Added comment containing patch justification.

author Michael Kerrisk <mtk.manpages@gmail.com>

Tue, 4 Jul 2006 13:26:13 +0000 (13:26 +0000)

committer Michael Kerrisk <mtk.manpages@gmail.com>

Tue, 4 Jul 2006 13:26:13 +0000 (13:26 +0000)
author Michael Kerrisk <mtk.manpages@gmail.com>
Tue, 4 Jul 2006 13:26:13 +0000 (13:26 +0000)
committer Michael Kerrisk <mtk.manpages@gmail.com>
Tue, 4 Jul 2006 13:26:13 +0000 (13:26 +0000)
diff --git a/man2/unshare.2 b/man2/unshare.2

index e3f942c0d5fedebd769fac6528ae2e4e028c4379..52504892e463943e5e9ad92f2cc4471e231ff13c 100644 (file)
--- a/man2/unshare.2
+++ b/man2/unshare.2
@@ -2,6 +2,18 @@
  .\" (C) 2006, Michael Kerrisk <mtk-manpages@gmx.ne>
  .\" Licensed under the GPL
  .\"
+.\" Patch Justification:
+.\" unshare system call is needed to implement, using PAM, 
+.\" per-security_context and/or per-user namespace to provide 
+.\" polyinstantiated directories. Using unshare and bind mounts, a 
+.\" PAM module can create private namespace with appropriate 
+.\" directories(based on user's security context) bind mounted on 
+.\" public directories such as /tmp, thus providing an instance of 
+.\" /tmp that is based on user's security context. Without the 
+.\" unshare system call, namespace separation can only be achieved 
+.\" by clone, which would require porting and maintaining all commands 
+.\" such as login, and su, that establish a user session. 
+.\"
  .TH UNSHARE 2 2005-03-10 "Linux 2.6.16" "Linux Programmer's Manual"
  .SH NAME
  unshare \- disassociate parts of the process execution context
author	Michael Kerrisk <mtk.manpages@gmail.com>
	Tue, 4 Jul 2006 13:26:13 +0000 (13:26 +0000)
committer	Michael Kerrisk <mtk.manpages@gmail.com>
	Tue, 4 Jul 2006 13:26:13 +0000 (13:26 +0000)