diff options
| author | Alejandro Colomar <alx@kernel.org> | 2023-08-15 00:47:24 +0200 |
|---|---|---|
| committer | Alejandro Colomar <alx@kernel.org> | 2023-08-15 23:13:41 +0200 |
| commit | ee5ec1d21a44505c861aa175e56a6c940aacccb2 (patch) | |
| tree | f6bd59c938254ce8b240538c81d510e924d9d53d /man5/proc.5 | |
| parent | b69fcf1d7fb7aff8ae32fb2d574f1ec7b85cb270 (diff) | |
| download | man-pages-ee5ec1d21a44505c861aa175e56a6c940aacccb2.tar.gz | |
proc.5, proc_pid_root.5: Split /proc/PID/root/ from proc(5)
Signed-off-by: Alejandro Colomar <alx@kernel.org>
Diffstat (limited to 'man5/proc.5')
| -rw-r--r-- | man5/proc.5 | 63 |
1 files changed, 0 insertions, 63 deletions
diff --git a/man5/proc.5 b/man5/proc.5 index 7eb84b88e9..95214b03a4 100644 --- a/man5/proc.5 +++ b/man5/proc.5 @@ -266,69 +266,6 @@ Therefore, it may be desirable to reset the "dumpable" attribute .I after making any desired changes to the process's effective UID or GID. .TP -.IR /proc/ pid /root -UNIX and Linux support the idea of a per-process root of the -filesystem, set by the -.BR chroot (2) -system call. -This file is a symbolic link that points to the process's -root directory, and behaves in the same way as -.IR exe , -and -.IR fd/* . -.IP -Note however that this file is not merely a symbolic link. -It provides the same view of the filesystem (including namespaces and the -set of per-process mounts) as the process itself. -An example illustrates this point. -In one terminal, we start a shell in new user and mount namespaces, -and in that shell we create some new mounts: -.IP -.in +4n -.EX -$ \fBPS1=\[aq]sh1# \[aq] unshare \-Urnm\fP -sh1# \fBmount \-t tmpfs tmpfs /etc\fP # Mount empty tmpfs at /etc -sh1# \fBmount \-\-bind /usr /dev\fP # Mount /usr at /dev -sh1# \fBecho $$\fP -27123 -.EE -.in -.IP -In a second terminal window, in the initial mount namespace, -we look at the contents of the corresponding mounts in -the initial and new namespaces: -.IP -.in +4n -.EX -$ \fBPS1=\[aq]sh2# \[aq] sudo sh\fP -sh2# \fBls /etc | wc \-l\fP # In initial NS -309 -sh2# \fBls /proc/27123/root/etc | wc \-l\fP # /etc in other NS -0 # The empty tmpfs dir -sh2# \fBls /dev | wc \-l\fP # In initial NS -205 -sh2# \fBls /proc/27123/root/dev | wc \-l\fP # /dev in other NS -11 # Actually bind - # mounted to /usr -sh2# \fBls /usr | wc \-l\fP # /usr in initial NS -11 -.EE -.in -.IP -.\" The following was still true as at kernel 2.6.13 -In a multithreaded process, the contents of the -.IR /proc/ pid /root -symbolic link are not available if the main thread has already terminated -(typically by calling -.BR pthread_exit (3)). -.IP -Permission to dereference or read -.RB ( readlink (2)) -this symbolic link is governed by a ptrace access mode -.B PTRACE_MODE_READ_FSCREDS -check; see -.BR ptrace (2). -.TP .IR /proc/ pid /projid_map " (since Linux 3.7)" .\" commit f76d207a66c3a53defea67e7d36c3eb1b7d6d61d See |