Ready for 5.13

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

Changes

@@ -1,7 +1,47 @@
 ==================== Changes in man-pages-5.13 ====================
 
-Released: ????-??-??, Munich
+Released: 2021-08-27, Christchurch
 
+Ahelenia Ziemiańska (наб) <nabijaczleweli@nabijaczleweli.xyz>
+Alan Peakall <Alan.Peakall@helpsystems.com>
+Alejandro Colomar <alx.manpages@gmail.com>
+Alexis Wilke <alexis@m2osw.com>
+Askar Safin <safinaskar@mail.ru>
+Christian Brauner <christian.brauner@ubuntu.com>
+Christophe Leroy <christophe.leroy@csgroup.eu>
+Christopher Yeleighton <giecrilj@stegny.2a.pl>
+Cristian Morales Vega <christian.morales.vega@gmail.com>
+Dan Robertson <dan@dlrobertson.com>
+Darrick J. Wong <djwong@kernel.org>
+Dominique Brazziel <dbrazziel@snet.net>
+EmanueleTorre <torreemanuele6@gmail.com>
+Eric W. Biederman <ebiederm@xmission.com>
+G. Branden Robinson <g.branden.robinson@gmail.com>
+Helge Kreutzmann <debian@helgefjell.de>
+Jakub Wilk <jwilk@jwilk.net>
+James O. D. Hunt <jamesodhunt@gmail.com>
+Jonny Grant <jg@jguk.org>
+Kees Cook <keescook@chromium.org>
+Kir Kolyshkin <kolyshkin@gmail.com>
+Kurt Kanzenbach <kurt@linutronix.de>
+kXuan <kxuanobj@gmail.com>
+Michael Kerrisk <mtk.manpages@gmail.com>
+Michael Weiß <michael.weiss@aisec.fraunhofer.de>
+NeilBrown <neilb@suse.de>
+Nora Platiel <nplatiel@gmx.us>
+Pali Rohár <pali@kernel.org>
+Peter Collingbourne <pcc@google.com>
+Richard Palethorpe <rpalethorpe@suse.com>
+Rodrigo Campos <rodrigo@kinvolk.io>
+Sagar Patel <sagarmp@cs.unc.edu>
+Serge E. Hallyn <serge@hallyn.com>
+Sergey Petrakov <kr@spmail.info>
+Stefan Kanthak <stefan.kanthak@nexgo.de>
+Štěpán Němec <stepnem@gmail.com>
+Thomas Gleixner <tglx@linutronix.de>
+Thomas Voss <thomasavoss@protonmail.com>
+Viet Than <thanhoangviet@gmail.com>
+Will Manley <will@williammanley.net>
 
 Contributors
 ------------
@@ -17,19 +57,301 @@ Apologies if I missed anyone!
 New and rewritten pages
 -----------------------
 
+mount_setattr.2
+    Christian Brauner  [Alejandro Colomar, Michael Kerrisk]
+        New manual page documenting the mount_setattr() system call
+
 
 Newly documented interfaces in existing pages
 ---------------------------------------------
 
+futex.2
+    Kurt Kanzenbach  [Alejandro Colomar, Thomas Gleixner, Michael Kerrisk]
+        Document FUTEX_LOCK_PI2
 
-New and changed links
----------------------
+ioctl_tty.2
+    Pali Rohár  [Alejandro Colomar, Michael kerrisk]
+        Document ioctls: TCGETS2, TCSETS2, TCSETSW2, TCSETSF2
+
+pidfd_open.2
+    Michael Kerrisk
+        Document PIDFD_NONBLOCK
+
+seccomp_unotify.2
+    Rodrigo Campos  [Alejandro Colomar]
+        Document SECCOMP_ADDFD_FLAG_SEND
+
+sigaction.2
+    Peter Collingbourne  [Alejandro Colomar, Michael Kerrisk]
+        Document SA_EXPOSE_TAGBITS and the flag support detection protocol
+
+statx.2
+    NeilBrown
+        Document STATX_MNT_ID
+capabilities.7
+user_namespaces.7
+    Michael Kerrisk, Kir Kolyshkin  [Alejandro Colomar]
+        Describe CAP_SETFCAP for mapping UID 0
+
+mount_namespaces.7
+    Michael Kerrisk  [Christian Brauner, Eric W. Biederman]
+        More clearly explain the notion of locked mounts
+            For a long time, this manual page has had a brief discussion of
+            "locked" mounts, without clearly saying what this concept is, or
+            why it exists. Expand the discussion with an explanation of what
+            locked mounts are, why mounts are locked, and some examples of the
+            effect of locking.
+user_namespaces.7
+    Michael Kerrisk
+        Document /proc/PID/projid_map
+
+ld.so.8
+    Michael Kerrisk
+        Document --list-tunables option added in glibc 2.33
 
 
 Global changes
 --------------
 
+A few pages
+    Michael Kerrisk
+        ERRORS: correct alphabetic order
+
+A few pages
+    Michael Kerrisk
+        Place SEE ALSO entries in correct order
+
+A few pages
+    Michael Kerrisk
+        Arrange .SH sections in correct order
+
+Various pages
+    Michael Kerrisk
+        Fix EBADF error description
+            Make the description of the EBADF error for invalid 'dirfd' more
+            uniform. In particular, note that the error only occurs when the
+            pathname is relative, and that it occurs when the 'dirfd' is
+            neither valid *nor* has the value AT_FDCWD.
+
+Various pages
+    Michael Kerrisk
+        ERRORS: combine errors into a single alphabetic list
+            These pages split out extra errors for some APIs into a separate
+            list.  Probably, the pages are easier to ready if all errors are
+            combined into a single list.
+
+            Note that there still remain a few pages where the errors are
+            listed separately for different APIs. For the moment, it seems
+            best to leave those pages as is, since the error lists are
+            largely distinct in those pages.
+
+VArious pages
+    Michael Kerrisk
+        Terminology clean-up: "mount point" ==> "mount"
+            Many times, these pages use the terminology "mount point", where
+            "mount" would be better. A "mount point" is the location at which
+            a mount is attached. A "mount" is an association between a
+            filesystem and a mount point.
+
+accept.2
+access.2
+getpriority.2
+mlock.2
+    Michael Kerrisk
+        ERRORS: combine errors into a single list
+            These pages split out errors into separate lists (perhaps per API,
+            perhaps "may" vs "shall", perhaps "Linux-specific" vs
+            standard(??)), but there's no good reason to do this.  It makes
+            the error list harder to read, and is inconsistent with other
+            pages. So, combine the errors into a single list.
+
+fanotify_mark.2
+futimesat.2
+mount_setattr.2
+statx.2
+symlink.2
+mkfifo.3
+    Michael Kerrisk
+        Refer the reader to openat(2) for explanation of why 'dirfd' is useful
+
+Various pages
+    Thomas Voss  [Alejandro Colomar]
+        Consistently use '*argv[]'
+
 
