Document checks performed by newgidmap/newuidmap

* man/newgidmap.1.xml: Document the checks performed before
	setting the mapping in /proc.
	* man/newuidmap.1.xml: Likewise.
This commit is contained in:
Nicolas François 2013-08-13 19:38:41 +02:00
parent e1a4b6e57b
commit 29bd7e1929
3 changed files with 25 additions and 0 deletions

View File

@ -1,3 +1,9 @@
2013-08-13 Nicolas François <nicolas.francois@centraliens.net>
* man/newgidmap.1.xml: Document the checks performed before
setting the mapping in /proc.
* man/newuidmap.1.xml: Likewise.
2013-08-13 Nicolas François <nicolas.francois@centraliens.net>
* libmisc/idmapping.h: Document what the upper and lower fields

View File

@ -116,6 +116,16 @@
</varlistentry>
</variablelist>
</para>
<para>
<command>newgidmap</command> verifies that the caller is the owner
of the process indicated by <option>pid</option> and that for each
of the above sets, each of the GIDs in the range [lowergid,
lowergid+count] is allowed to the caller according to
<filename>/etc/subgid</filename> before setting
<filename>/proc/[pid]/gid_map</filename>.
</para>
</refsect1>
<refsect1 id='options'>

View File

@ -113,6 +113,15 @@
</varlistentry>
</variablelist>
</para>
<para>
<command>newuidmap</command> verifies that the caller is the owner
of the process indicated by <option>pid</option> and that for each
of the above sets, each of the UIDs in the range [loweruid,
loweruid+count] is allowed to the caller according to
<filename>/etc/subuid</filename> before setting
<filename>/proc/[pid]/uid_map</filename>.
</para>
</refsect1>
<refsect1 id='options'>