setns.2: Fix CLONE_NEWNS restriction info

Threads are allowed to switch mount namespaces if the filesystem
details aren't being shared.  That's the purpose of the check in
the kernel quoted by the comment:

    if (fs->users != 1)
        return -EINVAL;

It's been this way since the code was originally merged in v3.8.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

diff --git a/man2/setns.2 b/man2/setns.2
index 18e80202326afec77fd0dd59e44d50e9a4d183f0..5985c099b4646cb30e49e036bbab42134de53a33 100644 (file)
--- a/man2/setns.2
+++ b/man2/setns.2
@@ -131,8 +131,12 @@ capabilities in its own user namespace and
 .BR CAP_SYS_ADMIN
 in the user namespace that owns the target mount namespace.
 .IP
-A process may not be reassociated with a new mount namespace if it is
-multithreaded.
+A process can't join a new mount namespace if it is sharing
+filesystem-related attributes
+(the attributes whose sharing is controlled by the
+.BR clone (2)
+.B CLONE_FS
+flag) with another process.
 .\" Above check is in fs/namespace.c:mntns_install() [3.8 source]
 .IP
 See