From: Karel Zak <kzak@redhat.com>
Date: Mon, 18 Nov 2013 11:50:27 +0000 (+0100)
Subject: unshare: add more hints about mount namespaces to the man page
X-Git-Tag: v2.25-rc1~730
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c07f86e7ac383e195f08617358eb034950b2712a;p=thirdparty%2Futil-linux.git

unshare: add more hints about mount namespaces to the man page

There is also idea (by Lennart) to add --propagation=[shared|private|slave|off]
to unshare(1), but it seems unnecessary and too complex as everyone can call
mount(8) after unshare(1) to setup a proper namespace.

Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/sys-utils/unshare.1 b/sys-utils/unshare.1
index b78ace833a..1f5273eba8 100644
--- a/sys-utils/unshare.1
+++ b/sys-utils/unshare.1
@@ -19,6 +19,10 @@ Mounting and unmounting filesystems will not affect the rest of the system
 (\fBCLONE_NEWNS\fP flag), except for filesystems which are explicitly marked as
 shared (with \fBmount --make-shared\fP; see \fI/proc/self/mountinfo\fP for the
 \fBshared\fP flags).
+
+It's recommended to use \fBmount --make-rprivate\fP or \fBmount --make-rslave\fP
+after \fBunshare --mount\fP to make sure that mountpoints in the new namespace
+are really unshared from parental namespace.
 .TP
 .BR "UTS namespace"
 Setting hostname or domainname will not affect the rest of the system.
@@ -74,10 +78,12 @@ running it directly.  This is useful when creating a new pid namespace.
 Just before running the program, mount the proc filesystem at the \fImountpoint\fP
 (default is /proc).  This is useful when creating a new pid namespace.  It also
 implies creating a new mount namespace since the /proc mount would otherwise
-mess up existing programs on the system.
+mess up existing programs on the system. The new proc filesystem is explicitly
+mounted as private (by MS_PRIVATE|MS_REC).
 .SH SEE ALSO
 .BR unshare (2),
-.BR clone (2)
+.BR clone (2),
+.BR mount (8)
 .SH BUGS
 None known so far.
 .SH AUTHOR