diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2013-01-14 04:24:34 +0100 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2014-09-13 20:15:57 -0700 |
| commit | 73680728d11b513725ffbcd11a475084f0d62364 (patch) | |
| tree | f30bcc8b4be3ec5691656e1a08890c242d0cd9f8 /man7/namespaces.7 | |
| parent | 9343f8e7c3f1a30bef10f1351548856b4154cd5f (diff) | |
| download | man-pages-73680728d11b513725ffbcd11a475084f0d62364.tar.gz | |
clone.2, namespaces.7: Move some CLONE_NEWNET text from clone.2 to namespaces.7
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Diffstat (limited to 'man7/namespaces.7')
| -rw-r--r-- | man7/namespaces.7 | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/man7/namespaces.7 b/man7/namespaces.7 index a3d49dea6c..850a5e2c14 100644 --- a/man7/namespaces.7 +++ b/man7/namespaces.7 @@ -201,6 +201,30 @@ directory, .I /sys/class/net directory, port numbers, and so on. +A network namespace provides an isolated view of the networking stack +(network device interfaces, IPv4 and IPv6 protocol stacks, +IP routing tables, firewall rules, the +.I /proc/net +and +.I /sys/class/net +directory trees, sockets, etc.). +A physical network device can live in exactly one +network namespace. +A virtual network device ("veth") pair provides a pipe-like abstraction +.\" FIXME Add pointer to veth(4) page when it is eventually completed +that can be used to create tunnels between network namespaces, +and can be used to create a bridge to a physical network device +in another namespace. + +When a network namespace is freed +(i.e., when the last process in the namespace terminates), +its physical network devices are moved back to the +initial network namespace (not to the parent of the process). + +Use of network namespaces requires a kernel that is configured with the +.B CONFIG_NET_NS +option. + .SS Mount namespaces (CLONE_NEWNS) Mount namespaces isolate the set of file system mount points, |