diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2013-03-01 12:57:11 +0100 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2014-09-13 20:16:00 -0700 |
| commit | 1b3d5347f54b0bff20e4be970f1d72e15ce757a5 (patch) | |
| tree | 9aec8f2e4e863b73e05b20c141575f671a237bd2 /man7/user_namespaces.7 | |
| parent | 0f069d0c69bca39fcf5195bfbda439b52ee5e27f (diff) | |
| download | man-pages-1b3d5347f54b0bff20e4be970f1d72e15ce757a5.tar.gz | |
user_namespaces.7: Clarify that rules for writing to map files also apply to gid_map
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Diffstat (limited to 'man7/user_namespaces.7')
| -rw-r--r-- | man7/user_namespaces.7 | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7 index 656f989f86..e44013f039 100644 --- a/man7/user_namespaces.7 +++ b/man7/user_namespaces.7 @@ -278,13 +278,17 @@ file of of the process in the namespace may be written to .I once to define the mapping of user IDs in the new user namespace. -(An attempt to write more than once to a +An attempt to write more than once to a .I uid_map file in a user namespace fails with the error -.BR EPERM .) +.BR EPERM . +Similar rules apply for +.I gid_map +files. The lines written to .IR uid_map +.RI ( gid_map ) must conform to the following rules: .IP * 3 The three fields must be valid numbers, @@ -305,7 +309,8 @@ and .BR pwrite (2) can't be used to write to nonzero offsets in the file). .IP * -The range of user IDs specified in each line cannot overlap with the ranges +The range of user IDs (group IDs) +specified in each line cannot overlap with the ranges in any other lines. In the current implementation (Linux 3.8), this requirement is satisfied by a simplistic implementation that imposes the further @@ -313,6 +318,9 @@ requirement that the values in both field 1 and field 2 of successive lines must be in ascending numerical order. .IP * +The mapped user IDs (group IDs) must in turn have a mapping +in the parent user namespace. +.IP * At least one line must be written to the file. .PP Writes that violate the above rules fail with the error |