.in
.\"
.\"
+.SS Per-user-namespace """set-user-ID-root""" programs
+A set-user-ID program whose UID matches the UID that
+created a user namespace will confer capabilities
+in the process's permitted and effective sets
+when executed by any process inside that namespace
+or any descendant user namespace.
+.PP
+The rules about the transformation of the process's capabilities during the
+.BR execve (2)
+are exactly as described in the subsections
+.IR "Transformation of capabilities during execve()"
+and
+.IR "Capabilities and execution of programs by root" ,
+with the difference that, in the latter subsection, "root"
+is the UID of the creator of the user namespace.
+.\"
+.\"
.SS Namespaced file capabilities
.\" commit 8db6c34f1dbc8e06aa016a9b829b06902c3e1340
Traditional (i.e., version 2) file capabilities associate