unshare: add more hints about mount namespaces to the man page

There is also idea (by Lennart) to add --propagation=[shared|private|slave|off]
to unshare(1), but it seems unnecessary and too complex as everyone can call
mount(8) after unshare(1) to setup a proper namespace.

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/sys-utils/unshare.1 b/sys-utils/unshare.1
index b78ace833a8a21ba12338b4d17c7be27e8ff1cea..1f5273eba85430ce15380415ac2a770b47382395 100644 (file)
--- a/sys-utils/unshare.1
+++ b/sys-utils/unshare.1
@@ -19,6 +19,10 @@ Mounting and unmounting filesystems will not affect the rest of the system
 (\fBCLONE_NEWNS\fP flag), except for filesystems which are explicitly marked as
 shared (with \fBmount --make-shared\fP; see \fI/proc/self/mountinfo\fP for the
 \fBshared\fP flags).
+
+It's recommended to use \fBmount --make-rprivate\fP or \fBmount --make-rslave\fP
+after \fBunshare --mount\fP to make sure that mountpoints in the new namespace
+are really unshared from parental namespace.
 .TP
 .BR "UTS namespace"
 Setting hostname or domainname will not affect the rest of the system.
@@ -74,10 +78,12 @@ running it directly.  This is useful when creating a new pid namespace.
 Just before running the program, mount the proc filesystem at the \fImountpoint\fP
 (default is /proc).  This is useful when creating a new pid namespace.  It also
 implies creating a new mount namespace since the /proc mount would otherwise
-mess up existing programs on the system.
+mess up existing programs on the system. The new proc filesystem is explicitly
+mounted as private (by MS_PRIVATE|MS_REC).
 .SH SEE ALSO
 .BR unshare (2),
-.BR clone (2)
+.BR clone (2),
+.BR mount (8)
 .SH BUGS
 None known so far.
 .SH AUTHOR