 Changes to individual pages
 ---------------------------
 
+iconv.1
+iconvconfig.8
+    Michael Kerrisk  [Christopher Yeleighton]
+        FILES: note that files may be under /usr/lib64 rather than /lib/64
+            See https://bugzilla.kernel.org/show_bug.cgi?id=214163
+
+ldd.1
+    Alejandro Colomar  [EmanueleTorre]
+        Fix example command
+
+add_key.2
+keyctl.2
+request_key.2
+    Michael Kerrisk  [Dominique Brazziel]
+        Note that the "libkeyutils" package provides <keyutils.h>
+            See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992377
+
+close_range.2
+    Michael Kerrisk, Alejandro Colomar
+        Glibc 2.34 has added a close_range() wrapper
+
+execve.2
+    Michael Kerrisk  [Nora Platiel]
+        The pathname given to interpreter is not necessarily absolute
+    Michael Kerrisk
+        SEE ALSO: getauxval(3)
+            getauxval(3) is useful background regarding execve(2).
+
+fanotify_mark.2
+    Michael Kerrisk
+        ERRORS: add missing EBADF error for invalid 'dirfd'
+
+ioctl_tty.2
+    Pali Rohár  [Alejandro Colomar]
+        Update DTR example
+            Do not include unused (and incompatible) header file termios.h and
+            include required header files for puts() and close() functions.
+
+mount.2
+    Michael Kerrisk
+        ERRORS: add EPERM error for case where a mount is locked
+            Refer the reader to mount_namespaces(7) for details.
+    Michael Kerrisk
+        SEE  ALSO: add mount_setattr(2)
+
+open.2
+    Michael Kerrisk
+        Explicitly describe the EBADF error that can occur with openat()
+            In particular, specifying an invalid file descriptor number
+            in 'dirfd' can be used as a check that 'pathname' is absolute.
+    Michael Kerrisk
+        Clarify that openat()'s dirfd must be opened with O_RDONLY or O_PATH
+    Michael Kerrisk
+        Add mount_setattr(2) to list of 'dirfd' APIs
+
+open_by_handle_at.2
+    Michael Kerrisk
+        ERRORS: add missing EBADF error for invalid 'dirfd'
+
+readv2.2
+    Will Manley  [Alejandro Colomar]
+        Note preadv2(..., RWF_NOWAIT) bug in BUGS section
+
+readv.2
+pipe.7
+    Michael Kerrisk  [наб]
+        Make text on pipe writes more general to avoid a confusion in writev(2)
+
+seccomp.2
+    Eric W. Biederman  [Kees Cook]
+        Clarify that bad system calls kill the thread (not the process)
+
+syscalls.2
+    Michael Kerrisk
+        Add quotactl_fd(); remove quotactl_path()
+            quotactl_path() was never wired up in Linux 5.13.
+            It was replaced instead by quotactl_fd(),
+    Michael Kerrisk
+        Add system calls that are new in 5.13
+
+umount.2
+    Michael Kerrisk
+        ERRORS: add EINVAL for case where mount is locked
+
+wait.2
+    Richard Palethorpe  [Alejandro Colomar]
+        Add ESRCH for when pid == INT_MIN
+    Michael Kerrisk
+        ERRORS: document EAGAIN for waitid() on a PID file descriptor
+
+getaddrinfo.3
+    Alejandro Colomar  [Cristian Morales Vega]
+        Note that 'errno' is set in parallel with EAI_SYSTEM
+
+getauxval.3
+    Michael Kerrisk
+        SEE ALSO: add execve(2)
+
+getopt.3
+    James O. D. Hunt  [Alejandro Colomar]
+        Further clarification of 'optstring'
+
+pthread_setname_np.3
+    Michael Kerrisk  [Alexis Wilke]
+        EXAMPLES: remove a bug by simplifying the code
+
+strlen.3
+wcslen.3
+    Michael Kerrisk  [Alejandro Colomar, Jonny Grant]
+        Recommend alternatives where input buffer might not be null-terminated
+
+strstr.3
+    Alejandro Colomar  [Stefan Kanthak]
+        Document special case for empty needle
+
+termios.3
+    Pali Rohár  [Alejandro Colomar]
+        SPARC architecture has 4 different Bnnn constants
+    Pali Rohár  [Alejandro Colomar]
+        Add information how to set baud rate to any other value
+    Pali Rohár  [Alejandro Colomar]
+        Use bold style for Bnn and EXTn macro constants
+    Pali Rohár  [Alejandro Colomar]
+        Document missing baud-rate constants
+
+tsearch.3
+    Michael Kerrisk
+        NAME: add twalk_r
+
+wcstok.3
+    Jakub Wilk
+        Fix type mismatch in the example
+
+proc.5
+    Michael Kerrisk
+        Add /proc/PID/projid_map, referring reader to user_namespaces(7)
+    Michael Kerrisk
+        Remove duplicated /proc/[pid]/gid_map entry
+
+mount_namespaces.7
+    Michael Kerrisk
+        Terminology clean-up: "mount point" ==> "mount"
+            Many times, this page uses the terminology "mount point", where
+            "mount" would be better. A "mount point" is the location at which
+            a mount is attached. A "mount" is an association between a
+            filesystem and a mount point.
+    Michael Kerrisk
+        SEE ALSO: add mount_setattr(2)
+
+namespaces.7
+    Štěpán Němec  [Alejandro Colomar]
+        Fix confusion caused by text reorganization
+
+path_resolution.7
+    Michael Kerrisk  [Askar Safin]
+        Improve description of trailing slashes
+            See https://bugzilla.kernel.org/show_bug.cgi?id=212385
+
+posixoptions.7
+    Alejandro Colomar  [Alan Peakall]
+        Fix legacy functions list (s/getcwd/getwd/)
+
+user_namespaces.7
+    Kir Kolyshkin  [Alejandro Colomar]
+        Fix a reference to a kernel document
+    Michael Kerrisk  [Eric W. Biederman]
+        Add a definition of "global root"
+
+vdso.7
+    Michael Kerrisk  [Christophe Leroy]
+        Update CLOCK_REALTIME_COARSE + CLOCK_MONOTONIC_COARSE info for powerpc
+    Alejandro Colomar  [Christophe Leroy]
+        Add y2038 compliant gettime for ppc/32

man-pages-5.13.lsm

@@ -1,13 +1,13 @@
 Begin3
 Title:          Section 2, 3, 4, 5 and 7 man pages for Linux
 Version:        5.13
-Entered-date:   ????-??-??
+Entered-date:   2021-08-27
 Description:    Linux manual pages
 Keywords:       man pages
 Author:         several
 Maintained-by:  Michael Kerrisk <mtk.manpages@gmail.com>
 Primary-site:   http://www.kernel.org/pub/linux/docs/man-pages
-                ????k man-pages-5.13.tar.gz
+                2825k man-pages-5.13.tar.gz
 Copying-policy: several; the pages are all freely distributable as long as
 		nroff source is provided
 End

man1/iconv.1

@@ -21,7 +21,7 @@
 .\" <http://www.gnu.org/licenses/>.
 .\" %%%LICENSE_END
 .\"
-.TH ICONV 1 2020-06-09 "GNU" "Linux User Manual"
+.TH ICONV 1 2021-08-27 "GNU" "Linux User Manual"
 .SH NAME
 iconv \- convert text from one character encoding to another
 .SH SYNOPSIS
@@ -174,6 +174,10 @@ Usual system default gconv module configuration file.
 .TP
 .I /usr/lib/gconv/gconv\-modules.cache
 Usual system gconv module configuration cache.
+.PP
+Depending on the architecture,
+the above files may instead be located at directories with the path prefix
+.IR /usr/lib64 .
 .SH CONFORMING TO
 POSIX.1-2001.
 .SH EXAMPLES

man1/ldd.1

@@ -11,7 +11,7 @@
 .\" May be distributed under the GNU General Public License
 .\" %%%LICENSE_END
 .\"
-.TH LDD 1 2021-03-22 "" "Linux Programmer's Manual"
+.TH LDD 1 2021-08-27 "" "Linux Programmer's Manual"
 .SH NAME
 ldd \- print shared object dependencies
 .SH SYNOPSIS

man2/accept.2

@@ -38,7 +38,7 @@
 .\" Modified 2004-06-17 by Michael Kerrisk <mtk.manpages@gmail.com>
 .\" 2008-12-04, mtk, Add documentation of accept4()
 .\"
-.TH ACCEPT 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH ACCEPT 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 accept, accept4 \- accept a connection on a socket
 .SH SYNOPSIS

man2/access.2

@@ -40,7 +40,7 @@
 .\" Modified 2004-06-23 by Michael Kerrisk
 .\" 2007-06-10, mtk, various parts rewritten, and added BUGS section.
 .\"
-.TH ACCESS 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH ACCESS 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 access, faccessat, faccessat2 \- check user's permissions for a file
 .SH SYNOPSIS

man2/add_key.2

@@ -9,7 +9,7 @@
 .\" 2 of the License, or (at your option) any later version.
 .\" %%%LICENSE_END
 .\"
-.TH ADD_KEY 2 2021-03-22 Linux "Linux Key Management Calls"
+.TH ADD_KEY 2 2021-08-27 Linux "Linux Key Management Calls"
 .SH NAME
 add_key \- add a key to the kernel's key management facility
 .SH SYNOPSIS

man2/arch_prctl.2

@@ -22,7 +22,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH ARCH_PRCTL 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH ARCH_PRCTL 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 arch_prctl \- set architecture-specific thread state
 .SH SYNOPSIS

man2/bpf.2

@@ -23,7 +23,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH BPF 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH BPF 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 bpf \- perform a command on an extended BPF map or program
 .SH SYNOPSIS

man2/chmod.2

@@ -29,7 +29,7 @@
 .\"   <michael@cantor.informatik.rwth-aachen.de>: NFS details
 .\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com>
 .\"
-.TH CHMOD 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH CHMOD 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 chmod, fchmod, fchmodat \- change permissions of a file
 .SH SYNOPSIS

man2/chown.2

@@ -35,7 +35,7 @@
 .\"     (bsdgroups versus sysvgroups, and the effect of the parent
 .\"     directory's set-group-ID mode bit).
 .\"
-.TH CHOWN 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH CHOWN 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 chown, fchown, lchown, fchownat \- change ownership of a file
 .SH SYNOPSIS

man2/close_range.2

@@ -23,7 +23,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH CLOSE_RANGE 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH CLOSE_RANGE 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 close_range \- close all file descriptors in a given range
 .SH SYNOPSIS

man2/copy_file_range.2

@@ -22,7 +22,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH COPY_FILE_RANGE 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH COPY_FILE_RANGE 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 copy_file_range \- Copy a range of data from one file to another
 .SH SYNOPSIS

man2/execve.2

@@ -34,7 +34,7 @@
 .\" 2007-09-14 Ollie Wild <aaw@google.com>, mtk
 .\"     Add text describing limits on command-line arguments + environment
 .\"
-.TH EXECVE 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH EXECVE 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 execve \- execute program
 .SH SYNOPSIS

man2/execveat.2

@@ -23,7 +23,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH EXECVEAT 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH EXECVEAT 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 execveat \- execute program relative to a directory file descriptor
 .SH SYNOPSIS

man2/fanotify_mark.2

@@ -21,7 +21,7 @@
 .\" Formatted or processed versions of this manual, if unaccompanied by
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
-.TH FANOTIFY_MARK 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH FANOTIFY_MARK 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 fanotify_mark \- add, remove, or modify an fanotify mark on a filesystem
 object

man2/futex.2

@@ -19,7 +19,7 @@
 .\" FIXME Do we need to add some text regarding Torvald Riegel's 2015-01-24 mail
 .\"       http://thread.gmane.org/gmane.linux.kernel/1703405/focus=1873242
 .\"
-.TH FUTEX 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH FUTEX 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 futex \- fast user-space locking
 .SH SYNOPSIS

