unshare: add note about sysfs and procfs

Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1390057
Signed-off-by: Karel Zak <kzak@redhat.com>
pull/416/head
Karel Zak 6 years ago
parent 7ab6461fae
commit 86b6d7f434
  1. 5
      sys-utils/unshare.1

@ -183,6 +183,11 @@ Display version information and exit.
.TP
.BR \-h , " \-\-help"
Display help text and exit.
.SH NOTES
The proc and sysfs filesystems mounting as root in a user namespace have to be
restricted so that a less privileged user can not get more access to sensitive
files that a more privileged user made unavailable. In short the rule for proc
and sysfs is as close to a bind mount as possible.
.SH EXAMPLES
.TP
.B # unshare --fork --pid --mount-proc readlink /proc/self

Loading…
Cancel
Save