From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Michael Kerrisk (man-pages)" Subject: Re: For review: user_namespace(7) man page Date: Thu, 11 Sep 2014 07:40:43 -0700 Message-ID: <5411B46B.1080800@gmail.com> References: <53F5310A.5080503@gmail.com> <87d2bhfxvc.fsf@x220.int.ebiederm.org> <540F07CD.3080708@gmail.com> <87oauookq2.fsf@x220.int.ebiederm.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <87oauookq2.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: "Eric W. Biederman" Cc: "linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , richard.weinberger-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, lkml , Andy Lutomirski , mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org List-Id: containers.vger.kernel.org T24gMDkvMDkvMjAxNCAwODo1MSBBTSwgRXJpYyBXLiBCaWVkZXJtYW4gd3JvdGU6Cj4gIk1pY2hh ZWwgS2VycmlzayAobWFuLXBhZ2VzKSIgPG10ay5tYW5wYWdlc0BnbWFpbC5jb20+IHdyaXRlczoK PiAKPj4gT24gMDgvMzAvMjAxNCAwMjo1MyBQTSwgRXJpYyBXLiBCaWVkZXJtYW4gd3JvdGU6Cj4+ PiAiTWljaGFlbCBLZXJyaXNrIChtYW4tcGFnZXMpIiA8bXRrLm1hbnBhZ2VzQGdtYWlsLmNvbT4g d3JpdGVzOgo+PiBbLi4uXQo+Pgo+Pgo+Pj4+ICAgICAgICBUaGUgaW5pdGlhbCB1c2VyIG5hbWVz cGFjZSBoYXMgbm8gcGFyZW50IG5hbWVzcGFjZSwgYnV0LCBmb3IgY29u4oCQCj4+Pj4gICAgICAg IHNpc3RlbmN5LCB0aGUga2VybmVsIHByb3ZpZGVzIGR1bW15IHVzZXIgIGFuZCAgZ3JvdXAgIElE ICBtYXBwaW5nCj4+Pj4gICAgICAgIGZpbGVzICBmb3IgIHRoaXMgbmFtZXNwYWNlLiAgTG9va2lu ZyBhdCB0aGUgdWlkX21hcCBmaWxlIChnaWRfbWFwCj4+Pj4gICAgICAgIGlzIHRoZSBzYW1lKSBm cm9tIGEgc2hlbGwgaW4gdGhlIGluaXRpYWwgbmFtZXNwYWNlIHNob3dzOgo+Pj4+Cj4+Pj4gICAg ICAgICAgICAkIGNhdCAvcHJvYy8kJC91aWRfbWFwCj4+Pj4gICAgICAgICAgICAgICAgICAgICAw ICAgICAgICAgIDAgNDI5NDk2NzI5NQo+Pj4+Cj4+Pj4gICAgICAgIFRoaXMgbWFwcGluZyB0ZWxs cyB1cyB0aGF0IHRoZSByYW5nZSBzdGFydGluZyBhdCAgdXNlciAgSUQgIDAgIGluCj4+Pj4gICAg ICAgIHRoaXMgbmFtZXNwYWNlIG1hcHMgdG8gYSByYW5nZSBzdGFydGluZyBhdCAwIGluIHRoZSAo bm9uZXhpc3RlbnQpCj4+Pj4gICAgICAgIHBhcmVudCBuYW1lc3BhY2UsIGFuZCB0aGUgbGVuZ3Ro IG9mICB0aGUgIHJhbmdlICBpcyAgdGhlICBsYXJnZXN0Cj4+Pj4gICAgICAgIDMyLWJpdCB1bnNp Z25lZCBpbnRlZ2VyLgo+Pj4KPj4+IFdoaWNoIGRlbGliZXJhdGVseSBsZWF2ZXMgNDI5NDk2NzI5 NSAzMmJpdCAoLTEpIHVubWFwcGVkLiAgKHVpZF90KS0xIGlzCj4+PiB1c2VkIGluIHNldmVyYWwg aW50ZXJmYWNlcyAobGlrZSBzZXRyZXVpZCkgYXMgYSB3YXkgdG8gc3BlY2lmeSBubyB1aWQKPj4+ IGxlYXZpbmcgaXQgdW5tYXBwZWQgYW5kIHVudXN1YWJsZSBndWFyYW50ZWVzIHRoYXQgdGhlcmUg d2lsbCBiZSBubwo+Pj4gY29uZnVzaW9uIHdoZW4gdXNpbmcgdGhvc2Uga2VybmVsIG1ldGhvZHMu Cj4+Cj4+IFNvLCBJIHdvcmtlZCB0aGF0IHBpZWNlIGludG8gdGhlIHRleHQgdG8gZ2l2ZToKPj4K Pj4gICAgICAgIFRoaXMgIG1hcHBpbmcgIHRlbGxzIHVzIHRoYXQgdGhlIHJhbmdlIHN0YXJ0aW5n IGF0IHVzZXIgSUQgMCBpbgo+PiAgICAgICAgdGhpcyBuYW1lc3BhY2UgbWFwcyB0byBhIHJhbmdl IHN0YXJ0aW5nIGF0IDAgaW4gIHRoZSAgKG5vbmV4aXPigJAKPj4gICAgICAgIHRlbnQpICBwYXJl bnQgIG5hbWVzcGFjZSwgIGFuZCAgdGhlICBsZW5ndGggb2YgdGhlIHJhbmdlIGlzIHRoZQo+PiAg ICAgICAgbGFyZ2VzdCAzMi1iaXQgdW5zaWduZWQgIGludGVnZXIuICAgKFRoaXMgIGRlbGliZXJh dGVseSAgbGVhdmVzCj4+ICAgICAgICA0Mjk0OTY3Mjk1ICAodGhlICAzMi1iaXQgIHNpZ25lZCAg LTEgIHZhbHVlKSB1bm1hcHBlZC4gIFRoaXMgaXMKPj4gICAgICAgIGRlbGliZXJhdGU6ICh1aWRf dCkgLTEgaXMgdXNlZCAgaW4gIHNldmVyYWwgIGludGVyZmFjZXMgIChlLmcuLAo+PiAgICAgICAg c2V0cmV1aWQoMikpICBhcyAgYSAgd2F5ICB0byAgc3BlY2lmeSAgIm5vICB1c2VyICBJRCIuICBM ZWF2aW5nCj4+ICAgICAgICBzZXRyZXVpZCgyKSkgdW5tYXBwZWQgYW5kIHVudXN1YWJsZSBndWFy YW50ZWVzIHRoYXQgdGhlcmUgIHdpbGwKPiAgICAgICAgICBeXl5eICh1aWRfdCkgLTEgKG5vdCBz ZXRyZXVpZCgyKQo+PiAgICAgICAgYmUgbm8gY29uZnVzaW9uIHdoZW4gdXNpbmcgdGhlc2UgaW50 ZXJmYWNlcy4KPj4KPj4gT2theT8KPiAKPiBPdGhlciB0aGFuIHRoZSB0eXBvIGZpeCBhYm92ZSB0 