diff options
| author | Karel Zak | 2015-03-18 15:13:15 +0100 |
|---|---|---|
| committer | Karel Zak | 2015-03-23 10:12:48 +0100 |
| commit | f0f22e9c6f109f8c1234caa3173368ef43b023eb (patch) | |
| tree | 0a158f6b5d92b57ca0c9ac97fb093f1e1d176348 /sys-utils/unshare.1 | |
| parent | nsenter: add -Z to set selinux context (diff) | |
| download | kernel-qcow2-util-linux-f0f22e9c6f109f8c1234caa3173368ef43b023eb.tar.gz kernel-qcow2-util-linux-f0f22e9c6f109f8c1234caa3173368ef43b023eb.tar.xz kernel-qcow2-util-linux-f0f22e9c6f109f8c1234caa3173368ef43b023eb.zip | |
unshare: add --propagation, use MS_PRIVATE by default
After "unshare --mount" users assume that mount operations within the
new namespaces are unshared (invisible for the rest of the system).
Unfortunately, this is not true and the behavior depends on the
current mount propagation setting. The kernel default is "private",
but for example systemd based distros use "shared". The solution is to
use (for example) "mount --make-private" after unshare(1).
I have been requested many times to provide less fragile and more
unified unshared mount setting *by default* to make things user
friendly.
The patch forces unshare(1) to explicitly use MS_REC|MS_PRIVATE for all
tree by default.
We can use something less (e.g MS_SLAVE), but "private" is the kernel
default, so for many users this change (feature) will be invisible.
This feature is possible to disable by "--propagation unchanged" or it's
possible to specify another propagation flag, supported are:
<slave|shared|private|unchanged>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'sys-utils/unshare.1')
| -rw-r--r-- | sys-utils/unshare.1 | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/sys-utils/unshare.1 b/sys-utils/unshare.1 index 99a0d0ae4..6fc71f4f7 100644 --- a/sys-utils/unshare.1 +++ b/sys-utils/unshare.1 @@ -14,12 +14,14 @@ options. Unshareable namespaces are: .BR "mount namespace" Mounting and unmounting filesystems will not affect the rest of the system (\fBCLONE_NEWNS\fP flag), except for filesystems which are explicitly marked as -shared (with \fBmount --make-shared\fP; see \fI/proc/self/mountinfo\fP for the -\fBshared\fP flags). +shared (with \fBmount --make-shared\fP; see \fI/proc/self/mountinfo\fP or +\fBfindmnt -o+PROPAGATION\fP for the \fBshared\fP flags). .sp -It's recommended to use \fBmount --make-rprivate\fP or \fBmount --make-rslave\fP -after \fBunshare --mount\fP to make sure that mountpoints in the new namespace -are really unshared from the parental namespace. +.B unshare +since util-linux version 2.27 automatically sets propagation to \fBprivate\fP +in the new mount namespace to make sure that the new namespace is really +unshared. This feature is possible to disable by option \fB\-\-propagation unchanged\fP. +Note that \fBprivate\fP is the kernel default. .TP .BR "UTS namespace" Setting hostname or domainname will not affect the rest of the system. @@ -84,7 +86,13 @@ the mount namespace) even when run unprivileged. As a mere convenience feature, more sophisticated use cases, such as mapping multiple ranges of UIDs and GIDs. This option implies --setgroups=deny. .TP -.BR \-s , " \-\-setgroups \fIallow|deny\fP" +.BR "\-\-propagation \fIprivate|shared|slave|unchanged\fP" +Recursively sets mount propagation flag in the new mount namespace. The default +is to set the propagation to \fIprivate\fP, this feature is possible to disable +by \fIunchanged\fP argument. The options is silently ignored when mount namespace (\fB\-\-mount\fP) +is not requested. +.TP +.BR "\-\-setgroups \fIallow|deny\fP" Allow or deny .BR setgroups (2) syscall in user namespaces. |