man2/futimesat.2

@@ -22,7 +22,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH FUTIMESAT 2 2017-09-15 "Linux" "Linux Programmer's Manual"
+.TH FUTIMESAT 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 futimesat \- change timestamps of a file relative to a \
 directory file descriptor

man2/getpriority.2

@@ -42,7 +42,7 @@
 .\"    Clarified meaning of 0 value for 'who' argument
 .\" Modified 2004-05-27 by Michael Kerrisk <mtk.manpages@gmail.com>
 .\"
-.TH GETPRIORITY 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH GETPRIORITY 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 getpriority, setpriority \- get/set program scheduling priority
 .SH SYNOPSIS

man2/intro.2

@@ -26,7 +26,7 @@
 .\"     new _syscall(2) page, and substantially enhanced and rewrote
 .\"     the remaining material on this page.
 .\"
-.TH INTRO 2 2020-11-01 "Linux" "Linux Programmer's Manual"
+.TH INTRO 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 intro \- introduction to system calls
 .SH DESCRIPTION

man2/ioctl_tty.2

@@ -5,7 +5,7 @@
 .\" Distributed under GPL
 .\" %%%LICENSE_END
 .\"
-.TH IOCTL_TTY 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH IOCTL_TTY 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 ioctl_tty \- ioctls for terminals and serial lines
 .SH SYNOPSIS

man2/keyctl.2

@@ -25,7 +25,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH KEYCTL 2 2021-03-22 Linux "Linux Key Management Calls"
+.TH KEYCTL 2 2021-08-27 Linux "Linux Key Management Calls"
 .SH NAME
 keyctl \- manipulate the kernel's key management facility
 .SH SYNOPSIS

man2/link.2

@@ -29,7 +29,7 @@
 .\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com>
 .\" Modified 2005-04-04, as per suggestion by Michael Hardt for rename.2
 .\"
-.TH LINK 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH LINK 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 link, linkat \- make a new name for a file
 .SH SYNOPSIS

man2/membarrier.2

@@ -22,7 +22,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH MEMBARRIER 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH MEMBARRIER 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 membarrier \- issue memory barriers on a set of threads
 .SH SYNOPSIS

man2/mkdir.2

@@ -8,7 +8,7 @@
 .\" Public License. It comes with NO WARRANTY.
 .\" %%%LICENSE_END
 .\"
-.TH MKDIR 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH MKDIR 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 mkdir, mkdirat \- create a directory
 .SH SYNOPSIS

man2/mknod.2

@@ -12,7 +12,7 @@
 .\" Modified 2003-04-23 by Michael Kerrisk
 .\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com>
 .\"
-.TH MKNOD 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH MKNOD 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 mknod, mknodat \- create a special or ordinary file
 .SH SYNOPSIS

man2/mlock.2

@@ -23,7 +23,7 @@
 .\" <http://www.gnu.org/licenses/>.
 .\" %%%LICENSE_END
 .\"
-.TH MLOCK 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH MLOCK 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 mlock, mlock2, munlock, mlockall, munlockall \- lock and unlock memory
 .SH SYNOPSIS

man2/mount.2

@@ -37,7 +37,7 @@
 .\" 2008-10-06, mtk: move umount*() material into separate umount.2 page.
 .\" 2008-10-06, mtk: Add discussion of namespaces.
 .\"
-.TH MOUNT 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH MOUNT 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 mount \- mount filesystem
 .SH SYNOPSIS
@@ -824,6 +824,21 @@ is out of range.
 .B EPERM
 The caller does not have the required privileges.
 .TP
+.B EPERM
+An attempt was made to modify
+.RB ( MS_REMOUNT )
+the
+.BR MS_RDONLY ,
+.BR MS_NOSUID ,
+or
+.BR MS_NOEXEC
+flag, or one of the "atime" flags
+.RB ( MS_NOATIME ,
+.BR MS_NODIRATIME ,
+.BR MS_RELATIME )
+of an existing mount, but the mount is locked; see
+.BR mount_namespaces (7).
+.TP
 .B EROFS
 Mounting a read-only filesystem was attempted without giving the
 .B MS_RDONLY

man2/mount_setattr.2

@@ -22,7 +22,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH MOUNT_SETATTR 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH MOUNT_SETATTR 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 mount_setattr \- change properties of a mount or mount tree
 .SH SYNOPSIS

man2/open.2

@@ -48,7 +48,7 @@
 .\" FIXME . Apr 08: The next POSIX revision has O_EXEC, O_SEARCH, and
 .\" O_TTYINIT.  Eventually these may need to be documented.  --mtk
 .\"
-.TH OPEN 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH OPEN 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 open, openat, creat \- open and possibly create a file
 .SH SYNOPSIS

man2/open_by_handle_at.2

@@ -22,7 +22,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH OPEN_BY_HANDLE_AT 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH OPEN_BY_HANDLE_AT 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 name_to_handle_at, open_by_handle_at \- obtain handle
 for a pathname and open file via a handle

man2/perf_event_open.2

@@ -24,7 +24,7 @@
 .\" This document is based on the perf_event.h header file, the
 .\" tools/perf/design.txt file, and a lot of bitter experience.
 .\"
-.TH PERF_EVENT_OPEN 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH PERF_EVENT_OPEN 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 perf_event_open \- set up performance monitoring
 .SH SYNOPSIS

man2/pidfd_open.2

@@ -22,7 +22,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH PIDFD_OPEN 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH PIDFD_OPEN 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 pidfd_open \- obtain a file descriptor that refers to a process
 .SH SYNOPSIS

man2/readlink.2

@@ -41,7 +41,7 @@
 .\" 2011-09-20, Guillem Jover <guillem@hadrons.org>:
 .\"     Added text on dynamically allocating buffer + example program
 .\"
-.TH READLINK 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH READLINK 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 readlink, readlinkat \- read value of a symbolic link
 .SH SYNOPSIS

man2/readv.2

@@ -29,7 +29,7 @@
 .\"     add more details.
 .\" 2010-11-16, mtk, Added documentation of preadv() and pwritev()
 .\"
-.TH READV 2  2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH READV 2  2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 readv, writev, preadv, pwritev, preadv2, pwritev2 \- read or write data into multiple buffers
 .SH SYNOPSIS

man2/rename.2

@@ -30,7 +30,7 @@
 .\" Modified Thu Mar  3 09:49:35 2005 by Michael Haardt <michael@moria.de>
 .\" 2007-03-25, mtk, added various text to DESCRIPTION.
 .\"
-.TH RENAME 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH RENAME 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 rename, renameat, renameat2 \- change the name or location of a file
 .SH SYNOPSIS

man2/request_key.2

@@ -9,7 +9,7 @@
 .\" 2 of the License, or (at your option) any later version.
 .\" %%%LICENSE_END
 .\"
-.TH REQUEST_KEY 2 2021-03-22 Linux "Linux Key Management Calls"
+.TH REQUEST_KEY 2 2021-08-27 Linux "Linux Key Management Calls"
 .SH NAME
 request_key \- request a key from the kernel's key management facility
 .SH SYNOPSIS

man2/seccomp.2

@@ -26,7 +26,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH SECCOMP 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH SECCOMP 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 seccomp \- operate on Secure Computing state of the process
 .SH SYNOPSIS

man2/sigaction.2

@@ -45,7 +45,7 @@
 .\" 2015-01-17, Kees Cook <keescook@chromium.org>
 .\"	Added notes on ptrace SIGTRAP and SYS_SECCOMP.
 .\"
-.TH SIGACTION 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH SIGACTION 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 sigaction, rt_sigaction \- examine and change a signal action
 .SH SYNOPSIS

man2/stat.2

@@ -36,7 +36,7 @@
 .\" 2007-06-08 mtk: Added example program
 .\" 2007-07-05 mtk: Added details on underlying system call interfaces
 .\"
-.TH STAT 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH STAT 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 stat, fstat, lstat, fstatat \- get file status
 .SH SYNOPSIS

man2/statx.2

@@ -27,7 +27,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH STATX 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH STATX 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 statx \- get file status (extended)
 .SH SYNOPSIS

man2/symlink.2

@@ -30,7 +30,7 @@
 .\" Modified 1997-01-31 by Eric S. Raymond <esr@thyrsus.com>
 .\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com>
 .\"
-.TH SYMLINK 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH SYMLINK 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 symlink, symlinkat \- make a new name for a file
 .SH SYNOPSIS

man2/syscalls.2

@@ -28,7 +28,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH SYSCALLS 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH SYSCALLS 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 syscalls \- Linux system calls
 .SH SYNOPSIS

man2/umount.2

@@ -27,7 +27,7 @@
 .\" 2008-10-06, mtk: Created this as a new page by splitting
 .\"     umount/umount2 material out of mount.2
 .\"
-.TH UMOUNT 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH UMOUNT 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 umount, umount2 \- unmount filesystem
 .SH SYNOPSIS
@@ -141,6 +141,11 @@ points outside the user address space.
 is not a mount point.
 .TP
 .B EINVAL
+.I target
+is locked; see
+.BR mount_namespaces (7).
+.TP
+.B EINVAL
 .BR umount2 ()
 was called with
 .B MNT_EXPIRE

