Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Use of this flag requires a kernel configured with the
.BR CONFIG_USER_NS .
+Before Linux 3.8, use of
+.BR CLONE_NEWUSER
+required that the caller have three capabilities:
+.BR CAP_SYS_ADMIN ,
+.BR CAP_SETUID ,
+and
+.BR CAP_SETGID .
+.\" Before Linux 2.6.29, it appears that only CAP_SYS_ADMIN was needed
Starting with Linux 3.8,
no privileges are needed to create a user namespace,
and mount, PID, IPC, network, and UTS namespaces can be created with just the