You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
154 lines
5.7 KiB
154 lines
5.7 KiB
diff -up util-linux-2.23.2/sys-utils/nsenter.1.kzak util-linux-2.23.2/sys-utils/nsenter.1 |
|
--- util-linux-2.23.2/sys-utils/nsenter.1.kzak 2014-03-12 12:39:19.283577293 +0100 |
|
+++ util-linux-2.23.2/sys-utils/nsenter.1 2014-03-12 12:42:08.930336415 +0100 |
|
@@ -47,12 +47,7 @@ flag). |
|
will fork by default if changing the PID namespace, so that the new program |
|
and its children share the same PID namespace and are visible to each other. |
|
If \-\-no\-fork is used, the new program will be exec'ed without forking. |
|
-.TP |
|
-.B user namespace |
|
-process will have distinct set of UIDs, GIDs and capabilities |
|
-.RB ( CLONE_\:NEWUSER |
|
-flag). |
|
-.TP |
|
+.PP |
|
See the |
|
.BR clone (2) |
|
for exact semantics of the flags. |
|
@@ -88,9 +83,6 @@ the network namespace |
|
/proc/\fIpid\fR/ns/pid |
|
the PID namespace |
|
.TP |
|
-/proc/\fIpid\fR/ns/user |
|
-the user namespace |
|
-.TP |
|
/proc/\fIpid\fR/root |
|
the root directory |
|
.TP |
|
@@ -124,11 +116,6 @@ Enter the PID namespace. If no file is |
|
the target process. If file is specified enter the PID namespace specified by |
|
file. |
|
.TP |
|
-\fB\-U\fR, \fB\-\-user\fR [\fIfile\fR] |
|
-Enter the user namespace. If no file is specified enter the user namespace of |
|
-the target process. If file is specified enter the user namespace specified by |
|
-file. |
|
-.TP |
|
\fB\-r\fR, \fB\-\-root\fR [\fIdirectory\fR] |
|
Set the root directory. If no directory is specified set the root directory to |
|
the root directory of the target process. If directory is specified set the |
|
diff -up util-linux-2.23.2/sys-utils/nsenter.c.kzak util-linux-2.23.2/sys-utils/nsenter.c |
|
--- util-linux-2.23.2/sys-utils/nsenter.c.kzak 2014-03-12 12:39:10.402485179 +0100 |
|
+++ util-linux-2.23.2/sys-utils/nsenter.c 2014-03-12 12:44:07.986570461 +0100 |
|
@@ -42,12 +42,7 @@ static struct namespace_file { |
|
int fd; |
|
} namespace_files[] = { |
|
/* Careful the order is significant in this array. |
|
- * |
|
- * The user namespace comes first, so that it is entered |
|
- * first. This gives an unprivileged user the potential to |
|
- * enter the other namespaces. |
|
*/ |
|
- { .nstype = CLONE_NEWUSER, .name = "ns/user", .fd = -1 }, |
|
{ .nstype = CLONE_NEWIPC, .name = "ns/ipc", .fd = -1 }, |
|
{ .nstype = CLONE_NEWUTS, .name = "ns/uts", .fd = -1 }, |
|
{ .nstype = CLONE_NEWNET, .name = "ns/net", .fd = -1 }, |
|
@@ -71,7 +66,6 @@ static void usage(int status) |
|
fputs(_(" -i, --ipc [=<file>] enter System V IPC namespace\n"), out); |
|
fputs(_(" -n, --net [=<file>] enter network namespace\n"), out); |
|
fputs(_(" -p, --pid [=<file>] enter pid namespace\n"), out); |
|
- fputs(_(" -U, --user [=<file>] enter user namespace\n"), out); |
|
fputs(_(" -r, --root [=<dir>] set the root directory\n"), out); |
|
fputs(_(" -w, --wd [=<dir>] set the working directory\n"), out); |
|
fputs(_(" -F, --no-fork do not fork before exec'ing <program>\n"), out); |
|
@@ -168,7 +162,6 @@ int main(int argc, char *argv[]) |
|
{ "ipc", optional_argument, NULL, 'i' }, |
|