man2/unlink.2

@@ -30,7 +30,7 @@
 .\" Modified 2001-05-17 by aeb
 .\" Modified 2004-06-23 by Michael Kerrisk <mtk.manpages@gmail.com>
 .\"
-.TH UNLINK 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH UNLINK 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 unlink, unlinkat \- delete a name and possibly the file it refers to
 .SH SYNOPSIS

man2/utimensat.2

@@ -23,7 +23,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH UTIMENSAT 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH UTIMENSAT 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 utimensat, futimens \- change file timestamps with nanosecond precision
 .SH SYNOPSIS

man2/wait.2

@@ -46,7 +46,7 @@
 .\" 2005-05-10, mtk, __W* flags can't be used with waitid()
 .\" 2008-07-04, mtk, removed erroneous text about SA_NOCLDSTOP
 .\"
-.TH WAIT 2 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH WAIT 2 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 wait, waitpid, waitid \- wait for process to change state
 .SH SYNOPSIS

man3/bsearch.3

@@ -28,7 +28,7 @@
 .\"     386BSD man pages
 .\" Modified Mon Mar 29 22:41:16 1993, David Metcalfe
 .\" Modified Sat Jul 24 21:35:16 1993, Rik Faith (faith@cs.unc.edu)
-.TH BSEARCH 3  2021-03-22 "" "Linux Programmer's Manual"
+.TH BSEARCH 3  2021-08-27 "" "Linux Programmer's Manual"
 .SH NAME
 bsearch \- binary search of a sorted array
 .SH SYNOPSIS

man3/fflush.3

@@ -42,7 +42,7 @@
 .\" Modified 2000-07-22 by Nicolás Lichtmaier <nick@debian.org>
 .\" Modified 2001-10-16 by John Levon <moz@compsoc.man.ac.uk>
 .\"
-.TH FFLUSH 3  2021-03-22 "GNU" "Linux Programmer's Manual"
+.TH FFLUSH 3  2021-08-27 "GNU" "Linux Programmer's Manual"
 .SH NAME
 fflush \- flush a stream
 .SH SYNOPSIS

man3/getaddrinfo.3

@@ -41,7 +41,7 @@
 .\" FIXME . glibc's 2.9 NEWS file documents DCCP and UDP-lite support
 .\"           and is SCTP support now also there?
 .\"
-.TH GETADDRINFO 3 2021-03-22 "GNU" "Linux Programmer's Manual"
+.TH GETADDRINFO 3 2021-08-27 "GNU" "Linux Programmer's Manual"
 .SH NAME
 getaddrinfo, freeaddrinfo, gai_strerror \- network address and
 service translation
@@ -583,9 +583,9 @@ and
 respectively).
 .TP
 .B EAI_SYSTEM
-Other system error, check
+Other system error;
 .I errno
-for details.
+is set to indicate the error.
 .PP
 The
 .BR gai_strerror ()

man3/getauxval.3

@@ -24,7 +24,7 @@
 .\"
 .\" See also https://lwn.net/Articles/519085/
 .\"
-.TH GETAUXVAL 3  2021-03-22 "GNU" "Linux Programmer's Manual"
+.TH GETAUXVAL 3  2021-08-27 "GNU" "Linux Programmer's Manual"
 .SH NAME
 getauxval \- retrieve a value from the auxiliary vector
 .SH SYNOPSIS

man3/getopt.3

@@ -39,7 +39,7 @@
 .\"		the start of optstring
 .\" Modified 2006-12-15, mtk, Added getopt() example program.
 .\"
-.TH GETOPT 3  2021-03-22 "GNU" "Linux Programmer's Manual"
+.TH GETOPT 3  2021-08-27 "GNU" "Linux Programmer's Manual"
 .SH NAME
 getopt, getopt_long, getopt_long_only,
 optarg, optind, opterr, optopt \- Parse command-line options

man3/getsubopt.3

@@ -22,7 +22,7 @@
 .\" SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 .\" %%%LICENSE_END
 .\"
-.TH GETSUBOPT 3 2021-03-22 "GNU" "Linux Programmer's Manual"
+.TH GETSUBOPT 3 2021-08-27 "GNU" "Linux Programmer's Manual"
 .SH NAME
 getsubopt \- parse suboption arguments from a string
 .SH SYNOPSIS

man3/mkfifo.3

@@ -25,7 +25,7 @@
 .\"
 .\" changed section from 2 to 3, aeb, 950919
 .\"
-.TH MKFIFO 3 2021-03-22 "GNU" "Linux Programmer's Manual"
+.TH MKFIFO 3 2021-08-27 "GNU" "Linux Programmer's Manual"
 .SH NAME
 mkfifo, mkfifoat \- make a FIFO special file (a named pipe)
 .SH SYNOPSIS

man3/pthread_mutex_consistent.3

@@ -23,7 +23,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH PTHREAD_MUTEX_CONSISTENT 3 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH PTHREAD_MUTEX_CONSISTENT 3 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 pthread_mutex_consistent \- make a robust mutex consistent
 .SH SYNOPSIS

man3/pthread_setname_np.3

@@ -23,7 +23,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH PTHREAD_SETNAME_NP 3 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH PTHREAD_SETNAME_NP 3 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 pthread_setname_np, pthread_getname_np \- set/get the name of a thread
 .SH SYNOPSIS

man3/pthread_tryjoin_np.3

@@ -23,7 +23,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH PTHREAD_TRYJOIN_NP 3 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH PTHREAD_TRYJOIN_NP 3 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 pthread_tryjoin_np, pthread_timedjoin_np \- try to join with a
 terminated thread

man3/scandir.3

@@ -59,7 +59,7 @@
 .\" <http://www.gnu.org/licenses/>.
 .\" %%%LICENSE_END
 .\"
-.TH SCANDIR 3  2021-03-22 "GNU" "Linux Programmer's Manual"
+.TH SCANDIR 3  2021-08-27 "GNU" "Linux Programmer's Manual"
 .SH NAME
 scandir, scandirat, alphasort, versionsort \- scan
 a directory for matching entries

man3/sem_wait.3

@@ -22,7 +22,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH SEM_WAIT 3 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH SEM_WAIT 3 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 sem_wait, sem_timedwait, sem_trywait \- lock a semaphore
 .SH SYNOPSIS

man3/stailq.3

@@ -29,7 +29,7 @@
 .\" %%%LICENSE_END
 .\"
 .\"
-.TH STAILQ 3 2021-03-22 "GNU" "Linux Programmer's Manual"
+.TH STAILQ 3 2021-08-27 "GNU" "Linux Programmer's Manual"
 .SH NAME
 .\"SIMPLEQ_CONCAT,
 SIMPLEQ_EMPTY,

man3/strlen.3

@@ -27,7 +27,7 @@
 .\"     Lewine's _POSIX Programmer's Guide_ (O'Reilly & Associates, 1991)
 .\"     386BSD man pages
 .\" Modified Sat Jul 24 18:02:26 1993 by Rik Faith (faith@cs.unc.edu)
-.TH STRLEN 3  2021-03-22 "GNU" "Linux Programmer's Manual"
+.TH STRLEN 3  2021-08-27 "GNU" "Linux Programmer's Manual"
 .SH NAME
 strlen \- calculate the length of a string
 .SH SYNOPSIS

man3/strstr.3

@@ -30,7 +30,7 @@
 .\" Added history, aeb, 980113.
 .\" 2005-05-05 mtk: added strcasestr()
 .\"
-.TH STRSTR 3  2021-03-22 "GNU" "Linux Programmer's Manual"
+.TH STRSTR 3  2021-08-27 "GNU" "Linux Programmer's Manual"
 .SH NAME
 strstr, strcasestr \- locate a substring
 .SH SYNOPSIS

man3/termios.3

@@ -37,7 +37,7 @@
 .\"     Enhanced the discussion of "raw" mode for cfmakeraw().
 .\"     Document CMSPAR.
 .\"
-.TH TERMIOS 3 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH TERMIOS 3 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 termios, tcgetattr, tcsetattr, tcsendbreak, tcdrain, tcflush, tcflow,
 cfmakeraw, cfgetospeed, cfgetispeed, cfsetispeed, cfsetospeed, cfsetspeed \-

man3/tsearch.3

@@ -22,7 +22,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH TSEARCH 3  2021-03-22 "GNU" "Linux Programmer's Manual"
+.TH TSEARCH 3  2021-08-27 "GNU" "Linux Programmer's Manual"
 .SH NAME
 tsearch, tfind, tdelete, twalk, twalk_r, tdestroy \- manage a binary search tree
 .SH SYNOPSIS

man3/wcslen.3

@@ -13,7 +13,7 @@
 .\"   OpenGroup's Single UNIX specification http://www.UNIX-systems.org/online.html
 .\"   ISO/IEC 9899:1999
 .\"
-.TH WCSLEN 3  2021-03-22 "GNU" "Linux Programmer's Manual"
+.TH WCSLEN 3  2021-08-27 "GNU" "Linux Programmer's Manual"
 .SH NAME
 wcslen \- determine the length of a wide-character string
 .SH SYNOPSIS

man3/wcstok.3

@@ -13,7 +13,7 @@
 .\"   OpenGroup's Single UNIX specification http://www.UNIX-systems.org/online.html
 .\"   ISO/IEC 9899:1999
 .\"
-.TH WCSTOK 3  2021-03-22 "GNU" "Linux Programmer's Manual"
+.TH WCSTOK 3  2021-08-27 "GNU" "Linux Programmer's Manual"
 .SH NAME
 wcstok \- split wide-character string into tokens
 .SH SYNOPSIS

