|
|
531551 |
diff -up util-linux-2.23.2/sys-utils/nsenter.1.kzak util-linux-2.23.2/sys-utils/nsenter.1
|
|
|
531551 |
--- util-linux-2.23.2/sys-utils/nsenter.1.kzak 2014-03-12 12:39:19.283577293 +0100
|
|
|
531551 |
+++ util-linux-2.23.2/sys-utils/nsenter.1 2014-03-12 12:42:08.930336415 +0100
|
|
|
531551 |
@@ -47,12 +47,7 @@ flag).
|
|
|
531551 |
will fork by default if changing the PID namespace, so that the new program
|
|
|
531551 |
and its children share the same PID namespace and are visible to each other.
|
|
|
531551 |
If \-\-no\-fork is used, the new program will be exec'ed without forking.
|
|
|
531551 |
-.TP
|
|
|
531551 |
-.B user namespace
|
|
|
531551 |
-process will have distinct set of UIDs, GIDs and capabilities
|
|
|
531551 |
-.RB ( CLONE_\:NEWUSER
|
|
|
531551 |
-flag).
|
|
|
531551 |
-.TP
|
|
|
531551 |
+.PP
|
|
|
531551 |
See the
|
|
|
531551 |
.BR clone (2)
|
|
|
531551 |
for exact semantics of the flags.
|
|
|
531551 |
@@ -88,9 +83,6 @@ the network namespace
|
|
|
531551 |
/proc/\fIpid\fR/ns/pid
|
|
|
531551 |
the PID namespace
|
|
|
531551 |
.TP
|
|
|
531551 |
-/proc/\fIpid\fR/ns/user
|
|
|
531551 |
-the user namespace
|
|
|
531551 |
-.TP
|
|
|
531551 |
/proc/\fIpid\fR/root
|
|
|
531551 |
the root directory
|
|
|
531551 |
.TP
|
|
|
531551 |
@@ -124,11 +116,6 @@ Enter the PID namespace. If no file is
|
|
|
531551 |
the target process. If file is specified enter the PID namespace specified by
|
|
|
531551 |
file.
|
|
|
531551 |
.TP
|
|
|
531551 |
-\fB\-U\fR, \fB\-\-user\fR [\fIfile\fR]
|
|
|
531551 |
-Enter the user namespace. If no file is specified enter the user namespace of
|
|
|
531551 |
-the target process. If file is specified enter the user namespace specified by
|
|
|
531551 |
-file.
|
|
|
531551 |
-.TP
|
|
|
531551 |
\fB\-r\fR, \fB\-\-root\fR [\fIdirectory\fR]
|
|
|
531551 |
Set the root directory. If no directory is specified set the root directory to
|
|
|
531551 |
the root directory of the target process. If directory is specified set the
|
|
|
531551 |
diff -up util-linux-2.23.2/sys-utils/nsenter.c.kzak util-linux-2.23.2/sys-utils/nsenter.c
|
|
|
531551 |
--- util-linux-2.23.2/sys-utils/nsenter.c.kzak 2014-03-12 12:39:10.402485179 +0100
|
|
|
531551 |
+++ util-linux-2.23.2/sys-utils/nsenter.c 2014-03-12 12:44:07.986570461 +0100
|
|
|
531551 |
@@ -42,12 +42,7 @@ static struct namespace_file {
|
|
|
531551 |
int fd;
|
|
|
531551 |
} namespace_files[] = {
|
|
|
531551 |
/* Careful the order is significant in this array.
|
|
|
531551 |
- *
|
|
|
531551 |
- * The user namespace comes first, so that it is entered
|
|
|
531551 |
- * first. This gives an unprivileged user the potential to
|
|
|
531551 |
- * enter the other namespaces.
