diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2018-10-31 08:27:56 +0100 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2018-10-31 08:31:47 +0100 |
| commit | 29af6f1a59ae1e7d7b08ae4a2340d69d52ab6d8a (patch) | |
| tree | 41d075e1b612e618846a742a2f43d4e4553c404e /man7/user_namespaces.7 | |
| parent | 659beec77515b2e2e6218e7b1f0cce61a382cd16 (diff) | |
| download | man-pages-29af6f1a59ae1e7d7b08ae4a2340d69d52ab6d8a.tar.gz | |
user_namespaces.7: Rework terminology describing ownership of nonuser namespaces
Prefer the word "owns" rather than "associated with" when
describing the relationship between user namespaces and non-user
namespaces. The existing text used a mix of the two terms, with
"associated with" being predominant, but to my ear, describing the
relationship as "ownership" is more comprehensible.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Diffstat (limited to 'man7/user_namespaces.7')
| -rw-r--r-- | man7/user_namespaces.7 | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7 index 896c7d7353..f347afe9ca 100644 --- a/man7/user_namespaces.7 +++ b/man7/user_namespaces.7 @@ -227,7 +227,8 @@ permits a process to perform operations (that require privilege) only on resources governed by that namespace. In other words, having a capability in a user namespace permits a process to perform privileged operations on resources that are governed by (nonuser) -namespaces associated with the user namespace (see the next subsection). +namespaces owned by (associated with) the user namespace +(see the next subsection). .PP On the other hand, there are many privileged operations that affect resources that are not associated with any namespace type, @@ -243,7 +244,7 @@ user namespace can perform such operations. .PP Holding .B CAP_SYS_ADMIN -within the user namespace associated with a process's mount namespace +within the user namespace that owns a process's mount namespace allows that process to create bind mounts and mount the following types of filesystems: .\" fs_flags = FS_USERNS_MOUNT in kernel sources @@ -277,7 +278,7 @@ and mount the following types of filesystems: .PP Holding .B CAP_SYS_ADMIN -within the user namespace associated with a process's cgroup namespace +within the user namespace that owns a process's cgroup namespace allows (since Linux 4.6) that process to the mount the cgroup version 2 filesystem and cgroup version 1 named hierarchies @@ -287,7 +288,7 @@ option). .PP Holding .B CAP_SYS_ADMIN -within the user namespace associated with a process's PID namespace +within the user namespace that owns a process's PID namespace allows (since Linux 3.8) that process to mount .I /proc @@ -333,7 +334,7 @@ When a new namespace (other than a user namespace) is created via .BR clone (2) or .BR unshare (2), -the kernel records the user namespace of the creating process against +the kernel records the user namespace of the creating process as the owner of the new namespace. (This association can't be changed.) When a process in the new namespace subsequently performs @@ -345,7 +346,7 @@ For example, suppose that a process attempts to change the hostname .RB ( sethostname (2)), a resource governed by the UTS namespace. In this case, -the kernel will determine which user namespace is associated with +the kernel will determine which user namespace owns the process's UTS namespace, and check whether the process has the required capability .RB ( CAP_SYS_ADMIN ) @@ -354,8 +355,8 @@ in that user namespace. The .BR NS_GET_USERNS .BR ioctl (2) -operation can be used to discover the user namespace with which -a non-user namespace is associated; see +operation can be used to discover the user namespace +that owns a a non-user namespace; see .BR ioctl_ns (2). .\" .\" ============================================================ |