), subgid(5), subuid(5)
...
Pages in the "shadow" package
Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
77f9548830
user_namespaces.7: execve(2) will drop capabilities unless the caller's UID maps to 0
...
Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
550d1c537c
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
0ac408439b
user_namespaces.7: Some subsystems don't support user namespaces in some kernel versions
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
6b92803065
user_namespaces.7: srcfix: Add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
3b44624fa4
user_namespaces.7: Minor fixes in various places
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
8a87c8b32f
user_namespaces.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
589e43bb00
user_namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
d68c5f1184
user_namespaces.7: Clarify some capabilities details
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
0666f549da
user_namespaces.7: Note treatment of "securebits" flags
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
37909beed2
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
d916d9d073
user_namespaces.7: Rewrote and reorganized various pieces
...
Mainly the pieces on capabilities, nested namespaces
and namespace membership.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
c9195dede4
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
3a9ff754df
user_namespaces.7: SEE ALSO: remove unshare(1) (which is mentioned in namespaces(7))
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
96ec9d12e6
user_namespaces.7: Clarify that the child of clone() gets all privileges in new userns
...
Nothing special happens for the children of unshare(2).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
c94eb4a68d
user_namespaces.7: Add reference to Documentation/namespaces/resource-control.txt
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
cf7d22a535
user_namespaces.7: Further reworking of text on nested namespaces and capabilities
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
c0098e767d
user_namespaces.7: Relocate text on capabilities of initial process in userns
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
20e4a14719
user_namespaces.7: Explain uid_map and gid_map in the initial user namespace
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
3e2a37ec85
user_namespaces.7: Add more detail on unmapped UIDs and GIDs exposed to user space
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
6eda94413b
user_namespaces.7: Reorganize various pieces of DESCRIPTION
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
30f3ddd6dd
user_namespaces.7: Remove duplicated text on EPERM + mapping required in parent userns
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
1863e45128
user_namespaces.7: Move a misplaced rule re writing to map files
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Eric W. Biederman
98029e6531
pid_namespaces.7: Add much more detail on CLONE_NEWPID + multhreaded processes
...
CLONE_NEWPID doesn't mix with CLONE_THREAD, CLONE_VM,
and CLONE_SIGHAND.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
bd23efc759
pid_namespaces.7: Further reworking of text on CLONE_NEWPID and threads
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
e0fd534919
pid_namespaces.7: Rework text on threads and CLONE_NEWPID
...
Adapted text from Eric Biederman.
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
7cd5151990
pid_namespaces.7: SEE ALSO: remove unshare(1) (which is mentioned in namespaces(7))
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
81ccc85366
pid_namespaces.7: Mention unshare()+fork() failure case if "init" terminates
...
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
5597d425e9
pid_namespaces.7: Explain use for readlink() from /proc/self
...
Reported-by: Rob Landley <rob@landley.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:01 -07:00
Michael Kerrisk
47832b6dfc
pid_namespaces.7: Clarify text on failure cases with CLONE_VM + multithreaded
...
Reported-by: Rob Landley <rob@landley.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
837ddeb969
pid_namespaces.7: wfix
...
Reported-by: Rob Landley <rob@landley.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
36b04745db
pid_namespaces.7: Mention suspend/resume of containers in intro text
...
Reported-by: Rob Landley <rob@landley.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
cbf542aa98
pid_namespaces.7: tfix
...
Reported-by: Rob Landley <rob@landley.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
bac6162841
pid_namespaces.7: /proc shows mounts according to PID namespace of mounting process
...
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
805685dc1b
pid_namespaces.7: Note the shell command used for mount procfs
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
ec411de6d5
pid_namespaces.7: Other call sequences fail with multiple threads and CLONE_NEWPID
...
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
2a4b78e7e2
pid_namespaces.7: Mention PR_SET_CHILD_SUBREAPER in discussion of reparenting to init
...
Reported-by: Vasily Kulikov <segoon@openwall.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
fa88d1a483
namespaces.7, pid_namespaces.7: Add pointer to example program in user_namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
8d36d80cc3
user_namespaces.7: Add an example program
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
df23ae04d6
user_namespaces.7: Linux 3.9 provides a better implementation of nonoverlapping map checks
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
e4f4f2e125
user_namespaces.7: Clarify discussion on privileges of child after clone() by UID 0
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
1b3d5347f5
user_namespaces.7: Clarify that rules for writing to map files also apply to gid_map
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
0f069d0c69
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
d45d012859
user_namespaces.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
54ead6d395
user_namespaces.7: Describe effect of mappings in the context of file-system operations
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
4332e54d27
user_namespaces.7: wfix + ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
674c23884e
user_namespaces.7: Note some interfaces that return overflowuid and overflowgid
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
0df0f26dcc
user_namespaces.7: srcfix: remove obsolete FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
27a6ff6ee6
user_namespaces.7: Describe handling of UIDs+GIDs when passed across a UNIX domain socket
...
