From: Christian Brauner Date: Thu, 23 Nov 2017 11:34:23 +0000 (+0100) Subject: doc: document lxc.namespace.[namespace identifier] X-Git-Tag: lxc-3.0.0.beta1~175^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F1939%2Fhead;p=thirdparty%2Flxc.git doc: document lxc.namespace.[namespace identifier] Closes #1924. Signed-off-by: Christian Brauner --- diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in index f00092aed..51b1a7035 100644 --- a/doc/lxc.container.conf.sgml.in +++ b/doc/lxc.container.conf.sgml.in @@ -1277,6 +1277,65 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + Namespace Inheritance + + The capabilities can be dropped in the container if this one + is run as root. + + + + + + + + + Specify a namespace to inherit from another container or process. + The suffix needs to be + replaced with one of the namespaces that appear in the + /proc/PID/ns directory. + + + + To inherit the namespace from another process set the + to the PID of + the process, e.g. . + + + + To inherit the namespace from another container set the + to the name of + the container, e.g. . + + + + To inherit the namespace from another container located in a + different path than the standard liblxc path set the + to the full + path to the container, e.g. + . + + + + In order to inherit namespaces the caller needs to have sufficient + privilege over the process or container. + + + + Note that sharing pid namespaces between system containers will + likely not work with most init systems. + + + + Note that if two processes are in different user namespaces and one + process wants to inherit the other's network namespace it usually + needs to inherit the user namespace as well. + + + + + + Resource limits