man3/wordexp.3

@@ -21,7 +21,7 @@
 .\" <http://www.gnu.org/licenses/>.
 .\" %%%LICENSE_END
 .\"
-.TH WORDEXP 3 2021-03-22  "" "Linux Programmer's Manual"
+.TH WORDEXP 3 2021-08-27  "" "Linux Programmer's Manual"
 .SH NAME
 wordexp, wordfree \- perform word expansion like a posix-shell
 .SH SYNOPSIS

man5/proc.5

@@ -52,7 +52,7 @@
 .\" to see what information could be imported from that file
 .\" into this file.
 .\"
-.TH PROC 5 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH PROC 5 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 proc \- process information pseudo-filesystem
 .SH DESCRIPTION

man7/capabilities.7

@@ -45,7 +45,7 @@
 .\"     other capabilities where the permitted or inheritable bit is set.
 .\" 2011-09-07, mtk/Serge hallyn: Add CAP_SYSLOG
 .\"
-.TH CAPABILITIES 7 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH CAPABILITIES 7 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 capabilities \- overview of Linux capabilities
 .SH DESCRIPTION

man7/cgroups.7

@@ -23,7 +23,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH CGROUPS 7 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH CGROUPS 7 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 cgroups \- Linux control groups
 .SH DESCRIPTION

man7/fanotify.7

@@ -22,7 +22,7 @@
 .\" Formatted or processed versions of this manual, if unaccompanied by
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
-.TH FANOTIFY 7 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH FANOTIFY 7 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 fanotify \- monitoring filesystem events
 .SH DESCRIPTION