UIDs and GIDs are mapped to receiver's userns when passed across
a UNIX domain socket
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
01ce1ceaa1
pid_namespaces.7: srcfix: Removed FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
5ba153e7ac
user_namespaces.7: The initial process in a userns has no capabilities outside the userns
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
d6842bf18d
user_namespaces.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
627e4074b4
user_namespaces.7: Fix description of inheritance of capabilities across nested namespaces
...
Based on input from Eric Biederman
Calling cap_capable asks: Does the current process have
capability X in userns U.
I see three ways you can have that capability.
1) The current process can be in user namespace U and directly
have capability X.
2) The current process can be in the parent of namespace U and
its euid can be the euid that created user namespace U.
3) You can have be have the capability X in a user namespace
that is an ancestor of U.
Coming from the direction of your manpage text.
With respect to capabilities, the following rules apply to
nested user namespaces.
1. If a process has a capability in a user namespace has that
capability in all descendant user namespaces as well.
2. The user that creates a user namespace while in the parent
namespace has all capabilities in the created namespace
and in all descendent user namespaces.
So having said that part of my problem with your original
text is that it actually switches directions. One one rule
it is looking into the descendent user namespaces, and in the
other rule it is looking at ancestor user namespaces.
So perhaps the text should read:
With respect to capabilities, the following rules are used to
answer the question does a process P have a capability C in a
user namespace U.
1. P has the capability C if P is in user namespace U and
capability C is in process P's capability set.
2. P has the capability C if P is in the parent of user
namespace U and the euid of P is the euid that created user
namespace U.
3. P has the capability C if P has the capability C in some
user namespace V that is an ancestor of U.
Which probably gets a little extra mathematical, but it is
precise.
Reported-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
7ae693d017
user_namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
03611be8d7
user_namespaces.7: Add some references to other pages
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
6c3db75479
pid_namespaces.7: readlink(2) on /proc/self gives the caller's PID in the pidns of /proc
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
6e377abf9c
pid_namespaces.7: Parent process relationships mirror parent PID namespace relationships
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
7a9ab60197
pid_namespaces.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
546fb4eefe
pid_namespaces.7: Rewrite discussion of nested PID namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
4085d4cde3
pid_namespaces.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:16:00 -07:00
Michael Kerrisk
963e117faf
pid_namespaces.7: Minor wording fix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
84030779d2
pid_namespaces.7: Reorganize and add some subheadings
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
7e0e902b55
clone.2, getpid.2, credentials.7: Replace reference to namespaces(7) with pid_namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
024d6a8449
namespaces.7: Remove PID namespaces material shifted to pid_namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
a79bacf5f1
pid_namespaces.7: New page splitting PID namespace material out of namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
f58fb24f16
clone.2, seteuid.2, setgid.2, setresuid.2, setreuid.2, setuid.2, unshare.2, capabilities.7, credentials.7: Change reference to namespaces(7) to user_namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
62a5214c57
user_namespaces.7: Reorganize and add some subheadings
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
67d1131fd9
namespaces.7: Remove userns material shifted to user_namespaces(7)
...
The user namespaces section was getting long and unwieldy.
Split it into its own page, so that it can be better
structured with subtitles, etc.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
046de6a7d7
user_namespaces.7: New page splitting user namespace material out of namespaces(7)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
9552196ecb
namespaces.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
e67b117c39
namespaces.7: Document association between userns and other namespace types
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
365d292a3c
clone.2, unshare.2, namespaces.7: clone() and unshare() fail (EPERM) if caller's UID/GID are not mapped
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
1d5adb6f9e
namespaces.7: Userns creation associates eff. GID of creator with the userns
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
5eb7f09d7c
namespaces.7: Move text on capabilities in user namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
7f76dc3079
namespaces.7: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
cda377d2bc
namespaces.7: Clarify use of 'single line' case when writing userns map files
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
e2eb61370e
namespaces.7: Note rules regarding capabilities and nested namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
9a80f81d04
namespaces.7: Clarify explanation of nested user namespaces
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
6be09bd882
namespaces.7: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
fd4eb520d6
namespaces.7: srcfix: Added FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
aa49742066
namespaces.7: Mapping files are empty when a user namespace is first created
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
b87dd2afb0
namespaces.7: User namespace ID mappings can be defined via any member process's map
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
b2e73e0ce8
namespaces.7: Clarify max # of bytes that can be written to a user namespace map
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
3fe8d14797
namespaces.7: Describe semantics of set-user/group-ID programs in a user namespace
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:59 -07:00
Michael Kerrisk
e420879421
namespaces.7: Rewrite EPERM rules for writing to user namespace map file
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
Michael Kerrisk
1879c18c63
namespaces.7: spfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
Michael Kerrisk
d70ee6ff45
namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
Michael Kerrisk
6155c4554f
namespaces.7: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
Michael Kerrisk
4d2d9a106f
namespaces.7: Add further EINVAL cases for writes to userspace map files
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
Michael Kerrisk
8e5924c0a9
namespaces.7: Clarify a detail in permissions for writing to user namespace map files
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
Michael Kerrisk
cfc50babe7
namespaces.7: Violating rules for writing to user namespace map file yields EPERM
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00
Michael Kerrisk
ed0ce71a31
namespaces.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2014-09-13 20:15:58 -07:00