user_namespaces.7: Note that user namespaces isolate the root directory

Reported-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2014-06-02 15:13:48 +0200
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2014-09-13 20:16:03 -0700
commit: 99f04bb1e97071f1184b4f2c68c8693bb85f1bf5 (patch)
tree: a9c5eee4ad1bbc11801d15f3b460afb5909db159 /man7
parent: c0d02ab07a86b7f4ad863a910781e95b4845342d (diff)
download: man-pages-99f04bb1e97071f1184b4f2c68c8693bb85f1bf5.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/man7/user_namespaces.7 b/man7/user_namespaces.7
index 1e3beadf58..2af6d7a103 100644
--- a/man7/user_namespaces.7
+++ b/man7/user_namespaces.7
@@ -29,9 +29,11 @@ user_namespaces \- overview of Linux user_namespaces
 For an overview of namespaces, see
 .BR namespaces (7).
 
-User namespaces isolate security-related identifiers, in particular,
+User namespaces isolate security-related identifiers and attributes,
+in particular,
 user IDs and group IDs (see
 .BR credentials (7),
+the root directory,
 keys (see
 .BR keyctl (2)),
 .\" FIXME: This page says very little about the interaction
@@ -126,6 +128,7 @@ user namespace,
 even if the new namespace is created or joined by the root user
 (i.e., a process with user ID 0 in the root namespace).
 
+
 Note that a call to
 .BR execve (2)
 will cause a process to lose any capabilities that it has,
author	Michael Kerrisk <mtk.manpages@gmail.com>	2014-06-02 15:13:48 +0200
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2014-09-13 20:16:03 -0700
commit	99f04bb1e97071f1184b4f2c68c8693bb85f1bf5 (patch)
tree	a9c5eee4ad1bbc11801d15f3b460afb5909db159 /man7
parent	c0d02ab07a86b7f4ad863a910781e95b4845342d (diff)
download	man-pages-99f04bb1e97071f1184b4f2c68c8693bb85f1bf5.tar.gz