{ "net", optional_argument, NULL, 'n' }, |
|
{ "pid", optional_argument, NULL, 'p' }, |
|
- { "user", optional_argument, NULL, 'U' }, |
|
{ "root", optional_argument, NULL, 'r' }, |
|
{ "wd", optional_argument, NULL, 'w' }, |
|
{ "no-fork", no_argument, NULL, 'F' }, |
|
@@ -186,7 +179,7 @@ int main(int argc, char *argv[]) |
|
atexit(close_stdout); |
|
|
|
while ((c = |
|
- getopt_long(argc, argv, "hVt:m::u::i::n::p::U::r::w::F", |
|
+ getopt_long(argc, argv, "hVt:m::u::i::n::p::r::w::F", |
|
longopts, NULL)) != -1) { |
|
switch (c) { |
|
case 'h': |
|
@@ -228,12 +221,6 @@ int main(int argc, char *argv[]) |
|
else |
|
namespaces |= CLONE_NEWPID; |
|
break; |
|
- case 'U': |
|
- if (optarg) |
|
- open_namespace_fd(CLONE_NEWUSER, optarg); |
|
- else |
|
- namespaces |= CLONE_NEWUSER; |
|
- break; |
|
case 'F': |
|
do_fork = 0; |
|
break; |
|
diff -up util-linux-2.23.2/sys-utils/unshare.1.kzak util-linux-2.23.2/sys-utils/unshare.1 |
|
--- util-linux-2.23.2/sys-utils/unshare.1.kzak 2014-03-12 12:39:41.367806340 +0100 |
|
+++ util-linux-2.23.2/sys-utils/unshare.1 2014-03-12 12:40:25.186260760 +0100 |
|
@@ -34,9 +34,6 @@ etc. (\fBCLONE_NEWNET\fP flag). |
|
.BR "pid namespace" |
|
children will have a distinct set of pid to process mappings than their parent. |
|
(\fBCLONE_NEWPID\fP flag). |
|
-.TP |
|
-.BR "user namespace" |
|
-process will have distinct set of uids, gids and capabilities. (\fBCLONE_NEWUSER\fP flag). |
|
.PP |
|
See the \fBclone\fR(2) for exact semantics of the flags. |
|
.SH OPTIONS |
|
@@ -58,9 +55,6 @@ Unshare the network namespace. |
|
.TP |
|
.BR \-p , " \-\-pid" |
|
Unshare the pid namespace. |
|
-.TP |
|
-.BR \-U , " \-\-user" |
|
-Unshare the user namespace. |
|
.SH SEE ALSO |
|
.BR unshare (2), |
|
.BR clone (2) |
|
diff -up util-linux-2.23.2/sys-utils/unshare.c.kzak util-linux-2.23.2/sys-utils/unshare.c |
|
--- util-linux-2.23.2/sys-utils/unshare.c.kzak 2014-03-12 12:39:46.385858383 +0100 |
|
+++ util-linux-2.23.2/sys-utils/unshare.c 2014-03-12 12:44:49.955005384 +0100 |
|
@@ -45,7 +45,6 @@ static void usage(int status) |
|
fputs(_(" -i, --ipc unshare System V IPC namespace\n"), out); |
|
fputs(_(" -n, --net unshare network namespace\n"), out); |
|
fputs(_(" -p, --pid unshare pid namespace\n"), out); |
|
- fputs(_(" -U, --user unshare user namespace\n"), out); |
|
|
|
fputs(USAGE_SEPARATOR, out); |
|
fputs(USAGE_HELP, out); |
|
@@ -65,7 +64,6 @@ int main(int argc, char *argv[]) |
|
{ "ipc", no_argument, 0, 'i' }, |
|
{ "net", no_argument, 0, 'n' }, |
|
{ "pid", no_argument, 0, 'p' }, |
|
- { "user", no_argument, 0, 'U' }, |
|
{ NULL, 0, 0, 0 } |
|
}; |
|
|
|
@@ -78,7 +76,7 @@ int main(int argc, char *argv[]) |
|
textdomain(PACKAGE); |
|
atexit(close_stdout); |
|
|
|
- while ((c = getopt_long(argc, argv, "hVmuinpU", longopts, NULL)) != -1) { |
|
+ while ((c = getopt_long(argc, argv, "hVmuinp", longopts, NULL)) != -1) { |
|
switch (c) { |
|
case 'h': |
|
usage(EXIT_SUCCESS); |
|
@@ -100,9 +98,6 @@ int main(int argc, char *argv[]) |
|
case 'p': |
|
unshare_flags |= CLONE_NEWPID; |
|
break; |
|
- case 'U': |
|
- unshare_flags |= CLONE_NEWUSER; |
|
- break; |
|
default: |
|
usage(EXIT_FAILURE); |
|
}
|
|
|