aGlzIGxvb2tzIGdvb2QuCgpBaGhoIC0tIHRoYW5rcyBmb3IgY2F0Y2hpbmcgdGhhdCwgRXJpYy4g Rml4ZWQgbm93LgoKQ2hlZXJzLAoKTWljaGFlbAoKCi0tIApNaWNoYWVsIEtlcnJpc2sKTGludXgg bWFuLXBhZ2VzIG1haW50YWluZXI7IGh0dHA6Ly93d3cua2VybmVsLm9yZy9kb2MvbWFuLXBhZ2Vz LwpMaW51eC9VTklYIFN5c3RlbSBQcm9ncmFtbWluZyBUcmFpbmluZzogaHR0cDovL21hbjcub3Jn L3RyYWluaW5nLwpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f XwpDb250YWluZXJzIG1haWxpbmcgbGlzdApDb250YWluZXJzQGxpc3RzLmxpbnV4LWZvdW5kYXRp b24ub3JnCmh0dHBzOi8vbGlzdHMubGludXhmb3VuZGF0aW9uLm9yZy9tYWlsbWFuL2xpc3RpbmZv L2NvbnRhaW5lcnM= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756034AbaIKOkv (ORCPT ); Thu, 11 Sep 2014 10:40:51 -0400 Received: from mail-pd0-f173.google.com ([209.85.192.173]:59711 "EHLO mail-pd0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755861AbaIKOks (ORCPT ); Thu, 11 Sep 2014 10:40:48 -0400 Message-ID: <5411B46B.1080800@gmail.com> Date: Thu, 11 Sep 2014 07:40:43 -0700 From: "Michael Kerrisk (man-pages)" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.7.0 MIME-Version: 1.0 To: "Eric W. Biederman" CC: mtk.manpages@gmail.com, lkml , "linux-man@vger.kernel.org" , containers@lists.linux-foundation.org, Andy Lutomirski , richard.weinberger@gmail.com, "Serge E. Hallyn" Subject: Re: For review: user_namespace(7) man page References: <53F5310A.5080503@gmail.com> <87d2bhfxvc.fsf@x220.int.ebiederm.org> <540F07CD.3080708@gmail.com> <87oauookq2.fsf@x220.int.ebiederm.org> In-Reply-To: <87oauookq2.fsf@x220.int.ebiederm.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 09/09/2014 08:51 AM, Eric W. Biederman wrote: > "Michael Kerrisk (man-pages)" writes: > >> On 08/30/2014 02:53 PM, Eric W. Biederman wrote: >>> "Michael Kerrisk (man-pages)" writes: >> [...] >> >> >>>> The initial user namespace has no parent namespace, but, for con‐ >>>> sistency, the kernel provides dummy user and group ID mapping >>>> files for this namespace. Looking at the uid_map file (gid_map >>>> is the same) from a shell in the initial namespace shows: >>>> >>>> $ cat /proc/$$/uid_map >>>> 0 0 4294967295 >>>> >>>> This mapping tells us that the range starting at user ID 0 in >>>> this namespace maps to a range starting at 0 in the (nonexistent) >>>> parent namespace, and the length of the range is the largest >>>> 32-bit unsigned integer. >>> >>> Which deliberately leaves 4294967295 32bit (-1) unmapped. (uid_t)-1 is >>> used in several interfaces (like setreuid) as a way to specify no uid >>> leaving it unmapped and unusuable guarantees that there will be no >>> confusion when using those kernel methods. >> >> So, I worked that piece into the text to give: >> >> This mapping tells us that the range starting at user ID 0 in >> this namespace maps to a range starting at 0 in the (nonexis‐ >> tent) parent namespace, and the length of the range is the >> largest 32-bit unsigned integer. (This deliberately leaves >> 4294967295 (the 32-bit signed -1 value) unmapped. This is >> deliberate: (uid_t) -1 is used in several interfaces (e.g., >> setreuid(2)) as a way to specify "no user ID". Leaving >> setreuid(2)) unmapped and unusuable guarantees that there will > ^^^^ (uid_t) -1 (not setreuid(2) >> be no confusion when using these interfaces. >> >> Okay? > > Other than the typo fix above this looks good. Ahhh -- thanks for catching that, Eric. Fixed now. Cheers, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/