| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Use the correct macro (I, B) for the font change of one argument, not
those that are used for alternating two fonts, like "BR", "IR", "RB",
or "RI".
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
|
|
|
|
|
|
|
| |
The "program" is optional and $SHELL is executed by default.
Addresses: https://github.com/karelzak/util-linux/issues/389
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
| |
The links to ftp://ftp.kernel.org/ are replaced by
https://www.kernel.org/.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
| |
Let's make it easy for users to enter target process namespaces.
Addresses: https://github.com/karelzak/util-linux/issues/382
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
| |
Add formatting for 'file' argument used by various options.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
|
|
| |
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
|
|
|
|
|
|
| |
As described in pid_namespaces(7), IPC namespaces also
isolate POSIX message queues. Update the unshare(1)
and nsenter(1) pages to clarify that.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
|
|
|
|
|
|
| |
For each namespace that is discussed, add more explicit
references to the corresponding clone(2) flags and
add references to relevant section 7 namespace pages.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
|
|
|
|
| |
Rationale: both of these pages are about namespaces.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch does only the following:
* Order SEE ALSO entries first by section name, then alphabetically
within section
* Adds one or two missing commas in SEE ALSO lists
* Removes one or two periods that were (inconsistently) used
at the end of SEE ALSO lists.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
|
|
|
|
|
|
| |
Currently these are supported in #for-next.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
|
|
|
|
|
|
|
|
| |
The new context is copied from --target <PID>. This solution allows to
keep SELinux happy when you enter container by nsenter(1).
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1116100
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: J William Piggott <elseifthen@gmx.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new option --preserve-credentials completely disables all
operations related to UIGs and GIDs.
The patch also calls setgroups() before we enter user namespace (so
root can always clear their groups) and after we enter user namespace
(to detect /proc/self/setgroups "deny"). If both fail then nsenter
complains.
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Now it's possible to set UID and GID for user namespaces only. This
patch removes this restriction and allow to use --set{uid,gid} in all
cases. The default for user namespaces is still GID=0, UID=0.
Reported-by: Tomas Doran <bobtfish@bobtfish.net>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
| |
Also, for renice, adapt the descriptions to the behaviour: the -g,
-p and -u options do not actually need to be followed by any ID.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
|
|
|
|
| |
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
|
|
|
|
| |
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using -S (--setuid) and -G (--setgid) one can select the uid/gid which
will be used in the entered user namespace.
[kzak@redhat.com: - use setuid/gid unconditionally (always),
- update man page]
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
|
|
|
|
|
|
|
| |
- spell abbreviations with capital letters
- fix the names of a few options and files
Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The behaviour mimics chroot.
Possibly it would have been nicer to to query the password database in
the new namepace and run the shell of the user there, but it's hard to
do correctly. getpwuid() might need to load nss plugins, and the arch
in the new namespace might be different (in case of NEWNS mounts), or
the hostname might be different, etc. So in general it's not possible
to do it reliably.
Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most visible change; the --target option has a path - explanation table
instead a long paragraph. This makes pairing of the information easier
for an average user such as me.
The rest of the changes are about aligning with howto, i.e., fix spaces
after dots, URL & mail address macros, remove inline emphasis where
possible, mark directory paths and words with underscore to be line
breakable, use optional option syntax from howto, cut line lenght to 80
chars.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
|
|
|
|
| |
The naming of this option was really confusing.
Just rename it for clarity.
[kzak@redhat.com: rebase to original code without --all]
Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
Inspired by unshare, nsenter is a simple wrapper around setns that
allows running a new process in the context of an existing process.
Full paths may be specified to the namespace arguments so that
namespace file descriptors may be used wherever they reside in the
filesystem.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|