setns.2: Fix CLONE_NEWNS restriction info

Threads are allowed to switch mount namespaces if the filesystem details aren't being shared. That's the purpose of the check in the kernel quoted by the comment: if (fs->users != 1) return -EINVAL; It's been this way since the code was originally merged in v3.8. Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Mike Frysinger <vapier@gentoo.org> 2019-09-19 01:43:42 -0400
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2019-09-19 08:37:45 +0200
commit: 5dd76c44497dd43506f79995a8c7f84a105864e4 (patch)
tree: cdf892fb2cee6f1b80e061239268aecbdd430acd
parent: 9914d8bdb832a31992b0c10a0e26980808fd0462 (diff)
download: man-pages-5dd76c44497dd43506f79995a8c7f84a105864e4.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/man2/setns.2 b/man2/setns.2
index 18e8020232..5985c099b4 100644
--- a/man2/setns.2
+++ b/man2/setns.2
@@ -131,8 +131,12 @@ capabilities in its own user namespace and
 .BR CAP_SYS_ADMIN
 in the user namespace that owns the target mount namespace.
 .IP
-A process may not be reassociated with a new mount namespace if it is
-multithreaded.
+A process can't join a new mount namespace if it is sharing
+filesystem-related attributes
+(the attributes whose sharing is controlled by the
+.BR clone (2)
+.B CLONE_FS
+flag) with another process.
 .\" Above check is in fs/namespace.c:mntns_install() [3.8 source]
 .IP
 See
author	Mike Frysinger <vapier@gentoo.org>	2019-09-19 01:43:42 -0400
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2019-09-19 08:37:45 +0200
commit	5dd76c44497dd43506f79995a8c7f84a105864e4 (patch)
tree	cdf892fb2cee6f1b80e061239268aecbdd430acd
parent	9914d8bdb832a31992b0c10a0e26980808fd0462 (diff)
download	man-pages-5dd76c44497dd43506f79995a8c7f84a105864e4.tar.gz