diff options
Diffstat (limited to 'man7/namespaces.7')
-rw-r--r-- | man7/namespaces.7 | 99 |
1 files changed, 50 insertions, 49 deletions
diff --git a/man7/namespaces.7 b/man7/namespaces.7 index bdcdde3c8..54989a9a9 100644 --- a/man7/namespaces.7 +++ b/man7/namespaces.7 @@ -67,9 +67,9 @@ As well as various files described below, the namespaces API includes the following system calls: .TP -.BR clone (2) +.MR clone 2 The -.BR clone (2) +.MR clone 2 system call creates a new process. If the .I flags @@ -80,18 +80,18 @@ and the child process is made a member of those namespaces. (This system call also implements a number of features unrelated to namespaces.) .TP -.BR setns (2) +.MR setns 2 The -.BR setns (2) +.MR setns 2 system call allows the calling process to join an existing namespace. The namespace to join is specified via a file descriptor that refers to one of the .IR /proc/ pid /ns files described below. .TP -.BR unshare (2) +.MR unshare 2 The -.BR unshare (2) +.MR unshare 2 system call moves the calling process to a new namespace. If the .I flags @@ -102,17 +102,17 @@ and the calling process is made a member of those namespaces. (This system call also implements a number of features unrelated to namespaces.) .TP -.BR ioctl (2) +.MR ioctl 2 Various -.BR ioctl (2) +.MR ioctl 2 operations can be used to discover information about namespaces. These operations are described in -.BR ioctl_ns (2). +.MR ioctl_ns 2 . .P Creation of new namespaces using -.BR clone (2) +.MR clone 2 and -.BR unshare (2) +.MR unshare 2 in most cases requires the .B CAP_SYS_ADMIN capability, since, in the new namespace, @@ -130,7 +130,7 @@ Each process has a .\" See commit 6b4e306aa3dc94a0545eb9279475b1ab6209a31f subdirectory containing one entry for each namespace that supports being manipulated by -.BR setns (2): +.MR setns 2 : .P .in +4n .EX @@ -150,7 +150,7 @@ lrwxrwxrwx. uts \-> uts:[4026531838] .in .P Bind mounting (see -.BR mount (2)) +.MR mount 2 ) one of the files in this directory to somewhere else in the filesystem keeps the corresponding namespace of the process specified by @@ -166,7 +166,7 @@ As long as this file descriptor remains open, the namespace will remain alive, even if all processes in the namespace terminate. The file descriptor can be passed to -.BR setns (2). +.MR setns 2 . .P In Linux 3.7 and earlier, these files were visible as hard links. Since Linux 3.8, @@ -185,7 +185,7 @@ symbolic links will be the same; an application can check this using the and .I stat.st_ino fields returned by -.BR stat (2). +.MR stat 2 . The content of this symbolic link is a string containing the namespace type and inode number as in the following example: .P @@ -222,17 +222,17 @@ This handle is permanent for the lifetime of the process This file is a handle for the PID namespace of child processes created by this process. This can change as a consequence of calls to -.BR unshare (2) +.MR unshare 2 and -.BR setns (2) +.MR setns 2 (see -.BR pid_namespaces (7)), +.MR pid_namespaces 7 ), so the file may differ from .IR /proc/ pid /ns/pid . The symbolic link gains a value only after the first child process is created in the namespace. (Beforehand, -.BR readlink (2) +.MR readlink 2 of the symbolic link will return an empty buffer.) .TP .IR /proc/ pid /ns/time " (since Linux 5.6)" @@ -242,11 +242,11 @@ This file is a handle for the time namespace of the process. This file is a handle for the time namespace of child processes created by this process. This can change as a consequence of calls to -.BR unshare (2) +.MR unshare 2 and -.BR setns (2) +.MR setns 2 (see -.BR time_namespaces (7)), +.MR time_namespaces 7 ), so the file may differ from .IR /proc/ pid /ns/time . .TP @@ -258,11 +258,12 @@ This file is a handle for the user namespace of the process. This file is a handle for the UTS namespace of the process. .P Permission to dereference or read -.RB ( readlink (2)) +\%(\c +.MR readlink 2 ) these symbolic links is governed by a ptrace access mode .B PTRACE_MODE_READ_FSCREDS check; see -.BR ptrace (2). +.MR ptrace 2 . .\" .\" ==================== The /proc/sys/user directory ==================== .\" @@ -323,9 +324,9 @@ These limits apply in addition to any other per-namespace limits (such as those for PID and user namespaces) that may be enforced. .IP \[bu] Upon encountering these limits, -.BR clone (2) +.MR clone 2 and -.BR unshare (2) +.MR unshare 2 fail with the error .BR ENOSPC . .IP \[bu] @@ -384,34 +385,34 @@ symbolic link. It is an IPC namespace, and a corresponding mount of an .I mqueue filesystem (see -.BR mq_overview (7)) +.MR mq_overview 7 ) refers to this namespace. .IP \[bu] It is a PID namespace, and a corresponding mount of a -.BR proc (5) +.MR proc 5 filesystem refers to this namespace. .SH EXAMPLES See -.BR clone (2) +.MR clone 2 and -.BR user_namespaces (7). +.MR user_namespaces 7 . .SH SEE ALSO -.BR nsenter (1), -.BR readlink (1), -.BR unshare (1), -.BR clone (2), -.BR ioctl_ns (2), -.BR setns (2), -.BR unshare (2), -.BR proc (5), -.BR capabilities (7), -.BR cgroup_namespaces (7), -.BR cgroups (7), -.BR credentials (7), -.BR ipc_namespaces (7), -.BR network_namespaces (7), -.BR pid_namespaces (7), -.BR user_namespaces (7), -.BR uts_namespaces (7), -.BR lsns (8), -.BR switch_root (8) +.MR nsenter 1 , +.MR readlink 1 , +.MR unshare 1 , +.MR clone 2 , +.MR ioctl_ns 2 , +.MR setns 2 , +.MR unshare 2 , +.MR proc 5 , +.MR capabilities 7 , +.MR cgroup_namespaces 7 , +.MR cgroups 7 , +.MR credentials 7 , +.MR ipc_namespaces 7 , +.MR network_namespaces 7 , +.MR pid_namespaces 7 , +.MR user_namespaces 7 , +.MR uts_namespaces 7 , +.MR lsns 8 , +.MR switch_root 8 |