man7/mount_namespaces.7

@@ -1,4 +1,4 @@
-.\" Copyright (c) 2016, 2019 by Michael Kerrisk <mtk.manpages@gmail.com>
+.\" Copyright (c) 2016, 2019, 2021 by Michael Kerrisk <mtk.manpages@gmail.com>
 .\"
 .\" %%%LICENSE_START(VERBATIM)
 .\" Permission is granted to make and distribute verbatim copies of this
@@ -23,14 +23,14 @@
 .\" %%%LICENSE_END
 .\"
 .\"
-.TH MOUNT_NAMESPACES 7 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH MOUNT_NAMESPACES 7 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 mount_namespaces \- overview of Linux mount namespaces
 .SH DESCRIPTION
 For an overview of namespaces, see
 .BR namespaces (7).
 .PP
-Mount namespaces provide isolation of the list of mount points seen
+Mount namespaces provide isolation of the list of mounts seen
 by the processes in each namespace instance.
 Thus, the processes in each of the mount namespace instances
 will see distinct single-directory hierarchies.
@@ -56,103 +56,26 @@ with the
 .BR CLONE_NEWNS
 flag.
 When a new mount namespace is created,
-its mount point list is initialized as follows:
+its mount list is initialized as follows:
 .IP * 3
 If the namespace is created using
 .BR clone (2),
-the mount point list of the child's namespace is a copy
-of the mount point list in the parent's namespace.
+the mount list of the child's namespace is a copy
+of the mount list in the parent process's mount namespace.
 .IP *
 If the namespace is created using
 .BR unshare (2),
-the mount point list of the new namespace is a copy of
-the mount point list in the caller's previous mount namespace.
+the mount list of the new namespace is a copy of
+the mount list in the caller's previous mount namespace.
 .PP
-Subsequent modifications to the mount point list
+Subsequent modifications to the mount list
 .RB ( mount (2)
 and
 .BR umount (2))
 in either mount namespace will not (by default) affect the
-mount point list seen in the other namespace
+mount list seen in the other namespace
 (but see the following discussion of shared subtrees).
 .\"
-.\" ============================================================
-.\"
-.SS Restrictions on mount namespaces
-Note the following points with respect to mount namespaces:
-.IP * 3
-Each mount namespace has an owner user namespace.
-As explained above, when a new mount namespace is created,
-its mount point list is initialized as a copy of the mount point list
-of another mount namespace.
-If the new namespace and the namespace from which the mount point list
-was copied are owned by different user namespaces,
-then the new mount namespace is considered
-.IR "less privileged" .
-.IP *
-When creating a less privileged mount namespace,
-shared mounts are reduced to slave mounts.
-(Shared and slave mounts are discussed below.)
-This ensures that mappings performed in less
-privileged mount namespaces will not propagate to more privileged
-mount namespaces.
-.IP *
-Mounts that come as a single unit from a more privileged mount namespace are
-locked together and may not be separated in a less privileged mount
-namespace.
-(The
-.BR unshare (2)
-.B CLONE_NEWNS
-operation brings across all of the mounts from the original
-mount namespace as a single unit,
-and recursive mounts that propagate between
-mount namespaces propagate as a single unit.)
-.IP *
-The
-.BR mount (2)
-flags
-.BR MS_RDONLY ,
-.BR MS_NOSUID ,
-.BR MS_NOEXEC ,
-and the "atime" flags
-.RB ( MS_NOATIME ,
-.BR MS_NODIRATIME ,
-.BR MS_RELATIME )
-settings become locked
-.\" commit 9566d6742852c527bf5af38af5cbb878dad75705
-.\" Author: Eric W. Biederman <ebiederm@xmission.com>
-.\" Date:   Mon Jul 28 17:26:07 2014 -0700
-.\"
-.\"      mnt: Correct permission checks in do_remount
-.\"
-when propagated from a more privileged to
-a less privileged mount namespace,
-and may not be changed in the less privileged mount namespace.
-.IP *
-.\" (As of 3.18-rc1 (in Al Viro's 2014-08-30 vfs.git#for-next tree))
-A file or directory that is a mount point in one namespace that is not
-a mount point in another namespace, may be renamed, unlinked, or removed
-.RB ( rmdir (2))
-in the mount namespace in which it is not a mount point
-(subject to the usual permission checks).
-Consequently, the mount point is removed in the mount namespace
-where it was a mount point.
-.IP
-Previously (before Linux 3.18),
-.\" mtk: The change was in Linux 3.18, I think, with this commit:
-.\"     commit 8ed936b5671bfb33d89bc60bdcc7cf0470ba52fe
-.\"     Author: Eric W. Biederman <ebiederman@twitter.com>
-.\"     Date:   Tue Oct 1 18:33:48 2013 -0700
-.\"
-.\"         vfs: Lazily remove mounts on unlinked files and directories.
-attempting to unlink, rename, or remove a file or directory
-that was a mount point in another mount namespace would result in the error
-.BR EBUSY .
-That behavior had technical problems of enforcement (e.g., for NFS)
-and permitted denial-of-service attacks against more privileged users
-(i.e., preventing individual files from being updated
-by bind mounting on top of them).
-.\"
 .SH SHARED SUBTREES
 After the implementation of mount namespaces was completed,
 experience showed that the isolation that they provided was,
@@ -165,35 +88,35 @@ the shared subtree feature was introduced in Linux 2.6.15.
 This feature allows for automatic, controlled propagation of mount and unmount
 .I events
 between namespaces
-(or, more precisely, between the members of a
+(or, more precisely, between the mounts that are members of a
 .IR "peer group"
 that are propagating events to one another).
 .PP
-Each mount point is marked (via
+Each mount is marked (via
 .BR mount (2))
 as having one of the following
 .IR "propagation types" :
 .TP
 .BR MS_SHARED
-This mount point shares events with members of a peer group.
-Mount and unmount events immediately under this mount point will propagate
-to the other mount points that are members of the peer group.
+This mount shares events with members of a peer group.
+Mount and unmount events immediately under this mount will propagate
+to the other mounts that are members of the peer group.
 .I Propagation
 here means that the same mount or unmount will automatically occur
-under all of the other mount points in the peer group.
+under all of the other mounts in the peer group.
 Conversely, mount and unmount events that take place under
-peer mount points will propagate to this mount point.
+peer mounts will propagate to this mount.
 .TP
 .BR MS_PRIVATE
-This mount point is private; it does not have a peer group.
-Mount and unmount events do not propagate into or out of this mount point.
+This mount is private; it does not have a peer group.
+Mount and unmount events do not propagate into or out of this mount.
 .TP
 .BR MS_SLAVE
-Mount and unmount events propagate into this mount point from
+Mount and unmount events propagate into this mount from
 a (master) shared peer group.
-Mount and unmount events under this mount point do not propagate to any peer.
+Mount and unmount events under this mount do not propagate to any peer.
 .IP
-Note that a mount point can be the slave of another peer group
+Note that a mount can be the slave of another peer group
 while at the same time sharing mount and unmount events
 with a peer group of which it is a member.
 (More precisely, one peer group can be the slave of another peer group.)
@@ -222,45 +145,45 @@ For a discussion of the propagation type assigned to a new mount,
 see NOTES.
 .PP
 The propagation type is a per-mount-point setting;
-some mount points may be marked as shared
-(with each shared mount point being a member of a distinct peer group),
+some mounts may be marked as shared
+(with each shared mount being a member of a distinct peer group),
 while others are private
 (or slaved or unbindable).
 .PP
 Note that a mount's propagation type determines whether
-mounts and unmounts of mount points
+mounts and unmounts of mounts
 .I "immediately under"
-the mount point are propagated.
+the mount are propagated.
 Thus, the propagation type does not affect propagation of events for
-grandchildren and further removed descendant mount points.
-What happens if the mount point itself is unmounted is determined by
+grandchildren and further removed descendant mounts.
+What happens if the mount itself is unmounted is determined by
 the propagation type that is in effect for the
 .I parent
-of the mount point.
+of the mount.
 .PP
 Members are added to a
 .IR "peer group"
-when a mount point is marked as shared and either:
+when a mount is marked as shared and either:
 .IP * 3
-the mount point is replicated during the creation of a new mount namespace; or
+the mount is replicated during the creation of a new mount namespace; or
 .IP *
-a new bind mount is created from the mount point.
+a new bind mount is created from the mount.
 .PP
-In both of these cases, the new mount point joins the peer group
-of which the existing mount point is a member.
+In both of these cases, the new mount joins the peer group
+of which the existing mount is a member.
 .PP
-A new peer group is also created when a child mount point is created under
-an existing mount point that is marked as shared.
-In this case, the new child mount point is also marked as shared and
-the resulting peer group consists of all the mount points
-that are replicated under the peers of parent mount.
+A new peer group is also created when a child mount is created under
+an existing mount that is marked as shared.
+In this case, the new child mount is also marked as shared and
+the resulting peer group consists of all the mounts
+that are replicated under the peers of parent mounts.
 .PP
 A mount ceases to be a member of a peer group when either
 the mount is explicitly unmounted,
 or when the mount is implicitly unmounted because a mount namespace is removed
 (because it has no more member processes).
 .PP
-The propagation type of the mount points in a mount namespace
+The propagation type of the mounts in a mount namespace
 can be discovered via the "optional fields" exposed in
 .IR /proc/[pid]/mountinfo .
 (See
@@ -270,11 +193,11 @@ The following tags can appear in the optional fields
 for a record in that file:
 .TP
 .I shared:X
-This mount point is shared in peer group
+This mount is shared in peer group
 .IR X .
 Each peer group has a unique ID that is automatically
 generated by the kernel,
-and all mount points in the same peer group will show the same ID.
+and all mounts in the same peer group will show the same ID.
 (These IDs are assigned starting from the value 1,
 and may be recycled when a peer group ceases to have any members.)
 .TP
@@ -309,7 +232,7 @@ This is an unbindable mount.
 If none of the above tags is present, then this is a private mount.
 .SS MS_SHARED and MS_PRIVATE example
 Suppose that on a terminal in the initial mount namespace,
-we mark one mount point as shared and another as private,
+we mark one mount as shared and another as private,
 and then view the mounts in
 .IR /proc/self/mountinfo :
 .PP
@@ -332,7 +255,7 @@ is a shared mount in peer group 1, and that
 has no optional tags, indicating that it is a private mount.
 The first two fields in each record in this file are the unique
 ID for this mount, and the mount ID of the parent mount.
-We can further inspect this file to see that the parent mount point of
+We can further inspect this file to see that the parent mount of
 .IR /mntS
 and
 .IR /mntP
@@ -361,8 +284,8 @@ sh2# \fBcat /proc/self/mountinfo | grep \(aq/mnt\(aq | sed \(aqs/ \- .*//\(aq\fP
 .in
 .PP
 The new mount namespace received a copy of the initial mount namespace's
-mount points.
-These new mount points maintain the same propagation types,
+mounts.
+These new mounts maintain the same propagation types,
 but have unique mount IDs.
 (The
 .IR \-\-propagation\ unchanged
@@ -399,10 +322,10 @@ was created as shared (inheriting this setting from its parent mount) and
 was created as a private mount.
 .PP
 Returning to the first terminal and inspecting the set-up,
-we see that the new mount created under the shared mount point
+we see that the new mount created under the shared mount
 .IR /mntS
 propagated to its peer mount (in the initial mount namespace),
-but the new mount created under the private mount point
+but the new mount created under the private mount
 .IR /mntP
 did not propagate:
 .PP
@@ -416,7 +339,7 @@ sh1# \fBcat /proc/self/mountinfo | grep \(aq/mnt\(aq | sed \(aqs/ \- .*//\(aq\fP
 .in
 .\"
 .SS MS_SLAVE example
-Making a mount point a slave allows it to receive propagated
+Making a mount a slave allows it to receive propagated
 mount and unmount events from a master shared peer group,
 while preventing it from propagating events to that master.
 This is useful if we want to (say) receive a mount event when
@@ -426,7 +349,7 @@ but want to prevent mount and unmount events under the slave mount
 from having side effects in other namespaces.
 .PP
 We can demonstrate the effect of slaving by first marking
-two mount points as shared in the initial mount namespace:
+two mounts as shared in the initial mount namespace:
 .PP
 .in +4n
 .EX
@@ -439,7 +362,7 @@ sh1# \fBcat /proc/self/mountinfo | grep \(aq/mnt\(aq | sed \(aqs/ \- .*//\(aq\fP
 .in
 .PP
 On a second terminal,
-we create a new mount namespace and inspect the mount points:
+we create a new mount namespace and inspect the mounts:
 .PP
 .in +4n
 .EX
@@ -450,7 +373,7 @@ sh2# \fBcat /proc/self/mountinfo | grep \(aq/mnt\(aq | sed \(aqs/ \- .*//\(aq\fP
 .EE
 .in
 .PP
-In the new mount namespace, we then mark one of the mount points as a slave:
+In the new mount namespace, we then mark one of the mounts as a slave:
 .PP
 .in +4n
 .EX
@@ -480,7 +403,7 @@ sh2# \fBmount /dev/sda5 /mntY/b\fP
 .EE
 .in
 .PP
-When we inspect the state of the mount points in the new mount namespace,
+When we inspect the state of the mounts in the new mount namespace,
 we see that
 .IR /mntX/a
 was created as a new shared mount
@@ -516,7 +439,7 @@ sh1# \fBcat /proc/self/mountinfo | grep \(aq/mnt\(aq | sed \(aqs/ \- .*//\(aq\fP
 .EE
 .in
 .PP
-Now we create a new mount point under
+Now we create a new mount under
 .IR /mntY
 in the first shell:
 .PP
@@ -532,9 +455,9 @@ sh1# \fBcat /proc/self/mountinfo | grep \(aq/mnt\(aq | sed \(aqs/ \- .*//\(aq\fP
 .EE
 .in
 .PP
-When we examine the mount points in the second mount namespace,
+When we examine the mounts in the second mount namespace,
 we see that in this case the new mount has been propagated
-to the slave mount point,
+to the slave mount,
 and that the new mount is itself a slave mount (to peer group 4):
 .PP
 .in +4n
@@ -550,11 +473,11 @@ sh2# \fBcat /proc/self/mountinfo | grep \(aq/mnt\(aq | sed \(aqs/ \- .*//\(aq\fP
 .\"
 .SS MS_UNBINDABLE example
 One of the primary purposes of unbindable mounts is to avoid
-the "mount point explosion" problem when repeatedly performing bind mounts
-of a higher-level subtree at a lower-level mount point.
+the "mount explosion" problem when repeatedly performing bind mounts
+of a higher-level subtree at a lower-level mount.
 The problem is illustrated by the following shell session.
 .PP
