diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2021-08-17 12:55:52 +0200 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2021-08-20 23:37:47 +0200 |
| commit | aa62e72dede7addf5bfe236503aa7cfeee2848ec (patch) | |
| tree | 2f7c7f4db86450396b7a65bc254bc8989f41642e | |
| parent | a66648bbd10f518b98ff6483b78a3dc6de5d0210 (diff) | |
| download | man-pages-aa62e72dede7addf5bfe236503aa7cfeee2848ec.tar.gz | |
mount_namespaces.7: wfix
The correct terminology is "less privileged mount namespace"
(not "less privileged user namespace").
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
| -rw-r--r-- | man7/mount_namespaces.7 | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/man7/mount_namespaces.7 b/man7/mount_namespaces.7 index 7e57f1e6a6..975a6c8986 100644 --- a/man7/mount_namespaces.7 +++ b/man7/mount_namespaces.7 @@ -1087,12 +1087,12 @@ $ \fBls /mnt/dir\fP # Former contents of directory are invisible .in .RE .IP -The above steps, performed in a more privileged user namespace, +The above steps, performed in a more privileged mount namespace, have created a (read-only) bind mount that obscures the contents of the directory .IR /mnt/dir . For security reasons, it should not be possible to unmount -that mount in a less privileged user namespace, +that mount in a less privileged mount namespace, since that would reveal the contents of the directory .IR /mnt/dir . .IP @@ -1101,7 +1101,7 @@ owned by a (new) subordinate user namespace. The new mount namespace will inherit copies of all of the mounts from the previous mount namespace. However, those mounts will be locked because the new mount namespace -is owned by a less privileged user namespace. +is owned by a less privileged mount namespace. Consequently, an attempt to unmount the mount fails: .IP .RS @@ -1129,9 +1129,8 @@ which is the error that the kernel returns to indicate that the mount is locked. .IP * Following on from the previous point, -note that it is possible to unmount an entire -tree of mounts that propagated as a unit into a mount namespace -that is owned by a less privileged user namespace, +note that it is possible to unmount an entire tree of mounts that +propagated as a unit into a less privileged mount namespace, as illustrated in the following example. .IP First, we create new user and mount namespaces using @@ -1161,8 +1160,8 @@ ns1# \fBgrep /mnt /proc/self/mountinfo | sed \(aqs/ \- .*//\(aq\fP .in .IP Continuing in the same shell session, -we then create a second shell in a new mount namespace and a new subordinate -(and thus less privileged) user namespace and +we then create a second shell in a new user namespace and a new +(less privileged) mount namespace and check the state of the propagated mount points rooted at .IR /mnt . .IP |