From 355ee3b8981ed4990fd069b097dd8ae0f7373920 Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Fri, 20 Mar 2015 15:26:58 +0100 Subject: nsenter: add -Z to set selinux context The new context is copied from --target . This solution allows to keep SELinux happy when you enter container by nsenter(1). Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1116100 Signed-off-by: Karel Zak --- sys-utils/nsenter.1 | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'sys-utils/nsenter.1') diff --git a/sys-utils/nsenter.1 b/sys-utils/nsenter.1 index 8a3b25ecc..79fc2e5c6 100644 --- a/sys-utils/nsenter.1 +++ b/sys-utils/nsenter.1 @@ -155,6 +155,11 @@ Do not fork before exec'ing the specified program. By default, when entering a PID namespace, \fBnsenter\fP calls \fBfork\fP before calling \fBexec\fP so that any children will also be in the newly entered PID namespace. .TP +\fB\-Z\fR, \fB\-\-follow\-context\fR +Set the SELinux security context used for executing a new process according to +already running process specified by \fB\-\-target\fR PID. (The util-linux has +to be compiled with SELinux support otherwise the option is unavailable.) +.TP \fB\-V\fR, \fB\-\-version\fR Display version information and exit. .TP @@ -163,10 +168,14 @@ Display help text and exit. .SH SEE ALSO .BR setns (2), .BR clone (2) -.SH AUTHOR -.MT ebiederm@xmission.com +.SH AUTHORS +.UR biederm@xmission.com Eric Biederman -.ME +.UE +.br +.UR kzak@redhat.com +Karel Zak +.UE .SH AVAILABILITY The nsenter command is part of the util-linux package and is available from .UR ftp://\:ftp.kernel.org\:/pub\:/linux\:/utils\:/util-linux/ -- cgit v1.2.3-55-g7522