summaryrefslogtreecommitdiffstats
path: root/sys-utils
diff options
context:
space:
mode:
authorKarel Zak2017-02-27 12:09:35 +0100
committerKarel Zak2017-02-27 12:09:35 +0100
commit86b6d7f4346c6b85c60aaae993ce5b27dfff6bea (patch)
tree178e47dace3896caa9ff850d20d3bae36ab2271e /sys-utils
parentdocs: add note about branches to README (diff)
downloadkernel-qcow2-util-linux-86b6d7f4346c6b85c60aaae993ce5b27dfff6bea.tar.gz
kernel-qcow2-util-linux-86b6d7f4346c6b85c60aaae993ce5b27dfff6bea.tar.xz
kernel-qcow2-util-linux-86b6d7f4346c6b85c60aaae993ce5b27dfff6bea.zip
unshare: add note about sysfs and procfs
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1390057 Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'sys-utils')
-rw-r--r--sys-utils/unshare.15
1 files changed, 5 insertions, 0 deletions
diff --git a/sys-utils/unshare.1 b/sys-utils/unshare.1
index 7c7d144d1..dd12c7446 100644
--- a/sys-utils/unshare.1
+++ b/sys-utils/unshare.1
@@ -183,6 +183,11 @@ Display version information and exit.
.TP
.BR \-h , " \-\-help"
Display help text and exit.
+.SH NOTES
+The proc and sysfs filesystems mounting as root in a user namespace have to be
+restricted so that a less privileged user can not get more access to sensitive
+files that a more privileged user made unavailable. In short the rule for proc
+and sysfs is as close to a bind mount as possible.
.SH EXAMPLES
.TP
.B # unshare --fork --pid --mount-proc readlink /proc/self