diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2013-02-25 14:00:44 +0100 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2014-09-13 20:15:59 -0700 |
| commit | 6be09bd8825e63a9d84e606726222fbc284f2527 (patch) | |
| tree | 4e18693c84e4d3fd37f214472c6c59148fc7f7c5 /man7 | |
| parent | fd4eb520d6162461df53e745ce8970c830d7851b (diff) | |
| download | man-pages-6be09bd8825e63a9d84e606726222fbc284f2527.tar.gz | |
namespaces.7: srcfix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Diffstat (limited to 'man7')
| -rw-r--r-- | man7/namespaces.7 | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/man7/namespaces.7 b/man7/namespaces.7 index 158a764598..424657a051 100644 --- a/man7/namespaces.7 +++ b/man7/namespaces.7 @@ -36,6 +36,9 @@ One use of namespaces is to implement containers. This page describes the various namespaces and the associated .I /proc files, and summarizes the APIs for working with namespaces. +.\" +.\" ==================== The namespaces API ==================== +.\" .SS The namespaces API As well as various .I /proc @@ -86,6 +89,9 @@ in most cases requires the capability. User namespaces are the exception: since Linux 3.8, no privilege is required to create a user namespace. +.\" +.\" ==================== The /proc/[pid]/ns/ directory ==================== +.\" .SS The /proc/[pid]/ns/ directory Each process has a .IR /proc/[pid]/ns/ @@ -163,6 +169,9 @@ This file is a handle for the user namespace of the process. .TP .IR /proc/[pid]/ns/uts " (since Linux 3.0)" This file is a handle for the IPC namespace of the process. +.\" +.\" ==================== IPC namespaces ==================== +.\" .SS IPC namespaces (CLONE_NEWIPC) IPC namespaces isolate certain IPC resources, namely, System V IPC objects (see @@ -189,6 +198,9 @@ all IPC objects in the namespace are automatically destroyed. Use of IPC namespaces requires a kernel that is configured with the .B CONFIG_IPC_NS option. +.\" +.\" ==================== Network namespaces ==================== +.\" .SS Network namespaces (CLONE_NEWNET) Network namespaces provide isolation of the system resources associated with networking: network devices, IP addresses, IP routing tables, @@ -220,6 +232,9 @@ initial network namespace (not to the parent of the process). Use of network namespaces requires a kernel that is configured with the .B CONFIG_NET_NS option. +.\" +.\" ==================== Mount namespaces ==================== +.\" .SS Mount namespaces (CLONE_NEWNS) Mount namespaces isolate the set of file system mount points, meaning that processes in different mount namespaces can @@ -279,6 +294,9 @@ Optional statistics and configuration information. Currently (as at Linux 2.6.26), only NFS file systems export information via this field. .RE +.\" +.\" ==================== PID namespaces ==================== +.\" .SS PID namespaces (CLONE_NEWPID) PID namespaces isolate the process ID number space, meaning that processes in different PID namespaces can have the same PID. @@ -466,6 +484,9 @@ the receiving process's PID namespace. Use of PID namespaces requires a kernel that is configured with the .B CONFIG_PID_NS option. +.\" +.\" ==================== User namespaces ==================== +.\" .SS User namespaces (CLONE_NEWUSER) User namespaces isolate security-related identifiers, in particular, user IDs, group IDs, keys (see @@ -723,10 +744,13 @@ the set-user-ID (set-group-ID) bit is silently ignored: the new program is executed, but the process's effective user (group) ID is left unchanged. (This mirrors the semantics of executing a set-user-ID or set-group-ID -program that resides on a filesystem that was mounted with the +program that resides on a file system that was mounted with the .BR MS_NOSUID flag (see .BR mount (2).) +.\" +.\" ==================== UTS namespaces ==================== +.\" .SS UTS namespaces (CLONE_NEWUTS) UTS namespaces provide isolation of two system identifiers: the hostname and the NIS domain name. |