|
|
|
531551 |
*/
|
|
|
531551 |
- { .nstype = CLONE_NEWUSER, .name = "ns/user", .fd = -1 },
|
|
|
531551 |
{ .nstype = CLONE_NEWIPC, .name = "ns/ipc", .fd = -1 },
|
|
|
531551 |
{ .nstype = CLONE_NEWUTS, .name = "ns/uts", .fd = -1 },
|
|
|
531551 |
{ .nstype = CLONE_NEWNET, .name = "ns/net", .fd = -1 },
|
|
|
531551 |
@@ -71,7 +66,6 @@ static void usage(int status)
|
|
|
531551 |
fputs(_(" -i, --ipc [=<file>] enter System V IPC namespace\n"), out);
|
|
|
531551 |
fputs(_(" -n, --net [=<file>] enter network namespace\n"), out);
|
|
|
531551 |
fputs(_(" -p, --pid [=<file>] enter pid namespace\n"), out);
|
|
|
531551 |
- fputs(_(" -U, --user [=<file>] enter user namespace\n"), out);
|
|
|
531551 |
fputs(_(" -r, --root [=<dir>] set the root directory\n"), out);
|
|
|
531551 |
fputs(_(" -w, --wd [=<dir>] set the working directory\n"), out);
|
|
|
531551 |
fputs(_(" -F, --no-fork do not fork before exec'ing <program>\n"), out);
|
|
|
531551 |
@@ -168,7 +162,6 @@ int main(int argc, char *argv[])
|
|
|
531551 |
{ "ipc", optional_argument, NULL, 'i' },
|
|
|
531551 |
{ "net", optional_argument, NULL, 'n' },
|
|
|
531551 |
{ "pid", optional_argument, NULL, 'p' },
|
|
|
531551 |
- { "user", optional_argument, NULL, 'U' },
|
|
|
531551 |
{ "root", optional_argument, NULL, 'r' },
|
|
|
531551 |
{ "wd", optional_argument, NULL, 'w' },
|
|
|
531551 |
{ "no-fork", no_argument, NULL, 'F' },
|
|
|
531551 |
@@ -186,7 +179,7 @@ int main(int argc, char *argv[])
|
|
|
531551 |
atexit(close_stdout);
|
|
|
531551 |
|
|
|
531551 |
while ((c =
|
|
|
531551 |
- getopt_long(argc, argv, "hVt:m::u::i::n::p::U::r::w::F",
|
|
|
531551 |
+ getopt_long(argc, argv, "hVt:m::u::i::n::p::r::w::F",
|
|
|
531551 |
longopts, NULL)) != -1) {
|
|
|
531551 |
switch (c) {
|
|
|
531551 |
case 'h':
|
|
|
531551 |
@@ -228,12 +221,6 @@ int main(int argc, char *argv[])
|
|
|
531551 |
else
|
|
|
531551 |
namespaces |= CLONE_NEWPID;
|
|
|
531551 |
break;
|
|
|
531551 |
- case 'U':
|
|
|
531551 |
- if (optarg)
|
|
|
531551 |
- open_namespace_fd(CLONE_NEWUSER, optarg);
|
|
|
531551 |
- else
|
|
|
531551 |
- namespaces |= CLONE_NEWUSER;
|
|
|
531551 |
- break;
|
|
|
531551 |
case 'F':
|
|
|
531551 |
do_fork = 0;
|
|
|
531551 |
break;
|
|
|
531551 |
diff -up util-linux-2.23.2/sys-utils/unshare.1.kzak util-linux-2.23.2/sys-utils/unshare.1
|
|
|
531551 |
--- util-linux-2.23.2/sys-utils/unshare.1.kzak 2014-03-12 12:39:41.367806340 +0100
|
|
|
531551 |
+++ util-linux-2.23.2/sys-utils/unshare.1 2014-03-12 12:40:25.186260760 +0100
|
|
|
531551 |
@@ -34,9 +34,6 @@ etc. (\fBCLONE_NEWNET\fP flag).
|
|
|
531551 |
.BR "pid namespace"
|
|
|
531551 |
children will have a distinct set of pid to process mappings than their parent.
