clone.2: Note capability requirements for using CLONE_NEWUSER before Linux 3.8

author Michael Kerrisk <mtk.manpages@gmail.com>

Fri, 28 Dec 2012 00:51:00 +0000 (01:51 +0100)

committer Michael Kerrisk <mtk.manpages@gmail.com>

Sun, 14 Sep 2014 03:15:56 +0000 (20:15 -0700)
author Michael Kerrisk <mtk.manpages@gmail.com>
Fri, 28 Dec 2012 00:51:00 +0000 (01:51 +0100)
committer Michael Kerrisk <mtk.manpages@gmail.com>
Sun, 14 Sep 2014 03:15:56 +0000 (20:15 -0700)
diff --git a/man2/clone.2 b/man2/clone.2

index 5f8b5122879f5124d2b1654c301a5edd4fe6ce8d..9f88335e654facce910dca02e04e83f40949ec5f 100644 (file)
--- a/man2/clone.2
+++ b/man2/clone.2
@@ -444,6 +444,14 @@ in
  
  Use of this flag requires a kernel configured with the
  .BR CONFIG_USER_NS .
+Before Linux 3.8, use of
+.BR CLONE_NEWUSER
+required that the caller have three capabilities:
+.BR CAP_SYS_ADMIN ,
+.BR CAP_SETUID ,
+and
+.BR CAP_SETGID .
+.\" Before Linux 2.6.29, it appears that only CAP_SYS_ADMIN was needed
  Starting with Linux 3.8,
  no privileges are needed to create a user namespace,
  and mount, PID, IPC, network, and UTS namespaces can be created with just the
author	Michael Kerrisk <mtk.manpages@gmail.com>
	Fri, 28 Dec 2012 00:51:00 +0000 (01:51 +0100)
committer	Michael Kerrisk <mtk.manpages@gmail.com>
	Sun, 14 Sep 2014 03:15:56 +0000 (20:15 -0700)