Use of this flag requires
that the process be privileged
.RB ( CAP_SYS_ADMIN ).
+
.TP
.BR CLONE_NEWNS " (since Linux 2.4.19)"
-Start the child in a new mount namespace.
-
-Every process lives in a mount namespace.
-The
-.I namespace
-of a process is the data (the set of mounts) describing the file hierarchy
-as seen by that process.
-After a
-.BR fork (2)
-or
-.BR clone ()
-where the
+If
+.B CLONE_NEWNS
+is set, the cloned child is started in a new mount namespace,
+initialized with a copy of the namespace of the parent.
+If
.B CLONE_NEWNS
-flag is not set, the child lives in the same mount
+is not set, the child lives in the same mount
namespace as the parent.
-The system calls
-.BR mount (2)
-and
-.BR umount (2)
-change the mount namespace of the calling process, and hence affect
-all processes that live in the same namespace, but do not affect
-processes in a different mount namespace.
-After a
-.BR clone ()
-where the
-.B CLONE_NEWNS
-flag is set, the cloned child is started in a new mount namespace,
-initialized with a copy of the namespace of the parent.
+For further information on mount namespaces, see
+.BR namespaces (7).
Only a privileged process (one having the \fBCAP_SYS_ADMIN\fP capability)
may specify the
in the same
.BR clone ()
call.
+
.TP
.BR CLONE_NEWUSER
(This flag first became meaningful for