|
|
|
531551 |
(\fBCLONE_NEWPID\fP flag).
|
|
|
531551 |
-.TP
|
|
|
531551 |
-.BR "user namespace"
|
|
|
531551 |
-process will have distinct set of uids, gids and capabilities. (\fBCLONE_NEWUSER\fP flag).
|
|
|
531551 |
.PP
|
|
|
531551 |
See the \fBclone\fR(2) for exact semantics of the flags.
|
|
|
531551 |
.SH OPTIONS
|
|
|
531551 |
@@ -58,9 +55,6 @@ Unshare the network namespace.
|
|
|
531551 |
.TP
|
|
|
531551 |
.BR \-p , " \-\-pid"
|
|
|
531551 |
Unshare the pid namespace.
|
|
|
531551 |
-.TP
|
|
|
531551 |
-.BR \-U , " \-\-user"
|
|
|
531551 |
-Unshare the user namespace.
|
|
|
531551 |
.SH SEE ALSO
|
|
|
531551 |
.BR unshare (2),
|
|
|
531551 |
.BR clone (2)
|
|
|
531551 |
diff -up util-linux-2.23.2/sys-utils/unshare.c.kzak util-linux-2.23.2/sys-utils/unshare.c
|
|
|
531551 |
--- util-linux-2.23.2/sys-utils/unshare.c.kzak 2014-03-12 12:39:46.385858383 +0100
|
|
|
531551 |
+++ util-linux-2.23.2/sys-utils/unshare.c 2014-03-12 12:44:49.955005384 +0100
|
|
|
531551 |
@@ -45,7 +45,6 @@ static void usage(int status)
|
|
|
531551 |
fputs(_(" -i, --ipc unshare System V IPC namespace\n"), out);
|
|
|
531551 |
fputs(_(" -n, --net unshare network namespace\n"), out);
|
|
|
531551 |
fputs(_(" -p, --pid unshare pid namespace\n"), out);
|
|
|
531551 |
- fputs(_(" -U, --user unshare user namespace\n"), out);
|
|
|
531551 |
|
|
|
531551 |
fputs(USAGE_SEPARATOR, out);
|
|
|
531551 |
fputs(USAGE_HELP, out);
|
|
|
531551 |
@@ -65,7 +64,6 @@ int main(int argc, char *argv[])
|
|
|
531551 |
{ "ipc", no_argument, 0, 'i' },
|
|
|
531551 |
{ "net", no_argument, 0, 'n' },
|
|
|
531551 |
{ "pid", no_argument, 0, 'p' },
|
|
|
531551 |
- { "user", no_argument, 0, 'U' },
|
|
|
531551 |
{ NULL, 0, 0, 0 }
|
|
|
531551 |
};
|
|
|
531551 |
|
|
|
531551 |
@@ -78,7 +76,7 @@ int main(int argc, char *argv[])
|
|
|
531551 |
textdomain(PACKAGE);
|
|
|
531551 |
atexit(close_stdout);
|
|
|
531551 |
|
|
|
531551 |
- while ((c = getopt_long(argc, argv, "hVmuinpU", longopts, NULL)) != -1) {
|
|
|
531551 |
+ while ((c = getopt_long(argc, argv, "hVmuinp", longopts, NULL)) != -1) {
|
|
|
531551 |
switch (c) {
|
|
|
531551 |
case 'h':
|
|
|
531551 |
usage(EXIT_SUCCESS);
|
|
|
531551 |
@@ -100,9 +98,6 @@ int main(int argc, char *argv[])
|
|
|
531551 |
case 'p':
|
|
|
531551 |
unshare_flags |= CLONE_NEWPID;
|
|
|
531551 |
break;
|
|
|
531551 |
- case 'U':
|
|
|
531551 |
- unshare_flags |= CLONE_NEWUSER;
|
|
|
531551 |
- break;
|
|
|
531551 |
default:
|
|
|
531551 |
usage(EXIT_FAILURE);
|
|
|
531551 |
}
|