-Suppose we have a system with the following mount points:
+Suppose we have a system with the following mounts:
 .PP
 .in +4n
 .EX
@@ -567,7 +490,7 @@ Suppose we have a system with the following mount points:
 .PP
 Suppose furthermore that we wish to recursively bind mount
 the root directory under several users' home directories.
-We do this for the first user, and inspect the mount points:
+We do this for the first user, and inspect the mounts:
 .PP
 .in +4n
 .EX
@@ -682,8 +605,8 @@ Now we create unbindable recursive bind mounts for the other two users:
 .EE
 .in
 .PP
-Upon examining the list of mount points,
-we see there has been no explosion of mount points,
+Upon examining the list of mounts,
+we see there has been no explosion of mounts,
 because the unbindable mounts were not replicated
 under each user's directory:
 .PP
@@ -709,7 +632,7 @@ under each user's directory:
 The following table shows the effect that applying a new propagation type
 (i.e.,
 .IR "mount \-\-make\-xxxx")
-has on the existing propagation type of a mount point.
+has on the existing propagation type of a mount.
 The rows correspond to existing propagation types,
 and the columns are the new propagation settings.
 For reasons of space, "private" is abbreviated as "priv" and
@@ -744,9 +667,9 @@ mount \-\-bind A/a B/b
 .PP
 Here,
 .I A
-is the source mount point,
+is the source mount,
 .I B
-is the destination mount point,
+is the destination mount,
 .I a
 is a subdirectory path under the mount point
 .IR A ,
@@ -756,7 +679,7 @@ is a subdirectory path under the mount point
 .IR B .
 The propagation type of the resulting mount,
 .IR B/b ,
-depends on the propagation types of the mount points
+depends on the propagation types of the mounts
 .IR A
 and
 .IR B ,
@@ -792,15 +715,15 @@ mount \-\-move A B/b
 .PP
 Here,
 .I A
-is the source mount point,
+is the source mount,
 .I B
-is the destination mount point, and
+is the destination mount, and
 .I b
 is a subdirectory path under the mount point
 .IR B .
 The propagation type of the resulting mount,
 .IR B/b ,
-depends on the propagation types of the mount points
+depends on the propagation types of the mounts
 .IR A
 and
 .IR B ,
@@ -824,7 +747,7 @@ For further details, see
 in the kernel source tree.
 .\"
 .SS Mount semantics
-Suppose that we use the following command to create a mount point:
+Suppose that we use the following command to create a mount:
 .PP
 .in +4n
 .EX
@@ -834,7 +757,7 @@ mount device B/b
 .PP
 Here,
 .I B
-is the destination mount point, and
+is the destination mount, and
 .I b
 is a subdirectory path under the mount point
 .IR B .
@@ -845,7 +768,7 @@ where the propagation type of the source mount
 is considered always to be private.
 .\"
 .SS Unmount semantics
-Suppose that we use the following command to tear down a mount point:
+Suppose that we use the following command to tear down a mount:
 .PP
 .in +4n
 .EX
@@ -855,7 +778,7 @@ unmount A
 .PP
 Here,
 .I A
-is a mount point on
+is a mount on
 .IR B/b ,
 where
 .I B
@@ -948,7 +871,7 @@ onto
 .EE
 .in
 .PP
-Initially, these two mount points are in the same peer group,
+Initially, these two mounts are in the same peer group,
 but we then make the
 .IR /tmp/etc
 a slave of
@@ -973,7 +896,7 @@ Then we bind mount
 .IR /tmp/etc
 onto
 .IR /mnt/tmp/etc .
-Again, the two mount points are initially in the same peer group,
+Again, the two mounts are initially in the same peer group,
 but we then make
 .IR /mnt/tmp/etc
 a slave of
@@ -1042,9 +965,9 @@ Mount namespaces first appeared in Linux 2.4.19.
 Namespaces are a Linux-specific feature.
 .\"
 .SH NOTES
-The propagation type assigned to a new mount point depends
+The propagation type assigned to a new mount depends
 on the propagation type of the parent mount.
-If the mount point has a parent (i.e., it is a non-root mount
+If the mount has a parent (i.e., it is a non-root mount
 point) and the propagation type of the parent is
 .BR MS_SHARED ,
 then the propagation type of the new mount is also
@@ -1053,13 +976,13 @@ Otherwise, the propagation type of the new mount is
 .BR MS_PRIVATE .
 .PP
 Notwithstanding the fact that the default propagation type
-for new mount points is in many cases
+for new mount is in many cases
 .BR MS_PRIVATE ,
 .BR MS_SHARED
 is typically more useful.
 For this reason,
 .BR systemd (1)
-automatically remounts all mount points as
+automatically remounts all mounts as
 .BR MS_SHARED
 on system startup.
 Thus, on most modern systems, the default propagation type is in practice
@@ -1068,14 +991,14 @@ Thus, on most modern systems, the default propagation type is in practice
 Since, when one uses
 .BR unshare (1)
 to create a mount namespace,
-the goal is commonly to provide full isolation of the mount points
+the goal is commonly to provide full isolation of the mounts
 in the new namespace,
 .BR unshare (1)
 (since
 .IR util\-linux
 version 2.27) in turn reverses the step performed by
 .BR systemd (1),
-by making all mount points private in the new namespace.
+by making all mounts private in the new namespace.
 That is,
 .BR unshare (1)
 performs the equivalent of the following in the new mount namespace:
@@ -1099,7 +1022,7 @@ may desire to prevent propagation of mount events to other mount namespaces
 (as is done by
 .BR unshare (1)).
 This can be done by changing the propagation type of
-mount points in the new namespace to either
+mounts in the new namespace to either
 .B MS_SLAVE
 or
 .BR MS_PRIVATE ,
@@ -1117,6 +1040,291 @@ and creating bind mounts
 .RB ( MS_BIND ),
 see
 .IR Documentation/filesystems/sharedsubtree.txt .
+.\"
+.\" ============================================================
+.\"
+.SS Restrictions on mount namespaces
+Note the following points with respect to mount namespaces:
+.IP [1] 4
+Each mount namespace has an owner user namespace.
+As explained above, when a new mount namespace is created,
+its mount list is initialized as a copy of the mount list
+of another mount namespace.
+If the new namespace and the namespace from which the mount list
+was copied are owned by different user namespaces,
+then the new mount namespace is considered
+.IR "less privileged" .
+.IP [2]
+When creating a less privileged mount namespace,
+shared mounts are reduced to slave mounts.
+This ensures that mappings performed in less
+privileged mount namespaces will not propagate to more privileged
+mount namespaces.
+.IP [3]
+Mounts that come as a single unit from a more privileged mount namespace are
+locked together and may not be separated in a less privileged mount
+namespace.
+(The
+.BR unshare (2)
+.B CLONE_NEWNS
+operation brings across all of the mounts from the original
+mount namespace as a single unit,
+and recursive mounts that propagate between
+mount namespaces propagate as a single unit.)
+.IP
+In this context, "may not be separated" means that the mounts
+are locked so that they may not be individually unmounted.
+Consider the following example:
+.IP
+.RS
+.in +4n
+.EX
+$ \fBsudo sh\fP
+# \fBmount \-\-bind /dev/null /etc/shadow\fP
+# \fBcat /etc/shadow\fP       # Produces no output
+.EE
+.in
+.RE
+.IP
+The above steps, performed in a more privileged mount namespace,
+have created a bind mount that
+obscures the contents of the shadow password file,
+.IR /etc/shadow .
+For security reasons, it should not be possible to unmount
+that mount in a less privileged mount namespace,
+since that would reveal the contents of
+.IR /etc/shadow .
+.IP
+Suppose we now create a new mount namespace
+owned by a new user namespace.
+The new mount namespace will inherit copies of all of the mounts
+from the previous mount namespace.
+However, those mounts will be locked because the new mount namespace
+is less privileged.
+Consequently, an attempt to unmount the mount fails as show
+in the following step:
+.IP
+.RS
+.in +4n
+.EX
+# \fBunshare \-\-user \-\-map\-root\-user \-\-mount \e\fP
+               \fBstrace \-o /tmp/log \e\fP
+               \fBumount /mnt/dir\fP
+umount: /etc/shadow: not mounted.
+# \fBgrep \(aq^umount\(aq /tmp/log\fP
+umount2("/etc/shadow", 0)     = \-1 EINVAL (Invalid argument)
+.EE
+.in
+.RE
+.IP
+The error message from
+.BR mount (8)
+is a little confusing, but the
+.BR strace (1)
+output reveals that the underlying
+.BR umount2 (2)
+system call failed with the error
+.BR EINVAL ,
+which is the error that the kernel returns to indicate that
+the mount is locked.
+.IP
+Note, however, that it is possible to stack (and unstack) a
+mount on top of one of the inherited locked mounts in a
+less privileged mount namespace:
+.IP
+.in +4n
+.EX
+# \fBecho \(aqaaaaa\(aq > /tmp/a\fP    # File to mount onto /etc/shadow
+# \fBunshare \-\-user \-\-map\-root\-user \-\-mount \e\fP
+    \fBsh \-c \(aqmount \-\-bind /tmp/a /etc/shadow; cat /etc/shadow\(aq\fP
+aaaaa
+# \fBumount /etc/shadow\fP
+.EE
+.in
+.IP
+The final
+.BR umount (8)
+command above, which is performed in the initial mount namespace,
+makes the original
+.I /etc/shadow
+file once more visible in that namespace.
+.IP [4]
+Following on from point [3],
+note that it is possible to unmount an entire subtree of mounts that
+propagated as a unit into a less privileged mount namespace,
+as illustrated in the following example.
+.IP
+First, we create new user and mount namespaces using
+.BR unshare (1).
+In the new mount namespace,
+the propagation type of all mounts is set to private.
+We then create a shared bind mount at
+.IR /mnt ,
+and a small hierarchy of mounts underneath that mount.
+.IP
+.in +4n
+.EX
+$ \fBPS1=\(aqns1# \(aq sudo unshare \-\-user \-\-map\-root\-user \e\fP
+                       \fB\-\-mount \-\-propagation private bash\fP
+ns1# \fBecho $$\fP        # We need the PID of this shell later
+778501
+ns1# \fBmount \-\-make\-shared \-\-bind /mnt /mnt\fP
+ns1# \fBmkdir /mnt/x\fP
+ns1# \fBmount \-\-make\-private \-t tmpfs none /mnt/x\fP
+ns1# \fBmkdir /mnt/x/y\fP
+ns1# \fBmount \-\-make\-private \-t tmpfs none /mnt/x/y\fP
+ns1# \fBgrep /mnt /proc/self/mountinfo | sed \(aqs/ \- .*//\(aq\fP
+986 83 8:5 /mnt /mnt rw,relatime shared:344
+989 986 0:56 / /mnt/x rw,relatime
+990 989 0:57 / /mnt/x/y rw,relatime
+.EE
+.in
+.IP
+Continuing in the same shell session,
+we then create a second shell in a new user namespace and a new
+(less privileged) mount namespace and
+check the state of the propagated mounts rooted at
+.IR /mnt .
+.IP
+.in +4n
+.EX
+ns1# \fBPS1=\(aqns2# \(aq unshare \-\-user \-\-map\-root\-user \e\fP
+                       \fB\-\-mount \-\-propagation unchanged bash\fP
+ns2# \fBgrep /mnt /proc/self/mountinfo | sed \(aqs/ \- .*//\(aq\fP
+1239 1204 8:5 /mnt /mnt rw,relatime master:344
+1240 1239 0:56 / /mnt/x rw,relatime
+1241 1240 0:57 / /mnt/x/y rw,relatime
+.EE
+.in
+.IP
+Of note in the above output is that the propagation type of the mount
+.I /mnt
+has been reduced to slave, as explained in point [2].
+This means that submount events will propagate from the master
+.I /mnt
+in "ns1", but propagation will not occur in the opposite direction.
+.IP
+From a separate terminal window, we then use
+.BR nsenter (1)
+to enter the mount and user namespaces corresponding to "ns1".
+In that terminal window, we then recursively bind mount
+.IR /mnt/x
+at the location
+.IR /mnt/ppp .
+.IP
+.in +4n
+.EX
+$ \fBPS1=\(aqns3# \(aq sudo nsenter \-t 778501 \-\-user \-\-mount\fP
+ns3# \fBmount \-\-rbind \-\-make\-private /mnt/x /mnt/ppp\fP
+ns3# \fBgrep /mnt /proc/self/mountinfo | sed \(aqs/ \- .*//\(aq\fP
+986 83 8:5 /mnt /mnt rw,relatime shared:344
+989 986 0:56 / /mnt/x rw,relatime
+990 989 0:57 / /mnt/x/y rw,relatime
+1242 986 0:56 / /mnt/ppp rw,relatime
+1243 1242 0:57 / /mnt/ppp/y rw,relatime shared:518
+.EE
+.in
+.IP
+Because the propagation type of the parent mount,
+.IR /mnt ,
+was shared, the recursive bind mount propagated a small subtree of
+mounts under the slave mount
+.I /mnt
+into "ns2",
+as can be verified by executing the following command in that shell session:
+.IP
+.in +4n
+.EX
+ns2# \fBgrep /mnt /proc/self/mountinfo | sed \(aqs/ \- .*//\(aq\fP
+1239 1204 8:5 /mnt /mnt rw,relatime master:344
+1240 1239 0:56 / /mnt/x rw,relatime
+1241 1240 0:57 / /mnt/x/y rw,relatime
+1244 1239 0:56 / /mnt/ppp rw,relatime
+1245 1244 0:57 / /mnt/ppp/y rw,relatime master:518
+.EE
+.in
+.IP
+While it is not possible to unmount a part of the propagated subtree
+.RI ( /mnt/ppp/y )
+in "ns2",
+it is possible to unmount the entire subtree,
+as shown by the following commands:
+.IP
+.in +4n
+.EX
+ns2# \fBumount /mnt/ppp/y\fP
+umount: /mnt/ppp/y: not mounted.
+ns2# \fBumount \-l /mnt/ppp | sed \(aqs/ \- .*//\(aq\fP      # Succeeds...
+ns2# \fBgrep /mnt /proc/self/mountinfo\fP
+1239 1204 8:5 /mnt /mnt rw,relatime master:344
+1240 1239 0:56 / /mnt/x rw,relatime
+1241 1240 0:57 / /mnt/x/y rw,relatime
+.EE
+.in
+.IP [5]
+The
+.BR mount (2)
+flags
+.BR MS_RDONLY ,
+.BR MS_NOSUID ,
+.BR MS_NOEXEC ,
+and the "atime" flags
+.RB ( MS_NOATIME ,
+.BR MS_NODIRATIME ,
+.BR MS_RELATIME )
+settings become locked
+.\" commit 9566d6742852c527bf5af38af5cbb878dad75705
+.\" Author: Eric W. Biederman <ebiederm@xmission.com>
+.\" Date:   Mon Jul 28 17:26:07 2014 -0700
+.\"
+.\"      mnt: Correct permission checks in do_remount
+.\"
+when propagated from a more privileged to
+a less privileged mount namespace,
+and may not be changed in the less privileged mount namespace.
+.IP
+This point is illustrated in the following example where,
+in a more privileged mount namespace,
+we create a bind mount that is marked as read-only.
+For security reasons,
+it should not be possible to make the mount writable in
+a less privileged mount namespace, and indeed the kernel prevents this:
+.IP
+.RS
+.in +4n
+.EX
+$ \fBsudo mkdir /mnt/dir\fP
+$ \fBsudo mount \-\-bind \-o ro /some/path /mnt/dir\fP
+$ \fBsudo unshare \-\-user \-\-map\-root\-user \-\-mount \e\fP
+               \fBmount \-o remount,rw /mnt/dir\fP
+mount: /mnt/dir: permission denied.
+.EE
+.in
+.RE
+.IP [6]
+.\" (As of 3.18-rc1 (in Al Viro's 2014-08-30 vfs.git#for-next tree))
+A file or directory that is a mount point in one namespace that is not
+a mount point in another namespace, may be renamed, unlinked, or removed
+.RB ( rmdir (2))
+in the mount namespace in which it is not a mount point
+(subject to the usual permission checks).
+Consequently, the mount point is removed in the mount namespace
+where it was a mount point.
+.IP
+Previously (before Linux 3.18),
+.\" mtk: The change was in Linux 3.18, I think, with this commit:
+.\"     commit 8ed936b5671bfb33d89bc60bdcc7cf0470ba52fe
+.\"     Author: Eric W. Biederman <ebiederman@twitter.com>
+.\"     Date:   Tue Oct 1 18:33:48 2013 -0700
+.\"
+.\"         vfs: Lazily remove mounts on unlinked files and directories.
+attempting to unlink, rename, or remove a file or directory
+that was a mount point in another mount namespace would result in the error
+.BR EBUSY .
+That behavior had technical problems of enforcement (e.g., for NFS)
+and permitted denial-of-service attacks against more privileged users
+(i.e., preventing individual files from being updated
+by bind mounting on top of them).
 .SH EXAMPLES
 See
 .BR pivot_root (2).

