LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity
11,741 Commits 1 Branch 197 Tags 93 MiB
Commit Graph

11741 Commits

Author SHA1 Message Date
Michael Kerrisk daf084cc33 clone.2, flock.2, getpid.2, getunwind.2, mount.2, reboot.2, semop.2, seteuid.2, setgid.2, setns.2, setresuid.2, setreuid.2, setuid.2, uname.2, unshare.2, clock.3, drand48.3, proc.5, capabilities.7, credentials.7, mq_overview.7, namespaces.7, pid_namespaces.7, svipc.7, user_namespaces.7: tstamp 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-21 11:23:07 +02:00
Michael Kerrisk b61ada124a Changes: Ready for 3.73 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-21 11:19:51 +02:00
Michael Kerrisk 9219d20802 clone.2: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-16 10:05:11 +02:00
Michael Kerrisk c228b4b4d1 namespaces.7, pid_namespaces.7, user_namespaces.7: srcfix: Add LICENSE_START tag 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-16 09:05:40 +02:00
David Prévot b7a3dc84e7 fcntl.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-15 11:10:26 +02:00
Michael Kerrisk 53d084e81a setns.2: Add pointer to user_namespaces(7) 
Add pointer to user_namespaces(7) for details on interactions
of user and mount namespaces

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-15 10:59:30 +02:00
Michael Kerrisk d0c5d17b30 setns.2: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-15 10:56:31 +02:00
Michael Kerrisk 9f4bb2a6c2 setns.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-15 10:53:18 +02:00
Michael Kerrisk 6edfe90905 setns.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-15 10:52:17 +02:00
Michael Kerrisk fd0a5c693d namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-15 10:39:50 +02:00
Michael Kerrisk 1a1d8762eb pid_namespaces.7: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-15 10:36:50 +02:00
Michael Kerrisk 09fcbb82f1 user_namespaces.7: spfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-14 21:29:47 -07:00
Michael Kerrisk 130fbed6c8 unshare.2: Note flags implied by CLONE_THREAD and CLONE_VM 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-14 21:29:47 -07:00
Michael Kerrisk 672e7505d6 user_namespaces.7: wfix 
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-14 21:29:47 -07:00
Eric W. Biederman 890a86d330 user_namespaces.7: Clarify the meaning of "Mounts that come as a single unit" 
Quoting Eric Biederman:

The importance of [mounts coming across as a dingle unit] is [to]
allow the global root to mount over things and not have to worry
that someone from a user namespace root can peek underneath.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-14 21:29:47 -07:00
Eric W. Biederman 69b6b231d7 mount.2: Clarify use of 'mountflags' and 'data' for MS_REMOUNT 
Quoting Eric Biederman:

One thing that has come up recently (in 3 separate
implementations) is that mount(MS_REMOUNT|...,...) must include
all of the mount flags that need to be preserved.   People
creating read-only bind mounts tend to miss that and the locked
flags in mount namespaces.  That issue was flushed out now that
the kernel is now not allowing most mount flags to be cleared in
mount namespaces.  The interface is non-intuitive and we should
at least document the weirdness.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-14 21:29:47 -07:00
Michael Kerrisk 576233f00e user_namespaces.7: Additions from Andy Lutomirski 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-14 21:29:47 -07:00
Michael Kerrisk 6cfec3d80a user_namespaces.7: Improvements from Andy Lutomirski 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-14 21:29:42 -07:00
Eric W. Biederman b10c74ff25 user_namespaces.7: Add "Restrictions on mount namespaces" section 
Light edits by mtk

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 7aba437aa1 user_namespaces.7: Only single-threaded processes can join another user namespace 
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 258e6b6c7a namespaces.7: wfix 
Reported-by: Vitaly Rybnikov <frodox@zoho.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Serge E. Hallyn 1191a90d12 user_namespaces.7: Improve discussion of handling of capabilities during execve(2) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 11d8ef176b user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 0b497138b9 namespaces.7: Add table of namespaces to top of page 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 309abda4a0 namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk c6d54e1fd6 namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk beb9df9ed3 namespaces.7: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 6c21c0f947 user_namespaces.7: Say a little less about execve(2) and user ID mappings 
The existing discussion under user and group ID mappings
probably suffices.

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 0ea90cb46d user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 99f04bb1e9 user_namespaces.7: Note that user namespaces isolate the root directory 
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk c0d02ab07a user_namespaces.7: XFS support for user namespaces was added in Linux 3.11 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk ed8bd8452c user_namespaces.7: Rework text on filesystem support for user namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk bc92175773 user_namespaces.7: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 1005b0062e user_namespaces.7: Remove a confused sentence 
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk e63259f20e setns.2: ERRORS: Add EINVAL for two cases of joining a new user namespace 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 6bab36f87c unshare.2: Add kernel version number for text on CLONE_NEWUSER implying CLONE_FS 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk ac0079383d clone.2: Document EPERM error when using CLONE_NEWUSER from chrooted caller 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 40a47a161b unshare.2: Document EPERM error when using CLONE_NEWUSER from chrooted caller 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk cdd25f2e76 unshare.2: Document EUSERS error 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 6fd119e727 clone.2: Document EUSERS error 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk e56b6c42d1 user_namespaces.7: Document maximum nesting depth for user namespaces 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 8f99aa89d9 user_namespaces.7: Minor tweaks to example program 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk 8db3776096 setns.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk ff8531686a pid_namespaces.7: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:03 -07:00
Michael Kerrisk ab3311aa06 clone.2, namespaces.7, pid_namespaces.7, user_namespaces.7: wfix "file system" ==> "filesystem" 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 85e34225be setns.2: A process can't join a new userns if it shares CLONE_FS attributes 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 08e54e516c unshare.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 6f6808f9fd unshare.2: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk 4c3d7431b4 unshare.2: CLONE_NEWUSER implies CLONE_FS 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00
Michael Kerrisk f647dc5e28 unshare.2: Remove obsolete reference to "Restrictions" text in user_namespaces(7) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2014-09-13 20:16:02 -07:00