diff options
| -rw-r--r-- | man5/proc.5 | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/man5/proc.5 b/man5/proc.5 index 39399a3fac..e59bd33909 100644 --- a/man5/proc.5 +++ b/man5/proc.5 @@ -173,6 +173,20 @@ However, as a security measure, the ownership is made .IR root:root if the process's "dumpable" attribute is set to a value other than 1. .IP +Before Linux 4.11, +.\" commit 68eb94f16227336a5773b83ecfa8290f1d6b78ce +.IR root:root +meant the "global" root user ID and group ID +(i.e., UID 0 and GID 0 in the initial user namespace). +Since Linux 4.11, +if the process is in a noninitial user namespace that has a +valid mapping for user (group) ID 0 inside the namespace, then +the user (group) ownership of the files under +.I /proc/[pid] +is instead made the same as the root user (group) ID of the namespace. +This means that inside a container, +things work as expected for the container "root" user. +.IP The process's "dumpable" attribute may change for the following reasons: .RS .IP * 3 |