man7/namespaces.7

@@ -24,7 +24,7 @@
 .\" %%%LICENSE_END
 .\"
 .\"
-.TH NAMESPACES 7 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH NAMESPACES 7 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 namespaces \- overview of Linux namespaces
 .SH DESCRIPTION

man7/path_resolution.7

@@ -22,7 +22,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH PATH_RESOLUTION 7 2020-04-11 "Linux" "Linux Programmer's Manual"
+.TH PATH_RESOLUTION 7 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 path_resolution \- how a pathname is resolved to a file
 .SH DESCRIPTION

man7/pipe.7

@@ -22,7 +22,7 @@
 .\" the source, must acknowledge the copyright and authors of this work.
 .\" %%%LICENSE_END
 .\"
-.TH PIPE 7 2017-09-15 "Linux" "Linux Programmer's Manual"
+.TH PIPE 7 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 pipe \- overview of pipes and FIFOs
 .SH DESCRIPTION

man7/posixoptions.7

@@ -21,7 +21,7 @@
 .\" <http://www.gnu.org/licenses/>.
 .\" %%%LICENSE_END
 .\"
-.TH POSIXOPTIONS 7 2018-04-30 "" "Linux Programmer's Manual"
+.TH POSIXOPTIONS 7 2021-08-27 "" "Linux Programmer's Manual"
 .SH NAME
 posixoptions \- optional parts of the POSIX standard
 .SH DESCRIPTION

man7/user_namespaces.7

@@ -24,7 +24,7 @@
 .\" %%%LICENSE_END
 .\"
 .\"
-.TH USER_NAMESPACES 7 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH USER_NAMESPACES 7 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 user_namespaces \- overview of Linux user namespaces
 .SH DESCRIPTION

man7/vdso.7

@@ -10,7 +10,7 @@
 .\"   http://www.linuxjournal.com/content/creating-vdso-colonels-other-chicken
 .\"   http://www.trilithium.com/johan/2005/08/linux-gate/
 .\"
-.TH VDSO 7 2021-03-22 "Linux" "Linux Programmer's Manual"
+.TH VDSO 7 2021-08-27 "Linux" "Linux Programmer's Manual"
 .SH NAME
 vdso \- overview of the virtual ELF dynamic shared object
 .SH SYNOPSIS

man8/iconvconfig.8

@@ -21,7 +21,7 @@
 .\" <http://www.gnu.org/licenses/>.
 .\" %%%LICENSE_END
 .\"
-.TH ICONVCONFIG 8 2021-03-22 "GNU" "Linux System Administration"
+.TH ICONVCONFIG 8 2021-08-27 "GNU" "Linux System Administration"
 .SH NAME
 iconvconfig \- create iconv module configuration cache
 .SH SYNOPSIS
@@ -96,6 +96,10 @@ Usual system default gconv module configuration file.
 .TP
 .I /usr/lib/gconv/gconv\-modules.cache
 Usual system gconv module configuration cache.
+.PP
+Depending on the architecture,
+the above files may instead be located at directories with the path prefix
+.IR /usr/lib64 .
 .SH SEE ALSO
 .BR iconv (1),
 .BR iconv (3)

man8/ld.so.8

@@ -4,7 +4,7 @@
 .\" Various parts:
 .\" Copyright (C) 2007-9, 2013, 2016 Michael Kerrisk <mtk.manpages@gmail.com>
 .\"
-.TH LD.SO 8 2021-03-22 "GNU" "Linux Programmer's Manual"
+.TH LD.SO 8 2021-08-27 "GNU" "Linux Programmer's Manual"
 .SH NAME
 ld.so, ld\-linux.so \- dynamic linker/loader
 .SH SYNOPSIS