diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2017-05-03 19:14:29 +0200 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2017-05-03 19:20:50 +0200 |
| commit | a2b1485b5fc783f09e54eb7fee2effa8e16189bc (patch) | |
| tree | 63c98e927304d1c038d29285854369b31882d473 /man7/user_namespaces.7 | |
| parent | a110286b58e56e13f0035c7211f79858998933ff (diff) | |
| download | man-pages-a2b1485b5fc783f09e54eb7fee2effa8e16189bc.tar.gz | |
user_namespaces.7: Fixes to example
While toying around with the userns_child_exec example program on the
user_namespaces(7) man page, I noticed two things:
* In the EXAMPLE section, we need to mount the new /proc before
looking at /proc/$$/status, otherwise the latter will print
information about the outer namespace's PID 1 (i.e., the real
init). So the two paragraphs need to be swapped.
* In the program source, make sure to close pipe_fd[0] in the
child before exec'ing.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Diffstat (limited to 'man7/user_namespaces.7')
| -rw-r--r-- | man7/user_namespaces.7 | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7 index a7a892409d..0ee46457f1 100644 --- a/man7/user_namespaces.7 +++ b/man7/user_namespaces.7 @@ -970,22 +970,6 @@ bash$ \fBecho $$\fP 1 .fi .in - -Inside the user namespace, the shell has user and group ID 0, -and a full set of permitted and effective capabilities: - -.in +4n -.nf -bash$ \fBcat /proc/$$/status | egrep '^[UG]id'\fP -Uid: 0 0 0 0 -Gid: 0 0 0 0 -bash$ \fBcat /proc/$$/status | egrep '^Cap(Prm|Inh|Eff)'\fP -CapInh: 0000000000000000 -CapPrm: 0000001fffffffff -CapEff: 0000001fffffffff -.fi -.in - Mounting a new .I /proc filesystem and listing all of the processes visible @@ -1001,6 +985,21 @@ bash$ \fBps ax\fP 22 pts/3 R+ 0:00 ps ax .fi .in + +Inside the user namespace, the shell has user and group ID 0, +and a full set of permitted and effective capabilities: + +.in +4n +.nf +bash$ \fBcat /proc/$$/status | egrep '^[UG]id'\fP +Uid: 0 0 0 0 +Gid: 0 0 0 0 +bash$ \fBcat /proc/$$/status | egrep '^Cap(Prm|Inh|Eff)'\fP +CapInh: 0000000000000000 +CapPrm: 0000001fffffffff +CapEff: 0000001fffffffff +.fi +.in .SS Program source \& .nf @@ -1178,6 +1177,8 @@ childFunc(void *arg) exit(EXIT_FAILURE); } + close(args\->pipe_fd[0]); + /* Execute a shell command */ printf("About to exec %s\\n", args\->argv[0]); |